package o;

import javax.crypto.SecretKey;
import javax.security.auth.DestroyFailedException;
import javax.security.auth.Destroyable;
import org.eclipse.californium.scandium.dtls.AlertMessage;
import org.eclipse.californium.scandium.dtls.pskstore.PskStore;
import org.slf4j.Logger;

/* loaded from: classes19.dex */
public class ili implements Destroyable {
    private static final Logger c = imx.b((Class<?>) ili.class);
    private final SecretKey b;
    private final iiz d;
    private final ile e;

    public ili(boolean z, ikg ikgVar, PskStore pskStore) throws ikw {
        this(z, ikgVar, pskStore, c(z, ikgVar, pskStore));
    }

    public ili(boolean z, ikg ikgVar, PskStore pskStore, ile ileVar) throws ikw {
        if (ikgVar == null) {
            throw new NullPointerException("Dtls session must not be null");
        }
        if (pskStore == null) {
            throw new NullPointerException("psk store must not be null");
        }
        if (ileVar == null) {
            throw new NullPointerException("psk identity must not be null");
        }
        this.e = ileVar;
        String str = null;
        imi c2 = ikgVar.c();
        if (!z || c2 == null) {
            c.debug("client [{}] uses PSK identity [{}]", ikgVar.u(), ileVar);
            this.b = pskStore.getKey(ileVar);
        } else {
            str = ikgVar.a();
            c.debug("client [{}] uses PSK identity [{}] for server [{}]", ikgVar.u(), ileVar, str);
            this.b = pskStore.getKey(c2, ileVar);
        }
        if (this.b == null) {
            AlertMessage alertMessage = new AlertMessage(AlertMessage.AlertLevel.FATAL, AlertMessage.AlertDescription.UNKNOWN_PSK_IDENTITY, ikgVar.u());
            if (str == null) {
                throw new ikw(String.format("No pre-shared key found for [identity: %s]", ileVar), alertMessage);
            }
            throw new ikw(String.format("No pre-shared key found for [virtual host: %s, identity: %s]", str, ileVar), alertMessage);
        }
        if (z) {
            this.d = new iiz(str, ileVar.f());
        } else {
            this.d = new iiz(ileVar.f());
        }
        ikgVar.d(this.d);
    }

    private static ile c(boolean z, ikg ikgVar, PskStore pskStore) throws ikw {
        ile identity;
        if (ikgVar == null) {
            throw new NullPointerException("Dtls session must not be null");
        }
        if (pskStore == null) {
            throw new NullPointerException("psk store must not be null");
        }
        imi c2 = ikgVar.c();
        if (!z || c2 == null) {
            identity = pskStore.getIdentity(ikgVar.u());
            if (identity == null) {
                throw new ikw(String.format("No Identity found for peer [address: %s]", ikgVar.u()), new AlertMessage(AlertMessage.AlertLevel.FATAL, AlertMessage.AlertDescription.HANDSHAKE_FAILURE, ikgVar.u()));
            }
        } else {
            if (!ikgVar.d()) {
                c.warn("client is configured to use SNI but server does not support it, PSK authentication is likely to fail");
            }
            identity = pskStore.getIdentity(ikgVar.u(), c2);
            if (identity == null) {
                throw new ikw(String.format("No Identity found for peer [address: %s, virtual host: %s]", ikgVar.u(), ikgVar.a()), new AlertMessage(AlertMessage.AlertLevel.FATAL, AlertMessage.AlertDescription.HANDSHAKE_FAILURE, ikgVar.u()));
            }
        }
        return identity;
    }

    public ile b() {
        return this.e;
    }

    public SecretKey d(SecretKey secretKey) {
        byte[] encoded = this.b.getEncoded();
        int length = encoded.length;
        byte[] encoded2 = secretKey != null ? secretKey.getEncoded() : new byte[length];
        ijl ijlVar = new ijl(true);
        ijlVar.d(encoded2.length, 16);
        ijlVar.c(encoded2);
        ijlVar.d(length, 16);
        ijlVar.c(encoded);
        byte[] d = ijlVar.d();
        ijlVar.e();
        SecretKey c2 = imm.c(d, "MAC");
        ijk.e(encoded);
        ijk.e(encoded2);
        ijk.e(d);
        return c2;
    }

    @Override // javax.security.auth.Destroyable
    public void destroy() throws DestroyFailedException {
        imm.d(this.b);
    }

    public iiz e() {
        return this.d;
    }

    @Override // javax.security.auth.Destroyable
    public boolean isDestroyed() {
        return imm.e(this.b);
    }
}
