package org.opendof.core.internal.protocol.trp;

import java.util.Arrays;
import org.opendof.core.internal.core.OALCore;
import org.opendof.core.internal.core.OALOperation;
import org.opendof.core.internal.core.OALSecurityScope;
import org.opendof.core.internal.core.OALSecurityScopeList;
import org.opendof.core.internal.core.OperationProcessor;
import org.opendof.core.internal.core.security.DomainStore;
import org.opendof.core.internal.core.security.OALSecurityTicket;
import org.opendof.core.internal.protocol.Marshallable;
import org.opendof.core.internal.protocol.PacketData;
import org.opendof.core.internal.protocol.security.AuthenticationException;
import org.opendof.core.internal.protocol.security.Authenticator;
import org.opendof.core.internal.protocol.security.EncryptionUtil;
import org.opendof.core.internal.protocol.security.KeyRequest;
import org.opendof.core.internal.protocol.security.credentials.Credentials;
import org.opendof.core.internal.util.BufferedPacket;
import org.opendof.core.oal.DOF;
import org.opendof.core.oal.DOFMarshalContext;
import org.opendof.core.oal.DOFMarshalException;
import org.opendof.core.oal.DOFObjectID;
import org.opendof.core.oal.DOFPacket;
import org.opendof.core.oal.security.DOFAuthenticationFailedException;
import org.opendof.core.oal.security.DOFSecurityException;

/* loaded from: input_file:org/opendof/core/internal/protocol/trp/SessionOperation.class */
public class SessionOperation extends TRPOperation implements Marshallable {
    public static final short OPCODE = 3;
    private volatile Authenticator.SessionRequest sessionRequest;
    private volatile Authenticator.SessionResponse sessionResponse;
    private volatile byte[] sessionKey;

    public SessionOperation(OALOperation.State state, Authenticator.SessionRequest sessionRequest, Credentials credentials, OperationProcessor operationProcessor, short s) {
        super(credentials, state, null, operationProcessor, s);
        this.sessionRequest = sessionRequest;
        this.domain = this.sessionRequest.responder.getDomainID();
        if (this.domain.isBroadcast() || this.domain.hasAttributes()) {
            throw new IllegalArgumentException("SessionOperation: domain.isBroadcast() || domain.hasAttributes()");
        }
        try {
            BufferedPacket bufferedPacket = new BufferedPacket();
            bufferedPacket.setMark(3, 0);
            this.sessionRequest.responder.marshal(DOFMarshalContext.COMMAND, null, bufferedPacket);
            bufferedPacket.setMark(2, 0);
            if (this.sessionRequest.I == null) {
                bufferedPacket.setMark(1, 0);
                this.sessionRequest.initiator.marshal(DOFMarshalContext.COMMAND, null, bufferedPacket);
                bufferedPacket.putByteArray(this.sessionRequest.mode);
                bufferedPacket.putByte(this.sessionRequest.duration / 8);
                bufferedPacket.setMark(0, 0);
                this.sessionRequest.I = bufferedPacket.readPacket();
                this.sessionRequest.i_offset = bufferedPacket.getMark(0);
                this.sessionRequest.i_length = bufferedPacket.getMark(1) - this.sessionRequest.i_offset;
            }
            this.sessionRequest.R = bufferedPacket.readPacket();
            this.sessionRequest.r_offset = bufferedPacket.getMark(2);
            this.sessionRequest.r_length = bufferedPacket.getMark(3) - this.sessionRequest.r_offset;
        } catch (Exception e) {
            Authenticator.SessionRequest sessionRequest2 = this.sessionRequest;
            byte[] bArr = new byte[0];
            this.sessionRequest.I = bArr;
            sessionRequest2.R = bArr;
            Authenticator.SessionRequest sessionRequest3 = this.sessionRequest;
            Authenticator.SessionRequest sessionRequest4 = this.sessionRequest;
            Authenticator.SessionRequest sessionRequest5 = this.sessionRequest;
            this.sessionRequest.i_length = 0;
            sessionRequest5.i_offset = 0;
            sessionRequest4.r_length = 0;
            sessionRequest3.r_offset = 0;
        }
    }

    public SessionOperation(OALOperation.State state, Authenticator.SessionResponse sessionResponse, short s) {
        super(null, state, null, null, s);
        this.sessionResponse = sessionResponse;
    }

    public SessionOperation(PacketData packetData, DOFMarshalContext dOFMarshalContext, Object obj, BufferedPacket bufferedPacket) throws DOFMarshalException {
        super(null, packetData.opState, null, null, packetData.appVersion);
        bufferedPacket.getByte();
        if (dOFMarshalContext != DOFMarshalContext.COMMAND) {
            OALCore core = packetData.opState.getCore();
            OALOperation operation = core.getOperation(packetData.opState.getOperationID());
            if (operation != null) {
                this.domain = ((SessionOperation) operation).domain;
            }
            OALSecurityTicket oALSecurityTicket = new OALSecurityTicket(dOFMarshalContext, DefaultTRP.getCipherAlgorithm(this.appid), bufferedPacket);
            OALSecurityTicket oALSecurityTicket2 = new OALSecurityTicket(dOFMarshalContext, DefaultTRP.getCipherAlgorithm(this.appid), bufferedPacket);
            byte[] readBuffer = bufferedPacket.readBuffer();
            int frontBufferSize = bufferedPacket.getFrontBufferSize();
            short s = (short) (bufferedPacket.getByte() * 8);
            OALSecurityScope createSecurityScope = core.globalFactory.createSecurityScope(core, (DomainStore.DomainAlias) null, dOFMarshalContext, (Object) null, bufferedPacket);
            this.sessionResponse = new Authenticator.SessionResponse(oALSecurityTicket2, oALSecurityTicket, s, createSecurityScope, new OALSecurityScopeList(core, null, dOFMarshalContext, createSecurityScope, bufferedPacket), new OALSecurityScopeList(core, null, dOFMarshalContext, createSecurityScope, bufferedPacket), readBuffer, frontBufferSize, bufferedPacket.getFrontBufferSize() - frontBufferSize);
            return;
        }
        this.domain = DOFObjectID.Domain.create(bufferedPacket.getOID());
        if (this.domain.hasAttributes() || this.domain.isBroadcast()) {
            throw new DOFMarshalException("SessionOperation unmarshal failed: domain.hasAttributes() || domain.isBroadcast()", null);
        }
        this.sessionRequest = new Authenticator.SessionRequest();
        this.sessionRequest.R = bufferedPacket.readBuffer();
        this.sessionRequest.r_offset = bufferedPacket.getFrontBufferSize();
        this.sessionRequest.responder = new KeyRequest(dOFMarshalContext, this.domain, bufferedPacket);
        this.sessionRequest.r_length = bufferedPacket.getFrontBufferSize() - this.sessionRequest.r_offset;
        this.sessionRequest.I = bufferedPacket.readBuffer();
        this.sessionRequest.i_offset = bufferedPacket.getFrontBufferSize();
        this.sessionRequest.duration = (short) (bufferedPacket.getByte() * 8);
        int readByte = bufferedPacket.readByte(3);
        this.sessionRequest.mode = bufferedPacket.getByteArray(4 + readByte);
        this.sessionRequest.initiator = new KeyRequest(dOFMarshalContext, this.domain, bufferedPacket);
        this.sessionRequest.i_length = bufferedPacket.getFrontBufferSize() - this.sessionRequest.i_offset;
    }

    @Override // org.opendof.core.internal.protocol.trp.TRPOperation
    public void process(Authenticator authenticator) {
        try {
            respond(new SessionOperation(getState().asResponse(), authenticator.requestSession(this.sessionRequest, DefaultTRP.getCipherAlgorithm(this.appid)), this.appid));
        } catch (AuthenticationException e) {
            if (DOF.Log.isLogDebug()) {
                if (this.sessionRequest != null) {
                    DOF.Log.message(DOF.Log.Level.DEBUG, "Authenticator for domain " + authenticator.getDomainID() + " identity " + this.sessionRequest.initiator.getCredentials().getIdentity() + ", requestSession failed with authentication error", e);
                } else {
                    DOF.Log.message(DOF.Log.Level.DEBUG, "Authenticator for domain " + authenticator.getDomainID() + ", requestSession failed with authentication error", e);
                }
            }
            respond(new RejectOperation(getState().asResponse(), e.getErrorCode(), this.appid));
        } catch (Exception e2) {
            if (DOF.Log.isLogWarn()) {
                if (this.sessionRequest != null) {
                    DOF.Log.message(DOF.Log.Level.WARN, "Authenticator for domain " + authenticator.getDomainID() + " identity " + this.sessionRequest.initiator.getCredentials().getIdentity() + ", requestSession failed with internal error", e2);
                } else {
                    DOF.Log.message(DOF.Log.Level.WARN, "Authenticator for domain " + authenticator.getDomainID() + ", requestSession failed with internal error", e2);
                }
            }
            respond(new RejectOperation(getState().asResponse(), AuthenticationException.INTERNAL_ERROR, this.appid));
        }
        asyncSetComplete();
    }

    public Authenticator.SessionRequest getSessionRequest() {
        return this.sessionRequest != null ? this.sessionRequest : ((SessionOperation) getCommandOperation()).sessionRequest;
    }

    public synchronized Authenticator.SessionResponse getSessionResponse() throws DOFSecurityException {
        Authenticator.SessionResponse sessionResponse;
        Authenticator.SessionRequest sessionRequest;
        if (this.sessionRequest == null) {
            sessionRequest = getSessionRequest();
            sessionResponse = this.sessionResponse;
        } else {
            if (this.sessionResponse != null) {
                return this.sessionResponse;
            }
            if (getFirstResponse() instanceof RejectOperation) {
                throw new AuthenticationException(805306368 | ((RejectOperation) getFirstResponse()).getError());
            }
            SessionOperation sessionOperation = (SessionOperation) getFirstResponse();
            if (sessionOperation == null || sessionOperation.sessionResponse == null) {
                throw new DOFSecurityException();
            }
            sessionResponse = sessionOperation.sessionResponse;
            sessionRequest = this.sessionRequest;
        }
        if (getCredentials() == null) {
            throw new DOFSecurityException("Credentials not known.");
        }
        DOFObjectID.Domain domainID = sessionRequest.initiator.getDomainID();
        byte[] sharedSecret = getCredentials().getSharedSecret();
        byte[] sessionKey = sessionResponse.responder.getSessionKey(sharedSecret);
        if (!Arrays.equals(sessionResponse.responder.mac, EncryptionUtil.hmac_SHA256(sharedSecret, domainID, sessionRequest.I, sessionRequest.i_offset, sessionRequest.i_length, sessionRequest.R, sessionRequest.r_offset, sessionRequest.r_length, sessionResponse.A, sessionResponse.a_offset, sessionResponse.a_length, sessionKey))) {
            getCredentials().reset();
            throw new DOFAuthenticationFailedException();
        }
        this.sessionResponse = sessionResponse;
        this.sessionRequest = sessionRequest;
        this.sessionKey = sessionKey;
        validResponse();
        return this.sessionResponse;
    }

    public byte[] getSessionKey() throws DOFSecurityException {
        getSessionResponse();
        return this.sessionKey;
    }

    @Override // org.opendof.core.internal.core.OALOperation, org.opendof.core.internal.protocol.Marshallable
    public void marshal(DOFMarshalContext dOFMarshalContext, Object obj, DOFPacket dOFPacket) throws DOFMarshalException {
        BufferedPacket bufferedPacket = (BufferedPacket) dOFPacket;
        if (dOFMarshalContext == DOFMarshalContext.COMMAND) {
            bufferedPacket.putByteArray(this.sessionRequest.I, this.sessionRequest.i_offset, this.sessionRequest.i_length);
            bufferedPacket.putByteArray(this.sessionRequest.R, this.sessionRequest.r_offset, this.sessionRequest.r_length);
            bufferedPacket.putOID(this.domain);
        } else {
            bufferedPacket.putByteArray(this.sessionResponse.A, this.sessionResponse.a_offset, this.sessionResponse.a_length);
            this.sessionResponse.initiator.marshal(dOFMarshalContext, null, bufferedPacket);
            this.sessionResponse.responder.marshal(dOFMarshalContext, null, bufferedPacket);
        }
        bufferedPacket.putByte(3);
    }
}
