package org.eclipse.californium.scandium.dtls;

import java.net.InetAddress;
import java.net.InetSocketAddress;
import java.security.GeneralSecurityException;
import java.security.SecureRandom;
import java.util.Arrays;
import java.util.List;
import javax.crypto.spec.SecretKeySpec;
import org.eclipse.californium.elements.category.Small;
import org.eclipse.californium.elements.util.Bytes;
import org.eclipse.californium.elements.util.ClockUtil;
import org.eclipse.californium.elements.util.DatagramWriter;
import org.eclipse.californium.scandium.dtls.cipher.CipherSuite;
import org.eclipse.californium.scandium.dtls.cipher.RandomManager;
import org.eclipse.californium.scandium.util.SecretIvParameterSpec;
import org.junit.Assert;
import org.junit.Assume;
import org.junit.Before;
import org.junit.Test;
import org.junit.experimental.categories.Category;
import org.junit.runner.RunWith;
import org.junit.runners.Parameterized;

@RunWith(Parameterized.class)
@Category({Small.class})
/* loaded from: input_file:org/eclipse/californium/scandium/dtls/RecordDecryptTest.class */
public class RecordDecryptTest {
    static final int TYPE_APPL_DATA = 23;
    static final int EPOCH = 1;
    static final boolean DUMP = false;
    DTLSSession session;
    byte[] payloadData;
    int payloadLength = 128;

    @Parameterized.Parameter
    public CipherSuite cipherSuite;

    /* loaded from: input_file:org/eclipse/californium/scandium/dtls/RecordDecryptTest$BytesJuggler.class */
    static class BytesJuggler implements Juggler {
        private SecureRandom secureRandom = RandomManager.currentSecureRandom();
        private int count;

        BytesJuggler(int i) {
            this.count = i;
        }

        @Override // org.eclipse.californium.scandium.dtls.RecordDecryptTest.Juggler
        public byte[] juggle(byte[] bArr) {
            if (bArr.length > 0) {
                bArr = Arrays.copyOf(bArr, bArr.length);
                for (int i = RecordDecryptTest.DUMP; i < this.count; i += RecordDecryptTest.EPOCH) {
                    bArr[this.secureRandom.nextInt(bArr.length)] = (byte) this.secureRandom.nextInt(256);
                }
            }
            return bArr;
        }
    }

    /* loaded from: input_file:org/eclipse/californium/scandium/dtls/RecordDecryptTest$CombiJuggler.class */
    static class CombiJuggler implements Juggler {
        private LengthJuggler length = new LengthJuggler();
        private BytesJuggler bytes;

        CombiJuggler(int i) {
            this.bytes = new BytesJuggler(i);
        }

        @Override // org.eclipse.californium.scandium.dtls.RecordDecryptTest.Juggler
        public byte[] juggle(byte[] bArr) {
            return this.bytes.juggle(this.length.juggle(bArr));
        }
    }

    /* loaded from: input_file:org/eclipse/californium/scandium/dtls/RecordDecryptTest$FixedLengthJuggler.class */
    static class FixedLengthJuggler implements Juggler {
        final int delta;

        private FixedLengthJuggler(int i) {
            this.delta = i;
        }

        @Override // org.eclipse.californium.scandium.dtls.RecordDecryptTest.Juggler
        public byte[] juggle(byte[] bArr) {
            int length = bArr.length + this.delta;
            if (length < 0) {
                length = RecordDecryptTest.DUMP;
            }
            return Arrays.copyOf(bArr, length);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:org/eclipse/californium/scandium/dtls/RecordDecryptTest$Juggler.class */
    public interface Juggler {
        byte[] juggle(byte[] bArr);
    }

    /* loaded from: input_file:org/eclipse/californium/scandium/dtls/RecordDecryptTest$LengthJuggler.class */
    static class LengthJuggler implements Juggler {
        private SecureRandom secureRandom = RandomManager.currentSecureRandom();

        LengthJuggler() {
        }

        @Override // org.eclipse.californium.scandium.dtls.RecordDecryptTest.Juggler
        public byte[] juggle(byte[] bArr) {
            return Arrays.copyOf(bArr, this.secureRandom.nextInt(bArr.length + 32));
        }
    }

    @Parameterized.Parameters(name = "ciphersuite = {0}")
    public static Iterable<CipherSuite> cipherSuiteParams() {
        return Arrays.asList(CipherSuite.TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8, CipherSuite.TLS_ECDHE_ECDSA_WITH_AES_128_CCM, CipherSuite.TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, CipherSuite.TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, CipherSuite.TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, CipherSuite.TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8, CipherSuite.TLS_ECDHE_ECDSA_WITH_AES_256_CCM, CipherSuite.TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, CipherSuite.TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384);
    }

    @Before
    public void setUp() throws Exception {
        SecureRandom currentSecureRandom = RandomManager.currentSecureRandom();
        Assume.assumeTrue("cipher suite " + this.cipherSuite.name() + " is not supported!", this.cipherSuite.isSupported());
        int encKeyLength = this.cipherSuite.getEncKeyLength();
        int macKeyLength = this.cipherSuite.getMacKeyLength();
        int fixedIvLength = this.cipherSuite.getFixedIvLength();
        SecretKeySpec secretKeySpec = new SecretKeySpec(Bytes.createBytes(currentSecureRandom, encKeyLength), "AES");
        SecretKeySpec secretKeySpec2 = macKeyLength == 0 ? null : new SecretKeySpec(Bytes.createBytes(currentSecureRandom, macKeyLength), "AES");
        SecretIvParameterSpec secretIvParameterSpec = new SecretIvParameterSpec(Bytes.createBytes(currentSecureRandom, fixedIvLength));
        this.payloadData = Bytes.createBytes(currentSecureRandom, this.payloadLength);
        this.session = new DTLSSession(new InetSocketAddress(InetAddress.getLoopbackAddress(), 7001));
        this.session.setReadState(DTLSConnectionState.create(this.cipherSuite, CompressionMethod.NULL, secretKeySpec, secretIvParameterSpec, secretKeySpec2));
        this.session.setWriteState(DTLSConnectionState.create(this.cipherSuite, CompressionMethod.NULL, secretKeySpec, secretIvParameterSpec, secretKeySpec2));
    }

    @Test
    public void testEncrypDecrypt() throws GeneralSecurityException, HandshakeException {
        for (int i = EPOCH; i < this.payloadLength; i += EPOCH) {
            testEncryptDecrypt(Arrays.copyOf(this.payloadData, i));
        }
    }

    private void testEncryptDecrypt(byte[] bArr) throws GeneralSecurityException, HandshakeException {
        List<Record> fromByteArray = DtlsTestTools.fromByteArray(new Record(ContentType.APPLICATION_DATA, EPOCH, this.session.getSequenceNumber(EPOCH), new ApplicationMessage(bArr, this.session.getPeer()), this.session, true, DUMP).toByteArray(), this.session.getPeer(), null, ClockUtil.nanoRealtime());
        Assert.assertFalse("failed to decode raw message", fromByteArray.isEmpty());
        for (Record record : fromByteArray) {
            record.applySession(this.session);
            Assert.assertArrayEquals("decrypted payload differs", bArr, record.getFragment().toByteArray());
        }
    }

    @Test
    public void testEncrypDecryptRecordLengthFailure() {
        testEncryptDecryptRecordFailure(new LengthJuggler());
    }

    @Test
    public void testEncrypDecryptFragmentLengthFailure() {
        testEncryptDecryptFragmentFailure(new LengthJuggler());
    }

    @Test
    public void testEncrypDecryptFragmentAllLengthFailure() {
        for (int i = 15; i < 49; i += EPOCH) {
            byte[] copyOf = Arrays.copyOf(this.payloadData, i);
            for (int i2 = -i; i2 < i + 10; i2 += EPOCH) {
                try {
                    testEncryptDecryptFragmentFailure(copyOf, new FixedLengthJuggler(i2));
                } catch (GeneralSecurityException | HandshakeException e) {
                }
            }
        }
    }

    @Test
    public void testEncrypDecryptRecordBytesFailure() {
        testEncryptDecryptRecordFailure(new BytesJuggler(5));
    }

    @Test
    public void testEncrypDecryptFragmentBytesFailure() {
        testEncryptDecryptFragmentFailure(new BytesJuggler(5));
    }

    @Test
    public void testEncrypDecryptRecordCombiFailure() {
        testEncryptDecryptRecordFailure(new CombiJuggler(15));
    }

    @Test
    public void testEncrypDecryptFragmentCombiFailure() {
        testEncryptDecryptFragmentFailure(new CombiJuggler(15));
    }

    private void testEncryptDecryptRecordFailure(Juggler juggler) {
        for (int i = EPOCH; i < this.payloadLength; i += EPOCH) {
            try {
                testEncryptDecryptRecordFailure(Arrays.copyOf(this.payloadData, i), juggler);
            } catch (GeneralSecurityException | HandshakeException e) {
            }
        }
    }

    private void testEncryptDecryptRecordFailure(byte[] bArr, Juggler juggler) throws GeneralSecurityException, HandshakeException {
        byte[] byteArray = new Record(ContentType.APPLICATION_DATA, EPOCH, this.session.getSequenceNumber(EPOCH), new ApplicationMessage(bArr, this.session.getPeer()), this.session, true, DUMP).toByteArray();
        byte[] juggle = juggler.juggle(byteArray);
        dumpDiff(byteArray, juggle);
        for (Record record : DtlsTestTools.fromByteArray(juggle, this.session.getPeer(), null, ClockUtil.nanoRealtime())) {
            if (record.getEpoch() == EPOCH) {
                record.applySession(this.session);
                record.getFragment();
            }
        }
    }

    private void testEncryptDecryptFragmentFailure(Juggler juggler) {
        for (int i = EPOCH; i < this.payloadLength; i += EPOCH) {
            try {
                testEncryptDecryptFragmentFailure(Arrays.copyOf(this.payloadData, i), juggler);
            } catch (GeneralSecurityException | HandshakeException e) {
            }
        }
    }

    private void testEncryptDecryptFragmentFailure(byte[] bArr, Juggler juggler) throws GeneralSecurityException, HandshakeException {
        Record record = new Record(ContentType.APPLICATION_DATA, EPOCH, this.session.getSequenceNumber(EPOCH), new ApplicationMessage(bArr, this.session.getPeer()), this.session, true, DUMP);
        byte[] fragmentBytes = record.getFragmentBytes();
        byte[] juggle = juggler.juggle(fragmentBytes);
        dumpDiff(fragmentBytes, juggle);
        for (Record record2 : DtlsTestTools.fromByteArray(toByteArray(record, juggle), this.session.getPeer(), null, ClockUtil.nanoRealtime())) {
            record2.applySession(this.session);
            record2.getFragment();
        }
    }

    private byte[] toByteArray(Record record, byte[] bArr) {
        DatagramWriter datagramWriter = new DatagramWriter();
        if (record.useConnectionId()) {
            datagramWriter.write(ContentType.TLS12_CID.getCode(), 8);
        } else {
            datagramWriter.write(record.getType().getCode(), 8);
        }
        datagramWriter.write(record.getVersion().getMajor(), 8);
        datagramWriter.write(record.getVersion().getMinor(), 8);
        datagramWriter.write(record.getEpoch(), 16);
        datagramWriter.writeLong(record.getSequenceNumber(), 48);
        if (record.useConnectionId()) {
            datagramWriter.writeBytes(record.getConnectionId().getBytes());
        }
        datagramWriter.write(bArr.length, 16);
        datagramWriter.writeBytes(bArr);
        return datagramWriter.toByteArray();
    }

    public static void dumpDiff(byte[] bArr, byte[] bArr2) {
    }
}
