package com.ndmsystems.coala.layers.security;

import com.ndmsystems.coala.AckHandlersPool;
import com.ndmsystems.coala.CoAPClient;
import com.ndmsystems.coala.CoAPHandler;
import com.ndmsystems.coala.CoAPMessagePool;
import com.ndmsystems.coala.exceptions.PeerPublicKeyMismatchException;
import com.ndmsystems.coala.helpers.EncryptionHelper;
import com.ndmsystems.coala.helpers.Hex;
import com.ndmsystems.coala.helpers.RandomGenerator;
import com.ndmsystems.coala.layers.LogLayer;
import com.ndmsystems.coala.layers.ReceiveLayer;
import com.ndmsystems.coala.layers.SendLayer;
import com.ndmsystems.coala.layers.response.ResponseHandler;
import com.ndmsystems.coala.layers.security.session.SecuredSession;
import com.ndmsystems.coala.layers.security.session.SecuredSessionPool;
import com.ndmsystems.coala.message.CoAPMessage;
import com.ndmsystems.coala.message.CoAPMessageCode;
import com.ndmsystems.coala.message.CoAPMessageOption;
import com.ndmsystems.coala.message.CoAPMessageOptionCode;
import com.ndmsystems.coala.message.CoAPMessagePayload;
import com.ndmsystems.coala.message.CoAPMessageType;
import com.ndmsystems.coala.utils.Reference;
import com.ndmsystems.infrastructure.logging.LogHelper;
import java.net.InetSocketAddress;
import java.util.Arrays;
import java.util.Collections;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Set;

/* loaded from: classes.dex */
public class SecurityLayer implements ReceiveLayer, SendLayer {
    private AckHandlersPool ackHandlersPool;
    private CoAPClient client;
    private CoAPMessagePool messagePool;
    private final Set<CoAPMessage> pendingMessages = Collections.synchronizedSet(new HashSet());
    private SecuredSessionPool sessionPool;

    public SecurityLayer(CoAPMessagePool coAPMessagePool, AckHandlersPool ackHandlersPool, CoAPClient coAPClient, SecuredSessionPool securedSessionPool) {
        this.messagePool = coAPMessagePool;
        this.ackHandlersPool = ackHandlersPool;
        this.client = coAPClient;
        this.sessionPool = securedSessionPool;
    }

    private void addMessageToPending(CoAPMessage coAPMessage) {
        LogHelper.d("Add message " + coAPMessage.getId() + " to pending pool");
        this.messagePool.remove(coAPMessage);
        synchronized (this.pendingMessages) {
            this.pendingMessages.add(coAPMessage);
        }
    }

    private void generateProxySessionSecurityIdAndAddToMessageAndSession(SecuredSession securedSession, CoAPMessage coAPMessage) {
        securedSession.setPeerProxySecurityId(RandomGenerator.getRandomInt());
        coAPMessage.setProxySecurityId(securedSession.getPeerProxySecurityId());
    }

    private String getHashAddressString(CoAPMessage coAPMessage) {
        String uri;
        if (coAPMessage == null) {
            LogHelper.e("Try to get hash for null message!");
            return null;
        }
        StringBuilder sb = new StringBuilder();
        if (coAPMessage.getAddress() != null) {
            uri = coAPMessage.getAddress().getAddress().getHostAddress() + ":" + coAPMessage.getAddress().getPort();
        } else {
            uri = coAPMessage.getURI();
        }
        sb.append(uri);
        sb.append(coAPMessage.getProxy() == null ? "" : coAPMessage.getProxy().toString());
        return sb.toString();
    }

    /* JADX INFO: Access modifiers changed from: private */
    public SecuredSession getSessionForAddress(CoAPMessage coAPMessage) {
        return this.sessionPool.get(getHashAddressString(coAPMessage));
    }

    private void processHandshake(HandshakeType handshakeType, CoAPMessage coAPMessage, CoAPMessage coAPMessage2, InetSocketAddress inetSocketAddress) {
        switch (handshakeType) {
            case ClientHello:
            case ClientSignature:
                processIncomingHandshake(handshakeType, coAPMessage, coAPMessage2, inetSocketAddress);
                return;
            case PeerSignature:
            case PeerHello:
                processOutgoingHandshake(handshakeType, coAPMessage);
                return;
            default:
                return;
        }
    }

    private void processIncomingHandshake(HandshakeType handshakeType, CoAPMessage coAPMessage, CoAPMessage coAPMessage2, InetSocketAddress inetSocketAddress) {
        if (coAPMessage.getPayload() == null) {
            return;
        }
        if (handshakeType != HandshakeType.ClientHello) {
            LogHelper.e("Received Client signature");
            return;
        }
        SecuredSession securedSession = new SecuredSession(true);
        setSessionForAddress(securedSession, coAPMessage);
        LogHelper.d("Received HANDSHAKE Client Public Key");
        securedSession.startPeer(coAPMessage.getPayload().content);
        sendPeerHello(inetSocketAddress, securedSession.getPublicKey(), coAPMessage);
    }

    private void processOutgoingHandshake(HandshakeType handshakeType, CoAPMessage coAPMessage) {
        if (handshakeType != HandshakeType.PeerHello) {
            LogHelper.e("Received Peer signature");
            return;
        }
        CoAPHandler coAPHandler = this.ackHandlersPool.get(coAPMessage.getId());
        if (coAPHandler != null) {
            coAPHandler.onMessage(coAPMessage, null);
            this.ackHandlersPool.remove(coAPMessage.getId());
        }
        this.messagePool.remove(coAPMessage);
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* JADX WARN: Unreachable blocks removed: 1, instructions: 1 */
    public void removePendingMessagesByAddress(InetSocketAddress inetSocketAddress) {
        synchronized (this.pendingMessages) {
            Iterator<CoAPMessage> it = this.pendingMessages.iterator();
            while (it.hasNext()) {
                CoAPMessage next = it.next();
                if (next.getURIHost() != null && next.getURIHost().equals(inetSocketAddress.getAddress().getHostAddress()) && next.getURIPort() != null && next.getURIPort().equals(Integer.valueOf(inetSocketAddress.getPort()))) {
                    this.ackHandlersPool.raiseAckError(next, "Can't create session with: " + inetSocketAddress.toString());
                    ResponseHandler responseHandler = next.getResponseHandler();
                    if (responseHandler != null) {
                        String str = "Can't create session with: " + inetSocketAddress.toString();
                        LogHelper.w(str);
                        responseHandler.onError(new CoAPHandler.AckError(str));
                    }
                    it.remove();
                }
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void removeSessionForAddress(CoAPMessage coAPMessage) {
        LogHelper.v("removeSessionForAddress " + getHashAddressString(coAPMessage));
        this.sessionPool.remove(getHashAddressString(coAPMessage));
    }

    private void removeSessionForAddressIfNotInProgress(CoAPMessage coAPMessage) {
        SecuredSession sessionForAddress = getSessionForAddress(coAPMessage);
        if (sessionForAddress != null) {
            LogHelper.d("removeSessionForAddressIfNotInProgress, ready: " + sessionForAddress.isReady());
            if (sessionForAddress.isReady()) {
                removeSessionForAddress(coAPMessage);
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* JADX WARN: Unreachable blocks removed: 1, instructions: 1 */
    public void sendPendingMessage(InetSocketAddress inetSocketAddress) {
        LogHelper.d("sendPendingMessages to address: " + inetSocketAddress.toString());
        synchronized (this.pendingMessages) {
            Iterator<CoAPMessage> it = this.pendingMessages.iterator();
            while (it.hasNext()) {
                try {
                    CoAPMessage next = it.next();
                    if (next.getURIHost() != null && next.getURIHost().equals(inetSocketAddress.getAddress().getHostAddress()) && next.getURIPort() != null && next.getURIPort().equals(Integer.valueOf(inetSocketAddress.getPort()))) {
                        this.messagePool.add(next);
                        it.remove();
                    }
                } catch (Exception e) {
                    LogHelper.e("Exception: " + e);
                    e.printStackTrace();
                }
            }
        }
    }

    private void sendSessionError(CoAPMessage coAPMessage, InetSocketAddress inetSocketAddress, CoAPMessageOptionCode coAPMessageOptionCode) {
        CoAPMessage coAPMessage2 = new CoAPMessage(CoAPMessageType.ACK, CoAPMessageCode.CoapCodeUnauthorized, coAPMessage.getId());
        if (coAPMessage2.getOption(CoAPMessageOptionCode.OptionURIHost) == null) {
            coAPMessage2.addOption(new CoAPMessageOption(CoAPMessageOptionCode.OptionURIHost, inetSocketAddress.getAddress().getHostAddress()));
            coAPMessage2.addOption(new CoAPMessageOption(CoAPMessageOptionCode.OptionURIPort, Integer.valueOf(inetSocketAddress.getPort())));
        }
        if (coAPMessage.getProxySecurityId() != null) {
            coAPMessage2.addOption(new CoAPMessageOption(CoAPMessageOptionCode.OptionProxySecurityID, coAPMessage.getProxySecurityId()));
        }
        coAPMessage2.addOption(new CoAPMessageOption(coAPMessageOptionCode, (Object) 1));
        coAPMessage2.setToken(coAPMessage.getToken());
        this.client.send(coAPMessage2, null);
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void setSessionForAddress(SecuredSession securedSession, CoAPMessage coAPMessage) {
        LogHelper.v("setSessionForAddress " + getHashAddressString(coAPMessage));
        this.sessionPool.set(getHashAddressString(coAPMessage), securedSession);
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void throwMismatchKeysError(CoAPMessage coAPMessage, InetSocketAddress inetSocketAddress) {
        ResponseHandler responseHandler = coAPMessage.getResponseHandler();
        if (responseHandler != null) {
            String str = "Can't create session with " + inetSocketAddress.toString() + ": peer public key mismatch";
            LogHelper.w(str);
            responseHandler.onError(new PeerPublicKeyMismatchException(str));
        }
    }

    @Override // com.ndmsystems.coala.layers.ReceiveLayer
    public boolean onReceive(CoAPMessage coAPMessage, Reference<InetSocketAddress> reference) {
        InetSocketAddress inetSocketAddress = reference.get();
        CoAPMessage sourceMessageByToken = this.messagePool.getSourceMessageByToken(coAPMessage.getHexToken());
        CoAPMessageOption option = coAPMessage.getOption(CoAPMessageOptionCode.OptionHandshakeType);
        if (option != null) {
            LogHelper.d("OptionHandshakeType: " + option.value);
            processHandshake(HandshakeType.fromInt(Integer.valueOf(((Integer) option.value).intValue())), coAPMessage, sourceMessageByToken, inetSocketAddress);
            return false;
        }
        CoAPMessageOption option2 = coAPMessage.getOption(CoAPMessageOptionCode.OptionSessionNotFound);
        CoAPMessageOption option3 = coAPMessage.getOption(CoAPMessageOptionCode.OptionSessionExpired);
        if (option2 != null || option3 != null) {
            LogHelper.w("Session not found or expired for address: " + inetSocketAddress.toString() + ", try to restart.");
            removeSessionForAddressIfNotInProgress(sourceMessageByToken);
            this.messagePool.requeue(coAPMessage.getId());
            return false;
        }
        if (coAPMessage.getURIScheme() != CoAPMessage.Scheme.SECURE) {
            return true;
        }
        SecuredSession sessionForAddress = getSessionForAddress(sourceMessageByToken != null ? sourceMessageByToken : coAPMessage);
        if (sessionForAddress == null || !sessionForAddress.isReady()) {
            LogHelper.e("Encrypt message error: " + coAPMessage.getId() + ", token: " + coAPMessage.getHexToken() + ", sessionAddress: " + inetSocketAddress);
            if (sourceMessageByToken != null) {
                addMessageToPending(sourceMessageByToken);
            }
            sendSessionError(coAPMessage, inetSocketAddress, CoAPMessageOptionCode.OptionSessionNotFound);
            return false;
        }
        if (EncryptionHelper.decrypt(coAPMessage, sessionForAddress.getAead())) {
            coAPMessage.setPeerPublicKey(sessionForAddress.getPeerPublicKey());
            return true;
        }
        removeSessionForAddressIfNotInProgress(sourceMessageByToken != null ? sourceMessageByToken : coAPMessage);
        StringBuilder sb = new StringBuilder();
        sb.append("Can't decrypt, message: ");
        sb.append(LogLayer.getStringToPrintReceivedMessage(coAPMessage, reference));
        sb.append(", mainMessage:");
        sb.append(sourceMessageByToken != null ? LogLayer.getStringToPrintSendingMessage(sourceMessageByToken, reference) : "null");
        sb.append(", send SessionExpired");
        LogHelper.w(sb.toString());
        if (sourceMessageByToken != null) {
            addMessageToPending(sourceMessageByToken);
        }
        sendSessionError(coAPMessage, inetSocketAddress, CoAPMessageOptionCode.OptionSessionExpired);
        return false;
    }

    @Override // com.ndmsystems.coala.layers.SendLayer
    public boolean onSend(final CoAPMessage coAPMessage, Reference<InetSocketAddress> reference) {
        final InetSocketAddress inetSocketAddress = reference.get();
        if (coAPMessage.getURIScheme() != CoAPMessage.Scheme.SECURE) {
            return true;
        }
        SecuredSession sessionForAddress = getSessionForAddress(coAPMessage);
        if (sessionForAddress == null) {
            LogHelper.d("Try to start session with: " + inetSocketAddress.getAddress().getHostAddress() + ":" + inetSocketAddress.getPort());
            SecuredSession securedSession = new SecuredSession(false);
            if (coAPMessage.getProxy() != null) {
                generateProxySessionSecurityIdAndAddToMessageAndSession(securedSession, coAPMessage);
            }
            setSessionForAddress(securedSession, coAPMessage);
            sendClientHello(coAPMessage.getProxy(), securedSession.getPeerProxySecurityId(), inetSocketAddress, securedSession.getPublicKey(), new CoAPHandler() { // from class: com.ndmsystems.coala.layers.security.SecurityLayer.1
                @Override // com.ndmsystems.coala.CoAPHandler
                public void onAckError(String str) {
                    LogHelper.e("Error then try to client hello: " + str);
                    SecurityLayer.this.removeSessionForAddress(coAPMessage);
                    SecurityLayer.this.removePendingMessagesByAddress(inetSocketAddress);
                }

                @Override // com.ndmsystems.coala.CoAPHandler
                public void onMessage(CoAPMessage coAPMessage2, String str) {
                    if (str != null) {
                        LogHelper.e("Error then try to client hello: " + str);
                        SecurityLayer.this.removeSessionForAddress(coAPMessage);
                        SecurityLayer.this.removePendingMessagesByAddress(inetSocketAddress);
                        return;
                    }
                    byte[] bArr = coAPMessage2.getPayload().content;
                    if (coAPMessage.getPeerPublicKey() != null && !Arrays.equals(coAPMessage.getPeerPublicKey(), bArr)) {
                        LogHelper.w("Expected key: " + Hex.encodeHexString(coAPMessage.getPeerPublicKey()) + ", actual key: " + Hex.encodeHexString(bArr));
                        SecurityLayer.this.removeSessionForAddress(coAPMessage);
                        SecurityLayer.this.throwMismatchKeysError(coAPMessage, inetSocketAddress);
                        SecurityLayer.this.removePendingMessagesByAddress(inetSocketAddress);
                        return;
                    }
                    LogHelper.d("Session with " + inetSocketAddress.toString() + " started, publicKey = " + Hex.encodeHexString(bArr));
                    SecuredSession sessionForAddress2 = SecurityLayer.this.getSessionForAddress(coAPMessage);
                    sessionForAddress2.start(bArr);
                    SecurityLayer.this.setSessionForAddress(sessionForAddress2, coAPMessage);
                    SecurityLayer.this.sendPendingMessage(inetSocketAddress);
                }
            });
            addMessageToPending(coAPMessage);
            return false;
        }
        if (!sessionForAddress.isReady()) {
            addMessageToPending(coAPMessage);
            return false;
        }
        if (sessionForAddress.getPeerProxySecurityId() != null) {
            coAPMessage.setProxySecurityId(sessionForAddress.getPeerProxySecurityId());
        } else if (coAPMessage.getProxy() != null) {
            generateProxySessionSecurityIdAndAddToMessageAndSession(sessionForAddress, coAPMessage);
        }
        if (coAPMessage.getPeerPublicKey() == null || Arrays.equals(coAPMessage.getPeerPublicKey(), sessionForAddress.getPeerPublicKey())) {
            EncryptionHelper.encrypt(coAPMessage, sessionForAddress.getAead());
            return true;
        }
        LogHelper.w("Expected key: " + Hex.encodeHexString(coAPMessage.getPeerPublicKey()) + ", actual key: " + Hex.encodeHexString(sessionForAddress.getPeerPublicKey()));
        removeSessionForAddressIfNotInProgress(coAPMessage);
        throwMismatchKeysError(coAPMessage, inetSocketAddress);
        return false;
    }

    public void sendClientHello(InetSocketAddress inetSocketAddress, Integer num, InetSocketAddress inetSocketAddress2, byte[] bArr, CoAPHandler coAPHandler) {
        CoAPMessage coAPMessage = new CoAPMessage(CoAPMessageType.CON, CoAPMessageCode.GET);
        coAPMessage.addOption(new CoAPMessageOption(CoAPMessageOptionCode.OptionURIHost, inetSocketAddress2.getAddress().getHostAddress()));
        coAPMessage.addOption(new CoAPMessageOption(CoAPMessageOptionCode.OptionURIPort, Integer.valueOf(inetSocketAddress2.getPort())));
        coAPMessage.addOption(new CoAPMessageOption(CoAPMessageOptionCode.OptionHandshakeType, Integer.valueOf(HandshakeType.ClientHello.toInt())));
        if (num != null) {
            coAPMessage.addOption(new CoAPMessageOption(CoAPMessageOptionCode.OptionProxySecurityID, num));
        }
        coAPMessage.setPayload(new CoAPMessagePayload(bArr));
        coAPMessage.setProxy(inetSocketAddress);
        this.client.send(coAPMessage, coAPHandler);
        LogHelper.d("sendClientHello messageId: " + coAPMessage.getId() + " address: " + inetSocketAddress2.getAddress().getHostAddress() + ":" + inetSocketAddress2.getPort() + ", publicKey: " + Hex.encodeHexString(bArr));
    }

    public void sendPeerHello(InetSocketAddress inetSocketAddress, byte[] bArr, CoAPMessage coAPMessage) {
        LogHelper.d("sendPeerHello");
        CoAPMessage coAPMessage2 = new CoAPMessage(CoAPMessageType.ACK, CoAPMessageCode.CoapCodeContent, coAPMessage.getId());
        coAPMessage2.addOption(new CoAPMessageOption(CoAPMessageOptionCode.OptionURIHost, inetSocketAddress.getAddress().getHostAddress()));
        coAPMessage2.addOption(new CoAPMessageOption(CoAPMessageOptionCode.OptionURIPort, Integer.valueOf(inetSocketAddress.getPort())));
        coAPMessage2.setURIScheme(coAPMessage.getURIScheme());
        coAPMessage2.addOption(new CoAPMessageOption(CoAPMessageOptionCode.OptionHandshakeType, Integer.valueOf(HandshakeType.PeerHello.toInt())));
        coAPMessage2.setPayload(new CoAPMessagePayload(bArr));
        this.client.send(coAPMessage2, null);
    }
}
