package org.eclipse.californium.scandium;

import java.net.InetSocketAddress;
import java.security.GeneralSecurityException;
import java.security.SecureRandom;
import java.util.concurrent.TimeUnit;
import java.util.concurrent.locks.ReentrantReadWriteLock;
import javax.crypto.Mac;
import javax.crypto.spec.SecretKeySpec;
import org.eclipse.californium.elements.util.ClockUtil;
import org.eclipse.californium.scandium.dtls.ClientHello;
import org.eclipse.californium.scandium.dtls.CompressionMethod;
import org.eclipse.californium.scandium.dtls.cipher.CipherSuite;

/* loaded from: classes2.dex */
public class CookieGenerator {
    private static final long KEY_LIFE_TIME = TimeUnit.MINUTES.toNanos(5);
    private Mac hmac;
    private SecretKeySpec lastSecretKey;
    private long nextKeyGenerationNanos;
    private final ReentrantReadWriteLock lock = new ReentrantReadWriteLock();
    private final SecureRandom rng = new SecureRandom();
    byte[] rd = new byte[32];

    private final Mac createHMAC() throws GeneralSecurityException {
        Mac mac = this.hmac;
        if (mac != null) {
            try {
                return (Mac) mac.clone();
            } catch (CloneNotSupportedException unused) {
                throw new IllegalStateException("hmac doesn't support clone and MUST therefore be null!");
            }
        }
        Mac mac2 = Mac.getInstance("HmacSHA256");
        mac2.init(this.lastSecretKey);
        return mac2;
    }

    private void generateSecretKey() {
        this.nextKeyGenerationNanos = ClockUtil.nanoRealtime() + KEY_LIFE_TIME;
        this.rng.nextBytes(this.rd);
        this.lastSecretKey = new SecretKeySpec(this.rd, "MAC");
    }

    private Mac getHMAC() throws GeneralSecurityException {
        this.lock.readLock().lock();
        try {
            if (this.lastSecretKey != null && !isKeyExpired()) {
                return createHMAC();
            }
            this.lock.readLock().unlock();
            this.lock.writeLock().lock();
            try {
                if (this.lastSecretKey != null) {
                    if (isKeyExpired()) {
                        generateSecretKey();
                    }
                    return createHMAC();
                }
                generateSecretKey();
                Mac mac = Mac.getInstance("HmacSHA256");
                this.hmac = mac;
                mac.init(this.lastSecretKey);
                return (Mac) this.hmac.clone();
            } catch (CloneNotSupportedException unused) {
                Mac mac2 = this.hmac;
                this.hmac = null;
                return mac2;
            } finally {
                this.lock.writeLock().unlock();
            }
        } finally {
            this.lock.readLock().unlock();
        }
    }

    private boolean isKeyExpired() {
        return ClockUtil.nanoRealtime() - this.nextKeyGenerationNanos >= 0;
    }

    public byte[] generateCookie(ClientHello clientHello) throws GeneralSecurityException {
        Mac hmac = getHMAC();
        InetSocketAddress peer = clientHello.getPeer();
        hmac.update(peer.getAddress().getAddress());
        int port = peer.getPort();
        hmac.update((byte) (port >>> 8));
        hmac.update((byte) port);
        hmac.update((byte) clientHello.getClientVersion().getMajor());
        hmac.update((byte) clientHello.getClientVersion().getMinor());
        hmac.update(clientHello.getRandom().getBytes());
        hmac.update(clientHello.getSessionId().getBytes());
        hmac.update(CipherSuite.listToByteArray(clientHello.getCipherSuites()));
        hmac.update(CompressionMethod.listToByteArray(clientHello.getCompressionMethods()));
        return hmac.doFinal();
    }
}
