package tuwien.auto.calimero.knxnetip;

import java.io.IOException;
import java.net.InetAddress;
import java.net.InetSocketAddress;
import java.net.NetworkInterface;
import java.net.SocketException;
import java.net.StandardSocketOptions;
import java.nio.ByteBuffer;
import java.security.Key;
import java.time.Duration;
import java.util.Arrays;
import java.util.Objects;
import java.util.concurrent.CancellationException;
import java.util.concurrent.CompletableFuture;
import java.util.concurrent.Future;
import java.util.concurrent.ScheduledThreadPoolExecutor;
import java.util.concurrent.ThreadLocalRandom;
import java.util.concurrent.TimeUnit;
import java.util.concurrent.atomic.AtomicInteger;
import java.util.stream.Stream;
import org.slf4j.Logger;
import tuwien.auto.calimero.DataUnitBuilder;
import tuwien.auto.calimero.KNXException;
import tuwien.auto.calimero.KNXFormatException;
import tuwien.auto.calimero.KNXIllegalArgumentException;
import tuwien.auto.calimero.SerialNumber;
import tuwien.auto.calimero.knxnetip.servicetype.KNXnetIPHeader;
import tuwien.auto.calimero.log.LogService;
import tuwien.auto.calimero.secure.KnxSecureException;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: input_file:tuwien/auto/calimero/knxnetip/SecureRouting.class */
public final class SecureRouting extends KNXnetIPRouting {
    private static final int SecureGroupSync = 2389;
    private final SerialNumber sno;
    private final Key secretKey;
    private final int mcastLatencyTolerance;
    private final int syncLatencyTolerance;
    private final AtomicInteger routingCount;
    private long timestampOffset;
    private volatile boolean syncedWithGroup;
    private volatile int sentGroupSyncTag;
    private static final int syncQueryInterval = 10000;
    private static final int minDelayTimeKeeperUpdateNotify = 100;
    private int minDelayUpdateNotify;
    private int maxDelayUpdateNotify;
    private int minDelayPeriodicNotify;
    private int maxDelayPeriodicNotify;
    private volatile boolean periodicSchedule;
    private SerialNumber timerNotifySN;
    private int timerNotifyTag;
    private Future<?> groupSync;
    private static final ScheduledThreadPoolExecutor groupSyncSender = new ScheduledThreadPoolExecutor(1, runnable -> {
        Thread thread = new Thread(runnable);
        thread.setName("KNX/IP secure group sync");
        thread.setDaemon(true);
        return thread;
    });

    /* JADX INFO: Access modifiers changed from: package-private */
    public SecureRouting(NetworkInterface networkInterface, InetAddress inetAddress, byte[] bArr, Duration duration) throws KNXException {
        super(inetAddress);
        this.routingCount = new AtomicInteger();
        this.timestampOffset = (-System.nanoTime()) / 1000000;
        this.periodicSchedule = true;
        this.groupSync = CompletableFuture.completedFuture(Void.TYPE);
        this.sno = deriveSerialNumber(networkInterface);
        this.secretKey = SecureConnection.createSecretKey(bArr);
        this.mcastLatencyTolerance = (int) duration.toMillis();
        this.syncLatencyTolerance = this.mcastLatencyTolerance / 10;
        init(networkInterface, true, true);
        scheduleGroupSync(0L);
        try {
            awaitGroupSync();
        } catch (InterruptedException e) {
            Thread.currentThread().interrupt();
        }
    }

    private static SerialNumber deriveSerialNumber(NetworkInterface networkInterface) {
        if (networkInterface != null) {
            try {
                byte[] hardwareAddress = networkInterface.getHardwareAddress();
                if (hardwareAddress != null) {
                    return SerialNumber.from(Arrays.copyOf(hardwareAddress, 6));
                }
            } catch (SocketException e) {
            }
        }
        return SerialNumber.Zero;
    }

    @Override // tuwien.auto.calimero.knxnetip.KNXnetIPRouting, tuwien.auto.calimero.knxnetip.ConnectionBase, tuwien.auto.calimero.Connection
    public String name() {
        return "KNX/IP " + SecureConnection.secureSymbol + " Routing " + this.ctrlEndpt.getAddress().getHostAddress();
    }

    @Override // tuwien.auto.calimero.knxnetip.ConnectionBase
    public String toString() {
        return name();
    }

    @Override // tuwien.auto.calimero.knxnetip.KNXnetIPRouting, tuwien.auto.calimero.knxnetip.ConnectionBase
    protected void send(byte[] bArr, InetSocketAddress inetSocketAddress) throws IOException {
        channel().send(ByteBuffer.wrap(newSecurePacket(timestamp(), this.routingCount.getAndIncrement() % 65536, bArr)), inetSocketAddress);
        scheduleGroupSync(periodicNotifyDelay());
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // tuwien.auto.calimero.knxnetip.KNXnetIPRouting, tuwien.auto.calimero.knxnetip.ConnectionBase
    public boolean handleServiceType(KNXnetIPHeader kNXnetIPHeader, byte[] bArr, int i, InetAddress inetAddress, int i2) throws KNXFormatException, IOException {
        int serviceType = kNXnetIPHeader.getServiceType();
        if (!kNXnetIPHeader.isSecure()) {
            this.logger.trace("received insecure service type 0x{} - ignore", Integer.toHexString(serviceType));
            return true;
        }
        if (serviceType == SecureGroupSync) {
            try {
                Object[] newGroupSync = newGroupSync(kNXnetIPHeader, bArr, i);
                onGroupSync(inetAddress, ((Long) newGroupSync[0]).longValue(), true, (SerialNumber) newGroupSync[1], ((Integer) newGroupSync[2]).intValue());
                return true;
            } catch (KnxSecureException e) {
                this.logger.debug("group sync {}", e.getMessage());
                return true;
            }
        }
        if (serviceType != 2384) {
            this.logger.warn("received unsupported secure service type 0x{} - ignore", Integer.toHexString(serviceType));
            return true;
        }
        Object[] unwrap = unwrap(kNXnetIPHeader, bArr, i);
        long longValue = ((Long) unwrap[1]).longValue();
        if (withinTolerance(inetAddress, longValue, (SerialNumber) unwrap[2], ((Integer) unwrap[3]).intValue())) {
            byte[] bArr2 = (byte[]) unwrap[4];
            KNXnetIPHeader kNXnetIPHeader2 = new KNXnetIPHeader(bArr2, 0);
            return super.handleServiceType(kNXnetIPHeader2, bArr2, kNXnetIPHeader2.getStructLength(), inetAddress, i2);
        }
        this.logger.warn("{} timestamp {} outside latency tolerance of {} ms (local {}) - ignore", new Object[]{Net.hostPort(new InetSocketAddress(inetAddress, i2)), Long.valueOf(longValue), Integer.valueOf(this.mcastLatencyTolerance), Long.valueOf(timestamp())});
        return true;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // tuwien.auto.calimero.knxnetip.KNXnetIPRouting, tuwien.auto.calimero.knxnetip.ConnectionBase
    public void close(int i, String str, LogService.LogLevel logLevel, Throwable th) {
        this.groupSync.cancel(true);
        super.close(i, str, logLevel, th);
    }

    private boolean withinTolerance(InetAddress inetAddress, long j, SerialNumber serialNumber, int i) {
        onGroupSync(inetAddress, j, false, serialNumber, i);
        return timestamp() - j <= ((long) this.mcastLatencyTolerance);
    }

    private void onGroupSync(InetAddress inetAddress, long j, boolean z, SerialNumber serialNumber, int i) {
        long timestamp = timestamp();
        if (j > timestamp) {
            this.logger.debug("sync timestamp +{} ms", Long.valueOf(j - timestamp));
            this.timestampOffset += j - timestamp;
            syncedWithGroup(z, serialNumber, i);
        } else {
            if (j > timestamp - this.syncLatencyTolerance) {
                if (i == this.sentGroupSyncTag && isLocalIpAddress(inetAddress)) {
                    return;
                }
                syncedWithGroup(z, serialNumber, i);
                return;
            }
            if (j > timestamp - this.mcastLatencyTolerance || !this.periodicSchedule) {
                return;
            }
            this.timerNotifySN = serialNumber;
            this.timerNotifyTag = i;
            this.periodicSchedule = false;
            scheduleGroupSync(randomClosedRange(this.minDelayUpdateNotify, this.maxDelayUpdateNotify));
        }
    }

    private synchronized void becomeTimeFollower() {
        int i = minDelayTimeKeeperUpdateNotify + (1 * this.syncLatencyTolerance);
        int i2 = syncQueryInterval + (3 * this.syncLatencyTolerance);
        int i3 = i + (1 * this.syncLatencyTolerance);
        int i4 = i3 + (10 * this.syncLatencyTolerance);
        int i5 = i2 + (1 * this.syncLatencyTolerance);
        int i6 = i5 + (10 * this.syncLatencyTolerance);
        this.minDelayUpdateNotify = i3;
        this.maxDelayUpdateNotify = i4;
        this.minDelayPeriodicNotify = i5;
        this.maxDelayPeriodicNotify = i6;
    }

    private synchronized void becomeTimeKeeper() {
        int i = minDelayTimeKeeperUpdateNotify + (1 * this.syncLatencyTolerance);
        int i2 = syncQueryInterval + (3 * this.syncLatencyTolerance);
        this.minDelayUpdateNotify = minDelayTimeKeeperUpdateNotify;
        this.maxDelayUpdateNotify = i;
        this.minDelayPeriodicNotify = syncQueryInterval;
        this.maxDelayPeriodicNotify = i2;
    }

    private void syncedWithGroup(boolean z, SerialNumber serialNumber, int i) {
        if (z) {
            becomeTimeFollower();
        }
        scheduleGroupSync(periodicNotifyDelay());
        if (!this.syncedWithGroup && i == this.sentGroupSyncTag && this.sno.equals(serialNumber)) {
            this.logger.info("synchronized with group {}", getRemoteAddress().getAddress().getHostAddress());
            this.syncedWithGroup = true;
            synchronized (this) {
                notifyAll();
            }
        }
    }

    private void awaitGroupSync() throws InterruptedException {
        long j;
        long j2 = (2 * this.mcastLatencyTolerance) + minDelayTimeKeeperUpdateNotify + (12 * this.syncLatencyTolerance);
        long nanoTime = (System.nanoTime() / 1000000) + j2;
        long j3 = j2;
        while (true) {
            j = j3;
            if (j <= 0 || this.syncedWithGroup) {
                break;
            }
            synchronized (this) {
                wait(j);
            }
            j3 = nanoTime - (System.nanoTime() / 1000000);
        }
        this.syncedWithGroup = true;
        this.logger.trace("waited {} ms for group sync", Long.valueOf(j2 - j));
    }

    private boolean isLocalIpAddress(InetAddress inetAddress) {
        Stream empty = Stream.empty();
        if (inetAddress.equals(((InetSocketAddress) channel().getLocalAddress()).getAddress())) {
            return true;
        }
        NetworkInterface networkInterface = (NetworkInterface) channel().getOption(StandardSocketOptions.IP_MULTICAST_IF);
        empty = networkInterface == null || networkInterface.getInetAddresses().nextElement().isAnyLocalAddress() ? NetworkInterface.networkInterfaces() : Stream.of(networkInterface);
        Stream flatMap = empty.flatMap(networkInterface2 -> {
            return networkInterface2.inetAddresses();
        });
        Objects.requireNonNull(inetAddress);
        return flatMap.anyMatch((v1) -> {
            return r1.equals(v1);
        });
    }

    private void scheduleGroupSync(long j) {
        this.logger.trace("schedule group sync (initial delay {} ms)", Long.valueOf(j));
        this.groupSync.cancel(true);
        this.groupSync = groupSyncSender.scheduleWithFixedDelay(this::sendGroupSync, j, 10000L, TimeUnit.MILLISECONDS);
    }

    private void sendGroupSync() {
        try {
            long timestamp = timestamp();
            byte[] newGroupSync = newGroupSync(timestamp);
            Logger logger = this.logger;
            Object[] objArr = new Object[3];
            objArr[0] = Long.valueOf(timestamp);
            objArr[1] = this.periodicSchedule ? this.sno : this.timerNotifySN;
            objArr[2] = Integer.valueOf(this.periodicSchedule ? this.sentGroupSyncTag : this.timerNotifyTag);
            logger.debug("sending group sync timestamp {} ms (S/N {}, tag {})", objArr);
            becomeTimeKeeper();
            scheduleGroupSync(periodicNotifyDelay());
            channel().send(ByteBuffer.wrap(newGroupSync), this.dataEndpt);
        } catch (IOException | RuntimeException e) {
            if (channel().isOpen()) {
                this.logger.warn("sending group sync failed", e);
            } else {
                this.groupSync.cancel(true);
                throw new CancellationException("stop group sync for " + this);
            }
        }
    }

    private long timestamp() {
        return (System.nanoTime() / 1000000) + this.timestampOffset;
    }

    private synchronized int periodicNotifyDelay() {
        this.periodicSchedule = true;
        return randomClosedRange(this.minDelayPeriodicNotify, this.maxDelayPeriodicNotify);
    }

    private static int randomClosedRange(int i, int i2) {
        return ThreadLocalRandom.current().nextInt(i, i2 + 1);
    }

    private byte[] newSecurePacket(long j, int i, byte[] bArr) {
        return SecureConnection.newSecurePacket(0L, j, this.sno, i, bArr, this.secretKey);
    }

    private Object[] unwrap(KNXnetIPHeader kNXnetIPHeader, byte[] bArr, int i) throws KNXFormatException {
        return unwrap(kNXnetIPHeader, bArr, i, 0, this.secretKey);
    }

    private Object[] unwrap(KNXnetIPHeader kNXnetIPHeader, byte[] bArr, int i, int i2, Key key) throws KNXFormatException {
        Object[] unwrap = SecureConnection.unwrap(kNXnetIPHeader, bArr, i, key);
        int intValue = ((Integer) unwrap[0]).intValue();
        if (intValue != 0) {
            throw new KnxSecureException("secure session mismatch: received ID " + intValue + ", expected 0");
        }
        long longValue = ((Long) unwrap[1]).longValue();
        SerialNumber serialNumber = (SerialNumber) unwrap[2];
        int intValue2 = ((Integer) unwrap[3]).intValue();
        this.logger.trace("received {} (session {} seq {} S/N {} tag {})", new Object[]{DataUnitBuilder.toHex((byte[]) unwrap[4], " "), Integer.valueOf(intValue), Long.valueOf(longValue), serialNumber, Integer.valueOf(intValue2)});
        return new Object[]{unwrap[0], unwrap[1], serialNumber, unwrap[3], unwrap[4]};
    }

    private byte[] newGroupSync(long j) {
        if (j < 0 || j > 281474976710655L) {
            throw new KNXIllegalArgumentException("timestamp " + j + " out of range [0..0xffffffffffff]");
        }
        KNXnetIPHeader kNXnetIPHeader = new KNXnetIPHeader(SecureGroupSync, 30);
        ByteBuffer allocate = ByteBuffer.allocate(kNXnetIPHeader.getTotalLength());
        allocate.put(kNXnetIPHeader.toByteArray());
        allocate.putShort((short) (j >> 32)).putInt((int) j);
        if (this.periodicSchedule) {
            this.sentGroupSyncTag = randomClosedRange(1, 65535);
            allocate.put(this.sno.array()).putShort((short) this.sentGroupSyncTag);
        } else {
            allocate.put(this.timerNotifySN.array()).putShort((short) this.timerNotifyTag);
        }
        byte[] cbcMac = cbcMac(allocate.array(), 0, kNXnetIPHeader.getStructLength() + 6 + 6 + 2, SecureConnection.securityInfo(allocate.array(), 6, 0));
        encrypt(cbcMac, 0, SecureConnection.securityInfo(allocate.array(), 6, 65280));
        allocate.put(cbcMac);
        return allocate.array();
    }

    private Object[] newGroupSync(KNXnetIPHeader kNXnetIPHeader, byte[] bArr, int i) throws KNXFormatException {
        if (kNXnetIPHeader.getTotalLength() != 36) {
            throw new KNXFormatException("invalid length " + bArr.length + " for a secure group sync");
        }
        ByteBuffer wrap = ByteBuffer.wrap(bArr, i, kNXnetIPHeader.getTotalLength() - kNXnetIPHeader.getStructLength());
        long uint48 = uint48(wrap);
        byte[] bArr2 = new byte[6];
        wrap.get(bArr2);
        int i2 = wrap.getShort() & 65535;
        SecureConnection.cbcMacVerify(bArr, i - kNXnetIPHeader.getStructLength(), kNXnetIPHeader.getTotalLength() - 16, this.secretKey, SecureConnection.securityInfo(wrap.array(), 6, 0), decrypt(wrap, SecureConnection.securityInfo(bArr, i, 65280)).array());
        this.logger.trace("received group sync timestamp {} ms (S/N {}, tag {})", new Object[]{Long.valueOf(uint48), DataUnitBuilder.toHex(bArr2, ""), Integer.valueOf(i2)});
        return new Object[]{Long.valueOf(uint48), SerialNumber.from(bArr2), Integer.valueOf(i2)};
    }

    private void encrypt(byte[] bArr, int i, byte[] bArr2) {
        SecureConnection.encrypt(bArr, i, this.secretKey, bArr2);
    }

    private ByteBuffer decrypt(ByteBuffer byteBuffer, byte[] bArr) {
        return SecureConnection.decrypt(byteBuffer, this.secretKey, bArr);
    }

    private byte[] cbcMac(byte[] bArr, int i, int i2, byte[] bArr2) {
        return SecureConnection.cbcMac(bArr, i, i2, this.secretKey, bArr2);
    }

    private static long uint48(ByteBuffer byteBuffer) {
        return ((byteBuffer.getShort() & 65535) << 32) | (byteBuffer.getInt() & 4294967295L);
    }

    static {
        groupSyncSender.setKeepAliveTime(30L, TimeUnit.SECONDS);
        groupSyncSender.allowCoreThreadTimeOut(true);
        groupSyncSender.setRemoveOnCancelPolicy(true);
    }
}
