package net.i2p.router.transport.ntcp;

import com.southernstorm.noise.protocol.Pattern;
import java.net.InetAddress;
import java.nio.ByteBuffer;
import java.util.Arrays;
import net.i2p.crypto.SigType;
import net.i2p.data.DataHelper;
import net.i2p.data.Signature;
import net.i2p.router.RouterContext;
import net.i2p.router.transport.crypto.DHSessionKeyBuilder;
import net.i2p.router.transport.ntcp.EstablishBase;
import net.i2p.util.SimpleByteCache;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: input_file:net/i2p/router/transport/ntcp/OutboundEstablishState.class */
public class OutboundEstablishState extends EstablishBase {
    public OutboundEstablishState(RouterContext routerContext, NTCPTransport nTCPTransport, NTCPConnection nTCPConnection) {
        super(routerContext, nTCPTransport, nTCPConnection);
        this._state = EstablishBase.State.OB_INIT;
        routerContext.sha().calculateHash(this._X, 0, 256, this._hX_xor_bobIdentHash, 0);
        xor32(nTCPConnection.getRemotePeer().calculateHash().getData(), this._hX_xor_bobIdentHash);
    }

    @Override // net.i2p.router.transport.ntcp.EstablishBase, net.i2p.router.transport.ntcp.EstablishState
    public synchronized void receive(ByteBuffer byteBuffer) {
        super.receive(byteBuffer);
        if (byteBuffer.hasRemaining()) {
            receiveOutbound(byteBuffer);
        }
    }

    @Override // net.i2p.router.transport.ntcp.EstablishBase, net.i2p.router.transport.ntcp.EstablishState
    public int getVersion() {
        return 1;
    }

    private void receiveOutbound(ByteBuffer byteBuffer) {
        if (this._state == EstablishBase.State.OB_SENT_X && byteBuffer.hasRemaining()) {
            int min = Math.min(byteBuffer.remaining(), 256 - this._received);
            byteBuffer.get(this._Y, this._received, min);
            this._received += min;
            if (this._received < 256) {
                return;
            }
            try {
                this._dh.setPeerPublicValue(this._Y);
                this._dh.getSessionKey();
                if (this._log.shouldLog(10)) {
                    this._log.debug(prefix() + "DH session key calculated (" + this._dh.getSessionKey().toBase64() + ")");
                }
                changeState(EstablishBase.State.OB_GOT_Y);
                this._received = 0;
            } catch (IllegalStateException e) {
                fail("reused keys?", e);
                return;
            } catch (DHSessionKeyBuilder.InvalidPublicParameterException e2) {
                this._context.statManager().addRateData("ntcp.invalidDH", 1L);
                fail("Invalid X", e2);
                return;
            }
        }
        if (this._state == EstablishBase.State.OB_GOT_Y && byteBuffer.hasRemaining()) {
            int min2 = Math.min(byteBuffer.remaining(), 48 - this._received);
            byteBuffer.get(this._e_hXY_tsB, this._received, min2);
            this._received += min2;
            if (this._received < 48) {
                return;
            }
            if (this._log.shouldLog(10)) {
                this._log.debug(prefix() + "received _e_hXY_tsB fully");
            }
            byte[] bArr = new byte[48];
            this._context.aes().decrypt(this._e_hXY_tsB, 0, bArr, 0, this._dh.getSessionKey(), this._Y, 240, 48);
            byte[] bArr2 = new byte[Pattern.FLAG_REMOTE_EPHEMERAL];
            System.arraycopy(this._X, 0, bArr2, 0, 256);
            System.arraycopy(this._Y, 0, bArr2, 256, 256);
            byte[] acquire = SimpleByteCache.acquire(32);
            this._context.sha().calculateHash(bArr2, 0, Pattern.FLAG_REMOTE_EPHEMERAL, acquire, 0);
            if (!DataHelper.eq(acquire, 0, bArr, 0, 32)) {
                SimpleByteCache.release(acquire);
                this._context.statManager().addRateData("ntcp.invalidHXY", 1L);
                fail("Invalid H(X+Y) - mitm attack attempted?");
                return;
            }
            SimpleByteCache.release(acquire);
            changeState(EstablishBase.State.OB_GOT_HXY);
            this._received = 0;
            this._tsB = DataHelper.fromLong(bArr, 32, 4);
            long now = this._context.clock().now();
            long created = now - this._con.getCreated();
            this._tsA = (now + 500) / 1000;
            this._peerSkew = (((now - (this._tsB * 1000)) - (created / 2)) + 500) / 1000;
            if (this._log.shouldLog(10)) {
                this._log.debug(prefix() + "h(X+Y) is correct, skew = " + this._peerSkew);
            }
            long abs = 1000 * Math.abs(this._peerSkew);
            if (!this._context.clock().getUpdatedSuccessfully()) {
                this._context.clock().setOffset(1000 * (0 - this._peerSkew), true);
                this._peerSkew = 0L;
                if (abs != 0) {
                    this._log.logAlways(30, "NTP failure, NTCP adjusting clock by " + DataHelper.formatDuration(abs));
                }
            } else {
                if (abs >= 60000) {
                    this._context.statManager().addRateData("ntcp.invalidOutboundSkew", abs);
                    this._transport.markReachable(this._con.getRemotePeer().calculateHash(), false);
                    this._context.banlist().banlistRouter(DataHelper.formatDuration(abs), this._con.getRemotePeer().calculateHash(), _x("Excessive clock skew: {0}"));
                    this._transport.setLastBadSkew(this._peerSkew);
                    fail("Clocks too skewed (" + abs + " ms)", null, true);
                    return;
                }
                if (this._log.shouldLog(10)) {
                    this._log.debug(prefix() + "Clock skew: " + abs + " ms");
                }
            }
            byte[] bArr3 = new byte[552];
            System.arraycopy(this._X, 0, bArr3, 0, 256);
            System.arraycopy(this._Y, 0, bArr3, 256, 256);
            System.arraycopy(this._con.getRemotePeer().calculateHash().getData(), 0, bArr3, Pattern.FLAG_REMOTE_EPHEMERAL, 32);
            DataHelper.toLong(bArr3, 544, 4, this._tsA);
            DataHelper.toLong(bArr3, 548, 4, this._tsB);
            Signature sign = this._context.dsa().sign(bArr3, this._context.keyManager().getSigningPrivateKey());
            byte[] byteArray = this._context.router().getRouterInfo().getIdentity().toByteArray();
            int length = 2 + byteArray.length + 4 + sign.length();
            int i = length % 16;
            int i2 = 0;
            if (i > 0) {
                i2 = 16 - i;
            }
            byte[] bArr4 = new byte[length + i2];
            DataHelper.toLong(bArr4, 0, 2, byteArray.length);
            System.arraycopy(byteArray, 0, bArr4, 2, byteArray.length);
            DataHelper.toLong(bArr4, 2 + byteArray.length, 4, this._tsA);
            if (i2 > 0) {
                this._context.random().nextBytes(bArr4, 2 + byteArray.length + 4, i2);
            }
            System.arraycopy(sign.getData(), 0, bArr4, 2 + byteArray.length + 4 + i2, sign.length());
            this._prevEncrypted = new byte[bArr4.length];
            this._context.aes().encrypt(bArr4, 0, this._prevEncrypted, 0, this._dh.getSessionKey(), this._hX_xor_bobIdentHash, this._hX_xor_bobIdentHash.length - 16, bArr4.length);
            changeState(EstablishBase.State.OB_SENT_RI);
            this._transport.getPumper().wantsWrite(this._con, this._prevEncrypted);
        }
        if (this._state == EstablishBase.State.OB_SENT_RI && byteBuffer.hasRemaining()) {
            int i3 = 0;
            if (this._e_bobSig == null) {
                int sigLen = this._con.getRemotePeer().getSigningPublicKey().getType().getSigLen();
                int i4 = sigLen % 16;
                this._e_bobSig = new byte[sigLen + (i4 > 0 ? 16 - i4 : 0)];
                if (this._log.shouldLog(10)) {
                    this._log.debug(prefix() + "receiving E(S(X+Y+Alice.identHash+tsA+tsB)+padding, sk, prev) (remaining? " + byteBuffer.hasRemaining() + ")");
                }
            } else {
                i3 = this._received;
                if (this._log.shouldLog(10)) {
                    this._log.debug(prefix() + "continuing to receive E(S(X+Y+Alice.identHash+tsA+tsB)+padding, sk, prev) (remaining? " + byteBuffer.hasRemaining() + " off=" + i3 + " recv=" + this._received + ")");
                }
            }
            while (this._state == EstablishBase.State.OB_SENT_RI && byteBuffer.hasRemaining()) {
                int i5 = i3;
                i3++;
                this._e_bobSig[i5] = byteBuffer.get();
                this._received++;
                if (i3 >= this._e_bobSig.length) {
                    changeState(EstablishBase.State.OB_GOT_SIG);
                    byte[] bArr5 = new byte[this._e_bobSig.length];
                    this._context.aes().decrypt(this._e_bobSig, 0, bArr5, 0, this._dh.getSessionKey(), this._e_hXY_tsB, 32, this._e_bobSig.length);
                    SigType type = this._con.getRemotePeer().getSigningPublicKey().getType();
                    int sigLen2 = type.getSigLen();
                    byte[] bArr6 = new byte[sigLen2];
                    System.arraycopy(bArr5, 0, bArr6, 0, sigLen2);
                    Signature signature = new Signature(type, bArr6);
                    byte[] bArr7 = new byte[552];
                    System.arraycopy(this._X, 0, bArr7, 0, 256);
                    int i6 = 0 + 256;
                    System.arraycopy(this._Y, 0, bArr7, i6, 256);
                    int i7 = i6 + 256;
                    System.arraycopy(this._context.routerHash().getData(), 0, bArr7, i7, 32);
                    int i8 = i7 + 32;
                    DataHelper.toLong(bArr7, i8, 4, this._tsA);
                    int i9 = i8 + 4;
                    DataHelper.toLong(bArr7, i9, 4, this._tsB);
                    int i10 = i9 + 4;
                    if (!this._context.dsa().verifySignature(signature, bArr7, this._con.getRemotePeer().getSigningPublicKey())) {
                        this._context.statManager().addRateData("ntcp.invalidSignature", 1L);
                        fail("Signature was invalid - attempt to spoof " + this._con.getRemotePeer().calculateHash().toBase64() + "?");
                        return;
                    }
                    if (this._log.shouldLog(10)) {
                        this._log.debug(prefix() + "signature verified from Bob.  done!");
                    }
                    byte[] acquire2 = SimpleByteCache.acquire(16);
                    System.arraycopy(this._prevEncrypted, this._prevEncrypted.length - 16, acquire2, 0, 16);
                    this._con.finishOutboundEstablishment(this._dh.getSessionKey(), this._peerSkew, acquire2, this._e_bobSig);
                    changeState(EstablishBase.State.VERIFIED);
                    if (byteBuffer.hasRemaining()) {
                        if (this._log.shouldInfo()) {
                            this._log.info("extra data " + byteBuffer.remaining() + " on " + this);
                        }
                        this._con.recvEncryptedI2NP(byteBuffer);
                    }
                    releaseBufs(true);
                    InetAddress inetAddress = this._con.getChannel().socket().getInetAddress();
                    if (inetAddress != null) {
                        this._transport.setIP(this._con.getRemotePeer().calculateHash(), inetAddress.getAddress());
                        return;
                    }
                    return;
                }
            }
        }
        if ((this._state == EstablishBase.State.VERIFIED || this._state == EstablishBase.State.CORRUPT) && byteBuffer.hasRemaining() && this._log.shouldWarn()) {
            this._log.warn("Received unexpected " + byteBuffer.remaining() + " on " + this, new Exception());
        }
    }

    @Override // net.i2p.router.transport.ntcp.EstablishBase, net.i2p.router.transport.ntcp.EstablishState
    public synchronized void prepareOutbound() {
        if (this._state != EstablishBase.State.OB_INIT) {
            throw new IllegalStateException(prefix() + "unexpected prepareOutbound()");
        }
        if (this._log.shouldLog(10)) {
            this._log.debug(prefix() + "send X");
        }
        byte[] bArr = new byte[256 + this._hX_xor_bobIdentHash.length];
        System.arraycopy(this._X, 0, bArr, 0, 256);
        System.arraycopy(this._hX_xor_bobIdentHash, 0, bArr, 256, this._hX_xor_bobIdentHash.length);
        changeState(EstablishBase.State.OB_SENT_X);
        this._transport.getPumper().wantsWrite(this._con, bArr);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // net.i2p.router.transport.ntcp.EstablishBase
    public void releaseBufs(boolean z) {
        super.releaseBufs(z);
        Arrays.fill(this._Y, (byte) 0);
        SimpleByteCache.release(this._Y);
    }
}
