package org.eclipse.californium.scandium.dtls;

import java.net.InetSocketAddress;
import java.security.GeneralSecurityException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.cert.CertPathValidator;
import java.security.cert.PKIXParameters;
import java.security.cert.TrustAnchor;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Comparator;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.LinkedHashSet;
import java.util.List;
import java.util.Map;
import java.util.Set;
import java.util.SortedSet;
import java.util.TreeSet;
import javax.crypto.SecretKey;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.SecretKeySpec;
import org.apache.commons.codec.digest.MessageDigestAlgorithms;
import org.eclipse.californium.scandium.dtls.AlertMessage;
import org.eclipse.californium.scandium.dtls.cipher.CipherSuite;
import org.eclipse.californium.scandium.dtls.cipher.ECDHECryptography;
import org.eclipse.californium.scandium.dtls.cipher.PseudoRandomFunction;

/* compiled from: Handshaker.java */
/* loaded from: classes4.dex */
public abstract class s {
    private static final org.slf4j.b B = org.slf4j.c.i(s.class.getName());
    private boolean A;

    /* renamed from: a, reason: collision with root package name */
    protected final boolean f27029a;
    protected int b;

    /* renamed from: c, reason: collision with root package name */
    protected b0 f27030c;

    /* renamed from: d, reason: collision with root package name */
    protected b0 f27031d;

    /* renamed from: e, reason: collision with root package name */
    protected ECDHECryptography f27032e;

    /* renamed from: f, reason: collision with root package name */
    private byte[] f27033f;

    /* renamed from: g, reason: collision with root package name */
    private SecretKey f27034g;

    /* renamed from: h, reason: collision with root package name */
    private SecretKey f27035h;

    /* renamed from: i, reason: collision with root package name */
    private IvParameterSpec f27036i;
    private IvParameterSpec j;
    private SecretKey k;
    private SecretKey l;
    protected final m m;
    protected final d0 n;
    protected final X509Certificate[] o;
    protected final org.eclipse.californium.scandium.dtls.v0.b p;
    private int q;
    private int r;
    protected c s;
    protected Map<Integer, SortedSet<q>> t;
    protected MessageDigest u;
    protected byte[] v;
    protected PrivateKey w;
    protected PublicKey x;
    protected X509Certificate[] y;
    private Set<r0> z;

    /* JADX INFO: Access modifiers changed from: package-private */
    /* compiled from: Handshaker.java */
    /* loaded from: classes4.dex */
    public class a implements Comparator<q> {
        a(s sVar) {
        }

        @Override // java.util.Comparator
        /* renamed from: a, reason: merged with bridge method [inline-methods] */
        public int compare(q qVar, q qVar2) {
            if (qVar.e() == qVar2.e()) {
                return 0;
            }
            return qVar.e() < qVar2.e() ? -1 : 1;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* compiled from: Handshaker.java */
    /* loaded from: classes4.dex */
    public static /* synthetic */ class b {

        /* renamed from: a, reason: collision with root package name */
        static final /* synthetic */ int[] f27037a;

        static {
            int[] iArr = new int[ContentType.values().length];
            f27037a = iArr;
            try {
                iArr[ContentType.ALERT.ordinal()] = 1;
            } catch (NoSuchFieldError unused) {
            }
            try {
                f27037a[ContentType.CHANGE_CIPHER_SPEC.ordinal()] = 2;
            } catch (NoSuchFieldError unused2) {
            }
            try {
                f27037a[ContentType.HANDSHAKE.ordinal()] = 3;
            } catch (NoSuchFieldError unused3) {
            }
        }
    }

    /* compiled from: Handshaker.java */
    /* loaded from: classes4.dex */
    class c {

        /* renamed from: a, reason: collision with root package name */
        private ChangeCipherSpecMessage f27038a = null;
        private SortedSet<c0> b = new TreeSet(new a(this));

        /* compiled from: Handshaker.java */
        /* loaded from: classes4.dex */
        class a implements Comparator<c0> {
            a(c cVar) {
            }

            @Override // java.util.Comparator
            /* renamed from: a, reason: merged with bridge method [inline-methods] */
            public int compare(c0 c0Var, c0 c0Var2) {
                if (c0Var.p() < c0Var2.p()) {
                    return -1;
                }
                if (c0Var.p() > c0Var2.p()) {
                    return 1;
                }
                if (c0Var.u() < c0Var2.u()) {
                    return -1;
                }
                return c0Var.u() > c0Var2.u() ? 1 : 0;
            }
        }

        c() {
        }

        l a() throws GeneralSecurityException, HandshakeException {
            ChangeCipherSpecMessage changeCipherSpecMessage;
            if (s.this.u() && (changeCipherSpecMessage = this.f27038a) != null) {
                this.f27038a = null;
                return changeCipherSpecMessage;
            }
            for (c0 c0Var : this.b) {
                if (c0Var.p() == s.this.m.l()) {
                    r rVar = (r) c0Var.r(s.this.m.m());
                    if (rVar.g() == s.this.r) {
                        this.b.remove(c0Var);
                        return rVar;
                    }
                }
            }
            return null;
        }

        l b(c0 c0Var) throws GeneralSecurityException, HandshakeException {
            int p = c0Var.p();
            if (p < s.this.m.l()) {
                s.B.debug("Discarding message from peer [{}] from past epoch [{}] < current epoch [{}]", s.this.l(), Integer.valueOf(p), Integer.valueOf(s.this.m.l()));
                return null;
            }
            if (p != s.this.m.l()) {
                this.b.add(c0Var);
                s.B.debug("Queueing HANDSHAKE message from future epoch [{}] > current epoch [{}]", Integer.valueOf(p), Integer.valueOf(s.this.m().l()));
                return null;
            }
            l q = c0Var.q();
            int i2 = b.f27037a[q.getContentType().ordinal()];
            if (i2 == 1) {
                return q;
            }
            if (i2 == 2) {
                if (s.this.u()) {
                    return q;
                }
                s.B.debug("Change Cipher Spec is not expected and therefore kept for later processing!");
                this.f27038a = (ChangeCipherSpecMessage) q;
                return null;
            }
            if (i2 != 3) {
                s.B.debug("Cannot process message of type [{}], discarding...", q.getContentType());
                return null;
            }
            r rVar = (r) q;
            int g2 = rVar.g();
            if (g2 == s.this.r) {
                return rVar;
            }
            if (g2 <= s.this.r) {
                s.B.debug("Discarding old message, message_seq [{}] < next_receive_seq [{}]", Integer.valueOf(g2), Integer.valueOf(s.this.r));
                return null;
            }
            s.B.debug("Queued newer message from current epoch, message_seq [{}] > next_receive_seq [{}]", Integer.valueOf(g2), Integer.valueOf(s.this.r));
            this.b.add(c0Var);
            return null;
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public s(boolean z, int i2, m mVar, d0 d0Var, r0 r0Var, X509Certificate[] x509CertificateArr, int i3, org.eclipse.californium.scandium.dtls.v0.b bVar) {
        this.b = -1;
        this.q = 0;
        this.r = 0;
        this.t = new HashMap();
        this.v = new byte[0];
        this.z = new LinkedHashSet();
        this.A = false;
        if (mVar == null) {
            throw new NullPointerException("DTLS Session must not be null");
        }
        if (d0Var == null) {
            throw new NullPointerException("Record layer must not be null");
        }
        if (i2 < 0) {
            throw new IllegalArgumentException("Initial message sequence number must not be negative");
        }
        this.f27029a = z;
        this.q = i2;
        this.r = i2;
        this.m = mVar;
        this.n = d0Var;
        c(r0Var);
        this.o = x509CertificateArr == null ? new X509Certificate[0] : x509CertificateArr;
        this.m.F(i3);
        this.s = new c();
        try {
            this.u = MessageDigest.getInstance(MessageDigestAlgorithms.SHA_256);
            this.p = bVar;
        } catch (NoSuchAlgorithmException unused) {
            throw new IllegalStateException(String.format("Message digest algorithm %s is not available on JVM", MessageDigestAlgorithms.SHA_256));
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public s(boolean z, m mVar, d0 d0Var, r0 r0Var, X509Certificate[] x509CertificateArr, int i2, org.eclipse.californium.scandium.dtls.v0.b bVar) {
        this(z, 0, mVar, d0Var, r0Var, x509CertificateArr, i2, bVar);
    }

    private void B(r rVar) {
        rVar.n(this.q);
        this.q++;
    }

    private List<c0> D(r rVar) throws GeneralSecurityException {
        B(rVar);
        ArrayList arrayList = new ArrayList();
        byte[] b2 = rVar.b();
        if (b2.length <= this.m.i()) {
            arrayList.add(new c0(ContentType.HANDSHAKE, this.m.r(), this.m.n(), rVar, this.m));
        } else {
            B.debug("Splitting up {} message for [{}] into multiple fragments of max {} bytes", rVar.h(), rVar.a(), Integer.valueOf(this.m.i()));
            int g2 = rVar.g();
            int length = (b2.length / this.m.i()) + 1;
            int i2 = 0;
            for (int i3 = 0; i3 < length; i3++) {
                int i4 = this.m.i();
                if (i2 + i4 > b2.length) {
                    i4 = b2.length - i2;
                }
                int i5 = i4;
                byte[] bArr = new byte[i5];
                System.arraycopy(b2, i2, bArr, 0, i5);
                q qVar = new q(bArr, rVar.h(), i2, b2.length, this.m.j());
                qVar.n(g2);
                i2 += i5;
                arrayList.add(new c0(ContentType.HANDSHAKE, this.m.r(), this.m.n(), qVar, this.m));
            }
        }
        return arrayList;
    }

    private byte[] h(byte[] bArr) {
        return PseudoRandomFunction.b(bArr, PseudoRandomFunction.Label.MASTER_SECRET_LABEL, org.eclipse.californium.scandium.util.b.a(this.f27030c.a(), this.f27031d.a()));
    }

    private static Set<TrustAnchor> n(X509Certificate[] x509CertificateArr) {
        HashSet hashSet = new HashSet();
        if (x509CertificateArr != null) {
            for (X509Certificate x509Certificate : x509CertificateArr) {
                hashSet.add(new TrustAnchor(x509Certificate, null));
            }
        }
        return hashSet;
    }

    private final r x(int i2, SortedSet<q> sortedSet, int i3, HandshakeType handshakeType, m mVar) throws HandshakeException {
        byte[] a2;
        int length;
        boolean z = false;
        byte[] bArr = new byte[0];
        int i4 = 0;
        for (q qVar : sortedSet) {
            int e2 = qVar.e();
            int d2 = qVar.d();
            if (e2 == i4) {
                a2 = org.eclipse.californium.scandium.util.b.a(bArr, qVar.b());
                length = a2.length;
            } else if (e2 < i4 && e2 + d2 > i4) {
                int i5 = i4 - e2;
                int i6 = d2 - i5;
                byte[] bArr2 = new byte[i6];
                System.arraycopy(qVar.b(), i5, bArr2, 0, i6);
                a2 = org.eclipse.californium.scandium.util.b.a(bArr, bArr2);
                length = a2.length;
            }
            bArr = a2;
            i4 = length;
        }
        if (bArr.length != i3) {
            return null;
        }
        byte[] byteArray = new q(handshakeType, i3, i2, 0, bArr, l()).toByteArray();
        CipherSuite.KeyExchangeAlgorithm keyExchangeAlgorithm = CipherSuite.KeyExchangeAlgorithm.NULL;
        if (mVar != null) {
            keyExchangeAlgorithm = mVar.f();
            z = mVar.y();
        }
        return r.c(byteArray, keyExchangeAlgorithm, z, l());
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public final void A() {
        this.m.L(this.f27029a ? new j(this.m.b(), this.m.c(), this.k, this.f27036i, this.f27034g) : new j(this.m.b(), this.m.c(), this.l, this.j, this.f27035h));
    }

    public void C(org.eclipse.californium.scandium.dtls.c cVar) throws HandshakeException {
        if (cVar.q() == null) {
            if (this.p.a(new i.c.a.b.d.b(cVar.r()))) {
                return;
            }
            B.debug("Certificate validation failed: Raw public key is not trusted");
            throw new HandshakeException("Raw public key is not trusted", new AlertMessage(AlertMessage.AlertLevel.FATAL, AlertMessage.AlertDescription.BAD_CERTIFICATE, this.m.j()));
        }
        try {
            PKIXParameters pKIXParameters = new PKIXParameters(n(this.o));
            pKIXParameters.setRevocationEnabled(false);
            CertPathValidator.getInstance("PKIX").validate(cVar.q(), pKIXParameters);
        } catch (GeneralSecurityException e2) {
            if (B.isTraceEnabled()) {
                B.trace("Certificate validation failed", (Throwable) e2);
            } else if (B.isDebugEnabled()) {
                B.debug("Certificate validation failed due to {}", e2.getMessage());
            }
            throw new HandshakeException("Certificate chain could not be validated", new AlertMessage(AlertMessage.AlertLevel.FATAL, AlertMessage.AlertDescription.BAD_CERTIFICATE, this.m.j()));
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public final List<c0> E(l lVar) throws HandshakeException {
        try {
            if (b.f27037a[lVar.getContentType().ordinal()] == 3) {
                return D((r) lVar);
            }
            ArrayList arrayList = new ArrayList();
            arrayList.add(new c0(lVar.getContentType(), this.m.r(), this.m.n(), lVar, this.m));
            return arrayList;
        } catch (GeneralSecurityException unused) {
            throw new HandshakeException("Cannot create record", new AlertMessage(AlertMessage.AlertLevel.FATAL, AlertMessage.AlertDescription.INTERNAL_ERROR, this.m.j()));
        }
    }

    public final void c(r0 r0Var) {
        if (r0Var != null) {
            this.z.add(r0Var);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void d(byte[] bArr) {
        byte[] b2 = PseudoRandomFunction.b(bArr, PseudoRandomFunction.Label.KEY_EXPANSION_LABEL, org.eclipse.californium.scandium.util.b.a(this.f27031d.a(), this.f27030c.a()));
        int macKeyLength = this.m.b().getMacKeyLength();
        int encKeyLength = this.m.b().getEncKeyLength();
        int fixedIvLength = this.m.b().getFixedIvLength();
        this.f27034g = new SecretKeySpec(b2, 0, macKeyLength, "Mac");
        this.f27035h = new SecretKeySpec(b2, macKeyLength, macKeyLength, "Mac");
        int i2 = macKeyLength * 2;
        this.k = new SecretKeySpec(b2, i2, encKeyLength, "AES");
        this.l = new SecretKeySpec(b2, i2 + encKeyLength, encKeyLength, "AES");
        int i3 = i2 + (encKeyLength * 2);
        this.f27036i = new IvParameterSpec(b2, i3, fixedIvLength);
        this.j = new IvParameterSpec(b2, i3 + fixedIvLength, fixedIvLength);
    }

    protected void e(l lVar) throws HandshakeException, GeneralSecurityException {
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public final void f() {
        this.A = true;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public final void g(byte[] bArr) {
        byte[] h2 = h(bArr);
        this.f27033f = h2;
        this.m.D(h2);
        d(this.f27033f);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public final byte[] i(byte[] bArr) {
        int length = bArr.length;
        byte[] bArr2 = {(byte) (length >> 8), (byte) length};
        return org.eclipse.californium.scandium.util.b.a(bArr2, org.eclipse.californium.scandium.util.b.a(org.eclipse.californium.scandium.util.b.b(new byte[0], (byte) 0, length), org.eclipse.californium.scandium.util.b.a(bArr2, bArr)));
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public final CipherSuite.KeyExchangeAlgorithm j() {
        return this.m.f();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public final byte[] k() {
        return this.f27033f;
    }

    public final InetSocketAddress l() {
        return this.m.j();
    }

    public final m m() {
        return this.m;
    }

    protected final r o(q qVar) throws HandshakeException {
        B.debug("Processing {} message fragment ...", qVar.h());
        int g2 = qVar.g();
        SortedSet<q> sortedSet = this.t.get(Integer.valueOf(g2));
        if (sortedSet == null) {
            sortedSet = new TreeSet<>(new a(this));
            this.t.put(Integer.valueOf(g2), sortedSet);
        }
        SortedSet<q> sortedSet2 = sortedSet;
        sortedSet2.add(qVar);
        r x = x(g2, sortedSet2, qVar.f(), qVar.h(), this.m);
        if (x != null) {
            B.debug("Successfully re-assembled {} message", x.h());
            this.t.remove(Integer.valueOf(g2));
        }
        return x;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public final void p() {
        Iterator<r0> it = this.z.iterator();
        while (it.hasNext()) {
            it.next().f(l());
        }
    }

    public final void q(Throwable th) {
        Iterator<r0> it = this.z.iterator();
        while (it.hasNext()) {
            it.next().g(l(), th);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public final void r() throws HandshakeException {
        Iterator<r0> it = this.z.iterator();
        while (it.hasNext()) {
            it.next().h(this);
        }
    }

    public final boolean s(r rVar) {
        return v(rVar);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public final void t() {
        this.r++;
    }

    final boolean u() {
        return this.A;
    }

    protected boolean v(r rVar) {
        return false;
    }

    public final void w(c0 c0Var) throws HandshakeException {
        if (this.m.v(c0Var.u())) {
            B.trace("Discarding duplicate HANDSHAKE message received from peer [{}]:{}{}", c0Var.t(), System.lineSeparator(), c0Var);
            return;
        }
        try {
            c0Var.z(this.m);
            l b2 = this.s.b(c0Var);
            while (b2 != null) {
                if (b2 instanceof q) {
                    b2 = o((q) b2);
                }
                if (b2 != null) {
                    e(b2);
                }
                b2 = this.s.a();
            }
            this.m.x(c0Var.p(), c0Var.u());
        } catch (GeneralSecurityException e2) {
            B.warn("Cannot process handshake message from peer [{}] due to [{}]", m().j(), e2.getMessage(), e2);
            throw new HandshakeException("Cannot process handshake message", new AlertMessage(AlertMessage.AlertLevel.FATAL, AlertMessage.AlertDescription.INTERNAL_ERROR, this.m.j()));
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public final void y() throws HandshakeException {
        Iterator<r0> it = this.z.iterator();
        while (it.hasNext()) {
            it.next().a(this, m());
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public final void z() {
        this.m.H(this.f27029a ? new j(this.m.b(), this.m.c(), this.l, this.j, this.f27035h) : new j(this.m.b(), this.m.c(), this.k, this.f27036i, this.f27034g));
    }
}
