package org.eclipse.californium.scandium.dtls;

import com.couchbase.lite.BlobStore;
import java.net.InetSocketAddress;
import java.security.GeneralSecurityException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.cert.Certificate;
import java.util.ArrayList;
import java.util.Comparator;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Set;
import java.util.SortedSet;
import java.util.TreeSet;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.crypto.Mac;
import javax.crypto.SecretKey;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.SecretKeySpec;
import org.eclipse.californium.scandium.dtls.AlertMessage;
import org.eclipse.californium.scandium.dtls.cipher.CipherSuite;
import org.eclipse.californium.scandium.dtls.cipher.ECDHECryptography;
import org.eclipse.californium.scandium.util.ByteArrayUtils;

/* loaded from: classes16.dex */
public abstract class Handshaker {
    public static final int CLIENT_FINISHED_LABEL = 3;
    public static final int KEY_EXPANSION_LABEL = 2;
    private static final Logger LOGGER = Logger.getLogger(Handshaker.class.getName());
    public static final int MASTER_SECRET_LABEL = 1;
    private static final String MESSAGE_DIGEST_ALGORITHM_NAME = "SHA-256";
    public static final int SERVER_FINISHED_LABEL = 4;
    protected Certificate[] certificateChain;
    private boolean changeCipherSuiteMessageExpected;
    protected Random clientRandom;
    private IvParameterSpec clientWriteIV;
    private SecretKey clientWriteKey;
    private SecretKey clientWriteMACKey;
    protected ECDHECryptography ecdhe;
    protected Map<Integer, SortedSet<FragmentedHandshakeMessage>> fragmentedMessages;
    protected byte[] handshakeMessages;
    protected InboundMessageBuffer inboundMessageBuffer;
    protected final boolean isClient;
    private byte[] masterSecret;
    protected MessageDigest md;
    private int nextReceiveSeq;
    protected PrivateKey privateKey;
    protected PublicKey publicKey;
    protected final Certificate[] rootCertificates;
    private int sequenceNumber;
    protected Random serverRandom;
    private IvParameterSpec serverWriteIV;
    private SecretKey serverWriteKey;
    private SecretKey serverWriteMACKey;
    protected final DTLSSession session;
    private Set<SessionListener> sessionListeners;
    protected int state;
    protected ProtocolVersion usedProtocol;

    /* loaded from: classes16.dex */
    class InboundMessageBuffer {
        private ChangeCipherSpecMessage changeCipherSpec = null;
        private SortedSet<Record> queue = new TreeSet(new Comparator<Record>() { // from class: org.eclipse.californium.scandium.dtls.Handshaker.InboundMessageBuffer.1
            @Override // java.util.Comparator
            public int compare(Record record, Record record2) {
                if (record.getEpoch() < record2.getEpoch()) {
                    return -1;
                }
                if (record.getEpoch() > record2.getEpoch()) {
                    return 1;
                }
                if (record.getSequenceNumber() >= record2.getSequenceNumber()) {
                    return record.getSequenceNumber() > record2.getSequenceNumber() ? 1 : 0;
                }
                return -1;
            }
        });

        InboundMessageBuffer() {
        }

        DTLSMessage getNextMessage() throws GeneralSecurityException, HandshakeException {
            if (Handshaker.this.isChangeCipherSpecMessageExpected() && this.changeCipherSpec != null) {
                ChangeCipherSpecMessage changeCipherSpecMessage = this.changeCipherSpec;
                this.changeCipherSpec = null;
                return changeCipherSpecMessage;
            }
            for (Record record : this.queue) {
                if (record.getEpoch() == Handshaker.this.session.getReadEpoch()) {
                    HandshakeMessage handshakeMessage = (HandshakeMessage) record.getFragment(Handshaker.this.session.getReadState());
                    if (handshakeMessage.getMessageSeq() == Handshaker.this.nextReceiveSeq) {
                        this.queue.remove(record);
                        return handshakeMessage;
                    }
                }
            }
            return null;
        }

        DTLSMessage getNextMessage(Record record) throws GeneralSecurityException, HandshakeException {
            int epoch = record.getEpoch();
            if (epoch < Handshaker.this.session.getReadEpoch()) {
                Handshaker.LOGGER.log(Level.FINER, "Discarding message from peer [{0}] from past epoch [{1}] < current epoch [{2}]", new Object[]{Handshaker.this.getPeerAddress(), Integer.valueOf(epoch), Integer.valueOf(Handshaker.this.session.getReadEpoch())});
                return null;
            }
            if (epoch != Handshaker.this.session.getReadEpoch()) {
                this.queue.add(record);
                Handshaker.LOGGER.log(Level.FINER, "Queueing HANDSHAKE message from future epoch [{0}] > current epoch [{1}]", new Object[]{Integer.valueOf(epoch), Integer.valueOf(Handshaker.this.getSession().getReadEpoch())});
                return null;
            }
            DTLSMessage fragment = record.getFragment();
            switch (fragment.getContentType()) {
                case ALERT:
                    return fragment;
                case CHANGE_CIPHER_SPEC:
                    if (Handshaker.this.isChangeCipherSpecMessageExpected()) {
                        return fragment;
                    }
                    this.changeCipherSpec = (ChangeCipherSpecMessage) fragment;
                    return null;
                case HANDSHAKE:
                    HandshakeMessage handshakeMessage = (HandshakeMessage) fragment;
                    int messageSeq = handshakeMessage.getMessageSeq();
                    if (messageSeq == Handshaker.this.nextReceiveSeq) {
                        return handshakeMessage;
                    }
                    if (messageSeq <= Handshaker.this.nextReceiveSeq) {
                        Handshaker.LOGGER.log(Level.FINER, "Discarding old message, message_seq [{0}] < next_receive_seq [{1}]", new Object[]{Integer.valueOf(messageSeq), Integer.valueOf(Handshaker.this.nextReceiveSeq)});
                        return null;
                    }
                    Handshaker.LOGGER.log(Level.FINER, "Queued newer message from current epoch, message_seq [{0}] > next_receive_seq [{1}]", new Object[]{Integer.valueOf(messageSeq), Integer.valueOf(Handshaker.this.nextReceiveSeq)});
                    this.queue.add(record);
                    return null;
                default:
                    Handshaker.LOGGER.log(Level.FINER, "Cannot process message of type [{0}], discarding...", fragment.getContentType());
                    return null;
            }
        }

        boolean isEmpty() {
            return this.queue.isEmpty();
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public Handshaker(boolean z, int i, DTLSSession dTLSSession, SessionListener sessionListener, Certificate[] certificateArr, int i2) {
        this.state = -1;
        this.sequenceNumber = 0;
        this.nextReceiveSeq = 0;
        this.fragmentedMessages = new HashMap();
        this.handshakeMessages = new byte[0];
        this.sessionListeners = new HashSet();
        this.changeCipherSuiteMessageExpected = false;
        if (dTLSSession == null) {
            throw new NullPointerException("DTLS Session must not be null");
        }
        if (i < 0) {
            throw new IllegalArgumentException("Initial message sequence number must not be negative");
        }
        addSessionListener(sessionListener);
        this.nextReceiveSeq = i;
        this.sequenceNumber = i;
        this.isClient = z;
        this.session = dTLSSession;
        this.inboundMessageBuffer = new InboundMessageBuffer();
        this.rootCertificates = certificateArr == null ? new Certificate[0] : certificateArr;
        this.session.setMaxTransmissionUnit(i2);
        try {
            this.md = MessageDigest.getInstance(MESSAGE_DIGEST_ALGORITHM_NAME);
        } catch (NoSuchAlgorithmException e) {
            throw new IllegalStateException(String.format("Message digest algorithm %s is not available on JVM", MESSAGE_DIGEST_ALGORITHM_NAME));
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public Handshaker(boolean z, DTLSSession dTLSSession, SessionListener sessionListener, Certificate[] certificateArr, int i) {
        this(z, 0, dTLSSession, sessionListener, certificateArr, i);
    }

    static final byte[] doExpansion(Mac mac, byte[] bArr, int i) {
        int ceil = (int) Math.ceil(i / mac.getMacLength());
        byte[] bArr2 = new byte[0];
        byte[] bArr3 = bArr;
        for (int i2 = 0; i2 < ceil; i2++) {
            bArr3 = mac.doFinal(bArr3);
            bArr2 = ByteArrayUtils.concatenate(bArr2, mac.doFinal(ByteArrayUtils.concatenate(bArr3, bArr)));
        }
        return ByteArrayUtils.truncate(bArr2, i);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static final byte[] doPRF(byte[] bArr, int i, byte[] bArr2) {
        String str;
        int i2;
        switch (i) {
            case 1:
                str = "master secret";
                i2 = 48;
                break;
            case 2:
                str = "key expansion";
                i2 = 128;
                break;
            case 3:
                str = "client finished";
                i2 = 12;
                break;
            case 4:
                str = "server finished";
                i2 = 12;
                break;
            default:
                LOGGER.log(Level.SEVERE, "Unknown label: {0}", Integer.valueOf(i));
                return null;
        }
        return doPRF(bArr, str.getBytes(), bArr2, i2);
    }

    static byte[] doPRF(byte[] bArr, byte[] bArr2, byte[] bArr3, int i) {
        try {
            Mac mac = Mac.getInstance("HmacSHA256");
            mac.init(new SecretKeySpec(bArr, "MAC"));
            return doExpansion(mac, ByteArrayUtils.concatenate(bArr2, bArr3), i);
        } catch (GeneralSecurityException e) {
            LOGGER.log(Level.SEVERE, "Message digest algorithm not available", (Throwable) e);
            return null;
        }
    }

    private byte[] generateMasterSecret(byte[] bArr) {
        return doPRF(bArr, 1, ByteArrayUtils.concatenate(this.clientRandom.getRandomBytes(), this.serverRandom.getRandomBytes()));
    }

    private final HandshakeMessage reassembleFragments(int i, SortedSet<FragmentedHandshakeMessage> sortedSet, int i2, HandshakeType handshakeType, DTLSSession dTLSSession) throws HandshakeException {
        byte[] bArr = new byte[0];
        int i3 = 0;
        for (FragmentedHandshakeMessage fragmentedHandshakeMessage : sortedSet) {
            int fragmentOffset = fragmentedHandshakeMessage.getFragmentOffset();
            int fragmentLength = fragmentedHandshakeMessage.getFragmentLength();
            if (fragmentOffset == i3) {
                bArr = ByteArrayUtils.concatenate(bArr, fragmentedHandshakeMessage.fragmentToByteArray());
                i3 = bArr.length;
            } else if (fragmentOffset < i3 && fragmentOffset + fragmentLength > i3) {
                int i4 = i3 - fragmentOffset;
                int i5 = fragmentLength - i4;
                byte[] bArr2 = new byte[i5];
                System.arraycopy(fragmentedHandshakeMessage.fragmentToByteArray(), i4, bArr2, 0, i5);
                bArr = ByteArrayUtils.concatenate(bArr, bArr2);
                i3 = bArr.length;
            }
        }
        if (bArr.length != i2) {
            return null;
        }
        byte[] byteArray = new FragmentedHandshakeMessage(handshakeType, i2, i, 0, bArr, getPeerAddress()).toByteArray();
        CipherSuite.KeyExchangeAlgorithm keyExchangeAlgorithm = CipherSuite.KeyExchangeAlgorithm.NULL;
        boolean z = false;
        if (dTLSSession != null) {
            keyExchangeAlgorithm = dTLSSession.getKeyExchange();
            z = dTLSSession.receiveRawPublicKey();
        }
        return HandshakeMessage.fromByteArray(byteArray, keyExchangeAlgorithm, z, getPeerAddress());
    }

    private void setSequenceNumber(HandshakeMessage handshakeMessage) {
        handshakeMessage.setMessageSeq(this.sequenceNumber);
        this.sequenceNumber++;
    }

    private List<Record> wrapHandshakeMessage(HandshakeMessage handshakeMessage) throws GeneralSecurityException {
        setSequenceNumber(handshakeMessage);
        ArrayList arrayList = new ArrayList();
        byte[] fragmentToByteArray = handshakeMessage.fragmentToByteArray();
        if (fragmentToByteArray.length <= this.session.getMaxFragmentLength()) {
            arrayList.add(new Record(ContentType.HANDSHAKE, this.session.getWriteEpoch(), this.session.getSequenceNumber(), handshakeMessage, this.session));
        } else {
            LOGGER.log(Level.FINER, "Splitting up {0} message for [{1}] into multiple fragments of max {2} bytes", new Object[]{handshakeMessage.getMessageType(), handshakeMessage.getPeer(), Integer.valueOf(this.session.getMaxFragmentLength())});
            int messageSeq = handshakeMessage.getMessageSeq();
            int length = (fragmentToByteArray.length / this.session.getMaxFragmentLength()) + 1;
            int i = 0;
            for (int i2 = 0; i2 < length; i2++) {
                int maxFragmentLength = this.session.getMaxFragmentLength();
                if (i + maxFragmentLength > fragmentToByteArray.length) {
                    maxFragmentLength = fragmentToByteArray.length - i;
                }
                byte[] bArr = new byte[maxFragmentLength];
                System.arraycopy(fragmentToByteArray, i, bArr, 0, maxFragmentLength);
                FragmentedHandshakeMessage fragmentedHandshakeMessage = new FragmentedHandshakeMessage(bArr, handshakeMessage.getMessageType(), i, fragmentToByteArray.length, this.session.getPeer());
                fragmentedHandshakeMessage.setMessageSeq(messageSeq);
                i += bArr.length;
                arrayList.add(new Record(ContentType.HANDSHAKE, this.session.getWriteEpoch(), this.session.getSequenceNumber(), fragmentedHandshakeMessage, this.session));
            }
        }
        return arrayList;
    }

    public void addSessionListener(SessionListener sessionListener) {
        if (sessionListener != null) {
            this.sessionListeners.add(sessionListener);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void calculateKeys(byte[] bArr) {
        byte[] doPRF = doPRF(bArr, 2, ByteArrayUtils.concatenate(this.serverRandom.getRandomBytes(), this.clientRandom.getRandomBytes()));
        int macKeyLength = this.session.getCipherSuite().getMacKeyLength();
        int encKeyLength = this.session.getCipherSuite().getEncKeyLength();
        int fixedIvLength = this.session.getCipherSuite().getFixedIvLength();
        this.clientWriteMACKey = new SecretKeySpec(doPRF, 0, macKeyLength, "Mac");
        this.serverWriteMACKey = new SecretKeySpec(doPRF, macKeyLength, macKeyLength, "Mac");
        this.clientWriteKey = new SecretKeySpec(doPRF, macKeyLength * 2, encKeyLength, BlobStore.ENCRYPTION_ALGORITHM);
        this.serverWriteKey = new SecretKeySpec(doPRF, (macKeyLength * 2) + encKeyLength, encKeyLength, BlobStore.ENCRYPTION_ALGORITHM);
        this.clientWriteIV = new IvParameterSpec(doPRF, (macKeyLength * 2) + (encKeyLength * 2), fixedIvLength);
        this.serverWriteIV = new IvParameterSpec(doPRF, (macKeyLength * 2) + (encKeyLength * 2) + fixedIvLength, fixedIvLength);
    }

    protected DTLSFlight doProcessMessage(DTLSMessage dTLSMessage) throws HandshakeException, GeneralSecurityException {
        return null;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public final void expectChangeCipherSpecMessage() {
        this.changeCipherSuiteMessageExpected = true;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public final void generateKeys(byte[] bArr) {
        this.masterSecret = generateMasterSecret(bArr);
        this.session.setMasterSecret(this.masterSecret);
        calculateKeys(this.masterSecret);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public final byte[] generatePremasterSecretFromPSK(byte[] bArr) {
        int length = bArr.length;
        byte[] bArr2 = {(byte) (length >> 8), (byte) length};
        return ByteArrayUtils.concatenate(bArr2, ByteArrayUtils.concatenate(ByteArrayUtils.padArray(new byte[0], (byte) 0, length), ByteArrayUtils.concatenate(bArr2, bArr)));
    }

    final IvParameterSpec getClientWriteIV() {
        return this.clientWriteIV;
    }

    final SecretKey getClientWriteKey() {
        return this.clientWriteKey;
    }

    final SecretKey getClientWriteMACKey() {
        return this.clientWriteMACKey;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public final CipherSuite.KeyExchangeAlgorithm getKeyExchangeAlgorithm() {
        return this.session.getKeyExchange();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public final byte[] getMasterSecret() {
        return this.masterSecret;
    }

    final int getNextReceiveSeq() {
        return this.nextReceiveSeq;
    }

    public final InetSocketAddress getPeerAddress() {
        return this.session.getPeer();
    }

    final IvParameterSpec getServerWriteIV() {
        return this.serverWriteIV;
    }

    final SecretKey getServerWriteKey() {
        return this.serverWriteKey;
    }

    final SecretKey getServerWriteMACKey() {
        return this.serverWriteMACKey;
    }

    public final DTLSSession getSession() {
        return this.session;
    }

    public abstract DTLSFlight getStartHandshakeMessage() throws HandshakeException;

    protected final HandshakeMessage handleFragmentation(FragmentedHandshakeMessage fragmentedHandshakeMessage) throws HandshakeException {
        LOGGER.log(Level.FINER, "Processing {0} message fragment ...", fragmentedHandshakeMessage.getMessageType());
        int messageSeq = fragmentedHandshakeMessage.getMessageSeq();
        SortedSet<FragmentedHandshakeMessage> sortedSet = this.fragmentedMessages.get(Integer.valueOf(messageSeq));
        if (sortedSet == null) {
            sortedSet = new TreeSet<>(new Comparator<FragmentedHandshakeMessage>() { // from class: org.eclipse.californium.scandium.dtls.Handshaker.1
                @Override // java.util.Comparator
                public int compare(FragmentedHandshakeMessage fragmentedHandshakeMessage2, FragmentedHandshakeMessage fragmentedHandshakeMessage3) {
                    if (fragmentedHandshakeMessage2.getFragmentOffset() == fragmentedHandshakeMessage3.getFragmentOffset()) {
                        return 0;
                    }
                    return fragmentedHandshakeMessage2.getFragmentOffset() < fragmentedHandshakeMessage3.getFragmentOffset() ? -1 : 1;
                }
            });
            this.fragmentedMessages.put(Integer.valueOf(messageSeq), sortedSet);
        }
        sortedSet.add(fragmentedHandshakeMessage);
        HandshakeMessage reassembleFragments = reassembleFragments(messageSeq, sortedSet, fragmentedHandshakeMessage.getMessageLength(), fragmentedHandshakeMessage.getMessageType(), this.session);
        if (reassembleFragments != null) {
            LOGGER.log(Level.FINER, "Successfully re-assembled {0} message", reassembleFragments.getMessageType());
            this.fragmentedMessages.remove(Integer.valueOf(messageSeq));
        }
        return reassembleFragments;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public final void handshakeCompleted() {
        Iterator<SessionListener> it = this.sessionListeners.iterator();
        while (it.hasNext()) {
            it.next().handshakeCompleted(getPeerAddress());
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public final void handshakeStarted() throws HandshakeException {
        Iterator<SessionListener> it = this.sessionListeners.iterator();
        while (it.hasNext()) {
            it.next().handshakeStarted(this);
        }
    }

    public final boolean hasBeenStartedByMessage(HandshakeMessage handshakeMessage) {
        return isFirstMessageReceived(handshakeMessage);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public final void incrementNextReceiveSeq() {
        this.nextReceiveSeq++;
    }

    final boolean isChangeCipherSpecMessageExpected() {
        return this.changeCipherSuiteMessageExpected;
    }

    protected boolean isFirstMessageReceived(HandshakeMessage handshakeMessage) {
        return false;
    }

    public final DTLSFlight processMessage(Record record) throws HandshakeException {
        DTLSFlight dTLSFlight = null;
        if (this.session.isDuplicate(record.getSequenceNumber())) {
            LOGGER.log(Level.FINEST, "Discarding duplicate HANDSHAKE message received from peer [{0}]:\n{1}", new Object[]{record.getPeerAddress(), record});
        } else {
            try {
                record.setSession(this.session);
                DTLSMessage nextMessage = this.inboundMessageBuffer.getNextMessage(record);
                while (dTLSFlight == null && nextMessage != null) {
                    if (nextMessage instanceof FragmentedHandshakeMessage) {
                        nextMessage = handleFragmentation((FragmentedHandshakeMessage) nextMessage);
                    }
                    if (nextMessage != null) {
                        dTLSFlight = doProcessMessage(nextMessage);
                    }
                    if (dTLSFlight == null) {
                        nextMessage = this.inboundMessageBuffer.getNextMessage();
                    }
                }
                this.session.markRecordAsRead(record.getEpoch(), record.getSequenceNumber());
            } catch (GeneralSecurityException e) {
                LOGGER.log(Level.WARNING, String.format("Cannot process handshake message from peer [%s] due to [%s]", getSession().getPeer(), e.getMessage()), (Throwable) e);
                throw new HandshakeException("Cannot process handshake message", new AlertMessage(AlertMessage.AlertLevel.FATAL, AlertMessage.AlertDescription.INTERNAL_ERROR, this.session.getPeer()));
            }
        }
        return dTLSFlight;
    }

    public void removeSessionListener(SessionListener sessionListener) {
        if (sessionListener != null) {
            this.sessionListeners.remove(sessionListener);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public final void sessionEstablished() throws HandshakeException {
        Iterator<SessionListener> it = this.sessionListeners.iterator();
        while (it.hasNext()) {
            it.next().sessionEstablished(this, getSession());
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public final void setCurrentReadState() {
        this.session.setReadState(this.isClient ? new DTLSConnectionState(this.session.getCipherSuite(), this.session.getCompressionMethod(), this.serverWriteKey, this.serverWriteIV, this.serverWriteMACKey) : new DTLSConnectionState(this.session.getCipherSuite(), this.session.getCompressionMethod(), this.clientWriteKey, this.clientWriteIV, this.clientWriteMACKey));
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public final void setCurrentWriteState() {
        this.session.setWriteState(this.isClient ? new DTLSConnectionState(this.session.getCipherSuite(), this.session.getCompressionMethod(), this.clientWriteKey, this.clientWriteIV, this.clientWriteMACKey) : new DTLSConnectionState(this.session.getCipherSuite(), this.session.getCompressionMethod(), this.serverWriteKey, this.serverWriteIV, this.serverWriteMACKey));
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public final List<Record> wrapMessage(DTLSMessage dTLSMessage) throws HandshakeException {
        try {
            switch (dTLSMessage.getContentType()) {
                case HANDSHAKE:
                    return wrapHandshakeMessage((HandshakeMessage) dTLSMessage);
                default:
                    ArrayList arrayList = new ArrayList();
                    arrayList.add(new Record(dTLSMessage.getContentType(), this.session.getWriteEpoch(), this.session.getSequenceNumber(), dTLSMessage, this.session));
                    return arrayList;
            }
        } catch (GeneralSecurityException e) {
            throw new HandshakeException("Cannot create record", new AlertMessage(AlertMessage.AlertLevel.FATAL, AlertMessage.AlertDescription.INTERNAL_ERROR, this.session.getPeer()));
        }
    }
}
