package org.eclipse.californium.scandium.dtls;

import java.security.GeneralSecurityException;
import java.security.MessageDigest;
import java.security.PublicKey;
import java.security.cert.CertPath;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Iterator;
import java.util.List;
import org.eclipse.californium.scandium.dtls.AlertMessage;
import org.eclipse.californium.scandium.dtls.CertificateRequest;
import org.eclipse.californium.scandium.dtls.CertificateTypeExtension;
import org.eclipse.californium.scandium.dtls.SignatureAndHashAlgorithm;
import org.eclipse.californium.scandium.dtls.SupportedPointFormatsExtension;
import org.eclipse.californium.scandium.dtls.cipher.CipherSuite;
import org.eclipse.californium.scandium.dtls.cipher.ECDHECryptography;

/* loaded from: classes3.dex */
public class aq extends aa {
    private static final org.slf4j.c LOGGER = org.slf4j.d.C(aq.class.getName());
    protected final org.eclipse.californium.scandium.dtls.a.a giJ;
    private List<CipherSuite> gjH;
    private SignatureAndHashAlgorithm gjj;
    private CertPath gjn;
    private List<CertificateTypeExtension.CertificateType> gjr;
    private List<CertificateTypeExtension.CertificateType> gjs;
    protected c gjv;
    protected d gjx;
    private l glF;
    private boolean glG;
    private PublicKey glH;
    private CertificateTypeExtension.CertificateType glI;
    private CertificateTypeExtension.CertificateType glJ;
    private ECDHECryptography.SupportedGroup glK;
    private org.eclipse.californium.scandium.util.c glL;
    protected h glM;
    private String glN;

    public aq(int i, n nVar, al alVar, ay ayVar, org.eclipse.californium.scandium.a.a aVar, int i2) {
        super(false, i, nVar, alVar, ayVar, aVar.bIO(), i2, aVar.bIV());
        this.glG = false;
        this.gjv = null;
        this.gjx = null;
        this.gjH = Arrays.asList(aVar.bIM());
        this.giJ = aVar.bIN();
        this.giK = aVar.getPrivateKey();
        this.glg = aVar.bIL();
        this.ghd = aVar.getPublicKey();
        this.glh = aVar.bIJ().booleanValue();
        this.glG = aVar.bIP().booleanValue();
        this.gjr = new ArrayList();
        this.gjs = new ArrayList();
        if (CipherSuite.containsCipherSuiteRequiringCertExchange(this.gjH)) {
            if (this.glG) {
                this.gjr.add(CertificateTypeExtension.CertificateType.RAW_PUBLIC_KEY);
                if (aVar.bIO() != null) {
                    boolean booleanValue = aVar.bIQ().booleanValue();
                    this.gjr.add(booleanValue ? 1 : 0, CertificateTypeExtension.CertificateType.X_509);
                }
            }
            if (this.giK == null || this.ghd == null) {
                return;
            }
            if (this.glg == null || this.glg.length == 0) {
                this.gjs.add(CertificateTypeExtension.CertificateType.RAW_PUBLIC_KEY);
            } else if (aVar.bIQ().booleanValue()) {
                this.gjs.add(CertificateTypeExtension.CertificateType.RAW_PUBLIC_KEY);
                this.gjs.add(CertificateTypeExtension.CertificateType.X_509);
            } else {
                this.gjs.add(CertificateTypeExtension.CertificateType.X_509);
                this.gjs.add(CertificateTypeExtension.CertificateType.RAW_PUBLIC_KEY);
            }
        }
    }

    private void a(CipherSuite cipherSuite, g gVar, ab abVar) {
        if (this.glI != null) {
            this.gjW.eX(CertificateTypeExtension.CertificateType.RAW_PUBLIC_KEY.equals(this.glI));
            if (gVar.bJv() != null) {
                e eVar = new e(false);
                eVar.a(this.glI);
                abVar.a(eVar);
            }
        }
        if (this.glJ != null) {
            this.gjW.eW(CertificateTypeExtension.CertificateType.RAW_PUBLIC_KEY.equals(this.glJ));
            if (gVar.bJw() != null) {
                ap apVar = new ap(false);
                apVar.a(this.glJ);
                abVar.a(apVar);
            }
        }
        if (!cipherSuite.isEccBased() || gVar.bJu() == null) {
            return;
        }
        abVar.a(new SupportedPointFormatsExtension(Arrays.asList(SupportedPointFormatsExtension.ECPointFormat.UNCOMPRESSED)));
    }

    private void a(d dVar) throws x {
        this.gjx = dVar;
        dVar.a(this.glH, this.glf);
        if (this.gjn != null) {
            this.gjW.a(new org.eclipse.californium.a.a.c(this.gjn));
        } else {
            this.gjW.a(new org.eclipse.californium.a.a.b(this.glH));
        }
    }

    private void a(g gVar, ab abVar) throws x {
        CertificateTypeExtension.CertificateType f = f(gVar);
        CertificateTypeExtension.CertificateType e = e(gVar);
        ECDHECryptography.SupportedGroup d = d(gVar);
        for (CipherSuite cipherSuite : gVar.bJr()) {
            if (cipherSuite != CipherSuite.TLS_NULL_WITH_NULL_NULL && this.gjH.contains(cipherSuite) && a(cipherSuite, f, e, d)) {
                this.glJ = f;
                this.glI = e;
                this.glK = d;
                this.gjW.a(cipherSuite);
                a(cipherSuite, gVar, abVar);
                this.gjW.bKl();
                LOGGER.b("Negotiated cipher suite [{}] with peer [{}]", cipherSuite.name(), bIe());
                return;
            }
        }
        throw new x("Client proposed unsupported cipher suites only", new AlertMessage(AlertMessage.AlertLevel.FATAL, AlertMessage.AlertDescription.HANDSHAKE_FAILURE, this.gjW.bJb()));
    }

    private void a(g gVar, l lVar) throws x {
        ai b = b(gVar.bJm());
        this.gkP = gVar.bJn();
        this.gkQ = new aj();
        ax axVar = new ax();
        this.gjW.a(axVar);
        if (!gVar.bJs().contains(CompressionMethod.NULL)) {
            throw new x("Client does not support NULL compression method", new AlertMessage(AlertMessage.AlertLevel.FATAL, AlertMessage.AlertDescription.HANDSHAKE_FAILURE, gVar.bJb()));
        }
        this.gjW.b(CompressionMethod.NULL);
        ab abVar = new ab();
        a(gVar, abVar);
        MaxFragmentLengthExtension bJx = gVar.bJx();
        if (bJx != null) {
            this.gjW.BY(bJx.bKN().length());
            abVar.a(bJx);
            LOGGER.b("Negotiated max. fragment length [{} bytes] with peer [{}]", Integer.valueOf(bJx.bKN().length()), gVar.bJb());
        }
        au bJy = gVar.bJy();
        if (bJy != null) {
            if (this.glh) {
                this.glL = bJy.bLa();
                abVar.a(au.bKZ());
                this.gjW.eV(true);
                LOGGER.b("using server name indication received from peer [{}]", gVar.bJb());
            } else {
                LOGGER.b("client [{}] included SNI in HELLO but SNI support is disabled", gVar.bJb());
            }
        }
        ar arVar = new ar(b, this.gkQ, axVar, this.gjW.bJL(), this.gjW.bJN(), abVar, this.gjW.bJb());
        lVar.aI(b((m) arVar));
        this.gle.update(arVar.toByteArray());
        this.glf = org.eclipse.californium.scandium.util.a.h(this.glf, arVar.toByteArray());
    }

    private boolean a(CipherSuite cipherSuite, CertificateTypeExtension.CertificateType certificateType, CertificateTypeExtension.CertificateType certificateType2, ECDHECryptography.SupportedGroup supportedGroup) {
        boolean z;
        if (cipherSuite.isEccBased()) {
            z = (supportedGroup != null) & true;
        } else {
            z = true;
        }
        if (!cipherSuite.requiresServerCertificateMessage()) {
            return z;
        }
        boolean z2 = z & (certificateType != null);
        if (this.glG) {
            return z2 & (certificateType2 != null);
        }
        return z2;
    }

    /* JADX WARN: Removed duplicated region for block: B:6:0x004c  */
    /* JADX WARN: Removed duplicated region for block: B:9:0x005b  */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    private byte[] a(java.lang.String r9, byte[] r10, byte[] r11) throws org.eclipse.californium.scandium.dtls.x {
        /*
            r8 = this;
            org.eclipse.californium.scandium.util.c r0 = r8.glL
            r1 = 2
            r2 = 1
            r3 = 0
            if (r0 != 0) goto L13
            org.slf4j.c r0 = org.eclipse.californium.scandium.dtls.aq.LOGGER
            java.lang.String r4 = "client [{}] uses PSK identity [{}]"
            java.net.InetSocketAddress r5 = r8.bIe()
            r0.b(r4, r5, r9)
            goto L28
        L13:
            org.eclipse.californium.scandium.util.c r0 = r8.glL
            org.eclipse.californium.scandium.util.ServerName$NameType r4 = org.eclipse.californium.scandium.util.ServerName.NameType.HOST_NAME
            org.eclipse.californium.scandium.util.ServerName r0 = r0.a(r4)
            if (r0 != 0) goto L2a
            org.slf4j.c r0 = org.eclipse.californium.scandium.dtls.aq.LOGGER
            java.lang.String r4 = "client [{}] provided invalid SNI extension which doesn't include a hostname"
            java.net.InetSocketAddress r5 = r8.bIe()
            r0.b(r4, r5)
        L28:
            r0 = 0
            goto L4a
        L2a:
            java.lang.String r4 = new java.lang.String
            byte[] r0 = r0.bLm()
            java.nio.charset.Charset r5 = org.eclipse.californium.scandium.util.ServerName.fjO
            r4.<init>(r0, r5)
            org.slf4j.c r0 = org.eclipse.californium.scandium.dtls.aq.LOGGER
            java.lang.String r5 = "client [{}] uses PSK identity [{}] for server [{}]"
            r6 = 3
            java.lang.Object[] r6 = new java.lang.Object[r6]
            java.net.InetSocketAddress r7 = r8.bIe()
            r6[r3] = r7
            r6[r2] = r9
            r6[r1] = r4
            r0.b(r5, r6)
            r0 = r4
        L4a:
            if (r10 == 0) goto L5b
            org.eclipse.californium.scandium.dtls.n r1 = r8.gjW
            org.eclipse.californium.a.a.a r2 = new org.eclipse.californium.a.a.a
            r2.<init>(r0, r9)
            r1.a(r2)
            byte[] r9 = r8.f(r10, r11)
            return r9
        L5b:
            org.eclipse.californium.scandium.dtls.x r10 = new org.eclipse.californium.scandium.dtls.x
            java.lang.Object[] r11 = new java.lang.Object[r1]
            r11[r3] = r9
            r11[r2] = r0
            java.lang.String r9 = "cannot authenticate client, identity [%s] is unknown for server [%s]"
            java.lang.String r9 = java.lang.String.format(r9, r11)
            org.eclipse.californium.scandium.dtls.AlertMessage r11 = new org.eclipse.californium.scandium.dtls.AlertMessage
            org.eclipse.californium.scandium.dtls.AlertMessage$AlertLevel r0 = org.eclipse.californium.scandium.dtls.AlertMessage.AlertLevel.FATAL
            org.eclipse.californium.scandium.dtls.AlertMessage$AlertDescription r1 = org.eclipse.californium.scandium.dtls.AlertMessage.AlertDescription.UNKNOWN_PSK_IDENTITY
            org.eclipse.californium.scandium.dtls.n r2 = r8.gjW
            java.net.InetSocketAddress r2 = r2.bJb()
            r11.<init>(r0, r1, r2)
            r10.<init>(r9, r11)
            throw r10
        */
        throw new UnsupportedOperationException("Method not decompiled: org.eclipse.californium.scandium.dtls.aq.a(java.lang.String, byte[], byte[]):byte[]");
    }

    private byte[] a(af afVar) {
        this.glM = afVar;
        return new byte[0];
    }

    private byte[] a(ag agVar) throws x {
        this.glM = agVar;
        String identity = agVar.getIdentity();
        this.glN = identity;
        return a(identity, this.giJ.a(this.glL, identity), (byte[]) null);
    }

    private byte[] a(q qVar) {
        this.glM = qVar;
        return this.gkR.bY(qVar.bKt()).getEncoded();
    }

    private byte[] a(s sVar) throws x {
        this.glM = sVar;
        String identity = sVar.getIdentity();
        this.glN = identity;
        return a(identity, this.giJ.a(this.glL, identity), this.gkR.bY(sVar.bKt()).getEncoded());
    }

    private ai b(ai aiVar) throws x {
        if (aiVar.compareTo(new ai()) >= 0) {
            return new ai();
        }
        throw new x("The server only supports DTLS v1.2", new AlertMessage(AlertMessage.AlertLevel.FATAL, AlertMessage.AlertDescription.PROTOCOL_VERSION, this.gjW.bJb()));
    }

    private void b(g gVar, l lVar) throws x {
        if (this.gjW.bJL().requiresServerCertificateMessage()) {
            c cVar = this.gjW.bKr() ? new c(this.ghd.getEncoded(), this.gjW.bJb()) : new c(this.glg, this.gjW.bJb());
            lVar.aI(b((m) cVar));
            this.gle.update(cVar.toByteArray());
            this.glf = org.eclipse.californium.scandium.util.a.h(this.glf, cVar.toByteArray());
        }
    }

    private void b(u uVar) throws x {
        if (this.glF != null) {
            return;
        }
        if (CipherSuite.KeyExchangeAlgorithm.EC_DIFFIE_HELLMAN.equals(bKA()) && this.glG && (this.gjv == null || this.gjx == null)) {
            throw new x("Client did not send required authentication messages.", new AlertMessage(AlertMessage.AlertLevel.FATAL, AlertMessage.AlertDescription.HANDSHAKE_FAILURE, this.gjW.bJb()));
        }
        l lVar = new l(bJR(), 6);
        if (this.gjv != null) {
            this.gle.update(this.gjv.bKz());
        }
        this.gle.update(this.glM.bKz());
        if (this.gjx != null) {
            this.gle.update(this.gjx.bKz());
        }
        MessageDigest messageDigest = null;
        try {
            MessageDigest messageDigest2 = (MessageDigest) this.gle.clone();
            try {
                messageDigest2.update(uVar.toByteArray());
                messageDigest = messageDigest2;
            } catch (CloneNotSupportedException e) {
                e = e;
                messageDigest = messageDigest2;
                LOGGER.error("Cannot compute digest for server's Finish handshake message", e);
                uVar.a(bKn(), true, this.gle.digest());
                lVar.aI(b(new ChangeCipherSpecMessage(this.gjW.bJb())));
                bKD();
                lVar.aI(b((m) new u(bKn(), this.isClient, messageDigest.digest(), this.gjW.bJb())));
                this.state = HandshakeType.FINISHED.getCode();
                lVar.eU(false);
                this.glF = lVar;
                this.gkY.a(lVar);
                bKG();
            }
        } catch (CloneNotSupportedException e2) {
            e = e2;
        }
        uVar.a(bKn(), true, this.gle.digest());
        lVar.aI(b(new ChangeCipherSpecMessage(this.gjW.bJb())));
        bKD();
        lVar.aI(b((m) new u(bKn(), this.isClient, messageDigest.digest(), this.gjW.bJb())));
        this.state = HandshakeType.FINISHED.getCode();
        lVar.eU(false);
        this.glF = lVar;
        this.gkY.a(lVar);
        bKG();
    }

    private void c(c cVar) throws x {
        if (this.gjv == null || this.gjv.bKw() != cVar.bKw()) {
            this.gjv = cVar;
            b(this.gjv);
            this.glH = this.gjv.getPublicKey();
            this.gjn = cVar.bJi();
            this.glf = org.eclipse.californium.scandium.util.a.h(this.glf, this.gjv.bKz());
        }
    }

    private void c(g gVar) throws x {
        bKF();
        l lVar = new l(bJR(), 4);
        this.gle.update(gVar.bKz());
        this.glf = org.eclipse.californium.scandium.util.a.h(this.glf, gVar.bKz());
        a(gVar, lVar);
        b(gVar, lVar);
        c(gVar, lVar);
        d(gVar, lVar);
        as asVar = new as(this.gjW.bJb());
        lVar.aI(b((m) asVar));
        this.gle.update(asVar.toByteArray());
        this.glf = org.eclipse.californium.scandium.util.a.h(this.glf, asVar.toByteArray());
        this.gkY.a(lVar);
    }

    private void c(g gVar, l lVar) throws x {
        m tVar;
        switch (bKA()) {
            case PSK:
            default:
                tVar = null;
                break;
            case ECDHE_PSK:
                try {
                    this.gkR = new ECDHECryptography(this.glK.getEcParams());
                    tVar = new t(this.gkR, this.gkP, this.gkQ, this.glK.getId(), this.gjW.bJb());
                    break;
                } catch (GeneralSecurityException e) {
                    throw new x(String.format("Error performing EC Diffie Hellman key exchange: %s", e.getMessage()), new AlertMessage(AlertMessage.AlertLevel.FATAL, AlertMessage.AlertDescription.INTERNAL_ERROR, bIe()));
                }
            case EC_DIFFIE_HELLMAN:
                this.gjj = new SignatureAndHashAlgorithm(SignatureAndHashAlgorithm.HashAlgorithm.SHA256, SignatureAndHashAlgorithm.SignatureAlgorithm.ECDSA);
                try {
                    this.gkR = new ECDHECryptography(this.glK.getEcParams());
                    tVar = new r(this.gjj, this.gkR, this.giK, this.gkP, this.gkQ, this.glK.getId(), this.gjW.bJb());
                    break;
                } catch (GeneralSecurityException e2) {
                    throw new x(String.format("Error performing EC Diffie Hellman key exchange: %s", e2.getMessage()), new AlertMessage(AlertMessage.AlertLevel.FATAL, AlertMessage.AlertDescription.INTERNAL_ERROR, bIe()));
                }
        }
        if (tVar != null) {
            lVar.aI(b(tVar));
            this.gle.update(tVar.toByteArray());
            this.glf = org.eclipse.californium.scandium.util.a.h(this.glf, tVar.toByteArray());
        }
    }

    private static ECDHECryptography.SupportedGroup d(g gVar) {
        List<ECDHECryptography.SupportedGroup> preferredGroups = ECDHECryptography.SupportedGroup.getPreferredGroups();
        ba bJt = gVar.bJt();
        if (bJt != null) {
            Iterator<Integer> it = bJt.bLg().iterator();
            while (it.hasNext()) {
                ECDHECryptography.SupportedGroup fromId = ECDHECryptography.SupportedGroup.fromId(it.next().intValue());
                if (fromId != null && fromId.isUsable() && preferredGroups.contains(fromId)) {
                    return fromId;
                }
            }
        } else if (!preferredGroups.isEmpty()) {
            return preferredGroups.get(0);
        }
        return null;
    }

    private void d(g gVar, l lVar) throws x {
        if (!this.glG || this.gjj == null) {
            return;
        }
        CertificateRequest certificateRequest = new CertificateRequest(this.gjW.bJb());
        certificateRequest.a(CertificateRequest.ClientCertificateType.ECDSA_SIGN);
        certificateRequest.a(new SignatureAndHashAlgorithm(this.gjj.bLe(), this.gjj.bLd()));
        if (this.giA != null) {
            certificateRequest.c(this.giA.getAcceptedIssuers());
        }
        lVar.aI(b((m) certificateRequest));
        this.gle.update(certificateRequest.toByteArray());
        this.glf = org.eclipse.californium.scandium.util.a.h(this.glf, certificateRequest.toByteArray());
    }

    private CertificateTypeExtension.CertificateType e(g gVar) throws x {
        e bJv = gVar.bJv();
        if (bJv == null) {
            if (this.gjr.contains(CertificateTypeExtension.CertificateType.X_509)) {
                return CertificateTypeExtension.CertificateType.X_509;
            }
            return null;
        }
        for (CertificateTypeExtension.CertificateType certificateType : bJv.bJk()) {
            if (this.gjr.contains(certificateType)) {
                return certificateType;
            }
        }
        return null;
    }

    private CertificateTypeExtension.CertificateType f(g gVar) throws x {
        ap bJw = gVar.bJw();
        if (bJw == null) {
            if (this.gjs.contains(CertificateTypeExtension.CertificateType.X_509)) {
                return CertificateTypeExtension.CertificateType.X_509;
            }
            return null;
        }
        for (CertificateTypeExtension.CertificateType certificateType : bJw.bJk()) {
            if (this.gjs.contains(certificateType)) {
                return certificateType;
            }
        }
        return null;
    }

    @Override // org.eclipse.californium.scandium.dtls.aa
    protected synchronized void a(m mVar) throws x, GeneralSecurityException {
        if (this.glF != null) {
            LOGGER.b("Received client's ({}) FINISHED message again, retransmitting last flight...", bIe());
            this.glF.bJU();
            this.glF.bKa();
            this.gkY.a(this.glF);
            return;
        }
        if (LOGGER.isDebugEnabled()) {
            StringBuilder sb = new StringBuilder();
            sb.append("Processing {} message from peer [{}]");
            if (LOGGER.isTraceEnabled()) {
                sb.append(":");
                sb.append(org.eclipse.californium.a.b.i.lineSeparator());
                sb.append(mVar);
            }
            LOGGER.b(sb.toString(), mVar.bJc(), mVar.bJb());
        }
        switch (mVar.bJc()) {
            case CHANGE_CIPHER_SPEC:
                bKC();
                LOGGER.b("Processed {} message from peer [{}]", mVar.bJc(), mVar.bJb());
                break;
            case HANDSHAKE:
                this.gkY.bIC();
                y yVar = (y) mVar;
                switch (yVar.bJf()) {
                    case CLIENT_HELLO:
                        c((g) yVar);
                        break;
                    case CERTIFICATE:
                        c((c) yVar);
                        break;
                    case CLIENT_KEY_EXCHANGE:
                        switch (bKA()) {
                            case PSK:
                                bP(a((ag) yVar));
                                break;
                            case ECDHE_PSK:
                                bP(a((s) yVar));
                                break;
                            case EC_DIFFIE_HELLMAN:
                                bP(a((q) yVar));
                                break;
                            case NULL:
                                bP(a((af) yVar));
                                break;
                            default:
                                throw new x(String.format("Unsupported key exchange algorithm %s", bKA().name()), new AlertMessage(AlertMessage.AlertLevel.FATAL, AlertMessage.AlertDescription.HANDSHAKE_FAILURE, yVar.bJb()));
                        }
                        this.glf = org.eclipse.californium.scandium.util.a.h(this.glf, this.glM.bKz());
                        if (!this.glG || bKA() != CipherSuite.KeyExchangeAlgorithm.EC_DIFFIE_HELLMAN) {
                            bKJ();
                            break;
                        }
                        break;
                    case CERTIFICATE_VERIFY:
                        a((d) yVar);
                        bKJ();
                        break;
                    case FINISHED:
                        b((u) yVar);
                        break;
                    default:
                        throw new x(String.format("Received unexpected %s message from peer %s", yVar.bJf(), yVar.bJb()), new AlertMessage(AlertMessage.AlertLevel.FATAL, AlertMessage.AlertDescription.UNEXPECTED_MESSAGE, yVar.bJb()));
                }
                if (this.glF == null) {
                    bKE();
                }
                LOGGER.b("Processed {} message with message sequence no [{}] from peer [{}]", yVar.bJf(), Integer.valueOf(yVar.bKw()), mVar.bJb());
                break;
            default:
                throw new x(String.format("Received unexpected %s message from peer %s", mVar.bJc(), mVar.bJb()), new AlertMessage(AlertMessage.AlertLevel.FATAL, AlertMessage.AlertDescription.HANDSHAKE_FAILURE, mVar.bJb()));
        }
    }

    @Override // org.eclipse.californium.scandium.dtls.aa
    protected boolean d(y yVar) {
        if (!HandshakeType.CLIENT_HELLO.equals(yVar.bJf())) {
            return false;
        }
        return Arrays.equals(this.gkP.bKO(), ((g) yVar).bJn().bKO());
    }

    @Override // org.eclipse.californium.scandium.dtls.aa
    public void startHandshake() throws x {
        throw new x("starting an handshake is not supported for server handshaker!", null);
    }
}
