package org.eclipse.californium.scandium.config;

import java.io.IOException;
import java.net.InetAddress;
import java.net.InetSocketAddress;
import java.security.GeneralSecurityException;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
import java.util.Collections;
import java.util.Iterator;
import org.eclipse.californium.elements.category.Small;
import org.eclipse.californium.scandium.config.DtlsConnectorConfig;
import org.eclipse.californium.scandium.dtls.CertificateType;
import org.eclipse.californium.scandium.dtls.DtlsTestTools;
import org.eclipse.californium.scandium.dtls.SignatureAndHashAlgorithm;
import org.eclipse.californium.scandium.dtls.cipher.CipherSuite;
import org.eclipse.californium.scandium.dtls.pskstore.StaticPskStore;
import org.hamcrest.CoreMatchers;
import org.hamcrest.core.IsCollectionContaining;
import org.junit.Assert;
import org.junit.Before;
import org.junit.Rule;
import org.junit.Test;
import org.junit.experimental.categories.Category;
import org.junit.rules.ExpectedException;

@Category({Small.class})
/* loaded from: input_file:org/eclipse/californium/scandium/config/DeprecatedDtlsConnectorConfigTest.class */
public class DeprecatedDtlsConnectorConfigTest {

    @Rule
    public ExpectedException exception = ExpectedException.none();
    DtlsConnectorConfig.Builder builder;
    InetSocketAddress endpoint;

    @Before
    public void setUp() throws Exception {
        this.endpoint = new InetSocketAddress(InetAddress.getLoopbackAddress(), 10000);
        this.builder = new DtlsConnectorConfig.Builder().setAddress(this.endpoint);
    }

    @Test
    public void testBuilderSetsPskCipherSuitesWhenPskStoreIsSet() {
        DtlsConnectorConfig build = this.builder.setPskStore(new StaticPskStore("ID", "KEY".getBytes())).build();
        Assert.assertFalse(build.getSupportedCipherSuites().isEmpty());
        Iterator it = build.getSupportedCipherSuites().iterator();
        while (it.hasNext()) {
            Assert.assertThat(((CipherSuite) it.next()).getKeyExchange(), CoreMatchers.either(CoreMatchers.is(CipherSuite.KeyExchangeAlgorithm.PSK)).or(CoreMatchers.is(CipherSuite.KeyExchangeAlgorithm.ECDHE_PSK)));
        }
    }

    @Test
    public void testBuilderSetsAtLeastAllMandatoryCipherSuitesWhenKeysAndPskStoreAreSet() throws Exception {
        Assert.assertThat(this.builder.setClientAuthenticationRequired(false).setRecommendedCipherSuitesOnly(false).setIdentity(DtlsTestTools.getPrivateKey(), DtlsTestTools.getPublicKey()).setPskStore(new StaticPskStore("ID", "KEY".getBytes())).build().getSupportedCipherSuites(), IsCollectionContaining.hasItems(new CipherSuite[]{CipherSuite.TLS_PSK_WITH_AES_128_CBC_SHA256, CipherSuite.TLS_PSK_WITH_AES_128_CCM_8, CipherSuite.TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8, CipherSuite.TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256}));
    }

    @Test
    public void testBuilderSetsNoNotRecommendedCipherSuitesWhenKeysAndPskStoreAreSet() throws Exception {
        Iterator it = this.builder.setClientAuthenticationRequired(false).setIdentity(DtlsTestTools.getPrivateKey(), DtlsTestTools.getPublicKey()).setPskStore(new StaticPskStore("ID", "KEY".getBytes())).build().getSupportedCipherSuites().iterator();
        while (it.hasNext()) {
            Assert.assertThat(Boolean.valueOf(((CipherSuite) it.next()).isRecommended()), CoreMatchers.is(true));
        }
    }

    @Test(expected = IllegalStateException.class)
    public void testBuilderDetectsNoCurveForCertificate() throws Exception {
        this.builder.setSupportedCipherSuites(new CipherSuite[]{CipherSuite.TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8}).setIdentity(DtlsTestTools.getPrivateKey(), DtlsTestTools.getPublicKey()).setSupportedGroups(new String[]{"secp384r1"}).setRpkTrustAll().build();
    }

    @Test(expected = IllegalStateException.class)
    public void testBuilderDetectsMissingIdentity() {
        this.builder.setSupportedCipherSuites(new CipherSuite[]{CipherSuite.TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8}).setRpkTrustAll().build();
    }

    @Test
    public void testBuildAllowsForAnonymousClientWithRpkTrust() {
        this.builder.setClientOnly().setSupportedCipherSuites(new CipherSuite[]{CipherSuite.TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8}).setRpkTrustAll().build();
    }

    @Test
    public void testBuildAllowsForAnonymousClientWithTrustStore() {
        this.builder.setClientOnly().setTrustStore(new Certificate[0]).build();
    }

    @Test
    public void testSetNoSignatureAndHashAlgorithms() throws IOException, GeneralSecurityException {
        DtlsConnectorConfig build = this.builder.setIdentity(DtlsTestTools.getPrivateKey(), DtlsTestTools.getPublicKey()).setRpkTrustAll().build();
        Assert.assertNotNull(build.getSupportedSignatureAlgorithms());
        Assert.assertThat(build.getSupportedSignatureAlgorithms(), CoreMatchers.is(SignatureAndHashAlgorithm.DEFAULT));
    }

    @Test
    public void testSetNoneSignatureAndHashAlgorithms() throws IOException, GeneralSecurityException {
        DtlsConnectorConfig build = this.builder.setIdentity(DtlsTestTools.getPrivateKey(), DtlsTestTools.getPublicKey()).setRpkTrustAll().setSupportedSignatureAlgorithms((String[]) null).build();
        Assert.assertNotNull(build.getSupportedSignatureAlgorithms());
        Assert.assertThat(build.getSupportedSignatureAlgorithms(), CoreMatchers.is(SignatureAndHashAlgorithm.DEFAULT));
    }

    @Test
    public void testSetNullSignatureAndHashAlgorithms() throws IOException, GeneralSecurityException {
        DtlsConnectorConfig build = this.builder.setIdentity(DtlsTestTools.getPrivateKey(), DtlsTestTools.getPublicKey()).setRpkTrustAll().setSupportedSignatureAlgorithms(Collections.emptyList()).build();
        Assert.assertNotNull(build.getSupportedSignatureAlgorithms());
        Assert.assertThat(build.getSupportedSignatureAlgorithms(), CoreMatchers.is(SignatureAndHashAlgorithm.DEFAULT));
    }

    @Test
    public void testBuildForSignatureAndHashAlgorithmsRpk() throws IOException, GeneralSecurityException {
        this.builder.setIdentity(DtlsTestTools.getPrivateKey(), DtlsTestTools.getPublicKey()).setRpkTrustAll().setSupportedSignatureAlgorithms(new SignatureAndHashAlgorithm[]{SignatureAndHashAlgorithm.SHA1_WITH_ECDSA}).build();
    }

    @Test
    public void testBuildSignatureAndHashAlgorithmsX509() throws IOException, GeneralSecurityException {
        this.builder.setIdentity(DtlsTestTools.getPrivateKey(), DtlsTestTools.getServerCertificateChain(), new CertificateType[0]).setTrustStore(new Certificate[0]).setSupportedSignatureAlgorithms(new SignatureAndHashAlgorithm[]{SignatureAndHashAlgorithm.SHA256_WITH_ECDSA}).build();
    }

    @Test
    public void testBuildDetectsErrorForSignatureAndHashAlgorithmsRpk() throws IOException, GeneralSecurityException {
        SignatureAndHashAlgorithm signatureAndHashAlgorithm = new SignatureAndHashAlgorithm(SignatureAndHashAlgorithm.HashAlgorithm.SHA256, SignatureAndHashAlgorithm.SignatureAlgorithm.DSA);
        this.exception.expect(IllegalStateException.class);
        this.exception.expectMessage("supported signature and hash algorithms doesn't match the public key!");
        this.builder.setIdentity(DtlsTestTools.getPrivateKey(), DtlsTestTools.getPublicKey()).setRpkTrustAll().setSupportedSignatureAlgorithms(new SignatureAndHashAlgorithm[]{signatureAndHashAlgorithm}).build();
    }

    @Test
    public void testBuildDetectsErrorForSignatureAndHashAlgorithmsX509() throws IOException, GeneralSecurityException {
        this.exception.expect(IllegalStateException.class);
        this.exception.expectMessage("supported signature and hash algorithms doesn't match the certificate chain!");
        this.builder.setIdentity(DtlsTestTools.getPrivateKey(), DtlsTestTools.getServerCertificateChain(), new CertificateType[0]).setTrustStore(new Certificate[0]).setSupportedSignatureAlgorithms(new SignatureAndHashAlgorithm[]{SignatureAndHashAlgorithm.SHA1_WITH_ECDSA}).build();
    }

    @Test
    public void testSupportedGroupForMixedCertificateChain() throws IOException, GeneralSecurityException {
        DtlsConnectorConfig build = this.builder.setIdentity(DtlsTestTools.getServerRsPrivateKey(), DtlsTestTools.getServerRsaCertificateChain(), new CertificateType[0]).setTrustStore(new Certificate[0]).build();
        Assert.assertNotNull(build.getSupportedGroups());
        Assert.assertFalse(build.getSupportedGroups().isEmpty());
    }

    @Test
    public void testGetCertificateChainReturnsNullForRpkOnlyConfiguration() throws Exception {
        Assert.assertThat("Certificate chain should be null for RawPublicKey only configuration", this.builder.setIdentity(DtlsTestTools.getPrivateKey(), DtlsTestTools.getPublicKey()).setRpkTrustAll().build().getCertificateChain(), CoreMatchers.is(CoreMatchers.nullValue()));
    }

    @Test
    public void testWantedAuthentication() throws Exception {
        this.builder.setIdentity(DtlsTestTools.getPrivateKey(), DtlsTestTools.getPublicKey()).setRpkTrustAll();
        this.builder.setClientAuthenticationWanted(true);
        DtlsConnectorConfig build = this.builder.build();
        Assert.assertThat(build.isClientAuthenticationWanted(), CoreMatchers.is(true));
        Assert.assertThat(build.isClientAuthenticationRequired(), CoreMatchers.is(false));
    }

    @Test(expected = IllegalStateException.class)
    public void testClientOnlyWantedAuthentication() throws Exception {
        this.builder.setClientOnly();
        this.builder.setIdentity(DtlsTestTools.getPrivateKey(), DtlsTestTools.getPublicKey()).setRpkTrustAll();
        this.builder.setClientAuthenticationWanted(true);
    }

    @Test(expected = IllegalStateException.class)
    public void testClientOnlyRequiredAuthentication() throws Exception {
        this.builder.setClientOnly();
        this.builder.setIdentity(DtlsTestTools.getPrivateKey(), DtlsTestTools.getPublicKey()).setRpkTrustAll();
        this.builder.setClientAuthenticationRequired(true);
    }

    @Test(expected = IllegalStateException.class)
    public void testServerOnlyWithDisabledRequiredAuthenticationFailsOnTrust() throws Exception {
        this.builder.setIdentity(DtlsTestTools.getPrivateKey(), DtlsTestTools.getPublicKey()).setRpkTrustAll();
        this.builder.setServerOnly(true);
        this.builder.setClientAuthenticationRequired(false);
        this.builder.build();
    }

    @Test(expected = IllegalArgumentException.class)
    public void testAntiReplayFilterAndWindowFilter() throws Exception {
        this.builder.setUseAntiReplayFilter(true);
        this.builder.setUseWindowFilter(true);
    }

    @Test
    public void testAntiReplayFilterDefault() throws Exception {
        this.builder.setPskStore(new StaticPskStore("ID", "KEY".getBytes()));
        this.builder.build();
        DtlsConnectorConfig build = this.builder.build();
        Assert.assertThat(build.useAntiReplayFilter(), CoreMatchers.is(true));
        Assert.assertThat(build.useWindowFilter(), CoreMatchers.is(false));
    }

    @Test
    public void testAntiReplayFilterDefaultWithWindowFilter() throws Exception {
        this.builder.setPskStore(new StaticPskStore("ID", "KEY".getBytes()));
        this.builder.setUseWindowFilter(true);
        this.builder.build();
        DtlsConnectorConfig build = this.builder.build();
        Assert.assertThat(build.useAntiReplayFilter(), CoreMatchers.is(false));
        Assert.assertThat(build.useWindowFilter(), CoreMatchers.is(true));
    }

    @Test(expected = IllegalArgumentException.class)
    public void testTrustStoreDoNotContainDuplicateSubject() {
        this.builder.setTrustStore(new X509Certificate[]{DtlsTestTools.getTrustedRootCA(), DtlsTestTools.getTrustedRootCA()});
    }
}
