package tuwien.auto.calimero.device;

import java.io.ByteArrayOutputStream;
import java.nio.ByteBuffer;
import java.util.Arrays;
import java.util.Collections;
import java.util.LinkedHashMap;
import java.util.Map;
import java.util.Objects;
import java.util.Optional;
import java.util.Set;
import java.util.concurrent.ThreadLocalRandom;
import java.util.function.IntUnaryOperator;
import org.slf4j.Logger;
import tuwien.auto.calimero.GroupAddress;
import tuwien.auto.calimero.IndividualAddress;
import tuwien.auto.calimero.KNXAddress;
import tuwien.auto.calimero.KNXIllegalArgumentException;
import tuwien.auto.calimero.ReturnCode;
import tuwien.auto.calimero.device.ios.DeviceObject;
import tuwien.auto.calimero.device.ios.InterfaceObjectServer;
import tuwien.auto.calimero.device.ios.KnxPropertyException;
import tuwien.auto.calimero.device.ios.SecurityObject;
import tuwien.auto.calimero.log.LogService;
import tuwien.auto.calimero.mgmt.SecureManagement;
import tuwien.auto.calimero.mgmt.TransportLayer;
import tuwien.auto.calimero.mgmt.TransportLayerImpl;
import tuwien.auto.calimero.secure.KnxSecureException;
import tuwien.auto.calimero.secure.Security;
import tuwien.auto.calimero.secure.SecurityControl;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: input_file:tuwien/auto/calimero/device/DeviceSecureApplicationLayer.class */
public final class DeviceSecureApplicationLayer extends SecureManagement {
    private static final int SeqSize = 6;
    private static final int KeySize = 16;
    private static final String secureSymbol;
    private final InterfaceObjectServer ios;
    private final SecurityObject securityObject;
    private final Logger logger;
    private final Set<byte[]> lastFailures;
    static final /* synthetic */ boolean $assertionsDisabled;

    /* JADX INFO: Access modifiers changed from: package-private */
    public DeviceSecureApplicationLayer(BaseKnxDevice baseKnxDevice) {
        this(baseKnxDevice.transportLayer(), baseKnxDevice.getInterfaceObjectServer());
    }

    private DeviceSecureApplicationLayer(TransportLayer transportLayer, InterfaceObjectServer interfaceObjectServer) {
        this(transportLayer, interfaceObjectServer, (SecurityObject) interfaceObjectServer.lookup(17, 1));
    }

    private DeviceSecureApplicationLayer(TransportLayer transportLayer, InterfaceObjectServer interfaceObjectServer, SecurityObject securityObject) {
        super((TransportLayerImpl) transportLayer, DeviceObject.lookup(interfaceObjectServer).serialNumber(), unsigned(securityObject.get(59)), Map.of());
        this.lastFailures = Collections.newSetFromMap(new LinkedHashMap<byte[], Boolean>() { // from class: tuwien.auto.calimero.device.DeviceSecureApplicationLayer.1
            @Override // java.util.LinkedHashMap
            protected boolean removeEldestEntry(Map.Entry<byte[], Boolean> entry) {
                return size() > 10;
            }
        });
        this.ios = interfaceObjectServer;
        this.securityObject = securityObject;
        this.logger = LogService.getLogger("calimero.device." + secureSymbol + "-AL " + DeviceObject.lookup(interfaceObjectServer).description());
        long j = 0;
        try {
            j = unsigned(securityObject.get(SecurityObject.Pid.ToolSequenceNumberSending));
        } catch (KnxPropertyException e) {
        }
        if (j <= 1) {
            resetToolAccessSequence();
        } else {
            updateSequenceNumber(true, j);
        }
        ByteBuffer wrap = ByteBuffer.wrap(securityObject.get(55));
        initFailureCounter(1, wrap.getShort() & 65535);
        initFailureCounter(2, wrap.getShort() & 65535);
        initFailureCounter(3, wrap.getShort() & 65535);
        initFailureCounter(4, wrap.getShort() & 65535);
        while (wrap.hasRemaining()) {
            byte[] bArr = new byte[12];
            wrap.get(bArr);
            this.lastFailures.add(bArr);
        }
        Security.defaultInstallation().groupKeys().forEach(this::tryAddSecuredGroupAddress);
    }

    @Override // tuwien.auto.calimero.mgmt.SecureManagement, tuwien.auto.calimero.secure.SecureApplicationLayer, java.lang.AutoCloseable
    public void close() {
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        byteArrayOutputStream.writeBytes(failureCountersArray());
        Set<byte[]> set = this.lastFailures;
        Objects.requireNonNull(byteArrayOutputStream);
        set.forEach(byteArrayOutputStream::writeBytes);
        this.securityObject.set(55, byteArrayOutputStream.toByteArray());
    }

    @Override // tuwien.auto.calimero.secure.SecureApplicationLayer
    protected byte[] toolKey(IndividualAddress individualAddress) {
        return this.securityObject.get(56);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // tuwien.auto.calimero.secure.SecureApplicationLayer
    public void updateSequenceNumber(boolean z, long j) {
        super.updateSequenceNumber(z, j);
        if (z) {
            this.securityObject.set(SecurityObject.Pid.ToolSequenceNumberSending, sixBytes(j).array());
        } else {
            this.securityObject.set(59, sixBytes(j).array());
        }
    }

    @Override // tuwien.auto.calimero.secure.SecureApplicationLayer
    protected byte[] securityKey(KNXAddress kNXAddress) {
        if (!(kNXAddress instanceof IndividualAddress)) {
            return groupKey(groupAddressIndex((GroupAddress) kNXAddress).orElseThrow(() -> {
                return new KnxSecureException("no group key for " + kNXAddress);
            }).intValue());
        }
        int indAddressIndex = indAddressIndex((IndividualAddress) kNXAddress);
        if (indAddressIndex > 0) {
            return p2pKey(indAddressIndex);
        }
        return null;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // tuwien.auto.calimero.secure.SecureApplicationLayer
    public void updateLastValidSequence(boolean z, IndividualAddress individualAddress, long j) {
        if (z) {
            super.updateLastValidSequence(z, individualAddress, j);
            return;
        }
        int binarySearch = binarySearch(this.securityObject.get(54), 8, 0, 2, individualAddress.getRawAddress());
        if (binarySearch >= 0) {
            this.securityObject.set(54, binarySearch + 1, 1, ByteBuffer.allocate(8).put(individualAddress.toByteArray()).put(sixBytes(j)).array());
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // tuwien.auto.calimero.secure.SecureApplicationLayer
    public long lastValidSequenceNumber(boolean z, IndividualAddress individualAddress) {
        if (z) {
            return super.lastValidSequenceNumber(z, individualAddress);
        }
        byte[] bArr = this.securityObject.get(54);
        int binarySearch = binarySearch(bArr, 8, 0, 2, individualAddress.getRawAddress());
        if (binarySearch < 0) {
            return 0L;
        }
        int i = (binarySearch * 8) + 2;
        return unsigned(Arrays.copyOfRange(bArr, i, i + 6));
    }

    @Override // tuwien.auto.calimero.secure.SecureApplicationLayer
    protected boolean checkAccess(KNXAddress kNXAddress, int i, SecurityControl securityControl) {
        if ((!(kNXAddress instanceof GroupAddress) || i != 0) && i != 128) {
            return AccessPolicies.checkServiceAccess(i, isSecurityModeEnabled(), securityControl);
        }
        int groupObjectSecurity = groupObjectSecurity((GroupAddress) kNXAddress);
        SecurityControl of = SecurityControl.of((groupObjectSecurity & 2) == 2 ? SecurityControl.DataSecurity.AuthConf : (groupObjectSecurity & 1) == 1 ? SecurityControl.DataSecurity.Auth : SecurityControl.DataSecurity.None, false);
        if (securityControl.equals(of)) {
            return true;
        }
        this.logger.warn("group object {} security mismatch: requested {} but requires {}, ignore", new Object[]{kNXAddress, securityControl, of});
        return false;
    }

    @Override // tuwien.auto.calimero.secure.SecureApplicationLayer
    protected int groupObjectSecurity(GroupAddress groupAddress) {
        try {
            return ((Integer) groupAddressIndex(groupAddress).flatMap((v1) -> {
                return groupObjectIndex(v1);
            }).map((v1) -> {
                return groupObjectSecurity(v1);
            }).orElse(0)).intValue();
        } catch (KnxPropertyException e) {
            return 0;
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // tuwien.auto.calimero.secure.SecureApplicationLayer
    public void securityFailure(int i, IntUnaryOperator intUnaryOperator, IndividualAddress individualAddress, KNXAddress kNXAddress, int i2, long j) {
        super.securityFailure(i, intUnaryOperator, individualAddress, kNXAddress, i2, j);
        if (individualAddress == null) {
            return;
        }
        this.lastFailures.add(ByteBuffer.allocate(12).put(individualAddress.toByteArray()).put(kNXAddress.toByteArray()).put((byte) i2).put(sixBytes(j)).put((byte) i).array());
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public boolean isSecurityModeEnabled() {
        return this.securityObject.get(51, 1, 1)[0] == 1;
    }

    void setSecurityMode(boolean z) {
        SecurityObject securityObject = this.securityObject;
        byte[] bArr = new byte[1];
        bArr[0] = (byte) (z ? 1 : 0);
        securityObject.set(51, bArr);
        this.logger.info("security mode {}", z ? "enabled" : "disabled");
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public ServiceResult<byte[]> securityMode(boolean z, byte[] bArr) {
        int i = bArr[1] & 255;
        if (i != 0) {
            return ServiceResult.error(ReturnCode.InvalidCommand);
        }
        if (z && bArr.length == 3) {
            int i2 = bArr[2] & 255;
            if (i2 > 1) {
                return ServiceResult.error(ReturnCode.DataVoid);
            }
            setSecurityMode(i2 == 1);
            return new ServiceResult<>((byte) i);
        }
        if (z || bArr.length != 2) {
            return ServiceResult.error(ReturnCode.Error);
        }
        byte[] bArr2 = new byte[2];
        bArr2[0] = (byte) i;
        bArr2[1] = (byte) (isSecurityModeEnabled() ? 1 : 0);
        return new ServiceResult<>(bArr2);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public ServiceResult<byte[]> securityFailuresLog(boolean z, byte[] bArr) {
        if (bArr.length != 3) {
            return ServiceResult.error(ReturnCode.DataVoid);
        }
        int i = bArr[1] & 255;
        int i2 = bArr[2] & 255;
        if (!z) {
            if (i == 0 && i2 == 0) {
                return ServiceResult.of(ByteBuffer.allocate(10).put((byte) i).put((byte) i2).put(failureCountersArray()).array());
            }
            if (i == 1) {
                int i3 = 0;
                for (byte[] bArr2 : this.lastFailures) {
                    int i4 = i3;
                    i3++;
                    if (i4 == i2) {
                        return ServiceResult.of(ByteBuffer.allocate(2 + bArr2.length).put((byte) i).put((byte) i2).put(bArr2).array());
                    }
                }
                return ServiceResult.of(ReturnCode.DataVoid, (byte) i);
            }
        } else if (i == 0 && i2 == 0) {
            clearFailureLog();
            return new ServiceResult<>((byte) i);
        }
        return ServiceResult.error(ReturnCode.InvalidCommand);
    }

    void factoryReset() {
        resetToolAccessSequence();
        clearFailureLog();
    }

    private void initFailureCounter(int i, int i2) {
        securityFailure(i, i3 -> {
            return i2;
        }, null, null, 0, 0L);
    }

    private byte[] failureCountersArray() {
        return ByteBuffer.allocate(8).putShort((short) failureCounter(1)).putShort((short) failureCounter(2)).putShort((short) failureCounter(3)).putShort((short) failureCounter(4)).array();
    }

    private void clearFailureLog() {
        initFailureCounter(1, 0);
        initFailureCounter(2, 0);
        initFailureCounter(3, 0);
        initFailureCounter(4, 0);
        this.lastFailures.clear();
    }

    private void resetToolAccessSequence() {
        long j = 0;
        try {
            j = DeviceObject.lookup(this.ios).downloadCounter();
        } catch (KnxPropertyException e) {
        }
        updateSequenceNumber(true, (j * 20) + ThreadLocalRandom.current().nextInt(20) + 2);
    }

    private void addSecureLink(IndividualAddress individualAddress, long j) {
        byte[] bArr = this.securityObject.get(54);
        int rawAddress = individualAddress.getRawAddress();
        int binarySearch = binarySearch(bArr, 8, 0, 2, rawAddress);
        this.securityObject.set(54, binarySearch < 0 ? -binarySearch : binarySearch + 1, 1, ByteBuffer.allocate(8).putShort((short) rawAddress).put(sixBytes(j)).array());
    }

    private void tryAddSecuredGroupAddress(GroupAddress groupAddress, byte[] bArr) {
        try {
            addSecuredGroupAddress(groupAddress, bArr);
        } catch (KnxSecureException e) {
        }
    }

    private void addSecuredGroupAddress(GroupAddress groupAddress, byte[] bArr) {
        if (bArr.length != 0 && bArr.length != 16) {
            throw new KNXIllegalArgumentException("group key with invalid length " + bArr.length);
        }
        int intValue = groupAddressIndex(groupAddress).orElseThrow(() -> {
            return new KnxSecureException(groupAddress + " not in address table");
        }).intValue();
        int binarySearch = binarySearch(this.securityObject.get(53), 18, 0, 2, intValue);
        this.securityObject.set(53, binarySearch < 0 ? -binarySearch : binarySearch + 1, 1, ByteBuffer.allocate(18).putShort((short) intValue).put(bArr).array());
    }

    private int indAddressIndex(IndividualAddress individualAddress) {
        return 1 + binarySearch(this.securityObject.get(54), 8, 0, 2, individualAddress.getRawAddress());
    }

    private Optional<Integer> groupAddressIndex(GroupAddress groupAddress) {
        return KnxDeviceServiceLogic.groupAddressIndex(this.ios, groupAddress);
    }

    private Optional<Integer> groupObjectIndex(int i) {
        return KnxDeviceServiceLogic.groupObjectIndex(this.ios, i);
    }

    private byte[] p2pKey(int i) {
        return lookupKey(52, i, 20);
    }

    private byte[] groupKey(int i) {
        return lookupKey(53, i, 18);
    }

    private byte[] lookupKey(int i, int i2, int i3) {
        byte[] bArr;
        int binarySearch;
        if (!this.securityObject.isLoaded() || (binarySearch = binarySearch((bArr = this.securityObject.get(i)), i3, 0, 2, i2)) < 0) {
            return null;
        }
        int i4 = (binarySearch * i3) + 2;
        return Arrays.copyOfRange(bArr, i4, i4 + 16);
    }

    private int groupObjectSecurity(int i) {
        return this.securityObject.get(61, i, 1)[0] & 255;
    }

    static int binarySearch(byte[] bArr, int i, int i2, int i3, long j) {
        if (!$assertionsDisabled && i < i2 + i3) {
            throw new AssertionError();
        }
        if (!$assertionsDisabled && bArr.length % i != 0) {
            throw new AssertionError();
        }
        int i4 = 0;
        int length = (bArr.length / i) - 1;
        while (i4 <= length) {
            int i5 = (i4 + length) >>> 1;
            int i6 = (i5 * i) + i2;
            long unsigned = unsigned(Arrays.copyOfRange(bArr, i6, i6 + i3)) - j;
            if (unsigned < 0) {
                i4 = i5 + 1;
            } else {
                if (unsigned <= 0) {
                    return i5;
                }
                length = i5 - 1;
            }
        }
        return -(i4 + 1);
    }

    private static long unsigned(byte[] bArr) {
        long j = 0;
        for (byte b : bArr) {
            j = (j << 8) + (b & 255);
        }
        return j;
    }

    private static ByteBuffer sixBytes(long j) {
        return ByteBuffer.allocate(6).putShort((short) (j >> 32)).putInt((int) j).flip();
    }

    static {
        $assertionsDisabled = !DeviceSecureApplicationLayer.class.desiredAssertionStatus();
        secureSymbol = new String(Character.toChars(128274));
    }
}
