package org.drasyl.peer.connection.handler;

import io.netty.channel.ChannelHandlerContext;
import io.netty.channel.ChannelPromise;
import java.security.PublicKey;
import org.drasyl.crypto.Crypto;
import org.drasyl.crypto.CryptoException;
import org.drasyl.identity.CompressedPublicKey;
import org.drasyl.identity.Identity;
import org.drasyl.peer.connection.PeerChannelGroup;
import org.drasyl.peer.connection.message.Message;
import org.drasyl.peer.connection.message.SignedMessage;
import org.drasyl.peer.connection.message.StatusMessage;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/drasyl/peer/connection/handler/SignatureHandler.class */
public class SignatureHandler extends SimpleChannelDuplexHandler<Message, Message> {
    public static final String SIGNATURE_HANDLER = "signatureHandler";
    private static final Logger LOG = LoggerFactory.getLogger(SignatureHandler.class);
    private final Identity identity;

    public SignatureHandler(Identity identity) {
        super(true, true, false);
        this.identity = identity;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.drasyl.peer.connection.handler.SimpleChannelDuplexHandler
    public void channelRead0(ChannelHandlerContext channelHandlerContext, Message message) {
        if ((message instanceof SignedMessage) && ((SignedMessage) message).getKid() != null && ((SignedMessage) message).getSignature() != null) {
            inboundSafeguards(channelHandlerContext, (SignedMessage) message);
        } else if (LOG.isDebugEnabled()) {
            LOG.debug("[{}]: Dropped not signed message `{}`", channelHandlerContext.channel().id().asShortText(), message);
        }
    }

    private void inboundSafeguards(ChannelHandlerContext channelHandlerContext, SignedMessage signedMessage) {
        PublicKey extractPublicKey = extractPublicKey(signedMessage);
        if (channelHandlerContext.channel().hasAttr(PeerChannelGroup.ATTRIBUTE_PUBLIC_KEY)) {
            CompressedPublicKey compressedPublicKey = (CompressedPublicKey) channelHandlerContext.channel().attr(PeerChannelGroup.ATTRIBUTE_PUBLIC_KEY).get();
            if (!compressedPublicKey.equals(signedMessage.getKid())) {
                if (LOG.isInfoEnabled()) {
                    LOG.info("[{}]: Sender public key `{}`, and the associated channel public key `{}` are not identical. Maybe a MITM attack. Message `{}` was dropped.", new Object[]{channelHandlerContext.channel().id().asShortText(), signedMessage.getKid(), compressedPublicKey, signedMessage});
                    return;
                }
                return;
            }
        }
        if (extractPublicKey == null) {
            if (LOG.isInfoEnabled()) {
                LOG.info("[{}]: Could not find a matching public key for the message `{}`.", channelHandlerContext.channel().id().asShortText(), signedMessage);
            }
        } else {
            if (Crypto.verifySignature(extractPublicKey, signedMessage)) {
                channelHandlerContext.fireChannelRead(signedMessage.getPayload());
                return;
            }
            channelWrite0(channelHandlerContext, (Message) new StatusMessage(StatusMessage.Code.STATUS_INVALID_SIGNATURE, signedMessage.getPayload().getId()), channelHandlerContext.channel().newPromise());
            if (LOG.isInfoEnabled()) {
                LOG.info("[{}]: Signature of the message `{}` was invalid.", channelHandlerContext.channel().id().asShortText(), signedMessage);
            }
        }
    }

    private static PublicKey extractPublicKey(SignedMessage signedMessage) {
        CompressedPublicKey kid = signedMessage.getKid();
        if (kid == null) {
            return null;
        }
        try {
            return kid.toUncompressedKey();
        } catch (CryptoException e) {
            if (!LOG.isDebugEnabled()) {
                return null;
            }
            LOG.debug("Can't decompress public key due to the following error: ", e);
            return null;
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.drasyl.peer.connection.handler.SimpleChannelDuplexHandler
    public void channelWrite0(ChannelHandlerContext channelHandlerContext, Message message, ChannelPromise channelPromise) {
        try {
            SignedMessage signedMessage = new SignedMessage(message, this.identity.getPublicKey());
            Crypto.sign(this.identity.getPrivateKey().toUncompressedKey(), signedMessage);
            channelHandlerContext.write(signedMessage, channelPromise);
            if (LOG.isTraceEnabled()) {
                LOG.trace("[{}]: Signed the message `{}`", channelHandlerContext.channel().id().asShortText(), message);
            }
        } catch (CryptoException e) {
            channelPromise.setFailure(e);
            if (LOG.isDebugEnabled()) {
                LOG.debug("[{}]: Can't sign message `{}` due to the following error: ", new Object[]{channelHandlerContext.channel().id().asShortText(), message, e});
            }
        }
    }
}
