package org.metastatic.jessie.provider;

import ch.qos.logback.core.CoreConstants;
import gnu.crypto.cipher.IBlockCipher;
import gnu.crypto.mac.IMac;
import gnu.crypto.mac.MacFactory;
import gnu.crypto.mode.IMode;
import gnu.crypto.mode.ModeFactory;
import gnu.crypto.prng.IPBE;
import gnu.crypto.prng.IRandom;
import gnu.crypto.prng.LimitReachedException;
import gnu.crypto.prng.PRNGFactory;
import java.io.ByteArrayInputStream;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileOutputStream;
import java.io.IOException;
import java.io.PrintStream;
import java.security.SecureRandom;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateFactory;
import java.util.ArrayList;
import java.util.Collections;
import java.util.HashMap;
import java.util.Map;
import java.util.TreeSet;
import java.util.zip.GZIPInputStream;
import java.util.zip.GZIPOutputStream;
import javax.xml.parsers.SAXParserFactory;
import org.metastatic.jessie.Base64;
import org.metastatic.jessie.pki.provider.X509CertificateFactory;
import org.metastatic.jessie.provider.Session;
import org.xml.sax.Attributes;
import org.xml.sax.SAXException;
import org.xml.sax.helpers.DefaultHandler;

/* loaded from: input_file:org/metastatic/jessie/provider/XMLSessionContext.class */
class XMLSessionContext extends SessionContext {
    private final File file = new File(Util.getSecurityProperty("jessie.SessionContext.xml.file"));
    private final IRandom pbekdf;
    private final boolean compress;
    private boolean encoding;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/metastatic/jessie/provider/XMLSessionContext$SAXHandler.class */
    public class SAXHandler extends DefaultHandler {
        private SessionContext context;
        private Session current;
        private IRandom pbekdf;
        private String certType;
        private static final int START = 0;
        private static final int SESSIONS = 1;
        private static final int SESSION = 2;
        private static final int PEER = 3;
        private static final int PEER_CERTS = 4;
        private static final int CERTS = 5;
        private static final int SECRET = 6;
        private final XMLSessionContext this$0;
        private StringBuffer buf = new StringBuffer();
        private int state = 0;
        private IMode cipher = ModeFactory.getInstance("CBC", "AES", 16);
        private HashMap cipherAttr = new HashMap();
        private IMac mac = MacFactory.getInstance("HMAC-SHA1");
        private HashMap macAttr = new HashMap();
        private byte[] key = new byte[32];
        private byte[] iv = new byte[16];
        private byte[] mackey = new byte[20];

        SAXHandler(XMLSessionContext xMLSessionContext, SessionContext sessionContext, IRandom iRandom) {
            this.this$0 = xMLSessionContext;
            this.context = sessionContext;
            this.pbekdf = iRandom;
            this.cipherAttr.put(IBlockCipher.KEY_MATERIAL, this.key);
            this.cipherAttr.put(IMode.IV, this.iv);
            this.cipherAttr.put(IMode.STATE, new Integer(2));
            this.macAttr.put(IMac.MAC_KEY_MATERIAL, this.mackey);
        }

        @Override // org.xml.sax.helpers.DefaultHandler, org.xml.sax.ContentHandler
        public void startElement(String str, String str2, String str3, Attributes attributes) throws SAXException {
            String lowerCase = str3.toLowerCase();
            switch (this.state) {
                case 0:
                    if (!lowerCase.equals("sessions")) {
                        throw new SAXException("expecting sessions");
                    }
                    try {
                        this.this$0.timeout = Integer.parseInt(attributes.getValue("timeout"));
                        this.this$0.cacheSize = Integer.parseInt(attributes.getValue("size"));
                        if (this.this$0.timeout <= 0 || this.this$0.cacheSize < 0) {
                            throw new SAXException("timeout or cache size out of range");
                        }
                        this.state = 1;
                        return;
                    } catch (NumberFormatException e) {
                        throw new SAXException(e);
                    }
                case 1:
                    if (!lowerCase.equals("session")) {
                        throw new SAXException("expecting session");
                    }
                    try {
                        this.current = new Session(Long.parseLong(attributes.getValue("created")));
                        this.current.enabledSuites = new ArrayList(SSLSocket.supportedSuites);
                        this.current.enabledProtocols = new TreeSet(SSLSocket.supportedProtocols);
                        this.current.random = new SecureRandom();
                        this.current.context = this.context;
                        this.current.sessionId = new Session.ID(Base64.decode(attributes.getValue("id")));
                        this.current.setLastAccessedTime(Long.parseLong(attributes.getValue("timestamp")));
                        String value = attributes.getValue("protocol");
                        if (value.equals("SSLv3")) {
                            this.current.protocol = ProtocolVersion.SSL_3;
                        } else if (value.equals("TLSv1")) {
                            this.current.protocol = ProtocolVersion.TLS_1;
                        } else {
                            if (!value.equals("TLSv1.1")) {
                                throw new SAXException(new StringBuffer().append("bad protocol: ").append(value).toString());
                            }
                            this.current.protocol = ProtocolVersion.TLS_1_1;
                        }
                        this.current.cipherSuite = CipherSuite.forName(attributes.getValue("suite"));
                        this.state = 2;
                        return;
                    } catch (Exception e2) {
                        throw new SAXException(e2);
                    }
                case 2:
                    if (lowerCase.equals("peer")) {
                        this.current.peerHost = attributes.getValue("host");
                        this.state = 3;
                        return;
                    } else if (lowerCase.equals("certificates")) {
                        this.certType = attributes.getValue("type");
                        this.state = 5;
                        return;
                    } else {
                        if (!lowerCase.equals("secret")) {
                            throw new SAXException(new StringBuffer().append("bad element: ").append(lowerCase).toString());
                        }
                        try {
                            this.pbekdf.init(Collections.singletonMap(IPBE.SALT, Base64.decode(attributes.getValue("salt"))));
                            this.state = 6;
                            return;
                        } catch (IOException e3) {
                            throw new SAXException(e3);
                        }
                    }
                case 3:
                    if (!lowerCase.equals("certificates")) {
                        throw new SAXException(new StringBuffer().append("bad element: ").append(lowerCase).toString());
                    }
                    this.certType = attributes.getValue("type");
                    this.state = 4;
                    return;
                default:
                    throw new SAXException(new StringBuffer().append("bad element: ").append(lowerCase).toString());
            }
        }

        @Override // org.xml.sax.helpers.DefaultHandler, org.xml.sax.ContentHandler
        public void endElement(String str, String str2, String str3) throws SAXException {
            String lowerCase = str3.toLowerCase();
            switch (this.state) {
                case 1:
                    if (!lowerCase.equals("sessions")) {
                        throw new SAXException("expecting sessions");
                    }
                    this.state = 0;
                    break;
                case 2:
                    if (!lowerCase.equals("session")) {
                        throw new SAXException("expecting session");
                    }
                    this.current.valid = true;
                    this.context.addSession(this.current.sessionId, this.current);
                    this.state = 1;
                    break;
                case 3:
                    if (!lowerCase.equals("peer")) {
                        throw new SAXException(new StringBuffer().append("unexpected element: ").append(lowerCase).toString());
                    }
                    this.state = 2;
                    break;
                case 4:
                    if (!lowerCase.equals("certificates")) {
                        throw new SAXException(new StringBuffer().append("unexpected element: ").append(lowerCase).toString());
                    }
                    try {
                        this.current.peerCerts = (java.security.cert.Certificate[]) CertificateFactory.getInstance(this.certType).generateCertificates(new ByteArrayInputStream(this.buf.toString().getBytes())).toArray(new java.security.cert.Certificate[0]);
                        this.current.peerVerified = true;
                        this.state = 3;
                        break;
                    } catch (Exception e) {
                        throw new SAXException(e);
                    }
                case 5:
                    if (!lowerCase.equals("certificates")) {
                        throw new SAXException(new StringBuffer().append("unexpected element: ").append(lowerCase).toString());
                    }
                    try {
                        this.current.localCerts = (java.security.cert.Certificate[]) CertificateFactory.getInstance(this.certType).generateCertificates(new ByteArrayInputStream(this.buf.toString().getBytes())).toArray(new java.security.cert.Certificate[0]);
                        this.state = 2;
                        break;
                    } catch (Exception e2) {
                        throw new SAXException(e2);
                    }
                case 6:
                    if (!lowerCase.equals("secret")) {
                        throw new SAXException(new StringBuffer().append("unexpected element: ").append(lowerCase).toString());
                    }
                    try {
                        byte[] decode = Base64.decode(this.buf.toString());
                        if (decode.length != 68) {
                            throw new IOException("encrypted secret not 68 bytes long");
                        }
                        this.pbekdf.nextBytes(this.key, 0, this.key.length);
                        this.pbekdf.nextBytes(this.iv, 0, this.iv.length);
                        this.pbekdf.nextBytes(this.mackey, 0, this.mackey.length);
                        this.cipher.reset();
                        this.cipher.init(this.cipherAttr);
                        this.mac.init(this.macAttr);
                        this.mac.update(decode, 0, 48);
                        byte[] digest = this.mac.digest();
                        for (int i = 0; i < digest.length; i++) {
                            if (digest[i] != decode[48 + i]) {
                                throw new SAXException("MAC mismatch");
                            }
                        }
                        this.current.masterSecret = new byte[48];
                        for (int i2 = 0; i2 < this.current.masterSecret.length; i2 += 16) {
                            this.cipher.update(decode, i2, this.current.masterSecret, i2);
                        }
                        this.state = 2;
                        break;
                    } catch (Exception e3) {
                        throw new SAXException(e3);
                    }
                default:
                    throw new SAXException(new StringBuffer().append("unexpected element: ").append(lowerCase).toString());
            }
            this.buf.setLength(0);
        }

        @Override // org.xml.sax.helpers.DefaultHandler, org.xml.sax.ContentHandler
        public void characters(char[] cArr, int i, int i2) throws SAXException {
            if (this.state != 5 && this.state != 4 && this.state != 6) {
                throw new SAXException("illegal character data");
            }
            this.buf.append(cArr, i, i2);
        }
    }

    XMLSessionContext() throws IOException, SAXException {
        String securityProperty = Util.getSecurityProperty("jessie.SessionContext.xml.password");
        this.compress = new Boolean(Util.getSecurityProperty("jessie.SessionContext.xml.compress")).booleanValue();
        securityProperty = securityProperty == null ? "" : securityProperty;
        this.pbekdf = PRNGFactory.getInstance("PBKDF2-HMAC-SHA1");
        HashMap hashMap = new HashMap();
        hashMap.put(IPBE.PASSWORD, securityProperty.toCharArray());
        hashMap.put(IPBE.SALT, new byte[8]);
        hashMap.put(IPBE.ITERATION_COUNT, new Integer(CoreConstants.MILLIS_IN_ONE_SECOND));
        this.pbekdf.init(hashMap);
        this.encoding = false;
        if (this.file.exists()) {
            decode();
        }
        this.encoding = true;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    @Override // org.metastatic.jessie.provider.SessionContext
    public synchronized boolean addSession(Session.ID id, Session session) {
        boolean addSession = super.addSession(id, session);
        if (addSession && this.encoding) {
            try {
                encode();
            } catch (IOException e) {
            }
        }
        return addSession;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    @Override // org.metastatic.jessie.provider.SessionContext
    public synchronized void notifyAccess(Session session) {
        try {
            encode();
        } catch (IOException e) {
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    @Override // org.metastatic.jessie.provider.SessionContext
    public synchronized boolean removeSession(Session.ID id) {
        if (!super.removeSession(id)) {
            return false;
        }
        try {
            encode();
            return true;
        } catch (Exception e) {
            return true;
        }
    }

    private void decode() throws IOException, SAXException {
        try {
            SAXParserFactory.newInstance().newSAXParser().parse(this.compress ? new GZIPInputStream(new FileInputStream(this.file)) : new FileInputStream(this.file), new SAXHandler(this, this, this.pbekdf));
        } catch (Exception e) {
            throw new Error(e.toString());
        }
    }

    private void encode() throws IOException {
        IMode modeFactory = ModeFactory.getInstance("CBC", "AES", 16);
        HashMap hashMap = new HashMap();
        IMac macFactory = MacFactory.getInstance("HMAC-SHA1");
        HashMap hashMap2 = new HashMap();
        byte[] bArr = new byte[32];
        byte[] bArr2 = new byte[16];
        byte[] bArr3 = new byte[20];
        byte[] bArr4 = new byte[8];
        byte[] bArr5 = new byte[48];
        hashMap.put(IBlockCipher.KEY_MATERIAL, bArr);
        hashMap.put(IMode.IV, bArr2);
        hashMap.put(IMode.STATE, new Integer(1));
        hashMap2.put(IMac.MAC_KEY_MATERIAL, bArr3);
        PrintStream printStream = this.compress ? new PrintStream(new GZIPOutputStream(new FileOutputStream(this.file))) : new PrintStream(new FileOutputStream(this.file));
        printStream.println("<?xml version=\"1.0\"?>");
        printStream.println("<!DOCTYPE sessions [");
        printStream.println("  <!ELEMENT sessions (session*)>");
        printStream.println("  <!ATTLIST sessions size CDATA \"0\">");
        printStream.println("  <!ATTLIST sessions timeout CDATA \"86400\">");
        printStream.println("  <!ELEMENT session (peer, certificates?, secret)>");
        printStream.println("  <!ATTLIST session id CDATA #REQUIRED>");
        printStream.println("  <!ATTLIST session protocol (SSLv3|TLSv1|TLSv1.1) #REQUIRED>");
        printStream.println("  <!ATTLIST session suite CDATA #REQUIRED>");
        printStream.println("  <!ATTLIST session created CDATA #REQUIRED>");
        printStream.println("  <!ATTLIST session timestamp CDATA #REQUIRED>");
        printStream.println("  <!ELEMENT peer (certificates?)>");
        printStream.println("  <!ATTLIST peer host CDATA #REQUIRED>");
        printStream.println("  <!ELEMENT certificates (#PCDATA)>");
        printStream.println("  <!ATTLIST certificates type CDATA \"X.509\">");
        printStream.println("  <!ELEMENT secret (#PCDATA)>");
        printStream.println("  <!ATTLIST secret salt CDATA #REQUIRED>");
        printStream.println("]>");
        printStream.println();
        printStream.print("<sessions size=\"");
        printStream.print(this.cacheSize);
        printStream.print("\" timeout=\"");
        printStream.print(this.timeout);
        printStream.println("\">");
        for (Map.Entry entry : this.sessions.entrySet()) {
            Session.ID id = (Session.ID) entry.getKey();
            Session session = (Session) entry.getValue();
            if (session.valid) {
                printStream.print("<session id=\"");
                printStream.print(Base64.encode(id.getId(), 0));
                printStream.print("\" suite=\"");
                printStream.print(session.getCipherSuite());
                printStream.print("\" protocol=\"");
                printStream.print(session.getProtocol());
                printStream.print("\" created=\"");
                printStream.print(session.getCreationTime());
                printStream.print("\" timestamp=\"");
                printStream.print(session.getLastAccessedTime());
                printStream.println("\">");
                printStream.print("<peer host=\"");
                printStream.print(session.getPeerHost());
                printStream.println("\">");
                java.security.cert.Certificate[] peerCertificates = session.getPeerCertificates();
                if (peerCertificates != null && peerCertificates.length > 0) {
                    printStream.print("<certificates type=\"");
                    printStream.print(peerCertificates[0].getType());
                    printStream.println("\">");
                    for (java.security.cert.Certificate certificate : peerCertificates) {
                        printStream.println(X509CertificateFactory.BEGIN_CERTIFICATE);
                        try {
                            printStream.print(Base64.encode(certificate.getEncoded(), 70));
                            printStream.println(X509CertificateFactory.END_CERTIFICATE);
                        } catch (CertificateEncodingException e) {
                            throw new IOException(e.toString());
                        }
                    }
                    printStream.println("</certificates>");
                }
                printStream.println("</peer>");
                java.security.cert.Certificate[] localCertificates = session.getLocalCertificates();
                if (localCertificates != null && localCertificates.length > 0) {
                    printStream.print("<certificates type=\"");
                    printStream.print(localCertificates[0].getType());
                    printStream.println("\">");
                    for (java.security.cert.Certificate certificate2 : localCertificates) {
                        printStream.println(X509CertificateFactory.BEGIN_CERTIFICATE);
                        try {
                            printStream.print(Base64.encode(certificate2.getEncoded(), 70));
                            printStream.println(X509CertificateFactory.END_CERTIFICATE);
                        } catch (CertificateEncodingException e2) {
                            throw new IOException(e2.toString());
                        }
                    }
                    printStream.println("</certificates>");
                }
                try {
                    CSPRNG.SYSTEM_RANDOM.nextBytes(bArr4, 0, bArr4.length);
                } catch (LimitReachedException e3) {
                }
                this.pbekdf.init(Collections.singletonMap(IPBE.SALT, bArr4));
                try {
                    this.pbekdf.nextBytes(bArr, 0, bArr.length);
                    this.pbekdf.nextBytes(bArr2, 0, bArr2.length);
                    this.pbekdf.nextBytes(bArr3, 0, bArr3.length);
                    modeFactory.reset();
                    modeFactory.init(hashMap);
                    macFactory.init(hashMap2);
                    for (int i = 0; i < session.masterSecret.length; i += 16) {
                        modeFactory.update(session.masterSecret, i, bArr5, i);
                    }
                    macFactory.update(bArr5, 0, bArr5.length);
                    byte[] digest = macFactory.digest();
                    printStream.print("<secret salt=\"");
                    printStream.print(Base64.encode(bArr4, 0));
                    printStream.println("\">");
                    printStream.print(Base64.encode(Util.concat(bArr5, digest), 70));
                    printStream.println("</secret>");
                    printStream.println("</session>");
                } catch (Exception e4) {
                    throw new Error(e4.toString());
                }
            }
        }
        printStream.println("</sessions>");
        printStream.close();
    }
}
