package com.netease.mail.wzp.service.netty;

import com.netease.mail.wzp.encrypt.EncryptHandshakeDoneEvent;
import com.netease.mail.wzp.encrypt.EncryptHandshakeRequestEvent;
import com.netease.mail.wzp.encrypt.PubkeyUpdate;
import com.netease.mail.wzp.encrypt.RSAInfo;
import com.netease.mail.wzp.encrypt.RSAKeyStore;
import com.netease.mail.wzp.encrypt.RSAUtils;
import com.netease.mail.wzp.encrypt.ResetableCipher;
import com.netease.mail.wzp.entity.AbstractWZPUnit;
import com.netease.mail.wzp.entity.WZPCommEHCode;
import com.netease.mail.wzp.entity.WZPExtraHeader;
import com.netease.mail.wzp.entity.WZPTag;
import com.netease.mail.wzp.entity.WZPUnit;
import com.netease.mail.wzp.service.utils.CipherInputStream;
import com.netease.mail.wzp.service.utils.CipherOutputStream;
import io.netty.channel.Channel;
import io.netty.channel.ChannelFutureListener;
import io.netty.channel.ChannelHandlerContext;
import io.netty.channel.ChannelPromise;
import io.netty.util.concurrent.Future;
import io.netty.util.concurrent.GenericFutureListener;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.nio.ByteBuffer;
import java.security.GeneralSecurityException;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.KeyException;
import java.security.KeyFactory;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.interfaces.RSAPublicKey;
import java.security.spec.X509EncodedKeySpec;
import java.util.Iterator;
import java.util.Queue;
import java.util.Random;
import java.util.concurrent.ConcurrentLinkedQueue;
import javax.crypto.BadPaddingException;
import javax.crypto.Cipher;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.NoSuchPaddingException;

/* loaded from: classes.dex */
public abstract class WZPEncryptableCodecHandler extends AbstractWZPUnitCodecHandler {
    private static final Random rand = new Random();
    private byte[] aesKeyBytes;
    private int handshakeStage = 0;
    private EncryptHandshakeRequestEvent reqHandshakeEvent = null;
    private EncryptHandshakeDoneEvent doneHandshakeEvent = null;
    private ResetableCipher encryptCipher = null;
    private ResetableCipher decryptCipher = null;
    private volatile boolean keptMsgEnable = false;
    private volatile Queue<Object> keptMsg = new ConcurrentLinkedQueue();
    private int continuedExpiredError = 0;

    private WZPUnit createHandshakeUnit() throws NoSuchAlgorithmException, NoSuchPaddingException, InvalidKeyException, IllegalBlockSizeException, BadPaddingException {
        WZPUnit createEmptyUnit = createEmptyUnit();
        createEmptyUnit.setTag(this.reqHandshakeEvent.getTag()).setAppId(this.reqHandshakeEvent.getAppId()).setServiceId(this.reqHandshakeEvent.getServiceId()).setSerialId(this.reqHandshakeEvent.getSerialId()).unmarkTag(WZPTag.ENCRYPTED);
        createEmptyUnit.addExtraHeader(new WZPExtraHeader(WZPCommEHCode.RSA_PUBKEY_VERSION, Integer.valueOf(this.reqHandshakeEvent.getPubKeyVersion())));
        createEmptyUnit.addExtraHeader(new WZPExtraHeader(WZPCommEHCode.RSA_PUBKEY_MD5, this.reqHandshakeEvent.getPubKeyMd5()));
        createEmptyUnit.setBody(RSAUtils.encrypt(this.reqHandshakeEvent.getPubKey(), this.aesKeyBytes, 0, this.aesKeyBytes.length));
        createEmptyUnit.setForcePlainText(true);
        return createEmptyUnit;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // com.netease.mail.wzp.service.netty.AbstractWZPUnitCodecHandler
    public InputStream createSegmentDecodeInStream(WZPUnit wZPUnit, InputStream inputStream, boolean z) throws IOException {
        if (WZPTag.ENCRYPTED.isTagged(wZPUnit.getTag()) && this.decryptCipher != null) {
            try {
                this.decryptCipher.cipher().doFinal();
            } catch (Exception e) {
                this.decryptCipher.reset();
            }
            inputStream = new CipherInputStream(inputStream, this.decryptCipher);
        }
        return super.createSegmentDecodeInStream(wZPUnit, inputStream, z);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // com.netease.mail.wzp.service.netty.AbstractWZPUnitCodecHandler
    public OutputStream createSegmentEncodeOutStream(WZPUnit wZPUnit, OutputStream outputStream, boolean z) throws IOException {
        if (this.encryptCipher != null && !wZPUnit.isForcePlainText()) {
            try {
                this.encryptCipher.cipher().doFinal();
            } catch (Exception e) {
                this.encryptCipher.reset();
            }
            CipherOutputStream cipherOutputStream = new CipherOutputStream(outputStream, this.encryptCipher);
            wZPUnit.markTag(WZPTag.ENCRYPTED);
            outputStream = cipherOutputStream;
        }
        return super.createSegmentEncodeOutStream(wZPUnit, outputStream, z);
    }

    protected void doClientHandshake(Channel channel, WZPUnit wZPUnit) throws IOException {
        byte[] bArr;
        if (wZPUnit.getResponseCode() == 100) {
            try {
                switchToEncryptMode(this.aesKeyBytes);
                this.handshakeStage = 2;
                channel.pipeline().fireUserEventTriggered(this.doneHandshakeEvent);
                this.reqHandshakeEvent = null;
                this.doneHandshakeEvent = null;
                this.keptMsgEnable = false;
                this.keptMsg.clear();
                return;
            } catch (KeyException e) {
                throw new IOException(e);
            } catch (GeneralSecurityException e2) {
                throw new IOException(e2);
            }
        }
        if (wZPUnit.getResponseCode() != 496) {
            this.doneHandshakeEvent.setFailedCause(new IOException("encrypt-handshake failed, response=" + wZPUnit));
            this.handshakeStage = 0;
            channel.pipeline().fireUserEventTriggered(this.doneHandshakeEvent);
            this.reqHandshakeEvent = null;
            this.doneHandshakeEvent = null;
            return;
        }
        try {
            if (wZPUnit.getBody() instanceof byte[]) {
                bArr = (byte[]) wZPUnit.getBody();
            } else {
                if (!(wZPUnit.getBody() instanceof ByteBuffer)) {
                    throw new IOException("no valid rsa pubkey");
                }
                ByteBuffer byteBuffer = (ByteBuffer) wZPUnit.getBody();
                bArr = new byte[byteBuffer.remaining()];
                byteBuffer.get(bArr);
            }
            RSAPublicKey rSAPublicKey = (RSAPublicKey) KeyFactory.getInstance("RSA").generatePublic(new X509EncodedKeySpec(RSAUtils.decrypt(RSAKeyStore.getInstance().getRefreshGuardPubKey(), bArr, 0, bArr.length)));
            this.reqHandshakeEvent.setPubKey(rSAPublicKey);
            this.reqHandshakeEvent.setPubKeyMd5(RSAKeyStore.computePubKeyMd5(rSAPublicKey.getModulus(), rSAPublicKey.getPublicExponent()));
            this.doneHandshakeEvent.setPubKey(rSAPublicKey);
            this.doneHandshakeEvent.setPubKeyMd5(this.reqHandshakeEvent.getPubKeyMd5());
            this.doneHandshakeEvent.setPubKeyUpdated(true);
            RSAInfo rSAInfo = new RSAInfo(1);
            rSAInfo.setRsaPubKey(rSAPublicKey);
            rSAInfo.setRsaPubKeyBytes(rSAPublicKey.getEncoded());
            rSAInfo.setRsaPubKeyMd5(this.reqHandshakeEvent.getPubKeyMd5());
            System.out.println("Receive updated keys");
            RSAKeyStore.getInstance().updateKey(rSAInfo);
            PubkeyUpdate persistUpdate = RSAKeyStore.getInstance().getPersistUpdate();
            if (persistUpdate != null) {
                try {
                    persistUpdate.newPubkey();
                } catch (Exception e3) {
                    e3.printStackTrace();
                }
            }
            channel.writeAndFlush(createHandshakeUnit()).addListener((GenericFutureListener<? extends Future<? super Void>>) ChannelFutureListener.FIRE_EXCEPTION_ON_FAILURE);
            switchToEncryptMode(this.aesKeyBytes);
            this.keptMsgEnable = false;
            Queue<Object> queue = this.keptMsg;
            Iterator<Object> it = queue.iterator();
            while (it.hasNext()) {
                channel.writeAndFlush(it.next()).addListener((GenericFutureListener<? extends Future<? super Void>>) ChannelFutureListener.FIRE_EXCEPTION_ON_FAILURE);
            }
            queue.clear();
        } catch (Exception e4) {
            throw new IOException(e4);
        }
    }

    protected ResetableCipher getDecryptCipher() {
        return this.decryptCipher;
    }

    protected ResetableCipher getEncryptCipher() {
        return this.encryptCipher;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // com.netease.mail.wzp.service.netty.AbstractWZPUnitCodecHandler
    public boolean onBeforeDecodedMsgOut(ChannelHandlerContext channelHandlerContext, WZPUnit wZPUnit) throws IOException {
        if (this.handshakeStage != 1 || wZPUnit.getSerialId() != this.reqHandshakeEvent.getSerialId()) {
            return super.onBeforeDecodedMsgOut(channelHandlerContext, wZPUnit);
        }
        doClientHandshake(channelHandlerContext.channel(), wZPUnit);
        return false;
    }

    protected final void switchToEncryptMode(byte[] bArr) throws NoSuchAlgorithmException, NoSuchPaddingException, InvalidKeyException, InvalidAlgorithmParameterException, NoSuchProviderException {
        ResetableCipher resetableCipher = new ResetableCipher(bArr, 2);
        Cipher.getInstance(AbstractWZPUnit.ENCRYPT_AES_ALGORITHM);
        ResetableCipher resetableCipher2 = new ResetableCipher(bArr, 1);
        this.decryptCipher = resetableCipher;
        this.encryptCipher = resetableCipher2;
    }

    @Override // io.netty.channel.ChannelInboundHandlerAdapter, io.netty.channel.ChannelInboundHandler
    public void userEventTriggered(ChannelHandlerContext channelHandlerContext, Object obj) throws Exception {
        if (!(obj instanceof EncryptHandshakeRequestEvent)) {
            if (obj instanceof EncryptHandshakeDoneEvent) {
            }
            super.userEventTriggered(channelHandlerContext, obj);
            return;
        }
        this.reqHandshakeEvent = (EncryptHandshakeRequestEvent) obj;
        this.doneHandshakeEvent = new EncryptHandshakeDoneEvent(this.reqHandshakeEvent);
        if (this.handshakeStage != 0) {
            this.doneHandshakeEvent.setFailedCause(new IllegalStateException());
            channelHandlerContext.pipeline().fireUserEventTriggered(this.doneHandshakeEvent);
            this.reqHandshakeEvent = null;
            this.doneHandshakeEvent = null;
            return;
        }
        this.aesKeyBytes = new byte[16];
        rand.nextBytes(this.aesKeyBytes);
        WZPUnit createHandshakeUnit = createHandshakeUnit();
        this.handshakeStage = 1;
        channelHandlerContext.channel().writeAndFlush(createHandshakeUnit).addListener((GenericFutureListener<? extends Future<? super Void>>) ChannelFutureListener.FIRE_EXCEPTION_ON_FAILURE);
        switchToEncryptMode(this.aesKeyBytes);
    }

    @Override // com.netease.mail.wzp.service.netty.ByteToMessageCodec, io.netty.channel.ChannelDuplexHandler, io.netty.channel.ChannelOutboundHandler
    public void write(ChannelHandlerContext channelHandlerContext, Object obj, ChannelPromise channelPromise) throws Exception {
        if (this.handshakeStage == 1 && (obj instanceof WZPUnit) && ((WZPUnit) obj).getAppId() != 1 && ((WZPUnit) obj).getServiceId() > 0) {
            this.keptMsg.add(obj);
        }
        super.write(channelHandlerContext, obj, channelPromise);
    }
}
