package org.eclipse.californium.scandium.dtls;

import java.security.GeneralSecurityException;
import java.security.Principal;
import java.util.Objects;
import javax.crypto.SecretKey;
import javax.security.auth.DestroyFailedException;
import javax.security.auth.Destroyable;
import org.eclipse.californium.elements.DtlsEndpointContext;
import org.eclipse.californium.elements.MapBasedEndpointContext;
import org.eclipse.californium.elements.util.Bytes;
import org.eclipse.californium.elements.util.DatagramReader;
import org.eclipse.californium.elements.util.DatagramWriter;
import org.eclipse.californium.elements.util.SerializationUtil;
import org.eclipse.californium.scandium.auth.PrincipalSerializer;
import org.eclipse.californium.scandium.dtls.cipher.CipherSuite;
import org.eclipse.californium.scandium.dtls.cipher.PseudoRandomFunction;
import org.eclipse.californium.scandium.dtls.cipher.XECDHECryptography;
import org.eclipse.californium.scandium.util.SecretSerializationUtil;
import org.eclipse.californium.scandium.util.SecretUtil;
import org.eclipse.californium.scandium.util.ServerName;
import org.eclipse.californium.scandium.util.ServerNames;

/* loaded from: input_file:org/eclipse/californium/scandium/dtls/DTLSSession.class */
public final class DTLSSession implements Destroyable {
    private static final int MAX_FRAGMENT_LENGTH_DEFAULT = 16384;
    private SessionId sessionIdentifier;
    private ProtocolVersion protocolVersion;
    private Principal peerIdentity;
    private Integer recordSizeLimit;
    private int maxFragmentLength;
    private CipherSuite cipherSuite;
    private SignatureAndHashAlgorithm signatureAndHashAlgorithm;
    private XECDHECryptography.SupportedGroup ecGroup;
    private CompressionMethod compressionMethod;
    private boolean extendedMasterSecret;
    private SecretKey masterSecret;
    private CertificateType sendCertificateType;
    private CertificateType receiveCertificateType;
    private long creationTime;
    private String hostName;
    private ServerNames serverNames;
    private boolean peerSupportsSni;
    private static final int VERSION = 2;

    public DTLSSession() {
        this.sessionIdentifier = SessionId.emptySessionId();
        this.protocolVersion = ProtocolVersion.VERSION_DTLS_1_2;
        this.maxFragmentLength = 16384;
        this.cipherSuite = CipherSuite.TLS_NULL_WITH_NULL_NULL;
        this.compressionMethod = CompressionMethod.NULL;
        this.masterSecret = null;
        this.sendCertificateType = CertificateType.X_509;
        this.receiveCertificateType = CertificateType.X_509;
        this.creationTime = System.currentTimeMillis();
    }

    public DTLSSession(String str) {
        this.sessionIdentifier = SessionId.emptySessionId();
        this.protocolVersion = ProtocolVersion.VERSION_DTLS_1_2;
        this.maxFragmentLength = 16384;
        this.cipherSuite = CipherSuite.TLS_NULL_WITH_NULL_NULL;
        this.compressionMethod = CompressionMethod.NULL;
        this.masterSecret = null;
        this.sendCertificateType = CertificateType.X_509;
        this.receiveCertificateType = CertificateType.X_509;
        this.creationTime = System.currentTimeMillis();
        setHostName(str);
    }

    public DTLSSession(DTLSSession dTLSSession) {
        this.sessionIdentifier = SessionId.emptySessionId();
        this.protocolVersion = ProtocolVersion.VERSION_DTLS_1_2;
        this.maxFragmentLength = 16384;
        this.cipherSuite = CipherSuite.TLS_NULL_WITH_NULL_NULL;
        this.compressionMethod = CompressionMethod.NULL;
        this.masterSecret = null;
        this.sendCertificateType = CertificateType.X_509;
        this.receiveCertificateType = CertificateType.X_509;
        set(dTLSSession);
    }

    public void set(DTLSSession dTLSSession) {
        this.creationTime = dTLSSession.getCreationTime();
        this.sessionIdentifier = dTLSSession.getSessionIdentifier();
        this.protocolVersion = dTLSSession.getProtocolVersion();
        this.masterSecret = dTLSSession.getMasterSecret();
        this.peerIdentity = dTLSSession.getPeerIdentity();
        this.cipherSuite = dTLSSession.getCipherSuite();
        this.compressionMethod = dTLSSession.getCompressionMethod();
        this.signatureAndHashAlgorithm = dTLSSession.getSignatureAndHashAlgorithm();
        this.ecGroup = dTLSSession.getEcGroup();
        this.extendedMasterSecret = dTLSSession.useExtendedMasterSecret();
        this.sendCertificateType = dTLSSession.sendCertificateType();
        this.receiveCertificateType = dTLSSession.receiveCertificateType();
        this.recordSizeLimit = dTLSSession.getRecordSizeLimit();
        this.maxFragmentLength = dTLSSession.getMaxFragmentLength();
        setServerNames(dTLSSession.getServerNames());
    }

    @Override // javax.security.auth.Destroyable
    public void destroy() throws DestroyFailedException {
        SecretUtil.destroy(this.masterSecret);
        this.masterSecret = null;
        this.extendedMasterSecret = false;
        this.cipherSuite = CipherSuite.TLS_NULL_WITH_NULL_NULL;
        this.compressionMethod = CompressionMethod.NULL;
        this.signatureAndHashAlgorithm = null;
        this.ecGroup = null;
        this.peerIdentity = null;
        this.sendCertificateType = CertificateType.X_509;
        this.receiveCertificateType = CertificateType.X_509;
    }

    @Override // javax.security.auth.Destroyable
    public boolean isDestroyed() {
        return SecretUtil.isDestroyed(this.masterSecret);
    }

    public SessionId getSessionIdentifier() {
        return this.sessionIdentifier;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void setSessionIdentifier(SessionId sessionId) {
        if (sessionId == null) {
            throw new NullPointerException("session identifier must not be null!");
        }
        if (sessionId.equals(this.sessionIdentifier) && !sessionId.isEmpty()) {
            throw new IllegalArgumentException("no new session identifier?");
        }
        SecretUtil.destroy(this.masterSecret);
        this.masterSecret = null;
        this.sessionIdentifier = sessionId;
    }

    public ProtocolVersion getProtocolVersion() {
        return this.protocolVersion;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void setProtocolVersion(ProtocolVersion protocolVersion) {
        if (!ProtocolVersion.VERSION_DTLS_1_2.equals(protocolVersion)) {
            throw new IllegalArgumentException(protocolVersion + " is not supported!");
        }
        this.protocolVersion = ProtocolVersion.VERSION_DTLS_1_2;
    }

    public long getCreationTime() {
        return this.creationTime;
    }

    public String getHostName() {
        return this.hostName;
    }

    public void setHostName(String str) {
        this.serverNames = null;
        this.hostName = str;
        if (str != null) {
            this.serverNames = ServerNames.newInstance(ServerName.from(ServerName.NameType.HOST_NAME, str.getBytes(ServerName.CHARSET)));
        }
    }

    public ServerNames getServerNames() {
        return this.serverNames;
    }

    public void setServerNames(ServerNames serverNames) {
        ServerName serverName;
        this.hostName = null;
        this.serverNames = serverNames;
        if (serverNames == null || (serverName = serverNames.getServerName(ServerName.NameType.HOST_NAME)) == null) {
            return;
        }
        this.hostName = serverName.getNameAsString();
    }

    public boolean isSniSupported() {
        return this.peerSupportsSni;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void setSniSupported(boolean z) {
        this.peerSupportsSni = z;
    }

    public void addEndpointContext(MapBasedEndpointContext.Attributes attributes) {
        attributes.add(DtlsEndpointContext.KEY_SESSION_ID, this.sessionIdentifier.isEmpty() ? new Bytes(("TIME:" + Long.toString(this.creationTime)).getBytes()) : this.sessionIdentifier);
        attributes.add(DtlsEndpointContext.KEY_CIPHER, this.cipherSuite.name());
        if (this.extendedMasterSecret) {
            attributes.add(DtlsEndpointContext.KEY_EXTENDED_MASTER_SECRET, Boolean.TRUE);
        }
    }

    public CipherSuite getCipherSuite() {
        return this.cipherSuite;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void setCipherSuite(CipherSuite cipherSuite) {
        if (cipherSuite == null || CipherSuite.TLS_NULL_WITH_NULL_NULL == cipherSuite) {
            throw new IllegalArgumentException("Negotiated cipher suite must not be null");
        }
        this.cipherSuite = cipherSuite;
    }

    public CompressionMethod getCompressionMethod() {
        return this.compressionMethod;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void setCompressionMethod(CompressionMethod compressionMethod) {
        this.compressionMethod = compressionMethod;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public final CipherSuite.KeyExchangeAlgorithm getKeyExchange() {
        if (this.cipherSuite == null) {
            throw new IllegalStateException("Cipher suite has not been set (yet)");
        }
        return this.cipherSuite.getKeyExchange();
    }

    public void setExtendedMasterSecret(boolean z) {
        this.extendedMasterSecret = z;
    }

    public boolean useExtendedMasterSecret() {
        return this.extendedMasterSecret;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public SecretKey getMasterSecret() {
        return SecretUtil.create(this.masterSecret);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void setMasterSecret(SecretKey secretKey) {
        if (this.masterSecret != null) {
            throw new IllegalStateException("master secret already available!");
        }
        if (!this.sessionIdentifier.isEmpty()) {
            if (secretKey == null) {
                throw new NullPointerException("Master secret must not be null");
            }
            byte[] encoded = secretKey.getEncoded();
            Bytes.clear(encoded);
            if (encoded.length != PseudoRandomFunction.Label.MASTER_SECRET_LABEL.length()) {
                throw new IllegalArgumentException(String.format("Master secret must consist of of exactly %d bytes but has %d bytes", Integer.valueOf(PseudoRandomFunction.Label.MASTER_SECRET_LABEL.length()), Integer.valueOf(encoded.length)));
            }
            this.masterSecret = SecretUtil.create(secretKey);
        }
        this.creationTime = System.currentTimeMillis();
    }

    public int getMaxCiphertextExpansion() {
        if (this.cipherSuite == null) {
            throw new IllegalStateException("Missing cipher suite.");
        }
        return this.cipherSuite.getMaxCiphertextExpansion();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void setMaxFragmentLength(int i) {
        if (i < 0 || i > 16384) {
            throw new IllegalArgumentException("Max. fragment length must be in range [0...16384]");
        }
        this.maxFragmentLength = i;
    }

    public int getMaxFragmentLength() {
        return this.maxFragmentLength;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void setRecordSizeLimit(int i) {
        this.recordSizeLimit = Integer.valueOf(RecordSizeLimitExtension.ensureInRange(i));
    }

    public Integer getRecordSizeLimit() {
        return this.recordSizeLimit;
    }

    public int getEffectiveFragmentLimit() {
        return this.recordSizeLimit != null ? this.recordSizeLimit.intValue() : this.maxFragmentLength;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public CertificateType sendCertificateType() {
        return this.sendCertificateType;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void setSendCertificateType(CertificateType certificateType) {
        this.sendCertificateType = certificateType;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public CertificateType receiveCertificateType() {
        return this.receiveCertificateType;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void setReceiveCertificateType(CertificateType certificateType) {
        this.receiveCertificateType = certificateType;
    }

    public SignatureAndHashAlgorithm getSignatureAndHashAlgorithm() {
        return this.signatureAndHashAlgorithm;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void setSignatureAndHashAlgorithm(SignatureAndHashAlgorithm signatureAndHashAlgorithm) {
        this.signatureAndHashAlgorithm = signatureAndHashAlgorithm;
    }

    public XECDHECryptography.SupportedGroup getEcGroup() {
        return this.ecGroup;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void setEcGroup(XECDHECryptography.SupportedGroup supportedGroup) {
        this.ecGroup = supportedGroup;
    }

    public Principal getPeerIdentity() {
        return this.peerIdentity;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void setPeerIdentity(Principal principal) {
        if (principal == null) {
            throw new NullPointerException("Peer identity must not be null");
        }
        this.peerIdentity = principal;
    }

    public int hashCode() {
        return this.sessionIdentifier == null ? (int) this.creationTime : this.sessionIdentifier.hashCode();
    }

    public boolean equals(Object obj) {
        if (this == obj) {
            return true;
        }
        if (obj == null || getClass() != obj.getClass()) {
            return false;
        }
        DTLSSession dTLSSession = (DTLSSession) obj;
        return SecretUtil.equals(this.masterSecret, dTLSSession.masterSecret) && Bytes.equals(this.sessionIdentifier, dTLSSession.sessionIdentifier) && this.cipherSuite == dTLSSession.cipherSuite && this.compressionMethod == dTLSSession.compressionMethod && this.extendedMasterSecret == dTLSSession.extendedMasterSecret && this.peerSupportsSni == dTLSSession.peerSupportsSni && this.sendCertificateType == dTLSSession.sendCertificateType && this.receiveCertificateType == dTLSSession.receiveCertificateType && this.ecGroup == dTLSSession.ecGroup && this.creationTime == dTLSSession.creationTime && Objects.equals(this.signatureAndHashAlgorithm, dTLSSession.signatureAndHashAlgorithm) && Objects.equals(this.serverNames, dTLSSession.serverNames) && Objects.equals(this.recordSizeLimit, dTLSSession.recordSizeLimit) && Objects.equals(this.peerIdentity, dTLSSession.peerIdentity) && Objects.equals(this.protocolVersion, dTLSSession.protocolVersion);
    }

    public void writeTo(DatagramWriter datagramWriter) {
        int writeStartItem = SerializationUtil.writeStartItem(datagramWriter, 2, 16);
        datagramWriter.writeLong(this.creationTime, 64);
        if (this.serverNames == null) {
            datagramWriter.write(0, 8);
        } else {
            datagramWriter.write(1, 8);
            this.serverNames.encode(datagramWriter);
        }
        if (this.recordSizeLimit != null) {
            datagramWriter.write(this.recordSizeLimit.intValue(), 16);
        } else {
            datagramWriter.write(65535, 16);
        }
        datagramWriter.write(this.maxFragmentLength, 16);
        datagramWriter.writeVarBytes(this.sessionIdentifier, 8);
        datagramWriter.write(this.cipherSuite.getCode(), 16);
        datagramWriter.write(this.compressionMethod.getCode(), 8);
        datagramWriter.write(this.sendCertificateType.getCode(), 8);
        datagramWriter.write(this.receiveCertificateType.getCode(), 8);
        datagramWriter.write(this.extendedMasterSecret ? 1 : 0, 8);
        SecretSerializationUtil.write(datagramWriter, this.masterSecret);
        if (this.signatureAndHashAlgorithm == null) {
            datagramWriter.write(0, 8);
        } else {
            datagramWriter.write(1, 8);
            datagramWriter.write(this.signatureAndHashAlgorithm.getHash().getCode(), 8);
            datagramWriter.write(this.signatureAndHashAlgorithm.getSignature().getCode(), 8);
        }
        if (this.ecGroup == null) {
            datagramWriter.write(0, 8);
        } else {
            datagramWriter.write(1, 8);
            datagramWriter.write(this.ecGroup.getId(), 16);
        }
        if (this.peerIdentity == null) {
            datagramWriter.write(0, 8);
        } else {
            datagramWriter.write(1, 8);
            PrincipalSerializer.serialize(this.peerIdentity, datagramWriter);
        }
        SerializationUtil.writeFinishedItem(datagramWriter, writeStartItem, 16);
    }

    public static DTLSSession fromReader(DatagramReader datagramReader) {
        int readStartItem = SerializationUtil.readStartItem(datagramReader, 2, 16);
        if (0 < readStartItem) {
            return new DTLSSession(datagramReader.createRangeReader(readStartItem));
        }
        return null;
    }

    private DTLSSession(DatagramReader datagramReader) {
        this.sessionIdentifier = SessionId.emptySessionId();
        this.protocolVersion = ProtocolVersion.VERSION_DTLS_1_2;
        this.maxFragmentLength = 16384;
        this.cipherSuite = CipherSuite.TLS_NULL_WITH_NULL_NULL;
        this.compressionMethod = CompressionMethod.NULL;
        this.masterSecret = null;
        this.sendCertificateType = CertificateType.X_509;
        this.receiveCertificateType = CertificateType.X_509;
        this.creationTime = datagramReader.readLong(64);
        if (datagramReader.readNextByte() == 1) {
            this.serverNames = ServerNames.newInstance();
            try {
                this.serverNames.decode(datagramReader);
                ServerName serverName = this.serverNames.getServerName(ServerName.NameType.HOST_NAME);
                if (serverName != null) {
                    this.hostName = serverName.getNameAsString();
                }
            } catch (IllegalArgumentException e) {
                this.serverNames = null;
            }
        }
        int read = datagramReader.read(16);
        if (read < 65535) {
            this.recordSizeLimit = Integer.valueOf(read);
        }
        this.maxFragmentLength = datagramReader.read(16);
        byte[] readVarBytes = datagramReader.readVarBytes(8);
        if (readVarBytes != null) {
            this.sessionIdentifier = new SessionId(readVarBytes);
        }
        int read2 = datagramReader.read(16);
        this.cipherSuite = CipherSuite.getTypeByCode(read2);
        if (this.cipherSuite == null) {
            throw new IllegalArgumentException("unknown cipher suite 0x" + Integer.toHexString(read2) + "!");
        }
        int read3 = datagramReader.read(8);
        this.compressionMethod = CompressionMethod.getMethodByCode(read3);
        if (this.compressionMethod == null) {
            throw new IllegalArgumentException("unknown compression method 0x" + Integer.toHexString(read3) + "!");
        }
        int read4 = datagramReader.read(8);
        this.sendCertificateType = CertificateType.getTypeFromCode(read4);
        if (this.sendCertificateType == null) {
            throw new IllegalArgumentException("unknown send certificate type 0x" + Integer.toHexString(read4) + "!");
        }
        int read5 = datagramReader.read(8);
        this.receiveCertificateType = CertificateType.getTypeFromCode(read5);
        if (this.receiveCertificateType == null) {
            throw new IllegalArgumentException("unknown send certificate type 0x" + Integer.toHexString(read5) + "!");
        }
        this.extendedMasterSecret = datagramReader.read(8) == 1;
        this.masterSecret = SecretSerializationUtil.readSecretKey(datagramReader);
        if (datagramReader.readNextByte() == 1) {
            this.signatureAndHashAlgorithm = new SignatureAndHashAlgorithm(datagramReader.read(8), datagramReader.read(8));
        }
        if (datagramReader.readNextByte() == 1) {
            int read6 = datagramReader.read(16);
            this.ecGroup = XECDHECryptography.SupportedGroup.fromId(read6);
            if (this.ecGroup == null) {
                throw new IllegalArgumentException("unknown ec-group 0x" + Integer.toHexString(read6) + "!");
            }
        }
        if (datagramReader.readNextByte() == 1) {
            try {
                this.peerIdentity = PrincipalSerializer.deserialize(datagramReader);
            } catch (GeneralSecurityException e2) {
                throw new IllegalArgumentException("principal failure", e2);
            }
        }
        datagramReader.assertFinished("dtls-session");
    }
}
