package org.opendof.core.internal.protocol.trp;

import java.util.Arrays;
import org.opendof.core.internal.core.OALChannel;
import org.opendof.core.internal.core.OALOperation;
import org.opendof.core.internal.core.OALSecurityScope;
import org.opendof.core.internal.core.OALSecurityScopeList;
import org.opendof.core.internal.protocol.Marshallable;
import org.opendof.core.internal.protocol.PacketData;
import org.opendof.core.internal.protocol.security.AuthenticationException;
import org.opendof.core.internal.protocol.security.Authenticator;
import org.opendof.core.internal.protocol.security.EncryptionUtil;
import org.opendof.core.internal.protocol.security.credentials.Credentials;
import org.opendof.core.internal.util.BufferedPacket;
import org.opendof.core.oal.DOF;
import org.opendof.core.oal.DOFMarshalContext;
import org.opendof.core.oal.DOFMarshalException;
import org.opendof.core.oal.DOFPacket;
import org.opendof.core.oal.security.DOFAuthenticationFailedException;
import org.opendof.core.oal.security.DOFSecurityException;

/* loaded from: input_file:org/opendof/core/internal/protocol/trp/ScopeOperation.class */
public class ScopeOperation extends TRPOperation implements Marshallable {
    public static final short OPCODE = 4;
    public static final short OPCODE_ALT = 11;
    private volatile Authenticator.RequestSecurityScopes scopeRequest;
    private Authenticator.RequestSecurityScopesResponse scopeResponse;

    public ScopeOperation(OALOperation.State state, Authenticator.RequestSecurityScopes requestSecurityScopes, Credentials credentials, OALChannel oALChannel, short s) {
        super(credentials, state, null, oALChannel, s);
        this.scopeRequest = requestSecurityScopes;
        this.domain = this.scopeRequest.getRequestBlock().getAuth().getDomainID();
        if (this.domain.isBroadcast() || this.domain.hasAttributes()) {
            throw new IllegalArgumentException("ScopeOperation: domain.isBroadcast() || domain.hasAttributes()");
        }
    }

    public ScopeOperation(OALOperation.State state, Authenticator.RequestSecurityScopesResponse requestSecurityScopesResponse, short s) {
        super(null, state, null, null, s);
        this.scopeResponse = requestSecurityScopesResponse;
        this.domain = requestSecurityScopesResponse.getDomain();
    }

    public ScopeOperation(PacketData packetData, DOFMarshalContext dOFMarshalContext, Object obj, BufferedPacket bufferedPacket) throws DOFMarshalException {
        super(null, packetData.opState, null, null, packetData.appVersion);
        if (dOFMarshalContext != DOFMarshalContext.COMMAND) {
            OALOperation operation = packetData.opState.getCore().getOperation(packetData.opState.getOperationID());
            if (operation != null) {
                this.domain = ((ScopeOperation) operation).domain;
            }
            this.scopeResponse = new Authenticator.RequestSecurityScopesResponse(packetData, dOFMarshalContext, this.domain, bufferedPacket);
            return;
        }
        this.scopeRequest = new Authenticator.RequestSecurityScopes(packetData, dOFMarshalContext, obj, bufferedPacket);
        this.domain = this.scopeRequest.getDomain();
        if (this.domain.hasAttributes() || this.domain.isBroadcast()) {
            throw new DOFMarshalException("ScopeOperation unmarshal failed: domain.hasAttributes() || domain.isBroadcast()", null);
        }
    }

    @Override // org.opendof.core.internal.protocol.trp.TRPOperation
    public void process(Authenticator authenticator) {
        try {
            respond(new ScopeOperation(getState().asResponse(), authenticator.requestSecurityScope(this.scopeRequest, DefaultTRP.getCipherAlgorithm(this.appid)), this.appid));
        } catch (AuthenticationException e) {
            if (DOF.Log.isLogDebug()) {
                if (this.scopeRequest != null) {
                    DOF.Log.message(DOF.Log.Level.DEBUG, "Authenticator for domain " + authenticator.getDomainID() + " identity " + this.scopeRequest.getRequestBlock().getAuth().getCredentials().getIdentity() + ", requestSecurityScope failed with authentication error", e);
                } else {
                    DOF.Log.message(DOF.Log.Level.DEBUG, "Authenticator for domain " + authenticator.getDomainID() + ", requestSecurityScope failed with authentication error", e);
                }
            }
            respond(new RejectOperation(getState().asResponse(), e.getErrorCode(), this.appid));
        } catch (Exception e2) {
            if (DOF.Log.isLogWarn()) {
                if (this.scopeRequest != null) {
                    DOF.Log.message(DOF.Log.Level.WARN, "Authenticator for domain " + authenticator.getDomainID() + " identity " + this.scopeRequest.getRequestBlock().getAuth().getCredentials().getIdentity() + ", requestSecurityScope failed with internal error", e2);
                } else {
                    DOF.Log.message(DOF.Log.Level.WARN, "Authenticator for domain " + authenticator.getDomainID() + ", requestSecurityScope failed with internal error", e2);
                }
            }
            respond(new RejectOperation(getState().asResponse(), AuthenticationException.INTERNAL_ERROR, this.appid));
        }
        asyncSetComplete();
    }

    public Authenticator.RequestSecurityScopes getScopeRequest() {
        return this.scopeRequest != null ? this.scopeRequest : ((ScopeOperation) getCommandOperation()).scopeRequest;
    }

    public synchronized Authenticator.RequestSecurityScopesResponse getScopeResponse() throws DOFSecurityException {
        Authenticator.RequestSecurityScopesResponse requestSecurityScopesResponse;
        Authenticator.RequestSecurityScopes requestSecurityScopes;
        if (this.scopeRequest == null) {
            requestSecurityScopes = getScopeRequest();
            requestSecurityScopesResponse = this.scopeResponse;
        } else {
            if (this.scopeResponse != null) {
                return this.scopeResponse;
            }
            if (getFirstResponse() == null) {
                throw new DOFSecurityException("No response.");
            }
            if (getFirstResponse() instanceof RejectOperation) {
                throw new AuthenticationException(805306368 | ((RejectOperation) getFirstResponse()).getError());
            }
            requestSecurityScopesResponse = ((ScopeOperation) getFirstResponse()).scopeResponse;
            if (requestSecurityScopesResponse == null) {
                throw new DOFSecurityException();
            }
            requestSecurityScopes = this.scopeRequest;
        }
        if (getCredentials() == null) {
            throw new DOFSecurityException("Credentials not known.");
        }
        byte[] sharedSecret = getCredentials().getSharedSecret();
        byte[] sessionKey = requestSecurityScopesResponse.getTicket().getSessionKey(sharedSecret);
        byte[] bytes = requestSecurityScopesResponse.getResponseBlock().getBytes();
        byte[] bytes2 = requestSecurityScopes.getRequestBlock().getBytes();
        if (!Arrays.equals(requestSecurityScopesResponse.getTicket().mac, EncryptionUtil.hmac_SHA256(sharedSecret, requestSecurityScopes.getRequestBlock().getAuth().getDomainID(), bytes2, 0, bytes2.length, null, 0, 0, bytes, 0, bytes.length, sessionKey))) {
            getCredentials().reset();
            throw new DOFAuthenticationFailedException();
        }
        this.scopeResponse = requestSecurityScopesResponse;
        this.scopeRequest = requestSecurityScopes;
        validResponse();
        return this.scopeResponse;
    }

    public synchronized OALSecurityScope getScope() throws DOFSecurityException {
        getScopeResponse();
        return this.scopeResponse.getResponseBlock().getSecurityScope();
    }

    public synchronized OALSecurityScopeList getScopeList() throws DOFSecurityException {
        getScopeResponse();
        return this.scopeResponse.getResponseBlock().getSecurityScopes();
    }

    @Override // org.opendof.core.internal.core.OALOperation, org.opendof.core.internal.protocol.Marshallable
    public synchronized void marshal(DOFMarshalContext dOFMarshalContext, Object obj, DOFPacket dOFPacket) throws DOFMarshalException {
        if (dOFMarshalContext == DOFMarshalContext.COMMAND) {
            this.scopeRequest.marshal(dOFMarshalContext, obj, dOFPacket);
        } else {
            this.scopeResponse.marshal(dOFMarshalContext, obj, dOFPacket);
        }
    }
}
