package org.openmuc.jdlms.internal.lnassociation;

import java.io.IOException;
import java.util.Arrays;
import java.util.Map;
import org.openmuc.jdlms.AuthenticationMechanism;
import org.openmuc.jdlms.LogicalDevice;
import org.openmuc.jdlms.SecuritySuite;
import org.openmuc.jdlms.internal.APdu;
import org.openmuc.jdlms.internal.AssociateSourceDiagnostic;
import org.openmuc.jdlms.internal.ContextId;
import org.openmuc.jdlms.internal.DataDirectory;
import org.openmuc.jdlms.internal.ObjectIdentifier;
import org.openmuc.jdlms.internal.ServerConnectionData;
import org.openmuc.jdlms.internal.asn1.cosem.COSEMpdu;
import org.openmuc.jdlms.internal.asn1.cosem.Conformance;
import org.openmuc.jdlms.internal.asn1.cosem.InitiateRequest;
import org.openmuc.jdlms.internal.asn1.iso.acse.AARQ_apdu;
import org.openmuc.jdlms.internal.asn1.iso.acse.ACSE_apdu;
import org.openmuc.jdlms.internal.asn1.iso.acse.Mechanism_name;
import org.openmuc.jdlms.internal.security.HlsProcessorGmac;
import org.openmuc.jdlms.internal.security.RandomSequenceGenerator;

/* loaded from: input_file:org/openmuc/jdlms/internal/lnassociation/InitialmessageProcessor.class */
public class InitialmessageProcessor {
    private final ServerConnectionData connectionData;
    private final DataDirectory.DlmsLogicalDevice dlmsLogicalDevice;
    private final LogicalDevice logicalDevice;

    public InitialmessageProcessor(ServerConnectionData serverConnectionData, DataDirectory.DlmsLogicalDevice dlmsLogicalDevice) {
        this.connectionData = serverConnectionData;
        this.dlmsLogicalDevice = dlmsLogicalDevice;
        this.logicalDevice = dlmsLogicalDevice.getLogicalDevice();
        Map<Integer, SecuritySuite> restrictions = dlmsLogicalDevice.getLogicalDevice().getRestrictions();
        this.connectionData.securitySuite = restrictions.get(Integer.valueOf(this.connectionData.clientId));
    }

    public APdu processInitialMessage(byte[] bArr) throws IOException, GenericAssociationException {
        InitialResponseBuilder initialResponseBuilder = new InitialResponseBuilder(conformance());
        if (this.dlmsLogicalDevice == null) {
            throw new AssociatRequestException(AssociateSourceDiagnostic.AcseServiceUser.NO_REASON_GIVEN);
        }
        if (this.dlmsLogicalDevice.getLogicalDevice().getRestrictions().isEmpty()) {
            this.connectionData.authenticated = true;
            this.connectionData.securitySuite = SecuritySuite.builder().build();
            return initialResponseBuilder.setContextId(ContextId.LOGICAL_NAME_REFERENCING_NO_CIPHERING).build();
        }
        SecuritySuite securitySuite = this.connectionData.securitySuite;
        if (securitySuite == null) {
            throw new AssociatRequestException(AssociateSourceDiagnostic.AcseServiceUser.NO_REASON_GIVEN);
        }
        APdu decodeAPdu = decodeAPdu(bArr, securitySuite);
        if (decodeAPdu.cosemPdu == null) {
            throw new AssociatRequestException(AssociateSourceDiagnostic.AcseServiceUser.NO_REASON_GIVEN);
        }
        COSEMpdu cOSEMpdu = decodeAPdu.cosemPdu;
        if (cOSEMpdu.getChoiceIndex() != COSEMpdu.Choices.INITIATEREQUEST) {
            throw new AssociatRequestException(AssociateSourceDiagnostic.AcseServiceUser.NO_REASON_GIVEN);
        }
        InitiateRequest initiateRequest = cOSEMpdu.initiateRequest;
        this.connectionData.clientMaxReceivePduSize = initiateRequest.client_max_receive_pdu_size.getValue() & 65535;
        ACSE_apdu aCSE_apdu = decodeAPdu.acseAPdu;
        if (aCSE_apdu == null) {
            throw new AssociatRequestException(AssociateSourceDiagnostic.AcseServiceUser.NO_REASON_GIVEN);
        }
        return tryToAuthenticate(initialResponseBuilder, aCSE_apdu.aarq, securitySuite);
    }

    private APdu decodeAPdu(byte[] bArr, SecuritySuite securitySuite) throws IOException {
        APdu decode;
        if (securitySuite.getEncryptionMechanism() != SecuritySuite.EncryptionMechanism.NONE) {
            if (this.connectionData.clientSystemTitle == null) {
                this.connectionData.clientSystemTitle = systemTitle();
            }
            decode = APdu.decode(bArr, this.connectionData.clientSystemTitle, this.connectionData.frameCounter, securitySuite);
        } else {
            decode = APdu.decode(bArr);
        }
        return decode;
    }

    private void checkContextId(ContextId contextId) throws AssociatRequestException {
        if (contextId == ContextId.SHORT_NAME_REFERENCING_NO_CIPHERING || contextId == ContextId.SHORT_NAME_REFERENCING_WITH_CIPHERING) {
            throw new AssociatRequestException(AssociateSourceDiagnostic.AcseServiceUser.APPLICATION_CONTEXT_NAME_NOT_SUPPORTED);
        }
    }

    private APdu tryToAuthenticate(InitialResponseBuilder initialResponseBuilder, AARQ_apdu aARQ_apdu, SecuritySuite securitySuite) throws AssociatRequestException, IOException {
        ContextId applicationContextIdFor = ObjectIdentifier.applicationContextIdFor(aARQ_apdu.application_context_name);
        checkContextId(applicationContextIdFor);
        Mechanism_name mechanism_name = aARQ_apdu.mechanism_name;
        if (mechanism_name == null && securitySuite.getAuthenticationMechanism() != AuthenticationMechanism.NONE) {
            throw new AssociatRequestException(AssociateSourceDiagnostic.AcseServiceUser.AUTHENTICATION_MECHANISM_NAME_REQUIRED);
        }
        if (mechanism_name == null && securitySuite.getAuthenticationMechanism() == AuthenticationMechanism.NONE) {
            this.connectionData.authenticated = true;
            return initialResponseBuilder.build();
        }
        if (mechanism_name == null) {
            throw new AssociatRequestException(AssociateSourceDiagnostic.AcseServiceUser.NO_REASON_GIVEN);
        }
        AuthenticationMechanism mechanismIdFor = ObjectIdentifier.mechanismIdFor(mechanism_name);
        if (mechanismIdFor == AuthenticationMechanism.NONE) {
            throw new AssociatRequestException(AssociateSourceDiagnostic.AcseServiceUser.AUTHENTICATION_REQUIRED);
        }
        this.connectionData.clientToServerChallenge = aARQ_apdu.calling_authentication_value.charstring.value;
        if (applicationContextIdFor == ContextId.LOGICAL_NAME_REFERENCING_WITH_CIPHERING) {
        }
        if (mechanismIdFor == AuthenticationMechanism.NONE && securitySuite.getAuthenticationMechanism() != AuthenticationMechanism.NONE) {
            this.connectionData.authenticated = true;
            return initialResponseBuilder.setContextId(ContextId.LOGICAL_NAME_REFERENCING_NO_CIPHERING).build();
        }
        if (mechanismIdFor != securitySuite.getAuthenticationMechanism()) {
            throw new AssociatRequestException(AssociateSourceDiagnostic.AcseServiceUser.AUTHENTICATION_FAILURE);
        }
        switch (mechanismIdFor) {
            case LOW:
                return processLowAuthentciationRequest(aARQ_apdu, securitySuite.getPassword());
            case HLS5_GMAC:
                return processHls5GmacAuthentciationRequest(aARQ_apdu, securitySuite);
            default:
                throw new AssociatRequestException(AssociateSourceDiagnostic.AcseServiceUser.APPLICATION_CONTEXT_NAME_NOT_SUPPORTED);
        }
    }

    private APdu processHls5GmacAuthentciationRequest(AARQ_apdu aARQ_apdu, SecuritySuite securitySuite) throws IOException, AssociatRequestException {
        byte[] bArr = this.connectionData.clientToServerChallenge;
        this.connectionData.clientSystemTitle = aARQ_apdu.calling_AP_title.ap_title_form2.value;
        byte[] bArr2 = this.connectionData.clientSystemTitle;
        int length = bArr.length;
        checkChallangeLength(length);
        this.connectionData.frameCounter = 1;
        byte[] generate = RandomSequenceGenerator.generate(length);
        HlsProcessorGmac hlsProcessorGmac = new HlsProcessorGmac();
        ServerConnectionData serverConnectionData = this.connectionData;
        byte[] authenticationKey = securitySuite.getAuthenticationKey();
        byte[] globalUnicastEncryptionKey = securitySuite.getGlobalUnicastEncryptionKey();
        ServerConnectionData serverConnectionData2 = this.connectionData;
        int i = serverConnectionData2.frameCounter + 1;
        serverConnectionData2.frameCounter = i;
        serverConnectionData.processedServerToClientChallenge = hlsProcessorGmac.process(generate, authenticationKey, globalUnicastEncryptionKey, bArr2, i);
        return new InitialResponseBuilder(conformance()).setContextId(ContextId.LOGICAL_NAME_REFERENCING_NO_CIPHERING).setAuthenticationValue(generate).setSystemTitle(systemTitle()).build();
    }

    private void checkChallangeLength(int i) throws AssociatRequestException {
        if (i < 8 || i > 64) {
            throw new AssociatRequestException(AssociateSourceDiagnostic.AcseServiceUser.AUTHENTICATION_FAILURE);
        }
    }

    private APdu processLowAuthentciationRequest(AARQ_apdu aARQ_apdu, byte[] bArr) throws AssociatRequestException {
        if (!Arrays.equals(aARQ_apdu.calling_authentication_value.charstring.value, bArr)) {
            throw new AssociatRequestException(AssociateSourceDiagnostic.AcseServiceUser.AUTHENTICATION_FAILURE);
        }
        this.connectionData.authenticated = true;
        return new InitialResponseBuilder(conformance()).build();
    }

    private Conformance conformance() {
        return this.logicalDevice.getConformance();
    }

    private byte[] systemTitle() {
        return this.logicalDevice.getSystemTitle();
    }
}
