package net.luminis.quic.packet;

import java.nio.ByteBuffer;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.time.Instant;
import java.util.Arrays;
import javax.crypto.BadPaddingException;
import javax.crypto.Cipher;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.NoSuchPaddingException;
import javax.crypto.spec.GCMParameterSpec;
import javax.crypto.spec.SecretKeySpec;
import net.luminis.quic.common.EncryptionLevel;
import net.luminis.quic.common.PnSpace;
import net.luminis.quic.crypto.Aead;
import net.luminis.quic.impl.DecryptionException;
import net.luminis.quic.impl.InvalidPacketException;
import net.luminis.quic.impl.NotYetImplementedException;
import net.luminis.quic.impl.PacketProcessor;
import net.luminis.quic.impl.QuicRuntimeException;
import net.luminis.quic.impl.Version;
import net.luminis.quic.log.Logger;
import net.luminis.quic.util.Bytes;

/* loaded from: input_file:net/luminis/quic/packet/RetryPacket.class */
public class RetryPacket extends QuicPacket {
    private static final int RETRY_INTEGRITY_TAG_LENGTH = 16;
    private byte[] sourceConnectionId;
    private byte[] originalDestinationConnectionId;
    private byte[] retryToken;
    private byte[] rawPacketData;
    private byte[] retryIntegrityTag;
    private static int V1_type = 3;
    private static int V2_type = 0;
    private static final byte[] SECRET_KEY = {-52, -50, 24, 126, -48, -102, 9, -48, 87, 40, 21, 90, 108, -71, 107, -31};
    private static final byte[] SECRET_KEY_V1 = {-66, 12, 105, 11, -97, 102, 87, 90, 29, 118, 107, 84, -29, 104, -56, 78};
    private static final byte[] SECRET_KEY_V2 = {-113, -76, -80, 27, 86, -84, 72, -30, 96, -5, -53, -50, -83, 124, -52, -110};
    private static final byte[] NONCE = {-27, 73, 48, -7, Byte.MAX_VALUE, 33, 54, -16, 83, 10, -116, 28};
    private static final byte[] NONCE_V1 = {70, 21, -103, -45, 93, 99, 43, -14, 35, -104, 37, -69};
    private static final byte[] NONCE_V2 = {-40, 105, 105, -68, 45, 124, 109, -103, -112, -17, -80, 74};
    private static int MIN_PACKET_LENGTH = 23;

    public static boolean isRetry(int i, Version version) {
        return version.isV2() ? i == 0 : i == 3;
    }

    public RetryPacket(Version version) {
        this.quicVersion = version;
    }

    public RetryPacket(Version version, byte[] bArr, byte[] bArr2, byte[] bArr3, byte[] bArr4) {
        this.quicVersion = version;
        this.sourceConnectionId = bArr;
        this.destinationConnectionId = bArr2;
        this.originalDestinationConnectionId = bArr3;
        this.retryToken = bArr4;
        this.rawPacketData = new byte[6 + bArr2.length + 1 + bArr.length + bArr4.length + RETRY_INTEGRITY_TAG_LENGTH];
    }

    @Override // net.luminis.quic.packet.QuicPacket
    public void parse(ByteBuffer byteBuffer, Aead aead, long j, Logger logger, int i) throws DecryptionException, InvalidPacketException {
        logger.debug("Parsing " + getClass().getSimpleName());
        if (byteBuffer.remaining() < MIN_PACKET_LENGTH) {
            throw new InvalidPacketException();
        }
        this.packetSize = byteBuffer.remaining();
        this.rawPacketData = new byte[this.packetSize];
        byteBuffer.mark();
        byteBuffer.get(this.rawPacketData);
        byteBuffer.reset();
        byteBuffer.get();
        if (!Version.parse(byteBuffer.getInt()).equals(this.quicVersion)) {
            throw new InvalidPacketException();
        }
        int i2 = byteBuffer.get();
        if (byteBuffer.remaining() < i2 + 1 + RETRY_INTEGRITY_TAG_LENGTH) {
            throw new InvalidPacketException();
        }
        this.destinationConnectionId = new byte[i2];
        byteBuffer.get(this.destinationConnectionId);
        int i3 = byteBuffer.get();
        if (byteBuffer.remaining() < i3) {
            throw new InvalidPacketException();
        }
        this.sourceConnectionId = new byte[i3];
        byteBuffer.get(this.sourceConnectionId);
        logger.debug("Destination connection id", this.destinationConnectionId);
        logger.debug("Source connection id", this.sourceConnectionId);
        if (byteBuffer.remaining() < RETRY_INTEGRITY_TAG_LENGTH) {
            throw new InvalidPacketException();
        }
        this.retryToken = new byte[byteBuffer.remaining() - RETRY_INTEGRITY_TAG_LENGTH];
        byteBuffer.get(this.retryToken);
        this.retryIntegrityTag = new byte[RETRY_INTEGRITY_TAG_LENGTH];
        byteBuffer.get(this.retryIntegrityTag);
    }

    public boolean validateIntegrityTag(byte[] bArr) {
        return Arrays.equals(computeIntegrityTag(bArr), this.retryIntegrityTag);
    }

    @Override // net.luminis.quic.packet.QuicPacket
    public EncryptionLevel getEncryptionLevel() {
        return EncryptionLevel.Initial;
    }

    @Override // net.luminis.quic.packet.QuicPacket
    public PnSpace getPnSpace() {
        return null;
    }

    @Override // net.luminis.quic.packet.QuicPacket
    public Long getPacketNumber() {
        return null;
    }

    @Override // net.luminis.quic.packet.QuicPacket
    public int estimateLength(int i) {
        throw new NotYetImplementedException();
    }

    @Override // net.luminis.quic.packet.QuicPacket
    public PacketProcessor.ProcessResult accept(PacketProcessor packetProcessor, Instant instant) {
        return packetProcessor.process(this, instant);
    }

    @Override // net.luminis.quic.packet.QuicPacket
    public byte[] generatePacketBytes(Aead aead) {
        this.packetSize = 6 + this.destinationConnectionId.length + 1 + this.sourceConnectionId.length + this.retryToken.length + RETRY_INTEGRITY_TAG_LENGTH;
        ByteBuffer allocate = ByteBuffer.allocate(this.packetSize);
        allocate.put((byte) (192 | (getPacketType() << 4)));
        allocate.put(this.quicVersion.getBytes());
        allocate.put((byte) this.destinationConnectionId.length);
        allocate.put(this.destinationConnectionId);
        allocate.put((byte) this.sourceConnectionId.length);
        allocate.put(this.sourceConnectionId);
        allocate.put(this.retryToken);
        this.rawPacketData = allocate.array();
        allocate.put(computeIntegrityTag(this.originalDestinationConnectionId));
        return allocate.array();
    }

    private int getPacketType() {
        return this.quicVersion.isV2() ? (byte) V2_type : (byte) V1_type;
    }

    private byte[] computeIntegrityTag(byte[] bArr) {
        ByteBuffer allocate = ByteBuffer.allocate(1 + bArr.length + 1 + 4 + 1 + this.destinationConnectionId.length + 1 + this.sourceConnectionId.length + this.retryToken.length);
        allocate.put((byte) bArr.length);
        allocate.put(bArr);
        allocate.put(this.rawPacketData, 0, this.rawPacketData.length - RETRY_INTEGRITY_TAG_LENGTH);
        try {
            SecretKeySpec secretKeySpec = new SecretKeySpec(this.quicVersion.isV1() ? SECRET_KEY_V1 : this.quicVersion.isV2() ? SECRET_KEY_V2 : SECRET_KEY, "AES");
            GCMParameterSpec gCMParameterSpec = new GCMParameterSpec(128, this.quicVersion.isV1() ? NONCE_V1 : this.quicVersion.isV2() ? NONCE_V2 : NONCE);
            Cipher cipher = Cipher.getInstance("AES/GCM/NoPadding");
            cipher.init(1, secretKeySpec, gCMParameterSpec);
            cipher.updateAAD(allocate.array());
            return cipher.doFinal(new byte[0]);
        } catch (InvalidAlgorithmParameterException | InvalidKeyException | BadPaddingException | IllegalBlockSizeException e) {
            throw new RuntimeException();
        } catch (NoSuchAlgorithmException | NoSuchPaddingException e2) {
            throw new QuicRuntimeException(e2);
        }
    }

    @Override // net.luminis.quic.packet.QuicPacket
    public boolean canBeAcked() {
        return false;
    }

    @Override // net.luminis.quic.packet.QuicPacket
    public boolean isInflightPacket() {
        return false;
    }

    @Override // net.luminis.quic.packet.QuicPacket
    public boolean isAckEliciting() {
        return false;
    }

    @Override // net.luminis.quic.packet.QuicPacket
    public boolean isAckOnly() {
        return false;
    }

    public byte[] getRetryToken() {
        return this.retryToken;
    }

    public byte[] getSourceConnectionId() {
        return this.sourceConnectionId;
    }

    public String toString() {
        return "Packet " + getEncryptionLevel().name().charAt(0) + "|-|R|" + this.packetSize + "| Retry Token (" + this.retryToken.length + "): " + Bytes.bytesToHex(this.retryToken);
    }
}
