package org.eclipse.californium.scandium;

import java.io.IOException;
import java.net.DatagramPacket;
import java.net.DatagramSocket;
import java.net.InetSocketAddress;
import java.net.NetworkInterface;
import java.net.SocketAddress;
import java.net.URI;
import java.nio.channels.ClosedByInterruptException;
import java.security.GeneralSecurityException;
import java.security.SecureRandom;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Iterator;
import java.util.List;
import java.util.concurrent.BlockingQueue;
import java.util.concurrent.Executors;
import java.util.concurrent.LinkedBlockingQueue;
import java.util.concurrent.ScheduledExecutorService;
import java.util.concurrent.ThreadFactory;
import java.util.concurrent.TimeUnit;
import java.util.concurrent.atomic.AtomicBoolean;
import java.util.concurrent.atomic.AtomicInteger;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.crypto.Mac;
import javax.crypto.SecretKey;
import javax.crypto.spec.SecretKeySpec;
import org.eclipse.californium.elements.Connector;
import org.eclipse.californium.elements.CorrelationContext;
import org.eclipse.californium.elements.CorrelationContextMatcher;
import org.eclipse.californium.elements.DtlsCorrelationContext;
import org.eclipse.californium.elements.RawData;
import org.eclipse.californium.elements.RawDataChannel;
import org.eclipse.californium.scandium.config.DtlsConnectorConfig;
import org.eclipse.californium.scandium.dtls.AlertMessage;
import org.eclipse.californium.scandium.dtls.ApplicationMessage;
import org.eclipse.californium.scandium.dtls.ClientHandshaker;
import org.eclipse.californium.scandium.dtls.ClientHello;
import org.eclipse.californium.scandium.dtls.CompressionMethod;
import org.eclipse.californium.scandium.dtls.Connection;
import org.eclipse.californium.scandium.dtls.ContentType;
import org.eclipse.californium.scandium.dtls.DTLSFlight;
import org.eclipse.californium.scandium.dtls.DTLSSession;
import org.eclipse.californium.scandium.dtls.DtlsHandshakeException;
import org.eclipse.californium.scandium.dtls.HandshakeException;
import org.eclipse.californium.scandium.dtls.HandshakeMessage;
import org.eclipse.californium.scandium.dtls.HandshakeType;
import org.eclipse.californium.scandium.dtls.Handshaker;
import org.eclipse.californium.scandium.dtls.HelloRequest;
import org.eclipse.californium.scandium.dtls.HelloVerifyRequest;
import org.eclipse.californium.scandium.dtls.InMemoryConnectionStore;
import org.eclipse.californium.scandium.dtls.MaxFragmentLengthExtension;
import org.eclipse.californium.scandium.dtls.ProtocolVersion;
import org.eclipse.californium.scandium.dtls.Record;
import org.eclipse.californium.scandium.dtls.RecordLayer;
import org.eclipse.californium.scandium.dtls.ResumingClientHandshaker;
import org.eclipse.californium.scandium.dtls.ResumingServerHandshaker;
import org.eclipse.californium.scandium.dtls.ResumptionSupportingConnectionStore;
import org.eclipse.californium.scandium.dtls.ServerHandshaker;
import org.eclipse.californium.scandium.dtls.SessionAdapter;
import org.eclipse.californium.scandium.dtls.SessionCache;
import org.eclipse.californium.scandium.dtls.SessionListener;
import org.eclipse.californium.scandium.dtls.SessionTicket;
import org.eclipse.californium.scandium.dtls.cipher.CipherSuite;
import org.eclipse.californium.scandium.util.ByteArrayUtils;

/* loaded from: input_file:org/eclipse/californium/scandium/DTLSConnector.class */
public class DTLSConnector implements Connector {
    public static final String KEY_TLS_SERVER_HOST_NAME = "TLS_SERVER_HOST_NAME";
    private static final String SUPPORTED_SCHEME = "coaps";
    private static final int MAX_PLAINTEXT_FRAGMENT_LENGTH = 16384;
    private final DtlsConnectorConfig config;
    private final ResumptionSupportingConnectionStore connectionStore;
    private final BlockingQueue<RawData> outboundMessages;
    private InetSocketAddress lastBindAddress;
    private int maximumTransmissionUnit;
    private int inboundDatagramBufferSize;
    private Object cookieMacKeyLock;
    private long lastGenerationDate;
    private SecretKey cookieMacKey;
    private DatagramSocket socket;
    private ScheduledExecutorService timer;
    private Worker receiver;
    private Worker sender;
    private AtomicBoolean running;
    private CorrelationContextMatcher correlationContextMatcher;
    private RawDataChannel messageHandler;
    private ErrorHandler errorHandler;
    private SessionListener sessionCacheSynchronization;
    private static final Logger LOGGER = Logger.getLogger(DTLSConnector.class.getCanonicalName());
    private static final int MAX_CIPHERTEXT_EXPANSION = CipherSuite.TLS_PSK_WITH_AES_128_CBC_SHA256.getMaxCiphertextExpansion();
    private static final int MAX_DATAGRAM_BUFFER_SIZE = 16409 + MAX_CIPHERTEXT_EXPANSION;
    private static final ThreadGroup SCANDIUM_THREAD_GROUP = new ThreadGroup("Californium/Scandium");

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/eclipse/californium/scandium/DTLSConnector$RetransmitTask.class */
    public class RetransmitTask implements Runnable {
        private DTLSFlight flight;

        RetransmitTask(DTLSFlight dTLSFlight) {
            this.flight = dTLSFlight;
        }

        @Override // java.lang.Runnable
        public void run() {
            DTLSConnector.this.handleTimeout(this.flight);
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/eclipse/californium/scandium/DTLSConnector$Worker.class */
    public abstract class Worker extends Thread {
        protected Worker(String str) {
            super(DTLSConnector.SCANDIUM_THREAD_GROUP, str);
        }

        @Override // java.lang.Thread, java.lang.Runnable
        public void run() {
            try {
                DTLSConnector.LOGGER.log(Level.CONFIG, "Starting worker thread [{0}]", getName());
                while (DTLSConnector.this.running.get()) {
                    try {
                        doWork();
                    } catch (ClosedByInterruptException e) {
                        DTLSConnector.LOGGER.log(Level.CONFIG, "Worker thread [{0}] has been interrupted", getName());
                    } catch (Exception e2) {
                        if (DTLSConnector.this.running.get()) {
                            DTLSConnector.LOGGER.log(Level.FINE, "Exception thrown by worker thread [" + getName() + "]", (Throwable) e2);
                        }
                    }
                }
                DTLSConnector.LOGGER.log(Level.CONFIG, "Worker thread [{0}] has terminated", getName());
            } catch (Throwable th) {
                DTLSConnector.LOGGER.log(Level.CONFIG, "Worker thread [{0}] has terminated", getName());
                throw th;
            }
        }

        protected abstract void doWork() throws Exception;
    }

    public DTLSConnector(DtlsConnectorConfig dtlsConnectorConfig) {
        this(dtlsConnectorConfig, (SessionCache) null);
    }

    public DTLSConnector(DtlsConnectorConfig dtlsConnectorConfig, SessionCache sessionCache) {
        this(dtlsConnectorConfig, new InMemoryConnectionStore(dtlsConnectorConfig.getMaxConnections(), dtlsConnectorConfig.getStaleConnectionThreshold(), sessionCache));
    }

    DTLSConnector(DtlsConnectorConfig dtlsConnectorConfig, ResumptionSupportingConnectionStore resumptionSupportingConnectionStore) {
        this.maximumTransmissionUnit = 1280;
        this.inboundDatagramBufferSize = MAX_DATAGRAM_BUFFER_SIZE;
        this.cookieMacKeyLock = new Object();
        this.lastGenerationDate = System.currentTimeMillis();
        this.cookieMacKey = new SecretKeySpec(randomBytes(), "MAC");
        this.running = new AtomicBoolean(false);
        if (dtlsConnectorConfig == null) {
            throw new NullPointerException("Configuration must not be null");
        }
        if (resumptionSupportingConnectionStore == null) {
            throw new NullPointerException("Connection store must not be null");
        }
        this.config = dtlsConnectorConfig;
        this.outboundMessages = new LinkedBlockingQueue(this.config.getOutboundMessageBufferSize());
        this.connectionStore = resumptionSupportingConnectionStore;
        this.sessionCacheSynchronization = (SessionListener) this.connectionStore;
    }

    public final void close(InetSocketAddress inetSocketAddress) {
        Connection connection = this.connectionStore.get(inetSocketAddress);
        if (connection == null || connection.getEstablishedSession() == null) {
            return;
        }
        terminateConnection(connection, new AlertMessage(AlertMessage.AlertLevel.WARNING, AlertMessage.AlertDescription.CLOSE_NOTIFY, inetSocketAddress), connection.getEstablishedSession());
    }

    @Override // org.eclipse.californium.elements.Connector
    public final synchronized void start() throws IOException {
        start(this.config.getAddress());
    }

    final synchronized void restart() throws IOException {
        if (this.lastBindAddress == null) {
            throw new IllegalStateException("Connector has never been started before");
        }
        start(this.lastBindAddress);
    }

    private void start(InetSocketAddress inetSocketAddress) throws IOException {
        if (this.running.get()) {
            return;
        }
        this.timer = Executors.newSingleThreadScheduledExecutor(new ThreadFactory() { // from class: org.eclipse.californium.scandium.DTLSConnector.1
            private final AtomicInteger index = new AtomicInteger(1);

            @Override // java.util.concurrent.ThreadFactory
            public Thread newThread(Runnable runnable) {
                Thread thread = new Thread(DTLSConnector.SCANDIUM_THREAD_GROUP, runnable, "DTLS RetransmitTask " + this.index.getAndIncrement(), 0L);
                thread.setDaemon(true);
                thread.setPriority(5);
                return thread;
            }
        });
        this.socket = new DatagramSocket((SocketAddress) null);
        this.socket.setReuseAddress(true);
        this.socket.bind(inetSocketAddress);
        if (this.lastBindAddress != null && (!this.socket.getLocalAddress().equals(this.lastBindAddress.getAddress()) || this.socket.getLocalPort() != this.lastBindAddress.getPort())) {
            if (this.connectionStore instanceof ResumptionSupportingConnectionStore) {
                this.connectionStore.markAllAsResumptionRequired();
            } else {
                this.connectionStore.clear();
            }
        }
        NetworkInterface byInetAddress = NetworkInterface.getByInetAddress(inetSocketAddress.getAddress());
        if (byInetAddress == null || byInetAddress.getMTU() <= 0) {
            LOGGER.config("Cannot determine MTU of network interface, using minimum MTU [1280] of IPv6 instead");
            this.maximumTransmissionUnit = 1280;
        } else {
            this.maximumTransmissionUnit = byInetAddress.getMTU();
        }
        if (this.config.getMaxFragmentLengthCode() != null) {
            this.inboundDatagramBufferSize = MaxFragmentLengthExtension.Length.fromCode(this.config.getMaxFragmentLengthCode().intValue()).length() + MAX_CIPHERTEXT_EXPANSION + 25;
        }
        this.lastBindAddress = new InetSocketAddress(this.socket.getLocalAddress(), this.socket.getLocalPort());
        this.running.set(true);
        this.sender = new Worker("DTLS-Sender-" + this.lastBindAddress) { // from class: org.eclipse.californium.scandium.DTLSConnector.2
            @Override // org.eclipse.californium.scandium.DTLSConnector.Worker
            public void doWork() throws Exception {
                DTLSConnector.this.sendNextMessageOverNetwork();
            }
        };
        this.receiver = new Worker("DTLS-Receiver-" + this.lastBindAddress) { // from class: org.eclipse.californium.scandium.DTLSConnector.3
            @Override // org.eclipse.californium.scandium.DTLSConnector.Worker
            public void doWork() throws Exception {
                DTLSConnector.this.receiveNextDatagramFromNetwork();
            }
        };
        this.receiver.start();
        this.sender.start();
        LOGGER.log(Level.INFO, "DTLS connector listening on [{0}] with MTU [{1}] using (inbound) datagram buffer size [{2} bytes]", new Object[]{this.lastBindAddress, Integer.valueOf(this.maximumTransmissionUnit), Integer.valueOf(this.inboundDatagramBufferSize)});
    }

    public final synchronized void forceResumeSessionFor(InetSocketAddress inetSocketAddress) {
        Connection connection = this.connectionStore.get(inetSocketAddress);
        if (connection == null || connection.getEstablishedSession() == null) {
            return;
        }
        connection.setResumptionRequired(true);
    }

    public final synchronized void forceResumeAllSesions() {
        this.connectionStore.markAllAsResumptionRequired();
    }

    public final synchronized void clearConnectionState() {
        this.connectionStore.clear();
    }

    final synchronized void releaseSocket() {
        this.running.set(false);
        this.sender.interrupt();
        this.outboundMessages.clear();
        if (this.socket != null) {
            this.socket.close();
            this.socket = null;
        }
        this.maximumTransmissionUnit = 0;
    }

    @Override // org.eclipse.californium.elements.Connector
    public final synchronized void stop() {
        if (this.running.get()) {
            LOGGER.log(Level.INFO, "Stopping DTLS connector on [{0}]", this.lastBindAddress);
            this.timer.shutdownNow();
            releaseSocket();
        }
    }

    @Override // org.eclipse.californium.elements.Connector
    public final synchronized void destroy() {
        stop();
        this.connectionStore.clear();
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* JADX WARN: Failed to find 'out' block for switch in B:17:0x00bf. Please report as an issue. */
    public void receiveNextDatagramFromNetwork() throws IOException {
        byte[] bArr = new byte[this.inboundDatagramBufferSize];
        DatagramPacket datagramPacket = new DatagramPacket(bArr, bArr.length);
        synchronized (this.socket) {
            this.socket.receive(datagramPacket);
        }
        if (datagramPacket.getLength() == 0) {
            return;
        }
        InetSocketAddress inetSocketAddress = new InetSocketAddress(datagramPacket.getAddress(), datagramPacket.getPort());
        List<Record> fromByteArray = Record.fromByteArray(Arrays.copyOfRange(datagramPacket.getData(), datagramPacket.getOffset(), datagramPacket.getLength()), inetSocketAddress);
        LOGGER.log(Level.FINER, "Received {0} DTLS records using a {1} byte datagram buffer", new Object[]{Integer.valueOf(fromByteArray.size()), Integer.valueOf(this.inboundDatagramBufferSize)});
        for (Record record : fromByteArray) {
            try {
                LOGGER.log(Level.FINEST, "Received DTLS record of type [{0}]", record.getType());
                switch (record.getType()) {
                    case APPLICATION_DATA:
                        processApplicationDataRecord(record);
                    case ALERT:
                        processAlertRecord(record);
                    case CHANGE_CIPHER_SPEC:
                        processChangeCipherSpecRecord(record);
                    case HANDSHAKE:
                        processHandshakeRecord(record);
                    default:
                        LOGGER.log(Level.FINE, "Discarding record of unsupported type [{0}] from peer [{1}]", new Object[]{record.getType(), record.getPeerAddress()});
                }
            } catch (RuntimeException e) {
                LOGGER.log(Level.INFO, String.format("Unexpected error occurred while processing record from peer [%s]", inetSocketAddress), (Throwable) e);
                terminateConnection(inetSocketAddress, e, AlertMessage.AlertLevel.FATAL, AlertMessage.AlertDescription.INTERNAL_ERROR);
                return;
            }
        }
    }

    private void terminateOngoingHandshake(InetSocketAddress inetSocketAddress, Throwable th, AlertMessage.AlertDescription alertDescription) {
        Connection connection = this.connectionStore.get(inetSocketAddress);
        if (connection == null || !connection.hasOngoingHandshake()) {
            return;
        }
        if (LOGGER.isLoggable(Level.FINEST)) {
            LOGGER.log(Level.FINEST, String.format("Aborting handshake with peer [%s]: ", inetSocketAddress), th);
        } else if (LOGGER.isLoggable(Level.INFO)) {
            LOGGER.log(Level.INFO, "Aborting handshake with peer [{0}]: {1}", new Object[]{inetSocketAddress, th.getMessage()});
        }
        DTLSSession session = connection.getOngoingHandshake().getSession();
        AlertMessage alertMessage = new AlertMessage(AlertMessage.AlertLevel.FATAL, alertDescription, inetSocketAddress);
        if (!connection.hasEstablishedSession()) {
            terminateConnection(connection, alertMessage, session);
        } else {
            send(alertMessage, session);
            connection.terminateOngoingHandshake();
        }
    }

    private void terminateConnection(InetSocketAddress inetSocketAddress) {
        if (inetSocketAddress != null) {
            terminateConnection(this.connectionStore.get(inetSocketAddress));
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void terminateConnection(Connection connection) {
        if (connection != null) {
            connection.cancelPendingFlight();
            connectionClosed(connection.getPeerAddress());
        }
    }

    private void terminateConnection(InetSocketAddress inetSocketAddress, Throwable th, AlertMessage.AlertLevel alertLevel, AlertMessage.AlertDescription alertDescription) {
        Connection connection = this.connectionStore.get(inetSocketAddress);
        if (connection != null) {
            if (connection.hasEstablishedSession()) {
                terminateConnection(connection, new AlertMessage(alertLevel, alertDescription, inetSocketAddress), connection.getEstablishedSession());
            } else if (connection.hasOngoingHandshake()) {
                terminateConnection(connection, new AlertMessage(alertLevel, alertDescription, inetSocketAddress), connection.getOngoingHandshake().getSession());
            }
        }
    }

    private void terminateConnection(Connection connection, AlertMessage alertMessage, DTLSSession dTLSSession) {
        if (alertMessage != null && dTLSSession == null) {
            throw new IllegalArgumentException("Session must not be NULL if alert message is to be sent");
        }
        connection.cancelPendingFlight();
        if (alertMessage == null) {
            LOGGER.log(Level.FINE, "Terminating connection with peer [{0}]", connection.getPeerAddress());
        } else {
            LOGGER.log(Level.FINE, "Terminating connection with peer [{0}], reason [{1}]", new Object[]{connection.getPeerAddress(), alertMessage.getDescription()});
            send(alertMessage, dTLSSession);
        }
        connectionClosed(connection.getPeerAddress());
    }

    private void processApplicationDataRecord(Record record) {
        Connection connection = this.connectionStore.get(record.getPeerAddress());
        if (connection == null || !connection.hasEstablishedSession()) {
            LOGGER.log(Level.FINER, "Discarding APPLICATION_DATA record received from peer [{0}] without an active session", new Object[]{record.getPeerAddress()});
            return;
        }
        DTLSSession establishedSession = connection.getEstablishedSession();
        synchronized (establishedSession) {
            if (establishedSession.isRecordProcessable(record.getEpoch(), record.getSequenceNumber())) {
                try {
                    record.setSession(establishedSession);
                    ApplicationMessage applicationMessage = (ApplicationMessage) record.getFragment();
                    connection.handshakeCompleted(record.getPeerAddress());
                    establishedSession.markRecordAsRead(record.getEpoch(), record.getSequenceNumber());
                    handleApplicationMessage(applicationMessage, establishedSession);
                } catch (GeneralSecurityException | HandshakeException e) {
                    discardRecord(record, e);
                }
            } else {
                LOGGER.log(Level.FINER, "Discarding duplicate APPLICATION_DATA record received from peer [{0}]", record.getPeerAddress());
            }
        }
    }

    private void handleApplicationMessage(ApplicationMessage applicationMessage, DTLSSession dTLSSession) {
        if (this.messageHandler != null) {
            this.messageHandler.receiveData(RawData.inbound(applicationMessage.getData(), applicationMessage.getPeer(), dTLSSession.getPeerIdentity(), new DtlsCorrelationContext(dTLSSession.getSessionIdentifier().toString(), String.valueOf(dTLSSession.getReadEpoch()), dTLSSession.getReadStateCipher()), false));
        }
    }

    private void processAlertRecord(Record record) {
        Connection connection = this.connectionStore.get(record.getPeerAddress());
        if (connection == null) {
            LOGGER.log(Level.FINER, "Discarding ALERT record from [{0}] received without existing connection", record.getPeerAddress());
        } else {
            processAlertRecord(record, connection);
        }
    }

    private void processAlertRecord(Record record, Connection connection) {
        if (connection.hasEstablishedSession() && connection.getEstablishedSession().getReadEpoch() == record.getEpoch()) {
            processAlertRecord(record, connection, connection.getEstablishedSession());
        } else if (connection.hasOngoingHandshake() && connection.getOngoingHandshake().getSession().getReadEpoch() == record.getEpoch()) {
            processAlertRecord(record, connection, connection.getOngoingHandshake().getSession());
        } else {
            LOGGER.log(Level.FINER, "Epoch of ALERT record [epoch=%d] from [%s] does not match expected epoch(s), discarding ...", new Object[]{Integer.valueOf(record.getEpoch()), record.getPeerAddress()});
        }
    }

    private void processAlertRecord(Record record, Connection connection, DTLSSession dTLSSession) {
        record.setSession(dTLSSession);
        try {
            AlertMessage alertMessage = (AlertMessage) record.getFragment();
            LOGGER.log(Level.FINEST, "Processing {0} ALERT from [{1}]: {2}", new Object[]{alertMessage.getLevel(), alertMessage.getPeer(), alertMessage.getDescription()});
            if (AlertMessage.AlertDescription.CLOSE_NOTIFY.equals(alertMessage.getDescription())) {
                terminateConnection(connection, new AlertMessage(AlertMessage.AlertLevel.WARNING, AlertMessage.AlertDescription.CLOSE_NOTIFY, alertMessage.getPeer()), dTLSSession);
            } else if (AlertMessage.AlertLevel.FATAL.equals(alertMessage.getLevel())) {
                terminateConnection(connection);
            }
            synchronized (this.cookieMacKeyLock) {
                if (this.errorHandler != null) {
                    this.errorHandler.onError(alertMessage.getPeer(), alertMessage.getLevel(), alertMessage.getDescription());
                }
            }
        } catch (GeneralSecurityException | HandshakeException e) {
            discardRecord(record, e);
        }
    }

    private void processChangeCipherSpecRecord(Record record) {
        Connection connection = this.connectionStore.get(record.getPeerAddress());
        if (connection == null || !connection.hasOngoingHandshake()) {
            LOGGER.log(Level.FINE, "Received CHANGE_CIPHER_SPEC record from peer [{0}] with no handshake going on", record.getPeerAddress());
            return;
        }
        try {
            connection.getOngoingHandshake().processMessage(record);
        } catch (HandshakeException e) {
            handleExceptionDuringHandshake(e, e.getAlert().getLevel(), e.getAlert().getDescription(), record);
        }
    }

    private void processHandshakeRecord(Record record) {
        LOGGER.log(Level.FINE, "Received {0} record from peer [{1}]", new Object[]{record.getType(), record.getPeerAddress()});
        Connection connection = this.connectionStore.get(record.getPeerAddress());
        try {
            if (connection == null) {
                processHandshakeRecordWithoutConnection(record);
            } else {
                processHandshakeRecordWithConnection(record, connection);
            }
        } catch (HandshakeException e) {
            handleExceptionDuringHandshake(e, e.getAlert().getLevel(), e.getAlert().getDescription(), record);
        }
    }

    private void processHandshakeRecordWithoutConnection(Record record) throws HandshakeException {
        if (record.getEpoch() > 0) {
            LOGGER.log(Level.FINE, "Discarding unexpected handshake message [epoch={0}] received from peer [{1}] without existing connection", new Object[]{Integer.valueOf(record.getEpoch()), record.getPeerAddress()});
            return;
        }
        try {
            HandshakeMessage handshakeMessage = (HandshakeMessage) record.getFragment();
            if (HandshakeType.CLIENT_HELLO.equals(handshakeMessage.getMessageType())) {
                processClientHello((ClientHello) handshakeMessage, record);
            } else {
                LOGGER.log(Level.FINE, "Discarding unexpected {0} message from peer [{1}]", new Object[]{handshakeMessage.getMessageType(), handshakeMessage.getPeer()});
            }
        } catch (GeneralSecurityException e) {
            discardRecord(record, e);
        }
    }

    private void processHandshakeRecordWithConnection(Record record, Connection connection) throws HandshakeException {
        if (connection.hasOngoingHandshake() && connection.getOngoingHandshake().getSession().getReadEpoch() == record.getEpoch()) {
            record.setSession(connection.getOngoingHandshake().getSession());
        } else if (connection.hasEstablishedSession() && connection.getEstablishedSession().getReadEpoch() == record.getEpoch()) {
            record.setSession(connection.getEstablishedSession());
        } else if (record.getEpoch() != 0) {
            LOGGER.log(Level.FINE, "Discarding HANDSHAKE message [epoch={0}] from peer [{1}] which does not match expected epoch(s)", new Object[]{Integer.valueOf(record.getEpoch()), record.getPeerAddress()});
            return;
        }
        try {
            processDecryptedHandshakeMessage((HandshakeMessage) record.getFragment(), record, connection);
        } catch (GeneralSecurityException e) {
            discardRecord(record, e);
        }
    }

    private void processDecryptedHandshakeMessage(HandshakeMessage handshakeMessage, Record record, Connection connection) throws HandshakeException {
        switch (handshakeMessage.getMessageType()) {
            case CLIENT_HELLO:
                processClientHello((ClientHello) handshakeMessage, record, connection);
                return;
            case HELLO_REQUEST:
                processHelloRequest((HelloRequest) handshakeMessage, connection);
                return;
            default:
                processOngoingHandshakeMessage(handshakeMessage, record, connection);
                return;
        }
    }

    private void processOngoingHandshakeMessage(HandshakeMessage handshakeMessage, Record record, Connection connection) throws HandshakeException {
        if (connection.hasOngoingHandshake()) {
            connection.getOngoingHandshake().processMessage(record);
        } else {
            LOGGER.log(Level.FINE, "Discarding {0} message received from peer [{1}] with no handshake going on", new Object[]{handshakeMessage.getMessageType(), handshakeMessage.getPeer()});
        }
    }

    private void processHelloRequest(HelloRequest helloRequest, Connection connection) throws HandshakeException {
        if (connection.hasOngoingHandshake()) {
            LOGGER.log(Level.FINE, "Ignoring {0} received from [{1}] while already in an ongoing handshake with peer", new Object[]{helloRequest.getMessageType(), helloRequest.getPeer()});
            return;
        }
        DTLSSession establishedSession = connection.getEstablishedSession();
        if (establishedSession == null) {
            establishedSession = new DTLSSession(helloRequest.getPeer(), true);
        }
        ClientHandshaker clientHandshaker = new ClientHandshaker(establishedSession, getRecordLayerForPeer(connection), connection, this.config, this.maximumTransmissionUnit);
        addSessionCacheSynchronization(clientHandshaker);
        clientHandshaker.startHandshake();
    }

    private void processClientHello(ClientHello clientHello, Record record) throws HandshakeException {
        if (LOGGER.isLoggable(Level.FINE)) {
            StringBuilder append = new StringBuilder("Processing CLIENT_HELLO from peer [").append(record.getPeerAddress()).append("]");
            if (LOGGER.isLoggable(Level.FINEST)) {
                append.append(":").append(System.lineSeparator()).append(record);
            }
            LOGGER.fine(append.toString());
        }
        if (isClientInControlOfSourceIpAddress(clientHello, record)) {
            if (clientHello.hasSessionId()) {
                resumeExistingSession(clientHello, record);
            } else {
                startNewHandshake(clientHello, record);
            }
        }
    }

    private void processClientHello(ClientHello clientHello, Record record, Connection connection) throws HandshakeException {
        if (LOGGER.isLoggable(Level.FINE)) {
            StringBuilder append = new StringBuilder("Processing CLIENT_HELLO from peer [").append(record.getPeerAddress()).append("]");
            if (LOGGER.isLoggable(Level.FINEST)) {
                append.append(":").append(System.lineSeparator()).append(record);
            }
            LOGGER.fine(append.toString());
        }
        if (isClientInControlOfSourceIpAddress(clientHello, record)) {
            if (isHandshakeAlreadyStartedForMessage(clientHello, connection)) {
                processOngoingHandshakeMessage(clientHello, record, connection);
            } else if (clientHello.hasSessionId()) {
                resumeExistingSession(clientHello, record);
            } else {
                terminateConnection(connection);
                startNewHandshake(clientHello, record);
            }
        }
    }

    private static boolean isHandshakeAlreadyStartedForMessage(ClientHello clientHello, Connection connection) {
        return connection != null && connection.hasOngoingHandshake() && connection.getOngoingHandshake().hasBeenStartedByMessage(clientHello);
    }

    private boolean isClientInControlOfSourceIpAddress(ClientHello clientHello, Record record) {
        byte[] generateCookie = generateCookie(clientHello);
        if (Arrays.equals(generateCookie, clientHello.getCookie())) {
            return true;
        }
        sendHelloVerify(clientHello, record, generateCookie);
        return false;
    }

    private void startNewHandshake(ClientHello clientHello, Record record) throws HandshakeException {
        Connection connection = new Connection(record.getPeerAddress());
        this.connectionStore.put(connection);
        ServerHandshaker serverHandshaker = new ServerHandshaker(clientHello.getMessageSeq(), new DTLSSession(record.getPeerAddress(), false, record.getSequenceNumber()), getRecordLayerForPeer(connection), connection, this.config, this.maximumTransmissionUnit);
        addSessionCacheSynchronization(serverHandshaker);
        serverHandshaker.processMessage(record);
    }

    private void resumeExistingSession(ClientHello clientHello, Record record) throws HandshakeException {
        LOGGER.log(Level.FINER, "Client [{0}] wants to resume session with ID [{1}]", new Object[]{clientHello.getPeer(), clientHello.getSessionId()});
        final Connection find = this.connectionStore.find(clientHello.getSessionId());
        if (find == null || !find.isActive()) {
            LOGGER.log(Level.FINER, "Client [{0}] tries to resume non-existing session [ID={1}], performing full handshake instead ...", new Object[]{clientHello.getPeer(), clientHello.getSessionId()});
            terminateConnection(clientHello.getPeer());
            startNewHandshake(clientHello, record);
            return;
        }
        Connection connection = new Connection(record.getPeerAddress());
        SessionTicket sessionTicket = null;
        if (find.hasEstablishedSession()) {
            sessionTicket = find.getEstablishedSession().getSessionTicket();
        } else if (find.hasSessionTicket()) {
            sessionTicket = find.getSessionTicket();
        }
        ResumingServerHandshaker resumingServerHandshaker = new ResumingServerHandshaker(clientHello.getMessageSeq(), new DTLSSession(clientHello.getSessionId(), record.getPeerAddress(), sessionTicket, record.getSequenceNumber()), getRecordLayerForPeer(connection), connection, this.config, this.maximumTransmissionUnit);
        addSessionCacheSynchronization(resumingServerHandshaker);
        if (find.hasEstablishedSession()) {
            if (find.getPeerAddress().equals(connection.getPeerAddress())) {
                terminateConnection(find);
            } else {
                resumingServerHandshaker.addSessionListener(new SessionAdapter() { // from class: org.eclipse.californium.scandium.DTLSConnector.4
                    @Override // org.eclipse.californium.scandium.dtls.SessionAdapter, org.eclipse.californium.scandium.dtls.SessionListener
                    public void sessionEstablished(Handshaker handshaker, DTLSSession dTLSSession) throws HandshakeException {
                        DTLSConnector.LOGGER.log(Level.FINER, "Discarding existing connection to [{0}] after successful resumption of session [ID={1}] by peer [{2}]", new Object[]{find.getPeerAddress(), dTLSSession.getSessionIdentifier(), dTLSSession.getPeer()});
                        DTLSConnector.this.terminateConnection(find);
                    }
                });
            }
        }
        this.connectionStore.put(connection);
        resumingServerHandshaker.processMessage(record);
    }

    private void sendHelloVerify(ClientHello clientHello, Record record, byte[] bArr) {
        LOGGER.log(Level.FINER, "Verifying client IP address [{0}] using HELLO_VERIFY_REQUEST", record.getPeerAddress());
        HelloVerifyRequest helloVerifyRequest = new HelloVerifyRequest(new ProtocolVersion(), bArr, record.getPeerAddress());
        helloVerifyRequest.setMessageSeq(clientHello.getMessageSeq());
        sendRecord(new Record(ContentType.HANDSHAKE, 0, record.getSequenceNumber(), helloVerifyRequest, record.getPeerAddress()));
    }

    private SecretKey getMacKeyForCookies() {
        SecretKey secretKey;
        synchronized (this.cookieMacKeyLock) {
            if (System.currentTimeMillis() - this.lastGenerationDate > TimeUnit.MINUTES.toMillis(5L)) {
                this.cookieMacKey = new SecretKeySpec(randomBytes(), "MAC");
                this.lastGenerationDate = System.currentTimeMillis();
            }
            secretKey = this.cookieMacKey;
        }
        return secretKey;
    }

    private byte[] generateCookie(ClientHello clientHello) {
        try {
            Mac mac = Mac.getInstance("HmacSHA256");
            mac.init(getMacKeyForCookies());
            mac.update(clientHello.getPeer().toString().getBytes());
            mac.update((byte) clientHello.getClientVersion().getMajor());
            mac.update((byte) clientHello.getClientVersion().getMinor());
            mac.update(clientHello.getRandom().getRandomBytes());
            mac.update(clientHello.getSessionId().getId());
            mac.update(CipherSuite.listToByteArray(clientHello.getCipherSuites()));
            mac.update(CompressionMethod.listToByteArray(clientHello.getCompressionMethods()));
            return mac.doFinal();
        } catch (GeneralSecurityException e) {
            throw new DtlsHandshakeException("Cannot compute cookie for peer", AlertMessage.AlertDescription.INTERNAL_ERROR, AlertMessage.AlertLevel.FATAL, clientHello.getPeer(), e);
        }
    }

    void send(AlertMessage alertMessage, DTLSSession dTLSSession) {
        if (alertMessage == null) {
            throw new IllegalArgumentException("Alert must not be NULL");
        }
        if (dTLSSession == null) {
            throw new IllegalArgumentException("Session must not be NULL");
        }
        try {
            sendRecord(new Record(ContentType.ALERT, dTLSSession.getWriteEpoch(), dTLSSession.getSequenceNumber(), alertMessage, dTLSSession));
        } catch (GeneralSecurityException e) {
            LOGGER.log(Level.FINE, String.format("Cannot create ALERT message for peer [%s]", dTLSSession.getPeer()), (Throwable) e);
        }
    }

    @Override // org.eclipse.californium.elements.Connector
    public final void send(RawData rawData) {
        if (rawData == null) {
            throw new NullPointerException("Message must not be null");
        }
        if (!this.running.get()) {
            throw new IllegalStateException("connector must be started before sending messages is possible");
        }
        if (rawData.getBytes().length > 16384) {
            throw new IllegalArgumentException("Message data must not exceed 16384 bytes");
        }
        if (!this.outboundMessages.offer(rawData)) {
            LOGGER.log(Level.WARNING, "Outbound message queue is full! Dropping outbound message to peer [{0}]", rawData.getInetSocketAddress());
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void sendNextMessageOverNetwork() throws HandshakeException {
        try {
            sendMessage(this.outboundMessages.take());
        } catch (InterruptedException e) {
            Thread.currentThread().interrupt();
        }
    }

    private void sendMessage(RawData rawData) throws HandshakeException {
        InetSocketAddress inetSocketAddress = rawData.getInetSocketAddress();
        LOGGER.log(Level.FINER, "Sending application layer message to peer [{0}]", inetSocketAddress);
        Connection connection = this.connectionStore.get(inetSocketAddress);
        if (connection == null) {
            connection = new Connection(inetSocketAddress);
            this.connectionStore.put(connection);
        }
        DTLSSession establishedSession = connection.getEstablishedSession();
        if (establishedSession == null) {
            if (checkOutboundCorrelationContext(rawData, null)) {
                ClientHandshaker clientHandshaker = new ClientHandshaker(new DTLSSession(inetSocketAddress, true), getRecordLayerForPeer(connection), connection, this.config, this.maximumTransmissionUnit);
                addSessionCacheSynchronization(clientHandshaker);
                clientHandshaker.addSessionListener(newDeferredMessageSender(rawData));
                clientHandshaker.startHandshake();
                return;
            }
            return;
        }
        if (!connection.isResumptionRequired()) {
            sendMessage(rawData, establishedSession);
            return;
        }
        DTLSSession dTLSSession = new DTLSSession(establishedSession.getSessionIdentifier(), inetSocketAddress, establishedSession.getSessionTicket(), 0L);
        Connection connection2 = new Connection(inetSocketAddress);
        terminateConnection(connection, null, null);
        this.connectionStore.put(connection2);
        ResumingClientHandshaker resumingClientHandshaker = new ResumingClientHandshaker(dTLSSession, getRecordLayerForPeer(connection2), connection2, this.config, this.maximumTransmissionUnit);
        addSessionCacheSynchronization(resumingClientHandshaker);
        resumingClientHandshaker.addSessionListener(newDeferredMessageSender(rawData));
        resumingClientHandshaker.startHandshake();
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void sendMessage(RawData rawData, DTLSSession dTLSSession) {
        try {
            DtlsCorrelationContext dtlsCorrelationContext = new DtlsCorrelationContext(dTLSSession.getSessionIdentifier().toString(), String.valueOf(dTLSSession.getWriteEpoch()), dTLSSession.getWriteStateCipher());
            if (checkOutboundCorrelationContext(rawData, dtlsCorrelationContext)) {
                Record record = new Record(ContentType.APPLICATION_DATA, dTLSSession.getWriteEpoch(), dTLSSession.getSequenceNumber(), new ApplicationMessage(rawData.getBytes(), rawData.getInetSocketAddress()), dTLSSession);
                if (rawData.getMessageCallback() != null) {
                    rawData.getMessageCallback().onContextEstablished(dtlsCorrelationContext);
                }
                sendRecord(record);
            }
        } catch (GeneralSecurityException e) {
            LOGGER.log(Level.FINE, String.format("Cannot send APPLICATION record to peer [%s]", rawData.getInetSocketAddress()), (Throwable) e);
        }
    }

    private boolean checkOutboundCorrelationContext(RawData rawData, CorrelationContext correlationContext) {
        CorrelationContextMatcher correlationContextMatcher = getCorrelationContextMatcher();
        if (null == correlationContextMatcher || correlationContextMatcher.isToBeSent(rawData.getCorrelationContext(), correlationContext)) {
            return true;
        }
        if (!LOGGER.isLoggable(Level.WARNING)) {
            return false;
        }
        LOGGER.log(Level.WARNING, "DTLSConnector ({0}) drops {1} bytes to {2}:{3}", new Object[]{getUri(), Integer.valueOf(rawData.getSize()), rawData.getAddress(), Integer.valueOf(rawData.getPort())});
        return false;
    }

    private void addSessionCacheSynchronization(Handshaker handshaker) {
        if (this.sessionCacheSynchronization != null) {
            handshaker.addSessionListener(this.sessionCacheSynchronization);
        }
    }

    private SessionListener newDeferredMessageSender(final RawData rawData) {
        return new SessionAdapter() { // from class: org.eclipse.californium.scandium.DTLSConnector.5
            @Override // org.eclipse.californium.scandium.dtls.SessionAdapter, org.eclipse.californium.scandium.dtls.SessionListener
            public void sessionEstablished(Handshaker handshaker, DTLSSession dTLSSession) throws HandshakeException {
                DTLSConnector.LOGGER.log(Level.FINE, "Session with [{0}] established, now sending deferred message", dTLSSession.getPeer());
                DTLSConnector.this.sendMessage(rawData, dTLSSession);
            }
        };
    }

    public final DTLSSession getSessionByAddress(InetSocketAddress inetSocketAddress) {
        Connection connection;
        if (inetSocketAddress == null || (connection = this.connectionStore.get(inetSocketAddress)) == null) {
            return null;
        }
        return connection.getEstablishedSession();
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void sendHandshakeFlight(DTLSFlight dTLSFlight, Connection connection) {
        if (dTLSFlight != null) {
            connection.cancelPendingFlight();
            if (dTLSFlight.isRetransmissionNeeded()) {
                connection.setPendingFlight(dTLSFlight);
                scheduleRetransmission(dTLSFlight);
            }
            sendFlight(dTLSFlight);
        }
    }

    private void sendFlight(DTLSFlight dTLSFlight) {
        byte[] bArr = new byte[0];
        int i = this.maximumTransmissionUnit;
        if (dTLSFlight.getSession() != null) {
            i = dTLSFlight.getSession().getMaxDatagramSize();
        }
        ArrayList arrayList = new ArrayList();
        try {
            for (Record record : dTLSFlight.getMessages()) {
                byte[] byteArray = record.toByteArray();
                if (byteArray.length > i) {
                    LOGGER.log(Level.INFO, "{0} record of {1} bytes for peer [{2}] exceeds max. datagram size [{3}], discarding...", new Object[]{record.getType(), Integer.valueOf(byteArray.length), record.getPeerAddress(), Integer.valueOf(i)});
                } else {
                    LOGGER.log(Level.FINEST, "Sending record of {2} bytes to peer [{0}]:\n{1}", new Object[]{dTLSFlight.getPeerAddress(), record, Integer.valueOf(byteArray.length)});
                    if (bArr.length + byteArray.length > i) {
                        arrayList.add(new DatagramPacket(bArr, bArr.length, dTLSFlight.getPeerAddress().getAddress(), dTLSFlight.getPeerAddress().getPort()));
                        bArr = new byte[0];
                    }
                    bArr = ByteArrayUtils.concatenate(bArr, byteArray);
                }
            }
            arrayList.add(new DatagramPacket(bArr, bArr.length, dTLSFlight.getPeerAddress().getAddress(), dTLSFlight.getPeerAddress().getPort()));
            LOGGER.log(Level.FINER, "Sending flight of {0} message(s) to peer [{1}] using {2} datagram(s) of max. {3} bytes", new Object[]{Integer.valueOf(dTLSFlight.getMessages().size()), dTLSFlight.getPeerAddress(), Integer.valueOf(arrayList.size()), Integer.valueOf(i)});
            Iterator it = arrayList.iterator();
            while (it.hasNext()) {
                sendDatagram((DatagramPacket) it.next());
            }
        } catch (IOException e) {
            LOGGER.log(Level.WARNING, "Could not send datagram", (Throwable) e);
        }
    }

    private void sendRecord(Record record) {
        try {
            byte[] byteArray = record.toByteArray();
            sendDatagram(new DatagramPacket(byteArray, byteArray.length, record.getPeerAddress()));
        } catch (IOException e) {
            LOGGER.log(Level.WARNING, "Could not send record", (Throwable) e);
        }
    }

    private void sendDatagram(DatagramPacket datagramPacket) throws IOException {
        if (this.socket.isClosed()) {
            LOGGER.log(Level.FINE, "Socket [{0}] is closed, discarding packet ...", this.config.getAddress());
        } else {
            this.socket.send(datagramPacket);
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void handleTimeout(DTLSFlight dTLSFlight) {
        int maxRetransmissions = this.config.getMaxRetransmissions();
        if (dTLSFlight.getTries() >= maxRetransmissions) {
            LOGGER.log(Level.FINE, "Flight for [{0}] has reached maximum no. [{1}] of retransmissions, discarding ...", new Object[]{dTLSFlight.getPeerAddress(), Integer.valueOf(maxRetransmissions)});
            return;
        }
        LOGGER.log(Level.FINE, "Re-transmitting flight for [{0}], [{1}] retransmissions left", new Object[]{dTLSFlight.getPeerAddress(), Integer.valueOf((maxRetransmissions - dTLSFlight.getTries()) - 1)});
        try {
            dTLSFlight.incrementTries();
            dTLSFlight.setNewSequenceNumbers();
            sendFlight(dTLSFlight);
            scheduleRetransmission(dTLSFlight);
        } catch (GeneralSecurityException e) {
            LOGGER.log(Level.INFO, String.format("Cannot retransmit flight to peer [%s]", dTLSFlight.getPeerAddress()), (Throwable) e);
        }
    }

    private void scheduleRetransmission(DTLSFlight dTLSFlight) {
        dTLSFlight.cancelRetransmission();
        if (dTLSFlight.isRetransmissionNeeded()) {
            if (dTLSFlight.getTimeout() == 0) {
                dTLSFlight.setTimeout(this.config.getRetransmissionTimeout());
            } else {
                dTLSFlight.incrementTimeout();
            }
            dTLSFlight.setRetransmitTask(this.timer.schedule(new RetransmitTask(dTLSFlight), dTLSFlight.getTimeout(), TimeUnit.MILLISECONDS));
        }
    }

    public final int getMaximumTransmissionUnit() {
        return this.maximumTransmissionUnit;
    }

    public final int getMaximumFragmentLength(InetSocketAddress inetSocketAddress) {
        Connection connection = this.connectionStore.get(inetSocketAddress);
        return (connection == null || connection.getEstablishedSession() == null) ? this.maximumTransmissionUnit - 53 : connection.getEstablishedSession().getMaxFragmentLength();
    }

    @Override // org.eclipse.californium.elements.Connector
    public final InetSocketAddress getAddress() {
        return this.socket == null ? this.config.getAddress() : new InetSocketAddress(this.socket.getLocalAddress(), this.socket.getLocalPort());
    }

    public final boolean isRunning() {
        return this.running.get();
    }

    private RecordLayer getRecordLayerForPeer(final Connection connection) {
        return new RecordLayer() { // from class: org.eclipse.californium.scandium.DTLSConnector.6
            @Override // org.eclipse.californium.scandium.dtls.RecordLayer
            public void sendRecord(Record record) {
                sendRecord(record);
            }

            @Override // org.eclipse.californium.scandium.dtls.RecordLayer
            public void sendFlight(DTLSFlight dTLSFlight) {
                DTLSConnector.this.sendHandshakeFlight(dTLSFlight, connection);
            }
        };
    }

    @Override // org.eclipse.californium.elements.Connector
    public void setRawDataReceiver(RawDataChannel rawDataChannel) {
        if (isRunning()) {
            throw new IllegalStateException("message handler cannot be set on running connector");
        }
        this.messageHandler = rawDataChannel;
    }

    @Override // org.eclipse.californium.elements.Connector
    public synchronized void setCorrelationContextMatcher(CorrelationContextMatcher correlationContextMatcher) {
        this.correlationContextMatcher = correlationContextMatcher;
    }

    private synchronized CorrelationContextMatcher getCorrelationContextMatcher() {
        return this.correlationContextMatcher;
    }

    public final void setErrorHandler(ErrorHandler errorHandler) {
        synchronized (this.cookieMacKeyLock) {
            this.errorHandler = errorHandler;
        }
    }

    private void connectionClosed(InetSocketAddress inetSocketAddress) {
        if (inetSocketAddress != null) {
            this.connectionStore.remove(inetSocketAddress);
        }
    }

    private static byte[] randomBytes() {
        byte[] bArr = new byte[32];
        new SecureRandom().nextBytes(bArr);
        return bArr;
    }

    private void handleExceptionDuringHandshake(Throwable th, AlertMessage.AlertLevel alertLevel, AlertMessage.AlertDescription alertDescription, Record record) {
        if (AlertMessage.AlertLevel.FATAL.equals(alertLevel)) {
            terminateOngoingHandshake(record.getPeerAddress(), th, alertDescription);
        } else {
            discardRecord(record, th);
        }
    }

    private static void discardRecord(Record record, Throwable th) {
        if (LOGGER.isLoggable(Level.FINEST)) {
            LOGGER.log(Level.FINEST, String.format("Discarding %s record from peer [%s]: ", record.getType(), record.getPeerAddress()), th);
        } else if (LOGGER.isLoggable(Level.FINE)) {
            LOGGER.log(Level.FINE, "Discarding {0} record from peer [{1}]: {2}", new Object[]{record.getType(), record.getPeerAddress(), th.getMessage()});
        }
    }

    @Override // org.eclipse.californium.elements.Connector
    public boolean isSchemeSupported(String str) {
        return "coaps".contentEquals(str);
    }

    @Override // org.eclipse.californium.elements.Connector
    public URI getUri() {
        return URI.create(String.format("%s://%s:%d", "coaps", getAddress().getHostString(), Integer.valueOf(getAddress().getPort())));
    }
}
