package org.eclipse.californium.scandium;

import java.io.IOException;
import java.net.InetAddress;
import java.net.InetSocketAddress;
import java.security.GeneralSecurityException;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.Principal;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.concurrent.TimeUnit;
import org.eclipse.californium.elements.AddressEndpointContext;
import org.eclipse.californium.elements.EndpointContext;
import org.eclipse.californium.elements.MapBasedEndpointContext;
import org.eclipse.californium.elements.MessageCallback;
import org.eclipse.californium.elements.RawData;
import org.eclipse.californium.elements.auth.AdditionalInfo;
import org.eclipse.californium.elements.category.Large;
import org.eclipse.californium.elements.rule.NetworkRule;
import org.eclipse.californium.elements.rule.TestNameLoggerRule;
import org.eclipse.californium.elements.rule.ThreadsRule;
import org.eclipse.californium.elements.util.SimpleMessageCallback;
import org.eclipse.californium.elements.util.SslContextUtil;
import org.eclipse.californium.elements.util.TestCertificatesTools;
import org.eclipse.californium.elements.util.TestScope;
import org.eclipse.californium.scandium.ConnectorHelper;
import org.eclipse.californium.scandium.auth.ApplicationLevelInfoSupplier;
import org.eclipse.californium.scandium.config.DtlsConnectorConfig;
import org.eclipse.californium.scandium.dtls.CertificateType;
import org.eclipse.californium.scandium.dtls.ConnectionIdGenerator;
import org.eclipse.californium.scandium.dtls.DTLSSession;
import org.eclipse.californium.scandium.dtls.DtlsTestTools;
import org.eclipse.californium.scandium.dtls.InMemoryConnectionStore;
import org.eclipse.californium.scandium.dtls.SignatureAndHashAlgorithm;
import org.eclipse.californium.scandium.dtls.SingleNodeConnectionIdGenerator;
import org.eclipse.californium.scandium.dtls.cipher.CipherSuite;
import org.eclipse.californium.scandium.dtls.cipher.ThreadLocalKeyPairGenerator;
import org.eclipse.californium.scandium.dtls.cipher.XECDHECryptography;
import org.eclipse.californium.scandium.dtls.pskstore.AdvancedPskStore;
import org.eclipse.californium.scandium.dtls.pskstore.AdvancedSinglePskStore;
import org.eclipse.californium.scandium.dtls.pskstore.AsyncAdvancedPskStore;
import org.eclipse.californium.scandium.dtls.x509.AsyncNewAdvancedCertificateVerifier;
import org.eclipse.californium.scandium.rule.DtlsNetworkRule;
import org.hamcrest.CoreMatchers;
import org.junit.After;
import org.junit.Assert;
import org.junit.Assume;
import org.junit.Before;
import org.junit.BeforeClass;
import org.junit.ClassRule;
import org.junit.Rule;
import org.junit.Test;
import org.junit.experimental.categories.Category;
import org.junit.runner.RunWith;
import org.junit.runners.Parameterized;
import org.mockito.Matchers;
import org.mockito.Mockito;

@RunWith(Parameterized.class)
@Category({Large.class})
/* loaded from: input_file:org/eclipse/californium/scandium/DTLSConnectorHandshakeTest.class */
public class DTLSConnectorHandshakeTest {
    private static final int CLIENT_CONNECTION_STORE_CAPACITY = 5;
    private static final String DEVICE_ID = "the-device";
    private static final String KEY_DEVICE_ID = "device-id";
    private static final String KEY_SERVER_NAME = "server-name";
    private static AdditionalInfo additionalClientInfo;
    private static AdditionalInfo additionalServerInfo;
    ConnectorHelper serverHelper;
    AsyncAdvancedPskStore serverPskStore;
    AsyncNewAdvancedCertificateVerifier serverVerifier;
    DTLSConnector client;
    InMemoryConnectionStore clientConnectionStore;
    ApplicationLevelInfoSupplier clientInfoSupplier;
    ApplicationLevelInfoSupplier serverInfoSupplier;
    PrivateKey clientPrivateKey;
    PublicKey clientPublicKey;
    X509Certificate[] clientCertificateChain;

    @Parameterized.Parameter(0)
    public ConnectorHelper.BuilderSetup serverBuilderSetup;

    @Parameterized.Parameter(1)
    public ConnectorHelper.BuilderSetup clientBuilderSetup;

    @ClassRule
    public static DtlsNetworkRule network = new DtlsNetworkRule(NetworkRule.Mode.DIRECT, NetworkRule.Mode.NATIVE);

    @ClassRule
    public static ThreadsRule cleanup = new ThreadsRule(new String[0]);
    private static final AdvancedPskStore PSK_STORE = new AdvancedSinglePskStore("Client_identity", "secretPSK".getBytes());

    @Rule
    public TestNameLoggerRule names = new TestNameLoggerRule();
    List<AsyncAdvancedPskStore> clientsPskStores = new ArrayList();
    List<AsyncNewAdvancedCertificateVerifier> clientsCertificateVerifiers = new ArrayList();

    @BeforeClass
    public static void init() {
        HashMap hashMap = new HashMap();
        hashMap.put(KEY_SERVER_NAME, "my.test.server");
        additionalServerInfo = AdditionalInfo.from(hashMap);
        hashMap.clear();
        hashMap.put(KEY_DEVICE_ID, DEVICE_ID);
        additionalClientInfo = AdditionalInfo.from(hashMap);
    }

    @Parameterized.Parameters(name = "setup = server {0} / client {1}")
    public static Iterable<ConnectorHelper.BuilderSetup[]> builderSetups() {
        List asList = Arrays.asList(new ConnectorHelper.BuilderSetup() { // from class: org.eclipse.californium.scandium.DTLSConnectorHandshakeTest.1
            public String toString() {
                return "single-record";
            }

            @Override // org.eclipse.californium.scandium.ConnectorHelper.BuilderSetup
            public void setup(DtlsConnectorConfig.Builder builder) {
                builder.setEnableMultiRecordMessages(false);
            }
        }, new ConnectorHelper.BuilderSetup() { // from class: org.eclipse.californium.scandium.DTLSConnectorHandshakeTest.2
            public String toString() {
                return "multi-handshake-messages";
            }

            @Override // org.eclipse.californium.scandium.ConnectorHelper.BuilderSetup
            public void setup(DtlsConnectorConfig.Builder builder) {
                builder.setEnableMultiHandshakeMessageRecords(true);
            }
        }, new ConnectorHelper.BuilderSetup() { // from class: org.eclipse.californium.scandium.DTLSConnectorHandshakeTest.3
            public String toString() {
                return "single-handshake-messages";
            }

            @Override // org.eclipse.californium.scandium.ConnectorHelper.BuilderSetup
            public void setup(DtlsConnectorConfig.Builder builder) {
                builder.setEnableMultiHandshakeMessageRecords(false);
            }
        });
        List asList2 = Arrays.asList(new ConnectorHelper.BuilderSetup() { // from class: org.eclipse.californium.scandium.DTLSConnectorHandshakeTest.4
            public String toString() {
                return "no record-size-limit";
            }

            @Override // org.eclipse.californium.scandium.ConnectorHelper.BuilderSetup
            public void setup(DtlsConnectorConfig.Builder builder) {
                builder.setRecordSizeLimit((Integer) null);
            }
        }, new ConnectorHelper.BuilderSetup() { // from class: org.eclipse.californium.scandium.DTLSConnectorHandshakeTest.5
            public String toString() {
                return "record-size-limit";
            }

            @Override // org.eclipse.californium.scandium.ConnectorHelper.BuilderSetup
            public void setup(DtlsConnectorConfig.Builder builder) {
                builder.setRecordSizeLimit(270);
            }
        });
        List<ConnectorHelper.BuilderSetup> asList3 = Arrays.asList(new ConnectorHelper.BuilderSetup() { // from class: org.eclipse.californium.scandium.DTLSConnectorHandshakeTest.6
            public String toString() {
                return "sync";
            }

            @Override // org.eclipse.californium.scandium.ConnectorHelper.BuilderSetup
            public void setup(DtlsConnectorConfig.Builder builder) {
                AsyncAdvancedPskStore advancedPskStore = builder.getIncompleteConfig().getAdvancedPskStore();
                if (advancedPskStore instanceof AsyncAdvancedPskStore) {
                    advancedPskStore.setDelay(0);
                }
                AsyncNewAdvancedCertificateVerifier advancedCertificateVerifier = builder.getIncompleteConfig().getAdvancedCertificateVerifier();
                if (advancedCertificateVerifier instanceof AsyncNewAdvancedCertificateVerifier) {
                    advancedCertificateVerifier.setDelay(0);
                }
            }
        }, new ConnectorHelper.BuilderSetup() { // from class: org.eclipse.californium.scandium.DTLSConnectorHandshakeTest.7
            public String toString() {
                return "async";
            }

            @Override // org.eclipse.californium.scandium.ConnectorHelper.BuilderSetup
            public void setup(DtlsConnectorConfig.Builder builder) {
                AsyncAdvancedPskStore advancedPskStore = builder.getIncompleteConfig().getAdvancedPskStore();
                if (advancedPskStore instanceof AsyncAdvancedPskStore) {
                    advancedPskStore.setDelay(1);
                }
                AsyncNewAdvancedCertificateVerifier advancedCertificateVerifier = builder.getIncompleteConfig().getAdvancedCertificateVerifier();
                if (advancedCertificateVerifier instanceof AsyncNewAdvancedCertificateVerifier) {
                    advancedCertificateVerifier.setDelay(1);
                }
            }
        });
        ArrayList arrayList = new ArrayList();
        if (TestScope.enableIntensiveTests()) {
            ConnectorHelper.BuilderSetup[] expand = ConnectorHelper.expand(asList);
            ConnectorHelper.BuilderSetup[] expand2 = ConnectorHelper.expand(asList, asList2);
            for (ConnectorHelper.BuilderSetup builderSetup : expand) {
                for (ConnectorHelper.BuilderSetup builderSetup2 : expand2) {
                    arrayList.add(new ConnectorHelper.BuilderSetup[]{builderSetup, builderSetup2});
                }
            }
            for (ConnectorHelper.BuilderSetup builderSetup3 : asList3) {
                arrayList.add(new ConnectorHelper.BuilderSetup[]{builderSetup3, builderSetup3});
            }
        } else {
            ConnectorHelper.BuilderSetups builderSetups = new ConnectorHelper.BuilderSetups();
            builderSetups.add(asList.get(2));
            builderSetups.add(asList2.get(1));
            builderSetups.add(asList3.get(1));
            ConnectorHelper.BuilderSetups builderSetups2 = new ConnectorHelper.BuilderSetups();
            builderSetups2.add(asList.get(1));
            builderSetups2.add(asList2.get(1));
            builderSetups2.add(asList3.get(0));
            arrayList.add(new ConnectorHelper.BuilderSetup[]{builderSetups, builderSetups2});
            ConnectorHelper.BuilderSetups builderSetups3 = new ConnectorHelper.BuilderSetups();
            builderSetups3.add(asList3.get(0));
            ConnectorHelper.BuilderSetups builderSetups4 = new ConnectorHelper.BuilderSetups();
            builderSetups4.add(asList.get(0));
            builderSetups4.add(asList2.get(0));
            builderSetups4.add(asList3.get(1));
            arrayList.add(new ConnectorHelper.BuilderSetup[]{builderSetups3, builderSetups4});
        }
        return arrayList;
    }

    @Before
    public void setUp() {
        this.serverInfoSupplier = (ApplicationLevelInfoSupplier) Mockito.mock(ApplicationLevelInfoSupplier.class);
        Mockito.when(this.serverInfoSupplier.getInfo((Principal) Matchers.any(Principal.class))).thenReturn(additionalServerInfo);
        this.clientInfoSupplier = (ApplicationLevelInfoSupplier) Mockito.mock(ApplicationLevelInfoSupplier.class);
        Mockito.when(this.clientInfoSupplier.getInfo((Principal) Matchers.any(Principal.class))).thenReturn(additionalClientInfo);
    }

    @After
    public void cleanUp() {
        Iterator<AsyncAdvancedPskStore> it = this.clientsPskStores.iterator();
        while (it.hasNext()) {
            it.next().shutdown();
        }
        this.clientsPskStores.clear();
        Iterator<AsyncNewAdvancedCertificateVerifier> it2 = this.clientsCertificateVerifiers.iterator();
        while (it2.hasNext()) {
            it2.next().shutdown();
        }
        this.clientsCertificateVerifiers.clear();
        if (this.serverPskStore != null) {
            this.serverPskStore.shutdown();
            this.serverPskStore = null;
        }
        if (this.serverVerifier != null) {
            this.serverVerifier.shutdown();
            this.serverVerifier = null;
        }
        if (this.serverHelper != null) {
            this.serverHelper.destroyServer();
        }
        if (this.client != null) {
            this.client.destroy();
        }
    }

    private void assertClientPrincipalHasAdditionalInfo(Principal principal) {
        ConnectorHelper.assertPrincipalHasAdditionalInfo(principal, KEY_DEVICE_ID, DEVICE_ID);
    }

    private void startServer(boolean z, boolean z2, boolean z3, ConnectionIdGenerator connectionIdGenerator) throws IOException, GeneralSecurityException {
        startServer(new DtlsConnectorConfig.Builder().setClientAuthenticationRequired(z2).setClientAuthenticationWanted(z3).setConnectionIdGenerator(connectionIdGenerator).setLoggingTag("server").setSniEnabled(z).setApplicationLevelInfoSupplier(this.clientInfoSupplier));
    }

    private void startServer(DtlsConnectorConfig.Builder builder) throws IOException, GeneralSecurityException {
        this.serverHelper = new ConnectorHelper();
        DtlsConnectorConfig incompleteConfig = builder.getIncompleteConfig();
        AdvancedPskStore ensurePskStore = this.serverHelper.ensurePskStore(builder);
        if (ensurePskStore != null) {
            this.serverPskStore = new AsyncAdvancedPskStore(ensurePskStore);
            builder.setAdvancedPskStore(this.serverPskStore);
            this.serverPskStore.setDelay(DtlsTestTools.DEFAULT_HANDSHAKE_RESULT_DELAY_MILLIS);
        }
        if ((!Boolean.FALSE.equals(incompleteConfig.isClientAuthenticationRequired()) || Boolean.TRUE.equals(incompleteConfig.isClientAuthenticationWanted())) && incompleteConfig.getAdvancedCertificateVerifier() == null) {
            this.serverVerifier = AsyncNewAdvancedCertificateVerifier.builder().setTrustAllCertificates().setTrustAllRPKs().build();
            builder.setAdvancedCertificateVerifier(this.serverVerifier);
            this.serverVerifier.setDelay(DtlsTestTools.DEFAULT_HANDSHAKE_RESULT_DELAY_MILLIS);
        }
        this.serverBuilderSetup.setup(builder);
        this.serverHelper.startServer(builder);
    }

    private void startClientPsk(boolean z, String str, ConnectionIdGenerator connectionIdGenerator, AdvancedPskStore advancedPskStore) throws Exception {
        startClientPsk(z, str, connectionIdGenerator, advancedPskStore, null);
    }

    private void startClientPsk(boolean z, String str, ConnectionIdGenerator connectionIdGenerator, AdvancedPskStore advancedPskStore, CipherSuite cipherSuite) throws Exception {
        this.clientsPskStores.add(new AsyncAdvancedPskStore(advancedPskStore));
        DtlsConnectorConfig.Builder advancedPskStore2 = DtlsConnectorConfig.builder().setConnectionIdGenerator(connectionIdGenerator).setAdvancedPskStore(advancedPskStore);
        if (cipherSuite != null) {
            advancedPskStore2.setRecommendedCipherSuitesOnly(false).setSupportedCipherSuites(new CipherSuite[]{cipherSuite});
        }
        startClient(z, str, advancedPskStore2);
    }

    private void startClientRpk(boolean z, boolean z2, String str) throws Exception {
        startClientRpk(z, z2, str, null);
    }

    private void startClientRpk(boolean z, boolean z2, String str, CipherSuite cipherSuite) throws Exception {
        AsyncNewAdvancedCertificateVerifier build = AsyncNewAdvancedCertificateVerifier.builder().setTrustAllRPKs().build();
        this.clientsCertificateVerifiers.add(build);
        DtlsConnectorConfig.Builder advancedCertificateVerifier = DtlsConnectorConfig.builder().setAdvancedCertificateVerifier(build);
        if (!z2) {
            if (this.clientPrivateKey == null) {
                this.clientPrivateKey = DtlsTestTools.getClientPrivateKey();
            }
            if (this.clientPublicKey == null) {
                this.clientPublicKey = DtlsTestTools.getClientPublicKey();
            }
            advancedCertificateVerifier.setIdentity(this.clientPrivateKey, this.clientPublicKey);
        }
        if (cipherSuite != null) {
            advancedCertificateVerifier.setRecommendedCipherSuitesOnly(false).setSupportedCipherSuites(new CipherSuite[]{cipherSuite});
        }
        startClient(z, str, advancedCertificateVerifier);
    }

    private void startClientX509(boolean z, boolean z2, String str) throws Exception {
        startClientX509(z, z2, str, null);
    }

    private void startClientX509(boolean z, boolean z2, String str, CipherSuite cipherSuite) throws Exception {
        startClientX509(z, z2, str, cipherSuite, new X509Certificate[0]);
    }

    private void startClientX509(boolean z, boolean z2, String str, CipherSuite cipherSuite, X509Certificate... x509CertificateArr) throws Exception {
        AsyncNewAdvancedCertificateVerifier build = AsyncNewAdvancedCertificateVerifier.builder().setTrustedCertificates(x509CertificateArr).build();
        this.clientsCertificateVerifiers.add(build);
        DtlsConnectorConfig.Builder advancedCertificateVerifier = DtlsConnectorConfig.builder().setAdvancedCertificateVerifier(build);
        if (!z2) {
            if (this.clientPrivateKey == null) {
                this.clientPrivateKey = DtlsTestTools.getClientPrivateKey();
            }
            if (this.clientCertificateChain == null) {
                this.clientCertificateChain = DtlsTestTools.getClientCertificateChain();
            }
            advancedCertificateVerifier.setIdentity(this.clientPrivateKey, this.clientCertificateChain, new CertificateType[0]);
        }
        if (cipherSuite != null) {
            advancedCertificateVerifier.setRecommendedCipherSuitesOnly(false).setSupportedCipherSuites(new CipherSuite[]{cipherSuite});
        }
        startClient(z, str, advancedCertificateVerifier);
    }

    private void startClient(boolean z, String str, DtlsConnectorConfig.Builder builder) throws Exception {
        builder.setAddress(new InetSocketAddress(InetAddress.getLoopbackAddress(), 0)).setLoggingTag("client").setReceiverThreadCount(1).setConnectionThreadCount(1).setSniEnabled(z).setClientOnly().setMaxConnections(CLIENT_CONNECTION_STORE_CAPACITY).setApplicationLevelInfoSupplier(this.serverInfoSupplier);
        this.clientBuilderSetup.setup(builder);
        this.client = this.serverHelper.createClient(builder.build());
        this.serverHelper.givenAnEstablishedSession(this.client, RawData.outbound("Hello World".getBytes(), new AddressEndpointContext(this.serverHelper.serverEndpoint, str, (Principal) null), (MessageCallback) null, false), true);
        DTLSSession sessionByAddress = this.client.getSessionByAddress(this.serverHelper.serverEndpoint);
        Assert.assertThat(sessionByAddress, CoreMatchers.is(CoreMatchers.notNullValue()));
        ConnectorHelper.assertPrincipalHasAdditionalInfo(sessionByAddress.getPeerIdentity(), KEY_SERVER_NAME, "my.test.server");
    }

    private void startClientFailing(DtlsConnectorConfig.Builder builder, EndpointContext endpointContext) throws Exception {
        builder.setAddress(new InetSocketAddress(InetAddress.getLoopbackAddress(), 0)).setLoggingTag("client").setReceiverThreadCount(1).setConnectionThreadCount(1).setClientOnly().setMaxConnections(CLIENT_CONNECTION_STORE_CAPACITY);
        this.clientBuilderSetup.setup(builder);
        this.client = this.serverHelper.createClient(builder.build());
        this.client.start();
        SimpleMessageCallback simpleMessageCallback = new SimpleMessageCallback();
        this.client.send(RawData.outbound("Hello World".getBytes(), endpointContext, simpleMessageCallback, false));
        Assert.assertThat("client side error missing", simpleMessageCallback.getError(TimeUnit.SECONDS.toMillis(2L)), CoreMatchers.is(CoreMatchers.notNullValue()));
    }

    @Test
    public void testPskHandshakeClientWithoutSniAndServerWithoutSni() throws Exception {
        startServer(false, true, false, null);
        startClientPsk(false, null, null, PSK_STORE);
        EndpointContext clientEndpointContext = this.serverHelper.serverRawDataProcessor.getClientEndpointContext();
        Principal peerIdentity = clientEndpointContext.getPeerIdentity();
        Assert.assertThat(peerIdentity, CoreMatchers.is(CoreMatchers.notNullValue()));
        Assert.assertThat(peerIdentity.getName(), CoreMatchers.is("Client_identity"));
        Assert.assertThat(clientEndpointContext.getVirtualHost(), CoreMatchers.is(CoreMatchers.nullValue()));
        assertClientPrincipalHasAdditionalInfo(peerIdentity);
    }

    @Test
    public void testPskHandshakeClientWithoutSniAndServerWithSni() throws Exception {
        startServer(true, true, false, null);
        startClientPsk(false, null, null, PSK_STORE);
        EndpointContext clientEndpointContext = this.serverHelper.serverRawDataProcessor.getClientEndpointContext();
        Principal peerIdentity = clientEndpointContext.getPeerIdentity();
        Assert.assertThat(peerIdentity, CoreMatchers.is(CoreMatchers.notNullValue()));
        Assert.assertThat(peerIdentity.getName(), CoreMatchers.is(":Client_identity"));
        Assert.assertThat(clientEndpointContext.getVirtualHost(), CoreMatchers.is(CoreMatchers.nullValue()));
        assertClientPrincipalHasAdditionalInfo(peerIdentity);
    }

    @Test
    public void testPskHandshakeWithServernameClientWithoutSniAndServerWithoutSni() throws Exception {
        startServer(false, true, false, null);
        startClientPsk(false, "my.test.server", null, PSK_STORE);
        EndpointContext clientEndpointContext = this.serverHelper.serverRawDataProcessor.getClientEndpointContext();
        Principal peerIdentity = clientEndpointContext.getPeerIdentity();
        Assert.assertThat(peerIdentity, CoreMatchers.is(CoreMatchers.notNullValue()));
        Assert.assertThat(peerIdentity.getName(), CoreMatchers.is("Client_identity"));
        Assert.assertThat(clientEndpointContext.getVirtualHost(), CoreMatchers.is(CoreMatchers.nullValue()));
        assertClientPrincipalHasAdditionalInfo(peerIdentity);
    }

    @Test
    public void testPskHandshakeWithServernameClientWithoutSniAndServerWithSni() throws Exception {
        startServer(true, true, false, null);
        startClientPsk(false, "my.test.server", null, PSK_STORE);
        EndpointContext clientEndpointContext = this.serverHelper.serverRawDataProcessor.getClientEndpointContext();
        Principal peerIdentity = clientEndpointContext.getPeerIdentity();
        Assert.assertThat(peerIdentity, CoreMatchers.is(CoreMatchers.notNullValue()));
        Assert.assertThat(peerIdentity.getName(), CoreMatchers.is(":Client_identity"));
        Assert.assertThat(clientEndpointContext.getVirtualHost(), CoreMatchers.is(CoreMatchers.nullValue()));
        assertClientPrincipalHasAdditionalInfo(peerIdentity);
    }

    @Test
    public void testPskHandshakeClientWithSniAndServerWithoutSni() throws Exception {
        startServer(false, true, false, null);
        startClientPsk(true, null, null, PSK_STORE);
        EndpointContext clientEndpointContext = this.serverHelper.serverRawDataProcessor.getClientEndpointContext();
        Principal peerIdentity = clientEndpointContext.getPeerIdentity();
        Assert.assertThat(peerIdentity, CoreMatchers.is(CoreMatchers.notNullValue()));
        Assert.assertThat(peerIdentity.getName(), CoreMatchers.is("Client_identity"));
        Assert.assertThat(clientEndpointContext.getVirtualHost(), CoreMatchers.is(CoreMatchers.nullValue()));
        assertClientPrincipalHasAdditionalInfo(peerIdentity);
    }

    @Test
    public void testPskHandshakeClientWithSniAndServerWithSni() throws Exception {
        startServer(true, true, false, null);
        startClientPsk(true, null, null, PSK_STORE);
        EndpointContext clientEndpointContext = this.serverHelper.serverRawDataProcessor.getClientEndpointContext();
        Principal peerIdentity = clientEndpointContext.getPeerIdentity();
        Assert.assertThat(peerIdentity, CoreMatchers.is(CoreMatchers.notNullValue()));
        Assert.assertThat(peerIdentity.getName(), CoreMatchers.is(":Client_identity"));
        Assert.assertThat(clientEndpointContext.getVirtualHost(), CoreMatchers.is(CoreMatchers.nullValue()));
        assertClientPrincipalHasAdditionalInfo(peerIdentity);
    }

    @Test
    public void testPskHandshakeWithServernameClientWithSniAndServerWithoutSni() throws Exception {
        startServer(false, true, false, null);
        startClientPsk(true, "my.test.server", null, PSK_STORE);
        EndpointContext clientEndpointContext = this.serverHelper.serverRawDataProcessor.getClientEndpointContext();
        Principal peerIdentity = clientEndpointContext.getPeerIdentity();
        Assert.assertThat(peerIdentity, CoreMatchers.is(CoreMatchers.notNullValue()));
        Assert.assertThat(peerIdentity.getName(), CoreMatchers.is("Client_identity"));
        Assert.assertThat(clientEndpointContext.getVirtualHost(), CoreMatchers.is(CoreMatchers.nullValue()));
        assertClientPrincipalHasAdditionalInfo(peerIdentity);
    }

    @Test
    public void testPskHandshakeWithServernameClientWithSniAndServerWithSni() throws Exception {
        startServer(true, true, false, null);
        startClientPsk(true, "my.test.server", null, new AdvancedSinglePskStore("My_client_identity", "mySecretPSK".getBytes()));
        EndpointContext clientEndpointContext = this.serverHelper.serverRawDataProcessor.getClientEndpointContext();
        Principal peerIdentity = clientEndpointContext.getPeerIdentity();
        Assert.assertThat(peerIdentity, CoreMatchers.is(CoreMatchers.notNullValue()));
        Assert.assertThat(peerIdentity.getName(), CoreMatchers.is("my.test.server:My_client_identity"));
        Assert.assertThat(clientEndpointContext.getVirtualHost(), CoreMatchers.is("my.test.server"));
        assertClientPrincipalHasAdditionalInfo(peerIdentity);
    }

    @Test
    public void testRpkHandshakeClientWithSniAndServerWithSni() throws Exception {
        startServer(true, true, false, null);
        startClientRpk(true, false, null);
        EndpointContext clientEndpointContext = this.serverHelper.serverRawDataProcessor.getClientEndpointContext();
        Principal peerIdentity = clientEndpointContext.getPeerIdentity();
        Assert.assertThat(peerIdentity, CoreMatchers.is(CoreMatchers.notNullValue()));
        Assert.assertThat(peerIdentity.getName(), CoreMatchers.startsWith("ni:///sha-256;"));
        Assert.assertThat(clientEndpointContext.getVirtualHost(), CoreMatchers.is(CoreMatchers.nullValue()));
        assertClientPrincipalHasAdditionalInfo(peerIdentity);
    }

    @Test
    public void testRpkHandshakeClientWithoutSniAndServerWithoutSni() throws Exception {
        startServer(false, true, false, null);
        startClientRpk(false, false, null);
        EndpointContext clientEndpointContext = this.serverHelper.serverRawDataProcessor.getClientEndpointContext();
        Principal peerIdentity = clientEndpointContext.getPeerIdentity();
        Assert.assertThat(peerIdentity, CoreMatchers.is(CoreMatchers.notNullValue()));
        Assert.assertThat(peerIdentity.getName(), CoreMatchers.startsWith("ni:///sha-256;"));
        Assert.assertThat(clientEndpointContext.getVirtualHost(), CoreMatchers.is(CoreMatchers.nullValue()));
        assertClientPrincipalHasAdditionalInfo(peerIdentity);
    }

    @Test
    public void testRpkHandshakeWithServernameClientWithSniAndServerWithSni() throws Exception {
        startServer(true, true, false, null);
        startClientRpk(true, false, "my.test.server");
        EndpointContext clientEndpointContext = this.serverHelper.serverRawDataProcessor.getClientEndpointContext();
        Principal peerIdentity = clientEndpointContext.getPeerIdentity();
        Assert.assertThat(peerIdentity, CoreMatchers.is(CoreMatchers.notNullValue()));
        Assert.assertThat(peerIdentity.getName(), CoreMatchers.startsWith("ni:///sha-256;"));
        Assert.assertThat(clientEndpointContext.getVirtualHost(), CoreMatchers.is("my.test.server"));
        assertClientPrincipalHasAdditionalInfo(peerIdentity);
    }

    @Test
    public void testRpkHandshakeWithServernameClientWithoutSniAndServerWithoutSni() throws Exception {
        startServer(false, true, false, null);
        startClientRpk(false, false, "my.test.server");
        EndpointContext clientEndpointContext = this.serverHelper.serverRawDataProcessor.getClientEndpointContext();
        Principal peerIdentity = clientEndpointContext.getPeerIdentity();
        Assert.assertThat(peerIdentity, CoreMatchers.is(CoreMatchers.notNullValue()));
        Assert.assertThat(peerIdentity.getName(), CoreMatchers.startsWith("ni:///sha-256;"));
        Assert.assertThat(clientEndpointContext.getVirtualHost(), CoreMatchers.is(CoreMatchers.nullValue()));
        assertClientPrincipalHasAdditionalInfo(peerIdentity);
    }

    @Test
    public void testX509HandshakeClientWithSniAndServerWithSni() throws Exception {
        startServer(true, true, false, null);
        startClientX509(true, false, null);
        EndpointContext clientEndpointContext = this.serverHelper.serverRawDataProcessor.getClientEndpointContext();
        Principal peerIdentity = clientEndpointContext.getPeerIdentity();
        Assert.assertThat(peerIdentity, CoreMatchers.is(CoreMatchers.notNullValue()));
        Assert.assertThat(peerIdentity.getName(), CoreMatchers.is("C=CA,L=Ottawa,O=Eclipse IoT,OU=Californium,CN=cf-client"));
        Assert.assertThat(clientEndpointContext.getVirtualHost(), CoreMatchers.is(CoreMatchers.nullValue()));
        assertClientPrincipalHasAdditionalInfo(peerIdentity);
    }

    @Test
    public void testX509HandshakeClientWithoutSniAndServerWithoutSni() throws Exception {
        startServer(false, true, false, null);
        startClientX509(false, false, null);
        EndpointContext clientEndpointContext = this.serverHelper.serverRawDataProcessor.getClientEndpointContext();
        Principal peerIdentity = clientEndpointContext.getPeerIdentity();
        Assert.assertThat(peerIdentity, CoreMatchers.is(CoreMatchers.notNullValue()));
        Assert.assertThat(peerIdentity.getName(), CoreMatchers.is("C=CA,L=Ottawa,O=Eclipse IoT,OU=Californium,CN=cf-client"));
        Assert.assertThat(clientEndpointContext.getVirtualHost(), CoreMatchers.is(CoreMatchers.nullValue()));
        assertClientPrincipalHasAdditionalInfo(peerIdentity);
    }

    @Test
    public void testX509HandshakeWithServernameClientWithSniAndServerWithSni() throws Exception {
        startServer(true, true, false, null);
        startClientX509(true, false, "my.test.server");
        EndpointContext clientEndpointContext = this.serverHelper.serverRawDataProcessor.getClientEndpointContext();
        Principal peerIdentity = clientEndpointContext.getPeerIdentity();
        Assert.assertThat(peerIdentity, CoreMatchers.is(CoreMatchers.notNullValue()));
        Assert.assertThat(peerIdentity.getName(), CoreMatchers.is("C=CA,L=Ottawa,O=Eclipse IoT,OU=Californium,CN=cf-client"));
        Assert.assertThat(clientEndpointContext.getVirtualHost(), CoreMatchers.is("my.test.server"));
        assertClientPrincipalHasAdditionalInfo(peerIdentity);
    }

    @Test
    public void testX509HandshakeWithServernameClientWithoutSniAndServerWithoutSni() throws Exception {
        startServer(false, true, false, null);
        startClientX509(false, false, "my.test.server");
        EndpointContext clientEndpointContext = this.serverHelper.serverRawDataProcessor.getClientEndpointContext();
        Principal peerIdentity = clientEndpointContext.getPeerIdentity();
        Assert.assertThat(peerIdentity, CoreMatchers.is(CoreMatchers.notNullValue()));
        Assert.assertThat(peerIdentity.getName(), CoreMatchers.is("C=CA,L=Ottawa,O=Eclipse IoT,OU=Californium,CN=cf-client"));
        Assert.assertThat(clientEndpointContext.getVirtualHost(), CoreMatchers.is(CoreMatchers.nullValue()));
        assertClientPrincipalHasAdditionalInfo(peerIdentity);
    }

    @Test
    public void testRpkHandshakeNoneAuthClientWithSniAndServerWithSni() throws Exception {
        startServer(true, false, false, null);
        startClientRpk(true, false, null);
        EndpointContext clientEndpointContext = this.serverHelper.serverRawDataProcessor.getClientEndpointContext();
        Assert.assertThat(clientEndpointContext.getPeerIdentity(), CoreMatchers.is(CoreMatchers.nullValue()));
        Assert.assertThat(clientEndpointContext.getVirtualHost(), CoreMatchers.is(CoreMatchers.nullValue()));
        ((ApplicationLevelInfoSupplier) Mockito.verify(this.clientInfoSupplier, Mockito.never())).getInfo((Principal) Matchers.any(Principal.class));
    }

    @Test
    public void testRpkHandshakeNoneAuthClientWithoutSniAndServerWithoutSni() throws Exception {
        startServer(false, false, false, null);
        startClientRpk(false, false, null);
        EndpointContext clientEndpointContext = this.serverHelper.serverRawDataProcessor.getClientEndpointContext();
        Assert.assertThat(clientEndpointContext.getPeerIdentity(), CoreMatchers.is(CoreMatchers.nullValue()));
        Assert.assertThat(clientEndpointContext.getVirtualHost(), CoreMatchers.is(CoreMatchers.nullValue()));
        ((ApplicationLevelInfoSupplier) Mockito.verify(this.clientInfoSupplier, Mockito.never())).getInfo((Principal) Matchers.any(Principal.class));
    }

    @Test
    public void testRpkHandshakeNoneAuthWithServernameClientWithSniAndServerWithSni() throws Exception {
        startServer(true, false, false, null);
        startClientRpk(true, false, "my.test.server");
        EndpointContext clientEndpointContext = this.serverHelper.serverRawDataProcessor.getClientEndpointContext();
        Assert.assertThat(clientEndpointContext.getPeerIdentity(), CoreMatchers.is(CoreMatchers.nullValue()));
        Assert.assertThat(clientEndpointContext.getVirtualHost(), CoreMatchers.is("my.test.server"));
        ((ApplicationLevelInfoSupplier) Mockito.verify(this.clientInfoSupplier, Mockito.never())).getInfo((Principal) Matchers.any(Principal.class));
    }

    @Test
    public void testRpkHandshakeNoneAuthWithServernameClientWithoutSniAndServerWithoutSni() throws Exception {
        startServer(false, false, false, null);
        startClientRpk(false, false, "my.test.server");
        EndpointContext clientEndpointContext = this.serverHelper.serverRawDataProcessor.getClientEndpointContext();
        Assert.assertThat(clientEndpointContext.getPeerIdentity(), CoreMatchers.is(CoreMatchers.nullValue()));
        Assert.assertThat(clientEndpointContext.getVirtualHost(), CoreMatchers.is(CoreMatchers.nullValue()));
        ((ApplicationLevelInfoSupplier) Mockito.verify(this.clientInfoSupplier, Mockito.never())).getInfo((Principal) Matchers.any(Principal.class));
    }

    @Test
    public void testX509HandshakeNoneAuthClientWithSniAndServerWithSni() throws Exception {
        startServer(true, false, false, null);
        startClientX509(true, false, null);
        EndpointContext clientEndpointContext = this.serverHelper.serverRawDataProcessor.getClientEndpointContext();
        Assert.assertThat(clientEndpointContext.getPeerIdentity(), CoreMatchers.is(CoreMatchers.nullValue()));
        Assert.assertThat(clientEndpointContext.getVirtualHost(), CoreMatchers.is(CoreMatchers.nullValue()));
        ((ApplicationLevelInfoSupplier) Mockito.verify(this.clientInfoSupplier, Mockito.never())).getInfo((Principal) Matchers.any(Principal.class));
    }

    @Test
    public void testX509HandshakeNoneAuthClientWithoutSniAndServerWithoutSni() throws Exception {
        startServer(false, false, false, null);
        startClientX509(false, false, null);
        EndpointContext clientEndpointContext = this.serverHelper.serverRawDataProcessor.getClientEndpointContext();
        Assert.assertThat(clientEndpointContext.getPeerIdentity(), CoreMatchers.is(CoreMatchers.nullValue()));
        Assert.assertThat(clientEndpointContext.getVirtualHost(), CoreMatchers.is(CoreMatchers.nullValue()));
        ((ApplicationLevelInfoSupplier) Mockito.verify(this.clientInfoSupplier, Mockito.never())).getInfo((Principal) Matchers.any(Principal.class));
    }

    @Test
    public void testX509HandshakeNoneAuthWithServernameClientWithSniAndServerWithSni() throws Exception {
        startServer(true, false, false, null);
        startClientX509(true, false, "my.test.server");
        EndpointContext clientEndpointContext = this.serverHelper.serverRawDataProcessor.getClientEndpointContext();
        Assert.assertThat(clientEndpointContext.getPeerIdentity(), CoreMatchers.is(CoreMatchers.nullValue()));
        Assert.assertThat(clientEndpointContext.getVirtualHost(), CoreMatchers.is("my.test.server"));
        ((ApplicationLevelInfoSupplier) Mockito.verify(this.clientInfoSupplier, Mockito.never())).getInfo((Principal) Matchers.any(Principal.class));
    }

    @Test
    public void testX509HandshakeNoneAuthWithServernameClientWithoutSniAndServerWithoutSni() throws Exception {
        startServer(false, false, false, null);
        startClientX509(false, false, "my.test.server");
        EndpointContext clientEndpointContext = this.serverHelper.serverRawDataProcessor.getClientEndpointContext();
        Assert.assertThat(clientEndpointContext.getPeerIdentity(), CoreMatchers.is(CoreMatchers.nullValue()));
        Assert.assertThat(clientEndpointContext.getVirtualHost(), CoreMatchers.is(CoreMatchers.nullValue()));
        ((ApplicationLevelInfoSupplier) Mockito.verify(this.clientInfoSupplier, Mockito.never())).getInfo((Principal) Matchers.any(Principal.class));
    }

    @Test
    public void testRpkHandshakeAuthWanted() throws Exception {
        startServer(false, false, true, null);
        startClientRpk(false, false, null);
        EndpointContext clientEndpointContext = this.serverHelper.serverRawDataProcessor.getClientEndpointContext();
        Principal peerIdentity = clientEndpointContext.getPeerIdentity();
        Assert.assertThat(peerIdentity, CoreMatchers.is(CoreMatchers.notNullValue()));
        Assert.assertThat(clientEndpointContext.getVirtualHost(), CoreMatchers.is(CoreMatchers.nullValue()));
        assertClientPrincipalHasAdditionalInfo(peerIdentity);
    }

    @Test
    public void testRpkHandshakeAuthWantedAnonymClient() throws Exception {
        startServer(false, false, true, null);
        startClientRpk(false, true, null);
        EndpointContext clientEndpointContext = this.serverHelper.serverRawDataProcessor.getClientEndpointContext();
        Assert.assertThat(clientEndpointContext.getPeerIdentity(), CoreMatchers.is(CoreMatchers.nullValue()));
        Assert.assertThat(clientEndpointContext.getVirtualHost(), CoreMatchers.is(CoreMatchers.nullValue()));
        ((ApplicationLevelInfoSupplier) Mockito.verify(this.clientInfoSupplier, Mockito.never())).getInfo((Principal) Matchers.any(Principal.class));
    }

    @Test
    public void testX509HandshakeAuthWanted() throws Exception {
        startServer(false, false, true, null);
        startClientX509(false, false, null);
        EndpointContext clientEndpointContext = this.serverHelper.serverRawDataProcessor.getClientEndpointContext();
        Principal peerIdentity = clientEndpointContext.getPeerIdentity();
        Assert.assertThat(peerIdentity, CoreMatchers.is(CoreMatchers.notNullValue()));
        Assert.assertThat(clientEndpointContext.getVirtualHost(), CoreMatchers.is(CoreMatchers.nullValue()));
        assertClientPrincipalHasAdditionalInfo(peerIdentity);
    }

    @Test
    public void testX509HandshakeAuthWantedAnonymClient() throws Exception {
        startServer(false, false, true, null);
        startClientX509(false, true, null);
        EndpointContext clientEndpointContext = this.serverHelper.serverRawDataProcessor.getClientEndpointContext();
        Assert.assertThat(clientEndpointContext.getPeerIdentity(), CoreMatchers.is(CoreMatchers.nullValue()));
        Assert.assertThat(clientEndpointContext.getVirtualHost(), CoreMatchers.is(CoreMatchers.nullValue()));
        ((ApplicationLevelInfoSupplier) Mockito.verify(this.clientInfoSupplier, Mockito.never())).getInfo((Principal) Matchers.any(Principal.class));
    }

    @Test
    public void testX509MixedCertificateChainHandshakeAuthWantedAnonymClient() throws Exception {
        startServer(DtlsConnectorConfig.builder().setClientAuthenticationWanted(true).setIdentity(DtlsTestTools.getServerRsPrivateKey(), DtlsTestTools.getServerRsaCertificateChain(), new CertificateType[0]).setApplicationLevelInfoSupplier(this.clientInfoSupplier));
        startClientX509(false, true, null);
        EndpointContext clientEndpointContext = this.serverHelper.serverRawDataProcessor.getClientEndpointContext();
        Assert.assertThat(clientEndpointContext.getPeerIdentity(), CoreMatchers.is(CoreMatchers.nullValue()));
        Assert.assertThat(clientEndpointContext.getVirtualHost(), CoreMatchers.is(CoreMatchers.nullValue()));
        ((ApplicationLevelInfoSupplier) Mockito.verify(this.clientInfoSupplier, Mockito.never())).getInfo((Principal) Matchers.any(Principal.class));
    }

    @Test
    public void testX509TrustServerCertificate() throws Exception {
        startServer(DtlsConnectorConfig.builder().setClientAuthenticationWanted(true).setIdentity(DtlsTestTools.getServerRsPrivateKey(), DtlsTestTools.getServerRsaCertificateChain(), new CertificateType[0]).setApplicationLevelInfoSupplier(this.clientInfoSupplier));
        startClientX509(false, false, null, null, DtlsTestTools.getServerRsaCertificateChain()[0]);
        EndpointContext clientEndpointContext = this.serverHelper.serverRawDataProcessor.getClientEndpointContext();
        Principal peerIdentity = clientEndpointContext.getPeerIdentity();
        Assert.assertThat(peerIdentity, CoreMatchers.is(CoreMatchers.notNullValue()));
        Assert.assertThat(clientEndpointContext.getVirtualHost(), CoreMatchers.is(CoreMatchers.nullValue()));
        assertClientPrincipalHasAdditionalInfo(peerIdentity);
    }

    @Test
    public void testPskHandshakeWithCid() throws Exception {
        startServer(false, false, false, new SingleNodeConnectionIdGenerator(6));
        startClientPsk(false, null, new SingleNodeConnectionIdGenerator(4), PSK_STORE);
        EndpointContext clientEndpointContext = this.serverHelper.serverRawDataProcessor.getClientEndpointContext();
        Principal peerIdentity = clientEndpointContext.getPeerIdentity();
        Assert.assertThat(peerIdentity, CoreMatchers.is(CoreMatchers.notNullValue()));
        Assert.assertThat(peerIdentity.getName(), CoreMatchers.is("Client_identity"));
        Assert.assertThat(clientEndpointContext.getVirtualHost(), CoreMatchers.is(CoreMatchers.nullValue()));
        assertClientPrincipalHasAdditionalInfo(peerIdentity);
    }

    @Test
    public void testPskHandshakeWithServerCid() throws Exception {
        startServer(false, false, false, new SingleNodeConnectionIdGenerator(6));
        startClientPsk(false, null, new SingleNodeConnectionIdGenerator(0), PSK_STORE);
        EndpointContext clientEndpointContext = this.serverHelper.serverRawDataProcessor.getClientEndpointContext();
        Principal peerIdentity = clientEndpointContext.getPeerIdentity();
        Assert.assertThat(peerIdentity, CoreMatchers.is(CoreMatchers.notNullValue()));
        Assert.assertThat(peerIdentity.getName(), CoreMatchers.is("Client_identity"));
        Assert.assertThat(clientEndpointContext.getVirtualHost(), CoreMatchers.is(CoreMatchers.nullValue()));
        assertClientPrincipalHasAdditionalInfo(peerIdentity);
    }

    @Test
    public void testPskHandshakeWithClientCid() throws Exception {
        startServer(false, false, false, new SingleNodeConnectionIdGenerator(0));
        startClientPsk(false, null, new SingleNodeConnectionIdGenerator(4), PSK_STORE);
        EndpointContext clientEndpointContext = this.serverHelper.serverRawDataProcessor.getClientEndpointContext();
        Principal peerIdentity = clientEndpointContext.getPeerIdentity();
        Assert.assertThat(peerIdentity, CoreMatchers.is(CoreMatchers.notNullValue()));
        Assert.assertThat(peerIdentity.getName(), CoreMatchers.is("Client_identity"));
        Assert.assertThat(clientEndpointContext.getVirtualHost(), CoreMatchers.is(CoreMatchers.nullValue()));
        assertClientPrincipalHasAdditionalInfo(peerIdentity);
    }

    @Test
    public void testPskHandshakeWithoutServerCid() throws Exception {
        startServer(false, false, false, null);
        startClientPsk(false, null, new SingleNodeConnectionIdGenerator(4), PSK_STORE);
        EndpointContext clientEndpointContext = this.serverHelper.serverRawDataProcessor.getClientEndpointContext();
        Principal peerIdentity = clientEndpointContext.getPeerIdentity();
        Assert.assertThat(peerIdentity, CoreMatchers.is(CoreMatchers.notNullValue()));
        Assert.assertThat(peerIdentity.getName(), CoreMatchers.is("Client_identity"));
        Assert.assertThat(clientEndpointContext.getVirtualHost(), CoreMatchers.is(CoreMatchers.nullValue()));
        assertClientPrincipalHasAdditionalInfo(peerIdentity);
    }

    @Test
    public void testPskHandshakeWithoutClientCid() throws Exception {
        startServer(false, false, false, new SingleNodeConnectionIdGenerator(0));
        startClientPsk(false, null, null, PSK_STORE);
        EndpointContext clientEndpointContext = this.serverHelper.serverRawDataProcessor.getClientEndpointContext();
        Principal peerIdentity = clientEndpointContext.getPeerIdentity();
        Assert.assertThat(peerIdentity, CoreMatchers.is(CoreMatchers.notNullValue()));
        Assert.assertThat(peerIdentity.getName(), CoreMatchers.is("Client_identity"));
        Assert.assertThat(clientEndpointContext.getVirtualHost(), CoreMatchers.is(CoreMatchers.nullValue()));
        assertClientPrincipalHasAdditionalInfo(peerIdentity);
    }

    @Test
    public void testPskHandshakeWithoutSession() throws Exception {
        startServer(DtlsConnectorConfig.builder().setClientAuthenticationRequired(false).setClientAuthenticationWanted(false).setSniEnabled(false).setNoServerSessionId(true).setApplicationLevelInfoSupplier(this.clientInfoSupplier));
        startClientPsk(false, null, null, PSK_STORE);
        Principal peerIdentity = this.serverHelper.serverRawDataProcessor.getClientEndpointContext().getPeerIdentity();
        Assert.assertThat(peerIdentity, CoreMatchers.is(CoreMatchers.notNullValue()));
        Assert.assertThat(peerIdentity.getName(), CoreMatchers.is("Client_identity"));
        assertClientPrincipalHasAdditionalInfo(peerIdentity);
    }

    @Test
    public void testPskHandshakePskSecret() throws Exception {
        this.serverPskStore = new AsyncAdvancedPskStore(PSK_STORE).setSecretMode(false);
        startServer(DtlsConnectorConfig.builder().setClientAuthenticationRequired(false).setClientAuthenticationWanted(false).setSniEnabled(false).setNoServerSessionId(true).setApplicationLevelInfoSupplier(this.clientInfoSupplier).setAdvancedPskStore(this.serverPskStore));
        startClientPsk(false, null, null, PSK_STORE);
        Principal peerIdentity = this.serverHelper.serverRawDataProcessor.getClientEndpointContext().getPeerIdentity();
        Assert.assertThat(peerIdentity, CoreMatchers.is(CoreMatchers.notNullValue()));
        Assert.assertThat(peerIdentity.getName(), CoreMatchers.is("Client_identity"));
        assertClientPrincipalHasAdditionalInfo(peerIdentity);
    }

    @Test
    public void testPskHandshakeMasterSecret() throws Exception {
        this.serverPskStore = new AsyncAdvancedPskStore(PSK_STORE).setSecretMode(true);
        startServer(DtlsConnectorConfig.builder().setClientAuthenticationRequired(false).setClientAuthenticationWanted(false).setSniEnabled(false).setNoServerSessionId(true).setApplicationLevelInfoSupplier(this.clientInfoSupplier).setAdvancedPskStore(this.serverPskStore));
        startClientPsk(false, null, null, PSK_STORE);
        Principal peerIdentity = this.serverHelper.serverRawDataProcessor.getClientEndpointContext().getPeerIdentity();
        Assert.assertThat(peerIdentity, CoreMatchers.is(CoreMatchers.notNullValue()));
        Assert.assertThat(peerIdentity.getName(), CoreMatchers.is("Client_identity"));
        assertClientPrincipalHasAdditionalInfo(peerIdentity);
    }

    @Test
    public void testEcdhPskHandshake() throws Exception {
        startServer(false, false, false, null);
        startClientPsk(false, null, null, PSK_STORE, CipherSuite.TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256);
        Assert.assertThat(this.serverHelper.establishedServerSession.getCipherSuite(), CoreMatchers.is(CipherSuite.TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256));
    }

    @Test
    public void testPskCbcHandshake() throws Exception {
        startServer(false, false, false, null);
        startClientPsk(false, null, null, PSK_STORE, CipherSuite.TLS_PSK_WITH_AES_128_CBC_SHA256);
        Assert.assertThat(this.serverHelper.establishedServerSession.getCipherSuite(), CoreMatchers.is(CipherSuite.TLS_PSK_WITH_AES_128_CBC_SHA256));
    }

    @Test
    public void testPskCcm8Handshake() throws Exception {
        startServer(false, false, false, null);
        startClientPsk(false, null, null, PSK_STORE, CipherSuite.TLS_PSK_WITH_AES_128_CCM_8);
        Assert.assertThat(this.serverHelper.establishedServerSession.getCipherSuite(), CoreMatchers.is(CipherSuite.TLS_PSK_WITH_AES_128_CCM_8));
    }

    @Test
    public void testPsk256Ccm8Handshake() throws Exception {
        Assume.assumeTrue("AES256 requires JVM support!", CipherSuite.TLS_PSK_WITH_AES_256_CCM_8.isSupported());
        startServer(false, false, false, null);
        startClientPsk(false, null, null, PSK_STORE, CipherSuite.TLS_PSK_WITH_AES_256_CCM_8);
        Assert.assertThat(this.serverHelper.establishedServerSession.getCipherSuite(), CoreMatchers.is(CipherSuite.TLS_PSK_WITH_AES_256_CCM_8));
    }

    @Test
    public void testPskCcmHandshake() throws Exception {
        startServer(false, false, false, null);
        startClientPsk(false, null, null, PSK_STORE, CipherSuite.TLS_PSK_WITH_AES_128_CCM);
        Assert.assertThat(this.serverHelper.establishedServerSession.getCipherSuite(), CoreMatchers.is(CipherSuite.TLS_PSK_WITH_AES_128_CCM));
    }

    @Test
    public void testPsk256CcmHandshake() throws Exception {
        Assume.assumeTrue("AES256 requires JVM support!", CipherSuite.TLS_PSK_WITH_AES_256_CCM.isSupported());
        startServer(false, false, false, null);
        startClientPsk(false, null, null, PSK_STORE, CipherSuite.TLS_PSK_WITH_AES_256_CCM);
        Assert.assertThat(this.serverHelper.establishedServerSession.getCipherSuite(), CoreMatchers.is(CipherSuite.TLS_PSK_WITH_AES_256_CCM));
    }

    @Test
    public void testPskGcmHandshake() throws Exception {
        Assume.assumeTrue("GCM requires JVM support!", CipherSuite.TLS_PSK_WITH_AES_128_GCM_SHA256.isSupported());
        startServer(false, false, false, null);
        startClientPsk(false, null, null, PSK_STORE, CipherSuite.TLS_PSK_WITH_AES_128_GCM_SHA256);
        Assert.assertThat(this.serverHelper.establishedServerSession.getCipherSuite(), CoreMatchers.is(CipherSuite.TLS_PSK_WITH_AES_128_GCM_SHA256));
    }

    @Test
    public void testRpkCbcHandshake() throws Exception {
        startServer(false, false, false, null);
        startClientRpk(false, false, null, CipherSuite.TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256);
        Assert.assertThat(this.serverHelper.establishedServerSession.getCipherSuite(), CoreMatchers.is(CipherSuite.TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256));
    }

    @Test
    public void testRpkCcm8Handshake() throws Exception {
        startServer(false, false, false, null);
        startClientRpk(false, false, null, CipherSuite.TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8);
        Assert.assertThat(this.serverHelper.establishedServerSession.getCipherSuite(), CoreMatchers.is(CipherSuite.TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8));
    }

    @Test
    public void testRpk256Ccm8Handshake() throws Exception {
        Assume.assumeTrue("AES256 requires JVM support!", CipherSuite.TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8.isSupported());
        startServer(false, false, false, null);
        startClientRpk(false, false, null, CipherSuite.TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8);
        Assert.assertThat(this.serverHelper.establishedServerSession.getCipherSuite(), CoreMatchers.is(CipherSuite.TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8));
    }

    @Test
    public void testRpkCcmHandshake() throws Exception {
        startServer(false, false, false, null);
        startClientRpk(false, false, null, CipherSuite.TLS_ECDHE_ECDSA_WITH_AES_128_CCM);
        Assert.assertThat(this.serverHelper.establishedServerSession.getCipherSuite(), CoreMatchers.is(CipherSuite.TLS_ECDHE_ECDSA_WITH_AES_128_CCM));
    }

    @Test
    public void testRpk256CcmHandshake() throws Exception {
        Assume.assumeTrue("AES256 requires JVM support!", CipherSuite.TLS_ECDHE_ECDSA_WITH_AES_256_CCM.isSupported());
        startServer(false, false, false, null);
        startClientRpk(false, false, null, CipherSuite.TLS_ECDHE_ECDSA_WITH_AES_256_CCM);
        Assert.assertThat(this.serverHelper.establishedServerSession.getCipherSuite(), CoreMatchers.is(CipherSuite.TLS_ECDHE_ECDSA_WITH_AES_256_CCM));
    }

    @Test
    public void testRpk256CbcHandshake() throws Exception {
        Assume.assumeTrue("AES256 requires JVM support!", CipherSuite.TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA.isSupported());
        startServer(false, false, false, null);
        startClientRpk(false, false, null, CipherSuite.TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA);
        Assert.assertThat(this.serverHelper.establishedServerSession.getCipherSuite(), CoreMatchers.is(CipherSuite.TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA));
    }

    @Test
    public void testRpk256Cbc384Handshake() throws Exception {
        Assume.assumeTrue("AES256 requires JVM support!", CipherSuite.TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384.isSupported());
        startServer(false, false, false, null);
        startClientRpk(false, false, null, CipherSuite.TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384);
        Assert.assertThat(this.serverHelper.establishedServerSession.getCipherSuite(), CoreMatchers.is(CipherSuite.TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384));
    }

    @Test
    public void testRpkGcmHandshake() throws Exception {
        Assume.assumeTrue("GCM requires JVM support!", CipherSuite.TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256.isSupported());
        startServer(false, false, false, null);
        startClientRpk(false, false, null, CipherSuite.TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256);
        Assert.assertThat(this.serverHelper.establishedServerSession.getCipherSuite(), CoreMatchers.is(CipherSuite.TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256));
    }

    @Test
    public void testRpkEd25519Handshake() throws Exception {
        Assume.assumeTrue("X25519 requires JVM support!", XECDHECryptography.SupportedGroup.X25519.isUsable());
        Assume.assumeTrue("ED25519 requires JVM support!", SignatureAndHashAlgorithm.INTRINSIC_WITH_ED25519.isSupported());
        ArrayList arrayList = new ArrayList(SignatureAndHashAlgorithm.DEFAULT);
        arrayList.add(SignatureAndHashAlgorithm.INTRINSIC_WITH_ED25519);
        startServer(DtlsConnectorConfig.builder().setSupportedSignatureAlgorithms(arrayList).setApplicationLevelInfoSupplier(this.clientInfoSupplier));
        KeyPair generateKeyPair = ((KeyPairGenerator) new ThreadLocalKeyPairGenerator("Ed25519").current()).generateKeyPair();
        this.clientPrivateKey = generateKeyPair.getPrivate();
        this.clientPublicKey = generateKeyPair.getPublic();
        startClientRpk(false, false, null, CipherSuite.TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8);
        Assert.assertThat(this.serverHelper.establishedServerSession.getCipherSuite(), CoreMatchers.is(CipherSuite.TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8));
    }

    @Test
    public void testRpkEd448Handshake() throws Exception {
        Assume.assumeTrue("X448 requires JVM support!", XECDHECryptography.SupportedGroup.X448.isUsable());
        Assume.assumeTrue("ED448 requires JVM support!", SignatureAndHashAlgorithm.INTRINSIC_WITH_ED448.isSupported());
        ArrayList arrayList = new ArrayList(SignatureAndHashAlgorithm.DEFAULT);
        arrayList.add(SignatureAndHashAlgorithm.INTRINSIC_WITH_ED448);
        startServer(DtlsConnectorConfig.builder().setSupportedSignatureAlgorithms(arrayList).setApplicationLevelInfoSupplier(this.clientInfoSupplier));
        KeyPair generateKeyPair = ((KeyPairGenerator) new ThreadLocalKeyPairGenerator("Ed448").current()).generateKeyPair();
        this.clientPrivateKey = generateKeyPair.getPrivate();
        this.clientPublicKey = generateKeyPair.getPublic();
        startClientRpk(false, false, null, CipherSuite.TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8);
        Assert.assertThat(this.serverHelper.establishedServerSession.getCipherSuite(), CoreMatchers.is(CipherSuite.TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8));
    }

    @Test
    public void testRpkOpensslEd25519Handshake() throws Exception {
        Assume.assumeTrue("X25519 requires JVM support!", XECDHECryptography.SupportedGroup.X25519.isUsable());
        Assume.assumeTrue("ED25519 requires JVM support!", SignatureAndHashAlgorithm.INTRINSIC_WITH_ED25519.isSupported());
        this.clientPrivateKey = SslContextUtil.loadPrivateKey("classpath://certs/ed25519_private.pem", (String) null, (char[]) null, (char[]) null);
        Assert.assertThat(this.clientPrivateKey, CoreMatchers.is(CoreMatchers.notNullValue()));
        this.clientPublicKey = SslContextUtil.loadPublicKey("classpath://certs/ed25519_public.pem", (String) null, (char[]) null);
        Assert.assertThat(this.clientPublicKey, CoreMatchers.is(CoreMatchers.notNullValue()));
        ArrayList arrayList = new ArrayList(SignatureAndHashAlgorithm.DEFAULT);
        arrayList.add(SignatureAndHashAlgorithm.INTRINSIC_WITH_ED25519);
        startServer(DtlsConnectorConfig.builder().setSupportedSignatureAlgorithms(arrayList).setApplicationLevelInfoSupplier(this.clientInfoSupplier));
        startClientRpk(false, false, null, CipherSuite.TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8);
        Assert.assertThat(this.serverHelper.establishedServerSession.getCipherSuite(), CoreMatchers.is(CipherSuite.TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8));
    }

    @Test
    public void testRpkOpensslEd448Handshake() throws Exception {
        Assume.assumeTrue("X448 requires JVM support!", XECDHECryptography.SupportedGroup.X448.isUsable());
        Assume.assumeTrue("ED448 requires JVM support!", SignatureAndHashAlgorithm.INTRINSIC_WITH_ED448.isSupported());
        this.clientPrivateKey = SslContextUtil.loadPrivateKey("classpath://certs/ed448_private.pem", (String) null, (char[]) null, (char[]) null);
        Assert.assertThat(this.clientPrivateKey, CoreMatchers.is(CoreMatchers.notNullValue()));
        this.clientPublicKey = SslContextUtil.loadPublicKey("classpath://certs/ed448_public.pem", (String) null, (char[]) null);
        Assert.assertThat(this.clientPublicKey, CoreMatchers.is(CoreMatchers.notNullValue()));
        ArrayList arrayList = new ArrayList(SignatureAndHashAlgorithm.DEFAULT);
        arrayList.add(SignatureAndHashAlgorithm.INTRINSIC_WITH_ED448);
        startServer(DtlsConnectorConfig.builder().setSupportedSignatureAlgorithms(arrayList).setApplicationLevelInfoSupplier(this.clientInfoSupplier));
        startClientRpk(false, false, null, CipherSuite.TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8);
        Assert.assertThat(this.serverHelper.establishedServerSession.getCipherSuite(), CoreMatchers.is(CipherSuite.TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8));
    }

    @Test
    public void testX509Ed25519Handshake() throws Exception {
        Assume.assumeTrue("X25519 requires JVM support!", XECDHECryptography.SupportedGroup.X25519.isUsable());
        Assume.assumeTrue("ED25519 requires JVM support!", SignatureAndHashAlgorithm.INTRINSIC_WITH_ED25519.isSupported());
        SslContextUtil.Credentials credentials = TestCertificatesTools.getCredentials("clienteddsa");
        this.clientPrivateKey = credentials.getPrivateKey();
        this.clientCertificateChain = credentials.getCertificateChain();
        ArrayList arrayList = new ArrayList(SignatureAndHashAlgorithm.DEFAULT);
        arrayList.add(SignatureAndHashAlgorithm.INTRINSIC_WITH_ED25519);
        startServer(DtlsConnectorConfig.builder().setSupportedSignatureAlgorithms(arrayList).setApplicationLevelInfoSupplier(this.clientInfoSupplier));
        startClientX509(false, false, null, CipherSuite.TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8);
        Assert.assertThat(this.serverHelper.establishedServerSession.getCipherSuite(), CoreMatchers.is(CipherSuite.TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8));
    }

    @Test
    public void testX509HandshakeSignatureAlgorithmsExtensionSha256Ecdsa() throws Exception {
        startServer(false, true, false, null);
        AsyncNewAdvancedCertificateVerifier build = AsyncNewAdvancedCertificateVerifier.builder().setTrustAllCertificates().build();
        this.clientsCertificateVerifiers.add(build);
        startClient(false, null, DtlsConnectorConfig.builder().setAdvancedCertificateVerifier(build).setIdentity(DtlsTestTools.getClientPrivateKey(), DtlsTestTools.getClientCertificateChain(), new CertificateType[0]).setSupportedSignatureAlgorithms(new SignatureAndHashAlgorithm[]{SignatureAndHashAlgorithm.SHA256_WITH_ECDSA}).setSupportedCipherSuites(new CipherSuite[]{CipherSuite.TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8}));
        Assert.assertThat(this.serverHelper.establishedServerSession.getCipherSuite(), CoreMatchers.is(CipherSuite.TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8));
        Assert.assertThat(this.serverHelper.establishedServerSession.getSignatureAndHashAlgorithm(), CoreMatchers.is(SignatureAndHashAlgorithm.SHA256_WITH_ECDSA));
    }

    @Test
    public void testX509HandshakeSignatureAlgorithmsExtensionSha384Ecdsa() throws Exception {
        startServer(DtlsConnectorConfig.builder().setClientAuthenticationRequired(true).setSupportedSignatureAlgorithms(new SignatureAndHashAlgorithm[]{SignatureAndHashAlgorithm.SHA384_WITH_ECDSA, SignatureAndHashAlgorithm.SHA256_WITH_ECDSA}).setApplicationLevelInfoSupplier(this.clientInfoSupplier));
        AsyncNewAdvancedCertificateVerifier build = AsyncNewAdvancedCertificateVerifier.builder().setTrustAllCertificates().build();
        this.clientsCertificateVerifiers.add(build);
        startClient(false, null, DtlsConnectorConfig.builder().setAdvancedCertificateVerifier(build).setIdentity(DtlsTestTools.getClientPrivateKey(), DtlsTestTools.getClientCertificateChain(), new CertificateType[0]).setSupportedSignatureAlgorithms(new SignatureAndHashAlgorithm[]{SignatureAndHashAlgorithm.SHA384_WITH_ECDSA, SignatureAndHashAlgorithm.SHA256_WITH_ECDSA}).setSupportedCipherSuites(new CipherSuite[]{CipherSuite.TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8}));
        Assert.assertThat(this.serverHelper.establishedServerSession.getCipherSuite(), CoreMatchers.is(CipherSuite.TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8));
        Assert.assertThat(this.serverHelper.establishedServerSession.getSignatureAndHashAlgorithm(), CoreMatchers.is(SignatureAndHashAlgorithm.SHA384_WITH_ECDSA));
    }

    @Test
    public void testX509HandshakeFailingWrongClientCertificate() throws Exception {
        startServer(false, true, false, null);
        AsyncNewAdvancedCertificateVerifier build = AsyncNewAdvancedCertificateVerifier.builder().setTrustAllCertificates().build();
        this.clientsCertificateVerifiers.add(build);
        startClientFailing(DtlsConnectorConfig.builder().setAdvancedCertificateVerifier(build).setIdentity(DtlsTestTools.getClientPrivateKey(), DtlsTestTools.getServerCertificateChain(), new CertificateType[0]), new AddressEndpointContext(this.serverHelper.serverEndpoint));
        ConnectorHelper.LatchSessionListener latchSessionListener = this.serverHelper.sessionListenerMap.get(this.client.getAddress());
        Assert.assertThat("server side session listener missing", latchSessionListener, CoreMatchers.is(CoreMatchers.notNullValue()));
        Throwable waitForSessionFailed = latchSessionListener.waitForSessionFailed(4000L, TimeUnit.MILLISECONDS);
        Assert.assertThat("server side handshake failure missing", waitForSessionFailed, CoreMatchers.is(CoreMatchers.notNullValue()));
        Assert.assertThat(waitForSessionFailed.getMessage(), CoreMatchers.containsString("CertificateVerify message could not be verified."));
        ConnectorHelper.LatchSessionListener latchSessionListener2 = this.serverHelper.sessionListenerMap.get(this.serverHelper.serverEndpoint);
        Assert.assertThat("client side session listener missing", latchSessionListener2, CoreMatchers.is(CoreMatchers.notNullValue()));
        Throwable waitForSessionFailed2 = latchSessionListener2.waitForSessionFailed(4000L, TimeUnit.MILLISECONDS);
        Assert.assertThat("client side handshake failure missing", waitForSessionFailed2, CoreMatchers.is(CoreMatchers.notNullValue()));
        Assert.assertThat(waitForSessionFailed2.getMessage(), CoreMatchers.containsString("fatal alert"));
    }

    @Test
    public void testX509HandshakeFailingMissingClientCertificate() throws Exception {
        startServer(false, true, false, null);
        AsyncNewAdvancedCertificateVerifier build = AsyncNewAdvancedCertificateVerifier.builder().setTrustAllCertificates().build();
        this.clientsCertificateVerifiers.add(build);
        startClientFailing(DtlsConnectorConfig.builder().setAdvancedCertificateVerifier(build), new AddressEndpointContext(this.serverHelper.serverEndpoint));
        ConnectorHelper.LatchSessionListener latchSessionListener = this.serverHelper.sessionListenerMap.get(this.client.getAddress());
        Assert.assertThat("server side session listener missing", latchSessionListener, CoreMatchers.is(CoreMatchers.notNullValue()));
        Throwable waitForSessionFailed = latchSessionListener.waitForSessionFailed(4000L, TimeUnit.MILLISECONDS);
        Assert.assertThat("server side handshake failure missing", waitForSessionFailed, CoreMatchers.is(CoreMatchers.notNullValue()));
        Assert.assertThat(waitForSessionFailed.getMessage(), CoreMatchers.containsString("Client Certificate required!"));
        ConnectorHelper.LatchSessionListener latchSessionListener2 = this.serverHelper.sessionListenerMap.get(this.serverHelper.serverEndpoint);
        Assert.assertThat("client side session listener missing", latchSessionListener2, CoreMatchers.is(CoreMatchers.notNullValue()));
        Throwable waitForSessionFailed2 = latchSessionListener2.waitForSessionFailed(4000L, TimeUnit.MILLISECONDS);
        Assert.assertThat("client side handshake failure missing", waitForSessionFailed2, CoreMatchers.is(CoreMatchers.notNullValue()));
        Assert.assertThat(waitForSessionFailed2.getMessage(), CoreMatchers.containsString("fatal alert"));
    }

    @Test
    public void testX509HandshakeFailingNoCommonCurve() throws Exception {
        startServer(false, false, false, null);
        AsyncNewAdvancedCertificateVerifier build = AsyncNewAdvancedCertificateVerifier.builder().setTrustAllCertificates().build();
        this.clientsCertificateVerifiers.add(build);
        startClientFailing(DtlsConnectorConfig.builder().setAdvancedCertificateVerifier(build).setRecommendedSupportedGroupsOnly(false).setSupportedGroups(new String[]{"secp521r1"}), new AddressEndpointContext(this.serverHelper.serverEndpoint));
        ConnectorHelper.LatchSessionListener latchSessionListener = this.serverHelper.sessionListenerMap.get(this.client.getAddress());
        Assert.assertThat("server side session listener missing", latchSessionListener, CoreMatchers.is(CoreMatchers.notNullValue()));
        Throwable waitForSessionFailed = latchSessionListener.waitForSessionFailed(4000L, TimeUnit.MILLISECONDS);
        Assert.assertThat("server side handshake failure missing", waitForSessionFailed, CoreMatchers.is(CoreMatchers.notNullValue()));
        Assert.assertThat(waitForSessionFailed.getMessage(), CoreMatchers.containsString("Client proposed unsupported cipher suites only"));
        ConnectorHelper.LatchSessionListener latchSessionListener2 = this.serverHelper.sessionListenerMap.get(this.serverHelper.serverEndpoint);
        Assert.assertThat("client side session listener missing", latchSessionListener2, CoreMatchers.is(CoreMatchers.notNullValue()));
        Throwable waitForSessionFailed2 = latchSessionListener2.waitForSessionFailed(4000L, TimeUnit.MILLISECONDS);
        Assert.assertThat("client side handshake failure missing", waitForSessionFailed2, CoreMatchers.is(CoreMatchers.notNullValue()));
        Assert.assertThat(waitForSessionFailed2.getMessage(), CoreMatchers.containsString("fatal alert"));
    }

    @Test
    public void testServerDropsX509Principal() throws Exception {
        startServer(false, true, false, null);
        startClientX509(false, false, null);
        startClientPsk(false, null, null, PSK_STORE);
        EndpointContext clientEndpointContext = this.serverHelper.serverRawDataProcessor.getClientEndpointContext();
        Principal peerIdentity = clientEndpointContext.getPeerIdentity();
        Assert.assertThat(peerIdentity, CoreMatchers.is(CoreMatchers.notNullValue()));
        Assert.assertThat(clientEndpointContext.getVirtualHost(), CoreMatchers.is(CoreMatchers.nullValue()));
        int remainingCapacity = this.serverHelper.serverConnectionStore.remainingCapacity();
        this.serverHelper.server.startDropConnectionsForPrincipal(peerIdentity).get();
        Assert.assertThat(Integer.valueOf(this.serverHelper.serverConnectionStore.remainingCapacity()), CoreMatchers.is(Integer.valueOf(remainingCapacity + 1)));
    }

    @Test
    public void testServerDropsPreSharedKeyPrincipal() throws Exception {
        startServer(false, false, false, null);
        startClientX509(false, false, null);
        startClientPsk(false, null, null, PSK_STORE);
        startClientPsk(false, null, null, PSK_STORE);
        EndpointContext clientEndpointContext = this.serverHelper.serverRawDataProcessor.getClientEndpointContext();
        Principal peerIdentity = clientEndpointContext.getPeerIdentity();
        Assert.assertThat(peerIdentity, CoreMatchers.is(CoreMatchers.notNullValue()));
        Assert.assertThat(clientEndpointContext.getVirtualHost(), CoreMatchers.is(CoreMatchers.nullValue()));
        int remainingCapacity = this.serverHelper.serverConnectionStore.remainingCapacity();
        this.serverHelper.server.startDropConnectionsForPrincipal(peerIdentity).get();
        Assert.assertThat(Integer.valueOf(this.serverHelper.serverConnectionStore.remainingCapacity()), CoreMatchers.is(Integer.valueOf(remainingCapacity + 2)));
    }

    @Test
    public void testDefaultHandshakeModeNone() throws Exception {
        startServer(false, false, true, null);
        AsyncNewAdvancedCertificateVerifier build = AsyncNewAdvancedCertificateVerifier.builder().setTrustAllRPKs().build();
        this.clientsCertificateVerifiers.add(build);
        DtlsConnectorConfig.Builder identity = DtlsConnectorConfig.builder().setDefaultHandshakeMode("none").setAdvancedCertificateVerifier(build).setIdentity(DtlsTestTools.getClientPrivateKey(), DtlsTestTools.getClientPublicKey());
        AddressEndpointContext addressEndpointContext = new AddressEndpointContext(this.serverHelper.serverEndpoint);
        startClientFailing(identity, addressEndpointContext);
        SimpleMessageCallback simpleMessageCallback = new SimpleMessageCallback();
        this.client.send(RawData.outbound("Hello World, 2!".getBytes(), MapBasedEndpointContext.addEntries(addressEndpointContext, new String[]{"*DTLS_HANDSHAKE_MODE", "auto"}), simpleMessageCallback, false));
        Assert.assertThat("client failed to send data", simpleMessageCallback.getEndpointContext(TimeUnit.SECONDS.toMillis(2L)), CoreMatchers.is(CoreMatchers.notNullValue()));
    }

    @Test
    public void testDefaultHandshakeModeAuto() throws Exception {
        startServer(false, false, true, null);
        AsyncNewAdvancedCertificateVerifier build = AsyncNewAdvancedCertificateVerifier.builder().setTrustAllRPKs().build();
        this.clientsCertificateVerifiers.add(build);
        DtlsConnectorConfig.Builder identity = DtlsConnectorConfig.builder().setDefaultHandshakeMode("auto").setAdvancedCertificateVerifier(build).setIdentity(DtlsTestTools.getClientPrivateKey(), DtlsTestTools.getClientPublicKey());
        AddressEndpointContext addressEndpointContext = new AddressEndpointContext(this.serverHelper.serverEndpoint);
        startClientFailing(identity, MapBasedEndpointContext.addEntries(addressEndpointContext, new String[]{"*DTLS_HANDSHAKE_MODE", "none"}));
        SimpleMessageCallback simpleMessageCallback = new SimpleMessageCallback();
        this.client.send(RawData.outbound("Hello World, 2!".getBytes(), addressEndpointContext, simpleMessageCallback, false));
        Assert.assertThat("client failed to send data", simpleMessageCallback.getEndpointContext(TimeUnit.SECONDS.toMillis(2L)), CoreMatchers.is(CoreMatchers.notNullValue()));
    }
}
