/*
 * Copyright (C) 2019 The Android Open Source Project
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *      http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */
package android.net.ipsec.ike.exceptions;

import android.net.ipsec.ike.ChildSessionCallback;
import android.net.ipsec.ike.IkeSessionCallback;

import com.android.internal.net.ipsec.ike.utils.IkeMetrics;

/**
 * This exception is thrown when the remote server expected a different Diffie-Hellman group.
 *
 * <p>This exception indicates that the remote server received a different KE payload in the Child
 * creation request from accepted Diffie-Hellman group. Callers can retry Child creation by
 * proposing the expected DH group included in this exception.
 *
 * @see <a href="https://tools.ietf.org/html/rfc7296#section-1.3">RFC 7296, Internet Key Exchange
 *     Protocol Version 2 (IKEv2)</a>
 */
// Responder should include an INVALID_KE_PAYLOAD Notify payload in a response message for both
// IKE INIT exchange and other SA negotiation exchanges after IKE is setup, as per RFC 7296
// section-1.3.
public final class InvalidKeException extends IkeProtocolException {
    private static final int EXPECTED_ERROR_DATA_LEN = 2;

    /**
     * Construct an instance of InvalidKeException.
     *
     * <p>Except for testing, IKE library users normally do not instantiate this object themselves
     * but instead get a reference via {@link IkeSessionCallback} or {@link ChildSessionCallback}.
     *
     * @param dhGroup the expected DH group
     */
    public InvalidKeException(int dhGroup) {
        super(ERROR_TYPE_INVALID_KE_PAYLOAD, integerToByteArray(dhGroup, EXPECTED_ERROR_DATA_LEN));
    }

    /**
     * Construct a instance of InvalidKeException from a notify payload.
     *
     * @param notifyData the notify data included in the payload.
     * @hide
     */
    public InvalidKeException(byte[] notifyData) {
        super(ERROR_TYPE_INVALID_KE_PAYLOAD, notifyData);
    }

    /**
     * Return the expected DH Group included in this exception.
     *
     * @return the expected DH Group.
     */
    public int getDhGroup() {
        return byteArrayToInteger(getErrorData());
    }

    /** @hide */
    @Override
    protected boolean isValidDataLength(int dataLen) {
        return EXPECTED_ERROR_DATA_LEN == dataLen;
    }

    /**
     * Returns the error code for metrics
     *
     * @hide
     */
    @Override
    public int getMetricsErrorCode() {
        return IkeMetrics.IKE_ERROR_PROTOCOL_INVALID_KE_PAYLOAD;
    }
}