package org.eclipse.californium.scandium.dtls;

import com.huawei.openalliance.ad.constant.Constants;
import java.io.IOException;
import java.net.InetSocketAddress;
import java.security.GeneralSecurityException;
import java.security.MessageDigest;
import java.security.Principal;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.cert.CertPath;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Comparator;
import java.util.Iterator;
import java.util.LinkedHashSet;
import java.util.List;
import java.util.Set;
import java.util.SortedSet;
import java.util.TreeSet;
import java.util.concurrent.TimeUnit;
import java.util.concurrent.atomic.AtomicReference;
import javax.crypto.SecretKey;
import javax.security.auth.DestroyFailedException;
import javax.security.auth.Destroyable;
import o.iit;
import o.iix;
import o.ija;
import o.iji;
import o.ijk;
import o.ijr;
import o.ijt;
import o.ijv;
import o.ijx;
import o.ike;
import o.ikf;
import o.ikg;
import o.ikq;
import o.ikv;
import o.ikw;
import o.ikx;
import o.iky;
import o.ilf;
import o.ilg;
import o.ilh;
import o.ill;
import o.iml;
import o.imm;
import o.imx;
import org.eclipse.californium.elements.auth.ExtensiblePrincipal;
import org.eclipse.californium.elements.util.ClockUtil;
import org.eclipse.californium.scandium.auth.ApplicationLevelInfoSupplier;
import org.eclipse.californium.scandium.dtls.AlertMessage;
import org.eclipse.californium.scandium.dtls.cipher.CipherSuite;
import org.eclipse.californium.scandium.dtls.cipher.ECDHECryptography;
import org.eclipse.californium.scandium.dtls.cipher.PseudoRandomFunction;
import org.eclipse.californium.scandium.dtls.pskstore.PskStore;
import org.eclipse.californium.scandium.dtls.rpkstore.TrustedRpkStore;
import org.eclipse.californium.scandium.dtls.x509.AdvancedCertificateVerifier;
import org.eclipse.californium.scandium.dtls.x509.CertificateVerifier;
import org.slf4j.Logger;

/* loaded from: classes19.dex */
public abstract class Handshaker implements Destroyable {
    private ApplicationLevelInfoSupplier applicationLevelInfoSupplier;
    private Throwable cause;
    protected List<X509Certificate> certificateChain;
    protected final CertificateVerifier certificateVerifier;
    protected ilf clientRandom;
    private iml clientWriteIV;
    private SecretKey clientWriteKey;
    private SecretKey clientWriteMACKey;
    private final ike connection;
    protected final ConnectionIdGenerator connectionIdGenerator;
    private int deferredRecordsSize;
    private boolean destroyed;
    protected ECDHECryptography ecdhe;
    private long flightSendNanos;
    private a inboundMessageBuffer;
    protected final boolean isClient;
    private boolean lastFlight;
    protected SecretKey masterSecret;
    private final int maxDeferredProcessedIncomingRecordsSize;
    private final int maxDeferredProcessedOutgoingApplicationDataMessages;
    private final int maxFragmentedHandshakeMessageLength;
    private long nanosExpireTime;
    private final long nanosExpireTimeout;
    private int nextReceiveMessageSequence;
    protected CertPath peerCertPath;
    protected PrivateKey privateKey;
    protected final PskStore pskStore;
    protected PublicKey publicKey;
    protected ilh reassembledMessage;
    private final RecordLayer recordLayer;
    protected final TrustedRpkStore rpkStore;
    private int sendMessageSequence;
    protected ilf serverRandom;
    private iml serverWriteIV;
    private SecretKey serverWriteKey;
    private SecretKey serverWriteMACKey;
    protected final ikg session;
    protected boolean sniEnabled;
    protected ikv[] states;
    protected int statesIndex;
    protected final boolean useKeyUsageVerification;
    protected boolean useStateValidation;
    protected final boolean useTruncatedCertificatePathForVerification;
    protected ilg usedProtocol;
    protected final Logger LOGGER = imx.b(getClass());
    protected int flightNumber = 0;
    private final List<iit> deferredApplicationData = new ArrayList();
    private final List<ill> deferredRecords = new ArrayList();
    private final AtomicReference<ikf> pendingFlight = new AtomicReference<>();
    protected final List<HandshakeMessage> handshakeMessages = new ArrayList();
    private final Set<SessionListener> sessionListeners = new LinkedHashSet();
    private boolean changeCipherSuiteMessageExpected = false;
    private boolean sessionEstablished = false;
    private boolean handshakeAborted = false;
    private boolean handshakeFailed = false;

    /* JADX INFO: Access modifiers changed from: package-private */
    /* renamed from: org.eclipse.californium.scandium.dtls.Handshaker$2, reason: invalid class name */
    /* loaded from: classes19.dex */
    public static /* synthetic */ class AnonymousClass2 {
        static final /* synthetic */ int[] e = new int[ContentType.values().length];

        static {
            try {
                e[ContentType.CHANGE_CIPHER_SPEC.ordinal()] = 1;
            } catch (NoSuchFieldError unused) {
            }
            try {
                e[ContentType.HANDSHAKE.ordinal()] = 2;
            } catch (NoSuchFieldError unused2) {
            }
        }
    }

    /* loaded from: classes19.dex */
    class a {
        private SortedSet<ill> b;
        private ill c;

        private a() {
            this.c = null;
            this.b = new TreeSet(new Comparator<ill>() { // from class: org.eclipse.californium.scandium.dtls.Handshaker.a.5
                @Override // java.util.Comparator
                /* renamed from: c, reason: merged with bridge method [inline-methods] */
                public int compare(ill illVar, ill illVar2) {
                    return Handshaker.compareRecords(illVar, illVar2);
                }
            });
        }

        public void a(long j) {
            ill illVar = this.c;
            if (illVar != null && illVar.h() == j) {
                this.c = null;
            }
            for (ill illVar2 : this.b) {
                if (illVar2.h() == j) {
                    this.b.remove(illVar2);
                    Handshaker.this.removeDeferredProcessedRecord(illVar2);
                }
            }
        }

        ill b() {
            ill illVar;
            if (Handshaker.this.isChangeCipherSpecMessageExpected() && (illVar = this.c) != null) {
                this.c = null;
                return illVar;
            }
            for (ill illVar2 : this.b) {
                int messageSeq = ((HandshakeMessage) illVar2.l()).getMessageSeq();
                if (messageSeq > Handshaker.this.nextReceiveMessageSequence) {
                    break;
                }
                this.b.remove(illVar2);
                Handshaker.this.removeDeferredProcessedRecord(illVar2);
                if (messageSeq == Handshaker.this.nextReceiveMessageSequence) {
                    return illVar2;
                }
            }
            return null;
        }

        ill b(ill illVar) {
            int g = illVar.g();
            int j = Handshaker.this.session.j();
            if (g != j) {
                throw new IllegalArgumentException("record epoch " + g + " doesn't match session " + j);
            }
            DTLSMessage l = illVar.l();
            int i = AnonymousClass2.e[l.getContentType().ordinal()];
            if (i == 1) {
                if (Handshaker.this.isChangeCipherSpecMessageExpected()) {
                    return illVar;
                }
                if (this.c != null) {
                    Handshaker.this.LOGGER.debug("Change Cipher Spec is received again!");
                    return null;
                }
                Handshaker.this.LOGGER.debug("Change Cipher Spec is not expected and therefore kept for later processing!");
                this.c = illVar;
                return null;
            }
            if (i != 2) {
                Handshaker.this.LOGGER.warn("Cannot process message of type [{}], discarding...", l.getContentType());
                return null;
            }
            HandshakeMessage handshakeMessage = (HandshakeMessage) l;
            int messageSeq = handshakeMessage.getMessageSeq();
            if (messageSeq == Handshaker.this.nextReceiveMessageSequence) {
                return illVar;
            }
            if (messageSeq <= Handshaker.this.nextReceiveMessageSequence) {
                Handshaker.this.LOGGER.debug("Discarding old {} message_seq [{}] < next_receive_seq [{}]", handshakeMessage.getMessageType(), Integer.valueOf(messageSeq), Integer.valueOf(Handshaker.this.nextReceiveMessageSequence));
                return null;
            }
            Handshaker.this.LOGGER.debug("Queued newer {} message from current epoch, message_seq [{}] > next_receive_seq [{}]", handshakeMessage.getMessageType(), Integer.valueOf(messageSeq), Integer.valueOf(Handshaker.this.nextReceiveMessageSequence));
            if (Handshaker.this.addDeferredProcessedRecord(illVar)) {
                this.b.add(illVar);
            }
            return null;
        }

        boolean c() {
            return this.b.isEmpty();
        }
    }

    public Handshaker(boolean z, int i, ikg ikgVar, RecordLayer recordLayer, ike ikeVar, ijv ijvVar, int i2) {
        this.sendMessageSequence = 0;
        this.nextReceiveMessageSequence = 0;
        if (ikgVar == null) {
            throw new NullPointerException("DTLS Session must not be null");
        }
        if (recordLayer == null) {
            throw new NullPointerException("Record layer must not be null");
        }
        if (ikeVar == null) {
            throw new NullPointerException("Connection must not be null");
        }
        if (ijvVar == null) {
            throw new NullPointerException("Dtls Connector Config must not be null");
        }
        if (i < 0) {
            throw new IllegalArgumentException("Initial message sequence number must not be negative");
        }
        this.isClient = z;
        this.sendMessageSequence = i;
        this.nextReceiveMessageSequence = i;
        this.session = ikgVar;
        this.recordLayer = recordLayer;
        this.connection = ikeVar;
        this.connectionIdGenerator = ijvVar.n();
        this.maxFragmentedHandshakeMessageLength = ijvVar.d().intValue();
        this.maxDeferredProcessedOutgoingApplicationDataMessages = ijvVar.a().intValue();
        this.maxDeferredProcessedIncomingRecordsSize = ijvVar.b().intValue();
        this.sniEnabled = ijvVar.f().booleanValue();
        this.useStateValidation = ijvVar.al().booleanValue();
        this.useKeyUsageVerification = ijvVar.aq().booleanValue();
        this.useTruncatedCertificatePathForVerification = ijvVar.as().booleanValue();
        this.privateKey = ijvVar.p();
        this.publicKey = ijvVar.s();
        this.certificateChain = ijvVar.m();
        this.certificateVerifier = ijvVar.r();
        this.rpkStore = ijvVar.aj();
        this.pskStore = ijvVar.t();
        this.session.a(i2);
        this.applicationLevelInfoSupplier = ijvVar.u();
        this.inboundMessageBuffer = new a();
        int intValue = ijvVar.i().intValue();
        int intValue2 = ijvVar.e().intValue();
        int i3 = intValue2 * 2;
        for (int i4 = 0; i4 < intValue; i4++) {
            intValue2 = ikf.a(intValue2);
            i3 += intValue2;
        }
        this.nanosExpireTimeout = TimeUnit.MILLISECONDS.toNanos(i3);
        addSessionListener(ikeVar.e());
    }

    /* JADX INFO: Access modifiers changed from: private */
    public boolean addDeferredProcessedRecord(ill illVar) {
        int b = illVar.b();
        int i = this.deferredRecordsSize;
        if (i + b < this.maxDeferredProcessedIncomingRecordsSize) {
            this.deferredRecordsSize = i + b;
            return true;
        }
        this.LOGGER.debug("Dropped incoming record from peer [{}], limit of {} bytes exceeded by {}+{} bytes!", illVar.j(), Integer.valueOf(this.maxDeferredProcessedIncomingRecordsSize), Integer.valueOf(this.deferredRecordsSize), Integer.valueOf(b));
        return false;
    }

    private void amendPeerPrincipal() {
        Principal x = this.session.x();
        if (x instanceof ExtensiblePrincipal) {
            this.session.d(((ExtensiblePrincipal) x).amend(getAdditionalPeerInfo(x)));
        }
    }

    private void applySendMessageSequenceNumber(HandshakeMessage handshakeMessage) {
        handshakeMessage.setMessageSeq(this.sendMessageSequence);
        this.sendMessageSequence++;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static int compareRecords(ill illVar, ill illVar2) {
        if (illVar.g() != illVar2.g()) {
            throw new IllegalArgumentException("records with different epoch! " + illVar.g() + " != " + illVar2.g());
        }
        HandshakeMessage handshakeMessage = (HandshakeMessage) illVar.l();
        HandshakeMessage handshakeMessage2 = (HandshakeMessage) illVar2.l();
        if (handshakeMessage.getMessageSeq() < handshakeMessage2.getMessageSeq()) {
            return -1;
        }
        if (handshakeMessage.getMessageSeq() > handshakeMessage2.getMessageSeq()) {
            return 1;
        }
        if (illVar.h() < illVar2.h()) {
            return -1;
        }
        return illVar.h() > illVar2.h() ? 1 : 0;
    }

    private SecretKey generateMasterSecret(SecretKey secretKey) {
        byte[] d = PseudoRandomFunction.d(this.session.f().getThreadLocalPseudoRandomFunctionMac(), secretKey, PseudoRandomFunction.Label.MASTER_SECRET_LABEL, ijk.c(this.clientRandom, this.serverRandom));
        SecretKey c = imm.c(d, "MAC");
        ijk.e(d);
        return c;
    }

    private ija getAdditionalPeerInfo(Principal principal) {
        ApplicationLevelInfoSupplier applicationLevelInfoSupplier = this.applicationLevelInfoSupplier;
        return (applicationLevelInfoSupplier == null || principal == null) ? ija.e() : applicationLevelInfoSupplier.getInfo(principal);
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void removeDeferredProcessedRecord(ill illVar) {
        int b = illVar.b();
        int i = this.deferredRecordsSize;
        if (i >= b) {
            this.deferredRecordsSize = i - b;
        } else {
            this.LOGGER.warn("deferred processed incoming records corrupted for peer [{}]! Removing {} bytes exceeds available {} bytes!", illVar.j(), Integer.valueOf(b), Integer.valueOf(this.deferredRecordsSize));
            throw new IllegalArgumentException("deferred processing of incoming records corrupted!");
        }
    }

    private void wrapHandshakeMessage(ikf ikfVar, HandshakeMessage handshakeMessage) throws GeneralSecurityException {
        applySendMessageSequenceNumber(handshakeMessage);
        int messageLength = handshakeMessage.getMessageLength();
        int q = this.session.q();
        if (this.session.i() == 0) {
            this.handshakeMessages.add(handshakeMessage);
        }
        if (messageLength <= q) {
            ikfVar.c(new ill(ContentType.HANDSHAKE, this.session.i(), this.session.l(), handshakeMessage, this.session, handshakeMessage.getMessageType() == HandshakeType.FINISHED, 0));
            return;
        }
        this.LOGGER.debug("Splitting up {} message for [{}] into multiple fragments of max {} bytes", handshakeMessage.getMessageType(), handshakeMessage.getPeer(), Integer.valueOf(q));
        byte[] fragmentToByteArray = handshakeMessage.fragmentToByteArray();
        if (fragmentToByteArray.length != messageLength) {
            throw new IllegalStateException("message length " + messageLength + " differs from message " + fragmentToByteArray.length + "!");
        }
        int messageSeq = handshakeMessage.getMessageSeq();
        int i = 0;
        while (i < messageLength) {
            int i2 = i + q > messageLength ? messageLength - i : q;
            byte[] bArr = new byte[i2];
            System.arraycopy(fragmentToByteArray, i, bArr, 0, i2);
            ikq ikqVar = new ikq(handshakeMessage.getMessageType(), messageLength, messageSeq, i, bArr, this.session.u());
            i += i2;
            ikfVar.c(new ill(ContentType.HANDSHAKE, this.session.i(), this.session.l(), ikqVar, this.session, false, 0));
        }
    }

    public void addApplicationDataForDeferredProcessing(iit iitVar) {
        if (this.deferredApplicationData.size() < this.maxDeferredProcessedOutgoingApplicationDataMessages) {
            this.deferredApplicationData.add(iitVar);
        }
    }

    public void addRecordsForDeferredProcessing(ill illVar) {
        if (addDeferredProcessedRecord(illVar)) {
            this.deferredRecords.add(illVar);
        }
    }

    public final void addSessionListener(SessionListener sessionListener) {
        if (sessionListener != null) {
            this.sessionListeners.add(sessionListener);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void calculateKeys(SecretKey secretKey) {
        if (this.destroyed) {
            throw new IllegalStateException("secrets destroyed!");
        }
        int macKeyLength = this.session.f().getMacKeyLength();
        int encKeyLength = this.session.f().getEncKeyLength();
        int fixedIvLength = this.session.f().getFixedIvLength();
        byte[] c = ijk.c(this.serverRandom, this.clientRandom);
        byte[] a2 = PseudoRandomFunction.a(this.session.f().getThreadLocalPseudoRandomFunctionMac(), secretKey, PseudoRandomFunction.Label.KEY_EXPANSION_LABEL, c, (macKeyLength + encKeyLength + fixedIvLength) * 2);
        this.clientWriteMACKey = imm.d(a2, 0, macKeyLength, "Mac");
        int i = macKeyLength + 0;
        this.serverWriteMACKey = imm.d(a2, i, macKeyLength, "Mac");
        int i2 = i + macKeyLength;
        this.clientWriteKey = imm.d(a2, i2, encKeyLength, "AES");
        int i3 = i2 + encKeyLength;
        this.serverWriteKey = imm.d(a2, i3, encKeyLength, "AES");
        int i4 = i3 + encKeyLength;
        this.clientWriteIV = imm.c(a2, i4, fixedIvLength);
        this.serverWriteIV = imm.c(a2, i4 + fixedIvLength, fixedIvLength);
        ijk.e(a2);
    }

    @Override // javax.security.auth.Destroyable
    public void destroy() throws DestroyFailedException {
        imm.d(this.masterSecret);
        this.masterSecret = null;
        imm.d(this.clientWriteKey);
        this.clientWriteKey = null;
        imm.d(this.clientWriteMACKey);
        this.clientWriteMACKey = null;
        imm.d((Destroyable) this.clientWriteIV);
        this.clientWriteIV = null;
        imm.d(this.serverWriteKey);
        this.serverWriteKey = null;
        imm.d(this.serverWriteMACKey);
        this.serverWriteMACKey = null;
        imm.d((Destroyable) this.serverWriteIV);
        this.serverWriteIV = null;
        this.destroyed = true;
    }

    protected abstract void doProcessMessage(HandshakeMessage handshakeMessage) throws ikw, GeneralSecurityException;

    /* JADX INFO: Access modifiers changed from: protected */
    public final void expectChangeCipherSpecMessage() {
        this.changeCipherSuiteMessageExpected = true;
    }

    protected void expectMessage(DTLSMessage dTLSMessage) throws ikw {
        ikv[] ikvVarArr;
        if (!this.useStateValidation || (ikvVarArr = this.states) == null) {
            return;
        }
        int i = this.statesIndex;
        if (i >= ikvVarArr.length) {
            this.LOGGER.warn("Cannot process {} message from peer [{}], no more expected!", ikv.a(dTLSMessage), getSession().u());
            throw new ikw("Cannot process " + ikv.a(dTLSMessage) + " handshake message, no more expected!", new AlertMessage(AlertMessage.AlertLevel.FATAL, AlertMessage.AlertDescription.INTERNAL_ERROR, this.session.u()));
        }
        ikv ikvVar = ikvVarArr[i];
        boolean b = ikvVar.b(dTLSMessage);
        if (!b && ikvVar.b()) {
            int i2 = this.statesIndex;
            int i3 = i2 + 1;
            ikv[] ikvVarArr2 = this.states;
            if (i3 < ikvVarArr2.length && ikvVarArr2[i2 + 1].b(dTLSMessage)) {
                this.statesIndex++;
                b = true;
            }
        }
        if (b) {
            return;
        }
        this.LOGGER.warn("Cannot process {} message from peer [{}], {} expected!", ikv.a(dTLSMessage), getSession().u(), ikvVar);
        throw new ikw("Cannot process " + ikv.a(dTLSMessage) + " handshake message, " + ikvVar + " expected!", new AlertMessage(AlertMessage.AlertLevel.FATAL, AlertMessage.AlertDescription.INTERNAL_ERROR, this.session.u()));
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public final void generateKeys(SecretKey secretKey) {
        if (!this.destroyed) {
            this.masterSecret = generateMasterSecret(secretKey);
            calculateKeys(this.masterSecret);
            this.session.d(this.masterSecret);
        } else {
            if (this.handshakeFailed) {
                throw new IllegalStateException("secrets destroyed after failure!", this.cause);
            }
            if (!this.sessionEstablished) {
                throw new IllegalStateException("secrets destroyed ???");
            }
            throw new IllegalStateException("secrets destroyed after success!");
        }
    }

    public ilf getClientRandom() {
        return this.clientRandom;
    }

    public final ike getConnection() {
        return this.connection;
    }

    public Throwable getFailureCause() {
        return this.cause;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public final MessageDigest getHandshakeMessageDigest() {
        MessageDigest threadLocalPseudoRandomFunctionMessageDigest = this.session.f().getThreadLocalPseudoRandomFunctionMessageDigest();
        int i = 0;
        for (HandshakeMessage handshakeMessage : this.handshakeMessages) {
            threadLocalPseudoRandomFunctionMessageDigest.update(handshakeMessage.toByteArray());
            this.LOGGER.trace("  [{}] - {}", Integer.valueOf(i), handshakeMessage.getMessageType());
            i++;
        }
        return threadLocalPseudoRandomFunctionMessageDigest;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public final CipherSuite.KeyExchangeAlgorithm getKeyExchangeAlgorithm() {
        return this.session.t();
    }

    final int getNextReceiveMessageSequenceNumber() {
        return this.nextReceiveMessageSequence;
    }

    public final InetSocketAddress getPeerAddress() {
        return this.session.u();
    }

    public ilf getServerRandom() {
        return this.serverRandom;
    }

    public final ikg getSession() {
        return this.session;
    }

    protected final HandshakeMessage handleFragmentation(ikq ikqVar) throws ikw {
        this.LOGGER.debug("Processing {} message fragment ...", ikqVar.getMessageType());
        if (ikqVar.getMessageLength() > this.maxFragmentedHandshakeMessageLength) {
            throw new ikw("Fragmented message length exceeded (" + ikqVar.getMessageLength() + " > " + this.maxFragmentedHandshakeMessageLength + ")!", new AlertMessage(AlertMessage.AlertLevel.FATAL, AlertMessage.AlertDescription.ILLEGAL_PARAMETER, ikqVar.getPeer()));
        }
        int messageSeq = ikqVar.getMessageSeq();
        try {
            if (this.reassembledMessage == null) {
                this.reassembledMessage = new ilh(ikqVar);
            } else {
                if (this.reassembledMessage.getMessageSeq() != messageSeq) {
                    throw new IllegalArgumentException("Current reassemble message has different seqn " + this.reassembledMessage.getMessageSeq() + " != " + messageSeq);
                }
                this.reassembledMessage.d(ikqVar);
            }
            if (!this.reassembledMessage.c()) {
                return null;
            }
            HandshakeMessage fromByteArray = HandshakeMessage.fromByteArray(this.reassembledMessage.toByteArray(), this.session.n(), this.reassembledMessage.getPeer());
            this.LOGGER.debug("Successfully re-assembled {} message", fromByteArray.getMessageType());
            this.reassembledMessage = null;
            return fromByteArray;
        } catch (IllegalArgumentException e) {
            throw new ikw(e.getMessage(), new AlertMessage(AlertMessage.AlertLevel.FATAL, AlertMessage.AlertDescription.ILLEGAL_PARAMETER, ikqVar.getPeer()));
        }
    }

    public final void handshakeAborted(Throwable th) {
        this.handshakeAborted = true;
        handshakeFailed(th);
    }

    public final void handshakeCompleted() {
        setPendingFlight(null);
        Iterator<SessionListener> it = this.sessionListeners.iterator();
        while (it.hasNext()) {
            it.next().handshakeCompleted(this);
        }
        imm.d(this);
        this.LOGGER.debug("handshake completed {}", this.connection);
    }

    public final void handshakeFailed(Throwable th) {
        if (this.cause == null) {
            this.cause = th;
        }
        if (this.handshakeFailed || this.cause != th) {
            return;
        }
        this.LOGGER.debug("handshake failed {}", this.connection, th);
        this.handshakeFailed = true;
        setPendingFlight(null);
        if (!this.sessionEstablished) {
            Iterator<SessionListener> it = this.sessionListeners.iterator();
            while (it.hasNext()) {
                it.next().handshakeFailed(this, th);
            }
            imm.d(this.session);
        }
        imm.d(this);
    }

    public final void handshakeFlightRetransmitted(int i) {
        Iterator<SessionListener> it = this.sessionListeners.iterator();
        while (it.hasNext()) {
            it.next().handshakeFlightRetransmitted(this, i);
        }
        Iterator<iit> it2 = this.deferredApplicationData.iterator();
        while (it2.hasNext()) {
            it2.next().e(i);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public final void handshakeStarted() throws ikw {
        this.LOGGER.debug("handshake started {}", this.connection);
        Iterator<SessionListener> it = this.sessionListeners.iterator();
        while (it.hasNext()) {
            it.next().handshakeStarted(this);
        }
    }

    public final boolean isChangeCipherSpecMessageExpected() {
        return this.changeCipherSuiteMessageExpected;
    }

    @Override // javax.security.auth.Destroyable
    public boolean isDestroyed() {
        return this.destroyed;
    }

    public boolean isExpired() {
        return this.pendingFlight.get() != null && this.nanosExpireTime < ClockUtil.d();
    }

    public boolean isInboundMessageProcessed() {
        return this.inboundMessageBuffer.c();
    }

    public boolean isProbing() {
        return false;
    }

    public boolean isRemovingConnection() {
        return (this.handshakeAborted || this.connection.l()) ? false : true;
    }

    public final void processMessage(ill illVar) throws ikw {
        int j = this.session.j();
        if (j != illVar.g()) {
            this.LOGGER.debug("Discarding {} message with wrong epoch received from peer [{}]:{}{}", illVar.d(), illVar.j(), ijt.e(), illVar);
            throw new IllegalArgumentException("processing record with wrong epoch! " + illVar.g() + " expected " + j);
        }
        if (illVar.o() < this.flightSendNanos) {
            this.LOGGER.info("Discarding {} message received from peer [{}] before last flight was sent:{}{}", illVar.d(), illVar.j(), ijt.e(), illVar);
            return;
        }
        try {
            ill b = this.inboundMessageBuffer.b(illVar);
            while (b != null) {
                DTLSMessage l = b.l();
                expectMessage(l);
                if (l.getContentType() == ContentType.CHANGE_CIPHER_SPEC) {
                    this.LOGGER.debug("Processing {} message from peer [{}]", l.getContentType(), l.getPeer());
                    setCurrentReadState();
                    this.statesIndex++;
                    this.LOGGER.debug("Processed {} message from peer [{}]", l.getContentType(), l.getPeer());
                } else {
                    if (l.getContentType() != ContentType.HANDSHAKE) {
                        throw new ikw(String.format("Received unexpected message [%s] from peer %s", l.getContentType(), l.getPeer()), new AlertMessage(AlertMessage.AlertLevel.FATAL, AlertMessage.AlertDescription.HANDSHAKE_FAILURE, l.getPeer()));
                    }
                    HandshakeMessage handshakeMessage = (HandshakeMessage) l;
                    if (handshakeMessage.getMessageType() == HandshakeType.FINISHED && j == 0) {
                        this.LOGGER.debug("FINISH with epoch 0 from peer [{}]!", getSession().u());
                        throw new ikw("FINISH with epoch 0!", new AlertMessage(AlertMessage.AlertLevel.FATAL, AlertMessage.AlertDescription.UNEXPECTED_MESSAGE, getSession().u()));
                    }
                    ikf ikfVar = this.pendingFlight.get();
                    if (ikfVar != null) {
                        this.LOGGER.debug("response for flight {} started", Integer.valueOf(ikfVar.e()));
                        ikfVar.k();
                    }
                    if (handshakeMessage instanceof ikq) {
                        handshakeMessage = handleFragmentation((ikq) handshakeMessage);
                    }
                    if (handshakeMessage == null) {
                        continue;
                    } else {
                        if (handshakeMessage instanceof ikx) {
                            ikx ikxVar = (ikx) handshakeMessage;
                            iky n = this.session.n();
                            if (n == null) {
                                this.LOGGER.warn("Cannot process handshake {} message from peer [{}], parameter are required!", ikxVar.getMessageType(), getSession().u());
                                throw new ikw("Cannot process " + ikxVar.getMessageType() + " handshake message, parameter are required!", new AlertMessage(AlertMessage.AlertLevel.FATAL, AlertMessage.AlertDescription.INTERNAL_ERROR, this.session.u()));
                            }
                            handshakeMessage = ikxVar.c(n);
                        }
                        if (this.lastFlight) {
                            this.LOGGER.debug("Received ({}) FINISHED message again, retransmitting last flight...", getPeerAddress());
                            ikfVar.g();
                            ikfVar.m();
                            sendFlight(ikfVar);
                        } else {
                            if (this.LOGGER.isDebugEnabled()) {
                                StringBuilder sb = new StringBuilder();
                                sb.append(String.format("Processing %s message from peer [%s], seqn: [%d]", handshakeMessage.getMessageType(), handshakeMessage.getPeer(), Integer.valueOf(handshakeMessage.getMessageSeq())));
                                if (this.LOGGER.isTraceEnabled()) {
                                    sb.append(Constants.SCHEME_PACKAGE_SEPARATION);
                                    sb.append(ijt.e());
                                    sb.append(handshakeMessage);
                                }
                                this.LOGGER.debug(sb.toString());
                            }
                            if (j == 0) {
                                this.handshakeMessages.add(handshakeMessage);
                            }
                            doProcessMessage(handshakeMessage);
                            this.LOGGER.debug("Processed {} message from peer [{}]", handshakeMessage.getMessageType(), handshakeMessage.getPeer());
                            if (!this.lastFlight) {
                                this.nextReceiveMessageSequence++;
                                this.statesIndex++;
                            }
                        }
                    }
                }
                this.session.b(j, b.h());
                this.inboundMessageBuffer.a(b.h());
                b = this.inboundMessageBuffer.b();
            }
            if (this.session.j() > j) {
                ijr d = this.connection.d();
                List<ill> takeDeferredRecords = takeDeferredRecords();
                if (this.deferredRecordsSize > 0) {
                    throw new ikw(String.format("Received unexpected message left from peer %s", illVar.j()), new AlertMessage(AlertMessage.AlertLevel.FATAL, AlertMessage.AlertDescription.HANDSHAKE_FAILURE, illVar.j()));
                }
                for (final ill illVar2 : takeDeferredRecords) {
                    if (d != null) {
                        d.execute(new Runnable() { // from class: org.eclipse.californium.scandium.dtls.Handshaker.3
                            @Override // java.lang.Runnable
                            public void run() {
                                Handshaker.this.recordLayer.processRecord(illVar2, Handshaker.this.connection);
                            }
                        });
                    } else {
                        this.recordLayer.processRecord(illVar2, this.connection);
                    }
                }
            }
        } catch (GeneralSecurityException e) {
            this.LOGGER.warn("Cannot process handshake message from peer [{}] due to [{}]", getSession().u(), e.getMessage(), e);
            throw new ikw("Cannot process handshake message", new AlertMessage(AlertMessage.AlertLevel.FATAL, AlertMessage.AlertDescription.INTERNAL_ERROR, this.session.u()));
        }
    }

    public final void removeSessionListener(SessionListener sessionListener) {
        if (sessionListener != null) {
            this.sessionListeners.remove(sessionListener);
        }
    }

    public void resetProbing() {
    }

    public void sendFlight(ikf ikfVar) {
        setPendingFlight(null);
        try {
            this.flightSendNanos = ClockUtil.d();
            this.nanosExpireTime = this.nanosExpireTimeout + this.flightSendNanos;
            this.recordLayer.sendFlight(ikfVar, this.connection);
            setPendingFlight(ikfVar);
        } catch (IOException e) {
            handshakeFailed(new Exception("handshake flight " + ikfVar.e() + " failed!", e));
        }
    }

    public void sendLastFlight(ikf ikfVar) {
        this.lastFlight = true;
        ikfVar.e(false);
        sendFlight(ikfVar);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public final void sessionEstablished() throws ikw {
        if (this.sessionEstablished) {
            return;
        }
        this.LOGGER.debug("session established {}", this.connection);
        amendPeerPrincipal();
        this.sessionEstablished = true;
        Iterator<SessionListener> it = this.sessionListeners.iterator();
        while (it.hasNext()) {
            it.next().sessionEstablished(this, getSession());
        }
    }

    protected final void setCurrentReadState() {
        this.session.d(this.isClient ? DTLSConnectionState.create(this.session.f(), this.session.g(), this.serverWriteKey, this.serverWriteIV, this.serverWriteMACKey) : DTLSConnectionState.create(this.session.f(), this.session.g(), this.clientWriteKey, this.clientWriteIV, this.clientWriteMACKey));
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public final void setCurrentWriteState() {
        this.session.e(this.isClient ? DTLSConnectionState.create(this.session.f(), this.session.g(), this.clientWriteKey, this.clientWriteIV, this.clientWriteMACKey) : DTLSConnectionState.create(this.session.f(), this.session.g(), this.serverWriteKey, this.serverWriteIV, this.serverWriteMACKey));
    }

    public void setFailureCause(Throwable th) {
        setPendingFlight(null);
        this.cause = th;
    }

    public void setPendingFlight(ikf ikfVar) {
        ikf andSet = this.pendingFlight.getAndSet(ikfVar);
        if (andSet == null || andSet == ikfVar) {
            return;
        }
        andSet.o();
    }

    public abstract void startHandshake() throws ikw;

    public List<iit> takeDeferredApplicationData() {
        ArrayList arrayList = new ArrayList(this.deferredApplicationData);
        this.deferredApplicationData.clear();
        return arrayList;
    }

    public void takeDeferredApplicationData(Handshaker handshaker) {
        this.deferredApplicationData.addAll(handshaker.takeDeferredApplicationData());
    }

    public List<ill> takeDeferredRecords() {
        ArrayList arrayList = new ArrayList(this.deferredRecords);
        this.deferredRecords.clear();
        Iterator it = arrayList.iterator();
        while (it.hasNext()) {
            removeDeferredProcessedRecord((ill) it.next());
        }
        return arrayList;
    }

    public void verifyCertificate(ijx ijxVar) throws ikw {
        CertPath b = ijxVar.b();
        if (b == null) {
            if (this.rpkStore.isTrusted(new iix(ijxVar.e()))) {
                return;
            }
            this.LOGGER.debug("Certificate validation failed: Raw public key is not trusted");
            throw new ikw("Raw public key is not trusted!", new AlertMessage(AlertMessage.AlertLevel.FATAL, AlertMessage.AlertDescription.BAD_CERTIFICATE, this.session.u()));
        }
        if (this.certificateVerifier == null) {
            this.LOGGER.debug("Certificate validation failed: x509 could not be trusted!");
            throw new ikw("Trust is not possible!", new AlertMessage(AlertMessage.AlertLevel.FATAL, AlertMessage.AlertDescription.UNEXPECTED_MESSAGE, this.session.u()));
        }
        List<? extends Certificate> certificates = b.getCertificates();
        if (certificates.isEmpty() && this.isClient) {
            this.LOGGER.debug("Certificate validation failed: empty server certificate!");
            throw new ikw("Empty server certificate!", new AlertMessage(AlertMessage.AlertLevel.FATAL, AlertMessage.AlertDescription.BAD_CERTIFICATE, this.session.u()));
        }
        if (this.certificateVerifier instanceof AdvancedCertificateVerifier) {
            this.peerCertPath = ((AdvancedCertificateVerifier) this.certificateVerifier).verifyCertificate(this.useKeyUsageVerification ? Boolean.valueOf(!this.isClient) : null, this.useTruncatedCertificatePathForVerification, ijxVar, this.session);
            return;
        }
        if (this.useKeyUsageVerification && !certificates.isEmpty()) {
            Certificate certificate = certificates.get(0);
            if ((certificate instanceof X509Certificate) && !iji.d((X509Certificate) certificate, !this.isClient)) {
                this.LOGGER.debug("Certificate validation failed: key usage doesn't match");
                throw new ikw("Key Usage doesn't match!", new AlertMessage(AlertMessage.AlertLevel.FATAL, AlertMessage.AlertDescription.BAD_CERTIFICATE, this.session.u()));
            }
        }
        this.certificateVerifier.verifyCertificate(ijxVar, this.session);
        this.peerCertPath = b;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public final void wrapMessage(ikf ikfVar, DTLSMessage dTLSMessage) throws ikw {
        try {
            int i = AnonymousClass2.e[dTLSMessage.getContentType().ordinal()];
            if (i == 1) {
                ikfVar.c(new ill(dTLSMessage.getContentType(), this.session.i(), this.session.l(), dTLSMessage, this.session, false, 0));
                return;
            }
            if (i == 2) {
                wrapHandshakeMessage(ikfVar, (HandshakeMessage) dTLSMessage);
                return;
            }
            throw new ikw("Cannot create " + dTLSMessage.getContentType() + " record for flight", new AlertMessage(AlertMessage.AlertLevel.FATAL, AlertMessage.AlertDescription.INTERNAL_ERROR, this.session.u()));
        } catch (GeneralSecurityException unused) {
            throw new ikw("Cannot create record", new AlertMessage(AlertMessage.AlertLevel.FATAL, AlertMessage.AlertDescription.INTERNAL_ERROR, this.session.u()));
        }
    }
}
