package net.i2p.router.transport.ntcp;

import com.southernstorm.noise.protocol.CipherState;
import com.southernstorm.noise.protocol.CipherStatePair;
import com.southernstorm.noise.protocol.HandshakeState;
import java.io.ByteArrayOutputStream;
import java.nio.ByteBuffer;
import java.security.GeneralSecurityException;
import java.util.Arrays;
import java.util.EnumSet;
import java.util.List;
import java.util.Set;
import net.i2p.data.Base64;
import net.i2p.data.ByteArray;
import net.i2p.data.DataFormatException;
import net.i2p.data.DataHelper;
import net.i2p.data.Hash;
import net.i2p.data.SessionKey;
import net.i2p.data.i2np.I2NPMessage;
import net.i2p.data.router.RouterAddress;
import net.i2p.data.router.RouterIdentity;
import net.i2p.data.router.RouterInfo;
import net.i2p.router.Banlist;
import net.i2p.router.RouterContext;
import net.i2p.router.networkdb.kademlia.FloodfillNetworkDatabaseFacade;
import net.i2p.router.transport.ntcp.EstablishBase;
import net.i2p.router.transport.ntcp.NTCP2Payload;
import net.i2p.util.Addresses;
import net.i2p.util.ByteCache;
import net.i2p.util.SimpleByteCache;
import org.cybergarage.soap.SOAP;
import org.usb4java.LibUsb;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: classes15.dex */
public class InboundEstablishState extends EstablishBase implements NTCP2Payload.PayloadCallback {
    private static final int BUFFER_SIZE = 4096;
    private static final int MAX_DATA_READ_BUFS = 32;
    private static final int MSG3P2_MAX = 6000;
    private static final int MSG3P2_MIN = 459;
    private static final int PADDING1_FAIL_MAX = 128;
    private static final int PADDING1_MAX = 223;
    private static final int PADDING2_MAX = 64;
    private static final int RI_MIN = 439;
    private RouterIdentity _aliceIdent;
    private int _aliceIdentSize;
    private byte[] _curEncrypted;
    private HandshakeState _handshakeState;
    private NTCP2Options _hisPadding;
    private int _msg3p2FailReason;
    private int _msg3p2len;
    private ByteArray _msg3tmp;
    private int _padlen1;
    private boolean _released;
    private final ByteArrayOutputStream _sz_aliceIdent_tsA_padding_aliceSig;
    private int _sz_aliceIdent_tsA_padding_aliceSigSize;
    private static final ByteCache _dataReadBufs = ByteCache.getInstance(32, 4096);
    private static final Set<EstablishBase.State> STATES_NTCP2 = EnumSet.of(EstablishBase.State.IB_NTCP2_INIT, EstablishBase.State.IB_NTCP2_GOT_X, EstablishBase.State.IB_NTCP2_GOT_PADDING, EstablishBase.State.IB_NTCP2_SENT_Y, EstablishBase.State.IB_NTCP2_GOT_RI, EstablishBase.State.IB_NTCP2_READ_RANDOM);

    public InboundEstablishState(RouterContext routerContext, NTCPTransport nTCPTransport, NTCPConnection nTCPConnection) {
        super(routerContext, nTCPTransport, nTCPConnection);
        this._msg3p2FailReason = -1;
        this._state = EstablishBase.State.IB_INIT;
        this._sz_aliceIdent_tsA_padding_aliceSig = new ByteArrayOutputStream(512);
        this._prevEncrypted = SimpleByteCache.acquire(16);
        this._curEncrypted = SimpleByteCache.acquire(16);
    }

    private synchronized void prepareOutbound2() {
        int nextInt = this._context.random().nextInt(64);
        byte[] bArr = new byte[nextInt + 64];
        DataHelper.toLong(bArr, 34, 2, nextInt);
        DataHelper.toLong(bArr, 40, 4, (this._context.clock().now() + 500) / 1000);
        try {
            this._handshakeState.writeMessage(bArr, 0, bArr, 32, 16);
            if (this._log.shouldDebug()) {
                this._log.debug("After msg 2: " + this._handshakeState.toString());
            }
            this._context.aes().encrypt(bArr, 0, bArr, 0, new SessionKey(this._context.routerHash().getData()), this._prevEncrypted, 32);
            if (nextInt > 0) {
                this._context.random().nextBytes(bArr, 64, nextInt);
                this._handshakeState.mixHash(bArr, 64, nextInt);
                if (this._log.shouldDebug()) {
                    this._log.debug("After mixhash padding " + nextInt + " msg 2: " + this._handshakeState.toString());
                }
            }
            changeState(EstablishBase.State.IB_NTCP2_SENT_Y);
            this._con.wantsWrite(bArr);
        } catch (RuntimeException e) {
            if (!this._log.shouldWarn()) {
                this._log.error("Bad msg 2 out", e);
            }
            fail("Bad msg 2 out", e);
        } catch (GeneralSecurityException e2) {
            if (!this._log.shouldWarn()) {
                this._log.error("Bad msg 2 out", e2);
            }
            fail("Bad msg 2 out", e2);
        }
    }

    private void receiveInbound(ByteBuffer byteBuffer) {
        if (STATES_NTCP2.contains(this._state)) {
            receiveInboundNTCP2(byteBuffer);
            return;
        }
        if (this._state == EstablishBase.State.IB_INIT && byteBuffer.hasRemaining()) {
            int remaining = byteBuffer.remaining();
            if (this._received + remaining >= 64) {
                this._con.setVersion(2);
                changeState(EstablishBase.State.IB_NTCP2_INIT);
                receiveInboundNTCP2(byteBuffer);
            } else {
                byteBuffer.get(this._X, this._received, remaining);
                this._received += remaining;
                if (this._log.shouldWarn()) {
                    this._log.warn("Short buffer got " + remaining + " total now " + this._received + " on " + this);
                }
            }
        }
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Removed duplicated region for block: B:74:0x0297 A[Catch: all -> 0x0610, TryCatch #7 {, blocks: (B:4:0x0005, B:6:0x0010, B:8:0x0016, B:10:0x0035, B:12:0x003d, B:16:0x0063, B:18:0x0076, B:21:0x009f, B:23:0x00da, B:26:0x00e1, B:28:0x00ec, B:32:0x00f3, B:33:0x0104, B:36:0x011a, B:38:0x0127, B:39:0x0145, B:40:0x0159, B:42:0x0161, B:43:0x017f, B:45:0x0186, B:48:0x019e, B:50:0x01a4, B:52:0x01b0, B:54:0x01b8, B:56:0x01c2, B:57:0x01de, B:58:0x01e7, B:61:0x01ff, B:63:0x0234, B:67:0x0288, B:72:0x0293, B:74:0x0297, B:76:0x02a2, B:79:0x02bd, B:80:0x02c2, B:83:0x0240, B:85:0x0264, B:88:0x02dd, B:91:0x02fd, B:93:0x0310, B:95:0x0318, B:96:0x0357, B:98:0x035d, B:102:0x038b, B:103:0x0392, B:104:0x0393, B:106:0x0399, B:108:0x039f, B:110:0x03ae, B:112:0x03b6, B:115:0x03e8, B:116:0x040a, B:118:0x0410, B:120:0x0416, B:124:0x0437, B:126:0x044e, B:127:0x0478, B:129:0x0481, B:132:0x049c, B:133:0x04a1, B:135:0x04a7, B:137:0x04ad, B:139:0x04b7, B:140:0x04c1, B:144:0x04e5, B:146:0x04fa, B:147:0x0504, B:149:0x050c, B:156:0x0540, B:157:0x05ca, B:185:0x056c, B:177:0x05a8, B:166:0x05c6, B:188:0x05cf, B:189:0x05d5, B:200:0x05d7, B:204:0x05eb), top: B:3:0x0005, inners: #11, #14, #13 }] */
    /* JADX WARN: Type inference failed for: r12v2, types: [int] */
    /* JADX WARN: Type inference failed for: r12v3 */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    private synchronized void receiveInboundNTCP2(java.nio.ByteBuffer r25) {
        /*
            Method dump skipped, instructions count: 1555
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: net.i2p.router.transport.ntcp.InboundEstablishState.receiveInboundNTCP2(java.nio.ByteBuffer):void");
    }

    private synchronized void setDataPhase(ByteBuffer byteBuffer) {
        CipherStatePair split = this._handshakeState.split();
        CipherState receiver = split.getReceiver();
        CipherState sender = split.getSender();
        byte[][] generateSipHashKeys = OutboundNTCP2State.generateSipHashKeys(this._context, this._handshakeState);
        byte[] bArr = generateSipHashKeys[0];
        byte[] bArr2 = generateSipHashKeys[1];
        if (this._msg3p2FailReason >= 0) {
            if (this._log.shouldWarn()) {
                this._log.warn("Failed msg3p2, code " + this._msg3p2FailReason + " for " + this);
            }
            this._con.failInboundEstablishment(sender, bArr2, this._msg3p2FailReason);
            changeState(EstablishBase.State.CORRUPT);
        } else {
            if (this._log.shouldDebug()) {
                this._log.debug("Finished establishment for " + this + "\nGenerated SipHash key for A->B: " + Base64.encode(bArr) + "\nGenerated SipHash key for B->A: " + Base64.encode(bArr2));
            }
            this._con.finishInboundEstablishment(sender, receiver, bArr2, bArr, this._peerSkew, this._hisPadding);
            changeState(EstablishBase.State.VERIFIED);
            if (byteBuffer.hasRemaining()) {
                if (this._log.shouldInfo()) {
                    this._log.info("extra data " + byteBuffer.remaining() + " on " + this);
                }
                this._con.recvEncryptedI2NP(byteBuffer);
            }
        }
        releaseBufs(true);
        this._handshakeState.destroy();
        Arrays.fill(bArr, (byte) 0);
        Arrays.fill(bArr2, (byte) 0);
    }

    private boolean verifyInbound(Hash hash) {
        byte[] remoteIP = this._con.getRemoteIP();
        if (this._context.banlist().isBanlistedForever(hash)) {
            if (this._log.shouldWarn()) {
                this._log.warn("Dropping inbound connection from permanently banlisted peer at " + Addresses.toString(remoteIP) + " : " + hash);
            }
            if (remoteIP != null) {
                this._context.blocklist().add(remoteIP);
            }
            if (getVersion() < 2) {
                fail("Peer is banlisted forever: " + hash);
            } else if (this._log.shouldWarn()) {
                this._log.warn("Peer is banlisted forever: " + hash);
            }
            this._msg3p2FailReason = 17;
            return false;
        }
        if (remoteIP != null) {
            this._transport.setIP(hash, remoteIP);
        }
        if (this._log.shouldLog(10)) {
            this._log.debug(prefix() + "verification successful for " + this._con);
        }
        this._peerSkew -= (((this._context.clock().now() - this._con.getCreated()) / 2) + 500) / 1000;
        long abs = Math.abs(this._peerSkew) * 1000;
        boolean z = abs < 60000;
        if (z && !this._context.clock().getUpdatedSuccessfully()) {
            this._context.clock().setOffset((0 - this._peerSkew) * 1000, true);
            this._peerSkew = 0L;
            if (abs == 0) {
                return true;
            }
            this._log.logAlways(30, "NTP failure, NTCP adjusted clock by " + DataHelper.formatDuration(abs) + " source router: " + hash.toBase64());
            return true;
        }
        if (z) {
            if (!this._log.shouldLog(10)) {
                return true;
            }
            this._log.debug(prefix() + "Clock skew: " + abs + " ms");
            return true;
        }
        this._context.banlist().banlistRouter(DataHelper.formatDuration(abs), hash, _x("Excessive clock skew: {0}"));
        this._transport.setLastBadSkew(this._peerSkew);
        if (this._log.shouldWarn()) {
            this._log.warn("Clocks too skewed (" + abs + " ms)");
        }
        this._msg3p2FailReason = 7;
        return false;
    }

    private boolean verifyInboundNetworkID(RouterInfo routerInfo) {
        boolean z = routerInfo.getNetworkId() == this._context.router().getNetworkID();
        if (!z) {
            Hash hash = routerInfo.getHash();
            if (this._log.shouldLog(30)) {
                this._log.warn("Not in our network: " + routerInfo, new Exception());
            }
            byte[] remoteIP = this._con.getRemoteIP();
            if (remoteIP != null) {
                this._context.blocklist().add(remoteIP);
            }
            this._transport.markUnreachable(hash);
            this._msg3p2FailReason = 17;
        }
        return z;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // net.i2p.router.transport.ntcp.EstablishBase
    public synchronized void fail(String str, Exception exc, boolean z) {
        super.fail(str, exc, z);
        if (this._handshakeState != null) {
            if (this._log.shouldWarn()) {
                this._log.warn("State at failure: " + this._handshakeState.toString());
            }
            this._handshakeState.destroy();
        }
    }

    @Override // net.i2p.router.transport.ntcp.EstablishBase, net.i2p.router.transport.ntcp.EstablishState
    public int getVersion() {
        return 2;
    }

    @Override // net.i2p.router.transport.ntcp.NTCP2Payload.PayloadCallback
    public void gotDateTime(long j) {
    }

    @Override // net.i2p.router.transport.ntcp.NTCP2Payload.PayloadCallback
    public void gotI2NP(I2NPMessage i2NPMessage) {
    }

    @Override // net.i2p.router.transport.ntcp.NTCP2Payload.PayloadCallback
    public void gotOptions(byte[] bArr, boolean z) {
        NTCP2Options fromByteArray = NTCP2Options.fromByteArray(bArr);
        if (fromByteArray != null) {
            this._hisPadding = fromByteArray;
        } else if (this._log.shouldWarn()) {
            this._log.warn("Got options length " + bArr.length + " on: " + this);
        }
    }

    @Override // net.i2p.router.transport.ntcp.NTCP2Payload.PayloadCallback
    public void gotPadding(int i, int i2) {
    }

    @Override // net.i2p.router.transport.ntcp.NTCP2Payload.PayloadCallback
    public void gotRI(RouterInfo routerInfo, boolean z, boolean z2) throws DataFormatException {
        byte[] ip;
        List<RouterAddress> targetAddresses = routerInfo.getTargetAddresses(NTCPTransport.STYLE, NTCPTransport.STYLE2);
        if (targetAddresses.isEmpty()) {
            this._msg3p2FailReason = 16;
            throw new DataFormatException("no NTCP in RI: " + routerInfo);
        }
        byte[] remoteIP = this._con.getRemoteIP();
        String str = null;
        String str2 = null;
        for (RouterAddress routerAddress : targetAddresses) {
            String option = routerAddress.getOption("v");
            if (option != null && (option.equals(NTCPTransport.NTCP2_VERSION) || option.startsWith(NTCPTransport.NTCP2_VERSION_ALT))) {
                if (str2 == null) {
                    str2 = routerAddress.getOption(SOAP.XMLNS);
                }
                if (remoteIP != null && (ip = routerAddress.getIP()) != null && ip.length == remoteIP.length) {
                    if (ip.length == 16) {
                        if ((ip[0] & LibUsb.CLASS_APPLICATION) != 2 && !DataHelper.eq(remoteIP, 0, ip, 0, 8)) {
                            str = "IP mismatch actual IP " + Addresses.toString(remoteIP) + " in RI: ";
                        }
                    } else if (!DataHelper.eq(remoteIP, ip)) {
                        str = "IP mismatch actual IP " + Addresses.toString(remoteIP) + " in RI: ";
                    }
                }
            }
        }
        if (str2 == null) {
            this._msg3p2FailReason = 16;
            throw new DataFormatException("no s in RI: " + routerInfo);
        }
        byte[] decode = Base64.decode(str2);
        if (decode == null || decode.length != 32) {
            this._msg3p2FailReason = 16;
            throw new DataFormatException("bad s in RI: " + routerInfo);
        }
        byte[] bArr = new byte[32];
        this._handshakeState.getRemotePublicKey().getPublicKey(bArr, 0);
        if (!DataHelper.eqCT(decode, 0, bArr, 0, 32)) {
            this._msg3p2FailReason = 16;
            throw new DataFormatException("s mismatch in RI: " + routerInfo);
        }
        RouterIdentity identity = routerInfo.getIdentity();
        this._aliceIdent = identity;
        Hash calculateHash = identity.calculateHash();
        if (!verifyInbound(calculateHash)) {
            throw new DataFormatException("NTCP2 verifyInbound() fail");
        }
        if (str != null) {
            this._context.banlist().banlistRouter(calculateHash, "IP mismatch", (String) null, (String) null, this._context.clock().now() + Banlist.BANLIST_DURATION_LOCALHOST);
            this._msg3p2FailReason = 17;
            throw new DataFormatException(str + routerInfo);
        }
        if (routerInfo.getCapabilities().equals("LU") && routerInfo.getVersion().equals("0.9.56")) {
            this._context.banlist().banlistRouter(calculateHash, "Slow", (String) null, (String) null, this._context.clock().now() + Banlist.BANLIST_DURATION_LOCALHOST);
            this._msg3p2FailReason = 17;
            throw new DataFormatException("Old and slow: " + calculateHash);
        }
        try {
            RouterInfo store = this._context.netDb().store(calculateHash, routerInfo);
            if (z2 && !routerInfo.equals(store)) {
                if (((FloodfillNetworkDatabaseFacade) this._context.netDb()).floodConditional(routerInfo)) {
                    if (this._log.shouldDebug()) {
                        this._log.debug("Flooded the RI: " + calculateHash);
                    }
                } else if (this._log.shouldInfo()) {
                    this._log.info("Flood request but we didn't: " + calculateHash);
                }
            }
            this._con.setRemotePeer(this._aliceIdent);
        } catch (IllegalArgumentException e) {
            if (!verifyInboundNetworkID(routerInfo)) {
                throw new DataFormatException("NTCP2 network ID mismatch");
            }
            if (this._msg3p2FailReason <= 0) {
                this._msg3p2FailReason = 13;
            }
            throw new DataFormatException("RI store fail: " + routerInfo, e);
        }
    }

    @Override // net.i2p.router.transport.ntcp.NTCP2Payload.PayloadCallback
    public void gotTermination(int i, long j) {
    }

    @Override // net.i2p.router.transport.ntcp.NTCP2Payload.PayloadCallback
    public void gotUnknown(int i, int i2) {
    }

    @Override // net.i2p.router.transport.ntcp.EstablishBase, net.i2p.router.transport.ntcp.EstablishState
    public synchronized void receive(ByteBuffer byteBuffer) {
        super.receive(byteBuffer);
        if (byteBuffer.hasRemaining()) {
            receiveInbound(byteBuffer);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // net.i2p.router.transport.ntcp.EstablishBase
    public void releaseBufs(boolean z) {
        if (this._released) {
            return;
        }
        this._released = true;
        super.releaseBufs(z);
        if (!z) {
            SimpleByteCache.release(this._curEncrypted);
        }
        Arrays.fill(this._X, (byte) 0);
        SimpleByteCache.release(this._X);
        ByteArray byteArray = this._msg3tmp;
        if (byteArray != null) {
            _dataReadBufs.release(byteArray, false);
            this._msg3tmp = null;
        }
    }
}
