package com.streamr.client.utils;

import com.streamr.client.exceptions.KeyAlreadyExistsException;
import com.streamr.client.protocol.message_layer.AbstractGroupKeyMessage;
import com.streamr.client.protocol.message_layer.GroupKeyAnnounce;
import com.streamr.client.protocol.message_layer.GroupKeyRequest;
import com.streamr.client.protocol.message_layer.GroupKeyResponse;
import com.streamr.client.protocol.message_layer.StreamMessage;
import java.time.Clock;
import java.time.Duration;
import java.time.Instant;
import java.time.temporal.TemporalAmount;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Collections;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Objects;
import java.util.Set;
import java.util.function.Consumer;
import java.util.stream.Collectors;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/streamr/client/utils/KeyExchangeUtil.class */
public class KeyExchangeUtil {
    private static final Logger log = LoggerFactory.getLogger(KeyExchangeUtil.class);
    private final Clock clock;
    public static final int REVOCATION_THRESHOLD = 5;
    public static final int REVOCATION_DELAY = 10;
    private final GroupKeyStore keyStore;
    private final MessageCreationUtil messageCreationUtil;
    private final EncryptionUtil encryptionUtil;
    private final AddressValidityUtil addressValidityUtil;
    private final Consumer<StreamMessage> publishFunction;
    private final OnNewKeysFunction onNewKeysFunction;
    private Instant lastCallToCheckRevocation;
    private final HashMap<Address, String> publicKeys;
    public static final String KEY_EXCHANGE_STREAM_PREFIX = "SYSTEM/keyexchange/";

    @FunctionalInterface
    /* loaded from: input_file:com/streamr/client/utils/KeyExchangeUtil$OnNewKeysFunction.class */
    public interface OnNewKeysFunction {
        void apply(String str, Address address, Collection<GroupKey> collection);
    }

    public KeyExchangeUtil(GroupKeyStore groupKeyStore, MessageCreationUtil messageCreationUtil, EncryptionUtil encryptionUtil, AddressValidityUtil addressValidityUtil, Consumer<StreamMessage> consumer, OnNewKeysFunction onNewKeysFunction) {
        this(groupKeyStore, messageCreationUtil, encryptionUtil, addressValidityUtil, consumer, onNewKeysFunction, Clock.systemDefaultZone());
    }

    public KeyExchangeUtil(GroupKeyStore groupKeyStore, MessageCreationUtil messageCreationUtil, EncryptionUtil encryptionUtil, AddressValidityUtil addressValidityUtil, Consumer<StreamMessage> consumer, OnNewKeysFunction onNewKeysFunction, Clock clock) {
        this.lastCallToCheckRevocation = Instant.MIN;
        this.publicKeys = new HashMap<>();
        this.keyStore = groupKeyStore;
        this.messageCreationUtil = messageCreationUtil;
        this.encryptionUtil = encryptionUtil;
        this.addressValidityUtil = addressValidityUtil;
        this.publishFunction = consumer;
        this.onNewKeysFunction = onNewKeysFunction;
        this.clock = clock;
    }

    public void handleGroupKeyRequest(StreamMessage streamMessage) {
        GroupKeyRequest groupKeyRequest = (GroupKeyRequest) AbstractGroupKeyMessage.fromStreamMessage(streamMessage);
        String streamId = groupKeyRequest.getStreamId();
        Address publisherId = streamMessage.getPublisherId();
        log.debug("Subscriber {} is querying group keys for stream {}: {}. Key storage content is {}", new Object[]{streamMessage.getPublisherId(), streamId, groupKeyRequest.getGroupKeyIds(), this.keyStore});
        ArrayList arrayList = new ArrayList();
        ArrayList arrayList2 = new ArrayList();
        Iterator<String> it = groupKeyRequest.getGroupKeyIds().iterator();
        while (it.hasNext()) {
            GroupKey groupKey = this.keyStore.get(groupKeyRequest.getStreamId(), it.next());
            if (groupKey != null) {
                arrayList.add(groupKey);
            } else {
                arrayList2.add(groupKey);
            }
        }
        if (!arrayList2.isEmpty()) {
            log.warn("The following keys requested by subscriber {} in stream {} were not found in key store: {}", new Object[]{streamMessage.getPublisherId(), streamId, arrayList2});
        }
        StreamMessage createGroupKeyResponse = this.messageCreationUtil.createGroupKeyResponse(publisherId, groupKeyRequest, arrayList);
        this.publicKeys.put(publisherId, groupKeyRequest.getPublicKey());
        this.publishFunction.accept(createGroupKeyResponse);
    }

    public void handleGroupKeyResponse(StreamMessage streamMessage) {
        GroupKeyResponse groupKeyResponse = (GroupKeyResponse) AbstractGroupKeyMessage.fromStreamMessage(streamMessage);
        log.debug("Received group key response from publisher {} for stream {}, keys {}", new Object[]{streamMessage.getPublisherId(), groupKeyResponse.getStreamId(), groupKeyResponse.getKeys()});
        if (streamMessage.getEncryptionType() != StreamMessage.EncryptionType.RSA) {
            throw new RuntimeException("Unexpected EncryptionType: " + streamMessage.getEncryptionType());
        }
        handleNewRSAEncryptedKeys(groupKeyResponse.getKeys(), groupKeyResponse.getStreamId(), streamMessage.getPublisherId());
    }

    public void handleGroupKeyAnnounce(StreamMessage streamMessage) {
        GroupKeyAnnounce groupKeyAnnounce = (GroupKeyAnnounce) AbstractGroupKeyMessage.fromStreamMessage(streamMessage);
        log.debug("Received group key announce from publisher {} for stream {}, keys {}", new Object[]{streamMessage.getPublisherId(), groupKeyAnnounce.getStreamId(), groupKeyAnnounce.getKeys()});
        if (streamMessage.getEncryptionType() == StreamMessage.EncryptionType.RSA) {
            handleNewRSAEncryptedKeys(groupKeyAnnounce.getKeys(), groupKeyAnnounce.getStreamId(), streamMessage.getPublisherId());
        } else {
            if (streamMessage.getEncryptionType() != StreamMessage.EncryptionType.AES) {
                throw new RuntimeException("Unexpected EncryptionType: " + streamMessage.getEncryptionType());
            }
            handleNewAESEncryptedKeys(groupKeyAnnounce.getKeys(), groupKeyAnnounce.getStreamId(), streamMessage.getPublisherId(), streamMessage.getGroupKeyId());
        }
    }

    public void handleNewRSAEncryptedKeys(Collection<EncryptedGroupKey> collection, String str, Address address) {
        handleNewKeys(str, address, (List) collection.stream().map(encryptedGroupKey -> {
            try {
                return this.encryptionUtil.decryptWithPrivateKey(encryptedGroupKey);
            } catch (Exception e) {
                log.error("Unable to decrypt group key {} for stream {}", new Object[]{encryptedGroupKey.getGroupKeyId(), str, e});
                return null;
            }
        }).filter((v0) -> {
            return Objects.nonNull(v0);
        }).collect(Collectors.toList()));
    }

    public void handleNewAESEncryptedKeys(List<EncryptedGroupKey> list, String str, Address address, String str2) {
        handleNewKeys(str, address, (List) list.stream().map(encryptedGroupKey -> {
            try {
                GroupKey groupKey = this.keyStore.get(str, str2);
                if (groupKey == null) {
                    throw new Exception(String.format("Key %s for stream %s was not found in keyStore", str2, str));
                }
                return EncryptionUtil.decryptGroupKey(encryptedGroupKey, groupKey);
            } catch (Exception e) {
                log.error("Unable to decrypt group key {} for stream {}", new Object[]{encryptedGroupKey.getGroupKeyId(), str, e});
                return null;
            }
        }).filter((v0) -> {
            return Objects.nonNull(v0);
        }).collect(Collectors.toList()));
    }

    public boolean keyRevocationNeeded(String str) {
        Instant instant = this.clock.instant();
        boolean z = false;
        if (this.lastCallToCheckRevocation.plus((TemporalAmount) Duration.ofMinutes(10L)).isBefore(instant)) {
            z = this.addressValidityUtil.nbSubscribersToRevoke(str) >= 5;
        }
        this.lastCallToCheckRevocation = instant;
        return z;
    }

    public GroupKey rekey(String str, boolean z) {
        GroupKey generate = GroupKey.generate();
        this.keyStore.add(str, generate);
        Set<Address> subscribersSet = this.addressValidityUtil.getSubscribersSet(str, z);
        HashSet hashSet = new HashSet();
        for (Address address : this.publicKeys.keySet()) {
            if (subscribersSet.contains(address)) {
                this.publishFunction.accept(this.messageCreationUtil.createGroupKeyAnnounce(address, str, this.publicKeys.get(address), Collections.singletonList(generate)));
            } else {
                hashSet.add(address);
            }
        }
        HashMap<Address, String> hashMap = this.publicKeys;
        hashMap.getClass();
        hashSet.forEach((v1) -> {
            r1.remove(v1);
        });
        return generate;
    }

    public static String getKeyExchangeStreamId(Address address) {
        return KEY_EXCHANGE_STREAM_PREFIX + address;
    }

    public static boolean isKeyExchangeStreamId(String str) {
        return str.startsWith(KEY_EXCHANGE_STREAM_PREFIX);
    }

    public static Address getRecipientFromKeyExchangeStreamId(String str) {
        return new Address(str.substring(KEY_EXCHANGE_STREAM_PREFIX.length()));
    }

    public HashMap<Address, String> getKnownPublicKeysByPublisher() {
        return this.publicKeys;
    }

    private void handleNewKeys(String str, Address address, List<GroupKey> list) {
        for (GroupKey groupKey : list) {
            try {
                this.keyStore.add(str, groupKey);
            } catch (KeyAlreadyExistsException e) {
                log.warn("Key {} already exists in key store, skipping", groupKey.getGroupKeyId());
            }
        }
        this.onNewKeysFunction.apply(str, address, list);
    }
}
