package o;

import java.security.GeneralSecurityException;
import java.security.MessageDigest;
import java.security.PublicKey;
import java.security.cert.X509Certificate;
import java.security.interfaces.ECPublicKey;
import java.util.Collections;
import java.util.List;
import javax.crypto.SecretKey;
import org.eclipse.californium.elements.util.NoPublicAPI;
import org.eclipse.californium.scandium.dtls.AlertMessage;
import org.eclipse.californium.scandium.dtls.CertificateRequest;
import org.eclipse.californium.scandium.dtls.CertificateType;
import org.eclipse.californium.scandium.dtls.ChangeCipherSpecMessage;
import org.eclipse.californium.scandium.dtls.CompressionMethod;
import org.eclipse.californium.scandium.dtls.ContentType;
import org.eclipse.californium.scandium.dtls.DTLSMessage;
import org.eclipse.californium.scandium.dtls.HandshakeMessage;
import org.eclipse.californium.scandium.dtls.HandshakeType;
import org.eclipse.californium.scandium.dtls.Handshaker;
import org.eclipse.californium.scandium.dtls.HelloExtension;
import org.eclipse.californium.scandium.dtls.MaxFragmentLengthExtension;
import org.eclipse.californium.scandium.dtls.RecordLayer;
import org.eclipse.californium.scandium.dtls.SignatureAndHashAlgorithm;
import org.eclipse.californium.scandium.dtls.SupportedPointFormatsExtension;
import org.eclipse.californium.scandium.dtls.cipher.CipherSuite;
import org.eclipse.californium.scandium.dtls.cipher.ECDHECryptography;

@NoPublicAPI
/* loaded from: classes7.dex */
public class kak extends Handshaker {

    /* renamed from: a, reason: collision with root package name */
    protected static kbj[] f31379a = {new kbj(HandshakeType.HELLO_VERIFY_REQUEST, true), new kbj(HandshakeType.SERVER_HELLO), new kbj(HandshakeType.CERTIFICATE), new kbj(HandshakeType.SERVER_KEY_EXCHANGE), new kbj(HandshakeType.CERTIFICATE_REQUEST, true), new kbj(HandshakeType.SERVER_HELLO_DONE), new kbj(ContentType.CHANGE_CIPHER_SPEC), new kbj(HandshakeType.FINISHED)};
    private static kbj[] m = {new kbj(HandshakeType.HELLO_VERIFY_REQUEST, true), new kbj(HandshakeType.SERVER_HELLO), new kbj(HandshakeType.SERVER_KEY_EXCHANGE, true), new kbj(HandshakeType.SERVER_HELLO_DONE), new kbj(ContentType.CHANGE_CIPHER_SPEC), new kbj(HandshakeType.FINISHED)};
    protected kaq b;
    protected final boolean c;
    protected final Integer d;
    protected ECPublicKey e;
    protected byte[] f;
    protected SignatureAndHashAlgorithm g;
    protected final List<CertificateType> h;
    protected final List<CertificateType> i;
    protected CertificateRequest j;
    private PublicKey k;
    private kbq l;
    private final List<CipherSuite> n;

    /* JADX INFO: Access modifiers changed from: package-private */
    /* renamed from: o.kak$4, reason: invalid class name */
    /* loaded from: classes7.dex */
    public static /* synthetic */ class AnonymousClass4 {
        static final /* synthetic */ int[] e;

        static {
            try {
                c[HandshakeType.HELLO_VERIFY_REQUEST.ordinal()] = 1;
            } catch (NoSuchFieldError unused) {
            }
            try {
                c[HandshakeType.SERVER_HELLO.ordinal()] = 2;
            } catch (NoSuchFieldError unused2) {
            }
            try {
                c[HandshakeType.CERTIFICATE.ordinal()] = 3;
            } catch (NoSuchFieldError unused3) {
            }
            try {
                c[HandshakeType.SERVER_KEY_EXCHANGE.ordinal()] = 4;
            } catch (NoSuchFieldError unused4) {
            }
            try {
                c[HandshakeType.CERTIFICATE_REQUEST.ordinal()] = 5;
            } catch (NoSuchFieldError unused5) {
            }
            try {
                c[HandshakeType.SERVER_HELLO_DONE.ordinal()] = 6;
            } catch (NoSuchFieldError unused6) {
            }
            try {
                c[HandshakeType.FINISHED.ordinal()] = 7;
            } catch (NoSuchFieldError unused7) {
            }
            e = new int[CipherSuite.KeyExchangeAlgorithm.values().length];
            try {
                e[CipherSuite.KeyExchangeAlgorithm.EC_DIFFIE_HELLMAN.ordinal()] = 1;
            } catch (NoSuchFieldError unused8) {
            }
            try {
                e[CipherSuite.KeyExchangeAlgorithm.PSK.ordinal()] = 2;
            } catch (NoSuchFieldError unused9) {
            }
            try {
                e[CipherSuite.KeyExchangeAlgorithm.ECDHE_PSK.ordinal()] = 3;
            } catch (NoSuchFieldError unused10) {
            }
            try {
                e[CipherSuite.KeyExchangeAlgorithm.NULL.ordinal()] = 4;
            } catch (NoSuchFieldError unused11) {
            }
        }
    }

    public kak(kau kauVar, RecordLayer recordLayer, kan kanVar, kag kagVar, int i) {
        super(true, 0, kauVar, recordLayer, kanVar, kagVar, i);
        this.l = new kbq();
        this.b = null;
        this.j = null;
        this.f = null;
        this.n = kagVar.q();
        this.d = kagVar.d();
        this.c = kagVar.as().booleanValue();
        this.i = kagVar.ab();
        this.h = kagVar.ac();
    }

    private void c(kai kaiVar) throws kbe {
        verifyCertificate(kaiVar);
        this.k = kaiVar.d();
    }

    private void c(kaz kazVar) throws kbe {
        kazVar.c(this.k, this.clientRandom, this.serverRandom);
        if (this.peerCertPath != null) {
            this.session.d(new jzk(this.peerCertPath));
        } else {
            this.session.d(new jzn(this.k));
        }
        this.e = kazVar.a();
        try {
            this.ecdhe = new ECDHECryptography(this.e.getParams());
        } catch (GeneralSecurityException e) {
            throw new kbe(String.format("Cannot create ephemeral keys from domain params provided by server: %s", e.getMessage()), new AlertMessage(AlertMessage.AlertLevel.FATAL, AlertMessage.AlertDescription.HANDSHAKE_FAILURE, getPeerAddress()));
        }
    }

    private void c(kbf kbfVar) throws kbe, GeneralSecurityException {
        kbfVar.b(this.session.i().getThreadLocalPseudoRandomFunctionMac(), this.masterSecret, false, this.f);
        sessionEstablished();
        handshakeCompleted();
    }

    private void e(kbb kbbVar) throws kbe {
        this.e = kbbVar.c();
        try {
            this.ecdhe = new ECDHECryptography(this.e.getParams());
        } catch (GeneralSecurityException e) {
            throw new kbe(String.format("Cannot create ephemeral keys from domain params provided by server: %s", e.getMessage()), new AlertMessage(AlertMessage.AlertLevel.FATAL, AlertMessage.AlertDescription.HANDSHAKE_FAILURE, getPeerAddress()));
        }
    }

    private static boolean e(CertificateType certificateType, List<CertificateType> list) {
        return list != null ? list.contains(certificateType) : certificateType == CertificateType.X_509;
    }

    List<X509Certificate> a(CertificateRequest certificateRequest) throws kbe {
        if (this.certificateChain == null) {
            return Collections.emptyList();
        }
        this.g = certificateRequest.b(this.certificateChain);
        return this.g == null ? Collections.emptyList() : this.certificateChain;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void a(kby kbyVar) throws kbe {
        kar k;
        this.usedProtocol = kbyVar.b();
        this.serverRandom = kbyVar.a();
        this.session.c(kbyVar.d());
        CipherSuite c = kbyVar.c();
        if (!this.n.contains(c)) {
            throw new kbe("Server wants to use not supported cipher suite " + c, new AlertMessage(AlertMessage.AlertLevel.FATAL, AlertMessage.AlertDescription.ILLEGAL_PARAMETER, kbyVar.getPeer()));
        }
        this.session.e(c);
        CompressionMethod e = kbyVar.e();
        if (e != CompressionMethod.NULL) {
            throw new kbe("Server wants to use not supported compression method " + e, new AlertMessage(AlertMessage.AlertLevel.FATAL, AlertMessage.AlertDescription.ILLEGAL_PARAMETER, kbyVar.getPeer()));
        }
        this.session.c(kbyVar.e());
        c(kbyVar);
        if (this.connectionIdGenerator != null && (k = kbyVar.k()) != null) {
            this.session.b(k.e());
        }
        this.session.c(kbyVar.f());
        this.session.d(kbyVar.n());
        this.session.n();
        if (c.requiresServerCertificateMessage()) {
            return;
        }
        this.states = m;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void b(kaq kaqVar) {
        if (!this.sniEnabled || this.session.e() == null) {
            return;
        }
        this.LOGGER.debug("adding SNI extension to CLIENT_HELLO message [{}]", this.session.a());
        kaqVar.c(kbz.a(this.session.e()));
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void b(kbl kblVar) throws kbe {
        this.handshakeMessages.clear();
        this.b.d(kblVar.b());
        this.flightNumber = 3;
        kao kaoVar = new kao(getSession(), this.flightNumber);
        wrapMessage(kaoVar, this.b);
        sendFlight(kaoVar);
        this.statesIndex--;
    }

    protected void b(kbx kbxVar) throws kbe, GeneralSecurityException {
        DTLSMessage kbaVar;
        SecretKey a2;
        this.flightNumber += 2;
        kao kaoVar = new kao(getSession(), this.flightNumber);
        e(kaoVar);
        int i = AnonymousClass4.e[getKeyExchangeAlgorithm().ordinal()];
        kbm kbmVar = null;
        if (i == 1) {
            kbaVar = new kba(this.ecdhe.c(), this.session.y());
            a2 = this.ecdhe.a(this.e);
        } else if (i == 2) {
            kbm kbmVar2 = new kbm(this.sniEnabled, this.session, this.pskStore);
            this.LOGGER.debug("Using PSK identity: {}", kbmVar2.c());
            kbn kbnVar = new kbn(kbmVar2.e(), this.session.y());
            a2 = kbmVar2.c(null);
            kbmVar = kbmVar2;
            kbaVar = kbnVar;
        } else {
            if (i != 3) {
                throw new kbe("Unknown key exchange algorithm: " + getKeyExchangeAlgorithm(), new AlertMessage(AlertMessage.AlertLevel.FATAL, AlertMessage.AlertDescription.HANDSHAKE_FAILURE, this.session.y()));
            }
            kbmVar = new kbm(this.sniEnabled, this.session, this.pskStore);
            this.LOGGER.debug("Using PSK identity: {}", kbmVar.c());
            kbaVar = new kax(kbmVar.e(), this.ecdhe.c(), this.session.y());
            SecretKey a3 = this.ecdhe.a(this.e);
            a2 = kbmVar.c(a3);
            kcq.c(a3);
        }
        kcq.d(kbmVar);
        if (a2 != null) {
            generateKeys(a2);
            kcq.c(a2);
        }
        wrapMessage(kaoVar, kbaVar);
        if (this.j != null && this.g != null) {
            CertificateType r = this.session.r();
            if (!e(r, this.h)) {
                throw new kbe("Server wants to use not supported client certificate type " + r, new AlertMessage(AlertMessage.AlertLevel.FATAL, AlertMessage.AlertDescription.ILLEGAL_PARAMETER, kbxVar.getPeer()));
            }
            wrapMessage(kaoVar, new kaj(this.g, this.privateKey, this.handshakeMessages, this.session.y()));
        }
        wrapMessage(kaoVar, new ChangeCipherSpecMessage(this.session.y()));
        setCurrentWriteState();
        MessageDigest handshakeMessageDigest = getHandshakeMessageDigest();
        try {
            MessageDigest messageDigest = (MessageDigest) handshakeMessageDigest.clone();
            kbf kbfVar = new kbf(this.session.i().getThreadLocalPseudoRandomFunctionMac(), this.masterSecret, this.isClient, handshakeMessageDigest.digest(), this.session.y());
            wrapMessage(kaoVar, kbfVar);
            messageDigest.update(kbfVar.toByteArray());
            this.f = messageDigest.digest();
            sendFlight(kaoVar);
        } catch (CloneNotSupportedException unused) {
            throw new kbe("Cannot create FINISHED message", new AlertMessage(AlertMessage.AlertLevel.FATAL, AlertMessage.AlertDescription.INTERNAL_ERROR, kbxVar.getPeer()));
        }
    }

    PublicKey c(CertificateRequest certificateRequest) throws kbe {
        if (this.publicKey == null) {
            return null;
        }
        this.g = certificateRequest.b(this.publicKey);
        if (this.g == null) {
            return null;
        }
        return this.publicKey;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void c(kby kbyVar) throws kbe {
        kbk g = kbyVar.g();
        if (g != null && !g.b()) {
            kbk i = this.b.i();
            if (i == null || i.b()) {
                throw new kbe("Server wants extensions, but client not!", new AlertMessage(AlertMessage.AlertLevel.FATAL, AlertMessage.AlertDescription.UNSUPPORTED_EXTENSION, kbyVar.getPeer()));
            }
            for (HelloExtension helloExtension : g.d()) {
                if (i.c(helloExtension.getType()) == null) {
                    throw new kbe("Server wants " + helloExtension.getType() + ", but client not!", new AlertMessage(AlertMessage.AlertLevel.FATAL, AlertMessage.AlertDescription.UNSUPPORTED_EXTENSION, kbyVar.getPeer()));
                }
            }
        }
        SupportedPointFormatsExtension j = kbyVar.j();
        if (j != null && !j.e(SupportedPointFormatsExtension.ECPointFormat.UNCOMPRESSED)) {
            throw new kbe("Server wants to use only not supported EC point formats!", new AlertMessage(AlertMessage.AlertLevel.FATAL, AlertMessage.AlertDescription.ILLEGAL_PARAMETER, kbyVar.getPeer()));
        }
        MaxFragmentLengthExtension i2 = kbyVar.i();
        if (i2 != null) {
            MaxFragmentLengthExtension.Length a2 = i2.a();
            if (a2.code() != this.d.intValue()) {
                throw new kbe("Server wants to use other max. fragment size than proposed", new AlertMessage(AlertMessage.AlertLevel.FATAL, AlertMessage.AlertDescription.ILLEGAL_PARAMETER, kbyVar.getPeer()));
            }
            this.session.a(a2.length());
        }
        CertificateType h = kbyVar.h();
        if (e(h, this.i)) {
            this.session.e(h);
            return;
        }
        throw new kbe("Server wants to use not supported server certificate type " + h, new AlertMessage(AlertMessage.AlertLevel.FATAL, AlertMessage.AlertDescription.ILLEGAL_PARAMETER, kbyVar.getPeer()));
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void d(kaq kaqVar) {
        Integer num = this.d;
        if (num != null) {
            kaqVar.c(new MaxFragmentLengthExtension(num.intValue()));
            this.LOGGER.debug("Indicating max. fragment length [{}] to server [{}]", this.d, getPeerAddress());
        }
    }

    @Override // org.eclipse.californium.scandium.dtls.Handshaker
    public void doProcessMessage(HandshakeMessage handshakeMessage) throws kbe, GeneralSecurityException {
        switch (handshakeMessage.getMessageType()) {
            case HELLO_VERIFY_REQUEST:
                b((kbl) handshakeMessage);
                return;
            case SERVER_HELLO:
                a((kby) handshakeMessage);
                return;
            case CERTIFICATE:
                c((kai) handshakeMessage);
                return;
            case SERVER_KEY_EXCHANGE:
                int i = AnonymousClass4.e[getKeyExchangeAlgorithm().ordinal()];
                if (i == 1) {
                    c((kaz) handshakeMessage);
                    return;
                }
                if (i != 2) {
                    if (i == 3) {
                        e((kbb) handshakeMessage);
                        return;
                    } else {
                        if (i != 4) {
                            throw new kbe(String.format("Unsupported key exchange algorithm %s", getKeyExchangeAlgorithm().name()), new AlertMessage(AlertMessage.AlertLevel.FATAL, AlertMessage.AlertDescription.HANDSHAKE_FAILURE, handshakeMessage.getPeer()));
                        }
                        this.LOGGER.info("Received unexpected ServerKeyExchange message in NULL key exchange mode.");
                        return;
                    }
                }
                return;
            case CERTIFICATE_REQUEST:
                this.j = (CertificateRequest) handshakeMessage;
                return;
            case SERVER_HELLO_DONE:
                b((kbx) handshakeMessage);
                expectChangeCipherSpecMessage();
                return;
            case FINISHED:
                c((kbf) handshakeMessage);
                return;
            default:
                throw new kbe(String.format("Received unexpected handshake message [%s] from peer %s", handshakeMessage.getMessageType(), handshakeMessage.getPeer()), new AlertMessage(AlertMessage.AlertLevel.FATAL, AlertMessage.AlertDescription.UNEXPECTED_MESSAGE, handshakeMessage.getPeer()));
        }
    }

    protected void e(kao kaoVar) throws kbe {
        kai kaiVar;
        if (this.j != null) {
            if (CertificateType.RAW_PUBLIC_KEY == this.session.r()) {
                byte[] bArr = jzo.e;
                PublicKey c = c(this.j);
                if (c != null) {
                    bArr = c.getEncoded();
                }
                if (this.LOGGER.isDebugEnabled()) {
                    this.LOGGER.debug("sending CERTIFICATE message with client RawPublicKey [{}] to server", kah.e(bArr));
                }
                kaiVar = new kai(bArr, this.session.y());
            } else {
                if (CertificateType.X_509 != this.session.r()) {
                    throw new IllegalArgumentException("Certificate type " + this.session.r() + " not supported!");
                }
                kaiVar = new kai(a(this.j), this.c ? this.j.c() : null, this.session.y());
            }
            wrapMessage(kaoVar, kaiVar);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void e(kaq kaqVar) {
        if (this.connectionIdGenerator != null) {
            kaqVar.c(kar.c(this.connectionIdGenerator.useConnectionId() ? getConnection().f() : kap.c));
        }
    }

    @Override // org.eclipse.californium.scandium.dtls.Handshaker
    public void startHandshake() throws kbe {
        handshakeStarted();
        kaq kaqVar = new kaq(this.l, this.n, this.h, this.i, this.session.y());
        this.clientRandom = kaqVar.c();
        kaqVar.e(CompressionMethod.NULL);
        e(kaqVar);
        d(kaqVar);
        b(kaqVar);
        this.flightNumber = 1;
        this.b = kaqVar;
        kao kaoVar = new kao(this.session, this.flightNumber);
        wrapMessage(kaoVar, kaqVar);
        sendFlight(kaoVar);
        this.states = f31379a;
        this.statesIndex = 0;
    }
}
