package org.apache.spark.network.crypto;

import java.io.Closeable;
import java.io.IOException;
import java.math.BigInteger;
import java.nio.charset.StandardCharsets;
import java.security.GeneralSecurityException;
import java.util.Arrays;
import java.util.Properties;
import javax.crypto.SecretKey;
import javax.crypto.SecretKeyFactory;
import javax.crypto.ShortBufferException;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.PBEKeySpec;
import javax.crypto.spec.SecretKeySpec;
import org.apache.commons.crypto.cipher.CryptoCipher;
import org.apache.commons.crypto.cipher.CryptoCipherFactory;
import org.apache.commons.crypto.random.CryptoRandom;
import org.apache.commons.crypto.random.CryptoRandomFactory;
import org.apache.spark.network.util.TransportConf;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.sparkproject.guava.annotations.VisibleForTesting;
import org.sparkproject.guava.base.Ascii;
import org.sparkproject.guava.base.Preconditions;
import org.sparkproject.guava.primitives.Bytes;

/* loaded from: input_file:org/apache/spark/network/crypto/AuthEngine.class */
class AuthEngine implements Closeable {
    private static final Logger LOG = LoggerFactory.getLogger(AuthEngine.class);
    private static final BigInteger ONE = new BigInteger(new byte[]{1});
    private final byte[] appId;
    private final char[] secret;
    private final TransportConf conf;
    private final Properties cryptoConf;
    private final CryptoRandom random;
    private byte[] authNonce;

    @VisibleForTesting
    byte[] challenge;
    private TransportCipher sessionCipher;
    private CryptoCipher encryptor;
    private CryptoCipher decryptor;

    /* JADX INFO: Access modifiers changed from: package-private */
    public AuthEngine(String str, String str2, TransportConf transportConf) throws GeneralSecurityException {
        this.appId = str.getBytes(StandardCharsets.UTF_8);
        this.conf = transportConf;
        this.cryptoConf = transportConf.cryptoConf();
        this.secret = str2.toCharArray();
        this.random = CryptoRandomFactory.getCryptoRandom(this.cryptoConf);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public ClientChallenge challenge() throws GeneralSecurityException {
        this.authNonce = randomBytes(this.conf.encryptionKeyLength() / 8);
        initializeForAuth(this.conf.cipherTransformation(), this.authNonce, generateKey(this.conf.keyFactoryAlgorithm(), this.conf.keyFactoryIterations(), this.authNonce, this.conf.encryptionKeyLength()));
        this.challenge = randomBytes(this.conf.encryptionKeyLength() / 8);
        return new ClientChallenge(new String(this.appId, StandardCharsets.UTF_8), this.conf.keyFactoryAlgorithm(), this.conf.keyFactoryIterations(), this.conf.cipherTransformation(), this.conf.encryptionKeyLength(), this.authNonce, challenge(this.appId, this.authNonce, this.challenge));
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public ServerResponse respond(ClientChallenge clientChallenge) throws GeneralSecurityException {
        initializeForAuth(clientChallenge.cipher, clientChallenge.nonce, generateKey(clientChallenge.kdf, clientChallenge.iterations, clientChallenge.nonce, clientChallenge.keyLength));
        byte[] challenge = challenge(this.appId, clientChallenge.nonce, rawResponse(validateChallenge(clientChallenge.nonce, clientChallenge.challenge)));
        byte[] randomBytes = randomBytes(this.conf.encryptionKeyLength() / 8);
        byte[] randomBytes2 = randomBytes(this.conf.ivLength());
        byte[] randomBytes3 = randomBytes(this.conf.ivLength());
        this.sessionCipher = new TransportCipher(this.cryptoConf, clientChallenge.cipher, generateKey(clientChallenge.kdf, clientChallenge.iterations, randomBytes, clientChallenge.keyLength), randomBytes2, randomBytes3);
        return new ServerResponse(challenge, encrypt(randomBytes), encrypt(randomBytes3), encrypt(randomBytes2));
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void validate(ServerResponse serverResponse) throws GeneralSecurityException {
        Preconditions.checkArgument(Arrays.equals(rawResponse(this.challenge), validateChallenge(this.authNonce, serverResponse.response)));
        byte[] decrypt = decrypt(serverResponse.nonce);
        byte[] decrypt2 = decrypt(serverResponse.inputIv);
        byte[] decrypt3 = decrypt(serverResponse.outputIv);
        this.sessionCipher = new TransportCipher(this.cryptoConf, this.conf.cipherTransformation(), generateKey(this.conf.keyFactoryAlgorithm(), this.conf.keyFactoryIterations(), decrypt, this.conf.encryptionKeyLength()), decrypt2, decrypt3);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public TransportCipher sessionCipher() {
        Preconditions.checkState(this.sessionCipher != null);
        return this.sessionCipher;
    }

    @Override // java.io.Closeable, java.lang.AutoCloseable
    public void close() throws IOException {
        RuntimeException runtimeException = null;
        byte[] bArr = new byte[8];
        if (this.encryptor != null) {
            try {
                doCipherOp(1, bArr, true);
            } catch (Exception e) {
                runtimeException = new RuntimeException(e);
            }
            this.encryptor = null;
        }
        if (this.decryptor != null) {
            try {
                doCipherOp(2, bArr, true);
            } catch (Exception e2) {
                runtimeException = new RuntimeException(e2);
            }
            this.decryptor = null;
        }
        this.random.close();
        if (runtimeException != null) {
            throw runtimeException;
        }
    }

    /* JADX WARN: Type inference failed for: r1v1, types: [byte[], byte[][]] */
    @VisibleForTesting
    byte[] challenge(byte[] bArr, byte[] bArr2, byte[] bArr3) throws GeneralSecurityException {
        return encrypt(Bytes.concat(new byte[]{bArr, bArr2, bArr3}));
    }

    @VisibleForTesting
    byte[] rawResponse(byte[] bArr) {
        return new BigInteger(bArr).add(ONE).toByteArray();
    }

    private byte[] decrypt(byte[] bArr) throws GeneralSecurityException {
        return doCipherOp(2, bArr, false);
    }

    private byte[] encrypt(byte[] bArr) throws GeneralSecurityException {
        return doCipherOp(1, bArr, false);
    }

    private void initializeForAuth(String str, byte[] bArr, SecretKeySpec secretKeySpec) throws GeneralSecurityException {
        byte[] bArr2 = new byte[this.conf.ivLength()];
        System.arraycopy(bArr, 0, bArr2, 0, Math.min(bArr.length, bArr2.length));
        CryptoCipher cryptoCipher = CryptoCipherFactory.getCryptoCipher(str, this.cryptoConf);
        cryptoCipher.init(1, secretKeySpec, new IvParameterSpec(bArr2));
        this.encryptor = cryptoCipher;
        CryptoCipher cryptoCipher2 = CryptoCipherFactory.getCryptoCipher(str, this.cryptoConf);
        cryptoCipher2.init(2, secretKeySpec, new IvParameterSpec(bArr2));
        this.decryptor = cryptoCipher2;
    }

    private byte[] validateChallenge(byte[] bArr, byte[] bArr2) throws GeneralSecurityException {
        byte[] decrypt = decrypt(bArr2);
        checkSubArray(this.appId, decrypt, 0);
        checkSubArray(bArr, decrypt, this.appId.length);
        return Arrays.copyOfRange(decrypt, this.appId.length + bArr.length, decrypt.length);
    }

    private SecretKeySpec generateKey(String str, int i, byte[] bArr, int i2) throws GeneralSecurityException {
        SecretKeyFactory secretKeyFactory = SecretKeyFactory.getInstance(str);
        PBEKeySpec pBEKeySpec = new PBEKeySpec(this.secret, bArr, i, i2);
        long nanoTime = System.nanoTime();
        SecretKey generateSecret = secretKeyFactory.generateSecret(pBEKeySpec);
        LOG.debug("Generated key with {} iterations in {} us.", Integer.valueOf(this.conf.keyFactoryIterations()), Long.valueOf((System.nanoTime() - nanoTime) / 1000));
        return new SecretKeySpec(generateSecret.getEncoded(), this.conf.keyAlgorithm());
    }

    private byte[] doCipherOp(int i, byte[] bArr, boolean z) throws GeneralSecurityException {
        CryptoCipher cryptoCipher;
        switch (i) {
            case Ascii.SOH /* 1 */:
                cryptoCipher = this.encryptor;
                break;
            case 2:
                cryptoCipher = this.decryptor;
                break;
            default:
                throw new IllegalArgumentException(String.valueOf(i));
        }
        Preconditions.checkState(cryptoCipher != null, "Cipher is invalid because of previous error.");
        int i2 = 1;
        while (true) {
            try {
                byte[] bArr2 = new byte[bArr.length * i2];
                try {
                    int doFinal = z ? cryptoCipher.doFinal(bArr, 0, bArr.length, bArr2, 0) : cryptoCipher.update(bArr, 0, bArr.length, bArr2, 0);
                    if (doFinal == bArr2.length) {
                        return bArr2;
                    }
                    byte[] bArr3 = new byte[doFinal];
                    System.arraycopy(bArr2, 0, bArr3, 0, bArr3.length);
                    return bArr3;
                } catch (ShortBufferException e) {
                    i2 *= 2;
                }
            } catch (InternalError e2) {
                if (i == 1) {
                    this.encryptor = null;
                } else {
                    this.decryptor = null;
                }
                throw e2;
            }
        }
    }

    private byte[] randomBytes(int i) {
        byte[] bArr = new byte[i];
        this.random.nextBytes(bArr);
        return bArr;
    }

    private void checkSubArray(byte[] bArr, byte[] bArr2, int i) {
        Preconditions.checkArgument(bArr2.length >= bArr.length + i);
        for (int i2 = 0; i2 < bArr.length; i2++) {
            Preconditions.checkArgument(bArr[i2] == bArr2[i2 + i]);
        }
    }
}
