package org.eclipse.californium.scandium.dtls;

import java.net.InetAddress;
import java.net.InetSocketAddress;
import java.security.GeneralSecurityException;
import java.util.Random;
import javax.crypto.spec.SecretKeySpec;
import org.eclipse.californium.elements.auth.PreSharedKeyIdentity;
import org.eclipse.californium.elements.category.Small;
import org.eclipse.californium.elements.util.Bytes;
import org.eclipse.californium.elements.util.DatagramReader;
import org.eclipse.californium.elements.util.DatagramWriter;
import org.eclipse.californium.scandium.dtls.cipher.CipherSuite;
import org.eclipse.californium.scandium.util.SecretIvParameterSpec;
import org.hamcrest.CoreMatchers;
import org.junit.Assert;
import org.junit.Before;
import org.junit.Test;
import org.junit.experimental.categories.Category;

@Category({Small.class})
/* loaded from: input_file:org/eclipse/californium/scandium/dtls/DTLSSessionTest.class */
public class DTLSSessionTest {
    static final int DEFAULT_MAX_FRAGMENT_LENGTH = 16384;
    static final InetSocketAddress PEER_ADDRESS = new InetSocketAddress(InetAddress.getLoopbackAddress(), 10000);
    private static final Random RANDOM = new Random();
    DTLSSession session;

    @Before
    public void setUp() throws Exception {
        this.session = newEstablishedServerSession(PEER_ADDRESS, CipherSuite.TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8, false);
    }

    @Test
    public void testDefaultMaxFragmentLengthCompliesWithSpec() {
        this.session = new DTLSSession(PEER_ADDRESS);
        Assert.assertThat(Integer.valueOf(this.session.getMaxFragmentLength()), CoreMatchers.is(Integer.valueOf(DEFAULT_MAX_FRAGMENT_LENGTH)));
    }

    @Test
    public void testRecordFromPreviousEpochIsDiscarded() {
        this.session.setReadEpoch(1);
        Assert.assertFalse(this.session.isRecordProcessable(0L, 15L, 0));
    }

    @Test
    public void testRecordFromFutureEpochIsDiscarded() {
        this.session.setReadEpoch(1);
        Assert.assertFalse(this.session.isRecordProcessable(2L, 15L, 0));
    }

    @Test
    public void testRecordShiftsReceiveWindow() {
        this.session.setReadEpoch(0);
        this.session.markRecordAsRead(0, 2L);
        Assert.assertTrue(this.session.isRecordProcessable(0L, 0L, 0));
        Assert.assertTrue(this.session.isRecordProcessable(0L, 1L, 0));
        Assert.assertFalse(this.session.isRecordProcessable(0L, 2L, 0));
        Assert.assertTrue(this.session.isRecordProcessable(0L, 64L, 0));
        this.session.markRecordAsRead(0, 64L);
        Assert.assertFalse(this.session.isRecordProcessable(0L, 0L, 0));
        Assert.assertTrue(this.session.isRecordProcessable(0L, 1L, 0));
        Assert.assertFalse(this.session.isRecordProcessable(0L, 2L, 0));
        Assert.assertFalse(this.session.isRecordProcessable(0L, 64L, 0));
    }

    @Test
    public void testRecordShiftsReceiveWindowUsingWindowFilter() {
        this.session.setReadEpoch(0);
        this.session.markRecordAsRead(0, 2L);
        Assert.assertTrue(this.session.isRecordProcessable(0L, 0L, -1));
        Assert.assertTrue(this.session.isRecordProcessable(0L, 1L, -1));
        Assert.assertFalse(this.session.isRecordProcessable(0L, 2L, -1));
        Assert.assertTrue(this.session.isRecordProcessable(0L, 64L, -1));
        Assert.assertTrue(this.session.isRecordProcessable(0L, 100L, -1));
        this.session.markRecordAsRead(0, 64L);
        Assert.assertTrue(this.session.isRecordProcessable(0L, 0L, -1));
        Assert.assertTrue(this.session.isRecordProcessable(0L, 1L, -1));
        Assert.assertFalse(this.session.isRecordProcessable(0L, 2L, -1));
        Assert.assertFalse(this.session.isRecordProcessable(0L, 64L, -1));
        Assert.assertTrue(this.session.isRecordProcessable(0L, 100L, -1));
    }

    @Test
    public void testRecordShiftsReceiveWindowUsingExtendedWindowFilter() {
        this.session.setReadEpoch(0);
        this.session.markRecordAsRead(0, 2L);
        Assert.assertTrue(this.session.isRecordProcessable(0L, 0L, 8));
        Assert.assertTrue(this.session.isRecordProcessable(0L, 1L, 8));
        Assert.assertFalse(this.session.isRecordProcessable(0L, 2L, 8));
        Assert.assertTrue(this.session.isRecordProcessable(0L, 64L, 8));
        Assert.assertTrue(this.session.isRecordProcessable(0L, 100L, 8));
        this.session.markRecordAsRead(0, 80L);
        Assert.assertFalse(this.session.isRecordProcessable(0L, 0L, 8));
        Assert.assertFalse(this.session.isRecordProcessable(0L, 1L, 8));
        Assert.assertFalse(this.session.isRecordProcessable(0L, 2L, 8));
        Assert.assertFalse(this.session.isRecordProcessable(0L, 12L, 0));
        Assert.assertTrue(this.session.isRecordProcessable(0L, 12L, 8));
        Assert.assertFalse(this.session.isRecordProcessable(0L, 80L, 8));
        Assert.assertTrue(this.session.isRecordProcessable(0L, 100L, 8));
    }

    @Test
    public void testEpochSwitchResetsReceiveWindow() {
        int readEpoch = this.session.getReadEpoch();
        this.session.markRecordAsRead(readEpoch, 0L);
        this.session.markRecordAsRead(readEpoch, 2L);
        Assert.assertFalse(this.session.isRecordProcessable(this.session.getReadEpoch(), 0L, 0));
        Assert.assertFalse(this.session.isRecordProcessable(this.session.getReadEpoch(), 2L, 0));
        this.session.setReadState(this.session.getReadState());
        Assert.assertTrue(this.session.isRecordProcessable(this.session.getReadEpoch(), 0L, 0));
        Assert.assertTrue(this.session.isRecordProcessable(this.session.getReadEpoch(), 2L, 0));
    }

    @Test
    public void testHigherSequenceNumberIsNewer() {
        int readEpoch = this.session.getReadEpoch();
        this.session.markRecordAsRead(readEpoch, 0L);
        Assert.assertTrue(this.session.markRecordAsRead(readEpoch, 2L));
    }

    @Test
    public void testLowerSequenceNumberIsNotNewer() {
        int readEpoch = this.session.getReadEpoch();
        this.session.markRecordAsRead(readEpoch, 2L);
        Assert.assertFalse(this.session.markRecordAsRead(readEpoch, 0L));
    }

    @Test
    public void testSameSequenceNumberIsNotNewer() {
        int readEpoch = this.session.getReadEpoch();
        this.session.markRecordAsRead(readEpoch, 2L);
        Assert.assertFalse(this.session.markRecordAsRead(readEpoch, 2L));
    }

    @Test
    public void testHigherEpochIsNewer() {
        this.session.markRecordAsRead(this.session.getReadEpoch(), 2L);
        Assert.assertTrue(this.session.markRecordAsRead(r0 + 1, 0L));
    }

    @Test
    public void testLowerEpochIsNotNewer() {
        this.session.markRecordAsRead(this.session.getReadEpoch(), 0L);
        Assert.assertFalse(this.session.markRecordAsRead(r0 - 1, 2L));
    }

    @Test
    public void testConstructorEnforcesMaxSequenceNo() {
        this.session = new DTLSSession(PEER_ADDRESS, DtlsTestTools.MAX_SEQUENCE_NO);
        try {
            this.session = new DTLSSession(PEER_ADDRESS, 281474976710656L);
            Assert.fail("DTLSSession constructor should have refused initial sequence number > 2^48 - 1");
        } catch (IllegalArgumentException e) {
        }
    }

    @Test(expected = IllegalStateException.class)
    public void testGetSequenceNumberEnforcesMaxSequenceNo() {
        this.session = new DTLSSession(PEER_ADDRESS, DtlsTestTools.MAX_SEQUENCE_NO);
        this.session.getSequenceNumber();
    }

    @Test
    public void testSessionCanBeResumedFromSessionTicket() throws GeneralSecurityException {
        this.session = newEstablishedServerSession(PEER_ADDRESS, CipherSuite.TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8, true);
        assertThatSessionsHaveSameRelevantPropertiesForResumption(new DTLSSession(this.session.getSessionIdentifier(), this.session.getPeer(), this.session.getSessionTicket(), 1L), this.session);
    }

    @Test
    public void testSessionWithServerNamesCanBeResumedFromSessionTicket() throws GeneralSecurityException {
        this.session = newEstablishedServerSession(PEER_ADDRESS, CipherSuite.TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8, true);
        this.session.setHostName("test");
        assertThatSessionsHaveSameRelevantPropertiesForResumption(new DTLSSession(this.session.getSessionIdentifier(), this.session.getPeer(), this.session.getSessionTicket(), 1L), this.session);
    }

    @Test
    public void testSessionCanBeResumedFromSerializedSessionTicket() throws GeneralSecurityException {
        this.session = newEstablishedServerSession(PEER_ADDRESS, CipherSuite.TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8, true);
        assertThatSessionsHaveSameRelevantPropertiesForResumption(new DTLSSession(this.session.getSessionIdentifier(), this.session.getPeer(), serialize(this.session.getSessionTicket()), 1L), this.session);
    }

    @Test
    public void testSessionWithServerNamesCanBeResumedFromSerializedSessionTicket() throws GeneralSecurityException {
        this.session = newEstablishedServerSession(PEER_ADDRESS, CipherSuite.TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8, true);
        this.session.setHostName("test");
        assertThatSessionsHaveSameRelevantPropertiesForResumption(new DTLSSession(this.session.getSessionIdentifier(), this.session.getPeer(), serialize(this.session.getSessionTicket()), 1L), this.session);
    }

    public static void assertThatSessionsHaveSameRelevantPropertiesForResumption(DTLSSession dTLSSession, DTLSSession dTLSSession2) {
        Assert.assertThat(dTLSSession.getSessionIdentifier(), CoreMatchers.is(dTLSSession2.getSessionIdentifier()));
        Assert.assertThat(dTLSSession.getCipherSuite(), CoreMatchers.is(dTLSSession2.getWriteState().getCipherSuite()));
        Assert.assertThat(dTLSSession.getCompressionMethod(), CoreMatchers.is(dTLSSession2.getWriteState().getCompressionMethod()));
        Assert.assertThat(dTLSSession.getMasterSecret(), CoreMatchers.is(dTLSSession2.getMasterSecret()));
        Assert.assertThat(dTLSSession.getPeerIdentity(), CoreMatchers.is(dTLSSession2.getPeerIdentity()));
        Assert.assertThat(dTLSSession.getServerNames(), CoreMatchers.is(dTLSSession2.getServerNames()));
    }

    public static DTLSSession newEstablishedServerSession(InetSocketAddress inetSocketAddress, CipherSuite cipherSuite, boolean z) {
        CertificateType certificateType = z ? CertificateType.RAW_PUBLIC_KEY : CertificateType.X_509;
        DTLSSession dTLSSession = new DTLSSession(inetSocketAddress);
        DTLSConnectionState newConnectionState = newConnectionState(cipherSuite);
        dTLSSession.setSessionIdentifier(new SessionId());
        dTLSSession.setReadState(newConnectionState);
        dTLSSession.setWriteState(newConnectionState);
        dTLSSession.setReceiveCertificateType(certificateType);
        dTLSSession.setSendCertificateType(certificateType);
        dTLSSession.setMasterSecret(new SecretKeySpec(getRandomBytes(48), "MAC"));
        dTLSSession.setPeerIdentity(new PreSharedKeyIdentity("client_identity"));
        return dTLSSession;
    }

    private static DTLSConnectionState newConnectionState(CipherSuite cipherSuite) {
        SecretKeySpec secretKeySpec = null;
        if (cipherSuite.getMacKeyLength() > 0) {
            secretKeySpec = new SecretKeySpec(getRandomBytes(cipherSuite.getMacKeyLength()), "AES");
        }
        return DTLSConnectionState.create(cipherSuite, CompressionMethod.NULL, new SecretKeySpec(getRandomBytes(cipherSuite.getEncKeyLength()), "AES"), new SecretIvParameterSpec(getRandomBytes(cipherSuite.getFixedIvLength())), secretKeySpec);
    }

    private static byte[] getRandomBytes(int i) {
        byte[] bArr = new byte[i];
        RANDOM.nextBytes(bArr);
        return bArr;
    }

    private static SessionTicket serialize(SessionTicket sessionTicket) {
        DatagramWriter datagramWriter = new DatagramWriter(true);
        sessionTicket.encode(datagramWriter);
        byte[] byteArray = datagramWriter.toByteArray();
        SessionTicket decode = SessionTicket.decode(new DatagramReader(byteArray));
        Bytes.clear(byteArray);
        datagramWriter.close();
        return decode;
    }
}
