package org.opendof.core.internal.core;

import java.io.IOException;
import java.io.InvalidObjectException;
import java.io.ObjectInputStream;
import java.io.ObjectOutputStream;
import java.io.ObjectStreamException;
import java.io.Serializable;
import java.util.ArrayList;
import java.util.Collection;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Set;
import java.util.concurrent.atomic.AtomicLong;
import org.opendof.core.internal.core.OALOperation;
import org.opendof.core.internal.core.UniqueNaming;
import org.opendof.core.internal.core.security.DomainStore;
import org.opendof.core.internal.core.security.ScopedPermissionList;
import org.opendof.core.internal.protocol.oap.OAPOperation;
import org.opendof.core.internal.protocol.oap.OAPRouter;
import org.opendof.core.internal.protocol.oap.ProvideOperation;
import org.opendof.core.internal.protocol.security.Authenticator;
import org.opendof.core.internal.protocol.security.EncryptionUtil;
import org.opendof.core.internal.protocol.security.KeyRequest;
import org.opendof.core.internal.protocol.security.credentials.Credentials;
import org.opendof.core.internal.protocol.trp.ScopeOperation;
import org.opendof.core.internal.util.AsyncRunnable;
import org.opendof.core.internal.util.ConditionWaiter;
import org.opendof.core.internal.util.NameableRunnable;
import org.opendof.core.internal.util.WaitCondition;
import org.opendof.core.oal.DOF;
import org.opendof.core.oal.DOFCredentials;
import org.opendof.core.oal.DOFDomain;
import org.opendof.core.oal.DOFErrorException;
import org.opendof.core.oal.DOFException;
import org.opendof.core.oal.DOFImmutable;
import org.opendof.core.oal.DOFInterfaceID;
import org.opendof.core.oal.DOFListenerInvoker;
import org.opendof.core.oal.DOFObjectID;
import org.opendof.core.oal.DOFOperation;
import org.opendof.core.oal.DOFRegistration;
import org.opendof.core.oal.DOFRouteInfo;
import org.opendof.core.oal.DOFSecurityScope;
import org.opendof.core.oal.DOFSubscription;
import org.opendof.core.oal.DOFSystem;
import org.opendof.core.oal.security.DOFAccessDeniedException;
import org.opendof.core.oal.security.DOFAuthenticationFailedException;
import org.opendof.core.oal.security.DOFPermission;
import org.opendof.core.oal.security.DOFPermissionSet;
import org.opendof.core.oal.security.DOFSecurityException;

/* loaded from: input_file:org/opendof/core/internal/core/OALSystem.class */
public final class OALSystem implements OperationProcessor, OperationSource, UniqueNaming.Nameable, DOFDomain.StateListener {
    public static final String DEFAULT_NAME = "sys";
    public static final OALSystem NULL_SYSTEM = new OALSystem();
    private static final int TIMEOUT = 30000;
    private static final int RETRY_PERIOD = 10000;
    private final DOFSystem dofSystem;
    private final OALCore core;
    private final DOFSystem.Config config;
    private final ImmutableData systemData;
    private final DOFDomain internalDomain;
    private OALSecurityScope nodeScope;
    private OALSecurityScope directTunnelScope;
    private final ScopedPermissionList permissions;
    private final Object destroyMonitor;
    private volatile boolean isDestroyed;
    private final Credentials credentials;
    private final List<DOFSystem.StateListener> listeners;
    private List<DOFSubscription> subscriptions;
    private List<DOFRegistration> registrations;
    public final OALQueryManager queryManager;
    public final OALSystemInterestManager interestManager;
    public final OALObjectManager objectManager;
    public final RouteListenerAdapter routeListenerAdapter;
    public final OALInboundOutbound inboundOutbound;
    private final AtomicLong grantEnd;
    private final AtomicLong nextAuthorize;
    private final Object authorizedMonitor;
    private DOFException authorizeException;
    private volatile boolean isAuthorized;

    /* loaded from: input_file:org/opendof/core/internal/core/OALSystem$AuthorizedWaiter.class */
    private static class AuthorizedWaiter implements WaitCondition {
        private final OALSystem system;

        AuthorizedWaiter(OALSystem oALSystem) {
            this.system = oALSystem;
        }

        @Override // org.opendof.core.internal.util.WaitCondition
        public boolean isDoneWaiting() {
            return this.system.getState().isAuthorized() || (this.system.getState().getAuthorizeException() != null && this.system.getState().getAuthorizeException().getErrorCode() == 1);
        }
    }

    /* loaded from: input_file:org/opendof/core/internal/core/OALSystem$Data.class */
    public static final class Data {
        public String name;
        public DOFPermissionSet permissions;
        public boolean isExtendAllowed;
        public boolean isTunnelDomains;
        public DOFSecurityScope remoteDomainScope;

        public Data() {
            this.isExtendAllowed = true;
            this.isTunnelDomains = false;
            this.name = null;
            this.permissions = null;
            this.isExtendAllowed = true;
            this.isTunnelDomains = false;
            this.remoteDomainScope = null;
        }

        public Data(ImmutableData immutableData) {
            this.isExtendAllowed = true;
            this.isTunnelDomains = false;
            this.name = immutableData.name;
            this.permissions = immutableData.permissions;
            this.isExtendAllowed = immutableData.isExtendAllowed;
            this.isTunnelDomains = immutableData.isTunnelDomains;
            this.remoteDomainScope = immutableData.remoteDomainScope;
        }
    }

    /* loaded from: input_file:org/opendof/core/internal/core/OALSystem$ImmutableData.class */
    public static final class ImmutableData implements DOFImmutable, Serializable {
        private static final long serialVersionUID = 5636206869536330196L;
        public final String name;
        public final DOFPermissionSet permissions;
        public final boolean isExtendAllowed;
        public final boolean isTunnelDomains;
        public final DOFSecurityScope remoteDomainScope;

        public ImmutableData(Data data) {
            this.name = data.name;
            this.permissions = data.permissions;
            this.isExtendAllowed = data.isExtendAllowed;
            this.isTunnelDomains = data.isTunnelDomains;
            this.remoteDomainScope = data.remoteDomainScope;
        }

        private ImmutableData(ImmutableData immutableData) {
            this.name = immutableData.name;
            this.permissions = immutableData.permissions;
            this.isExtendAllowed = immutableData.isExtendAllowed;
            this.isTunnelDomains = immutableData.isTunnelDomains;
            this.remoteDomainScope = immutableData.remoteDomainScope;
        }

        public boolean equals(Object obj) {
            if (this == obj) {
                return true;
            }
            if (obj == null || getClass() != obj.getClass()) {
                return false;
            }
            ImmutableData immutableData = (ImmutableData) obj;
            if (this.isExtendAllowed == immutableData.isExtendAllowed && this.isTunnelDomains == immutableData.isTunnelDomains) {
                return this.permissions != null ? this.permissions.equals(immutableData.permissions) : immutableData.permissions == null;
            }
            return false;
        }

        public int hashCode() {
            return (31 * ((31 * ((31 * 0) + (this.permissions != null ? this.permissions.hashCode() : 0))) + (this.isExtendAllowed ? 1 : 0))) + (this.remoteDomainScope != null ? this.remoteDomainScope.hashCode() : 0);
        }

        private void writeObject(ObjectOutputStream objectOutputStream) throws IOException {
            objectOutputStream.defaultWriteObject();
        }

        private void readObject(ObjectInputStream objectInputStream) throws IOException, ClassNotFoundException {
            objectInputStream.defaultReadObject();
        }

        private Object readResolve() throws ObjectStreamException {
            try {
                return new ImmutableData(this);
            } catch (Exception e) {
                throw new InvalidObjectException(e.getMessage());
            }
        }
    }

    /* loaded from: input_file:org/opendof/core/internal/core/OALSystem$RouteListenerAdapter.class */
    public static class RouteListenerAdapter {
        private final OALSystem oalSystem;
        private final OALCore core;

        public RouteListenerAdapter(OALSystem oALSystem, OALCore oALCore) {
            this.oalSystem = oALSystem;
            this.core = oALCore;
        }

        public void addRouteListener(DOFSystem.RouteListener routeListener) {
            this.core.addRouteListener(this.oalSystem, routeListener);
        }

        public void removeRouteListener(DOFSystem.RouteListener routeListener) {
            this.core.removeRouteListener(this.oalSystem, routeListener);
        }
    }

    /* loaded from: input_file:org/opendof/core/internal/core/OALSystem$State.class */
    public static class State implements DOFImmutable, DOFSystem.State {
        private final ImmutableData systemData;
        private final DOFCredentials neuteredCredentials;
        private final boolean isAuthorized;
        private final DOFException authorizeException;

        public State(OALCore oALCore, ImmutableData immutableData, DOFCredentials dOFCredentials, boolean z, DOFException dOFException) {
            this.systemData = immutableData;
            this.neuteredCredentials = dOFCredentials;
            this.isAuthorized = z;
            this.authorizeException = dOFException;
        }

        @Override // org.opendof.core.oal.DOFSystem.State
        public DOFCredentials getCredentials() {
            return this.neuteredCredentials;
        }

        @Override // org.opendof.core.oal.DOFSystem.State
        public String getName() {
            return this.systemData.name;
        }

        @Override // org.opendof.core.oal.DOFSystem.State
        public DOFPermissionSet getPermissions() {
            return this.systemData.permissions;
        }

        @Override // org.opendof.core.oal.DOFSystem.State
        public boolean isPermissionsExtendAllowed() {
            return this.systemData.isExtendAllowed;
        }

        @Override // org.opendof.core.oal.DOFSystem.State
        public boolean isTunnelDomains() {
            return this.systemData.isTunnelDomains;
        }

        @Override // org.opendof.core.oal.DOFSystem.State
        public DOFSecurityScope getRemoteDomain() {
            return this.systemData.remoteDomainScope;
        }

        public ImmutableData getSystemData() {
            return this.systemData;
        }

        @Override // org.opendof.core.oal.DOFSystem.State
        public boolean isAuthorized() {
            return this.isAuthorized;
        }

        @Override // org.opendof.core.oal.DOFSystem.State
        public DOFException getAuthorizeException() {
            return this.authorizeException;
        }
    }

    public OALSystem(OALCore oALCore, DOFSystem dOFSystem, DOFSystem.Config config, ImmutableData immutableData) {
        this.nodeScope = null;
        this.directTunnelScope = null;
        this.permissions = new ScopedPermissionList();
        this.destroyMonitor = new Object();
        this.isDestroyed = false;
        this.listeners = new ArrayList();
        this.grantEnd = new AtomicLong();
        this.nextAuthorize = new AtomicLong();
        this.authorizedMonitor = new Object();
        this.authorizeException = null;
        this.isAuthorized = false;
        this.core = oALCore;
        this.dofSystem = dOFSystem;
        this.config = config;
        this.systemData = immutableData;
        this.credentials = config.getCredentials() != null ? oALCore.globalFactory.getInternalCredentials(config.getCredentials()) : null;
        this.queryManager = new OALQueryManager(this, oALCore);
        this.interestManager = new OALSystemInterestManager(this, oALCore);
        this.objectManager = new OALObjectManager(this, oALCore);
        this.routeListenerAdapter = new RouteListenerAdapter(this, oALCore);
        this.inboundOutbound = new OALInboundOutbound(this, oALCore);
        this.subscriptions = new ArrayList();
        this.registrations = new ArrayList();
        if (oALCore != null) {
            oALCore.systemUniqueNaming.addName(config.getName());
        }
        if (this.credentials != null) {
            this.internalDomain = oALCore.getDOF().createDomain(new DOFDomain.Config.Builder(config.getCredentials()).setRetryPeriod(10000).build());
            this.internalDomain.addStateListener(this);
        } else {
            this.isAuthorized = true;
            this.internalDomain = null;
        }
        if (this.credentials == null) {
            this.nodeScope = OALCore.getUnsecureScope();
        }
    }

    private OALSystem() {
        this(null, null, new DOFSystem.Config.Builder().build(), new ImmutableData(new Data()));
    }

    @Override // org.opendof.core.internal.core.OperationProcessor
    public boolean isDirected() {
        return true;
    }

    @Override // org.opendof.core.internal.core.OperationProcessor
    public boolean isInterestProcessor() {
        return true;
    }

    void tryAuthorize() {
        try {
            if (DOF.Log.isLogTrace()) {
                DOF.Log.message("DOFSystem", DOF.Log.Level.TRACE, this.core.getName() + " - Authorizing system with creds " + this.credentials);
            }
            authorize(30000);
            setAuthorized(true, null);
        } catch (DOFException e) {
            if (DOF.Log.isLogTrace()) {
                DOF.Log.message("DOFSystem", DOF.Log.Level.TRACE, this.core.getName() + " - Failed to authorize system with creds " + this.credentials + ": " + e);
            }
            setAuthorized(false, e);
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void authorize(int i) throws DOFException {
        if (this.credentials == null) {
            this.nodeScope = OALCore.getUnsecureScope();
            return;
        }
        if (!this.credentials.isResolved()) {
            this.credentials.resolve(this.core, null, i);
        }
        this.core.getDomainStore().registerCredentials(this.credentials);
        DomainStore.DomainAlias domainAlias = this.core.getDomainStore().getDomainAlias(this.credentials);
        OALSecurityScope oalSecurityScope = this.config.getRemoteDomain() == null ? null : this.core.globalFactory.getOalSecurityScope(this.config.getRemoteDomain());
        int i2 = -1;
        if (oalSecurityScope != null) {
            if (domainAlias.equals(oalSecurityScope.getDomainAlias())) {
                throw new DOFSecurityException("RemoteDomain is not remote.");
            }
            i2 = this.core.getDomainStore().getRDID(domainAlias, oalSecurityScope.getDomainAlias());
            this.directTunnelScope = this.core.globalFactory.createSecurityScope(this.core, oalSecurityScope.getDomainAlias(), (List<Integer>) null, true, false);
        }
        DOFPermissionSet.Builder builder = new DOFPermissionSet.Builder(this.config.getPermissions());
        if (this.config.isTunnelDomains()) {
            builder.addPermission(OALBridge.TUNNEL_ANY);
        }
        if (i2 != -1) {
            builder.addPermission(new DOFPermission.TunnelDomain(i2));
        }
        if (this.config.isPermissionsExtendAllowed()) {
            builder.addPermissions(OALBridge.GENERAL_BINDING_PERMS);
        }
        DOFPermissionSet build = builder.build();
        Set<Short> tRPAppIDsForDomain = this.core.getTRPAppIDsForDomain(this.credentials.getDomainID());
        OALOperation.WaitingListener waitingListener = new OALOperation.WaitingListener();
        OALOperation.MultiResponseCompleteListener multiResponseCompleteListener = new OALOperation.MultiResponseCompleteListener(waitingListener, tRPAppIDsForDomain.size());
        Iterator<Short> it = tRPAppIDsForDomain.iterator();
        while (it.hasNext()) {
            ScopeOperation scopeOperation = new ScopeOperation(new OALOperation.State(this.core, this, this.core.createOperationID(), i), new Authenticator.RequestSecurityScopes(this.credentials.getDomainID(), new KeyRequest(EncryptionUtil.createRandomNonce(8), this.credentials.getIdentification(), build, (short) 1), this.credentials.getIdentity()), this.credentials, null, it.next().shortValue());
            scopeOperation.setCompleteListener(multiResponseCompleteListener);
            this.core.process(scopeOperation);
        }
        try {
            waitingListener.waitComplete(i);
            ScopeOperation scopeOperation2 = (ScopeOperation) waitingListener.getOperation();
            this.nodeScope = scopeOperation2.getScope();
            if (this.nodeScope == null) {
                throw new DOFAccessDeniedException("System has no permissions.");
            }
            this.nodeScope = this.core.globalFactory.createSecurityScope(this.core, domainAlias, this.nodeScope.getIDs(), this.nodeScope.isAllScopes(), this.nodeScope.isMasking());
            if (!this.nodeScope.hasIDs()) {
                throw new DOFAccessDeniedException("System has no permissions.");
            }
            ScopedPermissionList create = ScopedPermissionList.create(build, scopeOperation2.getScopeList().intersectWith(this.nodeScope));
            this.permissions.clear();
            this.permissions.add(create);
            if (i2 != -1) {
                OALSecurityScope securityScope = create.getSecurityScope(this.core, new DOFPermission.TunnelDomain(i2), this.config.isPermissionsExtendAllowed());
                this.core.permissionRequested(this.credentials.getIdentity(), new DOFPermission.TunnelDomain(i2), securityScope);
                if (!securityScope.hasIDs()) {
                    throw new DOFAuthenticationFailedException("Unable to authorize tunneling system.");
                }
            }
            if (DOF.Log.isLogTrace()) {
                DOF.Log.message("DOFSystem", DOF.Log.Level.TRACE, this.core.getName() + " - authorized system with creds " + this.credentials + " in rdid " + i2 + " and remote scope: " + oalSecurityScope);
            }
            this.grantEnd.set(System.currentTimeMillis() + (scopeOperation2.getScopeResponse().getResponseBlock().getGrantedDuration() * this.core.getGrantTimeUnit()));
            this.nextAuthorize.set(this.grantEnd.get() - (5 * this.core.getGrantTimeUnit()));
        } catch (DOFSecurityException e) {
            throw e;
        } catch (DOFErrorException e2) {
            throw new DOFSecurityException("System Authentication Failed: TIMEOUT");
        } catch (Exception e3) {
            throw new DOFAuthenticationFailedException(e3);
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void setAuthorized(boolean z, DOFException dOFException) {
        boolean z2;
        DOFException dOFException2;
        if (z && dOFException != null) {
            throw new IllegalArgumentException("Cannot be authorized and have an exception.");
        }
        synchronized (this.authorizedMonitor) {
            z2 = this.isAuthorized;
            dOFException2 = this.authorizeException;
            this.isAuthorized = z;
            this.authorizeException = dOFException;
            this.authorizedMonitor.notifyAll();
        }
        if (z != z2) {
            notifyStateListeners();
            return;
        }
        if (dOFException2 != null && dOFException != null && dOFException2.getErrorCode() != dOFException.getErrorCode()) {
            notifyStateListeners();
            return;
        }
        if (dOFException == null && dOFException2 != null) {
            notifyStateListeners();
        } else {
            if (dOFException2 != null || dOFException == null) {
                return;
            }
            notifyStateListeners();
        }
    }

    public void destroy() {
        synchronized (this.destroyMonitor) {
            if (this.isDestroyed) {
                return;
            }
            this.isDestroyed = true;
            synchronized (this.listeners) {
                Iterator<DOFSystem.StateListener> it = this.listeners.iterator();
                while (it.hasNext()) {
                    queueStateListenerRemoved(it.next(), null);
                }
                this.listeners.clear();
            }
            Iterator<DOFSubscription> it2 = this.subscriptions.iterator();
            while (it2.hasNext()) {
                it2.next().destroy();
            }
            Iterator<DOFRegistration> it3 = this.registrations.iterator();
            while (it3.hasNext()) {
                it3.next().destroy();
            }
            this.objectManager.destroy();
            if (this.core != null) {
                this.core.removeSystem(this);
            }
            this.queryManager.destroy();
            this.interestManager.destroy();
            this.inboundOutbound.destroy();
            this.core.systemUniqueNaming.removeName(this.config.getName());
        }
    }

    public void waitAuthorized(int i) throws DOFException {
        ConditionWaiter.waitForCondition(new AuthorizedWaiter(this), this.authorizedMonitor, i);
        synchronized (this.authorizedMonitor) {
            if (this.authorizeException != null) {
                throw this.authorizeException;
            }
        }
    }

    @Override // org.opendof.core.oal.DOFDomain.StateListener
    public void stateChanged(DOFDomain dOFDomain, DOFDomain.State state) {
        if (state.isConnected() && !this.isAuthorized) {
            this.core.getThreadPool().submit(new NameableRunnable() { // from class: org.opendof.core.internal.core.OALSystem.1
                @Override // java.lang.Runnable
                public void run() {
                    OALSystem.this.tryAuthorize();
                }

                @Override // org.opendof.core.internal.util.NameableRunnable
                public String getName() {
                    return "AsyncAuthorizeSystem";
                }
            });
        }
        if (state.isConnected()) {
            return;
        }
        setAuthorized(false, state.getException());
    }

    private void notifyStateListeners() {
        DOFSystem.State state = getState();
        synchronized (this.listeners) {
            Iterator<DOFSystem.StateListener> it = this.listeners.iterator();
            while (it.hasNext()) {
                queueStateChanged(it.next(), state);
            }
        }
    }

    private void queueStateChanged(final DOFSystem.StateListener stateListener, final DOFSystem.State state) {
        this.core.queueTask(new DOFListenerInvoker(this.core.getDOF(), stateListener.getClass(), ".stateChanged") { // from class: org.opendof.core.internal.core.OALSystem.2
            @Override // org.opendof.core.oal.DOFListenerInvoker
            public void invoke() {
                stateListener.stateChanged(OALSystem.this.dofSystem, state);
            }
        });
    }

    private void queueStateListenerRemoved(final DOFSystem.StateListener stateListener, final DOFException dOFException) {
        this.core.queueTask(new DOFListenerInvoker(this.core.getDOF(), stateListener.getClass(), ".removed") { // from class: org.opendof.core.internal.core.OALSystem.3
            @Override // org.opendof.core.oal.DOFListenerInvoker
            public void invoke() {
                stateListener.removed(OALSystem.this.dofSystem, dOFException);
            }
        });
    }

    @Override // org.opendof.core.oal.DOFDomain.StateListener
    public void removed(DOFDomain dOFDomain, DOFException dOFException) {
    }

    public DOFSystem getDOFSystem() {
        return this.dofSystem;
    }

    public OALCore getCore() {
        return this.core;
    }

    public DOF getDOF() {
        if (this.core != null) {
            return this.core.getDOF();
        }
        return null;
    }

    public DOFSystem.State getState() {
        State state;
        DOFCredentials createNeuteredCredentials = this.core.globalFactory.createNeuteredCredentials(this.credentials);
        synchronized (this.authorizedMonitor) {
            state = new State(this.core, this.systemData, createNeuteredCredentials, this.isAuthorized, this.authorizeException);
        }
        return state;
    }

    public boolean isUnsecure() {
        if (this.nodeScope == null) {
            return false;
        }
        return this.nodeScope.equals(OALCore.getUnsecureScope());
    }

    @Override // org.opendof.core.internal.core.OperationSource
    public OALSecurityScope getInboundScope(DOFPermission dOFPermission) {
        if (dOFPermission == null) {
            return this.nodeScope;
        }
        if (isUnsecure() || OALBridge.isIdentity(dOFPermission)) {
            return OALCore.getUnsecureScope();
        }
        if (this.directTunnelScope != null) {
            return this.directTunnelScope;
        }
        OALSecurityScope securityScope = this.permissions.getSecurityScope(this.core, dOFPermission, this.config.isPermissionsExtendAllowed());
        this.core.permissionRequested(this.credentials.getIdentity(), dOFPermission, securityScope);
        return securityScope;
    }

    @Override // org.opendof.core.internal.core.OperationProcessor
    public OALSecurityScope getOutboundScope(DOFPermission dOFPermission) {
        return getScope(new DOFPermissionSet.Builder().addPermission(dOFPermission).build());
    }

    public OALSecurityScope getOutboundScope(DOFPermissionSet dOFPermissionSet) {
        return getScope(dOFPermissionSet);
    }

    private OALSecurityScope getScope(DOFPermissionSet dOFPermissionSet) {
        if (this.permissions == null) {
            return this.nodeScope;
        }
        if (isUnsecure()) {
            return OALCore.getUnsecureScope();
        }
        if (this.directTunnelScope != null) {
            return this.directTunnelScope;
        }
        ArrayList<OALSecurityScope> arrayList = new ArrayList();
        for (DOFPermission dOFPermission : dOFPermissionSet.getPermissions()) {
            OALSecurityScope unsecureScope = OALBridge.isIdentity(dOFPermission) ? OALCore.getUnsecureScope() : this.permissions.getSecurityScope(this.core, dOFPermission, this.config.isPermissionsExtendAllowed());
            this.core.permissionRequested(this.credentials.getIdentity(), dOFPermission, unsecureScope);
            if (unsecureScope == null) {
                return null;
            }
            arrayList.add(unsecureScope);
        }
        OALSecurityScope oALSecurityScope = null;
        for (OALSecurityScope oALSecurityScope2 : arrayList) {
            oALSecurityScope = oALSecurityScope == null ? oALSecurityScope2 : oALSecurityScope.getCompatibleScope(oALSecurityScope2);
        }
        return oALSecurityScope;
    }

    @Override // org.opendof.core.internal.core.OperationProcessor
    public OALSecurityScope getOutboundScope() {
        return this.directTunnelScope != null ? this.directTunnelScope : this.nodeScope;
    }

    @Override // org.opendof.core.internal.core.OperationProcessor
    public void process(OALOperation.Queue queue) {
        ArrayList arrayList;
        synchronized (queue) {
            arrayList = new ArrayList(queue.list());
            queue.clear();
        }
        if (queue.getDirection() != OALOperation.Queue.Direction.INBOUND) {
            Iterator it = arrayList.iterator();
            while (it.hasNext()) {
                process((OALOperation) it.next());
            }
        } else {
            Iterator it2 = arrayList.iterator();
            while (it2.hasNext()) {
                this.core.process((OALOperation) it2.next());
            }
        }
    }

    @Override // org.opendof.core.internal.core.OperationProcessor
    public void process(final OALOperation oALOperation) {
        if (isDestroyed()) {
            return;
        }
        this.core.getThreadPool().submit(new AsyncRunnable() { // from class: org.opendof.core.internal.core.OALSystem.4
            @Override // java.lang.Runnable
            public void run() {
                OALSystem.this.asyncProcess(oALOperation);
            }

            @Override // org.opendof.core.internal.util.NameableRunnable
            public String getName() {
                return OALSystem.this.core.getName() + "-SystemAsyncProcess";
            }
        });
    }

    public void asyncProcess(OALOperation oALOperation) {
        if (isDestroyed()) {
            return;
        }
        if ((!(oALOperation instanceof OAPOperation) || isCompatible(oALOperation.getSecurityScope())) && isAllowedByReceiveFilter(oALOperation)) {
            DOFPermissionSet outboundSystemPermissions = getOutboundSystemPermissions(this, oALOperation);
            if (outboundSystemPermissions.getPermissions().isEmpty()) {
                poolProcess(oALOperation);
                return;
            }
            boolean z = false;
            OALSecurityScope outboundScope = getOutboundScope(outboundSystemPermissions);
            if (outboundScope != null && outboundScope.hasIDs()) {
                z = true;
            } else {
                if (outboundScope != null) {
                    oALOperation.permissionFailure(true);
                    return;
                }
                if (!isPermissionsExtendAllowed()) {
                    oALOperation.permissionFailure(true);
                    return;
                }
                synchronized (this.inboundOutbound.blockedOutboundOperations) {
                    if (!this.inboundOutbound.blockedOutboundOperations.isEmpty()) {
                        oALOperation.setPending();
                        this.inboundOutbound.blockedOutboundOperations.add(oALOperation);
                        return;
                    } else {
                        oALOperation.setPending();
                        this.inboundOutbound.blockedOutboundOperations.add(oALOperation);
                        poolObtainOutboundPermission(this.inboundOutbound.blockedOutboundOperations);
                    }
                }
            }
            if (z) {
                poolProcess(oALOperation);
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void poolObtainOutboundPermission(final OALOperation.Queue queue) {
        if (queue == null) {
            return;
        }
        this.core.getAuthThreadPool().submit(new AsyncRunnable() { // from class: org.opendof.core.internal.core.OALSystem.5
            @Override // java.lang.Runnable
            public void run() {
                OALSystem.this.inboundOutbound.obtainOutboundPermission(queue);
            }

            @Override // org.opendof.core.internal.util.NameableRunnable
            public String getName() {
                return getName() + "-poolObtainOutboundPermission";
            }
        });
    }

    @Override // org.opendof.core.internal.core.OperationProcessor
    public void obtainInboundPermissionAndProcess(OALOperation oALOperation, ArrayList<DOFPermission> arrayList) {
        if (oALOperation == null) {
            throw new IllegalArgumentException("operation == null");
        }
        if (!isPermissionsExtendAllowed()) {
            oALOperation.permissionFailure(false);
            return;
        }
        synchronized (this.inboundOutbound.blockedInboundOperations) {
            if (!this.inboundOutbound.blockedInboundOperations.isEmpty()) {
                oALOperation.setPending();
                this.inboundOutbound.blockedInboundOperations.add(oALOperation);
            } else {
                oALOperation.setPending();
                this.inboundOutbound.blockedInboundOperations.add(oALOperation);
                this.inboundOutbound.obtainInboundPermission(this.inboundOutbound.blockedInboundOperations);
            }
        }
    }

    @Override // org.opendof.core.internal.core.OperationSource
    public void sendResponse(OALOperation oALOperation) {
        if (this.isDestroyed) {
            return;
        }
        try {
            oALOperation.process(this);
        } catch (OALOperation.ProcessException e) {
            if (DOF.Log.isLogWarn()) {
                DOF.Log.message(DOF.Log.Level.WARN, "Process exception: " + e, e);
            }
        }
    }

    @Override // org.opendof.core.internal.core.OperationSource
    public boolean isSameAs(OperationProcessor operationProcessor) {
        return this == operationProcessor;
    }

    @Override // org.opendof.core.internal.core.OperationSource
    public boolean isSameAs(OperationSource operationSource) {
        return this == operationSource;
    }

    @Override // org.opendof.core.internal.core.OperationSource
    public boolean isBetter(OperationSource operationSource) {
        return true;
    }

    @Override // org.opendof.core.internal.core.OperationSource
    public OperationProcessor getOperationProcessor() {
        return this;
    }

    public boolean isAllowedBySendFilter(DOFOperation dOFOperation) {
        if (this.config.getSendFilter() == null) {
            return true;
        }
        return this.config.getSendFilter().isAllowed(dOFOperation);
    }

    public boolean isAllowedByReceiveFilter(DOFOperation dOFOperation) {
        if (this.config.getReceiveFilter() == null) {
            return true;
        }
        return this.config.getReceiveFilter().isAllowed(dOFOperation);
    }

    @Override // org.opendof.core.internal.core.OperationProcessor
    public boolean isCompatible(OALSecurityScope oALSecurityScope) {
        if (this.nodeScope == null) {
            return false;
        }
        return this.nodeScope.isCompatible(oALSecurityScope) || canTunnel(oALSecurityScope);
    }

    private boolean canTunnel(OALSecurityScope oALSecurityScope) {
        if (this.directTunnelScope != null) {
            return this.directTunnelScope.isCompatible(oALSecurityScope);
        }
        if (!this.nodeScope.isSecure() || !oALSecurityScope.isSecure() || !isTunneling()) {
            return false;
        }
        OALSecurityScope scope = getScope(new DOFPermissionSet.Builder().addPermission(new DOFPermission.TunnelDomain(this.core.getDomainStore().getRDID(this.nodeScope.getDomainAlias(), oALSecurityScope.getDomainAlias()))).build());
        if (scope == null || scope.isMasking()) {
            return true;
        }
        return scope.hasIDs();
    }

    private boolean isTunneling() {
        return this.config.isTunnelDomains() || getConfiguredRDID() != -1;
    }

    public int getRemoteDomainID(DOFSecurityScope dOFSecurityScope) {
        if (dOFSecurityScope == null) {
            throw new IllegalArgumentException("scope == null");
        }
        if (this.nodeScope == null || this.nodeScope.equals(OALCore.getUnsecureScope())) {
            throw new IllegalArgumentException("System is not secure.");
        }
        OALSecurityScope oalSecurityScope = this.core.globalFactory.getOalSecurityScope(dOFSecurityScope);
        if (this.nodeScope.getDomainAlias().equals(oalSecurityScope.getDomainAlias())) {
            return -1;
        }
        if (this.core.getDomainStore().getRDID(this.nodeScope.getDomainAlias(), oalSecurityScope.getDomainAlias()) == -1) {
            throw new IllegalArgumentException("Domains are not related.");
        }
        return this.core.getDomainStore().getRDID(this.nodeScope.getDomainAlias(), oalSecurityScope.getDomainAlias());
    }

    private int getConfiguredRDID() {
        if (this.directTunnelScope != null) {
            return this.directTunnelScope.getTunnelID() != -1 ? this.directTunnelScope.getTunnelID() : this.core.getDomainStore().getRDID(this.core.getDomainStore().getDomainAlias(this.credentials), this.directTunnelScope.getDomainAlias());
        }
        return -1;
    }

    @Override // org.opendof.core.internal.core.OperationProcessor
    public Map<Class<? extends Router>, Object> getRouters() {
        HashMap hashMap = new HashMap(1);
        hashMap.put(OAPRouter.class, null);
        return hashMap;
    }

    @Override // org.opendof.core.internal.core.OperationProcessor
    public boolean isInternal() {
        return true;
    }

    @Override // org.opendof.core.internal.core.OperationProcessor
    public boolean isDestroyed() {
        return this.isDestroyed;
    }

    @Override // org.opendof.core.internal.core.OperationSource
    public String getName() {
        return this.config.getName();
    }

    public String toString() {
        return "System: " + this.core.getName() + "|" + this.config.getName();
    }

    public Collection<DOFInterfaceID> getProviderInterfaces(DOFObjectID dOFObjectID) {
        if (dOFObjectID == null) {
            throw new IllegalArgumentException("getObjectInterfaces: oid == null");
        }
        return this.core.getProviderInterfaces(dOFObjectID, this.nodeScope);
    }

    public DOFRouteInfo getProviderRoute(DOFObjectID dOFObjectID, DOFInterfaceID dOFInterfaceID) {
        ProvideOperation interfaceConnectionInfo;
        if (dOFObjectID == null || dOFInterfaceID == null || (interfaceConnectionInfo = this.core.getInterfaceConnectionInfo(dOFObjectID, dOFInterfaceID, this.nodeScope)) == null) {
            return null;
        }
        return new OALRouteInfo(interfaceConnectionInfo);
    }

    public boolean isPermissionsExtendAllowed() {
        return this.config.isPermissionsExtendAllowed();
    }

    public static DOFPermissionSet getOutboundSystemPermissions(OALSystem oALSystem, OALOperation oALOperation) {
        DOFPermission requiredOperationPermission = oALOperation.getState().isCommand() ? oALOperation.getRequiredOperationPermission() : oALOperation.getRequiredOperationPermission(oALOperation);
        DOFPermissionSet.Builder builder = new DOFPermissionSet.Builder();
        DOFPermissionSet dOFPermissionSet = null;
        if (requiredOperationPermission != null) {
            dOFPermissionSet = !oALOperation.getSource().isSameAs((OperationSource) oALSystem) ? requiredOperationPermission.getComplement() : builder.addPermission(requiredOperationPermission).build();
        }
        return dOFPermissionSet;
    }

    private static OALSecurityScopeList intersectPermScopesWithNodeScope(OALCore oALCore, OALSecurityScopeList oALSecurityScopeList, OALSecurityScope oALSecurityScope) {
        return oALSecurityScopeList.intersectWith(oALSecurityScope);
    }

    private void poolProcess(OALOperation oALOperation) {
        this.core.getThreadPool().submit(oALOperation.getAsyncProcess(this));
    }

    @Override // org.opendof.core.internal.core.OperationSource
    public DOFObjectID.Source getInboundSourceID() {
        return null;
    }

    public void addStateListener(DOFSystem.StateListener stateListener) {
        synchronized (this.listeners) {
            this.listeners.add(stateListener);
            queueStateChanged(stateListener, getState());
        }
    }

    public void removeStateListener(DOFSystem.StateListener stateListener) {
        synchronized (this.listeners) {
            this.listeners.remove(stateListener);
            queueStateListenerRemoved(stateListener, null);
        }
    }

    public boolean extendPermissions(DOFPermissionSet dOFPermissionSet) {
        if (!this.config.isPermissionsExtendAllowed() || isUnsecure()) {
            return false;
        }
        try {
            DOFPermissionSet optimizeRequestPermissions = OALBridge.optimizeRequestPermissions(dOFPermissionSet, this.permissions);
            if (optimizeRequestPermissions.size() == 0) {
                return false;
            }
            Set<Short> tRPAppIDsForDomain = this.core.getTRPAppIDsForDomain(this.credentials.getDomainID());
            OALOperation.WaitingListener waitingListener = new OALOperation.WaitingListener();
            OALOperation.MultiResponseCompleteListener multiResponseCompleteListener = new OALOperation.MultiResponseCompleteListener(waitingListener, tRPAppIDsForDomain.size());
            Iterator<Short> it = tRPAppIDsForDomain.iterator();
            while (it.hasNext()) {
                ScopeOperation scopeOperation = new ScopeOperation(new OALOperation.State(this.core, this, this.core.createOperationID(), 30000), new Authenticator.RequestSecurityScopes(this.credentials.getDomainID(), new KeyRequest(EncryptionUtil.createRandomNonce(8), this.credentials.getIdentification(), optimizeRequestPermissions, (short) 1), this.credentials.getIdentity()), this.credentials, null, it.next().shortValue());
                scopeOperation.setCompleteListener(multiResponseCompleteListener);
                this.core.process(scopeOperation);
            }
            try {
                try {
                    waitingListener.waitComplete(30000);
                    this.permissions.add(optimizeRequestPermissions, intersectPermScopesWithNodeScope(this.core, ((ScopeOperation) waitingListener.getOperation()).getScopeList(), this.nodeScope));
                    return true;
                } catch (DOFErrorException e) {
                    throw new DOFSecurityException("System Authentication Failed: TIMEOUT");
                }
            } catch (DOFSecurityException e2) {
                throw e2;
            } catch (Exception e3) {
                throw new DOFAuthenticationFailedException(e3);
            }
        } catch (DOFException e4) {
            return false;
        }
    }

    public void checkGrantDuration() {
        if (isUnsecure() || this.nextAuthorize.get() > System.currentTimeMillis() || this.nextAuthorize.get() == 0) {
            return;
        }
        this.nextAuthorize.set(this.nextAuthorize.get() + this.core.getGrantTimeUnit());
        this.core.getThreadPool().submit(new AsyncRunnable() { // from class: org.opendof.core.internal.core.OALSystem.6
            @Override // org.opendof.core.internal.util.NameableRunnable
            public String getName() {
                return "AsyncReauthorizeSystem";
            }

            @Override // java.lang.Runnable
            public void run() {
                try {
                    OALSystem.this.authorize(30000);
                    OALSystem.this.setAuthorized(true, null);
                } catch (DOFException e) {
                    if (DOF.Log.isLogError()) {
                        DOF.Log.message("DOFSystem", DOF.Log.Level.ERROR, "Failed to reauthorize system.", e);
                    }
                    if (OALSystem.this.grantEnd.get() <= System.currentTimeMillis()) {
                        OALSystem.this.setAuthorized(false, new DOFAccessDeniedException("System grant expired."));
                    }
                }
            }
        });
    }

    public void addSubscriptions(DOFSubscription dOFSubscription) {
        this.subscriptions.add(dOFSubscription);
    }

    public void addRegistrations(DOFRegistration dOFRegistration) {
        this.registrations.add(dOFRegistration);
    }
}
