package org.eclipse.californium.scandium.dtls;

import java.net.InetAddress;
import java.net.InetSocketAddress;
import java.security.GeneralSecurityException;
import java.util.List;
import java.util.concurrent.ScheduledExecutorService;
import org.eclipse.californium.elements.category.Small;
import org.eclipse.californium.elements.rule.ThreadsRule;
import org.eclipse.californium.elements.util.TestScheduledExecutorService;
import org.eclipse.californium.scandium.config.DtlsConnectorConfig;
import org.eclipse.californium.scandium.dtls.AlertMessage;
import org.eclipse.californium.scandium.dtls.cipher.CipherSuite;
import org.eclipse.californium.scandium.dtls.x509.StaticNewAdvancedCertificateVerifier;
import org.eclipse.californium.scandium.util.ServerName;
import org.hamcrest.CoreMatchers;
import org.junit.After;
import org.junit.Assert;
import org.junit.Before;
import org.junit.Rule;
import org.junit.Test;
import org.junit.experimental.categories.Category;

@Category({Small.class})
/* loaded from: input_file:org/eclipse/californium/scandium/dtls/ClientHandshakerTest.class */
public class ClientHandshakerTest {
    static final int MAX_TRANSMISSION_UNIT = 1500;

    @Rule
    public ThreadsRule cleanup = new ThreadsRule(new String[0]);
    final InetSocketAddress localPeer = new InetSocketAddress(InetAddress.getLoopbackAddress(), 0);
    final SimpleRecordLayer recordLayer = new SimpleRecordLayer();
    final String serverName = "iot.eclipse.org";
    ClientHandshaker handshaker;
    ScheduledExecutorService timer;

    @Before
    public void setup() {
        this.timer = new TestScheduledExecutorService();
    }

    @After
    public void tearDown() {
        this.timer.shutdown();
        this.timer = null;
    }

    @Test
    public void testServerCertExtPrefersX509WithTrustStore() throws Exception {
        givenAClientHandshaker(true);
        this.handshaker.startHandshake();
        assertPreferredServerCertificateExtension(getClientHello(this.recordLayer.getSentFlight()), CertificateType.X_509);
    }

    @Test
    public void testServerCertExtPrefersX509WithEmptyTrustStore() throws Exception {
        givenAClientHandshaker(this.localPeer, false, true);
        this.handshaker.startHandshake();
        assertPreferredServerCertificateExtension(getClientHello(this.recordLayer.getSentFlight()), CertificateType.X_509);
    }

    @Test
    public void testServerCertExtPrefersRawPublicKeysWithoutTrustStore() throws Exception {
        givenAClientHandshaker(this.localPeer, null, false, false, true, false);
        this.handshaker.startHandshake();
        assertPreferredServerCertificateExtension(getClientHello(this.recordLayer.getSentFlight()), CertificateType.RAW_PUBLIC_KEY);
    }

    @Test
    public void testClientHelloLacksServerNameExtensionForMessageWithoutVirtualHost() throws Exception {
        givenAClientHandshaker(null, false);
        this.handshaker.startHandshake();
        Assert.assertNull(getClientHello(this.recordLayer.getSentFlight()).getServerNameExtension());
    }

    @Test
    public void testClientHelloLacksServerNameExtensionForDisabledSni() throws Exception {
        givenAClientHandshaker(this.localPeer, "iot.eclipse.org", false, false, false, false);
        this.handshaker.startHandshake();
        Assert.assertNull(getClientHello(this.recordLayer.getSentFlight()).getServerNameExtension());
    }

    @Test
    public void testClientHelloContainsServerNameExtensionForMessageWithVirtualHost() throws Exception {
        givenAClientHandshaker("iot.eclipse.org", false);
        this.handshaker.startHandshake();
        ClientHello clientHello = getClientHello(this.recordLayer.getSentFlight());
        Assert.assertNotNull(clientHello.getServerNameExtension());
        Assert.assertThat(clientHello.getServerNameExtension().getServerNames().getServerName(ServerName.NameType.HOST_NAME).getNameAsString(), CoreMatchers.is("iot.eclipse.org"));
    }

    @Test
    public void testClientReceivesBrokenServerHello() throws Exception {
        givenAClientHandshaker(false);
        this.handshaker.startHandshake();
        ClientHello clientHello = getClientHello(this.recordLayer.getSentFlight());
        Assert.assertNotNull(clientHello);
        CipherSuite cipherSuite = (CipherSuite) clientHello.getCipherSuites().get(0);
        HelloExtensions helloExtensions = new HelloExtensions();
        helloExtensions.addExtension(ConnectionIdExtension.fromConnectionId(ConnectionId.EMPTY));
        Record recordForMessage = DtlsTestTools.getRecordForMessage(0, 1, new ServerHello(clientHello.getClientVersion(), new Random(), new SessionId(), cipherSuite, CompressionMethod.NULL, helloExtensions, this.localPeer), this.localPeer);
        recordForMessage.applySession(this.handshaker.session);
        try {
            this.handshaker.processMessage(recordForMessage);
            Assert.fail("Broken SERVER_HELLO not detected!");
        } catch (HandshakeException e) {
            Assert.assertThat(e.getAlert().getLevel(), CoreMatchers.is(AlertMessage.AlertLevel.FATAL));
            Assert.assertThat(e.getAlert().getDescription(), CoreMatchers.is(AlertMessage.AlertDescription.UNSUPPORTED_EXTENSION));
        }
    }

    private void givenAClientHandshaker(boolean z) throws Exception {
        givenAClientHandshaker(null, z);
    }

    private void givenAClientHandshaker(String str, boolean z) throws Exception {
        givenAClientHandshaker(this.localPeer, str, z, false, false, true);
    }

    private void givenAClientHandshaker(InetSocketAddress inetSocketAddress, boolean z, boolean z2) throws Exception {
        givenAClientHandshaker(inetSocketAddress, "iot.eclipse.org", z, z2, false, true);
    }

    private void givenAClientHandshaker(InetSocketAddress inetSocketAddress, String str, boolean z, boolean z2, boolean z3, boolean z4) throws Exception {
        DtlsConnectorConfig.Builder sniEnabled = DtlsConnectorConfig.builder().setAddress(new InetSocketAddress(InetAddress.getLoopbackAddress(), 0)).setIdentity(DtlsTestTools.getClientPrivateKey(), DtlsTestTools.getClientCertificateChain(), new CertificateType[]{CertificateType.X_509}).setSniEnabled(z4);
        StaticNewAdvancedCertificateVerifier.Builder builder = StaticNewAdvancedCertificateVerifier.builder();
        if (z) {
            sniEnabled.setAdvancedCertificateVerifier(builder.setTrustedCertificates(DtlsTestTools.getTrustedCertificates()).build());
        } else if (z2) {
            sniEnabled.setAdvancedCertificateVerifier(builder.setTrustAllCertificates().build());
        } else if (z3) {
            sniEnabled.setAdvancedCertificateVerifier(builder.setTrustAllRPKs().build());
        } else {
            sniEnabled.setClientAuthenticationRequired(false);
        }
        Connection connection = new Connection(inetSocketAddress, new SyncSerialExecutor());
        DTLSSession dTLSSession = new DTLSSession(inetSocketAddress);
        dTLSSession.setHostName(str);
        this.handshaker = new ClientHandshaker(dTLSSession, this.recordLayer, this.timer, connection, sniEnabled.build(), false);
        this.recordLayer.setHandshaker(this.handshaker);
    }

    private static void assertPreferredServerCertificateExtension(ClientHello clientHello, CertificateType certificateType) {
        CertificateType certificateType2 = null;
        ServerCertificateTypeExtension serverCertificateTypeExtension = clientHello.getServerCertificateTypeExtension();
        if (serverCertificateTypeExtension != null) {
            certificateType2 = (CertificateType) serverCertificateTypeExtension.getCertificateTypes().get(0);
        }
        if (certificateType != CertificateType.X_509) {
            Assert.assertThat(serverCertificateTypeExtension, CoreMatchers.notNullValue());
        } else if (certificateType2 == null) {
            return;
        }
        Assert.assertThat(certificateType2, CoreMatchers.is(certificateType));
    }

    private static ClientHello getClientHello(List<Record> list) throws GeneralSecurityException, HandshakeException {
        return list.get(0).getFragment();
    }
}
