package org.eclipse.californium.scandium.config;

import java.net.InetSocketAddress;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Arrays;
import org.eclipse.californium.scandium.dtls.ServerNameResolver;
import org.eclipse.californium.scandium.dtls.cipher.CipherSuite;
import org.eclipse.californium.scandium.dtls.pskstore.PskStore;

/* loaded from: classes4.dex */
public final class DtlsConnectorConfig {
    public static final int DEFAULT_MAX_CONNECTIONS = 150000;
    public static final long DEFAULT_STALE_CONNECTION_TRESHOLD = 1800;
    private static final String EC_ALGORITHM_NAME = "EC";
    private InetSocketAddress address;
    private X509Certificate[] certChain;
    private boolean clientAuthenticationRequired;
    private boolean enableReuseAddress;
    private int maxConnections;
    private Integer maxFragmentLengthCode;
    private int maxRetransmissions;
    private int outboundMessageBufferSize;
    private PrivateKey privateKey;
    private PskStore pskStore;
    private PublicKey publicKey;
    private int retransmissionTimeout;
    private boolean sendRawKey;
    private ServerNameResolver serverNameResolver;
    private long staleConnectionThreshold;
    private CipherSuite[] supportedCipherSuites;
    private X509Certificate[] trustStore;

    /* loaded from: classes4.dex */
    public static final class Builder {
        private boolean clientOnly;
        private DtlsConnectorConfig config;

        public Builder(InetSocketAddress inetSocketAddress) {
            if (inetSocketAddress.isUnresolved()) {
                throw new IllegalArgumentException("Bind address must not be unresolved");
            }
            this.config = new DtlsConnectorConfig();
            this.config.address = inetSocketAddress;
        }

        private void determineCipherSuitesFromConfig() {
            ArrayList arrayList = new ArrayList();
            if (isConfiguredWithKeyPair()) {
                arrayList.add(CipherSuite.TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8);
                arrayList.add(CipherSuite.TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256);
            }
            if (this.config.pskStore != null) {
                arrayList.add(CipherSuite.TLS_PSK_WITH_AES_128_CCM_8);
                arrayList.add(CipherSuite.TLS_PSK_WITH_AES_128_CBC_SHA256);
            }
            this.config.supportedCipherSuites = (CipherSuite[]) arrayList.toArray(new CipherSuite[0]);
        }

        private boolean isConfiguredWithKeyPair() {
            return (this.config.privateKey == null || this.config.publicKey == null) ? false : true;
        }

        private static X509Certificate[] toX509Certificates(Certificate[] certificateArr) {
            ArrayList arrayList = new ArrayList(certificateArr.length);
            for (Certificate certificate : certificateArr) {
                if (!X509Certificate.class.isInstance(certificate)) {
                    throw new IllegalArgumentException("can only process X.509 certificates");
                }
                arrayList.add((X509Certificate) certificate);
            }
            return (X509Certificate[]) arrayList.toArray(new X509Certificate[certificateArr.length]);
        }

        private void verifyEcBasedCipherConfig() {
            if (this.clientOnly) {
                return;
            }
            if (this.config.getPrivateKey() == null || this.config.getPublicKey() == null) {
                throw new IllegalStateException("Identity must be set");
            }
            if (!DtlsConnectorConfig.EC_ALGORITHM_NAME.equals(this.config.privateKey.getAlgorithm()) || !DtlsConnectorConfig.EC_ALGORITHM_NAME.equals(this.config.getPublicKey().getAlgorithm())) {
                throw new IllegalStateException("Keys must be ECDSA capable when support for an ECDHE_ECDSA based cipher suite is configured");
            }
        }

        private void verifyPskBasedCipherConfig() {
            if (this.config.pskStore == null) {
                throw new IllegalStateException("PSK store must be set when support for " + CipherSuite.TLS_PSK_WITH_AES_128_CCM_8.name() + " is configured");
            }
        }

        public DtlsConnectorConfig build() {
            if (this.config.getSupportedCipherSuites().length == 0) {
                determineCipherSuitesFromConfig();
            }
            if (this.config.getSupportedCipherSuites().length == 0) {
                throw new IllegalStateException("Supported cipher suites must be set either explicitly or implicitly by means of setting the identity or PSK store");
            }
            int length = this.config.getSupportedCipherSuites().length;
            for (int i = 0; i < length; i++) {
                switch (r1[i]) {
                    case TLS_PSK_WITH_AES_128_CCM_8:
                    case TLS_PSK_WITH_AES_128_CBC_SHA256:
                        verifyPskBasedCipherConfig();
                        break;
                    case TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8:
                    case TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256:
                        verifyEcBasedCipherConfig();
                        break;
                }
            }
            return this.config;
        }

        public Builder setClientAuthenticationRequired(boolean z) {
            this.config.clientAuthenticationRequired = z;
            return this;
        }

        public Builder setClientOnly() {
            this.clientOnly = true;
            return this;
        }

        public Builder setEnableAddressReuse(boolean z) {
            this.config.enableReuseAddress = z;
            return this;
        }

        public Builder setIdentity(PrivateKey privateKey, PublicKey publicKey) {
            if (privateKey == null) {
                throw new NullPointerException("The private key must not be null");
            }
            if (publicKey == null) {
                throw new NullPointerException("The public key must not be null");
            }
            this.config.privateKey = privateKey;
            this.config.publicKey = publicKey;
            this.config.certChain = null;
            this.config.sendRawKey = true;
            return this;
        }

        public Builder setIdentity(PrivateKey privateKey, Certificate[] certificateArr, boolean z) {
            if (privateKey == null) {
                throw new NullPointerException("The private key must not be null");
            }
            if (certificateArr == null || certificateArr.length < 1) {
                throw new NullPointerException("The certificate chain must not be null or empty");
            }
            this.config.privateKey = privateKey;
            this.config.certChain = toX509Certificates(certificateArr);
            this.config.publicKey = this.config.certChain[0].getPublicKey();
            this.config.sendRawKey = z;
            return this;
        }

        public Builder setMaxConnections(int i) {
            if (i < 1) {
                throw new IllegalArgumentException("Max connections must be at least 1");
            }
            this.config.maxConnections = i;
            return this;
        }

        public Builder setMaxFragmentLengthCode(Integer num) {
            if (num != null && (num.intValue() < 1 || num.intValue() > 4)) {
                throw new IllegalArgumentException("Maximum fragment length code must be one of {1, 2, 3, 4}");
            }
            this.config.maxFragmentLengthCode = num;
            return this;
        }

        public Builder setMaxRetransmissions(int i) {
            if (i < 1) {
                throw new IllegalArgumentException("Maximum number of retransmissions must be greater than zero");
            }
            this.config.maxRetransmissions = i;
            return this;
        }

        public Builder setOutboundMessageBufferSize(int i) {
            if (i < 1) {
                throw new IllegalArgumentException("Outbound message buffer size must be at least 1");
            }
            this.config.outboundMessageBufferSize = i;
            return this;
        }

        public Builder setPskStore(PskStore pskStore) {
            this.config.pskStore = pskStore;
            return this;
        }

        public Builder setRetransmissionTimeout(int i) {
            if (i < 0) {
                throw new IllegalArgumentException("Retransmission timeout must not be negative");
            }
            this.config.retransmissionTimeout = i;
            return this;
        }

        public Builder setServerNameResolver(ServerNameResolver serverNameResolver) {
            this.config.serverNameResolver = serverNameResolver;
            return this;
        }

        public Builder setStaleConnectionThreshold(long j) {
            if (j < 1) {
                throw new IllegalArgumentException("Threshold must be at least 1 second");
            }
            this.config.staleConnectionThreshold = j;
            return this;
        }

        public Builder setSupportedCipherSuites(String[] strArr) {
            CipherSuite[] cipherSuiteArr = new CipherSuite[strArr.length];
            for (int i = 0; i < strArr.length; i++) {
                if (CipherSuite.TLS_NULL_WITH_NULL_NULL.name().equals(strArr[i])) {
                    throw new IllegalArgumentException("NULL Cipher Suite is not supported by connector");
                }
                CipherSuite typeByName = CipherSuite.getTypeByName(strArr[i]);
                if (typeByName == null) {
                    throw new IllegalArgumentException(String.format("Cipher suite [%s] is not (yet) supported", strArr[i]));
                }
                cipherSuiteArr[i] = typeByName;
            }
            this.config.supportedCipherSuites = cipherSuiteArr;
            return this;
        }

        public Builder setSupportedCipherSuites(CipherSuite[] cipherSuiteArr) {
            if (cipherSuiteArr == null || cipherSuiteArr.length == 0) {
                throw new IllegalArgumentException("Connector must support at least one cipher suite");
            }
            for (CipherSuite cipherSuite : cipherSuiteArr) {
                if (CipherSuite.TLS_NULL_WITH_NULL_NULL.equals(cipherSuite)) {
                    throw new IllegalArgumentException("NULL Cipher Suite is not supported by connector");
                }
            }
            this.config.supportedCipherSuites = (CipherSuite[]) Arrays.copyOf(cipherSuiteArr, cipherSuiteArr.length);
            return this;
        }

        public Builder setTrustStore(Certificate[] certificateArr) {
            if (certificateArr == null) {
                throw new NullPointerException("Trust store must not be null");
            }
            this.config.trustStore = toX509Certificates(certificateArr);
            return this;
        }
    }

    private DtlsConnectorConfig() {
        this.trustStore = new X509Certificate[0];
        this.maxFragmentLengthCode = null;
        this.retransmissionTimeout = 1000;
        this.maxRetransmissions = 4;
        this.clientAuthenticationRequired = true;
        this.sendRawKey = true;
        this.pskStore = null;
        this.privateKey = null;
        this.publicKey = null;
        this.outboundMessageBufferSize = 100000;
        this.maxConnections = 150000;
        this.staleConnectionThreshold = 1800L;
    }

    public InetSocketAddress getAddress() {
        return this.address;
    }

    public X509Certificate[] getCertificateChain() {
        if (this.certChain == null) {
            return null;
        }
        return (X509Certificate[]) Arrays.copyOf(this.certChain, this.certChain.length);
    }

    public int getMaxConnections() {
        return this.maxConnections;
    }

    public Integer getMaxFragmentLengthCode() {
        return this.maxFragmentLengthCode;
    }

    public int getMaxRetransmissions() {
        return this.maxRetransmissions;
    }

    public int getOutboundMessageBufferSize() {
        return this.outboundMessageBufferSize;
    }

    public PrivateKey getPrivateKey() {
        return this.privateKey;
    }

    public PskStore getPskStore() {
        return this.pskStore;
    }

    public PublicKey getPublicKey() {
        return this.publicKey;
    }

    public int getRetransmissionTimeout() {
        return this.retransmissionTimeout;
    }

    public ServerNameResolver getServerNameResolver() {
        return this.serverNameResolver;
    }

    public long getStaleConnectionThreshold() {
        return this.staleConnectionThreshold;
    }

    public CipherSuite[] getSupportedCipherSuites() {
        return this.supportedCipherSuites == null ? new CipherSuite[0] : (CipherSuite[]) Arrays.copyOf(this.supportedCipherSuites, this.supportedCipherSuites.length);
    }

    public X509Certificate[] getTrustStore() {
        return this.trustStore;
    }

    public boolean isAddressReuseEnabled() {
        return this.enableReuseAddress;
    }

    public boolean isClientAuthenticationRequired() {
        return this.clientAuthenticationRequired;
    }

    public boolean isSendRawKey() {
        return this.sendRawKey;
    }
}
