package org.bouncycastle.mls.protocol;

import java.io.IOException;
import java.security.SecureRandom;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import org.bouncycastle.crypto.AsymmetricCipherKeyPair;
import org.bouncycastle.mls.GroupKeySet;
import org.bouncycastle.mls.KeyScheduleEpoch;
import org.bouncycastle.mls.TranscriptHash;
import org.bouncycastle.mls.TreeKEM.LeafIndex;
import org.bouncycastle.mls.TreeKEM.LeafNode;
import org.bouncycastle.mls.TreeKEM.LeafNodeSource;
import org.bouncycastle.mls.TreeKEM.TreeKEMPrivateKey;
import org.bouncycastle.mls.TreeKEM.TreeKEMPublicKey;
import org.bouncycastle.mls.codec.AuthenticatedContent;
import org.bouncycastle.mls.codec.Capabilities;
import org.bouncycastle.mls.codec.Commit;
import org.bouncycastle.mls.codec.ContentType;
import org.bouncycastle.mls.codec.Credential;
import org.bouncycastle.mls.codec.Extension;
import org.bouncycastle.mls.codec.ExtensionType;
import org.bouncycastle.mls.codec.FramedContent;
import org.bouncycastle.mls.codec.GroupContext;
import org.bouncycastle.mls.codec.GroupInfo;
import org.bouncycastle.mls.codec.GroupSecrets;
import org.bouncycastle.mls.codec.KeyPackage;
import org.bouncycastle.mls.codec.MLSInputStream;
import org.bouncycastle.mls.codec.MLSMessage;
import org.bouncycastle.mls.codec.MLSOutputStream;
import org.bouncycastle.mls.codec.PSKType;
import org.bouncycastle.mls.codec.PreSharedKeyID;
import org.bouncycastle.mls.codec.PrivateMessage;
import org.bouncycastle.mls.codec.Proposal;
import org.bouncycastle.mls.codec.ProposalOrRef;
import org.bouncycastle.mls.codec.ProposalType;
import org.bouncycastle.mls.codec.ProtocolVersion;
import org.bouncycastle.mls.codec.PublicMessage;
import org.bouncycastle.mls.codec.ResumptionPSKUsage;
import org.bouncycastle.mls.codec.Sender;
import org.bouncycastle.mls.codec.SenderType;
import org.bouncycastle.mls.codec.UpdatePath;
import org.bouncycastle.mls.codec.Welcome;
import org.bouncycastle.mls.codec.WireFormat;
import org.bouncycastle.mls.crypto.MlsCipherSuite;
import org.bouncycastle.mls.crypto.Secret;

/* loaded from: input_file:org/bouncycastle/mls/protocol/Group.class */
public class Group {
    public static final short NORMAL_COMMIT_PARAMS = 0;
    public static final short EXTERNAL_COMMIT_PARAMS = 1;
    public static final short RESTART_COMMIT_PARAMS = 2;
    public static final short REINIT_COMMIT_PARAMS = 3;
    Map<Secret, byte[]> externalPSKs;
    private Map<EpochRef, byte[]> resumptionPSKs;
    private long epoch;
    private byte[] groupID;
    private TranscriptHash transcriptHash;
    private ArrayList<Extension> extensions;
    private KeyScheduleEpoch keySchedule;
    private TreeKEMPublicKey tree;
    private TreeKEMPrivateKey treePriv;
    private GroupKeySet keys;
    private MlsCipherSuite suite;
    private LeafIndex index;
    private byte[] identitySk;
    private ArrayList<CachedProposal> pendingProposals;
    private CachedUpdate cachedUpdate;

    /* loaded from: input_file:org/bouncycastle/mls/protocol/Group$CommitOptions.class */
    public static class CommitOptions {
        List<Proposal> extraProposals;
        boolean inlineTree;
        boolean forcePath;
        LeafNodeOptions leafNodeOptions;

        public CommitOptions() {
            this.extraProposals = new ArrayList();
            this.leafNodeOptions = new LeafNodeOptions();
        }

        public CommitOptions(List<Proposal> list, boolean z, boolean z2, LeafNodeOptions leafNodeOptions) {
            this.extraProposals = list;
            this.inlineTree = z;
            this.forcePath = z2;
            if (leafNodeOptions == null) {
                this.leafNodeOptions = new LeafNodeOptions();
            } else {
                this.leafNodeOptions = leafNodeOptions;
            }
        }
    }

    /* loaded from: input_file:org/bouncycastle/mls/protocol/Group$CommitParameters.class */
    public static class CommitParameters {
        short paramID;
        KeyPackage joinerKeyPackage;
        Secret forceInitSecret;
        ResumptionPSKUsage allowedUsage;

        public CommitParameters(short s) {
            this.paramID = s;
        }

        public CommitParameters(KeyPackage keyPackage, Secret secret) {
            this.paramID = (short) 1;
            this.joinerKeyPackage = keyPackage;
            this.forceInitSecret = secret;
        }

        public CommitParameters(short s, KeyPackage keyPackage, Secret secret, ResumptionPSKUsage resumptionPSKUsage) {
            this.paramID = s;
            this.joinerKeyPackage = keyPackage;
            this.forceInitSecret = secret;
            this.allowedUsage = resumptionPSKUsage;
        }

        public CommitParameters(ResumptionPSKUsage resumptionPSKUsage) {
            this.paramID = (short) 2;
            this.allowedUsage = resumptionPSKUsage;
        }
    }

    /* loaded from: input_file:org/bouncycastle/mls/protocol/Group$EpochRef.class */
    public class EpochRef {
        byte[] id;
        long epoch;

        public EpochRef(byte[] bArr, long j) {
            this.id = (byte[]) bArr.clone();
            this.epoch = j;
        }

        public boolean equals(Object obj) {
            if (this == obj) {
                return true;
            }
            if (obj == null || getClass() != obj.getClass()) {
                return false;
            }
            EpochRef epochRef = (EpochRef) obj;
            if (this.epoch != epochRef.epoch) {
                return false;
            }
            return Arrays.equals(this.id, epochRef.id);
        }

        public int hashCode() {
            return (31 * Arrays.hashCode(this.id)) + ((int) (this.epoch ^ (this.epoch >>> 32)));
        }
    }

    /* loaded from: input_file:org/bouncycastle/mls/protocol/Group$GroupWithMessage.class */
    public class GroupWithMessage {
        public Group group;
        public MLSMessage message;

        public GroupWithMessage(Group group, MLSMessage mLSMessage) {
            this.group = group;
            this.message = mLSMessage;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:org/bouncycastle/mls/protocol/Group$JoinersWithPSKS.class */
    public class JoinersWithPSKS {
        List<LeafIndex> joiners;
        List<KeyScheduleEpoch.PSKWithSecret> psks;

        public JoinersWithPSKS(List<LeafIndex> list, List<KeyScheduleEpoch.PSKWithSecret> list2) {
            this.psks = list2;
            this.joiners = list;
        }
    }

    /* loaded from: input_file:org/bouncycastle/mls/protocol/Group$LeafNodeOptions.class */
    public static class LeafNodeOptions {
        Credential credential;
        Capabilities capabilities;
        List<Extension> extensions;

        public Credential getCredential() {
            return this.credential;
        }

        public Capabilities getCapabilities() {
            return this.capabilities;
        }

        public List<Extension> getExtensions() {
            return this.extensions;
        }

        public LeafNodeOptions() {
        }

        public LeafNodeOptions(Credential credential, Capabilities capabilities, List<Extension> list) {
            this.credential = credential;
            this.capabilities = capabilities;
            this.extensions = list;
        }
    }

    /* loaded from: input_file:org/bouncycastle/mls/protocol/Group$MessageOptions.class */
    public static class MessageOptions {
        boolean encrypt;
        byte[] authenticatedData;
        int paddingSize;

        public MessageOptions() {
            this.encrypt = false;
            this.paddingSize = 0;
            this.authenticatedData = new byte[0];
        }

        public MessageOptions(boolean z, byte[] bArr, int i) {
            this.encrypt = false;
            this.paddingSize = 0;
            this.encrypt = z;
            this.authenticatedData = bArr;
            this.paddingSize = i;
        }
    }

    /* loaded from: input_file:org/bouncycastle/mls/protocol/Group$Tombstone.class */
    public class Tombstone {
        final byte[] epochAuthenticator;
        final Proposal.ReInit reinit;
        private byte[] priorGroupID;
        private long priorEpoch;
        private byte[] resumptionPsk;

        public byte[] getEpochAuthenticator() {
            return this.epochAuthenticator;
        }

        public MlsCipherSuite getSuite() {
            return this.reinit.getSuite();
        }

        public Tombstone(Group group, Proposal.ReInit reInit) {
            this.epochAuthenticator = group.getEpochAuthenticator();
            this.reinit = reInit;
            this.priorGroupID = group.groupID;
            this.priorEpoch = group.epoch;
            this.resumptionPsk = group.keySchedule.resumptionPSK.value();
        }

        public GroupWithMessage createWelcome(AsymmetricCipherKeyPair asymmetricCipherKeyPair, byte[] bArr, LeafNode leafNode, List<KeyPackage> list, byte[] bArr2, CommitOptions commitOptions) throws Exception {
            Group group = new Group(this.reinit.getGroupID(), this.reinit.getSuite(), asymmetricCipherKeyPair, bArr, leafNode, this.reinit.getExtensions());
            group.resumptionPSKs.put(new EpochRef(this.priorGroupID, this.priorEpoch), this.resumptionPsk);
            ArrayList arrayList = new ArrayList();
            Iterator<KeyPackage> it = list.iterator();
            while (it.hasNext()) {
                arrayList.add(group.addProposal(it.next()));
            }
            byte[] bArr3 = new byte[Group.this.suite.getKDF().getHashLength()];
            new SecureRandom().nextBytes(bArr3);
            arrayList.add(Proposal.preSharedKey(PreSharedKeyID.resumption(ResumptionPSKUsage.REINIT, this.priorGroupID, this.priorEpoch, bArr3)));
            GroupWithMessage commit = group.commit(new Secret(bArr2), new CommitOptions(arrayList, commitOptions.inlineTree, commitOptions.forcePath, commitOptions.leafNodeOptions), new MessageOptions(), new CommitParameters(ResumptionPSKUsage.REINIT));
            commit.message.wireFormat = WireFormat.mls_welcome;
            return commit;
        }

        public Group handleWelcome(AsymmetricCipherKeyPair asymmetricCipherKeyPair, AsymmetricCipherKeyPair asymmetricCipherKeyPair2, AsymmetricCipherKeyPair asymmetricCipherKeyPair3, KeyPackage keyPackage, MLSMessage mLSMessage, TreeKEMPublicKey treeKEMPublicKey) throws Exception {
            HashMap hashMap = new HashMap();
            hashMap.put(new EpochRef(this.priorGroupID, this.priorEpoch), this.resumptionPsk);
            MlsCipherSuite cipherSuite = mLSMessage.getCipherSuite();
            Group group = new Group(cipherSuite.getHPKE().serializePrivateKey(asymmetricCipherKeyPair.getPrivate()), asymmetricCipherKeyPair2, cipherSuite.serializeSignaturePrivateKey(asymmetricCipherKeyPair3.getPrivate()), keyPackage, mLSMessage.welcome, treeKEMPublicKey, new HashMap(), hashMap);
            if (group.suite.getSuiteID() != this.reinit.getSuite().getSuiteID()) {
                throw new Exception("Attempt to reinit with the wrong ciphersuite");
            }
            if (group.epoch != 1) {
                throw new Exception("Reinit not done at the beginning of the group");
            }
            return group;
        }
    }

    /* loaded from: input_file:org/bouncycastle/mls/protocol/Group$TombstoneWithMessage.class */
    public class TombstoneWithMessage extends Tombstone {
        MLSMessage message;

        public MLSMessage getMessage() {
            return this.message;
        }

        public TombstoneWithMessage(Group group, Proposal.ReInit reInit, MLSMessage mLSMessage) {
            super(group, reInit);
            this.message = mLSMessage;
        }
    }

    public void insertExternalPsk(Secret secret, byte[] bArr) {
        this.externalPSKs.put(secret, bArr);
    }

    public MlsCipherSuite getSuite() {
        return this.suite;
    }

    public ArrayList<Extension> getExtensions() {
        return this.extensions;
    }

    public KeyScheduleEpoch getKeySchedule() {
        return this.keySchedule;
    }

    public TreeKEMPublicKey getTree() {
        return this.tree;
    }

    public long getEpoch() {
        return this.epoch;
    }

    public byte[] getGroupID() {
        return this.groupID;
    }

    public LeafIndex getIndex() {
        return this.index;
    }

    public MLSMessage getGroupInfo(boolean z) throws Exception {
        GroupInfo groupInfo = new GroupInfo(new GroupContext(this.suite, this.groupID, this.epoch, this.tree.getRootHash(), this.transcriptHash.getConfirmed(), this.extensions), new ArrayList(), this.keySchedule.confirmationTag(this.transcriptHash.getConfirmed()));
        byte[] serializePublicKey = this.suite.getHPKE().serializePublicKey(this.keySchedule.getExternalPublicKey());
        MLSOutputStream mLSOutputStream = new MLSOutputStream();
        mLSOutputStream.writeOpaque(serializePublicKey);
        groupInfo.getExtensions().add(new Extension(ExtensionType.EXTERNAL_PUB, mLSOutputStream.toByteArray()));
        if (z) {
            groupInfo.getExtensions().add(new Extension(ExtensionType.RATCHET_TREE, MLSOutputStream.encode(this.tree)));
        }
        groupInfo.sign(this.tree, this.index, this.suite.deserializeSignaturePrivateKey(this.identitySk));
        MLSMessage mLSMessage = new MLSMessage(WireFormat.mls_group_info);
        mLSMessage.groupInfo = groupInfo;
        return mLSMessage;
    }

    public Group() {
    }

    public Group(AsymmetricCipherKeyPair asymmetricCipherKeyPair, GroupInfo groupInfo, TreeKEMPublicKey treeKEMPublicKey) throws Exception {
        this.suite = groupInfo.getSuite();
        this.groupID = (byte[]) groupInfo.getGroupID().clone();
        this.epoch = groupInfo.getEpoch();
        this.tree = TreeKEMPublicKey.clone(importTree(groupInfo.getGroupContext().getTreeHash(), treeKEMPublicKey, groupInfo.getExtensions()));
        this.treePriv = new TreeKEMPrivateKey(this.suite, new LeafIndex(0));
        this.transcriptHash = TranscriptHash.fromConfirmationTag(this.suite, groupInfo.getGroupContext().getConfirmedTranscriptHash(), groupInfo.getConfirmationTag());
        this.extensions = new ArrayList<>(groupInfo.getGroupContext().getExtensions());
        this.keySchedule = new KeyScheduleEpoch(this.suite);
        this.index = new LeafIndex(0);
        this.identitySk = this.suite.serializeSignaturePrivateKey(asymmetricCipherKeyPair.getPrivate());
        this.pendingProposals = new ArrayList<>();
        this.resumptionPSKs = new HashMap();
        this.externalPSKs = new HashMap();
        this.keys = null;
    }

    public Group(byte[] bArr, MlsCipherSuite mlsCipherSuite, AsymmetricCipherKeyPair asymmetricCipherKeyPair, byte[] bArr2, LeafNode leafNode, List<Extension> list) throws Exception {
        this.suite = mlsCipherSuite;
        this.groupID = (byte[]) bArr.clone();
        this.epoch = 0L;
        this.tree = new TreeKEMPublicKey(mlsCipherSuite);
        this.transcriptHash = new TranscriptHash(mlsCipherSuite);
        this.extensions = new ArrayList<>();
        this.extensions.addAll(list);
        this.index = new LeafIndex(0);
        this.identitySk = (byte[]) bArr2.clone();
        this.pendingProposals = new ArrayList<>();
        this.externalPSKs = new HashMap();
        this.resumptionPSKs = new HashMap();
        this.index = this.tree.addLeaf(leafNode);
        this.tree.setHashAll();
        this.treePriv = TreeKEMPrivateKey.solo(mlsCipherSuite, this.index, asymmetricCipherKeyPair);
        if (!this.treePriv.consistent(this.tree)) {
            throw new Exception("LeafNode inconsistent with private key");
        }
        this.keySchedule = KeyScheduleEpoch.forCreator(mlsCipherSuite, MLSOutputStream.encode(getGroupContext()));
        this.keys = this.keySchedule.getEncryptionKeys(this.tree.getSize());
        this.transcriptHash.updateInterim(this.keySchedule.confirmationTag(this.transcriptHash.getConfirmed()));
    }

    public Group(byte[] bArr, AsymmetricCipherKeyPair asymmetricCipherKeyPair, byte[] bArr2, KeyPackage keyPackage, Welcome welcome, TreeKEMPublicKey treeKEMPublicKey, Map<Secret, byte[]> map, Map<EpochRef, byte[]> map2) throws Exception {
        this.pendingProposals = new ArrayList<>();
        this.suite = welcome.getSuite();
        this.epoch = 0L;
        this.identitySk = bArr2;
        this.externalPSKs = new HashMap();
        this.externalPSKs.putAll(map);
        this.resumptionPSKs = new HashMap();
        this.resumptionPSKs.putAll(map2);
        int find = welcome.find(keyPackage);
        if (find == -1) {
            throw new Exception("Welcome not intended for key package");
        }
        if (keyPackage.getSuite().getSuiteID() != welcome.getSuite().getSuiteID()) {
            throw new Exception("Ciphersuite mismatch");
        }
        GroupSecrets decryptSecrets = welcome.decryptSecrets(find, bArr);
        List<KeyScheduleEpoch.PSKWithSecret> resolve = resolve(decryptSecrets.psks);
        GroupInfo decrypt = welcome.decrypt(decryptSecrets.joiner_secret, resolve);
        if (decrypt.getSuite().getSuiteID() != this.suite.getSuiteID()) {
            throw new Exception("GroupInfo and Welcome ciphersuites disagree");
        }
        this.tree = TreeKEMPublicKey.clone(importTree(decrypt.getGroupContext().getTreeHash(), treeKEMPublicKey, decrypt.getExtensions()));
        if (!decrypt.verify(this.suite, this.tree)) {
            throw new Exception("Invalid GroupInfo");
        }
        this.epoch = decrypt.getEpoch();
        this.groupID = decrypt.getGroupID();
        this.transcriptHash = new TranscriptHash(this.suite, (byte[]) decrypt.getGroupContext().getConfirmedTranscriptHash().clone(), null);
        this.transcriptHash.updateInterim(decrypt.getConfirmationTag());
        this.extensions = new ArrayList<>();
        this.extensions.addAll(decrypt.getGroupContext().getExtensions());
        int find2 = this.tree.find(keyPackage.getLeafNode());
        if (find2 == -1) {
            throw new Exception("New joiner not in tree");
        }
        this.index = new LeafIndex(find2);
        this.treePriv = TreeKEMPrivateKey.joiner(this.tree, this.index, asymmetricCipherKeyPair, this.index.commonAncestor(decrypt.getSigner()), decryptSecrets.path_secret != null ? new Secret(decryptSecrets.path_secret.getPathSecret()) : new Secret(new byte[0]));
        this.keySchedule = KeyScheduleEpoch.joiner(this.suite, decryptSecrets.joiner_secret, resolve, MLSOutputStream.encode(getGroupContext()));
        this.keys = this.keySchedule.getEncryptionKeys(this.tree.getSize());
        if (!Arrays.equals(this.keySchedule.confirmationTag(this.transcriptHash.getConfirmed()), decrypt.getConfirmationTag())) {
            throw new Exception("Confirmation failed to verify");
        }
    }

    public Group handle(byte[] bArr, Group group) throws Exception {
        return handle(bArr, group, (CommitParameters) null);
    }

    public Group handle(byte[] bArr, Group group, CommitParameters commitParameters) throws Exception {
        AuthenticatedContent unprotect;
        MLSMessage mLSMessage = (MLSMessage) MLSInputStream.decode(bArr, MLSMessage.class);
        if (mLSMessage.version != ProtocolVersion.mls10) {
            throw new Exception("Unsupported version");
        }
        switch (mLSMessage.wireFormat) {
            case mls_public_message:
                unprotect = mLSMessage.publicMessage.unprotect(this.suite, this.keySchedule.membershipKey, getGroupContext());
                if (unprotect == null) {
                    throw new Exception("Membership tag failed to verify");
                }
                break;
            case mls_private_message:
                unprotect = mLSMessage.privateMessage.unprotect(this.suite, this.keys, this.keySchedule.senderDataSecret.value());
                if (unprotect == null) {
                    throw new Exception("PrivateMessage decryption failure");
                }
                break;
            default:
                throw new Exception("Invalid wire format");
        }
        if (verifyAuth(unprotect)) {
            return handle(unprotect, group, commitParameters);
        }
        throw new Exception("Message signature failed to verify");
    }

    public Group handle(AuthenticatedContent authenticatedContent, Group group, CommitParameters commitParameters) throws Exception {
        LeafIndex addLeaf;
        FramedContent content = authenticatedContent.getContent();
        if (!Arrays.equals(content.getGroupID(), this.groupID)) {
            throw new Exception("GroupID mismatch");
        }
        if (content.getEpoch() != this.epoch) {
            throw new Exception("epoch mismatch");
        }
        switch (content.getContentType()) {
            case PROPOSAL:
                cacheProposal(authenticatedContent);
                return null;
            case COMMIT:
                switch (content.getSender().getSenderType()) {
                    case MEMBER:
                    case NEW_MEMBER_COMMIT:
                        LeafIndex leafIndex = null;
                        if (content.getSender().getSenderType() == SenderType.MEMBER) {
                            leafIndex = content.getSender().getSender();
                        }
                        if (this.index.equals(leafIndex)) {
                            if (group == null) {
                                throw new Exception("Handle own commits with caching");
                            }
                            if (Arrays.equals(group.groupID, this.groupID) && group.epoch == this.epoch + 1 && group.index.equals(this.index)) {
                                return group;
                            }
                            throw new Exception("Invalid successor state");
                        }
                        Commit commit = content.getCommit();
                        List<CachedProposal> mustResolve = mustResolve(commit.getProposals(), leafIndex);
                        boolean z = inferCommitType(leafIndex, mustResolve, commitParameters).paramID == 1;
                        if (pathRequired(mustResolve) && commit.getUpdatePath() == null) {
                            throw new Exception("Path required but not present");
                        }
                        Group successor = successor();
                        JoinersWithPSKS apply = successor.apply(mustResolve);
                        byte[] bArr = null;
                        new LeafIndex(0);
                        if (z) {
                            addLeaf = successor.tree.addLeaf(commit.getUpdatePath().m1718clone().getLeafNode());
                            byte[] validityExternal = commit.validityExternal();
                            if (validityExternal == null) {
                                throw new Exception("Invalid external commit");
                            }
                            bArr = this.keySchedule.receiveExternalInit(validityExternal);
                        } else {
                            addLeaf = leafIndex;
                        }
                        byte[] bArr2 = new byte[this.suite.getKDF().getHashLength()];
                        if (commit.getUpdatePath() != null) {
                            UpdatePath m1718clone = commit.getUpdatePath().m1718clone();
                            if (!validateLeafNode(m1718clone.getLeafNode(), LeafNodeSource.COMMIT, addLeaf)) {
                                throw new Exception("Commit path has invalid leaf node");
                            }
                            if (!successor.tree.verifyParentHash(addLeaf, m1718clone)) {
                                throw new Exception("Commit path has invalid parent hash");
                            }
                            successor.tree.merge(addLeaf, m1718clone);
                            successor.treePriv.decap(addLeaf, successor.tree, MLSOutputStream.encode(new GroupContext(successor.suite, successor.groupID, successor.epoch + 1, successor.tree.getRootHash(), successor.transcriptHash.getConfirmed(), successor.extensions)), m1718clone, apply.joiners);
                            bArr2 = (byte[]) successor.treePriv.getUpdateSecret().value().clone();
                        }
                        successor.transcriptHash.update(authenticatedContent);
                        successor.epoch++;
                        successor.updateEpochSecrets(bArr2, apply.psks, bArr);
                        if (Arrays.equals(authenticatedContent.getConfirmationTag(), successor.keySchedule.confirmationTag(successor.transcriptHash.getConfirmed()))) {
                            return successor;
                        }
                        throw new Exception("Confirmation failed to verify");
                    default:
                        throw new Exception("Invalid commit sender type");
                }
            default:
                throw new Exception("Invalid content type");
        }
    }

    private CommitParameters inferCommitType(LeafIndex leafIndex, List<CachedProposal> list, CommitParameters commitParameters) throws Exception {
        if (commitParameters == null) {
            if (leafIndex == null && validateExternalCachedProposals(list)) {
                return new CommitParameters((short) 1);
            }
            if (leafIndex == null || !validateNormalCachedProposals(list, leafIndex)) {
                throw new Exception("Invalid proposal list");
            }
            return new CommitParameters((short) 0);
        }
        boolean z = false;
        switch (commitParameters.paramID) {
            case NORMAL_COMMIT_PARAMS /* 0 */:
                z = leafIndex != null && validateNormalCachedProposals(list, leafIndex);
                break;
            case 1:
                z = leafIndex == null && validateExternalCachedProposals(list);
                break;
            case 2:
                z = leafIndex != null && validateRestartCachedProposals(list, commitParameters.allowedUsage);
                break;
            case 3:
                z = leafIndex != null && validateReInitCachedProposals(list);
                break;
        }
        if (z) {
            return commitParameters;
        }
        throw new Exception("Invalid proposal list");
    }

    public GroupWithMessage createBranch(byte[] bArr, AsymmetricCipherKeyPair asymmetricCipherKeyPair, AsymmetricCipherKeyPair asymmetricCipherKeyPair2, LeafNode leafNode, List<Extension> list, List<KeyPackage> list2, byte[] bArr2, CommitOptions commitOptions) throws Exception {
        Group group = new Group(bArr, this.suite, asymmetricCipherKeyPair, this.suite.serializeSignaturePrivateKey(asymmetricCipherKeyPair2.getPrivate()), leafNode, this.extensions);
        group.resumptionPSKs.put(new EpochRef(this.groupID, this.epoch), (byte[]) this.keySchedule.resumptionPSK.value().clone());
        ArrayList arrayList = new ArrayList();
        Iterator<KeyPackage> it = list2.iterator();
        while (it.hasNext()) {
            arrayList.add(group.addProposal(it.next()));
        }
        byte[] bArr3 = new byte[this.suite.getKDF().getHashLength()];
        new SecureRandom().nextBytes(bArr3);
        arrayList.add(Proposal.preSharedKey(PreSharedKeyID.resumption(ResumptionPSKUsage.BRANCH, this.groupID, this.epoch, bArr3)));
        GroupWithMessage commit = group.commit(new Secret(bArr2), new CommitOptions(arrayList, commitOptions.inlineTree, commitOptions.forcePath, commitOptions.leafNodeOptions), new MessageOptions(), new CommitParameters(ResumptionPSKUsage.BRANCH));
        commit.message.wireFormat = WireFormat.mls_welcome;
        return commit;
    }

    public Group handleBranch(AsymmetricCipherKeyPair asymmetricCipherKeyPair, AsymmetricCipherKeyPair asymmetricCipherKeyPair2, AsymmetricCipherKeyPair asymmetricCipherKeyPair3, KeyPackage keyPackage, MLSMessage mLSMessage, TreeKEMPublicKey treeKEMPublicKey) throws Exception {
        HashMap hashMap = new HashMap();
        hashMap.put(new EpochRef(this.groupID, this.epoch), (byte[]) this.keySchedule.resumptionPSK.value().clone());
        Group group = new Group(this.suite.getHPKE().serializePrivateKey(asymmetricCipherKeyPair.getPrivate()), asymmetricCipherKeyPair2, this.suite.serializeSignaturePrivateKey(asymmetricCipherKeyPair3.getPrivate()), keyPackage, mLSMessage.welcome, treeKEMPublicKey, new HashMap(), hashMap);
        if (group.suite.getSuiteID() != this.suite.getSuiteID()) {
            throw new Exception("Attempt to branch with a different ciphersuite");
        }
        if (group.epoch != 1) {
            throw new Exception("Branch not done at the beginning of the group");
        }
        return group;
    }

    public Tombstone handleReinitCommit(MLSMessage mLSMessage) throws Exception {
        AuthenticatedContent unprotectToContentAuth = unprotectToContentAuth(mLSMessage);
        if (!verifyAuth(unprotectToContentAuth)) {
            throw new Exception("Message signature failed to verify");
        }
        Group handle = handle(unprotectToContentAuth, (Group) null, new CommitParameters((short) 3));
        List<CachedProposal> mustResolve = mustResolve(unprotectToContentAuth.getContent().getCommit().getProposals(), null);
        if (validateReinitProposals(mustResolve)) {
            return new Tombstone(handle, mustResolve.get(0).proposal.getReInit());
        }
        throw new Exception("Invalid proposals for reinit");
    }

    public static GroupWithMessage externalJoin(Secret secret, AsymmetricCipherKeyPair asymmetricCipherKeyPair, KeyPackage keyPackage, GroupInfo groupInfo, TreeKEMPublicKey treeKEMPublicKey, MessageOptions messageOptions, LeafIndex leafIndex, Map<Secret, byte[]> map) throws Exception {
        Group group = new Group(asymmetricCipherKeyPair, groupInfo, treeKEMPublicKey);
        MlsCipherSuite suite = keyPackage.getSuite();
        byte[] bArr = null;
        for (Extension extension : groupInfo.getExtensions()) {
            if (bArr != null) {
                break;
            }
            bArr = extension.getExternalPub();
        }
        if (bArr == null) {
            throw new Exception("No external pub in GroupInfo");
        }
        CommitOptions commitOptions = new CommitOptions();
        KeyScheduleEpoch.ExternalInitParams externalInitParams = new KeyScheduleEpoch.ExternalInitParams(suite, suite.getHPKE().deserializePublicKey(bArr));
        commitOptions.extraProposals.add(Proposal.externalInit(externalInitParams.getKEMOutput()));
        if (leafIndex != null) {
            commitOptions.extraProposals.add(group.removeProposal(leafIndex));
        }
        for (Secret secret2 : map.keySet()) {
            group.externalPSKs.put(secret2, map.get(secret2));
            commitOptions.extraProposals.add(group.preSharedKeyProposal(secret2));
        }
        GroupWithMessage commit = group.commit(secret, commitOptions, messageOptions, new CommitParameters(keyPackage, externalInitParams.getInitSecret()));
        commit.message.welcome = null;
        return commit;
    }

    public GroupWithMessage commit(Secret secret, CommitOptions commitOptions, MessageOptions messageOptions, CommitParameters commitParameters) throws Exception {
        Commit commit = new Commit();
        ArrayList arrayList = new ArrayList();
        Iterator<CachedProposal> it = this.pendingProposals.iterator();
        while (it.hasNext()) {
            CachedProposal next = it.next();
            if (next.proposal.getProposalType() == ProposalType.ADD) {
                arrayList.add(next.proposal.getAdd().keyPackage);
            }
            commit.getProposals().add(ProposalOrRef.forRef(next.proposalRef));
        }
        if (commitOptions != null) {
            for (Proposal proposal : commitOptions.extraProposals) {
                if (proposal.getProposalType() == ProposalType.ADD) {
                    arrayList.add(proposal.getAdd().keyPackage);
                }
                commit.getProposals().add(ProposalOrRef.forProposal(proposal));
            }
        }
        byte[] bArr = commitParameters.paramID == 1 ? (byte[]) commitParameters.forceInitSecret.value().clone() : null;
        Group successor = successor();
        List<CachedProposal> mustResolve = mustResolve(commit.getProposals(), this.index);
        if (!validateCachedProposals(mustResolve, this.index, commitParameters)) {
            throw new Exception("Invalid proposal list");
        }
        JoinersWithPSKS apply = successor.apply(mustResolve);
        if (commitParameters.paramID == 1) {
            successor.index = successor.tree.addLeaf(commitParameters.joinerKeyPackage.getLeafNode());
        }
        Sender forMember = Sender.forMember(this.index);
        if (commitParameters.paramID == 1) {
            forMember = Sender.forNewMemberCommit();
        }
        Secret zero = Secret.zero(this.suite);
        ArrayList arrayList2 = new ArrayList();
        for (int i = 0; i < apply.joiners.size(); i++) {
            arrayList2.add(null);
        }
        if ((commitOptions != null && commitOptions.forcePath) || pathRequired(mustResolve)) {
            LeafNodeOptions leafNodeOptions = new LeafNodeOptions();
            if (commitOptions != null) {
                leafNodeOptions = commitOptions.leafNodeOptions;
            }
            TreeKEMPrivateKey update = successor.tree.update(successor.index, secret, successor.groupID, this.identitySk, leafNodeOptions);
            UpdatePath encap = successor.tree.encap(update, MLSOutputStream.encode(new GroupContext(successor.suite, successor.groupID, successor.epoch + 1, successor.tree.getRootHash(), successor.transcriptHash.getConfirmed(), successor.extensions)), apply.joiners);
            successor.treePriv = update;
            commit.setUpdatePath(encap);
            zero = update.getUpdateSecret();
            for (int i2 = 0; i2 < apply.joiners.size(); i2++) {
                arrayList2.set(i2, update.getSharedPathSecret(apply.joiners.get(i2)));
            }
            successor.tree.setHashAll();
        }
        AuthenticatedContent sign = sign(forMember, commit, messageOptions.authenticatedData, messageOptions.encrypt);
        successor.transcriptHash.updateConfirmed(sign);
        successor.epoch++;
        successor.updateEpochSecrets(zero.value(), apply.psks, bArr);
        byte[] confirmationTag = successor.keySchedule.confirmationTag(successor.transcriptHash.getConfirmed());
        sign.setConfirmationTag(confirmationTag);
        successor.transcriptHash.updateInterim(sign);
        MLSMessage protect = protect(sign, messageOptions.paddingSize);
        successor.tree.setHashAll();
        GroupInfo groupInfo = new GroupInfo(new GroupContext(successor.suite, successor.groupID, successor.epoch, successor.tree.getRootHash(), successor.transcriptHash.getConfirmed(), successor.extensions), new ArrayList(), confirmationTag);
        if (commitOptions != null && commitOptions.inlineTree) {
            groupInfo.getExtensions().add(new Extension(ExtensionType.RATCHET_TREE, MLSOutputStream.encode(successor.tree)));
        }
        groupInfo.sign(successor.tree, successor.index, this.suite.deserializeSignaturePrivateKey(successor.identitySk));
        Welcome welcome = new Welcome(this.suite, successor.keySchedule.getJoinerSecret().value(), apply.psks, MLSOutputStream.encode(groupInfo));
        for (int i3 = 0; i3 < arrayList.size(); i3++) {
            welcome.encrypt((KeyPackage) arrayList.get(i3), (Secret) arrayList2.get(i3));
        }
        protect.welcome = welcome;
        return new GroupWithMessage(successor, protect);
    }

    public TombstoneWithMessage reinitCommit(byte[] bArr, CommitOptions commitOptions, MessageOptions messageOptions) throws Exception {
        Proposal proposal;
        if (this.pendingProposals.size() == 1) {
            proposal = this.pendingProposals.get(0).proposal;
        } else {
            if (commitOptions == null || commitOptions.extraProposals.size() != 1) {
                throw new Exception("Illegal proposals for reinitialization");
            }
            proposal = commitOptions.extraProposals.get(0);
        }
        Proposal.ReInit reInit = proposal.getReInit();
        GroupWithMessage commit = commit(new Secret(bArr), commitOptions, messageOptions, new CommitParameters((short) 3));
        commit.message.welcome = null;
        return new TombstoneWithMessage(commit.group, reInit, commit.message);
    }

    public static MLSMessage newMemberAdd(byte[] bArr, long j, KeyPackage keyPackage, AsymmetricCipherKeyPair asymmetricCipherKeyPair) throws Exception {
        MlsCipherSuite suite = keyPackage.getSuite();
        AuthenticatedContent sign = AuthenticatedContent.sign(WireFormat.mls_public_message, FramedContent.proposal(bArr, j, Sender.forNewMemberProposal(), new byte[0], MLSOutputStream.encode(Proposal.add(keyPackage))), suite, suite.serializeSignaturePrivateKey(asymmetricCipherKeyPair.getPrivate()), null);
        MLSMessage mLSMessage = new MLSMessage(WireFormat.mls_public_message);
        mLSMessage.publicMessage = PublicMessage.protect(sign, suite, new byte[0], new byte[0]);
        return mLSMessage;
    }

    public MLSMessage protect(byte[] bArr, byte[] bArr2, int i) throws Exception {
        MessageOptions messageOptions = new MessageOptions(true, bArr, i);
        return protect(sign(Sender.forMember(this.index), bArr2, messageOptions.authenticatedData, messageOptions.encrypt), messageOptions.paddingSize);
    }

    /* JADX WARN: Type inference failed for: r0v10, types: [byte[], byte[][]] */
    public byte[][] unprotect(MLSMessage mLSMessage) throws Exception {
        AuthenticatedContent unprotectToContentAuth = unprotectToContentAuth(mLSMessage);
        if (!verifyAuth(unprotectToContentAuth)) {
            throw new Exception("Message signature failed to verify");
        }
        if (unprotectToContentAuth.getContent().getContentType() != ContentType.APPLICATION) {
            throw new Exception("Unprotected of handshake message");
        }
        if (unprotectToContentAuth.getWireFormat() != WireFormat.mls_private_message) {
            throw new Exception("Application data not sent as PrivateMessage");
        }
        return new byte[]{unprotectToContentAuth.getContent().getAuthenticated_data(), unprotectToContentAuth.getContent().getContentBytes()};
    }

    private boolean verifyAuth(AuthenticatedContent authenticatedContent) throws Exception {
        switch (authenticatedContent.getContent().getSender().getSenderType()) {
            case MEMBER:
                return verifyInternal(authenticatedContent);
            case NEW_MEMBER_COMMIT:
                return verifyNewMemberCommit(authenticatedContent);
            case EXTERNAL:
                return verifyExternal(authenticatedContent);
            case NEW_MEMBER_PROPOSAL:
                return verifyNewMemberProposal(authenticatedContent);
            default:
                throw new Exception("Invalid sender type");
        }
    }

    private boolean verifyInternal(AuthenticatedContent authenticatedContent) throws Exception {
        LeafNode leafNode = this.tree.getLeafNode(authenticatedContent.getContent().getSender().getSender());
        if (leafNode == null) {
            throw new Exception("Signature from blank node");
        }
        return authenticatedContent.verify(this.suite, leafNode.getSignatureKey(), MLSOutputStream.encode(getGroupContext()));
    }

    private boolean verifyExternal(AuthenticatedContent authenticatedContent) throws Exception {
        Sender sender = authenticatedContent.getContent().getSender();
        Extension extension = null;
        Iterator<Extension> it = this.extensions.iterator();
        while (it.hasNext()) {
            Extension next = it.next();
            if (next.extensionType == ExtensionType.EXTERNAL_SENDERS) {
                extension = next;
            }
        }
        return authenticatedContent.verify(this.suite, extension.getSenders().get(sender.getSenderIndex()).getSignatureKey(), MLSOutputStream.encode(getGroupContext()));
    }

    private boolean verifyNewMemberProposal(AuthenticatedContent authenticatedContent) throws Exception {
        return authenticatedContent.verify(this.suite, authenticatedContent.getContent().getProposal().getAdd().keyPackage.getLeafNode().getSignatureKey(), MLSOutputStream.encode(getGroupContext()));
    }

    private boolean verifyNewMemberCommit(AuthenticatedContent authenticatedContent) throws Exception {
        return authenticatedContent.verify(this.suite, authenticatedContent.getContent().getCommit().getUpdatePath().getLeafNode().getSignatureKey(), MLSOutputStream.encode(getGroupContext()));
    }

    private AuthenticatedContent unprotectToContentAuth(MLSMessage mLSMessage) throws Exception {
        if (mLSMessage.version != ProtocolVersion.mls10) {
            throw new Exception("Unsupported version");
        }
        AuthenticatedContent authenticatedContent = null;
        switch (mLSMessage.wireFormat) {
            case mls_public_message:
                authenticatedContent = mLSMessage.publicMessage.unprotect(this.suite, this.keySchedule.membershipKey, getGroupContext());
                if (authenticatedContent == null) {
                    throw new Exception("Membership tag failed to verify");
                }
                break;
            case mls_private_message:
                authenticatedContent = mLSMessage.privateMessage.unprotect(this.suite, this.keys, this.keySchedule.senderDataSecret.value());
                if (authenticatedContent == null) {
                    throw new Exception("PrivateMessage decryption failure");
                }
                break;
            case mls_welcome:
            case mls_group_info:
            case mls_key_package:
                throw new Exception("Invalid wire format");
        }
        return authenticatedContent;
    }

    public MLSMessage add(KeyPackage keyPackage, MessageOptions messageOptions) throws Exception {
        return protect(sign(Sender.forMember(this.index), addProposal(keyPackage), messageOptions.authenticatedData, messageOptions.encrypt), messageOptions.paddingSize);
    }

    public MLSMessage update(Proposal proposal, MessageOptions messageOptions) throws Exception {
        return protect(sign(Sender.forMember(this.index), proposal, messageOptions.authenticatedData, messageOptions.encrypt), messageOptions.paddingSize);
    }

    public MLSMessage groupContextExtensions(List<Extension> list, MessageOptions messageOptions) throws Exception {
        if (extensionsSupported(list)) {
            return protect(sign(Sender.forMember(this.index), Proposal.groupContextExtensions(list), messageOptions.authenticatedData, messageOptions.encrypt), messageOptions.paddingSize);
        }
        throw new Exception("Unsupported extensions");
    }

    public MLSMessage remove(LeafIndex leafIndex, MessageOptions messageOptions) throws Exception {
        return protect(sign(Sender.forMember(this.index), Proposal.remove(leafForRoster(leafIndex)), messageOptions.authenticatedData, messageOptions.encrypt), messageOptions.paddingSize);
    }

    public MLSMessage reinit(byte[] bArr, ProtocolVersion protocolVersion, MlsCipherSuite mlsCipherSuite, List<Extension> list, MessageOptions messageOptions) throws Exception {
        return protect(sign(Sender.forMember(this.index), Proposal.reInit(bArr, protocolVersion, mlsCipherSuite, list), messageOptions.authenticatedData, messageOptions.encrypt), messageOptions.paddingSize);
    }

    public MLSMessage preSharedKey(byte[] bArr, MessageOptions messageOptions) throws Exception {
        if (!this.externalPSKs.containsKey(new Secret(bArr))) {
            throw new Exception("Unknown PSK");
        }
        SecureRandom secureRandom = new SecureRandom();
        byte[] bArr2 = new byte[this.suite.getKDF().getHashLength()];
        secureRandom.nextBytes(bArr2);
        return protect(sign(Sender.forMember(this.index), Proposal.preSharedKey(PreSharedKeyID.external(bArr, bArr2)), messageOptions.authenticatedData, messageOptions.encrypt), messageOptions.paddingSize);
    }

    public MLSMessage preSharedKey(byte[] bArr, long j, MessageOptions messageOptions) throws Exception {
        if (j != this.epoch && !this.resumptionPSKs.containsKey(new EpochRef(bArr, j))) {
            throw new Exception("Unknown PSK");
        }
        SecureRandom secureRandom = new SecureRandom();
        byte[] bArr2 = new byte[this.suite.getKDF().getHashLength()];
        secureRandom.nextBytes(bArr2);
        return protect(sign(Sender.forMember(this.index), Proposal.preSharedKey(PreSharedKeyID.resumption(ResumptionPSKUsage.APPLICATION, bArr, j, bArr2)), messageOptions.authenticatedData, messageOptions.encrypt), messageOptions.paddingSize);
    }

    private LeafIndex leafForRoster(LeafIndex leafIndex) throws Exception {
        int i = 0;
        for (int i2 = 0; i2 < this.tree.getSize().leafCount(); i2++) {
            if (this.tree.getLeafNode(new LeafIndex(i2)) != null) {
                if (i == leafIndex.value()) {
                    return new LeafIndex(i2);
                }
                i++;
            }
        }
        throw new Exception("Invalid roster index");
    }

    public Proposal updateProposal(AsymmetricCipherKeyPair asymmetricCipherKeyPair, LeafNodeOptions leafNodeOptions) throws Exception {
        Proposal update = Proposal.update(this.tree.getLeafNode(this.index).forUpdate(this.suite, this.groupID, this.index, this.suite.getHPKE().serializePublicKey(asymmetricCipherKeyPair.getPublic()), leafNodeOptions, this.identitySk));
        this.cachedUpdate = new CachedUpdate(this.suite.getHPKE().serializePrivateKey(asymmetricCipherKeyPair.getPrivate()), update.getUpdate());
        return update;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public Proposal addProposal(KeyPackage keyPackage) throws Exception {
        if (keyPackage.verify()) {
            return Proposal.add(keyPackage);
        }
        throw new Exception("Invalid signature on key package");
    }

    private MLSMessage protect(AuthenticatedContent authenticatedContent, int i) throws Exception {
        MLSMessage mLSMessage = new MLSMessage(authenticatedContent.getWireFormat());
        switch (authenticatedContent.getWireFormat()) {
            case mls_public_message:
                mLSMessage.publicMessage = PublicMessage.protect(authenticatedContent, this.suite, this.keySchedule.membershipKey.value(), MLSOutputStream.encode(getGroupContext()));
                return mLSMessage;
            case mls_private_message:
                mLSMessage.privateMessage = PrivateMessage.protect(authenticatedContent, this.suite, this.keys, this.keySchedule.senderDataSecret.value(), i);
                return mLSMessage;
            default:
                throw new Exception("Malformed AuthenticatedContent");
        }
    }

    private AuthenticatedContent sign(Sender sender, Commit commit, byte[] bArr, boolean z) throws Exception {
        return AuthenticatedContent.sign(z ? WireFormat.mls_private_message : WireFormat.mls_public_message, FramedContent.rawContent(this.groupID, this.epoch, sender, bArr, ContentType.COMMIT, MLSOutputStream.encode(commit)), this.suite, this.identitySk, MLSOutputStream.encode(getGroupContext()));
    }

    private AuthenticatedContent sign(Sender sender, Proposal proposal, byte[] bArr, boolean z) throws Exception {
        return AuthenticatedContent.sign(z ? WireFormat.mls_private_message : WireFormat.mls_public_message, FramedContent.rawContent(this.groupID, this.epoch, sender, bArr, ContentType.PROPOSAL, MLSOutputStream.encode(proposal)), this.suite, this.identitySk, MLSOutputStream.encode(getGroupContext()));
    }

    private AuthenticatedContent sign(Sender sender, byte[] bArr, byte[] bArr2, boolean z) throws Exception {
        return AuthenticatedContent.sign(z ? WireFormat.mls_private_message : WireFormat.mls_public_message, FramedContent.rawContent(this.groupID, this.epoch, sender, bArr2, ContentType.APPLICATION, bArr), this.suite, this.identitySk, MLSOutputStream.encode(getGroupContext()));
    }

    private Proposal preSharedKeyProposal(Secret secret) throws Exception {
        if (!this.externalPSKs.containsKey(secret)) {
            throw new Exception("Unknown PSK");
        }
        SecureRandom secureRandom = new SecureRandom();
        byte[] bArr = new byte[this.suite.getKDF().getHashLength()];
        secureRandom.nextBytes(bArr);
        return Proposal.preSharedKey(PreSharedKeyID.external(secret.value(), bArr));
    }

    private Proposal removeProposal(LeafIndex leafIndex) throws Exception {
        if (this.tree.hasLeaf(leafIndex)) {
            return Proposal.remove(leafIndex);
        }
        throw new Exception("Removed on blank leaf");
    }

    private void updateEpochSecrets(byte[] bArr, List<KeyScheduleEpoch.PSKWithSecret> list, byte[] bArr2) throws Exception {
        this.keySchedule = this.keySchedule.next(this.tree.getSize(), bArr2, new Secret(bArr), list, MLSOutputStream.encode(new GroupContext(this.suite, this.groupID, this.epoch, this.tree.getRootHash(), this.transcriptHash.getConfirmed(), this.extensions)));
        this.keys = this.keySchedule.getEncryptionKeys(this.tree.getSize());
    }

    private JoinersWithPSKS apply(List<CachedProposal> list) throws Exception {
        applyUpdate(list);
        applyRemove(list);
        List<LeafIndex> applyAdd = applyAdd(list);
        applyGCE(list);
        List<KeyScheduleEpoch.PSKWithSecret> applyPSK = applyPSK(list);
        this.tree.truncate();
        this.treePriv.truncate(this.tree.getSize());
        this.tree.setHashAll();
        if (this.cachedUpdate != null) {
            this.cachedUpdate.reset();
        }
        return new JoinersWithPSKS(applyAdd, applyPSK);
    }

    private void applyUpdate(List<CachedProposal> list) throws Exception {
        for (CachedProposal cachedProposal : list) {
            if (cachedProposal.proposal.getProposalType() == ProposalType.UPDATE) {
                if (cachedProposal.sender == null) {
                    throw new Exception("Update without target leaf");
                }
                LeafIndex leafIndex = cachedProposal.sender;
                if (!leafIndex.equals(this.index)) {
                    this.tree.updateLeaf(leafIndex, cachedProposal.proposal.getLeafNode());
                } else {
                    if (this.cachedUpdate == null) {
                        throw new Exception("Self-update with no cached secret");
                    }
                    if (!cachedProposal.proposal.getLeafNode().equals(this.cachedUpdate.update.getLeafNode())) {
                        throw new Exception("Self-update does not match cached data");
                    }
                    this.tree.updateLeaf(leafIndex, cachedProposal.proposal.getLeafNode());
                    this.treePriv.setLeafKey(this.cachedUpdate.updateSk);
                }
            }
        }
        if (this.cachedUpdate != null) {
            this.cachedUpdate.reset();
        }
    }

    private boolean extensionsSupported(List<Extension> list) {
        for (int i = 0; i < this.tree.getSize().leafCount(); i++) {
            LeafNode leafNode = this.tree.getLeafNode(new LeafIndex(i));
            if (leafNode != null && !leafNode.verifyExtensionSupport(list)) {
                return false;
            }
        }
        return true;
    }

    private void applyGCE(List<CachedProposal> list) throws Exception {
        for (CachedProposal cachedProposal : list) {
            if (cachedProposal.proposal.getProposalType() == ProposalType.GROUP_CONTEXT_EXTENSIONS) {
                if (!extensionsSupported(cachedProposal.proposal.getGroupContextExtensions().extensions)) {
                    throw new Exception("Unsupported extensions in GroupContextExtensions");
                }
                this.extensions = new ArrayList<>(cachedProposal.proposal.getGroupContextExtensions().extensions);
            }
        }
    }

    private List<KeyScheduleEpoch.PSKWithSecret> applyPSK(List<CachedProposal> list) throws Exception {
        ArrayList arrayList = new ArrayList();
        for (CachedProposal cachedProposal : list) {
            if (cachedProposal.proposal.getProposalType() == ProposalType.PSK) {
                arrayList.add(cachedProposal.proposal.getPreSharedKey().psk);
            }
        }
        return resolve(arrayList);
    }

    private List<LeafIndex> applyAdd(List<CachedProposal> list) {
        ArrayList arrayList = new ArrayList();
        for (CachedProposal cachedProposal : list) {
            if (cachedProposal.proposal.getProposalType() == ProposalType.ADD) {
                arrayList.add(this.tree.addLeaf(cachedProposal.proposal.getLeafNode()));
            }
        }
        return arrayList;
    }

    private void applyRemove(List<CachedProposal> list) throws Exception {
        for (CachedProposal cachedProposal : list) {
            if (cachedProposal.proposal.getProposalType() == ProposalType.REMOVE) {
                if (!this.tree.hasLeaf(cachedProposal.proposal.getRemove().removed)) {
                    throw new Exception("Attempt to remove non-member");
                }
                this.tree.blankPath(cachedProposal.proposal.getRemove().removed);
            }
        }
    }

    private Group successor() throws IOException {
        Group group = new Group();
        group.externalPSKs = new HashMap(this.externalPSKs);
        group.resumptionPSKs = new HashMap();
        group.resumptionPSKs.putAll(this.resumptionPSKs);
        group.epoch = this.epoch;
        group.groupID = (byte[]) this.groupID.clone();
        group.transcriptHash = this.transcriptHash.copy();
        group.extensions = new ArrayList<>();
        group.extensions.addAll(this.extensions);
        group.keySchedule = this.keySchedule;
        group.tree = TreeKEMPublicKey.clone(this.tree);
        group.treePriv = this.treePriv.copy();
        group.keys = this.keys;
        group.suite = this.suite;
        group.index = this.index;
        group.identitySk = (byte[]) this.identitySk.clone();
        group.pendingProposals = new ArrayList<>();
        group.cachedUpdate = this.cachedUpdate;
        group.resumptionPSKs.put(new EpochRef(this.groupID, this.epoch), (byte[]) this.keySchedule.resumptionPSK.value().clone());
        return group;
    }

    private boolean pathRequired(List<CachedProposal> list) {
        if (list.isEmpty()) {
            return true;
        }
        Iterator<CachedProposal> it = list.iterator();
        while (it.hasNext()) {
            switch (it.next().proposal.getProposalType()) {
                case UPDATE:
                case REMOVE:
                case EXTERNAL_INIT:
                case GROUP_CONTEXT_EXTENSIONS:
                    return true;
            }
        }
        return false;
    }

    public byte[] getEpochAuthenticator() {
        return this.keySchedule.epochAuthenticator.value();
    }

    private void cacheProposal(AuthenticatedContent authenticatedContent) throws Exception {
        byte[] refHash = this.suite.refHash(MLSOutputStream.encode(authenticatedContent), "MLS 1.0 Proposal Reference");
        Iterator<CachedProposal> it = this.pendingProposals.iterator();
        while (it.hasNext()) {
            if (Arrays.equals(it.next().proposalRef, refHash)) {
                return;
            }
        }
        LeafIndex leafIndex = null;
        if (authenticatedContent.getContent().getSender().getSenderType() == SenderType.MEMBER) {
            leafIndex = authenticatedContent.getContent().getSender().getSender();
        }
        Proposal proposal = authenticatedContent.getContent().getProposal();
        if (!validateProposal(leafIndex, proposal)) {
            throw new Exception("Invalid proposal");
        }
        this.pendingProposals.add(new CachedProposal(refHash, proposal, leafIndex));
    }

    private boolean validateProposal(LeafIndex leafIndex, Proposal proposal) throws IOException {
        switch (proposal.getProposalType()) {
            case UPDATE:
                return validateUpdate(leafIndex, proposal.getUpdate());
            case REMOVE:
                return validateRemove(proposal.getRemove());
            case EXTERNAL_INIT:
                return validateExternalInit(proposal.getExternalInit());
            case GROUP_CONTEXT_EXTENSIONS:
                return validateGCE(proposal.getGroupContextExtensions());
            case ADD:
                return validateKeyPackage(proposal.getAdd().keyPackage);
            case PSK:
                return validatePSK(proposal.getPreSharedKey());
            case REINIT:
                return validateReinit(proposal.getReInit());
            default:
                return false;
        }
    }

    private boolean validateGCE(Proposal.GroupContextExtensions groupContextExtensions) {
        for (int i = 0; i < this.tree.getSize().leafCount(); i++) {
            LeafNode leafNode = this.tree.getLeafNode(new LeafIndex(i));
            if (leafNode != null && !leafNode.verifyExtensionSupport(groupContextExtensions.extensions)) {
                return false;
            }
        }
        return true;
    }

    private boolean validateExternalInit(Proposal.ExternalInit externalInit) {
        return externalInit.kemOutput.length == this.suite.getHPKE().getEncSize();
    }

    private boolean validateReinit(Proposal.ReInit reInit) {
        return 1 != 0 && (reInit.getVersion() == ProtocolVersion.mls10);
    }

    private boolean validateReinitProposals(List<CachedProposal> list) {
        boolean z = false;
        boolean z2 = false;
        for (CachedProposal cachedProposal : list) {
            z = z || cachedProposal.proposal.getProposalType() == ProposalType.REINIT;
            z2 = z2 || cachedProposal.proposal.getProposalType() != ProposalType.REINIT;
        }
        return z && !z2;
    }

    private boolean validatePSK(Proposal.PreSharedKey preSharedKey) {
        switch (preSharedKey.psk.pskType) {
            case EXTERNAL:
                return this.externalPSKs.containsKey(preSharedKey.psk.external.externalPSKID);
            case RESUMPTION:
                PreSharedKeyID.Resumption resumption = preSharedKey.psk.resumption;
                if (resumption.resumptionPSKUsage != ResumptionPSKUsage.APPLICATION) {
                    return false;
                }
                return resumption.pskEpoch == this.epoch || this.resumptionPSKs.containsKey(new EpochRef(resumption.pskGroupID, resumption.pskEpoch));
            default:
                return false;
        }
    }

    private boolean validateRemove(Proposal.Remove remove) {
        return ((((long) remove.removed.value()) > this.tree.getSize().leafCount() ? 1 : (((long) remove.removed.value()) == this.tree.getSize().leafCount() ? 0 : -1)) < 0 && this.tree.hasLeaf(remove.removed)) && (remove.removed.value() != this.index.value());
    }

    private boolean validateKeyPackage(KeyPackage keyPackage) throws IOException {
        return (keyPackage.getSuite().getSuiteID() == this.suite.getSuiteID()) && keyPackage.verify() && validateLeafNode(keyPackage.getLeafNode(), LeafNodeSource.KEY_PACKAGE, null) && (!Arrays.equals(keyPackage.getInitKey(), keyPackage.getLeafNode().getEncryptionKey()));
    }

    private boolean validateUpdate(LeafIndex leafIndex, Proposal.Update update) throws IOException {
        if (this.tree.getLeafNode(leafIndex) == null) {
            return false;
        }
        return validateLeafNode(update.getLeafNode(), LeafNodeSource.UPDATE, leafIndex);
    }

    private boolean validateLeafNode(LeafNode leafNode, LeafNodeSource leafNodeSource, LeafIndex leafIndex) throws IOException {
        byte[] beSigned;
        boolean z = leafNode.getSource() == leafNodeSource;
        switch (leafNodeSource) {
            case UPDATE:
            case COMMIT:
                beSigned = leafNode.toBeSigned(this.groupID, leafIndex.value());
                break;
            default:
                beSigned = leafNode.toBeSigned(null, -1);
                break;
        }
        boolean verify = leafNode.verify(this.suite, beSigned);
        boolean verifyLifetime = leafNode.verifyLifetime();
        boolean z2 = true;
        boolean z3 = true;
        byte[] signatureKey = leafNode.getSignatureKey();
        byte[] encryptionKey = leafNode.getEncryptionKey();
        int i = 0;
        while (i < this.tree.getSize().leafCount()) {
            LeafNode leafNode2 = this.tree.getLeafNode(new LeafIndex(i));
            if (leafNode2 != null) {
                z2 &= (leafIndex != null && i == leafIndex.value()) || !Arrays.equals(signatureKey, leafNode2.getSignatureKey());
                z3 &= !Arrays.equals(encryptionKey, leafNode2.getEncryptionKey());
            }
            i++;
        }
        boolean z4 = true;
        Iterator<Extension> it = leafNode.getExtensions().iterator();
        while (it.hasNext()) {
            z4 &= leafNode.getCapabilities().getExtensions().contains(Short.valueOf(it.next().extensionType.getValue()));
        }
        return z && verify && verifyLifetime && z4 && z2 && z3 && 1 != 0 && 1 != 0;
    }

    private boolean validateCachedProposals(List<CachedProposal> list, LeafIndex leafIndex, CommitParameters commitParameters) throws IOException {
        switch (commitParameters.paramID) {
            case NORMAL_COMMIT_PARAMS /* 0 */:
                return validateNormalCachedProposals(list, leafIndex);
            case 1:
                return validateExternalCachedProposals(list);
            case 2:
                return validateRestartCachedProposals(list, commitParameters.allowedUsage);
            case 3:
                return validateReInitCachedProposals(list);
            default:
                return false;
        }
    }

    private boolean validateReInitCachedProposals(List<CachedProposal> list) {
        boolean z = false;
        boolean z2 = false;
        for (CachedProposal cachedProposal : list) {
            z = z || cachedProposal.proposal.getProposalType() == ProposalType.REINIT;
            z2 = z2 || cachedProposal.proposal.getProposalType() != ProposalType.REINIT;
        }
        return z && !z2;
    }

    private boolean validateRestartCachedProposals(List<CachedProposal> list, ResumptionPSKUsage resumptionPSKUsage) {
        boolean z = false;
        boolean z2 = true;
        for (CachedProposal cachedProposal : list) {
            if (cachedProposal.proposal.getProposalType() == ProposalType.PSK) {
                PreSharedKeyID preSharedKeyID = cachedProposal.proposal.getPreSharedKey().psk;
                if (preSharedKeyID.pskType != PSKType.EXTERNAL) {
                    boolean z3 = preSharedKeyID.resumption.resumptionPSKUsage == resumptionPSKUsage;
                    if (z && z3) {
                        z2 = false;
                    } else {
                        z = z || z3;
                    }
                }
            }
        }
        return z2 && z;
    }

    private boolean validateNormalCachedProposals(List<CachedProposal> list, LeafIndex leafIndex) throws IOException {
        byte[] bArr;
        LeafIndex leafIndex2;
        boolean z = false;
        boolean z2 = false;
        boolean z3 = false;
        for (CachedProposal cachedProposal : list) {
            z = z || !validateProposal(cachedProposal.sender, cachedProposal.proposal);
            z2 = z2 || (cachedProposal.proposal.getProposalType() == ProposalType.UPDATE && cachedProposal.sender.equals(leafIndex));
            z3 = z3 || (cachedProposal.proposal.getProposalType() == ProposalType.REMOVE && cachedProposal.proposal.getRemove().removed.equals(leafIndex));
        }
        HashSet hashSet = new HashSet();
        boolean z4 = false;
        for (CachedProposal cachedProposal2 : list) {
            switch (cachedProposal2.proposal.getProposalType()) {
                case UPDATE:
                    leafIndex2 = cachedProposal2.sender;
                    break;
                case REMOVE:
                    leafIndex2 = cachedProposal2.proposal.getRemove().removed;
                    break;
            }
            if (hashSet.contains(leafIndex2)) {
                z4 = true;
            } else {
                hashSet.add(leafIndex2);
            }
        }
        ArrayList arrayList = new ArrayList();
        boolean z5 = false;
        for (CachedProposal cachedProposal3 : list) {
            if (cachedProposal3.proposal.getProposalType() == ProposalType.ADD) {
                byte[] signatureKey = cachedProposal3.proposal.getAdd().keyPackage.getLeafNode().getSignatureKey();
                boolean z6 = false;
                Iterator it = arrayList.iterator();
                while (true) {
                    if (it.hasNext()) {
                        if (Arrays.equals((byte[]) it.next(), signatureKey)) {
                            z6 = true;
                        }
                    }
                }
                if (z6) {
                    z5 = true;
                } else {
                    arrayList.add(signatureKey);
                }
            }
        }
        ArrayList arrayList2 = new ArrayList();
        boolean z7 = false;
        for (CachedProposal cachedProposal4 : list) {
            if (cachedProposal4.proposal.getProposalType() == ProposalType.PSK) {
                PreSharedKeyID preSharedKeyID = cachedProposal4.proposal.getPreSharedKey().psk;
                if (arrayList2.contains(preSharedKeyID)) {
                    z7 = true;
                } else {
                    arrayList2.add(preSharedKeyID);
                }
            }
        }
        int i = 0;
        Iterator<CachedProposal> it2 = list.iterator();
        while (it2.hasNext()) {
            if (it2.next().proposal.getProposalType() == ProposalType.GROUP_CONTEXT_EXTENSIONS) {
                i++;
            }
        }
        boolean z8 = i > 1;
        boolean z9 = false;
        boolean z10 = false;
        for (CachedProposal cachedProposal5 : list) {
            z9 = z9 || cachedProposal5.proposal.getProposalType() == ProposalType.REINIT;
            z10 = z10 || cachedProposal5.proposal.getProposalType() == ProposalType.EXTERNAL_INIT;
        }
        ArrayList arrayList3 = new ArrayList();
        boolean z11 = false;
        for (CachedProposal cachedProposal6 : list) {
            switch (cachedProposal6.proposal.getProposalType()) {
                case UPDATE:
                    bArr = (byte[]) cachedProposal6.proposal.getUpdate().getLeafNode().getEncryptionKey().clone();
                    break;
                case ADD:
                    bArr = (byte[]) cachedProposal6.proposal.getAdd().keyPackage.getLeafNode().getEncryptionKey().clone();
                    break;
            }
            boolean z12 = false;
            Iterator it3 = arrayList3.iterator();
            while (true) {
                if (it3.hasNext()) {
                    if (Arrays.equals((byte[]) it3.next(), bArr)) {
                        z12 = true;
                    }
                }
            }
            if (z12) {
                z11 = true;
            } else {
                arrayList3.add(bArr);
            }
        }
        return (z || z2 || z3 || z4 || z5 || z7 || z8 || z9 || z10 || z11) ? false : true;
    }

    private boolean validateExternalCachedProposals(List<CachedProposal> list) {
        int i = 0;
        int i2 = 0;
        boolean z = true;
        for (CachedProposal cachedProposal : list) {
            switch (cachedProposal.proposal.getProposalType()) {
                case REMOVE:
                    i2++;
                    break;
                case EXTERNAL_INIT:
                    i++;
                    break;
                case GROUP_CONTEXT_EXTENSIONS:
                case ADD:
                default:
                    z = false;
                    break;
                case PSK:
                    z = z && validatePSK(cachedProposal.proposal.getPreSharedKey());
                    break;
            }
        }
        return (i == 1) && (i2 <= 1) && z;
    }

    private List<CachedProposal> mustResolve(List<ProposalOrRef> list, LeafIndex leafIndex) {
        ArrayList arrayList = new ArrayList();
        for (ProposalOrRef proposalOrRef : list) {
            switch (proposalOrRef.getType()) {
                case PROPOSAL:
                    arrayList.add(new CachedProposal(new byte[0], proposalOrRef.getProposal(), leafIndex));
                    break;
                case REFERENCE:
                    Iterator<CachedProposal> it = this.pendingProposals.iterator();
                    while (true) {
                        if (it.hasNext()) {
                            CachedProposal next = it.next();
                            if (Arrays.equals(next.proposalRef, proposalOrRef.getReference())) {
                                arrayList.add(next);
                                break;
                            }
                        }
                    }
                    break;
            }
        }
        return arrayList;
    }

    private GroupContext getGroupContext() throws Exception {
        return new GroupContext(this.suite, this.groupID, this.epoch, this.tree.getRootHash(), this.transcriptHash.getConfirmed(), this.extensions);
    }

    private TreeKEMPublicKey importTree(byte[] bArr, TreeKEMPublicKey treeKEMPublicKey, List<Extension> list) throws Exception {
        TreeKEMPublicKey treeKEMPublicKey2 = null;
        Iterator<Extension> it = list.iterator();
        while (it.hasNext()) {
            treeKEMPublicKey2 = it.next().getRatchetTree();
            if (treeKEMPublicKey2 != null) {
                break;
            }
        }
        if (treeKEMPublicKey != null) {
            treeKEMPublicKey2 = treeKEMPublicKey;
        } else if (treeKEMPublicKey2 == null) {
            throw new Exception("No tree available");
        }
        treeKEMPublicKey2.setSuite(this.suite);
        treeKEMPublicKey2.setHashAll();
        if (!Arrays.equals(treeKEMPublicKey2.getRootHash(), bArr)) {
            throw new Exception("Tree does not match GroupInfo");
        }
        if (treeKEMPublicKey2.verifyParentHash()) {
            return treeKEMPublicKey2;
        }
        throw new Exception("Invalid tree");
    }

    private List<KeyScheduleEpoch.PSKWithSecret> resolve(List<PreSharedKeyID> list) throws Exception {
        ArrayList arrayList = new ArrayList();
        for (PreSharedKeyID preSharedKeyID : list) {
            switch (preSharedKeyID.pskType) {
                case EXTERNAL:
                    if (!this.externalPSKs.containsKey(preSharedKeyID.external.externalPSKID)) {
                        throw new Exception("Unknown external PSK");
                    }
                    arrayList.add(new KeyScheduleEpoch.PSKWithSecret(preSharedKeyID, new Secret((byte[]) this.externalPSKs.get(preSharedKeyID.external.externalPSKID).clone())));
                    break;
                case RESUMPTION:
                    if (preSharedKeyID.resumption.pskEpoch == this.epoch) {
                        arrayList.add(new KeyScheduleEpoch.PSKWithSecret(preSharedKeyID, this.keySchedule.resumptionPSK));
                        break;
                    } else {
                        EpochRef epochRef = new EpochRef(preSharedKeyID.resumption.pskGroupID, preSharedKeyID.resumption.pskEpoch);
                        if (!this.resumptionPSKs.containsKey(epochRef)) {
                            throw new Exception("Unknown resumption PSK");
                        }
                        arrayList.add(new KeyScheduleEpoch.PSKWithSecret(preSharedKeyID, new Secret((byte[]) this.resumptionPSKs.get(epochRef).clone())));
                        break;
                    }
            }
        }
        return arrayList;
    }
}
