package com.mathworks.toolbox.distcomp.mjs.security;

import com.mathworks.resources.parallel.cluster.mjs;
import com.mathworks.toolbox.distcomp.mjs.auth.CryptoException;
import com.mathworks.toolbox.distcomp.mjs.auth.modules.CryptoModuleHelper;
import com.mathworks.toolbox.distcomp.mjs.service.PackageInfo;
import com.mathworks.toolbox.distcomp.util.SystemPropertyNames;
import com.mathworks.toolbox.distcomp.util.security.KeyStoreFactory;
import com.mathworks.toolbox.distcomp.util.security.SSLContextFactory;
import com.mathworks.toolbox.parallel.keytool.CertificateSigner;
import com.mathworks.toolbox.parallel.keytool.KeyPairGenerator;
import com.mathworks.toolbox.parallel.keytool.KeyPairPrinter;
import com.mathworks.toolbox.parallel.keytool.KeyStoreGenerator;
import com.mathworks.toolbox.parallel.keytool.SignedKeyPair;
import com.mathworks.toolbox.parallel.spf.endpoint.BindEndpoint;
import com.mathworks.toolbox.parallel.spf.endpoint.ConnectEndpoint;
import com.mathworks.toolbox.parallel.util.i18n.XMLMessageCreator;
import java.io.IOException;
import java.security.GeneralSecurityException;
import java.security.KeyPair;
import java.security.KeyStore;
import java.security.PrivateKey;
import java.security.cert.Certificate;
import java.security.cert.CertificateExpiredException;
import java.security.cert.CertificateNotYetValidException;
import java.security.cert.X509Certificate;
import javax.net.ssl.SSLContext;

/* loaded from: input_file:com/mathworks/toolbox/distcomp/mjs/security/SharedSecret.class */
public final class SharedSecret {
    private static final String SHARED_SECRET_ALIAS = "SHARED_SECRET";
    private static final String KEYSTORE_PATH_NOT_SPECIFIED = "KEYSTORE_PATH_NOT_SPECIFIED";
    private static final String KEYSTORE_PASSWORD = "privatepw";
    private static final String WORKER_COMMON_NAME = "worker";
    private static SharedSecret sINSTANCE;
    private final KeyStore fKeyStore;
    static final /* synthetic */ boolean $assertionsDisabled;

    /* loaded from: input_file:com/mathworks/toolbox/distcomp/mjs/security/SharedSecret$FailedToLoadSharedSecretException.class */
    private static final class FailedToLoadSharedSecretException extends SharedSecretException {
        private static final long serialVersionUID = 1;

        private static String generateMessage() {
            return new XMLMessageCreator().createLocalizedMessage(new mjs.FailedToLoadSharedSecretFromMJSDef());
        }

        FailedToLoadSharedSecretException(Throwable th) {
            super(generateMessage(), th);
        }
    }

    /* loaded from: input_file:com/mathworks/toolbox/distcomp/mjs/security/SharedSecret$InvalidSharedSecretException.class */
    private static final class InvalidSharedSecretException extends SharedSecretException {
        private static final long serialVersionUID = 1;

        private static String generateMessage() {
            return new XMLMessageCreator().createLocalizedMessage(new mjs.SharedSecretInvalid());
        }

        InvalidSharedSecretException(Throwable th) {
            super(generateMessage(), th);
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:com/mathworks/toolbox/distcomp/mjs/security/SharedSecret$SupplierWithIO.class */
    public interface SupplierWithIO<T> {
        T get() throws GeneralSecurityException, IOException;
    }

    public static SharedSecret getInstance() {
        if (sINSTANCE == null) {
            try {
                sINSTANCE = new SharedSecret();
            } catch (IOException e) {
                throw new FailedToLoadSharedSecretException(e);
            }
        }
        return sINSTANCE;
    }

    private SharedSecret() throws IOException {
        this.fKeyStore = doLoadSharedSecret(getKeystorePathFromProperties());
        Certificate sharedSecretCertificate = getSharedSecretCertificate();
        if (!$assertionsDisabled && !(sharedSecretCertificate instanceof X509Certificate)) {
            throw new AssertionError();
        }
        try {
            ((X509Certificate) sharedSecretCertificate).checkValidity();
        } catch (CertificateExpiredException | CertificateNotYetValidException e) {
            throw new InvalidSharedSecretException(e);
        }
    }

    public SharedSecret(String str) throws IOException {
        this.fKeyStore = doLoadSharedSecret(str);
    }

    public SSLContext createServerSSLContext() {
        return new SSLContextFactory().createServerSSLContext(getKeyStore(), getKeyPassword());
    }

    private KeyStore getKeyStore() {
        return this.fKeyStore;
    }

    private char[] getKeyPassword() {
        return KEYSTORE_PASSWORD.toCharArray();
    }

    public byte[] sign(byte[] bArr) throws CryptoException {
        try {
            if (!this.fKeyStore.containsAlias(SHARED_SECRET_ALIAS)) {
                throw new SharedSecretException("Shared Secret keystore does not contain a entry under the alias: SHARED_SECRET");
            }
            return CryptoModuleHelper.INSTANCE.sign(bArr, (PrivateKey) this.fKeyStore.getKey(SHARED_SECRET_ALIAS, getKeyPassword()));
        } catch (GeneralSecurityException e) {
            throw new SharedSecretException(e);
        }
    }

    public boolean verify(byte[] bArr, byte[] bArr2) throws CryptoException {
        try {
            if (!this.fKeyStore.containsAlias(SHARED_SECRET_ALIAS)) {
                throw new SharedSecretException("Shared Secret keystore does not contain a entry under the alias: SHARED_SECRET");
            }
            return CryptoModuleHelper.INSTANCE.verify(bArr, bArr2, getSharedSecretCertificate().getPublicKey());
        } catch (GeneralSecurityException e) {
            throw new SharedSecretException(e);
        }
    }

    public Certificate getSharedSecretCertificate() {
        return (Certificate) keyStoreAliasInvoke(() -> {
            return this.fKeyStore.getCertificate(SHARED_SECRET_ALIAS);
        });
    }

    public String getServerSigningCertificate() {
        return (String) keyStoreAliasInvoke(() -> {
            return KeyPairPrinter.getCertificateString(KeyStoreGenerator.getKeyPair(this.fKeyStore, SHARED_SECRET_ALIAS, getKeyPassword()).getSignedCertificate());
        });
    }

    public BindEndpoint createTLSServerEndpoint(int i, int i2) {
        return createTLSServerEndpoint(i, i2, false);
    }

    public BindEndpoint createMutualTLSServerEndpoint(int i, int i2) {
        return createTLSServerEndpoint(i, i2, true);
    }

    private BindEndpoint createTLSServerEndpoint(int i, int i2, boolean z) {
        return (BindEndpoint) keyStoreAliasInvoke(() -> {
            SignedKeyPair keyPair = KeyStoreGenerator.getKeyPair(this.fKeyStore, SHARED_SECRET_ALIAS, getKeyPassword());
            String certificateString = KeyPairPrinter.getCertificateString(keyPair.getSignedCertificate());
            String privateKeyString = KeyPairPrinter.getPrivateKeyString(keyPair.getPrivateKey());
            return z ? BindEndpoint.createMutualTLSBindEndpoint(i, i2, certificateString, privateKeyString, certificateString) : BindEndpoint.createTLSBindEndpoint(i, i2, certificateString, privateKeyString);
        });
    }

    public ConnectEndpoint createTLSWorkerEndpoint(String str, int i) {
        return (ConnectEndpoint) keyStoreAliasInvoke(() -> {
            return ConnectEndpoint.createTLSConnectEndpoint(str, i, KeyPairPrinter.getCertificateString(KeyStoreGenerator.getKeyPair(this.fKeyStore, SHARED_SECRET_ALIAS, getKeyPassword()).getSignedCertificate()));
        });
    }

    public ConnectEndpoint createMutualTLSWorkerEndpoint(String str, int i) {
        return (ConnectEndpoint) keyStoreAliasInvoke(() -> {
            SignedKeyPair keyPair = KeyStoreGenerator.getKeyPair(this.fKeyStore, SHARED_SECRET_ALIAS, getKeyPassword());
            String certificateString = KeyPairPrinter.getCertificateString(keyPair.getSignedCertificate());
            KeyPair generateKeyPair = KeyPairGenerator.generateKeyPair();
            SignedKeyPair signedKeyPair = new SignedKeyPair(CertificateSigner.createSignedCertificate(keyPair.getSignedCertificate(), keyPair.getPrivateKey(), CertificateSigner.createSelfSignedCertificate(generateKeyPair.getPrivate(), generateKeyPair.getPublic(), WORKER_COMMON_NAME, false)), generateKeyPair.getPrivate());
            return ConnectEndpoint.createMutualTLSConnectEndpoint(str, i, KeyPairPrinter.getCertificateString(signedKeyPair.getSignedCertificate()), KeyPairPrinter.getPrivateKeyString(signedKeyPair.getPrivateKey()), certificateString);
        });
    }

    private <T> T keyStoreAliasInvoke(SupplierWithIO<T> supplierWithIO) {
        try {
            if (this.fKeyStore.containsAlias(SHARED_SECRET_ALIAS)) {
                return supplierWithIO.get();
            }
            throw new SharedSecretException("Shared Secret keystore does not contain a entry under the alias: SHARED_SECRET");
        } catch (IOException | GeneralSecurityException e) {
            throw new SharedSecretException(e);
        }
    }

    private static KeyStore doLoadSharedSecret(String str) throws IOException {
        char[] charArray = KEYSTORE_PASSWORD.toCharArray();
        PackageInfo.LOGGER.info("Loading shared secret from " + str);
        return new KeyStoreFactory().createKeyStore(str, SHARED_SECRET_ALIAS, charArray);
    }

    public static String getKeystorePathFromProperties() {
        String property = System.getProperty(SystemPropertyNames.MJS_SECURITY_KEYSTORE_PATH, KEYSTORE_PATH_NOT_SPECIFIED);
        if (KEYSTORE_PATH_NOT_SPECIFIED.equals(property)) {
            String property2 = System.getProperty(SystemPropertyNames.MJS_SECURITY_DEFAULT_KEYSTORE_PATH);
            if (property2 == null || property2.isEmpty()) {
                throw new SharedSecretException("Both keystore file path properties com.mathworks.toolbox.distcomp.mjs.security.keystorePath and com.mathworks.toolbox.distcomp.mjs.security.defaultKeystorePath are not set.");
            }
            property = property2;
        }
        return property;
    }

    static {
        $assertionsDisabled = !SharedSecret.class.desiredAssertionStatus();
        sINSTANCE = null;
    }
}
