package org.eclipse.californium.scandium.dtls;

import java.io.IOException;
import java.net.InetAddress;
import java.net.InetSocketAddress;
import java.security.GeneralSecurityException;
import java.security.PublicKey;
import java.security.cert.CertPathValidatorException;
import java.security.cert.CertificateExpiredException;
import java.security.cert.X509Certificate;
import java.util.Arrays;
import java.util.Collections;
import java.util.LinkedList;
import java.util.List;
import java.util.concurrent.ScheduledExecutorService;
import java.util.concurrent.atomic.AtomicBoolean;
import javax.crypto.Mac;
import javax.crypto.SecretKey;
import javax.crypto.spec.SecretKeySpec;
import org.eclipse.californium.elements.auth.RawPublicKeyIdentity;
import org.eclipse.californium.elements.category.Medium;
import org.eclipse.californium.elements.rule.ThreadsRule;
import org.eclipse.californium.elements.util.Bytes;
import org.eclipse.californium.elements.util.ClockUtil;
import org.eclipse.californium.elements.util.TestScheduledExecutorService;
import org.eclipse.californium.scandium.config.DtlsConnectorConfig;
import org.eclipse.californium.scandium.dtls.cipher.CipherSuite;
import org.eclipse.californium.scandium.dtls.cipher.PseudoRandomFunctionTest;
import org.eclipse.californium.scandium.dtls.cipher.RandomManager;
import org.eclipse.californium.scandium.dtls.cipher.XECDHECryptography;
import org.eclipse.californium.scandium.dtls.x509.NewAdvancedCertificateVerifier;
import org.eclipse.californium.scandium.dtls.x509.StaticNewAdvancedCertificateVerifier;
import org.eclipse.californium.scandium.util.SecretUtil;
import org.hamcrest.CoreMatchers;
import org.junit.After;
import org.junit.Assert;
import org.junit.Before;
import org.junit.Rule;
import org.junit.Test;
import org.junit.experimental.categories.Category;
import org.mockito.Mockito;

@Category({Medium.class})
/* loaded from: input_file:org/eclipse/californium/scandium/dtls/HandshakerTest.class */
public class HandshakerTest {

    @Rule
    public ThreadsRule cleanup = new ThreadsRule(new String[0]);
    final int[] receivedMessages = new int[10];
    InetSocketAddress endpoint = InetSocketAddress.createUnresolved("localhost", 10000);
    TestHandshaker handshakerWithoutAnchors;
    TestHandshaker handshakerWithAnchors;
    DTLSSession session;
    X509Certificate[] certificateChain;
    X509Certificate[] trustAnchor;
    CertificateMessage certificateMessage;
    FragmentedHandshakeMessage[] handshakeMessageFragments;
    RecordLayer recordLayer;
    CertificateMessage message;
    InetSocketAddress peerAddress;
    PublicKey serverPublicKey;
    ScheduledExecutorService timer;

    /* renamed from: org.eclipse.californium.scandium.dtls.HandshakerTest$1, reason: invalid class name */
    /* loaded from: input_file:org/eclipse/californium/scandium/dtls/HandshakerTest$1.class */
    static /* synthetic */ class AnonymousClass1 {
        static final /* synthetic */ int[] $SwitchMap$org$eclipse$californium$scandium$dtls$ContentType = new int[ContentType.values().length];

        static {
            try {
                $SwitchMap$org$eclipse$californium$scandium$dtls$ContentType[ContentType.HANDSHAKE.ordinal()] = 1;
            } catch (NoSuchFieldError e) {
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/eclipse/californium/scandium/dtls/HandshakerTest$TestHandshaker.class */
    public class TestHandshaker extends Handshaker {
        private AtomicBoolean finishedProcessed;

        TestHandshaker(DTLSSession dTLSSession, RecordLayer recordLayer, DtlsConnectorConfig dtlsConnectorConfig) {
            super(false, 0, dTLSSession, recordLayer, HandshakerTest.this.timer, new Connection(dTLSSession.getPeer(), new SyncSerialExecutor()), dtlsConnectorConfig);
            this.finishedProcessed = new AtomicBoolean(false);
            getConnection().setConnectionId(new ConnectionId(new byte[]{1, 2, 3, 4}));
        }

        public void startHandshake() {
            this.masterSecret = SecretUtil.create(Bytes.createBytes(RandomManager.currentSecureRandom(), 48), "MAC");
            this.clientRandom = new Random();
            this.serverRandom = new Random();
            calculateKeys(this.masterSecret);
        }

        protected void doProcessMessage(HandshakeMessage handshakeMessage) throws GeneralSecurityException, HandshakeException {
            switch (AnonymousClass1.$SwitchMap$org$eclipse$californium$scandium$dtls$ContentType[handshakeMessage.getContentType().ordinal()]) {
                case 1:
                    int[] iArr = HandshakerTest.this.receivedMessages;
                    int messageSeq = handshakeMessage.getMessageSeq();
                    iArr[messageSeq] = iArr[messageSeq] + 1;
                    if (handshakeMessage.getMessageType() == HandshakeType.FINISHED) {
                        this.finishedProcessed.set(true);
                        return;
                    }
                    return;
                default:
                    return;
            }
        }

        protected void processMasterSecret(SecretKey secretKey) {
        }

        protected void processCertificateVerified() {
        }

        void decryptAndProcessMessage(Record record) throws HandshakeException, GeneralSecurityException {
            record.applySession(getSession());
            processMessage(record);
        }
    }

    public static void failedHandshake(Exception exc) {
        Throwable cause = exc.getCause();
        if (cause instanceof CertPathValidatorException) {
            cause = cause.getCause();
        }
        if (cause instanceof CertificateExpiredException) {
            Assert.fail("Please renew certificates in demo-certs! " + cause.getMessage());
        }
        exc.printStackTrace();
        Assert.fail(exc.toString());
    }

    @Before
    public void setUp() throws Exception {
        this.timer = new TestScheduledExecutorService();
        for (int i = 0; i < this.receivedMessages.length; i = i + 1 + 1) {
            this.receivedMessages[i] = 0;
        }
        this.session = new DTLSSession(this.endpoint);
        this.session.setReceiveCertificateType(CertificateType.X_509);
        this.session.setParameterAvailable();
        this.certificateChain = DtlsTestTools.getServerCertificateChain();
        this.trustAnchor = DtlsTestTools.getTrustedCertificates();
        this.certificateMessage = createCertificateMessage(this.session, 1, this.certificateChain);
        this.recordLayer = (RecordLayer) Mockito.mock(RecordLayer.class);
        this.serverPublicKey = DtlsTestTools.getPublicKey();
        this.peerAddress = new InetSocketAddress(InetAddress.getLoopbackAddress(), 5684);
        NewAdvancedCertificateVerifier build = StaticNewAdvancedCertificateVerifier.builder().setTrustedRPKs(new RawPublicKeyIdentity[]{new RawPublicKeyIdentity(this.serverPublicKey)}).build();
        DtlsConnectorConfig.Builder builder = DtlsConnectorConfig.builder();
        builder.setClientOnly();
        builder.setAdvancedCertificateVerifier(build);
        this.handshakerWithoutAnchors = new TestHandshaker(this.session, this.recordLayer, builder.build());
        NewAdvancedCertificateVerifier build2 = StaticNewAdvancedCertificateVerifier.builder().setTrustedRPKs(new RawPublicKeyIdentity[]{new RawPublicKeyIdentity(this.serverPublicKey)}).setTrustedCertificates(this.trustAnchor).build();
        DtlsConnectorConfig.Builder builder2 = DtlsConnectorConfig.builder();
        builder2.setClientOnly();
        builder2.setAdvancedCertificateVerifier(build2);
        this.handshakerWithAnchors = new TestHandshaker(this.session, this.recordLayer, builder2.build());
    }

    @After
    public void tearDown() {
        this.timer.shutdown();
        this.timer = null;
    }

    @Test
    public void testProcessMessageBuffersUnexpectedChangeCipherSpecMessage() throws Exception {
        DtlsConnectorConfig.Builder advancedCertificateVerifier = DtlsConnectorConfig.builder().setClientOnly().setAdvancedCertificateVerifier(StaticNewAdvancedCertificateVerifier.builder().setTrustedRPKs(new RawPublicKeyIdentity[]{new RawPublicKeyIdentity(this.serverPublicKey)}).build());
        this.session.setCipherSuite(CipherSuite.TLS_PSK_WITH_AES_128_CCM_8);
        TestHandshaker testHandshaker = new TestHandshaker(this.session, this.recordLayer, advancedCertificateVerifier.build());
        testHandshaker.startHandshake();
        testHandshaker.decryptAndProcessMessage(getRecordForMessage(0, 5L, new ChangeCipherSpecMessage(this.endpoint)));
        Assert.assertThat(Integer.valueOf(testHandshaker.getSession().getReadEpoch()), CoreMatchers.is(0));
        testHandshaker.expectChangeCipherSpecMessage();
        PSKClientKeyExchange pSKClientKeyExchange = new PSKClientKeyExchange(new PskPublicInformation("id"), this.endpoint);
        pSKClientKeyExchange.setMessageSeq(0);
        testHandshaker.decryptAndProcessMessage(getRecordForMessage(0, 6L, pSKClientKeyExchange));
        Assert.assertThat(Integer.valueOf(testHandshaker.getSession().getReadEpoch()), CoreMatchers.is(1));
    }

    @Test
    public void testProcessMessageBuffersFinishedMessageUntilChangeCipherSpecIsReceived() throws Exception {
        DtlsConnectorConfig.Builder advancedCertificateVerifier = DtlsConnectorConfig.builder().setClientOnly().setAdvancedCertificateVerifier(StaticNewAdvancedCertificateVerifier.builder().setTrustedRPKs(new RawPublicKeyIdentity[]{new RawPublicKeyIdentity(this.serverPublicKey)}).build());
        SimpleRecordLayer simpleRecordLayer = new SimpleRecordLayer();
        TestHandshaker testHandshaker = new TestHandshaker(this.session, simpleRecordLayer, advancedCertificateVerifier.build());
        simpleRecordLayer.setHandshaker(testHandshaker);
        testHandshaker.expectChangeCipherSpecMessage();
        Finished finished = new Finished(Mac.getInstance(PseudoRandomFunctionTest.ALGORITHM_HMAC_SHA256), new SecretKeySpec(new byte[]{0, 1}, "MAC"), true, new byte[]{0, 0}, this.endpoint);
        finished.setMessageSeq(0);
        testHandshaker.addRecordsForDeferredProcessing(getRecordForMessage(1, 0L, finished));
        Assert.assertFalse(testHandshaker.finishedProcessed.get());
        testHandshaker.decryptAndProcessMessage(getRecordForMessage(0, 5L, new ChangeCipherSpecMessage(this.endpoint)));
        Assert.assertThat(Integer.valueOf(testHandshaker.getSession().getReadEpoch()), CoreMatchers.is(1));
        Assert.assertTrue(testHandshaker.finishedProcessed.get());
    }

    @Test
    public void testProcessMessageDiscardsDuplicateRecord() throws HandshakeException, GeneralSecurityException {
        Record createClientHelloRecord = createClientHelloRecord(this.session, 0, 0, 0);
        Record recordClone = getRecordClone(createClientHelloRecord);
        Record createClientHelloRecord2 = createClientHelloRecord(this.session, 0, 1, 1);
        this.handshakerWithoutAnchors.decryptAndProcessMessage(createClientHelloRecord);
        Assert.assertThat(Integer.valueOf(this.receivedMessages[0]), CoreMatchers.is(1));
        this.handshakerWithoutAnchors.decryptAndProcessMessage(recordClone);
        Assert.assertThat(Integer.valueOf(this.receivedMessages[0]), CoreMatchers.is(1));
        this.handshakerWithoutAnchors.decryptAndProcessMessage(createClientHelloRecord2);
        Assert.assertThat(Integer.valueOf(this.receivedMessages[1]), CoreMatchers.is(1));
    }

    @Test
    public void testProcessMessageReassemblesFragmentedMessages() throws GeneralSecurityException, HandshakeException {
        givenAHandshakerWithAQueuedFragmentedMessage(1);
        this.handshakerWithoutAnchors.decryptAndProcessMessage(getRecordForMessage(0, 0L, createCertificateMessage(this.session, 0, this.certificateChain)));
        Assert.assertThat(Integer.valueOf(this.receivedMessages[0]), CoreMatchers.is(1));
        Assert.assertThat(Integer.valueOf(this.receivedMessages[1]), CoreMatchers.is(1));
        Assert.assertTrue(this.handshakerWithoutAnchors.isInboundMessageProcessed());
    }

    private void givenAHandshakerWithAQueuedFragmentedMessage(int i) throws HandshakeException, GeneralSecurityException {
        givenAFragmentedHandshakeMessage(createCertificateMessage(this.session, i, this.certificateChain));
        int i2 = 1;
        for (DTLSMessage dTLSMessage : this.handshakeMessageFragments) {
            int i3 = i2;
            i2++;
            this.handshakerWithoutAnchors.decryptAndProcessMessage(getRecordForMessage(0, i3, dTLSMessage));
        }
        Assert.assertThat(Integer.valueOf(this.receivedMessages[i]), CoreMatchers.is(0));
        Assert.assertFalse(this.handshakerWithoutAnchors.isInboundMessageProcessed());
    }

    @Test
    public void testHandleFragmentationReassemblesMessagesSentInOrder() throws Exception {
        givenAFragmentedHandshakeMessage(this.certificateMessage);
        HandshakeMessage handshakeMessage = null;
        for (FragmentedHandshakeMessage fragmentedHandshakeMessage : this.handshakeMessageFragments) {
            GenericHandshakeMessage reassembleFragment = this.handshakerWithoutAnchors.reassembleFragment(fragmentedHandshakeMessage);
            handshakeMessage = reassembleFragment != null ? HandshakeMessage.fromGenericHandshakeMessage(reassembleFragment, this.handshakerWithoutAnchors.getSession().getParameter()) : null;
        }
        assertThatReassembledMessageEqualsOriginalMessage(handshakeMessage);
    }

    @Test
    public void testHandleFragmentationBuffersMessagesSentInReverseOrder() throws Exception {
        givenAFragmentedHandshakeMessage(this.certificateMessage);
        HandshakeMessage handshakeMessage = null;
        for (int length = this.handshakeMessageFragments.length - 1; length >= 0; length--) {
            GenericHandshakeMessage reassembleFragment = this.handshakerWithoutAnchors.reassembleFragment(this.handshakeMessageFragments[length]);
            handshakeMessage = reassembleFragment != null ? HandshakeMessage.fromGenericHandshakeMessage(reassembleFragment, this.handshakerWithoutAnchors.getSession().getParameter()) : null;
        }
        assertThatReassembledMessageEqualsOriginalMessage(handshakeMessage);
    }

    @Test
    public void testHandleFragmentationReassemblesOverlappingMessages() throws Exception {
        givenAFragmentedHandshakeMessage(this.certificateMessage, 250, 500);
        HandshakeMessage handshakeMessage = null;
        for (FragmentedHandshakeMessage fragmentedHandshakeMessage : this.handshakeMessageFragments) {
            GenericHandshakeMessage reassembleFragment = this.handshakerWithoutAnchors.reassembleFragment(fragmentedHandshakeMessage);
            if (handshakeMessage == null && reassembleFragment != null) {
                handshakeMessage = HandshakeMessage.fromGenericHandshakeMessage(reassembleFragment, this.handshakerWithoutAnchors.getSession().getParameter());
            }
        }
        assertThatReassembledMessageEqualsOriginalMessage(handshakeMessage);
    }

    @Test
    public void testHandleFragmentationReassemblesMissOverlappingMessages() throws Exception {
        givenAMissFragmentedHandshakeMessage(this.certificateMessage, 100, 200);
        HandshakeMessage handshakeMessage = null;
        for (FragmentedHandshakeMessage fragmentedHandshakeMessage : this.handshakeMessageFragments) {
            GenericHandshakeMessage reassembleFragment = this.handshakerWithoutAnchors.reassembleFragment(fragmentedHandshakeMessage);
            if (handshakeMessage == null && reassembleFragment != null) {
                handshakeMessage = HandshakeMessage.fromGenericHandshakeMessage(reassembleFragment, this.handshakerWithoutAnchors.getSession().getParameter());
            }
        }
        assertThatReassembledMessageEqualsOriginalMessage(handshakeMessage);
    }

    @Test
    public void testVerifyCertificateSucceedsForExampleCertificates() throws IOException, GeneralSecurityException {
        givenACertificateMessage(DtlsTestTools.getServerCertificateChain(), false);
        assertThatCertificateVerificationSucceeds();
        givenACertificateMessage(DtlsTestTools.getClientCertificateChain(), false);
        assertThatCertificateVerificationSucceeds();
    }

    @Test
    public void testVerifyRPKSucceeds() throws IOException, GeneralSecurityException {
        givenARawPublicKeyCertificateMessage(this.serverPublicKey);
        assertThatCertificateVerificationSucceeds();
    }

    @Test
    public void testVerifyRpkFailsIfRpkIsUntrusted() throws IOException, GeneralSecurityException {
        givenARawPublicKeyCertificateMessage(DtlsTestTools.getClientPublicKey());
        assertThatCertificateVerificationFails();
    }

    @Test
    public void testVerifyCertificateFailsIfTrustAnchorIsEmpty() throws IOException, GeneralSecurityException {
        givenACertificateMessage(DtlsTestTools.getClientCertificateChain(), false);
        assertThatCertificateValidationFailsForEmptyTrustAnchor();
    }

    private void givenAFragmentedHandshakeMessage(HandshakeMessage handshakeMessage) {
        givenAFragmentedHandshakeMessage(handshakeMessage, 500, 500);
    }

    private void givenAFragmentedHandshakeMessage(HandshakeMessage handshakeMessage, int i, int i2) {
        LinkedList linkedList = new LinkedList();
        byte[] fragmentToByteArray = handshakeMessage.fragmentToByteArray();
        int i3 = 0;
        while (true) {
            int i4 = i3;
            if (i4 >= fragmentToByteArray.length) {
                this.handshakeMessageFragments = (FragmentedHandshakeMessage[]) linkedList.toArray(new FragmentedHandshakeMessage[0]);
                return;
            }
            int min = Math.min(i2, fragmentToByteArray.length - i4);
            byte[] bArr = new byte[min];
            System.arraycopy(fragmentToByteArray, i4, bArr, 0, min);
            linkedList.add(new FragmentedHandshakeMessage(handshakeMessage.getMessageType(), fragmentToByteArray.length, handshakeMessage.getMessageSeq(), i4, bArr, this.endpoint));
            i3 = i4 + min == fragmentToByteArray.length ? i4 + min : i4 + Math.min(min, i);
        }
    }

    private void givenAMissFragmentedHandshakeMessage(HandshakeMessage handshakeMessage, int i, int i2) {
        givenAFragmentedHandshakeMessage(handshakeMessage, i, i2);
        LinkedList linkedList = new LinkedList(Arrays.asList(this.handshakeMessageFragments));
        linkedList.remove(linkedList.size() - 1);
        linkedList.remove(linkedList.size() / 2);
        givenAFragmentedHandshakeMessage(handshakeMessage, i / 2, i2 / 2);
        linkedList.addAll(Arrays.asList(this.handshakeMessageFragments));
        this.handshakeMessageFragments = (FragmentedHandshakeMessage[]) linkedList.toArray(new FragmentedHandshakeMessage[0]);
    }

    private void givenACertificateMessage(X509Certificate[] x509CertificateArr, boolean z) throws IOException, GeneralSecurityException {
        if (z) {
            this.message = new CertificateMessage(x509CertificateArr[0].getPublicKey().getEncoded(), this.peerAddress);
        } else {
            this.message = new CertificateMessage(Arrays.asList(x509CertificateArr), this.peerAddress);
        }
    }

    private void givenARawPublicKeyCertificateMessage(PublicKey publicKey) {
        this.message = new CertificateMessage(publicKey.getEncoded(), this.peerAddress);
    }

    private void assertThatReassembledMessageEqualsOriginalMessage(HandshakeMessage handshakeMessage) {
        Assert.assertThat(handshakeMessage, CoreMatchers.is(CoreMatchers.instanceOf(CertificateMessage.class)));
        CertificateMessage certificateMessage = (CertificateMessage) handshakeMessage;
        Assert.assertThat(certificateMessage.getPublicKey(), CoreMatchers.is(this.certificateMessage.getPublicKey()));
        Assert.assertThat(Integer.valueOf(certificateMessage.getMessageSeq()), CoreMatchers.is(Integer.valueOf(this.certificateMessage.getMessageSeq())));
    }

    private void assertThatCertificateVerificationSucceeds() {
        try {
            this.handshakerWithAnchors.verifyCertificate(this.message);
        } catch (HandshakeException e) {
            failedHandshake(e);
        }
    }

    private void assertThatCertificateVerificationFails() {
        try {
            this.handshakerWithAnchors.verifyCertificate(this.message);
            Assert.fail("Verification of certificate should have failed");
        } catch (HandshakeException e) {
        }
    }

    private void assertThatCertificateValidationFailsForEmptyTrustAnchor() {
        try {
            this.handshakerWithoutAnchors.verifyCertificate(this.message);
            Assert.fail("Verification of certificate should have failed");
        } catch (HandshakeException e) {
        }
    }

    private static Record createClientHelloRecord(DTLSSession dTLSSession, int i, long j, int i2) throws GeneralSecurityException {
        ClientHello clientHello = new ClientHello(ProtocolVersion.VERSION_DTLS_1_2, dTLSSession, Collections.emptyList(), (List) null, (List) null, XECDHECryptography.SupportedGroup.getPreferredGroups());
        clientHello.setMessageSeq(i2);
        return getRecordForMessage(i, j, clientHello);
    }

    private static CertificateMessage createCertificateMessage(DTLSSession dTLSSession, int i, X509Certificate[] x509CertificateArr) {
        CertificateMessage certificateMessage = new CertificateMessage(Arrays.asList(x509CertificateArr), dTLSSession.getPeer());
        certificateMessage.setMessageSeq(i);
        return certificateMessage;
    }

    private static Record getRecordForMessage(int i, long j, DTLSMessage dTLSMessage) {
        List<Record> fromByteArray = DtlsTestTools.fromByteArray(DtlsTestTools.newDTLSRecord(dTLSMessage.getContentType().getCode(), i, j, dTLSMessage.toByteArray()), dTLSMessage.getPeer(), null, ClockUtil.nanoRealtime());
        Assert.assertFalse("Should be able to deserialize DTLS Record from byte array", fromByteArray.isEmpty());
        return fromByteArray.get(0);
    }

    private static Record getRecordClone(Record record) {
        List<Record> fromByteArray = DtlsTestTools.fromByteArray(record.toByteArray(), record.getPeerAddress(), null, ClockUtil.nanoRealtime());
        Assert.assertFalse("Should be able to deserialize DTLS Record from byte array", fromByteArray.isEmpty());
        return fromByteArray.get(0);
    }
}
