package io.libp2p.security.noise;

import androidx.core.app.NotificationCompat;
import com.google.protobuf.ByteString;
import com.southernstorm.noise.protocol.CipherState;
import com.southernstorm.noise.protocol.CipherStatePair;
import com.southernstorm.noise.protocol.DHState;
import com.southernstorm.noise.protocol.HandshakeState;
import com.southernstorm.noise.protocol.Noise;
import io.libp2p.core.PeerId;
import io.libp2p.core.crypto.KeyKt;
import io.libp2p.core.crypto.PrivKey;
import io.libp2p.core.crypto.PubKey;
import io.libp2p.core.security.SecureChannel;
import io.libp2p.etc.AttributesKt;
import io.libp2p.etc.types.BufferExtKt;
import io.libp2p.etc.types.ByteArrayExtKt;
import io.libp2p.etc.util.netty.SplitEncoder;
import io.libp2p.security.InvalidRemotePubKey;
import io.libp2p.security.SecureHandshakeError;
import io.libp2p.security.tls.TLSSecureChannelKt;
import io.netty.buffer.ByteBuf;
import io.netty.channel.ChannelHandlerContext;
import io.netty.channel.SimpleChannelInboundHandler;
import java.util.concurrent.CompletableFuture;
import kotlin.Metadata;
import kotlin.Pair;
import kotlin.collections.ArraysKt;
import kotlin.jvm.internal.Intrinsics;
import kotlin.ranges.IntRange;
import kotlin.ranges.RangesKt;
import spipe.pb.Spipe;

/* compiled from: NoiseXXSecureChannel.kt */
@Metadata(d1 = {"\u0000z\n\u0002\u0018\u0002\n\u0002\u0018\u0002\n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0002\b\u0002\n\u0002\u0010\u000b\n\u0000\n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0000\n\u0002\u0010\u0012\n\u0000\n\u0002\u0018\u0002\n\u0002\b\u0005\n\u0002\u0018\u0002\n\u0002\b\u0002\n\u0002\u0010\u0002\n\u0000\n\u0002\u0018\u0002\n\u0002\b\u0005\n\u0002\u0010\u0003\n\u0000\n\u0002\u0010\u000e\n\u0002\b\u0002\n\u0002\u0018\u0002\n\u0002\b\u0005\n\u0002\u0018\u0002\n\u0002\b\u0004\u0018\u00002\b\u0012\u0004\u0012\u00020\u00020\u0001B#\u0012\u0006\u0010\u0003\u001a\u00020\u0004\u0012\f\u0010\u0005\u001a\b\u0012\u0004\u0012\u00020\u00070\u0006\u0012\u0006\u0010\b\u001a\u00020\t¢\u0006\u0002\u0010\nJ\u0010\u0010\u001c\u001a\u00020\u001d2\u0006\u0010\u001e\u001a\u00020\u001fH\u0016J\u0018\u0010 \u001a\u00020\u001d2\u0006\u0010\u001e\u001a\u00020\u001f2\u0006\u0010!\u001a\u00020\u0002H\u0014J\u0010\u0010\"\u001a\u00020\u001d2\u0006\u0010\u001e\u001a\u00020\u001fH\u0016J\u0018\u0010#\u001a\u00020\u001d2\u0006\u0010\u001e\u001a\u00020\u001f2\u0006\u0010$\u001a\u00020%H\u0016J\u0018\u0010&\u001a\u00020\u001d2\u0006\u0010\u001e\u001a\u00020\u001f2\u0006\u0010$\u001a\u00020'H\u0002J\u0018\u0010&\u001a\u00020\u001d2\u0006\u0010\u001e\u001a\u00020\u001f2\u0006\u0010$\u001a\u00020%H\u0002J\u0018\u0010(\u001a\u00020\u001d2\u0006\u0010\u001e\u001a\u00020\u001f2\u0006\u0010)\u001a\u00020*H\u0002J\u0010\u0010+\u001a\u00020\u001d2\u0006\u0010!\u001a\u00020\u0012H\u0002J\u001c\u0010,\u001a\u00020\u001d2\u0006\u0010\u001e\u001a\u00020\u001f2\n\b\u0002\u0010!\u001a\u0004\u0018\u00010\u0012H\u0002J\u0010\u0010-\u001a\u00020\u001d2\u0006\u0010\u001e\u001a\u00020\u001fH\u0002J\u0010\u0010.\u001a\u00020\u001d2\u0006\u0010\u001e\u001a\u00020\u001fH\u0002J\u001c\u0010/\u001a\u000e\u0012\u0004\u0012\u00020\u001a\u0012\u0004\u0012\u00020\u0012002\u0006\u00101\u001a\u00020\u0012H\u0002J \u00102\u001a\u00020\u001a2\u0006\u0010\u001e\u001a\u00020\u001f2\u0006\u00101\u001a\u00020\u00122\u0006\u00103\u001a\u00020\u0014H\u0002R\u000e\u0010\u000b\u001a\u00020\fX\u0082\u000e¢\u0006\u0002\n\u0000R\u0010\u0010\r\u001a\u0004\u0018\u00010\u000eX\u0082\u000e¢\u0006\u0002\n\u0000R\u0014\u0010\u0005\u001a\b\u0012\u0004\u0012\u00020\u00070\u0006X\u0082\u0004¢\u0006\u0002\n\u0000R\u000e\u0010\u000f\u001a\u00020\u0010X\u0082\u0004¢\u0006\u0002\n\u0000R\u0010\u0010\u0011\u001a\u0004\u0018\u00010\u0012X\u0082\u000e¢\u0006\u0002\n\u0000R\u000e\u0010\u0003\u001a\u00020\u0004X\u0082\u0004¢\u0006\u0002\n\u0000R\u0016\u0010\u0013\u001a\n \u0015*\u0004\u0018\u00010\u00140\u0014X\u0082\u0004¢\u0006\u0002\n\u0000R\u0016\u0010\u0016\u001a\u0004\u0018\u00010\u000e8BX\u0082\u0004¢\u0006\u0006\u001a\u0004\b\u0017\u0010\u0018R\u0010\u0010\u0019\u001a\u0004\u0018\u00010\u001aX\u0082\u000e¢\u0006\u0002\n\u0000R\u000e\u0010\b\u001a\u00020\tX\u0082\u0004¢\u0006\u0002\n\u0000R\u000e\u0010\u001b\u001a\u00020\fX\u0082\u000e¢\u0006\u0002\n\u0000¨\u00064"}, d2 = {"Lio/libp2p/security/noise/NoiseIoHandshake;", "Lio/netty/channel/SimpleChannelInboundHandler;", "Lio/netty/buffer/ByteBuf;", "localKey", "Lio/libp2p/core/crypto/PrivKey;", "handshakeComplete", "Ljava/util/concurrent/CompletableFuture;", "Lio/libp2p/core/security/SecureChannel$Session;", "role", "Lio/libp2p/security/noise/Role;", "(Lio/libp2p/core/crypto/PrivKey;Ljava/util/concurrent/CompletableFuture;Lio/libp2p/security/noise/Role;)V", "activated", "", "expectedRemotePeerId", "Lio/libp2p/core/PeerId;", "handshakeState", "Lcom/southernstorm/noise/protocol/HandshakeState;", "instancePayload", "", "localNoiseState", "Lcom/southernstorm/noise/protocol/DHState;", "kotlin.jvm.PlatformType", "remotePeerId", "getRemotePeerId", "()Lio/libp2p/core/PeerId;", "remotePubKey", "Lio/libp2p/core/crypto/PubKey;", "sentNoiseKeyPayload", "channelActive", "", "ctx", "Lio/netty/channel/ChannelHandlerContext;", "channelRead0", NotificationCompat.CATEGORY_MESSAGE, "channelUnregistered", "exceptionCaught", "cause", "", "handshakeFailed", "", "handshakeSucceeded", "session", "Lio/libp2p/security/noise/NoiseSecureChannelSession;", "readNoiseMessage", "sendNoiseMessage", "sendNoiseStaticKeyAsPayload", "splitHandshake", "unpackKeyAndSignature", "Lkotlin/Pair;", "payload", "verifyPayload", "remotePublicKeyState", TLSSecureChannelKt.NoEarlyMuxerNegotiationEntry}, k = 1, mv = {1, 6, 0}, xi = 48)
/* loaded from: classes3.dex */
public final class NoiseIoHandshake extends SimpleChannelInboundHandler<ByteBuf> {
    private boolean activated;
    private PeerId expectedRemotePeerId;
    private final CompletableFuture<SecureChannel.Session> handshakeComplete;
    private final HandshakeState handshakeState;
    private byte[] instancePayload;
    private final PrivKey localKey;
    private final DHState localNoiseState;
    private PubKey remotePubKey;
    private final Role role;
    private boolean sentNoiseKeyPayload;

    public NoiseIoHandshake(PrivKey localKey, CompletableFuture<SecureChannel.Session> handshakeComplete, Role role) {
        Intrinsics.checkNotNullParameter(localKey, "localKey");
        Intrinsics.checkNotNullParameter(handshakeComplete, "handshakeComplete");
        Intrinsics.checkNotNullParameter(role, "role");
        this.localKey = localKey;
        this.handshakeComplete = handshakeComplete;
        this.role = role;
        HandshakeState handshakeState = new HandshakeState(NoiseXXSecureChannel.protocolName, role.getIntVal());
        this.handshakeState = handshakeState;
        DHState createDH = Noise.createDH("25519");
        this.localNoiseState = createDH;
        NoiseXXSecureChannelKt.access$getLog$p().debug("Starting handshake");
        createDH.setPrivateKey(NoiseXXSecureChannel.INSTANCE.getLocalStaticPrivateKey25519(), 0);
        handshakeState.getLocalKeyPair().copyFrom(createDH);
        handshakeState.start();
    }

    private final PeerId getRemotePeerId() {
        PubKey pubKey = this.remotePubKey;
        if (pubKey != null) {
            return PeerId.INSTANCE.fromPubKey(pubKey);
        }
        return null;
    }

    private final void handshakeFailed(ChannelHandlerContext ctx, String cause) {
        handshakeFailed(ctx, new Exception(cause));
    }

    private final void handshakeFailed(ChannelHandlerContext ctx, Throwable cause) {
        NoiseXXSecureChannelKt.access$getLog$p().debug("Noise handshake failed", cause);
        this.handshakeComplete.completeExceptionally(cause);
        ctx.pipeline().remove(NoiseXXSecureChannelKt.HandshakeReadTimeoutNettyHandlerName);
        ctx.pipeline().remove(this);
    }

    private final void handshakeSucceeded(ChannelHandlerContext ctx, NoiseSecureChannelSession session) {
        this.handshakeComplete.complete(session);
        ctx.pipeline().addBefore(NoiseXXSecureChannelKt.HandshakeNettyHandlerName, NoiseXXSecureChannelKt.NoiseCodeNettyHandlerName, new NoiseXXCodec(session.getAliceCipher(), session.getBobCipher()));
        ctx.pipeline().addAfter(NoiseXXSecureChannelKt.NoiseCodeNettyHandlerName, "NoisePacketSplitter", new SplitEncoder(65535 - session.getAliceCipher().getMACLength()));
        ctx.pipeline().remove(NoiseXXSecureChannelKt.HandshakeReadTimeoutNettyHandlerName);
        ctx.pipeline().remove(this);
        ctx.fireChannelActive();
    }

    private final void readNoiseMessage(byte[] msg) {
        NoiseXXSecureChannelKt.access$getLog$p().debug("Noise handshake READ_MESSAGE");
        int length = msg.length;
        byte[] bArr = new byte[length];
        int readMessage = this.handshakeState.readMessage(msg, 0, msg.length, bArr, 0);
        if (NoiseXXSecureChannel.INSTANCE.getRustInteroperability() && readMessage > 0) {
            if (readMessage < 2) {
                throw new SecureHandshakeError();
            }
            readMessage = ByteArrayExtKt.toUShortBigEndian(ArraysKt.sliceArray(bArr, new IntRange(0, 1)));
            int i = readMessage + 2;
            if (length < i) {
                throw new SecureHandshakeError();
            }
            bArr = ArraysKt.sliceArray(bArr, RangesKt.until(2, i));
        }
        NoiseXXSecureChannelKt.access$getLog$p().trace("msg.size:" + msg.length);
        NoiseXXSecureChannelKt.access$getLog$p().trace("Read message size:" + readMessage);
        if (this.instancePayload != null || readMessage <= 0) {
            return;
        }
        byte[] bArr2 = new byte[readMessage];
        this.instancePayload = bArr2;
        Intrinsics.checkNotNull(bArr2);
        ArraysKt.copyInto(bArr, bArr2, 0, 0, readMessage);
    }

    private final void sendNoiseMessage(ChannelHandlerContext ctx, byte[] msg) {
        if (NoiseXXSecureChannel.INSTANCE.getRustInteroperability()) {
            if (msg != null) {
                msg = ArraysKt.plus(ByteArrayExtKt.uShortToBytesBigEndian(msg.length), msg);
            } else {
                msg = null;
            }
        }
        byte[] bArr = msg;
        int length = bArr != null ? bArr.length : 0;
        byte[] bArr2 = new byte[((this.handshakeState.getLocalKeyPair().getPublicKeyLength() + 16) * 2) + length];
        int writeMessage = this.handshakeState.writeMessage(bArr2, 0, bArr, 0, length);
        NoiseXXSecureChannelKt.access$getLog$p().debug("Noise handshake WRITE_MESSAGE");
        NoiseXXSecureChannelKt.access$getLog$p().trace("Sent message length:" + writeMessage);
        ctx.writeAndFlush(BufferExtKt.toByteBuf(ArraysKt.copyOfRange(bArr2, 0, writeMessage)));
    }

    static /* synthetic */ void sendNoiseMessage$default(NoiseIoHandshake noiseIoHandshake, ChannelHandlerContext channelHandlerContext, byte[] bArr, int i, Object obj) {
        if ((i & 2) != 0) {
            bArr = null;
        }
        noiseIoHandshake.sendNoiseMessage(channelHandlerContext, bArr);
    }

    private final void sendNoiseStaticKeyAsPayload(ChannelHandlerContext ctx) {
        if (this.sentNoiseKeyPayload) {
            return;
        }
        this.sentNoiseKeyPayload = true;
        byte[] marshalPublicKey = KeyKt.marshalPublicKey(this.localKey.publicKey());
        PrivKey privKey = this.localKey;
        DHState localNoiseState = this.localNoiseState;
        Intrinsics.checkNotNullExpressionValue(localNoiseState, "localNoiseState");
        byte[] byteArray = Spipe.NoiseHandshakePayload.newBuilder().setLibp2PKey(ByteString.copyFrom(marshalPublicKey)).setNoiseStaticKeySignature(ByteString.copyFrom(privKey.sign(NoiseXXSecureChannelKt.access$noiseSignaturePhrase(localNoiseState)))).setLibp2PData(ByteString.EMPTY).setLibp2PDataSignature(ByteString.EMPTY).build().toByteArray();
        NoiseXXSecureChannelKt.access$getLog$p().debug("Sending signed Noise static public key as payload");
        sendNoiseMessage(ctx, byteArray);
    }

    private final void splitHandshake(ChannelHandlerContext ctx) {
        CipherStatePair split = this.handshakeState.split();
        CipherState aliceSplit = split.getSender();
        CipherState bobSplit = split.getReceiver();
        NoiseXXSecureChannelKt.access$getLog$p().debug("Split complete");
        PeerId fromPubKey = PeerId.INSTANCE.fromPubKey(this.localKey.publicKey());
        PeerId remotePeerId = getRemotePeerId();
        Intrinsics.checkNotNull(remotePeerId);
        PubKey pubKey = this.remotePubKey;
        Intrinsics.checkNotNull(pubKey);
        Intrinsics.checkNotNullExpressionValue(aliceSplit, "aliceSplit");
        Intrinsics.checkNotNullExpressionValue(bobSplit, "bobSplit");
        handshakeSucceeded(ctx, new NoiseSecureChannelSession(fromPubKey, remotePeerId, pubKey, aliceSplit, bobSplit));
    }

    private final Pair<PubKey, byte[]> unpackKeyAndSignature(byte[] payload) {
        Spipe.NoiseHandshakePayload parseFrom = Spipe.NoiseHandshakePayload.parseFrom(payload);
        byte[] byteArray = parseFrom.getLibp2PKey().toByteArray();
        Intrinsics.checkNotNullExpressionValue(byteArray, "noiseMsg.libp2PKey.toByteArray()");
        return new Pair<>(KeyKt.unmarshalPublicKey(byteArray), parseFrom.getNoiseStaticKeySignature().toByteArray());
    }

    private final PubKey verifyPayload(ChannelHandlerContext ctx, byte[] payload, DHState remotePublicKeyState) {
        NoiseXXSecureChannelKt.access$getLog$p().debug("Verifying noise static key payload");
        Pair<PubKey, byte[]> unpackKeyAndSignature = unpackKeyAndSignature(payload);
        PubKey component1 = unpackKeyAndSignature.component1();
        boolean verify = component1.verify(NoiseXXSecureChannelKt.access$noiseSignaturePhrase(remotePublicKeyState), unpackKeyAndSignature.component2());
        NoiseXXSecureChannelKt.access$getLog$p().debug("Remote verification is " + verify);
        if (!verify) {
            handshakeFailed(ctx, new InvalidRemotePubKey());
        }
        return component1;
    }

    @Override // io.netty.channel.ChannelInboundHandlerAdapter, io.netty.channel.ChannelInboundHandler
    public void channelActive(ChannelHandlerContext ctx) {
        Intrinsics.checkNotNullParameter(ctx, "ctx");
        if (this.activated) {
            return;
        }
        this.activated = true;
        if (this.role == Role.INIT) {
            sendNoiseMessage$default(this, ctx, null, 2, null);
            if (!ctx.channel().hasAttr(AttributesKt.getREMOTE_PEER_ID())) {
                throw new SecureHandshakeError("Remote Peer ID missing for initiating party");
            }
            this.expectedRemotePeerId = (PeerId) ctx.channel().attr(AttributesKt.getREMOTE_PEER_ID()).get();
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // io.netty.channel.SimpleChannelInboundHandler
    public void channelRead0(ChannelHandlerContext ctx, ByteBuf msg) {
        Intrinsics.checkNotNullParameter(ctx, "ctx");
        Intrinsics.checkNotNullParameter(msg, "msg");
        channelActive(ctx);
        if (this.handshakeState.getAction() == 2) {
            readNoiseMessage(BufferExtKt.toByteArray(msg));
        }
        DHState derivedRemotePublicKey = this.handshakeState.getRemotePublicKey();
        if (derivedRemotePublicKey.hasPublicKey()) {
            byte[] bArr = this.instancePayload;
            Intrinsics.checkNotNull(bArr);
            Intrinsics.checkNotNullExpressionValue(derivedRemotePublicKey, "derivedRemotePublicKey");
            this.remotePubKey = verifyPayload(ctx, bArr, derivedRemotePublicKey);
            if (this.role == Role.INIT && !Intrinsics.areEqual(this.expectedRemotePeerId, getRemotePeerId())) {
                throw new InvalidRemotePubKey();
            }
        }
        if (this.handshakeState.getAction() == 1) {
            sendNoiseStaticKeyAsPayload(ctx);
        }
        if (this.handshakeState.getAction() == 4) {
            splitHandshake(ctx);
        }
    }

    @Override // io.netty.channel.ChannelInboundHandlerAdapter, io.netty.channel.ChannelInboundHandler
    public void channelUnregistered(ChannelHandlerContext ctx) {
        Intrinsics.checkNotNullParameter(ctx, "ctx");
        handshakeFailed(ctx, "Connection was closed " + ctx.channel());
        super.channelUnregistered(ctx);
    }

    @Override // io.netty.channel.ChannelInboundHandlerAdapter, io.netty.channel.ChannelHandlerAdapter, io.netty.channel.ChannelHandler, io.netty.channel.ChannelInboundHandler
    public void exceptionCaught(ChannelHandlerContext ctx, Throwable cause) {
        Intrinsics.checkNotNullParameter(ctx, "ctx");
        Intrinsics.checkNotNullParameter(cause, "cause");
        handshakeFailed(ctx, cause);
        ctx.channel().close();
    }
}
