package org.eclipse.californium.scandium.dtls.cipher;

import java.security.MessageDigest;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Iterator;
import java.util.List;
import javax.crypto.Cipher;
import javax.crypto.Mac;
import org.eclipse.californium.elements.util.DatagramReader;
import org.eclipse.californium.elements.util.DatagramWriter;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/eclipse/californium/scandium/dtls/cipher/CipherSuite.class */
public enum CipherSuite {
    TLS_ECDHE_PSK_WITH_AES_128_GCM_SHA256(53249, CertificateKeyAlgorithm.NONE, KeyExchangeAlgorithm.ECDHE_PSK, CipherSpec.AES_128_GCM, MACAlgorithm.NULL, true),
    TLS_ECDHE_PSK_WITH_AES_256_GCM_SHA378(53250, CertificateKeyAlgorithm.NONE, KeyExchangeAlgorithm.ECDHE_PSK, CipherSpec.AES_256_GCM, MACAlgorithm.NULL, true, PRFAlgorithm.TLS_PRF_SHA384),
    TLS_ECDHE_PSK_WITH_AES_128_CCM_8_SHA256(53251, CertificateKeyAlgorithm.NONE, KeyExchangeAlgorithm.ECDHE_PSK, CipherSpec.AES_128_CCM_8, MACAlgorithm.NULL, true),
    TLS_ECDHE_PSK_WITH_AES_128_CCM_SHA256(53253, CertificateKeyAlgorithm.NONE, KeyExchangeAlgorithm.ECDHE_PSK, CipherSpec.AES_128_CCM, MACAlgorithm.NULL, true),
    TLS_PSK_WITH_AES_128_GCM_SHA256(168, CertificateKeyAlgorithm.NONE, KeyExchangeAlgorithm.PSK, CipherSpec.AES_128_GCM, MACAlgorithm.NULL, true),
    TLS_PSK_WITH_AES_256_GCM_SHA378(169, CertificateKeyAlgorithm.NONE, KeyExchangeAlgorithm.PSK, CipherSpec.AES_256_GCM, MACAlgorithm.NULL, true, PRFAlgorithm.TLS_PRF_SHA384),
    TLS_PSK_WITH_AES_128_CCM_8(49320, CertificateKeyAlgorithm.NONE, KeyExchangeAlgorithm.PSK, CipherSpec.AES_128_CCM_8, MACAlgorithm.NULL, true),
    TLS_PSK_WITH_AES_256_CCM_8(49321, CertificateKeyAlgorithm.NONE, KeyExchangeAlgorithm.PSK, CipherSpec.AES_256_CCM_8, MACAlgorithm.NULL, true),
    TLS_PSK_WITH_AES_128_CCM(49316, CertificateKeyAlgorithm.NONE, KeyExchangeAlgorithm.PSK, CipherSpec.AES_128_CCM, MACAlgorithm.NULL, true),
    TLS_PSK_WITH_AES_256_CCM(49317, CertificateKeyAlgorithm.NONE, KeyExchangeAlgorithm.PSK, CipherSpec.AES_256_CCM, MACAlgorithm.NULL, true),
    TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256(49207, CertificateKeyAlgorithm.NONE, KeyExchangeAlgorithm.ECDHE_PSK, CipherSpec.AES_128_CBC, MACAlgorithm.HMAC_SHA256, false),
    TLS_PSK_WITH_AES_128_CBC_SHA256(174, CertificateKeyAlgorithm.NONE, KeyExchangeAlgorithm.PSK, CipherSpec.AES_128_CBC, MACAlgorithm.HMAC_SHA256, false),
    TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256(49195, CertificateKeyAlgorithm.EC, KeyExchangeAlgorithm.EC_DIFFIE_HELLMAN, CipherSpec.AES_128_GCM, MACAlgorithm.NULL, true),
    TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384(49196, CertificateKeyAlgorithm.EC, KeyExchangeAlgorithm.EC_DIFFIE_HELLMAN, CipherSpec.AES_256_GCM, MACAlgorithm.NULL, true, PRFAlgorithm.TLS_PRF_SHA384),
    TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8(49326, CertificateKeyAlgorithm.EC, KeyExchangeAlgorithm.EC_DIFFIE_HELLMAN, CipherSpec.AES_128_CCM_8, MACAlgorithm.NULL, true),
    TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8(49327, CertificateKeyAlgorithm.EC, KeyExchangeAlgorithm.EC_DIFFIE_HELLMAN, CipherSpec.AES_256_CCM_8, MACAlgorithm.NULL, true),
    TLS_ECDHE_ECDSA_WITH_AES_128_CCM(49324, CertificateKeyAlgorithm.EC, KeyExchangeAlgorithm.EC_DIFFIE_HELLMAN, CipherSpec.AES_128_CCM, MACAlgorithm.NULL, true),
    TLS_ECDHE_ECDSA_WITH_AES_256_CCM(49325, CertificateKeyAlgorithm.EC, KeyExchangeAlgorithm.EC_DIFFIE_HELLMAN, CipherSpec.AES_256_CCM, MACAlgorithm.NULL, true),
    TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA(49162, CertificateKeyAlgorithm.EC, KeyExchangeAlgorithm.EC_DIFFIE_HELLMAN, CipherSpec.AES_256_CBC, MACAlgorithm.HMAC_SHA1, false),
    TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256(49187, CertificateKeyAlgorithm.EC, KeyExchangeAlgorithm.EC_DIFFIE_HELLMAN, CipherSpec.AES_128_CBC, MACAlgorithm.HMAC_SHA256, false),
    TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384(49188, CertificateKeyAlgorithm.EC, KeyExchangeAlgorithm.EC_DIFFIE_HELLMAN, CipherSpec.AES_256_CBC, MACAlgorithm.HMAC_SHA384, false, PRFAlgorithm.TLS_PRF_SHA384),
    TLS_NULL_WITH_NULL_NULL(0, CertificateKeyAlgorithm.NONE, KeyExchangeAlgorithm.NULL, CipherSpec.NULL, MACAlgorithm.NULL, false);

    public static final int CIPHER_SUITE_BITS = 16;
    private static final Logger LOGGER = LoggerFactory.getLogger(CipherSuite.class.getCanonicalName());
    private static int overallMaxCipherTextExpansion = 0;
    private final int code;
    private final CertificateKeyAlgorithm certificateKeyAlgorithm;
    private final KeyExchangeAlgorithm keyExchange;
    private final CipherSpec cipher;
    private final MACAlgorithm macAlgorithm;
    private final PRFAlgorithm pseudoRandomFunction;
    private final int maxCipherTextExpansion;
    private boolean recommendedCipherSuite;

    /* loaded from: input_file:org/eclipse/californium/scandium/dtls/cipher/CipherSuite$CertificateKeyAlgorithm.class */
    public enum CertificateKeyAlgorithm {
        NONE,
        DSA,
        RSA,
        EC
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/eclipse/californium/scandium/dtls/cipher/CipherSuite$CipherSpec.class */
    public enum CipherSpec {
        NULL("NULL", CipherType.NULL, 0, 0, 0),
        B_3DES_EDE_CBC("DESede/CBC/NoPadding", CipherType.BLOCK, 24, 4, 8),
        AES_128_CBC("AES/CBC/NoPadding", CipherType.BLOCK, 16, 4, 16),
        AES_256_CBC("AES/CBC/NoPadding", CipherType.BLOCK, 32, 4, 16),
        AES_128_CCM_8(AeadBlockCipher.AES_CCM, CipherType.AEAD, 16, 4, 8, 8),
        AES_256_CCM_8(AeadBlockCipher.AES_CCM, CipherType.AEAD, 32, 4, 8, 8),
        AES_128_CCM(AeadBlockCipher.AES_CCM, CipherType.AEAD, 16, 4, 8, 16),
        AES_256_CCM(AeadBlockCipher.AES_CCM, CipherType.AEAD, 32, 4, 8, 16),
        AES_128_GCM("AES/GCM/NoPadding", CipherType.AEAD, 16, 4, 8, 16),
        AES_256_GCM("AES/GCM/NoPadding", CipherType.AEAD, 32, 4, 8, 16);

        private final String transformation;
        private final CipherType type;
        private final int keyLength;
        private final int fixedIvLength;
        private final int recordIvLength;
        private final int macLength;
        private final boolean supported;
        private final ThreadLocalCipher cipher;

        CipherSpec(String str, CipherType cipherType, int i, int i2, int i3) {
            this(str, cipherType, i, i2, i3, 0);
        }

        CipherSpec(String str, CipherType cipherType, int i, int i2, int i3, int i4) {
            this.transformation = str;
            this.type = cipherType;
            this.keyLength = i;
            this.fixedIvLength = i2;
            this.recordIvLength = i3;
            this.macLength = i4;
            boolean isSupported = (cipherType == CipherType.AEAD || cipherType == CipherType.BLOCK) ? AeadBlockCipher.isSupported(str, i) : true;
            if (AeadBlockCipher.AES_CCM.equals(str)) {
                this.cipher = null;
                this.supported = isSupported;
            } else {
                this.cipher = isSupported ? new ThreadLocalCipher(str) : null;
                this.supported = this.cipher == null ? false : this.cipher.isSupported();
            }
        }

        /* JADX INFO: Access modifiers changed from: private */
        public String getTransformation() {
            return this.transformation;
        }

        /* JADX INFO: Access modifiers changed from: private */
        public CipherType getType() {
            return this.type;
        }

        /* JADX INFO: Access modifiers changed from: private */
        public int getKeyLength() {
            return this.keyLength;
        }

        /* JADX INFO: Access modifiers changed from: private */
        public int getFixedIvLength() {
            return this.fixedIvLength;
        }

        /* JADX INFO: Access modifiers changed from: private */
        public int getRecordIvLength() {
            return this.recordIvLength;
        }

        /* JADX INFO: Access modifiers changed from: private */
        public int getMacLength() {
            return this.macLength;
        }

        /* JADX INFO: Access modifiers changed from: private */
        public boolean isSupported() {
            return this.supported;
        }

        /* JADX INFO: Access modifiers changed from: private */
        public Cipher getCipher() {
            if (this.cipher == null) {
                return null;
            }
            return this.cipher.current();
        }
    }

    /* loaded from: input_file:org/eclipse/californium/scandium/dtls/cipher/CipherSuite$CipherType.class */
    public enum CipherType {
        NULL,
        STREAM,
        BLOCK,
        AEAD
    }

    /* loaded from: input_file:org/eclipse/californium/scandium/dtls/cipher/CipherSuite$KeyExchangeAlgorithm.class */
    public enum KeyExchangeAlgorithm {
        NULL,
        DHE_DSS,
        DHE_RSA,
        DH_ANON,
        RSA,
        DH_DSS,
        DH_RSA,
        PSK,
        ECDHE_PSK,
        EC_DIFFIE_HELLMAN
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/eclipse/californium/scandium/dtls/cipher/CipherSuite$MACAlgorithm.class */
    public enum MACAlgorithm {
        NULL(null, null, 0, 0, 0),
        HMAC_MD5("HmacMD5", "MD5", 16, 0, 0),
        HMAC_SHA1("HmacSHA1", "SHA-1", 20, 8, 64),
        HMAC_SHA256("HmacSHA256", "SHA-256", 32, 8, 64),
        HMAC_SHA384("HmacSHA384", "SHA-384", 48, 16, 128),
        HMAC_SHA512("HmacSHA512", "SHA-512", 64, 16, 128);

        private final String name;
        private final String mdName;
        private final int outputLength;
        private final int messageLengthBytes;
        private final int messageBlockLength;
        private final boolean supported;
        private final ThreadLocalMac mac;
        private final ThreadLocalMessageDigest md;

        MACAlgorithm(String str, String str2, int i, int i2, int i3) {
            this.name = str;
            this.mdName = str2;
            this.outputLength = i;
            this.messageLengthBytes = i2;
            this.messageBlockLength = i3;
            if (str == null && str2 == null) {
                this.supported = true;
                this.mac = null;
                this.md = null;
            } else {
                this.mac = new ThreadLocalMac(str);
                this.md = new ThreadLocalMessageDigest(str2);
                this.supported = this.mac.isSupported() && this.md.isSupported();
            }
        }

        public String getName() {
            return this.name;
        }

        public String getMessageDigestName() {
            return this.mdName;
        }

        public int getOutputLength() {
            return this.outputLength;
        }

        public int getKeyLength() {
            return this.outputLength;
        }

        public int getMessageBlockLength() {
            return this.messageBlockLength;
        }

        public int getMessageLengthBytes() {
            return this.messageLengthBytes;
        }

        public boolean isSupported() {
            return this.supported;
        }

        public Mac getMac() {
            if (this.mac != null) {
                return this.mac.current();
            }
            return null;
        }

        public MessageDigest getMessageDigest() {
            if (this.md == null) {
                return null;
            }
            MessageDigest current = this.md.current();
            current.reset();
            return current;
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/eclipse/californium/scandium/dtls/cipher/CipherSuite$PRFAlgorithm.class */
    public enum PRFAlgorithm {
        TLS_PRF_SHA256(MACAlgorithm.HMAC_SHA256),
        TLS_PRF_SHA384(MACAlgorithm.HMAC_SHA384);

        private final MACAlgorithm mac;

        PRFAlgorithm(MACAlgorithm mACAlgorithm) {
            this.mac = mACAlgorithm;
        }

        public MACAlgorithm getMacAlgorithm() {
            return this.mac;
        }
    }

    CipherSuite(int i, CertificateKeyAlgorithm certificateKeyAlgorithm, KeyExchangeAlgorithm keyExchangeAlgorithm, CipherSpec cipherSpec, MACAlgorithm mACAlgorithm, boolean z) {
        this(i, certificateKeyAlgorithm, keyExchangeAlgorithm, cipherSpec, mACAlgorithm, z, PRFAlgorithm.TLS_PRF_SHA256);
    }

    CipherSuite(int i, CertificateKeyAlgorithm certificateKeyAlgorithm, KeyExchangeAlgorithm keyExchangeAlgorithm, CipherSpec cipherSpec, MACAlgorithm mACAlgorithm, boolean z, PRFAlgorithm pRFAlgorithm) {
        this.code = i;
        this.certificateKeyAlgorithm = certificateKeyAlgorithm;
        this.keyExchange = keyExchangeAlgorithm;
        this.cipher = cipherSpec;
        this.macAlgorithm = mACAlgorithm;
        this.recommendedCipherSuite = z;
        this.pseudoRandomFunction = pRFAlgorithm;
        switch (this.cipher.getType()) {
            case BLOCK:
                this.maxCipherTextExpansion = cipherSpec.getRecordIvLength() + mACAlgorithm.getOutputLength() + cipherSpec.getRecordIvLength() + 1;
                return;
            case AEAD:
                this.maxCipherTextExpansion = cipherSpec.getRecordIvLength() + cipherSpec.getMacLength();
                return;
            default:
                this.maxCipherTextExpansion = 0;
                return;
        }
    }

    public int getMaxCiphertextExpansion() {
        return this.maxCipherTextExpansion;
    }

    public String getTransformation() {
        return this.cipher.getTransformation();
    }

    public Cipher getThreadLocalCipher() {
        return this.cipher.getCipher();
    }

    public int getCode() {
        return this.code;
    }

    public CertificateKeyAlgorithm getCertificateKeyAlgorithm() {
        return this.certificateKeyAlgorithm;
    }

    public KeyExchangeAlgorithm getKeyExchange() {
        return this.keyExchange;
    }

    public boolean requiresServerCertificateMessage() {
        return !CertificateKeyAlgorithm.NONE.equals(this.certificateKeyAlgorithm);
    }

    public boolean isPskBased() {
        return KeyExchangeAlgorithm.PSK.equals(this.keyExchange) || KeyExchangeAlgorithm.ECDHE_PSK.equals(this.keyExchange);
    }

    public boolean isEccBased() {
        return CertificateKeyAlgorithm.EC.equals(this.certificateKeyAlgorithm) || KeyExchangeAlgorithm.ECDHE_PSK.equals(this.keyExchange) || KeyExchangeAlgorithm.EC_DIFFIE_HELLMAN.equals(this.keyExchange);
    }

    public boolean isSupported() {
        return this.pseudoRandomFunction.getMacAlgorithm().isSupported() && this.macAlgorithm.isSupported() && this.cipher.isSupported();
    }

    public boolean isRecommended() {
        return this.recommendedCipherSuite;
    }

    public String getMacName() {
        return this.macAlgorithm.getName();
    }

    public String getMessageDigestName() {
        return this.macAlgorithm.getMessageDigestName();
    }

    public Mac getThreadLocalMac() {
        return this.macAlgorithm.getMac();
    }

    public MessageDigest getThreadLocalMacMessageDigest() {
        return this.macAlgorithm.getMessageDigest();
    }

    public int getMacLength() {
        return this.macAlgorithm == MACAlgorithm.NULL ? this.cipher.getMacLength() : this.macAlgorithm.getOutputLength();
    }

    public int getMacKeyLength() {
        return this.macAlgorithm.getKeyLength();
    }

    public int getMacMessageBlockLength() {
        return this.macAlgorithm.getMessageBlockLength();
    }

    public int getMacMessageLengthBytes() {
        return this.macAlgorithm.getMessageLengthBytes();
    }

    public int getRecordIvLength() {
        return this.cipher.getRecordIvLength();
    }

    public int getFixedIvLength() {
        return this.cipher.getFixedIvLength();
    }

    public String getPseudoRandomFunctionMacName() {
        return this.pseudoRandomFunction.getMacAlgorithm().getName();
    }

    public String getPseudoRandomFunctionMessageDigestName() {
        return this.pseudoRandomFunction.getMacAlgorithm().getMessageDigestName();
    }

    public Mac getThreadLocalPseudoRandomFunctionMac() {
        return this.pseudoRandomFunction.getMacAlgorithm().getMac();
    }

    public MessageDigest getThreadLocalPseudoRandomFunctionMessageDigest() {
        return this.pseudoRandomFunction.getMacAlgorithm().getMessageDigest();
    }

    public CipherType getCipherType() {
        return this.cipher.getType();
    }

    public int getEncKeyLength() {
        return this.cipher.getKeyLength();
    }

    public static int getOverallMaxCiphertextExpansion() {
        if (overallMaxCipherTextExpansion == 0) {
            int i = 0;
            for (CipherSuite cipherSuite : values()) {
                if (cipherSuite.isSupported()) {
                    i = Math.max(i, cipherSuite.getMaxCiphertextExpansion());
                }
            }
            overallMaxCipherTextExpansion = i;
        }
        return overallMaxCipherTextExpansion;
    }

    @Deprecated
    public static List<CipherSuite> getPskCipherSuites(boolean z, boolean z2) {
        ArrayList arrayList = new ArrayList();
        for (CipherSuite cipherSuite : values()) {
            if (cipherSuite.isSupported() && ((KeyExchangeAlgorithm.PSK.equals(cipherSuite.keyExchange) || (z2 && KeyExchangeAlgorithm.ECDHE_PSK.equals(cipherSuite.keyExchange))) && (!z || cipherSuite.recommendedCipherSuite))) {
                arrayList.add(cipherSuite);
            }
        }
        return arrayList;
    }

    public static List<CipherSuite> getCipherSuitesByKeyExchangeAlgorithm(boolean z, KeyExchangeAlgorithm... keyExchangeAlgorithmArr) {
        if (keyExchangeAlgorithmArr == null) {
            throw new NullPointerException("KeyExchangeAlgorithms must not be null!");
        }
        if (keyExchangeAlgorithmArr.length == 0) {
            throw new IllegalArgumentException("KeyExchangeAlgorithms must not be empty!");
        }
        List asList = Arrays.asList(keyExchangeAlgorithmArr);
        ArrayList arrayList = new ArrayList();
        for (CipherSuite cipherSuite : values()) {
            if ((!z || cipherSuite.recommendedCipherSuite) && cipherSuite.isSupported() && asList.contains(cipherSuite.keyExchange)) {
                arrayList.add(cipherSuite);
            }
        }
        return arrayList;
    }

    public static List<CipherSuite> getEcdsaCipherSuites(boolean z) {
        return getCertificateCipherSuites(z, CertificateKeyAlgorithm.EC.name());
    }

    public static List<CipherSuite> getCertificateCipherSuites(boolean z, String str) {
        ArrayList arrayList = new ArrayList();
        for (CipherSuite cipherSuite : values()) {
            if (cipherSuite.isSupported() && cipherSuite.certificateKeyAlgorithm.name().equals(str) && (!z || cipherSuite.recommendedCipherSuite)) {
                arrayList.add(cipherSuite);
            }
        }
        return arrayList;
    }

    public static CipherSuite getTypeByCode(int i) {
        for (CipherSuite cipherSuite : values()) {
            if (cipherSuite.code == i) {
                return cipherSuite;
            }
        }
        if (!LOGGER.isTraceEnabled()) {
            return null;
        }
        LOGGER.trace("Cannot resolve cipher suite code [{}]", Integer.toHexString(i));
        return null;
    }

    public static CipherSuite getTypeByName(String str) {
        for (CipherSuite cipherSuite : values()) {
            if (cipherSuite.name().equals(str)) {
                return cipherSuite;
            }
        }
        if (!LOGGER.isTraceEnabled()) {
            return null;
        }
        LOGGER.trace("Cannot resolve cipher suite code [{}]", str);
        return null;
    }

    public static boolean containsPskBasedCipherSuite(List<CipherSuite> list) {
        if (list == null) {
            return false;
        }
        Iterator<CipherSuite> it = list.iterator();
        while (it.hasNext()) {
            if (it.next().isPskBased()) {
                return true;
            }
        }
        return false;
    }

    public static boolean containsEccBasedCipherSuite(List<CipherSuite> list) {
        if (list == null) {
            return false;
        }
        Iterator<CipherSuite> it = list.iterator();
        while (it.hasNext()) {
            if (it.next().isEccBased()) {
                return true;
            }
        }
        return false;
    }

    public static boolean containsCipherSuiteRequiringCertExchange(List<CipherSuite> list) {
        if (list == null) {
            return false;
        }
        Iterator<CipherSuite> it = list.iterator();
        while (it.hasNext()) {
            if (it.next().requiresServerCertificateMessage()) {
                return true;
            }
        }
        return false;
    }

    public static byte[] listToByteArray(List<CipherSuite> list) {
        DatagramWriter datagramWriter = new DatagramWriter();
        Iterator<CipherSuite> it = list.iterator();
        while (it.hasNext()) {
            datagramWriter.write(it.next().getCode(), 16);
        }
        return datagramWriter.toByteArray();
    }

    @Deprecated
    public static List<CipherSuite> listFromByteArray(byte[] bArr, int i) {
        List<CipherSuite> listFromReader = listFromReader(new DatagramReader(bArr, false));
        if (listFromReader.size() != i) {
            throw new IllegalArgumentException("");
        }
        return listFromReader;
    }

    public static List<CipherSuite> listFromReader(DatagramReader datagramReader) {
        ArrayList arrayList = new ArrayList();
        while (datagramReader.bytesAvailable()) {
            CipherSuite typeByCode = getTypeByCode(datagramReader.read(16));
            if (typeByCode != null) {
                arrayList.add(typeByCode);
            }
        }
        return arrayList;
    }
}
