package com.mathworks.toolbox.distcomp.mjs.jobmanager.spf.crypto;

import com.mathworks.resource_core.BaseMsgID;
import com.mathworks.resources.parallel.cluster.mjs;
import com.mathworks.toolbox.distcomp.mjs.auth.CryptoException;
import com.mathworks.toolbox.distcomp.mjs.auth.modules.DatabaseDigestAlgorithm;
import com.mathworks.toolbox.distcomp.mjs.jobmanager.PackageInfo;
import com.mathworks.toolbox.distcomp.util.security.Decryptor;
import com.mathworks.toolbox.distcomp.util.security.EncryptionAlgorithm;
import java.util.ArrayList;
import java.util.List;
import java.util.Set;
import java.util.UUID;
import java.util.logging.Level;

/* loaded from: input_file:com/mathworks/toolbox/distcomp/mjs/jobmanager/spf/crypto/SecurityModule.class */
public final class SecurityModule {
    private final SecurityConfig fSecurityConfig;
    private final SessionStore fSessionStore;
    private final SessionFactory fSessionFactory;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:com/mathworks/toolbox/distcomp/mjs/jobmanager/spf/crypto/SecurityModule$NoCompatibleDigestAlgorithmException.class */
    public static final class NoCompatibleDigestAlgorithmException extends CryptoException {
        private static final long serialVersionUID = 1;

        private NoCompatibleDigestAlgorithmException() {
        }

        @Override // com.mathworks.toolbox.distcomp.mjs.auth.CryptoException
        protected BaseMsgID getFilledMessage() {
            return new mjs.NoCompatibleDigestAlgorithm();
        }

        @Override // com.mathworks.toolbox.distcomp.mjs.auth.CryptoException
        protected BaseMsgID getFilledLocalizedMessage() {
            return new mjs.NoCompatibleDigestAlgorithm();
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:com/mathworks/toolbox/distcomp/mjs/jobmanager/spf/crypto/SecurityModule$NoCompatibleEncryptionAlgorithmException.class */
    public static final class NoCompatibleEncryptionAlgorithmException extends CryptoException {
        private static final long serialVersionUID = 1;

        private NoCompatibleEncryptionAlgorithmException() {
        }

        @Override // com.mathworks.toolbox.distcomp.mjs.auth.CryptoException
        protected BaseMsgID getFilledMessage() {
            return new mjs.NoCompatibleEncryptionAlgorithm();
        }

        @Override // com.mathworks.toolbox.distcomp.mjs.auth.CryptoException
        protected BaseMsgID getFilledLocalizedMessage() {
            return new mjs.NoCompatibleEncryptionAlgorithm();
        }
    }

    public SecurityModule(SecurityConfig securityConfig) {
        this.fSecurityConfig = securityConfig;
        this.fSessionStore = new SessionStore(securityConfig.getSessionLifetimeMinutes());
        this.fSessionFactory = new SPFSessionFactory(securityConfig.getSecurityDir());
    }

    public ServerSecurityConfig createSession(ClientSecurityConfig clientSecurityConfig) throws CryptoException {
        List<DatabaseDigestAlgorithm> chooseDigestAlgorithmChain = chooseDigestAlgorithmChain(clientSecurityConfig);
        EncryptionAlgorithm chooseEncryptionAlgorithm = chooseEncryptionAlgorithm(clientSecurityConfig);
        Session createSession = this.fSessionFactory.createSession(chooseEncryptionAlgorithm);
        this.fSessionStore.addSession(createSession);
        return new ServerSecurityConfig(chooseDigestAlgorithmChain, chooseEncryptionAlgorithm, createSession.getEncryptorKeyBytes(), createSession.getSessionID());
    }

    public void closeSession(UUID uuid) {
        this.fSessionStore.removeSession(uuid);
    }

    private List<DatabaseDigestAlgorithm> chooseDigestAlgorithmChain(ClientSecurityConfig clientSecurityConfig) throws CryptoException {
        Set<DatabaseDigestAlgorithm> supportedDigestAlgorithms = clientSecurityConfig.getSupportedDigestAlgorithms();
        ArrayList arrayList = new ArrayList();
        for (DatabaseDigestAlgorithm databaseDigestAlgorithm : this.fSecurityConfig.getSupportedDigestAlgorithms()) {
            if (!supportedDigestAlgorithms.contains(databaseDigestAlgorithm)) {
                break;
            }
            PackageInfo.LOGGER.log(Level.CONFIG, "Appending digest algorithm: " + databaseDigestAlgorithm.name());
            arrayList.add(databaseDigestAlgorithm);
        }
        if (!arrayList.isEmpty()) {
            return arrayList;
        }
        PackageInfo.LOGGER.log(Level.SEVERE, "No compatible digest algorithm found");
        throw new NoCompatibleDigestAlgorithmException();
    }

    private EncryptionAlgorithm chooseEncryptionAlgorithm(ClientSecurityConfig clientSecurityConfig) throws CryptoException {
        Set<EncryptionAlgorithm> supportedEncryptionAlgorithms = clientSecurityConfig.getSupportedEncryptionAlgorithms();
        for (EncryptionAlgorithm encryptionAlgorithm : this.fSecurityConfig.getSupportedEncryptionAlgorithms()) {
            if (supportedEncryptionAlgorithms.contains(encryptionAlgorithm)) {
                PackageInfo.LOGGER.log(Level.CONFIG, "Selecting encryption algorithm: " + encryptionAlgorithm.name());
                return encryptionAlgorithm;
            }
        }
        PackageInfo.LOGGER.log(Level.SEVERE, "No compatible encryption algorithm found");
        throw new NoCompatibleEncryptionAlgorithmException();
    }

    public byte[] decrypt(byte[] bArr, byte[] bArr2, UUID uuid) throws CryptoException {
        Decryptor createDecryptor = this.fSessionStore.getSession(uuid).createDecryptor(bArr2);
        try {
            byte[] decrypt = createDecryptor.decrypt(bArr);
            createDecryptor.destroy();
            return decrypt;
        } catch (Throwable th) {
            createDecryptor.destroy();
            throw th;
        }
    }

    public void destroy() {
        this.fSessionStore.clear();
    }
}
