package o;

import java.security.GeneralSecurityException;
import java.security.MessageDigest;
import java.security.PublicKey;
import java.security.cert.X509Certificate;
import java.security.interfaces.ECPublicKey;
import java.util.Collections;
import java.util.List;
import javax.crypto.SecretKey;
import org.eclipse.californium.elements.util.NoPublicAPI;
import org.eclipse.californium.scandium.dtls.AlertMessage;
import org.eclipse.californium.scandium.dtls.CertificateRequest;
import org.eclipse.californium.scandium.dtls.CertificateType;
import org.eclipse.californium.scandium.dtls.ChangeCipherSpecMessage;
import org.eclipse.californium.scandium.dtls.CompressionMethod;
import org.eclipse.californium.scandium.dtls.ContentType;
import org.eclipse.californium.scandium.dtls.DTLSMessage;
import org.eclipse.californium.scandium.dtls.HandshakeMessage;
import org.eclipse.californium.scandium.dtls.HandshakeType;
import org.eclipse.californium.scandium.dtls.Handshaker;
import org.eclipse.californium.scandium.dtls.HelloExtension;
import org.eclipse.californium.scandium.dtls.MaxFragmentLengthExtension;
import org.eclipse.californium.scandium.dtls.RecordLayer;
import org.eclipse.californium.scandium.dtls.SignatureAndHashAlgorithm;
import org.eclipse.californium.scandium.dtls.SupportedPointFormatsExtension;
import org.eclipse.californium.scandium.dtls.cipher.CipherSuite;
import org.eclipse.californium.scandium.dtls.cipher.ECDHECryptography;

@NoPublicAPI
/* loaded from: classes6.dex */
public class jix extends Handshaker {
    protected static jjr[] b = {new jjr(HandshakeType.HELLO_VERIFY_REQUEST, true), new jjr(HandshakeType.SERVER_HELLO), new jjr(HandshakeType.CERTIFICATE), new jjr(HandshakeType.SERVER_KEY_EXCHANGE), new jjr(HandshakeType.CERTIFICATE_REQUEST, true), new jjr(HandshakeType.SERVER_HELLO_DONE), new jjr(ContentType.CHANGE_CIPHER_SPEC), new jjr(HandshakeType.FINISHED)};

    /* renamed from: o, reason: collision with root package name */
    private static jjr[] f19921o = {new jjr(HandshakeType.HELLO_VERIFY_REQUEST, true), new jjr(HandshakeType.SERVER_HELLO), new jjr(HandshakeType.SERVER_KEY_EXCHANGE, true), new jjr(HandshakeType.SERVER_HELLO_DONE), new jjr(ContentType.CHANGE_CIPHER_SPEC), new jjr(HandshakeType.FINISHED)};
    protected jiw a;
    protected ECPublicKey c;
    protected final Integer d;
    protected final boolean e;
    protected CertificateRequest f;
    protected byte[] g;
    protected final List<CertificateType> h;
    protected final List<CertificateType> i;
    protected SignatureAndHashAlgorithm j;
    private jjw k;
    private final List<CipherSuite> l;
    private PublicKey m;

    /* JADX INFO: Access modifiers changed from: package-private */
    /* renamed from: o.jix$3, reason: invalid class name */
    /* loaded from: classes6.dex */
    public static /* synthetic */ class AnonymousClass3 {
        static final /* synthetic */ int[] b;

        static {
            try {
                e[HandshakeType.HELLO_VERIFY_REQUEST.ordinal()] = 1;
            } catch (NoSuchFieldError unused) {
            }
            try {
                e[HandshakeType.SERVER_HELLO.ordinal()] = 2;
            } catch (NoSuchFieldError unused2) {
            }
            try {
                e[HandshakeType.CERTIFICATE.ordinal()] = 3;
            } catch (NoSuchFieldError unused3) {
            }
            try {
                e[HandshakeType.SERVER_KEY_EXCHANGE.ordinal()] = 4;
            } catch (NoSuchFieldError unused4) {
            }
            try {
                e[HandshakeType.CERTIFICATE_REQUEST.ordinal()] = 5;
            } catch (NoSuchFieldError unused5) {
            }
            try {
                e[HandshakeType.SERVER_HELLO_DONE.ordinal()] = 6;
            } catch (NoSuchFieldError unused6) {
            }
            try {
                e[HandshakeType.FINISHED.ordinal()] = 7;
            } catch (NoSuchFieldError unused7) {
            }
            b = new int[CipherSuite.KeyExchangeAlgorithm.values().length];
            try {
                b[CipherSuite.KeyExchangeAlgorithm.EC_DIFFIE_HELLMAN.ordinal()] = 1;
            } catch (NoSuchFieldError unused8) {
            }
            try {
                b[CipherSuite.KeyExchangeAlgorithm.PSK.ordinal()] = 2;
            } catch (NoSuchFieldError unused9) {
            }
            try {
                b[CipherSuite.KeyExchangeAlgorithm.ECDHE_PSK.ordinal()] = 3;
            } catch (NoSuchFieldError unused10) {
            }
            try {
                b[CipherSuite.KeyExchangeAlgorithm.NULL.ordinal()] = 4;
            } catch (NoSuchFieldError unused11) {
            }
        }
    }

    public jix(jje jjeVar, RecordLayer recordLayer, jiv jivVar, jip jipVar, int i) {
        super(true, 0, jjeVar, recordLayer, jivVar, jipVar, i);
        this.k = new jjw();
        this.a = null;
        this.f = null;
        this.g = null;
        this.l = jipVar.s();
        this.d = jipVar.e();
        this.e = jipVar.ao().booleanValue();
        this.i = jipVar.ab();
        this.h = jipVar.ad();
    }

    private static boolean a(CertificateType certificateType, List<CertificateType> list) {
        return list != null ? list.contains(certificateType) : certificateType == CertificateType.X_509;
    }

    private void b(jis jisVar) throws jjm {
        verifyCertificate(jisVar);
        this.m = jisVar.b();
    }

    private void b(jjh jjhVar) throws jjm {
        jjhVar.e(this.m, this.clientRandom, this.serverRandom);
        if (this.peerCertPath != null) {
            this.session.d(new jhr(this.peerCertPath));
        } else {
            this.session.d(new jhu(this.m));
        }
        this.c = jjhVar.b();
        try {
            this.ecdhe = new ECDHECryptography(this.c.getParams());
        } catch (GeneralSecurityException e) {
            throw new jjm(String.format("Cannot create ephemeral keys from domain params provided by server: %s", e.getMessage()), new AlertMessage(AlertMessage.AlertLevel.FATAL, AlertMessage.AlertDescription.HANDSHAKE_FAILURE, getPeerAddress()));
        }
    }

    private void c(jjk jjkVar) throws jjm {
        this.c = jjkVar.b();
        try {
            this.ecdhe = new ECDHECryptography(this.c.getParams());
        } catch (GeneralSecurityException e) {
            throw new jjm(String.format("Cannot create ephemeral keys from domain params provided by server: %s", e.getMessage()), new AlertMessage(AlertMessage.AlertLevel.FATAL, AlertMessage.AlertDescription.HANDSHAKE_FAILURE, getPeerAddress()));
        }
    }

    private void c(jjo jjoVar) throws jjm, GeneralSecurityException {
        jjoVar.b(this.session.g().getThreadLocalPseudoRandomFunctionMac(), this.masterSecret, false, this.g);
        sessionEstablished();
        handshakeCompleted();
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void a(jiw jiwVar) {
        if (this.connectionIdGenerator != null) {
            jiwVar.e(jiy.d(this.connectionIdGenerator.useConnectionId() ? getConnection().i() : jiz.a));
        }
    }

    protected void a(jke jkeVar) throws jjm, GeneralSecurityException {
        DTLSMessage jjiVar;
        SecretKey d;
        this.flightNumber += 2;
        jjc jjcVar = new jjc(getSession(), this.flightNumber);
        d(jjcVar);
        int i = AnonymousClass3.b[getKeyExchangeAlgorithm().ordinal()];
        jkb jkbVar = null;
        if (i == 1) {
            jjiVar = new jji(this.ecdhe.e(), this.session.y());
            d = this.ecdhe.d(this.c);
        } else if (i == 2) {
            jkb jkbVar2 = new jkb(this.sniEnabled, this.session, this.pskStore);
            this.LOGGER.debug("Using PSK identity: {}", jkbVar2.b());
            jjx jjxVar = new jjx(jkbVar2.a(), this.session.y());
            d = jkbVar2.a(null);
            jkbVar = jkbVar2;
            jjiVar = jjxVar;
        } else {
            if (i != 3) {
                throw new jjm("Unknown key exchange algorithm: " + getKeyExchangeAlgorithm(), new AlertMessage(AlertMessage.AlertLevel.FATAL, AlertMessage.AlertDescription.HANDSHAKE_FAILURE, this.session.y()));
            }
            jkbVar = new jkb(this.sniEnabled, this.session, this.pskStore);
            this.LOGGER.debug("Using PSK identity: {}", jkbVar.b());
            jjiVar = new jjf(jkbVar.a(), this.ecdhe.e(), this.session.y());
            SecretKey d2 = this.ecdhe.d(this.c);
            d = jkbVar.a(d2);
            jky.b(d2);
        }
        jky.e(jkbVar);
        if (d != null) {
            generateKeys(d);
            jky.b(d);
        }
        wrapMessage(jjcVar, jjiVar);
        if (this.f != null && this.j != null) {
            CertificateType q = this.session.q();
            if (!a(q, this.h)) {
                throw new jjm("Server wants to use not supported client certificate type " + q, new AlertMessage(AlertMessage.AlertLevel.FATAL, AlertMessage.AlertDescription.ILLEGAL_PARAMETER, jkeVar.getPeer()));
            }
            wrapMessage(jjcVar, new jir(this.j, this.privateKey, this.handshakeMessages, this.session.y()));
        }
        wrapMessage(jjcVar, new ChangeCipherSpecMessage(this.session.y()));
        setCurrentWriteState();
        MessageDigest handshakeMessageDigest = getHandshakeMessageDigest();
        try {
            MessageDigest messageDigest = (MessageDigest) handshakeMessageDigest.clone();
            jjo jjoVar = new jjo(this.session.g().getThreadLocalPseudoRandomFunctionMac(), this.masterSecret, this.isClient, handshakeMessageDigest.digest(), this.session.y());
            wrapMessage(jjcVar, jjoVar);
            messageDigest.update(jjoVar.toByteArray());
            this.g = messageDigest.digest();
            sendFlight(jjcVar);
        } catch (CloneNotSupportedException unused) {
            throw new jjm("Cannot create FINISHED message", new AlertMessage(AlertMessage.AlertLevel.FATAL, AlertMessage.AlertDescription.INTERNAL_ERROR, jkeVar.getPeer()));
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void a(jkh jkhVar) throws jjm {
        jiy k;
        this.usedProtocol = jkhVar.a();
        this.serverRandom = jkhVar.b();
        this.session.d(jkhVar.e());
        CipherSuite c = jkhVar.c();
        if (!this.l.contains(c)) {
            throw new jjm("Server wants to use not supported cipher suite " + c, new AlertMessage(AlertMessage.AlertLevel.FATAL, AlertMessage.AlertDescription.ILLEGAL_PARAMETER, jkhVar.getPeer()));
        }
        this.session.b(c);
        CompressionMethod d = jkhVar.d();
        if (d != CompressionMethod.NULL) {
            throw new jjm("Server wants to use not supported compression method " + d, new AlertMessage(AlertMessage.AlertLevel.FATAL, AlertMessage.AlertDescription.ILLEGAL_PARAMETER, jkhVar.getPeer()));
        }
        this.session.e(jkhVar.d());
        b(jkhVar);
        if (this.connectionIdGenerator != null && (k = jkhVar.k()) != null) {
            this.session.c(k.b());
        }
        this.session.e(jkhVar.h());
        this.session.b(jkhVar.o());
        this.session.l();
        if (c.requiresServerCertificateMessage()) {
            return;
        }
        this.states = f19921o;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void b(jiw jiwVar) {
        if (!this.sniEnabled || this.session.a() == null) {
            return;
        }
        this.LOGGER.debug("adding SNI extension to CLIENT_HELLO message [{}]", this.session.c());
        jiwVar.e(jkj.c(this.session.a()));
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void b(jjq jjqVar) throws jjm {
        this.handshakeMessages.clear();
        this.a.d(jjqVar.c());
        this.flightNumber = 3;
        jjc jjcVar = new jjc(getSession(), this.flightNumber);
        wrapMessage(jjcVar, this.a);
        sendFlight(jjcVar);
        this.statesIndex--;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void b(jkh jkhVar) throws jjm {
        jjp j = jkhVar.j();
        if (j != null && !j.c()) {
            jjp j2 = this.a.j();
            if (j2 == null || j2.c()) {
                throw new jjm("Server wants extensions, but client not!", new AlertMessage(AlertMessage.AlertLevel.FATAL, AlertMessage.AlertDescription.UNSUPPORTED_EXTENSION, jkhVar.getPeer()));
            }
            for (HelloExtension helloExtension : j.b()) {
                if (j2.c(helloExtension.getType()) == null) {
                    throw new jjm("Server wants " + helloExtension.getType() + ", but client not!", new AlertMessage(AlertMessage.AlertLevel.FATAL, AlertMessage.AlertDescription.UNSUPPORTED_EXTENSION, jkhVar.getPeer()));
                }
            }
        }
        SupportedPointFormatsExtension f = jkhVar.f();
        if (f != null && !f.d(SupportedPointFormatsExtension.ECPointFormat.UNCOMPRESSED)) {
            throw new jjm("Server wants to use only not supported EC point formats!", new AlertMessage(AlertMessage.AlertLevel.FATAL, AlertMessage.AlertDescription.ILLEGAL_PARAMETER, jkhVar.getPeer()));
        }
        MaxFragmentLengthExtension g = jkhVar.g();
        if (g != null) {
            MaxFragmentLengthExtension.Length d = g.d();
            if (d.code() != this.d.intValue()) {
                throw new jjm("Server wants to use other max. fragment size than proposed", new AlertMessage(AlertMessage.AlertLevel.FATAL, AlertMessage.AlertDescription.ILLEGAL_PARAMETER, jkhVar.getPeer()));
            }
            this.session.b(d.length());
        }
        CertificateType i = jkhVar.i();
        if (a(i, this.i)) {
            this.session.d(i);
            return;
        }
        throw new jjm("Server wants to use not supported server certificate type " + i, new AlertMessage(AlertMessage.AlertLevel.FATAL, AlertMessage.AlertDescription.ILLEGAL_PARAMETER, jkhVar.getPeer()));
    }

    PublicKey c(CertificateRequest certificateRequest) throws jjm {
        if (this.publicKey == null) {
            return null;
        }
        this.j = certificateRequest.e(this.publicKey);
        if (this.j == null) {
            return null;
        }
        return this.publicKey;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void c(jiw jiwVar) {
        Integer num = this.d;
        if (num != null) {
            jiwVar.e(new MaxFragmentLengthExtension(num.intValue()));
            this.LOGGER.debug("Indicating max. fragment length [{}] to server [{}]", this.d, getPeerAddress());
        }
    }

    protected void d(jjc jjcVar) throws jjm {
        jis jisVar;
        if (this.f != null) {
            if (CertificateType.RAW_PUBLIC_KEY == this.session.q()) {
                byte[] bArr = jib.d;
                PublicKey c = c(this.f);
                if (c != null) {
                    bArr = c.getEncoded();
                }
                if (this.LOGGER.isDebugEnabled()) {
                    this.LOGGER.debug("sending CERTIFICATE message with client RawPublicKey [{}] to server", jim.d(bArr));
                }
                jisVar = new jis(bArr, this.session.y());
            } else {
                if (CertificateType.X_509 != this.session.q()) {
                    throw new IllegalArgumentException("Certificate type " + this.session.q() + " not supported!");
                }
                jisVar = new jis(e(this.f), this.e ? this.f.d() : null, this.session.y());
            }
            wrapMessage(jjcVar, jisVar);
        }
    }

    @Override // org.eclipse.californium.scandium.dtls.Handshaker
    public void doProcessMessage(HandshakeMessage handshakeMessage) throws jjm, GeneralSecurityException {
        switch (handshakeMessage.getMessageType()) {
            case HELLO_VERIFY_REQUEST:
                b((jjq) handshakeMessage);
                return;
            case SERVER_HELLO:
                a((jkh) handshakeMessage);
                return;
            case CERTIFICATE:
                b((jis) handshakeMessage);
                return;
            case SERVER_KEY_EXCHANGE:
                int i = AnonymousClass3.b[getKeyExchangeAlgorithm().ordinal()];
                if (i == 1) {
                    b((jjh) handshakeMessage);
                    return;
                }
                if (i != 2) {
                    if (i == 3) {
                        c((jjk) handshakeMessage);
                        return;
                    } else {
                        if (i != 4) {
                            throw new jjm(String.format("Unsupported key exchange algorithm %s", getKeyExchangeAlgorithm().name()), new AlertMessage(AlertMessage.AlertLevel.FATAL, AlertMessage.AlertDescription.HANDSHAKE_FAILURE, handshakeMessage.getPeer()));
                        }
                        this.LOGGER.info("Received unexpected ServerKeyExchange message in NULL key exchange mode.");
                        return;
                    }
                }
                return;
            case CERTIFICATE_REQUEST:
                this.f = (CertificateRequest) handshakeMessage;
                return;
            case SERVER_HELLO_DONE:
                a((jke) handshakeMessage);
                expectChangeCipherSpecMessage();
                return;
            case FINISHED:
                c((jjo) handshakeMessage);
                return;
            default:
                throw new jjm(String.format("Received unexpected handshake message [%s] from peer %s", handshakeMessage.getMessageType(), handshakeMessage.getPeer()), new AlertMessage(AlertMessage.AlertLevel.FATAL, AlertMessage.AlertDescription.UNEXPECTED_MESSAGE, handshakeMessage.getPeer()));
        }
    }

    List<X509Certificate> e(CertificateRequest certificateRequest) throws jjm {
        if (this.certificateChain == null) {
            return Collections.emptyList();
        }
        this.j = certificateRequest.e(this.certificateChain);
        return this.j == null ? Collections.emptyList() : this.certificateChain;
    }

    @Override // org.eclipse.californium.scandium.dtls.Handshaker
    public void startHandshake() throws jjm {
        handshakeStarted();
        jiw jiwVar = new jiw(this.k, this.l, this.h, this.i, this.session.y());
        this.clientRandom = jiwVar.c();
        jiwVar.e(CompressionMethod.NULL);
        a(jiwVar);
        c(jiwVar);
        b(jiwVar);
        this.flightNumber = 1;
        this.a = jiwVar;
        jjc jjcVar = new jjc(this.session, this.flightNumber);
        wrapMessage(jjcVar, jiwVar);
        sendFlight(jjcVar);
        this.states = b;
        this.statesIndex = 0;
    }
}
