package org.eclipse.californium.scandium.dtls;

import java.net.InetSocketAddress;
import java.security.Principal;
import java.util.HashMap;
import java.util.Map;
import javax.crypto.SecretKey;
import javax.security.auth.Destroyable;
import org.eclipse.californium.elements.DtlsEndpointContext;
import org.eclipse.californium.elements.util.Bytes;
import org.eclipse.californium.elements.util.StringUtil;
import org.eclipse.californium.scandium.dtls.cipher.CipherSuite;
import org.eclipse.californium.scandium.util.SecretUtil;
import org.eclipse.californium.scandium.util.ServerName;
import org.eclipse.californium.scandium.util.ServerNames;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: classes.dex */
public final class DTLSSession implements Destroyable {
    private static final Logger LOGGER = LoggerFactory.getLogger(DTLSSession.class.getName());
    private CipherSuite cipherSuite;
    private CompressionMethod compressionMethod;
    private long creationTime;
    private final String handshakeTimeTag;
    private String hostName;
    private SecretKey masterSecret;
    private int maxFragmentLength;
    private int maxTransmissionUnit;
    private boolean parameterAvailable;
    private InetSocketAddress peer;
    private Principal peerIdentity;
    private boolean peerSupportsSni;
    private int readEpoch;
    private DTLSConnectionState readState;
    private CertificateType receiveCertificateType;
    private volatile long receiveWindowLowerBoundary;
    private volatile long receiveWindowUpperCurrent;
    private volatile long receivedRecordsVector;
    private CertificateType sendCertificateType;
    private Map<Integer, Long> sequenceNumbers;
    private ServerNames serverNames;
    private SessionId sessionIdentifier;
    private ConnectionId writeConnectionId;
    private int writeEpoch;
    private DTLSConnectionState writeState;

    public DTLSSession(InetSocketAddress inetSocketAddress) {
        this(inetSocketAddress, 0L, System.currentTimeMillis());
    }

    public DTLSSession(InetSocketAddress inetSocketAddress, long j) {
        this(inetSocketAddress, j, System.currentTimeMillis());
    }

    public DTLSSession(InetSocketAddress inetSocketAddress, long j, long j2) {
        this.maxFragmentLength = 16384;
        this.maxTransmissionUnit = 1400;
        this.cipherSuite = CipherSuite.TLS_NULL_WITH_NULL_NULL;
        this.compressionMethod = CompressionMethod.NULL;
        this.masterSecret = null;
        this.writeConnectionId = null;
        DTLSConnectionState dTLSConnectionState = DTLSConnectionState.NULL;
        this.readState = dTLSConnectionState;
        this.writeState = dTLSConnectionState;
        this.readEpoch = 0;
        this.writeEpoch = 0;
        this.sequenceNumbers = new HashMap();
        CertificateType certificateType = CertificateType.X_509;
        this.sendCertificateType = certificateType;
        this.receiveCertificateType = certificateType;
        this.parameterAvailable = false;
        this.receiveWindowUpperCurrent = -1L;
        this.receiveWindowLowerBoundary = 0L;
        this.receivedRecordsVector = 0L;
        if (inetSocketAddress == null) {
            throw new NullPointerException("Peer address must not be null");
        }
        if (j < 0 || j > 281474976710655L) {
            throw new IllegalArgumentException("Initial sequence number must be greater than 0 and less than 2^48");
        }
        this.creationTime = j2;
        this.handshakeTimeTag = Long.toString(System.currentTimeMillis());
        this.peer = inetSocketAddress;
        this.sequenceNumbers.put(0, Long.valueOf(j));
    }

    public DTLSSession(SessionId sessionId, InetSocketAddress inetSocketAddress, SessionTicket sessionTicket, long j) {
        this(inetSocketAddress, j, sessionTicket.getTimestamp());
        this.sessionIdentifier = sessionId;
        this.masterSecret = SecretUtil.create(sessionTicket.getMasterSecret());
        this.peerIdentity = sessionTicket.getClientIdentity();
        this.cipherSuite = sessionTicket.getCipherSuite();
        this.serverNames = sessionTicket.getServerNames();
        this.compressionMethod = sessionTicket.getCompressionMethod();
    }

    private void determineMaxFragmentLength(int i) {
        int maxCiphertextExpansion = this.writeState.getMaxCiphertextExpansion() + i + 89;
        int i2 = this.maxTransmissionUnit;
        if (maxCiphertextExpansion <= i2) {
            this.maxFragmentLength = i;
        } else {
            this.maxFragmentLength = (i2 - 89) - this.writeState.getMaxCiphertextExpansion();
        }
        LOGGER.debug("Setting maximum fragment length for peer [{}] to {} bytes", this.peer, Integer.valueOf(this.maxFragmentLength));
    }

    private void incrementReadEpoch() {
        resetReceiveWindow();
        this.readEpoch++;
    }

    private void incrementWriteEpoch() {
        this.writeEpoch++;
        this.sequenceNumbers.put(Integer.valueOf(this.writeEpoch), 0L);
    }

    private void resetReceiveWindow() {
        this.receivedRecordsVector = 0L;
        this.receiveWindowUpperCurrent = -1L;
        this.receiveWindowLowerBoundary = 0L;
    }

    @Override // javax.security.auth.Destroyable
    public void destroy() {
        SecretUtil.destroy(this.masterSecret);
        this.masterSecret = null;
        DTLSConnectionState dTLSConnectionState = this.readState;
        if (dTLSConnectionState != DTLSConnectionState.NULL) {
            dTLSConnectionState.destroy();
            this.readState = DTLSConnectionState.NULL;
        }
        DTLSConnectionState dTLSConnectionState2 = this.writeState;
        if (dTLSConnectionState2 != DTLSConnectionState.NULL) {
            dTLSConnectionState2.destroy();
            this.writeState = DTLSConnectionState.NULL;
        }
    }

    public CipherSuite getCipherSuite() {
        return this.cipherSuite;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public CompressionMethod getCompressionMethod() {
        return this.compressionMethod;
    }

    public DtlsEndpointContext getConnectionWriteContext() {
        String sessionId;
        if (this.sessionIdentifier.isEmpty()) {
            sessionId = "TIME:" + Long.toString(this.creationTime);
        } else {
            sessionId = this.sessionIdentifier.toString();
        }
        return new DtlsEndpointContext(this.peer, this.hostName, this.peerIdentity, sessionId, Integer.toString(this.writeEpoch), this.cipherSuite.name(), this.handshakeTimeTag);
    }

    public String getHostName() {
        return this.hostName;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public final CipherSuite.KeyExchangeAlgorithm getKeyExchange() {
        CipherSuite cipherSuite = this.cipherSuite;
        if (cipherSuite != null) {
            return cipherSuite.getKeyExchange();
        }
        throw new IllegalStateException("Cipher suite has not been set (yet)");
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public SecretKey getMasterSecret() {
        return SecretUtil.create(this.masterSecret);
    }

    public int getMaxDatagramSize() {
        return this.maxFragmentLength + this.writeState.getMaxCiphertextExpansion() + 89;
    }

    public int getMaxFragmentLength() {
        return this.maxFragmentLength;
    }

    public HandshakeParameter getParameter() {
        if (this.parameterAvailable) {
            return new HandshakeParameter(this.cipherSuite.getKeyExchange(), this.receiveCertificateType);
        }
        return null;
    }

    public InetSocketAddress getPeer() {
        return this.peer;
    }

    public Principal getPeerIdentity() {
        return this.peerIdentity;
    }

    public int getReadEpoch() {
        return this.readEpoch;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public DTLSConnectionState getReadState() {
        return this.readState;
    }

    public long getSequenceNumber() {
        return getSequenceNumber(this.writeEpoch);
    }

    public long getSequenceNumber(int i) {
        long longValue = this.sequenceNumbers.get(Integer.valueOf(i)).longValue();
        if (longValue >= 281474976710655L) {
            throw new IllegalStateException("Maximum sequence number for epoch has been reached");
        }
        this.sequenceNumbers.put(Integer.valueOf(i), Long.valueOf(1 + longValue));
        return longValue;
    }

    public ServerNames getServerNames() {
        return this.serverNames;
    }

    public SessionId getSessionIdentifier() {
        return this.sessionIdentifier;
    }

    public SessionTicket getSessionTicket() {
        if (!getWriteState().hasValidCipherSuite()) {
            throw new IllegalStateException("session has no valid crypto params, not fully negotiated yet?");
        }
        if (this.sessionIdentifier.isEmpty()) {
            return null;
        }
        return new SessionTicket(new ProtocolVersion(), getWriteState().getCipherSuite(), getWriteState().getCompressionMethod(), this.masterSecret, getServerNames(), getPeerIdentity(), this.creationTime);
    }

    public ConnectionId getWriteConnectionId() {
        return this.writeConnectionId;
    }

    public int getWriteEpoch() {
        return this.writeEpoch;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public DTLSConnectionState getWriteState() {
        return this.writeState;
    }

    @Override // javax.security.auth.Destroyable
    public boolean isDestroyed() {
        return SecretUtil.isDestroyed(this.masterSecret) && SecretUtil.isDestroyed(this.readState) && SecretUtil.isDestroyed(this.writeState);
    }

    boolean isDuplicate(long j) {
        if (j > this.receiveWindowUpperCurrent) {
            return false;
        }
        long j2 = 1 << ((int) (j - this.receiveWindowLowerBoundary));
        if (LOGGER.isDebugEnabled()) {
            LOGGER.debug("Checking sequence no [{}] using bit mask [{}] against received records [{}] with lower boundary [{}]", Long.valueOf(j), Long.toBinaryString(j2), Long.toBinaryString(this.receivedRecordsVector), Long.valueOf(this.receiveWindowLowerBoundary));
        }
        return (this.receivedRecordsVector & j2) == j2;
    }

    public boolean isRecordProcessable(long j, long j2, boolean z) {
        if (j >= getReadEpoch() && j <= getReadEpoch()) {
            return j2 < this.receiveWindowLowerBoundary ? z : !isDuplicate(j2);
        }
        return false;
    }

    public boolean isSniSupported() {
        return this.peerSupportsSni;
    }

    public boolean markRecordAsRead(long j, long j2) {
        if (j != getReadEpoch()) {
            return j > ((long) getReadEpoch());
        }
        boolean z = j2 > this.receiveWindowUpperCurrent;
        if (z) {
            this.receiveWindowUpperCurrent = j2;
            long max = Math.max(0L, (j2 - 64) + 1);
            long j3 = max - this.receiveWindowLowerBoundary;
            if (j3 > 0) {
                this.receivedRecordsVector >>>= (int) j3;
                this.receiveWindowLowerBoundary = max;
            }
        }
        this.receivedRecordsVector = (1 << ((int) (j2 - this.receiveWindowLowerBoundary))) | this.receivedRecordsVector;
        LOGGER.debug("Updated receive window with sequence number [{}]: new upper boundary [{}], new bit vector [{}]", Long.valueOf(j2), Long.valueOf(this.receiveWindowUpperCurrent), Long.toBinaryString(this.receivedRecordsVector));
        return z;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public CertificateType sendCertificateType() {
        return this.sendCertificateType;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void setCipherSuite(CipherSuite cipherSuite) {
        if (cipherSuite == null || CipherSuite.TLS_NULL_WITH_NULL_NULL == cipherSuite) {
            throw new IllegalArgumentException("Negotiated cipher suite must not be null");
        }
        this.cipherSuite = cipherSuite;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void setCompressionMethod(CompressionMethod compressionMethod) {
        this.compressionMethod = compressionMethod;
    }

    public void setHostName(String str) {
        this.serverNames = null;
        this.hostName = str;
        if (str != null) {
            this.serverNames = ServerNames.newInstance(ServerName.from(ServerName.NameType.HOST_NAME, str.getBytes(ServerName.CHARSET)));
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void setMasterSecret(SecretKey secretKey) {
        if (this.masterSecret != null) {
            throw new IllegalStateException("master secret already available!");
        }
        if (!this.sessionIdentifier.isEmpty()) {
            if (secretKey == null) {
                throw new NullPointerException("Master secret must not be null");
            }
            byte[] encoded = secretKey.getEncoded();
            Bytes.clear(encoded);
            if (encoded.length != 48) {
                throw new IllegalArgumentException(String.format("Master secret must consist of of exactly %d bytes but has %d bytes", 48, Integer.valueOf(encoded.length)));
            }
            this.masterSecret = SecretUtil.create(secretKey);
        }
        this.creationTime = System.currentTimeMillis();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void setMaxFragmentLength(int i) {
        if (i < 0 || i > 16384) {
            throw new IllegalArgumentException("Max. fragment length must be > 0 and < 16384");
        }
        determineMaxFragmentLength(i);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void setMaxTransmissionUnit(int i) {
        if (i < 60) {
            throw new IllegalArgumentException("MTU must be at least 60 bytes");
        }
        LOGGER.debug("Setting MTU for peer [{}] to {} bytes", this.peer, Integer.valueOf(i));
        this.maxTransmissionUnit = i;
        determineMaxFragmentLength(i);
    }

    public void setParameterAvailable() {
        this.parameterAvailable = true;
    }

    public void setPeer(InetSocketAddress inetSocketAddress) {
        this.peer = inetSocketAddress;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void setPeerIdentity(Principal principal) {
        if (principal == null) {
            throw new NullPointerException("Peer identity must not be null");
        }
        this.peerIdentity = principal;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void setReadState(DTLSConnectionState dTLSConnectionState) {
        if (dTLSConnectionState == null) {
            throw new NullPointerException("Read state must not be null");
        }
        SecretUtil.destroy(this.readState);
        this.readState = dTLSConnectionState;
        incrementReadEpoch();
        LOGGER.trace("Setting current read state to{}{}", StringUtil.lineSeparator(), dTLSConnectionState);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void setReceiveCertificateType(CertificateType certificateType) {
        this.receiveCertificateType = certificateType;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void setSendCertificateType(CertificateType certificateType) {
        this.sendCertificateType = certificateType;
    }

    public void setServerNames(ServerNames serverNames) {
        ServerName serverName;
        this.hostName = null;
        this.serverNames = serverNames;
        if (serverNames == null || (serverName = serverNames.getServerName(ServerName.NameType.HOST_NAME)) == null) {
            return;
        }
        this.hostName = serverName.getNameAsString();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void setSessionIdentifier(SessionId sessionId) {
        if (sessionId == null) {
            throw new NullPointerException("session identifier must not be null!");
        }
        if (sessionId.equals(this.sessionIdentifier)) {
            return;
        }
        SecretUtil.destroy(this.masterSecret);
        this.masterSecret = null;
        this.sessionIdentifier = sessionId;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void setSniSupported(boolean z) {
        this.peerSupportsSni = z;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void setWriteConnectionId(ConnectionId connectionId) {
        this.writeConnectionId = connectionId;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void setWriteState(DTLSConnectionState dTLSConnectionState) {
        if (dTLSConnectionState == null) {
            throw new NullPointerException("Write state must not be null");
        }
        SecretUtil.destroy(this.writeState);
        this.writeState = dTLSConnectionState;
        incrementWriteEpoch();
        determineMaxFragmentLength(this.maxFragmentLength);
        LOGGER.trace("Setting current write state to{}{}", StringUtil.lineSeparator(), dTLSConnectionState);
    }
}
