package org.opendof.core.internal.protocol.sgmp;

import org.opendof.core.internal.core.OALCore;
import org.opendof.core.internal.core.OALNode;
import org.opendof.core.internal.core.OALOperation;
import org.opendof.core.internal.core.OALSecurityScope;
import org.opendof.core.internal.core.OperationSource;
import org.opendof.core.internal.core.PointPacketSender;
import org.opendof.core.internal.core.SharedConnection;
import org.opendof.core.internal.core.SharedServer;
import org.opendof.core.internal.core.security.OALSecurityTicket;
import org.opendof.core.internal.protocol.ConnectionStack;
import org.opendof.core.internal.protocol.Marshallable;
import org.opendof.core.internal.protocol.PacketData;
import org.opendof.core.internal.protocol.security.EncryptionUtil;
import org.opendof.core.internal.protocol.security.KeyRequest;
import org.opendof.core.internal.protocol.security.credentials.Credentials;
import org.opendof.core.internal.protocol.sgmp.DefaultSGMP;
import org.opendof.core.internal.protocol.sgmp.StateMachine;
import org.opendof.core.internal.util.BufferedPacket;
import org.opendof.core.oal.DOF;
import org.opendof.core.oal.DOFAddress;
import org.opendof.core.oal.DOFMarshalContext;
import org.opendof.core.oal.DOFMarshalException;
import org.opendof.core.oal.DOFObjectID;
import org.opendof.core.oal.DOFOperation;
import org.opendof.core.oal.DOFPacket;
import org.opendof.core.oal.DOFRequest;
import org.opendof.core.oal.security.DOFCipher;
import org.opendof.core.oal.security.DOFPermissionSet;
import org.opendof.core.oal.security.DOFSecurityException;

/* loaded from: input_file:org/opendof/core/internal/protocol/sgmp/RequestGroupOperation.class */
public class RequestGroupOperation extends SGMPOperation implements Marshallable {
    public static final short OPCODE = 3;
    public static final OALOperation.State.RequiredSecurity REQUIRED_SECURITY = OALOperation.State.RequiredSecurity.SESSION;
    private static final int T_REKEY_MERGE_SEND_TIMEOUT = 2000;
    private static final int T_REQUEST_GROUP_TIMEOUT = 30000;
    private static final int MARK_BEGIN_I = 0;
    private static final int MARK_END_I = 1;
    private static final int MARK_BEGIN_A = 4;
    private static final int MARK_END_A = 5;
    private final Object target;
    private final DOFObjectID.Domain domainID;
    private final int epoch;
    private final OALSecurityScope securityScope;
    private final KeyRequest request;
    private final short latestVersion;
    private final short desire;
    private final byte[] kek;
    private final byte[] keyState;
    private byte[] I;
    private int i_offset;
    private int i_length;
    private byte[] A;
    private int a_offset;
    private int a_length;
    private byte[] groupKey;
    private OALSecurityTicket ticket;

    public RequestGroupOperation(OALOperation.State state, byte[] bArr, short s, short s2, Object obj, DOFObjectID.Domain domain, int i, OALSecurityScope oALSecurityScope, KeyRequest keyRequest) {
        super(state, null);
        this.kek = bArr;
        this.latestVersion = s;
        this.desire = s2;
        this.target = obj;
        this.domainID = domain;
        this.epoch = i;
        this.securityScope = oALSecurityScope;
        this.request = keyRequest;
        this.keyState = null;
    }

    public RequestGroupOperation(OALOperation.State state, byte[] bArr, short s, short s2, byte[] bArr2, byte[] bArr3) {
        super(state, null);
        this.kek = bArr;
        this.latestVersion = s;
        this.desire = s2;
        this.groupKey = bArr2;
        this.keyState = bArr3;
        this.target = null;
        this.domainID = null;
        this.epoch = 0;
        this.securityScope = null;
        this.request = null;
    }

    public RequestGroupOperation(OALOperation.State state, DefaultSGMP defaultSGMP, DOFMarshalContext dOFMarshalContext, Object obj, BufferedPacket bufferedPacket) throws DOFMarshalException {
        super(state, defaultSGMP);
        this.target = null;
        this.kek = null;
        this.groupKey = null;
        bufferedPacket.getByte();
        if (dOFMarshalContext != DOFMarshalContext.COMMAND) {
            this.epoch = 0;
            this.request = null;
            this.securityScope = null;
            this.domainID = null;
            this.A = bufferedPacket.readBuffer();
            this.a_offset = bufferedPacket.getFrontBufferSize();
            this.keyState = bufferedPacket.getByteArray(bufferedPacket.getByte());
            this.latestVersion = bufferedPacket.getCompressedShort();
            this.desire = (short) bufferedPacket.getByte();
            this.a_length = bufferedPacket.getFrontBufferSize() - this.a_offset;
            this.ticket = new OALSecurityTicket(dOFMarshalContext, DOFCipher.Algorithm.AES, bufferedPacket);
            return;
        }
        this.keyState = null;
        this.latestVersion = (short) 0;
        this.desire = (short) 0;
        this.I = bufferedPacket.readBuffer();
        this.i_offset = bufferedPacket.getFrontBufferSize();
        this.domainID = DOFObjectID.Domain.create(bufferedPacket.getOID());
        this.epoch = bufferedPacket.getShort();
        this.request = new KeyRequest(dOFMarshalContext, this.domainID, bufferedPacket);
        OALCore core = state.getCore();
        this.securityScope = core.globalFactory.createSecurityScope(core, core.getDomainStore().getMatchingAlias(this.domainID), dOFMarshalContext, (Object) null, bufferedPacket);
        this.i_length = bufferedPacket.getFrontBufferSize() - this.i_offset;
    }

    @Override // org.opendof.core.internal.core.OALOperation
    public OALOperation.State.RequiredSecurity getRequiredSecurity() {
        return REQUIRED_SECURITY;
    }

    public int getEpoch() {
        return this.epoch;
    }

    public short getDesire() {
        return this.desire;
    }

    public short getLatestVersion() {
        return this.latestVersion;
    }

    public byte[] getKeyState() {
        return this.keyState;
    }

    public byte[] getGroupKey() {
        return this.groupKey;
    }

    public OALSecurityScope getPointSecurityScope() {
        return this.securityScope;
    }

    @Override // org.opendof.core.internal.core.OALOperation
    public void update(OALOperation.UpdateType updateType, DOFOperation dOFOperation) {
        switch (updateType) {
            case CANCELLED:
            case TIMEOUT:
                asyncSetComplete();
                return;
            case RETRY:
            case CREATED:
                if (this.target == null) {
                    process();
                    return;
                }
                try {
                    if (this.I == null) {
                        createRequest();
                    }
                    if (this.target instanceof SharedConnection) {
                        ((SharedConnection) this.target).process(this);
                    } else {
                        send((SharedServer) this.target);
                    }
                    return;
                } catch (Exception e) {
                    return;
                }
            case RESPONSE:
                RequestGroupOperation requestGroupOperation = (RequestGroupOperation) dOFOperation;
                if (requestGroupOperation.A == null) {
                    if (createTicket(requestGroupOperation)) {
                        return;
                    }
                } else if (checkTicket(requestGroupOperation)) {
                    return;
                }
                this.groupKey = requestGroupOperation.groupKey;
                respond(requestGroupOperation);
                asyncSetComplete();
                return;
            default:
                return;
        }
    }

    private void send(SharedServer sharedServer) {
        PacketData createResponse;
        try {
            if (getState().isCommand()) {
                BufferedPacket bufferedPacket = new BufferedPacket();
                createResponse = new PacketData(getState(), bufferedPacket, OALNode.createOALNodeWithServer(sharedServer, sharedServer.getConfig().getAddress()), DOFRequest.Type.MULTICAST);
                createResponse.pointScope = OALCore.getGlobalPointScope();
                marshal(DOFMarshalContext.COMMAND, null, bufferedPacket);
            } else {
                OperationSource source = getCommandOperation().getSource();
                if (!(source instanceof PacketData)) {
                    return;
                }
                PacketData packetData = (PacketData) source;
                packetData.raw = new BufferedPacket();
                packetData.pointScope = OALCore.getGlobalPointScope();
                createResponse = packetData.createResponse(sharedServer.getCore(), packetData.raw, getState().getRequiredSecurity());
                marshal(DOFMarshalContext.RESPONSE, null, createResponse.raw);
            }
            createResponse.pointContext = new PointPacketSender.Context(130, createResponse.raw.readByte(0));
            createResponse.ifProperPlaceSecurityModeInfo = true;
            createResponse.appVersion = (short) 130;
            createResponse.pointMode = getMode();
            setPending();
            sharedServer.getStack().sendApp(createResponse);
        } catch (Exception e) {
        }
    }

    private boolean checkTicket(RequestGroupOperation requestGroupOperation) {
        try {
            requestGroupOperation.groupKey = requestGroupOperation.ticket.getSessionKey(this.kek);
            byte[] hmac_SHA256 = EncryptionUtil.hmac_SHA256(this.kek, null, this.I, this.i_offset, this.i_length, null, 0, 0, requestGroupOperation.A, requestGroupOperation.a_offset, requestGroupOperation.a_length, requestGroupOperation.groupKey);
            for (int i = 0; i < 32; i++) {
                if (requestGroupOperation.ticket.mac[i] != hmac_SHA256[i]) {
                    requestGroupOperation.groupKey = null;
                    return true;
                }
            }
            return false;
        } catch (Exception e) {
            return true;
        }
    }

    private boolean createTicket(RequestGroupOperation requestGroupOperation) {
        try {
            BufferedPacket bufferedPacket = new BufferedPacket();
            bufferedPacket.setMark(5, 0);
            bufferedPacket.putByte(requestGroupOperation.desire);
            bufferedPacket.putCompressedShort(requestGroupOperation.latestVersion);
            bufferedPacket.putByteArray(requestGroupOperation.keyState);
            bufferedPacket.putByte(requestGroupOperation.keyState.length);
            bufferedPacket.setMark(4, 0);
            requestGroupOperation.A = bufferedPacket.readPacket();
            requestGroupOperation.a_offset = bufferedPacket.getMark(4);
            requestGroupOperation.a_length = bufferedPacket.getMark(5) - requestGroupOperation.a_offset;
            byte[] hmac_SHA256 = EncryptionUtil.hmac_SHA256(requestGroupOperation.kek, null, this.I, this.i_offset, this.i_length, null, 0, 0, requestGroupOperation.A, requestGroupOperation.a_offset, requestGroupOperation.a_length, requestGroupOperation.groupKey);
            byte[] encryptBlocks = EncryptionUtil.encryptBlocks(requestGroupOperation.kek, hmac_SHA256, DOFCipher.Algorithm.AES);
            for (int i = 0; i < 32; i++) {
                int i2 = i;
                encryptBlocks[i2] = (byte) (encryptBlocks[i2] ^ requestGroupOperation.groupKey[i]);
            }
            requestGroupOperation.ticket = new OALSecurityTicket(hmac_SHA256, encryptBlocks, DOFCipher.Algorithm.AES);
            return false;
        } catch (Throwable th) {
            return true;
        }
    }

    public boolean checkRequest(DOFObjectID.Domain domain, int i, Credentials credentials, OALSecurityScope oALSecurityScope, boolean z) {
        try {
            if ((((PacketData) getState().getSource()).requestType != DOFRequest.Type.MULTICAST) == z && this.domainID.equals(domain) && this.epoch == i) {
                return this.request.getCredentials().getIdentity().equals(credentials.getIdentity());
            }
            return false;
        } catch (Exception e) {
            return false;
        }
    }

    private void createRequest() throws DOFMarshalException {
        BufferedPacket bufferedPacket = new BufferedPacket();
        bufferedPacket.setMark(1, 0);
        this.securityScope.marshal(DOFMarshalContext.COMMAND, false, bufferedPacket);
        this.request.marshal(DOFMarshalContext.COMMAND, null, bufferedPacket);
        bufferedPacket.putShort(this.epoch);
        bufferedPacket.putOID(this.domainID);
        bufferedPacket.setMark(0, 0);
        this.I = bufferedPacket.readPacket();
        this.i_offset = bufferedPacket.getMark(0);
        this.i_length = bufferedPacket.getMark(1) - this.i_offset;
    }

    @Override // org.opendof.core.internal.core.OALOperation, org.opendof.core.internal.protocol.Marshallable
    public void marshal(DOFMarshalContext dOFMarshalContext, Object obj, DOFPacket dOFPacket) throws DOFMarshalException {
        BufferedPacket bufferedPacket = (BufferedPacket) dOFPacket;
        if (dOFMarshalContext == DOFMarshalContext.COMMAND) {
            bufferedPacket.putByteArray(this.I);
        } else {
            this.ticket.marshal(dOFMarshalContext, null, bufferedPacket);
            bufferedPacket.putByteArray(this.A);
        }
        bufferedPacket.putByte(3);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void process() {
        DefaultSGMP sgmp = super.getSgmp();
        String str = "";
        boolean z = false;
        DOFAddress dOFAddress = null;
        synchronized (sgmp.monitor) {
            if (sgmp.stackData == null) {
                return;
            }
            if (!getState().isCommand()) {
                switch (sgmp.stateMachine.getGroupRole()) {
                    case MANAGING:
                        if (sgmp.getGroupPriority().compareTo(new GroupPriority(sgmp, this)) <= 0) {
                            sgmp.setSurvivingManagerAddress(getSource(this));
                            sgmp.stateMachine.cancelScheduledRekey();
                            sgmp.getModeState().saveGroupKey(getGroupKey(), getKeyState(), isReceivedMulticast());
                            RekeyMergeOperation.send(sgmp, getGroupKey());
                            try {
                                Thread.sleep(2000L);
                            } catch (InterruptedException e) {
                            }
                            sgmp.getModeState().getMode().removeState();
                            try {
                                sgmp.getModeState().getMode().setNodeState(sgmp.getSurvivingManagerAddress(), getKeyState());
                            } catch (DOFSecurityException e2) {
                            }
                            sgmp.stateMachine.scheduleSurrenderHeartbeat();
                            sgmp.stateMachine.scheduleMemberPromoteKey(0);
                            sgmp.stateMachine.setLastReceiveHeartbeat();
                            if (DOF.Log.isLogTrace()) {
                                sgmp.logMessage(DOF.Log.Level.TRACE, "Shift: found a stronger manager (my desire=" + ((int) sgmp.getGroupPriority().getDesire()) + ", latestVersion=" + ((int) sgmp.getGroupPriority().getLatestVersion()) + ") through RequestGroup and standing down.");
                            }
                            sgmp.stateMachine.transition(DefaultSGMP.GroupRole.MEMBER, StateMachine.GroupState.ENTER_GROUP);
                            break;
                        }
                        break;
                    case MEMBER:
                    case JOINING:
                        if (getGroupKey() != null) {
                            sgmp.setMyManagerAddress(getSource(this));
                            sgmp.getModeState().saveGroupKey(getGroupKey(), getKeyState(), isReceivedMulticast());
                            sgmp.stateMachine.scheduleMemberPromoteKey(0);
                            sgmp.stateMachine.setEPPHeartbeatPending(true);
                            str = str + ", found an existing manager through RequestGroup and promoting the group key immediately";
                            sgmp.stateMachine.transition(DefaultSGMP.GroupRole.MEMBER, StateMachine.GroupState.ENTER_GROUP);
                            break;
                        }
                        break;
                }
            } else {
                switch (sgmp.stateMachine.getGroupRole()) {
                    case MANAGING:
                        Credentials groupCredential = sgmp.kekState.getGroupCredential();
                        OALSecurityScope securityScope = sgmp.kekState.getSecurityScope();
                        if (!checkRequest(sgmp.stackData.config.getCredentials().getDomainID(), sgmp.epochManager.getEpoch(), groupCredential, securityScope, !sgmp.stackData.isMulticastGroup())) {
                            str = str + ", dropped: Wrong group, key, etc!";
                            break;
                        } else {
                            if (!sgmp.stateMachine.isActive()) {
                                sgmp.stateMachine.setActive();
                                str = str + " (ACTIVATING)";
                            }
                            dOFAddress = getSource(this);
                            if (sgmp.stackData.isUnicastManager() && dOFAddress != null) {
                                sgmp.stackData.pointMonitor.add(dOFAddress, getPointSecurityScope(), sgmp.getModeState().getMode());
                            }
                            sgmp.stackData.sharedConnection.getDefaultConnection().notifyPeerAdded(dOFAddress, securityScope);
                            if (sgmp.stateMachine.getGroupState() != StateMachine.GroupState.JOINED_GROUP) {
                                str = str + ", dropped: New manager doesn't have a key yet!";
                                break;
                            } else {
                                z = true;
                                break;
                            }
                        }
                        break;
                    default:
                        str = str + ", dropped: Not manager.";
                        break;
                }
            }
            if (DOF.Log.isLogTrace()) {
                if (getState().isCommand()) {
                    sgmp.logMessage(DOF.Log.Level.TRACE, "received REQUEST_GROUP with group mode=" + sgmp.getModeState().getMode() + ": epoch=" + getEpoch() + str);
                } else {
                    sgmp.logMessage(DOF.Log.Level.TRACE, "received REQUEST_GROUP response with group mode=" + sgmp.getModeState().getMode() + ": desire=" + ((int) getDesire()) + ", latestVersion=" + ((int) getLatestVersion()) + str);
                }
            }
            if (z) {
                sendRequestGroupResponse(sgmp, this, dOFAddress);
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static void send(DefaultSGMP defaultSGMP) {
        SharedServer relatedConnection;
        ConnectionStack stack;
        byte[] kek;
        OALSecurityScope securityScope;
        Credentials groupCredential;
        if (defaultSGMP.stackData.isUnicastManager()) {
            return;
        }
        if (DOF.Log.isLogTrace()) {
            defaultSGMP.logMessage(DOF.Log.Level.TRACE, "Sending REQUEST_GROUP");
        }
        SharedConnection sharedConnection = defaultSGMP.stackData.sharedConnection;
        if (defaultSGMP.stackData.isMulticastGroup()) {
            relatedConnection = sharedConnection.getRelatedServer();
            stack = sharedConnection.getRelatedServer().getStack();
        } else {
            relatedConnection = sharedConnection.getRelatedConnection();
            stack = sharedConnection.getRelatedConnection().getStack();
        }
        synchronized (defaultSGMP.monitor) {
            kek = defaultSGMP.kekState.getKEK();
            securityScope = defaultSGMP.kekState.getSecurityScope();
            groupCredential = defaultSGMP.kekState.getGroupCredential();
        }
        defaultSGMP.send(new RequestGroupOperation(SGMPOperation.createState(defaultSGMP, stack, 30000, REQUIRED_SECURITY), kek, defaultSGMP.getGroupPriority().getLatestVersion(), defaultSGMP.getGroupPriority().getDesire(), relatedConnection, defaultSGMP.stackData.config.getCredentials().getDomainID(), defaultSGMP.epochManager.getEpoch(), securityScope, new KeyRequest(EncryptionUtil.createRandomNonce(8), groupCredential.getIdentification(), new DOFPermissionSet.Builder().build(), (short) 1)));
    }

    private static void sendRequestGroupResponse(DefaultSGMP defaultSGMP, RequestGroupOperation requestGroupOperation, DOFAddress dOFAddress) {
        byte[] kek;
        if (!defaultSGMP.stateMachine.havePromoted()) {
            if (DOF.Log.isLogTrace()) {
                defaultSGMP.logMessage(DOF.Log.Level.TRACE, "Sending REQUEST_GROUP response: Cannot because first has not been promoted yet.");
                return;
            }
            return;
        }
        if (DOF.Log.isLogTrace()) {
            defaultSGMP.logMessage(DOF.Log.Level.TRACE, "Sending REQUEST_GROUP response with group mode=" + defaultSGMP.getModeState().getMode());
        }
        try {
            byte[] key = defaultSGMP.getModeState().getMode().getKey(true);
            byte[] state = defaultSGMP.getModeState().getMode().getState(true, dOFAddress);
            synchronized (defaultSGMP.monitor) {
                kek = defaultSGMP.kekState.getKEK();
            }
            defaultSGMP.getCore().process(new RequestGroupOperation(requestGroupOperation.getState().asResponse(OALOperation.State.RequiredSecurity.NONE), kek, defaultSGMP.getGroupPriority().getLatestVersion(), defaultSGMP.getGroupPriority().getDesire(), key, state));
        } catch (DOFSecurityException e) {
        }
    }

    private static DOFAddress getSource(OALOperation oALOperation) {
        DOFAddress dOFAddress = null;
        if (oALOperation.getSource().getClass() == PacketData.class) {
            dOFAddress = ((PacketData) oALOperation.getSource()).getNode().getAddress();
        }
        return dOFAddress;
    }

    @Override // org.opendof.core.internal.protocol.sgmp.SGMPOperation
    public String getName() {
        return "REQUEST_GROUP";
    }
}
