package o;

import javax.crypto.SecretKey;
import javax.security.auth.DestroyFailedException;
import javax.security.auth.Destroyable;
import org.eclipse.californium.scandium.dtls.AlertMessage;
import org.eclipse.californium.scandium.dtls.pskstore.PskStore;
import org.slf4j.Logger;

/* loaded from: classes7.dex */
public class kbm implements Destroyable {
    private static final Logger d = keo.d(kbm.class);
    private final SecretKey b;
    private final jzm c;
    private final kbo e;

    public kbm(boolean z, kau kauVar, PskStore pskStore) throws kbe {
        this(z, kauVar, pskStore, c(z, kauVar, pskStore));
    }

    public kbm(boolean z, kau kauVar, PskStore pskStore, kbo kboVar) throws kbe {
        if (kauVar == null) {
            throw new NullPointerException("Dtls session must not be null");
        }
        if (pskStore == null) {
            throw new NullPointerException("psk store must not be null");
        }
        if (kboVar == null) {
            throw new NullPointerException("psk identity must not be null");
        }
        this.e = kboVar;
        String str = null;
        kcs e = kauVar.e();
        if (!z || e == null) {
            d.debug("client [{}] uses PSK identity [{}]", kauVar.y(), kboVar);
            this.b = pskStore.getKey(kboVar);
        } else {
            str = kauVar.a();
            d.debug("client [{}] uses PSK identity [{}] for server [{}]", kauVar.y(), kboVar, str);
            this.b = pskStore.getKey(e, kboVar);
        }
        if (this.b == null) {
            AlertMessage alertMessage = new AlertMessage(AlertMessage.AlertLevel.FATAL, AlertMessage.AlertDescription.UNKNOWN_PSK_IDENTITY, kauVar.y());
            if (str == null) {
                throw new kbe(String.format("No pre-shared key found for [identity: %s]", kboVar), alertMessage);
            }
            throw new kbe(String.format("No pre-shared key found for [virtual host: %s, identity: %s]", str, kboVar), alertMessage);
        }
        if (z) {
            this.c = new jzm(str, kboVar.i());
        } else {
            this.c = new jzm(kboVar.i());
        }
        kauVar.d(this.c);
    }

    private static kbo c(boolean z, kau kauVar, PskStore pskStore) throws kbe {
        kbo identity;
        if (kauVar == null) {
            throw new NullPointerException("Dtls session must not be null");
        }
        if (pskStore == null) {
            throw new NullPointerException("psk store must not be null");
        }
        kcs e = kauVar.e();
        if (!z || e == null) {
            identity = pskStore.getIdentity(kauVar.y());
            if (identity == null) {
                throw new kbe(String.format("No Identity found for peer [address: %s]", kauVar.y()), new AlertMessage(AlertMessage.AlertLevel.FATAL, AlertMessage.AlertDescription.HANDSHAKE_FAILURE, kauVar.y()));
            }
        } else {
            if (!kauVar.d()) {
                d.warn("client is configured to use SNI but server does not support it, PSK authentication is likely to fail");
            }
            identity = pskStore.getIdentity(kauVar.y(), e);
            if (identity == null) {
                throw new kbe(String.format("No Identity found for peer [address: %s, virtual host: %s]", kauVar.y(), kauVar.a()), new AlertMessage(AlertMessage.AlertLevel.FATAL, AlertMessage.AlertDescription.HANDSHAKE_FAILURE, kauVar.y()));
            }
        }
        return identity;
    }

    public SecretKey c(SecretKey secretKey) {
        byte[] encoded = this.b.getEncoded();
        int length = encoded.length;
        byte[] encoded2 = secretKey != null ? secretKey.getEncoded() : new byte[length];
        jzt jztVar = new jzt(true);
        jztVar.c(encoded2.length, 16);
        jztVar.d(encoded2);
        jztVar.c(length, 16);
        jztVar.d(encoded);
        byte[] e = jztVar.e();
        jztVar.d();
        SecretKey d2 = kcq.d(e, "MAC");
        jzo.b(encoded);
        jzo.b(encoded2);
        jzo.b(e);
        return d2;
    }

    public jzm c() {
        return this.c;
    }

    @Override // javax.security.auth.Destroyable
    public void destroy() throws DestroyFailedException {
        kcq.c(this.b);
    }

    public kbo e() {
        return this.e;
    }

    @Override // javax.security.auth.Destroyable
    public boolean isDestroyed() {
        return kcq.a(this.b);
    }
}
