package dorkbox.network.connection.registration.remote;

import com.esotericsoftware.kryo.KryoException;
import com.esotericsoftware.kryo.io.Input;
import com.esotericsoftware.kryo.io.Output;
import dorkbox.network.connection.RegistrationWrapper;
import dorkbox.network.connection.registration.MetaChannel;
import dorkbox.network.connection.registration.Registration;
import dorkbox.network.serialization.CryptoSerializationManager;
import dorkbox.util.bytes.OptimizeUtilsByteArray;
import dorkbox.util.crypto.CryptoAES;
import dorkbox.util.crypto.CryptoECC;
import dorkbox.util.exceptions.SecurityException;
import dorkbox.util.serialization.EccPublicKeySerializer;
import io.netty.channel.Channel;
import io.netty.channel.ChannelHandlerContext;
import io.netty.util.ReferenceCountUtil;
import java.net.InetSocketAddress;
import java.security.SecureRandom;
import java.util.Arrays;
import java.util.concurrent.TimeUnit;
import org.bouncycastle.crypto.agreement.ECDHCBasicAgreement;
import org.bouncycastle.crypto.digests.SHA384Digest;
import org.bouncycastle.crypto.modes.GCMBlockCipher;
import org.bouncycastle.crypto.params.ECPublicKeyParameters;
import org.bouncycastle.jce.ECNamedCurveTable;
import org.bouncycastle.jce.spec.ECParameterSpec;
import org.slf4j.Logger;

/* loaded from: input_file:dorkbox/network/connection/registration/remote/RegistrationRemoteHandlerClientTCP.class */
public class RegistrationRemoteHandlerClientTCP extends RegistrationRemoteHandlerClient {
    private static final String DELETE_IP = "eleteIP";
    private static final ECParameterSpec eccSpec = ECNamedCurveTable.getParameterSpec("curve25519");

    public RegistrationRemoteHandlerClientTCP(String str, RegistrationWrapper registrationWrapper, CryptoSerializationManager cryptoSerializationManager) {
        super(str, registrationWrapper, cryptoSerializationManager);
        String property = System.getProperty(DELETE_IP);
        if (property != null) {
            System.setProperty(DELETE_IP, "");
            byte[] bArr = null;
            try {
                String[] split = property.split("\\.");
                if (split.length == 4) {
                    bArr = new byte[4];
                    for (int i = 0; i < split.length; i++) {
                        int parseInt = Integer.parseInt(split[i]);
                        if (parseInt < 0 || parseInt > 255) {
                            bArr = null;
                            break;
                        }
                        bArr[i] = (byte) Integer.parseInt(split[i]);
                    }
                }
            } catch (Exception e) {
                bArr = null;
            }
            if (bArr != null) {
                try {
                    registrationWrapper.removeRegisteredServerKey(bArr);
                } catch (SecurityException e2) {
                    this.logger.error(e2.getMessage(), e2);
                }
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // dorkbox.network.connection.registration.remote.RegistrationRemoteHandler, dorkbox.network.connection.registration.RegistrationHandler
    public void initChannel(Channel channel) {
        this.logger.trace("Channel registered: {}", channel.getClass().getSimpleName());
        super.initChannel(channel);
    }

    @Override // dorkbox.network.connection.registration.remote.RegistrationRemoteHandler, dorkbox.network.connection.registration.RegistrationHandler
    public void channelActive(ChannelHandlerContext channelHandlerContext) throws Exception {
        super.channelActive(channelHandlerContext);
        Channel channel = channelHandlerContext.channel();
        MetaChannel metaChannel = new MetaChannel();
        metaChannel.tcpChannel = channel;
        this.registrationWrapper.addChannel(channel.hashCode(), metaChannel);
        Logger logger = this.logger;
        if (logger.isTraceEnabled()) {
            logger.trace("Start new TCP Connection. Sending request to server");
        }
        Registration registration = new Registration();
        registration.publicKey = this.registrationWrapper.getPublicKey();
        channel.writeAndFlush(registration);
    }

    @Override // dorkbox.network.connection.registration.RegistrationHandler
    public void channelRead(ChannelHandlerContext channelHandlerContext, Object obj) throws Exception {
        Channel channel = channelHandlerContext.channel();
        RegistrationWrapper registrationWrapper = this.registrationWrapper;
        Logger logger = this.logger;
        if (obj instanceof Registration) {
            final MetaChannel channel2 = registrationWrapper.getChannel(channel.hashCode());
            if (channel2 != null) {
                channel2.updateTcpRoundTripTime();
                Registration registration = (Registration) obj;
                if (channel2.connectionID == null) {
                    InetSocketAddress inetSocketAddress = (InetSocketAddress) channel.remoteAddress();
                    if (!registrationWrapper.validateRemoteAddress(inetSocketAddress, registration.publicKey)) {
                        String hostAddress = inetSocketAddress.getAddress().getHostAddress();
                        logger.error("Invalid ECC public key for server IP {} during handshake. WARNING. The server has changed!", hostAddress);
                        logger.error("Fix by adding the argument   -D{} {}   when starting the client.", DELETE_IP, hostAddress);
                        channel2.changedRemoteKey = true;
                        shutdown(registrationWrapper, channel);
                        ReferenceCountUtil.release(obj);
                        return;
                    }
                    byte[] decrypt = CryptoECC.decrypt(this.eccEngineLocal.get(), registrationWrapper.getPrivateKey(), registration.publicKey, registration.eccParameters, registration.aesKey, this.logger);
                    if (decrypt.length != 32) {
                        logger.error("Invalid decryption of aesKey. Aborting.");
                        shutdown(registrationWrapper, channel);
                        ReferenceCountUtil.release(obj);
                        return;
                    }
                    GCMBlockCipher gCMBlockCipher = aesEngine.get();
                    byte[] decrypt2 = CryptoAES.decrypt(gCMBlockCipher, decrypt, registration.aesIV, registration.payload, this.logger);
                    if (decrypt2.length == 0) {
                        logger.error("Invalid decryption of payload. Aborting.");
                        shutdown(registrationWrapper, channel);
                        ReferenceCountUtil.release(obj);
                        return;
                    }
                    if (!OptimizeUtilsByteArray.canReadInt(decrypt2)) {
                        logger.error("Invalid decryption of connection ID. Aborting.");
                        shutdown(registrationWrapper, channel);
                        ReferenceCountUtil.release(obj);
                        return;
                    }
                    channel2.connectionID = Integer.valueOf(OptimizeUtilsByteArray.readInt(decrypt2, true));
                    try {
                        ECPublicKeyParameters read = EccPublicKeySerializer.read(new Input(Arrays.copyOfRange(decrypt2, OptimizeUtilsByteArray.intLength(channel2.connectionID.intValue(), true), decrypt2.length)));
                        channel2.ecdhKey = CryptoECC.generateKeyPair(eccSpec, new SecureRandom());
                        registrationWrapper.addChannel(channel2.connectionID.intValue(), channel2);
                        channel2.publicKey = registration.publicKey;
                        ECDHCBasicAgreement eCDHCBasicAgreement = new ECDHCBasicAgreement();
                        eCDHCBasicAgreement.init(channel2.ecdhKey.getPrivate());
                        byte[] byteArray = eCDHCBasicAgreement.calculateAgreement(read).toByteArray();
                        SHA384Digest sHA384Digest = new SHA384Digest();
                        byte[] bArr = new byte[sHA384Digest.getDigestSize()];
                        sHA384Digest.update(byteArray, 0, byteArray.length);
                        sHA384Digest.doFinal(bArr, 0);
                        channel2.aesKey = Arrays.copyOfRange(bArr, 0, 32);
                        channel2.aesIV = Arrays.copyOfRange(bArr, 32, 44);
                        if (verifyAesInfo(obj, channel, registrationWrapper, channel2, logger)) {
                            return;
                        }
                        Registration registration2 = new Registration();
                        Output output = new Output(1024);
                        EccPublicKeySerializer.write(output, channel2.ecdhKey.getPublic());
                        registration2.payload = CryptoAES.encrypt(gCMBlockCipher, decrypt, registration.aesIV, output.toBytes(), this.logger);
                        channel.writeAndFlush(registration2);
                        ReferenceCountUtil.release(obj);
                        return;
                    } catch (KryoException e) {
                        logger.error("Invalid decode of ecdh public key. Aborting.");
                        shutdown(registrationWrapper, channel);
                        ReferenceCountUtil.release(obj);
                        return;
                    }
                }
                if (channel2.connection == null) {
                    if (channel2.ecdhKey != null) {
                        channel2.ecdhKey = null;
                        if (registrationWrapper.registerNextProtocol0()) {
                            channel.writeAndFlush(registration);
                            channel2.updateTcpRoundTripTime();
                        }
                    } else {
                        setupConnectionCrypto(channel2);
                        establishConnection(channel2);
                        setupConnection(channel2);
                        channel.eventLoop().schedule(new Runnable() { // from class: dorkbox.network.connection.registration.remote.RegistrationRemoteHandlerClientTCP.1
                            @Override // java.lang.Runnable
                            public void run() {
                                Logger logger2 = RegistrationRemoteHandlerClientTCP.this.logger;
                                if (logger2.isTraceEnabled()) {
                                    logger2.trace("Notify Connection");
                                }
                                RegistrationRemoteHandlerClientTCP.this.notifyConnection(channel2);
                            }
                        }, channel2.getNanoSecBetweenTCP() * 2, TimeUnit.NANOSECONDS);
                    }
                }
            }
        } else {
            logger.error("Error registering TCP with remote server!");
            shutdown(registrationWrapper, channel);
        }
        ReferenceCountUtil.release(obj);
    }
}
