package net.i2p.router.tunnel.pool;

import java.util.List;
import kotlin.UByte;
import net.i2p.I2PAppContext;
import net.i2p.crypto.ChaCha20;
import net.i2p.data.Base64;
import net.i2p.data.DataHelper;
import net.i2p.data.Hash;
import net.i2p.data.SessionKey;
import net.i2p.data.i2np.BuildResponseRecord;
import net.i2p.data.i2np.EncryptedBuildRecord;
import net.i2p.data.i2np.TunnelBuildReplyMessage;
import net.i2p.router.tunnel.TunnelCreatorConfig;
import net.i2p.util.Log;
import net.i2p.util.SimpleByteCache;

/* loaded from: classes3.dex */
class BuildReplyHandler {
    private final I2PAppContext ctx;
    private final Log log;

    public BuildReplyHandler(I2PAppContext i2PAppContext) {
        this.ctx = i2PAppContext;
        this.log = i2PAppContext.logManager().getLog(BuildReplyHandler.class);
    }

    private int decryptRecord(TunnelBuildReplyMessage tunnelBuildReplyMessage, TunnelCreatorConfig tunnelCreatorConfig, int i, int i2) {
        EncryptedBuildRecord encryptedBuildRecord;
        boolean z;
        String str;
        byte[] bArr;
        String str2;
        String str3;
        String str4;
        String str5;
        String str6;
        byte b;
        EncryptedBuildRecord encryptedBuildRecord2;
        boolean decrypt;
        EncryptedBuildRecord encryptedBuildRecord3;
        boolean z2;
        EncryptedBuildRecord record = tunnelBuildReplyMessage.getRecord(i);
        int type = tunnelBuildReplyMessage.getType();
        if (record == null) {
            if (this.log.shouldWarn()) {
                this.log.warn("Missing record " + i);
            }
            return -1;
        }
        byte[] data = record.getData();
        int length = tunnelCreatorConfig.getLength() - 1;
        if (tunnelCreatorConfig.isInbound()) {
            length--;
        }
        boolean isEC = tunnelCreatorConfig.isEC(i2);
        int i3 = isEC ? i2 + 1 : i2;
        boolean z3 = (type == 26) || type == 999;
        String str7 = ": ";
        String str8 = " with replyKey ";
        String str9 = "/";
        if (z3) {
            byte[] bArr2 = new byte[12];
            while (length >= i3) {
                byte[] data2 = tunnelCreatorConfig.getChaChaReplyKey(length).getData();
                if (this.log.shouldDebug()) {
                    Log log = this.log;
                    StringBuilder sb = new StringBuilder();
                    encryptedBuildRecord3 = record;
                    z2 = z3;
                    sb.append(tunnelBuildReplyMessage.getUniqueId());
                    sb.append(": Decrypting ChaCha record ");
                    sb.append(i);
                    sb.append(str9);
                    sb.append(i2);
                    sb.append(str9);
                    sb.append(length);
                    sb.append(str8);
                    sb.append(Base64.encode(data2));
                    sb.append(" : ");
                    sb.append(tunnelCreatorConfig);
                    log.debug(sb.toString());
                } else {
                    encryptedBuildRecord3 = record;
                    z2 = z3;
                }
                bArr2[4] = (byte) i;
                ChaCha20.encrypt(data2, bArr2, data, 0, data, 0, 218);
                length--;
                i3 = i3;
                str7 = str7;
                record = encryptedBuildRecord3;
                z3 = z2;
                str9 = str9;
                str8 = str8;
            }
            encryptedBuildRecord = record;
            z = z3;
            str = str7;
            str2 = str9;
            str3 = str8;
            bArr = data;
        } else {
            encryptedBuildRecord = record;
            z = z3;
            String str10 = "/";
            String str11 = " with replyKey ";
            str = ": ";
            int i4 = i3;
            int i5 = length;
            while (i5 >= i4) {
                SessionKey aESReplyKey = tunnelCreatorConfig.getAESReplyKey(i5);
                byte[] aESReplyIV = tunnelCreatorConfig.getAESReplyIV(i5);
                if (this.log.shouldDebug()) {
                    Log log2 = this.log;
                    StringBuilder sb2 = new StringBuilder();
                    sb2.append(tunnelBuildReplyMessage.getUniqueId());
                    sb2.append(": Decrypting AES record ");
                    sb2.append(i);
                    str4 = str10;
                    sb2.append(str4);
                    sb2.append(i2);
                    sb2.append(str4);
                    sb2.append(i5);
                    str5 = str11;
                    sb2.append(str5);
                    sb2.append(aESReplyKey.toBase64());
                    sb2.append(str4);
                    sb2.append(Base64.encode(aESReplyIV));
                    sb2.append(str);
                    sb2.append(tunnelCreatorConfig);
                    log2.debug(sb2.toString());
                } else {
                    str4 = str10;
                    str5 = str11;
                }
                this.ctx.aes().decrypt(data, 0, data, 0, aESReplyKey, aESReplyIV, 0, data.length);
                i5--;
                data = data;
                str11 = str5;
                str10 = str4;
            }
            bArr = data;
            str2 = str10;
            str3 = str11;
        }
        if (isEC) {
            SessionKey chaChaReplyKey = tunnelCreatorConfig.getChaChaReplyKey(i2);
            byte[] chaChaReplyAD = tunnelCreatorConfig.getChaChaReplyAD(i2);
            if (this.log.shouldDebug()) {
                Log log3 = this.log;
                StringBuilder sb3 = new StringBuilder();
                sb3.append(tunnelBuildReplyMessage.getUniqueId());
                sb3.append(": Decrypting chacha/poly record ");
                sb3.append(i);
                str6 = str2;
                sb3.append(str6);
                sb3.append(i2);
                sb3.append(str3);
                sb3.append(chaChaReplyKey.toBase64());
                sb3.append(str6);
                sb3.append(Base64.encode(chaChaReplyAD));
                sb3.append(str);
                sb3.append(tunnelCreatorConfig);
                log3.debug(sb3.toString());
            } else {
                str6 = str2;
            }
            if (z) {
                encryptedBuildRecord2 = encryptedBuildRecord;
                decrypt = BuildResponseRecord.decrypt(encryptedBuildRecord2, chaChaReplyKey, chaChaReplyAD, i);
            } else {
                encryptedBuildRecord2 = encryptedBuildRecord;
                decrypt = BuildResponseRecord.decrypt(encryptedBuildRecord2, chaChaReplyKey, chaChaReplyAD);
            }
            if (!decrypt) {
                if (!this.log.shouldWarn()) {
                    return -1;
                }
                this.log.warn(tunnelBuildReplyMessage.getUniqueId() + ": chacha reply decrypt fail on " + i + str6 + i2);
                return -1;
            }
            b = bArr[encryptedBuildRecord2.length() - 17];
        } else {
            str6 = str2;
            byte[] acquire = SimpleByteCache.acquire(32);
            this.ctx.sha().calculateHash(bArr, 32, 496, acquire, 0);
            if (!DataHelper.eq(acquire, 0, bArr, 0, 32)) {
                if (this.log.shouldWarn()) {
                    this.log.warn(tunnelBuildReplyMessage.getUniqueId() + ": sha256 reply verify fail on " + i + str6 + i2 + str + Base64.encode(acquire) + " calculated, " + Base64.encode(bArr, 0, 32) + " expected\nRecord: " + Base64.encode(bArr, 32, 496));
                }
                SimpleByteCache.release(acquire);
                return -1;
            }
            SimpleByteCache.release(acquire);
            b = bArr[527];
        }
        int i6 = b & UByte.MAX_VALUE;
        if (this.log.shouldLog(10)) {
            this.log.debug(tunnelBuildReplyMessage.getUniqueId() + ": Verified: " + i6 + " for record " + i + str6 + i2);
        }
        return i6;
    }

    public int[] decrypt(TunnelBuildReplyMessage tunnelBuildReplyMessage, TunnelCreatorConfig tunnelCreatorConfig, List<Integer> list) {
        int[] iArr = null;
        if (tunnelBuildReplyMessage.getRecordCount() != list.size()) {
            this.log.error("Corrupted build reply, expected " + list.size() + " records, got " + tunnelBuildReplyMessage.getRecordCount());
            return null;
        }
        int recordCount = tunnelBuildReplyMessage.getRecordCount();
        int[] iArr2 = new int[recordCount];
        int i = 0;
        int i2 = 0;
        while (i2 < recordCount) {
            int intValue = list.get(i2).intValue();
            if (BuildMessageGenerator.isBlank(tunnelCreatorConfig, intValue)) {
                if (this.log.shouldLog(10)) {
                    this.log.debug(tunnelBuildReplyMessage.getUniqueId() + ": skipping record " + i2 + "/" + intValue + " for: " + tunnelCreatorConfig);
                }
                if (tunnelCreatorConfig.isInbound() && intValue + 1 == tunnelCreatorConfig.getLength()) {
                    byte[] bArr = new byte[32];
                    byte[] data = tunnelBuildReplyMessage.getRecord(i2).getData();
                    this.ctx.sha().calculateHash(data, 0, data.length, bArr, 0);
                    Hash blankHash = tunnelCreatorConfig.getBlankHash();
                    if (blankHash == null || !DataHelper.eq(bArr, blankHash.getData())) {
                        if (this.log.shouldWarn()) {
                            this.log.warn("IBEP record corrupt on " + tunnelCreatorConfig);
                        }
                        return iArr;
                    }
                    iArr2[i2] = i;
                } else {
                    iArr2[i2] = i;
                }
            } else {
                int decryptRecord = decryptRecord(tunnelBuildReplyMessage, tunnelCreatorConfig, i2, intValue);
                if (decryptRecord == -1) {
                    if (this.log.shouldLog(30)) {
                        this.log.warn(tunnelBuildReplyMessage.getUniqueId() + ": decrypt record " + i2 + "/" + intValue + " fail: " + tunnelCreatorConfig);
                    }
                    return iArr;
                }
                if (this.log.shouldLog(10)) {
                    this.log.debug(tunnelBuildReplyMessage.getUniqueId() + ": decrypt record " + i2 + "/" + intValue + " success: " + decryptRecord + " for " + tunnelCreatorConfig);
                }
                iArr2[i2] = decryptRecord;
            }
            i2++;
            iArr = null;
            i = 0;
        }
        return iArr2;
    }
}
