package org.eclipse.californium.scandium.dtls;

import java.security.GeneralSecurityException;
import java.util.Arrays;
import javax.crypto.SecretKey;
import javax.security.auth.DestroyFailedException;
import org.eclipse.californium.elements.util.Bytes;
import org.eclipse.californium.elements.util.DatagramReader;
import org.eclipse.californium.elements.util.DatagramWriter;
import org.eclipse.californium.elements.util.StringUtil;
import org.eclipse.californium.scandium.dtls.cipher.AeadBlockCipher;
import org.eclipse.californium.scandium.dtls.cipher.CipherSuite;
import org.eclipse.californium.scandium.util.SecretIvParameterSpec;
import org.eclipse.californium.scandium.util.SecretSerializationUtil;
import org.eclipse.californium.scandium.util.SecretUtil;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/eclipse/californium/scandium/dtls/DtlsAeadConnectionState.class */
public class DtlsAeadConnectionState extends DTLSConnectionState {
    private static final Logger LOGGER = LoggerFactory.getLogger(DtlsAeadConnectionState.class);
    private final SecretKey encryptionKey;
    private final SecretIvParameterSpec iv;

    /* JADX INFO: Access modifiers changed from: package-private */
    public DtlsAeadConnectionState(CipherSuite cipherSuite, CompressionMethod compressionMethod, SecretKey secretKey, SecretIvParameterSpec secretIvParameterSpec) {
        super(cipherSuite, compressionMethod);
        if (secretKey == null) {
            throw new NullPointerException("Encryption key must not be null!");
        }
        if (secretIvParameterSpec == null) {
            throw new NullPointerException("IV must not be null!");
        }
        this.encryptionKey = SecretUtil.create(secretKey);
        this.iv = SecretUtil.createIv(secretIvParameterSpec);
    }

    @Override // javax.security.auth.Destroyable
    public void destroy() throws DestroyFailedException {
        SecretUtil.destroy(this.encryptionKey);
        SecretUtil.destroy(this.iv);
    }

    @Override // javax.security.auth.Destroyable
    public boolean isDestroyed() {
        return SecretUtil.isDestroyed(this.iv) && SecretUtil.isDestroyed(this.encryptionKey);
    }

    @Override // org.eclipse.californium.scandium.dtls.DTLSConnectionState
    public byte[] encrypt(Record record, byte[] bArr) throws GeneralSecurityException {
        DatagramWriter datagramWriter = new DatagramWriter(12, true);
        this.iv.writeTo(datagramWriter);
        record.writeExplicitNonce(datagramWriter);
        byte[] byteArray = datagramWriter.toByteArray();
        byte[] generateAdditionalData = record.generateAdditionalData(bArr.length);
        if (LOGGER.isTraceEnabled()) {
            LOGGER.trace("encrypt: {} bytes", Integer.valueOf(bArr.length));
            LOGGER.trace("nonce: {}", StringUtil.byteArray2HexString(byteArray));
            LOGGER.trace("adata: {}", StringUtil.byteArray2HexString(generateAdditionalData));
        }
        byte[] encrypt = AeadBlockCipher.encrypt(this.cipherSuite, this.encryptionKey, byteArray, generateAdditionalData, bArr);
        System.arraycopy(byteArray, this.cipherSuite.getFixedIvLength(), encrypt, 0, this.cipherSuite.getRecordIvLength());
        Bytes.clear(byteArray);
        LOGGER.trace("==> {} bytes", Integer.valueOf(encrypt.length));
        return encrypt;
    }

    @Override // org.eclipse.californium.scandium.dtls.DTLSConnectionState
    public byte[] decrypt(Record record, byte[] bArr) throws GeneralSecurityException {
        if (bArr == null) {
            throw new NullPointerException("Ciphertext must not be null");
        }
        int recordIvLength = this.cipherSuite.getRecordIvLength();
        int length = (bArr.length - recordIvLength) - this.cipherSuite.getMacLength();
        if (length <= 0) {
            throw new GeneralSecurityException("Ciphertext too short!");
        }
        byte[] generateAdditionalData = record.generateAdditionalData(length);
        DatagramWriter datagramWriter = new DatagramWriter(12, true);
        this.iv.writeTo(datagramWriter);
        datagramWriter.writeBytes(bArr, 0, recordIvLength);
        byte[] byteArray = datagramWriter.toByteArray();
        if (LOGGER.isTraceEnabled()) {
            LOGGER.trace("decrypt: {} bytes", Integer.valueOf(length));
            LOGGER.trace("nonce: {}", StringUtil.byteArray2HexString(byteArray));
            LOGGER.trace("adata: {}", StringUtil.byteArray2HexString(generateAdditionalData));
        }
        if (LOGGER.isDebugEnabled() && AeadBlockCipher.AES_CCM.equals(this.cipherSuite.getTransformation())) {
            byte[] copyOf = Arrays.copyOf(bArr, recordIvLength);
            record.writeExplicitNonce(datagramWriter);
            byte[] byteArray2 = datagramWriter.toByteArray();
            if (!Arrays.equals(byteArray2, copyOf)) {
                StringBuilder sb = new StringBuilder("The explicit nonce used by the sender does not match the values provided in the DTLS record");
                sb.append(StringUtil.lineSeparator()).append("Used    : ").append(StringUtil.byteArray2HexString(copyOf));
                sb.append(StringUtil.lineSeparator()).append("Expected: ").append(StringUtil.byteArray2HexString(byteArray2));
                LOGGER.debug(sb.toString());
            }
        }
        byte[] decrypt = AeadBlockCipher.decrypt(this.cipherSuite, this.encryptionKey, byteArray, generateAdditionalData, bArr, recordIvLength, bArr.length - recordIvLength);
        Bytes.clear(byteArray);
        return decrypt;
    }

    public final String toString() {
        StringBuilder append = new StringBuilder("DtlsAeadConnectionState:").append(StringUtil.lineSeparator());
        String indentation = StringUtil.indentation(1);
        append.append(indentation).append("Cipher suite: ").append(this.cipherSuite).append(StringUtil.lineSeparator());
        append.append(indentation).append("Compression method: ").append(this.compressionMethod).append(StringUtil.lineSeparator());
        append.append(indentation).append("IV: ").append(this.iv == null ? "null" : "not null").append(StringUtil.lineSeparator());
        append.append(indentation).append("Encryption key: ").append(this.encryptionKey == null ? "null" : "not null").append(StringUtil.lineSeparator());
        return append.toString();
    }

    @Override // org.eclipse.californium.scandium.dtls.DTLSConnectionState
    public void writeTo(DatagramWriter datagramWriter) {
        SecretSerializationUtil.write(datagramWriter, this.encryptionKey);
        SecretSerializationUtil.write(datagramWriter, this.iv);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public DtlsAeadConnectionState(CipherSuite cipherSuite, CompressionMethod compressionMethod, DatagramReader datagramReader) {
        super(cipherSuite, compressionMethod);
        this.encryptionKey = SecretSerializationUtil.readSecretKey(datagramReader);
        this.iv = SecretSerializationUtil.readIv(datagramReader);
    }
}
