package net.i2p.data;

import com.applovin.exoplayer2.common.base.Ascii;
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.util.Collections;
import java.util.Date;
import java.util.Iterator;
import java.util.List;
import java.util.Set;
import net.i2p.I2PAppContext;
import net.i2p.crypto.Blinding;
import net.i2p.crypto.ChaCha20;
import net.i2p.crypto.DSAEngine;
import net.i2p.crypto.EncType;
import net.i2p.crypto.HKDF;
import net.i2p.crypto.KeyPair;
import net.i2p.crypto.SHA256Generator;
import net.i2p.crypto.SigType;
import net.i2p.crypto.x25519.X25519DH;
import net.i2p.util.Clock;
import net.i2p.util.HexDump;
import net.i2p.util.Log;

/* loaded from: classes3.dex */
public class EncryptedLeaseSet extends LeaseSet2 {
    private static final int CLIENT_LEN = 40;
    private static final int COOKIE_LEN = 32;
    private static final String ELS2L1K = "ELS2_L1K";
    private static final String ELS2L2K = "ELS2_L2K";
    private static final String ELS2_DH = "ELS2_XCA";
    private static final String ELS2_PSK = "ELS2PSKA";
    private static final int ID_LEN = 8;
    private static final int IV_LEN = 12;
    private static final int MAX_ENCRYPTED_SIZE = 4096;
    private static final int MIN_ENCRYPTED_SIZE = 24;
    private static final int SALT_LEN = 32;
    private Hash __calculatedHash;
    private SigningPrivateKey _alpha;
    private int _authType;
    private PrivateKey _clientPrivateKey;
    private LeaseSet2 _decryptedLS2;
    private byte[] _encryptedData;
    private final Log _log = I2PAppContext.getGlobalContext().logManager().getLog(EncryptedLeaseSet.class);
    private int _numKeys;
    private String _secret;
    private SigningPublicKey _unblindedSPK;
    private static final byte[] CREDENTIAL = DataHelper.getASCII("credential");
    private static final byte[] SUBCREDENTIAL = DataHelper.getASCII("subcredential");

    private SigningPublicKey blind(SigningPublicKey signingPublicKey) {
        I2PAppContext globalContext = I2PAppContext.getGlobalContext();
        if (this._published <= 0) {
            this._alpha = Blinding.generateAlpha(globalContext, signingPublicKey, this._secret);
        } else {
            this._alpha = Blinding.generateAlpha(globalContext, signingPublicKey, this._secret, this._published);
        }
        SigningPublicKey blind = Blinding.blind(signingPublicKey, this._alpha);
        if (this._log.shouldDebug()) {
            this._log.debug("Blind:\norig:    " + signingPublicKey + "\nsecret:  " + this._secret + "\nalpha:   " + this._alpha + "\nblinded: " + blind);
        }
        return blind;
    }

    private void decrypt(PrivateKey privateKey) throws DataFormatException, IOException {
        try {
            x_decrypt(privateKey);
        } catch (IndexOutOfBoundsException e) {
            throw new DataFormatException("ioobe", e);
        }
    }

    private byte[] getHKDFInput(I2PAppContext i2PAppContext) {
        byte[] subcredential = getSubcredential(i2PAppContext);
        byte[] bArr = new byte[subcredential.length + 4];
        System.arraycopy(subcredential, 0, bArr, 0, subcredential.length);
        DataHelper.toLong(bArr, subcredential.length, 4, this._published / 1000);
        return bArr;
    }

    private byte[] getHKDFInput(I2PAppContext i2PAppContext, byte[] bArr) {
        byte[] subcredential = getSubcredential(i2PAppContext);
        byte[] bArr2 = new byte[bArr.length + subcredential.length + 4];
        System.arraycopy(bArr, 0, bArr2, 0, bArr.length);
        System.arraycopy(subcredential, 0, bArr2, bArr.length, subcredential.length);
        DataHelper.toLong(bArr2, bArr.length + subcredential.length, 4, this._published / 1000);
        return bArr2;
    }

    private byte[] getSubcredential(I2PAppContext i2PAppContext) {
        SigningPublicKey signingPublicKey = this._unblindedSPK;
        if (signingPublicKey == null) {
            throw new IllegalStateException("no known SPK to decrypt with");
        }
        int length = signingPublicKey.length();
        byte[] bArr = new byte[length + 4];
        System.arraycopy(this._unblindedSPK.getData(), 0, bArr, 0, length);
        DataHelper.toLong(bArr, length, 2, this._unblindedSPK.getType().getCode());
        DataHelper.toLong(bArr, length + 2, 2, SigType.RedDSA_SHA512_Ed25519.getCode());
        byte[] hash = hash(i2PAppContext, CREDENTIAL, bArr);
        byte[] data = this._signingKey.getData();
        byte[] bArr2 = new byte[hash.length + data.length];
        System.arraycopy(hash, 0, bArr2, 0, hash.length);
        System.arraycopy(data, 0, bArr2, hash.length, data.length);
        return hash(i2PAppContext, SUBCREDENTIAL, bArr2);
    }

    private static byte[] hash(I2PAppContext i2PAppContext, byte[] bArr, byte[] bArr2) {
        int length = bArr.length + bArr2.length;
        byte[] bArr3 = new byte[length];
        System.arraycopy(bArr, 0, bArr3, 0, bArr.length);
        System.arraycopy(bArr2, 0, bArr3, bArr.length, bArr2.length);
        byte[] bArr4 = new byte[32];
        i2PAppContext.sha().calculateHash(bArr3, 0, length, bArr4, 0);
        return bArr4;
    }

    private void x_decrypt(PrivateKey privateKey) throws DataFormatException, IOException {
        int i;
        byte[] bArr;
        byte[] bArr2;
        int i2;
        byte[] bArr3;
        byte[] bArr4;
        LeaseSet2 metaLeaseSet;
        if (this._encryptedData == null) {
            throw new IllegalStateException("not encrypted");
        }
        if (this._decryptedLS2 != null) {
            return;
        }
        I2PAppContext globalContext = I2PAppContext.getGlobalContext();
        byte[] hKDFInput = getHKDFInput(globalContext);
        HKDF hkdf = new HKDF(globalContext);
        byte[] bArr5 = new byte[32];
        byte[] bArr6 = new byte[32];
        byte[] bArr7 = this._encryptedData;
        int length = bArr7.length - 32;
        byte[] bArr8 = new byte[length];
        hkdf.calculate(bArr7, hKDFInput, ELS2L1K, bArr5, bArr6, 0);
        if (this._log.shouldDebug()) {
            this._log.debug("Decrypt: chacha20 key:\n" + HexDump.dump(bArr5));
            this._log.debug("Decrypt: chacha20 IV:\n" + HexDump.dump(bArr6));
        }
        ChaCha20.decrypt(bArr5, bArr6, bArr7, 32, bArr8, 0, length);
        if (this._log.shouldDebug()) {
            this._log.debug("Decrypt: outer ciphertext:\n" + HexDump.dump(bArr7));
            this._log.debug("Decrypt: outer plaintext:\n" + HexDump.dump(bArr8));
        }
        byte[] bArr9 = bArr8;
        int i3 = bArr9[0] & Ascii.SI;
        this._authType = i3;
        int i4 = 1;
        if (i3 == 0) {
            bArr4 = hKDFInput;
        } else {
            if (privateKey == null) {
                throw new DataFormatException("Per-client auth but no key");
            }
            if (i3 != 1 && i3 != 3) {
                throw new DataFormatException("Per-client auth unsupported type: " + i3);
            }
            if (privateKey.getType() != EncType.ECIES_X25519) {
                throw new DataFormatException("Bad PSK client key type: " + privateKey);
            }
            byte[] bArr10 = new byte[32];
            System.arraycopy(bArr9, 1, bArr10, 0, 32);
            int fromLong = (int) DataHelper.fromLong(bArr9, 33, 2);
            this._numKeys = fromLong;
            if (fromLong == 0) {
                throw new DataFormatException("No client entries");
            }
            int i5 = (fromLong * 40) + 35;
            if (this._log.shouldDebug()) {
                this._log.debug("Auth type " + i3 + ", found " + fromLong + " client entries, authsalt is:\n" + HexDump.dump(bArr10));
            }
            byte[] bArr11 = new byte[32];
            byte[] bArr12 = new byte[32];
            if (i3 == 1) {
                SessionKey dh = X25519DH.dh(privateKey, new PublicKey(EncType.ECIES_X25519, bArr10));
                byte[] bArr13 = new byte[hKDFInput.length + 64];
                System.arraycopy(dh.getData(), 0, bArr13, 0, 32);
                System.arraycopy(privateKey.toPublic().getData(), 0, bArr13, 32, 32);
                System.arraycopy(hKDFInput, 0, bArr13, 64, 36);
                i = fromLong;
                bArr = bArr12;
                bArr2 = bArr9;
                hkdf.calculate(bArr10, bArr13, ELS2_DH, bArr11, bArr12, 0);
                i2 = 36;
            } else {
                i = fromLong;
                bArr = bArr12;
                bArr2 = bArr9;
                byte[] bArr14 = new byte[hKDFInput.length + 32];
                System.arraycopy(privateKey.getData(), 0, bArr14, 0, 32);
                i2 = 36;
                System.arraycopy(hKDFInput, 0, bArr14, 32, 36);
                hkdf.calculate(bArr10, bArr14, ELS2_PSK, bArr11, bArr12, 0);
            }
            if (this._log.shouldDebug()) {
                Log log = this._log;
                StringBuilder sb = new StringBuilder();
                sb.append("Looking for client ID:\n");
                bArr3 = bArr;
                sb.append(HexDump.dump(bArr3, 12, 8));
                sb.append("for client key:\n");
                sb.append(HexDump.dump(bArr11));
                log.debug(sb.toString());
            } else {
                bArr3 = bArr;
            }
            byte[] bArr15 = null;
            int i6 = 35;
            int i7 = i;
            int i8 = 0;
            while (true) {
                if (i8 >= i7) {
                    bArr9 = bArr2;
                    break;
                }
                int i9 = i7;
                bArr9 = bArr2;
                if (DataHelper.eq(bArr3, 12, bArr9, i6, 8)) {
                    bArr15 = new byte[32];
                    System.arraycopy(bArr9, i6 + 8, bArr15, 0, 32);
                    break;
                } else {
                    i6 += 40;
                    i8++;
                    bArr2 = bArr9;
                    i7 = i9;
                }
            }
            byte[] bArr16 = bArr15;
            if (bArr16 == null) {
                throw new DataFormatException("Our client auth entry not found");
            }
            if (this._log.shouldDebug()) {
                this._log.debug("Found client cookie:\n" + HexDump.dump(bArr16));
            }
            byte[] bArr17 = new byte[hKDFInput.length + 32];
            System.arraycopy(hKDFInput, 0, bArr17, 32, i2);
            ChaCha20.decrypt(bArr11, bArr3, bArr16, 0, bArr17, 0, 32);
            if (this._log.shouldDebug()) {
                this._log.debug("Decrypted client cookie:\n" + HexDump.dump(bArr17, 0, 32));
            }
            bArr4 = bArr17;
            i4 = i5;
        }
        int i10 = i4 + 32;
        int i11 = length - i10;
        byte[] bArr18 = new byte[i11];
        byte[] bArr19 = new byte[32];
        System.arraycopy(bArr9, i4, bArr19, 0, 32);
        if (this._log.shouldDebug()) {
            this._log.debug("Inner HKDF salt:\n" + HexDump.dump(bArr19) + "Inner HKDF input:\n" + HexDump.dump(bArr4));
        }
        hkdf.calculate(bArr19, bArr4, ELS2L2K, bArr5, bArr6, 0);
        ChaCha20.decrypt(bArr5, bArr6, bArr9, i10, bArr18, 0, i11);
        if (this._log.shouldDebug()) {
            this._log.debug("Decrypt: inner plaintext:\n" + HexDump.dump(bArr18));
        }
        ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(bArr18);
        int read = byteArrayInputStream.read();
        if (read == 3) {
            metaLeaseSet = new LeaseSet2();
        } else {
            if (read != 7) {
                throw new DataFormatException("Bad decryption or unsupported LS type: " + read);
            }
            metaLeaseSet = new MetaLeaseSet();
        }
        metaLeaseSet.readBytes(byteArrayInputStream);
        this._decryptedLS2 = metaLeaseSet;
    }

    public void encrypt(int i, List<? extends SimpleDataStructure> list) {
        int size;
        byte[] hKDFInput;
        byte[] bArr;
        int i2;
        int i3;
        int i4;
        HKDF hkdf;
        byte[] bArr2;
        byte[] bArr3;
        int i5;
        int i6;
        int i7;
        PublicKey publicKey;
        if (this._encryptedData != null) {
            throw new IllegalStateException("already encrypted");
        }
        if (this._signature == null) {
            throw new IllegalStateException("not signed");
        }
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        int i8 = this._flags;
        setUnpublished();
        setBlindedWhenPublished();
        try {
            try {
                byteArrayOutputStream.write(3);
                super.writeHeader(byteArrayOutputStream);
                writeBody(byteArrayOutputStream);
                this._signature.writeBytes(byteArrayOutputStream);
                this._flags = i8;
                I2PAppContext globalContext = I2PAppContext.getGlobalContext();
                byte[] bArr4 = new byte[32];
                globalContext.random().nextBytes(bArr4);
                HKDF hkdf2 = new HKDF(globalContext);
                byte[] bArr5 = new byte[32];
                byte[] bArr6 = new byte[32];
                this._authType = i;
                if (i == 0) {
                    size = 1;
                } else {
                    if (i != 1 && i != 3) {
                        throw new IllegalArgumentException("Bad auth type " + i);
                    }
                    if (list == null || list.isEmpty()) {
                        throw new IllegalArgumentException("No client keys provided");
                    }
                    this._numKeys = list.size();
                    size = (list.size() * 40) + 35;
                }
                byte[] bArr7 = null;
                if (i == 0) {
                    hKDFInput = getHKDFInput(globalContext);
                } else {
                    bArr7 = new byte[32];
                    globalContext.random().nextBytes(bArr7);
                    if (this._log.shouldDebug()) {
                        this._log.debug("Auth Cookie:\n" + HexDump.dump(bArr7));
                    }
                    hKDFInput = getHKDFInput(globalContext, bArr7);
                }
                byte[] bArr8 = bArr7;
                byte[] bArr9 = hKDFInput;
                if (this._log.shouldDebug()) {
                    this._log.debug("Inner HKDF salt:\n" + HexDump.dump(bArr4) + "Inner HKDF input:\n" + HexDump.dump(bArr9));
                }
                byte[] bArr10 = bArr5;
                hkdf2.calculate(bArr4, bArr9, ELS2L2K, bArr5, bArr6, 0);
                byte[] byteArray = byteArrayOutputStream.toByteArray();
                int i9 = size + 32;
                int length = i9 + byteArray.length;
                byte[] bArr11 = new byte[length];
                if (i == 0) {
                    bArr11[0] = 0;
                    bArr = byteArray;
                    i6 = 0;
                    i3 = i9;
                    i4 = length;
                    hkdf = hkdf2;
                    bArr3 = bArr4;
                    i7 = 32;
                    i5 = size;
                    bArr2 = bArr10;
                } else {
                    bArr11[0] = (byte) (i & 15);
                    if (list.size() > 1) {
                        Collections.shuffle(list);
                    }
                    if (i == 1) {
                        KeyPair generatePKIKeys = globalContext.keyGenerator().generatePKIKeys(EncType.ECIES_X25519);
                        PrivateKey privateKey = generatePKIKeys.getPrivate();
                        PublicKey publicKey2 = generatePKIKeys.getPublic();
                        byte[] bArr12 = new byte[bArr9.length + 32];
                        i4 = length;
                        System.arraycopy(bArr9, 32, bArr12, 64, 36);
                        System.arraycopy(publicKey2.getData(), 0, bArr11, 1, 32);
                        i3 = i9;
                        DataHelper.toLong(bArr11, 33, 2, list.size());
                        byte[] bArr13 = new byte[32];
                        byte[] bArr14 = new byte[32];
                        Iterator<? extends SimpleDataStructure> it = list.iterator();
                        int i10 = 35;
                        while (it.hasNext()) {
                            SimpleDataStructure next = it.next();
                            Iterator<? extends SimpleDataStructure> it2 = it;
                            byte[] bArr15 = byteArray;
                            if (!(next instanceof PublicKey)) {
                                throw new IllegalArgumentException("Bad DH client key type: " + next);
                            }
                            PublicKey publicKey3 = (PublicKey) next;
                            int i11 = size;
                            if (publicKey3.getType() != EncType.ECIES_X25519) {
                                throw new IllegalArgumentException("Bad DH client key type: " + publicKey3);
                            }
                            System.arraycopy(X25519DH.dh(privateKey, publicKey3).getData(), 0, bArr12, 0, 32);
                            System.arraycopy(publicKey3.getData(), 0, bArr12, 32, 32);
                            byte[] bArr16 = bArr10;
                            HKDF hkdf3 = hkdf2;
                            hkdf2.calculate(publicKey2.getData(), bArr12, ELS2_DH, bArr13, bArr14, 0);
                            System.arraycopy(bArr14, 12, bArr11, i10, 8);
                            int i12 = i10 + 8;
                            ChaCha20.encrypt(bArr13, bArr14, bArr8, 0, bArr11, i12, bArr8.length);
                            if (this._log.shouldDebug()) {
                                Log log = this._log;
                                StringBuilder sb = new StringBuilder();
                                sb.append("DH: Added client ID/enc.cookie:\n");
                                publicKey = publicKey2;
                                sb.append(HexDump.dump(bArr14, 12, 8));
                                sb.append(HexDump.dump(bArr11, i12, 32));
                                sb.append("for client key:\n");
                                sb.append(HexDump.dump(bArr13));
                                log.debug(sb.toString());
                            } else {
                                publicKey = publicKey2;
                            }
                            i10 = i12 + 32;
                            it = it2;
                            bArr10 = bArr16;
                            publicKey2 = publicKey;
                            byteArray = bArr15;
                            size = i11;
                            hkdf2 = hkdf3;
                        }
                        bArr = byteArray;
                        i2 = size;
                        hkdf = hkdf2;
                        bArr2 = bArr10;
                    } else {
                        bArr = byteArray;
                        i2 = size;
                        i3 = i9;
                        i4 = length;
                        hkdf = hkdf2;
                        bArr2 = bArr10;
                        byte[] bArr17 = new byte[32];
                        globalContext.random().nextBytes(bArr17);
                        System.arraycopy(bArr17, 0, bArr11, 1, 32);
                        DataHelper.toLong(bArr11, 33, 2, list.size());
                        byte[] bArr18 = new byte[32];
                        byte[] bArr19 = new byte[32];
                        int i13 = 35;
                        for (SimpleDataStructure simpleDataStructure : list) {
                            if (!(simpleDataStructure instanceof PrivateKey)) {
                                throw new IllegalArgumentException("Bad PSK client key type: " + simpleDataStructure);
                            }
                            PrivateKey privateKey2 = (PrivateKey) simpleDataStructure;
                            if (privateKey2.getType() != EncType.ECIES_X25519) {
                                throw new IllegalArgumentException("Bad PSK client key type: " + privateKey2);
                            }
                            System.arraycopy(privateKey2.getData(), 0, bArr9, 0, 32);
                            hkdf.calculate(bArr17, bArr9, ELS2_PSK, bArr18, bArr19, 0);
                            System.arraycopy(bArr19, 12, bArr11, i13, 8);
                            int i14 = i13 + 8;
                            ChaCha20.encrypt(bArr18, bArr19, bArr8, 0, bArr11, i14, bArr8.length);
                            if (this._log.shouldDebug()) {
                                this._log.debug("PSK: Added client key:\n" + HexDump.dump(bArr18) + "client IV:\n:" + HexDump.dump(bArr19, 0, 12) + "client ID:\n:" + HexDump.dump(bArr19, 12, 8) + "client cookie:\n:" + HexDump.dump(bArr11, i14, 32));
                            }
                            i13 = i14 + 32;
                        }
                    }
                    bArr3 = bArr4;
                    i5 = i2;
                    i6 = 0;
                    i7 = 32;
                }
                System.arraycopy(bArr3, i6, bArr11, i5, i7);
                byte[] bArr20 = bArr;
                int i15 = i4;
                ChaCha20.encrypt(bArr2, bArr6, bArr20, 0, bArr11, i3, bArr20.length);
                if (this._log.shouldDebug()) {
                    this._log.debug("Encrypt: inner plaintext:\n" + HexDump.dump(bArr20));
                    this._log.debug("Encrypt: inner ciphertext:\n" + HexDump.dump(bArr11));
                }
                globalContext.random().nextBytes(bArr3);
                if (i == 0) {
                    hkdf.calculate(bArr3, bArr9, ELS2L1K, bArr2, bArr6, 0);
                } else {
                    byte[] bArr21 = new byte[36];
                    System.arraycopy(bArr9, 32, bArr21, i6, 36);
                    hkdf.calculate(bArr3, bArr21, ELS2L1K, bArr2, bArr6, 0);
                }
                byte[] bArr22 = new byte[i15 + 32];
                System.arraycopy(bArr3, i6, bArr22, i6, 32);
                if (this._log.shouldDebug()) {
                    this._log.debug("Encrypt: chacha20 key:\n" + HexDump.dump(bArr2));
                    this._log.debug("Encrypt: chacha20 IV:\n" + HexDump.dump(bArr6));
                }
                ChaCha20.encrypt(bArr2, bArr6, bArr11, 0, bArr22, 32, i15);
                if (this._log.shouldDebug()) {
                    this._log.debug("Encrypt: outer ciphertext:\n" + HexDump.dump(bArr22));
                }
                this._encryptedData = bArr22;
            } catch (IOException e) {
                throw new IllegalStateException("Error encrypting LS2", e);
            } catch (DataFormatException e2) {
                throw new IllegalStateException("Error encrypting LS2", e2);
            }
        } catch (Throwable th) {
            this._flags = i8;
            throw th;
        }
    }

    @Override // net.i2p.data.LeaseSet2, net.i2p.data.LeaseSet
    public void encrypt(SessionKey sessionKey) {
        encrypt(0, null);
    }

    @Override // net.i2p.data.LeaseSet2, net.i2p.data.LeaseSet
    public boolean equals(Object obj) {
        if (obj == this) {
            return true;
        }
        if (obj == null || !(obj instanceof EncryptedLeaseSet)) {
            return false;
        }
        EncryptedLeaseSet encryptedLeaseSet = (EncryptedLeaseSet) obj;
        return DataHelper.eq(this._signature, encryptedLeaseSet.getSignature()) && DataHelper.eq(this._signingKey, encryptedLeaseSet.getSigningKey());
    }

    public LeaseSet2 getDecryptedLeaseSet() {
        return this._decryptedLS2;
    }

    @Override // net.i2p.data.LeaseSet2, net.i2p.data.LeaseSet
    public PublicKey getEncryptionKey(Set<EncType> set) {
        LeaseSet2 leaseSet2 = this._decryptedLS2;
        return leaseSet2 != null ? leaseSet2.getEncryptionKey(set) : super.getEncryptionKey(set);
    }

    @Override // net.i2p.data.LeaseSet2
    public List<PublicKey> getEncryptionKeys() {
        LeaseSet2 leaseSet2 = this._decryptedLS2;
        return leaseSet2 != null ? leaseSet2.getEncryptionKeys() : super.getEncryptionKeys();
    }

    @Override // net.i2p.data.DatabaseEntry
    public Hash getHash() {
        if (this.__calculatedHash == null) {
            if (this._signingKey == null) {
                throw new IllegalStateException();
            }
            int length = this._signingKey.length();
            byte[] bArr = new byte[length + 2];
            DataHelper.toLong(bArr, 0, 2, this._signingKey.getType().getCode());
            System.arraycopy(this._signingKey.getData(), 0, bArr, 2, length);
            this.__calculatedHash = SHA256Generator.getInstance().calculateHash(bArr);
        }
        return this.__calculatedHash;
    }

    @Override // net.i2p.data.LeaseSet
    public Lease getLease(int i) {
        LeaseSet2 leaseSet2 = this._decryptedLS2;
        if (leaseSet2 != null) {
            return leaseSet2.getLease(i);
        }
        return null;
    }

    @Override // net.i2p.data.LeaseSet
    public int getLeaseCount() {
        LeaseSet2 leaseSet2 = this._decryptedLS2;
        if (leaseSet2 != null) {
            return leaseSet2.getLeaseCount();
        }
        return 0;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // net.i2p.data.DatabaseEntry
    public SigningPublicKey getSigningPublicKey() {
        return this._signingKey;
    }

    @Override // net.i2p.data.LeaseSet2, net.i2p.data.LeaseSet, net.i2p.data.DatabaseEntry
    public int getType() {
        return this._signature != null ? 5 : 3;
    }

    @Override // net.i2p.data.LeaseSet2, net.i2p.data.LeaseSet
    public int hashCode() {
        if (this._encryptionKey == null) {
            return 0;
        }
        return this._encryptionKey.hashCode();
    }

    @Override // net.i2p.data.LeaseSet2, net.i2p.data.LeaseSet, net.i2p.data.DataStructure
    public void readBytes(InputStream inputStream) throws DataFormatException, IOException {
        if (this._signingKey != null) {
            throw new IllegalStateException();
        }
        readHeader(inputStream);
        int readLong = (int) DataHelper.readLong(inputStream, 2);
        if (readLong < 24 || readLong > 4096) {
            throw new DataFormatException("bad LS size: " + readLong);
        }
        byte[] bArr = new byte[readLong];
        this._encryptedData = bArr;
        DataHelper.read(inputStream, bArr);
        this._signature = new Signature((isOffline() ? this._transientSigningPublicKey : this._signingKey).getType());
        this._signature.readBytes(inputStream);
    }

    @Override // net.i2p.data.LeaseSet2
    protected void readHeader(InputStream inputStream) throws DataFormatException, IOException {
        int readLong = (int) DataHelper.readLong(inputStream, 2);
        SigType byCode = SigType.getByCode(readLong);
        if (byCode == null) {
            throw new DataFormatException("unknown key type " + readLong);
        }
        this._signingKey = new SigningPublicKey(byCode);
        this._signingKey.readBytes(inputStream);
        this._published = DataHelper.readLong(inputStream, 4) * 1000;
        this._expires = this._published + (DataHelper.readLong(inputStream, 2) * 1000);
        this._flags = (int) DataHelper.readLong(inputStream, 2);
        if (isOffline()) {
            readOfflineBytes(inputStream);
        }
    }

    @Override // net.i2p.data.LeaseSet2
    protected void readOfflineBytes(InputStream inputStream) throws DataFormatException, IOException {
        this._transientExpires = DataHelper.readLong(inputStream, 4) * 1000;
        int readLong = (int) DataHelper.readLong(inputStream, 2);
        SigType byCode = SigType.getByCode(readLong);
        if (byCode == null) {
            throw new DataFormatException("Unknown sig type " + readLong);
        }
        this._transientSigningPublicKey = new SigningPublicKey(byCode);
        this._transientSigningPublicKey.readBytes(inputStream);
        this._offlineSignature = new Signature(this._signingKey.getType());
        this._offlineSignature.readBytes(inputStream);
    }

    public void setClientPrivateKey(PrivateKey privateKey) {
        this._clientPrivateKey = privateKey;
    }

    @Override // net.i2p.data.LeaseSet
    public void setDestination(Destination destination) {
        if (this._signature == null || this._destination == null) {
            this._destination = destination;
        } else if (!destination.equals(this._destination)) {
            throw new IllegalStateException();
        }
        setSigningKey(destination.getSigningPublicKey());
    }

    public void setSecret(String str) {
        if (this._signingKey != null && !DataHelper.eq(str, this._secret) && this._log.shouldWarn()) {
            this._log.warn("setSecret() after setSigningKey() was: " + this._secret + " now: " + str);
        }
        this._secret = str;
    }

    @Override // net.i2p.data.LeaseSet2, net.i2p.data.LeaseSet
    public void setSigningKey(SigningPublicKey signingPublicKey) {
        SigType type = signingPublicKey.getType();
        if (type != SigType.EdDSA_SHA512_Ed25519 && type != SigType.RedDSA_SHA512_Ed25519) {
            throw new IllegalArgumentException();
        }
        SigningPublicKey signingPublicKey2 = this._unblindedSPK;
        if (signingPublicKey2 == null) {
            this._unblindedSPK = signingPublicKey;
        } else if (!signingPublicKey2.equals(signingPublicKey)) {
            throw new IllegalArgumentException("unblinded pubkey mismatch");
        }
        SigningPublicKey blind = blind(signingPublicKey);
        if (this._signingKey == null) {
            this._signingKey = blind;
            return;
        }
        if (this._signingKey.equals(blind)) {
            return;
        }
        throw new IllegalArgumentException("blinded pubkey mismatch:\nas received:   " + this._signingKey + "\nas calculated: " + blind);
    }

    @Override // net.i2p.data.LeaseSet2, net.i2p.data.DatabaseEntry
    public void sign(SigningPrivateKey signingPrivateKey) throws DataFormatException {
        sign(signingPrivateKey, 0, null);
    }

    public void sign(SigningPrivateKey signingPrivateKey, int i, List<? extends SimpleDataStructure> list) throws DataFormatException {
        int i2 = this._flags;
        setUnpublished();
        super.sign(signingPrivateKey);
        this._flags = i2;
        if (this._log.shouldDebug()) {
            this._log.debug("Sign inner with key: " + signingPrivateKey.getType() + ' ' + signingPrivateKey.toBase64());
            Log log = this._log;
            StringBuilder sb = new StringBuilder();
            sb.append("Corresponding pubkey: ");
            sb.append(signingPrivateKey.toPublic());
            log.debug(sb.toString());
            this._log.debug("Inner sig: " + this._signature.getType() + ' ' + this._signature.toBase64());
        }
        encrypt(i, list);
        SigningPrivateKey blind = Blinding.blind(signingPrivateKey, this._alpha);
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream(size() + 1);
        try {
            byteArrayOutputStream.write(getType());
            writeBytesWithoutSig(byteArrayOutputStream);
            this._signature = DSAEngine.getInstance().sign(byteArrayOutputStream.toByteArray(), blind);
            if (this._signature == null) {
                throw new DataFormatException("Signature failed with " + signingPrivateKey.getType() + " key");
            }
            if (this._log.shouldDebug()) {
                this._log.debug("Sign outer with key: " + blind.getType() + ' ' + blind.toBase64());
                Log log2 = this._log;
                StringBuilder sb2 = new StringBuilder();
                sb2.append("Corresponding pubkey: ");
                sb2.append(blind.toPublic());
                log2.debug(sb2.toString());
                this._log.debug("Outer sig: " + this._signature.getType() + ' ' + this._signature.toBase64());
            }
        } catch (IOException e) {
            throw new DataFormatException("Signature failed", e);
        }
    }

    @Override // net.i2p.data.LeaseSet2, net.i2p.data.LeaseSet
    public int size() {
        int length = this._signingKey.length() + 12;
        byte[] bArr = this._encryptedData;
        int length2 = bArr != null ? length + bArr.length : length + 99;
        return isOffline() ? length2 + this._transientSigningPublicKey.length() + 6 + this._offlineSignature.length() : length2;
    }

    @Override // net.i2p.data.LeaseSet2, net.i2p.data.LeaseSet
    public String toString() {
        StringBuilder sb = new StringBuilder(128);
        sb.append("[EncryptedLeaseSet: ");
        if (this._signingKey != null) {
            sb.append("\n\tBlinded Key: ");
            sb.append(this._signingKey);
            Hash hash = getHash();
            sb.append("\n\tHash: ");
            sb.append(hash);
            sb.append("\n\tB32: ");
            sb.append(hash.toBase32());
        }
        if (isOffline()) {
            sb.append("\n\tTransient Key: ");
            sb.append(this._transientSigningPublicKey);
            sb.append("\n\tTransient Expires: ");
            sb.append(new Date(this._transientExpires));
            sb.append("\n\tOffline Signature: ");
            sb.append(this._offlineSignature);
        }
        sb.append("\n\tUnpublished? ");
        sb.append(isUnpublished());
        sb.append("\n\tLength: ");
        sb.append(this._encryptedData.length);
        sb.append("\n\tSignature: ");
        sb.append(this._signature);
        sb.append("\n\tPublished: ");
        sb.append(new Date(this._published));
        sb.append("\n\tExpires: ");
        sb.append(new Date(this._expires));
        sb.append("\n\tAuth Type: ");
        sb.append(this._authType);
        sb.append("\n\tClient Keys: ");
        sb.append(this._numKeys);
        if (this._decryptedLS2 != null) {
            if (this._secret != null) {
                sb.append("\n\tSecret: ");
                sb.append(this._secret);
            }
            if (this._clientPrivateKey != null) {
                sb.append("\n\tClient Private Key: ");
                sb.append(this._clientPrivateKey.toBase64());
            }
            sb.append("\n\tDecrypted LS:\n");
            sb.append(this._decryptedLS2);
        } else if (this._destination != null) {
            sb.append("\n\tDestination: ");
            sb.append(this._destination);
            sb.append("\n\tLeases: #");
            sb.append(getLeaseCount());
            for (int i = 0; i < getLeaseCount(); i++) {
                sb.append("\n\t\t");
                sb.append(getLease(i));
            }
        } else {
            sb.append("\n\tNot decrypted");
        }
        sb.append("]");
        return sb.toString();
    }

    @Override // net.i2p.data.LeaseSet2
    public boolean verifyOfflineSignature() {
        return verifyOfflineSignature(this._signingKey);
    }

    @Override // net.i2p.data.LeaseSet2, net.i2p.data.LeaseSet, net.i2p.data.DatabaseEntry
    public boolean verifySignature() {
        return verifySignature(this._clientPrivateKey);
    }

    public boolean verifySignature(PrivateKey privateKey) {
        LeaseSet2 leaseSet2 = this._decryptedLS2;
        if (leaseSet2 != null) {
            return leaseSet2.verifySignature();
        }
        if (this._log.shouldDebug()) {
            this._log.debug("Sig verify outer with key: " + this._signingKey.getType() + ' ' + this._signingKey.toBase64());
            this._log.debug("Outer sig: " + this._signature.getType() + ' ' + this._signature.toBase64());
        }
        if (!super.verifySignature()) {
            this._log.warn("ELS2 outer sig verify fail");
            return false;
        }
        this._log.info("ELS2 outer sig verify success");
        if (this._unblindedSPK == null) {
            if (!this._log.shouldWarn()) {
                return true;
            }
            this._log.warn("ELS2 no dest/SPK to decrypt with", new Exception("I did it"));
            return true;
        }
        try {
            decrypt(privateKey);
            if (this._log.shouldDebug()) {
                this._log.debug("Decrypted inner LS2:\n" + this._decryptedLS2);
                this._log.debug("Sig verify inner with key: " + this._decryptedLS2.getDestination().getSigningPublicKey().getType() + ' ' + this._decryptedLS2.getDestination().getSigningPublicKey().toBase64());
                this._log.debug("Inner sig: " + this._decryptedLS2.getSignature().getType() + ' ' + this._decryptedLS2.getSignature().toBase64());
            }
            boolean verifySignature = this._decryptedLS2.verifySignature();
            if (verifySignature) {
                this._log.info("ELS2 inner sig verify success");
            } else {
                this._log.warn("ELS2 inner sig verify fail");
            }
            return verifySignature;
        } catch (IOException e) {
            this._log.warn("ELS2 decrypt fail", e);
            return false;
        } catch (DataFormatException e2) {
            this._log.warn("ELS2 decrypt fail", e2);
            return false;
        }
    }

    @Override // net.i2p.data.LeaseSet2
    protected void writeBytesWithoutSig(OutputStream outputStream) throws DataFormatException, IOException {
        if (this._signingKey == null) {
            throw new DataFormatException("Not enough data to write out a LeaseSet");
        }
        if (this._encryptedData == null) {
            super.writeHeader(outputStream);
            writeBody(outputStream);
        } else {
            writeHeader(outputStream);
            DataHelper.writeLong(outputStream, 2, this._encryptedData.length);
            outputStream.write(this._encryptedData);
        }
    }

    @Override // net.i2p.data.LeaseSet2
    protected void writeHeader(OutputStream outputStream) throws DataFormatException, IOException {
        DataHelper.writeLong(outputStream, 2, this._signingKey.getType().getCode());
        this._signingKey.writeBytes(outputStream);
        if (this._published <= 0) {
            this._published = Clock.getInstance().now();
        }
        DataHelper.writeLong(outputStream, 4, this._published / 1000);
        DataHelper.writeLong(outputStream, 2, (this._expires - this._published) / 1000);
        DataHelper.writeLong(outputStream, 2, this._flags);
        if (isOffline()) {
            writeOfflineBytes(outputStream);
        }
    }

    @Override // net.i2p.data.LeaseSet2
    protected void writeOfflineBytes(OutputStream outputStream) throws DataFormatException, IOException {
        if (this._transientSigningPublicKey == null || this._offlineSignature == null) {
            throw new DataFormatException("No offline key/sig");
        }
        DataHelper.writeLong(outputStream, 4, this._transientExpires / 1000);
        DataHelper.writeLong(outputStream, 2, this._signingKey.getType().getCode());
        this._transientSigningPublicKey.writeBytes(outputStream);
        this._offlineSignature.writeBytes(outputStream);
    }
}
