package org.jgroups.protocols;

import java.security.KeyFactory;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.PublicKey;
import java.security.SecureRandom;
import java.security.spec.X509EncodedKeySpec;
import java.util.Arrays;
import java.util.concurrent.ArrayBlockingQueue;
import java.util.concurrent.BlockingQueue;
import javax.crypto.Cipher;
import javax.crypto.KeyGenerator;
import javax.crypto.SecretKey;
import javax.crypto.spec.SecretKeySpec;
import org.hornetq.api.core.client.HornetQClient;
import org.jboss.netty.handler.codec.rtsp.RtspHeaders;
import org.jgroups.Address;
import org.jgroups.Event;
import org.jgroups.MergeView;
import org.jgroups.Message;
import org.jgroups.View;
import org.jgroups.annotations.MBean;
import org.jgroups.annotations.ManagedAttribute;
import org.jgroups.annotations.ManagedOperation;
import org.jgroups.annotations.Property;
import org.jgroups.conf.ClassConfigurator;
import org.jgroups.logging.Log;
import org.jgroups.protocols.pbcast.GMS;
import org.jgroups.util.AsciiString;
import org.jgroups.util.Util;

@MBean(description = "Asymmetric encryption protocol. The secret key for encryption and decryption of messages is fetched from a key server (the coordinator) via asymmetric encryption")
/* loaded from: input_file:org/jgroups/protocols/ASYM_ENCRYPT.class */
public class ASYM_ENCRYPT extends EncryptBase {
    protected static final short GMS_ID = ClassConfigurator.getProtocolId(GMS.class);
    protected volatile Address key_server_addr;

    @ManagedAttribute(description = "True if this member is the current key server, false otherwise")
    protected volatile boolean is_key_server;
    protected KeyPair key_pair;
    protected Cipher asym_cipher;
    protected volatile long last_key_request;

    @Property(description = "When a member leaves the view, change the secret key, preventing old members from eavesdropping", writable = false)
    protected boolean change_key_on_leave = true;

    @ManagedAttribute(description = "whether or not to queue received messages (until the secret key was received)")
    protected volatile boolean queue_up_msgs = true;
    protected final BlockingQueue<Message> up_queue = new ArrayBlockingQueue(100);

    public KeyPair keyPair() {
        return this.key_pair;
    }

    public Cipher asymCipher() {
        return this.asym_cipher;
    }

    public Address keyServerAddr() {
        return this.key_server_addr;
    }

    public ASYM_ENCRYPT keyServerAddr(Address address) {
        this.key_server_addr = address;
        return this;
    }

    @ManagedAttribute(description = "Number of received messages currently queued")
    public int numQueuedMessages() {
        return this.up_queue.size();
    }

    @ManagedOperation(description = "Triggers a request for the secret key to the current keyserver")
    public void sendKeyRequest() {
        if (this.key_server_addr == null) {
            this.log.debug(String.format("%s: key server is currently not set", this.local_addr));
        } else {
            sendKeyRequest(this.key_server_addr);
        }
    }

    @Override // org.jgroups.protocols.EncryptBase, org.jgroups.stack.Protocol
    public void init() throws Exception {
        initKeyPair();
        super.init();
    }

    @Override // org.jgroups.stack.Protocol
    public void stop() {
        drainUpQueue();
        super.stop();
    }

    @Override // org.jgroups.protocols.EncryptBase, org.jgroups.stack.Protocol
    public Object down(Event event) {
        return (event.type() == 1 && skip((Message) event.arg())) ? this.down_prot.down(event) : super.down(event);
    }

    @Override // org.jgroups.protocols.EncryptBase, org.jgroups.stack.Protocol, org.jgroups.UpHandler
    public Object up(Event event) {
        return (event.type() == 1 && skip((Message) event.arg())) ? this.up_prot.up(event) : super.up(event);
    }

    protected static boolean skip(Message message) {
        GMS.GmsHeader gmsHeader = (GMS.GmsHeader) message.getHeader(GMS_ID);
        if (gmsHeader == null) {
            return false;
        }
        switch (gmsHeader.getType()) {
            case 1:
            case 2:
            case 6:
            case 7:
            case 8:
            case 10:
            case 11:
                return true;
            case 3:
            case 4:
            case 5:
            case 9:
            default:
                return false;
        }
    }

    @Override // org.jgroups.protocols.EncryptBase
    protected Object handleUpEvent(Message message, EncryptHeader encryptHeader) {
        switch (encryptHeader.type()) {
            case 2:
                handleSecretKeyRequest(message);
                return null;
            case 4:
                handleSecretKeyResponse(message, encryptHeader.version());
                return null;
            default:
                this.log.warn(String.format("%s: received unknown encrypt header of type %d", this.local_addr, Byte.valueOf(encryptHeader.type())));
                return null;
        }
    }

    @Override // org.jgroups.protocols.EncryptBase
    protected boolean process(Message message) {
        if (!this.queue_up_msgs && this.secret_key != null) {
            return true;
        }
        this.up_queue.offer(message);
        Log log = this.log;
        Object[] objArr = new Object[5];
        objArr[0] = this.local_addr;
        objArr[1] = message.dest() == null ? "mcast" : RtspHeaders.Values.UNICAST;
        objArr[2] = message.src();
        objArr[3] = this.key_server_addr;
        objArr[4] = message.printHeaders();
        log.trace(String.format("%s: queuing %s message from %s as secret key hasn't been retrieved from keyserver %s yet, hdrs: %s", objArr));
        if (this.last_key_request != 0 && System.currentTimeMillis() - this.last_key_request <= HornetQClient.DEFAULT_RETRY_INTERVAL) {
            return false;
        }
        this.last_key_request = System.currentTimeMillis();
        sendKeyRequest();
        return false;
    }

    protected void handleSecretKeyRequest(Message message) {
        if (inView(message.src(), "%s: key requester %s is not in current view %s; ignoring key request")) {
            this.log.debug(String.format("%s: received key request from %s", this.local_addr, message.getSrc()));
            try {
                sendSecretKey(this.secret_key, generatePubKey(message.getBuffer()), message.getSrc());
            } catch (Exception e) {
                this.log.warn(String.format("%s: unable to reconstitute peer's public key", this.local_addr));
            }
        }
    }

    protected void handleSecretKeyResponse(Message message, byte[] bArr) {
        if (inView(message.src(), "%s: ignoring secret key sent by %s which is not in current view %s")) {
            try {
                SecretKeySpec decodeKey = decodeKey(message.getBuffer());
                if (decodeKey == null) {
                    sendKeyRequest(this.key_server_addr);
                } else {
                    this.log.debug(String.format("%s: received secret key from keyserver %s", this.local_addr, message.getSrc()));
                    setKeys(decodeKey, bArr);
                }
            } catch (Exception e) {
                this.log.warn(this.local_addr + ": unable to process received public key", e);
            }
        }
    }

    protected SecretKey createSecretKey() throws Exception {
        KeyGenerator keyGenerator = (this.provider == null || this.provider.trim().isEmpty()) ? KeyGenerator.getInstance(getAlgorithm(this.sym_algorithm)) : KeyGenerator.getInstance(getAlgorithm(this.sym_algorithm), this.provider);
        keyGenerator.init(this.sym_keylength);
        return keyGenerator.generateKey();
    }

    protected void initKeyPair() throws Exception {
        KeyPairGenerator keyPairGenerator = (this.provider == null || this.provider.trim().isEmpty()) ? KeyPairGenerator.getInstance(getAlgorithm(this.asym_algorithm)) : KeyPairGenerator.getInstance(getAlgorithm(this.asym_algorithm), this.provider);
        keyPairGenerator.initialize(this.asym_keylength, new SecureRandom());
        this.key_pair = keyPairGenerator.generateKeyPair();
        if (this.provider == null || this.provider.trim().isEmpty()) {
            this.asym_cipher = Cipher.getInstance(this.asym_algorithm);
        } else {
            this.asym_cipher = Cipher.getInstance(this.asym_algorithm, this.provider);
        }
        this.asym_cipher.init(2, this.key_pair.getPrivate());
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.jgroups.protocols.EncryptBase
    public synchronized void handleView(View view) {
        boolean z = (!this.change_key_on_leave || this.view == null || view.containsMembers(this.view.getMembersRaw())) ? false : true;
        super.handleView(view);
        Address coord = view.getCoord();
        if (!coord.equals(this.local_addr)) {
            handleNewKeyServer(coord, view instanceof MergeView, z);
        } else if (!this.is_key_server || z) {
            becomeKeyServer(coord, z);
        }
    }

    protected void becomeKeyServer(Address address, boolean z) {
        if (this.log.isDebugEnabled()) {
            if (!this.is_key_server) {
                this.log.debug(String.format("%s: I'm the new key server", this.local_addr));
            } else if (z) {
                this.log.debug(String.format("%s: creating new secret key because members left", this.local_addr));
            }
        }
        this.key_server_addr = address;
        this.is_key_server = true;
        try {
            this.secret_key = createSecretKey();
            initSymCiphers(this.sym_algorithm, this.secret_key);
            drainUpQueue();
        } catch (Exception e) {
            this.log.error(this.local_addr + ": failed creating secret key and initializing ciphers", e);
        }
    }

    protected void handleNewKeyServer(Address address, boolean z, boolean z2) {
        if (keyServerChanged(address) || z || z2) {
            this.secret_key = null;
            this.sym_version = null;
            this.queue_up_msgs = true;
            this.key_server_addr = address;
            this.is_key_server = false;
            this.log.debug(String.format("%s: sending request for secret key to the new keyserver %s", this.local_addr, this.key_server_addr));
            sendKeyRequest(this.key_server_addr);
        }
    }

    protected boolean keyServerChanged(Address address) {
        return !equals(this.key_server_addr, address);
    }

    protected void setKeys(SecretKey secretKey, byte[] bArr) throws Exception {
        if (Arrays.equals(this.sym_version, bArr)) {
            return;
        }
        Cipher take = this.secret_key != null ? this.decoding_ciphers.take() : null;
        if (take != null) {
            this.key_map.put(new AsciiString(bArr), take);
        }
        this.secret_key = secretKey;
        initSymCiphers(secretKey.getAlgorithm(), secretKey);
        this.sym_version = bArr;
        drainUpQueue();
    }

    protected void sendSecretKey(SecretKey secretKey, PublicKey publicKey, Address address) throws Exception {
        Message putHeader = new Message(address, this.local_addr, encryptSecretKey(secretKey, publicKey)).putHeader(this.id, new EncryptHeader((byte) 4, symVersion()));
        this.log.debug(String.format("%s: sending secret key to %s", this.local_addr, address));
        this.down_prot.down(new Event(1, putHeader));
    }

    protected byte[] encryptSecretKey(SecretKey secretKey, PublicKey publicKey) throws Exception {
        Cipher cipher = (this.provider == null || this.provider.trim().isEmpty()) ? Cipher.getInstance(this.asym_algorithm) : Cipher.getInstance(this.asym_algorithm, this.provider);
        cipher.init(1, publicKey);
        return cipher.doFinal(secretKey.getEncoded());
    }

    protected void sendKeyRequest(Address address) {
        this.down_prot.down(new Event(1, new Message(address, this.local_addr, this.key_pair.getPublic().getEncoded()).putHeader(this.id, new EncryptHeader((byte) 2, this.sym_version))));
    }

    protected SecretKeySpec decodeKey(byte[] bArr) throws Exception {
        byte[] doFinal;
        synchronized (this) {
            doFinal = this.asym_cipher.doFinal(bArr);
        }
        try {
            SecretKeySpec secretKeySpec = new SecretKeySpec(doFinal, getAlgorithm(this.sym_algorithm));
            ((this.provider == null || this.provider.trim().isEmpty()) ? Cipher.getInstance(this.sym_algorithm) : Cipher.getInstance(this.sym_algorithm, this.provider)).init(3, secretKeySpec);
            return secretKeySpec;
        } catch (Exception e) {
            this.log.error(Util.getMessage("FailedDecodingKey"), e);
            return null;
        }
    }

    protected void drainUpQueue() {
        this.queue_up_msgs = false;
        while (true) {
            Message poll = this.up_queue.poll();
            if (poll == null) {
                return;
            }
            try {
                Message decryptMessage = decryptMessage(null, poll.copy());
                if (decryptMessage != null) {
                    this.up_prot.up(new Event(1, decryptMessage));
                }
            } catch (Exception e) {
                this.log.error(String.format("failed decrypting message from %s: %s", poll.src(), e));
            }
        }
    }

    @Override // org.jgroups.protocols.EncryptBase
    protected void handleUnknownVersion() {
        if (this.is_key_server) {
            return;
        }
        sendKeyRequest(this.key_server_addr);
    }

    protected PublicKey generatePubKey(byte[] bArr) {
        PublicKey publicKey = null;
        try {
            publicKey = KeyFactory.getInstance(getAlgorithm(this.asym_algorithm)).generatePublic(new X509EncodedKeySpec(bArr));
        } catch (Exception e) {
            e.printStackTrace();
        }
        return publicKey;
    }

    protected static boolean equals(Object obj, Object obj2) {
        return obj == obj2 || (obj != null && obj.equals(obj2));
    }
}
