package org.eclipse.californium.scandium.dtls;

import java.net.InetSocketAddress;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.PublicKey;
import java.security.SecureRandom;
import java.security.cert.Certificate;
import java.security.interfaces.ECPublicKey;
import java.security.spec.ECParameterSpec;
import java.util.logging.Level;
import org.eclipse.californium.elements.RawData;
import org.eclipse.californium.scandium.DTLSConnectorConfig;
import org.eclipse.californium.scandium.dtls.AlertMessage;
import org.eclipse.californium.scandium.dtls.CertificateTypeExtension;
import org.eclipse.californium.scandium.dtls.cipher.CipherSuite;
import org.eclipse.californium.scandium.dtls.cipher.ECDHECryptography;
import org.eclipse.californium.scandium.dtls.pskstore.PskStore;
import org.eclipse.californium.scandium.util.ByteArrayUtils;

/* loaded from: input_file:org/eclipse/californium/scandium/dtls/ClientHandshaker.class */
public class ClientHandshaker extends Handshaker {
    private ProtocolVersion maxProtocolVersion;
    private PublicKey serverPublicKey;
    private ECPublicKey ephemeralServerPublicKey;
    protected ClientHello clientHello;
    private final CipherSuite preferredCipherSuite;
    private final boolean useRawPublicKey;
    protected ServerHello serverHello;
    protected CertificateMessage serverCertificate;
    protected CertificateRequest certificateRequest;
    protected ServerKeyExchange serverKeyExchange;
    protected ServerHelloDone serverHelloDone;
    protected byte[] handshakeHash;
    protected final PskStore pskStore;

    /* JADX INFO: Access modifiers changed from: package-private */
    /* renamed from: org.eclipse.californium.scandium.dtls.ClientHandshaker$1, reason: invalid class name */
    /* loaded from: input_file:org/eclipse/californium/scandium/dtls/ClientHandshaker$1.class */
    public static /* synthetic */ class AnonymousClass1 {
        static final /* synthetic */ int[] $SwitchMap$org$eclipse$californium$scandium$dtls$cipher$CipherSuite$KeyExchangeAlgorithm;
        static final /* synthetic */ int[] $SwitchMap$org$eclipse$californium$scandium$dtls$HandshakeType;
        static final /* synthetic */ int[] $SwitchMap$org$eclipse$californium$scandium$dtls$ContentType = new int[ContentType.values().length];

        static {
            try {
                $SwitchMap$org$eclipse$californium$scandium$dtls$ContentType[ContentType.ALERT.ordinal()] = 1;
            } catch (NoSuchFieldError e) {
            }
            try {
                $SwitchMap$org$eclipse$californium$scandium$dtls$ContentType[ContentType.CHANGE_CIPHER_SPEC.ordinal()] = 2;
            } catch (NoSuchFieldError e2) {
            }
            try {
                $SwitchMap$org$eclipse$californium$scandium$dtls$ContentType[ContentType.HANDSHAKE.ordinal()] = 3;
            } catch (NoSuchFieldError e3) {
            }
            $SwitchMap$org$eclipse$californium$scandium$dtls$HandshakeType = new int[HandshakeType.values().length];
            try {
                $SwitchMap$org$eclipse$californium$scandium$dtls$HandshakeType[HandshakeType.HELLO_REQUEST.ordinal()] = 1;
            } catch (NoSuchFieldError e4) {
            }
            try {
                $SwitchMap$org$eclipse$californium$scandium$dtls$HandshakeType[HandshakeType.HELLO_VERIFY_REQUEST.ordinal()] = 2;
            } catch (NoSuchFieldError e5) {
            }
            try {
                $SwitchMap$org$eclipse$californium$scandium$dtls$HandshakeType[HandshakeType.SERVER_HELLO.ordinal()] = 3;
            } catch (NoSuchFieldError e6) {
            }
            try {
                $SwitchMap$org$eclipse$californium$scandium$dtls$HandshakeType[HandshakeType.CERTIFICATE.ordinal()] = 4;
            } catch (NoSuchFieldError e7) {
            }
            try {
                $SwitchMap$org$eclipse$californium$scandium$dtls$HandshakeType[HandshakeType.SERVER_KEY_EXCHANGE.ordinal()] = 5;
            } catch (NoSuchFieldError e8) {
            }
            try {
                $SwitchMap$org$eclipse$californium$scandium$dtls$HandshakeType[HandshakeType.CERTIFICATE_REQUEST.ordinal()] = 6;
            } catch (NoSuchFieldError e9) {
            }
            try {
                $SwitchMap$org$eclipse$californium$scandium$dtls$HandshakeType[HandshakeType.SERVER_HELLO_DONE.ordinal()] = 7;
            } catch (NoSuchFieldError e10) {
            }
            try {
                $SwitchMap$org$eclipse$californium$scandium$dtls$HandshakeType[HandshakeType.FINISHED.ordinal()] = 8;
            } catch (NoSuchFieldError e11) {
            }
            $SwitchMap$org$eclipse$californium$scandium$dtls$cipher$CipherSuite$KeyExchangeAlgorithm = new int[CipherSuite.KeyExchangeAlgorithm.values().length];
            try {
                $SwitchMap$org$eclipse$californium$scandium$dtls$cipher$CipherSuite$KeyExchangeAlgorithm[CipherSuite.KeyExchangeAlgorithm.EC_DIFFIE_HELLMAN.ordinal()] = 1;
            } catch (NoSuchFieldError e12) {
            }
            try {
                $SwitchMap$org$eclipse$californium$scandium$dtls$cipher$CipherSuite$KeyExchangeAlgorithm[CipherSuite.KeyExchangeAlgorithm.PSK.ordinal()] = 2;
            } catch (NoSuchFieldError e13) {
            }
            try {
                $SwitchMap$org$eclipse$californium$scandium$dtls$cipher$CipherSuite$KeyExchangeAlgorithm[CipherSuite.KeyExchangeAlgorithm.NULL.ordinal()] = 3;
            } catch (NoSuchFieldError e14) {
            }
        }
    }

    public ClientHandshaker(InetSocketAddress inetSocketAddress, RawData rawData, DTLSSession dTLSSession, Certificate[] certificateArr, DTLSConnectorConfig dTLSConnectorConfig) {
        super(inetSocketAddress, true, dTLSSession, certificateArr);
        this.maxProtocolVersion = new ProtocolVersion();
        this.clientHello = null;
        this.serverCertificate = null;
        this.certificateRequest = null;
        this.serverKeyExchange = null;
        this.handshakeHash = null;
        this.message = rawData;
        this.privateKey = dTLSConnectorConfig.privateKey;
        this.certificates = dTLSConnectorConfig.certChain;
        this.publicKey = (this.certificates == null || this.certificates.length <= 0) ? dTLSConnectorConfig.publicKey : this.certificates[0].getPublicKey();
        this.pskStore = dTLSConnectorConfig.pskStore;
        this.useRawPublicKey = dTLSConnectorConfig.sendRawKey;
        this.preferredCipherSuite = dTLSConnectorConfig.preferredCipherSuite;
    }

    @Override // org.eclipse.californium.scandium.dtls.Handshaker
    public synchronized DTLSFlight processMessage(Record record) throws HandshakeException {
        DTLSFlight dTLSFlight = null;
        if (!processMessageNext(record)) {
            return null;
        }
        switch (AnonymousClass1.$SwitchMap$org$eclipse$californium$scandium$dtls$ContentType[record.getType().ordinal()]) {
            case 1:
                record.getFragment();
                break;
            case 2:
                record.getFragment();
                setCurrentReadState();
                this.session.incrementReadEpoch();
                break;
            case Handshaker.CLIENT_FINISHED_LABEL /* 3 */:
                HandshakeMessage handshakeMessage = (HandshakeMessage) record.getFragment();
                if (handshakeMessage instanceof FragmentedHandshakeMessage) {
                    handshakeMessage = handleFragmentation((FragmentedHandshakeMessage) handshakeMessage);
                    if (handshakeMessage != null) {
                        record.setFragment(handshakeMessage);
                    }
                }
                switch (AnonymousClass1.$SwitchMap$org$eclipse$californium$scandium$dtls$HandshakeType[handshakeMessage.getMessageType().ordinal()]) {
                    case 1:
                        dTLSFlight = receivedHelloRequest((HelloRequest) handshakeMessage);
                        break;
                    case 2:
                        dTLSFlight = receivedHelloVerifyRequest((HelloVerifyRequest) handshakeMessage);
                        break;
                    case Handshaker.CLIENT_FINISHED_LABEL /* 3 */:
                        receivedServerHello((ServerHello) handshakeMessage);
                        break;
                    case Handshaker.SERVER_FINISHED_LABEL /* 4 */:
                        receivedServerCertificate((CertificateMessage) handshakeMessage);
                        break;
                    case Handshaker.TEST_LABEL /* 5 */:
                        switch (AnonymousClass1.$SwitchMap$org$eclipse$californium$scandium$dtls$cipher$CipherSuite$KeyExchangeAlgorithm[this.keyExchange.ordinal()]) {
                            case 1:
                                receivedServerKeyExchange((ECDHServerKeyExchange) handshakeMessage);
                                break;
                            case 2:
                                this.serverKeyExchange = (PSKServerKeyExchange) handshakeMessage;
                                break;
                            case Handshaker.CLIENT_FINISHED_LABEL /* 3 */:
                                LOGGER.info("Received unexpected ServerKeyExchange message in NULL key exchange mode.");
                                break;
                            default:
                                throw new HandshakeException("Not supported server key exchange algorithm: " + this.keyExchange, new AlertMessage(AlertMessage.AlertLevel.FATAL, AlertMessage.AlertDescription.HANDSHAKE_FAILURE));
                        }
                    case Handshaker.TEST_LABEL_2 /* 6 */:
                        this.certificateRequest = (CertificateRequest) handshakeMessage;
                        break;
                    case Handshaker.TEST_LABEL_3 /* 7 */:
                        dTLSFlight = receivedServerHelloDone((ServerHelloDone) handshakeMessage);
                        break;
                    case 8:
                        dTLSFlight = receivedServerFinished((Finished) handshakeMessage);
                        break;
                    default:
                        throw new HandshakeException("Client received unexpected handshake message:\n" + handshakeMessage.toString(), new AlertMessage(AlertMessage.AlertLevel.FATAL, AlertMessage.AlertDescription.UNEXPECTED_MESSAGE));
                }
            default:
                throw new HandshakeException("Client received not supported record:\n" + record.toString(), new AlertMessage(AlertMessage.AlertLevel.FATAL, AlertMessage.AlertDescription.HANDSHAKE_FAILURE));
        }
        if (dTLSFlight == null) {
            Record record2 = null;
            for (Record record3 : this.queuedMessages) {
                if (processMessageNext(record3)) {
                    record2 = record3;
                }
            }
            if (record2 != null) {
                dTLSFlight = processMessage(record2);
            }
        }
        if (LOGGER.isLoggable(Level.FINE)) {
            LOGGER.fine("DTLS Message processed (" + this.endpointAddress.toString() + "):\n" + record.toString());
        }
        return dTLSFlight;
    }

    private DTLSFlight receivedServerFinished(Finished finished) throws HandshakeException {
        DTLSFlight dTLSFlight = new DTLSFlight();
        finished.verifyData(getMasterSecret(), false, this.handshakeHash);
        this.state = HandshakeType.FINISHED.getCode();
        this.session.setActive(true);
        dTLSFlight.addMessage(wrapMessage(new ApplicationMessage(this.message.getBytes())));
        dTLSFlight.setRetransmissionNeeded(false);
        return dTLSFlight;
    }

    private DTLSFlight receivedHelloRequest(HelloRequest helloRequest) {
        if (this.state < HandshakeType.HELLO_REQUEST.getCode()) {
            return getStartHandshakeMessage();
        }
        return null;
    }

    private DTLSFlight receivedHelloVerifyRequest(HelloVerifyRequest helloVerifyRequest) {
        this.clientHello.setCookie(helloVerifyRequest.getCookie());
        this.clientHello.setFragmentLength(this.clientHello.getMessageLength());
        DTLSFlight dTLSFlight = new DTLSFlight();
        dTLSFlight.addMessage(wrapMessage(this.clientHello));
        return dTLSFlight;
    }

    private void receivedServerHello(ServerHello serverHello) {
        if (this.serverHello == null || serverHello.getMessageSeq() != this.serverHello.getMessageSeq()) {
            this.serverHello = serverHello;
            this.usedProtocol = serverHello.getServerVersion();
            this.serverRandom = serverHello.getRandom();
            this.session.setSessionIdentifier(serverHello.getSessionId());
            setCipherSuite(serverHello.getCipherSuite());
            setCompressionMethod(serverHello.getCompressionMethod());
            ClientCertificateTypeExtension clientCertificateTypeExtension = this.serverHello.getClientCertificateTypeExtension();
            if (clientCertificateTypeExtension != null && clientCertificateTypeExtension.getCertificateTypes().get(0) == CertificateTypeExtension.CertificateType.RAW_PUBLIC_KEY) {
                this.session.setReceiveRawPublicKey(true);
            }
            ServerCertificateTypeExtension serverCertificateTypeExtension = this.serverHello.getServerCertificateTypeExtension();
            if (serverCertificateTypeExtension == null || serverCertificateTypeExtension.getCertificateTypes().get(0) != CertificateTypeExtension.CertificateType.RAW_PUBLIC_KEY) {
                return;
            }
            this.session.setSendRawPublicKey(true);
        }
    }

    private void receivedServerCertificate(CertificateMessage certificateMessage) throws HandshakeException {
        if (this.serverCertificate == null || this.serverCertificate.getMessageSeq() != certificateMessage.getMessageSeq()) {
            this.serverCertificate = certificateMessage;
            this.serverPublicKey = this.serverCertificate.getPublicKey();
            this.session.setPeerRawPublicKey(this.serverPublicKey);
            this.serverCertificate.verifyCertificate(this.rootCertificates);
        }
    }

    private void receivedServerKeyExchange(ECDHServerKeyExchange eCDHServerKeyExchange) throws HandshakeException {
        if (this.serverKeyExchange == null || this.serverKeyExchange.getMessageSeq() != eCDHServerKeyExchange.getMessageSeq()) {
            this.serverKeyExchange = eCDHServerKeyExchange;
            eCDHServerKeyExchange.verifySignature(this.serverPublicKey, this.clientRandom, this.serverRandom);
            ECParameterSpec eCParameterSpec = ECDHServerKeyExchange.NAMED_CURVE_PARAMETERS.get(Integer.valueOf(eCDHServerKeyExchange.getCurveId()));
            if (eCParameterSpec == null) {
                throw new HandshakeException("Server used unsupported elliptic curve for ECDH", new AlertMessage(AlertMessage.AlertLevel.FATAL, AlertMessage.AlertDescription.HANDSHAKE_FAILURE));
            }
            this.ephemeralServerPublicKey = eCDHServerKeyExchange.getPublicKey(eCParameterSpec);
            this.ecdhe = new ECDHECryptography(this.ephemeralServerPublicKey.getParams());
        }
    }

    private DTLSFlight receivedServerHelloDone(ServerHelloDone serverHelloDone) throws HandshakeException {
        DTLSMessage nULLClientKeyExchange;
        DTLSFlight dTLSFlight = new DTLSFlight();
        if (this.serverHelloDone != null && this.serverHelloDone.getMessageSeq() == serverHelloDone.getMessageSeq()) {
            return dTLSFlight;
        }
        this.serverHelloDone = serverHelloDone;
        CertificateMessage certificateMessage = null;
        CertificateVerify certificateVerify = null;
        if (this.certificateRequest != null) {
            certificateMessage = this.session.sendRawPublicKey() ? new CertificateMessage(this.publicKey.getEncoded()) : new CertificateMessage(this.certificates);
            dTLSFlight.addMessage(wrapMessage(certificateMessage));
        }
        switch (AnonymousClass1.$SwitchMap$org$eclipse$californium$scandium$dtls$cipher$CipherSuite$KeyExchangeAlgorithm[this.keyExchange.ordinal()]) {
            case 1:
                nULLClientKeyExchange = new ECDHClientKeyExchange(this.ecdhe.getPublicKey());
                generateKeys(this.ecdhe.getSecret(this.ephemeralServerPublicKey).getEncoded());
                break;
            case 2:
                String identity = this.pskStore.getIdentity(this.endpointAddress);
                if (identity != null) {
                    this.session.setPskIdentity(identity);
                    byte[] key = this.pskStore.getKey(identity);
                    if (key != null) {
                        nULLClientKeyExchange = new PSKClientKeyExchange(identity);
                        if (LOGGER.isLoggable(Level.INFO)) {
                            LOGGER.info("Using PSK identity: " + identity);
                        }
                        generateKeys(generatePremasterSecretFromPSK(key));
                        break;
                    } else {
                        throw new HandshakeException("No preshared secret found for identity: " + identity, new AlertMessage(AlertMessage.AlertLevel.FATAL, AlertMessage.AlertDescription.HANDSHAKE_FAILURE));
                    }
                } else {
                    throw new HandshakeException("No Identity found for peer: " + this.endpointAddress, new AlertMessage(AlertMessage.AlertLevel.FATAL, AlertMessage.AlertDescription.HANDSHAKE_FAILURE));
                }
            case Handshaker.CLIENT_FINISHED_LABEL /* 3 */:
                nULLClientKeyExchange = new NULLClientKeyExchange();
                generateKeys(new byte[0]);
                break;
            default:
                throw new HandshakeException("Unknown key exchange algorithm: " + this.keyExchange, new AlertMessage(AlertMessage.AlertLevel.FATAL, AlertMessage.AlertDescription.HANDSHAKE_FAILURE));
        }
        dTLSFlight.addMessage(wrapMessage(nULLClientKeyExchange));
        if (this.certificateRequest != null) {
            this.handshakeMessages = ByteArrayUtils.concatenate(this.handshakeMessages, this.clientHello.toByteArray());
            this.handshakeMessages = ByteArrayUtils.concatenate(this.handshakeMessages, this.serverHello.toByteArray());
            this.handshakeMessages = ByteArrayUtils.concatenate(this.handshakeMessages, this.serverCertificate.toByteArray());
            this.handshakeMessages = ByteArrayUtils.concatenate(this.handshakeMessages, this.serverKeyExchange.toByteArray());
            this.handshakeMessages = ByteArrayUtils.concatenate(this.handshakeMessages, this.certificateRequest.toByteArray());
            this.handshakeMessages = ByteArrayUtils.concatenate(this.handshakeMessages, this.serverHelloDone.toByteArray());
            this.handshakeMessages = ByteArrayUtils.concatenate(this.handshakeMessages, certificateMessage.toByteArray());
            this.handshakeMessages = ByteArrayUtils.concatenate(this.handshakeMessages, nULLClientKeyExchange.toByteArray());
            certificateVerify = new CertificateVerify(this.certificateRequest.getSupportedSignatureAlgorithms().get(0), this.privateKey, this.handshakeMessages);
            dTLSFlight.addMessage(wrapMessage(certificateVerify));
        }
        dTLSFlight.addMessage(wrapMessage(new ChangeCipherSpecMessage()));
        setCurrentWriteState();
        this.session.incrementWriteEpoch();
        try {
            MessageDigest messageDigest = MessageDigest.getInstance("SHA-256");
            messageDigest.update(this.clientHello.toByteArray());
            messageDigest.update(this.serverHello.toByteArray());
            if (this.serverCertificate != null) {
                messageDigest.update(this.serverCertificate.toByteArray());
            }
            if (this.serverKeyExchange != null) {
                messageDigest.update(this.serverKeyExchange.toByteArray());
            }
            if (this.certificateRequest != null) {
                messageDigest.update(this.certificateRequest.toByteArray());
            }
            messageDigest.update(this.serverHelloDone.toByteArray());
            if (certificateMessage != null) {
                messageDigest.update(certificateMessage.toByteArray());
            }
            messageDigest.update(nULLClientKeyExchange.toByteArray());
            if (certificateVerify != null) {
                messageDigest.update(certificateVerify.toByteArray());
            }
            MessageDigest messageDigest2 = null;
            try {
                messageDigest2 = (MessageDigest) messageDigest.clone();
            } catch (CloneNotSupportedException e) {
                LOGGER.log(Level.SEVERE, "Clone not supported.", (Throwable) e);
            }
            this.handshakeHash = messageDigest.digest();
            Finished finished = new Finished(getMasterSecret(), this.isClient, this.handshakeHash);
            dTLSFlight.addMessage(wrapMessage(finished));
            messageDigest2.update(finished.toByteArray());
            this.handshakeHash = messageDigest2.digest();
        } catch (NoSuchAlgorithmException e2) {
            LOGGER.log(Level.SEVERE, "No such Message Digest Algorithm available.", (Throwable) e2);
        }
        return dTLSFlight;
    }

    @Override // org.eclipse.californium.scandium.dtls.Handshaker
    public DTLSFlight getStartHandshakeMessage() {
        ClientHello clientHello = new ClientHello(this.maxProtocolVersion, new SecureRandom(), this.useRawPublicKey);
        this.clientRandom = clientHello.getRandom();
        if (this.preferredCipherSuite == CipherSuite.TLS_PSK_WITH_AES_128_CCM_8) {
            clientHello.addCipherSuite(CipherSuite.TLS_PSK_WITH_AES_128_CCM_8);
            clientHello.addCipherSuite(CipherSuite.TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8);
        } else {
            clientHello.addCipherSuite(CipherSuite.TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8);
            clientHello.addCipherSuite(CipherSuite.TLS_PSK_WITH_AES_128_CCM_8);
        }
        clientHello.addCompressionMethod(CompressionMethod.NULL);
        this.state = clientHello.getMessageType().getCode();
        this.clientHello = clientHello;
        DTLSFlight dTLSFlight = new DTLSFlight();
        dTLSFlight.addMessage(wrapMessage(clientHello));
        return dTLSFlight;
    }
}
