package net.i2p.router.transport.ntcp;

import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.net.InetAddress;
import java.nio.ByteBuffer;
import net.i2p.crypto.SigType;
import net.i2p.data.DataFormatException;
import net.i2p.data.DataHelper;
import net.i2p.data.Signature;
import net.i2p.data.router.RouterIdentity;
import net.i2p.router.RouterContext;
import net.i2p.router.transport.ntcp.EstablishBase;
import net.i2p.util.SimpleByteCache;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: input_file:net/i2p/router/transport/ntcp/InboundEstablishState.class */
public class InboundEstablishState extends EstablishBase {
    private byte[] _curEncrypted;
    private int _aliceIdentSize;
    private RouterIdentity _aliceIdent;
    private final ByteArrayOutputStream _sz_aliceIdent_tsA_padding_aliceSig;
    private int _sz_aliceIdent_tsA_padding_aliceSigSize;
    private static final int NTCP1_MSG1_SIZE = 288;

    public InboundEstablishState(RouterContext routerContext, NTCPTransport nTCPTransport, NTCPConnection nTCPConnection) {
        super(routerContext, nTCPTransport, nTCPConnection);
        this._state = EstablishBase.State.IB_INIT;
        this._sz_aliceIdent_tsA_padding_aliceSig = new ByteArrayOutputStream(512);
        this._prevEncrypted = SimpleByteCache.acquire(16);
        this._curEncrypted = SimpleByteCache.acquire(16);
    }

    @Override // net.i2p.router.transport.ntcp.EstablishBase, net.i2p.router.transport.ntcp.EstablishState
    public synchronized void receive(ByteBuffer byteBuffer) {
        super.receive(byteBuffer);
        if (byteBuffer.hasRemaining()) {
            receiveInbound(byteBuffer);
        }
    }

    @Override // net.i2p.router.transport.ntcp.EstablishBase, net.i2p.router.transport.ntcp.EstablishState
    public int getVersion() {
        if (!this._transport.isNTCP2Enabled()) {
            return 1;
        }
        synchronized (this._stateLock) {
            return this._state == EstablishBase.State.IB_INIT ? 0 : 1;
        }
    }

    /* JADX WARN: Code restructure failed: missing block: B:89:0x04b1, code lost:
    
        r10._context.statManager().addRateData("ntcp.invalidInboundSize", r0);
        fail("size is invalid", new java.lang.Exception("size is " + r0));
     */
    /* JADX WARN: Code restructure failed: missing block: B:90:0x04df, code lost:
    
        return;
     */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    private void receiveInbound(java.nio.ByteBuffer r11) {
        /*
            Method dump skipped, instructions count: 1809
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: net.i2p.router.transport.ntcp.InboundEstablishState.receiveInbound(java.nio.ByteBuffer):void");
    }

    private void readAliceRouterIdentity() {
        byte[] byteArray = this._sz_aliceIdent_tsA_padding_aliceSig.toByteArray();
        try {
            int i = this._aliceIdentSize;
            if (i < 387 || i > 3072 || i > byteArray.length - 2) {
                this._context.statManager().addRateData("ntcp.invalidInboundSize", i);
                fail("size is invalid", new Exception("size is " + i));
            } else {
                RouterIdentity routerIdentity = new RouterIdentity();
                routerIdentity.readBytes(new ByteArrayInputStream(byteArray, 2, i));
                this._aliceIdent = routerIdentity;
            }
        } catch (IOException e) {
            this._context.statManager().addRateData("ntcp.invalidInboundIOE", 1L);
            fail("Error verifying peer", e);
        } catch (DataFormatException e2) {
            this._context.statManager().addRateData("ntcp.invalidInboundDFE", 1L);
            fail("Error verifying peer", e2);
        }
    }

    private void verifyInbound() {
        byte[] byteArray = this._sz_aliceIdent_tsA_padding_aliceSig.toByteArray();
        try {
            long fromLong = DataHelper.fromLong(byteArray, 2 + this._aliceIdentSize, 4);
            long now = this._context.clock().now();
            this._peerSkew = (((now - (fromLong * 1000)) - ((now - this._con.getCreated()) / 2)) + 500) / 1000;
            ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream(768);
            byteArrayOutputStream.write(this._X);
            byteArrayOutputStream.write(this._Y);
            byteArrayOutputStream.write(this._context.routerHash().getData());
            byteArrayOutputStream.write(DataHelper.toLong(4, fromLong));
            byteArrayOutputStream.write(DataHelper.toLong(4, this._tsB));
            byte[] byteArray2 = byteArrayOutputStream.toByteArray();
            SigType type = this._aliceIdent.getSigningPublicKey().getType();
            if (type == null) {
                fail("unsupported sig type");
                return;
            }
            byte[] bArr = new byte[type.getSigLen()];
            System.arraycopy(byteArray, byteArray.length - bArr.length, bArr, 0, bArr.length);
            if (this._context.dsa().verifySignature(new Signature(type, bArr), byteArray2, this._aliceIdent.getSigningPublicKey())) {
                InetAddress inetAddress = this._con.getChannel().socket().getInetAddress();
                byte[] address = inetAddress == null ? null : inetAddress.getAddress();
                if (this._context.banlist().isBanlistedForever(this._aliceIdent.calculateHash())) {
                    if (this._log.shouldLog(30)) {
                        this._log.warn("Dropping inbound connection from permanently banlisted peer: " + this._aliceIdent.calculateHash());
                    }
                    if (address != null) {
                        this._context.blocklist().add(address);
                    }
                    fail("Peer is banlisted forever: " + this._aliceIdent.calculateHash());
                    return;
                }
                if (address != null) {
                    this._transport.setIP(this._aliceIdent.calculateHash(), address);
                }
                if (this._log.shouldLog(10)) {
                    this._log.debug(prefix() + "verification successful for " + this._con);
                }
                long abs = 1000 * Math.abs(this._peerSkew);
                if (!this._context.clock().getUpdatedSuccessfully()) {
                    this._context.clock().setOffset(1000 * (0 - this._peerSkew), true);
                    this._peerSkew = 0L;
                    if (abs != 0) {
                        this._log.logAlways(30, "NTP failure, NTCP adjusting clock by " + DataHelper.formatDuration(abs));
                    }
                } else {
                    if (abs >= 60000) {
                        this._context.statManager().addRateData("ntcp.invalidInboundSkew", abs);
                        this._transport.markReachable(this._aliceIdent.calculateHash(), true);
                        this._context.banlist().banlistRouter(DataHelper.formatDuration(abs), this._aliceIdent.calculateHash(), _x("Excessive clock skew: {0}"));
                        this._transport.setLastBadSkew(this._peerSkew);
                        fail("Clocks too skewed (" + abs + " ms)", null, true);
                        return;
                    }
                    if (this._log.shouldLog(10)) {
                        this._log.debug(prefix() + "Clock skew: " + abs + " ms");
                    }
                }
                this._con.setRemotePeer(this._aliceIdent);
                sendInboundConfirm(this._aliceIdent, fromLong);
                if (this._log.shouldLog(10)) {
                    this._log.debug(prefix() + "e_bobSig is " + this._e_bobSig.length + " bytes long");
                }
                byte[] bArr2 = this._curEncrypted;
                System.arraycopy(this._e_bobSig, this._e_bobSig.length - 16, bArr2, 0, 16);
                this._con.finishInboundEstablishment(this._dh.getSessionKey(), this._peerSkew, bArr2, this._prevEncrypted);
                releaseBufs(true);
                if (this._log.shouldLog(20)) {
                    this._log.info(prefix() + "Verified remote peer as " + this._aliceIdent.calculateHash());
                }
                changeState(EstablishBase.State.VERIFIED);
            } else {
                this._context.statManager().addRateData("ntcp.invalidInboundSignature", 1L);
                fail("Peer verification failed - spoof of " + this._aliceIdent.calculateHash() + "?");
            }
        } catch (IOException e) {
            this._context.statManager().addRateData("ntcp.invalidInboundIOE", 1L);
            fail("Error verifying peer", e);
        }
    }

    private void sendInboundConfirm(RouterIdentity routerIdentity, long j) {
        byte[] bArr = new byte[552];
        System.arraycopy(this._X, 0, bArr, 0, 256);
        int i = 0 + 256;
        System.arraycopy(this._Y, 0, bArr, i, 256);
        int i2 = i + 256;
        System.arraycopy(routerIdentity.calculateHash().getData(), 0, bArr, i2, 32);
        int i3 = i2 + 32;
        DataHelper.toLong(bArr, i3, 4, j);
        int i4 = i3 + 4;
        DataHelper.toLong(bArr, i4, 4, this._tsB);
        int i5 = i4 + 4;
        Signature sign = this._context.dsa().sign(bArr, this._context.keyManager().getSigningPrivateKey());
        int length = sign.length();
        int i6 = length % 16;
        int i7 = i6 > 0 ? 16 - i6 : 0;
        byte[] bArr2 = new byte[length + i7];
        System.arraycopy(sign.getData(), 0, bArr2, 0, length);
        if (i7 > 0) {
            this._context.random().nextBytes(bArr2, length, i7);
        }
        this._e_bobSig = new byte[bArr2.length];
        this._context.aes().encrypt(bArr2, 0, this._e_bobSig, 0, this._dh.getSessionKey(), this._e_hXY_tsB, 32, this._e_bobSig.length);
        if (this._log.shouldLog(10)) {
            this._log.debug(prefix() + "Sending encrypted inbound confirmation");
        }
        this._transport.getPumper().wantsWrite(this._con, this._e_bobSig);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // net.i2p.router.transport.ntcp.EstablishBase
    public void releaseBufs(boolean z) {
        super.releaseBufs(z);
        if (!z) {
            SimpleByteCache.release(this._curEncrypted);
        }
        SimpleByteCache.release(this._X);
    }
}
