package o;

import javax.crypto.SecretKey;
import javax.security.auth.DestroyFailedException;
import javax.security.auth.Destroyable;
import org.eclipse.californium.scandium.dtls.AlertMessage;
import org.eclipse.californium.scandium.dtls.pskstore.PskStore;
import org.slf4j.Logger;

/* loaded from: classes19.dex */
public class ilg implements Destroyable {
    private static final Logger b = imy.b((Class<?>) ilg.class);
    private final ilb c;
    private final iiw d;
    private final SecretKey e;

    public ilg(boolean z, ikj ikjVar, PskStore pskStore) throws iks {
        this(z, ikjVar, pskStore, d(z, ikjVar, pskStore));
    }

    public ilg(boolean z, ikj ikjVar, PskStore pskStore, ilb ilbVar) throws iks {
        if (ikjVar == null) {
            throw new NullPointerException("Dtls session must not be null");
        }
        if (pskStore == null) {
            throw new NullPointerException("psk store must not be null");
        }
        if (ilbVar == null) {
            throw new NullPointerException("psk identity must not be null");
        }
        this.c = ilbVar;
        String str = null;
        iml e = ikjVar.e();
        if (!z || e == null) {
            b.debug("client [{}] uses PSK identity [{}]", ikjVar.w(), ilbVar);
            this.e = pskStore.getKey(ilbVar);
        } else {
            str = ikjVar.d();
            b.debug("client [{}] uses PSK identity [{}] for server [{}]", ikjVar.w(), ilbVar, str);
            this.e = pskStore.getKey(e, ilbVar);
        }
        if (this.e == null) {
            AlertMessage alertMessage = new AlertMessage(AlertMessage.AlertLevel.FATAL, AlertMessage.AlertDescription.UNKNOWN_PSK_IDENTITY, ikjVar.w());
            if (str == null) {
                throw new iks(String.format("No pre-shared key found for [identity: %s]", ilbVar), alertMessage);
            }
            throw new iks(String.format("No pre-shared key found for [virtual host: %s, identity: %s]", str, ilbVar), alertMessage);
        }
        if (z) {
            this.d = new iiw(str, ilbVar.i());
        } else {
            this.d = new iiw(ilbVar.i());
        }
        ikjVar.a(this.d);
    }

    private static ilb d(boolean z, ikj ikjVar, PskStore pskStore) throws iks {
        ilb identity;
        if (ikjVar == null) {
            throw new NullPointerException("Dtls session must not be null");
        }
        if (pskStore == null) {
            throw new NullPointerException("psk store must not be null");
        }
        iml e = ikjVar.e();
        if (!z || e == null) {
            identity = pskStore.getIdentity(ikjVar.w());
            if (identity == null) {
                throw new iks(String.format("No Identity found for peer [address: %s]", ikjVar.w()), new AlertMessage(AlertMessage.AlertLevel.FATAL, AlertMessage.AlertDescription.HANDSHAKE_FAILURE, ikjVar.w()));
            }
        } else {
            if (!ikjVar.c()) {
                b.warn("client is configured to use SNI but server does not support it, PSK authentication is likely to fail");
            }
            identity = pskStore.getIdentity(ikjVar.w(), e);
            if (identity == null) {
                throw new iks(String.format("No Identity found for peer [address: %s, virtual host: %s]", ikjVar.w(), ikjVar.d()), new AlertMessage(AlertMessage.AlertLevel.FATAL, AlertMessage.AlertDescription.HANDSHAKE_FAILURE, ikjVar.w()));
            }
        }
        return identity;
    }

    public iiw a() {
        return this.d;
    }

    public SecretKey b(SecretKey secretKey) {
        byte[] encoded = this.e.getEncoded();
        int length = encoded.length;
        byte[] encoded2 = secretKey != null ? secretKey.getEncoded() : new byte[length];
        ijk ijkVar = new ijk(true);
        ijkVar.d(encoded2.length, 16);
        ijkVar.c(encoded2);
        ijkVar.d(length, 16);
        ijkVar.c(encoded);
        byte[] c = ijkVar.c();
        ijkVar.a();
        SecretKey b2 = imd.b(c, "MAC");
        ijg.c(encoded);
        ijg.c(encoded2);
        ijg.c(c);
        return b2;
    }

    public ilb d() {
        return this.c;
    }

    @Override // javax.security.auth.Destroyable
    public void destroy() throws DestroyFailedException {
        imd.e(this.e);
    }

    @Override // javax.security.auth.Destroyable
    public boolean isDestroyed() {
        return imd.d(this.e);
    }
}
