package net.i2p.router.tunnel.pool;

import java.util.List;
import net.i2p.I2PAppContext;
import net.i2p.crypto.ChaCha20;
import net.i2p.data.Base64;
import net.i2p.data.DataHelper;
import net.i2p.data.Hash;
import net.i2p.data.SessionKey;
import net.i2p.data.i2np.BuildResponseRecord;
import net.i2p.data.i2np.EncryptedBuildRecord;
import net.i2p.data.i2np.TunnelBuildReplyMessage;
import net.i2p.router.tunnel.TunnelCreatorConfig;
import net.i2p.util.Log;
import net.i2p.util.SimpleByteCache;

/* loaded from: classes.dex */
class BuildReplyHandler {
    private final I2PAppContext ctx;
    private final Log log;

    public BuildReplyHandler(I2PAppContext i2PAppContext) {
        this.ctx = i2PAppContext;
        this.log = this.ctx.logManager().getLog(BuildReplyHandler.class);
    }

    private int decryptRecord(TunnelBuildReplyMessage tunnelBuildReplyMessage, TunnelCreatorConfig tunnelCreatorConfig, int i, int i2) {
        byte[] bArr;
        int i3;
        int i4;
        EncryptedBuildRecord record = tunnelBuildReplyMessage.getRecord(i);
        int type = tunnelBuildReplyMessage.getType();
        if (record == null) {
            if (this.log.shouldWarn()) {
                this.log.warn("Missing record " + i);
            }
            return -1;
        }
        byte[] data = record.getData();
        int length = tunnelCreatorConfig.getLength() - 1;
        if (tunnelCreatorConfig.isInbound()) {
            length--;
        }
        boolean isEC = tunnelCreatorConfig.isEC(i2);
        int i5 = isEC ? i2 + 1 : i2;
        boolean z = (type == 26) || type == 999;
        if (z) {
            byte[] bArr2 = new byte[12];
            int i6 = length;
            while (i6 >= i5) {
                byte[] data2 = tunnelCreatorConfig.getChaChaReplyKey(i6).getData();
                if (this.log.shouldDebug()) {
                    Log log = this.log;
                    StringBuilder sb = new StringBuilder();
                    i4 = i5;
                    sb.append(tunnelBuildReplyMessage.getUniqueId());
                    sb.append(": Decrypting ChaCha record ");
                    sb.append(i);
                    sb.append("/");
                    sb.append(i2);
                    sb.append("/");
                    sb.append(i6);
                    sb.append(" with replyKey ");
                    sb.append(Base64.encode(data2));
                    sb.append(" : ");
                    sb.append(tunnelCreatorConfig);
                    log.debug(sb.toString());
                } else {
                    i4 = i5;
                }
                bArr2[4] = (byte) i;
                ChaCha20.encrypt(data2, bArr2, data, 0, data, 0, 218);
                i6--;
                i5 = i4;
                bArr2 = bArr2;
            }
            bArr = data;
        } else {
            int i7 = i5;
            int i8 = length;
            while (i8 >= i7) {
                SessionKey aESReplyKey = tunnelCreatorConfig.getAESReplyKey(i8);
                byte[] aESReplyIV = tunnelCreatorConfig.getAESReplyIV(i8);
                if (this.log.shouldDebug()) {
                    this.log.debug(tunnelBuildReplyMessage.getUniqueId() + ": Decrypting AES record " + i + "/" + i2 + "/" + i8 + " with replyKey " + aESReplyKey.toBase64() + "/" + Base64.encode(aESReplyIV) + ": " + tunnelCreatorConfig);
                }
                this.ctx.aes().decrypt(data, 0, data, 0, aESReplyKey, aESReplyIV, 0, data.length);
                i8--;
                data = data;
            }
            bArr = data;
        }
        if (isEC) {
            SessionKey chaChaReplyKey = tunnelCreatorConfig.getChaChaReplyKey(i2);
            byte[] chaChaReplyAD = tunnelCreatorConfig.getChaChaReplyAD(i2);
            if (this.log.shouldDebug()) {
                this.log.debug(tunnelBuildReplyMessage.getUniqueId() + ": Decrypting chacha/poly record " + i + "/" + i2 + " with replyKey " + chaChaReplyKey.toBase64() + "/" + Base64.encode(chaChaReplyAD) + ": " + tunnelCreatorConfig);
            }
            if (!(z ? BuildResponseRecord.decrypt(record, chaChaReplyKey, chaChaReplyAD, i) : BuildResponseRecord.decrypt(record, chaChaReplyKey, chaChaReplyAD))) {
                if (!this.log.shouldWarn()) {
                    return -1;
                }
                this.log.debug(tunnelBuildReplyMessage.getUniqueId() + ": chacha reply decrypt fail on " + i + "/" + i2);
                return -1;
            }
            i3 = bArr[record.length() - 17] & 255;
        } else {
            byte[] bArr3 = bArr;
            byte[] acquire = SimpleByteCache.acquire(32);
            this.ctx.sha().calculateHash(bArr3, 32, 496, acquire, 0);
            if (!DataHelper.eq(acquire, 0, bArr3, 0, 32)) {
                if (this.log.shouldWarn()) {
                    this.log.warn(tunnelBuildReplyMessage.getUniqueId() + ": sha256 reply verify fail on " + i + "/" + i2 + ": " + Base64.encode(acquire) + " calculated, " + Base64.encode(bArr3, 0, 32) + " expected\nRecord: " + Base64.encode(bArr3, 32, 496));
                }
                SimpleByteCache.release(acquire);
                return -1;
            }
            SimpleByteCache.release(acquire);
            i3 = bArr3[527] & 255;
        }
        if (this.log.shouldLog(10)) {
            this.log.debug(tunnelBuildReplyMessage.getUniqueId() + ": Verified: " + i3 + " for record " + i + "/" + i2);
        }
        return i3;
    }

    public int[] decrypt(TunnelBuildReplyMessage tunnelBuildReplyMessage, TunnelCreatorConfig tunnelCreatorConfig, List<Integer> list) {
        if (tunnelBuildReplyMessage.getRecordCount() != list.size()) {
            this.log.error("Corrupted build reply, expected " + list.size() + " records, got " + tunnelBuildReplyMessage.getRecordCount());
            return null;
        }
        int[] iArr = new int[tunnelBuildReplyMessage.getRecordCount()];
        for (int i = 0; i < iArr.length; i++) {
            int intValue = list.get(i).intValue();
            if (BuildMessageGenerator.isBlank(tunnelCreatorConfig, intValue)) {
                if (this.log.shouldLog(10)) {
                    this.log.debug(tunnelBuildReplyMessage.getUniqueId() + ": skipping record " + i + "/" + intValue + " for: " + tunnelCreatorConfig);
                }
                if (tunnelCreatorConfig.isInbound() && intValue + 1 == tunnelCreatorConfig.getLength()) {
                    byte[] bArr = new byte[32];
                    byte[] data = tunnelBuildReplyMessage.getRecord(i).getData();
                    this.ctx.sha().calculateHash(data, 0, data.length, bArr, 0);
                    Hash blankHash = tunnelCreatorConfig.getBlankHash();
                    if (blankHash == null || !DataHelper.eq(bArr, blankHash.getData())) {
                        if (this.log.shouldWarn()) {
                            this.log.warn("IBEP record corrupt on " + tunnelCreatorConfig);
                        }
                        return null;
                    }
                    iArr[i] = 0;
                } else {
                    iArr[i] = 0;
                }
            } else {
                int decryptRecord = decryptRecord(tunnelBuildReplyMessage, tunnelCreatorConfig, i, intValue);
                if (decryptRecord == -1) {
                    if (this.log.shouldLog(30)) {
                        this.log.warn(tunnelBuildReplyMessage.getUniqueId() + ": decrypt record " + i + "/" + intValue + " fail: " + tunnelCreatorConfig);
                    }
                    return null;
                }
                if (this.log.shouldLog(10)) {
                    this.log.debug(tunnelBuildReplyMessage.getUniqueId() + ": decrypt record " + i + "/" + intValue + " success: " + decryptRecord + " for " + tunnelCreatorConfig);
                }
                iArr[i] = decryptRecord;
            }
        }
        return iArr;
    }
}
