package o;

import java.security.GeneralSecurityException;
import java.security.MessageDigest;
import java.security.PublicKey;
import java.security.cert.X509Certificate;
import java.security.interfaces.ECPublicKey;
import java.util.Collections;
import java.util.List;
import javax.crypto.SecretKey;
import org.eclipse.californium.elements.util.NoPublicAPI;
import org.eclipse.californium.scandium.dtls.AlertMessage;
import org.eclipse.californium.scandium.dtls.CertificateRequest;
import org.eclipse.californium.scandium.dtls.CertificateType;
import org.eclipse.californium.scandium.dtls.ChangeCipherSpecMessage;
import org.eclipse.californium.scandium.dtls.CompressionMethod;
import org.eclipse.californium.scandium.dtls.ContentType;
import org.eclipse.californium.scandium.dtls.DTLSMessage;
import org.eclipse.californium.scandium.dtls.HandshakeMessage;
import org.eclipse.californium.scandium.dtls.HandshakeType;
import org.eclipse.californium.scandium.dtls.Handshaker;
import org.eclipse.californium.scandium.dtls.HelloExtension;
import org.eclipse.californium.scandium.dtls.MaxFragmentLengthExtension;
import org.eclipse.californium.scandium.dtls.RecordLayer;
import org.eclipse.californium.scandium.dtls.SignatureAndHashAlgorithm;
import org.eclipse.californium.scandium.dtls.SupportedPointFormatsExtension;
import org.eclipse.californium.scandium.dtls.cipher.CipherSuite;
import org.eclipse.californium.scandium.dtls.cipher.ECDHECryptography;

@NoPublicAPI
/* loaded from: classes19.dex */
public class ika extends Handshaker {
    protected static ikv[] d = {new ikv(HandshakeType.HELLO_VERIFY_REQUEST, true), new ikv(HandshakeType.SERVER_HELLO), new ikv(HandshakeType.CERTIFICATE), new ikv(HandshakeType.SERVER_KEY_EXCHANGE), new ikv(HandshakeType.CERTIFICATE_REQUEST, true), new ikv(HandshakeType.SERVER_HELLO_DONE), new ikv(ContentType.CHANGE_CIPHER_SPEC), new ikv(HandshakeType.FINISHED)};

    /* renamed from: o, reason: collision with root package name */
    private static ikv[] f19988o = {new ikv(HandshakeType.HELLO_VERIFY_REQUEST, true), new ikv(HandshakeType.SERVER_HELLO), new ikv(HandshakeType.SERVER_KEY_EXCHANGE, true), new ikv(HandshakeType.SERVER_HELLO_DONE), new ikv(ContentType.CHANGE_CIPHER_SPEC), new ikv(HandshakeType.FINISHED)};
    protected final Integer a;
    protected ECPublicKey b;
    protected final boolean c;
    protected ikb e;
    protected final List<CertificateType> f;
    protected final List<CertificateType> g;
    protected byte[] h;
    protected SignatureAndHashAlgorithm i;
    protected CertificateRequest j;
    private final List<CipherSuite> k;
    private PublicKey m;
    private ilg n;

    /* JADX INFO: Access modifiers changed from: package-private */
    /* renamed from: o.ika$1, reason: invalid class name */
    /* loaded from: classes19.dex */
    public static /* synthetic */ class AnonymousClass1 {
        static final /* synthetic */ int[] e;

        static {
            try {
                c[HandshakeType.HELLO_VERIFY_REQUEST.ordinal()] = 1;
            } catch (NoSuchFieldError unused) {
            }
            try {
                c[HandshakeType.SERVER_HELLO.ordinal()] = 2;
            } catch (NoSuchFieldError unused2) {
            }
            try {
                c[HandshakeType.CERTIFICATE.ordinal()] = 3;
            } catch (NoSuchFieldError unused3) {
            }
            try {
                c[HandshakeType.SERVER_KEY_EXCHANGE.ordinal()] = 4;
            } catch (NoSuchFieldError unused4) {
            }
            try {
                c[HandshakeType.CERTIFICATE_REQUEST.ordinal()] = 5;
            } catch (NoSuchFieldError unused5) {
            }
            try {
                c[HandshakeType.SERVER_HELLO_DONE.ordinal()] = 6;
            } catch (NoSuchFieldError unused6) {
            }
            try {
                c[HandshakeType.FINISHED.ordinal()] = 7;
            } catch (NoSuchFieldError unused7) {
            }
            e = new int[CipherSuite.KeyExchangeAlgorithm.values().length];
            try {
                e[CipherSuite.KeyExchangeAlgorithm.EC_DIFFIE_HELLMAN.ordinal()] = 1;
            } catch (NoSuchFieldError unused8) {
            }
            try {
                e[CipherSuite.KeyExchangeAlgorithm.PSK.ordinal()] = 2;
            } catch (NoSuchFieldError unused9) {
            }
            try {
                e[CipherSuite.KeyExchangeAlgorithm.ECDHE_PSK.ordinal()] = 3;
            } catch (NoSuchFieldError unused10) {
            }
            try {
                e[CipherSuite.KeyExchangeAlgorithm.NULL.ordinal()] = 4;
            } catch (NoSuchFieldError unused11) {
            }
        }
    }

    public ika(ikg ikgVar, RecordLayer recordLayer, ike ikeVar, ijv ijvVar, int i) {
        super(true, 0, ikgVar, recordLayer, ikeVar, ijvVar, i);
        this.n = new ilg();
        this.e = null;
        this.j = null;
        this.h = null;
        this.k = ijvVar.q();
        this.a = ijvVar.c();
        this.c = ijvVar.ap().booleanValue();
        this.f = ijvVar.aa();
        this.g = ijvVar.ac();
    }

    private void a(ikt iktVar) throws ikw, GeneralSecurityException {
        iktVar.e(this.session.f().getThreadLocalPseudoRandomFunctionMac(), this.masterSecret, false, this.h);
        sessionEstablished();
        handshakeCompleted();
    }

    private static boolean b(CertificateType certificateType, List<CertificateType> list) {
        return list != null ? list.contains(certificateType) : certificateType == CertificateType.X_509;
    }

    private void c(ikr ikrVar) throws ikw {
        ikrVar.e(this.m, this.clientRandom, this.serverRandom);
        if (this.peerCertPath != null) {
            this.session.d(new ije(this.peerCertPath));
        } else {
            this.session.d(new iix(this.m));
        }
        this.b = ikrVar.c();
        try {
            this.ecdhe = new ECDHECryptography(this.b.getParams());
        } catch (GeneralSecurityException e) {
            throw new ikw(String.format("Cannot create ephemeral keys from domain params provided by server: %s", e.getMessage()), new AlertMessage(AlertMessage.AlertLevel.FATAL, AlertMessage.AlertDescription.HANDSHAKE_FAILURE, getPeerAddress()));
        }
    }

    private void e(ijx ijxVar) throws ikw {
        verifyCertificate(ijxVar);
        this.m = ijxVar.e();
    }

    private void e(ikp ikpVar) throws ikw {
        this.b = ikpVar.c();
        try {
            this.ecdhe = new ECDHECryptography(this.b.getParams());
        } catch (GeneralSecurityException e) {
            throw new ikw(String.format("Cannot create ephemeral keys from domain params provided by server: %s", e.getMessage()), new AlertMessage(AlertMessage.AlertLevel.FATAL, AlertMessage.AlertDescription.HANDSHAKE_FAILURE, getPeerAddress()));
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void a(ikb ikbVar) {
        if (this.connectionIdGenerator != null) {
            ikbVar.b(iki.c(this.connectionIdGenerator.useConnectionId() ? getConnection().g() : ikj.e));
        }
    }

    protected void a(ikf ikfVar) throws ikw {
        ijx ijxVar;
        if (this.j != null) {
            if (CertificateType.RAW_PUBLIC_KEY == this.session.s()) {
                byte[] bArr = ijk.a;
                PublicKey e = e(this.j);
                if (e != null) {
                    bArr = e.getEncoded();
                }
                if (this.LOGGER.isDebugEnabled()) {
                    this.LOGGER.debug("sending CERTIFICATE message with client RawPublicKey [{}] to server", ijt.a(bArr));
                }
                ijxVar = new ijx(bArr, this.session.u());
            } else {
                if (CertificateType.X_509 != this.session.s()) {
                    throw new IllegalArgumentException("Certificate type " + this.session.s() + " not supported!");
                }
                ijxVar = new ijx(d(this.j), this.c ? this.j.e() : null, this.session.u());
            }
            wrapMessage(ikfVar, ijxVar);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void c(ikb ikbVar) {
        Integer num = this.a;
        if (num != null) {
            ikbVar.b(new MaxFragmentLengthExtension(num.intValue()));
            this.LOGGER.debug("Indicating max. fragment length [{}] to server [{}]", this.a, getPeerAddress());
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void c(ilq ilqVar) throws ikw {
        iku f = ilqVar.f();
        if (f != null && !f.a()) {
            iku g = this.e.g();
            if (g == null || g.a()) {
                throw new ikw("Server wants extensions, but client not!", new AlertMessage(AlertMessage.AlertLevel.FATAL, AlertMessage.AlertDescription.UNSUPPORTED_EXTENSION, ilqVar.getPeer()));
            }
            for (HelloExtension helloExtension : f.d()) {
                if (g.a(helloExtension.getType()) == null) {
                    throw new ikw("Server wants " + helloExtension.getType() + ", but client not!", new AlertMessage(AlertMessage.AlertLevel.FATAL, AlertMessage.AlertDescription.UNSUPPORTED_EXTENSION, ilqVar.getPeer()));
                }
            }
        }
        SupportedPointFormatsExtension h = ilqVar.h();
        if (h != null && !h.c(SupportedPointFormatsExtension.ECPointFormat.UNCOMPRESSED)) {
            throw new ikw("Server wants to use only not supported EC point formats!", new AlertMessage(AlertMessage.AlertLevel.FATAL, AlertMessage.AlertDescription.ILLEGAL_PARAMETER, ilqVar.getPeer()));
        }
        MaxFragmentLengthExtension j = ilqVar.j();
        if (j != null) {
            MaxFragmentLengthExtension.Length c = j.c();
            if (c.code() != this.a.intValue()) {
                throw new ikw("Server wants to use other max. fragment size than proposed", new AlertMessage(AlertMessage.AlertLevel.FATAL, AlertMessage.AlertDescription.ILLEGAL_PARAMETER, ilqVar.getPeer()));
            }
            this.session.d(c.length());
        }
        CertificateType g2 = ilqVar.g();
        if (b(g2, this.f)) {
            this.session.a(g2);
            return;
        }
        throw new ikw("Server wants to use not supported server certificate type " + g2, new AlertMessage(AlertMessage.AlertLevel.FATAL, AlertMessage.AlertDescription.ILLEGAL_PARAMETER, ilqVar.getPeer()));
    }

    List<X509Certificate> d(CertificateRequest certificateRequest) throws ikw {
        if (this.certificateChain == null) {
            return Collections.emptyList();
        }
        this.i = certificateRequest.b(this.certificateChain);
        return this.i == null ? Collections.emptyList() : this.certificateChain;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void d(ilq ilqVar) throws ikw {
        iki l;
        this.usedProtocol = ilqVar.b();
        this.serverRandom = ilqVar.c();
        this.session.b(ilqVar.e());
        CipherSuite d2 = ilqVar.d();
        if (!this.k.contains(d2)) {
            throw new ikw("Server wants to use not supported cipher suite " + d2, new AlertMessage(AlertMessage.AlertLevel.FATAL, AlertMessage.AlertDescription.ILLEGAL_PARAMETER, ilqVar.getPeer()));
        }
        this.session.d(d2);
        CompressionMethod a = ilqVar.a();
        if (a != CompressionMethod.NULL) {
            throw new ikw("Server wants to use not supported compression method " + a, new AlertMessage(AlertMessage.AlertLevel.FATAL, AlertMessage.AlertDescription.ILLEGAL_PARAMETER, ilqVar.getPeer()));
        }
        this.session.a(ilqVar.a());
        c(ilqVar);
        if (this.connectionIdGenerator != null && (l = ilqVar.l()) != null) {
            this.session.a(l.e());
        }
        this.session.b(ilqVar.i());
        this.session.d(ilqVar.k());
        this.session.k();
        if (d2.requiresServerCertificateMessage()) {
            return;
        }
        this.states = f19988o;
    }

    protected void d(ilr ilrVar) throws ikw, GeneralSecurityException {
        DTLSMessage iklVar;
        SecretKey e;
        this.flightNumber += 2;
        ikf ikfVar = new ikf(getSession(), this.flightNumber);
        a(ikfVar);
        int i = AnonymousClass1.e[getKeyExchangeAlgorithm().ordinal()];
        ili iliVar = null;
        if (i == 1) {
            iklVar = new ikl(this.ecdhe.a(), this.session.u());
            e = this.ecdhe.e(this.b);
        } else if (i == 2) {
            ili iliVar2 = new ili(this.sniEnabled, this.session, this.pskStore);
            this.LOGGER.debug("Using PSK identity: {}", iliVar2.e());
            ila ilaVar = new ila(iliVar2.b(), this.session.u());
            e = iliVar2.d(null);
            iliVar = iliVar2;
            iklVar = ilaVar;
        } else {
            if (i != 3) {
                throw new ikw("Unknown key exchange algorithm: " + getKeyExchangeAlgorithm(), new AlertMessage(AlertMessage.AlertLevel.FATAL, AlertMessage.AlertDescription.HANDSHAKE_FAILURE, this.session.u()));
            }
            iliVar = new ili(this.sniEnabled, this.session, this.pskStore);
            this.LOGGER.debug("Using PSK identity: {}", iliVar.e());
            iklVar = new iks(iliVar.b(), this.ecdhe.a(), this.session.u());
            SecretKey e2 = this.ecdhe.e(this.b);
            e = iliVar.d(e2);
            imm.d(e2);
        }
        imm.d(iliVar);
        if (e != null) {
            generateKeys(e);
            imm.d(e);
        }
        wrapMessage(ikfVar, iklVar);
        if (this.j != null && this.i != null) {
            CertificateType s = this.session.s();
            if (!b(s, this.g)) {
                throw new ikw("Server wants to use not supported client certificate type " + s, new AlertMessage(AlertMessage.AlertLevel.FATAL, AlertMessage.AlertDescription.ILLEGAL_PARAMETER, ilrVar.getPeer()));
            }
            wrapMessage(ikfVar, new ikd(this.i, this.privateKey, this.handshakeMessages, this.session.u()));
        }
        wrapMessage(ikfVar, new ChangeCipherSpecMessage(this.session.u()));
        setCurrentWriteState();
        MessageDigest handshakeMessageDigest = getHandshakeMessageDigest();
        try {
            MessageDigest messageDigest = (MessageDigest) handshakeMessageDigest.clone();
            ikt iktVar = new ikt(this.session.f().getThreadLocalPseudoRandomFunctionMac(), this.masterSecret, this.isClient, handshakeMessageDigest.digest(), this.session.u());
            wrapMessage(ikfVar, iktVar);
            messageDigest.update(iktVar.toByteArray());
            this.h = messageDigest.digest();
            sendFlight(ikfVar);
        } catch (CloneNotSupportedException unused) {
            throw new ikw("Cannot create FINISHED message", new AlertMessage(AlertMessage.AlertLevel.FATAL, AlertMessage.AlertDescription.INTERNAL_ERROR, ilrVar.getPeer()));
        }
    }

    @Override // org.eclipse.californium.scandium.dtls.Handshaker
    public void doProcessMessage(HandshakeMessage handshakeMessage) throws ikw, GeneralSecurityException {
        switch (handshakeMessage.getMessageType()) {
            case HELLO_VERIFY_REQUEST:
                e((ilb) handshakeMessage);
                return;
            case SERVER_HELLO:
                d((ilq) handshakeMessage);
                return;
            case CERTIFICATE:
                e((ijx) handshakeMessage);
                return;
            case SERVER_KEY_EXCHANGE:
                int i = AnonymousClass1.e[getKeyExchangeAlgorithm().ordinal()];
                if (i == 1) {
                    c((ikr) handshakeMessage);
                    return;
                }
                if (i != 2) {
                    if (i == 3) {
                        e((ikp) handshakeMessage);
                        return;
                    } else {
                        if (i != 4) {
                            throw new ikw(String.format("Unsupported key exchange algorithm %s", getKeyExchangeAlgorithm().name()), new AlertMessage(AlertMessage.AlertLevel.FATAL, AlertMessage.AlertDescription.HANDSHAKE_FAILURE, handshakeMessage.getPeer()));
                        }
                        this.LOGGER.info("Received unexpected ServerKeyExchange message in NULL key exchange mode.");
                        return;
                    }
                }
                return;
            case CERTIFICATE_REQUEST:
                this.j = (CertificateRequest) handshakeMessage;
                return;
            case SERVER_HELLO_DONE:
                d((ilr) handshakeMessage);
                expectChangeCipherSpecMessage();
                return;
            case FINISHED:
                a((ikt) handshakeMessage);
                return;
            default:
                throw new ikw(String.format("Received unexpected handshake message [%s] from peer %s", handshakeMessage.getMessageType(), handshakeMessage.getPeer()), new AlertMessage(AlertMessage.AlertLevel.FATAL, AlertMessage.AlertDescription.UNEXPECTED_MESSAGE, handshakeMessage.getPeer()));
        }
    }

    PublicKey e(CertificateRequest certificateRequest) throws ikw {
        if (this.publicKey == null) {
            return null;
        }
        this.i = certificateRequest.b(this.publicKey);
        if (this.i == null) {
            return null;
        }
        return this.publicKey;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void e(ikb ikbVar) {
        if (!this.sniEnabled || this.session.c() == null) {
            return;
        }
        this.LOGGER.debug("adding SNI extension to CLIENT_HELLO message [{}]", this.session.a());
        ikbVar.b(ilp.e(this.session.c()));
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void e(ilb ilbVar) throws ikw {
        this.handshakeMessages.clear();
        this.e.b(ilbVar.c());
        this.flightNumber = 3;
        ikf ikfVar = new ikf(getSession(), this.flightNumber);
        wrapMessage(ikfVar, this.e);
        sendFlight(ikfVar);
        this.statesIndex--;
    }

    @Override // org.eclipse.californium.scandium.dtls.Handshaker
    public void startHandshake() throws ikw {
        handshakeStarted();
        ikb ikbVar = new ikb(this.n, this.k, this.g, this.f, this.session.u());
        this.clientRandom = ikbVar.b();
        ikbVar.a(CompressionMethod.NULL);
        a(ikbVar);
        c(ikbVar);
        e(ikbVar);
        this.flightNumber = 1;
        this.e = ikbVar;
        ikf ikfVar = new ikf(this.session, this.flightNumber);
        wrapMessage(ikfVar, ikbVar);
        sendFlight(ikfVar);
        this.states = d;
        this.statesIndex = 0;
    }
}
