package com.streamr.client.utils;

import com.streamr.client.exceptions.InvalidGroupKeyException;
import com.streamr.client.exceptions.InvalidGroupKeyRequestException;
import com.streamr.client.exceptions.InvalidGroupKeyResetException;
import com.streamr.client.exceptions.InvalidGroupKeyResponseException;
import com.streamr.client.exceptions.UnableToDecryptException;
import com.streamr.client.exceptions.UnableToSetKeysException;
import com.streamr.client.protocol.message_layer.StreamMessage;
import java.io.IOException;
import java.security.interfaces.RSAPublicKey;
import java.time.Clock;
import java.time.Duration;
import java.time.Instant;
import java.time.temporal.TemporalAmount;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Map;
import java.util.function.Consumer;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;

/* loaded from: input_file:com/streamr/client/utils/KeyExchangeUtil.class */
public class KeyExchangeUtil {
    private static final Logger log = LogManager.getLogger();
    private final Clock clock;
    public static final int REVOCATION_THRESHOLD = 5;
    public static final int REVOCATION_DELAY = 10;
    private final KeyStorage keyStorage;
    private final MessageCreationUtil messageCreationUtil;
    private final EncryptionUtil encryptionUtil;
    private final AddressValidityUtil addressValidityUtil;
    private final Consumer<StreamMessage> publishFunction;
    private final SetGroupKeysFunction setGroupKeysFunction;
    private Instant lastCallToCheckRevocation;
    private final HashMap<String, RSAPublicKey> publicKeys;

    @FunctionalInterface
    /* loaded from: input_file:com/streamr/client/utils/KeyExchangeUtil$SetGroupKeysFunction.class */
    public interface SetGroupKeysFunction {
        void apply(String str, String str2, ArrayList<UnencryptedGroupKey> arrayList) throws UnableToSetKeysException;
    }

    public KeyExchangeUtil(KeyStorage keyStorage, MessageCreationUtil messageCreationUtil, EncryptionUtil encryptionUtil, AddressValidityUtil addressValidityUtil, Consumer<StreamMessage> consumer, SetGroupKeysFunction setGroupKeysFunction) {
        this(keyStorage, messageCreationUtil, encryptionUtil, addressValidityUtil, consumer, setGroupKeysFunction, Clock.systemDefaultZone());
    }

    public KeyExchangeUtil(KeyStorage keyStorage, MessageCreationUtil messageCreationUtil, EncryptionUtil encryptionUtil, AddressValidityUtil addressValidityUtil, Consumer<StreamMessage> consumer, SetGroupKeysFunction setGroupKeysFunction, Clock clock) {
        this.lastCallToCheckRevocation = Instant.MIN;
        this.publicKeys = new HashMap<>();
        this.keyStorage = keyStorage;
        this.messageCreationUtil = messageCreationUtil;
        this.encryptionUtil = encryptionUtil;
        this.addressValidityUtil = addressValidityUtil;
        this.publishFunction = consumer;
        this.setGroupKeysFunction = setGroupKeysFunction;
        this.clock = clock;
    }

    public void handleGroupKeyRequest(StreamMessage streamMessage) throws InvalidGroupKeyRequestException {
        ArrayList<UnencryptedGroupKey> arrayList;
        if (streamMessage.getSignature() == null) {
            throw new InvalidGroupKeyRequestException("Received unsigned group key request (the public key must be signed to avoid MitM attacks).");
        }
        try {
            Map<String, Object> content = streamMessage.getContent();
            String str = (String) content.get("streamId");
            String publisherId = streamMessage.getPublisherId();
            if (!this.addressValidityUtil.isValidSubscriber(str, publisherId)) {
                throw new InvalidGroupKeyRequestException("Received group key request for stream '" + str + "' from invalid address '" + publisherId + "'");
            }
            if (content.containsKey("range")) {
                Map map = (Map) content.get("range");
                arrayList = this.keyStorage.getKeysBetween(str, ((Double) map.get("start")).longValue(), ((Double) map.get("end")).longValue());
            } else {
                arrayList = new ArrayList<>();
                UnencryptedGroupKey latestKey = this.keyStorage.getLatestKey(str);
                if (latestKey != null) {
                    arrayList.add(latestKey);
                }
            }
            if (arrayList.isEmpty()) {
                throw new InvalidGroupKeyRequestException("Received group key request for stream '" + str + "' but no group key is set");
            }
            ArrayList arrayList2 = new ArrayList();
            String str2 = (String) content.get("publicKey");
            try {
                EncryptionUtil.validatePublicKey(str2);
                RSAPublicKey publicKeyFromString = EncryptionUtil.getPublicKeyFromString(str2);
                Iterator<UnencryptedGroupKey> it = arrayList.iterator();
                while (it.hasNext()) {
                    arrayList2.add(it.next().getEncrypted(publicKeyFromString));
                }
                this.publicKeys.put(publisherId, publicKeyFromString);
                this.publishFunction.accept(this.messageCreationUtil.createGroupKeyResponse(publisherId, str, arrayList2));
            } catch (Exception e) {
                throw new InvalidGroupKeyRequestException(e.getMessage());
            }
        } catch (IOException e2) {
            log.error(e2);
        }
    }

    public void handleGroupKeyResponse(StreamMessage streamMessage) throws InvalidGroupKeyResponseException {
        if (streamMessage.getSignature() == null) {
            throw new InvalidGroupKeyResponseException("Received unsigned group key response (it must be signed to avoid MitM attacks).");
        }
        try {
            Map<String, Object> content = streamMessage.getContent();
            String str = (String) content.get("streamId");
            if (!this.addressValidityUtil.isValidPublisher(str, streamMessage.getPublisherId())) {
                throw new InvalidGroupKeyResponseException("Received group key from an invalid publisher " + streamMessage.getPublisherId() + " for stream " + str);
            }
            ArrayList<UnencryptedGroupKey> arrayList = new ArrayList<>();
            Iterator it = ((ArrayList) content.get("keys")).iterator();
            while (it.hasNext()) {
                try {
                    arrayList.add(EncryptedGroupKey.fromMap((Map) it.next()).getDecrypted(this.encryptionUtil));
                } catch (InvalidGroupKeyException | UnableToDecryptException e) {
                    throw new InvalidGroupKeyResponseException(e.getMessage());
                }
            }
            try {
                this.setGroupKeysFunction.apply(str, streamMessage.getPublisherId(), arrayList);
            } catch (UnableToSetKeysException e2) {
                throw new InvalidGroupKeyResponseException(e2.getMessage());
            }
        } catch (IOException e3) {
            log.error(e3);
        }
    }

    public void handleGroupKeyReset(StreamMessage streamMessage) throws InvalidGroupKeyResetException {
        if (streamMessage.getSignature() == null) {
            throw new InvalidGroupKeyResetException("Received unsigned group key reset (it must be signed to avoid MitM attacks).");
        }
        try {
            Map<String, Object> content = streamMessage.getContent();
            String str = (String) content.get("streamId");
            if (!this.addressValidityUtil.isValidPublisher(str, streamMessage.getPublisherId())) {
                throw new InvalidGroupKeyResetException("Received group key reset from an invalid publisher " + streamMessage.getPublisherId() + " for stream " + str);
            }
            try {
                UnencryptedGroupKey decrypted = EncryptedGroupKey.fromMap(content).getDecrypted(this.encryptionUtil);
                ArrayList<UnencryptedGroupKey> arrayList = new ArrayList<>();
                arrayList.add(decrypted);
                try {
                    this.setGroupKeysFunction.apply(str, streamMessage.getPublisherId(), arrayList);
                } catch (UnableToSetKeysException e) {
                    throw new InvalidGroupKeyResetException(e.getMessage());
                }
            } catch (InvalidGroupKeyException | UnableToDecryptException e2) {
                throw new InvalidGroupKeyResetException(e2.getMessage());
            }
        } catch (IOException e3) {
            log.error(e3);
        }
    }

    public boolean keyRevocationNeeded(String str) {
        Instant instant = this.clock.instant();
        boolean z = false;
        if (this.lastCallToCheckRevocation.plus((TemporalAmount) Duration.ofMinutes(10L)).isBefore(instant)) {
            z = this.addressValidityUtil.nbSubscribersToRevoke(str) >= 5;
        }
        this.lastCallToCheckRevocation = instant;
        return z;
    }

    public void rekey(String str, boolean z) {
        UnencryptedGroupKey genGroupKey = EncryptionUtil.genGroupKey();
        HashSet<String> subscribersSet = this.addressValidityUtil.getSubscribersSet(str, z);
        HashSet hashSet = new HashSet();
        for (String str2 : this.publicKeys.keySet()) {
            if (subscribersSet.contains(str2)) {
                this.publishFunction.accept(this.messageCreationUtil.createGroupKeyReset(str2, str, genGroupKey.getEncrypted(this.publicKeys.get(str2))));
            } else {
                hashSet.add(str2);
            }
        }
        HashMap<String, RSAPublicKey> hashMap = this.publicKeys;
        hashMap.getClass();
        hashSet.forEach((v1) -> {
            r1.remove(v1);
        });
        this.keyStorage.addKey(str, genGroupKey);
    }
}
