package org.eclipse.californium.scandium.dtls;

import java.net.InetSocketAddress;
import java.security.GeneralSecurityException;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.List;
import org.eclipse.californium.elements.util.DatagramReader;
import org.eclipse.californium.elements.util.DatagramWriter;
import org.eclipse.californium.elements.util.StringUtil;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/eclipse/californium/scandium/dtls/Record.class */
public class Record {
    private static final Logger LOGGER = LoggerFactory.getLogger((Class<?>) Record.class);
    public static final int CONTENT_TYPE_BITS = 8;
    public static final int VERSION_BITS = 8;
    public static final int EPOCH_BITS = 16;
    public static final int SEQUENCE_NUMBER_BITS = 48;
    public static final int LENGTH_BITS = 16;
    public static final int CID_LENGTH_BITS = 8;
    public static final int RECORD_HEADER_BITS = 104;
    private static final long MAX_SEQUENCE_NO = 281474976710655L;
    private ContentType type;
    private final ProtocolVersion version;
    private final int epoch;
    private long sequenceNumber;
    private final long receiveNanos;
    private DTLSMessage fragment;
    private byte[] fragmentBytes;
    private ConnectionId connectionId;
    private int padding;
    private final DTLSConnectionState outgoingWriteState;
    private DTLSSession incomingSession;
    private DTLSConnectionState incomingReadState;
    private final InetSocketAddress peerAddress;

    Record(ContentType contentType, ProtocolVersion protocolVersion, int i, long j, ConnectionId connectionId, byte[] bArr, InetSocketAddress inetSocketAddress, long j2) {
        this(protocolVersion, i, j, j2, null, inetSocketAddress);
        if (contentType == null) {
            throw new NullPointerException("Type must not be null");
        }
        if (bArr == null) {
            throw new NullPointerException("Fragment bytes must not be null");
        }
        if (inetSocketAddress == null) {
            throw new NullPointerException("Peer address must not be null");
        }
        this.type = contentType;
        this.connectionId = connectionId;
        this.fragmentBytes = bArr;
    }

    public Record(ContentType contentType, int i, long j, DTLSMessage dTLSMessage, DTLSSession dTLSSession, boolean z, int i2) throws GeneralSecurityException {
        this(new ProtocolVersion(), i, j, 0L, dTLSSession, null);
        if (dTLSMessage == null) {
            throw new NullPointerException("Fragment must not be null");
        }
        if (dTLSSession == null) {
            throw new NullPointerException("Session must not be null");
        }
        if (dTLSSession.getPeer() == null) {
            throw new IllegalArgumentException("Session's peer address must not be null");
        }
        setType(contentType);
        if (z) {
            this.connectionId = dTLSSession.getWriteConnectionId();
            this.padding = i2;
        }
        setEncodedFragment(dTLSMessage);
        if (this.fragmentBytes == null) {
            throw new IllegalArgumentException("Fragment missing encoded bytes!");
        }
    }

    public Record(ContentType contentType, long j, DTLSMessage dTLSMessage, InetSocketAddress inetSocketAddress) {
        this(new ProtocolVersion(), 0, j, 0L, null, inetSocketAddress);
        if (dTLSMessage == null) {
            throw new NullPointerException("Fragment must not be null");
        }
        if (inetSocketAddress == null) {
            throw new NullPointerException("Peer address must not be null");
        }
        setType(contentType);
        this.fragment = dTLSMessage;
        this.fragmentBytes = dTLSMessage.toByteArray();
        if (this.fragmentBytes == null) {
            throw new IllegalArgumentException("Fragment missing encoded bytes!");
        }
    }

    private Record(ProtocolVersion protocolVersion, int i, long j, long j2, DTLSSession dTLSSession, InetSocketAddress inetSocketAddress) {
        if (j > MAX_SEQUENCE_NO) {
            throw new IllegalArgumentException("Sequence number must be 48 bits only! " + j);
        }
        if (j < 0) {
            throw new IllegalArgumentException("Sequence number must not be less than 0! " + j);
        }
        if (i < 0) {
            throw new IllegalArgumentException("Epoch must not be less than 0! " + i);
        }
        if (protocolVersion == null) {
            throw new NullPointerException("Version must not be null");
        }
        this.version = protocolVersion;
        this.epoch = i;
        this.sequenceNumber = j;
        this.receiveNanos = j2;
        this.outgoingWriteState = dTLSSession == null ? null : dTLSSession.getWriteState();
        if (inetSocketAddress != null || dTLSSession == null) {
            this.peerAddress = inetSocketAddress;
        } else {
            this.peerAddress = dTLSSession.getPeer();
        }
    }

    public byte[] toByteArray() {
        DatagramWriter datagramWriter = new DatagramWriter();
        if (useConnectionId()) {
            datagramWriter.write(ContentType.TLS12_CID.getCode(), 8);
        } else {
            datagramWriter.write(this.type.getCode(), 8);
        }
        datagramWriter.write(this.version.getMajor(), 8);
        datagramWriter.write(this.version.getMinor(), 8);
        datagramWriter.write(this.epoch, 16);
        datagramWriter.writeLong(this.sequenceNumber, 48);
        if (useConnectionId()) {
            datagramWriter.writeBytes(this.connectionId.getBytes());
        }
        datagramWriter.write(this.fragmentBytes.length, 16);
        datagramWriter.writeBytes(this.fragmentBytes);
        return datagramWriter.toByteArray();
    }

    public int size() {
        return 13 + getFragmentLength();
    }

    public static List<Record> fromByteArray(byte[] bArr, InetSocketAddress inetSocketAddress, ConnectionIdGenerator connectionIdGenerator, long j) {
        if (bArr == null) {
            throw new NullPointerException("Byte array must not be null");
        }
        if (inetSocketAddress == null) {
            throw new NullPointerException("Peer address must not be null");
        }
        ArrayList arrayList = new ArrayList();
        DatagramReader datagramReader = new DatagramReader(bArr, false);
        while (datagramReader.bytesAvailable()) {
            if (datagramReader.bitsLeft() < 104) {
                LOGGER.debug("Received truncated DTLS record(s). Discarding ...");
                return arrayList;
            }
            int read = datagramReader.read(8);
            ProtocolVersion protocolVersion = new ProtocolVersion(datagramReader.read(8), datagramReader.read(8));
            int read2 = datagramReader.read(16);
            long readLong = datagramReader.readLong(48);
            ConnectionId connectionId = null;
            if (read == ContentType.TLS12_CID.getCode()) {
                if (connectionIdGenerator == null) {
                    LOGGER.debug("Received TLS_CID record, but cid is not supported. Discarding ...");
                    return arrayList;
                }
                if (!connectionIdGenerator.useConnectionId()) {
                    LOGGER.debug("Received TLS_CID record, but cid is not used. Discarding ...");
                    return arrayList;
                }
                try {
                    connectionId = connectionIdGenerator.read(datagramReader);
                    if (connectionId == null) {
                        LOGGER.debug("Received TLS_CID record, but cid is not matching. Discarding ...");
                        return arrayList;
                    }
                } catch (RuntimeException e) {
                    LOGGER.debug("Received TLS_CID record, failed to read cid. Discarding ...", e.getMessage());
                    return arrayList;
                }
            }
            int read3 = datagramReader.read(16);
            if (datagramReader.bitsLeft() < read3 * 8) {
                LOGGER.debug("Received truncated DTLS record(s). Discarding ...");
                return arrayList;
            }
            byte[] readBytes = datagramReader.readBytes(read3);
            ContentType typeByValue = ContentType.getTypeByValue(read);
            if (typeByValue == null) {
                LOGGER.debug("Received DTLS record of unsupported type [{}]. Discarding ...", Integer.valueOf(read));
            } else {
                arrayList.add(new Record(typeByValue, protocolVersion, read2, readLong, connectionId, readBytes, inetSocketAddress, j));
            }
        }
        return arrayList;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public byte[] generateExplicitNonce() {
        DatagramWriter datagramWriter = new DatagramWriter();
        datagramWriter.write(this.epoch, 16);
        datagramWriter.writeLong(this.sequenceNumber, 48);
        return datagramWriter.toByteArray();
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public byte[] generateAdditionalData(int i) {
        DatagramWriter datagramWriter = new DatagramWriter();
        datagramWriter.write(this.epoch, 16);
        datagramWriter.writeLong(this.sequenceNumber, 48);
        if (useConnectionId()) {
            datagramWriter.write(ContentType.TLS12_CID.getCode(), 8);
        } else {
            datagramWriter.write(this.type.getCode(), 8);
        }
        datagramWriter.write(this.version.getMajor(), 8);
        datagramWriter.write(this.version.getMinor(), 8);
        if (useConnectionId()) {
            datagramWriter.writeBytes(this.connectionId.getBytes());
            datagramWriter.write(this.connectionId.length(), 8);
        }
        datagramWriter.write(i, 16);
        return datagramWriter.toByteArray();
    }

    public boolean isNewClientHello() {
        return 0 >= this.epoch && this.type == ContentType.HANDSHAKE && 0 != this.fragmentBytes.length && HandshakeType.getTypeByCode(this.fragmentBytes[0]) == HandshakeType.CLIENT_HELLO;
    }

    public ContentType getType() {
        return this.type;
    }

    public ProtocolVersion getVersion() {
        return this.version;
    }

    public int getEpoch() {
        return this.epoch;
    }

    public long getSequenceNumber() {
        return this.sequenceNumber;
    }

    public void updateSequenceNumber(long j) throws GeneralSecurityException {
        if (j > MAX_SEQUENCE_NO) {
            throw new IllegalArgumentException("Sequence number must have max 48 bits");
        }
        if (j < 0) {
            throw new IllegalArgumentException("Sequence number must not be smaller than 0! " + j);
        }
        if (this.fragment == null) {
            throw new IllegalStateException("Fragment must not be null!");
        }
        if (this.outgoingWriteState == null) {
            throw new IllegalStateException("Write state must not be null!");
        }
        if (this.sequenceNumber != j) {
            this.sequenceNumber = j;
            if (this.epoch > 0) {
                setEncodedFragment(this.fragment);
            }
        }
    }

    public int getFragmentLength() {
        return this.fragmentBytes.length;
    }

    public void applySession(DTLSSession dTLSSession) throws GeneralSecurityException, HandshakeException {
        int readEpoch;
        DTLSConnectionState readState;
        if (dTLSSession == null) {
            readEpoch = 0;
            readState = DTLSConnectionState.NULL;
        } else {
            readEpoch = dTLSSession.getReadEpoch();
            readState = dTLSSession.getReadState();
        }
        if (readEpoch != this.epoch) {
            throw new IllegalArgumentException("session for different epoch! session " + readEpoch + " != record " + this.epoch);
        }
        if (this.fragment != null) {
            if (this.incomingReadState != readState) {
                LOGGER.error("{} != {}", readState, this.incomingReadState);
                throw new IllegalArgumentException("session read state changed!");
            }
        } else {
            this.incomingSession = dTLSSession;
            this.incomingReadState = readState;
            decodeFragment();
        }
    }

    public InetSocketAddress getPeerAddress() {
        if (this.peerAddress == null) {
            throw new NullPointerException("missing peer address!");
        }
        return this.peerAddress;
    }

    public ConnectionId getConnectionId() {
        return this.connectionId;
    }

    public long getReceiveNanos() {
        return this.receiveNanos;
    }

    public byte[] getFragmentBytes() {
        return this.fragmentBytes;
    }

    public DTLSMessage getFragment() {
        if (this.fragment == null) {
            throw new IllegalStateException("fragment not decoded!");
        }
        return this.fragment;
    }

    private void decodeFragment() throws GeneralSecurityException, HandshakeException {
        ContentType contentType = this.type;
        byte[] decrypt = this.incomingReadState.decrypt(this, this.fragmentBytes);
        if (ContentType.TLS12_CID == this.type) {
            int length = decrypt.length - 1;
            while (length >= 0 && decrypt[length] == 0) {
                length--;
            }
            if (length < 0) {
                throw new GeneralSecurityException("no inner type!");
            }
            byte b = decrypt[length];
            contentType = ContentType.getTypeByValue(b);
            if (contentType == null) {
                throw new GeneralSecurityException("unknown inner type! " + ((int) b));
            }
            decrypt = Arrays.copyOf(decrypt, length);
        }
        switch (contentType) {
            case ALERT:
                this.fragment = AlertMessage.fromByteArray(decrypt, getPeerAddress());
                break;
            case APPLICATION_DATA:
                this.fragment = ApplicationMessage.fromByteArray(decrypt, getPeerAddress());
                break;
            case CHANGE_CIPHER_SPEC:
                this.fragment = ChangeCipherSpecMessage.fromByteArray(decrypt, getPeerAddress());
                break;
            case HANDSHAKE:
                this.fragment = handshakeMessageFromByteArray(decrypt);
                break;
            default:
                LOGGER.warn("Cannot decrypt message of unsupported type [{}]", this.type);
                break;
        }
        this.type = contentType;
    }

    private DTLSMessage handshakeMessageFromByteArray(byte[] bArr) throws GeneralSecurityException, HandshakeException {
        if (LOGGER.isTraceEnabled()) {
            LOGGER.trace("Parsing HANDSHAKE message plaintext{}{}", StringUtil.lineSeparator(), StringUtil.byteArray2HexString(bArr));
        }
        HandshakeParameter handshakeParameter = null;
        if (this.incomingSession != null) {
            handshakeParameter = this.incomingSession.getParameter();
            LOGGER.debug("Parsing HANDSHAKE message plaintext with parameter [{}]", handshakeParameter);
        } else {
            LOGGER.debug("Parsing HANDSHAKE message without a session");
        }
        return HandshakeMessage.fromByteArray(bArr, handshakeParameter, getPeerAddress());
    }

    private void setEncodedFragment(DTLSMessage dTLSMessage) throws GeneralSecurityException {
        byte[] byteArray = dTLSMessage.toByteArray();
        if (byteArray == null) {
            throw new NullPointerException("fragment must not return null");
        }
        if (useConnectionId()) {
            int length = byteArray.length;
            byteArray = Arrays.copyOf(byteArray, length + 1 + this.padding);
            byteArray[length] = (byte) this.type.getCode();
        }
        this.fragmentBytes = this.outgoingWriteState.encrypt(this, byteArray);
        this.fragment = dTLSMessage;
    }

    boolean useConnectionId() {
        return (this.connectionId == null || this.connectionId.isEmpty()) ? false : true;
    }

    private void setType(ContentType contentType) {
        if (contentType == null) {
            throw new NullPointerException("Type must not be null");
        }
        switch (contentType) {
            case ALERT:
            case APPLICATION_DATA:
            case CHANGE_CIPHER_SPEC:
            case HANDSHAKE:
                this.type = contentType;
                return;
            default:
                throw new IllegalArgumentException("Not supported content type: " + contentType);
        }
    }

    public String toString() {
        StringBuilder sb = new StringBuilder();
        sb.append("==[ DTLS Record ]==============================================");
        sb.append(StringUtil.lineSeparator()).append("Content Type: ").append(this.type.toString());
        sb.append(StringUtil.lineSeparator()).append("Peer address: ").append(getPeerAddress());
        sb.append(StringUtil.lineSeparator()).append("Version: ").append(this.version.getMajor()).append(", ").append(this.version.getMinor());
        sb.append(StringUtil.lineSeparator()).append("Epoch: ").append(this.epoch);
        sb.append(StringUtil.lineSeparator()).append("Sequence Number: ").append(this.sequenceNumber);
        if (this.connectionId != null) {
            sb.append(StringUtil.lineSeparator()).append("connection id: ").append(this.connectionId.getAsString());
        }
        sb.append(StringUtil.lineSeparator()).append("Length: ").append(this.fragmentBytes.length);
        sb.append(StringUtil.lineSeparator()).append("Fragment:");
        if (this.fragment != null) {
            sb.append(StringUtil.lineSeparator()).append(this.fragment);
        } else {
            sb.append(StringUtil.lineSeparator()).append("fragment is not decrypted yet");
        }
        sb.append(StringUtil.lineSeparator()).append("===============================================================");
        return sb.toString();
    }
}
