package org.eclipse.californium.scandium.dtls;

import java.io.IOException;
import java.net.InetSocketAddress;
import java.security.GeneralSecurityException;
import java.security.MessageDigest;
import java.security.Principal;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.cert.CertPath;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Comparator;
import java.util.Iterator;
import java.util.LinkedHashSet;
import java.util.List;
import java.util.Set;
import java.util.SortedSet;
import java.util.TreeSet;
import java.util.concurrent.TimeUnit;
import java.util.concurrent.atomic.AtomicReference;
import javax.crypto.SecretKey;
import javax.security.auth.DestroyFailedException;
import javax.security.auth.Destroyable;
import o.jzb;
import o.jze;
import o.jzn;
import o.jzo;
import o.jzx;
import o.jzz;
import o.kag;
import o.kah;
import o.kai;
import o.kan;
import o.kao;
import o.kau;
import o.kbc;
import o.kbd;
import o.kbe;
import o.kbg;
import o.kbj;
import o.kbq;
import o.kbr;
import o.kbs;
import o.kbu;
import o.kcq;
import o.kcr;
import o.keo;
import org.eclipse.californium.elements.auth.ExtensiblePrincipal;
import org.eclipse.californium.elements.util.ClockUtil;
import org.eclipse.californium.scandium.auth.ApplicationLevelInfoSupplier;
import org.eclipse.californium.scandium.dtls.AlertMessage;
import org.eclipse.californium.scandium.dtls.cipher.CipherSuite;
import org.eclipse.californium.scandium.dtls.cipher.ECDHECryptography;
import org.eclipse.californium.scandium.dtls.cipher.PseudoRandomFunction;
import org.eclipse.californium.scandium.dtls.pskstore.PskStore;
import org.eclipse.californium.scandium.dtls.rpkstore.TrustedRpkStore;
import org.eclipse.californium.scandium.dtls.x509.AdvancedCertificateVerifier;
import org.eclipse.californium.scandium.dtls.x509.CertificateVerifier;
import org.slf4j.Logger;

/* loaded from: classes7.dex */
public abstract class Handshaker implements Destroyable {
    private ApplicationLevelInfoSupplier applicationLevelInfoSupplier;
    private Throwable cause;
    protected List<X509Certificate> certificateChain;
    protected final CertificateVerifier certificateVerifier;
    protected kbs clientRandom;
    private kcr clientWriteIV;
    private SecretKey clientWriteKey;
    private SecretKey clientWriteMACKey;
    private final kan connection;
    protected final ConnectionIdGenerator connectionIdGenerator;
    private int deferredRecordsSize;
    private boolean destroyed;
    protected ECDHECryptography ecdhe;
    private long flightSendNanos;
    private a inboundMessageBuffer;
    protected final boolean isClient;
    private boolean lastFlight;
    protected SecretKey masterSecret;
    private final int maxDeferredProcessedIncomingRecordsSize;
    private final int maxDeferredProcessedOutgoingApplicationDataMessages;
    private final int maxFragmentedHandshakeMessageLength;
    private long nanosExpireTime;
    private final long nanosExpireTimeout;
    private int nextReceiveMessageSequence;
    protected CertPath peerCertPath;
    protected PrivateKey privateKey;
    protected final PskStore pskStore;
    protected PublicKey publicKey;
    protected kbu reassembledMessage;
    private final RecordLayer recordLayer;
    protected final TrustedRpkStore rpkStore;
    private int sendMessageSequence;
    protected kbs serverRandom;
    private kcr serverWriteIV;
    private SecretKey serverWriteKey;
    private SecretKey serverWriteMACKey;
    protected final kau session;
    protected boolean sniEnabled;
    protected kbj[] states;
    protected int statesIndex;
    protected final boolean useKeyUsageVerification;
    protected boolean useStateValidation;
    protected final boolean useTruncatedCertificatePathForVerification;
    protected kbq usedProtocol;
    protected final Logger LOGGER = keo.d(getClass());
    protected int flightNumber = 0;
    private final List<jzb> deferredApplicationData = new ArrayList();
    private final List<kbr> deferredRecords = new ArrayList();
    private final AtomicReference<kao> pendingFlight = new AtomicReference<>();
    protected final List<HandshakeMessage> handshakeMessages = new ArrayList();
    private final Set<SessionListener> sessionListeners = new LinkedHashSet();
    private boolean changeCipherSuiteMessageExpected = false;
    private boolean sessionEstablished = false;
    private boolean handshakeAborted = false;
    private boolean handshakeFailed = false;

    /* JADX INFO: Access modifiers changed from: package-private */
    /* renamed from: org.eclipse.californium.scandium.dtls.Handshaker$5, reason: invalid class name */
    /* loaded from: classes7.dex */
    public static /* synthetic */ class AnonymousClass5 {
        static final /* synthetic */ int[] d = new int[ContentType.values().length];

        static {
            try {
                d[ContentType.CHANGE_CIPHER_SPEC.ordinal()] = 1;
            } catch (NoSuchFieldError unused) {
            }
            try {
                d[ContentType.HANDSHAKE.ordinal()] = 2;
            } catch (NoSuchFieldError unused2) {
            }
        }
    }

    /* loaded from: classes7.dex */
    class a {

        /* renamed from: a, reason: collision with root package name */
        private SortedSet<kbr> f31745a;
        private kbr d;

        private a() {
            this.d = null;
            this.f31745a = new TreeSet(new Comparator<kbr>() { // from class: org.eclipse.californium.scandium.dtls.Handshaker.a.2
                @Override // java.util.Comparator
                /* renamed from: b, reason: merged with bridge method [inline-methods] */
                public int compare(kbr kbrVar, kbr kbrVar2) {
                    return Handshaker.compareRecords(kbrVar, kbrVar2);
                }
            });
        }

        kbr a(kbr kbrVar) {
            int h = kbrVar.h();
            int f = Handshaker.this.session.f();
            if (h != f) {
                throw new IllegalArgumentException("record epoch " + h + " doesn't match session " + f);
            }
            DTLSMessage k = kbrVar.k();
            int i = AnonymousClass5.d[k.getContentType().ordinal()];
            if (i == 1) {
                if (Handshaker.this.isChangeCipherSpecMessageExpected()) {
                    return kbrVar;
                }
                if (this.d != null) {
                    Handshaker.this.LOGGER.debug("Change Cipher Spec is received again!");
                    return null;
                }
                Handshaker.this.LOGGER.debug("Change Cipher Spec is not expected and therefore kept for later processing!");
                this.d = kbrVar;
                return null;
            }
            if (i != 2) {
                Handshaker.this.LOGGER.warn("Cannot process message of type [{}], discarding...", k.getContentType());
                return null;
            }
            HandshakeMessage handshakeMessage = (HandshakeMessage) k;
            int messageSeq = handshakeMessage.getMessageSeq();
            if (messageSeq == Handshaker.this.nextReceiveMessageSequence) {
                return kbrVar;
            }
            if (messageSeq <= Handshaker.this.nextReceiveMessageSequence) {
                Handshaker.this.LOGGER.debug("Discarding old {} message_seq [{}] < next_receive_seq [{}]", handshakeMessage.getMessageType(), Integer.valueOf(messageSeq), Integer.valueOf(Handshaker.this.nextReceiveMessageSequence));
                return null;
            }
            Handshaker.this.LOGGER.debug("Queued newer {} message from current epoch, message_seq [{}] > next_receive_seq [{}]", handshakeMessage.getMessageType(), Integer.valueOf(messageSeq), Integer.valueOf(Handshaker.this.nextReceiveMessageSequence));
            if (Handshaker.this.addDeferredProcessedRecord(kbrVar)) {
                this.f31745a.add(kbrVar);
            }
            return null;
        }

        boolean c() {
            return this.f31745a.isEmpty();
        }

        public void d(long j) {
            kbr kbrVar = this.d;
            if (kbrVar != null && kbrVar.f() == j) {
                this.d = null;
            }
            for (kbr kbrVar2 : this.f31745a) {
                if (kbrVar2.f() == j) {
                    this.f31745a.remove(kbrVar2);
                    Handshaker.this.removeDeferredProcessedRecord(kbrVar2);
                }
            }
        }

        kbr e() {
            kbr kbrVar;
            if (Handshaker.this.isChangeCipherSpecMessageExpected() && (kbrVar = this.d) != null) {
                this.d = null;
                return kbrVar;
            }
            for (kbr kbrVar2 : this.f31745a) {
                int messageSeq = ((HandshakeMessage) kbrVar2.k()).getMessageSeq();
                if (messageSeq > Handshaker.this.nextReceiveMessageSequence) {
                    break;
                }
                this.f31745a.remove(kbrVar2);
                Handshaker.this.removeDeferredProcessedRecord(kbrVar2);
                if (messageSeq == Handshaker.this.nextReceiveMessageSequence) {
                    return kbrVar2;
                }
            }
            return null;
        }
    }

    public Handshaker(boolean z, int i, kau kauVar, RecordLayer recordLayer, kan kanVar, kag kagVar, int i2) {
        this.sendMessageSequence = 0;
        this.nextReceiveMessageSequence = 0;
        if (kauVar == null) {
            throw new NullPointerException("DTLS Session must not be null");
        }
        if (recordLayer == null) {
            throw new NullPointerException("Record layer must not be null");
        }
        if (kanVar == null) {
            throw new NullPointerException("Connection must not be null");
        }
        if (kagVar == null) {
            throw new NullPointerException("Dtls Connector Config must not be null");
        }
        if (i < 0) {
            throw new IllegalArgumentException("Initial message sequence number must not be negative");
        }
        this.isClient = z;
        this.sendMessageSequence = i;
        this.nextReceiveMessageSequence = i;
        this.session = kauVar;
        this.recordLayer = recordLayer;
        this.connection = kanVar;
        this.connectionIdGenerator = kagVar.k();
        this.maxFragmentedHandshakeMessageLength = kagVar.b().intValue();
        this.maxDeferredProcessedOutgoingApplicationDataMessages = kagVar.c().intValue();
        this.maxDeferredProcessedIncomingRecordsSize = kagVar.e().intValue();
        this.sniEnabled = kagVar.h().booleanValue();
        this.useStateValidation = kagVar.am().booleanValue();
        this.useKeyUsageVerification = kagVar.aq().booleanValue();
        this.useTruncatedCertificatePathForVerification = kagVar.ap().booleanValue();
        this.privateKey = kagVar.r();
        this.publicKey = kagVar.s();
        this.certificateChain = kagVar.n();
        this.certificateVerifier = kagVar.p();
        this.rpkStore = kagVar.al();
        this.pskStore = kagVar.t();
        this.session.b(i2);
        this.applicationLevelInfoSupplier = kagVar.y();
        this.inboundMessageBuffer = new a();
        int intValue = kagVar.f().intValue();
        int intValue2 = kagVar.a().intValue();
        int i3 = intValue2 * 2;
        for (int i4 = 0; i4 < intValue; i4++) {
            intValue2 = kao.b(intValue2);
            i3 += intValue2;
        }
        this.nanosExpireTimeout = TimeUnit.MILLISECONDS.toNanos(i3);
        addSessionListener(kanVar.d());
    }

    /* JADX INFO: Access modifiers changed from: private */
    public boolean addDeferredProcessedRecord(kbr kbrVar) {
        int b = kbrVar.b();
        int i = this.deferredRecordsSize;
        if (i + b < this.maxDeferredProcessedIncomingRecordsSize) {
            this.deferredRecordsSize = i + b;
            return true;
        }
        this.LOGGER.debug("Dropped incoming record from peer [{}], limit of {} bytes exceeded by {}+{} bytes!", kbrVar.i(), Integer.valueOf(this.maxDeferredProcessedIncomingRecordsSize), Integer.valueOf(this.deferredRecordsSize), Integer.valueOf(b));
        return false;
    }

    private void amendPeerPrincipal() {
        Principal x = this.session.x();
        if (x instanceof ExtensiblePrincipal) {
            this.session.d(((ExtensiblePrincipal) x).amend(getAdditionalPeerInfo(x)));
        }
    }

    private void applySendMessageSequenceNumber(HandshakeMessage handshakeMessage) {
        handshakeMessage.setMessageSeq(this.sendMessageSequence);
        this.sendMessageSequence++;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static int compareRecords(kbr kbrVar, kbr kbrVar2) {
        if (kbrVar.h() != kbrVar2.h()) {
            throw new IllegalArgumentException("records with different epoch! " + kbrVar.h() + " != " + kbrVar2.h());
        }
        HandshakeMessage handshakeMessage = (HandshakeMessage) kbrVar.k();
        HandshakeMessage handshakeMessage2 = (HandshakeMessage) kbrVar2.k();
        if (handshakeMessage.getMessageSeq() < handshakeMessage2.getMessageSeq()) {
            return -1;
        }
        if (handshakeMessage.getMessageSeq() > handshakeMessage2.getMessageSeq()) {
            return 1;
        }
        if (kbrVar.f() < kbrVar2.f()) {
            return -1;
        }
        return kbrVar.f() > kbrVar2.f() ? 1 : 0;
    }

    private SecretKey generateMasterSecret(SecretKey secretKey) {
        byte[] c = PseudoRandomFunction.c(this.session.i().getThreadLocalPseudoRandomFunctionMac(), secretKey, PseudoRandomFunction.Label.MASTER_SECRET_LABEL, jzo.a(this.clientRandom, this.serverRandom));
        SecretKey d = kcq.d(c, "MAC");
        jzo.b(c);
        return d;
    }

    private jze getAdditionalPeerInfo(Principal principal) {
        ApplicationLevelInfoSupplier applicationLevelInfoSupplier = this.applicationLevelInfoSupplier;
        return (applicationLevelInfoSupplier == null || principal == null) ? jze.b() : applicationLevelInfoSupplier.getInfo(principal);
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void removeDeferredProcessedRecord(kbr kbrVar) {
        int b = kbrVar.b();
        int i = this.deferredRecordsSize;
        if (i >= b) {
            this.deferredRecordsSize = i - b;
        } else {
            this.LOGGER.warn("deferred processed incoming records corrupted for peer [{}]! Removing {} bytes exceeds available {} bytes!", kbrVar.i(), Integer.valueOf(b), Integer.valueOf(this.deferredRecordsSize));
            throw new IllegalArgumentException("deferred processing of incoming records corrupted!");
        }
    }

    private void wrapHandshakeMessage(kao kaoVar, HandshakeMessage handshakeMessage) throws GeneralSecurityException {
        applySendMessageSequenceNumber(handshakeMessage);
        int messageLength = handshakeMessage.getMessageLength();
        int p = this.session.p();
        if (this.session.h() == 0) {
            this.handshakeMessages.add(handshakeMessage);
        }
        if (messageLength <= p) {
            kaoVar.c(new kbr(ContentType.HANDSHAKE, this.session.h(), this.session.k(), handshakeMessage, this.session, handshakeMessage.getMessageType() == HandshakeType.FINISHED, 0));
            return;
        }
        this.LOGGER.debug("Splitting up {} message for [{}] into multiple fragments of max {} bytes", handshakeMessage.getMessageType(), handshakeMessage.getPeer(), Integer.valueOf(p));
        byte[] fragmentToByteArray = handshakeMessage.fragmentToByteArray();
        if (fragmentToByteArray.length != messageLength) {
            throw new IllegalStateException("message length " + messageLength + " differs from message " + fragmentToByteArray.length + "!");
        }
        int messageSeq = handshakeMessage.getMessageSeq();
        int i = 0;
        while (i < messageLength) {
            int i2 = i + p > messageLength ? messageLength - i : p;
            byte[] bArr = new byte[i2];
            System.arraycopy(fragmentToByteArray, i, bArr, 0, i2);
            kbg kbgVar = new kbg(handshakeMessage.getMessageType(), messageLength, messageSeq, i, bArr, this.session.y());
            i += i2;
            kaoVar.c(new kbr(ContentType.HANDSHAKE, this.session.h(), this.session.k(), kbgVar, this.session, false, 0));
        }
    }

    public void addApplicationDataForDeferredProcessing(jzb jzbVar) {
        if (this.deferredApplicationData.size() < this.maxDeferredProcessedOutgoingApplicationDataMessages) {
            this.deferredApplicationData.add(jzbVar);
        }
    }

    public void addRecordsForDeferredProcessing(kbr kbrVar) {
        if (addDeferredProcessedRecord(kbrVar)) {
            this.deferredRecords.add(kbrVar);
        }
    }

    public final void addSessionListener(SessionListener sessionListener) {
        if (sessionListener != null) {
            this.sessionListeners.add(sessionListener);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void calculateKeys(SecretKey secretKey) {
        if (this.destroyed) {
            throw new IllegalStateException("secrets destroyed!");
        }
        int macKeyLength = this.session.i().getMacKeyLength();
        int encKeyLength = this.session.i().getEncKeyLength();
        int fixedIvLength = this.session.i().getFixedIvLength();
        byte[] a2 = jzo.a(this.serverRandom, this.clientRandom);
        byte[] b = PseudoRandomFunction.b(this.session.i().getThreadLocalPseudoRandomFunctionMac(), secretKey, PseudoRandomFunction.Label.KEY_EXPANSION_LABEL, a2, (macKeyLength + encKeyLength + fixedIvLength) * 2);
        this.clientWriteMACKey = kcq.e(b, 0, macKeyLength, "Mac");
        int i = macKeyLength + 0;
        this.serverWriteMACKey = kcq.e(b, i, macKeyLength, "Mac");
        int i2 = i + macKeyLength;
        this.clientWriteKey = kcq.e(b, i2, encKeyLength, "AES");
        int i3 = i2 + encKeyLength;
        this.serverWriteKey = kcq.e(b, i3, encKeyLength, "AES");
        int i4 = i3 + encKeyLength;
        this.clientWriteIV = kcq.b(b, i4, fixedIvLength);
        this.serverWriteIV = kcq.b(b, i4 + fixedIvLength, fixedIvLength);
        jzo.b(b);
    }

    @Override // javax.security.auth.Destroyable
    public void destroy() throws DestroyFailedException {
        kcq.c(this.masterSecret);
        this.masterSecret = null;
        kcq.c(this.clientWriteKey);
        this.clientWriteKey = null;
        kcq.c(this.clientWriteMACKey);
        this.clientWriteMACKey = null;
        kcq.d(this.clientWriteIV);
        this.clientWriteIV = null;
        kcq.c(this.serverWriteKey);
        this.serverWriteKey = null;
        kcq.c(this.serverWriteMACKey);
        this.serverWriteMACKey = null;
        kcq.d(this.serverWriteIV);
        this.serverWriteIV = null;
        this.destroyed = true;
    }

    protected abstract void doProcessMessage(HandshakeMessage handshakeMessage) throws kbe, GeneralSecurityException;

    /* JADX INFO: Access modifiers changed from: protected */
    public final void expectChangeCipherSpecMessage() {
        this.changeCipherSuiteMessageExpected = true;
    }

    protected void expectMessage(DTLSMessage dTLSMessage) throws kbe {
        kbj[] kbjVarArr;
        if (!this.useStateValidation || (kbjVarArr = this.states) == null) {
            return;
        }
        int i = this.statesIndex;
        if (i >= kbjVarArr.length) {
            this.LOGGER.warn("Cannot process {} message from peer [{}], no more expected!", kbj.a(dTLSMessage), getSession().y());
            throw new kbe("Cannot process " + kbj.a(dTLSMessage) + " handshake message, no more expected!", new AlertMessage(AlertMessage.AlertLevel.FATAL, AlertMessage.AlertDescription.INTERNAL_ERROR, this.session.y()));
        }
        kbj kbjVar = kbjVarArr[i];
        boolean c = kbjVar.c(dTLSMessage);
        if (!c && kbjVar.a()) {
            int i2 = this.statesIndex;
            int i3 = i2 + 1;
            kbj[] kbjVarArr2 = this.states;
            if (i3 < kbjVarArr2.length && kbjVarArr2[i2 + 1].c(dTLSMessage)) {
                this.statesIndex++;
                c = true;
            }
        }
        if (c) {
            return;
        }
        this.LOGGER.warn("Cannot process {} message from peer [{}], {} expected!", kbj.a(dTLSMessage), getSession().y(), kbjVar);
        throw new kbe("Cannot process " + kbj.a(dTLSMessage) + " handshake message, " + kbjVar + " expected!", new AlertMessage(AlertMessage.AlertLevel.FATAL, AlertMessage.AlertDescription.INTERNAL_ERROR, this.session.y()));
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public final void generateKeys(SecretKey secretKey) {
        if (!this.destroyed) {
            this.masterSecret = generateMasterSecret(secretKey);
            calculateKeys(this.masterSecret);
            this.session.e(this.masterSecret);
        } else {
            if (this.handshakeFailed) {
                throw new IllegalStateException("secrets destroyed after failure!", this.cause);
            }
            if (!this.sessionEstablished) {
                throw new IllegalStateException("secrets destroyed ???");
            }
            throw new IllegalStateException("secrets destroyed after success!");
        }
    }

    public kbs getClientRandom() {
        return this.clientRandom;
    }

    public final kan getConnection() {
        return this.connection;
    }

    public Throwable getFailureCause() {
        return this.cause;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public final MessageDigest getHandshakeMessageDigest() {
        MessageDigest threadLocalPseudoRandomFunctionMessageDigest = this.session.i().getThreadLocalPseudoRandomFunctionMessageDigest();
        int i = 0;
        for (HandshakeMessage handshakeMessage : this.handshakeMessages) {
            threadLocalPseudoRandomFunctionMessageDigest.update(handshakeMessage.toByteArray());
            this.LOGGER.trace("  [{}] - {}", Integer.valueOf(i), handshakeMessage.getMessageType());
            i++;
        }
        return threadLocalPseudoRandomFunctionMessageDigest;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public final CipherSuite.KeyExchangeAlgorithm getKeyExchangeAlgorithm() {
        return this.session.q();
    }

    final int getNextReceiveMessageSequenceNumber() {
        return this.nextReceiveMessageSequence;
    }

    public final InetSocketAddress getPeerAddress() {
        return this.session.y();
    }

    public kbs getServerRandom() {
        return this.serverRandom;
    }

    public final kau getSession() {
        return this.session;
    }

    protected final HandshakeMessage handleFragmentation(kbg kbgVar) throws kbe {
        this.LOGGER.debug("Processing {} message fragment ...", kbgVar.getMessageType());
        if (kbgVar.getMessageLength() > this.maxFragmentedHandshakeMessageLength) {
            throw new kbe("Fragmented message length exceeded (" + kbgVar.getMessageLength() + " > " + this.maxFragmentedHandshakeMessageLength + ")!", new AlertMessage(AlertMessage.AlertLevel.FATAL, AlertMessage.AlertDescription.ILLEGAL_PARAMETER, kbgVar.getPeer()));
        }
        int messageSeq = kbgVar.getMessageSeq();
        try {
            if (this.reassembledMessage == null) {
                this.reassembledMessage = new kbu(kbgVar);
            } else {
                if (this.reassembledMessage.getMessageSeq() != messageSeq) {
                    throw new IllegalArgumentException("Current reassemble message has different seqn " + this.reassembledMessage.getMessageSeq() + " != " + messageSeq);
                }
                this.reassembledMessage.d(kbgVar);
            }
            if (!this.reassembledMessage.b()) {
                return null;
            }
            HandshakeMessage fromByteArray = HandshakeMessage.fromByteArray(this.reassembledMessage.toByteArray(), this.session.o(), this.reassembledMessage.getPeer());
            this.LOGGER.debug("Successfully re-assembled {} message", fromByteArray.getMessageType());
            this.reassembledMessage = null;
            return fromByteArray;
        } catch (IllegalArgumentException e) {
            throw new kbe(e.getMessage(), new AlertMessage(AlertMessage.AlertLevel.FATAL, AlertMessage.AlertDescription.ILLEGAL_PARAMETER, kbgVar.getPeer()));
        }
    }

    public final void handshakeAborted(Throwable th) {
        this.handshakeAborted = true;
        handshakeFailed(th);
    }

    public final void handshakeCompleted() {
        setPendingFlight(null);
        Iterator<SessionListener> it = this.sessionListeners.iterator();
        while (it.hasNext()) {
            it.next().handshakeCompleted(this);
        }
        kcq.d(this);
        this.LOGGER.debug("handshake completed {}", this.connection);
    }

    public final void handshakeFailed(Throwable th) {
        if (this.cause == null) {
            this.cause = th;
        }
        if (this.handshakeFailed || this.cause != th) {
            return;
        }
        this.LOGGER.debug("handshake failed {}", this.connection, th);
        this.handshakeFailed = true;
        setPendingFlight(null);
        if (!this.sessionEstablished) {
            Iterator<SessionListener> it = this.sessionListeners.iterator();
            while (it.hasNext()) {
                it.next().handshakeFailed(this, th);
            }
            kcq.d(this.session);
        }
        kcq.d(this);
    }

    public final void handshakeFlightRetransmitted(int i) {
        Iterator<SessionListener> it = this.sessionListeners.iterator();
        while (it.hasNext()) {
            it.next().handshakeFlightRetransmitted(this, i);
        }
        Iterator<jzb> it2 = this.deferredApplicationData.iterator();
        while (it2.hasNext()) {
            it2.next().e(i);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public final void handshakeStarted() throws kbe {
        this.LOGGER.debug("handshake started {}", this.connection);
        Iterator<SessionListener> it = this.sessionListeners.iterator();
        while (it.hasNext()) {
            it.next().handshakeStarted(this);
        }
    }

    public final boolean isChangeCipherSpecMessageExpected() {
        return this.changeCipherSuiteMessageExpected;
    }

    @Override // javax.security.auth.Destroyable
    public boolean isDestroyed() {
        return this.destroyed;
    }

    public boolean isExpired() {
        return this.pendingFlight.get() != null && this.nanosExpireTime < ClockUtil.e();
    }

    public boolean isInboundMessageProcessed() {
        return this.inboundMessageBuffer.c();
    }

    public boolean isProbing() {
        return false;
    }

    public boolean isRemovingConnection() {
        return (this.handshakeAborted || this.connection.o()) ? false : true;
    }

    public final void processMessage(kbr kbrVar) throws kbe {
        int f = this.session.f();
        if (f != kbrVar.h()) {
            this.LOGGER.debug("Discarding {} message with wrong epoch received from peer [{}]:{}{}", kbrVar.e(), kbrVar.i(), kah.d(), kbrVar);
            throw new IllegalArgumentException("processing record with wrong epoch! " + kbrVar.h() + " expected " + f);
        }
        if (kbrVar.l() < this.flightSendNanos) {
            this.LOGGER.info("Discarding {} message received from peer [{}] before last flight was sent:{}{}", kbrVar.e(), kbrVar.i(), kah.d(), kbrVar);
            return;
        }
        try {
            kbr a2 = this.inboundMessageBuffer.a(kbrVar);
            while (a2 != null) {
                DTLSMessage k = a2.k();
                expectMessage(k);
                if (k.getContentType() == ContentType.CHANGE_CIPHER_SPEC) {
                    this.LOGGER.debug("Processing {} message from peer [{}]", k.getContentType(), k.getPeer());
                    setCurrentReadState();
                    this.statesIndex++;
                    this.LOGGER.debug("Processed {} message from peer [{}]", k.getContentType(), k.getPeer());
                } else {
                    if (k.getContentType() != ContentType.HANDSHAKE) {
                        throw new kbe(String.format("Received unexpected message [%s] from peer %s", k.getContentType(), k.getPeer()), new AlertMessage(AlertMessage.AlertLevel.FATAL, AlertMessage.AlertDescription.HANDSHAKE_FAILURE, k.getPeer()));
                    }
                    HandshakeMessage handshakeMessage = (HandshakeMessage) k;
                    if (handshakeMessage.getMessageType() == HandshakeType.FINISHED && f == 0) {
                        this.LOGGER.debug("FINISH with epoch 0 from peer [{}]!", getSession().y());
                        throw new kbe("FINISH with epoch 0!", new AlertMessage(AlertMessage.AlertLevel.FATAL, AlertMessage.AlertDescription.UNEXPECTED_MESSAGE, getSession().y()));
                    }
                    kao kaoVar = this.pendingFlight.get();
                    if (kaoVar != null) {
                        this.LOGGER.debug("response for flight {} started", Integer.valueOf(kaoVar.d()));
                        kaoVar.n();
                    }
                    if (handshakeMessage instanceof kbg) {
                        handshakeMessage = handleFragmentation((kbg) handshakeMessage);
                    }
                    if (handshakeMessage == null) {
                        continue;
                    } else {
                        if (handshakeMessage instanceof kbd) {
                            kbd kbdVar = (kbd) handshakeMessage;
                            kbc o2 = this.session.o();
                            if (o2 == null) {
                                this.LOGGER.warn("Cannot process handshake {} message from peer [{}], parameter are required!", kbdVar.getMessageType(), getSession().y());
                                throw new kbe("Cannot process " + kbdVar.getMessageType() + " handshake message, parameter are required!", new AlertMessage(AlertMessage.AlertLevel.FATAL, AlertMessage.AlertDescription.INTERNAL_ERROR, this.session.y()));
                            }
                            handshakeMessage = kbdVar.d(o2);
                        }
                        if (this.lastFlight) {
                            this.LOGGER.debug("Received ({}) FINISHED message again, retransmitting last flight...", getPeerAddress());
                            kaoVar.h();
                            kaoVar.k();
                            sendFlight(kaoVar);
                        } else {
                            if (this.LOGGER.isDebugEnabled()) {
                                StringBuilder sb = new StringBuilder();
                                sb.append(String.format("Processing %s message from peer [%s], seqn: [%d]", handshakeMessage.getMessageType(), handshakeMessage.getPeer(), Integer.valueOf(handshakeMessage.getMessageSeq())));
                                if (this.LOGGER.isTraceEnabled()) {
                                    sb.append(":");
                                    sb.append(kah.d());
                                    sb.append(handshakeMessage);
                                }
                                this.LOGGER.debug(sb.toString());
                            }
                            if (f == 0) {
                                this.handshakeMessages.add(handshakeMessage);
                            }
                            doProcessMessage(handshakeMessage);
                            this.LOGGER.debug("Processed {} message from peer [{}]", handshakeMessage.getMessageType(), handshakeMessage.getPeer());
                            if (!this.lastFlight) {
                                this.nextReceiveMessageSequence++;
                                this.statesIndex++;
                            }
                        }
                    }
                }
                this.session.e(f, a2.f());
                this.inboundMessageBuffer.d(a2.f());
                a2 = this.inboundMessageBuffer.e();
            }
            if (this.session.f() > f) {
                jzz e = this.connection.e();
                List<kbr> takeDeferredRecords = takeDeferredRecords();
                if (this.deferredRecordsSize > 0) {
                    throw new kbe(String.format("Received unexpected message left from peer %s", kbrVar.i()), new AlertMessage(AlertMessage.AlertLevel.FATAL, AlertMessage.AlertDescription.HANDSHAKE_FAILURE, kbrVar.i()));
                }
                for (final kbr kbrVar2 : takeDeferredRecords) {
                    if (e != null) {
                        e.execute(new Runnable() { // from class: org.eclipse.californium.scandium.dtls.Handshaker.4
                            @Override // java.lang.Runnable
                            public void run() {
                                Handshaker.this.recordLayer.processRecord(kbrVar2, Handshaker.this.connection);
                            }
                        });
                    } else {
                        this.recordLayer.processRecord(kbrVar2, this.connection);
                    }
                }
            }
        } catch (GeneralSecurityException e2) {
            this.LOGGER.warn("Cannot process handshake message from peer [{}] due to [{}]", getSession().y(), e2.getMessage(), e2);
            throw new kbe("Cannot process handshake message", new AlertMessage(AlertMessage.AlertLevel.FATAL, AlertMessage.AlertDescription.INTERNAL_ERROR, this.session.y()));
        }
    }

    public final void removeSessionListener(SessionListener sessionListener) {
        if (sessionListener != null) {
            this.sessionListeners.remove(sessionListener);
        }
    }

    public void resetProbing() {
    }

    public void sendFlight(kao kaoVar) {
        setPendingFlight(null);
        try {
            this.flightSendNanos = ClockUtil.e();
            this.nanosExpireTime = this.nanosExpireTimeout + this.flightSendNanos;
            this.recordLayer.sendFlight(kaoVar, this.connection);
            setPendingFlight(kaoVar);
        } catch (IOException e) {
            handshakeFailed(new Exception("handshake flight " + kaoVar.d() + " failed!", e));
        }
    }

    public void sendLastFlight(kao kaoVar) {
        this.lastFlight = true;
        kaoVar.c(false);
        sendFlight(kaoVar);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public final void sessionEstablished() throws kbe {
        if (this.sessionEstablished) {
            return;
        }
        this.LOGGER.debug("session established {}", this.connection);
        amendPeerPrincipal();
        this.sessionEstablished = true;
        Iterator<SessionListener> it = this.sessionListeners.iterator();
        while (it.hasNext()) {
            it.next().sessionEstablished(this, getSession());
        }
    }

    protected final void setCurrentReadState() {
        this.session.b(this.isClient ? DTLSConnectionState.create(this.session.i(), this.session.g(), this.serverWriteKey, this.serverWriteIV, this.serverWriteMACKey) : DTLSConnectionState.create(this.session.i(), this.session.g(), this.clientWriteKey, this.clientWriteIV, this.clientWriteMACKey));
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public final void setCurrentWriteState() {
        this.session.d(this.isClient ? DTLSConnectionState.create(this.session.i(), this.session.g(), this.clientWriteKey, this.clientWriteIV, this.clientWriteMACKey) : DTLSConnectionState.create(this.session.i(), this.session.g(), this.serverWriteKey, this.serverWriteIV, this.serverWriteMACKey));
    }

    public void setFailureCause(Throwable th) {
        setPendingFlight(null);
        this.cause = th;
    }

    public void setPendingFlight(kao kaoVar) {
        kao andSet = this.pendingFlight.getAndSet(kaoVar);
        if (andSet == null || andSet == kaoVar) {
            return;
        }
        andSet.o();
    }

    public abstract void startHandshake() throws kbe;

    public List<jzb> takeDeferredApplicationData() {
        ArrayList arrayList = new ArrayList(this.deferredApplicationData);
        this.deferredApplicationData.clear();
        return arrayList;
    }

    public void takeDeferredApplicationData(Handshaker handshaker) {
        this.deferredApplicationData.addAll(handshaker.takeDeferredApplicationData());
    }

    public List<kbr> takeDeferredRecords() {
        ArrayList arrayList = new ArrayList(this.deferredRecords);
        this.deferredRecords.clear();
        Iterator it = arrayList.iterator();
        while (it.hasNext()) {
            removeDeferredProcessedRecord((kbr) it.next());
        }
        return arrayList;
    }

    public void verifyCertificate(kai kaiVar) throws kbe {
        CertPath a2 = kaiVar.a();
        if (a2 == null) {
            if (this.rpkStore.isTrusted(new jzn(kaiVar.d()))) {
                return;
            }
            this.LOGGER.debug("Certificate validation failed: Raw public key is not trusted");
            throw new kbe("Raw public key is not trusted!", new AlertMessage(AlertMessage.AlertLevel.FATAL, AlertMessage.AlertDescription.BAD_CERTIFICATE, this.session.y()));
        }
        if (this.certificateVerifier == null) {
            this.LOGGER.debug("Certificate validation failed: x509 could not be trusted!");
            throw new kbe("Trust is not possible!", new AlertMessage(AlertMessage.AlertLevel.FATAL, AlertMessage.AlertDescription.UNEXPECTED_MESSAGE, this.session.y()));
        }
        List<? extends Certificate> certificates = a2.getCertificates();
        if (certificates.isEmpty() && this.isClient) {
            this.LOGGER.debug("Certificate validation failed: empty server certificate!");
            throw new kbe("Empty server certificate!", new AlertMessage(AlertMessage.AlertLevel.FATAL, AlertMessage.AlertDescription.BAD_CERTIFICATE, this.session.y()));
        }
        if (this.certificateVerifier instanceof AdvancedCertificateVerifier) {
            this.peerCertPath = ((AdvancedCertificateVerifier) this.certificateVerifier).verifyCertificate(this.useKeyUsageVerification ? Boolean.valueOf(!this.isClient) : null, this.useTruncatedCertificatePathForVerification, kaiVar, this.session);
            return;
        }
        if (this.useKeyUsageVerification && !certificates.isEmpty()) {
            Certificate certificate = certificates.get(0);
            if ((certificate instanceof X509Certificate) && !jzx.a((X509Certificate) certificate, !this.isClient)) {
                this.LOGGER.debug("Certificate validation failed: key usage doesn't match");
                throw new kbe("Key Usage doesn't match!", new AlertMessage(AlertMessage.AlertLevel.FATAL, AlertMessage.AlertDescription.BAD_CERTIFICATE, this.session.y()));
            }
        }
        this.certificateVerifier.verifyCertificate(kaiVar, this.session);
        this.peerCertPath = a2;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public final void wrapMessage(kao kaoVar, DTLSMessage dTLSMessage) throws kbe {
        try {
            int i = AnonymousClass5.d[dTLSMessage.getContentType().ordinal()];
            if (i == 1) {
                kaoVar.c(new kbr(dTLSMessage.getContentType(), this.session.h(), this.session.k(), dTLSMessage, this.session, false, 0));
                return;
            }
            if (i == 2) {
                wrapHandshakeMessage(kaoVar, (HandshakeMessage) dTLSMessage);
                return;
            }
            throw new kbe("Cannot create " + dTLSMessage.getContentType() + " record for flight", new AlertMessage(AlertMessage.AlertLevel.FATAL, AlertMessage.AlertDescription.INTERNAL_ERROR, this.session.y()));
        } catch (GeneralSecurityException unused) {
            throw new kbe("Cannot create record", new AlertMessage(AlertMessage.AlertLevel.FATAL, AlertMessage.AlertDescription.INTERNAL_ERROR, this.session.y()));
        }
    }
}
