package dorkbox.network.connection.registration.remote;

import com.esotericsoftware.kryo.KryoException;
import com.esotericsoftware.kryo.io.Input;
import com.esotericsoftware.kryo.io.Output;
import dorkbox.network.connection.RegistrationWrapper;
import dorkbox.network.connection.registration.MetaChannel;
import dorkbox.network.connection.registration.Registration;
import dorkbox.util.crypto.CryptoECC;
import dorkbox.util.serialization.EccPublicKeySerializer;
import io.netty.channel.Channel;
import java.net.InetSocketAddress;
import java.security.SecureRandom;
import java.util.Arrays;
import java.util.concurrent.TimeUnit;
import org.bouncycastle.crypto.AsymmetricCipherKeyPair;
import org.bouncycastle.crypto.agreement.ECDHCBasicAgreement;
import org.bouncycastle.crypto.digests.SHA384Digest;
import org.bouncycastle.crypto.params.ECPublicKeyParameters;
import org.bouncycastle.jce.ECNamedCurveTable;
import org.bouncycastle.jce.spec.ECParameterSpec;

/* loaded from: input_file:dorkbox/network/connection/registration/remote/RegistrationRemoteHandlerServer.class */
public class RegistrationRemoteHandlerServer extends RegistrationRemoteHandler {
    private static final long ECDH_TIMEOUT = TimeUnit.MINUTES.toNanos(10);
    private static final ECParameterSpec eccSpec = ECNamedCurveTable.getParameterSpec("curve25519");
    private final Object ecdhKeyLock;
    private AsymmetricCipherKeyPair ecdhKeyPair;
    private volatile long ecdhTimeout;

    /* JADX INFO: Access modifiers changed from: package-private */
    public RegistrationRemoteHandlerServer(String str, RegistrationWrapper registrationWrapper) {
        super(str, registrationWrapper);
        this.ecdhKeyLock = new Object();
        this.ecdhTimeout = System.nanoTime();
    }

    @Override // dorkbox.network.connection.registration.remote.RegistrationRemoteHandler
    protected String getConnectionDirection() {
        return " <== ";
    }

    private AsymmetricCipherKeyPair getEchdKeyOnRotate(SecureRandom secureRandom) {
        if (this.ecdhKeyPair == null || System.nanoTime() - this.ecdhTimeout > ECDH_TIMEOUT) {
            synchronized (this.ecdhKeyLock) {
                this.ecdhTimeout = System.nanoTime();
                this.ecdhKeyPair = CryptoECC.generateKeyPair(eccSpec, secureRandom);
            }
        }
        return this.ecdhKeyPair;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void readServer(Channel channel, Registration registration, String str, final MetaChannel metaChannel) {
        InetSocketAddress inetSocketAddress = (InetSocketAddress) channel.remoteAddress();
        if (registration.sessionID == 0) {
            if (invalidPublicKey(registration, str)) {
                shutdown(channel, registration.sessionID);
                return;
            }
            if (invalidRemoteAddress(metaChannel, registration, str, inetSocketAddress)) {
                shutdown(channel, registration.sessionID);
                return;
            }
            metaChannel.publicKey = registration.publicKey;
            Registration registration2 = new Registration(metaChannel.sessionId);
            registration2.publicKey = this.registrationWrapper.getPublicKey();
            registration2.eccParameters = CryptoECC.generateSharedParameters(this.registrationWrapper.getSecureRandom());
            metaChannel.updateRoundTripOnWrite();
            channel.writeAndFlush(registration2);
            return;
        }
        if (metaChannel.aesKey != null) {
            if (registration.hasMore) {
                return;
            }
            long millis = TimeUnit.NANOSECONDS.toMillis(metaChannel.getRoundTripTime() * 2);
            metaChannel.updateRoundTripOnWrite();
            channel.writeAndFlush(registration);
            setupConnectionCrypto(metaChannel, inetSocketAddress);
            setupConnection(metaChannel, channel);
            channel.eventLoop().schedule(new Runnable() { // from class: dorkbox.network.connection.registration.remote.RegistrationRemoteHandlerServer.1
                @Override // java.lang.Runnable
                public void run() {
                    RegistrationRemoteHandlerServer.this.logger.trace("Notify Connection");
                    RegistrationRemoteHandlerServer.this.notifyConnection(metaChannel);
                }
            }, millis, TimeUnit.MILLISECONDS);
            return;
        }
        metaChannel.ecdhKey = getEchdKeyOnRotate(this.registrationWrapper.getSecureRandom());
        try {
            ECPublicKeyParameters read = EccPublicKeySerializer.read(new Input(Arrays.copyOfRange(registration.payload, 0, registration.payload.length)));
            ECDHCBasicAgreement eCDHCBasicAgreement = new ECDHCBasicAgreement();
            eCDHCBasicAgreement.init(metaChannel.ecdhKey.getPrivate());
            byte[] byteArray = eCDHCBasicAgreement.calculateAgreement(read).toByteArray();
            SHA384Digest sHA384Digest = new SHA384Digest();
            byte[] bArr = new byte[sHA384Digest.getDigestSize()];
            sHA384Digest.update(byteArray, 0, byteArray.length);
            sHA384Digest.doFinal(bArr, 0);
            metaChannel.aesKey = org.bouncycastle.util.Arrays.copyOfRange(bArr, 0, 32);
            metaChannel.aesIV = org.bouncycastle.util.Arrays.copyOfRange(bArr, 32, 44);
            if (invalidAES(metaChannel)) {
                shutdown(channel, registration.sessionID);
                return;
            }
            Registration registration3 = new Registration(metaChannel.sessionId);
            Output output = new Output(1024);
            EccPublicKeySerializer.write(output, metaChannel.ecdhKey.getPublic());
            registration3.payload = output.toBytes();
            metaChannel.updateRoundTripOnWrite();
            channel.writeAndFlush(registration3);
        } catch (KryoException e) {
            this.logger.error("Invalid decode of ECDH public key. Aborting.");
            shutdown(channel, registration.sessionID);
        }
    }
}
