package dorkbox.network.connection.registration.remote;

import com.esotericsoftware.kryo.KryoException;
import com.esotericsoftware.kryo.io.Input;
import com.esotericsoftware.kryo.io.Output;
import dorkbox.network.connection.RegistrationWrapper;
import dorkbox.network.connection.registration.MetaChannel;
import dorkbox.network.connection.registration.Registration;
import dorkbox.network.serialization.CryptoSerializationManager;
import dorkbox.util.bytes.OptimizeUtilsByteArray;
import dorkbox.util.crypto.CryptoAES;
import dorkbox.util.crypto.CryptoECC;
import dorkbox.util.serialization.EccPublicKeySerializer;
import io.netty.channel.Channel;
import io.netty.channel.ChannelHandlerContext;
import io.netty.util.ReferenceCountUtil;
import java.math.BigInteger;
import java.net.InetSocketAddress;
import java.security.SecureRandom;
import java.util.concurrent.TimeUnit;
import org.bouncycastle.crypto.AsymmetricCipherKeyPair;
import org.bouncycastle.crypto.agreement.ECDHCBasicAgreement;
import org.bouncycastle.crypto.digests.SHA384Digest;
import org.bouncycastle.crypto.engines.IESEngine;
import org.bouncycastle.crypto.modes.GCMBlockCipher;
import org.bouncycastle.crypto.params.ECPublicKeyParameters;
import org.bouncycastle.jce.ECNamedCurveTable;
import org.bouncycastle.jce.spec.ECParameterSpec;
import org.bouncycastle.util.Arrays;
import org.slf4j.Logger;

/* loaded from: input_file:dorkbox/network/connection/registration/remote/RegistrationRemoteHandlerServerTCP.class */
public class RegistrationRemoteHandlerServerTCP extends RegistrationRemoteHandlerServer {
    private static final long ECDH_TIMEOUT = 36000000000000L;
    private static final ECParameterSpec eccSpec = ECNamedCurveTable.getParameterSpec("curve25519");
    private final Object ecdhKeyLock;
    private AsymmetricCipherKeyPair ecdhKeyPair;
    private volatile long ecdhTimeout;

    public RegistrationRemoteHandlerServerTCP(String str, RegistrationWrapper registrationWrapper, CryptoSerializationManager cryptoSerializationManager) {
        super(str, registrationWrapper, cryptoSerializationManager);
        this.ecdhKeyLock = new Object();
        this.ecdhTimeout = System.nanoTime();
    }

    private AsymmetricCipherKeyPair getEchdKeyOnRotate(SecureRandom secureRandom) {
        if (this.ecdhKeyPair == null || System.nanoTime() - this.ecdhTimeout > ECDH_TIMEOUT) {
            synchronized (this.ecdhKeyLock) {
                this.ecdhTimeout = System.nanoTime();
                this.ecdhKeyPair = CryptoECC.generateKeyPair(eccSpec, secureRandom);
            }
        }
        return this.ecdhKeyPair;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // dorkbox.network.connection.registration.remote.RegistrationRemoteHandler, dorkbox.network.connection.registration.RegistrationHandler
    public void initChannel(Channel channel) {
        super.initChannel(channel);
    }

    @Override // dorkbox.network.connection.registration.remote.RegistrationRemoteHandler, dorkbox.network.connection.registration.RegistrationHandler
    public void channelActive(ChannelHandlerContext channelHandlerContext) throws Exception {
        super.channelActive(channelHandlerContext);
        Channel channel = channelHandlerContext.channel();
        MetaChannel metaChannel = new MetaChannel();
        metaChannel.tcpChannel = channel;
        this.registrationWrapper.addChannel(channel.hashCode(), metaChannel);
        Logger logger = this.logger;
        if (logger.isTraceEnabled()) {
            logger.trace(this.name, "New TCP connection. Saving TCP channel info.");
        }
    }

    @Override // dorkbox.network.connection.registration.RegistrationHandler
    public void channelRead(ChannelHandlerContext channelHandlerContext, Object obj) throws Exception {
        Channel channel = channelHandlerContext.channel();
        RegistrationWrapper registrationWrapper = this.registrationWrapper;
        if (obj instanceof Registration) {
            Registration registration = (Registration) obj;
            final MetaChannel channel2 = registrationWrapper.getChannel(channel.hashCode());
            Logger logger = this.logger;
            if (channel2 != null) {
                channel2.updateTcpRoundTripTime();
                SecureRandom secureRandom = registrationWrapper.getSecureRandom();
                GCMBlockCipher gCMBlockCipher = aesEngine.get();
                if (channel2.connectionID != null) {
                    if (channel2.connection == null) {
                        if (channel2.ecdhKey != null) {
                            byte[] decrypt = CryptoAES.decrypt(gCMBlockCipher, channel2.aesKey, channel2.aesIV, registration.payload, this.logger);
                            if (decrypt.length == 0) {
                                logger.error("Invalid decryption of payload. Aborting.");
                                shutdown(registrationWrapper, channel);
                                ReferenceCountUtil.release(obj);
                                return;
                            }
                            try {
                                ECPublicKeyParameters read = EccPublicKeySerializer.read(new Input(decrypt));
                                ECDHCBasicAgreement eCDHCBasicAgreement = new ECDHCBasicAgreement();
                                eCDHCBasicAgreement.init(channel2.ecdhKey.getPrivate());
                                BigInteger calculateAgreement = eCDHCBasicAgreement.calculateAgreement(read);
                                channel2.aesKey = null;
                                channel2.aesIV = null;
                                channel2.ecdhKey = null;
                                byte[] byteArray = calculateAgreement.toByteArray();
                                SHA384Digest sHA384Digest = new SHA384Digest();
                                byte[] bArr = new byte[sHA384Digest.getDigestSize()];
                                sHA384Digest.update(byteArray, 0, byteArray.length);
                                sHA384Digest.doFinal(bArr, 0);
                                channel2.aesKey = Arrays.copyOfRange(bArr, 0, 32);
                                channel2.aesIV = Arrays.copyOfRange(bArr, 32, 44);
                                if (verifyAesInfo(obj, channel, registrationWrapper, channel2, logger)) {
                                    return;
                                } else {
                                    channel.writeAndFlush(new Registration());
                                }
                            } catch (KryoException e) {
                                logger.error("Invalid decode of ecdh public key. Aborting.");
                                shutdown(registrationWrapper, channel);
                                ReferenceCountUtil.release(obj);
                                return;
                            }
                        } else {
                            channel.writeAndFlush(registration);
                            setupConnectionCrypto(channel2);
                            establishConnection(channel2);
                            setupConnection(channel2);
                            channel.eventLoop().schedule(new Runnable() { // from class: dorkbox.network.connection.registration.remote.RegistrationRemoteHandlerServerTCP.1
                                @Override // java.lang.Runnable
                                public void run() {
                                    Logger logger2 = RegistrationRemoteHandlerServerTCP.this.logger;
                                    if (logger2.isTraceEnabled()) {
                                        logger2.trace("Notify Connection");
                                    }
                                    RegistrationRemoteHandlerServerTCP.this.notifyConnection(channel2);
                                }
                            }, channel2.getNanoSecBetweenTCP() * 2, TimeUnit.NANOSECONDS);
                        }
                    }
                    ReferenceCountUtil.release(obj);
                    return;
                }
                if (registration.publicKey == null) {
                    logger.error("Null ECC public key during client handshake. This shouldn't happen!");
                    shutdown(registrationWrapper, channel);
                    ReferenceCountUtil.release(obj);
                    return;
                }
                InetSocketAddress inetSocketAddress = (InetSocketAddress) channel.remoteAddress();
                if (!registrationWrapper.validateRemoteAddress(inetSocketAddress, registration.publicKey)) {
                    if (logger.isInfoEnabled()) {
                        logger.info("Invalid ECC public key for IP {} during handshake with client. Toggling extra flag in channel to indicate this.", inetSocketAddress.getAddress().getHostAddress());
                    }
                    channel2.changedRemoteKey = true;
                }
                Integer initializeChannel = registrationWrapper.initializeChannel(channel2);
                Registration registration2 = new Registration();
                channel2.publicKey = registration.publicKey;
                channel2.ecdhKey = getEchdKeyOnRotate(secureRandom);
                Output output = new Output(1024);
                EccPublicKeySerializer.write(output, channel2.ecdhKey.getPublic());
                byte[] bytes = output.toBytes();
                byte[] bArr2 = new byte[OptimizeUtilsByteArray.intLength(initializeChannel.intValue(), true)];
                OptimizeUtilsByteArray.writeInt(bArr2, initializeChannel.intValue(), true);
                byte[] concatenate = Arrays.concatenate(bArr2, bytes);
                channel2.aesKey = new byte[32];
                channel2.aesIV = new byte[12];
                secureRandom.nextBytes(channel2.aesKey);
                secureRandom.nextBytes(channel2.aesIV);
                IESEngine iESEngine = this.eccEngineLocal.get();
                registration2.publicKey = registrationWrapper.getPublicKey();
                registration2.eccParameters = CryptoECC.generateSharedParameters(secureRandom);
                registration2.eccParameters = CryptoECC.generateSharedParameters(secureRandom);
                registration2.aesIV = channel2.aesIV;
                registration2.aesKey = CryptoECC.encrypt(iESEngine, registrationWrapper.getPrivateKey(), channel2.publicKey, registration2.eccParameters, channel2.aesKey, this.logger);
                registration2.payload = CryptoAES.encrypt(gCMBlockCipher, channel2.aesKey, registration2.aesIV, concatenate, this.logger);
                channel.writeAndFlush(registration2);
                if (logger.isTraceEnabled()) {
                    logger.trace("Assigning new random connection ID for TCP and performing ECDH.");
                }
                channel2.updateTcpRoundTripTime();
                ReferenceCountUtil.release(obj);
                return;
            }
            logger.error("Error registering TCP channel! MetaChannel is null!");
        }
        shutdown(registrationWrapper, channel);
        ReferenceCountUtil.release(obj);
    }
}
