package org.opendof.core.internal.protocol.sgmp;

import java.util.List;
import org.opendof.core.internal.core.OALOperation;
import org.opendof.core.internal.core.OALSecurityScope;
import org.opendof.core.internal.core.OALSecurityScopeList;
import org.opendof.core.internal.core.SharedConnection;
import org.opendof.core.internal.core.security.ScopedPermissionList;
import org.opendof.core.internal.protocol.ConnectionStack;
import org.opendof.core.internal.protocol.DPSException;
import org.opendof.core.internal.protocol.SecurityModeLayer;
import org.opendof.core.internal.protocol.security.Authenticator;
import org.opendof.core.internal.protocol.security.EncryptionUtil;
import org.opendof.core.internal.protocol.security.KeyRequest;
import org.opendof.core.internal.protocol.security.credentials.key.SharedKeyCredentials;
import org.opendof.core.internal.protocol.sgmp.DefaultSGMP;
import org.opendof.core.internal.protocol.sgmp.StateMachine;
import org.opendof.core.internal.protocol.trp.KEKOperation;
import org.opendof.core.internal.util.BufferedPacket;
import org.opendof.core.oal.DOF;
import org.opendof.core.oal.DOFMarshalContext;
import org.opendof.core.oal.DOFTerminatedException;
import org.opendof.core.oal.security.DOFPermission;
import org.opendof.core.oal.security.DOFPermissionSet;
import org.opendof.core.oal.security.DOFSecurityException;

/* loaded from: input_file:org/opendof/core/internal/protocol/sgmp/SGMPKEKOperation.class */
final class SGMPKEKOperation {
    private static final int T_REQUEST_KEK_TIMEOUT = 30000;
    private static final int KEY_SIZE = 32;

    SGMPKEKOperation() {
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static void process(DefaultSGMP defaultSGMP, KEKOperation kEKOperation) {
        try {
            Authenticator.RequestKEKResponse kEKResponse = kEKOperation.getKEKResponse();
            byte[] kek = kEKOperation.getKEK();
            int epoch = kEKResponse.getResponseBlock().getEpoch();
            if (DOF.Log.isLogTrace()) {
                defaultSGMP.logMessage(DOF.Log.Level.TRACE, "received REQUEST_KEK response:  epoch=" + epoch + ", notifiedEpoch=" + defaultSGMP.epochManager.getNotifiedEpoch());
            }
            if (defaultSGMP.receivedKEK(defaultSGMP.epochManager.isNewEpoch(epoch))) {
                synchronized (defaultSGMP.monitor) {
                    defaultSGMP.stateMachine.setLastReceiveKEK();
                    switch (defaultSGMP.stateMachine.getGroupRole()) {
                        case JOINING:
                            switch (defaultSGMP.stateMachine.getGroupState()) {
                                case OBTAINING_KEK:
                                    if (defaultSGMP.epochManager.isNewEpoch(epoch)) {
                                        saveKEKResponse(defaultSGMP, kEKResponse, kek);
                                        defaultSGMP.stateMachine.transition(DefaultSGMP.GroupRole.JOINING, StateMachine.GroupState.REQUEST_GROUP);
                                        break;
                                    }
                                    break;
                            }
                        case MEMBER:
                            switch (defaultSGMP.stateMachine.getGroupState()) {
                                case ENTER_GROUP:
                                case JOINED_GROUP:
                                    if (defaultSGMP.epochManager.isNewEpoch(epoch)) {
                                        if (epoch != defaultSGMP.epochManager.getNotifiedEpoch()) {
                                            EpochChangedOperation.send(defaultSGMP, epoch);
                                        }
                                        saveKEKResponse(defaultSGMP, kEKResponse, kek);
                                        break;
                                    }
                                    break;
                            }
                        case MANAGING:
                            defaultSGMP.stateMachine.scheduleRequestGroup();
                            switch (defaultSGMP.stateMachine.getGroupState()) {
                                case ENTER_GROUP:
                                case JOINED_GROUP:
                                    if (defaultSGMP.epochManager.isNewEpoch(epoch)) {
                                        if (epoch != defaultSGMP.epochManager.getNotifiedEpoch()) {
                                            EpochChangedOperation.send(defaultSGMP, epoch);
                                        }
                                        saveKEKResponse(defaultSGMP, kEKResponse, kek);
                                        break;
                                    }
                                    break;
                            }
                    }
                    defaultSGMP.stateMachine.setRequestKEKComplete();
                    defaultSGMP.stateMachine.scheduleRequestKEK();
                }
            }
        } catch (DOFSecurityException e) {
            if (DOF.Log.isLogTrace()) {
                defaultSGMP.logMessage(DOF.Log.Level.TRACE, "received bad REQUEST_KEK response");
            }
            defaultSGMP.terminate(new DOFTerminatedException("Failure to obtain KEK.", e));
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static KEKOperation send(DefaultSGMP defaultSGMP, DOFPermissionSet dOFPermissionSet) {
        if (DOF.Log.isLogTrace()) {
            defaultSGMP.logMessage(DOF.Log.Level.TRACE, "Sending REQUEST_KEK");
        }
        KEKOperation kEKOperation = new KEKOperation(new OALOperation.State(defaultSGMP.getCore(), defaultSGMP, defaultSGMP.stackData.core.createOperationID(), 30000, KEKOperation.REQUIRED_SECURITY), new Authenticator.RequestKEK(defaultSGMP.stackData.sharedConnection.getCredential().getIdentification().getDomainID(), new KeyRequest(EncryptionUtil.createRandomNonce(8), defaultSGMP.stackData.sharedConnection.getCredential().getIdentification(), dOFPermissionSet, (short) 1), defaultSGMP.stackData.groupID), defaultSGMP.stackData.sharedConnection.getCredential(), getKEKFallbackRoute(defaultSGMP), (short) 129);
        defaultSGMP.getCore().process(kEKOperation);
        return kEKOperation;
    }

    private static SharedConnection getKEKFallbackRoute(DefaultSGMP defaultSGMP) {
        return defaultSGMP.stackData.isUnicastMember() ? defaultSGMP.isMember() ? defaultSGMP.stackData.sharedConnection : defaultSGMP.stackData.stack.sharedConnection.getRelatedConnection() : null;
    }

    private static void saveKEKResponse(DefaultSGMP defaultSGMP, Authenticator.RequestKEKResponse requestKEKResponse, byte[] bArr) {
        BufferedPacket bufferedPacket = new BufferedPacket(requestKEKResponse.getResponseBlock().getMode(), 0, requestKEKResponse.getResponseBlock().getMode().length);
        short readShort = (short) bufferedPacket.readShort(1);
        boolean z = defaultSGMP.getModeState().getMode() == null;
        boolean z2 = true;
        SharedConnection sharedConnection = defaultSGMP.stackData.sharedConnection;
        if (defaultSGMP.getModeState().getMode() != null) {
            try {
                if (!defaultSGMP.getModeState().getMode().isConfiguredSame(requestKEKResponse.getResponseBlock().getMode())) {
                    if (defaultSGMP.getModeState().getMode().isUpdatable(requestKEKResponse.getResponseBlock().getMode())) {
                        if (DOF.Log.isLogTrace()) {
                            defaultSGMP.logMessage(DOF.Log.Level.TRACE, "Saving new updatable mode to be used upon next promotion");
                        }
                        defaultSGMP.getModeState().setFutureModeCfgBlock(requestKEKResponse.getResponseBlock().getMode());
                        return;
                    } else {
                        if (DOF.Log.isLogTrace()) {
                            defaultSGMP.logMessage(DOF.Log.Level.TRACE, "received non-updatable mode--quitting.");
                        }
                        defaultSGMP.terminate(new DOFTerminatedException("received non-updatable mode."));
                        return;
                    }
                }
                z2 = false;
            } catch (DOFSecurityException e) {
                if (DOF.Log.isLogError()) {
                    defaultSGMP.logMessage(DOF.Log.Level.ERROR, "Could not compare mode: e=" + e);
                    return;
                }
                return;
            }
        }
        if (z2) {
            defaultSGMP.getModeState().setModeAppID(readShort);
            try {
                Object securityMode = defaultSGMP.stackData.stack.factory.getSecurityMode(defaultSGMP.getModeState().getModeAppID(), DOFMarshalContext.RESPONSE, null, bufferedPacket);
                defaultSGMP.getModeState().setMode((SecurityModeLayer) securityMode);
                defaultSGMP.sgmpPermissions.setMode((SecurityModeLayer) securityMode);
            } catch (Exception e2) {
                defaultSGMP.getModeState().setMode(null);
                if (DOF.Log.isLogDebug()) {
                    defaultSGMP.logMessage(DOF.Log.Level.DEBUG, "Could not save KEK Response");
                    return;
                }
                return;
            }
        }
        if (DOF.Log.isLogDebug()) {
            defaultSGMP.logMessage(DOF.Log.Level.DEBUG, "Setting KEK parameters to T_min=" + ((int) requestKEKResponse.getResponseBlock().getT_min()) + ", T_max=" + ((int) requestKEKResponse.getResponseBlock().getT_max()) + ", T_hb=" + ((int) requestKEKResponse.getResponseBlock().getT_hb()) + ", notifiedEpoch=epoch=" + requestKEKResponse.getResponseBlock().getEpoch() + ", state_id=" + requestKEKResponse.getResponseBlock().getState_id());
        }
        synchronized (defaultSGMP.monitor) {
            defaultSGMP.stackData.stack.setSecureSID(requestKEKResponse.getResponseBlock().getSid());
            defaultSGMP.sgmpPermissions.setConnectionScope(requestKEKResponse.getResponseBlock().getI_securityScope());
            defaultSGMP.setIAmPermission(new DOFPermission.IAm(defaultSGMP.stackData.stack.getSecureSID()));
            defaultSGMP.sgmpPermissions.setInboundPermissions(ScopedPermissionList.create(requestKEKResponse.getResponseBlock().getG_permissions(), requestKEKResponse.getResponseBlock().getG_securityScopes().intersectWith(requestKEKResponse.getResponseBlock().getI_securityScope())));
            defaultSGMP.sgmpPermissions.setOutboundPermissions(ScopedPermissionList.create(defaultSGMP.sgmpPermissions.getInitialPermissions(), requestKEKResponse.getResponseBlock().getI_securityScopes().intersectWith(requestKEKResponse.getResponseBlock().getI_securityScope())));
        }
        if (!defaultSGMP.stateMachine.isPendingRekeyEpoch() && defaultSGMP.epochManager.getEpoch() != -1) {
            if (DOF.Log.isLogDebug()) {
                defaultSGMP.logMessage(DOF.Log.Level.DEBUG, "REKEY_EPOCH is now pending; epoch was " + defaultSGMP.epochManager.getEpoch() + "; epoch is now " + requestKEKResponse.getResponseBlock().getEpoch());
            }
            defaultSGMP.stateMachine.setPendingRekeyEpoch(true);
        }
        defaultSGMP.epochManager.setNotifiedEpoch(requestKEKResponse.getResponseBlock().getEpoch());
        defaultSGMP.epochManager.setEpoch(requestKEKResponse.getResponseBlock().getEpoch());
        defaultSGMP.stackData.join(requestKEKResponse);
        if (sharedConnection.getStack().addAppPending(defaultSGMP.getModeState().getModeAppID(), defaultSGMP.getModeState().getMode())) {
            sharedConnection.getStack().securing(defaultSGMP.getModeState().getMode());
            sharedConnection.setPeerCredential(new SharedKeyCredentials(defaultSGMP.stackData.config.getCredentials().getDomainID(), defaultSGMP.stackData.groupID, new byte[32]).getIdentification());
        } else if (z) {
            try {
                defaultSGMP.getModeState().getMode().init(sharedConnection.getStack());
            } catch (DPSException e3) {
                if (DOF.Log.isLogTrace()) {
                    defaultSGMP.logMessage(DOF.Log.Level.TRACE, "Failed to initialize non-first mode: " + e3);
                }
            }
        }
        ConnectionStack relatedStack = getRelatedStack(defaultSGMP);
        if (relatedStack == null) {
            return;
        }
        synchronized (defaultSGMP.monitor) {
            if (defaultSGMP.kekState.getSSID() != -1 && defaultSGMP.kekState.getSSID() != requestKEKResponse.getResponseBlock().getState_id()) {
                relatedStack.unregister(defaultSGMP.kekState.getSSID(), sharedConnection);
            }
            relatedStack.register(requestKEKResponse.getResponseBlock().getState_id(), sharedConnection, sharedConnection.getStack().state.isSSIDFromAS);
            if (sharedConnection.getRelatedServer() != null && sharedConnection.getRelatedServer().getRelatedServer() != null) {
                sharedConnection.getRelatedServer().getRelatedServer().getStack().register(requestKEKResponse.getResponseBlock().getState_id(), sharedConnection, sharedConnection.getStack().state.isSSIDFromAS);
            }
            defaultSGMP.kekState = new KEKState(requestKEKResponse.getResponseBlock().getState_id(), bArr, requestKEKResponse.getResponseBlock().getI_securityScope(), new SharedKeyCredentials(defaultSGMP.stackData.config.getCredentials().getDomainID(), defaultSGMP.stackData.groupID, bArr));
            defaultSGMP.timing = new Timing(requestKEKResponse.getResponseBlock().getT_min() * 60000, requestKEKResponse.getResponseBlock().getT_max() * 60000, requestKEKResponse.getResponseBlock().getT_hb() * 1000);
        }
        defaultSGMP.stateMachine.startDesireState();
    }

    private static OALSecurityScopeList addScopeToList(OALSecurityScope oALSecurityScope, OALSecurityScopeList oALSecurityScopeList) {
        List<OALSecurityScope> scopes = oALSecurityScopeList.getScopes();
        scopes.add(oALSecurityScope);
        return new OALSecurityScopeList(scopes);
    }

    private static ConnectionStack getRelatedStack(DefaultSGMP defaultSGMP) {
        SharedConnection sharedConnection = defaultSGMP.stackData.sharedConnection;
        return sharedConnection.getRelatedConnection() != null ? sharedConnection.getRelatedConnection().getStack() : sharedConnection.getRelatedServer() != null ? sharedConnection.getRelatedServer().getStack() : null;
    }
}
