package net.i2p.router.transport.udp;

import com.southernstorm.noise.protocol.Pattern;
import java.util.Queue;
import java.util.concurrent.LinkedBlockingQueue;
import net.i2p.crypto.SigType;
import net.i2p.data.Base64;
import net.i2p.data.ByteArray;
import net.i2p.data.DataHelper;
import net.i2p.data.SessionKey;
import net.i2p.data.Signature;
import net.i2p.data.i2np.DatabaseStoreMessage;
import net.i2p.data.i2np.I2NPMessage;
import net.i2p.data.router.RouterIdentity;
import net.i2p.router.OutNetMessage;
import net.i2p.router.Router;
import net.i2p.router.RouterContext;
import net.i2p.router.transport.crypto.DHSessionKeyBuilder;
import net.i2p.router.transport.udp.UDPPacketReader;
import net.i2p.util.Addresses;
import net.i2p.util.Log;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: input_file:net/i2p/router/transport/udp/OutboundEstablishState.class */
public class OutboundEstablishState {
    private final RouterContext _context;
    private final Log _log;
    private byte[] _sentX;
    private byte[] _bobIP;
    private int _bobPort;
    private final DHSessionKeyBuilder.Factory _keyFactory;
    private DHSessionKeyBuilder _keyBuilder;
    private byte[] _receivedY;
    private byte[] _aliceIP;
    private int _alicePort;
    private long _receivedRelayTag;
    private long _receivedSignedOnTime;
    private SessionKey _sessionKey;
    private SessionKey _macKey;
    private Signature _receivedSignature;
    private byte[] _receivedEncryptedSignature;
    private byte[] _receivedIV;
    private long _sentSignedOnTime;
    private Signature _sentSignature;
    private final long _establishBegin;
    private long _lastSend;
    private long _nextSend;
    private RemoteHostId _remoteHostId;
    private final RemoteHostId _claimedAddress;
    private final RouterIdentity _remotePeer;
    private final boolean _allowExtendedOptions;
    private final boolean _needIntroduction;
    private final SessionKey _introKey;
    private final Queue<OutNetMessage> _queuedMessages;
    private OutboundState _currentState;
    private long _introductionNonce;
    private boolean _isFirstMessageOurDSM;
    private final UDPAddress _remoteAddress;
    private boolean _complete;
    private int _confirmedSentCount;
    private int _requestSentCount;
    private int _introSentCount;
    private long _confirmedSentTime;
    private long _requestSentTime;
    private long _introSentTime;
    private int _rtt;
    private static final long RETRANSMIT_DELAY = 3000;
    private static final long MAX_DELAY = 15000;
    private static final long WAIT_FOR_HOLE_PUNCH_DELAY = 500;

    /* loaded from: input_file:net/i2p/router/transport/udp/OutboundEstablishState$OutboundState.class */
    public enum OutboundState {
        OB_STATE_UNKNOWN,
        OB_STATE_REQUEST_SENT,
        OB_STATE_CREATED_RECEIVED,
        OB_STATE_CONFIRMED_PARTIALLY,
        OB_STATE_CONFIRMED_COMPLETELY,
        OB_STATE_PENDING_INTRO,
        OB_STATE_INTRODUCED,
        OB_STATE_VALIDATION_FAILED
    }

    public OutboundEstablishState(RouterContext routerContext, RemoteHostId remoteHostId, RemoteHostId remoteHostId2, RouterIdentity routerIdentity, boolean z, boolean z2, SessionKey sessionKey, UDPAddress uDPAddress, DHSessionKeyBuilder.Factory factory) {
        this._context = routerContext;
        this._log = routerContext.logManager().getLog(OutboundEstablishState.class);
        if (remoteHostId != null) {
            this._bobIP = remoteHostId.getIP();
            this._bobPort = remoteHostId.getPort();
        } else {
            this._bobPort = -1;
        }
        this._claimedAddress = remoteHostId;
        this._remoteHostId = remoteHostId2;
        this._allowExtendedOptions = z;
        this._needIntroduction = z2;
        this._remotePeer = routerIdentity;
        this._introKey = sessionKey;
        this._queuedMessages = new LinkedBlockingQueue();
        this._establishBegin = routerContext.clock().now();
        this._remoteAddress = uDPAddress;
        this._introductionNonce = -1L;
        this._keyFactory = factory;
        if (uDPAddress.getIntroducerCount() <= 0) {
            this._currentState = OutboundState.OB_STATE_UNKNOWN;
            return;
        }
        if (this._log.shouldLog(10)) {
            this._log.debug("new outbound establish to " + routerIdentity.calculateHash() + ", with address: " + uDPAddress);
        }
        this._currentState = OutboundState.OB_STATE_PENDING_INTRO;
    }

    public synchronized OutboundState getState() {
        return this._currentState;
    }

    public synchronized boolean complete() {
        boolean z = this._complete;
        this._complete = true;
        return z;
    }

    public UDPAddress getRemoteAddress() {
        return this._remoteAddress;
    }

    public void setIntroNonce(long j) {
        this._introductionNonce = j;
    }

    public long getIntroNonce() {
        return this._introductionNonce;
    }

    public boolean isExtendedOptionsAllowed() {
        return this._allowExtendedOptions;
    }

    public boolean needIntroduction() {
        return this._needIntroduction;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public synchronized int getRTT() {
        return this._rtt;
    }

    public void addMessage(OutNetMessage outNetMessage) {
        if (this._queuedMessages.isEmpty()) {
            I2NPMessage message = outNetMessage.getMessage();
            if (message.getType() == 1 && ((DatabaseStoreMessage) message).getKey().equals(this._context.routerHash())) {
                this._isFirstMessageOurDSM = true;
            }
        }
        if (!this._queuedMessages.contains(outNetMessage)) {
            this._queuedMessages.offer(outNetMessage);
        } else if (this._log.shouldLog(30)) {
            this._log.warn("attempt to add duplicate msg to queue: " + outNetMessage);
        }
    }

    public boolean isFirstMessageOurDSM() {
        return this._isFirstMessageOurDSM;
    }

    public OutNetMessage getNextQueuedMessage() {
        return this._queuedMessages.poll();
    }

    public RouterIdentity getRemoteIdentity() {
        return this._remotePeer;
    }

    public SessionKey getIntroKey() {
        return this._introKey;
    }

    private void prepareSessionRequest() {
        this._keyBuilder = this._keyFactory.getBuilder();
        byte[] byteArray = this._keyBuilder.getMyPublicValue().toByteArray();
        if (byteArray.length == 257) {
            this._sentX = new byte[256];
            System.arraycopy(byteArray, 1, this._sentX, 0, this._sentX.length);
        } else if (byteArray.length == 256) {
            this._sentX = byteArray;
        } else {
            this._sentX = new byte[256];
            System.arraycopy(byteArray, 0, this._sentX, this._sentX.length - byteArray.length, byteArray.length);
        }
    }

    public synchronized byte[] getSentX() {
        if (this._sentX == null) {
            prepareSessionRequest();
        }
        return this._sentX;
    }

    public synchronized byte[] getSentIP() {
        return this._bobIP;
    }

    public synchronized int getSentPort() {
        return this._bobPort;
    }

    public synchronized void receiveSessionCreated(UDPPacketReader.SessionCreatedReader sessionCreatedReader) {
        if (this._currentState == OutboundState.OB_STATE_VALIDATION_FAILED) {
            if (this._log.shouldLog(30)) {
                this._log.warn("Session created already failed");
                return;
            }
            return;
        }
        if (this._receivedY != null) {
            if (this._log.shouldLog(10)) {
                this._log.debug("Session created already received, ignoring");
                return;
            }
            return;
        }
        this._receivedY = new byte[256];
        sessionCreatedReader.readY(this._receivedY, 0);
        if (this._aliceIP == null) {
            this._aliceIP = new byte[sessionCreatedReader.readIPSize()];
        }
        sessionCreatedReader.readIP(this._aliceIP, 0);
        this._alicePort = sessionCreatedReader.readPort();
        this._receivedRelayTag = sessionCreatedReader.readRelayTag();
        this._receivedSignedOnTime = sessionCreatedReader.readSignedOnTime();
        SigType type = this._remotePeer.getSigningPublicKey().getType();
        if (type == null) {
            fail();
            packetReceived();
            return;
        }
        int sigLen = type.getSigLen();
        int i = sigLen % 16;
        int i2 = sigLen + (i == 0 ? 0 : 16 - i);
        this._receivedEncryptedSignature = new byte[i2];
        sessionCreatedReader.readEncryptedSignature(this._receivedEncryptedSignature, 0, i2);
        this._receivedIV = new byte[16];
        sessionCreatedReader.readIV(this._receivedIV, 0);
        if (this._log.shouldLog(10)) {
            this._log.debug("Receive session created:Sig: " + Base64.encode(this._receivedEncryptedSignature) + "receivedIV: " + Base64.encode(this._receivedIV) + "AliceIP: " + Addresses.toString(this._aliceIP) + " RelayTag: " + this._receivedRelayTag + " SignedOn: " + this._receivedSignedOnTime + ' ' + toString());
        }
        if (this._currentState == OutboundState.OB_STATE_UNKNOWN || this._currentState == OutboundState.OB_STATE_REQUEST_SENT || this._currentState == OutboundState.OB_STATE_INTRODUCED || this._currentState == OutboundState.OB_STATE_PENDING_INTRO) {
            this._currentState = OutboundState.OB_STATE_CREATED_RECEIVED;
        }
        if (this._requestSentCount == 1) {
            this._rtt = (int) (this._context.clock().now() - this._requestSentTime);
        }
        packetReceived();
    }

    public synchronized boolean validateSessionCreated() {
        if (this._currentState == OutboundState.OB_STATE_VALIDATION_FAILED) {
            if (!this._log.shouldLog(30)) {
                return false;
            }
            this._log.warn("Session created already failed");
            return false;
        }
        if (this._receivedSignature != null) {
            if (!this._log.shouldLog(10)) {
                return true;
            }
            this._log.debug("Session created already validated");
            return true;
        }
        boolean z = true;
        try {
            generateSessionKey();
        } catch (DHSessionKeyBuilder.InvalidPublicParameterException e) {
            if (this._log.shouldLog(30)) {
                this._log.warn("Peer " + getRemoteHostId() + " sent us an invalid DH parameter", e);
            }
            z = false;
        }
        if (z) {
            decryptSignature();
        }
        if (z && verifySessionCreated()) {
            if (!this._log.shouldLog(10)) {
                return true;
            }
            this._log.debug("Session created passed validation");
            return true;
        }
        if (this._log.shouldLog(30)) {
            this._log.warn("Session created failed validation, clearing state for " + this._remoteHostId.toString());
        }
        fail();
        return false;
    }

    public synchronized void fail() {
        this._receivedY = null;
        this._aliceIP = null;
        this._receivedRelayTag = 0L;
        this._receivedSignedOnTime = -1L;
        this._receivedEncryptedSignature = null;
        this._receivedIV = null;
        this._receivedSignature = null;
        if (this._keyBuilder != null) {
            if (this._keyBuilder.getPeerPublicValue() == null) {
                this._keyFactory.returnUnused(this._keyBuilder);
            }
            this._keyBuilder = null;
        }
        this._currentState = OutboundState.OB_STATE_VALIDATION_FAILED;
        this._nextSend = this._context.clock().now();
    }

    private void generateSessionKey() throws DHSessionKeyBuilder.InvalidPublicParameterException {
        if (this._sessionKey != null) {
            return;
        }
        if (this._keyBuilder == null) {
            throw new DHSessionKeyBuilder.InvalidPublicParameterException("Illegal state - never generated a key builder");
        }
        try {
            this._keyBuilder.setPeerPublicValue(this._receivedY);
            this._sessionKey = this._keyBuilder.getSessionKey();
            ByteArray extraBytes = this._keyBuilder.getExtraBytes();
            this._macKey = new SessionKey(new byte[32]);
            System.arraycopy(extraBytes.getData(), 0, this._macKey.getData(), 0, 32);
            if (this._log.shouldLog(10)) {
                this._log.debug("Established outbound keys.  cipher: " + this._sessionKey + " mac: " + this._macKey);
            }
        } catch (IllegalStateException e) {
            throw new DHSessionKeyBuilder.InvalidPublicParameterException("reused keys?", e);
        }
    }

    private void decryptSignature() {
        if (this._receivedEncryptedSignature == null) {
            throw new NullPointerException("encrypted signature is null! this=" + toString());
        }
        if (this._sessionKey == null) {
            throw new NullPointerException("SessionKey is null!");
        }
        if (this._receivedIV == null) {
            throw new NullPointerException("IV is null!");
        }
        this._context.aes().decrypt(this._receivedEncryptedSignature, 0, this._receivedEncryptedSignature, 0, this._sessionKey, this._receivedIV, this._receivedEncryptedSignature.length);
        SigType type = this._remotePeer.getSigningPublicKey().getType();
        int sigLen = type.getSigLen();
        if (sigLen % 16 != 0) {
            byte[] bArr = new byte[sigLen];
            System.arraycopy(this._receivedEncryptedSignature, 0, bArr, 0, sigLen);
            this._receivedSignature = new Signature(type, bArr);
        } else {
            this._receivedSignature = new Signature(type, this._receivedEncryptedSignature);
        }
        if (this._log.shouldLog(10)) {
            this._log.debug("Decrypted received signature: " + Base64.encode(this._receivedSignature.getData()));
        }
    }

    private boolean verifySessionCreated() {
        byte[] bArr = new byte[Pattern.FLAG_REMOTE_EPHEMERAL + this._aliceIP.length + 2 + this._bobIP.length + 2 + 4 + 4];
        System.arraycopy(this._sentX, 0, bArr, 0, this._sentX.length);
        int length = 0 + this._sentX.length;
        System.arraycopy(this._receivedY, 0, bArr, length, this._receivedY.length);
        int length2 = length + this._receivedY.length;
        System.arraycopy(this._aliceIP, 0, bArr, length2, this._aliceIP.length);
        int length3 = length2 + this._aliceIP.length;
        DataHelper.toLong(bArr, length3, 2, this._alicePort);
        int i = length3 + 2;
        System.arraycopy(this._bobIP, 0, bArr, i, this._bobIP.length);
        int length4 = i + this._bobIP.length;
        DataHelper.toLong(bArr, length4, 2, this._bobPort);
        int i2 = length4 + 2;
        DataHelper.toLong(bArr, i2, 4, this._receivedRelayTag);
        DataHelper.toLong(bArr, i2 + 4, 4, this._receivedSignedOnTime);
        boolean verifySignature = this._context.dsa().verifySignature(this._receivedSignature, bArr, this._remotePeer.getSigningPublicKey());
        if (this._log.shouldLog(10) || (this._log.shouldLog(30) && !verifySignature)) {
            StringBuilder sb = new StringBuilder(Router.MIN_BW_O);
            sb.append("Signed sessionCreated:");
            sb.append(" Alice: ").append(Addresses.toString(this._aliceIP, this._alicePort));
            sb.append(" Bob: ").append(Addresses.toString(this._bobIP, this._bobPort));
            sb.append(" RelayTag: ").append(this._receivedRelayTag);
            sb.append(" SignedOn: ").append(this._receivedSignedOnTime);
            sb.append(" signature: ").append(Base64.encode(this._receivedSignature.getData()));
            if (verifySignature) {
                this._log.debug(sb.toString());
            } else if (this._log.shouldLog(30)) {
                this._log.warn("INVALID: " + sb.toString());
            }
        }
        return verifySignature;
    }

    public synchronized SessionKey getCipherKey() {
        return this._sessionKey;
    }

    public synchronized SessionKey getMACKey() {
        return this._macKey;
    }

    public synchronized long getReceivedRelayTag() {
        return this._receivedRelayTag;
    }

    public synchronized long getSentSignedOnTime() {
        return this._sentSignedOnTime;
    }

    public synchronized long getReceivedSignedOnTime() {
        return this._receivedSignedOnTime;
    }

    public synchronized byte[] getReceivedIP() {
        return this._aliceIP;
    }

    public synchronized int getReceivedPort() {
        return this._alicePort;
    }

    public synchronized void prepareSessionConfirmed() {
        if (this._sentSignedOnTime > 0) {
            return;
        }
        byte[] bArr = new byte[Pattern.FLAG_REMOTE_EPHEMERAL + this._aliceIP.length + 2 + this._bobIP.length + 2 + 4 + 4];
        this._sentSignedOnTime = this._context.clock().now() / 1000;
        System.arraycopy(this._sentX, 0, bArr, 0, this._sentX.length);
        int length = 0 + this._sentX.length;
        System.arraycopy(this._receivedY, 0, bArr, length, this._receivedY.length);
        int length2 = length + this._receivedY.length;
        System.arraycopy(this._aliceIP, 0, bArr, length2, this._aliceIP.length);
        int length3 = length2 + this._aliceIP.length;
        DataHelper.toLong(bArr, length3, 2, this._alicePort);
        int i = length3 + 2;
        System.arraycopy(this._bobIP, 0, bArr, i, this._bobIP.length);
        int length4 = i + this._bobIP.length;
        DataHelper.toLong(bArr, length4, 2, this._bobPort);
        int i2 = length4 + 2;
        DataHelper.toLong(bArr, i2, 4, this._receivedRelayTag);
        DataHelper.toLong(bArr, i2 + 4, 4, this._sentSignedOnTime);
        this._sentSignature = this._context.dsa().sign(bArr, this._context.keyManager().getSigningPrivateKey());
    }

    public synchronized Signature getSentSignature() {
        return this._sentSignature;
    }

    public synchronized void confirmedPacketsSent() {
        long min;
        this._lastSend = this._context.clock().now();
        if (this._confirmedSentCount == 0) {
            min = 3000;
            this._confirmedSentTime = this._lastSend;
        } else {
            min = Math.min(RETRANSMIT_DELAY << this._confirmedSentCount, (this._confirmedSentTime + MAX_DELAY) - this._lastSend);
        }
        this._confirmedSentCount++;
        this._nextSend = this._lastSend + min;
        if (this._log.shouldLog(10)) {
            this._log.debug("Send confirm packets, nextSend in " + min);
        }
        if (this._currentState == OutboundState.OB_STATE_UNKNOWN || this._currentState == OutboundState.OB_STATE_PENDING_INTRO || this._currentState == OutboundState.OB_STATE_INTRODUCED || this._currentState == OutboundState.OB_STATE_REQUEST_SENT || this._currentState == OutboundState.OB_STATE_CREATED_RECEIVED) {
            this._currentState = OutboundState.OB_STATE_CONFIRMED_PARTIALLY;
        }
    }

    public long getConfirmedSentTime() {
        return this._confirmedSentTime;
    }

    public synchronized void requestSent() {
        long min;
        this._lastSend = this._context.clock().now();
        if (this._requestSentCount == 0) {
            min = 3000;
            this._requestSentTime = this._lastSend;
        } else {
            min = Math.min(RETRANSMIT_DELAY << this._requestSentCount, (this._requestSentTime + MAX_DELAY) - this._lastSend);
        }
        this._requestSentCount++;
        this._nextSend = this._lastSend + min;
        if (this._log.shouldLog(10)) {
            this._log.debug("Send a request packet, nextSend in " + min);
        }
        if (this._currentState == OutboundState.OB_STATE_UNKNOWN || this._currentState == OutboundState.OB_STATE_INTRODUCED) {
            this._currentState = OutboundState.OB_STATE_REQUEST_SENT;
        }
    }

    public long getRequestSentTime() {
        return this._requestSentTime;
    }

    public synchronized void introSent() {
        long min;
        this._lastSend = this._context.clock().now();
        if (this._introSentCount == 0) {
            min = 3000;
            this._introSentTime = this._lastSend;
        } else {
            min = Math.min(RETRANSMIT_DELAY << this._introSentCount, (this._introSentTime + MAX_DELAY) - this._lastSend);
        }
        this._introSentCount++;
        this._nextSend = this._lastSend + min;
        if (this._currentState == OutboundState.OB_STATE_UNKNOWN) {
            this._currentState = OutboundState.OB_STATE_PENDING_INTRO;
        }
    }

    public long getIntroSentTime() {
        return this._introSentTime;
    }

    public synchronized void introductionFailed() {
        this._nextSend = this._context.clock().now();
    }

    public synchronized void introduced(byte[] bArr, int i) {
        if (this._currentState != OutboundState.OB_STATE_PENDING_INTRO) {
            return;
        }
        this._nextSend = this._context.clock().now() + WAIT_FOR_HOLE_PUNCH_DELAY;
        this._currentState = OutboundState.OB_STATE_INTRODUCED;
        if (this._claimedAddress != null && i == this._bobPort && DataHelper.eq(bArr, this._bobIP)) {
            this._remoteHostId = this._claimedAddress;
        } else {
            this._bobIP = bArr;
            this._bobPort = i;
            this._remoteHostId = new RemoteHostId(bArr, i);
        }
        if (this._log.shouldLog(20)) {
            this._log.info("Introduced to " + this._remoteHostId + ", now lets get on with establishing");
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public synchronized boolean receiveHolePunch() {
        if (this._currentState != OutboundState.OB_STATE_INTRODUCED || this._requestSentCount > 0) {
            return false;
        }
        long now = this._context.clock().now();
        if (this._log.shouldLog(20)) {
            this._log.info(toString() + " accelerating SessionRequest by " + (this._nextSend - now) + " ms");
        }
        this._nextSend = now;
        return true;
    }

    public long getLifetime() {
        return this._context.clock().now() - this._establishBegin;
    }

    public long getEstablishBeginTime() {
        return this._establishBegin;
    }

    public synchronized long getNextSendTime() {
        return this._nextSend;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public RemoteHostId getRemoteHostId() {
        return this._remoteHostId;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public RemoteHostId getClaimedAddress() {
        return this._claimedAddress;
    }

    public synchronized void dataReceived() {
        packetReceived();
        this._currentState = OutboundState.OB_STATE_CONFIRMED_COMPLETELY;
    }

    private void packetReceived() {
        this._nextSend = this._context.clock().now();
    }

    public String toString() {
        return "OES " + this._remoteHostId + ' ' + this._currentState;
    }
}
