package org.opendof.core.internal.protocol.security;

import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collection;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Set;
import org.opendof.core.internal.core.OALCore;
import org.opendof.core.internal.core.OALSecurityScope;
import org.opendof.core.internal.core.OALSecurityScopeList;
import org.opendof.core.internal.core.security.DomainStore;
import org.opendof.core.internal.core.security.OALSecurityTicket;
import org.opendof.core.internal.protocol.Marshallable;
import org.opendof.core.internal.protocol.PacketData;
import org.opendof.core.internal.protocol.security.credentials.AuthenticatorCredentialStorage;
import org.opendof.core.internal.protocol.security.credentials.Credentials;
import org.opendof.core.internal.protocol.security.credentials.Identification;
import org.opendof.core.internal.protocol.security.credentials.ResolutionResponse;
import org.opendof.core.internal.protocol.security.credentials.key.SharedKeyCredentials;
import org.opendof.core.internal.protocol.tep.DefaultTEP;
import org.opendof.core.internal.protocol.trp.DefaultTRP;
import org.opendof.core.internal.protocol.trp.TRPRequest;
import org.opendof.core.internal.util.BufferedPacket;
import org.opendof.core.oal.DOF;
import org.opendof.core.oal.DOFAuthenticator;
import org.opendof.core.oal.DOFErrorException;
import org.opendof.core.oal.DOFMarshalContext;
import org.opendof.core.oal.DOFMarshalException;
import org.opendof.core.oal.DOFObjectID;
import org.opendof.core.oal.DOFPacket;
import org.opendof.core.oal.DOFUtil;
import org.opendof.core.oal.security.DOFCipher;
import org.opendof.core.oal.security.DOFPermission;
import org.opendof.core.oal.security.DOFPermissionSet;
import org.opendof.core.oal.security.DOFSecurityException;

/* loaded from: input_file:org/opendof/core/internal/protocol/security/Authenticator.class */
public class Authenticator {
    private final OALCore core;
    public static final int NODE_SCOPES_ID = 1073741821;
    private final DOFAuthenticator.Storage storage;
    private final int maxLifetimeGrant;
    private final boolean isDebug;
    private final byte[] debugKey;
    private final DOFObjectID.Domain domainID;
    private final DomainStore.DomainAlias domainAlias;
    private final DOFPermissionSet emptyPermSet;
    private final SharedKeyCredentials presharedKeyCred;
    private final SourceIDGenerator sidGenerator;
    private final Integer NODE_SCOPES;
    private final Integer ALL_SCOPES;

    /* loaded from: input_file:org/opendof/core/internal/protocol/security/Authenticator$KEKRequestBlock.class */
    public static class KEKRequestBlock implements Marshallable {
        private final DOFObjectID.Authentication group;
        private final KeyRequest keyRequest;
        private final byte[] I;

        public KEKRequestBlock(KeyRequest keyRequest, DOFObjectID.Authentication authentication) {
            this.keyRequest = keyRequest;
            this.group = authentication;
            this.I = null;
        }

        public KEKRequestBlock(DOFMarshalContext dOFMarshalContext, Object obj, BufferedPacket bufferedPacket) throws DOFMarshalException {
            byte[] readBuffer = bufferedPacket.readBuffer();
            int frontBufferSize = bufferedPacket.getFrontBufferSize();
            this.keyRequest = new KeyRequest(dOFMarshalContext, obj, bufferedPacket);
            this.group = DOFObjectID.Authentication.create(bufferedPacket.getOID());
            this.I = Arrays.copyOfRange(readBuffer, frontBufferSize, bufferedPacket.getFrontBufferSize());
        }

        public DOFObjectID.Authentication getGroup() {
            return this.group;
        }

        public KeyRequest getKeyRequest() {
            return this.keyRequest;
        }

        public byte[] getBytes() {
            if (this.I != null) {
                return this.I;
            }
            BufferedPacket bufferedPacket = new BufferedPacket();
            try {
                marshal(DOFMarshalContext.COMMAND, null, bufferedPacket);
                return bufferedPacket.readByteArray();
            } catch (DOFErrorException e) {
                return null;
            }
        }

        @Override // org.opendof.core.internal.protocol.Marshallable
        public void marshal(DOFMarshalContext dOFMarshalContext, Object obj, DOFPacket dOFPacket) throws DOFMarshalException {
            BufferedPacket bufferedPacket = (BufferedPacket) dOFPacket;
            if (this.I != null) {
                bufferedPacket.putByteArray(this.I);
            } else {
                bufferedPacket.putOID(this.group);
                this.keyRequest.marshal(dOFMarshalContext, obj, bufferedPacket);
            }
        }
    }

    /* loaded from: input_file:org/opendof/core/internal/protocol/security/Authenticator$KEKResponseBlock.class */
    public static class KEKResponseBlock implements Marshallable {
        private final short T_hb;
        private final short T_min;
        private final short T_max;
        private final int epoch;
        private final DOFObjectID.Source sid;
        private final OALSecurityScope i_securityScope;
        private final byte[] mode;
        private final int state_id;
        private final DOFPermissionSet g_permissions;
        private final OALSecurityScopeList g_securityScopes;
        private final OALSecurityScopeList i_securityScopes;
        private final byte[] A;

        public KEKResponseBlock(short s, short s2, short s3, int i, DOFObjectID.Source source, OALSecurityScope oALSecurityScope, byte[] bArr, int i2, DOFPermissionSet dOFPermissionSet, OALSecurityScopeList oALSecurityScopeList, OALSecurityScopeList oALSecurityScopeList2) {
            this.T_hb = s;
            this.T_min = s2;
            this.T_max = s3;
            this.epoch = i;
            this.sid = source;
            this.i_securityScope = oALSecurityScope;
            this.mode = bArr;
            this.state_id = i2;
            this.g_permissions = dOFPermissionSet;
            this.g_securityScopes = oALSecurityScopeList;
            this.i_securityScopes = oALSecurityScopeList2;
            this.A = null;
        }

        public KEKResponseBlock(PacketData packetData, DOFMarshalContext dOFMarshalContext, Object obj, BufferedPacket bufferedPacket) throws DOFMarshalException {
            OALCore core = packetData.opState.getCore();
            byte[] readBuffer = bufferedPacket.readBuffer();
            int frontBufferSize = bufferedPacket.getFrontBufferSize();
            this.T_hb = (short) bufferedPacket.getByte();
            this.T_min = (short) bufferedPacket.getByte();
            this.T_max = (short) (bufferedPacket.getByte() * 8);
            this.epoch = bufferedPacket.getShort();
            this.sid = DOFObjectID.Source.create(bufferedPacket.getOID());
            this.i_securityScope = core.globalFactory.createSecurityScope(core, (DomainStore.DomainAlias) null, dOFMarshalContext, (Object) null, bufferedPacket);
            this.mode = bufferedPacket.getByteArray(4 + bufferedPacket.readByte(3));
            this.state_id = bufferedPacket.getCompressedLong();
            this.g_permissions = new DOFPermissionSet.Builder(dOFMarshalContext, null, bufferedPacket).build();
            DomainStore.DomainAlias matchingAlias = core.getDomainStore().getMatchingAlias((obj == null || !(obj instanceof DOFObjectID.Domain)) ? DOFObjectID.DOMAIN_BROADCAST : (DOFObjectID.Domain) obj);
            this.g_securityScopes = new OALSecurityScopeList(core, matchingAlias, dOFMarshalContext, this.i_securityScope, bufferedPacket);
            this.i_securityScopes = new OALSecurityScopeList(core, matchingAlias, dOFMarshalContext, this.i_securityScope, bufferedPacket);
            this.A = Arrays.copyOfRange(readBuffer, frontBufferSize, bufferedPacket.getFrontBufferSize());
        }

        public short getT_hb() {
            return this.T_hb;
        }

        public short getT_min() {
            return this.T_min;
        }

        public short getT_max() {
            return this.T_max;
        }

        public int getEpoch() {
            return this.epoch;
        }

        public DOFObjectID.Source getSid() {
            return this.sid;
        }

        public OALSecurityScope getI_securityScope() {
            return this.i_securityScope;
        }

        public byte[] getMode() {
            return this.mode;
        }

        public int getState_id() {
            return this.state_id;
        }

        public DOFPermissionSet getG_permissions() {
            return this.g_permissions;
        }

        public OALSecurityScopeList getG_securityScopes() {
            return this.g_securityScopes;
        }

        public OALSecurityScopeList getI_securityScopes() {
            return this.i_securityScopes;
        }

        public byte[] getBytes() {
            if (this.A != null) {
                return this.A;
            }
            BufferedPacket bufferedPacket = new BufferedPacket();
            try {
                marshal(DOFMarshalContext.COMMAND, null, bufferedPacket);
                return bufferedPacket.readByteArray();
            } catch (DOFErrorException e) {
                return null;
            }
        }

        @Override // org.opendof.core.internal.protocol.Marshallable
        public void marshal(DOFMarshalContext dOFMarshalContext, Object obj, DOFPacket dOFPacket) throws DOFMarshalException {
            BufferedPacket bufferedPacket = (BufferedPacket) dOFPacket;
            if (this.A != null) {
                bufferedPacket.putByteArray(this.A);
                return;
            }
            this.i_securityScopes.marshal(dOFMarshalContext, this.i_securityScope, bufferedPacket);
            this.g_securityScopes.marshal(dOFMarshalContext, this.i_securityScope, bufferedPacket);
            this.g_permissions.marshal(dOFMarshalContext, null, bufferedPacket);
            bufferedPacket.putCompressedLong(this.state_id);
            bufferedPacket.putByteArray(this.mode);
            this.i_securityScope.marshal(dOFMarshalContext, true, bufferedPacket);
            bufferedPacket.putOID(this.sid);
            bufferedPacket.putShort(this.epoch);
            bufferedPacket.putByte((this.T_max + 7) / 8);
            bufferedPacket.putByte(this.T_min);
            bufferedPacket.putByte(this.T_hb);
        }
    }

    /* loaded from: input_file:org/opendof/core/internal/protocol/security/Authenticator$LocalDomainRequest.class */
    public static class LocalDomainRequest {
        public byte[] I;
        public int i_offset;
        public int i_length;
        public byte[] A;
        public int a_offset;
        public int a_length;
        public DOFObjectID.Domain remoteDomain;
        public Identification localCredentials;
        public KeyRequest initiator;
        public OALSecurityTicket remoteTicket;
        public DOFObjectID.Authentication relatedID;
    }

    /* loaded from: input_file:org/opendof/core/internal/protocol/security/Authenticator$LocalDomainResponse.class */
    public static class LocalDomainResponse {
        public OALSecurityTicket ticket;
        public int remoteDomainIdentifier;
        public byte[] A;
        public int a_offset;
        public int a_length;
    }

    /* loaded from: input_file:org/opendof/core/internal/protocol/security/Authenticator$RandomRequest.class */
    public static class RandomRequest {
        public final byte[] I;
        public final int i_offset;
        public final int i_length;
        public final KeyRequest auth;

        public RandomRequest(byte[] bArr, int i, int i2, KeyRequest keyRequest) {
            this.I = bArr;
            this.i_offset = i;
            this.i_length = i2;
            this.auth = keyRequest;
        }
    }

    /* loaded from: input_file:org/opendof/core/internal/protocol/security/Authenticator$RandomResponse.class */
    public static class RandomResponse {
        public final OALSecurityTicket ticket;

        public RandomResponse(OALSecurityTicket oALSecurityTicket) {
            this.ticket = oALSecurityTicket;
        }
    }

    /* loaded from: input_file:org/opendof/core/internal/protocol/security/Authenticator$RemoteDomainRequest.class */
    public static class RemoteDomainRequest {
        public final byte[] I;
        public final int i_offset;
        public final int i_length;
        public final DOFObjectID.Domain remoteDomainID;
        public final KeyRequest initiator;
        public final boolean isDiscover;

        public RemoteDomainRequest(byte[] bArr, int i, int i2, DOFObjectID.Domain domain, KeyRequest keyRequest, boolean z) {
            this.I = bArr;
            this.i_offset = i;
            this.i_length = i2;
            this.remoteDomainID = domain;
            this.initiator = keyRequest;
            this.isDiscover = z;
        }
    }

    /* loaded from: input_file:org/opendof/core/internal/protocol/security/Authenticator$RemoteDomainResponse.class */
    public static class RemoteDomainResponse {
        public final OALSecurityTicket ticket;
        public final DOFObjectID.Authentication relatedID;
        public final byte[] A;
        public final int a_offset;
        public final int a_length;
        public final boolean isDiscover;
        public final DOFObjectID.Domain discoveredDomain;

        public RemoteDomainResponse(OALSecurityTicket oALSecurityTicket, DOFObjectID.Authentication authentication, byte[] bArr, int i, int i2, boolean z, DOFObjectID.Domain domain) {
            this.ticket = oALSecurityTicket;
            this.relatedID = authentication;
            this.A = bArr;
            this.a_offset = i;
            this.a_length = i2;
            this.isDiscover = z;
            this.discoveredDomain = domain;
        }
    }

    /* loaded from: input_file:org/opendof/core/internal/protocol/security/Authenticator$RequestKEK.class */
    public static class RequestKEK implements TRPRequest {
        private final DOFObjectID.Domain domain;
        private final KEKRequestBlock requestBlock;

        public RequestKEK(DOFObjectID.Domain domain, KeyRequest keyRequest, DOFObjectID.Authentication authentication) {
            this.domain = domain;
            this.requestBlock = new KEKRequestBlock(keyRequest, authentication);
        }

        public RequestKEK(DOFMarshalContext dOFMarshalContext, Object obj, BufferedPacket bufferedPacket) throws DOFMarshalException {
            if (bufferedPacket.getByte() != getOpCode()) {
                throw new DOFMarshalException("Invalid Op Code.", null);
            }
            this.domain = DOFObjectID.Domain.create(bufferedPacket.getOID());
            this.requestBlock = new KEKRequestBlock(dOFMarshalContext, obj, bufferedPacket);
        }

        @Override // org.opendof.core.internal.protocol.trp.TRPRequest
        public byte getOpCode() {
            return (byte) 1;
        }

        @Override // org.opendof.core.internal.protocol.trp.TRPRequest
        public DOFObjectID.Domain getDomain() {
            return this.domain;
        }

        public KEKRequestBlock getRequestBlock() {
            return this.requestBlock;
        }

        @Override // org.opendof.core.internal.protocol.Marshallable
        public void marshal(DOFMarshalContext dOFMarshalContext, Object obj, DOFPacket dOFPacket) throws DOFMarshalException {
            BufferedPacket bufferedPacket = (BufferedPacket) dOFPacket;
            this.requestBlock.marshal(dOFMarshalContext, obj, bufferedPacket);
            bufferedPacket.putOID(this.domain);
            bufferedPacket.putByte(getOpCode());
        }
    }

    /* loaded from: input_file:org/opendof/core/internal/protocol/security/Authenticator$RequestKEKResponse.class */
    public static class RequestKEKResponse implements TRPRequest {
        private OALSecurityTicket ticket;
        private final KEKResponseBlock responseBlock;
        private DOFObjectID.Domain domain;

        public RequestKEKResponse(OALSecurityTicket oALSecurityTicket, short s, short s2, short s3, int i, DOFObjectID.Source source, OALSecurityScope oALSecurityScope, byte[] bArr, int i2, DOFPermissionSet dOFPermissionSet, OALSecurityScopeList oALSecurityScopeList, OALSecurityScopeList oALSecurityScopeList2) {
            this.ticket = oALSecurityTicket;
            this.responseBlock = new KEKResponseBlock(s, s2, s3, i, source, oALSecurityScope, bArr, i2, dOFPermissionSet, oALSecurityScopeList, oALSecurityScopeList2);
        }

        public RequestKEKResponse(PacketData packetData, DOFMarshalContext dOFMarshalContext, Object obj, BufferedPacket bufferedPacket) throws DOFMarshalException {
            if (bufferedPacket.getByte() != getOpCode()) {
                throw new DOFMarshalException("Invalid Op Code.", null);
            }
            if (obj == null || !(obj instanceof DOFObjectID.Domain)) {
                this.domain = DOFObjectID.DOMAIN_BROADCAST;
            } else {
                this.domain = (DOFObjectID.Domain) obj;
            }
            this.ticket = new OALSecurityTicket(dOFMarshalContext, DefaultTRP.getCipherAlgorithm(packetData.appVersion), bufferedPacket);
            this.responseBlock = new KEKResponseBlock(packetData, dOFMarshalContext, this.domain, bufferedPacket);
        }

        @Override // org.opendof.core.internal.protocol.trp.TRPRequest
        public byte getOpCode() {
            return (byte) 1;
        }

        @Override // org.opendof.core.internal.protocol.trp.TRPRequest
        public DOFObjectID.Domain getDomain() {
            return this.domain;
        }

        public OALSecurityTicket getTicket() {
            return this.ticket;
        }

        public void setTicket(OALSecurityTicket oALSecurityTicket) {
            this.ticket = oALSecurityTicket;
        }

        public KEKResponseBlock getResponseBlock() {
            return this.responseBlock;
        }

        @Override // org.opendof.core.internal.protocol.Marshallable
        public void marshal(DOFMarshalContext dOFMarshalContext, Object obj, DOFPacket dOFPacket) throws DOFMarshalException {
            BufferedPacket bufferedPacket = (BufferedPacket) dOFPacket;
            this.responseBlock.marshal(dOFMarshalContext, obj, bufferedPacket);
            this.ticket.marshal(dOFMarshalContext, obj, bufferedPacket);
            bufferedPacket.putByte(getOpCode());
        }
    }

    /* loaded from: input_file:org/opendof/core/internal/protocol/security/Authenticator$RequestSecurityScopes.class */
    public static class RequestSecurityScopes implements TRPRequest {
        private final DOFObjectID.Domain domain;
        private final SecurityScopesRequestBlock requestBlock;

        public RequestSecurityScopes(DOFObjectID.Domain domain, KeyRequest keyRequest, DOFObjectID.Authentication authentication) {
            this.domain = domain;
            this.requestBlock = new SecurityScopesRequestBlock(keyRequest, authentication);
        }

        public RequestSecurityScopes(PacketData packetData, DOFMarshalContext dOFMarshalContext, Object obj, BufferedPacket bufferedPacket) throws DOFMarshalException {
            int i = bufferedPacket.getByte();
            if (i != 4 && i != 11) {
                throw new DOFMarshalException("Invalid Op Code.", null);
            }
            this.domain = DOFObjectID.Domain.create(bufferedPacket.getOID());
            this.requestBlock = new SecurityScopesRequestBlock(i, dOFMarshalContext, obj, bufferedPacket);
        }

        @Override // org.opendof.core.internal.protocol.trp.TRPRequest
        public byte getOpCode() {
            return (this.requestBlock == null || this.requestBlock.getMode() == null) ? (byte) 4 : (byte) 11;
        }

        @Override // org.opendof.core.internal.protocol.trp.TRPRequest
        public DOFObjectID.Domain getDomain() {
            return this.domain;
        }

        public SecurityScopesRequestBlock getRequestBlock() {
            return this.requestBlock;
        }

        @Override // org.opendof.core.internal.protocol.Marshallable
        public void marshal(DOFMarshalContext dOFMarshalContext, Object obj, DOFPacket dOFPacket) throws DOFMarshalException {
            this.requestBlock.marshal(dOFMarshalContext, Byte.valueOf(getOpCode()), dOFPacket);
            BufferedPacket bufferedPacket = (BufferedPacket) dOFPacket;
            bufferedPacket.putOID(this.domain);
            bufferedPacket.putByte(getOpCode());
        }
    }

    /* loaded from: input_file:org/opendof/core/internal/protocol/security/Authenticator$RequestSecurityScopesResponse.class */
    public static class RequestSecurityScopesResponse implements TRPRequest {
        private final DOFObjectID.Domain domain;
        private OALSecurityTicket ticket;
        private final SecurityScopesResponseBlock responseBlock;

        public RequestSecurityScopesResponse(OALSecurityTicket oALSecurityTicket, short s, OALSecurityScope oALSecurityScope, OALSecurityScopeList oALSecurityScopeList) {
            this.domain = null;
            this.ticket = oALSecurityTicket;
            this.responseBlock = new SecurityScopesResponseBlock(s, oALSecurityScope, oALSecurityScopeList);
        }

        public RequestSecurityScopesResponse(PacketData packetData, DOFMarshalContext dOFMarshalContext, Object obj, BufferedPacket bufferedPacket) throws DOFMarshalException {
            if (bufferedPacket.getByte() != getOpCode()) {
                throw new DOFMarshalException("Invalid Op Code.", null);
            }
            if (obj == null || !(obj instanceof DOFObjectID.Domain)) {
                this.domain = DOFObjectID.DOMAIN_BROADCAST;
            } else {
                this.domain = (DOFObjectID.Domain) obj;
            }
            this.ticket = new OALSecurityTicket(dOFMarshalContext, DefaultTRP.getCipherAlgorithm(packetData.appVersion), bufferedPacket);
            this.responseBlock = new SecurityScopesResponseBlock(packetData, dOFMarshalContext, this.domain, bufferedPacket);
        }

        @Override // org.opendof.core.internal.protocol.trp.TRPRequest
        public byte getOpCode() {
            return (byte) 4;
        }

        @Override // org.opendof.core.internal.protocol.trp.TRPRequest
        public DOFObjectID.Domain getDomain() {
            return this.domain;
        }

        public SecurityScopesResponseBlock getResponseBlock() {
            return this.responseBlock;
        }

        public OALSecurityTicket getTicket() {
            return this.ticket;
        }

        public void setTicket(OALSecurityTicket oALSecurityTicket) {
            this.ticket = oALSecurityTicket;
        }

        @Override // org.opendof.core.internal.protocol.Marshallable
        public void marshal(DOFMarshalContext dOFMarshalContext, Object obj, DOFPacket dOFPacket) throws DOFMarshalException {
            this.responseBlock.marshal(dOFMarshalContext, obj, dOFPacket);
            this.ticket.marshal(dOFMarshalContext, obj, dOFPacket);
            ((BufferedPacket) dOFPacket).putByte(getOpCode());
        }
    }

    /* loaded from: input_file:org/opendof/core/internal/protocol/security/Authenticator$SecurityScopesRequestBlock.class */
    public static class SecurityScopesRequestBlock implements Marshallable {
        private final short duration;
        private final KeyRequest auth;
        private final DOFObjectID.Authentication node;
        private final DOFAuthenticator.SecurityType securityType;
        private final byte[] mode;
        private final byte[] I;

        public SecurityScopesRequestBlock(KeyRequest keyRequest, DOFObjectID.Authentication authentication) {
            this.duration = (short) 2040;
            this.auth = keyRequest;
            this.node = authentication;
            this.securityType = DOFAuthenticator.SecurityType.UNDEFINED;
            this.mode = null;
            this.I = null;
        }

        public SecurityScopesRequestBlock(int i, DOFMarshalContext dOFMarshalContext, Object obj, BufferedPacket bufferedPacket) throws DOFMarshalException {
            byte[] readBuffer = bufferedPacket.readBuffer();
            int frontBufferSize = bufferedPacket.getFrontBufferSize();
            this.duration = (short) (bufferedPacket.getByte() * 8);
            this.auth = new KeyRequest(dOFMarshalContext, obj, bufferedPacket);
            this.node = DOFObjectID.Authentication.create(bufferedPacket.getOID());
            if (i == 11) {
                int i2 = bufferedPacket.getByte();
                if (i2 == 0 || i2 > 3) {
                    throw new DOFMarshalException("Invalid Security Type.", null);
                }
                this.securityType = DOFAuthenticator.SecurityType.values()[i2];
                this.mode = bufferedPacket.getByteArray(4 + bufferedPacket.readByte(3));
            } else {
                this.securityType = DOFAuthenticator.SecurityType.UNDEFINED;
                this.mode = null;
            }
            this.I = Arrays.copyOfRange(readBuffer, frontBufferSize, frontBufferSize + (bufferedPacket.getFrontBufferSize() - frontBufferSize));
        }

        public short getDuration() {
            return this.duration;
        }

        public KeyRequest getAuth() {
            return this.auth;
        }

        public DOFObjectID.Authentication getNode() {
            return this.node;
        }

        public DOFAuthenticator.SecurityType getSecurityType() {
            return this.securityType;
        }

        public byte[] getMode() {
            return this.mode;
        }

        public byte[] getBytes() {
            if (this.I != null) {
                return this.I;
            }
            BufferedPacket bufferedPacket = new BufferedPacket();
            try {
                marshal(DOFMarshalContext.COMMAND, null, bufferedPacket);
                return bufferedPacket.readByteArray();
            } catch (DOFErrorException e) {
                return null;
            }
        }

        @Override // org.opendof.core.internal.protocol.Marshallable
        public void marshal(DOFMarshalContext dOFMarshalContext, Object obj, DOFPacket dOFPacket) throws DOFMarshalException {
            BufferedPacket bufferedPacket = (BufferedPacket) dOFPacket;
            if (this.I != null) {
                bufferedPacket.putByteArray(this.I);
                return;
            }
            if (obj != null && ((Byte) obj).byteValue() == 11) {
                bufferedPacket.putByteArray(this.mode);
                bufferedPacket.putByte(this.securityType.ordinal());
            }
            bufferedPacket.putOID(this.node);
            this.auth.marshal(dOFMarshalContext, obj, dOFPacket);
            bufferedPacket.putByte(this.duration / 8);
        }
    }

    /* loaded from: input_file:org/opendof/core/internal/protocol/security/Authenticator$SecurityScopesResponseBlock.class */
    public static class SecurityScopesResponseBlock implements Marshallable {
        private final short grantedDuration;
        private final OALSecurityScope securityScope;
        private final OALSecurityScopeList securityScopes;
        private final byte[] A;

        public SecurityScopesResponseBlock(short s, OALSecurityScope oALSecurityScope, OALSecurityScopeList oALSecurityScopeList) {
            this.grantedDuration = s;
            this.securityScope = oALSecurityScope;
            this.securityScopes = oALSecurityScopeList;
            this.A = null;
        }

        public SecurityScopesResponseBlock(PacketData packetData, DOFMarshalContext dOFMarshalContext, Object obj, BufferedPacket bufferedPacket) throws DOFMarshalException {
            OALCore core = packetData.opState.getCore();
            byte[] readBuffer = bufferedPacket.readBuffer();
            int frontBufferSize = bufferedPacket.getFrontBufferSize();
            this.grantedDuration = (short) (bufferedPacket.getByte() * 8);
            this.securityScope = core.globalFactory.createSecurityScope(core, (DomainStore.DomainAlias) null, dOFMarshalContext, (Object) null, bufferedPacket);
            this.securityScopes = new OALSecurityScopeList(core, null, dOFMarshalContext, this.securityScope, bufferedPacket);
            this.A = Arrays.copyOfRange(readBuffer, frontBufferSize, frontBufferSize + (bufferedPacket.getFrontBufferSize() - frontBufferSize));
        }

        public short getGrantedDuration() {
            return this.grantedDuration;
        }

        public OALSecurityScope getSecurityScope() {
            return this.securityScope;
        }

        public OALSecurityScopeList getSecurityScopes() {
            return this.securityScopes;
        }

        public byte[] getBytes() {
            if (this.A != null) {
                return this.A;
            }
            BufferedPacket bufferedPacket = new BufferedPacket();
            try {
                marshal(DOFMarshalContext.COMMAND, null, bufferedPacket);
                return bufferedPacket.readByteArray();
            } catch (DOFErrorException e) {
                return null;
            }
        }

        @Override // org.opendof.core.internal.protocol.Marshallable
        public void marshal(DOFMarshalContext dOFMarshalContext, Object obj, DOFPacket dOFPacket) throws DOFMarshalException {
            BufferedPacket bufferedPacket = (BufferedPacket) dOFPacket;
            if (this.A != null) {
                bufferedPacket.putByteArray(this.A);
                return;
            }
            this.securityScopes.marshal(dOFMarshalContext, this.securityScope, dOFPacket);
            this.securityScope.marshal(dOFMarshalContext, true, dOFPacket);
            bufferedPacket.putByte(Math.max(this.grantedDuration / 8, 1));
        }
    }

    /* loaded from: input_file:org/opendof/core/internal/protocol/security/Authenticator$SessionRequest.class */
    public static class SessionRequest {
        public byte[] I;
        public int i_offset;
        public int i_length;
        public byte[] R;
        public int r_offset;
        public int r_length;
        public short duration;
        public byte[] mode;
        public KeyRequest initiator;
        public KeyRequest responder;
    }

    /* loaded from: input_file:org/opendof/core/internal/protocol/security/Authenticator$SessionResponse.class */
    public static class SessionResponse {
        public final OALSecurityTicket initiator;
        public final OALSecurityTicket responder;
        public final short granted;
        public final OALSecurityScope c_securityScope;
        public final OALSecurityScopeList i_securityScopes;
        public final OALSecurityScopeList r_securityScopes;
        public final byte[] A;
        public final int a_offset;
        public final int a_length;

        public SessionResponse(OALSecurityTicket oALSecurityTicket, OALSecurityTicket oALSecurityTicket2, short s, OALSecurityScope oALSecurityScope, OALSecurityScopeList oALSecurityScopeList, OALSecurityScopeList oALSecurityScopeList2, byte[] bArr, int i, int i2) {
            this.initiator = oALSecurityTicket;
            this.responder = oALSecurityTicket2;
            this.granted = (short) ((s / 8) * 8);
            this.c_securityScope = oALSecurityScope;
            this.i_securityScopes = oALSecurityScopeList;
            this.r_securityScopes = oALSecurityScopeList2;
            this.A = bArr;
            this.a_offset = i;
            this.a_length = i2;
        }
    }

    /* loaded from: input_file:org/opendof/core/internal/protocol/security/Authenticator$SourceIDGenerator.class */
    public static class SourceIDGenerator {
        private final byte authServerID;
        private final SequenceMap map = new SequenceMap();

        /* JADX INFO: Access modifiers changed from: private */
        /* loaded from: input_file:org/opendof/core/internal/protocol/security/Authenticator$SourceIDGenerator$SequenceMap.class */
        public static class SequenceMap {
            private long time = 0;
            private final Map<Integer, Integer> sequences = new HashMap();
            private final Object monitor = new Object();

            SequenceMap() {
            }

            long getTime() {
                long j;
                synchronized (this.monitor) {
                    j = this.time;
                }
                return j;
            }

            boolean update() {
                synchronized (this.monitor) {
                    long currentTimeMillis = System.currentTimeMillis() / 1000;
                    if (currentTimeMillis == this.time) {
                        return false;
                    }
                    this.time = currentTimeMillis;
                    this.sequences.clear();
                    return true;
                }
            }

            short getSequence(int i) {
                synchronized (this.monitor) {
                    if (!this.sequences.containsKey(Integer.valueOf(i))) {
                        this.sequences.put(Integer.valueOf(i), 0);
                    }
                    int intValue = this.sequences.get(Integer.valueOf(i)).intValue();
                    this.sequences.put(Integer.valueOf(i), Integer.valueOf(intValue + 1));
                    if (intValue > 1023) {
                        return (short) -1;
                    }
                    return (short) intValue;
                }
            }
        }

        public SourceIDGenerator(byte b) {
            this.authServerID = b;
        }

        public DOFObjectID.Source getSourceID(int i) {
            short sequence;
            do {
                this.map.update();
                sequence = this.map.getSequence(i);
                if (sequence < 0) {
                    try {
                        Thread.sleep(10L);
                    } catch (InterruptedException e) {
                    }
                }
            } while (sequence < 0);
            return DOFUtil.createAsAssignedOID(i, this.authServerID, sequence, this.map.getTime());
        }
    }

    /* loaded from: input_file:org/opendof/core/internal/protocol/security/Authenticator$ValidateRequest.class */
    public static class ValidateRequest {
        public final Identification identification;
        public final byte[] VALID_A;

        public ValidateRequest(Identification identification, byte[] bArr) {
            this.identification = identification;
            this.VALID_A = bArr;
        }
    }

    /* loaded from: input_file:org/opendof/core/internal/protocol/security/Authenticator$ValidateResponse.class */
    public static class ValidateResponse {
        public final byte[] VALID_B;
        public final DOFObjectID.Source sourceID;

        public ValidateResponse(byte[] bArr, DOFObjectID dOFObjectID) {
            this.VALID_B = bArr;
            this.sourceID = DOFObjectID.Source.create(dOFObjectID);
        }
    }

    public Authenticator(OALCore oALCore, DOFAuthenticator.Config config) {
        this(oALCore, config.getAuthenticatorIdentifier(), config.getStorage(), config.getDomainID(), config.getMaxGrantLifetime(), config.isDebug(), config.getDebugKey());
    }

    public Authenticator(OALCore oALCore, byte b, DOFAuthenticator.Storage storage, DOFObjectID.Domain domain, int i, boolean z, byte[] bArr) {
        this.NODE_SCOPES = new Integer(NODE_SCOPES_ID);
        this.ALL_SCOPES = new Integer(1073741823);
        this.core = oALCore;
        if (b < 0 || b > 63) {
            throw new IllegalArgumentException("Authenticator: authServerID < 0 || authServerID > 63");
        }
        if (z && (bArr == null || bArr.length != 32)) {
            throw new IllegalArgumentException("Authenticator: debugKey == null || debugKey.length != 32");
        }
        if (i + 7 > 2040) {
            this.maxLifetimeGrant = DefaultTEP.MAX_GRANT_DURATION;
        } else {
            this.maxLifetimeGrant = i + 7;
        }
        this.sidGenerator = new SourceIDGenerator(b);
        this.storage = storage;
        this.domainID = domain;
        this.isDebug = z;
        this.debugKey = bArr;
        this.emptyPermSet = new DOFPermissionSet.Builder().build();
        this.presharedKeyCred = new SharedKeyCredentials(domain, DOFObjectID.Authentication.create(domain), EncryptionUtil.createSessionKey());
        this.domainAlias = oALCore.getDomainStore().createDomainAlias(domain);
    }

    public boolean isAvailable() {
        try {
            return this.storage.isStorageAvailable();
        } catch (Exception e) {
            return false;
        }
    }

    public DOFObjectID.Domain getDomainID() {
        return this.domainID;
    }

    public SessionResponse requestSession(SessionRequest sessionRequest, DOFCipher.Algorithm algorithm) throws Exception {
        if (DOF.Log.isLogTrace()) {
            DOF.Log.message("Authenticator", DOF.Log.Level.TRACE, String.format("requestSession: initiator=%s responder=%s algorithm=%s", sessionRequest.initiator.getCredentials(), sessionRequest.responder.getCredentials(), algorithm));
        }
        checkStorageAvailable();
        Identification credentials = sessionRequest.initiator.getCredentials();
        Identification credentials2 = sessionRequest.responder.getCredentials();
        DOFAuthenticator.AuthenticationNode node = this.storage.getNode(credentials.getIdentity(), credentials.getType(), DOFAuthenticator.SecurityType.TWO_POINT, sessionRequest.mode, sessionRequest.initiator.getPermissions());
        if (node == null) {
            throw new AuthenticationException(AuthenticationException.UNKNOWN_INITIATOR);
        }
        if (!node.isEnabled()) {
            throw new AuthenticationException(AuthenticationException.ACCESS_DENIED);
        }
        DOFAuthenticator.AuthenticationNode node2 = this.storage.getNode(credentials2.getIdentity(), credentials2.getType(), DOFAuthenticator.SecurityType.TWO_POINT, sessionRequest.mode, sessionRequest.responder.getPermissions());
        if (node2 == null) {
            throw new AuthenticationException(AuthenticationException.UNKNOWN_RESPONDER);
        }
        if (!node2.isEnabled()) {
            throw new AuthenticationException(AuthenticationException.ACCESS_DENIED);
        }
        DOFAuthenticator.AuthenticationNode authenticationNode = set_ActAs_Iam_Permissions(node);
        DOFAuthenticator.AuthenticationNode authenticationNode2 = set_ActAs_Iam_Permissions(node2);
        OALSecurityScope removeNodeScopesID = removeNodeScopesID(this.core.globalFactory.createSecurityScope(this.core, this.domainAlias, authenticationNode.getSecurityScopeIDs(), false, false).getCompatibleScope(this.core.globalFactory.createSecurityScope(this.core, this.domainAlias, authenticationNode2.getSecurityScopeIDs(), false, false)));
        List<OALSecurityScope> permissionScopeList = getPermissionScopeList(sessionRequest.initiator.getPermissions(), removeNodeScopesID, authenticationNode.getPermissions(), false);
        List<OALSecurityScope> permissionScopeList2 = getPermissionScopeList(sessionRequest.responder.getPermissions(), removeNodeScopesID, authenticationNode2.getPermissions(), false);
        byte[] sharedSecret = getSharedSecret(authenticationNode, credentials);
        if (sharedSecret == null) {
            throw new AuthenticationException(AuthenticationException.INVALID_INITIATOR);
        }
        byte[] sharedSecret2 = getSharedSecret(authenticationNode2, credentials2);
        if (sharedSecret2 == null) {
            throw new AuthenticationException(AuthenticationException.INVALID_RESPONDER);
        }
        byte[] createSessionKey = this.isDebug ? this.debugKey : EncryptionUtil.createSessionKey();
        try {
            BufferedPacket bufferedPacket = new BufferedPacket();
            OALSecurityScopeList oALSecurityScopeList = new OALSecurityScopeList(permissionScopeList2);
            DOFMarshalContext dOFMarshalContext = DOFMarshalContext.COMMAND;
            oALSecurityScopeList.marshal(dOFMarshalContext, removeNodeScopesID, bufferedPacket);
            OALSecurityScopeList oALSecurityScopeList2 = new OALSecurityScopeList(permissionScopeList);
            oALSecurityScopeList2.marshal(dOFMarshalContext, removeNodeScopesID, bufferedPacket);
            removeNodeScopesID.marshal(dOFMarshalContext, true, bufferedPacket);
            short s = sessionRequest.duration > this.maxLifetimeGrant ? (short) this.maxLifetimeGrant : sessionRequest.duration;
            bufferedPacket.putByte(Math.max(s / 8, 1));
            byte[] readBuffer = bufferedPacket.readBuffer();
            int frontBufferSize = bufferedPacket.getFrontBufferSize();
            int length = bufferedPacket.length();
            byte[] hmac_SHA256 = EncryptionUtil.hmac_SHA256(sharedSecret2, this.domainID, sessionRequest.I, sessionRequest.i_offset, sessionRequest.i_length, sessionRequest.R, sessionRequest.r_offset, sessionRequest.r_length, readBuffer, frontBufferSize, length, createSessionKey);
            byte[] encryptBlock = EncryptionUtil.encryptBlock(sharedSecret2, hmac_SHA256, algorithm);
            encryptKey(encryptBlock, createSessionKey);
            OALSecurityTicket oALSecurityTicket = new OALSecurityTicket(hmac_SHA256, encryptBlock, algorithm);
            byte[] hmac_SHA2562 = EncryptionUtil.hmac_SHA256(sharedSecret, this.domainID, sessionRequest.I, sessionRequest.i_offset, sessionRequest.i_length, sessionRequest.R, sessionRequest.r_offset, sessionRequest.r_length, readBuffer, frontBufferSize, length, createSessionKey);
            byte[] encryptBlock2 = EncryptionUtil.encryptBlock(sharedSecret, hmac_SHA2562, algorithm);
            encryptKey(encryptBlock2, createSessionKey);
            return new SessionResponse(new OALSecurityTicket(hmac_SHA2562, encryptBlock2, algorithm), oALSecurityTicket, s, removeNodeScopesID, oALSecurityScopeList2, oALSecurityScopeList, readBuffer, frontBufferSize, length);
        } catch (Throwable th) {
            throw new AuthenticationException(AuthenticationException.INTERNAL_ERROR, th.toString(), null, th);
        }
    }

    public RequestKEKResponse requestKEK(RequestKEK requestKEK, DOFCipher.Algorithm algorithm) throws Exception {
        DOFPermissionSet dOFPermissionSet;
        if (DOF.Log.isLogTrace()) {
            DOF.Log.message("Authenticator", DOF.Log.Level.TRACE, String.format("requestKEK: identification=%s algorithm=%s", requestKEK.getRequestBlock().getKeyRequest().getCredentials(), algorithm));
        }
        checkStorageAvailable();
        Identification credentials = requestKEK.getRequestBlock().getKeyRequest().getCredentials();
        DOFAuthenticator.AuthenticationNode node = this.storage.getNode(credentials.getIdentity(), credentials.getType(), DOFAuthenticator.SecurityType.MULTI_POINT, null, requestKEK.getRequestBlock().getKeyRequest().getPermissions());
        if (node == null) {
            throw new AuthenticationException(AuthenticationException.UNKNOWN_INITIATOR);
        }
        if (!node.isEnabled()) {
            throw new AuthenticationException(AuthenticationException.ACCESS_DENIED);
        }
        DOFAuthenticator.SecureGroupNode groupNode = this.storage.getGroupNode(requestKEK.getRequestBlock().getGroup());
        if (groupNode == null) {
            throw new AuthenticationException(AuthenticationException.UNKNOWN_RESPONDER);
        }
        if (!groupNode.isEnabled()) {
            throw new AuthenticationException(AuthenticationException.ACCESS_DENIED);
        }
        if (!node.isMember(requestKEK.getRequestBlock().getGroup())) {
            throw new AuthenticationException(AuthenticationException.NOT_IN_GROUP);
        }
        List<Integer> securityScopeIDs = node.getSecurityScopeIDs();
        OALSecurityScope removeNodeScopesID = removeNodeScopesID(this.core.globalFactory.createSecurityScope(this.core, this.domainAlias, securityScopeIDs, false, false).getCompatibleScope(this.core.globalFactory.createSecurityScope(this.core, this.domainAlias, groupNode.getSecurityScopeIDs(), false, false)));
        List<OALSecurityScope> permissionScopeList = getPermissionScopeList(requestKEK.getRequestBlock().getKeyRequest().getPermissions(), removeNodeScopesID, node.getPermissions(), false);
        DOFPermissionSet.Builder builder = new DOFPermissionSet.Builder();
        DOFPermissionSet dOFPermissionSet2 = groupNode.getPermissions().get(new Integer(1073741823));
        if (dOFPermissionSet2 != null) {
            builder.addPermissions(dOFPermissionSet2.getPermissions());
        }
        for (Integer num : securityScopeIDs) {
            if (!num.equals(new Integer(1073741823)) && (dOFPermissionSet = groupNode.getPermissions().get(num)) != null) {
                builder.addPermissions(dOFPermissionSet.getPermissions());
            }
        }
        DOFPermissionSet build = builder.build();
        List<OALSecurityScope> permissionScopeList2 = getPermissionScopeList(build, removeNodeScopesID, groupNode.getPermissions(), true);
        byte[] sharedSecret = getSharedSecret(node, credentials);
        if (sharedSecret == null) {
            throw new AuthenticationException(AuthenticationException.INVALID_INITIATOR);
        }
        byte[] sharedSecret2 = getSharedSecret(groupNode, this.presharedKeyCred);
        if (sharedSecret2 == null) {
            throw new AuthenticationException(AuthenticationException.INTERNAL_ERROR, groupNode.getNodeID() + " - No KEK.");
        }
        try {
            new BufferedPacket();
            DOFAuthenticator.SecureGroupNode.GroupConfig groupConfig = groupNode.getGroupConfig();
            if (groupConfig == null) {
                throw new AuthenticationException(AuthenticationException.INTERNAL_ERROR, groupNode.getNodeID() + " - No configuration.");
            }
            OALSecurityScopeList oALSecurityScopeList = new OALSecurityScopeList(permissionScopeList);
            DOFMarshalContext dOFMarshalContext = DOFMarshalContext.COMMAND;
            OALSecurityScopeList oALSecurityScopeList2 = new OALSecurityScopeList(permissionScopeList2);
            int stateID = groupNode.getStateID();
            byte[] securityMode = groupConfig.getSecurityMode();
            if (securityMode == null) {
                throw new AuthenticationException(AuthenticationException.INTERNAL_ERROR, groupNode.getNodeID() + " - No security mode.");
            }
            RequestKEKResponse requestKEKResponse = new RequestKEKResponse(null, groupConfig.getHeartbeatPeriod(), groupConfig.getMinKEKPeriod(), groupConfig.getMaxKEKPeriod(), groupNode.getEpoch(), this.sidGenerator.getSourceID(groupNode.getSourceIdentifier()), removeNodeScopesID, securityMode, stateID, build, oALSecurityScopeList2, oALSecurityScopeList);
            byte[] bytes = requestKEKResponse.getResponseBlock().getBytes();
            byte[] bytes2 = requestKEK.getRequestBlock().getBytes();
            byte[] hmac_SHA256 = EncryptionUtil.hmac_SHA256(sharedSecret, this.domainID, bytes2, 0, bytes2.length, null, 0, 0, bytes, 0, bytes.length, sharedSecret2);
            byte[] encryptBlock = EncryptionUtil.encryptBlock(sharedSecret, hmac_SHA256, algorithm);
            encryptKey(encryptBlock, sharedSecret2);
            requestKEKResponse.setTicket(new OALSecurityTicket(hmac_SHA256, encryptBlock, algorithm));
            return requestKEKResponse;
        } catch (AuthenticationException e) {
            throw e;
        } catch (Throwable th) {
            throw new AuthenticationException(AuthenticationException.INTERNAL_ERROR, th.toString(), null, th);
        }
    }

    public RemoteDomainResponse requestRemoteDomain(RemoteDomainRequest remoteDomainRequest, DOFCipher.Algorithm algorithm) throws Exception {
        boolean z;
        DOFObjectID.Domain domain;
        if (DOF.Log.isLogTrace()) {
            DOF.Log.message("Authenticator", DOF.Log.Level.TRACE, String.format("requestRemoteDomain: initiator=%s remoteDomain=%s algorithm=%s", remoteDomainRequest.initiator.getCredentials(), remoteDomainRequest.remoteDomainID, algorithm));
        }
        checkStorageAvailable();
        DOFAuthenticator.RemoteDomainNode domainNode = this.storage.getDomainNode(DOFObjectID.Authentication.create(remoteDomainRequest.remoteDomainID), remoteDomainRequest.initiator.getCredentials().getIdentity());
        if (domainNode == null) {
            throw new AuthenticationException(AuthenticationException.UNKNOWN_DOMAIN);
        }
        if (!domainNode.isEnabled()) {
            throw new AuthenticationException(AuthenticationException.ACCESS_DENIED);
        }
        if (domainNode.getLocalID() == null) {
            throw new AuthenticationException(AuthenticationException.UNKNOWN_INITIATOR);
        }
        DOFAuthenticator.AuthenticationNode node = this.storage.getNode(domainNode.getLocalID(), (short) 1, DOFAuthenticator.SecurityType.UNDEFINED, null, this.emptyPermSet);
        if (node == null) {
            throw new AuthenticationException(AuthenticationException.UNKNOWN_INITIATOR);
        }
        if (!node.isEnabled()) {
            throw new AuthenticationException(AuthenticationException.ACCESS_DENIED);
        }
        byte[] sharedSecret = getSharedSecret(domainNode, this.presharedKeyCred);
        if (sharedSecret == null) {
            throw new AuthenticationException(AuthenticationException.INTERNAL_ERROR);
        }
        byte[] sharedSecret2 = getSharedSecret(node, this.presharedKeyCred);
        if (sharedSecret2 == null) {
            throw new AuthenticationException(AuthenticationException.INVALID_INITIATOR);
        }
        try {
            BufferedPacket bufferedPacket = new BufferedPacket();
            if (remoteDomainRequest.isDiscover) {
                z = true;
                domain = this.domainID;
            } else {
                z = false;
                domain = null;
            }
            DOFObjectID.Authentication create = DOFObjectID.Authentication.create(domainNode.getLocalID());
            bufferedPacket.putOID(create);
            byte[] readBuffer = bufferedPacket.readBuffer();
            int frontBufferSize = bufferedPacket.getFrontBufferSize();
            int length = bufferedPacket.length();
            byte[] hmac_SHA256 = EncryptionUtil.hmac_SHA256(sharedSecret, this.domainID, remoteDomainRequest.I, remoteDomainRequest.i_offset, remoteDomainRequest.i_length, null, 0, 0, readBuffer, frontBufferSize, length, sharedSecret2);
            byte[] encryptBlock = EncryptionUtil.encryptBlock(sharedSecret, hmac_SHA256, algorithm);
            encryptKey(encryptBlock, sharedSecret2);
            return new RemoteDomainResponse(new OALSecurityTicket(hmac_SHA256, encryptBlock, algorithm), create, readBuffer, frontBufferSize, length, z, domain);
        } catch (Throwable th) {
            throw new AuthenticationException(AuthenticationException.INTERNAL_ERROR, th.toString(), null, th);
        }
    }

    public LocalDomainResponse requestLocalDomain(LocalDomainRequest localDomainRequest, DOFCipher.Algorithm algorithm) throws Exception {
        AuthenticationException authenticationException;
        if (DOF.Log.isLogTrace()) {
            DOF.Log.message("Authenticator", DOF.Log.Level.TRACE, String.format("requestLocalDomain: initiator=%s remoteDomain=%s localIdentification=%s algorithm=%s", localDomainRequest.initiator.getCredentials(), localDomainRequest.remoteDomain, localDomainRequest.localCredentials, algorithm));
        }
        LocalDomainResponse localDomainResponse = new LocalDomainResponse();
        checkStorageAvailable();
        DOFAuthenticator.RemoteDomainNode domainNode = this.storage.getDomainNode(DOFObjectID.Authentication.create(localDomainRequest.remoteDomain), null);
        if (domainNode == null) {
            throw new AuthenticationException(AuthenticationException.UNKNOWN_DOMAIN);
        }
        if (!domainNode.isEnabled()) {
            throw new AuthenticationException(AuthenticationException.ACCESS_DENIED);
        }
        DOFAuthenticator.AuthenticationNode node = this.storage.getNode(localDomainRequest.localCredentials.getIdentity(), localDomainRequest.localCredentials.getType(), DOFAuthenticator.SecurityType.UNDEFINED, null, this.emptyPermSet);
        if (node == null) {
            throw new AuthenticationException(AuthenticationException.UNKNOWN_INITIATOR);
        }
        if (!node.isEnabled()) {
            throw new AuthenticationException(AuthenticationException.ACCESS_DENIED);
        }
        byte[] sharedSecret = getSharedSecret(domainNode, this.presharedKeyCred);
        if (sharedSecret == null) {
            throw new AuthenticationException(AuthenticationException.INTERNAL_ERROR);
        }
        byte[] sharedSecret2 = getSharedSecret(node, localDomainRequest.localCredentials);
        if (sharedSecret2 == null) {
            throw new AuthenticationException(AuthenticationException.INVALID_INITIATOR);
        }
        try {
            byte[] sessionKey = localDomainRequest.remoteTicket.getSessionKey(sharedSecret);
            validateRemoteTicket(sharedSecret, localDomainRequest, sessionKey);
            try {
                BufferedPacket bufferedPacket = new BufferedPacket();
                localDomainResponse.remoteDomainIdentifier = domainNode.getRemoteDomainIdentifier();
                bufferedPacket.putCompressedLong(localDomainResponse.remoteDomainIdentifier);
                localDomainResponse.A = bufferedPacket.readBuffer();
                localDomainResponse.a_offset = bufferedPacket.getFrontBufferSize();
                localDomainResponse.a_length = bufferedPacket.length();
                byte[] hmac_SHA256 = EncryptionUtil.hmac_SHA256(sharedSecret2, this.domainID, localDomainRequest.I, localDomainRequest.i_offset, localDomainRequest.i_length, null, 0, 0, localDomainResponse.A, localDomainResponse.a_offset, localDomainResponse.a_length, sessionKey);
                byte[] encryptBlock = EncryptionUtil.encryptBlock(sharedSecret2, hmac_SHA256, algorithm);
                encryptKey(encryptBlock, sessionKey);
                localDomainResponse.ticket = new OALSecurityTicket(hmac_SHA256, encryptBlock, algorithm);
                return localDomainResponse;
            } finally {
            }
        } finally {
        }
    }

    public RequestSecurityScopesResponse requestSecurityScope(RequestSecurityScopes requestSecurityScopes, DOFCipher.Algorithm algorithm) throws Exception {
        if (DOF.Log.isLogTrace()) {
            DOF.Log.message("Authenticator", DOF.Log.Level.TRACE, String.format("requestSecurityScope: identification=%s algorithm=%s", requestSecurityScopes.getRequestBlock().getAuth().getCredentials(), algorithm));
        }
        checkStorageAvailable();
        Identification credentials = requestSecurityScopes.getRequestBlock().getAuth().getCredentials();
        DOFAuthenticator.AuthenticationNode node = this.storage.getNode(credentials.getIdentity(), credentials.getType(), requestSecurityScopes.getRequestBlock().getSecurityType(), requestSecurityScopes.getRequestBlock().getMode(), this.emptyPermSet);
        if (node == null) {
            throw new AuthenticationException(AuthenticationException.UNKNOWN_INITIATOR);
        }
        if (!node.isEnabled()) {
            throw new AuthenticationException(AuthenticationException.ACCESS_DENIED);
        }
        DOFAuthenticator.AuthenticationNode node2 = this.storage.getNode(requestSecurityScopes.getRequestBlock().getNode(), (short) 0, requestSecurityScopes.getRequestBlock().getSecurityType(), requestSecurityScopes.getRequestBlock().getMode(), requestSecurityScopes.getRequestBlock().getAuth().getPermissions());
        if (node2 == null) {
            throw new AuthenticationException(AuthenticationException.UNKNOWN_RESPONDER);
        }
        if (!node2.isEnabled()) {
            throw new AuthenticationException(AuthenticationException.ACCESS_DENIED);
        }
        byte[] sharedSecret = getSharedSecret(node, credentials);
        if (sharedSecret == null) {
            throw new AuthenticationException(AuthenticationException.INVALID_INITIATOR);
        }
        OALSecurityScope compatibleScope = this.core.globalFactory.createSecurityScope(this.core, this.domainAlias, node.getSecurityScopeIDs(), false, false).getCompatibleScope(this.core.globalFactory.createSecurityScope(this.core, this.domainAlias, node2.getSecurityScopeIDs(), false, false));
        Map<Integer, DOFPermissionSet> intersectedPS = getIntersectedPS(node2.getPermissions(), node.getPermissions());
        OALSecurityScope removeNodeScopesID = removeNodeScopesID(compatibleScope);
        List<OALSecurityScope> permissionScopeList = getPermissionScopeList(requestSecurityScopes.getRequestBlock().getAuth().getPermissions(), removeNodeScopesID, intersectedPS, false);
        try {
            byte[] createSessionKey = this.isDebug ? this.debugKey : EncryptionUtil.createSessionKey();
            RequestSecurityScopesResponse requestSecurityScopesResponse = new RequestSecurityScopesResponse((OALSecurityTicket) null, requestSecurityScopes.getRequestBlock().getDuration() > this.maxLifetimeGrant ? (short) this.maxLifetimeGrant : requestSecurityScopes.getRequestBlock().getDuration(), removeNodeScopesID, new OALSecurityScopeList(permissionScopeList));
            byte[] bytes = requestSecurityScopesResponse.getResponseBlock().getBytes();
            byte[] bytes2 = requestSecurityScopes.getRequestBlock().getBytes();
            byte[] hmac_SHA256 = EncryptionUtil.hmac_SHA256(sharedSecret, this.domainID, bytes2, 0, bytes2.length, null, 0, 0, bytes, 0, bytes.length, createSessionKey);
            byte[] encryptBlock = EncryptionUtil.encryptBlock(sharedSecret, hmac_SHA256, algorithm);
            encryptKey(encryptBlock, createSessionKey);
            requestSecurityScopesResponse.setTicket(new OALSecurityTicket(hmac_SHA256, encryptBlock, algorithm));
            return requestSecurityScopesResponse;
        } catch (Throwable th) {
            throw new AuthenticationException(AuthenticationException.INTERNAL_ERROR, th.toString(), null, th);
        }
    }

    public RandomResponse requestRandom(RandomRequest randomRequest, DOFCipher.Algorithm algorithm) throws Exception {
        if (DOF.Log.isLogTrace()) {
            DOF.Log.message("Authenticator", DOF.Log.Level.TRACE, String.format("requestRandom: identification=%s algorithm=%s", randomRequest.auth.getCredentials(), algorithm));
        }
        checkStorageAvailable();
        Identification credentials = randomRequest.auth.getCredentials();
        DOFAuthenticator.AuthenticationNode node = this.storage.getNode(credentials.getIdentity(), credentials.getType(), DOFAuthenticator.SecurityType.UNDEFINED, null, this.emptyPermSet);
        if (node == null) {
            throw new AuthenticationException(AuthenticationException.UNKNOWN_INITIATOR);
        }
        if (!node.isEnabled()) {
            throw new AuthenticationException(AuthenticationException.ACCESS_DENIED);
        }
        byte[] createSessionKey = this.isDebug ? this.debugKey : EncryptionUtil.createSessionKey();
        byte[] sharedSecret = getSharedSecret(node, credentials);
        if (sharedSecret == null) {
            throw new AuthenticationException(AuthenticationException.INVALID_INITIATOR);
        }
        try {
            byte[] hmac_SHA256 = EncryptionUtil.hmac_SHA256(sharedSecret, this.domainID, randomRequest.I, randomRequest.i_offset, randomRequest.i_length, null, 0, 0, null, 0, 0, createSessionKey);
            byte[] encryptBlock = EncryptionUtil.encryptBlock(sharedSecret, hmac_SHA256, algorithm);
            encryptKey(encryptBlock, createSessionKey);
            return new RandomResponse(new OALSecurityTicket(hmac_SHA256, encryptBlock, algorithm));
        } catch (Throwable th) {
            throw new AuthenticationException(AuthenticationException.INTERNAL_ERROR, th.toString(), null, th);
        }
    }

    public ResolutionResponse requestResolution(AuthenticatorCredentialStorage authenticatorCredentialStorage, DOFCipher.Algorithm algorithm) throws Exception {
        if (DOF.Log.isLogTrace()) {
            DOF.Log.message("Authenticator", DOF.Log.Level.TRACE, String.format("requestResolution: identity=%s algorithm=%s", authenticatorCredentialStorage.getIdentity(), algorithm));
        }
        checkStorageAvailable();
        DOFAuthenticator.AuthenticationNode node = this.storage.getNode(authenticatorCredentialStorage.getIdentity(), authenticatorCredentialStorage.getType(), DOFAuthenticator.SecurityType.ANY, null, this.emptyPermSet);
        if (node == null) {
            throw new AuthenticationException(AuthenticationException.UNKNOWN_INITIATOR);
        }
        if (node.getCredentialsStorage() == null) {
            throw new AuthenticationException(AuthenticationException.RESOLUTION_FAILED);
        }
        this.storage.resolve(authenticatorCredentialStorage);
        return authenticatorCredentialStorage.getResponse();
    }

    public ValidateResponse requestValidate(ValidateRequest validateRequest, DOFCipher.Algorithm algorithm) throws Exception {
        if (DOF.Log.isLogTrace()) {
            DOF.Log.message("Authenticator", DOF.Log.Level.TRACE, String.format("requestValidate: identification=%s algorithm=%s", validateRequest.identification, algorithm));
        }
        checkStorageAvailable();
        DOFAuthenticator.AuthenticationNode node = this.storage.getNode(validateRequest.identification.getIdentity(), validateRequest.identification.getType(), DOFAuthenticator.SecurityType.UNDEFINED, null, this.emptyPermSet);
        if (node == null) {
            throw new AuthenticationException(AuthenticationException.UNKNOWN_INITIATOR);
        }
        byte[] sharedSecret = getSharedSecret(node, validateRequest.identification);
        if (sharedSecret == null) {
            throw new AuthenticationException(AuthenticationException.INVALID_INITIATOR);
        }
        byte[] bArr = new byte[8];
        System.arraycopy(validateRequest.VALID_A, 0, bArr, 0, bArr.length);
        if (!Arrays.equals(computeValidA(sharedSecret, bArr), validateRequest.VALID_A)) {
            throw new AuthenticationException(AuthenticationException.VALIDATION_FAILED);
        }
        DOFObjectID.Source sourceID = this.sidGenerator.getSourceID(node.getSourceIdentifier());
        return new ValidateResponse(computeValidB(sharedSecret, bArr, EncryptionUtil.createRandomNonce(8), sourceID.getBytes(), this.domainID), sourceID);
    }

    private void checkStorageAvailable() throws AuthenticationException {
        try {
            if (this.storage.isStorageAvailable()) {
            } else {
                throw new AuthenticationException(AuthenticationException.SERVICE_UNAVAILABLE);
            }
        } catch (AuthenticationException e) {
            throw e;
        } catch (Exception e2) {
            if (DOF.Log.isLogError()) {
                DOF.Log.message(DOF.Log.Level.ERROR, "Storage for domain " + this.domainID + " isStorageAvailable failed with internal error: " + e2);
            }
            throw new AuthenticationException(AuthenticationException.INTERNAL_ERROR, e2.toString(), null, e2);
        }
    }

    private List<OALSecurityScope> getPermissionScopeList(DOFPermissionSet dOFPermissionSet, OALSecurityScope oALSecurityScope, Map<Integer, DOFPermissionSet> map, boolean z) {
        Map<DOFPermission, List<Integer>> convert = convert(map);
        ArrayList arrayList = new ArrayList();
        Iterator<DOFPermission> it = dOFPermissionSet.getPermissions().iterator();
        while (it.hasNext()) {
            arrayList.add(computeScope(it.next(), convert, oALSecurityScope));
        }
        return arrayList;
    }

    private OALSecurityScope computeScope(DOFPermission dOFPermission, Map<DOFPermission, List<Integer>> map, OALSecurityScope oALSecurityScope) {
        DOFPermissionSet normalize = dOFPermission.normalize();
        HashMap hashMap = new HashMap();
        HashSet hashSet = new HashSet();
        for (DOFPermission dOFPermission2 : normalize.getPermissions()) {
            hashMap.put(dOFPermission2, new HashSet());
            Set set = (Set) hashMap.get(dOFPermission2);
            for (DOFPermission dOFPermission3 : map.keySet()) {
                List<Integer> list = map.get(dOFPermission3);
                if (dOFPermission2.isAllowedBy(dOFPermission3)) {
                    for (Integer num : list) {
                        if (!set.contains(num)) {
                            set.add(num);
                        }
                    }
                }
                if (dOFPermission2.isIntersection(dOFPermission3)) {
                    for (Integer num2 : list) {
                        if (!hashSet.contains(num2)) {
                            hashSet.add(num2);
                        }
                    }
                }
            }
        }
        HashSet<Integer> hashSet2 = new HashSet();
        boolean z = true;
        for (Map.Entry entry : hashMap.entrySet()) {
            if (z) {
                hashSet2.addAll((Collection) entry.getValue());
                z = false;
            } else {
                ArrayList arrayList = new ArrayList();
                for (Integer num3 : hashSet2) {
                    if (!((Set) entry.getValue()).contains(num3)) {
                        arrayList.add(num3);
                    }
                }
                Iterator it = arrayList.iterator();
                while (it.hasNext()) {
                    hashSet2.remove((Integer) it.next());
                }
            }
        }
        if (hashSet2.contains(this.ALL_SCOPES)) {
            hashSet2.clear();
            hashSet2.add(this.ALL_SCOPES);
        }
        if (hashSet2.contains(this.NODE_SCOPES)) {
            hashSet2.remove(this.NODE_SCOPES);
            for (Integer num4 : oALSecurityScope.getIDs()) {
                if (!hashSet2.contains(num4)) {
                    hashSet2.add(num4);
                }
            }
        }
        if (hashSet.contains(this.ALL_SCOPES)) {
            hashSet.clear();
            hashSet.add(this.ALL_SCOPES);
        }
        if (hashSet.contains(this.NODE_SCOPES)) {
            hashSet.remove(this.NODE_SCOPES);
            for (Integer num5 : oALSecurityScope.getIDs()) {
                if (!hashSet.contains(num5)) {
                    hashSet.add(num5);
                }
            }
        }
        boolean z2 = false;
        Iterator it2 = hashSet.iterator();
        while (true) {
            if (!it2.hasNext()) {
                break;
            }
            if (!hashSet2.contains((Integer) it2.next())) {
                z2 = true;
                break;
            }
        }
        OALSecurityScope compatibleScope = this.core.globalFactory.createSecurityScope(this.core, this.domainAlias, (List<Integer>) new ArrayList(hashSet2), false, z2).getCompatibleScope(oALSecurityScope);
        return this.core.globalFactory.createSecurityScope(this.core, this.domainAlias, compatibleScope.getIDs(), compatibleScope.isAllScopes(), z2);
    }

    private Map<Integer, DOFPermissionSet> getIntersectedPS(Map<Integer, DOFPermissionSet> map, Map<Integer, DOFPermissionSet> map2) {
        HashSet<Integer> hashSet = new HashSet();
        for (Integer num : map.keySet()) {
            if (map2.containsKey(num)) {
                hashSet.add(num);
            }
        }
        HashMap hashMap = new HashMap();
        for (Integer num2 : hashSet) {
            DOFPermissionSet.Builder builder = new DOFPermissionSet.Builder();
            DOFPermissionSet dOFPermissionSet = map.get(num2);
            DOFPermissionSet dOFPermissionSet2 = map2.get(num2);
            if (dOFPermissionSet == null || dOFPermissionSet2 == null) {
                hashMap.put(num2, builder.build());
            } else {
                for (DOFPermission dOFPermission : dOFPermissionSet.getPermissions()) {
                    if (dOFPermissionSet.isAllowedBy(dOFPermissionSet2)) {
                        builder.addPermission(dOFPermission);
                    }
                }
                hashMap.put(num2, builder.build());
            }
        }
        return hashMap;
    }

    private byte[] getSharedSecret(DOFAuthenticator.AuthenticationNode authenticationNode, Credentials credentials) {
        return getSharedSecret(authenticationNode.getCredentialsStorage(), credentials.getIdentification());
    }

    private byte[] getSharedSecret(DOFAuthenticator.SecureGroupNode secureGroupNode, Credentials credentials) {
        return getSharedSecret(secureGroupNode.getCredentialsStorage(), credentials.getIdentification());
    }

    private byte[] getSharedSecret(DOFAuthenticator.RemoteDomainNode remoteDomainNode, Credentials credentials) {
        return getSharedSecret(remoteDomainNode.getCredentialsStorage(), credentials.getIdentification());
    }

    private byte[] getSharedSecret(DOFAuthenticator.AuthenticationNode authenticationNode, Identification identification) {
        return getSharedSecret(authenticationNode.getCredentialsStorage(), identification);
    }

    private byte[] getSharedSecret(DOFAuthenticator.SecureGroupNode secureGroupNode, Identification identification) {
        return getSharedSecret(secureGroupNode.getCredentialsStorage(), identification);
    }

    private byte[] getSharedSecret(DOFAuthenticator.RemoteDomainNode remoteDomainNode, Identification identification) {
        return getSharedSecret(remoteDomainNode.getCredentialsStorage(), identification);
    }

    private byte[] getSharedSecret(byte[] bArr, Identification identification) {
        if (bArr == null) {
            return null;
        }
        try {
            return identification.getSharedSecret(bArr);
        } catch (DOFSecurityException e) {
            return null;
        }
    }

    private OALSecurityScope removeNodeScopesID(OALSecurityScope oALSecurityScope) {
        List<Integer> iDs = oALSecurityScope.getIDs();
        if (!iDs.contains(this.NODE_SCOPES)) {
            return oALSecurityScope;
        }
        iDs.remove(this.NODE_SCOPES);
        return this.core.globalFactory.createSecurityScope(this.core, oALSecurityScope.getDomainAlias(), iDs, oALSecurityScope.isAllScopes(), oALSecurityScope.isMasking());
    }

    private void encryptKey(byte[] bArr, byte[] bArr2) {
        for (int i = 0; i < bArr.length; i++) {
            bArr[i] = (byte) (bArr[i] ^ bArr2[i]);
        }
    }

    private void validateRemoteTicket(byte[] bArr, LocalDomainRequest localDomainRequest, byte[] bArr2) throws AuthenticationException {
        BufferedPacket bufferedPacket = new BufferedPacket();
        try {
            localDomainRequest.initiator.marshal(DOFMarshalContext.COMMAND, null, bufferedPacket);
            byte[] readBuffer = bufferedPacket.readBuffer();
            int frontBufferSize = bufferedPacket.getFrontBufferSize();
            int length = bufferedPacket.length();
            BufferedPacket bufferedPacket2 = new BufferedPacket();
            bufferedPacket2.putOID(localDomainRequest.relatedID);
            if (!Arrays.equals(EncryptionUtil.hmac_SHA256(bArr, localDomainRequest.remoteDomain, readBuffer, frontBufferSize, length, null, 0, 0, bufferedPacket2.readBuffer(), bufferedPacket2.getFrontBufferSize(), bufferedPacket2.length(), bArr2), localDomainRequest.remoteTicket.mac)) {
                throw new AuthenticationException(AuthenticationException.ACCESS_DENIED);
            }
        } catch (DOFMarshalException e) {
            throw new AuthenticationException(AuthenticationException.INTERNAL_ERROR, e);
        }
    }

    private DOFAuthenticator.AuthenticationNode set_ActAs_Iam_Permissions(DOFAuthenticator.AuthenticationNode authenticationNode) {
        DOFObjectID.Source createAsAssignedOID = DOFUtil.createAsAssignedOID(authenticationNode.getSourceIdentifier(), (byte) 0, (short) 0, 0L);
        Map<Integer, DOFPermissionSet> permissions = authenticationNode.getPermissions();
        DOFPermissionSet dOFPermissionSet = permissions.get(this.ALL_SCOPES);
        if (dOFPermissionSet == null) {
            dOFPermissionSet = permissions.get(this.NODE_SCOPES);
        }
        DOFPermissionSet.Builder builder = new DOFPermissionSet.Builder(dOFPermissionSet);
        builder.addPermission(new DOFPermission.ActAs(createAsAssignedOID));
        builder.addPermission(new DOFPermission.IAm(createAsAssignedOID));
        if (permissions.containsKey(this.ALL_SCOPES)) {
            permissions.put(this.ALL_SCOPES, builder.build());
        } else {
            permissions.put(this.NODE_SCOPES, builder.build());
        }
        return DOFAuthenticator.AuthenticationNode.create(authenticationNode.getNodeID(), authenticationNode.getSourceIdentifier(), authenticationNode.getCredentialsStorage(), permissions, authenticationNode.getGroups(), authenticationNode.isEnabled());
    }

    public static byte[] computeValidA(byte[] bArr, byte[] bArr2) {
        byte[] bArr3 = new byte[40];
        byte[] hmac_SHA256 = EncryptionUtil.hmac_SHA256(bArr, null, bArr2, 0, bArr2.length, null, 0, 0, null, 0, 0, null);
        System.arraycopy(bArr2, 0, bArr3, 0, bArr2.length);
        System.arraycopy(hmac_SHA256, 0, bArr3, bArr2.length, hmac_SHA256.length);
        return bArr3;
    }

    public static byte[] computeValidB(byte[] bArr, byte[] bArr2, byte[] bArr3, byte[] bArr4, DOFObjectID.Domain domain) {
        byte[] bArr5 = new byte[40 + bArr4.length];
        byte[] hmac_SHA256 = EncryptionUtil.hmac_SHA256(bArr, null, bArr2, 0, bArr2.length, bArr3, 0, bArr3.length, bArr4, 0, bArr4.length, domain.getBytes());
        System.arraycopy(bArr3, 0, bArr5, 0, bArr3.length);
        System.arraycopy(bArr4, 0, bArr5, bArr3.length, bArr4.length);
        System.arraycopy(hmac_SHA256, 0, bArr5, bArr3.length + bArr4.length, hmac_SHA256.length);
        return bArr5;
    }

    private static Map<DOFPermission, List<Integer>> convert(Map<Integer, DOFPermissionSet> map) {
        HashMap hashMap = new HashMap();
        for (Map.Entry<Integer, DOFPermissionSet> entry : map.entrySet()) {
            for (DOFPermission dOFPermission : entry.getValue().getPermissions()) {
                if (!hashMap.containsKey(dOFPermission)) {
                    hashMap.put(dOFPermission, new ArrayList());
                }
                if (!((List) hashMap.get(dOFPermission)).contains(entry.getKey())) {
                    ((List) hashMap.get(dOFPermission)).add(entry.getKey());
                }
            }
        }
        return hashMap;
    }
}
