package j.a.a.c.i;

import java.security.GeneralSecurityException;
import java.security.MessageDigest;
import java.security.PublicKey;
import java.security.cert.CertPath;
import java.security.cert.X509Certificate;
import java.security.interfaces.ECPublicKey;
import java.util.Collections;
import java.util.List;
import javax.crypto.SecretKey;
import org.eclipse.californium.scandium.dtls.AlertMessage;
import org.eclipse.californium.scandium.dtls.CertificateRequest;
import org.eclipse.californium.scandium.dtls.CertificateType;
import org.eclipse.californium.scandium.dtls.ChangeCipherSpecMessage;
import org.eclipse.californium.scandium.dtls.CompressionMethod;
import org.eclipse.californium.scandium.dtls.ContentType;
import org.eclipse.californium.scandium.dtls.HandshakeException;
import org.eclipse.californium.scandium.dtls.HandshakeType;
import org.eclipse.californium.scandium.dtls.HelloExtension;
import org.eclipse.californium.scandium.dtls.MaxFragmentLengthExtension;
import org.eclipse.californium.scandium.dtls.SignatureAndHashAlgorithm;
import org.eclipse.californium.scandium.dtls.SupportedPointFormatsExtension;
import org.eclipse.californium.scandium.dtls.cipher.CipherSuite;
import org.eclipse.californium.scandium.dtls.cipher.ECDHECryptography;

@j.a.a.b.z.n
/* loaded from: classes3.dex */
public class h extends h0 {
    public p0 m0;
    public PublicKey n0;
    public ECPublicKey o0;
    public i p0;
    public final List<CipherSuite> q0;
    public final Integer r0;
    public final boolean s0;
    public final List<CertificateType> t0;
    public final List<CertificateType> u0;
    public CertificateRequest v0;
    public byte[] w0;
    public j.a.a.c.j.e x0;
    public SignatureAndHashAlgorithm y0;
    public static g0[] z0 = {new g0(HandshakeType.HELLO_VERIFY_REQUEST, true), new g0(HandshakeType.SERVER_HELLO), new g0(HandshakeType.CERTIFICATE), new g0(HandshakeType.SERVER_KEY_EXCHANGE), new g0(HandshakeType.CERTIFICATE_REQUEST, true), new g0(HandshakeType.SERVER_HELLO_DONE), new g0(ContentType.CHANGE_CIPHER_SPEC), new g0(HandshakeType.FINISHED)};
    public static g0[] A0 = {new g0(HandshakeType.HELLO_VERIFY_REQUEST, true), new g0(HandshakeType.SERVER_HELLO), new g0(HandshakeType.SERVER_KEY_EXCHANGE, true), new g0(HandshakeType.SERVER_HELLO_DONE), new g0(ContentType.CHANGE_CIPHER_SPEC), new g0(HandshakeType.FINISHED)};

    /* loaded from: classes3.dex */
    public static /* synthetic */ class a {

        /* renamed from: a, reason: collision with root package name */
        public static final /* synthetic */ int[] f19502a;

        /* renamed from: b, reason: collision with root package name */
        public static final /* synthetic */ int[] f19503b;

        static {
            int[] iArr = new int[HandshakeType.values().length];
            f19503b = iArr;
            try {
                HandshakeType handshakeType = HandshakeType.HELLO_VERIFY_REQUEST;
                iArr[3] = 1;
            } catch (NoSuchFieldError unused) {
            }
            try {
                int[] iArr2 = f19503b;
                HandshakeType handshakeType2 = HandshakeType.SERVER_HELLO;
                iArr2[2] = 2;
            } catch (NoSuchFieldError unused2) {
            }
            try {
                int[] iArr3 = f19503b;
                HandshakeType handshakeType3 = HandshakeType.CERTIFICATE;
                iArr3[4] = 3;
            } catch (NoSuchFieldError unused3) {
            }
            try {
                int[] iArr4 = f19503b;
                HandshakeType handshakeType4 = HandshakeType.SERVER_KEY_EXCHANGE;
                iArr4[5] = 4;
            } catch (NoSuchFieldError unused4) {
            }
            try {
                int[] iArr5 = f19503b;
                HandshakeType handshakeType5 = HandshakeType.CERTIFICATE_REQUEST;
                iArr5[6] = 5;
            } catch (NoSuchFieldError unused5) {
            }
            try {
                int[] iArr6 = f19503b;
                HandshakeType handshakeType6 = HandshakeType.SERVER_HELLO_DONE;
                iArr6[7] = 6;
            } catch (NoSuchFieldError unused6) {
            }
            try {
                int[] iArr7 = f19503b;
                HandshakeType handshakeType7 = HandshakeType.FINISHED;
                iArr7[10] = 7;
            } catch (NoSuchFieldError unused7) {
            }
            int[] iArr8 = new int[CipherSuite.KeyExchangeAlgorithm.values().length];
            f19502a = iArr8;
            try {
                CipherSuite.KeyExchangeAlgorithm keyExchangeAlgorithm = CipherSuite.KeyExchangeAlgorithm.EC_DIFFIE_HELLMAN;
                iArr8[9] = 1;
            } catch (NoSuchFieldError unused8) {
            }
            try {
                int[] iArr9 = f19502a;
                CipherSuite.KeyExchangeAlgorithm keyExchangeAlgorithm2 = CipherSuite.KeyExchangeAlgorithm.PSK;
                iArr9[7] = 2;
            } catch (NoSuchFieldError unused9) {
            }
            try {
                int[] iArr10 = f19502a;
                CipherSuite.KeyExchangeAlgorithm keyExchangeAlgorithm3 = CipherSuite.KeyExchangeAlgorithm.ECDHE_PSK;
                iArr10[8] = 3;
            } catch (NoSuchFieldError unused10) {
            }
            try {
                int[] iArr11 = f19502a;
                CipherSuite.KeyExchangeAlgorithm keyExchangeAlgorithm4 = CipherSuite.KeyExchangeAlgorithm.NULL;
                iArr11[0] = 4;
            } catch (NoSuchFieldError unused11) {
            }
        }
    }

    public h(t tVar, v0 v0Var, m mVar, j.a.a.c.h.a aVar, int i2) {
        super(true, 0, tVar, v0Var, mVar, aVar, i2);
        this.m0 = new p0();
        this.p0 = null;
        this.v0 = null;
        this.w0 = null;
        this.q0 = aVar.E();
        this.r0 = aVar.q();
        this.s0 = aVar.V().booleanValue();
        this.u0 = aVar.F();
        this.t0 = aVar.l();
    }

    private void a(a0 a0Var) {
        this.o0 = a0Var.k();
        try {
            this.f19509f = new ECDHECryptography(this.o0.getParams());
        } catch (GeneralSecurityException e2) {
            throw new HandshakeException(String.format("Cannot create ephemeral keys from domain params provided by server: %s", e2.getMessage()), new AlertMessage(AlertMessage.AlertLevel.FATAL, AlertMessage.AlertDescription.HANDSHAKE_FAILURE, h()));
        }
    }

    private void a(b0 b0Var) {
        b0Var.a(this.o.a().getThreadLocalPseudoRandomFunctionMac(), this.f19510g, false, this.w0);
        s();
        k();
    }

    private void a(y yVar) {
        yVar.a(this.n0, this.f19507d, this.f19508e);
        CertPath certPath = this.P;
        if (certPath != null) {
            this.o.a(new j.a.a.b.y.f(certPath));
        } else {
            this.o.a(new j.a.a.b.y.e(this.n0));
        }
        this.o0 = yVar.j();
        try {
            this.f19509f = new ECDHECryptography(this.o0.getParams());
        } catch (GeneralSecurityException e2) {
            throw new HandshakeException(String.format("Cannot create ephemeral keys from domain params provided by server: %s", e2.getMessage()), new AlertMessage(AlertMessage.AlertLevel.FATAL, AlertMessage.AlertDescription.HANDSHAKE_FAILURE, h()));
        }
    }

    public static boolean a(CertificateType certificateType, List<CertificateType> list) {
        return list != null ? list.contains(certificateType) : certificateType == CertificateType.X_509;
    }

    private void b(d dVar) {
        a(dVar);
        this.n0 = dVar.j();
    }

    public List<X509Certificate> a(CertificateRequest certificateRequest) {
        List<X509Certificate> list = this.O;
        if (list == null) {
            return Collections.emptyList();
        }
        SignatureAndHashAlgorithm b2 = certificateRequest.b(list);
        this.y0 = b2;
        return b2 == null ? Collections.emptyList() : this.O;
    }

    public void a(b1 b1Var) {
        o l;
        this.f19506c = b1Var.q();
        this.f19508e = b1Var.o();
        this.o.a(b1Var.r());
        CipherSuite i2 = b1Var.i();
        if (!this.q0.contains(i2)) {
            throw new HandshakeException("Server wants to use not supported cipher suite " + i2, new AlertMessage(AlertMessage.AlertLevel.FATAL, AlertMessage.AlertDescription.ILLEGAL_PARAMETER, b1Var.getPeer()));
        }
        this.o.a(i2);
        CompressionMethod k = b1Var.k();
        if (k != CompressionMethod.NULL) {
            throw new HandshakeException("Server wants to use not supported compression method " + k, new AlertMessage(AlertMessage.AlertLevel.FATAL, AlertMessage.AlertDescription.ILLEGAL_PARAMETER, b1Var.getPeer()));
        }
        this.o.a(b1Var.k());
        b(b1Var);
        if (this.s != null && (l = b1Var.l()) != null) {
            this.o.a(l.d());
        }
        this.o.b(b1Var.j());
        this.o.a(b1Var.t());
        this.o.C();
        if (i2.requiresServerCertificateMessage()) {
            return;
        }
        this.W = A0;
    }

    public void a(c1 c1Var) {
        s sVar;
        SecretKey secretKey;
        this.z += 2;
        r rVar = new r(j(), this.z);
        d(rVar);
        int ordinal = f().ordinal();
        r0 r0Var = null;
        if (ordinal == 7) {
            r0 r0Var2 = new r0(this.Q, this.o, this.r);
            this.f19504a.debug("Using PSK identity: {}", r0Var2.a());
            n0 n0Var = new n0(r0Var2.b(), this.o.m());
            SecretKey a2 = r0Var2.a(null);
            r0Var = r0Var2;
            sVar = n0Var;
            secretKey = a2;
        } else if (ordinal == 8) {
            r0 r0Var3 = new r0(this.Q, this.o, this.r);
            this.f19504a.debug("Using PSK identity: {}", r0Var3.a());
            z zVar = new z(r0Var3.b(), this.f19509f.b(), this.o.m());
            SecretKey a3 = this.f19509f.a(this.o0);
            SecretKey a4 = r0Var3.a(a3);
            j.a.a.c.j.d.b(a3);
            r0Var = r0Var3;
            sVar = zVar;
            secretKey = a4;
        } else {
            if (ordinal != 9) {
                StringBuilder a5 = e.b.a.a.a.a("Unknown key exchange algorithm: ");
                a5.append(f());
                throw new HandshakeException(a5.toString(), new AlertMessage(AlertMessage.AlertLevel.FATAL, AlertMessage.AlertDescription.HANDSHAKE_FAILURE, this.o.m()));
            }
            sVar = new x(this.f19509f.b(), this.o.m());
            secretKey = this.f19509f.a(this.o0);
        }
        j.a.a.c.j.d.a(r0Var);
        if (secretKey != null) {
            b(secretKey);
            j.a.a.c.j.d.b(secretKey);
        }
        a(rVar, sVar);
        if (this.v0 != null && this.y0 != null) {
            CertificateType B = this.o.B();
            if (!a(B, this.t0)) {
                throw new HandshakeException("Server wants to use not supported client certificate type " + B, new AlertMessage(AlertMessage.AlertLevel.FATAL, AlertMessage.AlertDescription.ILLEGAL_PARAMETER, c1Var.getPeer()));
            }
            a(rVar, (s) new f(this.y0, this.M, this.K, this.o.m()));
        }
        a(rVar, new ChangeCipherSpecMessage(this.o.m()));
        u();
        MessageDigest e2 = e();
        try {
            MessageDigest messageDigest = (MessageDigest) e2.clone();
            b0 b0Var = new b0(this.o.a().getThreadLocalPseudoRandomFunctionMac(), this.f19510g, this.f19505b, e2.digest(), this.o.m());
            a(rVar, (s) b0Var);
            messageDigest.update(b0Var.toByteArray());
            this.w0 = messageDigest.digest();
            a(rVar);
        } catch (CloneNotSupportedException unused) {
            throw new HandshakeException("Cannot create FINISHED message", new AlertMessage(AlertMessage.AlertLevel.FATAL, AlertMessage.AlertDescription.INTERNAL_ERROR, c1Var.getPeer()));
        }
    }

    @Override // j.a.a.c.i.h0
    public void a(e0 e0Var) {
        int ordinal = e0Var.g().ordinal();
        if (ordinal == 10) {
            a((b0) e0Var);
            return;
        }
        switch (ordinal) {
            case 2:
                a((b1) e0Var);
                return;
            case 3:
                a((k0) e0Var);
                return;
            case 4:
                b((d) e0Var);
                return;
            case 5:
                int ordinal2 = f().ordinal();
                if (ordinal2 == 0) {
                    this.f19504a.info("Received unexpected ServerKeyExchange message in NULL key exchange mode.");
                    return;
                }
                if (ordinal2 != 7) {
                    if (ordinal2 == 8) {
                        a((a0) e0Var);
                        return;
                    } else {
                        if (ordinal2 != 9) {
                            throw new HandshakeException(String.format("Unsupported key exchange algorithm %s", f().name()), new AlertMessage(AlertMessage.AlertLevel.FATAL, AlertMessage.AlertDescription.HANDSHAKE_FAILURE, e0Var.getPeer()));
                        }
                        a((y) e0Var);
                        return;
                    }
                }
                return;
            case 6:
                this.v0 = (CertificateRequest) e0Var;
                return;
            case 7:
                a((c1) e0Var);
                a();
                return;
            default:
                throw new HandshakeException(String.format("Received unexpected handshake message [%s] from peer %s", e0Var.g(), e0Var.getPeer()), new AlertMessage(AlertMessage.AlertLevel.FATAL, AlertMessage.AlertDescription.UNEXPECTED_MESSAGE, e0Var.getPeer()));
        }
    }

    public void a(i iVar) {
        p pVar = this.s;
        if (pVar != null) {
            iVar.a(o.a(pVar.b() ? c().b() : n.f19591d));
        }
    }

    public void a(k0 k0Var) {
        this.K.clear();
        this.p0.a(k0Var.i());
        this.z = 3;
        r rVar = new r(j(), this.z);
        a(rVar, (s) this.p0);
        a(rVar);
        this.V--;
    }

    public PublicKey b(CertificateRequest certificateRequest) {
        PublicKey publicKey = this.N;
        if (publicKey == null) {
            return null;
        }
        SignatureAndHashAlgorithm a2 = certificateRequest.a(publicKey);
        this.y0 = a2;
        if (a2 == null) {
            return null;
        }
        return this.N;
    }

    public void b(b1 b1Var) {
        i0 m = b1Var.m();
        if (m != null && !m.c()) {
            i0 o = this.p0.o();
            if (o == null || o.c()) {
                throw new HandshakeException("Server wants extensions, but client not!", new AlertMessage(AlertMessage.AlertLevel.FATAL, AlertMessage.AlertDescription.UNSUPPORTED_EXTENSION, b1Var.getPeer()));
            }
            for (HelloExtension helloExtension : m.a()) {
                if (o.a(helloExtension.b()) == null) {
                    StringBuilder a2 = e.b.a.a.a.a("Server wants ");
                    a2.append(helloExtension.b());
                    a2.append(", but client not!");
                    throw new HandshakeException(a2.toString(), new AlertMessage(AlertMessage.AlertLevel.FATAL, AlertMessage.AlertDescription.UNSUPPORTED_EXTENSION, b1Var.getPeer()));
                }
            }
        }
        SupportedPointFormatsExtension s = b1Var.s();
        if (s != null && !s.b(SupportedPointFormatsExtension.ECPointFormat.UNCOMPRESSED)) {
            throw new HandshakeException("Server wants to use only not supported EC point formats!", new AlertMessage(AlertMessage.AlertLevel.FATAL, AlertMessage.AlertDescription.ILLEGAL_PARAMETER, b1Var.getPeer()));
        }
        MaxFragmentLengthExtension n = b1Var.n();
        if (n != null) {
            MaxFragmentLengthExtension.Length d2 = n.d();
            if (d2.code() != this.r0.intValue()) {
                throw new HandshakeException("Server wants to use other max. fragment size than proposed", new AlertMessage(AlertMessage.AlertLevel.FATAL, AlertMessage.AlertDescription.ILLEGAL_PARAMETER, b1Var.getPeer()));
            }
            this.o.b(d2.length());
        }
        CertificateType p = b1Var.p();
        if (a(p, this.u0)) {
            this.o.a(p);
            return;
        }
        throw new HandshakeException("Server wants to use not supported server certificate type " + p, new AlertMessage(AlertMessage.AlertLevel.FATAL, AlertMessage.AlertDescription.ILLEGAL_PARAMETER, b1Var.getPeer()));
    }

    public void b(i iVar) {
        Integer num = this.r0;
        if (num != null) {
            iVar.a(new MaxFragmentLengthExtension(num.intValue()));
            this.f19504a.debug("Indicating max. fragment length [{}] to server [{}]", this.r0, h());
        }
    }

    public void c(i iVar) {
        if (!this.Q || this.o.s() == null) {
            return;
        }
        this.f19504a.debug("adding SNI extension to CLIENT_HELLO message [{}]", this.o.f());
        iVar.a(e1.a(this.o.s()));
    }

    public void d(r rVar) {
        d dVar;
        if (this.v0 != null) {
            if (CertificateType.RAW_PUBLIC_KEY == this.o.B()) {
                byte[] bArr = j.a.a.b.z.c.f19258c;
                PublicKey b2 = b(this.v0);
                if (b2 != null) {
                    bArr = b2.getEncoded();
                }
                if (this.f19504a.isDebugEnabled()) {
                    this.f19504a.debug("sending CERTIFICATE message with client RawPublicKey [{}] to server", j.a.a.b.z.v.b(bArr));
                }
                dVar = new d(bArr, this.o.m());
            } else {
                if (CertificateType.X_509 != this.o.B()) {
                    StringBuilder a2 = e.b.a.a.a.a("Certificate type ");
                    a2.append(this.o.B());
                    a2.append(" not supported!");
                    throw new IllegalArgumentException(a2.toString());
                }
                dVar = new d(a(this.v0), this.s0 ? this.v0.i() : null, this.o.m());
            }
            a(rVar, (s) dVar);
        }
    }

    @Override // j.a.a.c.i.h0
    public void v() {
        l();
        i iVar = new i(this.m0, this.q0, this.t0, this.u0, this.o.m());
        this.f19507d = iVar.q();
        iVar.a(CompressionMethod.NULL);
        a(iVar);
        b(iVar);
        c(iVar);
        this.z = 1;
        this.p0 = iVar;
        r rVar = new r(this.o, 1);
        a(rVar, (s) iVar);
        a(rVar);
        this.W = z0;
        this.V = 0;
    }

    public final SignatureAndHashAlgorithm y() {
        return this.y0;
    }
}
