package org.opendof.core.internal.protocol.trp;

import java.util.Arrays;
import org.opendof.core.internal.core.OALOperation;
import org.opendof.core.internal.core.OperationProcessor;
import org.opendof.core.internal.core.security.OALSecurityTicket;
import org.opendof.core.internal.protocol.Marshallable;
import org.opendof.core.internal.protocol.PacketData;
import org.opendof.core.internal.protocol.security.AuthenticationException;
import org.opendof.core.internal.protocol.security.Authenticator;
import org.opendof.core.internal.protocol.security.EncryptionUtil;
import org.opendof.core.internal.protocol.security.KeyRequest;
import org.opendof.core.internal.protocol.security.credentials.Credentials;
import org.opendof.core.internal.protocol.security.credentials.key.SharedKeyCredentials;
import org.opendof.core.internal.util.BufferedPacket;
import org.opendof.core.oal.DOF;
import org.opendof.core.oal.DOFMarshalContext;
import org.opendof.core.oal.DOFMarshalException;
import org.opendof.core.oal.DOFObjectID;
import org.opendof.core.oal.DOFPacket;
import org.opendof.core.oal.security.DOFAuthenticationFailedException;
import org.opendof.core.oal.security.DOFSecurityException;

/* loaded from: input_file:org/opendof/core/internal/protocol/trp/LocalDomainOperation.class */
public class LocalDomainOperation extends TRPOperation implements Marshallable {
    public static final short OPCODE = 7;
    private Authenticator.LocalDomainRequest localRequest;
    private volatile Authenticator.LocalDomainResponse localResponse;
    private byte[] distributedKey;
    private boolean responseValidated;

    public LocalDomainOperation(OALOperation.State state, DOFObjectID.Domain domain, Authenticator.RemoteDomainRequest remoteDomainRequest, Authenticator.RemoteDomainResponse remoteDomainResponse, Credentials credentials, OperationProcessor operationProcessor, short s) {
        super(credentials, state, null, operationProcessor, s);
        this.responseValidated = false;
        this.domain = remoteDomainRequest.remoteDomainID;
        if (this.domain.isBroadcast() || this.domain.hasAttributes()) {
            throw new IllegalArgumentException("LocalDomainOperation: domain.isBroadcast() || domain.hasAttributes()");
        }
        this.localRequest = new Authenticator.LocalDomainRequest();
        this.localRequest.I = remoteDomainRequest.I;
        this.localRequest.i_offset = remoteDomainRequest.i_offset;
        this.localRequest.i_length = remoteDomainRequest.i_length;
        this.localRequest.initiator = remoteDomainRequest.initiator;
        this.localRequest.localCredentials = this.localRequest.initiator.getCredentials();
        this.localRequest.A = remoteDomainResponse.A;
        this.localRequest.a_offset = remoteDomainResponse.a_offset;
        this.localRequest.a_length = remoteDomainResponse.a_length;
        this.localRequest.remoteDomain = domain;
        this.localRequest.relatedID = remoteDomainResponse.relatedID;
        this.localRequest.remoteTicket = remoteDomainResponse.ticket;
    }

    public LocalDomainOperation(OALOperation.State state, Authenticator.LocalDomainResponse localDomainResponse, short s) {
        super(null, state, null, null, s);
        this.responseValidated = false;
        this.localResponse = localDomainResponse;
    }

    public LocalDomainOperation(PacketData packetData, DOFMarshalContext dOFMarshalContext, Object obj, BufferedPacket bufferedPacket) throws DOFMarshalException {
        super(null, packetData.opState, null, null, packetData.appVersion);
        this.responseValidated = false;
        bufferedPacket.getByte();
        if (dOFMarshalContext != DOFMarshalContext.COMMAND) {
            this.localResponse = new Authenticator.LocalDomainResponse();
            this.localResponse.ticket = new OALSecurityTicket(dOFMarshalContext, DefaultTRP.getCipherAlgorithm(this.appid), bufferedPacket);
            this.localResponse.A = bufferedPacket.readBuffer();
            this.localResponse.a_offset = bufferedPacket.getFrontBufferSize();
            this.localResponse.remoteDomainIdentifier = bufferedPacket.getCompressedLong();
            this.localResponse.a_length = bufferedPacket.getFrontBufferSize() - this.localResponse.a_offset;
            return;
        }
        this.domain = DOFObjectID.Domain.create(bufferedPacket.getOID());
        if (this.domain.hasAttributes() || this.domain.isBroadcast()) {
            throw new DOFMarshalException("LocalDomainOperation unmarshal failed: domain.hasAttributes() || domain.isBroadcast()", null);
        }
        this.localRequest = new Authenticator.LocalDomainRequest();
        this.localRequest.remoteDomain = DOFObjectID.Domain.create(bufferedPacket.getOID());
        if (this.localRequest.remoteDomain.hasAttributes() || this.localRequest.remoteDomain.isBroadcast()) {
            throw new DOFMarshalException("LocalDomainOperation unmarshal failed: remoteDomain.hasAttributes() || remoteDomain.isBroadcast()", null);
        }
        this.localRequest.I = bufferedPacket.readBuffer();
        this.localRequest.i_offset = bufferedPacket.getFrontBufferSize();
        this.localRequest.initiator = new KeyRequest(dOFMarshalContext, this.domain, bufferedPacket);
        this.localRequest.i_length = bufferedPacket.getFrontBufferSize() - this.localRequest.i_offset;
        this.localRequest.localCredentials = this.localRequest.initiator.getCredentials();
        this.localRequest.remoteTicket = new OALSecurityTicket(dOFMarshalContext, DefaultTRP.getCipherAlgorithm(this.appid), bufferedPacket);
        this.localRequest.A = bufferedPacket.readBuffer();
        this.localRequest.a_offset = bufferedPacket.getFrontBufferSize();
        this.localRequest.relatedID = DOFObjectID.Authentication.create(bufferedPacket.getOID());
        this.localRequest.a_length = bufferedPacket.getFrontBufferSize() - this.localRequest.a_offset;
    }

    @Override // org.opendof.core.internal.protocol.trp.TRPOperation
    public void process(Authenticator authenticator) {
        try {
            this.localResponse = authenticator.requestLocalDomain(this.localRequest, DefaultTRP.getCipherAlgorithm(this.appid));
            respond(new LocalDomainOperation(getState().asResponse(), this.localResponse, this.appid));
        } catch (AuthenticationException e) {
            if (DOF.Log.isLogDebug()) {
                if (this.localRequest != null) {
                    DOF.Log.message(DOF.Log.Level.DEBUG, "Authenticator for domain " + authenticator.getDomainID() + " identity " + this.localRequest.localCredentials.getIdentity() + ", requestLocalDomain failed with authentication error", e);
                } else {
                    DOF.Log.message(DOF.Log.Level.DEBUG, "Authenticator for domain " + authenticator.getDomainID() + ", requestLocalDomain failed with authentication error", e);
                }
            }
            respond(new RejectOperation(getState().asResponse(), e.getErrorCode(), this.appid));
        } catch (Exception e2) {
            if (DOF.Log.isLogWarn()) {
                if (this.localRequest != null) {
                    DOF.Log.message(DOF.Log.Level.WARN, "Authenticator for domain " + authenticator.getDomainID() + " identity " + this.localRequest.localCredentials.getIdentity() + ", requestLocalDomain failed with internal error", e2);
                } else {
                    DOF.Log.message(DOF.Log.Level.WARN, "Authenticator for domain " + authenticator.getDomainID() + ", requestLocalDomain failed with internal error", e2);
                }
            }
            respond(new RejectOperation(getState().asResponse(), AuthenticationException.INTERNAL_ERROR, this.appid));
        }
        asyncSetComplete();
    }

    public Authenticator.LocalDomainRequest getLocalDomainRequest() {
        return this.localRequest != null ? this.localRequest : ((LocalDomainOperation) getCommandOperation()).localRequest;
    }

    public synchronized Authenticator.LocalDomainResponse getLocalDomainResponse() throws DOFSecurityException {
        Authenticator.LocalDomainResponse localDomainResponse;
        Authenticator.LocalDomainRequest localDomainRequest;
        if (this.responseValidated) {
            return this.localResponse;
        }
        if (getCredentials() == null) {
            throw new DOFSecurityException("Credentials not known.");
        }
        if (this.localRequest == null) {
            localDomainRequest = getLocalDomainRequest();
            localDomainResponse = this.localResponse;
        } else {
            if (getFirstResponse() instanceof RejectOperation) {
                throw new AuthenticationException(805306368 | ((RejectOperation) getFirstResponse()).getError());
            }
            LocalDomainOperation localDomainOperation = (LocalDomainOperation) getFirstResponse();
            if (localDomainOperation == null) {
                throw new DOFSecurityException();
            }
            localDomainResponse = localDomainOperation.localResponse;
            if (localDomainResponse == null) {
                throw new DOFSecurityException();
            }
            localDomainRequest = this.localRequest;
        }
        byte[] sharedSecret = getCredentials().getSharedSecret();
        byte[] sessionKey = localDomainResponse.ticket.getSessionKey(sharedSecret);
        if (!Arrays.equals(localDomainResponse.ticket.mac, EncryptionUtil.hmac_SHA256(sharedSecret, localDomainRequest.localCredentials.getDomainID(), localDomainRequest.I, localDomainRequest.i_offset, localDomainRequest.i_length, null, 0, 0, localDomainResponse.A, localDomainResponse.a_offset, localDomainResponse.a_length, sessionKey))) {
            getCredentials().reset();
            throw new DOFAuthenticationFailedException();
        }
        this.localResponse = localDomainResponse;
        this.localRequest = localDomainRequest;
        this.distributedKey = sessionKey;
        this.responseValidated = true;
        validResponse();
        return this.localResponse;
    }

    public TRPRouter getTRPRouter() {
        return (TRPRouter) getRouter();
    }

    public synchronized Credentials getRemoteCredentials() throws DOFSecurityException {
        getLocalDomainResponse();
        return new SharedKeyCredentials(this.localRequest.remoteDomain, this.localRequest.relatedID, this.distributedKey);
    }

    @Override // org.opendof.core.internal.core.OALOperation, org.opendof.core.internal.protocol.Marshallable
    public void marshal(DOFMarshalContext dOFMarshalContext, Object obj, DOFPacket dOFPacket) throws DOFMarshalException {
        BufferedPacket bufferedPacket = (BufferedPacket) dOFPacket;
        if (dOFMarshalContext == DOFMarshalContext.COMMAND) {
            bufferedPacket.putByteArray(this.localRequest.A, this.localRequest.a_offset, this.localRequest.a_length);
            this.localRequest.remoteTicket.marshal(dOFMarshalContext, null, bufferedPacket);
            bufferedPacket.putByteArray(this.localRequest.I, this.localRequest.i_offset, this.localRequest.i_length);
            bufferedPacket.putOID(this.localRequest.remoteDomain);
            bufferedPacket.putOID(this.domain);
        } else {
            bufferedPacket.putByteArray(this.localResponse.A, this.localResponse.a_offset, this.localResponse.a_length);
            this.localResponse.ticket.marshal(dOFMarshalContext, null, bufferedPacket);
        }
        bufferedPacket.putByte(7);
    }

    public Credentials getInitiatorCredentials() {
        return super.getCredentials();
    }
}
