package j.a.a.c.i;

import java.net.InetSocketAddress;
import java.security.GeneralSecurityException;
import java.security.MessageDigest;
import java.security.PublicKey;
import java.security.cert.CertPath;
import java.util.Arrays;
import java.util.Iterator;
import java.util.List;
import javax.crypto.SecretKey;
import org.eclipse.californium.scandium.dtls.AlertMessage;
import org.eclipse.californium.scandium.dtls.CertificateRequest;
import org.eclipse.californium.scandium.dtls.CertificateType;
import org.eclipse.californium.scandium.dtls.ChangeCipherSpecMessage;
import org.eclipse.californium.scandium.dtls.CompressionMethod;
import org.eclipse.californium.scandium.dtls.ContentType;
import org.eclipse.californium.scandium.dtls.HandshakeException;
import org.eclipse.californium.scandium.dtls.HandshakeType;
import org.eclipse.californium.scandium.dtls.MaxFragmentLengthExtension;
import org.eclipse.californium.scandium.dtls.SignatureAndHashAlgorithm;
import org.eclipse.californium.scandium.dtls.SupportedPointFormatsExtension;
import org.eclipse.californium.scandium.dtls.cipher.CipherSuite;
import org.eclipse.californium.scandium.dtls.cipher.ECDHECryptography;

/* loaded from: classes3.dex */
public class a1 extends h0 {
    public static g0[] A0 = {new g0(HandshakeType.CERTIFICATE), new g0(HandshakeType.CLIENT_KEY_EXCHANGE), new g0(HandshakeType.CERTIFICATE_VERIFY), new g0(ContentType.CHANGE_CIPHER_SPEC), new g0(HandshakeType.FINISHED)};
    public static g0[] B0 = {new g0(HandshakeType.CERTIFICATE), new g0(HandshakeType.CLIENT_KEY_EXCHANGE), new g0(ContentType.CHANGE_CIPHER_SPEC), new g0(HandshakeType.FINISHED)};
    public static g0[] C0 = {new g0(HandshakeType.CLIENT_KEY_EXCHANGE), new g0(ContentType.CHANGE_CIPHER_SPEC), new g0(HandshakeType.FINISHED)};
    public boolean m0;
    public boolean n0;
    public boolean o0;
    public PublicKey p0;
    public List<CipherSuite> q0;
    public final List<CertificateType> r0;
    public final List<CertificateType> s0;
    public CertificateType t0;
    public CertificateType u0;
    public ECDHECryptography.SupportedGroup v0;
    public SignatureAndHashAlgorithm w0;
    public d x0;
    public f y0;
    public q0 z0;

    /* loaded from: classes3.dex */
    public static /* synthetic */ class a {

        /* renamed from: a, reason: collision with root package name */
        public static final /* synthetic */ int[] f19473a;

        /* renamed from: b, reason: collision with root package name */
        public static final /* synthetic */ int[] f19474b;

        static {
            int[] iArr = new int[HandshakeType.values().length];
            f19474b = iArr;
            try {
                HandshakeType handshakeType = HandshakeType.CLIENT_HELLO;
                iArr[1] = 1;
            } catch (NoSuchFieldError unused) {
            }
            try {
                int[] iArr2 = f19474b;
                HandshakeType handshakeType2 = HandshakeType.CERTIFICATE;
                iArr2[4] = 2;
            } catch (NoSuchFieldError unused2) {
            }
            try {
                int[] iArr3 = f19474b;
                HandshakeType handshakeType3 = HandshakeType.CLIENT_KEY_EXCHANGE;
                iArr3[9] = 3;
            } catch (NoSuchFieldError unused3) {
            }
            try {
                int[] iArr4 = f19474b;
                HandshakeType handshakeType4 = HandshakeType.CERTIFICATE_VERIFY;
                iArr4[8] = 4;
            } catch (NoSuchFieldError unused4) {
            }
            try {
                int[] iArr5 = f19474b;
                HandshakeType handshakeType5 = HandshakeType.FINISHED;
                iArr5[10] = 5;
            } catch (NoSuchFieldError unused5) {
            }
            int[] iArr6 = new int[CipherSuite.KeyExchangeAlgorithm.values().length];
            f19473a = iArr6;
            try {
                CipherSuite.KeyExchangeAlgorithm keyExchangeAlgorithm = CipherSuite.KeyExchangeAlgorithm.PSK;
                iArr6[7] = 1;
            } catch (NoSuchFieldError unused6) {
            }
            try {
                int[] iArr7 = f19473a;
                CipherSuite.KeyExchangeAlgorithm keyExchangeAlgorithm2 = CipherSuite.KeyExchangeAlgorithm.ECDHE_PSK;
                iArr7[8] = 2;
            } catch (NoSuchFieldError unused7) {
            }
            try {
                int[] iArr8 = f19473a;
                CipherSuite.KeyExchangeAlgorithm keyExchangeAlgorithm3 = CipherSuite.KeyExchangeAlgorithm.EC_DIFFIE_HELLMAN;
                iArr8[9] = 3;
            } catch (NoSuchFieldError unused8) {
            }
        }
    }

    public a1(int i2, t tVar, v0 v0Var, m mVar, j.a.a.c.h.a aVar, int i3) {
        super(false, i2, tVar, v0Var, mVar, aVar, i3);
        this.m0 = false;
        this.n0 = false;
        this.o0 = false;
        this.x0 = null;
        this.y0 = null;
        this.q0 = aVar.E();
        this.n0 = aVar.K().booleanValue();
        this.o0 = aVar.J().booleanValue();
        this.m0 = aVar.U().booleanValue();
        this.r0 = aVar.F();
        this.s0 = aVar.l();
    }

    private p0 a(p0 p0Var) {
        if (p0Var.compareTo(new p0()) >= 0) {
            return new p0();
        }
        throw new HandshakeException("The server only supports DTLS v1.2", new AlertMessage(AlertMessage.AlertLevel.FATAL, AlertMessage.AlertDescription.PROTOCOL_VERSION, this.o.m()));
    }

    private SecretKey a(n0 n0Var) {
        this.z0 = n0Var.i();
        r0 r0Var = new r0(this.Q, this.o, this.r, this.z0);
        SecretKey a2 = r0Var.a(null);
        j.a.a.c.j.d.a(r0Var);
        return a2;
    }

    private SecretKey a(x xVar) {
        return this.f19509f.a(xVar.i());
    }

    private SecretKey a(z zVar) {
        this.z0 = zVar.j();
        r0 r0Var = new r0(this.Q, this.o, this.r, this.z0);
        SecretKey a2 = this.f19509f.a(zVar.i());
        SecretKey a3 = r0Var.a(a2);
        j.a.a.c.j.d.a(r0Var);
        j.a.a.c.j.d.b(a2);
        return a3;
    }

    public static CertificateType a(e eVar, List<CertificateType> list) {
        if (list == null) {
            return null;
        }
        if (eVar == null) {
            if (list.contains(CertificateType.X_509)) {
                return CertificateType.X_509;
            }
            return null;
        }
        for (CertificateType certificateType : eVar.d()) {
            if (list.contains(certificateType)) {
                return certificateType;
            }
        }
        return null;
    }

    private CertificateType a(i iVar) {
        return a(iVar.j(), this.r0);
    }

    private void a(b0 b0Var) {
        if (CipherSuite.KeyExchangeAlgorithm.EC_DIFFIE_HELLMAN.equals(f()) && this.o0 && (this.x0 == null || this.y0 == null)) {
            throw new HandshakeException("Client did not send required authentication messages.", new AlertMessage(AlertMessage.AlertLevel.FATAL, AlertMessage.AlertDescription.HANDSHAKE_FAILURE, this.o.m()));
        }
        this.z += 2;
        r rVar = new r(j(), this.z);
        MessageDigest e2 = e();
        try {
            MessageDigest messageDigest = (MessageDigest) e2.clone();
            b0Var.a(this.o.a().getThreadLocalPseudoRandomFunctionMac(), this.f19510g, true, e2.digest());
            a(rVar, new ChangeCipherSpecMessage(this.o.m()));
            u();
            messageDigest.update(b0Var.toByteArray());
            a(rVar, (s) new b0(this.o.a().getThreadLocalPseudoRandomFunctionMac(), this.f19510g, this.f19505b, messageDigest.digest(), this.o.m()));
            b(rVar);
            s();
        } catch (CloneNotSupportedException unused) {
            throw new HandshakeException("Cannot create FINISHED message hash", new AlertMessage(AlertMessage.AlertLevel.FATAL, AlertMessage.AlertDescription.INTERNAL_ERROR, b0Var.getPeer()));
        }
    }

    private void a(f fVar) {
        this.y0 = fVar;
        this.K.remove(r0.size() - 1);
        fVar.a(this.p0, this.K);
        this.K.add(fVar);
        CertPath certPath = this.P;
        if (certPath != null) {
            this.o.a(new j.a.a.b.y.f(certPath));
        } else {
            this.o.a(new j.a.a.b.y.e(this.p0));
        }
    }

    private void a(i iVar, r rVar) {
        d dVar;
        if (this.o.a().requiresServerCertificateMessage()) {
            if (CertificateType.RAW_PUBLIC_KEY == this.o.B()) {
                dVar = new d(this.N.getEncoded(), this.o.m());
            } else {
                if (CertificateType.X_509 != this.o.B()) {
                    StringBuilder a2 = e.b.a.a.a.a("Certificate type ");
                    a2.append(this.o.B());
                    a2.append(" not supported!");
                    throw new IllegalArgumentException(a2.toString());
                }
                dVar = new d(this.O, this.o.m());
            }
            a(rVar, (s) dVar);
        }
    }

    private void a(CipherSuite cipherSuite, i iVar, i0 i0Var) {
        CertificateType certificateType = this.t0;
        if (certificateType != null) {
            this.o.a(certificateType);
            if (iVar.j() != null) {
                i0Var.a(new g(this.t0));
            }
        }
        CertificateType certificateType2 = this.u0;
        if (certificateType2 != null) {
            this.o.b(certificateType2);
            if (iVar.r() != null) {
                i0Var.a(new z0(this.u0));
            }
        }
        if (!cipherSuite.isEccBased() || iVar.v() == null) {
            return;
        }
        i0Var.a(new SupportedPointFormatsExtension(Arrays.asList(SupportedPointFormatsExtension.ECPointFormat.UNCOMPRESSED)));
    }

    private boolean a(CipherSuite cipherSuite, CertificateType certificateType, CertificateType certificateType2, ECDHECryptography.SupportedGroup supportedGroup) {
        boolean z;
        if (cipherSuite.isEccBased()) {
            z = (supportedGroup != null) & true;
        } else {
            z = true;
        }
        if (!cipherSuite.requiresServerCertificateMessage()) {
            return z;
        }
        boolean z2 = z & (certificateType != null);
        if (this.o0 || this.n0) {
            return z2 & (certificateType2 != null);
        }
        return z2;
    }

    private CertificateType b(i iVar) {
        return a(iVar.r(), this.s0);
    }

    private void b(d dVar) {
        this.x0 = dVar;
        this.p0 = dVar.j();
        if (this.o0 && dVar.i() != null && this.p0 == null) {
            this.f19504a.debug("Client authentication failed: missing certificate!");
            throw new HandshakeException("Client Certificate required!", new AlertMessage(AlertMessage.AlertLevel.FATAL, AlertMessage.AlertDescription.HANDSHAKE_FAILURE, this.o.m()));
        }
        a(dVar);
        if (this.p0 == null) {
            this.W = B0;
        }
    }

    private void b(i iVar, i0 i0Var) {
        CertificateType b2 = b(iVar);
        CertificateType a2 = a(iVar);
        ECDHECryptography.SupportedGroup c2 = c(iVar);
        for (CipherSuite cipherSuite : iVar.i()) {
            if (cipherSuite != CipherSuite.TLS_NULL_WITH_NULL_NULL && this.q0.contains(cipherSuite) && a(cipherSuite, b2, a2, c2)) {
                this.u0 = b2;
                this.t0 = a2;
                this.v0 = c2;
                this.o.a(cipherSuite);
                a(cipherSuite, iVar, i0Var);
                this.o.C();
                this.f19504a.debug("Negotiated cipher suite [{}] with peer [{}]", cipherSuite.name(), h());
                return;
            }
        }
        throw new HandshakeException("Client proposed unsupported cipher suites only", new AlertMessage(AlertMessage.AlertLevel.FATAL, AlertMessage.AlertDescription.HANDSHAKE_FAILURE, this.o.m()));
    }

    private boolean b(i iVar, r rVar) {
        if ((!this.n0 && !this.o0) || this.w0 == null) {
            return false;
        }
        CertificateRequest certificateRequest = new CertificateRequest(this.o.m());
        certificateRequest.a(CertificateRequest.ClientCertificateType.ECDSA_SIGN);
        certificateRequest.a(this.w0);
        j.a.a.c.i.p1.b bVar = this.p;
        if (bVar != null) {
            certificateRequest.a(j.a.a.b.z.d.b(Arrays.asList(bVar.getAcceptedIssuers())));
        }
        a(rVar, (s) certificateRequest);
        return true;
    }

    public static ECDHECryptography.SupportedGroup c(i iVar) {
        List<ECDHECryptography.SupportedGroup> preferredGroups = ECDHECryptography.SupportedGroup.getPreferredGroups();
        l1 u = iVar.u();
        if (u != null) {
            Iterator<Integer> it = u.d().iterator();
            while (it.hasNext()) {
                ECDHECryptography.SupportedGroup fromId = ECDHECryptography.SupportedGroup.fromId(it.next().intValue());
                if (fromId != null && fromId.isUsable() && preferredGroups.contains(fromId)) {
                    return fromId;
                }
            }
        } else if (!preferredGroups.isEmpty()) {
            return preferredGroups.get(0);
        }
        return null;
    }

    private void c(i iVar, r rVar) {
        p0 a2 = a(iVar.k());
        this.f19507d = iVar.q();
        this.f19508e = new s0();
        h1 e2 = this.m0 ? h1.e() : new h1();
        this.o.a(e2);
        if (!iVar.l().contains(CompressionMethod.NULL)) {
            throw new HandshakeException("Client does not support NULL compression method", new AlertMessage(AlertMessage.AlertLevel.FATAL, AlertMessage.AlertDescription.HANDSHAKE_FAILURE, iVar.getPeer()));
        }
        this.o.a(CompressionMethod.NULL);
        i0 i0Var = new i0();
        b(iVar, i0Var);
        a(iVar, i0Var);
        a(rVar, (s) new b1(a2, this.f19508e, e2, this.o.a(), this.o.b(), i0Var, this.o.m()));
    }

    private void d(i iVar) {
        l();
        byte[] n = iVar.n();
        this.z = (n == null || n.length <= 0) ? 2 : 4;
        r rVar = new r(j(), this.z);
        c(iVar, rVar);
        a(iVar, rVar);
        d(iVar, rVar);
        if (b(iVar, rVar)) {
            this.W = A0;
        } else {
            this.W = C0;
        }
        this.V = -1;
        a(rVar, (s) new c1(this.o.m()));
        a(rVar);
    }

    private void d(i iVar, r rVar) {
        s a0Var;
        int ordinal = f().ordinal();
        if (ordinal == 8) {
            try {
                this.f19509f = new ECDHECryptography(this.v0.getEcParams());
                a0Var = new a0(q0.f19610f, this.f19509f, this.f19507d, this.f19508e, this.v0.getId(), this.o.m());
            } catch (GeneralSecurityException e2) {
                throw new HandshakeException(String.format("Error performing EC Diffie Hellman key exchange: %s", e2.getMessage()), new AlertMessage(AlertMessage.AlertLevel.FATAL, AlertMessage.AlertDescription.INTERNAL_ERROR, h()));
            }
        } else if (ordinal != 9) {
            a0Var = null;
        } else {
            this.w0 = new SignatureAndHashAlgorithm(SignatureAndHashAlgorithm.HashAlgorithm.SHA256, SignatureAndHashAlgorithm.SignatureAlgorithm.ECDSA);
            try {
                this.f19509f = new ECDHECryptography(this.v0.getEcParams());
                a0Var = new y(this.w0, this.f19509f, this.M, this.f19507d, this.f19508e, this.v0.getId(), this.o.m());
            } catch (GeneralSecurityException e3) {
                throw new HandshakeException(String.format("Error performing EC Diffie Hellman key exchange: %s", e3.getMessage()), new AlertMessage(AlertMessage.AlertLevel.FATAL, AlertMessage.AlertDescription.INTERNAL_ERROR, h()));
            }
        }
        if (a0Var != null) {
            a(rVar, a0Var);
        }
    }

    public final ECDHECryptography.SupportedGroup A() {
        return this.v0;
    }

    public q0 B() {
        return this.z0;
    }

    @Override // j.a.a.c.i.h0
    public void a(e0 e0Var) {
        SecretKey a2;
        int ordinal = e0Var.g().ordinal();
        if (ordinal == 1) {
            d((i) e0Var);
            return;
        }
        if (ordinal == 4) {
            b((d) e0Var);
            return;
        }
        switch (ordinal) {
            case 8:
                a((f) e0Var);
                break;
            case 9:
                int ordinal2 = f().ordinal();
                if (ordinal2 == 7) {
                    a2 = a((n0) e0Var);
                } else if (ordinal2 == 8) {
                    a2 = a((z) e0Var);
                } else {
                    if (ordinal2 != 9) {
                        throw new HandshakeException(String.format("Unsupported key exchange algorithm %s", f().name()), new AlertMessage(AlertMessage.AlertLevel.FATAL, AlertMessage.AlertDescription.HANDSHAKE_FAILURE, e0Var.getPeer()));
                    }
                    a2 = a((x) e0Var);
                }
                if (a2 != null) {
                    b(a2);
                    j.a.a.c.j.d.b(a2);
                }
                if (this.o0 && f() == CipherSuite.KeyExchangeAlgorithm.EC_DIFFIE_HELLMAN) {
                    return;
                }
                break;
            case 10:
                a((b0) e0Var);
                return;
            default:
                throw new HandshakeException(String.format("Received unexpected %s message from peer %s", e0Var.g(), e0Var.getPeer()), new AlertMessage(AlertMessage.AlertLevel.FATAL, AlertMessage.AlertDescription.UNEXPECTED_MESSAGE, e0Var.getPeer()));
        }
        a();
    }

    public void a(i iVar, i0 i0Var) {
        o m;
        j.c.c cVar;
        InetSocketAddress peer;
        String str;
        MaxFragmentLengthExtension p = iVar.p();
        if (p != null) {
            this.o.b(p.d().length());
            i0Var.a(p);
            this.f19504a.debug("Negotiated max. fragment length [{} bytes] with peer [{}]", Integer.valueOf(p.d().length()), iVar.getPeer());
        }
        e1 s = iVar.s();
        if (s != null) {
            if (this.Q) {
                this.o.a(s.d());
                i0Var.a(e1.e());
                this.o.a(true);
                cVar = this.f19504a;
                peer = iVar.getPeer();
                str = "using server name indication received from peer [{}]";
            } else {
                cVar = this.f19504a;
                peer = iVar.getPeer();
                str = "client [{}] included SNI in HELLO but SNI support is disabled";
            }
            cVar.debug(str, peer);
        }
        if (this.s == null || (m = iVar.m()) == null) {
            return;
        }
        this.o.a(m.d());
        i0Var.a(o.a(this.s.b() ? c().b() : n.f19591d));
    }

    @Override // j.a.a.c.i.h0
    public void v() {
        throw new HandshakeException("starting an handshake is not supported for server handshaker!", null);
    }

    public final CertificateType y() {
        return this.t0;
    }

    public final CertificateType z() {
        return this.u0;
    }
}
