package com.mindspore.flclient;

import com.google.flatbuffers.FlatBufferBuilder;
import com.mindspore.flclient.cipher.AESEncrypt;
import com.mindspore.flclient.cipher.BaseUtil;
import com.mindspore.flclient.cipher.CertVerify;
import com.mindspore.flclient.cipher.ClientListReq;
import com.mindspore.flclient.cipher.KEYAgreement;
import com.mindspore.flclient.cipher.Masking;
import com.mindspore.flclient.cipher.ReconstructSecretReq;
import com.mindspore.flclient.cipher.ShareSecrets;
import com.mindspore.flclient.cipher.SignAndVerify;
import com.mindspore.flclient.cipher.struct.ClientPublicKey;
import com.mindspore.flclient.cipher.struct.DecryptShareSecrets;
import com.mindspore.flclient.cipher.struct.EncryptShare;
import com.mindspore.flclient.cipher.struct.NewArray;
import com.mindspore.flclient.cipher.struct.ShareSecret;
import com.mindspore.flclient.common.FLLoggerGenerater;
import com.mindspore.flclient.pki.PkiUtil;
import java.io.IOException;
import java.nio.ByteBuffer;
import java.nio.charset.StandardCharsets;
import java.security.SecureRandom;
import java.security.cert.CertificateEncodingException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Base64;
import java.util.Date;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.logging.Logger;
import mindspore.fl.schema.ClientShare;
import mindspore.fl.schema.GetExchangeKeys;
import mindspore.fl.schema.GetShareSecrets;
import mindspore.fl.schema.RequestAllClientListSign;
import mindspore.fl.schema.RequestExchangeKeys;
import mindspore.fl.schema.RequestShareSecrets;
import mindspore.fl.schema.ResponseClientListSign;
import mindspore.fl.schema.ResponseCode;
import mindspore.fl.schema.ResponseExchangeKeys;
import mindspore.fl.schema.ResponseShareSecrets;
import mindspore.fl.schema.ReturnAllClientListSign;
import mindspore.fl.schema.ReturnExchangeKeys;
import mindspore.fl.schema.ReturnShareSecrets;
import mindspore.fl.schema.SendClientListSign;

/* loaded from: input_file:com/mindspore/flclient/CipherClient.class */
public class CipherClient {
    private static final Logger LOGGER = FLLoggerGenerater.getModelLogger(CipherClient.class.toString());
    private final int iteration;
    private int featureSize;
    private int minShareNum;
    private byte[] bu;
    private String nextRequestTime;
    private byte[] prime;
    private int retCode;
    private FLParameter flParameter = FLParameter.getInstance();
    private LocalFLParameter localFLParameter = LocalFLParameter.getInstance();
    private List<byte[]> cKey = new ArrayList();
    private List<byte[]> sKey = new ArrayList();
    private byte[] individualIv = new byte[16];
    private byte[] pwIVec = new byte[16];
    private byte[] pwSalt = new byte[32];
    private Map<String, ClientPublicKey> clientPublicKeyList = new HashMap();
    private Map<String, byte[]> sUVKeys = new HashMap();
    private Map<String, byte[]> cUVKeys = new HashMap();
    private List<EncryptShare> clientShareList = new ArrayList();
    private List<EncryptShare> returnShareList = new ArrayList();
    private List<String> u1ClientList = new ArrayList();
    private List<String> u2UClientList = new ArrayList();
    private List<String> u3ClientList = new ArrayList();
    private List<DecryptShareSecrets> decryptShareSecretsList = new ArrayList();
    private KEYAgreement keyAgreement = new KEYAgreement();
    private Masking masking = new Masking();
    private ClientListReq clientListReq = new ClientListReq();
    private ReconstructSecretReq reconstructSecretReq = new ReconstructSecretReq();
    private Map<String, X509Certificate[]> certificateList = new HashMap();
    private int waitTryTime = 0;
    private FLCommunication flCommunication = FLCommunication.getInstance();

    public CipherClient(int i, int i2, byte[] bArr, int i3) {
        this.iteration = i;
        this.featureSize = i3;
        this.minShareNum = i2;
        this.prime = bArr;
    }

    public void setNextRequestTime(String str) {
        this.nextRequestTime = str;
    }

    private void setClientShareList(List<EncryptShare> list) {
        this.clientShareList.clear();
        this.clientShareList = list;
    }

    public String getNextRequestTime() {
        return this.nextRequestTime;
    }

    public int getRetCode() {
        return this.retCode;
    }

    private FLClientStatus genDHKeyPairs() {
        byte[] generatePrivateKey = this.keyAgreement.generatePrivateKey();
        byte[] generatePublicKey = this.keyAgreement.generatePublicKey(generatePrivateKey);
        if (generatePublicKey == null || generatePublicKey.length == 0) {
            LOGGER.severe("[genDHKeyPairs] the return byte[] <cpk> is null, please check!");
            return FLClientStatus.FAILED;
        }
        byte[] generatePrivateKey2 = this.keyAgreement.generatePrivateKey();
        byte[] generatePublicKey2 = this.keyAgreement.generatePublicKey(generatePrivateKey2);
        if (generatePublicKey2 == null || generatePublicKey2.length == 0) {
            LOGGER.severe("[genDHKeyPairs] the return byte[] <spk> is null, please check!");
            return FLClientStatus.FAILED;
        }
        this.cKey.clear();
        this.sKey.clear();
        this.cKey.add(generatePublicKey);
        this.cKey.add(generatePrivateKey);
        this.sKey.add(generatePublicKey2);
        this.sKey.add(generatePrivateKey2);
        return FLClientStatus.SUCCESS;
    }

    private FLClientStatus genIndividualSecret() {
        byte[] bArr = new byte[32];
        if (this.masking.getRandomBytes(bArr) == -1) {
            LOGGER.severe("[genIndividualSecret] the return value is -1, please check!");
            return FLClientStatus.FAILED;
        }
        this.bu = bArr;
        return FLClientStatus.SUCCESS;
    }

    private List<ShareSecret> genSecretShares(byte[] bArr) {
        if (bArr == null || bArr.length == 0) {
            LOGGER.severe("[genSecretShares] the input argument <secret> is null");
            return new ArrayList();
        }
        int size = this.u1ClientList.size();
        if (size <= 1) {
            LOGGER.severe("[genSecretShares] the size of u1ClientList is not valid: <= 1, it should be > 1");
            return new ArrayList();
        }
        ShareSecrets.SecretShares[] split = new ShareSecrets(this.minShareNum, size - 1).split(bArr, this.prime);
        if (split == null || split.length == 0) {
            LOGGER.severe("[genSecretShares] the return ShareSecrets.SecretShare[] is null, please check!");
            return new ArrayList();
        }
        int i = 0;
        ArrayList arrayList = new ArrayList();
        for (String str : this.u1ClientList) {
            if (!this.localFLParameter.getFlID().equals(str)) {
                if (i >= split.length) {
                    LOGGER.severe("[genSecretShares] the shareIndex is out of range in array <shares>, please check!");
                    return new ArrayList();
                }
                int number = split[i].getNumber();
                byte[] bigInteger2byteArray = BaseUtil.bigInteger2byteArray(split[i].getShares());
                NewArray<byte[]> newArray = new NewArray<>();
                newArray.setSize(bigInteger2byteArray.length);
                newArray.setArray(bigInteger2byteArray);
                ShareSecret shareSecret = new ShareSecret();
                shareSecret.setFlID(str);
                shareSecret.setShare(newArray);
                shareSecret.setIndex(number);
                arrayList.add(shareSecret);
                i++;
            }
        }
        return arrayList;
    }

    private FLClientStatus genEncryptExchangedKeys() {
        this.cUVKeys.clear();
        Iterator<String> it = this.clientPublicKeyList.keySet().iterator();
        while (it.hasNext()) {
            ClientPublicKey clientPublicKey = this.clientPublicKeyList.get(it.next());
            String flID = clientPublicKey.getFlID();
            if (!this.localFLParameter.getFlID().equals(flID)) {
                if (this.cKey.size() < 2) {
                    LOGGER.severe("[genEncryptExchangedKeys] the size of cKey is not valid: < 2, it should be >= 2, please check!");
                    return FLClientStatus.FAILED;
                }
                byte[] keyAgreement = this.keyAgreement.keyAgreement(this.cKey.get(1), clientPublicKey.getCPK().getArray());
                if (keyAgreement == null || keyAgreement.length == 0) {
                    LOGGER.severe("[genEncryptExchangedKeys] the returned secret1 is null, please check!");
                    return FLClientStatus.FAILED;
                }
                byte[] encryptedPassword = this.keyAgreement.getEncryptedPassword(keyAgreement, new byte[0]);
                if (encryptedPassword == null || encryptedPassword.length == 0) {
                    LOGGER.severe("[genEncryptExchangedKeys] the returned secret is null, please check!");
                    return FLClientStatus.FAILED;
                }
                this.cUVKeys.put(flID, encryptedPassword);
            }
        }
        return FLClientStatus.SUCCESS;
    }

    private FLClientStatus encryptShares() {
        LOGGER.info("[PairWiseMask] ************** generate encrypt share secrets for RequestShareSecrets **************");
        if (this.sKey.size() < 2) {
            LOGGER.severe("[encryptShares] the size of sKey is not valid: < 2, it should be >= 2, please check!");
            return FLClientStatus.FAILED;
        }
        List<ShareSecret> genSecretShares = genSecretShares(this.sKey.get(1));
        if (genSecretShares.isEmpty()) {
            LOGGER.severe("[encryptShares] the returned List<ShareSecret> sSkUv is empty, please check!");
            return FLClientStatus.FAILED;
        }
        List<ShareSecret> genSecretShares2 = genSecretShares(this.bu);
        if (genSecretShares.isEmpty()) {
            LOGGER.severe("[encryptShares] the returned List<ShareSecret> bUV is empty, please check!");
            return FLClientStatus.FAILED;
        }
        if (genSecretShares.size() != genSecretShares2.size()) {
            LOGGER.severe("[encryptShares] the sSkUv.size() should be equal to bUV.size(), please check!");
            return FLClientStatus.FAILED;
        }
        ArrayList arrayList = new ArrayList();
        for (int i = 0; i < genSecretShares2.size(); i++) {
            byte[] array = genSecretShares.get(i).getShare().getArray();
            byte[] array2 = genSecretShares2.get(i).getShare().getArray();
            byte[] integer2byteArray = BaseUtil.integer2byteArray(Integer.valueOf(genSecretShares.get(i).getIndex()));
            byte[] integer2byteArray2 = BaseUtil.integer2byteArray(Integer.valueOf(genSecretShares2.get(i).getIndex()));
            byte[] bArr = new byte[array.length + array2.length + integer2byteArray.length + integer2byteArray2.length + 4];
            bArr[0] = (byte) array.length;
            bArr[1] = (byte) array2.length;
            bArr[2] = (byte) integer2byteArray.length;
            bArr[3] = (byte) integer2byteArray2.length;
            System.arraycopy(integer2byteArray, 0, bArr, 4, integer2byteArray.length);
            System.arraycopy(integer2byteArray2, 0, bArr, 4 + integer2byteArray.length, integer2byteArray2.length);
            System.arraycopy(array, 0, bArr, 4 + integer2byteArray.length + integer2byteArray2.length, array.length);
            System.arraycopy(array2, 0, bArr, 4 + integer2byteArray.length + integer2byteArray2.length + array.length, array2.length);
            String flID = genSecretShares2.get(i).getFlID();
            if (!this.cUVKeys.containsKey(flID)) {
                LOGGER.severe("[encryptShares] the key " + flID + " is not in map cUVKeys, please check!");
                return FLClientStatus.FAILED;
            }
            byte[] encrypt = new AESEncrypt(this.cUVKeys.get(flID), "CBC").encrypt(this.cUVKeys.get(flID), bArr);
            if (encrypt == null || encrypt.length == 0) {
                LOGGER.severe("[encryptShares] the return byte[] is null, please check!");
                return FLClientStatus.FAILED;
            }
            NewArray<byte[]> newArray = new NewArray<>();
            newArray.setSize(encrypt.length);
            newArray.setArray(encrypt);
            EncryptShare encryptShare = new EncryptShare();
            encryptShare.setFlID(flID);
            encryptShare.setShare(newArray);
            arrayList.add(encryptShare);
        }
        setClientShareList(arrayList);
        return FLClientStatus.SUCCESS;
    }

    public float[] doubleMaskingWeight() {
        byte[] bArr;
        byte[] bArr2;
        ArrayList arrayList = new ArrayList();
        if (this.masking.getMasking(arrayList, this.featureSize, this.bu, this.individualIv) == -1) {
            LOGGER.severe("[doubleMaskingWeight] the return value is -1, please check!");
            return new float[0];
        }
        float[] fArr = new float[this.featureSize];
        for (String str : this.u2UClientList) {
            if (!this.clientPublicKeyList.containsKey(str)) {
                LOGGER.severe("[doubleMaskingWeight] the key " + str + " is not in map clientPublicKeyList, please check!");
                return new float[0];
            }
            ClientPublicKey clientPublicKey = this.clientPublicKeyList.get(str);
            if (!this.localFLParameter.getFlID().equals(str)) {
                if (str.compareTo(this.localFLParameter.getFlID()) < 0) {
                    bArr = clientPublicKey.getPwSalt().getArray();
                    bArr2 = clientPublicKey.getPwIv().getArray();
                } else {
                    bArr = this.pwSalt;
                    bArr2 = this.pwIVec;
                }
                if (this.sKey.size() < 2) {
                    LOGGER.severe("[doubleMaskingWeight] the size of sKey is not valid: < 2, it should be >= 2, please check!");
                    return new float[0];
                }
                byte[] keyAgreement = this.keyAgreement.keyAgreement(this.sKey.get(1), clientPublicKey.getSPK().getArray());
                if (keyAgreement == null || keyAgreement.length == 0) {
                    LOGGER.severe("[doubleMaskingWeight] the returned secret1 is null, please check!");
                    return new float[0];
                }
                byte[] encryptedPassword = this.keyAgreement.getEncryptedPassword(keyAgreement, bArr);
                if (encryptedPassword == null || encryptedPassword.length == 0) {
                    LOGGER.severe("[doubleMaskingWeight] the returned secret is null, please check!");
                    return new float[0];
                }
                this.sUVKeys.put(str, encryptedPassword);
                ArrayList arrayList2 = new ArrayList();
                if (this.masking.getMasking(arrayList2, this.featureSize, encryptedPassword, bArr2) == -1) {
                    LOGGER.severe("[doubleMaskingWeight] the return value is -1, please check!");
                    return new float[0];
                }
                int i = this.localFLParameter.getFlID().compareTo(str) > 0 ? 1 : -1;
                for (int i2 = 0; i2 < arrayList2.size(); i2++) {
                    fArr[i2] = fArr[i2] + (i * ((Float) arrayList2.get(i2)).floatValue());
                }
            }
        }
        for (int i3 = 0; i3 < arrayList.size(); i3++) {
            fArr[i3] = fArr[i3] + ((Float) arrayList.get(i3)).floatValue();
        }
        return fArr;
    }

    private NewArray<byte[]> byteToArray(ByteBuffer byteBuffer, int i) {
        NewArray<byte[]> newArray = new NewArray<>();
        newArray.setSize(i);
        byte[] bArr = new byte[i];
        for (int i2 = 0; i2 < i; i2++) {
            bArr[i2] = byteBuffer.get();
        }
        newArray.setArray(bArr);
        return newArray;
    }

    private FLClientStatus requestExchangeKeys() {
        LOGGER.info("[PairWiseMask] ==============request flID: " + this.localFLParameter.getFlID() + "==============");
        if (genDHKeyPairs() == FLClientStatus.FAILED) {
            LOGGER.severe("[requestExchangeKeys] the return status is FAILED, please check!");
            return FLClientStatus.FAILED;
        }
        if (this.cKey.size() <= 0 || this.sKey.size() <= 0) {
            LOGGER.severe("[requestExchangeKeys] the size of cKey or sKey is not valid: <=0.");
            return FLClientStatus.FAILED;
        }
        if (this.cKey.size() < 2) {
            LOGGER.severe("[requestExchangeKeys] the size of cKey is not valid: < 2, it should be >= 2, please check!");
            return FLClientStatus.FAILED;
        }
        if (this.sKey.size() < 2) {
            LOGGER.severe("[requestExchangeKeys] the size of sKey is not valid: < 2, it should be >= 2, please check!");
            return FLClientStatus.FAILED;
        }
        byte[] bArr = new byte[16];
        byte[] bArr2 = new byte[16];
        byte[] bArr3 = new byte[32];
        SecureRandom secureRandom = Common.getSecureRandom();
        secureRandom.nextBytes(bArr);
        secureRandom.nextBytes(bArr2);
        secureRandom.nextBytes(bArr3);
        this.individualIv = bArr;
        this.pwIVec = bArr2;
        this.pwSalt = bArr3;
        FlatBufferBuilder flatBufferBuilder = new FlatBufferBuilder();
        int createIndIvVector = RequestExchangeKeys.createIndIvVector(flatBufferBuilder, bArr);
        int createPwIvVector = RequestExchangeKeys.createPwIvVector(flatBufferBuilder, bArr2);
        int createPwSaltVector = RequestExchangeKeys.createPwSaltVector(flatBufferBuilder, bArr3);
        byte[] bArr4 = this.cKey.get(0);
        byte[] bArr5 = this.sKey.get(0);
        int createCPkVector = RequestExchangeKeys.createCPkVector(flatBufferBuilder, bArr4);
        int createSPkVector = RequestExchangeKeys.createSPkVector(flatBufferBuilder, bArr5);
        int createString = flatBufferBuilder.createString(this.localFLParameter.getFlID());
        String valueOf = String.valueOf(new Date().getTime());
        int createString2 = flatBufferBuilder.createString(valueOf);
        String clientID = this.flParameter.getClientID();
        int i = 0;
        int i2 = 0;
        if (this.flParameter.isPkiVerify()) {
            Common.sleep(5000);
            String[] transformX509ArrayToPemArray = transformX509ArrayToPemArray(CertVerify.getX509CertificateChain(clientID));
            int[] iArr = new int[2];
            for (int i3 = 0; i3 < 2; i3++) {
                iArr[i3] = flatBufferBuilder.createString(transformX509ArrayToPemArray[i3]);
            }
            i = RequestExchangeKeys.createCertificateChainVector(flatBufferBuilder, iArr);
            i2 = RequestExchangeKeys.createSignatureVector(flatBufferBuilder, signPkAndTime(clientID, bArr4, bArr5, valueOf, this.iteration));
        }
        RequestExchangeKeys.startRequestExchangeKeys(flatBufferBuilder);
        RequestExchangeKeys.addFlId(flatBufferBuilder, createString);
        RequestExchangeKeys.addCPk(flatBufferBuilder, createCPkVector);
        RequestExchangeKeys.addSPk(flatBufferBuilder, createSPkVector);
        RequestExchangeKeys.addIteration(flatBufferBuilder, this.iteration);
        RequestExchangeKeys.addTimestamp(flatBufferBuilder, createString2);
        RequestExchangeKeys.addIndIv(flatBufferBuilder, createIndIvVector);
        RequestExchangeKeys.addPwIv(flatBufferBuilder, createPwIvVector);
        RequestExchangeKeys.addPwSalt(flatBufferBuilder, createPwSaltVector);
        if (this.flParameter.isPkiVerify()) {
            RequestExchangeKeys.addSignature(flatBufferBuilder, i2);
            RequestExchangeKeys.addCertificateChain(flatBufferBuilder, i);
        }
        flatBufferBuilder.finish(RequestExchangeKeys.endRequestExchangeKeys(flatBufferBuilder));
        try {
            byte[] syncRequest = this.flCommunication.syncRequest(Common.generateUrl(this.flParameter.isUseElb(), this.flParameter.getServerNum(), this.flParameter.getDomainName()) + "/exchangeKeys", flatBufferBuilder.sizedByteArray());
            return !Common.isSeverReady(syncRequest) ? serverNotReady("requestExchangeKeys") : Common.isSeverJobFinished(syncRequest) ? serverJobFinished("requestExchangeKeys") : judgeRequestExchangeKeys(ResponseExchangeKeys.getRootAsResponseExchangeKeys(ByteBuffer.wrap(syncRequest)));
        } catch (IOException e) {
            LOGGER.severe("[requestExchangeKeys] catch IOException: " + e.getMessage());
            return FLClientStatus.FAILED;
        }
    }

    private FLClientStatus judgeRequestExchangeKeys(ResponseExchangeKeys responseExchangeKeys) {
        this.retCode = responseExchangeKeys.retcode();
        LOGGER.info("[PairWiseMask] **************the response of RequestExchangeKeys**************");
        LOGGER.info("[PairWiseMask] return code: " + this.retCode);
        LOGGER.info("[PairWiseMask] reason: " + responseExchangeKeys.reason());
        LOGGER.info("[PairWiseMask] current iteration in server: " + responseExchangeKeys.iteration());
        LOGGER.info("[PairWiseMask] next request time: " + responseExchangeKeys.nextReqTime());
        switch (this.retCode) {
            case 200:
                LOGGER.info("[PairWiseMask] RequestExchangeKeys success");
                return FLClientStatus.SUCCESS;
            case ResponseCode.OutOfTime /* 300 */:
                LOGGER.info("[PairWiseMask] RequestExchangeKeys out of time: need wait and request startFLJob again");
                setNextRequestTime(responseExchangeKeys.nextReqTime());
                return FLClientStatus.RESTART;
            case ResponseCode.RequestError /* 400 */:
            case ResponseCode.SystemError /* 500 */:
                LOGGER.info("[PairWiseMask] catch RequestError or SystemError in RequestExchangeKeys");
                return FLClientStatus.FAILED;
            default:
                LOGGER.severe("[PairWiseMask] the return <retCode> from server in ResponseExchangeKeys is invalid: " + this.retCode);
                return FLClientStatus.FAILED;
        }
    }

    private FLClientStatus getExchangeKeys() {
        int endGetExchangeKeys;
        FlatBufferBuilder flatBufferBuilder = new FlatBufferBuilder();
        int createString = flatBufferBuilder.createString(this.localFLParameter.getFlID());
        String valueOf = String.valueOf(new Date().getTime());
        int createString2 = flatBufferBuilder.createString(valueOf);
        byte[] signTimeAndIter = signTimeAndIter(valueOf, this.iteration);
        if (signTimeAndIter == null) {
            LOGGER.severe("[getExchangeKeys] get signature is null!");
            return FLClientStatus.FAILED;
        }
        if (signTimeAndIter.length > 0) {
            int createSignatureVector = GetExchangeKeys.createSignatureVector(flatBufferBuilder, signTimeAndIter);
            GetExchangeKeys.startGetExchangeKeys(flatBufferBuilder);
            GetExchangeKeys.addFlId(flatBufferBuilder, createString);
            GetExchangeKeys.addIteration(flatBufferBuilder, this.iteration);
            GetExchangeKeys.addTimestamp(flatBufferBuilder, createString2);
            GetExchangeKeys.addSignature(flatBufferBuilder, createSignatureVector);
            endGetExchangeKeys = GetExchangeKeys.endGetExchangeKeys(flatBufferBuilder);
        } else {
            GetExchangeKeys.startGetExchangeKeys(flatBufferBuilder);
            GetExchangeKeys.addFlId(flatBufferBuilder, createString);
            GetExchangeKeys.addIteration(flatBufferBuilder, this.iteration);
            GetExchangeKeys.addTimestamp(flatBufferBuilder, createString2);
            endGetExchangeKeys = GetExchangeKeys.endGetExchangeKeys(flatBufferBuilder);
        }
        flatBufferBuilder.finish(endGetExchangeKeys);
        try {
            byte[] syncRequest = this.flCommunication.syncRequest(Common.generateUrl(this.flParameter.isUseElb(), this.flParameter.getServerNum(), this.flParameter.getDomainName()) + "/getKeys", flatBufferBuilder.sizedByteArray());
            return !Common.isSeverReady(syncRequest) ? serverNotReady("getExchangeKeys") : Common.isSeverJobFinished(syncRequest) ? serverJobFinished("getExchangeKeys") : judgeGetExchangeKeys(ReturnExchangeKeys.getRootAsReturnExchangeKeys(ByteBuffer.wrap(syncRequest)));
        } catch (IOException e) {
            LOGGER.severe("[getExchangeKeys] catch IOException: " + e.getMessage());
            return FLClientStatus.FAILED;
        }
    }

    private FLClientStatus judgeGetExchangeKeys(ReturnExchangeKeys returnExchangeKeys) {
        this.retCode = returnExchangeKeys.retcode();
        LOGGER.info("[PairWiseMask] **************the response of GetExchangeKeys**************");
        LOGGER.info("[PairWiseMask] return code: " + this.retCode);
        LOGGER.info("[PairWiseMask] current iteration in server: " + returnExchangeKeys.iteration());
        LOGGER.info("[PairWiseMask] next request time: " + returnExchangeKeys.nextReqTime());
        switch (this.retCode) {
            case 200:
                LOGGER.info("[PairWiseMask] GetExchangeKeys success");
                this.clientPublicKeyList.clear();
                this.u1ClientList.clear();
                int remotePublickeysLength = returnExchangeKeys.remotePublickeysLength();
                for (int i = 0; i < remotePublickeysLength; i++) {
                    ByteBuffer cPkAsByteBuffer = returnExchangeKeys.remotePublickeys(i).cPkAsByteBuffer();
                    ByteBuffer sPkAsByteBuffer = returnExchangeKeys.remotePublickeys(i).sPkAsByteBuffer();
                    int cPkLength = returnExchangeKeys.remotePublickeys(i).cPkLength();
                    int sPkLength = returnExchangeKeys.remotePublickeys(i).sPkLength();
                    byte[] byteBufferToList = byteBufferToList(cPkAsByteBuffer, cPkLength);
                    byte[] byteBufferToList2 = byteBufferToList(sPkAsByteBuffer, sPkLength);
                    byte[] bArr = (byte[]) byteBufferToList.clone();
                    byte[] bArr2 = (byte[]) byteBufferToList2.clone();
                    if (this.flParameter.isPkiVerify() && checkSignature(returnExchangeKeys, i, bArr, bArr2) == FLClientStatus.FAILED) {
                        return FLClientStatus.FAILED;
                    }
                    ClientPublicKey clientPublicKey = new ClientPublicKey();
                    String flId = returnExchangeKeys.remotePublickeys(i).flId();
                    clientPublicKey.setFlID(flId);
                    ByteBuffer pwIvAsByteBuffer = returnExchangeKeys.remotePublickeys(i).pwIvAsByteBuffer();
                    int pwIvLength = returnExchangeKeys.remotePublickeys(i).pwIvLength();
                    ByteBuffer pwSaltAsByteBuffer = returnExchangeKeys.remotePublickeys(i).pwSaltAsByteBuffer();
                    int pwSaltLength = returnExchangeKeys.remotePublickeys(i).pwSaltLength();
                    clientPublicKey.setPwIv(byteToArray(pwIvAsByteBuffer, pwIvLength));
                    clientPublicKey.setPwSalt(byteToArray(pwSaltAsByteBuffer, pwSaltLength));
                    NewArray<byte[]> newArray = new NewArray<>();
                    newArray.setSize(cPkLength);
                    newArray.setArray(byteBufferToList);
                    NewArray<byte[]> newArray2 = new NewArray<>();
                    newArray2.setSize(sPkLength);
                    newArray2.setArray(byteBufferToList2);
                    clientPublicKey.setCPK(newArray);
                    clientPublicKey.setSPK(newArray2);
                    this.clientPublicKeyList.put(flId, clientPublicKey);
                    this.u1ClientList.add(flId);
                }
                return FLClientStatus.SUCCESS;
            case ResponseCode.SucNotReady /* 201 */:
                LOGGER.info("[PairWiseMask] server is not ready now, need wait and request GetExchangeKeys again!");
                return FLClientStatus.WAIT;
            case ResponseCode.OutOfTime /* 300 */:
                LOGGER.info("[PairWiseMask] GetExchangeKeys out of time: need wait and request startFLJob again");
                setNextRequestTime(returnExchangeKeys.nextReqTime());
                return FLClientStatus.RESTART;
            case ResponseCode.RequestError /* 400 */:
            case ResponseCode.SystemError /* 500 */:
                LOGGER.info("[PairWiseMask] catch SucNotMatch or SystemError in GetExchangeKeys");
                return FLClientStatus.FAILED;
            default:
                LOGGER.severe("[PairWiseMask] the return <retCode> from server in ReturnExchangeKeys is invalid: " + this.retCode);
                return FLClientStatus.FAILED;
        }
    }

    private FLClientStatus checkSignature(ReturnExchangeKeys returnExchangeKeys, int i, byte[] bArr, byte[] bArr2) {
        ByteBuffer signatureAsByteBuffer = returnExchangeKeys.remotePublickeys(i).signatureAsByteBuffer();
        if (signatureAsByteBuffer == null) {
            LOGGER.severe("[checkSignature] the signature get from server is null, please confirm that pki_verify mode is open at server.");
            return FLClientStatus.FAILED;
        }
        byte[] bArr3 = new byte[signatureAsByteBuffer.remaining()];
        signatureAsByteBuffer.get(bArr3);
        int certificateChainLength = returnExchangeKeys.remotePublickeys(i).certificateChainLength();
        String[] strArr = new String[certificateChainLength];
        for (int i2 = 0; i2 < certificateChainLength; i2++) {
            strArr[i2] = returnExchangeKeys.remotePublickeys(i).certificateChain(i2);
        }
        X509Certificate[] transformPemArrayToX509Array = CertVerify.transformPemArrayToX509Array(strArr);
        if (transformPemArrayToX509Array.length < 2) {
            LOGGER.severe("the length of x509Certificates is not valid, should be >= 2");
            return FLClientStatus.FAILED;
        }
        String genHashFromCer = PkiUtil.genHashFromCer(transformPemArrayToX509Array[1]);
        LOGGER.info("Get certificate hash success!");
        String flId = returnExchangeKeys.remotePublickeys(i).flId();
        if (!genHashFromCer.equals(flId)) {
            LOGGER.severe("Check flID failed!source flID: " + flId + "Hash ID from certificate: " + genHashFromCer.equals(flId));
            return FLClientStatus.FAILED;
        }
        LOGGER.info("Check flID success and source flID is:" + flId);
        this.certificateList.put(flId, transformPemArrayToX509Array);
        String timestamp = returnExchangeKeys.remotePublickeys(i).timestamp();
        if (verifySignature(this.flParameter.getClientID(), transformPemArrayToX509Array, bArr3, bArr, bArr2, timestamp, this.iteration)) {
            LOGGER.info("[PairWiseMask] Verify signature success!");
            return checkIterAndTimestamp(returnExchangeKeys.iteration(), timestamp) == FLClientStatus.FAILED ? FLClientStatus.FAILED : FLClientStatus.SUCCESS;
        }
        LOGGER.info("[PairWiseMask] FlID: " + flId + ", signature authentication failed");
        return FLClientStatus.FAILED;
    }

    private FLClientStatus checkIterAndTimestamp(int i, String str) {
        if (i != this.iteration) {
            LOGGER.severe("[PairWiseMask] iteration check failed. Remote iteration of client: is " + i + ", which is not consistent with current iteration:" + this.iteration);
            return FLClientStatus.FAILED;
        }
        long time = new Date().getTime();
        if (str == null) {
            LOGGER.severe("[PairWiseMask] Received timeStamp is null,please check it!");
            return FLClientStatus.FAILED;
        }
        if (Math.abs(time - Long.parseLong(str)) <= this.flParameter.getValidInterval()) {
            return FLClientStatus.SUCCESS;
        }
        LOGGER.severe("[PairWiseMask] timeStamp check failed! The difference between remote timestamp and current timestamp is beyond valid iteration interval!");
        return FLClientStatus.FAILED;
    }

    private byte[] byteBufferToList(ByteBuffer byteBuffer, int i) {
        byte[] bArr = new byte[i];
        for (int i2 = 0; i2 < i; i2++) {
            bArr[i2] = byteBuffer.get();
        }
        return bArr;
    }

    private FLClientStatus requestShareSecrets() {
        int endRequestShareSecrets;
        if (genIndividualSecret() == FLClientStatus.FAILED) {
            LOGGER.severe("[requestShareSecrets] the returned status is FAILED from genIndividualSecret(), please check!");
            return FLClientStatus.FAILED;
        }
        if (genEncryptExchangedKeys() == FLClientStatus.FAILED) {
            LOGGER.severe("[requestShareSecrets] the returned status is FAILED from genEncryptExchangedKeys(), please check!");
            return FLClientStatus.FAILED;
        }
        if (encryptShares() == FLClientStatus.FAILED) {
            LOGGER.severe("[requestShareSecrets] the returned status is FAILED from encryptShares(), please check!");
            return FLClientStatus.FAILED;
        }
        FlatBufferBuilder flatBufferBuilder = new FlatBufferBuilder();
        int createString = flatBufferBuilder.createString(this.localFLParameter.getFlID());
        String valueOf = String.valueOf(new Date().getTime());
        int createString2 = flatBufferBuilder.createString(valueOf);
        int size = this.clientShareList.size();
        if (size <= 0) {
            LOGGER.warning("[PairWiseMask] encrypt shares is not ready now!");
            Common.sleep(10000L);
            return requestShareSecrets();
        }
        int[] iArr = new int[size];
        for (int i = 0; i < size; i++) {
            int createString3 = flatBufferBuilder.createString(this.clientShareList.get(i).getFlID());
            int createShareVector = ClientShare.createShareVector(flatBufferBuilder, this.clientShareList.get(i).getShare().getArray());
            ClientShare.startClientShare(flatBufferBuilder);
            ClientShare.addFlId(flatBufferBuilder, createString3);
            ClientShare.addShare(flatBufferBuilder, createShareVector);
            iArr[i] = ClientShare.endClientShare(flatBufferBuilder);
        }
        int createEncryptedSharesVector = RequestShareSecrets.createEncryptedSharesVector(flatBufferBuilder, iArr);
        byte[] signTimeAndIter = signTimeAndIter(valueOf, this.iteration);
        if (signTimeAndIter == null) {
            LOGGER.severe("[PairWiseMask] get signature is null!");
            return FLClientStatus.FAILED;
        }
        if (signTimeAndIter.length > 0) {
            int createSignatureVector = RequestShareSecrets.createSignatureVector(flatBufferBuilder, signTimeAndIter);
            RequestShareSecrets.startRequestShareSecrets(flatBufferBuilder);
            RequestShareSecrets.addFlId(flatBufferBuilder, createString);
            RequestShareSecrets.addEncryptedShares(flatBufferBuilder, createEncryptedSharesVector);
            RequestShareSecrets.addIteration(flatBufferBuilder, this.iteration);
            RequestShareSecrets.addTimestamp(flatBufferBuilder, createString2);
            RequestShareSecrets.addSignature(flatBufferBuilder, createSignatureVector);
            endRequestShareSecrets = RequestShareSecrets.endRequestShareSecrets(flatBufferBuilder);
        } else {
            RequestShareSecrets.startRequestShareSecrets(flatBufferBuilder);
            RequestShareSecrets.addFlId(flatBufferBuilder, createString);
            RequestShareSecrets.addEncryptedShares(flatBufferBuilder, createEncryptedSharesVector);
            RequestShareSecrets.addIteration(flatBufferBuilder, this.iteration);
            RequestShareSecrets.addTimestamp(flatBufferBuilder, createString2);
            endRequestShareSecrets = RequestShareSecrets.endRequestShareSecrets(flatBufferBuilder);
        }
        flatBufferBuilder.finish(endRequestShareSecrets);
        try {
            byte[] syncRequest = this.flCommunication.syncRequest(Common.generateUrl(this.flParameter.isUseElb(), this.flParameter.getServerNum(), this.flParameter.getDomainName()) + "/shareSecrets", flatBufferBuilder.sizedByteArray());
            return !Common.isSeverReady(syncRequest) ? serverNotReady("requestShareSecrets") : Common.isSeverJobFinished(syncRequest) ? serverJobFinished("requestShareSecrets") : judgeRequestShareSecrets(ResponseShareSecrets.getRootAsResponseShareSecrets(ByteBuffer.wrap(syncRequest)));
        } catch (IOException e) {
            LOGGER.severe("[requestShareSecrets] catch IOException: " + e.getMessage());
            return FLClientStatus.FAILED;
        }
    }

    private FLClientStatus judgeRequestShareSecrets(ResponseShareSecrets responseShareSecrets) {
        this.retCode = responseShareSecrets.retcode();
        LOGGER.info("[PairWiseMask] **************the response of RequestShareSecrets**************");
        LOGGER.info("[PairWiseMask] return code: " + this.retCode);
        LOGGER.info("[PairWiseMask] reason: " + responseShareSecrets.reason());
        LOGGER.info("[PairWiseMask] current iteration in server: " + responseShareSecrets.iteration());
        LOGGER.info("[PairWiseMask] next request time: " + responseShareSecrets.nextReqTime());
        switch (this.retCode) {
            case 200:
                LOGGER.info("[PairWiseMask] RequestShareSecrets success");
                return FLClientStatus.SUCCESS;
            case ResponseCode.OutOfTime /* 300 */:
                LOGGER.info("[PairWiseMask] RequestShareSecrets out of time: need wait and request startFLJob again");
                setNextRequestTime(responseShareSecrets.nextReqTime());
                return FLClientStatus.RESTART;
            case ResponseCode.RequestError /* 400 */:
            case ResponseCode.SystemError /* 500 */:
                LOGGER.info("[PairWiseMask] catch SucNotMatch or SystemError in RequestShareSecrets");
                return FLClientStatus.FAILED;
            default:
                LOGGER.severe("[PairWiseMask] the return <retCode> from server in ResponseShareSecrets is invalid: " + this.retCode);
                return FLClientStatus.FAILED;
        }
    }

    private FLClientStatus getShareSecrets() {
        int endGetShareSecrets;
        FlatBufferBuilder flatBufferBuilder = new FlatBufferBuilder();
        int createString = flatBufferBuilder.createString(this.localFLParameter.getFlID());
        String valueOf = String.valueOf(new Date().getTime());
        int createString2 = flatBufferBuilder.createString(valueOf);
        byte[] signTimeAndIter = signTimeAndIter(valueOf, this.iteration);
        if (signTimeAndIter == null) {
            LOGGER.severe("[getShareSecrets] get signature is null!");
            return FLClientStatus.FAILED;
        }
        if (signTimeAndIter.length > 0) {
            int createSignatureVector = GetShareSecrets.createSignatureVector(flatBufferBuilder, signTimeAndIter);
            GetShareSecrets.startGetShareSecrets(flatBufferBuilder);
            GetShareSecrets.addFlId(flatBufferBuilder, createString);
            GetShareSecrets.addIteration(flatBufferBuilder, this.iteration);
            GetShareSecrets.addTimestamp(flatBufferBuilder, createString2);
            GetShareSecrets.addSignature(flatBufferBuilder, createSignatureVector);
            endGetShareSecrets = GetShareSecrets.endGetShareSecrets(flatBufferBuilder);
        } else {
            GetShareSecrets.startGetShareSecrets(flatBufferBuilder);
            GetShareSecrets.addFlId(flatBufferBuilder, createString);
            GetShareSecrets.addIteration(flatBufferBuilder, this.iteration);
            GetShareSecrets.addTimestamp(flatBufferBuilder, createString2);
            endGetShareSecrets = GetShareSecrets.endGetShareSecrets(flatBufferBuilder);
        }
        flatBufferBuilder.finish(endGetShareSecrets);
        try {
            byte[] syncRequest = this.flCommunication.syncRequest(Common.generateUrl(this.flParameter.isUseElb(), this.flParameter.getServerNum(), this.flParameter.getDomainName()) + "/getSecrets", flatBufferBuilder.sizedByteArray());
            return !Common.isSeverReady(syncRequest) ? serverNotReady("getShareSecrets") : Common.isSeverJobFinished(syncRequest) ? serverJobFinished("getShareSecrets") : judgeGetShareSecrets(ReturnShareSecrets.getRootAsReturnShareSecrets(ByteBuffer.wrap(syncRequest)));
        } catch (IOException e) {
            LOGGER.severe("[getShareSecrets] catch IOException: " + e.getMessage());
            return FLClientStatus.FAILED;
        }
    }

    private FLClientStatus judgeGetShareSecrets(ReturnShareSecrets returnShareSecrets) {
        this.retCode = returnShareSecrets.retcode();
        LOGGER.info("[PairWiseMask] **************the response of GetShareSecrets**************");
        LOGGER.info("[PairWiseMask] return code: " + this.retCode);
        LOGGER.info("[PairWiseMask] current iteration in server: " + returnShareSecrets.iteration());
        LOGGER.info("[PairWiseMask] next request time: " + returnShareSecrets.nextReqTime());
        LOGGER.info("[PairWiseMask] the size of encrypted shares: " + returnShareSecrets.encryptedSharesLength());
        switch (this.retCode) {
            case 200:
                LOGGER.info("[PairWiseMask] GetShareSecrets success");
                this.returnShareList.clear();
                this.u2UClientList.clear();
                int encryptedSharesLength = returnShareSecrets.encryptedSharesLength();
                for (int i = 0; i < encryptedSharesLength; i++) {
                    EncryptShare encryptShare = new EncryptShare();
                    ClientShare encryptedShares = returnShareSecrets.encryptedShares(i);
                    if (encryptedShares == null) {
                        LOGGER.severe("[PairWiseMask] the clientShare returned from server is null");
                        return FLClientStatus.FAILED;
                    }
                    encryptShare.setFlID(encryptedShares.flId());
                    encryptShare.setShare(byteToArray(encryptedShares.shareAsByteBuffer(), encryptedShares.shareLength()));
                    this.returnShareList.add(encryptShare);
                    this.u2UClientList.add(encryptedShares.flId());
                }
                return FLClientStatus.SUCCESS;
            case ResponseCode.SucNotReady /* 201 */:
                LOGGER.info("[PairWiseMask] server is not ready now, need wait and request GetShareSecrets again!");
                return FLClientStatus.WAIT;
            case ResponseCode.OutOfTime /* 300 */:
                LOGGER.info("[PairWiseMask] GetShareSecrets out of time: need wait and request startFLJob again");
                setNextRequestTime(returnShareSecrets.nextReqTime());
                return FLClientStatus.RESTART;
            case ResponseCode.RequestError /* 400 */:
            case ResponseCode.SystemError /* 500 */:
                LOGGER.info("[PairWiseMask] catch SucNotMatch or SystemError in GetShareSecrets");
                return FLClientStatus.FAILED;
            default:
                LOGGER.severe("[PairWiseMask] the return <retCode> from server in ReturnShareSecrets is invalid: " + this.retCode);
                return FLClientStatus.FAILED;
        }
    }

    public FLClientStatus exchangeKeys() {
        LOGGER.info("[PairWiseMask] ==================== round0: RequestExchangeKeys+GetExchangeKeys ======================");
        FLClientStatus requestExchangeKeys = requestExchangeKeys();
        this.waitTryTime = 0;
        while (true) {
            if (requestExchangeKeys != FLClientStatus.WAIT) {
                break;
            }
            this.waitTryTime++;
            if (waitTryTimeExceedsLimit().booleanValue()) {
                requestExchangeKeys = FLClientStatus.FAILED;
                break;
            }
            Common.sleep(10000L);
            requestExchangeKeys = requestExchangeKeys();
        }
        if (requestExchangeKeys != FLClientStatus.SUCCESS) {
            return requestExchangeKeys;
        }
        FLClientStatus exchangeKeys = getExchangeKeys();
        this.waitTryTime = 0;
        while (true) {
            if (exchangeKeys != FLClientStatus.WAIT) {
                break;
            }
            this.waitTryTime++;
            if (waitTryTimeExceedsLimit().booleanValue()) {
                exchangeKeys = FLClientStatus.FAILED;
                break;
            }
            Common.sleep(10000L);
            exchangeKeys = getExchangeKeys();
        }
        return exchangeKeys;
    }

    public FLClientStatus shareSecrets() {
        LOGGER.info("[PairWiseMask] ==================== round1: RequestShareSecrets+GetShareSecrets ======================");
        FLClientStatus requestShareSecrets = requestShareSecrets();
        this.waitTryTime = 0;
        while (true) {
            if (requestShareSecrets != FLClientStatus.WAIT) {
                break;
            }
            this.waitTryTime++;
            if (waitTryTimeExceedsLimit().booleanValue()) {
                requestShareSecrets = FLClientStatus.FAILED;
                break;
            }
            Common.sleep(10000L);
            requestShareSecrets = requestShareSecrets();
        }
        if (requestShareSecrets != FLClientStatus.SUCCESS) {
            return requestShareSecrets;
        }
        FLClientStatus shareSecrets = getShareSecrets();
        this.waitTryTime = 0;
        while (true) {
            if (shareSecrets != FLClientStatus.WAIT) {
                break;
            }
            this.waitTryTime++;
            if (waitTryTimeExceedsLimit().booleanValue()) {
                shareSecrets = FLClientStatus.FAILED;
                break;
            }
            Common.sleep(10000L);
            shareSecrets = getShareSecrets();
        }
        return shareSecrets;
    }

    public FLClientStatus reconstructSecrets() {
        LOGGER.info("[PairWiseMask] =================== round3: GetClientList+SendReconstructSecret ========================");
        FLClientStatus clientList = this.clientListReq.getClientList(this.iteration, this.u3ClientList, this.decryptShareSecretsList, this.returnShareList, this.cUVKeys);
        this.waitTryTime = 0;
        while (true) {
            if (clientList != FLClientStatus.WAIT) {
                break;
            }
            this.waitTryTime++;
            if (waitTryTimeExceedsLimit().booleanValue()) {
                clientList = FLClientStatus.FAILED;
                break;
            }
            Common.sleep(10000L);
            clientList = this.clientListReq.getClientList(this.iteration, this.u3ClientList, this.decryptShareSecretsList, this.returnShareList, this.cUVKeys);
        }
        if (clientList == FLClientStatus.RESTART) {
            this.nextRequestTime = this.clientListReq.getNextRequestTime();
        }
        if (clientList != FLClientStatus.SUCCESS) {
            return clientList;
        }
        this.retCode = this.clientListReq.getRetCode();
        if (this.flParameter.isPkiVerify()) {
            LOGGER.info("[PairWiseMask] The mode is pkiVerify mode, start clientList check ...");
            FLClientStatus clientListCheck = clientListCheck();
            this.waitTryTime = 0;
            while (true) {
                if (clientListCheck != FLClientStatus.WAIT) {
                    break;
                }
                this.waitTryTime++;
                if (waitTryTimeExceedsLimit().booleanValue()) {
                    clientListCheck = FLClientStatus.FAILED;
                    break;
                }
                Common.sleep(10000L);
                clientListCheck = clientListCheck();
            }
            if (clientListCheck != FLClientStatus.SUCCESS) {
                return clientListCheck;
            }
        }
        FLClientStatus sendReconstructSecret = this.reconstructSecretReq.sendReconstructSecret(this.decryptShareSecretsList, this.u3ClientList, this.iteration);
        this.waitTryTime = 0;
        while (true) {
            if (sendReconstructSecret != FLClientStatus.WAIT) {
                break;
            }
            this.waitTryTime++;
            if (waitTryTimeExceedsLimit().booleanValue()) {
                sendReconstructSecret = FLClientStatus.FAILED;
                break;
            }
            Common.sleep(10000L);
            sendReconstructSecret = this.reconstructSecretReq.sendReconstructSecret(this.decryptShareSecretsList, this.u3ClientList, this.iteration);
        }
        if (sendReconstructSecret == FLClientStatus.RESTART) {
            this.nextRequestTime = this.reconstructSecretReq.getNextRequestTime();
        }
        this.retCode = this.reconstructSecretReq.getRetCode();
        return sendReconstructSecret;
    }

    private byte[] signPkAndTime(String str, byte[] bArr, byte[] bArr2, String str2, int i) {
        byte[] concatenateData = concatenateData(bArr, bArr2, str2, i);
        LOGGER.info("concatenate data success!");
        return SignAndVerify.signData(str, concatenateData);
    }

    private static byte[] concatenateData(byte[] bArr, byte[] bArr2, String str, int i) {
        if (str == null) {
            LOGGER.severe("[concatenateData] input time is null, please check!");
            throw new IllegalArgumentException();
        }
        byte[] bytes = str.getBytes(StandardCharsets.UTF_8);
        byte[] bytes2 = String.valueOf(i).getBytes(StandardCharsets.UTF_8);
        byte[] bArr3 = new byte[bArr.length + bArr2.length + bytes.length + bytes2.length];
        System.arraycopy(bArr, 0, bArr3, 0, bArr.length);
        int length = 0 + bArr.length;
        System.arraycopy(bArr2, 0, bArr3, length, bArr2.length);
        int length2 = length + bArr2.length;
        System.arraycopy(bytes, 0, bArr3, length2, bytes.length);
        System.arraycopy(bytes2, 0, bArr3, length2 + bytes.length, bytes2.length);
        return bArr3;
    }

    private static byte[] concatenateIterAndTime(String str, int i) {
        byte[] bytes = str.getBytes(StandardCharsets.UTF_8);
        byte[] bytes2 = String.valueOf(i).getBytes(StandardCharsets.UTF_8);
        byte[] bArr = new byte[bytes.length + bytes2.length];
        System.arraycopy(bytes, 0, bArr, 0, bytes.length);
        System.arraycopy(bytes2, 0, bArr, 0 + bytes.length, bytes2.length);
        return bArr;
    }

    private static boolean verifySignature(String str, X509Certificate[] x509CertificateArr, byte[] bArr, byte[] bArr2, byte[] bArr3, String str2, int i) {
        return SignAndVerify.verifySignatureByCert(str, x509CertificateArr, concatenateData(bArr2, bArr3, str2, i), bArr);
    }

    private FLClientStatus clientListCheck() {
        LOGGER.info("[PairWiseMask] ==================== ClientListCheck ======================");
        FLClientStatus sendClientListSign = sendClientListSign();
        this.waitTryTime = 0;
        while (true) {
            if (sendClientListSign != FLClientStatus.WAIT) {
                break;
            }
            this.waitTryTime++;
            if (waitTryTimeExceedsLimit().booleanValue()) {
                sendClientListSign = FLClientStatus.FAILED;
                break;
            }
            Common.sleep(10000L);
            sendClientListSign = sendClientListSign();
        }
        if (sendClientListSign != FLClientStatus.SUCCESS) {
            return sendClientListSign;
        }
        FLClientStatus allClientListSign = getAllClientListSign();
        this.waitTryTime = 0;
        while (true) {
            if (allClientListSign != FLClientStatus.WAIT) {
                break;
            }
            this.waitTryTime++;
            if (waitTryTimeExceedsLimit().booleanValue()) {
                allClientListSign = FLClientStatus.FAILED;
                break;
            }
            Common.sleep(10000L);
            allClientListSign = getAllClientListSign();
        }
        return allClientListSign;
    }

    private FLClientStatus sendClientListSign() {
        LOGGER.info("[PairWiseMask] ==============request flID: " + this.localFLParameter.getFlID() + "==============");
        genDHKeyPairs();
        List<String> list = this.u3ClientList;
        if (this.u3ClientList.size() == 0) {
            LOGGER.severe("[Encrypt] u3List is empty, please check!");
            return FLClientStatus.FAILED;
        }
        byte[] signData = SignAndVerify.signData(this.flParameter.getClientID(), SignAndVerify.getSHA256(transStringListToByte(list)));
        if (signData == null) {
            LOGGER.severe("[sendClientListSign] the returned signature is null");
            return FLClientStatus.FAILED;
        }
        FlatBufferBuilder flatBufferBuilder = new FlatBufferBuilder();
        int createSignatureVector = RequestExchangeKeys.createSignatureVector(flatBufferBuilder, signData);
        String valueOf = String.valueOf(new Date().getTime());
        byte[] signTimeAndIter = signTimeAndIter(valueOf, this.iteration);
        int createString = flatBufferBuilder.createString(this.localFLParameter.getFlID());
        int createString2 = flatBufferBuilder.createString(valueOf);
        flatBufferBuilder.finish(signData.length > 0 ? SendClientListSign.createSendClientListSign(flatBufferBuilder, createString, this.iteration, createString2, createSignatureVector, SendClientListSign.createSignatureVector(flatBufferBuilder, signTimeAndIter)) : SendClientListSign.createSendClientListSign(flatBufferBuilder, createString, this.iteration, createString2, createSignatureVector, 0));
        try {
            byte[] syncRequest = this.flCommunication.syncRequest(Common.generateUrl(this.flParameter.isUseElb(), this.flParameter.getServerNum(), this.flParameter.getDomainName()) + "/pushListSign", flatBufferBuilder.sizedByteArray());
            return !Common.isSeverReady(syncRequest) ? serverNotReady("sendClientListSign") : Common.isSeverJobFinished(syncRequest) ? serverJobFinished("sendClientListSign") : judgeRequestClientList(ResponseClientListSign.getRootAsResponseClientListSign(ByteBuffer.wrap(syncRequest)));
        } catch (IOException e) {
            e.printStackTrace();
            return FLClientStatus.FAILED;
        }
    }

    private FLClientStatus judgeRequestClientList(ResponseClientListSign responseClientListSign) {
        this.retCode = responseClientListSign.retcode();
        LOGGER.info("[PairWiseMask] **************the response of RequestClientListSign**************");
        LOGGER.info("[PairWiseMask] return code: " + this.retCode);
        LOGGER.info("[PairWiseMask] reason: " + responseClientListSign.reason());
        LOGGER.info("[PairWiseMask] current iteration in server: " + responseClientListSign.iteration());
        LOGGER.info("[PairWiseMask] next request time: " + responseClientListSign.nextReqTime());
        switch (this.retCode) {
            case 200:
                LOGGER.info("[PairWiseMask] RequestClientListSign success");
                return FLClientStatus.SUCCESS;
            case ResponseCode.OutOfTime /* 300 */:
                LOGGER.info("[PairWiseMask] RequestClientListSign out of time: need wait and request startFLJob again");
                setNextRequestTime(responseClientListSign.nextReqTime());
                return FLClientStatus.RESTART;
            case ResponseCode.RequestError /* 400 */:
            case ResponseCode.SystemError /* 500 */:
                LOGGER.info("[PairWiseMask] catch RequestError or SystemError in RequestClientListSign");
                return FLClientStatus.FAILED;
            default:
                LOGGER.severe("[PairWiseMask] the return <retCode> from server in RequestClientListSign is invalid: " + this.retCode);
                return FLClientStatus.FAILED;
        }
    }

    private FLClientStatus getAllClientListSign() {
        FlatBufferBuilder flatBufferBuilder = new FlatBufferBuilder();
        int createString = flatBufferBuilder.createString(this.localFLParameter.getFlID());
        String valueOf = String.valueOf(new Date().getTime());
        int createString2 = flatBufferBuilder.createString(valueOf);
        byte[] signTimeAndIter = signTimeAndIter(valueOf, this.iteration);
        flatBufferBuilder.finish(signTimeAndIter.length > 0 ? RequestAllClientListSign.createRequestAllClientListSign(flatBufferBuilder, createString, this.iteration, createString2, RequestAllClientListSign.createSignatureVector(flatBufferBuilder, signTimeAndIter)) : RequestAllClientListSign.createRequestAllClientListSign(flatBufferBuilder, createString, this.iteration, createString2, 0));
        try {
            byte[] syncRequest = this.flCommunication.syncRequest(Common.generateUrl(this.flParameter.isUseElb(), this.flParameter.getServerNum(), this.flParameter.getDomainName()) + "/getListSign", flatBufferBuilder.sizedByteArray());
            return !Common.isSeverReady(syncRequest) ? serverNotReady("getAllClientListSign") : Common.isSeverJobFinished(syncRequest) ? serverJobFinished("getAllClientListSign") : judgeAllClientList(ReturnAllClientListSign.getRootAsReturnAllClientListSign(ByteBuffer.wrap(syncRequest)));
        } catch (IOException e) {
            e.printStackTrace();
            return FLClientStatus.FAILED;
        }
    }

    private FLClientStatus judgeAllClientList(ReturnAllClientListSign returnAllClientListSign) {
        this.retCode = returnAllClientListSign.retcode();
        LOGGER.info("[PairWiseMask] **************the response of GetAllClientsList**************");
        LOGGER.info("[PairWiseMask] return code: " + this.retCode);
        LOGGER.info("[PairWiseMask] reason: " + returnAllClientListSign.reason());
        LOGGER.info("[PairWiseMask] current iteration in server: " + returnAllClientListSign.iteration());
        LOGGER.info("[PairWiseMask] next request time: " + returnAllClientListSign.nextReqTime());
        switch (this.retCode) {
            case 200:
                LOGGER.info("[PairWiseMask] GetAllClientList success");
                int clientListSignLength = returnAllClientListSign.clientListSignLength();
                String clientID = this.flParameter.getClientID();
                String flID = this.localFLParameter.getFlID();
                byte[] sha256 = SignAndVerify.getSHA256(transStringListToByte(this.u3ClientList));
                for (int i = 0; i < clientListSignLength; i++) {
                    ByteBuffer signatureAsByteBuffer = returnAllClientListSign.clientListSign(i).signatureAsByteBuffer();
                    byte[] bArr = new byte[signatureAsByteBuffer.remaining()];
                    signatureAsByteBuffer.get(bArr);
                    if (returnAllClientListSign.clientListSign(i).flId() == null) {
                        LOGGER.severe("[PairWiseMask] get flID failed!");
                        return FLClientStatus.FAILED;
                    }
                    String flId = returnAllClientListSign.clientListSign(i).flId();
                    X509Certificate[] x509CertificateArr = this.certificateList.get(flId);
                    if (!flID.equals(flId) && !SignAndVerify.verifySignatureByCert(clientID, x509CertificateArr, sha256, bArr)) {
                        LOGGER.info("[PairWiseMask] FlID: " + flId + ", signature authentication failed");
                        return FLClientStatus.FAILED;
                    }
                }
                return FLClientStatus.SUCCESS;
            case ResponseCode.SucNotReady /* 201 */:
                LOGGER.info("[PairWiseMask] server is not ready now, need wait and request GetAllClientsList again!");
                return FLClientStatus.WAIT;
            case ResponseCode.OutOfTime /* 300 */:
                LOGGER.info("[PairWiseMask] GetAllClientsList out of time: need wait and request startFLJob again");
                setNextRequestTime(returnAllClientListSign.nextReqTime());
                return FLClientStatus.RESTART;
            case ResponseCode.RequestError /* 400 */:
            case ResponseCode.SystemError /* 500 */:
                LOGGER.info("[PairWiseMask] catch SucNotMatch or SystemError in GetAllClientsList");
                return FLClientStatus.FAILED;
            default:
                LOGGER.severe("[PairWiseMask] the return <retCode> from server in ReturnAllClientList is invalid: " + this.retCode);
                return FLClientStatus.FAILED;
        }
    }

    private byte[] transStringListToByte(List<String> list) {
        int i = 0;
        Iterator<String> it = list.iterator();
        while (it.hasNext()) {
            i += it.next().getBytes(StandardCharsets.UTF_8).length;
        }
        byte[] bArr = new byte[i];
        int i2 = 0;
        Iterator<String> it2 = list.iterator();
        while (it2.hasNext()) {
            byte[] bytes = it2.next().getBytes(StandardCharsets.UTF_8);
            System.arraycopy(bytes, 0, bArr, i2, bytes.length);
            i2 += bytes.length;
        }
        return bArr;
    }

    public static byte[] signTimeAndIter(String str, int i) {
        FLParameter fLParameter = FLParameter.getInstance();
        String clientID = fLParameter.getClientID();
        byte[] bArr = new byte[0];
        if (fLParameter.isPkiVerify()) {
            LOGGER.info("ClientID is:" + clientID);
            bArr = SignAndVerify.signData(clientID, concatenateIterAndTime(str, i));
        }
        return bArr;
    }

    private static String transformX509ToPem(X509Certificate x509Certificate) {
        if (x509Certificate == null) {
            LOGGER.severe("[CertVerify] x509Certificate is null, please check!");
            return null;
        }
        try {
            return new String(Base64.getEncoder().encode(x509Certificate.getEncoded()));
        } catch (CertificateEncodingException e) {
            LOGGER.severe("[CertVerify] catch Exception: " + e.getMessage());
            return null;
        }
    }

    private static String[] transformX509ArrayToPemArray(X509Certificate[] x509CertificateArr) {
        if (x509CertificateArr == null || x509CertificateArr.length == 0) {
            LOGGER.severe("[CertVerify] certificateChains is null or empty, please check!");
            throw new IllegalArgumentException();
        }
        int length = x509CertificateArr.length;
        String[] strArr = new String[length];
        for (int i = 0; i < length; i++) {
            strArr[i] = transformX509ToPem(x509CertificateArr[i]);
        }
        return strArr;
    }

    private Boolean waitTryTimeExceedsLimit() {
        if (this.waitTryTime <= 18) {
            return false;
        }
        LOGGER.severe("[waitTryTimeExceedsLimit] the waitTryTime exceeds the limit, current waitTryTime is: " + this.waitTryTime + " the limited time is: 18");
        return true;
    }

    private FLClientStatus serverNotReady(String str) {
        LOGGER.info("[" + str + "] the server is not ready now, need wait some time and request again");
        this.nextRequestTime = Common.getNextReqTime();
        this.retCode = ResponseCode.OutOfTime;
        return FLClientStatus.RESTART;
    }

    private FLClientStatus serverJobFinished(String str) {
        LOGGER.info("[" + str + "] " + Common.JOB_NOT_AVAILABLE + " will stop the task and exist.");
        this.retCode = ResponseCode.SystemError;
        return FLClientStatus.FAILED;
    }
}
