package org.apache.qpid.client.message;

import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.math.BigInteger;
import java.nio.ByteBuffer;
import java.security.GeneralSecurityException;
import java.security.PrivateKey;
import java.util.Collection;
import java.util.Iterator;
import javax.crypto.Cipher;
import javax.crypto.CipherInputStream;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.SecretKeySpec;
import javax.security.auth.x500.X500Principal;
import org.apache.qpid.QpidException;
import org.apache.qpid.client.AMQSession;
import org.apache.qpid.transport.DeliveryProperties;
import org.apache.qpid.transport.MessageProperties;
import org.apache.qpid.transport.codec.BBDecoder;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:BOOT-INF/lib/qpid-client-6.1.2.jar:org/apache/qpid/client/message/Encrypted010MessageFactory.class */
public class Encrypted010MessageFactory extends AbstractJMSMessageFactory {
    public static final String ENCRYPTED_0_10_CONTENT_TYPE = "application/qpid-0-10-encrypted";
    private final MessageFactoryRegistry _messageFactoryRegistry;
    private static final Logger LOGGER = LoggerFactory.getLogger((Class<?>) Encrypted010MessageFactory.class);

    public Encrypted010MessageFactory(MessageFactoryRegistry messageFactoryRegistry) {
        this._messageFactoryRegistry = messageFactoryRegistry;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.apache.qpid.client.message.AbstractJMSMessageFactory
    public AbstractJMSMessage createMessage(AbstractAMQMessageDelegate abstractAMQMessageDelegate, ByteBuffer byteBuffer) throws QpidException {
        byte[] bArr;
        byte[] bArr2;
        int i;
        int length;
        try {
            try {
                if (!abstractAMQMessageDelegate.hasProperty(MessageEncryptionHelper.ENCRYPTION_ALGORITHM_PROPERTY)) {
                    throw new QpidException("Encrypted message must carry the encryption algorithm in the property 'x-qpid-encrypted-keys'");
                }
                String obj = abstractAMQMessageDelegate.getProperty(MessageEncryptionHelper.ENCRYPTION_ALGORITHM_PROPERTY).toString();
                if (abstractAMQMessageDelegate.hasProperty(MessageEncryptionHelper.KEY_INIT_VECTOR_PROPERTY)) {
                    Object property = abstractAMQMessageDelegate.getProperty(MessageEncryptionHelper.KEY_INIT_VECTOR_PROPERTY);
                    if (!(property instanceof byte[])) {
                        throw new QpidException("If the property 'x-qpid-key-init-vector' is present, it must contain a byte array");
                    }
                    bArr = (byte[]) property;
                } else {
                    bArr = null;
                }
                if (!abstractAMQMessageDelegate.hasProperty(MessageEncryptionHelper.ENCRYPTED_KEYS_PROPERTY)) {
                    throw new QpidException("An encrypted message must contain the property 'x-qpid-encrypted-keys'");
                }
                Object property2 = abstractAMQMessageDelegate.getProperty(MessageEncryptionHelper.ENCRYPTED_KEYS_PROPERTY);
                if (!(property2 instanceof Collection)) {
                    throw new QpidException("An encrypted message must contain the property 'x-qpid-encrypted-keys'");
                }
                SecretKeySpec contentEncryptionKey = getContentEncryptionKey((Collection) property2, obj, this._messageFactoryRegistry.getSession());
                if (contentEncryptionKey == null) {
                    throw new QpidException("Could not locate key information to decrypt the message");
                }
                Cipher cipher = Cipher.getInstance(obj);
                cipher.init(2, contentEncryptionKey, new IvParameterSpec(bArr));
                if (byteBuffer.hasArray()) {
                    bArr2 = byteBuffer.array();
                    i = byteBuffer.arrayOffset() + byteBuffer.position();
                    length = byteBuffer.remaining();
                } else {
                    bArr2 = new byte[byteBuffer.remaining()];
                    byteBuffer.duplicate().get(bArr2);
                    i = 0;
                    length = bArr2.length;
                }
                byte[] decryptData = decryptData(cipher, bArr2, i, length);
                ByteBuffer wrap = ByteBuffer.wrap(decryptData);
                BBDecoder bBDecoder = new BBDecoder();
                bBDecoder.init(wrap);
                DeliveryProperties deliveryProperties = (DeliveryProperties) bBDecoder.readStruct32();
                MessageProperties messageProperties = (MessageProperties) bBDecoder.readStruct32();
                int position = wrap.position();
                ByteBuffer wrap2 = ByteBuffer.wrap(decryptData, position, decryptData.length - position);
                AMQMessageDelegate_0_10 aMQMessageDelegate_0_10 = new AMQMessageDelegate_0_10(messageProperties, deliveryProperties, abstractAMQMessageDelegate.getDeliveryTag());
                aMQMessageDelegate_0_10.setJMSDestination(abstractAMQMessageDelegate.getJMSDestination());
                return this._messageFactoryRegistry.getMessageFactory(messageProperties.getContentType()).createMessage(aMQMessageDelegate_0_10, wrap2);
            } catch (IOException | GeneralSecurityException e) {
                throw new QpidException("Could not decode encrypted message", e);
            }
        } catch (QpidException e2) {
            LOGGER.error("Error when attempting to decrypt message " + abstractAMQMessageDelegate.getDeliveryTag() + " to address (" + abstractAMQMessageDelegate.getJMSDestination() + ").  Message will be delivered to the client encrypted", (Throwable) e2);
            return this._messageFactoryRegistry.getDefaultFactory().createMessage(abstractAMQMessageDelegate, byteBuffer);
        }
    }

    private byte[] decryptData(Cipher cipher, byte[] bArr, int i, int i2) throws IOException {
        CipherInputStream cipherInputStream = new CipherInputStream(new ByteArrayInputStream(bArr, i, i2), cipher);
        Throwable th = null;
        try {
            try {
                byte[] bArr2 = new byte[512];
                int i3 = 0;
                while (true) {
                    int read = cipherInputStream.read(bArr2, i3, bArr2.length - i3);
                    if (read == -1) {
                        break;
                    }
                    i3 += read;
                    if (i3 == bArr2.length) {
                        byte[] bArr3 = bArr2;
                        bArr2 = new byte[bArr2.length + 512];
                        System.arraycopy(bArr3, 0, bArr2, 0, bArr3.length);
                    }
                }
                byte[] bArr4 = new byte[i3];
                System.arraycopy(bArr2, 0, bArr4, 0, i3);
                if (cipherInputStream != null) {
                    if (0 != 0) {
                        try {
                            cipherInputStream.close();
                        } catch (Throwable th2) {
                            th.addSuppressed(th2);
                        }
                    } else {
                        cipherInputStream.close();
                    }
                }
                return bArr4;
            } finally {
            }
        } catch (Throwable th3) {
            if (cipherInputStream != null) {
                if (th != null) {
                    try {
                        cipherInputStream.close();
                    } catch (Throwable th4) {
                        th.addSuppressed(th4);
                    }
                } else {
                    cipherInputStream.close();
                }
            }
            throw th3;
        }
    }

    private SecretKeySpec getContentEncryptionKey(Collection collection, String str, AMQSession<?, ?> aMQSession) throws QpidException, GeneralSecurityException, IOException {
        Iterator it = collection.iterator();
        while (it.hasNext()) {
            try {
                Iterator it2 = ((Collection) it.next()).iterator();
                int intValue = ((Number) it2.next()).intValue();
                switch (intValue) {
                    case 1:
                        String str2 = (String) it2.next();
                        X500Principal x500Principal = new X500Principal((String) it2.next());
                        BigInteger bigInteger = new BigInteger((String) it2.next());
                        byte[] bArr = (byte[]) it2.next();
                        PrivateKey privateKey = getPrivateKey(aMQSession, x500Principal, bigInteger);
                        if (privateKey != null) {
                            Cipher cipher = Cipher.getInstance(str2);
                            cipher.init(2, privateKey);
                            return new SecretKeySpec(decryptData(cipher, bArr, 0, bArr.length), str.split("/")[0]);
                        }
                    default:
                        throw new QpidException("Invalid format of 'x-qpid-encrypted-keys' - unknown key info type: " + intValue);
                }
            } catch (ClassCastException e) {
                throw new QpidException("Invalid format of 'x-qpid-encrypted-keys'");
            }
        }
        return null;
    }

    private PrivateKey getPrivateKey(AMQSession<?, ?> aMQSession, X500Principal x500Principal, BigInteger bigInteger) throws GeneralSecurityException, IOException {
        return aMQSession.getMessageEncryptionHelper().getEncryptionPrivateKey(x500Principal, bigInteger);
    }
}
