package org.eclipse.californium.scandium.dtls;

import com.xiaomi.mipush.sdk.Constants;
import java.security.GeneralSecurityException;
import java.security.MessageDigest;
import java.security.PublicKey;
import java.security.cert.CertPath;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Iterator;
import java.util.List;
import org.eclipse.californium.scandium.dtls.AlertMessage;
import org.eclipse.californium.scandium.dtls.CertificateRequest;
import org.eclipse.californium.scandium.dtls.CertificateTypeExtension;
import org.eclipse.californium.scandium.dtls.SignatureAndHashAlgorithm;
import org.eclipse.californium.scandium.dtls.SupportedPointFormatsExtension;
import org.eclipse.californium.scandium.dtls.cipher.CipherSuite;
import org.eclipse.californium.scandium.dtls.cipher.ECDHECryptography;

/* compiled from: ServerHandshaker.java */
/* loaded from: classes4.dex */
public class i0 extends s {
    private static final org.slf4j.b S = org.slf4j.c.i(i0.class.getName());
    private k C;
    private boolean D;
    private PublicKey E;
    private CertPath F;
    private List<CipherSuite> G;
    private List<CertificateTypeExtension.CertificateType> H;
    private List<CertificateTypeExtension.CertificateType> I;
    private CertificateTypeExtension.CertificateType J;
    private CertificateTypeExtension.CertificateType K;
    private ECDHECryptography.SupportedGroup L;
    private SignatureAndHashAlgorithm M;
    private org.eclipse.californium.scandium.util.c N;
    protected c O;
    protected h P;
    protected d Q;
    protected final org.eclipse.californium.scandium.dtls.u0.a R;

    /* JADX INFO: Access modifiers changed from: package-private */
    /* compiled from: ServerHandshaker.java */
    /* loaded from: classes4.dex */
    public static /* synthetic */ class a {

        /* renamed from: a, reason: collision with root package name */
        static final /* synthetic */ int[] f26988a;
        static final /* synthetic */ int[] b;

        /* renamed from: c, reason: collision with root package name */
        static final /* synthetic */ int[] f26989c;

        static {
            int[] iArr = new int[ContentType.values().length];
            f26989c = iArr;
            try {
                iArr[ContentType.CHANGE_CIPHER_SPEC.ordinal()] = 1;
            } catch (NoSuchFieldError unused) {
            }
            try {
                f26989c[ContentType.HANDSHAKE.ordinal()] = 2;
            } catch (NoSuchFieldError unused2) {
            }
            int[] iArr2 = new int[HandshakeType.values().length];
            b = iArr2;
            try {
                iArr2[HandshakeType.CLIENT_HELLO.ordinal()] = 1;
            } catch (NoSuchFieldError unused3) {
            }
            try {
                b[HandshakeType.CERTIFICATE.ordinal()] = 2;
            } catch (NoSuchFieldError unused4) {
            }
            try {
                b[HandshakeType.CLIENT_KEY_EXCHANGE.ordinal()] = 3;
            } catch (NoSuchFieldError unused5) {
            }
            try {
                b[HandshakeType.CERTIFICATE_VERIFY.ordinal()] = 4;
            } catch (NoSuchFieldError unused6) {
            }
            try {
                b[HandshakeType.FINISHED.ordinal()] = 5;
            } catch (NoSuchFieldError unused7) {
            }
            int[] iArr3 = new int[CipherSuite.KeyExchangeAlgorithm.values().length];
            f26988a = iArr3;
            try {
                iArr3[CipherSuite.KeyExchangeAlgorithm.PSK.ordinal()] = 1;
            } catch (NoSuchFieldError unused8) {
            }
            try {
                f26988a[CipherSuite.KeyExchangeAlgorithm.EC_DIFFIE_HELLMAN.ordinal()] = 2;
            } catch (NoSuchFieldError unused9) {
            }
            try {
                f26988a[CipherSuite.KeyExchangeAlgorithm.NULL.ordinal()] = 3;
            } catch (NoSuchFieldError unused10) {
            }
        }
    }

    public i0(int i2, m mVar, d0 d0Var, r0 r0Var, i.c.a.b.e.a aVar, int i3) {
        super(false, i2, mVar, d0Var, r0Var, aVar.U(), i3, aVar.Q());
        this.D = false;
        this.O = null;
        this.Q = null;
        this.G = Arrays.asList(aVar.T());
        this.R = aVar.N();
        this.w = aVar.M();
        this.y = aVar.G();
        this.x = aVar.O();
        this.D = aVar.W().booleanValue();
        ArrayList arrayList = new ArrayList();
        this.H = arrayList;
        arrayList.add(CertificateTypeExtension.CertificateType.RAW_PUBLIC_KEY);
        X509Certificate[] x509CertificateArr = this.o;
        if (x509CertificateArr != null && x509CertificateArr.length > 0) {
            boolean booleanValue = aVar.Y().booleanValue();
            this.H.add(booleanValue ? 1 : 0, CertificateTypeExtension.CertificateType.X_509);
        }
        this.I = new ArrayList();
        if (this.w == null || this.x == null) {
            return;
        }
        X509Certificate[] x509CertificateArr2 = this.y;
        if (x509CertificateArr2 == null || x509CertificateArr2.length == 0) {
            this.I.add(CertificateTypeExtension.CertificateType.RAW_PUBLIC_KEY);
        } else if (aVar.Y().booleanValue()) {
            this.I.add(CertificateTypeExtension.CertificateType.RAW_PUBLIC_KEY);
            this.I.add(CertificateTypeExtension.CertificateType.X_509);
        } else {
            this.I.add(CertificateTypeExtension.CertificateType.X_509);
            this.I.add(CertificateTypeExtension.CertificateType.RAW_PUBLIC_KEY);
        }
    }

    private void F(CipherSuite cipherSuite, t tVar) {
        CertificateTypeExtension.CertificateType certificateType = this.J;
        if (certificateType != null) {
            this.m.I(CertificateTypeExtension.CertificateType.RAW_PUBLIC_KEY.equals(certificateType));
            e eVar = new e(false);
            eVar.f(this.J);
            tVar.a(eVar);
        }
        CertificateTypeExtension.CertificateType certificateType2 = this.K;
        if (certificateType2 != null) {
            this.m.J(CertificateTypeExtension.CertificateType.RAW_PUBLIC_KEY.equals(certificateType2));
            h0 h0Var = new h0(false);
            h0Var.f(this.K);
            tVar.a(h0Var);
        }
        if (cipherSuite.isEccBased()) {
            tVar.a(new SupportedPointFormatsExtension(Arrays.asList(SupportedPointFormatsExtension.ECPointFormat.UNCOMPRESSED)));
        }
    }

    private void G(g gVar, k kVar) throws HandshakeException {
        if (this.m.b().requiresServerCertificateMessage()) {
            c cVar = this.m.A() ? new c(this.x.getEncoded(), this.m.j()) : new c(this.y, this.m.j());
            kVar.a(E(cVar));
            this.u.update(cVar.toByteArray());
            this.v = org.eclipse.californium.scandium.util.b.a(this.v, cVar.toByteArray());
        }
    }

    private void H(g gVar, k kVar) throws HandshakeException {
        if (!this.D || this.M == null) {
            return;
        }
        CertificateRequest certificateRequest = new CertificateRequest(this.m.j());
        certificateRequest.r(CertificateRequest.ClientCertificateType.ECDSA_SIGN);
        certificateRequest.s(new SignatureAndHashAlgorithm(this.M.a(), this.M.b()));
        certificateRequest.p(this.o);
        kVar.a(E(certificateRequest));
        this.u.update(certificateRequest.toByteArray());
        this.v = org.eclipse.californium.scandium.util.b.a(this.v, certificateRequest.toByteArray());
    }

    private void I(g gVar, k kVar) throws HandshakeException {
        a0 Q = Q(gVar.t());
        this.f27030c = gVar.x();
        this.f27031d = new b0();
        q0 q0Var = new q0();
        this.m.K(q0Var);
        if (!gVar.u().contains(CompressionMethod.NULL)) {
            throw new HandshakeException("Client does not support NULL compression method", new AlertMessage(AlertMessage.AlertLevel.FATAL, AlertMessage.AlertDescription.HANDSHAKE_FAILURE, gVar.a()));
        }
        this.m.C(CompressionMethod.NULL);
        t tVar = new t();
        O(gVar, tVar);
        MaxFragmentLengthExtension w = gVar.w();
        if (w != null) {
            this.m.E(w.g().length());
            tVar.a(w);
            S.debug("Negotiated max. fragment length [{} bytes] with peer [{}]", Integer.valueOf(w.g().length()), gVar.a());
        }
        m0 z = gVar.z();
        if (z != null) {
            this.N = z.i();
            tVar.a(m0.f());
            S.debug("Using server name indication received from peer [{}]", gVar.a());
        }
        j0 j0Var = new j0(Q, this.f27031d, q0Var, this.m.b(), this.m.c(), tVar, this.m.j());
        kVar.a(E(j0Var));
        this.u.update(j0Var.toByteArray());
        this.v = org.eclipse.californium.scandium.util.b.a(this.v, j0Var.toByteArray());
    }

    private void J(g gVar, k kVar) throws HandshakeException {
        o oVar;
        if (a.f26988a[j().ordinal()] != 2) {
            oVar = null;
        } else {
            this.M = new SignatureAndHashAlgorithm(SignatureAndHashAlgorithm.HashAlgorithm.SHA256, SignatureAndHashAlgorithm.SignatureAlgorithm.ECDSA);
            try {
                this.f27032e = new ECDHECryptography(this.L.getEcParams());
                oVar = new o(this.M, this.f27032e, this.w, this.f27030c, this.f27031d, this.L.getId(), this.m.j());
            } catch (GeneralSecurityException e2) {
                throw new HandshakeException(String.format("Error performing EC Diffie Hellman key exchange: %s", e2.getMessage()), new AlertMessage(AlertMessage.AlertLevel.FATAL, AlertMessage.AlertDescription.INTERNAL_ERROR, l()));
            }
        }
        if (oVar != null) {
            kVar.a(E(oVar));
            this.u.update(oVar.toByteArray());
            this.v = org.eclipse.californium.scandium.util.b.a(this.v, oVar.toByteArray());
        }
    }

    private CertificateTypeExtension.CertificateType L(g gVar) throws HandshakeException {
        e s = gVar.s();
        if (s == null) {
            if (this.H.contains(CertificateTypeExtension.CertificateType.X_509)) {
                return CertificateTypeExtension.CertificateType.X_509;
            }
            return null;
        }
        for (CertificateTypeExtension.CertificateType certificateType : s.h()) {
            if (this.H.contains(certificateType)) {
                return certificateType;
            }
        }
        return null;
    }

    private CertificateTypeExtension.CertificateType M(g gVar) throws HandshakeException {
        h0 y = gVar.y();
        if (y == null) {
            if (this.I.contains(CertificateTypeExtension.CertificateType.X_509)) {
                return CertificateTypeExtension.CertificateType.X_509;
            }
            return null;
        }
        for (CertificateTypeExtension.CertificateType certificateType : y.h()) {
            if (this.I.contains(certificateType)) {
                return certificateType;
            }
        }
        return null;
    }

    private boolean N(CipherSuite cipherSuite, CertificateTypeExtension.CertificateType certificateType, CertificateTypeExtension.CertificateType certificateType2, ECDHECryptography.SupportedGroup supportedGroup) {
        boolean z;
        if (cipherSuite.isEccBased()) {
            z = (supportedGroup != null) & true;
        } else {
            z = true;
        }
        if (!cipherSuite.requiresServerCertificateMessage()) {
            return z;
        }
        boolean z2 = z & (certificateType != null);
        if (this.D) {
            return z2 & (certificateType2 != null);
        }
        return z2;
    }

    private void O(g gVar, t tVar) throws HandshakeException {
        CertificateTypeExtension.CertificateType M = M(gVar);
        CertificateTypeExtension.CertificateType L = L(gVar);
        ECDHECryptography.SupportedGroup P = P(gVar);
        for (CipherSuite cipherSuite : gVar.r()) {
            if (cipherSuite != CipherSuite.TLS_NULL_WITH_NULL_NULL && this.G.contains(cipherSuite) && N(cipherSuite, M, L, P)) {
                this.K = M;
                this.J = L;
                this.L = P;
                this.m.B(cipherSuite);
                F(cipherSuite, tVar);
                S.debug("Negotiated cipher suite [{}] with peer [{}]", cipherSuite.name(), l());
                return;
            }
        }
        throw new HandshakeException("Client proposed unsupported cipher suites only", new AlertMessage(AlertMessage.AlertLevel.FATAL, AlertMessage.AlertDescription.HANDSHAKE_FAILURE, this.m.j()));
    }

    private static ECDHECryptography.SupportedGroup P(g gVar) {
        List<ECDHECryptography.SupportedGroup> preferredGroups = ECDHECryptography.SupportedGroup.getPreferredGroups();
        t0 B = gVar.B();
        if (B != null) {
            Iterator<Integer> it = B.g().iterator();
            while (it.hasNext()) {
                ECDHECryptography.SupportedGroup fromId = ECDHECryptography.SupportedGroup.fromId(it.next().intValue());
                if (fromId != null && fromId.isUsable() && preferredGroups.contains(fromId)) {
                    return fromId;
                }
            }
        } else if (!preferredGroups.isEmpty()) {
            return preferredGroups.get(0);
        }
        return null;
    }

    private a0 Q(a0 a0Var) throws HandshakeException {
        if (a0Var.compareTo(new a0()) >= 0) {
            return new a0();
        }
        throw new HandshakeException("The server only supports DTLS v1.2", new AlertMessage(AlertMessage.AlertLevel.FATAL, AlertMessage.AlertDescription.PROTOCOL_VERSION, this.m.j()));
    }

    private void R(d dVar) throws HandshakeException {
        this.Q = dVar;
        dVar.q(this.E, this.v);
        CertPath certPath = this.F;
        if (certPath != null) {
            this.m.G(new i.c.a.b.d.c(certPath));
        } else {
            this.m.G(new i.c.a.b.d.b(this.E));
        }
    }

    private void S(c cVar) throws HandshakeException {
        c cVar2 = this.O;
        if (cVar2 == null || cVar2.g() != cVar.g()) {
            this.O = cVar;
            C(cVar);
            this.E = this.O.r();
            this.F = cVar.q();
            this.v = org.eclipse.californium.scandium.util.b.a(this.v, this.O.i());
        }
    }

    private void T(p pVar) throws HandshakeException {
        MessageDigest messageDigest;
        CloneNotSupportedException e2;
        if (this.C != null) {
            return;
        }
        if (CipherSuite.KeyExchangeAlgorithm.EC_DIFFIE_HELLMAN.equals(j()) && this.D && (this.O == null || this.Q == null)) {
            throw new HandshakeException("Client did not send required authentication messages.", new AlertMessage(AlertMessage.AlertLevel.FATAL, AlertMessage.AlertDescription.HANDSHAKE_FAILURE, this.m.j()));
        }
        k kVar = new k(m());
        c cVar = this.O;
        if (cVar != null) {
            this.u.update(cVar.i());
        }
        this.u.update(this.P.i());
        d dVar = this.Q;
        if (dVar != null) {
            this.u.update(dVar.i());
        }
        try {
            messageDigest = (MessageDigest) this.u.clone();
            try {
                messageDigest.update(pVar.toByteArray());
            } catch (CloneNotSupportedException e3) {
                e2 = e3;
                S.error("Cannot compute digest for server's Finish handshake message", (Throwable) e2);
                pVar.q(k(), true, this.u.digest());
                kVar.a(E(new ChangeCipherSpecMessage(this.m.j())));
                A();
                kVar.a(E(new p(k(), this.f27029a, messageDigest.digest(), this.m.j())));
                this.b = HandshakeType.FINISHED.getCode();
                kVar.n(false);
                this.C = kVar;
                this.n.b(kVar);
                y();
            }
        } catch (CloneNotSupportedException e4) {
            messageDigest = null;
            e2 = e4;
        }
        pVar.q(k(), true, this.u.digest());
        kVar.a(E(new ChangeCipherSpecMessage(this.m.j())));
        A();
        kVar.a(E(new p(k(), this.f27029a, messageDigest.digest(), this.m.j())));
        this.b = HandshakeType.FINISHED.getCode();
        kVar.n(false);
        this.C = kVar;
        this.n.b(kVar);
        y();
    }

    private void U(g gVar) throws HandshakeException {
        r();
        k kVar = new k(m());
        this.u.update(gVar.i());
        this.v = org.eclipse.californium.scandium.util.b.a(this.v, gVar.i());
        I(gVar, kVar);
        G(gVar, kVar);
        J(gVar, kVar);
        H(gVar, kVar);
        k0 k0Var = new k0(this.m.j());
        kVar.a(E(k0Var));
        this.u.update(k0Var.toByteArray());
        this.v = org.eclipse.californium.scandium.util.b.a(this.v, k0Var.toByteArray());
        this.n.b(kVar);
    }

    private byte[] V(n nVar) {
        this.P = nVar;
        return this.f27032e.f(nVar.p()).getEncoded();
    }

    private byte[] W(x xVar) {
        this.P = xVar;
        return new byte[0];
    }

    private byte[] X(y yVar) throws HandshakeException {
        this.P = yVar;
        String p = yVar.p();
        S.debug("Client [{}] uses PSK identity [{}]", l(), p);
        byte[] b = K() == null ? this.R.b(p) : this.R.c(K(), p);
        if (b == null) {
            throw new HandshakeException(String.format("Cannot authenticate client, identity [%s] is unknown", p), new AlertMessage(AlertMessage.AlertLevel.FATAL, AlertMessage.AlertDescription.HANDSHAKE_FAILURE, this.m.j()));
        }
        this.m.G(new i.c.a.b.d.a(p));
        return i(b);
    }

    final org.eclipse.californium.scandium.util.c K() {
        return this.N;
    }

    @Override // org.eclipse.californium.scandium.dtls.s
    protected synchronized void e(l lVar) throws HandshakeException, GeneralSecurityException {
        if (this.C != null) {
            S.debug("Received client's ({}) FINISHED message again, retransmitting last flight...", l());
            this.C.j();
            this.C.m();
            this.n.b(this.C);
            return;
        }
        if (S.isDebugEnabled()) {
            StringBuilder sb = new StringBuilder();
            sb.append("Processing {} message from peer [{}]");
            if (S.isTraceEnabled()) {
                sb.append(Constants.COLON_SEPARATOR);
                sb.append(System.lineSeparator());
                sb.append(lVar);
            }
            S.debug(sb.toString(), lVar.getContentType(), lVar.a());
        }
        int i2 = a.f26989c[lVar.getContentType().ordinal()];
        if (i2 == 1) {
            z();
            S.debug("Processed {} message from peer [{}]", lVar.getContentType(), lVar.a());
        } else {
            if (i2 != 2) {
                throw new HandshakeException(String.format("Received unexpected %s message from peer %s", lVar.getContentType(), lVar.a()), new AlertMessage(AlertMessage.AlertLevel.FATAL, AlertMessage.AlertDescription.HANDSHAKE_FAILURE, lVar.a()));
            }
            this.n.a();
            r rVar = (r) lVar;
            int i3 = a.b[rVar.h().ordinal()];
            if (i3 == 1) {
                U((g) rVar);
            } else if (i3 == 2) {
                S((c) rVar);
            } else if (i3 == 3) {
                int i4 = a.f26988a[j().ordinal()];
                if (i4 == 1) {
                    g(X((y) rVar));
                } else if (i4 == 2) {
                    g(V((n) rVar));
                } else {
                    if (i4 != 3) {
                        throw new HandshakeException(String.format("Unsupported key exchange algorithm %s", j().name()), new AlertMessage(AlertMessage.AlertLevel.FATAL, AlertMessage.AlertDescription.HANDSHAKE_FAILURE, rVar.a()));
                    }
                    g(W((x) rVar));
                }
                this.v = org.eclipse.californium.scandium.util.b.a(this.v, this.P.i());
                if (!this.D || j() != CipherSuite.KeyExchangeAlgorithm.EC_DIFFIE_HELLMAN) {
                    f();
                }
            } else if (i3 == 4) {
                R((d) rVar);
                f();
            } else {
                if (i3 != 5) {
                    throw new HandshakeException(String.format("Received unexpected %s message from peer %s", rVar.h(), rVar.a()), new AlertMessage(AlertMessage.AlertLevel.FATAL, AlertMessage.AlertDescription.UNEXPECTED_MESSAGE, rVar.a()));
                }
                T((p) rVar);
            }
            if (this.C == null) {
                t();
            }
            S.debug("Processed {} message with message sequence no [{}] from peer [{}]", rVar.h(), Integer.valueOf(rVar.g()), lVar.a());
        }
    }

    @Override // org.eclipse.californium.scandium.dtls.s
    protected boolean v(r rVar) {
        if (!HandshakeType.CLIENT_HELLO.equals(rVar.h())) {
            return false;
        }
        return Arrays.equals(this.f27030c.a(), ((g) rVar).x().a());
    }
}
