package org.eclipse.californium.scandium.dtls;

import java.net.InetSocketAddress;
import java.security.GeneralSecurityException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Comparator;
import java.util.HashMap;
import java.util.Iterator;
import java.util.LinkedHashSet;
import java.util.List;
import java.util.Map;
import java.util.Set;
import java.util.SortedSet;
import java.util.TreeSet;
import javax.crypto.SecretKey;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.SecretKeySpec;
import org.eclipse.californium.scandium.dtls.AlertMessage;
import org.eclipse.californium.scandium.dtls.cipher.CipherSuite;
import org.eclipse.californium.scandium.dtls.cipher.ECDHECryptography;
import org.eclipse.californium.scandium.dtls.cipher.PseudoRandomFunction;

/* loaded from: classes3.dex */
public abstract class aa {
    private static final org.slf4j.c LOGGER = org.slf4j.d.C(aa.class.getName());
    protected PublicKey ghd;
    protected final org.eclipse.californium.scandium.dtls.c.a giA;
    protected PrivateKey giK;
    protected final n gjW;
    protected ai gkO;
    protected aj gkP;
    protected aj gkQ;
    protected ECDHECryptography gkR;
    private SecretKey gkS;
    private SecretKey gkT;
    private IvParameterSpec gkU;
    private IvParameterSpec gkV;
    private SecretKey gkW;
    private SecretKey gkX;
    protected final al gkY;
    protected final org.eclipse.californium.scandium.dtls.b.b gkZ;
    private byte[] gkg;
    private int gla;
    private int glb;
    protected a glc;
    protected Map<Integer, SortedSet<v>> gld;
    protected MessageDigest gle;
    protected byte[] glf;
    protected X509Certificate[] glg;
    protected boolean glh;
    private Set<ay> gli;
    private boolean glj;
    protected final boolean isClient;
    protected int state;

    /* loaded from: classes3.dex */
    class a {
        private ChangeCipherSpecMessage gll = null;
        private SortedSet<ak> glm = new TreeSet(new Comparator<ak>() { // from class: org.eclipse.californium.scandium.dtls.aa.a.1
            @Override // java.util.Comparator
            /* renamed from: a, reason: merged with bridge method [inline-methods] */
            public int compare(ak akVar, ak akVar2) {
                if (akVar.bKS() < akVar2.bKS()) {
                    return -1;
                }
                if (akVar.bKS() > akVar2.bKS()) {
                    return 1;
                }
                if (akVar.getSequenceNumber() < akVar2.getSequenceNumber()) {
                    return -1;
                }
                return akVar.getSequenceNumber() > akVar2.getSequenceNumber() ? 1 : 0;
            }
        });

        a() {
        }

        m bKK() throws GeneralSecurityException, x {
            if (aa.this.bKI() && this.gll != null) {
                ChangeCipherSpecMessage changeCipherSpecMessage = this.gll;
                this.gll = null;
                return changeCipherSpecMessage;
            }
            for (ak akVar : this.glm) {
                if (akVar.bKS() == aa.this.gjW.bKg()) {
                    y yVar = (y) akVar.c(aa.this.gjW.bKj());
                    if (yVar.bKw() == aa.this.glb) {
                        this.glm.remove(akVar);
                        return yVar;
                    }
                }
            }
            return null;
        }

        m i(ak akVar) throws GeneralSecurityException, x {
            int bKS = akVar.bKS();
            if (bKS < aa.this.gjW.bKg()) {
                aa.LOGGER.b("Discarding message from peer [{}] from past epoch [{}] < current epoch [{}]", aa.this.bIe(), Integer.valueOf(bKS), Integer.valueOf(aa.this.gjW.bKg()));
                return null;
            }
            if (bKS != aa.this.gjW.bKg()) {
                this.glm.add(akVar);
                aa.LOGGER.b("Queueing HANDSHAKE message from future epoch [{}] > current epoch [{}]", Integer.valueOf(bKS), Integer.valueOf(aa.this.bJR().bKg()));
                return null;
            }
            m bKT = akVar.bKT();
            switch (bKT.bJc()) {
                case ALERT:
                    return bKT;
                case CHANGE_CIPHER_SPEC:
                    if (aa.this.bKI()) {
                        return bKT;
                    }
                    aa.LOGGER.debug("Change Cipher Spec is not expected and therefore kept for later processing!");
                    this.gll = (ChangeCipherSpecMessage) bKT;
                    return null;
                case HANDSHAKE:
                    y yVar = (y) bKT;
                    int bKw = yVar.bKw();
                    if (bKw == aa.this.glb) {
                        return yVar;
                    }
                    if (bKw <= aa.this.glb) {
                        aa.LOGGER.b("Discarding old message, message_seq [{}] < next_receive_seq [{}]", Integer.valueOf(bKw), Integer.valueOf(aa.this.glb));
                        return null;
                    }
                    aa.LOGGER.b("Queued newer message from current epoch, message_seq [{}] > next_receive_seq [{}]", Integer.valueOf(bKw), Integer.valueOf(aa.this.glb));
                    this.glm.add(akVar);
                    return null;
                default:
                    aa.LOGGER.b("Cannot process message of type [{}], discarding...", bKT.bJc());
                    return null;
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public aa(boolean z, int i, n nVar, al alVar, ay ayVar, org.eclipse.californium.scandium.dtls.c.a aVar, int i2, org.eclipse.californium.scandium.dtls.b.b bVar) {
        this.state = -1;
        this.gla = 0;
        this.glb = 0;
        this.gld = new HashMap();
        this.glf = new byte[0];
        this.glh = true;
        this.gli = new LinkedHashSet();
        this.glj = false;
        if (nVar == null) {
            throw new NullPointerException("DTLS Session must not be null");
        }
        if (alVar == null) {
            throw new NullPointerException("Record layer must not be null");
        }
        if (i < 0) {
            throw new IllegalArgumentException("Initial message sequence number must not be negative");
        }
        this.isClient = z;
        this.gla = i;
        this.glb = i;
        this.gjW = nVar;
        this.gkY = alVar;
        a(ayVar);
        this.giA = aVar;
        this.gjW.BZ(i2);
        this.glc = new a();
        try {
            this.gle = MessageDigest.getInstance("SHA-256");
            this.gkZ = bVar;
        } catch (NoSuchAlgorithmException unused) {
            throw new IllegalStateException(String.format("Message digest algorithm %s is not available on JVM", "SHA-256"));
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public aa(boolean z, n nVar, al alVar, ay ayVar, org.eclipse.californium.scandium.dtls.c.a aVar, int i, org.eclipse.californium.scandium.dtls.b.b bVar) {
        this(z, 0, nVar, alVar, ayVar, aVar, i, bVar);
    }

    private List<ak> a(y yVar) throws GeneralSecurityException {
        b(yVar);
        ArrayList arrayList = new ArrayList();
        byte[] bJj = yVar.bJj();
        if (bJj.length <= this.gjW.bKq()) {
            arrayList.add(new ak(ContentType.HANDSHAKE, this.gjW.bKf(), this.gjW.getSequenceNumber(), yVar, this.gjW));
        } else {
            LOGGER.b("Splitting up {} message for [{}] into multiple fragments of max {} bytes", yVar.bJf(), yVar.bJb(), Integer.valueOf(this.gjW.bKq()));
            int bKw = yVar.bKw();
            int length = (bJj.length / this.gjW.bKq()) + 1;
            int i = 0;
            for (int i2 = 0; i2 < length; i2++) {
                int bKq = this.gjW.bKq();
                if (i + bKq > bJj.length) {
                    bKq = bJj.length - i;
                }
                byte[] bArr = new byte[bKq];
                System.arraycopy(bJj, i, bArr, 0, bKq);
                v vVar = new v(bArr, yVar.bJf(), i, bJj.length, this.gjW.bJb());
                vVar.Cc(bKw);
                i += bArr.length;
                arrayList.add(new ak(ContentType.HANDSHAKE, this.gjW.bKf(), this.gjW.getSequenceNumber(), vVar, this.gjW));
            }
        }
        return arrayList;
    }

    private final y a(int i, SortedSet<v> sortedSet, int i2, HandshakeType handshakeType, n nVar) throws x {
        byte[] h;
        int length;
        byte[] bArr = new byte[0];
        int i3 = 0;
        for (v vVar : sortedSet) {
            int bKx = vVar.bKx();
            int bKy = vVar.bKy();
            if (bKx == i3) {
                h = org.eclipse.californium.scandium.util.a.h(bArr, vVar.bJj());
                length = h.length;
            } else if (bKx < i3 && bKx + bKy > i3) {
                int i4 = i3 - bKx;
                int i5 = bKy - i4;
                byte[] bArr2 = new byte[i5];
                System.arraycopy(vVar.bJj(), i4, bArr2, 0, i5);
                h = org.eclipse.californium.scandium.util.a.h(bArr, bArr2);
                length = h.length;
            }
            bArr = h;
            i3 = length;
        }
        if (bArr.length == i2) {
            return y.a(new v(handshakeType, i2, i, 0, bArr, bIe()).toByteArray(), nVar != null ? nVar.bKm() : null, bIe());
        }
        return null;
    }

    private void b(y yVar) {
        yVar.Cc(this.gla);
        this.gla++;
    }

    private byte[] bR(byte[] bArr) {
        return PseudoRandomFunction.a(bArr, PseudoRandomFunction.Label.MASTER_SECRET_LABEL, org.eclipse.californium.scandium.util.a.h(this.gkP.bKO(), this.gkQ.bKO()));
    }

    public final void Ce(int i) {
        Iterator<ay> it = this.gli.iterator();
        while (it.hasNext()) {
            it.next().a(this, i);
        }
    }

    public final void J(Throwable th) {
        Iterator<ay> it = this.gli.iterator();
        while (it.hasNext()) {
            it.next().a(this, th);
        }
    }

    protected final y a(v vVar) throws x {
        LOGGER.b("Processing {} message fragment ...", vVar.bJf());
        int bKw = vVar.bKw();
        SortedSet<v> sortedSet = this.gld.get(Integer.valueOf(bKw));
        if (sortedSet == null) {
            sortedSet = new TreeSet<>(new Comparator<v>() { // from class: org.eclipse.californium.scandium.dtls.aa.1
                @Override // java.util.Comparator
                /* renamed from: a, reason: merged with bridge method [inline-methods] */
                public int compare(v vVar2, v vVar3) {
                    if (vVar2.bKx() == vVar3.bKx()) {
                        return 0;
                    }
                    return vVar2.bKx() < vVar3.bKx() ? -1 : 1;
                }
            });
            this.gld.put(Integer.valueOf(bKw), sortedSet);
        }
        SortedSet<v> sortedSet2 = sortedSet;
        sortedSet2.add(vVar);
        y a2 = a(bKw, sortedSet2, vVar.bJh(), vVar.bJf(), this.gjW);
        if (a2 != null) {
            LOGGER.b("Successfully re-assembled {} message", a2.bJf());
            this.gld.remove(Integer.valueOf(bKw));
        }
        return a2;
    }

    public final void a(ay ayVar) {
        if (ayVar != null) {
            this.gli.add(ayVar);
        }
    }

    protected void a(m mVar) throws x, GeneralSecurityException {
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public final List<ak> b(m mVar) throws x {
        try {
            if (AnonymousClass2.giu[mVar.bJc().ordinal()] == 3) {
                return a((y) mVar);
            }
            ArrayList arrayList = new ArrayList();
            arrayList.add(new ak(mVar.bJc(), this.gjW.bKf(), this.gjW.getSequenceNumber(), mVar, this.gjW));
            return arrayList;
        } catch (GeneralSecurityException unused) {
            throw new x("Cannot create record", new AlertMessage(AlertMessage.AlertLevel.FATAL, AlertMessage.AlertDescription.INTERNAL_ERROR, this.gjW.bJb()));
        }
    }

    public void b(c cVar) throws x {
        if (cVar.bJi() != null) {
            if (this.giA != null) {
                this.giA.a(cVar, this.gjW);
                return;
            } else {
                LOGGER.debug("Certificate validation failed: x509 could not be trusted!");
                throw new x("Trust is not possible!", new AlertMessage(AlertMessage.AlertLevel.FATAL, AlertMessage.AlertDescription.UNEXPECTED_MESSAGE, this.gjW.bJb()));
            }
        }
        if (this.gkZ.a(new org.eclipse.californium.a.a.b(cVar.getPublicKey()))) {
            return;
        }
        LOGGER.debug("Certificate validation failed: Raw public key is not trusted");
        throw new x("Raw public key is not trusted", new AlertMessage(AlertMessage.AlertLevel.FATAL, AlertMessage.AlertDescription.BAD_CERTIFICATE, this.gjW.bJb()));
    }

    public final InetSocketAddress bIe() {
        return this.gjW.bJb();
    }

    public final n bJR() {
        return this.gjW;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public final CipherSuite.KeyExchangeAlgorithm bKA() {
        return this.gjW.getKeyExchange();
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public final void bKC() {
        this.gjW.a(this.isClient ? new k(this.gjW.bJL(), this.gjW.bJN(), this.gkX, this.gkV, this.gkT) : new k(this.gjW.bJL(), this.gjW.bJN(), this.gkW, this.gkU, this.gkS));
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public final void bKD() {
        this.gjW.b(this.isClient ? new k(this.gjW.bJL(), this.gjW.bJN(), this.gkW, this.gkU, this.gkS) : new k(this.gjW.bJL(), this.gjW.bJN(), this.gkX, this.gkV, this.gkT));
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public final void bKE() {
        this.glb++;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public final void bKF() throws x {
        Iterator<ay> it = this.gli.iterator();
        while (it.hasNext()) {
            it.next().d(this);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public final void bKG() throws x {
        Iterator<ay> it = this.gli.iterator();
        while (it.hasNext()) {
            it.next().a(this, bJR());
        }
    }

    public final void bKH() {
        Iterator<ay> it = this.gli.iterator();
        while (it.hasNext()) {
            it.next().e(this);
        }
    }

    final boolean bKI() {
        return this.glj;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public final void bKJ() {
        this.glj = true;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public final byte[] bKn() {
        return this.gkg;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public final void bP(byte[] bArr) {
        this.gkg = bR(bArr);
        this.gjW.bO(this.gkg);
        bQ(this.gkg);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void bQ(byte[] bArr) {
        byte[] a2 = PseudoRandomFunction.a(bArr, PseudoRandomFunction.Label.KEY_EXPANSION_LABEL, org.eclipse.californium.scandium.util.a.h(this.gkQ.bKO(), this.gkP.bKO()));
        int macKeyLength = this.gjW.bJL().getMacKeyLength();
        int encKeyLength = this.gjW.bJL().getEncKeyLength();
        int fixedIvLength = this.gjW.bJL().getFixedIvLength();
        this.gkS = new SecretKeySpec(a2, 0, macKeyLength, "Mac");
        this.gkT = new SecretKeySpec(a2, macKeyLength, macKeyLength, "Mac");
        int i = macKeyLength * 2;
        this.gkW = new SecretKeySpec(a2, i, encKeyLength, "AES");
        this.gkX = new SecretKeySpec(a2, i + encKeyLength, encKeyLength, "AES");
        int i2 = i + (encKeyLength * 2);
        this.gkU = new IvParameterSpec(a2, i2, fixedIvLength);
        this.gkV = new IvParameterSpec(a2, i2 + fixedIvLength, fixedIvLength);
    }

    public final boolean c(y yVar) {
        return d(yVar);
    }

    protected boolean d(y yVar) {
        return false;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public final byte[] f(byte[] bArr, byte[] bArr2) {
        int length = bArr.length;
        if (bArr2 == null) {
            bArr2 = new byte[length];
        }
        org.eclipse.californium.a.b.e eVar = new org.eclipse.californium.a.b.e();
        eVar.cp(bArr2.length, 16);
        eVar.writeBytes(bArr2);
        eVar.cp(length, 16);
        eVar.writeBytes(bArr);
        return eVar.toByteArray();
    }

    public final void h(ak akVar) throws x {
        if (this.gjW.di(akVar.getSequenceNumber())) {
            LOGGER.a("Discarding duplicate HANDSHAKE message received from peer [{}]:{}{}", akVar.bIe(), org.eclipse.californium.a.b.i.lineSeparator(), akVar);
            return;
        }
        try {
            akVar.a(this.gjW);
            m i = this.glc.i(akVar);
            while (i != null) {
                if (i instanceof v) {
                    i = a((v) i);
                }
                if (i != null) {
                    if (i instanceof w) {
                        z bKm = this.gjW.bKm();
                        if (bKm == null) {
                            throw new IllegalStateException("handshake parameter are required!");
                        }
                        i = ((w) i).a(bKm);
                    }
                    a(i);
                }
                i = this.glc.bKK();
            }
            this.gjW.t(akVar.bKS(), akVar.getSequenceNumber());
        } catch (GeneralSecurityException e) {
            LOGGER.g("Cannot process handshake message from peer [{}] due to [{}]", bJR().bJb(), e.getMessage(), e);
            throw new x("Cannot process handshake message", new AlertMessage(AlertMessage.AlertLevel.FATAL, AlertMessage.AlertDescription.INTERNAL_ERROR, this.gjW.bJb()));
        }
    }

    public abstract void startHandshake() throws x;
}
