package pt.unl.fct.di.novasys.channel.secure.auth;

import io.netty.buffer.ByteBuf;
import io.netty.buffer.Unpooled;
import io.netty.channel.EventLoopGroup;
import io.netty.util.concurrent.Promise;
import java.io.IOException;
import java.net.Inet4Address;
import java.net.InetAddress;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.Provider;
import java.security.PublicKey;
import java.security.SecureRandom;
import java.security.Signature;
import java.security.SignatureException;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.security.interfaces.ECPublicKey;
import java.time.Instant;
import java.time.temporal.ChronoUnit;
import java.util.Arrays;
import java.util.HashMap;
import java.util.HashSet;
import java.util.LinkedList;
import java.util.List;
import java.util.Map;
import java.util.Optional;
import java.util.Properties;
import java.util.Queue;
import java.util.Set;
import java.util.concurrent.Callable;
import java.util.concurrent.ExecutionException;
import java.util.concurrent.TimeUnit;
import javax.crypto.KeyAgreement;
import javax.crypto.SecretKey;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;
import org.bouncycastle.jce.ECNamedCurveTable;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.util.encoders.Hex;
import pt.unl.fct.di.novasys.channel.secure.SecureChannelListener;
import pt.unl.fct.di.novasys.channel.secure.SecureSingleThreadedBiChannel;
import pt.unl.fct.di.novasys.channel.secure.auth.AuthSession;
import pt.unl.fct.di.novasys.channel.secure.events.SecureInConnectionDown;
import pt.unl.fct.di.novasys.channel.secure.events.SecureInConnectionUp;
import pt.unl.fct.di.novasys.channel.secure.events.SecureOutConnectionDown;
import pt.unl.fct.di.novasys.channel.secure.events.SecureOutConnectionFailed;
import pt.unl.fct.di.novasys.channel.secure.events.SecureOutConnectionUp;
import pt.unl.fct.di.novasys.channel.secure.exceptions.AuthenticationException;
import pt.unl.fct.di.novasys.channel.secure.exceptions.MessageAuthenticationException;
import pt.unl.fct.di.novasys.channel.secure.utils.ECPubKeySerializer;
import pt.unl.fct.di.novasys.channel.secure.utils.X509CertificateSerializer;
import pt.unl.fct.di.novasys.network.AttributeValidator;
import pt.unl.fct.di.novasys.network.Connection;
import pt.unl.fct.di.novasys.network.ISerializer;
import pt.unl.fct.di.novasys.network.NetworkManager;
import pt.unl.fct.di.novasys.network.data.Attributes;
import pt.unl.fct.di.novasys.network.data.Bytes;
import pt.unl.fct.di.novasys.network.data.Host;
import pt.unl.fct.di.novasys.network.exceptions.InvalidHandshakeAttributesException;
import pt.unl.fct.di.novasys.network.security.X509IKeyManager;
import pt.unl.fct.di.novasys.network.security.X509ITrustManager;

/* loaded from: input_file:pt/unl/fct/di/novasys/channel/secure/auth/AuthChannel.class */
public class AuthChannel<T> extends SecureSingleThreadedBiChannel<T, AuthenticatedMessage> implements AttributeValidator {
    private static final Logger logger;
    public static final short CHANNEL_MAGIC_NUMBER = 21765;
    public static final String NAME = "AuthChannel";
    public static final String ADDRESS_KEY = "address";
    public static final String PORT_KEY = "port";
    public static final String WORKER_GROUP_KEY = "worker_group";
    public static final String TRIGGER_SENT_KEY = "trigger_sent";
    public static final String METRICS_INTERVAL_KEY = "metrics_interval";
    public static final String HEARTBEAT_INTERVAL_KEY = "heartbeat_interval";
    public static final String HEARTBEAT_TOLERANCE_KEY = "heartbeat_tolerance";
    public static final String CONNECT_TIMEOUT_KEY = "connect_timeout";
    public static final String LISTEN_ADDRESS_ATTR = "listen_address";
    public static final String CHANNELMAGIC_ATTR = "magic_number";
    public static final String DEFAULT_PORT = "9573";
    public static final String DEFAULT_HB_INTERVAL = "0";
    public static final String DEFAULT_HB_TOLERANCE = "0";
    public static final String DEFAULT_CONNECT_TIMEOUT = "1000";
    public static final String DEFAULT_METRICS_INTERVAL = "-1";
    public static final int CONNECTION_OUT = 0;
    public static final int CONNECTION_IN = 1;
    private static final int HANDSHAKE_STEPS = 3;
    static final Provider PROVIDER;
    private final SecureRandom rng;
    private final NetworkManager<AuthenticatedMessage> network;
    private final Attributes baseAttributes;
    private final ISerializer<T> msgSerializer;
    private final SecureChannelListener<T> listener;
    private final X509IKeyManager keyManager;
    private final X509ITrustManager trustManager;
    private final boolean metrics;
    private final Map<Host, Set<Bytes>> hostIds;
    private final Map<Host, Bytes> defaultHostIds;
    private final Map<Long, AuthSession<T>> allSessions;
    private final Map<Bytes, Map<Long, AuthSession<T>>> inSessions;
    private final Map<Bytes, AuthSession<T>> outSessions;
    private final Map<Host, AuthSession<T>> pendingOutSessionsWithoutId;
    static final String ASYM_KEY_ALG = "RSA";
    static final String SYM_KEY_ALG = "AES";
    static final String MAC_ALG = "HmacSHA256";
    static final int MAC_BYTES = 32;
    private static final String EC_KDF_ALG = "ECCDHwithSHA256KDF";
    private static final String DH_EC_NAME = "prime192v1";
    private static final String CERT_ATTR = "certificate";
    private static final String DH_PUB_ATTR = "dh_pub";
    private static final String EXPECTED_ID_ATTR = "expected_identity";
    private static final String IV_ATTR = "iv";
    private static final String IV_SIG_ATTR = "iv_sig";
    private static final String ATTRS_SIG_ATTR = "attrs_sig";
    static final /* synthetic */ boolean $assertionsDisabled;

    public AuthChannel(ISerializer<T> iSerializer, SecureChannelListener<T> secureChannelListener, Properties properties, X509IKeyManager x509IKeyManager, X509ITrustManager x509ITrustManager) throws IOException {
        super(NAME);
        SecureRandom secureRandom;
        try {
            secureRandom = SecureRandom.getInstance("DEFAULT", PROVIDER);
        } catch (NoSuchAlgorithmException e) {
            logger.warn("Failed to get \"DEFAULT\" secure random");
            secureRandom = new SecureRandom();
        }
        this.rng = secureRandom;
        this.msgSerializer = iSerializer;
        this.listener = secureChannelListener;
        this.keyManager = x509IKeyManager;
        this.trustManager = x509ITrustManager;
        this.hostIds = new HashMap();
        this.defaultHostIds = new HashMap();
        this.inSessions = new HashMap();
        this.outSessions = new HashMap();
        this.allSessions = new HashMap();
        this.pendingOutSessionsWithoutId = new HashMap();
        if (!properties.containsKey("address")) {
            throw new IllegalArgumentException("AuthChannel requires binding address");
        }
        InetAddress byName = Inet4Address.getByName(properties.getProperty("address"));
        int parseInt = Integer.parseInt(properties.getProperty("port", DEFAULT_PORT));
        int parseInt2 = Integer.parseInt(properties.getProperty("heartbeat_interval", "0"));
        int parseInt3 = Integer.parseInt(properties.getProperty("heartbeat_tolerance", "0"));
        int parseInt4 = Integer.parseInt(properties.getProperty("connect_timeout", "1000"));
        int parseInt5 = Integer.parseInt(properties.getProperty("metrics_interval", "-1"));
        this.metrics = parseInt5 > 0;
        Host host = new Host(byName, parseInt);
        EventLoopGroup createNewWorkerGroup = properties.containsKey("worker_group") ? (EventLoopGroup) properties.get("worker_group") : NetworkManager.createNewWorkerGroup();
        this.baseAttributes = new Attributes();
        this.baseAttributes.putShort("magic_number", (short) 21765);
        this.baseAttributes.putHost("listen_address", host);
        this.network = new NetworkManager<>(3, AuthenticatedMessage.getSerializer(32), this, parseInt2, parseInt3, parseInt4, createNewWorkerGroup);
        this.network.createServerSocket(this, host, this.baseAttributes, this, createNewWorkerGroup);
        if (this.metrics) {
            this.loop.scheduleAtFixedRate(this::triggerMetricsEvent, parseInt5, parseInt5, TimeUnit.MILLISECONDS);
        }
    }

    void triggerMetricsEvent() {
    }

    private Attributes createFirstHandshakeAttributes(ECPublicKey eCPublicKey, byte[] bArr, String str, Optional<byte[]> optional) throws CertificateEncodingException, IOException, InvalidKeyException, SignatureException {
        try {
            Attributes shallowClone = this.baseAttributes.shallowClone();
            shallowClone.putBytes("identity", this.keyManager.getAliasId(str));
            X509Certificate x509Certificate = this.keyManager.getCertificateChain(str)[0];
            shallowClone.putObject(CERT_ATTR, x509Certificate, X509CertificateSerializer.INSTANCE);
            shallowClone.putObject(DH_PUB_ATTR, eCPublicKey, ECPubKeySerializer.INSTANCE);
            optional.ifPresent(bArr2 -> {
                shallowClone.putBytes("expected_identity", bArr2);
            });
            shallowClone.putBytes(IV_ATTR, bArr);
            ByteBuf buffer = Unpooled.buffer();
            Attributes.serializer.serialize(shallowClone, buffer);
            Signature signature = Signature.getInstance(x509Certificate.getSigAlgName(), PROVIDER);
            signature.initSign(this.keyManager.getPrivateKey(str));
            signature.update(buffer.array());
            shallowClone.putBytes(ATTRS_SIG_ATTR, signature.sign());
            return shallowClone;
        } catch (NoSuchAlgorithmException e) {
            throw new RuntimeException(e);
        }
    }

    private byte[] signWithCert(X509Certificate x509Certificate, PrivateKey privateKey, byte[] bArr) throws NoSuchAlgorithmException, InvalidKeyException, SignatureException {
        Signature signature = Signature.getInstance(x509Certificate.getSigAlgName(), PROVIDER);
        signature.initSign(privateKey);
        signature.update(bArr);
        return signature.sign();
    }

    private Attributes createSecondHandshakeAttributes(String str, ECPublicKey eCPublicKey, byte[] bArr, byte[] bArr2) throws CertificateEncodingException, IOException, InvalidKeyException, SignatureException {
        try {
            Attributes shallowClone = this.baseAttributes.shallowClone();
            shallowClone.putBytes("identity", this.keyManager.getAliasId(str));
            X509Certificate x509Certificate = this.keyManager.getCertificateChain(str)[0];
            shallowClone.putObject(CERT_ATTR, x509Certificate, X509CertificateSerializer.INSTANCE);
            shallowClone.putBytes(IV_SIG_ATTR, signWithCert(x509Certificate, this.keyManager.getPrivateKey(str), bArr2));
            shallowClone.putObject(DH_PUB_ATTR, eCPublicKey, ECPubKeySerializer.INSTANCE);
            shallowClone.putBytes(IV_ATTR, bArr);
            ByteBuf buffer = Unpooled.buffer();
            Attributes.serializer.serialize(shallowClone, buffer);
            Signature signature = Signature.getInstance(x509Certificate.getSigAlgName(), PROVIDER);
            signature.initSign(this.keyManager.getPrivateKey(str));
            signature.update(buffer.array());
            shallowClone.putBytes(ATTRS_SIG_ATTR, signature.sign());
            return shallowClone;
        } catch (NullPointerException | NoSuchAlgorithmException e) {
            throw new RuntimeException(e);
        }
    }

    private KeyPair generateECKeyPair() {
        try {
            Instant now = Instant.now();
            KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("EC", PROVIDER);
            keyPairGenerator.initialize(ECNamedCurveTable.getParameterSpec(DH_EC_NAME), this.rng);
            KeyPair generateKeyPair = keyPairGenerator.generateKeyPair();
            if (logger.isDebugEnabled()) {
                Instant now2 = Instant.now();
                logger.debug(() -> {
                    return "Generated EC key pair in %sms (%sns)".formatted(Long.valueOf(ChronoUnit.MILLIS.between(now, now2)), Long.valueOf(ChronoUnit.NANOS.between(now, now2)));
                });
            }
            return generateKeyPair;
        } catch (InvalidAlgorithmParameterException | NoSuchAlgorithmException e) {
            throw new RuntimeException(e);
        }
    }

    private SecretKey generateAESFromECKeys(PrivateKey privateKey, PublicKey publicKey) throws InvalidKeyException {
        try {
            Instant now = logger.isDebugEnabled() ? Instant.now() : null;
            KeyAgreement keyAgreement = KeyAgreement.getInstance(EC_KDF_ALG, PROVIDER);
            keyAgreement.init(privateKey, this.rng);
            keyAgreement.doPhase(publicKey, true);
            SecretKey generateSecret = keyAgreement.generateSecret(SYM_KEY_ALG);
            if (logger.isDebugEnabled()) {
                Instant now2 = Instant.now();
                logger.debug("Generated {} secret key from ECDH in {}ms ({}ns): {}", SYM_KEY_ALG, Long.valueOf(ChronoUnit.MILLIS.between(now, now2)), Long.valueOf(ChronoUnit.NANOS.between(now, now2)), Hex.toHexString(generateSecret.getEncoded()));
            }
            return generateSecret;
        } catch (NoSuchAlgorithmException e) {
            throw new RuntimeException(e);
        }
    }

    private byte[] generateIv(int i) {
        byte[] bArr = new byte[i];
        this.rng.nextBytes(bArr);
        return bArr;
    }

    private AuthSession<T> createOutSession(Host host, Optional<byte[]> optional) throws CertificateEncodingException, InvalidKeyException, SignatureException, IOException, InvalidAlgorithmParameterException {
        String chooseClientAlias = this.keyManager.chooseClientAlias(new String[]{ASYM_KEY_ALG}, null, null);
        KeyPair generateECKeyPair = generateECKeyPair();
        byte[] generateIv = generateIv(32);
        Connection<AuthenticatedMessage> createConnection = this.network.createConnection(host, createFirstHandshakeAttributes((ECPublicKey) generateECKeyPair.getPublic(), generateIv, chooseClientAlias, optional), this, this);
        AuthSession<T> startOutSession = AuthSession.startOutSession(host, createConnection, this.msgSerializer, chooseClientAlias, generateECKeyPair, generateIv, optional);
        this.allSessions.put(Long.valueOf(createConnection.getConnectionId()), startOutSession);
        return startOutSession;
    }

    @Override // pt.unl.fct.di.novasys.network.AttributeValidator
    public boolean validateAttributes(Attributes attributes) {
        Short sh = attributes.getShort("magic_number");
        return sh != null && sh.shortValue() == 21765;
    }

    @Override // pt.unl.fct.di.novasys.network.AttributeValidator
    public Attributes getSecondHandshakeAttributes(long j, Attributes attributes, Attributes attributes2) throws InvalidHandshakeAttributesException {
        try {
            return (Attributes) this.loop.submit((Callable) () -> {
                return onGetSecondHandshakeAttributes(j, attributes, attributes2);
            }).get();
        } catch (InterruptedException e) {
            throw new InvalidHandshakeAttributesException(attributes, 1, e);
        } catch (ExecutionException e2) {
            throw ((InvalidHandshakeAttributesException) e2.getCause());
        }
    }

    private Attributes onGetSecondHandshakeAttributes(long j, Attributes attributes, Attributes attributes2) throws InvalidHandshakeAttributesException {
        String chooseServerAlias;
        logger.debug("Validating in connection attribute and creating reply attributes...");
        try {
            Host host = attributes.getHost("listen_address");
            byte[] bytes = attributes.getBytes(IV_ATTR);
            if (!validateAttributes(attributes) || host == null || bytes == null) {
                throw new InvalidHandshakeAttributesException(attributes, "First handshake: missing attributes");
            }
            X509Certificate x509Certificate = (X509Certificate) attributes.getObject(CERT_ATTR, X509CertificateSerializer.INSTANCE);
            PublicKey publicKey = x509Certificate.getPublicKey();
            byte[] extractIdFromCertificate = this.trustManager.extractIdFromCertificate(x509Certificate);
            if (!Arrays.equals(extractIdFromCertificate, attributes.getBytes("identity"))) {
                logger.debug("In connection attribute validation failed: peer id in attributes ({}) differs from the one extracted from certificate ({})", Bytes.of(extractIdFromCertificate), Bytes.of(attributes.getBytes("identity")));
                throw new InvalidHandshakeAttributesException(attributes, 1);
            }
            this.trustManager.checkClientTrusted(new X509Certificate[]{x509Certificate}, x509Certificate.getPublicKey().getAlgorithm());
            if (!verifyAttrSignature(attributes, publicKey, x509Certificate.getSigAlgName())) {
                logger.debug("In connection attribute validation failed: Invalid attributes signature");
                throw new InvalidHandshakeAttributesException(attributes, 1);
            }
            ECPublicKey eCPublicKey = (ECPublicKey) attributes.getObject(DH_PUB_ATTR, ECPubKeySerializer.INSTANCE);
            byte[] bytes2 = attributes.getBytes("expected_identity");
            if (bytes2 == null) {
                chooseServerAlias = this.keyManager.chooseServerAlias(ASYM_KEY_ALG, null, null);
            } else {
                String idAlias = this.keyManager.getIdAlias(bytes2);
                chooseServerAlias = idAlias == null ? this.keyManager.chooseServerAlias(ASYM_KEY_ALG, null, null) : idAlias;
            }
            String str = chooseServerAlias;
            KeyPair generateECKeyPair = generateECKeyPair();
            SecretKey generateAESFromECKeys = generateAESFromECKeys(generateECKeyPair.getPrivate(), eCPublicKey);
            byte[] generateIv = generateIv(32);
            Attributes createSecondHandshakeAttributes = createSecondHandshakeAttributes(str, (ECPublicKey) generateECKeyPair.getPublic(), generateIv, bytes);
            AuthSession<T> startInSession = AuthSession.startInSession(host, this.msgSerializer, str, generateECKeyPair, generateAESFromECKeys, generateIv, extractIdFromCertificate, bytes);
            this.allSessions.put(Long.valueOf(j), startInSession);
            this.inSessions.computeIfAbsent(Bytes.of(extractIdFromCertificate), bytes3 -> {
                return new HashMap();
            }).put(Long.valueOf(j), startInSession);
            return createSecondHandshakeAttributes;
        } catch (IOException | NullPointerException | InvalidKeyException | NoSuchAlgorithmException | SignatureException | CertificateException e) {
            logger.debug("In connection attribute validation failed with exception: " + String.valueOf(e));
            throw new InvalidHandshakeAttributesException(attributes, 1, e);
        }
    }

    @Override // pt.unl.fct.di.novasys.network.AttributeValidator
    public Attributes getNthHandshakeAttributes(long j, int i, List<Attributes> list, List<Attributes> list2) throws InvalidHandshakeAttributesException {
        try {
            return (Attributes) this.loop.submit((Callable) () -> {
                return onGetNthHandshakeAttributes(j, i, list, list2);
            }).get();
        } catch (InterruptedException e) {
            throw new InvalidHandshakeAttributesException((Attributes) list.getLast(), 1, e);
        } catch (ExecutionException e2) {
            throw ((InvalidHandshakeAttributesException) e2.getCause());
        }
    }

    public Attributes onGetNthHandshakeAttributes(long j, int i, List<Attributes> list, List<Attributes> list2) throws InvalidHandshakeAttributesException {
        InvalidHandshakeAttributesException invalidHandshakeAttributesException = new InvalidHandshakeAttributesException((Attributes) list.getLast(), i - 1);
        if (!validateAttributes((Attributes) list.getLast())) {
            throw invalidHandshakeAttributesException;
        }
        try {
            switch (i) {
                case 3:
                    logger.trace("Getting 3rd handshake message...");
                    AuthSession<T> authSession = this.allSessions.get(Long.valueOf(j));
                    Attributes attributes = (Attributes) list.getLast();
                    X509Certificate x509Certificate = (X509Certificate) attributes.getObject(CERT_ATTR, X509CertificateSerializer.INSTANCE);
                    Bytes of = Bytes.of(attributes.getBytes("identity"));
                    byte[] bytes = attributes.getBytes("expected_identity");
                    String algorithm = x509Certificate.getPublicKey().getAlgorithm();
                    if (bytes == null) {
                        this.trustManager.checkServerTrusted(new X509Certificate[]{x509Certificate}, algorithm);
                    } else {
                        if (!of.equals(bytes)) {
                            throw new AuthenticationException("Expected peer id %s, but got peerId %s".formatted(Bytes.of(bytes), of));
                        }
                        this.trustManager.checkServerTrusted(new X509Certificate[]{x509Certificate}, bytes, algorithm);
                    }
                    verifyAttrSignature(attributes, x509Certificate.getPublicKey(), x509Certificate.getSigAlgName());
                    if (!verifySignature(x509Certificate, attributes.getBytes(IV_SIG_ATTR), authSession.getMyLastMac())) {
                        throw invalidHandshakeAttributesException;
                    }
                    byte[] bytes2 = attributes.getBytes(IV_ATTR);
                    authSession.completeOutSessionSetup(of.array(), generateAESFromECKeys(authSession.getDhKeyPair().getPrivate(), (ECPublicKey) attributes.getObject(DH_PUB_ATTR, ECPubKeySerializer.INSTANCE)), bytes2);
                    Attributes shallowClone = this.baseAttributes.shallowClone();
                    shallowClone.putBytes(IV_SIG_ATTR, signWithCert(this.keyManager.getCertificateChain(authSession.getMyIdAlias())[0], this.keyManager.getPrivateKey(authSession.getMyIdAlias()), bytes2));
                    return shallowClone;
                case 4:
                    logger.trace("Validating 3rd handshake message...");
                    if (verifySignature((X509Certificate) ((Attributes) list.getFirst()).getObject(CERT_ATTR, X509CertificateSerializer.INSTANCE), ((Attributes) list.getLast()).getBytes(IV_SIG_ATTR), this.allSessions.get(Long.valueOf(j)).getMyLastMac())) {
                        return Attributes.EMPTY;
                    }
                    throw invalidHandshakeAttributesException;
                default:
                    throw invalidHandshakeAttributesException;
            }
        } catch (IOException | NullPointerException | InvalidKeyException | NoSuchAlgorithmException | SignatureException | CertificateException | AuthenticationException e) {
            throw new InvalidHandshakeAttributesException((Attributes) list.getLast(), i - 1, e);
        }
    }

    private boolean verifyAttrSignature(Attributes attributes, PublicKey publicKey, String str) throws NoSuchAlgorithmException, IOException {
        try {
            Attributes shallowClone = attributes.shallowClone();
            shallowClone.remove(ATTRS_SIG_ATTR);
            Signature signature = Signature.getInstance(str, PROVIDER);
            signature.initVerify(publicKey);
            ByteBuf buffer = Unpooled.buffer();
            Attributes.serializer.serialize(shallowClone, buffer);
            signature.update(buffer.array());
            return signature.verify(attributes.getBytes(ATTRS_SIG_ATTR));
        } catch (InvalidKeyException | SignatureException e) {
            return false;
        }
    }

    private boolean verifySignature(X509Certificate x509Certificate, byte[] bArr, byte[] bArr2) throws NoSuchAlgorithmException, InvalidKeyException, SignatureException {
        Signature signature = Signature.getInstance(x509Certificate.getSigAlgName(), PROVIDER);
        signature.initVerify(x509Certificate);
        signature.update(bArr2);
        return signature.verify(bArr);
    }

    protected void onDeliverMessage(AuthenticatedMessage authenticatedMessage, Connection<AuthenticatedMessage> connection) {
        Bytes of = Bytes.of(connection.getPeerAttributes().getBytes("identity"));
        if (of == null) {
            try {
                logger.error("onDeliverMessage error: No identity associated with connection to host {}. Dropping recvd msg: {}", connection.getPeer(), this.msgSerializer.deserialize(Unpooled.wrappedBuffer(authenticatedMessage.getData())));
            } catch (IOException e) {
                logger.error("onDeliverMessage error: No identity associated with connection to host {}", connection.getPeer());
            }
            connection.disconnect();
            return;
        }
        AuthSession<T> authSession = this.allSessions.get(Long.valueOf(connection.getConnectionId()));
        if (authSession == null) {
            try {
                logger.error("onDeliverMessage error: No session with peer {}. Dropping recvd msg: {}", connection.getPeer(), this.msgSerializer.deserialize(Unpooled.wrappedBuffer(authenticatedMessage.getData())));
            } catch (IOException e2) {
                logger.error("onDeliverMessage error: No session with peer {}", connection.getPeer());
            }
            connection.disconnect();
            return;
        }
        Host peerSocket = authSession.getPeerSocket();
        try {
            T receiveMessage = authSession.receiveMessage(authenticatedMessage);
            logger.debug("onDeliverMessage from: {} ({})", peerSocket, of);
            this.listener.deliverMessage(receiveMessage, peerSocket, of.array());
        } catch (IOException | InvalidKeyException | NoSuchAlgorithmException | MessageAuthenticationException e3) {
            logger.error("onDeliverMessage error: Exception on receiving message from {} ({})", peerSocket, of);
            e3.printStackTrace();
        }
    }

    @Override // pt.unl.fct.di.novasys.channel.base.SingleThreadedChannel
    protected void onSendMessage(T t, Host host, int i) {
        Bytes bytes = this.defaultHostIds.get(host);
        if (bytes != null || i > 0) {
            onSendMessage((AuthChannel<T>) t, bytes.array(), i);
            return;
        }
        AuthSession<T> authSession = this.pendingOutSessionsWithoutId.get(host);
        if (authSession == null) {
            logger.debug("onSendMessage ignored: No connection to {}", host);
            this.listener.messageFailed(t, host, new IllegalStateException("No connection to " + String.valueOf(host)));
        } else {
            if (!$assertionsDisabled && authSession.getState() != AuthSession.State.CONNECTING) {
                throw new AssertionError();
            }
            authSession.enqueue(t);
        }
    }

    @Override // pt.unl.fct.di.novasys.channel.base.SingleThreadedChannel
    protected void onCloseConnection(Host host, int i) {
        Bytes bytes = this.defaultHostIds.get(host);
        if (bytes == null) {
            logger.debug("onCloseConnection ignored: No open connection to {}", host);
        } else {
            onCloseConnection(bytes.array(), i);
        }
    }

    @Override // pt.unl.fct.di.novasys.channel.base.SingleThreadedChannel
    protected void onOpenConnection(Host host, int i) {
        Set<Bytes> set = this.hostIds.get(host);
        if (this.pendingOutSessionsWithoutId.containsKey(host) || (set != null && set.stream().anyMatch(bytes -> {
            return this.outSessions.containsKey(bytes);
        }))) {
            logger.debug("onOpenConnection ignored: A default connection for {} already exists", host);
        } else {
            onOpenConnection(host, null, i);
        }
    }

    private AuthSession<T> getSessionToSend(Bytes bytes, int i) {
        if (i != 1) {
            if (i <= 0) {
                return this.outSessions.get(bytes);
            }
            return null;
        }
        Map<Long, AuthSession<T>> map = this.inSessions.get(bytes);
        if (map != null) {
            return map.values().stream().findAny().orElse(null);
        }
        return null;
    }

    private Bytes getPeerId(Connection<?> connection) {
        Attributes peerAttributes = connection.getPeerAttributes();
        byte[] bytes = peerAttributes != null ? peerAttributes.getBytes("identity") : null;
        return Bytes.of(bytes != null ? bytes : connection.getSelfAttributes().getBytes("expected_identity"));
    }

    private void addHostId(Host host, Bytes bytes) {
        this.hostIds.computeIfAbsent(host, host2 -> {
            this.defaultHostIds.put(host, bytes);
            return new HashSet();
        }).add(bytes);
    }

    private void pruneHostId(Host host, Bytes bytes) {
        Set<Bytes> set;
        if (this.outSessions.containsKey(bytes) && host.equals(this.outSessions.get(bytes).getPeerSocket())) {
            return;
        }
        if ((this.inSessions.containsKey(bytes) && this.inSessions.get(bytes).values().stream().anyMatch(authSession -> {
            return authSession.getPeerSocket().equals(host);
        })) || (set = this.hostIds.get(host)) == null) {
            return;
        }
        set.remove(bytes);
        if (bytes.equals(this.defaultHostIds.get(host))) {
            if (set.size() > 0) {
                this.defaultHostIds.put(host, set.iterator().next());
            } else {
                this.defaultHostIds.remove(host);
                this.hostIds.remove(host);
            }
        }
    }

    @Override // pt.unl.fct.di.novasys.channel.secure.SecureSingleThreadedBiChannel
    public void onSendMessage(T t, byte[] bArr, int i) {
        Bytes of = Bytes.of(bArr);
        AuthSession<T> sessionToSend = getSessionToSend(of, i);
        if (sessionToSend == null) {
            logger.debug("onSendMessage: No session with peer {}. Dropping msg: {}", of, t);
            this.listener.messageFailed(t, Optional.empty(), bArr, new IllegalArgumentException("No connection to " + String.valueOf(of)));
            return;
        }
        Host peerSocket = sessionToSend.getPeerSocket();
        logger.debug("onSendMessage: Sending message {} to {} ({})", t, peerSocket, of);
        switch (sessionToSend.getState()) {
            case CONNECTED:
                sendWithListener(sessionToSend, t, peerSocket, bArr);
                return;
            case CONNECTING:
                sessionToSend.getMsgQueue().add(t);
                return;
            case DISCONNECTING:
                this.listener.messageFailed(t, Optional.of(peerSocket), bArr, new IllegalStateException("Channel state was DISCONNECTING"));
                return;
            default:
                return;
        }
    }

    private void sendWithListener(AuthSession<T> authSession, T t, Host host, byte[] bArr) {
        Promise<Void> newPromise = this.loop.newPromise();
        newPromise.addListener2(future -> {
            if (future.isSuccess()) {
                this.listener.messageSent(t, host, bArr);
            } else {
                if (future.isSuccess()) {
                    return;
                }
                this.listener.messageFailed(t, Optional.of(host), bArr, future.cause());
            }
        });
        try {
            authSession.macAndSend(t, newPromise);
        } catch (IOException | InvalidKeyException | NoSuchAlgorithmException e) {
            logger.warn("Message MAC failed.");
            this.listener.messageFailed(t, Optional.of(host), bArr, e);
        }
    }

    @Override // pt.unl.fct.di.novasys.channel.secure.SecureSingleThreadedBiChannel
    public void onCloseConnection(byte[] bArr, int i) {
        Bytes of = Bytes.of(bArr);
        AuthSession<T> authSession = this.outSessions.get(of);
        if (authSession == null) {
            logger.debug("onCloseConnection ignored: No out connection to {}", of);
            return;
        }
        logger.debug("onCloseConnection: {} ({})", authSession.getPeerSocket(), of);
        authSession.disconect();
        this.outSessions.remove(of);
        this.allSessions.remove(Long.valueOf(authSession.getConnectionId()));
        pruneHostId(authSession.getPeerSocket(), of);
    }

    @Override // pt.unl.fct.di.novasys.channel.secure.SecureSingleThreadedBiChannel
    public void onOpenConnection(Host host, byte[] bArr, int i) {
        try {
            Bytes of = Bytes.of(bArr);
            if (this.outSessions.containsKey(of)) {
                logger.debug("onOpenConnection ignored: Repeated connection to {} ({})", host, of);
                return;
            }
            logger.debug("onOpenConnection opening session to: {} ({})", host, bArr);
            AuthSession<T> createOutSession = createOutSession(host, Optional.ofNullable(bArr));
            if (bArr == null) {
                this.pendingOutSessionsWithoutId.put(host, createOutSession);
            } else {
                this.outSessions.put(of, createOutSession);
                addHostId(host, of);
            }
        } catch (IOException | InvalidAlgorithmParameterException | InvalidKeyException | SignatureException | CertificateEncodingException e) {
            e.printStackTrace();
            onOutboundConnectionFailed(null, e);
        }
    }

    @Override // pt.unl.fct.di.novasys.channel.base.SingleThreadedBiChannel
    protected void onInboundConnectionUp(Connection<AuthenticatedMessage> connection) {
        AuthSession<T> authSession = this.allSessions.get(Long.valueOf(connection.getConnectionId()));
        if (authSession == null) {
            logger.warn("InboundConnectionUp with no prepared session.");
            connection.disconnect();
        }
        authSession.completeInSessionSetup(connection);
        authSession.setState(AuthSession.State.CONNECTED);
        Host peerSocket = authSession.getPeerSocket();
        Bytes of = Bytes.of(authSession.getPeerId());
        logger.debug("InboundConnectionUp with {} ({})", peerSocket, of);
        addHostId(peerSocket, of);
        this.listener.deliverEvent(new SecureInConnectionUp(peerSocket, authSession.getPeerId()));
    }

    @Override // pt.unl.fct.di.novasys.channel.base.SingleThreadedBiChannel
    protected void onInboundConnectionDown(Connection<AuthenticatedMessage> connection, Throwable th) {
        Host peer;
        Bytes peerId = getPeerId(connection);
        try {
            peer = connection.getPeerAttributes().getHost("listen_address");
        } catch (IOException e) {
            peer = connection.getPeer();
        }
        logger.debug("Inbound connection down with {} ({})", peer, peerId);
        this.inSessions.remove(peerId);
        this.allSessions.remove(Long.valueOf(connection.getConnectionId()));
        pruneHostId(peer, peerId);
        this.listener.deliverEvent(new SecureInConnectionDown(peer, peerId, th));
    }

    @Override // pt.unl.fct.di.novasys.channel.base.SingleThreadedBiChannel
    protected void onServerSocketBind(boolean z, Throwable th) {
        if (z) {
            logger.debug("Server socket ready");
        } else {
            logger.error("Server socket bind failed: {}", th);
        }
    }

    @Override // pt.unl.fct.di.novasys.channel.base.SingleThreadedBiChannel
    protected void onServerSocketClose(boolean z, Throwable th) {
        if (z) {
            logger.debug("Server socket closed.");
        } else {
            logger.error("Server socket closed. Cause: {}", th);
        }
    }

    @Override // pt.unl.fct.di.novasys.channel.base.SingleThreadedBiChannel
    protected void onOutboundConnectionUp(Connection<AuthenticatedMessage> connection) {
        AuthSession<T> authSession = this.allSessions.get(Long.valueOf(connection.getConnectionId()));
        if (authSession == null) {
            logger.warn("OutboundConnectionUp with no prepared session.");
            connection.disconnect();
            return;
        }
        Host peerSocket = authSession.getPeerSocket();
        Bytes of = Bytes.of(authSession.getPeerId());
        logger.debug("OutboundConnectionUp with {} ({})", peerSocket, of);
        if (!this.outSessions.containsKey(of)) {
            this.pendingOutSessionsWithoutId.remove(peerSocket);
            this.outSessions.put(of, authSession);
            addHostId(peerSocket, of);
        }
        Queue<T> msgQueue = authSession.getMsgQueue();
        while (!msgQueue.isEmpty()) {
            sendWithListener(authSession, msgQueue.remove(), peerSocket, of.array());
        }
        authSession.setState(AuthSession.State.CONNECTED);
        this.listener.deliverEvent(new SecureOutConnectionUp(peerSocket, of));
    }

    @Override // pt.unl.fct.di.novasys.channel.base.SingleThreadedBiChannel
    protected void onOutboundConnectionDown(Connection<AuthenticatedMessage> connection, Throwable th) {
        Bytes peerId = getPeerId(connection);
        logger.debug("OutboundConnectionDown with {} ({}).{}", connection.getPeer(), peerId, th == null ? "" : "\nCause: " + String.valueOf(th));
        this.outSessions.remove(peerId);
        AuthSession<T> remove = this.allSessions.remove(Long.valueOf(connection.getConnectionId()));
        if (remove == null) {
            return;
        }
        if (remove.getState() == AuthSession.State.CONNECTING) {
            throw new AssertionError("ConnectionDown in CONNECTING session state: " + String.valueOf(connection));
        }
        Host peer = connection.getPeer();
        pruneHostId(peer, peerId);
        this.listener.deliverEvent(new SecureOutConnectionDown(peer, peerId, th));
    }

    @Override // pt.unl.fct.di.novasys.channel.base.SingleThreadedBiChannel
    protected void onOutboundConnectionFailed(Connection<AuthenticatedMessage> connection, Throwable th) {
        AuthSession<T> remove = this.allSessions.remove(Long.valueOf(connection.getConnectionId()));
        if (remove == null) {
            logger.debug("OutboundConnectionFailed to {}.{}", connection.getPeer(), th == null ? "" : "\nCause: " + String.valueOf(th));
            this.listener.deliverEvent(new SecureOutConnectionFailed(connection.getPeer(), new byte[0], new LinkedList(), th));
            return;
        }
        Host peerSocket = remove.getPeerSocket();
        byte[] peerId = remove.getPeerId();
        byte[] bArr = peerId != null ? peerId : new byte[0];
        Bytes of = Bytes.of(bArr);
        logger.debug("OutboundConnectionFailed to {} ({}).{}", peerSocket, of, th == null ? "" : "\nCause: " + String.valueOf(th));
        if (this.outSessions.remove(of) == null) {
            this.pendingOutSessionsWithoutId.remove(peerSocket);
        }
        this.listener.deliverEvent(new SecureOutConnectionFailed(peerSocket, bArr, remove.getMsgQueue(), th));
    }

    @Override // pt.unl.fct.di.novasys.channel.base.SingleThreadedChannel
    protected /* bridge */ /* synthetic */ void onDeliverMessage(Object obj, Connection connection) {
        onDeliverMessage((AuthenticatedMessage) obj, (Connection<AuthenticatedMessage>) connection);
    }

    static {
        $assertionsDisabled = !AuthChannel.class.desiredAssertionStatus();
        logger = LogManager.getLogger((Class<?>) AuthChannel.class);
        PROVIDER = new BouncyCastleProvider();
    }
}
