package com.zsmartsystems.zigbee.app.seclient;

import com.zsmartsystems.zigbee.security.ZigBeeCbkeProvider;
import com.zsmartsystems.zigbee.security.ZigBeeCryptoSuites;
import com.zsmartsystems.zigbee.zcl.ZclCommand;
import com.zsmartsystems.zigbee.zcl.ZclCommandListener;
import com.zsmartsystems.zigbee.zcl.ZclStatus;
import com.zsmartsystems.zigbee.zcl.clusters.ZclKeyEstablishmentCluster;
import com.zsmartsystems.zigbee.zcl.clusters.keyestablishment.ConfirmKeyResponse;
import com.zsmartsystems.zigbee.zcl.clusters.keyestablishment.EphemeralDataResponse;
import com.zsmartsystems.zigbee.zcl.clusters.keyestablishment.InitiateKeyEstablishmentResponse;
import com.zsmartsystems.zigbee.zcl.clusters.keyestablishment.KeyEstablishmentStatusEnum;
import com.zsmartsystems.zigbee.zcl.clusters.keyestablishment.KeyEstablishmentSuiteBitmap;
import com.zsmartsystems.zigbee.zcl.clusters.keyestablishment.TerminateKeyEstablishment;
import com.zsmartsystems.zigbee.zcl.field.ByteArray;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.Map;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/zsmartsystems/zigbee/app/seclient/ZclKeyEstablishmentClient.class */
public class ZclKeyEstablishmentClient implements ZclCommandListener {
    private ZclKeyEstablishmentCluster keCluster;
    private ZigBeeCryptoSuites cryptoSuite;
    private ZigBeeCryptoSuites forceCryptoSuite;
    private Integer availableSuites;
    private ZigBeeCbkeProvider cbkeProvider;
    private SmartEnergyClient smartEnergyClient;
    private static final int DELAY_BEFORE_RETRY = 10;
    private final Logger logger = LoggerFactory.getLogger(ZclKeyEstablishmentClient.class);
    private KeyEstablishmentState state = KeyEstablishmentState.UNINITIALISED;
    private Map<ZigBeeCryptoSuites, KeyEstablishmentSuiteBitmap> cryptoSuiteTranslation = new HashMap();

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:com/zsmartsystems/zigbee/app/seclient/ZclKeyEstablishmentClient$KeyEstablishmentState.class */
    public enum KeyEstablishmentState {
        UNINITIALISED,
        CHECK_CURVES,
        INITIATE_REQUEST,
        EPHEMERAL_DATA_REQUEST,
        CONFIRM_KEY_REQUEST,
        COMPLETE,
        FAILED
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public ZclKeyEstablishmentClient(SmartEnergyClient smartEnergyClient, ZclKeyEstablishmentCluster zclKeyEstablishmentCluster) {
        this.smartEnergyClient = smartEnergyClient;
        this.keCluster = zclKeyEstablishmentCluster;
        this.cryptoSuiteTranslation.put(ZigBeeCryptoSuites.ECC_163K1, KeyEstablishmentSuiteBitmap.CRYPTO_SUITE_1);
        this.cryptoSuiteTranslation.put(ZigBeeCryptoSuites.ECC_283K1, KeyEstablishmentSuiteBitmap.CRYPTO_SUITE_2);
        zclKeyEstablishmentCluster.addCommandListener(this);
    }

    public void setCbkeProvider(ZigBeeCbkeProvider zigBeeCbkeProvider) {
        this.cbkeProvider = zigBeeCbkeProvider;
    }

    public boolean setCryptoSuite(ZigBeeCryptoSuites zigBeeCryptoSuites) {
        if (this.cbkeProvider.getSupportedCryptoSuites().contains(this.cryptoSuite)) {
            this.forceCryptoSuite = zigBeeCryptoSuites;
            return true;
        }
        this.logger.debug("CBKE Failed to set crypto suite to unsupported value {}", zigBeeCryptoSuites);
        return false;
    }

    public ZigBeeCryptoSuites getCryptoSuite() {
        return this.cryptoSuite;
    }

    public boolean start() {
        ZigBeeCryptoSuites zigBeeCryptoSuites;
        if (this.cbkeProvider == null) {
            this.logger.debug("CBKE Initiate key establishment failed - cbkeProvider is null");
            return false;
        }
        if (this.state != KeyEstablishmentState.UNINITIALISED) {
            this.logger.debug("CBKE Initiate key establishment failed - state is {}", this.state);
            return false;
        }
        this.logger.debug("CBKE Initiate key establishment");
        setState(KeyEstablishmentState.CHECK_CURVES);
        this.availableSuites = (Integer) this.keCluster.getAttribute(0).readValue(Long.MAX_VALUE);
        ArrayList arrayList = new ArrayList();
        if ((this.availableSuites.intValue() & 1) != 0) {
            arrayList.add(ZigBeeCryptoSuites.ECC_163K1);
        }
        if ((this.availableSuites.intValue() & 2) != 0) {
            arrayList.add(ZigBeeCryptoSuites.ECC_283K1);
        }
        this.logger.debug("CBKE Remote supports suites {}", arrayList);
        if (this.forceCryptoSuite != null) {
            if (!arrayList.contains(this.forceCryptoSuite)) {
                this.logger.error("CBKE Specified crypto suite {} is not supported by remote.", this.forceCryptoSuite);
                return false;
            }
            zigBeeCryptoSuites = this.forceCryptoSuite;
        } else if (this.cbkeProvider.getAvailableCryptoSuites().contains(ZigBeeCryptoSuites.ECC_283K1) && arrayList.contains(ZigBeeCryptoSuites.ECC_283K1)) {
            zigBeeCryptoSuites = ZigBeeCryptoSuites.ECC_283K1;
        } else {
            if (!this.cbkeProvider.getAvailableCryptoSuites().contains(ZigBeeCryptoSuites.ECC_163K1) || !arrayList.contains(ZigBeeCryptoSuites.ECC_163K1)) {
                this.logger.error("CBKE Unable to find compatible security suite.");
                return false;
            }
            zigBeeCryptoSuites = ZigBeeCryptoSuites.ECC_163K1;
        }
        this.logger.debug("CBKE Selected suite {}", zigBeeCryptoSuites);
        setState(KeyEstablishmentState.INITIATE_REQUEST);
        ByteArray certificate = this.cbkeProvider.getCertificate(zigBeeCryptoSuites);
        if (certificate != null) {
            this.cryptoSuite = zigBeeCryptoSuites;
            this.keCluster.initiateKeyEstablishmentRequestCommand(Integer.valueOf(this.cryptoSuiteTranslation.get(zigBeeCryptoSuites).getKey()), Integer.valueOf(this.cbkeProvider.getEphemeralDataGenerateTime()), Integer.valueOf(this.cbkeProvider.getConfirmKeyGenerateTime()), certificate);
            return true;
        }
        this.logger.debug("CBKE Initiate key establishment failed - no certificate returned from CBKE provider");
        setState(KeyEstablishmentState.FAILED);
        shutdown(0);
        return false;
    }

    public void stop() {
        this.logger.debug("CBKE stop key establishment from state {}", this.state);
        this.state = KeyEstablishmentState.UNINITIALISED;
        this.keCluster.removeCommandListener(this);
    }

    private void setState(KeyEstablishmentState keyEstablishmentState) {
        this.logger.debug("CBKE state updated from {} to {}", this.state, keyEstablishmentState);
        this.state = keyEstablishmentState;
    }

    private boolean handleInitiateKeyEstablishmentResponse(InitiateKeyEstablishmentResponse initiateKeyEstablishmentResponse) {
        this.logger.debug("CBKE handleInitiateKeyEstablishmentResponse {}", initiateKeyEstablishmentResponse);
        if (this.state != KeyEstablishmentState.INITIATE_REQUEST) {
            this.logger.debug("CBKE Invalid InitiateKeyEstablishmentResponse packet with state {}", this.state);
            this.keCluster.terminateKeyEstablishment(Integer.valueOf(KeyEstablishmentStatusEnum.BAD_MESSAGE.getKey()), 10, Integer.valueOf(KeyEstablishmentSuiteBitmap.CRYPTO_SUITE_1.getKey()));
            setState(KeyEstablishmentState.FAILED);
            shutdown(0);
            return true;
        }
        if (Integer.bitCount(initiateKeyEstablishmentResponse.getRequestedKeyEstablishmentSuite().intValue()) != 1) {
            this.logger.debug("CBKE Invalid InitiateKeyEstablishmentResponse packet with multiple suites selected [{}]", initiateKeyEstablishmentResponse.getRequestedKeyEstablishmentSuite());
            this.keCluster.terminateKeyEstablishment(Integer.valueOf(KeyEstablishmentStatusEnum.BAD_MESSAGE.getKey()), 10, Integer.valueOf(getPreferredCryptoSuite().getKey()));
            setState(KeyEstablishmentState.FAILED);
            shutdown(0);
            return true;
        }
        ZigBeeCryptoSuites zigBeeCryptoSuites = null;
        KeyEstablishmentSuiteBitmap byValue = KeyEstablishmentSuiteBitmap.getByValue(initiateKeyEstablishmentResponse.getRequestedKeyEstablishmentSuite().intValue());
        ZigBeeCryptoSuites[] values = ZigBeeCryptoSuites.values();
        int length = values.length;
        int i = 0;
        while (true) {
            if (i >= length) {
                break;
            }
            ZigBeeCryptoSuites zigBeeCryptoSuites2 = values[i];
            if (this.cryptoSuiteTranslation.get(zigBeeCryptoSuites2) == byValue) {
                zigBeeCryptoSuites = zigBeeCryptoSuites2;
                break;
            }
            i++;
        }
        if (zigBeeCryptoSuites != this.cryptoSuite) {
            this.logger.debug("CBKE Requested crypto suite from remote {} is inconsistent with our request {}", zigBeeCryptoSuites, this.cryptoSuite);
            this.keCluster.sendDefaultResponse(initiateKeyEstablishmentResponse, ZclStatus.FAILURE);
            setState(KeyEstablishmentState.FAILED);
            shutdown(0);
            return true;
        }
        ByteArray cbkeEphemeralData = this.cbkeProvider.getCbkeEphemeralData(zigBeeCryptoSuites);
        if (cbkeEphemeralData == null) {
            this.logger.debug("CBKE Unable to get certificate for requested security suite {}", zigBeeCryptoSuites);
            this.keCluster.terminateKeyEstablishment(Integer.valueOf(KeyEstablishmentStatusEnum.UNSUPPORTED_SUITE.getKey()), 10, Integer.valueOf(KeyEstablishmentSuiteBitmap.CRYPTO_SUITE_1.getKey()));
            setState(KeyEstablishmentState.FAILED);
            shutdown(0);
            return true;
        }
        this.logger.debug("CBKE certificate for requested security suite {} is {}", zigBeeCryptoSuites, cbkeEphemeralData);
        this.cbkeProvider.addPartnerCertificate(this.cryptoSuite, initiateKeyEstablishmentResponse.getIdentity());
        this.keCluster.ephemeralDataRequestCommand(cbkeEphemeralData);
        setState(KeyEstablishmentState.EPHEMERAL_DATA_REQUEST);
        return true;
    }

    private boolean handleEphemeralDataResponse(EphemeralDataResponse ephemeralDataResponse) {
        this.logger.debug("CBKE handleEphemeralDataResponse {}", ephemeralDataResponse);
        if (this.state != KeyEstablishmentState.EPHEMERAL_DATA_REQUEST) {
            this.logger.debug("CBKE Invalid EphemeralDataResponse packet with state {}", this.state);
            this.keCluster.terminateKeyEstablishment(Integer.valueOf(KeyEstablishmentStatusEnum.BAD_MESSAGE.getKey()), 10, Integer.valueOf(KeyEstablishmentSuiteBitmap.CRYPTO_SUITE_1.getKey()));
            setState(KeyEstablishmentState.FAILED);
            shutdown(0);
            return true;
        }
        this.cbkeProvider.addPartnerEphemeralData(this.cryptoSuite, ephemeralDataResponse.getEphemeralData());
        this.keCluster.confirmKeyDataRequestCommand(this.cbkeProvider.getInitiatorMac(this.cryptoSuite));
        setState(KeyEstablishmentState.CONFIRM_KEY_REQUEST);
        return true;
    }

    private boolean handleConfirmKeyResponse(ConfirmKeyResponse confirmKeyResponse) {
        this.logger.debug("CBKE handleConfirmKeyResponse {}", confirmKeyResponse);
        if (this.state != KeyEstablishmentState.CONFIRM_KEY_REQUEST) {
            this.logger.debug("CBKE Invalid ConfirmKeyResponse packet with state {}", this.state);
            this.keCluster.terminateKeyEstablishment(Integer.valueOf(KeyEstablishmentStatusEnum.BAD_MESSAGE.getKey()), 10, Integer.valueOf(KeyEstablishmentSuiteBitmap.CRYPTO_SUITE_1.getKey()));
            setState(KeyEstablishmentState.FAILED);
            shutdown(0);
            return true;
        }
        ByteArray responderMac = this.cbkeProvider.getResponderMac(this.cryptoSuite);
        this.logger.debug("CBKE Confirm key response our={} theirs={}", responderMac, confirmKeyResponse.getSecureMessageAuthenticationCode());
        boolean equals = responderMac.equals(confirmKeyResponse.getSecureMessageAuthenticationCode());
        if (equals) {
            this.cbkeProvider.completeKeyExchange(this.cryptoSuite, equals);
            setState(KeyEstablishmentState.COMPLETE);
            shutdown(0);
            return true;
        }
        this.logger.debug("CBKE Key establishment failed - SMAC codes were not confirmed");
        this.keCluster.terminateKeyEstablishment(Integer.valueOf(KeyEstablishmentStatusEnum.BAD_KEY_CONFIRM.getKey()), 10, Integer.valueOf(KeyEstablishmentSuiteBitmap.CRYPTO_SUITE_1.getKey()));
        setState(KeyEstablishmentState.FAILED);
        shutdown(0);
        return true;
    }

    private boolean handleTerminateKeyEstablishment(TerminateKeyEstablishment terminateKeyEstablishment) {
        this.logger.debug("CBKE handleTerminateKeyEstablishment {}", terminateKeyEstablishment);
        Integer keyEstablishmentSuite = terminateKeyEstablishment.getKeyEstablishmentSuite();
        KeyEstablishmentStatusEnum byValue = KeyEstablishmentStatusEnum.getByValue(terminateKeyEstablishment.getStatusCode().intValue());
        Integer waitTime = terminateKeyEstablishment.getWaitTime();
        setState(KeyEstablishmentState.FAILED);
        this.logger.debug("CBKE Terminate Key establishment {}, suite {}, wait {} seconds", new Object[]{byValue, keyEstablishmentSuite, waitTime});
        shutdown(waitTime.intValue());
        return false;
    }

    @Override // com.zsmartsystems.zigbee.zcl.ZclCommandListener
    public boolean commandReceived(ZclCommand zclCommand) {
        if (zclCommand instanceof InitiateKeyEstablishmentResponse) {
            return handleInitiateKeyEstablishmentResponse((InitiateKeyEstablishmentResponse) zclCommand);
        }
        if (zclCommand instanceof EphemeralDataResponse) {
            return handleEphemeralDataResponse((EphemeralDataResponse) zclCommand);
        }
        if (zclCommand instanceof ConfirmKeyResponse) {
            return handleConfirmKeyResponse((ConfirmKeyResponse) zclCommand);
        }
        if (zclCommand instanceof TerminateKeyEstablishment) {
            return handleTerminateKeyEstablishment((TerminateKeyEstablishment) zclCommand);
        }
        return false;
    }

    private void shutdown(int i) {
        this.keCluster.removeCommandListener(this);
        this.smartEnergyClient.keyEstablishmentCallback(this.state == KeyEstablishmentState.COMPLETE, Integer.valueOf(i));
    }

    private KeyEstablishmentSuiteBitmap getPreferredCryptoSuite() {
        return KeyEstablishmentSuiteBitmap.CRYPTO_SUITE_1;
    }
}
