package tuwien.auto.calimero.knxnetip;

import java.io.Closeable;
import java.io.IOException;
import java.io.InputStream;
import java.io.InterruptedIOException;
import java.io.OutputStream;
import java.net.InetSocketAddress;
import java.net.NetworkInterface;
import java.net.Socket;
import java.net.SocketException;
import java.net.SocketTimeoutException;
import java.nio.ByteBuffer;
import java.security.GeneralSecurityException;
import java.security.Key;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.interfaces.XECPublicKey;
import java.time.Duration;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collections;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.concurrent.CompletableFuture;
import java.util.concurrent.ConcurrentHashMap;
import java.util.concurrent.Future;
import java.util.concurrent.ScheduledThreadPoolExecutor;
import java.util.concurrent.TimeUnit;
import java.util.concurrent.atomic.AtomicLong;
import java.util.concurrent.locks.Lock;
import java.util.concurrent.locks.ReentrantLock;
import javax.crypto.Cipher;
import javax.crypto.SecretKey;
import javax.crypto.spec.IvParameterSpec;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import tuwien.auto.calimero.DataUnitBuilder;
import tuwien.auto.calimero.KNXException;
import tuwien.auto.calimero.KNXFormatException;
import tuwien.auto.calimero.KNXIllegalArgumentException;
import tuwien.auto.calimero.KNXTimeoutException;
import tuwien.auto.calimero.KnxRuntimeException;
import tuwien.auto.calimero.SerialNumber;
import tuwien.auto.calimero.knxnetip.servicetype.KNXnetIPHeader;
import tuwien.auto.calimero.knxnetip.servicetype.PacketHelper;
import tuwien.auto.calimero.knxnetip.util.HPAI;
import tuwien.auto.calimero.log.LogService;
import tuwien.auto.calimero.secure.KnxSecureException;

/* loaded from: input_file:tuwien/auto/calimero/knxnetip/TcpConnection.class */
public final class TcpConnection implements Closeable {
    static final TcpConnection Udp = new TcpConnection(new InetSocketAddress(0));
    private static final Duration connectionTimeout = Duration.ofMillis(5000);
    private volatile InetSocketAddress localEndpoint;
    private final InetSocketAddress server;
    private final Socket socket;
    private final Logger logger;
    final Map<Integer, SecureSession> sessions;
    private final Map<Integer, ClientConnection> unsecuredConnections;
    private final List<ClientConnection> ongoingConnectRequests;
    private final Lock sessionRequestLock;
    private volatile SecureSession inSessionRequestStage;

    /* loaded from: input_file:tuwien/auto/calimero/knxnetip/TcpConnection$SecureSession.class */
    public static final class SecureSession implements AutoCloseable {
        private static final int SecureWrapper = 2384;
        private static final int SecureSessionResponse = 2386;
        private static final int SecureSessionAuth = 2387;
        private static final int SecureSessionStatus = 2388;
        private static final int AuthSuccess = 0;
        private static final int AuthFailed = 1;
        private static final int Unauthenticated = 2;
        private static final int Timeout = 3;
        private static final int KeepAlive = 4;
        private static final int Close = 5;
        private static final int Setup = 6;
        private static final int keyLength = 32;
        private static final int macSize = 16;
        private static final int sessionSetupTimeout = 10000;
        private static final Duration keepAliveInvterval = Duration.ofSeconds(30);
        private static final ScheduledThreadPoolExecutor keepAliveSender = new ScheduledThreadPoolExecutor(1, runnable -> {
            Thread thread = new Thread(runnable);
            thread.setName("KNX IP Secure session keep-alive");
            thread.setDaemon(true);
            return thread;
        });
        private static final byte[] emptyUserPwdHash;
        private final TcpConnection conn;
        private final int user;
        private final SecretKey userKey;
        private final SecretKey deviceAuthKey;
        private PrivateKey privateKey;
        private final SerialNumber sno;
        private int sessionId;
        Key secretKey;
        private final Logger logger;
        private final byte[] publicKey = new byte[32];
        private volatile SessionState sessionState = SessionState.Idle;
        private volatile int sessionStatus = 6;
        private final AtomicLong sendSeq = new AtomicLong();
        private final AtomicLong rcvSeq = new AtomicLong();
        private Future<?> keepAliveFuture = CompletableFuture.completedFuture(Void.TYPE);
        final Map<Integer, ClientConnection> securedConnections = new ConcurrentHashMap();
        private final List<ClientConnection> ongoingConnectRequests = Collections.synchronizedList(new ArrayList());

        /* JADX INFO: Access modifiers changed from: private */
        /* loaded from: input_file:tuwien/auto/calimero/knxnetip/TcpConnection$SecureSession$SessionState.class */
        public enum SessionState {
            Idle,
            Unauthenticated,
            Authenticated
        }

        private SecureSession(TcpConnection tcpConnection, int i, byte[] bArr, byte[] bArr2) {
            this.conn = tcpConnection;
            this.user = i;
            this.userKey = SecureConnection.createSecretKey(bArr.length == 0 ? (byte[]) emptyUserPwdHash.clone() : bArr);
            this.deviceAuthKey = SecureConnection.createSecretKey(bArr2.length == 0 ? new byte[16] : bArr2);
            this.sno = deriveSerialNumber(this.conn.localEndpoint());
            this.logger = LoggerFactory.getLogger("calimero.knxnetip." + SecureConnection.secureSymbol + " Session " + Net.hostPort(this.conn.server));
        }

        public int id() {
            return this.sessionId;
        }

        public int user() {
            return this.user;
        }

        public SecretKey userKey() {
            return this.userKey;
        }

        public SerialNumber serialNumber() {
            return this.sno;
        }

        public TcpConnection connection() {
            return this.conn;
        }

        @Override // java.lang.AutoCloseable
        public void close() {
            if (this.sessionState == SessionState.Idle) {
                return;
            }
            this.sessionState = SessionState.Idle;
            this.keepAliveFuture.cancel(false);
            this.securedConnections.values().forEach((v0) -> {
                v0.close();
            });
            this.securedConnections.clear();
            this.conn.sessions.remove(Integer.valueOf(this.sessionId));
            if (this.conn.socket.isClosed()) {
                return;
            }
            try {
                this.conn.send(newStatusInfo(this.sessionId, nextSendSeq(), 5));
            } catch (IOException e) {
                this.logger.info("I/O error closing secure session {}", Integer.valueOf(this.sessionId), e);
            }
        }

        public String toString() {
            return SecureConnection.secureSymbol + " session " + this.sessionId + " (user " + this.user + "): " + this.sessionState;
        }

        /* JADX INFO: Access modifiers changed from: package-private */
        public SecretKey deviceAuthKey() {
            return this.deviceAuthKey;
        }

        /* JADX INFO: Access modifiers changed from: package-private */
        public void ensureOpen() throws KNXTimeoutException, KNXConnectionClosedException, InterruptedException {
            if (this.sessionState == SessionState.Authenticated) {
                return;
            }
            setupSecureSession();
        }

        /* JADX INFO: Access modifiers changed from: package-private */
        public void registerConnectRequest(ClientConnection clientConnection) {
            this.ongoingConnectRequests.add(clientConnection);
        }

        /* JADX INFO: Access modifiers changed from: package-private */
        public void unregisterConnectRequest(ClientConnection clientConnection) {
            this.ongoingConnectRequests.remove(clientConnection);
            if (clientConnection.getState() == 0) {
                this.securedConnections.put(Integer.valueOf(clientConnection.channelId), clientConnection);
            }
        }

        /* JADX INFO: Access modifiers changed from: package-private */
        public long nextSendSeq() {
            return this.sendSeq.getAndIncrement();
        }

        /* JADX INFO: Access modifiers changed from: package-private */
        public long nextReceiveSeq() {
            return this.rcvSeq.getAndIncrement();
        }

        /* JADX INFO: Access modifiers changed from: package-private */
        public static int newChannelStatus(KNXnetIPHeader kNXnetIPHeader, byte[] bArr, int i) throws KNXFormatException {
            if (kNXnetIPHeader.getServiceType() != SecureSessionStatus) {
                throw new KNXIllegalArgumentException("no secure channel status");
            }
            if (kNXnetIPHeader.getTotalLength() != 8) {
                throw new KNXFormatException("invalid length " + kNXnetIPHeader.getTotalLength() + " for a secure channel status");
            }
            return bArr[i] & 255;
        }

        private void setupSecureSession() throws KNXTimeoutException, KNXConnectionClosedException, InterruptedException {
            this.conn.sessionRequestLock.lock();
            String hostPort = Net.hostPort(this.conn.server);
            try {
                try {
                    try {
                        if (this.sessionState == SessionState.Authenticated) {
                            return;
                        }
                        this.sessionState = SessionState.Idle;
                        this.sessionStatus = 6;
                        this.conn.inSessionRequestStage = this;
                        this.logger.debug("setup secure session with {}", hostPort);
                        initKeys();
                        this.conn.connect();
                        this.conn.send(PacketHelper.newChannelRequest(HPAI.Tcp, this.publicKey));
                        awaitAuthenticationStatus();
                        if (this.sessionState == SessionState.Unauthenticated || this.sessionStatus != 0) {
                            this.sessionState = SessionState.Idle;
                            throw new KnxSecureException("secure session " + SecureConnection.statusMsg(this.sessionStatus));
                        }
                        if (this.sessionState == SessionState.Idle) {
                            throw new KNXTimeoutException("timeout establishing secure session with " + hostPort);
                        }
                        long millis = keepAliveInvterval.toMillis();
                        this.keepAliveFuture = keepAliveSender.scheduleWithFixedDelay(this::sendKeepAlive, millis, millis, TimeUnit.MILLISECONDS);
                        this.conn.sessionRequestLock.unlock();
                        Arrays.fill(this.publicKey, (byte) 0);
                    } catch (SocketTimeoutException e) {
                        Thread.currentThread().interrupt();
                        throw new InterruptedException("interrupted I/O establishing secure session with " + hostPort + ": " + e.getMessage());
                    }
                } catch (IOException e2) {
                    close();
                    this.conn.close();
                    throw new KNXConnectionClosedException("I/O error establishing secure session with " + hostPort, e2);
                } catch (GeneralSecurityException e3) {
                    throw new KnxSecureException("error creating key pair for " + hostPort, e3);
                }
            } finally {
                this.conn.sessionRequestLock.unlock();
                Arrays.fill(this.publicKey, (byte) 0);
            }
        }

        private void initKeys() throws NoSuchAlgorithmException {
            KeyPair generateKeyPair = generateKeyPair();
            this.privateKey = generateKeyPair.getPrivate();
            byte[] byteArray = ((XECPublicKey) generateKeyPair.getPublic()).getU().toByteArray();
            TcpConnection.reverse(byteArray);
            System.arraycopy(byteArray, 0, this.publicKey, 0, byteArray.length);
            Arrays.fill(byteArray, (byte) 0);
        }

        private void awaitAuthenticationStatus() throws InterruptedException, KNXTimeoutException {
            long nanoTime = (System.nanoTime() / 1000000) + 10000;
            long j = 10000;
            boolean z = false;
            while (j > 0 && this.sessionState != SessionState.Authenticated && this.sessionStatus == 6) {
                synchronized (this) {
                    wait(j);
                }
                j = nanoTime - (System.nanoTime() / 1000000);
                if (this.sessionState == SessionState.Unauthenticated && !z) {
                    z = true;
                    nanoTime = (nanoTime - j) + 10000;
                }
            }
            if (j <= 0) {
                throw new KNXTimeoutException("timeout establishing secure session with " + Net.hostPort(this.conn.server));
            }
        }

        private boolean acceptServiceType(KNXnetIPHeader kNXnetIPHeader, byte[] bArr, int i, int i2) throws KNXFormatException {
            int serviceType = kNXnetIPHeader.getServiceType();
            if (!kNXnetIPHeader.isSecure()) {
                throw new KnxSecureException(String.format("dispatched insecure service type 0x%h to %s", Integer.valueOf(serviceType), this));
            }
            if (kNXnetIPHeader.getTotalLength() < 44) {
                return false;
            }
            if (serviceType == SecureSessionResponse) {
                if (this.sessionState != SessionState.Idle) {
                    this.logger.warn("received session response in state {} - ignore", this.sessionState);
                    return true;
                }
                try {
                    byte[] newSessionAuth = newSessionAuth(parseSessionResponse(kNXnetIPHeader, bArr, i, this.conn.server));
                    this.sessionState = SessionState.Unauthenticated;
                    byte[] wrap = wrap(newSessionAuth);
                    this.logger.debug("secure session {}, request access for user {}", Integer.valueOf(this.sessionId), Integer.valueOf(this.user));
                    this.conn.send(wrap);
                } catch (IOException | RuntimeException e) {
                    this.sessionStatus = 1;
                    this.logger.error("negotiating session key failed", e);
                }
                synchronized (this) {
                    notifyAll();
                }
                return true;
            }
            if (serviceType != 2384) {
                this.logger.warn("received unsupported secure service type 0x{} - ignore", Integer.toHexString(serviceType));
                return true;
            }
            byte[] unwrap = unwrap(kNXnetIPHeader, bArr, i);
            KNXnetIPHeader kNXnetIPHeader2 = new KNXnetIPHeader(unwrap, 0);
            int structLength = kNXnetIPHeader2.getStructLength();
            if (kNXnetIPHeader2.getServiceType() != SecureSessionStatus) {
                dispatchToConnection(kNXnetIPHeader2, unwrap, structLength, kNXnetIPHeader2.getTotalLength() - structLength);
                return true;
            }
            this.sessionStatus = newChannelStatus(kNXnetIPHeader2, unwrap, structLength);
            if (this.sessionState == SessionState.Unauthenticated) {
                if (this.sessionStatus == 0) {
                    this.sessionState = SessionState.Authenticated;
                }
                LogService.log(this.logger, this.sessionStatus == 0 ? LogService.LogLevel.DEBUG : LogService.LogLevel.ERROR, "{} {}", SecureConnection.statusMsg(this.sessionStatus), this);
                synchronized (this) {
                    notifyAll();
                }
                return true;
            }
            if (this.sessionStatus != 3 && this.sessionStatus != 2) {
                return true;
            }
            this.logger.error("{} {}", SecureConnection.statusMsg(this.sessionStatus), this);
            close();
            return true;
        }

        private void dispatchToConnection(KNXnetIPHeader kNXnetIPHeader, byte[] bArr, int i, int i2) {
            int serviceType = kNXnetIPHeader.getServiceType();
            if (serviceType == 524 || serviceType == 516) {
                for (ClientConnection clientConnection : this.securedConnections.values()) {
                    try {
                        clientConnection.handleServiceType(kNXnetIPHeader, bArr, i, this.conn.server.getAddress(), this.conn.server.getPort());
                    } catch (IOException | KNXFormatException e) {
                        this.logger.warn("{} error processing {}", new Object[]{clientConnection, kNXnetIPHeader, e});
                    }
                }
                return;
            }
            int channelId = TcpConnection.channelId(kNXnetIPHeader, bArr, i);
            ClientConnection clientConnection2 = this.securedConnections.get(Integer.valueOf(channelId));
            if (clientConnection2 == null) {
                synchronized (this.ongoingConnectRequests) {
                    if (!this.ongoingConnectRequests.isEmpty()) {
                        clientConnection2 = this.ongoingConnectRequests.remove(0);
                    }
                }
            }
            try {
                if (clientConnection2 != null) {
                    clientConnection2.handleServiceType(kNXnetIPHeader, bArr, i, this.conn.server.getAddress(), this.conn.server.getPort());
                    if (kNXnetIPHeader.getServiceType() == 522) {
                        this.logger.trace("remove connection {}", clientConnection2);
                        this.securedConnections.remove(Integer.valueOf(channelId));
                    }
                } else {
                    this.logger.warn("communication channel {} does not exist", Integer.valueOf(channelId));
                }
            } catch (IOException | KNXFormatException e2) {
                this.logger.warn("{} error processing {}", new Object[]{clientConnection2, kNXnetIPHeader, e2});
            }
        }

        private void sendKeepAlive() {
            try {
                this.logger.trace("sending keep-alive");
                this.conn.send(newStatusInfo(this.sessionId, nextSendSeq(), 4));
            } catch (IOException e) {
                if (this.sessionState != SessionState.Authenticated || this.conn.socket.isClosed()) {
                    return;
                }
                this.logger.warn("error sending keep-alive: {}", e.getMessage());
                close();
                this.conn.close();
            }
        }

        private byte[] wrap(byte[] bArr) {
            return SecureConnection.newSecurePacket(this.sessionId, nextSendSeq(), this.sno, 0, bArr, this.secretKey);
        }

        private byte[] unwrap(KNXnetIPHeader kNXnetIPHeader, byte[] bArr, int i) throws KNXFormatException {
            Object[] unwrap = SecureConnection.unwrap(kNXnetIPHeader, bArr, i, this.secretKey);
            int intValue = ((Integer) unwrap[0]).intValue();
            if (intValue != this.sessionId) {
                throw new KnxSecureException("secure session mismatch: received ID " + intValue + ", expected " + this.sessionId);
            }
            long longValue = ((Long) unwrap[1]).longValue();
            if (longValue < this.rcvSeq.get()) {
                AtomicLong atomicLong = this.rcvSeq;
                KnxSecureException knxSecureException = new KnxSecureException("received secure packet with sequence " + longValue + " < expected " + knxSecureException);
                throw knxSecureException;
            }
            this.rcvSeq.incrementAndGet();
            SerialNumber serialNumber = (SerialNumber) unwrap[2];
            int intValue2 = ((Integer) unwrap[3]).intValue();
            if (intValue2 != 0) {
                throw new KnxSecureException("expected message tag 0, received " + intValue2);
            }
            byte[] bArr2 = (byte[]) unwrap[4];
            this.logger.trace("received (seq {} S/N {}) {}", new Object[]{Long.valueOf(longValue), serialNumber, DataUnitBuilder.toHex(bArr2, " ")});
            return bArr2;
        }

        private byte[] parseSessionResponse(KNXnetIPHeader kNXnetIPHeader, byte[] bArr, int i, InetSocketAddress inetSocketAddress) throws KNXFormatException {
            if (kNXnetIPHeader.getServiceType() != SecureSessionResponse) {
                throw new IllegalArgumentException("no secure channel response");
            }
            if (kNXnetIPHeader.getTotalLength() != 56) {
                throw new KNXFormatException("invalid length " + bArr.length + " for a secure session response");
            }
            ByteBuffer wrap = ByteBuffer.wrap(bArr, i, kNXnetIPHeader.getTotalLength() - kNXnetIPHeader.getStructLength());
            this.sessionId = wrap.getShort() & 65535;
            if (this.sessionId == 0) {
                throw new KnxSecureException("no more free secure sessions, or remote endpoint busy");
            }
            byte[] bArr2 = new byte[32];
            wrap.get(bArr2);
            byte[] sessionKey = SecureConnection.sessionKey(SecureConnection.keyAgreement(this.privateKey, bArr2));
            synchronized (this) {
                this.secretKey = SecureConnection.createSecretKey(sessionKey);
            }
            this.conn.sessions.put(Integer.valueOf(this.sessionId), this);
            this.conn.inSessionRequestStage = null;
            if (Arrays.equals(this.deviceAuthKey.getEncoded(), new byte[16])) {
                this.logger.warn("skipping device authentication of {} (no device key)", Net.hostPort(inetSocketAddress));
            } else {
                ByteBuffer decrypt = SecureConnection.decrypt(wrap, this.deviceAuthKey, SecureConnection.securityInfo(new byte[16], 0, 65280));
                int structLength = kNXnetIPHeader.getStructLength() + 2 + 32;
                ByteBuffer allocate = ByteBuffer.allocate(18 + structLength);
                allocate.put(new byte[16]);
                allocate.put((byte) 0);
                allocate.put((byte) structLength);
                allocate.put(kNXnetIPHeader.toByteArray());
                allocate.putShort((short) this.sessionId);
                allocate.put(SecureConnection.xor(bArr2, 0, this.publicKey, 0, 32));
                if (!Arrays.equals(decrypt.array(), cbcMacSimple(this.deviceAuthKey, allocate.array(), 0, allocate.capacity()))) {
                    throw new KnxSecureException("authentication failed for session response " + DataUnitBuilder.toHex(Arrays.copyOfRange(bArr, i - 6, (i - 6) + 56), " "));
                }
            }
            return bArr2;
        }

        private byte[] newSessionAuth(byte[] bArr) {
            KNXnetIPHeader kNXnetIPHeader = new KNXnetIPHeader(SecureSessionAuth, 18);
            ByteBuffer allocate = ByteBuffer.allocate(kNXnetIPHeader.getTotalLength());
            allocate.put(kNXnetIPHeader.toByteArray());
            allocate.putShort((short) this.user);
            ByteBuffer allocate2 = ByteBuffer.allocate(58);
            allocate2.put(new byte[16]);
            allocate2.put((byte) 0);
            allocate2.put((byte) 40);
            allocate2.put(allocate.array(), 0, allocate.position());
            allocate2.put(SecureConnection.xor(bArr, 0, this.publicKey, 0, 32));
            byte[] cbcMacSimple = cbcMacSimple(this.userKey, allocate2.array(), 0, allocate2.capacity());
            SecureConnection.encrypt(cbcMacSimple, 0, this.userKey, SecureConnection.securityInfo(new byte[16], 8, 65280));
            allocate.put(cbcMacSimple);
            return allocate.array();
        }

        private byte[] newStatusInfo(int i, long j, int i2) {
            ByteBuffer allocate = ByteBuffer.allocate(8);
            allocate.put(new KNXnetIPHeader(SecureSessionStatus, 2).toByteArray());
            allocate.put((byte) i2);
            return SecureConnection.newSecurePacket(i, j, this.sno, 0, allocate.array(), this.secretKey);
        }

        private byte[] cbcMacSimple(Key key, byte[] bArr, int i, int i2) {
            byte[] copyOfRange = Arrays.copyOfRange(bArr, i, i + i2);
            this.logger.trace("authenticating (length {}): {}", Integer.valueOf(i2), DataUnitBuilder.toHex(copyOfRange, " "));
            try {
                Cipher cipher = Cipher.getInstance("AES/CBC/NoPadding");
                cipher.init(1, key, new IvParameterSpec(new byte[16]));
                byte[] doFinal = cipher.doFinal(Arrays.copyOfRange(bArr, i, ((i2 + 15) / 16) * 16));
                return Arrays.copyOfRange(doFinal, doFinal.length - 16, doFinal.length);
            } catch (GeneralSecurityException e) {
                throw new KnxSecureException("calculating CBC-MAC of " + DataUnitBuilder.toHex(copyOfRange, " "), e);
            }
        }

        private static KeyPair generateKeyPair() throws NoSuchAlgorithmException {
            return KeyPairGenerator.getInstance("X25519").generateKeyPair();
        }

        private static SerialNumber deriveSerialNumber(InetSocketAddress inetSocketAddress) {
            if (inetSocketAddress != null) {
                try {
                    return deriveSerialNumber(NetworkInterface.getByInetAddress(inetSocketAddress.getAddress()));
                } catch (SocketException e) {
                }
            }
            return SerialNumber.Zero;
        }

        private static SerialNumber deriveSerialNumber(NetworkInterface networkInterface) {
            if (networkInterface != null) {
                try {
                    byte[] hardwareAddress = networkInterface.getHardwareAddress();
                    if (hardwareAddress != null) {
                        return SerialNumber.from(Arrays.copyOf(hardwareAddress, 6));
                    }
                } catch (SocketException e) {
                }
            }
            return SerialNumber.Zero;
        }

        static {
            keepAliveSender.setKeepAliveTime(90L, TimeUnit.SECONDS);
            keepAliveSender.allowCoreThreadTimeOut(true);
            emptyUserPwdHash = new byte[]{-23, -61, 4, -71, 20, -93, 81, 117, -3, 125, 28, 103, 58, -75, 47, -31};
        }
    }

    public static TcpConnection newTcpConnection(InetSocketAddress inetSocketAddress, InetSocketAddress inetSocketAddress2) {
        return new TcpConnection(inetSocketAddress, inetSocketAddress2);
    }

    private TcpConnection(InetSocketAddress inetSocketAddress) {
        this.sessions = new ConcurrentHashMap();
        this.unsecuredConnections = new ConcurrentHashMap();
        this.ongoingConnectRequests = Collections.synchronizedList(new ArrayList());
        this.sessionRequestLock = new ReentrantLock();
        this.server = inetSocketAddress;
        this.socket = new Socket();
        this.logger = LoggerFactory.getLogger("calimero.knxnetip.tcp " + Net.hostPort(inetSocketAddress));
    }

    protected TcpConnection(InetSocketAddress inetSocketAddress, InetSocketAddress inetSocketAddress2) {
        this(inetSocketAddress2);
        InetSocketAddress inetSocketAddress3 = null;
        try {
            inetSocketAddress3 = Net.matchRemoteEndpoint(inetSocketAddress, inetSocketAddress2, false);
            this.socket.bind(inetSocketAddress3);
            this.localEndpoint = (InetSocketAddress) this.socket.getLocalSocketAddress();
        } catch (IOException e) {
            throw new KnxRuntimeException("binding to local address " + inetSocketAddress3, e);
        } catch (KNXException e2) {
            throw new KnxRuntimeException("no local host address available", e2.getCause());
        }
    }

    public SecureSession newSecureSession(int i, byte[] bArr, byte[] bArr2) {
        return new SecureSession(this, i, bArr, bArr2);
    }

    public InetSocketAddress localEndpoint() {
        return this.localEndpoint;
    }

    public InetSocketAddress server() {
        return this.server;
    }

    public boolean isConnected() {
        boolean isConnected = this.socket.isConnected();
        if (this.socket.isClosed()) {
            return false;
        }
        return isConnected;
    }

    @Override // java.io.Closeable, java.lang.AutoCloseable
    public void close() {
        this.unsecuredConnections.values().forEach((v0) -> {
            v0.close();
        });
        this.unsecuredConnections.clear();
        this.sessions.values().forEach((v0) -> {
            v0.close();
        });
        this.sessions.clear();
        try {
            this.socket.close();
        } catch (IOException e) {
        }
    }

    public String toString() {
        return Net.hostPort(localEndpoint()) + " " + Net.hostPort(this.server) + " (" + (this.socket.isClosed() ? "closed" : this.socket.isConnected() ? "connected" : "bound") + ")";
    }

    Socket socket() {
        return this.socket;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void send(byte[] bArr) throws IOException {
        OutputStream outputStream = this.socket.getOutputStream();
        outputStream.write(bArr);
        outputStream.flush();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void registerConnectRequest(ClientConnection clientConnection) {
        this.ongoingConnectRequests.add(clientConnection);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void unregisterConnectRequest(ClientConnection clientConnection) {
        this.ongoingConnectRequests.remove(clientConnection);
        registerConnection(clientConnection);
    }

    public void registerConnection(ClientConnection clientConnection) {
        if (clientConnection.getState() == 0) {
            this.unsecuredConnections.put(Integer.valueOf(clientConnection.channelId), clientConnection);
        }
    }

    public synchronized void connect() throws IOException {
        if (this.socket.isConnected()) {
            return;
        }
        this.socket.connect(this.server, (int) connectionTimeout.toMillis());
        startTcpReceiver();
    }

    private void startTcpReceiver() {
        Thread thread = new Thread(this::runReceiveLoop, "KNXnet/IP tcp receiver " + Net.hostPort(this.server));
        thread.setDaemon(true);
        thread.start();
    }

    private void runReceiveLoop() {
        KNXnetIPHeader kNXnetIPHeader;
        byte[] bArr = new byte[512];
        int i = 0;
        try {
            try {
                try {
                    InputStream inputStream = this.socket.getInputStream();
                    while (!this.socket.isClosed()) {
                        if (i >= 6) {
                            try {
                                kNXnetIPHeader = new KNXnetIPHeader(bArr, 0);
                            } catch (KNXFormatException | KnxSecureException e) {
                                this.logger.warn("received invalid frame", e);
                                i = 0;
                            }
                            if (kNXnetIPHeader.getTotalLength() <= i) {
                                int totalLength = kNXnetIPHeader.getTotalLength() - kNXnetIPHeader.getStructLength();
                                int totalLength2 = i - kNXnetIPHeader.getTotalLength();
                                i = totalLength2;
                                if (kNXnetIPHeader.isSecure()) {
                                    dispatchToSession(kNXnetIPHeader, bArr, kNXnetIPHeader.getStructLength(), totalLength);
                                } else {
                                    dispatchToConnection(kNXnetIPHeader, bArr, kNXnetIPHeader.getStructLength());
                                }
                                if (totalLength2 > 0) {
                                    System.arraycopy(bArr, kNXnetIPHeader.getTotalLength(), bArr, 0, totalLength2);
                                }
                            } else if (kNXnetIPHeader.getTotalLength() > 512) {
                                int totalLength3 = kNXnetIPHeader.getTotalLength() - i;
                                do {
                                    int i2 = totalLength3;
                                    totalLength3--;
                                    if (i2 <= 0) {
                                        break;
                                    }
                                } while (inputStream.read() != -1);
                                i = 0;
                            }
                        }
                        int read = inputStream.read(bArr, i, bArr.length - i);
                        if (read == -1) {
                            close();
                            return;
                        }
                        i += read;
                    }
                    close();
                } catch (InterruptedIOException e2) {
                    Thread.currentThread().interrupt();
                    close();
                }
            } catch (IOException | RuntimeException e3) {
                if (!this.socket.isClosed()) {
                    this.logger.error("receiver communication failure", e3);
                }
                close();
            }
        } catch (Throwable th) {
            close();
            throw th;
        }
    }

    private void dispatchToSession(KNXnetIPHeader kNXnetIPHeader, byte[] bArr, int i, int i2) throws KNXFormatException {
        int i3 = ByteBuffer.wrap(bArr, i, i2).getShort() & 65535;
        if (i3 == 0) {
            throw new KnxSecureException("no more free secure sessions, or remote endpoint busy");
        }
        SecureSession secureSession = this.sessions.get(Integer.valueOf(i3));
        if (secureSession == null && kNXnetIPHeader.getServiceType() == 2386) {
            secureSession = this.inSessionRequestStage;
        }
        if (secureSession != null) {
            secureSession.acceptServiceType(kNXnetIPHeader, bArr, i, i2);
        } else {
            this.logger.warn("session {} does not exist", Integer.valueOf(i3));
        }
    }

    private void dispatchToConnection(KNXnetIPHeader kNXnetIPHeader, byte[] bArr, int i) throws IOException, KNXFormatException {
        int serviceType = kNXnetIPHeader.getServiceType();
        if (serviceType == 524 || serviceType == 516) {
            Iterator<ClientConnection> it = this.unsecuredConnections.values().iterator();
            while (it.hasNext()) {
                it.next().handleServiceType(kNXnetIPHeader, bArr, i, this.server.getAddress(), this.server.getPort());
            }
            return;
        }
        int channelId = channelId(kNXnetIPHeader, bArr, i);
        ClientConnection clientConnection = this.unsecuredConnections.get(Integer.valueOf(channelId));
        if (clientConnection == null) {
            synchronized (this.ongoingConnectRequests) {
                if (!this.ongoingConnectRequests.isEmpty()) {
                    clientConnection = this.ongoingConnectRequests.remove(0);
                }
            }
        }
        if (clientConnection == null) {
            this.logger.warn("communication channel {} does not exist", Integer.valueOf(channelId));
            return;
        }
        clientConnection.handleServiceType(kNXnetIPHeader, bArr, i, this.server.getAddress(), this.server.getPort());
        if (serviceType == 522) {
            this.unsecuredConnections.remove(Integer.valueOf(channelId));
        }
    }

    private static int channelId(KNXnetIPHeader kNXnetIPHeader, byte[] bArr, int i) {
        int i2 = i;
        switch (kNXnetIPHeader.getServiceType()) {
            case KNXnetIPHeader.DEVICE_CONFIGURATION_REQ /* 784 */:
            case KNXnetIPHeader.TUNNELING_REQ /* 1056 */:
            case KNXnetIPHeader.TunnelingFeatureResponse /* 1059 */:
            case KNXnetIPHeader.TunnelingFeatureInfo /* 1061 */:
            case KNXnetIPHeader.ObjectServerRequest /* 61568 */:
            case KNXnetIPHeader.ObjectServerAck /* 61569 */:
                i2 = i + 1;
                break;
        }
        return bArr[i2] & 255;
    }

    private static void reverse(byte[] bArr) {
        for (int i = 0; i < bArr.length / 2; i++) {
            byte b = bArr[i];
            bArr[i] = bArr[(bArr.length - 1) - i];
            bArr[(bArr.length - 1) - i] = b;
        }
    }
}
