package org.eclipse.californium.scandium.dtls;

import java.net.InetSocketAddress;
import java.security.GeneralSecurityException;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.List;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.crypto.Cipher;
import javax.crypto.Mac;
import javax.crypto.spec.IvParameterSpec;
import org.eclipse.californium.elements.util.DatagramReader;
import org.eclipse.californium.elements.util.DatagramWriter;
import org.eclipse.californium.scandium.dtls.cipher.CCMBlockCipher;
import org.eclipse.californium.scandium.dtls.cipher.CipherSuite;
import org.eclipse.californium.scandium.dtls.cipher.InvalidMacException;
import org.eclipse.californium.scandium.util.Base64;
import org.eclipse.californium.scandium.util.ByteArrayUtils;

/* loaded from: input_file:org/eclipse/californium/scandium/dtls/Record.class */
public class Record {
    private static final Logger LOGGER = Logger.getLogger(Record.class.getCanonicalName());
    public static final int CONTENT_TYPE_BITS = 8;
    public static final int VERSION_BITS = 8;
    public static final int EPOCH_BITS = 16;
    public static final int SEQUENCE_NUMBER_BITS = 48;
    public static final int LENGTH_BITS = 16;
    public static final int RECORD_HEADER_BITS = 104;
    private static final long MAX_SEQUENCE_NO = 281474976710655L;
    private ContentType type;
    private ProtocolVersion version;
    private int epoch;
    private long sequenceNumber;
    private int length;
    private DTLSMessage fragment;
    private byte[] fragmentBytes;
    private DTLSSession session;
    private InetSocketAddress peerAddress;

    /* JADX INFO: Access modifiers changed from: package-private */
    /* renamed from: org.eclipse.californium.scandium.dtls.Record$1, reason: invalid class name */
    /* loaded from: input_file:org/eclipse/californium/scandium/dtls/Record$1.class */
    public static /* synthetic */ class AnonymousClass1 {
        static final /* synthetic */ int[] $SwitchMap$org$eclipse$californium$scandium$dtls$cipher$CipherSuite$CipherType;
        static final /* synthetic */ int[] $SwitchMap$org$eclipse$californium$scandium$dtls$ContentType = new int[ContentType.values().length];

        static {
            try {
                $SwitchMap$org$eclipse$californium$scandium$dtls$ContentType[ContentType.ALERT.ordinal()] = 1;
            } catch (NoSuchFieldError e) {
            }
            try {
                $SwitchMap$org$eclipse$californium$scandium$dtls$ContentType[ContentType.APPLICATION_DATA.ordinal()] = 2;
            } catch (NoSuchFieldError e2) {
            }
            try {
                $SwitchMap$org$eclipse$californium$scandium$dtls$ContentType[ContentType.CHANGE_CIPHER_SPEC.ordinal()] = 3;
            } catch (NoSuchFieldError e3) {
            }
            try {
                $SwitchMap$org$eclipse$californium$scandium$dtls$ContentType[ContentType.HANDSHAKE.ordinal()] = 4;
            } catch (NoSuchFieldError e4) {
            }
            $SwitchMap$org$eclipse$californium$scandium$dtls$cipher$CipherSuite$CipherType = new int[CipherSuite.CipherType.values().length];
            try {
                $SwitchMap$org$eclipse$californium$scandium$dtls$cipher$CipherSuite$CipherType[CipherSuite.CipherType.NULL.ordinal()] = 1;
            } catch (NoSuchFieldError e5) {
            }
            try {
                $SwitchMap$org$eclipse$californium$scandium$dtls$cipher$CipherSuite$CipherType[CipherSuite.CipherType.AEAD.ordinal()] = 2;
            } catch (NoSuchFieldError e6) {
            }
            try {
                $SwitchMap$org$eclipse$californium$scandium$dtls$cipher$CipherSuite$CipherType[CipherSuite.CipherType.BLOCK.ordinal()] = 3;
            } catch (NoSuchFieldError e7) {
            }
            try {
                $SwitchMap$org$eclipse$californium$scandium$dtls$cipher$CipherSuite$CipherType[CipherSuite.CipherType.STREAM.ordinal()] = 4;
            } catch (NoSuchFieldError e8) {
            }
        }
    }

    Record(ContentType contentType, ProtocolVersion protocolVersion, int i, long j, byte[] bArr, InetSocketAddress inetSocketAddress) {
        this(contentType, i, j);
        this.version = protocolVersion;
        this.fragmentBytes = Arrays.copyOf(bArr, bArr.length);
        this.length = bArr.length;
        this.peerAddress = inetSocketAddress;
    }

    public Record(ContentType contentType, int i, long j, DTLSMessage dTLSMessage, DTLSSession dTLSSession) throws GeneralSecurityException {
        this(contentType, i, j);
        if (dTLSSession == null) {
            throw new NullPointerException("Session must not be null");
        }
        this.fragment = dTLSMessage;
        this.session = dTLSSession;
        setFragment(dTLSMessage);
    }

    public Record(ContentType contentType, int i, long j, DTLSMessage dTLSMessage, InetSocketAddress inetSocketAddress) {
        this(contentType, i, j);
        this.peerAddress = inetSocketAddress;
        try {
            setFragment(dTLSMessage);
        } catch (GeneralSecurityException e) {
            LOGGER.log(Level.WARNING, "Unexpected attempt to encrypt outbound record payload", (Throwable) e);
        }
    }

    private Record(ContentType contentType, int i, long j) {
        this.type = null;
        this.version = new ProtocolVersion();
        this.epoch = -1;
        this.length = 0;
        this.fragment = null;
        this.fragmentBytes = null;
        if (j > MAX_SEQUENCE_NO) {
            throw new IllegalArgumentException("Sequence number must be 48 bits only");
        }
        this.type = contentType;
        this.epoch = i;
        this.sequenceNumber = j;
    }

    public synchronized byte[] toByteArray() {
        DatagramWriter datagramWriter = new DatagramWriter();
        datagramWriter.write(this.type.getCode(), 8);
        datagramWriter.write(this.version.getMajor(), 8);
        datagramWriter.write(this.version.getMinor(), 8);
        datagramWriter.write(this.epoch, 16);
        datagramWriter.writeLong(this.sequenceNumber, 48);
        this.length = this.fragmentBytes.length;
        datagramWriter.write(this.length, 16);
        datagramWriter.writeBytes(this.fragmentBytes);
        return datagramWriter.toByteArray();
    }

    public static List<Record> fromByteArray(byte[] bArr, InetSocketAddress inetSocketAddress) {
        if (bArr == null) {
            throw new NullPointerException("Byte array must not be null");
        }
        if (inetSocketAddress == null) {
            throw new NullPointerException("Peer address must not be null");
        }
        ArrayList arrayList = new ArrayList();
        DatagramReader datagramReader = new DatagramReader(bArr);
        while (datagramReader.bytesAvailable()) {
            if (datagramReader.bitsLeft() < 104) {
                LOGGER.log(Level.FINE, "Received truncated DTLS record(s). Discarding ...");
                return arrayList;
            }
            int read = datagramReader.read(8);
            ProtocolVersion protocolVersion = new ProtocolVersion(datagramReader.read(8), datagramReader.read(8));
            int read2 = datagramReader.read(16);
            long readLong = datagramReader.readLong(48);
            int read3 = datagramReader.read(16);
            if (datagramReader.bitsLeft() < read3) {
                LOGGER.log(Level.FINE, "Received truncated DTLS record(s). Discarding ...");
                return arrayList;
            }
            byte[] readBytes = datagramReader.readBytes(read3);
            ContentType typeByValue = ContentType.getTypeByValue(read);
            if (typeByValue == null) {
                LOGGER.log(Level.FINE, "Received DTLS record of unsupported type [{0}]. Discarding ...", Integer.valueOf(read));
            } else {
                arrayList.add(new Record(typeByValue, protocolVersion, read2, readLong, readBytes, inetSocketAddress));
            }
        }
        return arrayList;
    }

    private byte[] encryptFragment(byte[] bArr) throws GeneralSecurityException {
        if (this.session == null) {
            return bArr;
        }
        byte[] bArr2 = bArr;
        CipherSuite cipherSuite = this.session.getWriteState().getCipherSuite();
        LOGGER.log(Level.FINEST, "Encrypting record fragment using current write state\n{0}", this.session.getWriteState());
        switch (AnonymousClass1.$SwitchMap$org$eclipse$californium$scandium$dtls$cipher$CipherSuite$CipherType[cipherSuite.getCipherType().ordinal()]) {
            case Base64.GZIP /* 2 */:
                bArr2 = encryptAEAD(bArr);
                break;
            case 3:
                bArr2 = encryptBlockCipher(bArr);
                break;
        }
        return bArr2;
    }

    private byte[] decryptFragment(byte[] bArr, DTLSConnectionState dTLSConnectionState) throws GeneralSecurityException {
        if (dTLSConnectionState == null) {
            return bArr;
        }
        byte[] bArr2 = bArr;
        CipherSuite cipherSuite = dTLSConnectionState.getCipherSuite();
        LOGGER.log(Level.FINEST, "Decrypting record fragment using current read state\n{0}", dTLSConnectionState);
        switch (AnonymousClass1.$SwitchMap$org$eclipse$californium$scandium$dtls$cipher$CipherSuite$CipherType[cipherSuite.getCipherType().ordinal()]) {
            case Base64.GZIP /* 2 */:
                bArr2 = decryptAEAD(bArr, dTLSConnectionState);
                break;
            case 3:
                bArr2 = decryptBlockCipher(bArr, dTLSConnectionState);
                break;
        }
        return bArr2;
    }

    protected final byte[] encryptBlockCipher(byte[] bArr) throws GeneralSecurityException {
        if (this.session == null) {
            throw new IllegalStateException("DTLS session must be set on record");
        }
        if (bArr == null) {
            throw new NullPointerException("Compressed fragment must not be null");
        }
        DatagramWriter datagramWriter = new DatagramWriter();
        datagramWriter.writeBytes(bArr);
        datagramWriter.writeBytes(getBlockCipherMac(this.session.getWriteState(), bArr));
        int length = bArr.length + this.session.getWriteState().getCipherSuite().getMacLength() + 1;
        int recordIvLength = this.session.getWriteState().getRecordIvLength();
        while (true) {
            int i = recordIvLength;
            if (i > length) {
                int i2 = i % length;
                byte[] bArr2 = new byte[i2 + 1];
                Arrays.fill(bArr2, (byte) i2);
                datagramWriter.writeBytes(bArr2);
                Cipher cipher = Cipher.getInstance(this.session.getWriteState().getCipherSuite().getTransformation());
                cipher.init(1, this.session.getWriteState().getEncryptionKey());
                DatagramWriter datagramWriter2 = new DatagramWriter();
                datagramWriter2.writeBytes(cipher.getIV());
                datagramWriter2.writeBytes(cipher.doFinal(datagramWriter.toByteArray()));
                return datagramWriter2.toByteArray();
            }
            recordIvLength = i + this.session.getWriteState().getRecordIvLength();
        }
    }

    protected final byte[] decryptBlockCipher(byte[] bArr, DTLSConnectionState dTLSConnectionState) throws GeneralSecurityException {
        if (dTLSConnectionState == null) {
            throw new NullPointerException("Current read state must not be null");
        }
        if (bArr == null) {
            throw new NullPointerException("Ciphertext must not be null");
        }
        DatagramReader datagramReader = new DatagramReader(bArr);
        byte[] readBytes = datagramReader.readBytes(dTLSConnectionState.getRecordIvLength());
        Cipher cipher = Cipher.getInstance(dTLSConnectionState.getCipherSuite().getTransformation());
        cipher.init(2, dTLSConnectionState.getEncryptionKey(), new IvParameterSpec(readBytes));
        byte[] doFinal = cipher.doFinal(datagramReader.readBytesLeft());
        int length = ((doFinal.length - 1) - doFinal[doFinal.length - 1]) - dTLSConnectionState.getCipherSuite().getMacLength();
        DatagramReader datagramReader2 = new DatagramReader(doFinal);
        byte[] readBytes2 = datagramReader2.readBytes(length);
        byte[] readBytes3 = datagramReader2.readBytes(dTLSConnectionState.getCipherSuite().getMacLength());
        byte[] blockCipherMac = getBlockCipherMac(dTLSConnectionState, readBytes2);
        if (Arrays.equals(readBytes3, blockCipherMac)) {
            return readBytes2;
        }
        throw new InvalidMacException(blockCipherMac, readBytes3);
    }

    private byte[] getBlockCipherMac(DTLSConnectionState dTLSConnectionState, byte[] bArr) throws GeneralSecurityException {
        Mac mac = Mac.getInstance(dTLSConnectionState.getCipherSuite().getMacName());
        mac.init(dTLSConnectionState.getMacKey());
        DatagramWriter datagramWriter = new DatagramWriter();
        datagramWriter.writeBytes(generateAdditionalData(bArr.length));
        datagramWriter.writeBytes(bArr);
        return mac.doFinal(datagramWriter.toByteArray());
    }

    protected byte[] encryptAEAD(byte[] bArr) throws GeneralSecurityException {
        return ByteArrayUtils.concatenate(generateExplicitNonce(), CCMBlockCipher.encrypt(this.session.getWriteState().getEncryptionKey().getEncoded(), generateNonce(this.session.getWriteState().getIv().getIV()), generateAdditionalData(bArr.length), bArr, 8));
    }

    protected byte[] decryptAEAD(byte[] bArr, DTLSConnectionState dTLSConnectionState) throws GeneralSecurityException {
        if (dTLSConnectionState == null) {
            throw new NullPointerException("Current read state must not be null");
        }
        if (bArr == null) {
            throw new NullPointerException("Ciphertext must not be null");
        }
        byte[] iv = dTLSConnectionState.getIv().getIV();
        byte[] encoded = dTLSConnectionState.getEncryptionKey().getEncoded();
        byte[] generateAdditionalData = generateAdditionalData(bArr.length - 16);
        DatagramReader datagramReader = new DatagramReader(bArr);
        byte[] generateExplicitNonce = generateExplicitNonce();
        byte[] readBytes = datagramReader.readBytes(8);
        if (!Arrays.equals(generateExplicitNonce, readBytes) && LOGGER.isLoggable(Level.FINE)) {
            StringBuilder sb = new StringBuilder("The explicit nonce used by the sender does not match the values provided in the DTLS record");
            sb.append(System.lineSeparator()).append("Used    : ").append(ByteArrayUtils.toHexString(readBytes));
            sb.append(System.lineSeparator()).append("Expected: ").append(ByteArrayUtils.toHexString(generateExplicitNonce));
            LOGGER.log(Level.FINE, sb.toString());
        }
        return CCMBlockCipher.decrypt(encoded, getNonce(iv, readBytes), generateAdditionalData, datagramReader.readBytesLeft(), 8);
    }

    private byte[] generateNonce(byte[] bArr) {
        return getNonce(bArr, generateExplicitNonce());
    }

    private byte[] getNonce(byte[] bArr, byte[] bArr2) {
        DatagramWriter datagramWriter = new DatagramWriter();
        datagramWriter.writeBytes(bArr);
        datagramWriter.writeBytes(bArr2);
        return datagramWriter.toByteArray();
    }

    private byte[] generateExplicitNonce() {
        DatagramWriter datagramWriter = new DatagramWriter();
        datagramWriter.write(this.epoch, 16);
        datagramWriter.writeLong(this.sequenceNumber, 48);
        return datagramWriter.toByteArray();
    }

    private byte[] generateAdditionalData(int i) {
        DatagramWriter datagramWriter = new DatagramWriter();
        datagramWriter.write(this.epoch, 16);
        datagramWriter.writeLong(this.sequenceNumber, 48);
        datagramWriter.write(this.type.getCode(), 8);
        datagramWriter.write(this.version.getMajor(), 8);
        datagramWriter.write(this.version.getMinor(), 8);
        datagramWriter.write(i, 16);
        return datagramWriter.toByteArray();
    }

    public boolean isNewClientHello() {
        return 0 >= this.epoch && this.type == ContentType.HANDSHAKE && null != this.fragmentBytes && 0 != this.fragmentBytes.length && HandshakeType.getTypeByCode(this.fragmentBytes[0]) == HandshakeType.CLIENT_HELLO;
    }

    public ContentType getType() {
        return this.type;
    }

    public ProtocolVersion getVersion() {
        return this.version;
    }

    public int getEpoch() {
        return this.epoch;
    }

    public long getSequenceNumber() {
        return this.sequenceNumber;
    }

    public synchronized void setSequenceNumber(long j) throws GeneralSecurityException {
        if (j > MAX_SEQUENCE_NO) {
            throw new IllegalArgumentException("Sequence number must have max 48 bits");
        }
        this.sequenceNumber = j;
        if (this.session == null || this.session.getWriteState() == null || this.epoch <= 0) {
            return;
        }
        this.fragmentBytes = encryptFragment(this.fragment.toByteArray());
    }

    public int getLength() {
        return this.length;
    }

    public synchronized void setSession(DTLSSession dTLSSession) {
        this.session = dTLSSession;
        if (dTLSSession != null) {
            this.peerAddress = null;
        }
    }

    public InetSocketAddress getPeerAddress() {
        if (this.session != null) {
            return this.session.getPeer();
        }
        if (this.peerAddress != null) {
            return this.peerAddress;
        }
        throw new IllegalStateException("Record does not have a peer address");
    }

    public DTLSMessage getFragment() throws GeneralSecurityException, HandshakeException {
        return this.session != null ? getFragment(this.session.getReadState()) : getFragment(null);
    }

    public DTLSMessage getFragment(DTLSConnectionState dTLSConnectionState) throws GeneralSecurityException, HandshakeException {
        if (this.fragment == null) {
            switch (AnonymousClass1.$SwitchMap$org$eclipse$californium$scandium$dtls$ContentType[this.type.ordinal()]) {
                case Base64.ENCODE /* 1 */:
                    this.fragment = decryptAlert(dTLSConnectionState);
                    break;
                case Base64.GZIP /* 2 */:
                    this.fragment = decryptApplicationMessage(dTLSConnectionState);
                    break;
                case 3:
                    this.fragment = decryptChangeCipherSpec(dTLSConnectionState);
                    break;
                case Base64.DONT_GUNZIP /* 4 */:
                    this.fragment = decryptHandshakeMessage(dTLSConnectionState);
                    break;
                default:
                    LOGGER.log(Level.WARNING, "Cannot decrypt message of unsupported type [{0}]", this.type);
                    break;
            }
        }
        return this.fragment;
    }

    private DTLSMessage decryptAlert(DTLSConnectionState dTLSConnectionState) throws GeneralSecurityException, HandshakeException {
        return AlertMessage.fromByteArray(decryptFragment(this.fragmentBytes, dTLSConnectionState), getPeerAddress());
    }

    private DTLSMessage decryptApplicationMessage(DTLSConnectionState dTLSConnectionState) throws GeneralSecurityException {
        return ApplicationMessage.fromByteArray(decryptFragment(this.fragmentBytes, dTLSConnectionState), getPeerAddress());
    }

    private DTLSMessage decryptChangeCipherSpec(DTLSConnectionState dTLSConnectionState) throws GeneralSecurityException, HandshakeException {
        return ChangeCipherSpecMessage.fromByteArray(decryptFragment(this.fragmentBytes, dTLSConnectionState), getPeerAddress());
    }

    private DTLSMessage decryptHandshakeMessage(DTLSConnectionState dTLSConnectionState) throws GeneralSecurityException, HandshakeException {
        if (LOGGER.isLoggable(Level.FINEST)) {
            LOGGER.log(Level.FINEST, "Decrypting HANDSHAKE message ciphertext\n{0}", ByteArrayUtils.toHexString(this.fragmentBytes));
        }
        byte[] decryptFragment = decryptFragment(this.fragmentBytes, dTLSConnectionState);
        CipherSuite.KeyExchangeAlgorithm keyExchangeAlgorithm = CipherSuite.KeyExchangeAlgorithm.NULL;
        boolean z = false;
        if (this.session != null) {
            keyExchangeAlgorithm = this.session.getKeyExchange();
            z = this.session.receiveRawPublicKey();
        } else {
            LOGGER.log(Level.FINE, "Parsing message without a session");
        }
        if (LOGGER.isLoggable(Level.FINER)) {
            StringBuilder sb = new StringBuilder("Parsing HANDSHAKE message plaintext using KeyExchange [{0}] and receiveRawPublicKey [{1}]");
            Object[] objArr = {keyExchangeAlgorithm, Boolean.valueOf(z), null};
            if (LOGGER.isLoggable(Level.FINEST)) {
                objArr[2] = ByteArrayUtils.toHexString(decryptFragment);
                sb.append(":\n{2}");
            }
            LOGGER.log(Level.FINER, sb.toString(), objArr);
        }
        return HandshakeMessage.fromByteArray(decryptFragment, keyExchangeAlgorithm, z, getPeerAddress());
    }

    public synchronized void setFragment(DTLSMessage dTLSMessage) throws GeneralSecurityException {
        if (this.fragmentBytes == null) {
            byte[] byteArray = dTLSMessage.toByteArray();
            this.length = byteArray.length;
            switch (AnonymousClass1.$SwitchMap$org$eclipse$californium$scandium$dtls$ContentType[this.type.ordinal()]) {
                case Base64.ENCODE /* 1 */:
                case Base64.GZIP /* 2 */:
                case 3:
                case Base64.DONT_GUNZIP /* 4 */:
                    byteArray = encryptFragment(byteArray);
                    break;
                default:
                    LOGGER.severe("Unknown content type: " + this.type.toString());
                    break;
            }
            this.fragmentBytes = byteArray;
        }
        this.fragment = dTLSMessage;
    }

    public String toString() {
        StringBuilder sb = new StringBuilder();
        sb.append("==[ DTLS Record ]==============================================");
        sb.append(System.lineSeparator()).append("Content Type: ").append(this.type.toString());
        sb.append(System.lineSeparator()).append("Peer address: ").append(getPeerAddress());
        sb.append(System.lineSeparator()).append("Version: ").append(this.version.getMajor()).append(", ").append(this.version.getMinor());
        sb.append(System.lineSeparator()).append("Epoch: ").append(this.epoch);
        sb.append(System.lineSeparator()).append("Sequence Number: ").append(this.sequenceNumber);
        sb.append(System.lineSeparator()).append("Length: ").append(this.length);
        sb.append(System.lineSeparator()).append("Fragment:");
        if (this.fragment != null) {
            sb.append(System.lineSeparator()).append(this.fragment);
        } else {
            sb.append(System.lineSeparator()).append("fragment is not decrypted yet");
        }
        sb.append(System.lineSeparator()).append("===============================================================");
        return sb.toString();
    }
}
