package org.eclipse.californium.scandium.dtls;

import java.net.InetSocketAddress;
import java.security.Principal;
import java.util.Arrays;
import java.util.HashMap;
import java.util.Map;
import org.eclipse.californium.elements.DtlsEndpointContext;
import org.eclipse.californium.elements.util.StringUtil;
import org.eclipse.californium.scandium.dtls.cipher.CipherSuite;
import org.eclipse.californium.scandium.util.ServerName;
import org.eclipse.californium.scandium.util.ServerNames;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/eclipse/californium/scandium/dtls/DTLSSession.class */
public final class DTLSSession {
    public static final int HEADER_LENGTH = 89;
    private static final Logger LOGGER = LoggerFactory.getLogger(DTLSSession.class.getName());
    private static final long RECEIVE_WINDOW_SIZE = 64;
    private static final long MAX_SEQUENCE_NO = 281474976710655L;
    private static final int MAX_FRAGMENT_LENGTH_DEFAULT = 16384;
    private static final int MAX_TRANSMISSION_UNIT_DEFAULT = 1400;
    private static final int MASTER_SECRET_LENGTH = 48;
    private InetSocketAddress peer;
    private SessionId sessionIdentifier;
    private Principal peerIdentity;
    private int maxFragmentLength;
    private int maxTransmissionUnit;
    private CipherSuite cipherSuite;
    private CompressionMethod compressionMethod;
    private byte[] masterSecret;
    private ConnectionId writeConnectionId;
    private DTLSConnectionState readState;
    private DTLSConnectionState writeState;
    private int readEpoch;
    private int writeEpoch;
    private Map<Integer, Long> sequenceNumbers;
    private CertificateType sendCertificateType;
    private CertificateType receiveCertificateType;
    private boolean parameterAvailable;
    private volatile long receiveWindowUpperBoundary;
    private volatile long receiveWindowLowerBoundary;
    private volatile long receivedRecordsVector;
    private long creationTime;
    private String virtualHost;
    private ServerNames serverNames;
    private boolean peerSupportsSni;
    private final String handshakeTimeTag;

    public DTLSSession(InetSocketAddress inetSocketAddress) {
        this(inetSocketAddress, 0L, System.currentTimeMillis());
    }

    public DTLSSession(SessionId sessionId, InetSocketAddress inetSocketAddress, SessionTicket sessionTicket, long j) {
        this(inetSocketAddress, j, sessionTicket.getTimestamp());
        this.sessionIdentifier = sessionId;
        this.masterSecret = sessionTicket.getMasterSecret();
        this.peerIdentity = sessionTicket.getClientIdentity();
        this.cipherSuite = sessionTicket.getCipherSuite();
        this.serverNames = sessionTicket.getServerNames();
        this.compressionMethod = sessionTicket.getCompressionMethod();
    }

    public DTLSSession(InetSocketAddress inetSocketAddress, long j) {
        this(inetSocketAddress, j, System.currentTimeMillis());
    }

    public DTLSSession(InetSocketAddress inetSocketAddress, long j, long j2) {
        this.maxFragmentLength = MAX_FRAGMENT_LENGTH_DEFAULT;
        this.maxTransmissionUnit = MAX_TRANSMISSION_UNIT_DEFAULT;
        this.cipherSuite = CipherSuite.TLS_NULL_WITH_NULL_NULL;
        this.compressionMethod = CompressionMethod.NULL;
        this.masterSecret = null;
        this.writeConnectionId = null;
        this.readState = new DTLSConnectionState();
        this.writeState = new DTLSConnectionState();
        this.readEpoch = 0;
        this.writeEpoch = 0;
        this.sequenceNumbers = new HashMap();
        this.sendCertificateType = CertificateType.X_509;
        this.receiveCertificateType = CertificateType.X_509;
        this.parameterAvailable = false;
        this.receiveWindowUpperBoundary = 63L;
        this.receiveWindowLowerBoundary = 0L;
        this.receivedRecordsVector = 0L;
        if (inetSocketAddress == null) {
            throw new NullPointerException("Peer address must not be null");
        }
        if (j < 0 || j > MAX_SEQUENCE_NO) {
            throw new IllegalArgumentException("Initial sequence number must be greater than 0 and less than 2^48");
        }
        this.creationTime = j2;
        this.handshakeTimeTag = Long.toString(System.currentTimeMillis());
        this.peer = inetSocketAddress;
        this.sequenceNumbers.put(0, Long.valueOf(j));
    }

    public SessionId getSessionIdentifier() {
        return this.sessionIdentifier;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void setSessionIdentifier(SessionId sessionId) {
        if (sessionId == null) {
            throw new NullPointerException("session identifier must not be null!");
        }
        if (sessionId.equals(this.sessionIdentifier)) {
            return;
        }
        this.masterSecret = null;
        this.sessionIdentifier = sessionId;
    }

    public ConnectionId getWriteConnectionId() {
        return this.writeConnectionId;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void setWriteConnectionId(ConnectionId connectionId) {
        this.writeConnectionId = connectionId;
    }

    public long getCreationTime() {
        return this.creationTime;
    }

    public String getLastHandshakeTime() {
        return this.handshakeTimeTag;
    }

    public String getVirtualHost() {
        return this.virtualHost;
    }

    public void setVirtualHost(String str) {
        this.serverNames = null;
        this.virtualHost = str;
        if (str != null) {
            this.serverNames = ServerNames.newInstance(ServerName.from(ServerName.NameType.HOST_NAME, str.getBytes(ServerName.CHARSET)));
        }
    }

    public ServerNames getServerNames() {
        return this.serverNames;
    }

    public void setServerNames(ServerNames serverNames) {
        ServerName serverName;
        this.virtualHost = null;
        this.serverNames = serverNames;
        if (serverNames == null || (serverName = serverNames.getServerName(ServerName.NameType.HOST_NAME)) == null) {
            return;
        }
        this.virtualHost = serverName.getNameAsString();
    }

    public boolean isSniSupported() {
        return this.peerSupportsSni;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void setSniSupported(boolean z) {
        this.peerSupportsSni = z;
    }

    public DtlsEndpointContext getConnectionWriteContext() {
        return new DtlsEndpointContext(this.peer, this.virtualHost, this.peerIdentity, this.sessionIdentifier.isEmpty() ? "TIME:" + Long.toString(this.creationTime) : this.sessionIdentifier.toString(), Integer.toString(this.writeEpoch), this.cipherSuite.name(), this.handshakeTimeTag);
    }

    public DtlsEndpointContext getConnectionReadContext() {
        return new DtlsEndpointContext(this.peer, this.virtualHost, this.peerIdentity, this.sessionIdentifier.isEmpty() ? "TIME:" + Long.toString(this.creationTime) : this.sessionIdentifier.toString(), Integer.toString(this.readEpoch), this.cipherSuite.name(), this.handshakeTimeTag);
    }

    public CipherSuite getCipherSuite() {
        return this.cipherSuite;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void setCipherSuite(CipherSuite cipherSuite) {
        if (cipherSuite == null || CipherSuite.TLS_NULL_WITH_NULL_NULL == cipherSuite) {
            throw new IllegalArgumentException("Negotiated cipher suite must not be null");
        }
        this.cipherSuite = cipherSuite;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public CompressionMethod getCompressionMethod() {
        return this.compressionMethod;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void setCompressionMethod(CompressionMethod compressionMethod) {
        this.compressionMethod = compressionMethod;
    }

    public int getWriteEpoch() {
        return this.writeEpoch;
    }

    void setWriteEpoch(int i) {
        if (i < 0) {
            throw new IllegalArgumentException("Write epoch must not be negative");
        }
        this.writeEpoch = i;
    }

    public int getReadEpoch() {
        return this.readEpoch;
    }

    void setReadEpoch(int i) {
        if (i < 0) {
            throw new IllegalArgumentException("Read epoch must not be negative");
        }
        resetReceiveWindow();
        this.readEpoch = i;
    }

    private void incrementReadEpoch() {
        resetReceiveWindow();
        this.readEpoch++;
    }

    private void incrementWriteEpoch() {
        this.writeEpoch++;
        this.sequenceNumbers.put(Integer.valueOf(this.writeEpoch), 0L);
    }

    public long getSequenceNumber() {
        return getSequenceNumber(this.writeEpoch);
    }

    public long getSequenceNumber(int i) {
        long longValue = this.sequenceNumbers.get(Integer.valueOf(i)).longValue();
        if (longValue >= MAX_SEQUENCE_NO) {
            throw new IllegalStateException("Maximum sequence number for epoch has been reached");
        }
        this.sequenceNumbers.put(Integer.valueOf(i), Long.valueOf(longValue + 1));
        return longValue;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public DTLSConnectionState getReadState() {
        return this.readState;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void setReadState(DTLSConnectionState dTLSConnectionState) {
        if (dTLSConnectionState == null) {
            throw new NullPointerException("Read state must not be null");
        }
        this.readState = dTLSConnectionState;
        incrementReadEpoch();
        LOGGER.trace("Setting current read state to{}{}", StringUtil.lineSeparator(), dTLSConnectionState);
    }

    public String getReadStateCipher() {
        return this.readState.getCipherSuite().name();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public DTLSConnectionState getWriteState() {
        return this.writeState;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void setWriteState(DTLSConnectionState dTLSConnectionState) {
        if (dTLSConnectionState == null) {
            throw new NullPointerException("Write state must not be null");
        }
        this.writeState = dTLSConnectionState;
        incrementWriteEpoch();
        determineMaxFragmentLength(this.maxFragmentLength);
        LOGGER.trace("Setting current write state to{}{}", StringUtil.lineSeparator(), dTLSConnectionState);
    }

    public String getWriteStateCipher() {
        return this.writeState.getCipherSuite().name();
    }

    public void setParameterAvailable() {
        this.parameterAvailable = true;
    }

    public HandshakeParameter getParameter() {
        if (this.parameterAvailable) {
            return new HandshakeParameter(this.cipherSuite.getKeyExchange(), this.receiveCertificateType);
        }
        return null;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public final CipherSuite.KeyExchangeAlgorithm getKeyExchange() {
        if (this.cipherSuite == null) {
            throw new IllegalStateException("Cipher suite has not been set (yet)");
        }
        return this.cipherSuite.getKeyExchange();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public byte[] getMasterSecret() {
        return this.masterSecret;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void setMasterSecret(byte[] bArr) {
        if (this.masterSecret != null) {
            throw new IllegalStateException("master secret already available!");
        }
        if (bArr == null) {
            throw new NullPointerException("Master secret must not be null");
        }
        if (bArr.length != 48) {
            throw new IllegalArgumentException(String.format("Master secret must consist of of exactly %d bytes but has %d bytes", 48, Integer.valueOf(bArr.length)));
        }
        this.masterSecret = Arrays.copyOf(bArr, bArr.length);
        this.creationTime = System.currentTimeMillis();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void setMaxFragmentLength(int i) {
        if (i < 0 || i > MAX_FRAGMENT_LENGTH_DEFAULT) {
            throw new IllegalArgumentException("Max. fragment length must be > 0 and < 16384");
        }
        determineMaxFragmentLength(i);
    }

    public int getMaxDatagramSize() {
        return this.maxFragmentLength + this.writeState.getMaxCiphertextExpansion() + 89;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void setMaxTransmissionUnit(int i) {
        if (i < 60) {
            throw new IllegalArgumentException("MTU must be at least 60 bytes");
        }
        LOGGER.debug("Setting MTU for peer [{}] to {} bytes", this.peer, Integer.valueOf(i));
        this.maxTransmissionUnit = i;
        determineMaxFragmentLength(i);
    }

    private void determineMaxFragmentLength(int i) {
        if (i + this.writeState.getMaxCiphertextExpansion() + 89 <= this.maxTransmissionUnit) {
            this.maxFragmentLength = i;
        } else {
            this.maxFragmentLength = (this.maxTransmissionUnit - 89) - this.writeState.getMaxCiphertextExpansion();
        }
        LOGGER.debug("Setting maximum fragment length for peer [{}] to {} bytes", this.peer, Integer.valueOf(this.maxFragmentLength));
    }

    public int getMaxFragmentLength() {
        return this.maxFragmentLength;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public CertificateType sendCertificateType() {
        return this.sendCertificateType;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void setSendCertificateType(CertificateType certificateType) {
        this.sendCertificateType = certificateType;
    }

    CertificateType receiveCertificateType() {
        return this.receiveCertificateType;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void setReceiveCertificateType(CertificateType certificateType) {
        this.receiveCertificateType = certificateType;
    }

    public InetSocketAddress getPeer() {
        return this.peer;
    }

    public void setPeer(InetSocketAddress inetSocketAddress) {
        this.peer = inetSocketAddress;
    }

    public Principal getPeerIdentity() {
        return this.peerIdentity;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void setPeerIdentity(Principal principal) {
        if (principal == null) {
            throw new NullPointerException("Peer identity must not be null");
        }
        this.peerIdentity = principal;
    }

    public boolean isRecordProcessable(long j, long j2, boolean z) {
        if (j >= getReadEpoch() && j <= getReadEpoch()) {
            return j2 < this.receiveWindowLowerBoundary ? z : !isDuplicate(j2);
        }
        return false;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public boolean isDuplicate(long j) {
        if (j > this.receiveWindowUpperBoundary) {
            return false;
        }
        long j2 = 1 << ((int) (j - this.receiveWindowLowerBoundary));
        if (LOGGER.isDebugEnabled()) {
            LOGGER.debug("Checking sequence no [{}] using bit mask [{}] against received records [{}] with lower boundary [{}]", new Object[]{Long.valueOf(j), Long.toBinaryString(j2), Long.toBinaryString(this.receivedRecordsVector), Long.valueOf(this.receiveWindowLowerBoundary)});
        }
        return (this.receivedRecordsVector & j2) == j2;
    }

    public void markRecordAsRead(long j, long j2) {
        if (j == getReadEpoch()) {
            if (j2 > this.receiveWindowUpperBoundary) {
                long j3 = j2 - this.receiveWindowUpperBoundary;
                this.receiveWindowUpperBoundary = j2;
                this.receivedRecordsVector >>>= (int) j3;
                this.receiveWindowLowerBoundary = Math.max(0L, (this.receiveWindowUpperBoundary - RECEIVE_WINDOW_SIZE) + 1);
            }
            this.receivedRecordsVector |= 1 << ((int) (j2 - this.receiveWindowLowerBoundary));
            LOGGER.debug("Updated receive window with sequence number [{}]: new upper boundary [{}], new bit vector [{}]", new Object[]{Long.valueOf(j2), Long.valueOf(this.receiveWindowUpperBoundary), Long.toBinaryString(this.receivedRecordsVector)});
        }
    }

    private void resetReceiveWindow() {
        this.receivedRecordsVector = 0L;
        this.receiveWindowUpperBoundary = 63L;
        this.receiveWindowLowerBoundary = 0L;
    }

    public SessionTicket getSessionTicket() {
        if (getWriteState().hasValidCipherSuite()) {
            return new SessionTicket(new ProtocolVersion(), getWriteState().getCipherSuite(), getWriteState().getCompressionMethod(), getMasterSecret(), getServerNames(), getPeerIdentity(), this.creationTime);
        }
        throw new IllegalStateException("session has no valid crypto params, not fully negotiated yet?");
    }
}
