private void updateActive() {
    manager.updateSRPState();

    if (active && SRP_VERIFIER != null) {

      start();

    } else {

      synchronized (tunnels) {
        for (PairManagerTunnel t : new ArrayList<PairManagerTunnel>(tunnels.values())) {

          t.destroy();
        }
      }

      synchronized (local_server_map) {
        local_server_map.clear();
      }
    }

    List<DHTNATPuncher> punchers = new ArrayList<DHTNATPuncher>();

    punchers.addAll(nat_punchers_ipv4);
    punchers.addAll(nat_punchers_ipv6);

    for (DHTNATPuncher p : punchers) {

      p.forceActive(active);
    }
  }
  protected void updateRegistrationData(Map<String, Object> payload) {
    int puncher_num = 0;

    int num_registered = 0;

    for (DHTNATPuncher nat_ipv4 : nat_punchers_ipv4) {

      DHTTransportContact rend = nat_ipv4.getRendezvous();
      DHTTransportContact lc = nat_ipv4.getLocalContact();

      if (rend != null && lc != null) {

        puncher_num++;

        InetSocketAddress rend_address = rend.getTransportAddress();

        num_registered++;

        payload.put(
            "rc_v4-" + puncher_num,
            rend_address.getAddress().getHostAddress() + ":" + rend_address.getPort());

        if (puncher_num == 1) {

          payload.put(
              "rl_v4",
              lc.getExternalAddress().getAddress().getHostAddress()
                  + ":"
                  + lc.getAddress().getPort());
        }
      }
    }

    puncher_num = 0;

    for (DHTNATPuncher nat_ipv6 : nat_punchers_ipv6) {

      DHTTransportContact rend = nat_ipv6.getRendezvous();
      DHTTransportContact lc = nat_ipv6.getLocalContact();

      if (rend != null && lc != null) {

        puncher_num++;

        InetSocketAddress rend_address = rend.getTransportAddress();

        num_registered++;

        payload.put(
            "rc_v6-" + puncher_num,
            rend_address.getAddress().getHostAddress() + ":" + rend_address.getPort());

        if (puncher_num == 1) {

          payload.put(
              "rl_v6",
              lc.getExternalAddress().getAddress().getHostAddress()
                  + ":"
                  + lc.getAddress().getPort());
        }
      }
    }

    if (num_registered != last_punchers_registered) {

      last_punchers_registered = num_registered;

      manager.updateSRPState();
    }
  }
  private void start() {
    synchronized (this) {
      if (started) {

        return;
      }

      started = true;
    }

    N_3072 =
        fromHex(
            "FFFFFFFF FFFFFFFF C90FDAA2 2168C234 C4C6628B 80DC1CD1 29024E08"
                + "8A67CC74 020BBEA6 3B139B22 514A0879 8E3404DD EF9519B3 CD3A431B"
                + "302B0A6D F25F1437 4FE1356D 6D51C245 E485B576 625E7EC6 F44C42E9"
                + "A637ED6B 0BFF5CB6 F406B7ED EE386BFB 5A899FA5 AE9F2411 7C4B1FE6"
                + "49286651 ECE45B3D C2007CB8 A163BF05 98DA4836 1C55D39A 69163FA8"
                + "FD24CF5F 83655D23 DCA3AD96 1C62F356 208552BB 9ED52907 7096966D"
                + "670C354E 4ABC9804 F1746C08 CA18217C 32905E46 2E36CE3B E39E772C"
                + "180E8603 9B2783A2 EC07A28F B5C55DF0 6F4C52C9 DE2BCBF6 95581718"
                + "3995497C EA956AE5 15D22618 98FA0510 15728E5A 8AAAC42D AD33170D"
                + "04507A33 A85521AB DF1CBA64 ECFB8504 58DBEF0A 8AEA7157 5D060C7D"
                + "B3970F85 A6E1E4C7 ABF5AE8C DB0933D7 1E8C94E0 4A25619D CEE3D226"
                + "1AD2EE6B F12FFA06 D98A0864 D8760273 3EC86A64 521F2B18 177B200C"
                + "BBE11757 7A615D6C 770988C0 BAD946E2 08E24FA0 74E5AB31 43DB5BFC"
                + "E0FD108E 4B82D120 A93AD2CA FFFFFFFF FFFFFFFF");

    G_3072 = BigInteger.valueOf(5);

    try {
      PluginInterface dht_pi = core.getPluginManager().getPluginInterfaceByClass(DHTPlugin.class);

      if (dht_pi == null) {

        throw (new Exception("DHT Plugin not found"));
      }

      DHTPlugin dht_plugin = (DHTPlugin) dht_pi.getPlugin();

      if (!dht_plugin.isEnabled()) {

        throw (new Exception("DHT Plugin is disabled"));
      }

      DHT[] dhts = dht_plugin.getDHTs();

      List<DHTNATPuncher> punchers = new ArrayList<DHTNATPuncher>();

      for (DHT dht : dhts) {

        int net = dht.getTransport().getNetwork();

        if (net == DHT.NW_MAIN) {

          DHTNATPuncher primary_puncher = dht.getNATPuncher();

          if (primary_puncher != null) {

            punchers.add(primary_puncher);

            nat_punchers_ipv4.add(primary_puncher);

            for (int i = 1; i <= 2; i++) {

              DHTNATPuncher puncher = primary_puncher.getSecondaryPuncher();

              punchers.add(puncher);

              nat_punchers_ipv4.add(puncher);
            }
          }
        } else if (net == DHT.NW_MAIN_V6) {

          /*
           * no point in this atm as we don't support v6 tunnels

          DHTNATPuncher puncher = dht.getNATPuncher();

          if ( puncher != null ){

          	punchers.add( puncher );

          	nat_punchers_ipv6.add( puncher );

          	puncher = puncher.getSecondaryPuncher();

          	punchers.add( puncher );

          	nat_punchers_ipv6.add( puncher );
          }
          */
        }
      }

      if (punchers.size() == 0) {

        throw (new Exception("No suitable DHT instances available"));
      }

      for (DHTNATPuncher p : punchers) {

        p.forceActive(true);

        p.addListener(
            new DHTNATPuncherListener() {
              public void rendezvousChanged(DHTTransportContact rendezvous) {
                System.out.println("active: " + rendezvous.getString());

                synchronized (PairingManagerTunnelHandler.this) {
                  if (update_event == null) {

                    update_event =
                        SimpleTimer.addEvent(
                            "PMT:defer",
                            SystemTime.getOffsetTime(15 * 1000),
                            new TimerEventPerformer() {
                              public void perform(TimerEvent event) {
                                synchronized (PairingManagerTunnelHandler.this) {
                                  update_event = null;
                                }

                                System.out.println("    updating");

                                manager.updateNeeded();
                              };
                            });
                  }
                }
              }
            });
      }

      core.getNATTraverser()
          .registerHandler(
              new NATTraversalHandler() {
                private Map<Long, Object[]> server_map =
                    new LinkedHashMap<Long, Object[]>(10, 0.75f, true) {
                      protected boolean removeEldestEntry(Map.Entry<Long, Object[]> eldest) {
                        return size() > 10;
                      }
                    };

                public int getType() {
                  return (NATTraverser.TRAVERSE_REASON_PAIR_TUNNEL);
                }

                public String getName() {
                  return ("Pairing Tunnel");
                }

                public Map process(InetSocketAddress originator, Map data) {
                  if (SRP_VERIFIER == null || !active) {

                    return (null);
                  }

                  boolean good_request = false;

                  try {

                    Map result = new HashMap();

                    Long session = (Long) data.get("sid");

                    if (session == null) {

                      return (null);
                    }

                    InetAddress tunnel_originator;

                    try {
                      tunnel_originator = InetAddress.getByAddress((byte[]) data.get("origin"));

                    } catch (Throwable e) {

                      Debug.out("originator decode failed: " + data);

                      return (null);
                    }

                    System.out.println(
                        "PairManagerTunnelHander: incoming message - session="
                            + session
                            + ", payload="
                            + data
                            + " from "
                            + tunnel_originator
                            + " via "
                            + originator);

                    SRP6Server server;
                    BigInteger B;

                    synchronized (server_map) {
                      Object[] entry = server_map.get(session);

                      if (entry == null) {

                        long diff = SystemTime.getMonotonousTime() - last_server_create_time;

                        if (diff < 5000) {

                          try {
                            long sleep = 5000 - diff;

                            System.out.println("Sleeping for " + sleep + " before starting srp");

                            Thread.sleep(sleep);

                          } catch (Throwable e) {
                          }
                        }

                        server = new SRP6Server();

                        server.init(
                            N_3072,
                            G_3072,
                            SRP_VERIFIER,
                            new SHA256Digest(),
                            RandomUtils.SECURE_RANDOM);

                        B = server.generateServerCredentials();

                        server_map.put(session, new Object[] {server, B});

                        last_server_create_time = SystemTime.getMonotonousTime();

                        total_servers++;

                      } else {

                        server = (SRP6Server) entry[0];
                        B = (BigInteger) entry[1];
                      }
                    }

                    Long op = (Long) data.get("op");

                    if (op == 1) {

                      result.put("op", 2);

                      result.put("s", SRP_SALT);

                      result.put("b", B.toByteArray());

                      good_request = true;

                      if (data.containsKey("test")) {

                        manager.recordRequest(
                            "SRP Test", originator.getAddress().getHostAddress(), true);
                      }
                    } else if (op == 3) {

                      boolean log_error = true;

                      try {
                        long diff = SystemTime.getMonotonousTime() - last_server_agree_time;

                        if (diff < 5000) {

                          try {
                            long sleep = 5000 - diff;

                            System.out.println("Sleeping for " + sleep + " before completing srp");

                            Thread.sleep(sleep);

                          } catch (Throwable e) {
                          }
                        }

                        BigInteger A = new BigInteger((byte[]) data.get("a"));

                        BigInteger serverS = server.calculateSecret(A);

                        byte[] shared_secret = serverS.toByteArray();

                        Cipher decipher = Cipher.getInstance("AES/CBC/PKCS5Padding");

                        byte[] key = new byte[16];

                        System.arraycopy(shared_secret, 0, key, 0, 16);

                        SecretKeySpec secret = new SecretKeySpec(key, "AES");

                        decipher.init(
                            Cipher.DECRYPT_MODE,
                            secret,
                            new IvParameterSpec((byte[]) data.get("enc_iv")));

                        byte[] dec = decipher.doFinal((byte[]) data.get("enc_data"));

                        String json_str = new String(dec, "UTF-8");

                        if (!json_str.startsWith("{")) {

                          log_error = false;

                          throw (new Exception("decode failed"));
                        }

                        JSONObject dec_json = (JSONObject) JSONUtils.decodeJSON(json_str);

                        String tunnel_url = (String) dec_json.get("url");

                        String service_id = new String((byte[]) data.get("service"), "UTF-8");

                        String endpoint_url = (String) dec_json.get("endpoint");

                        boolean ok =
                            createTunnel(
                                tunnel_originator,
                                session,
                                service_id,
                                secret,
                                tunnel_url,
                                endpoint_url);

                        result.put("op", 4);
                        result.put("status", ok ? "ok" : "failed");

                        good_request = true;

                      } catch (Throwable e) {

                        result.put("op", 4);
                        result.put("status", "failed");

                        // filter usual errors on bad agreement

                        if (e instanceof BadPaddingException
                            || e instanceof IllegalBlockSizeException) {

                          log_error = false;
                        }

                        if (log_error) {

                          e.printStackTrace();
                        }
                      } finally {

                        last_server_agree_time = SystemTime.getMonotonousTime();
                      }
                    }

                    return (result);

                  } finally {

                    if (!good_request) {

                      manager.recordRequest("SRP", originator.getAddress().getHostAddress(), false);
                    }
                  }
                }
              });

      SimpleTimer.addPeriodicEvent(
          "pm:tunnel:stats",
          30 * 1000,
          new TimerEventPerformer() {
            public void perform(TimerEvent event) {
              synchronized (tunnels) {
                if (tunnels.size() > 0) {

                  System.out.println("PairTunnels: " + tunnels.size());

                  for (PairManagerTunnel t : tunnels.values()) {

                    System.out.println("\t" + t.getString());
                  }
                }
              }
            }
          });

    } catch (Throwable e) {

      Debug.out(e);

      init_fail = Debug.getNestedExceptionMessage(e);

      manager.updateSRPState();
    }
  }
  protected void generateEvidence(IndentWriter writer) {
    writer.println("Tunnel Handler");

    writer.indent();

    writer.println("started=" + started + ", active=" + active);

    if (init_fail != null) {

      writer.println("Init fail: " + init_fail);
    }

    long now = SystemTime.getMonotonousTime();

    writer.println("total local=" + total_local_servers);
    writer.println(
        "last local create="
            + (last_local_server_create_time == 0
                ? "<never>"
                : String.valueOf(now - last_local_server_create_time)));
    writer.println(
        "last local agree="
            + (last_local_server_agree_time == 0
                ? "<never>"
                : String.valueOf(now - last_local_server_agree_time)));

    writer.println("total remote=" + total_servers);
    writer.println(
        "last remote create="
            + (last_server_create_time == 0
                ? "<never>"
                : String.valueOf(now - last_server_create_time)));
    writer.println(
        "last remote agree="
            + (last_server_agree_time == 0
                ? "<never>"
                : String.valueOf(now - last_server_agree_time)));

    synchronized (tunnels) {
      writer.println("tunnels=" + tunnels.size());

      for (PairManagerTunnel tunnel : tunnels.values()) {

        writer.println("    " + tunnel.getString());
      }
    }

    try {
      writer.println("IPv4 punchers: " + nat_punchers_ipv4.size());

      for (DHTNATPuncher p : nat_punchers_ipv4) {

        writer.println("    " + p.getStats());
      }

      writer.println("IPv6 punchers: " + nat_punchers_ipv6.size());

      for (DHTNATPuncher p : nat_punchers_ipv6) {

        writer.println("    " + p.getStats());
      }
    } finally {

      writer.exdent();
    }
  }