package org.openmuc.jdlms.internal.association;

import java.io.IOException;
import java.util.Arrays;
import java.util.HashSet;
import java.util.Map;
import java.util.Set;
import org.openmuc.jdlms.AuthenticationMechanism;
import org.openmuc.jdlms.ConformanceSetting;
import org.openmuc.jdlms.LogicalDevice;
import org.openmuc.jdlms.SecuritySuite;
import org.openmuc.jdlms.internal.APdu;
import org.openmuc.jdlms.internal.AssociateSourceDiagnostic;
import org.openmuc.jdlms.internal.ConformanceSettingConverter;
import org.openmuc.jdlms.internal.ContextId;
import org.openmuc.jdlms.internal.DataDirectoryImpl;
import org.openmuc.jdlms.internal.ObjectIdentifier;
import org.openmuc.jdlms.internal.ServerConnectionData;
import org.openmuc.jdlms.internal.asn1.cosem.COSEMpdu;
import org.openmuc.jdlms.internal.asn1.cosem.Conformance;
import org.openmuc.jdlms.internal.asn1.cosem.InitiateRequest;
import org.openmuc.jdlms.internal.asn1.iso.acse.AARQApdu;
import org.openmuc.jdlms.internal.asn1.iso.acse.ACSEApdu;
import org.openmuc.jdlms.internal.asn1.iso.acse.MechanismName;
import org.openmuc.jdlms.internal.security.RandomSequenceGenerator;

/* compiled from: InitialMessageProcessor.java */
/* loaded from: input_file:org/openmuc/jdlms/internal/association/InitiateMessageProcessor.class */
class InitiateMessageProcessor {
    private final ServerConnectionData connectionData;
    private final DataDirectoryImpl.CosemLogicalDevice cosemLogicalDevice;
    private final LogicalDevice logicalDevice;
    private ContextId contextId;

    public InitiateMessageProcessor(ServerConnectionData serverConnectionData, DataDirectoryImpl.CosemLogicalDevice cosemLogicalDevice) {
        this.connectionData = serverConnectionData;
        this.cosemLogicalDevice = cosemLogicalDevice;
        this.logicalDevice = cosemLogicalDevice.getLogicalDevice();
        this.connectionData.setSecuritySuite(cosemLogicalDevice.getLogicalDevice().getRestrictions().get(Integer.valueOf(this.connectionData.getClientId())));
    }

    public ContextId getContextId() {
        return this.contextId;
    }

    public APdu processInitialMessage(byte[] bArr) throws IOException {
        SecuritySuite securitySuite = this.connectionData.getSecuritySuite();
        if (this.cosemLogicalDevice == null) {
            throw new AssociatRequestException(AssociateSourceDiagnostic.AcseServiceUser.NO_REASON_GIVEN);
        }
        Map<Integer, SecuritySuite> restrictions = this.logicalDevice.getRestrictions();
        APdu decode = APdu.decode(bArr, null);
        this.contextId = ObjectIdentifier.applicationContextIdFrom(decode.getAcseAPdu().getAarq().getApplicationContextName());
        if (restrictions.isEmpty()) {
            this.connectionData.setAuthenticated();
            this.connectionData.setSecuritySuite(SecuritySuite.builder().build());
            return new InitiateResponseBuilder(ConformanceSettingConverter.conformanceFor(this.logicalDevice.getConformance())).setContextId(this.contextId).build();
        }
        if (securitySuite == null) {
            throw new AssociatRequestException(AssociateSourceDiagnostic.AcseServiceUser.NO_REASON_GIVEN);
        }
        if (securitySuite.getEncryptionMechanism() != SecuritySuite.EncryptionMechanism.NONE) {
            this.connectionData.setClientSystemTitle(systemTitle());
            decode = APdu.decode(bArr, this.connectionData.getClientSystemTitle(), securitySuite, null);
        }
        if (decode.getCosemPdu() == null) {
            throw new AssociatRequestException(AssociateSourceDiagnostic.AcseServiceUser.NO_REASON_GIVEN);
        }
        COSEMpdu cosemPdu = decode.getCosemPdu();
        if (cosemPdu.getChoiceIndex() != COSEMpdu.Choices.INITIATEREQUEST) {
            throw new AssociatRequestException(AssociateSourceDiagnostic.AcseServiceUser.NO_REASON_GIVEN);
        }
        InitiateRequest initiateRequest = cosemPdu.initiateRequest;
        this.connectionData.setClientMaxReceivePduSize(initiateRequest.clientMaxReceivePduSize.getValue() & 65535);
        Conformance negotiateConformance = negotiateConformance(initiateRequest);
        ACSEApdu acseAPdu = decode.getAcseAPdu();
        if (acseAPdu == null) {
            throw new AssociatRequestException(AssociateSourceDiagnostic.AcseServiceUser.NO_REASON_GIVEN);
        }
        return tryToAuthenticate(acseAPdu.getAarq(), securitySuite, negotiateConformance);
    }

    private Conformance negotiateConformance(InitiateRequest initiateRequest) {
        Set<ConformanceSetting> conformanceSettingFor = ConformanceSettingConverter.conformanceSettingFor(initiateRequest.proposedConformance);
        HashSet hashSet = new HashSet(this.logicalDevice.getConformance());
        hashSet.retainAll(conformanceSettingFor);
        return ConformanceSettingConverter.conformanceFor(hashSet);
    }

    private static void checkChallangeLength(int i) throws AssociatRequestException {
        if (i < 8 || i > 64) {
            throw new AssociatRequestException(AssociateSourceDiagnostic.AcseServiceUser.AUTHENTICATION_FAILURE);
        }
    }

    private APdu tryToAuthenticate(AARQApdu aARQApdu, SecuritySuite securitySuite, Conformance conformance) throws IOException {
        InitiateResponseBuilder initiateResponseBuilder = new InitiateResponseBuilder(conformance);
        MechanismName mechanismName = aARQApdu.getMechanismName();
        AuthenticationMechanism authenticationMechanism = AuthenticationMechanism.NONE;
        if (mechanismName != null) {
            authenticationMechanism = ObjectIdentifier.mechanismIdFrom(mechanismName);
        }
        if (authenticationMechanism != securitySuite.getAuthenticationMechanism()) {
            throw new AssociatRequestException(AssociateSourceDiagnostic.AcseServiceUser.AUTHENTICATION_FAILURE);
        }
        if (authenticationMechanism == AuthenticationMechanism.NONE && securitySuite.getAuthenticationMechanism() == AuthenticationMechanism.NONE) {
            this.connectionData.setAuthenticated();
            return initiateResponseBuilder.setContextId(this.contextId).build();
        }
        this.connectionData.setClientToServerChallenge(aARQApdu.getCallingAuthenticationValue().getCharstring().value);
        switch (authenticationMechanism) {
            case LOW:
                return processLowAuthentciationRequest(initiateResponseBuilder, aARQApdu, securitySuite.getPassword());
            case HLS5_GMAC:
                return processHls5GmacAuthentciationRequest(initiateResponseBuilder, aARQApdu);
            default:
                throw new AssociatRequestException(AssociateSourceDiagnostic.AcseServiceUser.APPLICATION_CONTEXT_NAME_NOT_SUPPORTED);
        }
    }

    private APdu processHls5GmacAuthentciationRequest(InitiateResponseBuilder initiateResponseBuilder, AARQApdu aARQApdu) throws IOException {
        byte[] clientToServerChallenge = this.connectionData.getClientToServerChallenge();
        this.connectionData.setClientSystemTitle(aARQApdu.getCallingAPTitle().getApTitleForm2().value);
        int length = clientToServerChallenge.length;
        checkChallangeLength(length);
        byte[] generateNewChallenge = RandomSequenceGenerator.generateNewChallenge(length);
        this.connectionData.setServerToClientChallenge(generateNewChallenge);
        return initiateResponseBuilder.setContextId(this.contextId).setAuthenticationValue(generateNewChallenge).setSystemTitle(systemTitle()).build();
    }

    private APdu processLowAuthentciationRequest(InitiateResponseBuilder initiateResponseBuilder, AARQApdu aARQApdu, byte[] bArr) throws AssociatRequestException {
        if (!Arrays.equals(aARQApdu.getCallingAuthenticationValue().getCharstring().value, bArr)) {
            throw new AssociatRequestException(AssociateSourceDiagnostic.AcseServiceUser.AUTHENTICATION_FAILURE);
        }
        this.connectionData.setAuthenticated();
        return initiateResponseBuilder.build();
    }

    private byte[] systemTitle() {
        return this.logicalDevice.getSystemTitle();
    }
}
