package o;

import java.security.GeneralSecurityException;
import java.security.MessageDigest;
import java.security.PublicKey;
import java.security.cert.X509Certificate;
import java.security.interfaces.ECPublicKey;
import java.util.Collections;
import java.util.List;
import javax.crypto.SecretKey;
import org.eclipse.californium.elements.util.NoPublicAPI;
import org.eclipse.californium.scandium.dtls.AlertMessage;
import org.eclipse.californium.scandium.dtls.CertificateRequest;
import org.eclipse.californium.scandium.dtls.CertificateType;
import org.eclipse.californium.scandium.dtls.ChangeCipherSpecMessage;
import org.eclipse.californium.scandium.dtls.CompressionMethod;
import org.eclipse.californium.scandium.dtls.ContentType;
import org.eclipse.californium.scandium.dtls.DTLSMessage;
import org.eclipse.californium.scandium.dtls.HandshakeMessage;
import org.eclipse.californium.scandium.dtls.HandshakeType;
import org.eclipse.californium.scandium.dtls.Handshaker;
import org.eclipse.californium.scandium.dtls.HelloExtension;
import org.eclipse.californium.scandium.dtls.MaxFragmentLengthExtension;
import org.eclipse.californium.scandium.dtls.RecordLayer;
import org.eclipse.californium.scandium.dtls.SignatureAndHashAlgorithm;
import org.eclipse.californium.scandium.dtls.SupportedPointFormatsExtension;
import org.eclipse.californium.scandium.dtls.cipher.CipherSuite;
import org.eclipse.californium.scandium.dtls.cipher.ECDHECryptography;

@NoPublicAPI
/* loaded from: classes19.dex */
public class ikc extends Handshaker {
    protected static ikv[] e = {new ikv(HandshakeType.HELLO_VERIFY_REQUEST, true), new ikv(HandshakeType.SERVER_HELLO), new ikv(HandshakeType.CERTIFICATE), new ikv(HandshakeType.SERVER_KEY_EXCHANGE), new ikv(HandshakeType.CERTIFICATE_REQUEST, true), new ikv(HandshakeType.SERVER_HELLO_DONE), new ikv(ContentType.CHANGE_CIPHER_SPEC), new ikv(HandshakeType.FINISHED)};
    private static ikv[] m = {new ikv(HandshakeType.HELLO_VERIFY_REQUEST, true), new ikv(HandshakeType.SERVER_HELLO), new ikv(HandshakeType.SERVER_KEY_EXCHANGE, true), new ikv(HandshakeType.SERVER_HELLO_DONE), new ikv(ContentType.CHANGE_CIPHER_SPEC), new ikv(HandshakeType.FINISHED)};
    protected final boolean a;
    protected ike b;
    protected final Integer c;
    protected ECPublicKey d;
    protected byte[] f;
    protected CertificateRequest g;
    protected final List<CertificateType> h;
    protected final List<CertificateType> i;
    protected SignatureAndHashAlgorithm j;
    private ilc k;
    private final List<CipherSuite> l;
    private PublicKey n;

    /* JADX INFO: Access modifiers changed from: package-private */
    /* renamed from: o.ikc$2, reason: invalid class name */
    /* loaded from: classes19.dex */
    public static /* synthetic */ class AnonymousClass2 {
        static final /* synthetic */ int[] d;

        static {
            try {
                a[HandshakeType.HELLO_VERIFY_REQUEST.ordinal()] = 1;
            } catch (NoSuchFieldError unused) {
            }
            try {
                a[HandshakeType.SERVER_HELLO.ordinal()] = 2;
            } catch (NoSuchFieldError unused2) {
            }
            try {
                a[HandshakeType.CERTIFICATE.ordinal()] = 3;
            } catch (NoSuchFieldError unused3) {
            }
            try {
                a[HandshakeType.SERVER_KEY_EXCHANGE.ordinal()] = 4;
            } catch (NoSuchFieldError unused4) {
            }
            try {
                a[HandshakeType.CERTIFICATE_REQUEST.ordinal()] = 5;
            } catch (NoSuchFieldError unused5) {
            }
            try {
                a[HandshakeType.SERVER_HELLO_DONE.ordinal()] = 6;
            } catch (NoSuchFieldError unused6) {
            }
            try {
                a[HandshakeType.FINISHED.ordinal()] = 7;
            } catch (NoSuchFieldError unused7) {
            }
            d = new int[CipherSuite.KeyExchangeAlgorithm.values().length];
            try {
                d[CipherSuite.KeyExchangeAlgorithm.EC_DIFFIE_HELLMAN.ordinal()] = 1;
            } catch (NoSuchFieldError unused8) {
            }
            try {
                d[CipherSuite.KeyExchangeAlgorithm.PSK.ordinal()] = 2;
            } catch (NoSuchFieldError unused9) {
            }
            try {
                d[CipherSuite.KeyExchangeAlgorithm.ECDHE_PSK.ordinal()] = 3;
            } catch (NoSuchFieldError unused10) {
            }
            try {
                d[CipherSuite.KeyExchangeAlgorithm.NULL.ordinal()] = 4;
            } catch (NoSuchFieldError unused11) {
            }
        }
    }

    public ikc(ikj ikjVar, RecordLayer recordLayer, ika ikaVar, ijq ijqVar, int i) {
        super(true, 0, ikjVar, recordLayer, ikaVar, ijqVar, i);
        this.k = new ilc();
        this.b = null;
        this.g = null;
        this.f = null;
        this.l = ijqVar.r();
        this.c = ijqVar.b();
        this.a = ijqVar.aq().booleanValue();
        this.i = ijqVar.ab();
        this.h = ijqVar.ac();
    }

    private void a(ijy ijyVar) throws iks {
        verifyCertificate(ijyVar);
        this.n = ijyVar.d();
    }

    private void a(iko ikoVar) throws iks {
        ikoVar.a(this.n, this.clientRandom, this.serverRandom);
        if (this.peerCertPath != null) {
            this.session.a(new iix(this.peerCertPath));
        } else {
            this.session.a(new iiy(this.n));
        }
        this.d = ikoVar.b();
        try {
            this.ecdhe = new ECDHECryptography(this.d.getParams());
        } catch (GeneralSecurityException e2) {
            throw new iks(String.format("Cannot create ephemeral keys from domain params provided by server: %s", e2.getMessage()), new AlertMessage(AlertMessage.AlertLevel.FATAL, AlertMessage.AlertDescription.HANDSHAKE_FAILURE, getPeerAddress()));
        }
    }

    private void a(ikp ikpVar) throws iks, GeneralSecurityException {
        ikpVar.a(this.session.j().getThreadLocalPseudoRandomFunctionMac(), this.masterSecret, false, this.f);
        sessionEstablished();
        handshakeCompleted();
    }

    private static boolean b(CertificateType certificateType, List<CertificateType> list) {
        return list != null ? list.contains(certificateType) : certificateType == CertificateType.X_509;
    }

    private void e(ikr ikrVar) throws iks {
        this.d = ikrVar.a();
        try {
            this.ecdhe = new ECDHECryptography(this.d.getParams());
        } catch (GeneralSecurityException e2) {
            throw new iks(String.format("Cannot create ephemeral keys from domain params provided by server: %s", e2.getMessage()), new AlertMessage(AlertMessage.AlertLevel.FATAL, AlertMessage.AlertDescription.HANDSHAKE_FAILURE, getPeerAddress()));
        }
    }

    PublicKey a(CertificateRequest certificateRequest) throws iks {
        if (this.publicKey == null) {
            return null;
        }
        this.j = certificateRequest.c(this.publicKey);
        if (this.j == null) {
            return null;
        }
        return this.publicKey;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void a(ike ikeVar) {
        if (this.connectionIdGenerator != null) {
            ikeVar.d(ikd.a(this.connectionIdGenerator.useConnectionId() ? getConnection().i() : ikb.b));
        }
    }

    protected void a(ikh ikhVar) throws iks {
        ijy ijyVar;
        if (this.g != null) {
            if (CertificateType.RAW_PUBLIC_KEY == this.session.q()) {
                byte[] bArr = ijg.d;
                PublicKey a = a(this.g);
                if (a != null) {
                    bArr = a.getEncoded();
                }
                if (this.LOGGER.isDebugEnabled()) {
                    this.LOGGER.debug("sending CERTIFICATE message with client RawPublicKey [{}] to server", ijr.b(bArr));
                }
                ijyVar = new ijy(bArr, this.session.w());
            } else {
                if (CertificateType.X_509 != this.session.q()) {
                    throw new IllegalArgumentException("Certificate type " + this.session.q() + " not supported!");
                }
                ijyVar = new ijy(d(this.g), this.a ? this.g.a() : null, this.session.w());
            }
            wrapMessage(ikhVar, ijyVar);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void a(ikx ikxVar) throws iks {
        this.handshakeMessages.clear();
        this.b.c(ikxVar.e());
        this.flightNumber = 3;
        ikh ikhVar = new ikh(getSession(), this.flightNumber);
        wrapMessage(ikhVar, this.b);
        sendFlight(ikhVar);
        this.statesIndex--;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void a(ill illVar) throws iks {
        ikd m2;
        this.usedProtocol = illVar.a();
        this.serverRandom = illVar.c();
        this.session.b(illVar.e());
        CipherSuite d = illVar.d();
        if (!this.l.contains(d)) {
            throw new iks("Server wants to use not supported cipher suite " + d, new AlertMessage(AlertMessage.AlertLevel.FATAL, AlertMessage.AlertDescription.ILLEGAL_PARAMETER, illVar.getPeer()));
        }
        this.session.e(d);
        CompressionMethod b = illVar.b();
        if (b != CompressionMethod.NULL) {
            throw new iks("Server wants to use not supported compression method " + b, new AlertMessage(AlertMessage.AlertLevel.FATAL, AlertMessage.AlertDescription.ILLEGAL_PARAMETER, illVar.getPeer()));
        }
        this.session.a(illVar.b());
        c(illVar);
        if (this.connectionIdGenerator != null && (m2 = illVar.m()) != null) {
            this.session.d(m2.e());
        }
        this.session.a(illVar.g());
        this.session.c(illVar.n());
        this.session.l();
        if (d.requiresServerCertificateMessage()) {
            return;
        }
        this.states = m;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void c(ill illVar) throws iks {
        iku j = illVar.j();
        if (j != null && !j.c()) {
            iku f = this.b.f();
            if (f == null || f.c()) {
                throw new iks("Server wants extensions, but client not!", new AlertMessage(AlertMessage.AlertLevel.FATAL, AlertMessage.AlertDescription.UNSUPPORTED_EXTENSION, illVar.getPeer()));
            }
            for (HelloExtension helloExtension : j.a()) {
                if (f.c(helloExtension.getType()) == null) {
                    throw new iks("Server wants " + helloExtension.getType() + ", but client not!", new AlertMessage(AlertMessage.AlertLevel.FATAL, AlertMessage.AlertDescription.UNSUPPORTED_EXTENSION, illVar.getPeer()));
                }
            }
        }
        SupportedPointFormatsExtension f2 = illVar.f();
        if (f2 != null && !f2.b(SupportedPointFormatsExtension.ECPointFormat.UNCOMPRESSED)) {
            throw new iks("Server wants to use only not supported EC point formats!", new AlertMessage(AlertMessage.AlertLevel.FATAL, AlertMessage.AlertDescription.ILLEGAL_PARAMETER, illVar.getPeer()));
        }
        MaxFragmentLengthExtension i = illVar.i();
        if (i != null) {
            MaxFragmentLengthExtension.Length b = i.b();
            if (b.code() != this.c.intValue()) {
                throw new iks("Server wants to use other max. fragment size than proposed", new AlertMessage(AlertMessage.AlertLevel.FATAL, AlertMessage.AlertDescription.ILLEGAL_PARAMETER, illVar.getPeer()));
            }
            this.session.e(b.length());
        }
        CertificateType h = illVar.h();
        if (b(h, this.i)) {
            this.session.b(h);
            return;
        }
        throw new iks("Server wants to use not supported server certificate type " + h, new AlertMessage(AlertMessage.AlertLevel.FATAL, AlertMessage.AlertDescription.ILLEGAL_PARAMETER, illVar.getPeer()));
    }

    protected void c(iln ilnVar) throws iks, GeneralSecurityException {
        DTLSMessage ikkVar;
        SecretKey a;
        this.flightNumber += 2;
        ikh ikhVar = new ikh(getSession(), this.flightNumber);
        a(ikhVar);
        int i = AnonymousClass2.d[getKeyExchangeAlgorithm().ordinal()];
        ilg ilgVar = null;
        if (i == 1) {
            ikkVar = new ikk(this.ecdhe.b(), this.session.w());
            a = this.ecdhe.a(this.d);
        } else if (i == 2) {
            ilg ilgVar2 = new ilg(this.sniEnabled, this.session, this.pskStore);
            this.LOGGER.debug("Using PSK identity: {}", ilgVar2.a());
            ikz ikzVar = new ikz(ilgVar2.d(), this.session.w());
            a = ilgVar2.b(null);
            ilgVar = ilgVar2;
            ikkVar = ikzVar;
        } else {
            if (i != 3) {
                throw new iks("Unknown key exchange algorithm: " + getKeyExchangeAlgorithm(), new AlertMessage(AlertMessage.AlertLevel.FATAL, AlertMessage.AlertDescription.HANDSHAKE_FAILURE, this.session.w()));
            }
            ilgVar = new ilg(this.sniEnabled, this.session, this.pskStore);
            this.LOGGER.debug("Using PSK identity: {}", ilgVar.a());
            ikkVar = new ikn(ilgVar.d(), this.ecdhe.b(), this.session.w());
            SecretKey a2 = this.ecdhe.a(this.d);
            a = ilgVar.b(a2);
            imd.e(a2);
        }
        imd.b(ilgVar);
        if (a != null) {
            generateKeys(a);
            imd.e(a);
        }
        wrapMessage(ikhVar, ikkVar);
        if (this.g != null && this.j != null) {
            CertificateType q = this.session.q();
            if (!b(q, this.h)) {
                throw new iks("Server wants to use not supported client certificate type " + q, new AlertMessage(AlertMessage.AlertLevel.FATAL, AlertMessage.AlertDescription.ILLEGAL_PARAMETER, ilnVar.getPeer()));
            }
            wrapMessage(ikhVar, new ijx(this.j, this.privateKey, this.handshakeMessages, this.session.w()));
        }
        wrapMessage(ikhVar, new ChangeCipherSpecMessage(this.session.w()));
        setCurrentWriteState();
        MessageDigest handshakeMessageDigest = getHandshakeMessageDigest();
        try {
            MessageDigest messageDigest = (MessageDigest) handshakeMessageDigest.clone();
            ikp ikpVar = new ikp(this.session.j().getThreadLocalPseudoRandomFunctionMac(), this.masterSecret, this.isClient, handshakeMessageDigest.digest(), this.session.w());
            wrapMessage(ikhVar, ikpVar);
            messageDigest.update(ikpVar.toByteArray());
            this.f = messageDigest.digest();
            sendFlight(ikhVar);
        } catch (CloneNotSupportedException unused) {
            throw new iks("Cannot create FINISHED message", new AlertMessage(AlertMessage.AlertLevel.FATAL, AlertMessage.AlertDescription.INTERNAL_ERROR, ilnVar.getPeer()));
        }
    }

    List<X509Certificate> d(CertificateRequest certificateRequest) throws iks {
        if (this.certificateChain == null) {
            return Collections.emptyList();
        }
        this.j = certificateRequest.e(this.certificateChain);
        return this.j == null ? Collections.emptyList() : this.certificateChain;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void d(ike ikeVar) {
        if (!this.sniEnabled || this.session.e() == null) {
            return;
        }
        this.LOGGER.debug("adding SNI extension to CLIENT_HELLO message [{}]", this.session.d());
        ikeVar.d(ilq.d(this.session.e()));
    }

    @Override // org.eclipse.californium.scandium.dtls.Handshaker
    public void doProcessMessage(HandshakeMessage handshakeMessage) throws iks, GeneralSecurityException {
        switch (handshakeMessage.getMessageType()) {
            case HELLO_VERIFY_REQUEST:
                a((ikx) handshakeMessage);
                return;
            case SERVER_HELLO:
                a((ill) handshakeMessage);
                return;
            case CERTIFICATE:
                a((ijy) handshakeMessage);
                return;
            case SERVER_KEY_EXCHANGE:
                int i = AnonymousClass2.d[getKeyExchangeAlgorithm().ordinal()];
                if (i == 1) {
                    a((iko) handshakeMessage);
                    return;
                }
                if (i != 2) {
                    if (i == 3) {
                        e((ikr) handshakeMessage);
                        return;
                    } else {
                        if (i != 4) {
                            throw new iks(String.format("Unsupported key exchange algorithm %s", getKeyExchangeAlgorithm().name()), new AlertMessage(AlertMessage.AlertLevel.FATAL, AlertMessage.AlertDescription.HANDSHAKE_FAILURE, handshakeMessage.getPeer()));
                        }
                        this.LOGGER.info("Received unexpected ServerKeyExchange message in NULL key exchange mode.");
                        return;
                    }
                }
                return;
            case CERTIFICATE_REQUEST:
                this.g = (CertificateRequest) handshakeMessage;
                return;
            case SERVER_HELLO_DONE:
                c((iln) handshakeMessage);
                expectChangeCipherSpecMessage();
                return;
            case FINISHED:
                a((ikp) handshakeMessage);
                return;
            default:
                throw new iks(String.format("Received unexpected handshake message [%s] from peer %s", handshakeMessage.getMessageType(), handshakeMessage.getPeer()), new AlertMessage(AlertMessage.AlertLevel.FATAL, AlertMessage.AlertDescription.UNEXPECTED_MESSAGE, handshakeMessage.getPeer()));
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void e(ike ikeVar) {
        Integer num = this.c;
        if (num != null) {
            ikeVar.d(new MaxFragmentLengthExtension(num.intValue()));
            this.LOGGER.debug("Indicating max. fragment length [{}] to server [{}]", this.c, getPeerAddress());
        }
    }

    @Override // org.eclipse.californium.scandium.dtls.Handshaker
    public void startHandshake() throws iks {
        handshakeStarted();
        ike ikeVar = new ike(this.k, this.l, this.h, this.i, this.session.w());
        this.clientRandom = ikeVar.b();
        ikeVar.b(CompressionMethod.NULL);
        a(ikeVar);
        e(ikeVar);
        d(ikeVar);
        this.flightNumber = 1;
        this.b = ikeVar;
        ikh ikhVar = new ikh(this.session, this.flightNumber);
        wrapMessage(ikhVar, ikeVar);
        sendFlight(ikhVar);
        this.states = e;
        this.statesIndex = 0;
    }
}
