package org.openhab.binding.homeconnectdirect.internal.service.websocket;

import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.net.URI;
import java.nio.ByteBuffer;
import java.nio.charset.StandardCharsets;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.util.Arrays;
import java.util.Base64;
import java.util.concurrent.ScheduledExecutorService;
import javax.crypto.Cipher;
import javax.crypto.Mac;
import javax.crypto.NoSuchPaddingException;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.SecretKeySpec;
import org.eclipse.jdt.annotation.NonNullByDefault;
import org.eclipse.jetty.client.HttpClient;
import org.eclipse.jetty.websocket.api.Session;
import org.eclipse.jetty.websocket.api.annotations.OnWebSocketMessage;
import org.eclipse.jetty.websocket.api.annotations.WebSocket;
import org.eclipse.jetty.websocket.client.WebSocketClient;
import org.openhab.binding.homeconnectdirect.internal.service.websocket.exception.WebSocketClientServiceException;
import org.openhab.core.thing.Thing;
import org.openhab.core.util.HexUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@WebSocket
@NonNullByDefault
/* loaded from: input_file:org/openhab/binding/homeconnectdirect/internal/service/websocket/WebSocketAesClientService.class */
public class WebSocketAesClientService extends AbstractWebSocketClientService {
    private static final String HMAC_SHA_256 = "HmacSHA256";
    private static final String AES_CBC_NO_PADDING = "AES/CBC/NoPadding";
    private static final String AES = "AES";
    private static final String ENC = "ENC";
    private static final String MAC = "MAC";
    private final Cipher aesEncrypt;
    private final Cipher aesDecrypt;
    private final byte[] iv;
    private final byte[] macKey;
    private final Logger logger;
    private byte[] lastRxHmac;
    private byte[] lastTxHmac;

    public WebSocketAesClientService(Thing thing, URI uri, String str, String str2, WebSocketHandler webSocketHandler, ScheduledExecutorService scheduledExecutorService) throws WebSocketClientServiceException {
        super(thing, uri, webSocketHandler, scheduledExecutorService);
        try {
            this.logger = LoggerFactory.getLogger(WebSocketAesClientService.class);
            byte[] decode = Base64.getUrlDecoder().decode(str);
            this.iv = Base64.getUrlDecoder().decode(str2);
            SecretKeySpec secretKeySpec = new SecretKeySpec(hmac(decode, ENC.getBytes(StandardCharsets.UTF_8)), AES);
            IvParameterSpec ivParameterSpec = new IvParameterSpec(this.iv);
            this.aesEncrypt = Cipher.getInstance(AES_CBC_NO_PADDING);
            this.aesEncrypt.init(1, secretKeySpec, ivParameterSpec);
            this.aesDecrypt = Cipher.getInstance(AES_CBC_NO_PADDING);
            this.aesDecrypt.init(2, secretKeySpec, ivParameterSpec);
            this.macKey = hmac(decode, MAC.getBytes(StandardCharsets.UTF_8));
            this.lastRxHmac = new byte[16];
            this.lastTxHmac = new byte[16];
            setWebSocketClient(new WebSocketClient(new HttpClient()));
        } catch (InvalidAlgorithmParameterException | NoSuchAlgorithmException | NoSuchPaddingException e) {
            throw new WebSocketClientServiceException(e.getMessage(), e);
        } catch (InvalidKeyException e2) {
            String message = e2.getMessage();
            try {
                if (Cipher.getMaxAllowedKeyLength(AES) < 256) {
                    message = "The current cryptographic policy is set to 'limited', which restricts the use of stronger encryption algorithms and key lengths. To resolve this issue, ensure that the 'crypto.policy' property is set to 'unlimited' in the 'java.security' file located at: '<JAVA_HOME>/conf/security/java.security'. The unlimited policy is supported natively in your Java version.";
                }
            } catch (NoSuchAlgorithmException e3) {
            }
            throw new WebSocketClientServiceException(message, e2);
        }
    }

    @Override // org.openhab.binding.homeconnectdirect.internal.service.websocket.WebSocketClientService
    public void send(String str) {
        try {
            byte[] encrypt = encrypt(str);
            Session session = getSession();
            if (session == null || !session.isOpen()) {
                return;
            }
            this.logger.debug(">> {} ({})", str, getThingUID());
            this.logger.trace(">> {} ({})", HexUtils.bytesToHex(encrypt), getWebSocketHandler());
            session.getRemote().sendBytes(ByteBuffer.wrap(encrypt));
        } catch (Exception e) {
            this.logger.error("Failed to send message! error={} thingUID={}", e.getMessage(), getThingUID());
        }
    }

    @OnWebSocketMessage
    public void onBinaryMessage(Session session, InputStream inputStream) throws IOException, NoSuchAlgorithmException, InvalidKeyException {
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        byte[] bArr = new byte[8192];
        Throwable th = null;
        try {
            while (true) {
                try {
                    int read = inputStream.read(bArr);
                    if (read == -1) {
                        break;
                    } else {
                        byteArrayOutputStream.write(bArr, 0, read);
                    }
                } catch (Throwable th2) {
                    if (inputStream != null) {
                        inputStream.close();
                    }
                    throw th2;
                }
            }
            byte[] byteArray = byteArrayOutputStream.toByteArray();
            this.logger.trace("<< {} ({})", HexUtils.bytesToHex(byteArray), getThingUID());
            String str = new String(decrypt(byteArray), StandardCharsets.UTF_8);
            this.logger.debug("<< {} ({})", str, getThingUID());
            getWebSocketHandler().onWebSocketMessage(str, this);
            if (inputStream != null) {
                inputStream.close();
            }
        } catch (Throwable th3) {
            if (0 == 0) {
                th = th3;
            } else if (null != th3) {
                th.addSuppressed(th3);
            }
            throw th;
        }
    }

    private byte[] hmac(byte[] bArr, byte[] bArr2) throws NoSuchAlgorithmException, InvalidKeyException {
        Mac mac = Mac.getInstance(HMAC_SHA_256);
        mac.init(new SecretKeySpec(bArr, HMAC_SHA_256));
        return mac.doFinal(bArr2);
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r1v7, types: [byte[], byte[][]] */
    private byte[] decrypt(byte[] bArr) throws NoSuchAlgorithmException, InvalidKeyException {
        if (bArr.length < 32) {
            this.logger.error("Can not decrypt invalid message! Short message? {}", HexUtils.bytesToHex(bArr));
        }
        if (bArr.length % 16 != 0) {
            this.logger.error("Unaligned message? Probably bad padding: {}", HexUtils.bytesToHex(bArr));
        }
        byte[] copyOfRange = Arrays.copyOfRange(bArr, 0, bArr.length - 16);
        byte[] copyOfRange2 = Arrays.copyOfRange(bArr, bArr.length - 16, bArr.length);
        byte[] createHmacMessage = createHmacMessage(concatenateByteArrays(new byte[]{new byte[]{67}, this.lastRxHmac}), copyOfRange);
        if (!Arrays.equals(copyOfRange2, createHmacMessage)) {
            this.logger.error("HMAC failure! appliance={} ourHmac={}, msgLength={}", new Object[]{HexUtils.bytesToHex(copyOfRange2), HexUtils.bytesToHex(createHmacMessage), Integer.valueOf(bArr.length)});
        }
        this.lastRxHmac = copyOfRange2;
        byte[] update = this.aesDecrypt.update(copyOfRange);
        int i = update[update.length - 1] & 255;
        if (update.length < i) {
            this.logger.error("Padding error! {}", HexUtils.bytesToHex(update));
        }
        this.logger.trace("padding length={}", Integer.valueOf(i));
        return Arrays.copyOfRange(update, 0, update.length - i);
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r1v15, types: [byte[], byte[][]] */
    /* JADX WARN: Type inference failed for: r1v18, types: [byte[], byte[][]] */
    /* JADX WARN: Type inference failed for: r1v22, types: [byte[], byte[][]] */
    public byte[] encrypt(String str) throws NoSuchAlgorithmException, InvalidKeyException {
        byte[] bytes = str.getBytes(StandardCharsets.UTF_8);
        this.logger.trace("encrypt: clearMsg={}", HexUtils.bytesToHex(bytes));
        int length = 16 - (bytes.length % 16);
        if (length == 1) {
            length += 16;
        }
        this.logger.trace("encrypt: padLen={}", Integer.valueOf(length));
        byte[] bArr = new byte[length];
        bArr[0] = 0;
        byte[] bArr2 = new byte[length - 2];
        new SecureRandom().nextBytes(bArr2);
        System.arraycopy(bArr2, 0, bArr, 1, length - 2);
        bArr[length - 1] = (byte) length;
        byte[] update = this.aesEncrypt.update(concatenateByteArrays(new byte[]{bytes, bArr}));
        this.lastTxHmac = createHmacMessage(concatenateByteArrays(new byte[]{new byte[]{69}, this.lastTxHmac}), update);
        return concatenateByteArrays(new byte[]{update, this.lastTxHmac});
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r1v1, types: [byte[], byte[][]] */
    private byte[] createHmacMessage(byte[] bArr, byte[] bArr2) throws NoSuchAlgorithmException, InvalidKeyException {
        return Arrays.copyOfRange(hmac(this.macKey, concatenateByteArrays(new byte[]{this.iv, bArr, bArr2})), 0, 16);
    }

    private byte[] concatenateByteArrays(byte[]... bArr) {
        int i = 0;
        for (byte[] bArr2 : bArr) {
            i += bArr2.length;
        }
        byte[] bArr3 = new byte[i];
        int i2 = 0;
        for (byte[] bArr4 : bArr) {
            System.arraycopy(bArr4, 0, bArr3, i2, bArr4.length);
            i2 += bArr4.length;
        }
        return bArr3;
    }
}
