package org.eclipse.californium.scandium.dtls;

import java.net.InetAddress;
import java.net.InetSocketAddress;
import java.security.GeneralSecurityException;
import java.util.Arrays;
import java.util.List;
import javax.crypto.SecretKey;
import javax.crypto.spec.SecretKeySpec;
import org.eclipse.californium.elements.category.Small;
import org.eclipse.californium.elements.util.Bytes;
import org.eclipse.californium.elements.util.ClockUtil;
import org.eclipse.californium.scandium.dtls.cipher.CCMBlockCipher;
import org.eclipse.californium.scandium.dtls.cipher.CipherSuite;
import org.eclipse.californium.scandium.util.SecretIvParameterSpec;
import org.junit.Assert;
import org.junit.Before;
import org.junit.Test;
import org.junit.experimental.categories.Category;

@Category({Small.class})
/* loaded from: input_file:org/eclipse/californium/scandium/dtls/RecordTest.class */
public class RecordTest {
    static final long SEQUENCE_NO = 5;
    static final int TYPE_APPL_DATA = 23;
    static final int EPOCH = 1;
    static final byte[] aesKey = {-55, 14, 106, -94, -17, 96, 52, -106, -112, 84, -60, -106, 101, -70, 3, -98};
    SecretKey key;
    DTLSSession session;
    byte[] payloadData;
    int payloadLength = 50;
    byte[] client_iv = {85, 35, 47, -93};
    ProtocolVersion protocolVer;

    @Before
    public void setUp() throws Exception {
        this.protocolVer = ProtocolVersion.VERSION_DTLS_1_2;
        this.key = new SecretKeySpec(aesKey, "AES");
        this.payloadData = new byte[this.payloadLength];
        for (int i = 0; i < this.payloadLength; i += EPOCH) {
            this.payloadData[i] = 52;
        }
        this.session = new DTLSSession(new InetSocketAddress(InetAddress.getLoopbackAddress(), 7000));
        this.session.setReadState(DTLSConnectionState.create(CipherSuite.TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8, CompressionMethod.NULL, this.key, new SecretIvParameterSpec(this.client_iv), (SecretKey) null));
    }

    @Test
    public void testConstructorEnforcesMaxSequenceNo() throws GeneralSecurityException {
        new Record(ContentType.HANDSHAKE, 0, DtlsTestTools.MAX_SEQUENCE_NO, new HelloRequest(this.session.getPeer()), this.session, true, 0);
        try {
            new Record(ContentType.HANDSHAKE, 0, 281474976710656L, new HelloRequest(this.session.getPeer()), this.session, true, 0);
            Assert.fail("Record constructor should have rejected sequence no > 2^48 - 1");
        } catch (IllegalArgumentException e) {
        }
        try {
            new Record(ContentType.HANDSHAKE, 0, 281474976710656L, new HelloRequest(this.session.getPeer()), this.session, false, 0);
            Assert.fail("Record constructor should have rejected sequence no > 2^48 - 1");
        } catch (IllegalArgumentException e2) {
        }
    }

    @Test
    public void testFromByteArrayRejectsIllformattedRecord() {
        Assert.assertTrue("fromByteArray() should have detected malformed record", DtlsTestTools.fromByteArray(new byte[]{TYPE_APPL_DATA}, this.session.getPeer(), null, ClockUtil.nanoRealtime()).isEmpty());
    }

    @Test
    public void testFromByteArrayAcceptsKnownTypeCode() throws GeneralSecurityException {
        List<Record> fromByteArray = DtlsTestTools.fromByteArray(DtlsTestTools.newDTLSRecord(TYPE_APPL_DATA, EPOCH, SEQUENCE_NO, newGenericAEADCipherFragment()), this.session.getPeer(), null, ClockUtil.nanoRealtime());
        Assert.assertEquals(fromByteArray.size(), 1L);
        Record record = fromByteArray.get(0);
        Assert.assertEquals(ContentType.APPLICATION_DATA, record.getType());
        Assert.assertEquals(1L, record.getEpoch());
        Assert.assertEquals(SEQUENCE_NO, record.getSequenceNumber());
        Assert.assertEquals(this.protocolVer.getMajor(), record.getVersion().getMajor());
        Assert.assertEquals(this.protocolVer.getMinor(), record.getVersion().getMinor());
    }

    @Test
    public void testFromByteArrayRejectsUnknownTypeCode() throws GeneralSecurityException {
        List<Record> fromByteArray = DtlsTestTools.fromByteArray(Bytes.concatenate(DtlsTestTools.newDTLSRecord(55, EPOCH, SEQUENCE_NO, newGenericAEADCipherFragment()), DtlsTestTools.newDTLSRecord(TYPE_APPL_DATA, EPOCH, SEQUENCE_NO, newGenericAEADCipherFragment())), this.session.getPeer(), null, ClockUtil.nanoRealtime());
        Assert.assertTrue(fromByteArray.size() == EPOCH);
        Assert.assertEquals(ContentType.APPLICATION_DATA, fromByteArray.get(0).getType());
    }

    @Test
    public void testDecryptAEADUsesExplicitNonceFromGenericAEADCipherStruct() throws Exception {
        Record record = new Record(ContentType.APPLICATION_DATA, this.protocolVer, EPOCH, SEQUENCE_NO, (ConnectionId) null, newGenericAEADCipherFragment(), this.session.getPeer(), (InetSocketAddress) null, ClockUtil.nanoRealtime(), false);
        record.applySession(this.session);
        Assert.assertTrue(Arrays.equals(record.getFragment().toByteArray(), this.payloadData));
    }

    byte[] newGenericAEADCipherFragment() throws GeneralSecurityException {
        byte[] concatenate = Bytes.concatenate(new byte[]{0, EPOCH, 0, 0, 0, 0, 0, 5}, new byte[]{TYPE_APPL_DATA, (byte) this.protocolVer.getMajor(), (byte) this.protocolVer.getMinor(), 0, (byte) this.payloadLength});
        byte[] bArr = {EPOCH, 2, 3, 4, 5, 6, 7, 8};
        return Bytes.concatenate(bArr, CCMBlockCipher.encrypt(this.key, Bytes.concatenate(this.client_iv, bArr), concatenate, this.payloadData, 8));
    }
}
