package org.eclipse.californium.scandium.dtls;

import java.io.IOException;
import java.net.InetSocketAddress;
import java.security.GeneralSecurityException;
import java.security.MessageDigest;
import java.security.Principal;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Comparator;
import java.util.Iterator;
import java.util.LinkedHashSet;
import java.util.List;
import java.util.Set;
import java.util.SortedSet;
import java.util.TreeSet;
import java.util.concurrent.atomic.AtomicReference;
import javax.crypto.SecretKey;
import javax.security.auth.Destroyable;
import org.eclipse.californium.elements.RawData;
import org.eclipse.californium.elements.auth.AdditionalInfo;
import org.eclipse.californium.elements.auth.ExtensiblePrincipal;
import org.eclipse.californium.elements.auth.RawPublicKeyIdentity;
import org.eclipse.californium.elements.util.Bytes;
import org.eclipse.californium.elements.util.ClockUtil;
import org.eclipse.californium.elements.util.SerialExecutor;
import org.eclipse.californium.elements.util.StringUtil;
import org.eclipse.californium.scandium.auth.ApplicationLevelInfoSupplier;
import org.eclipse.californium.scandium.config.DtlsConnectorConfig;
import org.eclipse.californium.scandium.dtls.AlertMessage;
import org.eclipse.californium.scandium.dtls.cipher.CipherSuite;
import org.eclipse.californium.scandium.dtls.cipher.ECDHECryptography;
import org.eclipse.californium.scandium.dtls.cipher.PseudoRandomFunction;
import org.eclipse.californium.scandium.dtls.pskstore.PskStore;
import org.eclipse.californium.scandium.dtls.rpkstore.TrustedRpkStore;
import org.eclipse.californium.scandium.dtls.x509.CertificateVerifier;
import org.eclipse.californium.scandium.util.SecretIvParameterSpec;
import org.eclipse.californium.scandium.util.SecretUtil;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: classes.dex */
public abstract class Handshaker implements Destroyable {
    private ApplicationLevelInfoSupplier applicationLevelInfoSupplier;
    private Throwable cause;
    protected List<X509Certificate> certificateChain;
    protected final CertificateVerifier certificateVerifier;
    protected Random clientRandom;
    private SecretIvParameterSpec clientWriteIV;
    private SecretKey clientWriteKey;
    private SecretKey clientWriteMACKey;
    private final Connection connection;
    protected final ConnectionIdGenerator connectionIdGenerator;
    private int deferredRecordsSize;
    private boolean destroyed;
    protected ECDHECryptography ecdhe;
    private long flightSendNanos;
    protected InboundMessageBuffer inboundMessageBuffer;
    protected final boolean isClient;
    private boolean lastFlight;
    protected SecretKey masterSecret;
    private final int maxDeferredProcessedIncomingRecordsSize;
    private final int maxDeferredProcessedOutgoingApplicationDataMessages;
    private final int maxFragmentedHandshakeMessageLength;
    private int nextReceiveMessageSequence;
    protected PrivateKey privateKey;
    protected final PskStore pskStore;
    protected PublicKey publicKey;
    protected ReassemblingHandshakeMessage reassembledMessage;
    private final RecordLayer recordLayer;
    protected final TrustedRpkStore rpkStore;
    private int sendMessageSequence;
    protected Random serverRandom;
    private SecretIvParameterSpec serverWriteIV;
    private SecretKey serverWriteKey;
    private SecretKey serverWriteMACKey;
    protected final DTLSSession session;
    protected boolean sniEnabled;
    protected HandshakeState[] states;
    protected int statesIndex;
    protected boolean useStateValidation;
    protected final Logger LOGGER = LoggerFactory.getLogger(getClass().getName());
    protected int flightNumber = 0;
    private final List<RawData> deferredApplicationData = new ArrayList();
    private final List<Record> deferredRecords = new ArrayList();
    private final AtomicReference<DTLSFlight> pendingFlight = new AtomicReference<>();
    protected final List<HandshakeMessage> handshakeMessages = new ArrayList();
    private final Set<SessionListener> sessionListeners = new LinkedHashSet();
    private boolean changeCipherSuiteMessageExpected = false;
    private boolean sessionEstablished = false;
    private boolean handshakeFailed = false;

    /* JADX INFO: Access modifiers changed from: package-private */
    /* renamed from: org.eclipse.californium.scandium.dtls.Handshaker$2, reason: invalid class name */
    /* loaded from: classes.dex */
    public static /* synthetic */ class AnonymousClass2 {
        static final /* synthetic */ int[] $SwitchMap$org$eclipse$californium$scandium$dtls$ContentType;

        static {
            int[] iArr = new int[ContentType.values().length];
            $SwitchMap$org$eclipse$californium$scandium$dtls$ContentType = iArr;
            try {
                iArr[ContentType.CHANGE_CIPHER_SPEC.ordinal()] = 1;
            } catch (NoSuchFieldError unused) {
            }
            try {
                $SwitchMap$org$eclipse$californium$scandium$dtls$ContentType[ContentType.HANDSHAKE.ordinal()] = 2;
            } catch (NoSuchFieldError unused2) {
            }
        }
    }

    /* loaded from: classes.dex */
    class InboundMessageBuffer {
        private Record changeCipherSpec = null;
        private SortedSet<Record> queue = new TreeSet(new Comparator<Record>(this) { // from class: org.eclipse.californium.scandium.dtls.Handshaker.InboundMessageBuffer.1
            @Override // java.util.Comparator
            public int compare(Record record, Record record2) {
                return Handshaker.compareRecords(record, record2);
            }
        });

        InboundMessageBuffer() {
        }

        public void clean(long j) {
            Record record = this.changeCipherSpec;
            if (record != null && record.getSequenceNumber() == j) {
                this.changeCipherSpec = null;
            }
            for (Record record2 : this.queue) {
                if (record2.getSequenceNumber() == j) {
                    this.queue.remove(record2);
                    Handshaker.this.removeDeferredProcessedRecord(record2);
                }
            }
        }

        Record getNextRecord() {
            Record record;
            if (Handshaker.this.isChangeCipherSpecMessageExpected() && (record = this.changeCipherSpec) != null) {
                this.changeCipherSpec = null;
                return record;
            }
            for (Record record2 : this.queue) {
                int messageSeq = ((HandshakeMessage) record2.getFragment()).getMessageSeq();
                if (messageSeq > Handshaker.this.nextReceiveMessageSequence) {
                    return null;
                }
                this.queue.remove(record2);
                Handshaker.this.removeDeferredProcessedRecord(record2);
                if (messageSeq == Handshaker.this.nextReceiveMessageSequence) {
                    return record2;
                }
            }
            return null;
        }

        Record getNextRecord(Record record) {
            int epoch = record.getEpoch();
            int readEpoch = Handshaker.this.session.getReadEpoch();
            if (epoch != readEpoch) {
                throw new IllegalArgumentException("record epoch " + epoch + " doesn't match session " + readEpoch);
            }
            DTLSMessage fragment = record.getFragment();
            int i = AnonymousClass2.$SwitchMap$org$eclipse$californium$scandium$dtls$ContentType[fragment.getContentType().ordinal()];
            if (i == 1) {
                if (Handshaker.this.isChangeCipherSpecMessageExpected()) {
                    return record;
                }
                if (this.changeCipherSpec != null) {
                    Handshaker.this.LOGGER.debug("Change Cipher Spec is received again!");
                    return null;
                }
                Handshaker.this.LOGGER.debug("Change Cipher Spec is not expected and therefore kept for later processing!");
                this.changeCipherSpec = record;
                return null;
            }
            if (i != 2) {
                Handshaker.this.LOGGER.warn("Cannot process message of type [{}], discarding...", fragment.getContentType());
                return null;
            }
            HandshakeMessage handshakeMessage = (HandshakeMessage) fragment;
            int messageSeq = handshakeMessage.getMessageSeq();
            if (messageSeq == Handshaker.this.nextReceiveMessageSequence) {
                return record;
            }
            if (messageSeq <= Handshaker.this.nextReceiveMessageSequence) {
                Handshaker.this.LOGGER.debug("Discarding old {} message_seq [{}] < next_receive_seq [{}]", handshakeMessage.getMessageType(), Integer.valueOf(messageSeq), Integer.valueOf(Handshaker.this.nextReceiveMessageSequence));
                return null;
            }
            Handshaker.this.LOGGER.debug("Queued newer {} message from current epoch, message_seq [{}] > next_receive_seq [{}]", handshakeMessage.getMessageType(), Integer.valueOf(messageSeq), Integer.valueOf(Handshaker.this.nextReceiveMessageSequence));
            if (Handshaker.this.addDeferredProcessedRecord(record)) {
                this.queue.add(record);
            }
            return null;
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public Handshaker(boolean z, int i, DTLSSession dTLSSession, RecordLayer recordLayer, Connection connection, DtlsConnectorConfig dtlsConnectorConfig, int i2) {
        this.sendMessageSequence = 0;
        this.nextReceiveMessageSequence = 0;
        if (dTLSSession == null) {
            throw new NullPointerException("DTLS Session must not be null");
        }
        if (recordLayer == null) {
            throw new NullPointerException("Record layer must not be null");
        }
        if (connection == null) {
            throw new NullPointerException("Connection must not be null");
        }
        if (dtlsConnectorConfig == null) {
            throw new NullPointerException("Dtls Connector Config must not be null");
        }
        if (i < 0) {
            throw new IllegalArgumentException("Initial message sequence number must not be negative");
        }
        this.isClient = z;
        this.sendMessageSequence = i;
        this.nextReceiveMessageSequence = i;
        this.session = dTLSSession;
        this.recordLayer = recordLayer;
        this.connection = connection;
        this.connectionIdGenerator = dtlsConnectorConfig.getConnectionIdGenerator();
        this.maxFragmentedHandshakeMessageLength = dtlsConnectorConfig.getMaxFragmentedHandshakeMessageLength().intValue();
        this.maxDeferredProcessedOutgoingApplicationDataMessages = dtlsConnectorConfig.getMaxDeferredProcessedOutgoingApplicationDataMessages().intValue();
        this.maxDeferredProcessedIncomingRecordsSize = dtlsConnectorConfig.getMaxDeferredProcessedIncomingRecordsSize().intValue();
        this.sniEnabled = dtlsConnectorConfig.isSniEnabled().booleanValue();
        this.useStateValidation = dtlsConnectorConfig.useHandshakeStateValidation().booleanValue();
        this.privateKey = dtlsConnectorConfig.getPrivateKey();
        this.publicKey = dtlsConnectorConfig.getPublicKey();
        this.certificateChain = dtlsConnectorConfig.getCertificateChain();
        this.certificateVerifier = dtlsConnectorConfig.getCertificateVerifier();
        this.rpkStore = dtlsConnectorConfig.getRpkTrustStore();
        this.pskStore = dtlsConnectorConfig.getPskStore();
        dTLSSession.setMaxTransmissionUnit(i2);
        this.applicationLevelInfoSupplier = dtlsConnectorConfig.getApplicationLevelInfoSupplier();
        this.inboundMessageBuffer = new InboundMessageBuffer();
        addSessionListener(connection.getSessionListener());
    }

    /* JADX INFO: Access modifiers changed from: private */
    public boolean addDeferredProcessedRecord(Record record) {
        int size = record.size();
        int i = this.deferredRecordsSize;
        if (i + size < this.maxDeferredProcessedIncomingRecordsSize) {
            this.deferredRecordsSize = i + size;
            return true;
        }
        this.LOGGER.debug("Dropped incoming record from peer [{}], limit of {} bytes exceeded by {}+{} bytes!", record.getPeerAddress(), Integer.valueOf(this.maxDeferredProcessedIncomingRecordsSize), Integer.valueOf(this.deferredRecordsSize), Integer.valueOf(size));
        return false;
    }

    private void amendPeerPrincipal() {
        Principal peerIdentity = this.session.getPeerIdentity();
        if (peerIdentity instanceof ExtensiblePrincipal) {
            this.session.setPeerIdentity(((ExtensiblePrincipal) peerIdentity).amend(getAdditionalPeerInfo(peerIdentity)));
        }
    }

    private void applySendMessageSequenceNumber(HandshakeMessage handshakeMessage) {
        handshakeMessage.setMessageSeq(this.sendMessageSequence);
        this.sendMessageSequence++;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static int compareRecords(Record record, Record record2) {
        if (record.getEpoch() != record2.getEpoch()) {
            throw new IllegalArgumentException("records with different epoch! " + record.getEpoch() + " != " + record2.getEpoch());
        }
        HandshakeMessage handshakeMessage = (HandshakeMessage) record.getFragment();
        HandshakeMessage handshakeMessage2 = (HandshakeMessage) record2.getFragment();
        if (handshakeMessage.getMessageSeq() < handshakeMessage2.getMessageSeq()) {
            return -1;
        }
        if (handshakeMessage.getMessageSeq() > handshakeMessage2.getMessageSeq()) {
            return 1;
        }
        if (record.getSequenceNumber() < record2.getSequenceNumber()) {
            return -1;
        }
        return record.getSequenceNumber() > record2.getSequenceNumber() ? 1 : 0;
    }

    private SecretKey generateMasterSecret(SecretKey secretKey) {
        byte[] doPRF = PseudoRandomFunction.doPRF(this.session.getCipherSuite().getThreadLocalPseudoRandomFunctionMac(), secretKey, PseudoRandomFunction.Label.MASTER_SECRET_LABEL, Bytes.concatenate(this.clientRandom, this.serverRandom));
        SecretKey create = SecretUtil.create(doPRF, "MAC");
        Bytes.clear(doPRF);
        return create;
    }

    private AdditionalInfo getAdditionalPeerInfo(Principal principal) {
        ApplicationLevelInfoSupplier applicationLevelInfoSupplier = this.applicationLevelInfoSupplier;
        return (applicationLevelInfoSupplier == null || principal == null) ? AdditionalInfo.empty() : applicationLevelInfoSupplier.getInfo(principal);
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void removeDeferredProcessedRecord(Record record) {
        int size = record.size();
        int i = this.deferredRecordsSize;
        if (i >= size) {
            this.deferredRecordsSize = i - size;
        } else {
            this.LOGGER.warn("deferred processed incoming records corrupted for peer [{}]! Removing {} bytes exceeds available {} bytes!", record.getPeerAddress(), Integer.valueOf(size), Integer.valueOf(this.deferredRecordsSize));
            throw new IllegalArgumentException("deferred processing of incoming records corrupted!");
        }
    }

    private void wrapHandshakeMessage(DTLSFlight dTLSFlight, HandshakeMessage handshakeMessage) {
        applySendMessageSequenceNumber(handshakeMessage);
        int messageLength = handshakeMessage.getMessageLength();
        int maxFragmentLength = this.session.getMaxFragmentLength();
        if (this.session.getWriteEpoch() == 0) {
            this.handshakeMessages.add(handshakeMessage);
        }
        if (messageLength <= maxFragmentLength) {
            dTLSFlight.addMessage(new Record(ContentType.HANDSHAKE, this.session.getWriteEpoch(), this.session.getSequenceNumber(), handshakeMessage, this.session, handshakeMessage.getMessageType() == HandshakeType.FINISHED, 0));
            return;
        }
        this.LOGGER.debug("Splitting up {} message for [{}] into multiple fragments of max {} bytes", handshakeMessage.getMessageType(), handshakeMessage.getPeer(), Integer.valueOf(maxFragmentLength));
        byte[] fragmentToByteArray = handshakeMessage.fragmentToByteArray();
        if (fragmentToByteArray.length != messageLength) {
            throw new IllegalStateException("message length " + messageLength + " differs from message " + fragmentToByteArray.length + "!");
        }
        int messageSeq = handshakeMessage.getMessageSeq();
        int i = 0;
        while (i < messageLength) {
            int i2 = i + maxFragmentLength > messageLength ? messageLength - i : maxFragmentLength;
            byte[] bArr = new byte[i2];
            System.arraycopy(fragmentToByteArray, i, bArr, 0, i2);
            FragmentedHandshakeMessage fragmentedHandshakeMessage = new FragmentedHandshakeMessage(handshakeMessage.getMessageType(), messageLength, messageSeq, i, bArr, this.session.getPeer());
            i += i2;
            dTLSFlight.addMessage(new Record(ContentType.HANDSHAKE, this.session.getWriteEpoch(), this.session.getSequenceNumber(), fragmentedHandshakeMessage, this.session, false, 0));
        }
    }

    public void addApplicationDataForDeferredProcessing(RawData rawData) {
        if (this.deferredApplicationData.size() < this.maxDeferredProcessedOutgoingApplicationDataMessages) {
            this.deferredApplicationData.add(rawData);
        }
    }

    public void addRecordsForDeferredProcessing(Record record) {
        if (addDeferredProcessedRecord(record)) {
            this.deferredRecords.add(record);
        }
    }

    public final void addSessionListener(SessionListener sessionListener) {
        if (sessionListener != null) {
            this.sessionListeners.add(sessionListener);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void calculateKeys(SecretKey secretKey) {
        if (this.destroyed) {
            throw new IllegalStateException("secrets destroyed!");
        }
        int macKeyLength = this.session.getCipherSuite().getMacKeyLength();
        int encKeyLength = this.session.getCipherSuite().getEncKeyLength();
        int fixedIvLength = this.session.getCipherSuite().getFixedIvLength();
        byte[] concatenate = Bytes.concatenate(this.serverRandom, this.clientRandom);
        byte[] doPRF = PseudoRandomFunction.doPRF(this.session.getCipherSuite().getThreadLocalPseudoRandomFunctionMac(), secretKey, PseudoRandomFunction.Label.KEY_EXPANSION_LABEL, concatenate, (macKeyLength + encKeyLength + fixedIvLength) * 2);
        this.clientWriteMACKey = SecretUtil.create(doPRF, 0, macKeyLength, "Mac");
        int i = macKeyLength + 0;
        this.serverWriteMACKey = SecretUtil.create(doPRF, i, macKeyLength, "Mac");
        int i2 = i + macKeyLength;
        this.clientWriteKey = SecretUtil.create(doPRF, i2, encKeyLength, "AES");
        int i3 = i2 + encKeyLength;
        this.serverWriteKey = SecretUtil.create(doPRF, i3, encKeyLength, "AES");
        int i4 = i3 + encKeyLength;
        this.clientWriteIV = SecretUtil.createIv(doPRF, i4, fixedIvLength);
        this.serverWriteIV = SecretUtil.createIv(doPRF, i4 + fixedIvLength, fixedIvLength);
        Bytes.clear(doPRF);
    }

    @Override // javax.security.auth.Destroyable
    public void destroy() {
        SecretUtil.destroy(this.masterSecret);
        this.masterSecret = null;
        SecretUtil.destroy(this.clientWriteKey);
        this.clientWriteKey = null;
        SecretUtil.destroy(this.clientWriteMACKey);
        this.clientWriteMACKey = null;
        SecretUtil.destroy(this.clientWriteIV);
        this.clientWriteIV = null;
        SecretUtil.destroy(this.serverWriteKey);
        this.serverWriteKey = null;
        SecretUtil.destroy(this.serverWriteMACKey);
        this.serverWriteMACKey = null;
        SecretUtil.destroy(this.serverWriteIV);
        this.serverWriteIV = null;
        this.destroyed = true;
    }

    protected abstract void doProcessMessage(HandshakeMessage handshakeMessage);

    /* JADX INFO: Access modifiers changed from: protected */
    public final void expectChangeCipherSpecMessage() {
        this.changeCipherSuiteMessageExpected = true;
    }

    protected void expectMessage(DTLSMessage dTLSMessage) {
        HandshakeState[] handshakeStateArr;
        if (!this.useStateValidation || (handshakeStateArr = this.states) == null) {
            return;
        }
        int i = this.statesIndex;
        if (i >= handshakeStateArr.length) {
            this.LOGGER.warn("Cannot process {} message from peer [{}], no more expected!", HandshakeState.toString(dTLSMessage), getSession().getPeer());
            throw new HandshakeException("Cannot process " + HandshakeState.toString(dTLSMessage) + " handshake message, no more expected!", new AlertMessage(AlertMessage.AlertLevel.FATAL, AlertMessage.AlertDescription.INTERNAL_ERROR, this.session.getPeer()));
        }
        HandshakeState handshakeState = handshakeStateArr[i];
        boolean expect = handshakeState.expect(dTLSMessage);
        if (!expect && handshakeState.isOptional()) {
            int i2 = this.statesIndex;
            int i3 = i2 + 1;
            HandshakeState[] handshakeStateArr2 = this.states;
            if (i3 < handshakeStateArr2.length && handshakeStateArr2[i2 + 1].expect(dTLSMessage)) {
                this.statesIndex++;
                expect = true;
            }
        }
        if (expect) {
            return;
        }
        this.LOGGER.warn("Cannot process {} message from peer [{}], {} expected!", HandshakeState.toString(dTLSMessage), getSession().getPeer(), handshakeState);
        throw new HandshakeException("Cannot process " + HandshakeState.toString(dTLSMessage) + " handshake message, " + handshakeState + " expected!", new AlertMessage(AlertMessage.AlertLevel.FATAL, AlertMessage.AlertDescription.INTERNAL_ERROR, this.session.getPeer()));
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public final void generateKeys(SecretKey secretKey) {
        if (this.destroyed) {
            if (this.handshakeFailed) {
                throw new IllegalStateException("secrets destroyed after failure!", this.cause);
            }
            if (!this.sessionEstablished) {
                throw new IllegalStateException("secrets destroyed ???");
            }
            throw new IllegalStateException("secrets destroyed after success!");
        }
        SecretKey generateMasterSecret = generateMasterSecret(secretKey);
        this.masterSecret = generateMasterSecret;
        calculateKeys(generateMasterSecret);
        this.session.setMasterSecret(this.masterSecret);
    }

    public final Connection getConnection() {
        return this.connection;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public final MessageDigest getHandshakeMessageDigest() {
        MessageDigest threadLocalPseudoRandomFunctionMessageDigest = this.session.getCipherSuite().getThreadLocalPseudoRandomFunctionMessageDigest();
        int i = 0;
        for (HandshakeMessage handshakeMessage : this.handshakeMessages) {
            threadLocalPseudoRandomFunctionMessageDigest.update(handshakeMessage.toByteArray());
            this.LOGGER.trace("  [{}] - {}", Integer.valueOf(i), handshakeMessage.getMessageType());
            i++;
        }
        return threadLocalPseudoRandomFunctionMessageDigest;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public final CipherSuite.KeyExchangeAlgorithm getKeyExchangeAlgorithm() {
        return this.session.getKeyExchange();
    }

    public final InetSocketAddress getPeerAddress() {
        return this.session.getPeer();
    }

    public final DTLSSession getSession() {
        return this.session;
    }

    protected final HandshakeMessage handleFragmentation(FragmentedHandshakeMessage fragmentedHandshakeMessage) {
        this.LOGGER.debug("Processing {} message fragment ...", fragmentedHandshakeMessage.getMessageType());
        if (fragmentedHandshakeMessage.getMessageLength() > this.maxFragmentedHandshakeMessageLength) {
            throw new HandshakeException("Fragmented message length exceeded (" + fragmentedHandshakeMessage.getMessageLength() + " > " + this.maxFragmentedHandshakeMessageLength + ")!", new AlertMessage(AlertMessage.AlertLevel.FATAL, AlertMessage.AlertDescription.ILLEGAL_PARAMETER, fragmentedHandshakeMessage.getPeer()));
        }
        int messageSeq = fragmentedHandshakeMessage.getMessageSeq();
        try {
            ReassemblingHandshakeMessage reassemblingHandshakeMessage = this.reassembledMessage;
            if (reassemblingHandshakeMessage == null) {
                this.reassembledMessage = new ReassemblingHandshakeMessage(fragmentedHandshakeMessage);
            } else {
                if (reassemblingHandshakeMessage.getMessageSeq() != messageSeq) {
                    throw new IllegalArgumentException("Current reassemble message has different seqn " + this.reassembledMessage.getMessageSeq() + " != " + messageSeq);
                }
                this.reassembledMessage.add(fragmentedHandshakeMessage);
            }
            if (!this.reassembledMessage.isComplete()) {
                return null;
            }
            HandshakeMessage fromByteArray = HandshakeMessage.fromByteArray(this.reassembledMessage.toByteArray(), this.session.getParameter(), this.reassembledMessage.getPeer());
            this.LOGGER.debug("Successfully re-assembled {} message", fromByteArray.getMessageType());
            this.reassembledMessage = null;
            return fromByteArray;
        } catch (IllegalArgumentException e) {
            throw new HandshakeException(e.getMessage(), new AlertMessage(AlertMessage.AlertLevel.FATAL, AlertMessage.AlertDescription.ILLEGAL_PARAMETER, fragmentedHandshakeMessage.getPeer()));
        }
    }

    public final void handshakeCompleted() {
        setPendingFlight(null);
        Iterator<SessionListener> it = this.sessionListeners.iterator();
        while (it.hasNext()) {
            it.next().handshakeCompleted(this);
        }
        SecretUtil.destroy(this);
        this.LOGGER.debug("handshake completed {}", this.connection);
    }

    public final void handshakeFailed(Throwable th) {
        if (this.cause == null) {
            this.cause = th;
        }
        if (!this.handshakeFailed && this.cause == th) {
            this.LOGGER.debug("handshake failed {}", this.connection, th);
            this.handshakeFailed = true;
            setPendingFlight(null);
            if (!this.sessionEstablished) {
                Iterator<SessionListener> it = this.sessionListeners.iterator();
                while (it.hasNext()) {
                    it.next().handshakeFailed(this, th);
                }
            }
        }
        SecretUtil.destroy(this.session);
        SecretUtil.destroy(this);
    }

    public final void handshakeFlightRetransmitted(int i) {
        Iterator<SessionListener> it = this.sessionListeners.iterator();
        while (it.hasNext()) {
            it.next().handshakeFlightRetransmitted(this, i);
        }
        Iterator<RawData> it2 = this.deferredApplicationData.iterator();
        while (it2.hasNext()) {
            it2.next().onDtlsRetransmission(i);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public final void handshakeStarted() {
        this.LOGGER.debug("handshake started {}", this.connection);
        Iterator<SessionListener> it = this.sessionListeners.iterator();
        while (it.hasNext()) {
            it.next().handshakeStarted(this);
        }
    }

    public final boolean isChangeCipherSpecMessageExpected() {
        return this.changeCipherSuiteMessageExpected;
    }

    @Override // javax.security.auth.Destroyable
    public boolean isDestroyed() {
        return this.destroyed;
    }

    public final void processMessage(Record record) {
        int readEpoch = this.session.getReadEpoch();
        if (readEpoch != record.getEpoch()) {
            this.LOGGER.debug("Discarding {} message with wrong epoch received from peer [{}]:{}{}", record.getType(), record.getPeerAddress(), StringUtil.lineSeparator(), record);
            throw new IllegalArgumentException("processing record with wrong epoch! " + record.getEpoch() + " expected " + readEpoch);
        }
        if (record.getReceiveNanos() < this.flightSendNanos) {
            this.LOGGER.info("Discarding {} message received from peer [{}] before last flight was sent:{}{}", record.getType(), record.getPeerAddress(), StringUtil.lineSeparator(), record);
            return;
        }
        try {
            Record nextRecord = this.inboundMessageBuffer.getNextRecord(record);
            while (nextRecord != null) {
                DTLSMessage fragment = nextRecord.getFragment();
                expectMessage(fragment);
                if (fragment.getContentType() == ContentType.CHANGE_CIPHER_SPEC) {
                    this.LOGGER.debug("Processing {} message from peer [{}]", fragment.getContentType(), fragment.getPeer());
                    setCurrentReadState();
                    this.statesIndex++;
                    this.LOGGER.debug("Processed {} message from peer [{}]", fragment.getContentType(), fragment.getPeer());
                } else {
                    if (fragment.getContentType() != ContentType.HANDSHAKE) {
                        throw new HandshakeException(String.format("Received unexpected message [%s] from peer %s", fragment.getContentType(), fragment.getPeer()), new AlertMessage(AlertMessage.AlertLevel.FATAL, AlertMessage.AlertDescription.HANDSHAKE_FAILURE, fragment.getPeer()));
                    }
                    HandshakeMessage handshakeMessage = (HandshakeMessage) fragment;
                    if (handshakeMessage.getMessageType() == HandshakeType.FINISHED && readEpoch == 0) {
                        this.LOGGER.debug("FINISH with epoch 0 from peer [{}]!", getSession().getPeer());
                        throw new HandshakeException("FINISH with epoch 0!", new AlertMessage(AlertMessage.AlertLevel.FATAL, AlertMessage.AlertDescription.UNEXPECTED_MESSAGE, getSession().getPeer()));
                    }
                    DTLSFlight dTLSFlight = this.pendingFlight.get();
                    if (dTLSFlight != null) {
                        this.LOGGER.debug("response for flight {} started", Integer.valueOf(dTLSFlight.getFlightNumber()));
                        dTLSFlight.setResponseStarted();
                    }
                    if (handshakeMessage instanceof FragmentedHandshakeMessage) {
                        handshakeMessage = handleFragmentation((FragmentedHandshakeMessage) handshakeMessage);
                    }
                    if (handshakeMessage == null) {
                        continue;
                    } else {
                        if (handshakeMessage instanceof GenericHandshakeMessage) {
                            GenericHandshakeMessage genericHandshakeMessage = (GenericHandshakeMessage) handshakeMessage;
                            HandshakeParameter parameter = this.session.getParameter();
                            if (parameter == null) {
                                this.LOGGER.warn("Cannot process handshake {} message from peer [{}], parameter are required!", genericHandshakeMessage.getMessageType(), getSession().getPeer());
                                throw new HandshakeException("Cannot process " + genericHandshakeMessage.getMessageType() + " handshake message, parameter are required!", new AlertMessage(AlertMessage.AlertLevel.FATAL, AlertMessage.AlertDescription.INTERNAL_ERROR, this.session.getPeer()));
                            }
                            handshakeMessage = genericHandshakeMessage.getSpecificHandshakeMessage(parameter);
                        }
                        if (this.lastFlight) {
                            this.LOGGER.debug("Received ({}) FINISHED message again, retransmitting last flight...", getPeerAddress());
                            dTLSFlight.incrementTries();
                            dTLSFlight.setNewSequenceNumbers();
                            sendFlight(dTLSFlight);
                        } else {
                            if (this.LOGGER.isDebugEnabled()) {
                                StringBuilder sb = new StringBuilder();
                                sb.append(String.format("Processing %s message from peer [%s], seqn: [%d]", handshakeMessage.getMessageType(), handshakeMessage.getPeer(), Integer.valueOf(handshakeMessage.getMessageSeq())));
                                if (this.LOGGER.isTraceEnabled()) {
                                    sb.append(":");
                                    sb.append(StringUtil.lineSeparator());
                                    sb.append(handshakeMessage);
                                }
                                this.LOGGER.debug(sb.toString());
                            }
                            if (readEpoch == 0) {
                                this.handshakeMessages.add(handshakeMessage);
                            }
                            doProcessMessage(handshakeMessage);
                            this.LOGGER.debug("Processed {} message from peer [{}]", handshakeMessage.getMessageType(), handshakeMessage.getPeer());
                            if (!this.lastFlight) {
                                this.nextReceiveMessageSequence++;
                                this.statesIndex++;
                            }
                        }
                    }
                }
                this.session.markRecordAsRead(readEpoch, nextRecord.getSequenceNumber());
                this.inboundMessageBuffer.clean(nextRecord.getSequenceNumber());
                nextRecord = this.inboundMessageBuffer.getNextRecord();
            }
            if (this.session.getReadEpoch() > readEpoch) {
                SerialExecutor executor = this.connection.getExecutor();
                List<Record> takeDeferredRecords = takeDeferredRecords();
                if (this.deferredRecordsSize > 0) {
                    throw new HandshakeException(String.format("Received unexpected message left from peer %s", record.getPeerAddress()), new AlertMessage(AlertMessage.AlertLevel.FATAL, AlertMessage.AlertDescription.HANDSHAKE_FAILURE, record.getPeerAddress()));
                }
                for (final Record record2 : takeDeferredRecords) {
                    if (executor != null) {
                        executor.execute(new Runnable() { // from class: org.eclipse.californium.scandium.dtls.Handshaker.1
                            @Override // java.lang.Runnable
                            public void run() {
                                Handshaker.this.recordLayer.processRecord(record2, Handshaker.this.connection);
                            }
                        });
                    } else {
                        this.recordLayer.processRecord(record2, this.connection);
                    }
                }
            }
        } catch (GeneralSecurityException e) {
            this.LOGGER.warn("Cannot process handshake message from peer [{}] due to [{}]", getSession().getPeer(), e.getMessage(), e);
            throw new HandshakeException("Cannot process handshake message", new AlertMessage(AlertMessage.AlertLevel.FATAL, AlertMessage.AlertDescription.INTERNAL_ERROR, this.session.getPeer()));
        }
    }

    public void sendFlight(DTLSFlight dTLSFlight) {
        setPendingFlight(null);
        try {
            this.flightSendNanos = ClockUtil.nanoRealtime();
            this.recordLayer.sendFlight(dTLSFlight, this.connection);
            setPendingFlight(dTLSFlight);
        } catch (IOException e) {
            handshakeFailed(new Exception("handshake flight " + dTLSFlight.getFlightNumber() + " failed!", e));
        }
    }

    public void sendLastFlight(DTLSFlight dTLSFlight) {
        this.lastFlight = true;
        dTLSFlight.setRetransmissionNeeded(false);
        sendFlight(dTLSFlight);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public final void sessionEstablished() {
        if (this.sessionEstablished) {
            return;
        }
        this.LOGGER.debug("session established {}", this.connection);
        amendPeerPrincipal();
        this.sessionEstablished = true;
        Iterator<SessionListener> it = this.sessionListeners.iterator();
        while (it.hasNext()) {
            it.next().sessionEstablished(this, getSession());
        }
    }

    protected final void setCurrentReadState() {
        this.session.setReadState(this.isClient ? DTLSConnectionState.create(this.session.getCipherSuite(), this.session.getCompressionMethod(), this.serverWriteKey, this.serverWriteIV, this.serverWriteMACKey) : DTLSConnectionState.create(this.session.getCipherSuite(), this.session.getCompressionMethod(), this.clientWriteKey, this.clientWriteIV, this.clientWriteMACKey));
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public final void setCurrentWriteState() {
        this.session.setWriteState(this.isClient ? DTLSConnectionState.create(this.session.getCipherSuite(), this.session.getCompressionMethod(), this.clientWriteKey, this.clientWriteIV, this.clientWriteMACKey) : DTLSConnectionState.create(this.session.getCipherSuite(), this.session.getCompressionMethod(), this.serverWriteKey, this.serverWriteIV, this.serverWriteMACKey));
    }

    public void setFailureCause(Throwable th) {
        setPendingFlight(null);
        this.cause = th;
    }

    public void setPendingFlight(DTLSFlight dTLSFlight) {
        DTLSFlight andSet = this.pendingFlight.getAndSet(dTLSFlight);
        if (andSet == null || andSet == dTLSFlight) {
            return;
        }
        andSet.setResponseCompleted();
    }

    public abstract void startHandshake();

    public List<RawData> takeDeferredApplicationData() {
        ArrayList arrayList = new ArrayList(this.deferredApplicationData);
        this.deferredApplicationData.clear();
        return arrayList;
    }

    public void takeDeferredApplicationData(Handshaker handshaker) {
        this.deferredApplicationData.addAll(handshaker.takeDeferredApplicationData());
    }

    public List<Record> takeDeferredRecords() {
        ArrayList arrayList = new ArrayList(this.deferredRecords);
        this.deferredRecords.clear();
        Iterator it = arrayList.iterator();
        while (it.hasNext()) {
            removeDeferredProcessedRecord((Record) it.next());
        }
        return arrayList;
    }

    public void verifyCertificate(CertificateMessage certificateMessage) {
        if (certificateMessage.getCertificateChain() == null) {
            if (this.rpkStore.isTrusted(new RawPublicKeyIdentity(certificateMessage.getPublicKey()))) {
                return;
            }
            this.LOGGER.debug("Certificate validation failed: Raw public key is not trusted");
            throw new HandshakeException("Raw public key is not trusted", new AlertMessage(AlertMessage.AlertLevel.FATAL, AlertMessage.AlertDescription.BAD_CERTIFICATE, this.session.getPeer()));
        }
        CertificateVerifier certificateVerifier = this.certificateVerifier;
        if (certificateVerifier != null) {
            certificateVerifier.verifyCertificate(certificateMessage, this.session);
        } else {
            this.LOGGER.debug("Certificate validation failed: x509 could not be trusted!");
            throw new HandshakeException("Trust is not possible!", new AlertMessage(AlertMessage.AlertLevel.FATAL, AlertMessage.AlertDescription.UNEXPECTED_MESSAGE, this.session.getPeer()));
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public final void wrapMessage(DTLSFlight dTLSFlight, DTLSMessage dTLSMessage) {
        try {
            int i = AnonymousClass2.$SwitchMap$org$eclipse$californium$scandium$dtls$ContentType[dTLSMessage.getContentType().ordinal()];
            if (i == 1) {
                dTLSFlight.addMessage(new Record(dTLSMessage.getContentType(), this.session.getWriteEpoch(), this.session.getSequenceNumber(), dTLSMessage, this.session, false, 0));
                return;
            }
            if (i == 2) {
                wrapHandshakeMessage(dTLSFlight, (HandshakeMessage) dTLSMessage);
                return;
            }
            throw new HandshakeException("Cannot create " + dTLSMessage.getContentType() + " record for flight", new AlertMessage(AlertMessage.AlertLevel.FATAL, AlertMessage.AlertDescription.INTERNAL_ERROR, this.session.getPeer()));
        } catch (GeneralSecurityException unused) {
            throw new HandshakeException("Cannot create record", new AlertMessage(AlertMessage.AlertLevel.FATAL, AlertMessage.AlertDescription.INTERNAL_ERROR, this.session.getPeer()));
        }
    }
}
