package org.eclipse.californium.oscore;

import org.eclipse.californium.core.coap.EmptyMessage;
import org.eclipse.californium.core.coap.Message;
import org.eclipse.californium.core.coap.MessageObserverAdapter;
import org.eclipse.californium.core.coap.OptionSet;
import org.eclipse.californium.core.coap.Request;
import org.eclipse.californium.core.coap.Response;
import org.eclipse.californium.core.coap.Token;
import org.eclipse.californium.core.network.Exchange;
import org.eclipse.californium.core.network.stack.AbstractLayer;
import org.eclipse.californium.elements.util.Bytes;
import org.eclipse.californium.oscore.ContextRederivation;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/eclipse/californium/oscore/ObjectSecurityLayer.class */
public class ObjectSecurityLayer extends AbstractLayer {
    private static final Logger LOGGER = LoggerFactory.getLogger(ObjectSecurityLayer.class);
    private final OSCoreCtxDB ctxDb;

    public ObjectSecurityLayer(OSCoreCtxDB oSCoreCtxDB) {
        if (oSCoreCtxDB == null) {
            throw new NullPointerException("OSCoreCtxDB must be provided!");
        }
        this.ctxDb = oSCoreCtxDB;
    }

    public static Request prepareSend(OSCoreCtxDB oSCoreCtxDB, Request request) throws OSException {
        return RequestEncryptor.encrypt(oSCoreCtxDB, request);
    }

    public static Response prepareSend(OSCoreCtxDB oSCoreCtxDB, Response response, OSCoreCtx oSCoreCtx, boolean z) throws OSException {
        return ResponseEncryptor.encrypt(oSCoreCtxDB, response, oSCoreCtx, z);
    }

    public static Request prepareReceive(OSCoreCtxDB oSCoreCtxDB, Request request) throws CoapOSException {
        return RequestDecryptor.decrypt(oSCoreCtxDB, request);
    }

    public static Response prepareReceive(OSCoreCtxDB oSCoreCtxDB, Response response) throws OSException {
        return ResponseDecryptor.decrypt(oSCoreCtxDB, response);
    }

    public void sendRequest(Exchange exchange, final Request request) {
        Request request2 = request;
        if (shouldProtectRequest(request)) {
            try {
                String uri = request.getURI();
                if (uri == null) {
                    LOGGER.error(ErrorDescriptions.URI_NULL);
                    throw new OSException(ErrorDescriptions.URI_NULL);
                }
                OSCoreCtx context = this.ctxDb.getContext(uri);
                if (context == null) {
                    LOGGER.error("Context is null");
                    throw new OSException("Context is null");
                }
                if (context.getContextRederivationPhase() == ContextRederivation.PHASE.CLIENT_INITIATE) {
                    throw new IllegalStateException("must be handled in ObjectSecurityContextLayer!");
                }
                OSCoreEndpointContextInfo.sendingRequest(context, exchange);
                exchange.setCryptographicContextID(context.getRecipientId());
                final int senderSeq = context.getSenderSeq();
                final Request prepareSend = prepareSend(this.ctxDb, request);
                final OSCoreCtx context2 = this.ctxDb.getContext(uri);
                prepareSend.addMessageObserver(0, new MessageObserverAdapter() { // from class: org.eclipse.californium.oscore.ObjectSecurityLayer.1
                    public void onReadyToSend() {
                        Token token = prepareSend.getToken();
                        if (request.getToken() == null) {
                            request.setToken(token);
                        }
                        ObjectSecurityLayer.this.ctxDb.addContext(token, context2);
                        ObjectSecurityLayer.this.ctxDb.addSeqByToken(token, Integer.valueOf(senderSeq));
                    }
                });
                request2 = prepareSend;
            } catch (IllegalArgumentException e) {
                LOGGER.error("Unable to send request because of illegal argument: " + e.getMessage());
                return;
            } catch (OSException e2) {
                LOGGER.error("Error sending request: " + e2.getMessage());
                return;
            }
        }
        LOGGER.info("Request: " + exchange.getRequest().toString());
        super.sendRequest(exchange, request2);
    }

    public void sendResponse(Exchange exchange, Response response) {
        if (shouldProtectResponse(exchange)) {
            try {
                OSCoreCtx context = this.ctxDb.getContext(exchange.getCryptographicContextID());
                response = prepareSend(this.ctxDb, response, context, context.getResponsesIncludePartialIV() || exchange.getRequest().getOptions().hasObserve());
                exchange.setResponse(response);
            } catch (OSException e) {
                LOGGER.error("Error sending response: " + e.getMessage());
                return;
            }
        }
        super.sendResponse(exchange, response);
    }

    public void sendEmptyMessage(Exchange exchange, EmptyMessage emptyMessage) {
        super.sendEmptyMessage(exchange, emptyMessage);
    }

    public void receiveRequest(Exchange exchange, Request request) {
        if (isProtected(request)) {
            try {
                request = prepareReceive(this.ctxDb, request);
                byte[] oscore = request.getOptions().getOscore();
                request.getOptions().setOscore(Bytes.EMPTY);
                exchange.setRequest(request);
                exchange.setCryptographicContextID(oscore);
            } catch (CoapOSException e) {
                LOGGER.error("Error while receiving OSCore request: " + e.getMessage());
                Response manageError = CoapOSExceptionHandler.manageError(e, request);
                if (manageError != null) {
                    super.sendResponse(exchange, manageError);
                    return;
                }
                return;
            }
        }
        super.receiveRequest(exchange, request);
    }

    public void receiveResponse(Exchange exchange, Response response) {
        if (exchange.getCurrentRequest() == null) {
            LOGGER.error("No request tied to this response");
            return;
        }
        try {
            if (!isProtected(response) && responseShouldBeProtected(exchange, response)) {
                LOGGER.warn("Incoming response is NOT OSCORE protected!");
            } else if (isProtected(response)) {
                LOGGER.info("Incoming response is OSCORE protected");
            }
            if (isProtected(response)) {
                response = prepareReceive(this.ctxDb, response);
            }
            if (exchange.getRequest().isObserveCancel()) {
                this.ctxDb.removeToken(response.getToken());
            }
            super.receiveResponse(exchange, response);
        } catch (OSException e) {
            LOGGER.error("Error while receiving OSCore response: " + e.getMessage());
            EmptyMessage manageError = CoapOSExceptionHandler.manageError(e, response);
            if (manageError != null) {
                sendEmptyMessage(exchange, manageError);
            }
        }
    }

    public void receiveEmptyMessage(Exchange exchange, EmptyMessage emptyMessage) {
        super.receiveEmptyMessage(exchange, emptyMessage);
    }

    private static boolean shouldProtectResponse(Exchange exchange) {
        return exchange.getCryptographicContextID() != null;
    }

    private boolean responseShouldBeProtected(Exchange exchange, Response response) throws OSException {
        Request currentRequest = exchange.getCurrentRequest();
        OptionSet options = currentRequest.getOptions();
        if (exchange.getCryptographicContextID() == null && response.getOptions().hasObserve() && currentRequest.getOptions().hasObserve() && options.hasOscore()) {
            try {
                exchange.setCryptographicContextID(this.ctxDb.getContext(currentRequest.getURI()).getRecipientId());
            } catch (OSException e) {
                LOGGER.error("Error when re-creating exchange at OSCORE level");
                throw new OSException("Error when re-creating exchange at OSCORE level");
            }
        }
        return exchange.getCryptographicContextID() != null;
    }

    private static boolean shouldProtectRequest(Request request) {
        return request.getOptions().hasOption(9);
    }

    private static boolean isProtected(Message message) {
        return message.getOptions().getOscore() != null;
    }
}
