package com.onslip.till.pi;

import com.felhr.usbserial.FTDISerialDevice;
import com.onslip.till.pi.Comm;
import com.onslip.till.pi.TLV;
import com.onslip.util.IOUtils;
import java.io.Closeable;
import java.io.IOException;
import java.io.InputStream;
import java.io.InvalidObjectException;
import java.math.BigInteger;
import java.net.InetAddress;
import java.net.Socket;
import java.security.GeneralSecurityException;
import java.security.KeyStore;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collections;
import java.util.HashSet;
import java.util.Locale;
import java.util.Map;
import java.util.Set;
import java.util.concurrent.ConcurrentHashMap;
import java.util.concurrent.ConcurrentMap;
import java.util.concurrent.ExecutorService;
import javax.crypto.Mac;
import javax.crypto.spec.SecretKeySpec;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLPeerUnverifiedException;
import javax.net.ssl.SSLSocket;
import javax.net.ssl.SSLSocketFactory;
import javax.net.ssl.TrustManagerFactory;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: classes.dex */
public class CommServer extends AbstractCommServer implements Closeable {
    private static final Logger logger = LoggerFactory.getLogger((Class<?>) Comm.class);
    private final ConcurrentMap<String, ClientInfo> clientMap;
    private final String deviceID;
    private final int discoveryPort;
    private final SecureRandom random;
    private final int serverPort;
    private final Set<InetAddress> sslSet;
    private SSLSocketFactory sslSocketFactory;
    private final Comm.TCPServer tcpServer;
    private KeyStore trustStore;
    private final Comm.UDPHandler udpHandler;

    /* renamed from: com.onslip.till.pi.CommServer$3, reason: invalid class name */
    /* loaded from: classes.dex */
    static /* synthetic */ class AnonymousClass3 {
        static final /* synthetic */ int[] $SwitchMap$com$onslip$till$pi$TLV$Tag;

        static {
            int[] iArr = new int[TLV.Tag.values().length];
            $SwitchMap$com$onslip$till$pi$TLV$Tag = iArr;
            try {
                iArr[TLV.Tag.TILL_CONNECT.ordinal()] = 1;
            } catch (NoSuchFieldError unused) {
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: classes.dex */
    public class ClientHandler extends Comm.TCPConnection {
        private ClientInfo clientInfo;
        private boolean expectConnect;
        private long expectConnectBefore;

        public ClientHandler(CommServer commServer, Socket socket) {
            this(socket, null);
        }

        public ClientHandler(Socket socket, ClientInfo clientInfo) {
            super(socket);
            this.clientInfo = clientInfo;
            if (clientInfo == null) {
                this.expectConnect = true;
                this.expectConnectBefore = System.currentTimeMillis() + 10000;
            }
        }

        @Override // com.onslip.till.pi.Comm.TCPConnection, java.io.Closeable, java.lang.AutoCloseable
        public void close() {
            super.close();
            ClientInfo clientInfo = this.clientInfo;
            if (clientInfo != null) {
                clientInfo.close();
            }
        }

        @Override // com.onslip.till.pi.Comm.TCPConnection
        protected void handleRequest(int i, TLV tlv) throws IOException {
            try {
                if (this.expectConnect != (tlv.tag() == TLV.Tag.TILL_CONNECT)) {
                    throw new InvalidObjectException("First message must be TILL_CONNECT (and only the first)");
                }
                if (AnonymousClass3.$SwitchMap$com$onslip$till$pi$TLV$Tag[tlv.tag().ordinal()] != 1) {
                    queueAsyncRequest(i, tlv);
                    return;
                }
                TLV tlv2 = tlv.get(TLV.Tag.TILL_COOKIE);
                TLV tlv3 = tlv.get(TLV.Tag.TILL_DEVICE_ID);
                if (tlv2 == null) {
                    throw new InvalidObjectException("TILL_COOKIE param missing");
                }
                ClientInfo clientInfo = (ClientInfo) CommServer.this.clientMap.get(tlv2.stringValue());
                this.clientInfo = clientInfo;
                if (tlv3 == null) {
                    throw new InvalidObjectException("TILL_DEVICE_ID param missing");
                }
                if (clientInfo == null || this.expectConnectBefore < System.currentTimeMillis()) {
                    throw new InvalidObjectException(this.addr + " offered an invalid cookie");
                }
                if (!this.addr.equals(this.clientInfo.addr) || !tlv3.stringValue().equals(this.clientInfo.remoteID)) {
                    throw new InvalidObjectException(this.addr + " is not authorized to connect");
                }
                if (this.clientInfo.handler != null) {
                    throw new InvalidObjectException(this.addr + " already connected");
                }
                this.clientInfo.handler = this;
                TLV tlv4 = tlv.get(TLV.Tag.TILL_P2P_RESPONSE);
                TLV tlv5 = tlv.get(TLV.Tag.TILL_P2P_CHALLENGE);
                if (this.clientInfo.hmac != null && (tlv4 == null || !Arrays.equals(tlv4.binValue(), this.clientInfo.hmac.doFinal(this.clientInfo.cookie.getBytes(IOUtils.utf8))))) {
                    throw new InvalidObjectException(this.addr + " is not authorized to connect");
                }
                CommServer.logger.info("Opened connection from device {}", this.clientInfo);
                if (this.clientInfo.hmac == null || tlv5 == null) {
                    sendResponse(i, new TLV(TLV.Tag.TILL_ACK, new TLV[0]));
                } else {
                    sendResponse(i, new TLV(TLV.Tag.TILL_ACK, new TLV(TLV.Tag.TILL_P2P_RESPONSE, this.clientInfo.hmac.doFinal(tlv5.binValue()))));
                }
                this.socket.setSoTimeout(300000);
                this.expectConnect = false;
            } catch (InvalidObjectException e) {
                sendResponse(i, new TLV(TLV.Tag.TILL_NACK, new TLV(TLV.Tag.TILL_ERROR_MESSAGE, e.getMessage())));
                throw new IOException("Refusing request " + tlv + ": " + e.getMessage());
            }
        }

        public Comm.AsyncRequest<TLV> pollRequest(int i) {
            return pollAsyncRequest(i);
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: classes.dex */
    public class ClientInfo {
        private final InetAddress addr;
        private final String cookie;
        private ClientHandler handler;
        private Mac hmac;
        private final String remoteID;

        public ClientInfo(InetAddress inetAddress, String str, String str2, byte[] bArr) {
            this.addr = inetAddress;
            this.cookie = str;
            this.remoteID = str2;
            if (bArr != null) {
                try {
                    SecretKeySpec secretKeySpec = new SecretKeySpec(bArr, "HmacSHA256");
                    Mac mac = Mac.getInstance(secretKeySpec.getAlgorithm());
                    this.hmac = mac;
                    mac.init(secretKeySpec);
                } catch (GeneralSecurityException e) {
                    throw new UnsupportedOperationException(e);
                }
            }
        }

        public synchronized void close() {
            ClientHandler clientHandler = this.handler;
            CommServer.this.clientMap.remove(this.cookie);
            this.handler = null;
            if (clientHandler != null) {
                clientHandler.close();
            }
        }

        public String toString() {
            try {
                ClientHandler clientHandler = this.handler;
                if (clientHandler != null && (clientHandler.socket instanceof SSLSocket)) {
                    return String.format(Locale.ROOT, "[%s->%s %s@%s (%s)]", CommServer.this.deviceID, this.remoteID, this.cookie, this.addr, ((SSLSocket) this.handler.socket).getSession().getPeerPrincipal());
                }
            } catch (SSLPeerUnverifiedException unused) {
            }
            return String.format(Locale.ROOT, "[%s->%s %s@%s]", CommServer.this.deviceID, this.remoteID, this.cookie, this.addr);
        }
    }

    public CommServer(ExecutorService executorService, String str) throws IOException {
        super(executorService);
        this.clientMap = new ConcurrentHashMap();
        this.sslSet = Collections.synchronizedSet(new HashSet());
        this.random = new SecureRandom();
        this.deviceID = str;
        int i = Comm.SERVER_PORT;
        this.serverPort = Comm.SERVER_PORT;
        int i2 = Comm.CLIENT_PORT;
        this.discoveryPort = Comm.CLIENT_PORT;
        Comm.UDPHandler uDPHandler = new Comm.UDPHandler(InetAddress.getByName("0.0.0.0"), i, i2) { // from class: com.onslip.till.pi.CommServer.1
            @Override // com.onslip.till.pi.Comm.UDPHandler
            protected void handleRequest(int i3, Comm.UDPMessage uDPMessage) throws IOException {
                queueAsyncRequest(i3, uDPMessage);
            }
        };
        this.udpHandler = uDPHandler;
        Comm.TCPServer tCPServer = new Comm.TCPServer(InetAddress.getByName("0.0.0.0"), i) { // from class: com.onslip.till.pi.CommServer.2
            @Override // com.onslip.till.pi.Comm.TCPServer
            protected void handleConnection(Socket socket) {
                if (CommServer.this.sslSet.contains(socket.getInetAddress())) {
                    try {
                        socket = Comm.secureSocket(socket, CommServer.this.sslSocketFactory, false);
                    } catch (IOException e) {
                        CommServer.logger.error("Failed to accept SSL/TLS connection: {}", e.getMessage());
                        socket = null;
                    }
                }
                if (socket != null) {
                    new ClientHandler(CommServer.this, socket).run(CommServer.this.executor);
                }
            }
        };
        this.tcpServer = tCPServer;
        uDPHandler.run(this.executor);
        tCPServer.run(this.executor);
    }

    private ClientHandler clientHandler(String str) throws Comm.UnknownClientException {
        ClientInfo clientInfo = this.clientMap.get(str);
        if (clientInfo != null && clientInfo.handler != null) {
            return clientInfo.handler;
        }
        throw new Comm.UnknownClientException("No client named " + str);
    }

    private boolean setSSLKeys(KeyStore keyStore, char[] cArr) throws IOException {
        SSLContext sSLContext;
        try {
            try {
                sSLContext = SSLContext.getInstance("TLSv1.2");
            } catch (NoSuchAlgorithmException unused) {
                sSLContext = SSLContext.getInstance("TLSv1");
            }
            Map<String, X509Certificate> keyStoreCerts = getKeyStoreCerts(keyStore);
            boolean z = false;
            for (X509Certificate x509Certificate : keyStoreCerts.values()) {
                logger.info("SSL/TLS Key Store certificate {} [{}]", x509Certificate.getSubjectX500Principal(), x509Certificate.getSerialNumber().toString(16));
                X509Certificate x509Certificate2 = keyStoreCerts.get(x509Certificate.getIssuerX500Principal().toString());
                if (x509Certificate2 != null) {
                    this.trustStore.setCertificateEntry(x509Certificate2.getSubjectX500Principal().toString(), x509Certificate2);
                    z = true;
                }
            }
            for (X509Certificate x509Certificate3 : getKeyStoreCerts(this.trustStore).values()) {
                logger.info("SSL/TLS Trust Store certificate {} [{}]", x509Certificate3.getSubjectX500Principal(), x509Certificate3.getSerialNumber().toString(16));
            }
            KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
            keyManagerFactory.init(keyStore, cArr);
            TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
            trustManagerFactory.init(this.trustStore);
            sSLContext.init(keyManagerFactory.getKeyManagers(), trustManagerFactory.getTrustManagers(), null);
            this.sslSocketFactory = sSLContext.getSocketFactory();
            return z;
        } catch (GeneralSecurityException e) {
            throw new IOException(e);
        }
    }

    @Override // com.onslip.till.pi.AbstractCommServer
    public Comm.UDPMessage[] broadcastUDPMessage(TLV tlv, int i) throws IOException {
        return this.udpHandler.broadcastUDPMessage(tlv, i);
    }

    @Override // java.io.Closeable, java.lang.AutoCloseable
    public void close() throws IOException {
        try {
            this.udpHandler.close();
        } finally {
            this.tcpServer.close();
        }
    }

    @Override // com.onslip.till.pi.AbstractCommServer
    public String connect(String str, boolean z, String str2, byte[] bArr) throws IOException {
        ClientInfo clientInfo;
        if (z && this.sslSocketFactory == null) {
            throw new IllegalStateException("No SSL/TLS keys installed");
        }
        do {
            clientInfo = new ClientInfo(InetAddress.getByName(str), new BigInteger(128, this.random).toString(36), str2, bArr);
        } while (this.clientMap.putIfAbsent(clientInfo.cookie, clientInfo) != null);
        if (z) {
            try {
                this.sslSet.add(clientInfo.addr);
            } catch (Throwable th) {
                clientInfo.close();
                this.sslSet.remove(clientInfo.addr);
                throw th;
            }
        }
        TLV.Tag tag = TLV.Tag.TILL_CONNECT;
        TLV[] tlvArr = new TLV[3];
        tlvArr[0] = new TLV(TLV.Tag.TILL_COOKIE, clientInfo.cookie);
        tlvArr[1] = new TLV(TLV.Tag.TILL_DEVICE_ID, this.deviceID);
        tlvArr[2] = new TLV(TLV.Tag.TILL_SECURE_CONNECTION, z ? 1L : 0L);
        TLV sendUDPMessage = this.udpHandler.sendUDPMessage(new TLV(tag, tlvArr), clientInfo.addr, bArr != null ? this.serverPort : this.discoveryPort, FTDISerialDevice.FTDI_BAUDRATE_600);
        if (sendUDPMessage.tag() == TLV.Tag.TILL_ACK) {
            if (clientInfo.handler != null) {
                String str3 = clientInfo.cookie;
                if (str3 == null) {
                    clientInfo.close();
                }
                this.sslSet.remove(clientInfo.addr);
                return str3;
            }
            throw new Comm.ConnectFailedException("Connection failed: " + clientInfo + " did not connect successfully.", sendUDPMessage);
        }
        if (sendUDPMessage.tag() == TLV.Tag.TILL_NACK) {
            throw new Comm.ConnectFailedException("Connection failed: " + clientInfo + " refused to connect.", sendUDPMessage);
        }
        throw new Comm.ConnectFailedException("Connection failed: " + clientInfo + " sent an unexpected response.", sendUDPMessage);
    }

    @Override // com.onslip.till.pi.AbstractCommServer
    public String connectAsClient(String str, boolean z, String str2, String str3, byte[] bArr) throws IOException {
        TLV tlv;
        byte[] bArr2 = new byte[32];
        if (z && this.sslSocketFactory == null) {
            throw new IllegalStateException("No SSL/TLS keys installed");
        }
        ClientInfo clientInfo = new ClientInfo(InetAddress.getByName(str), str2, str3, bArr);
        if (this.clientMap.putIfAbsent(clientInfo.cookie, clientInfo) != null) {
            throw new Comm.ConnectFailedException("Connection failed: Cookie " + clientInfo.cookie + " already in use.", null);
        }
        try {
            try {
                Socket socket = new Socket(clientInfo.addr, this.serverPort);
                if (z) {
                    socket = secureSocket(socket, this.sslSocketFactory, true);
                }
                clientInfo.handler = new ClientHandler(socket, clientInfo);
                clientInfo.handler.run(this.executor);
                ArrayList arrayList = new ArrayList(Arrays.asList(new TLV(TLV.Tag.TILL_COOKIE, clientInfo.cookie), new TLV(TLV.Tag.TILL_DEVICE_ID, this.deviceID)));
                if (bArr != null) {
                    this.random.nextBytes(bArr2);
                    arrayList.addAll(Arrays.asList(new TLV(TLV.Tag.TILL_P2P_CHALLENGE, bArr2), new TLV(TLV.Tag.TILL_P2P_RESPONSE, clientInfo.hmac.doFinal(str2.getBytes(IOUtils.utf8)))));
                }
                TLV sendMessage = clientInfo.handler.sendMessage(new TLV(TLV.Tag.TILL_CONNECT, arrayList), FTDISerialDevice.FTDI_BAUDRATE_600);
                sendMessage.get(TLV.Tag.TILL_P2P_RESPONSE);
                if (sendMessage.tag() != TLV.Tag.TILL_ACK) {
                    if (sendMessage.tag() != TLV.Tag.TILL_NACK) {
                        throw new Comm.ConnectFailedException("Connection failed: " + clientInfo + " sent an unexpected response.", sendMessage);
                    }
                    throw new Comm.ConnectFailedException("Connection failed: " + clientInfo + " rejected connection attempt: " + sendMessage.getString(TLV.Tag.TILL_ERROR_MESSAGE, ""), sendMessage);
                }
                if (bArr != null && ((tlv = sendMessage.get(TLV.Tag.TILL_P2P_RESPONSE)) == null || !Arrays.equals(tlv.binValue(), clientInfo.hmac.doFinal(bArr2)))) {
                    throw new Comm.ConnectFailedException("Connection failed: " + clientInfo + " failed to sign challenge.", sendMessage);
                }
                logger.info("Opened connection to server {}", clientInfo);
                String str4 = clientInfo.cookie;
                if (str4 == null) {
                    clientInfo.close();
                }
                return str4;
            } catch (IOException e) {
                throw new Comm.ConnectFailedException("Connection failed: " + clientInfo + " failed to connect: " + e.getMessage(), null);
            }
        } catch (Throwable th) {
            clientInfo.close();
            throw th;
        }
    }

    @Override // com.onslip.till.pi.AbstractCommServer
    public String deviceID() {
        return this.deviceID;
    }

    @Override // com.onslip.till.pi.AbstractCommServer
    public void disconnect(String str) throws IOException {
        try {
            clientHandler(str).close();
        } catch (Comm.UnknownClientException unused) {
        }
    }

    public boolean loadSSLKeys(InputStream inputStream, char[] cArr) throws IOException {
        try {
            KeyStore keyStore = KeyStore.getInstance("PKCS12");
            keyStore.load(inputStream, cArr);
            return setSSLKeys(keyStore, cArr);
        } catch (GeneralSecurityException e) {
            throw new IOException(e);
        }
    }

    public void loadTrustStore(InputStream inputStream, char[] cArr) throws IOException {
        if (inputStream == null) {
            this.trustStore = null;
            return;
        }
        try {
            try {
                KeyStore keyStore = KeyStore.getInstance("PKCS12");
                keyStore.load(inputStream, cArr);
                this.trustStore = keyStore;
            } catch (GeneralSecurityException e) {
                throw new IOException("Failed to load TrustStore: " + e.getMessage(), e);
            }
        } finally {
            inputStream.close();
        }
    }

    @Override // com.onslip.till.pi.AbstractCommServer
    public Comm.AsyncRequest<TLV> pollRequest(String str, int i) throws IOException {
        return clientHandler(str).pollRequest(i);
    }

    @Override // com.onslip.till.pi.AbstractCommServer
    public Comm.AsyncRequest<Comm.UDPMessage> pollUDPRequest(int i) throws IOException {
        return this.udpHandler.pollAsyncRequest(i);
    }

    @Override // com.onslip.till.pi.AbstractCommServer
    public TLV sendMessage(String str, TLV tlv, int i) throws IOException {
        return clientHandler(str).sendMessage(tlv, i);
    }

    @Override // com.onslip.till.pi.AbstractCommServer
    public void sendResponse(String str, int i, TLV tlv) throws IOException {
        clientHandler(str).sendResponse(i, tlv);
    }

    @Override // com.onslip.till.pi.AbstractCommServer
    public void sendUDPResponse(String str, int i, int i2, TLV tlv) throws IOException {
        this.udpHandler.sendResponse(str, i, i2, tlv);
    }
}
