package net.luminis.tls.handshake;

import java.nio.ByteBuffer;
import java.security.PublicKey;
import java.security.SecureRandom;
import java.security.interfaces.ECPublicKey;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collections;
import java.util.Iterator;
import java.util.List;
import java.util.Random;
import java.util.stream.Collectors;
import net.luminis.tls.TlsConstants;
import net.luminis.tls.TlsProtocolException;
import net.luminis.tls.TlsState;
import net.luminis.tls.alert.DecodeErrorException;
import net.luminis.tls.alert.IllegalParameterAlert;
import net.luminis.tls.extension.ClientHelloPreSharedKeyExtension;
import net.luminis.tls.extension.Extension;
import net.luminis.tls.extension.ExtensionParser;
import net.luminis.tls.extension.KeyShareExtension;
import net.luminis.tls.extension.PreSharedKeyExtension;
import net.luminis.tls.extension.PskKeyExchangeModesExtension;
import net.luminis.tls.extension.ServerNameExtension;
import net.luminis.tls.extension.SignatureAlgorithmsExtension;
import net.luminis.tls.extension.SupportedGroupsExtension;
import net.luminis.tls.extension.SupportedVersionsExtension;
import org.apache.commons.cli.HelpFormatter;

/* loaded from: input_file:net/luminis/tls/handshake/ClientHello.class */
public class ClientHello extends HandshakeMessage {
    private static final int MAX_CLIENT_HELLO_SIZE = 3000;
    private static final int MINIMAL_MESSAGE_LENGTH = 47;
    private final byte[] data;
    private final int pskExtensionStartPosition;
    private byte[] clientRandom;
    private List<TlsConstants.CipherSuite> cipherSuites;
    private List<Extension> extensions;
    public static final List<TlsConstants.CipherSuite> SUPPORTED_CIPHERS = List.of(TlsConstants.CipherSuite.TLS_AES_128_GCM_SHA256);
    private static final List<TlsConstants.SignatureScheme> SUPPORTED_SIGNATURES = List.of(TlsConstants.SignatureScheme.rsa_pss_rsae_sha256);
    private static Random random = new Random();
    private static SecureRandom secureRandom = new SecureRandom();

    /* JADX INFO: Access modifiers changed from: package-private */
    /* renamed from: net.luminis.tls.handshake.ClientHello$1, reason: invalid class name */
    /* loaded from: input_file:net/luminis/tls/handshake/ClientHello$1.class */
    public static /* synthetic */ class AnonymousClass1 {
        static final /* synthetic */ int[] $SwitchMap$net$luminis$tls$handshake$ClientHello$PskKeyEstablishmentMode = new int[PskKeyEstablishmentMode.values().length];

        static {
            try {
                $SwitchMap$net$luminis$tls$handshake$ClientHello$PskKeyEstablishmentMode[PskKeyEstablishmentMode.PSKonly.ordinal()] = 1;
            } catch (NoSuchFieldError e) {
            }
            try {
                $SwitchMap$net$luminis$tls$handshake$ClientHello$PskKeyEstablishmentMode[PskKeyEstablishmentMode.PSKwithDHE.ordinal()] = 2;
            } catch (NoSuchFieldError e2) {
            }
            try {
                $SwitchMap$net$luminis$tls$handshake$ClientHello$PskKeyEstablishmentMode[PskKeyEstablishmentMode.both.ordinal()] = 3;
            } catch (NoSuchFieldError e3) {
            }
        }
    }

    /* loaded from: input_file:net/luminis/tls/handshake/ClientHello$PskKeyEstablishmentMode.class */
    public enum PskKeyEstablishmentMode {
        none,
        PSKonly,
        PSKwithDHE,
        both
    }

    public ClientHello(ByteBuffer byteBuffer, ExtensionParser extensionParser) throws TlsProtocolException, IllegalParameterAlert {
        this.cipherSuites = new ArrayList();
        int position = byteBuffer.position();
        if (byteBuffer.remaining() < 4) {
            throw new DecodeErrorException("message underflow");
        }
        if (byteBuffer.remaining() < MINIMAL_MESSAGE_LENGTH) {
            throw new DecodeErrorException("message underflow");
        }
        if (byteBuffer.get() != TlsConstants.HandshakeType.client_hello.value) {
            throw new RuntimeException();
        }
        if (byteBuffer.remaining() < (((byteBuffer.get() & 255) << 16) | ((byteBuffer.get() & 255) << 8) | (byteBuffer.get() & 255))) {
            throw new DecodeErrorException("message underflow");
        }
        if (byteBuffer.getShort() != 771) {
            throw new DecodeErrorException("legacy version must be 0303");
        }
        this.clientRandom = new byte[32];
        byteBuffer.get(this.clientRandom);
        int i = byteBuffer.get();
        if (i > 0) {
            byteBuffer.get(new byte[i]);
        }
        int i2 = byteBuffer.getShort();
        for (int i3 = 0; i3 < i2; i3 += 2) {
            short s = byteBuffer.getShort();
            Arrays.stream(TlsConstants.CipherSuite.values()).filter(cipherSuite -> {
                return cipherSuite.value == s;
            }).findFirst().ifPresent(cipherSuite2 -> {
                this.cipherSuites.add(cipherSuite2);
            });
        }
        byte b = byteBuffer.get();
        byte b2 = byteBuffer.get();
        if (b != 1 || b2 != 0) {
            throw new IllegalParameterAlert("Invalid legacy compression method");
        }
        int position2 = byteBuffer.position();
        this.extensions = parseExtensions(byteBuffer, TlsConstants.HandshakeType.client_hello, extensionParser);
        if (this.extensions.stream().anyMatch(extension -> {
            return extension instanceof PreSharedKeyExtension;
        })) {
            byteBuffer.position(position2);
            this.pskExtensionStartPosition = findPositionLastExtension(byteBuffer);
            if (!(this.extensions.get(this.extensions.size() - 1) instanceof PreSharedKeyExtension)) {
                throw new IllegalParameterAlert("pre_shared_key extension MUST be the last extension in the ClientHello");
            }
        } else {
            this.pskExtensionStartPosition = -1;
        }
        this.data = new byte[byteBuffer.position() - position];
        byteBuffer.position(position);
        byteBuffer.get(this.data);
    }

    public ClientHello(String str, ECPublicKey eCPublicKey) {
        this(str, eCPublicKey, true, SUPPORTED_CIPHERS, SUPPORTED_SIGNATURES, TlsConstants.NamedGroup.secp256r1, Collections.emptyList(), null, PskKeyEstablishmentMode.both);
    }

    public ClientHello(String str, ECPublicKey eCPublicKey, boolean z, List<Extension> list) {
        this(str, eCPublicKey, z, SUPPORTED_CIPHERS, SUPPORTED_SIGNATURES, TlsConstants.NamedGroup.secp256r1, list, null, PskKeyEstablishmentMode.both);
    }

    public ClientHello(String str, PublicKey publicKey, boolean z, List<TlsConstants.CipherSuite> list, List<TlsConstants.SignatureScheme> list2, TlsConstants.NamedGroup namedGroup, List<Extension> list3, TlsState tlsState, PskKeyEstablishmentMode pskKeyEstablishmentMode) {
        byte[] bArr;
        this.cipherSuites = new ArrayList();
        this.cipherSuites = list;
        ByteBuffer allocate = ByteBuffer.allocate(MAX_CLIENT_HELLO_SIZE);
        allocate.put((byte) 1);
        allocate.put(new byte[3]);
        allocate.put((byte) 3);
        allocate.put((byte) 3);
        this.clientRandom = new byte[32];
        secureRandom.nextBytes(this.clientRandom);
        allocate.put(this.clientRandom);
        if (z) {
            bArr = new byte[32];
            random.nextBytes(bArr);
        } else {
            bArr = new byte[0];
        }
        allocate.put((byte) bArr.length);
        if (bArr.length > 0) {
            allocate.put(bArr);
        }
        allocate.putShort((short) (list.size() * 2));
        Iterator<TlsConstants.CipherSuite> it = list.iterator();
        while (it.hasNext()) {
            allocate.putShort(it.next().value);
        }
        allocate.put(new byte[]{1, 0});
        Extension[] extensionArr = {new ServerNameExtension(str), new SupportedVersionsExtension(TlsConstants.HandshakeType.client_hello), new SupportedGroupsExtension(namedGroup), new SignatureAlgorithmsExtension(list2), new KeyShareExtension(publicKey, namedGroup, TlsConstants.HandshakeType.client_hello)};
        this.extensions = new ArrayList();
        this.extensions.addAll(List.of((Object[]) extensionArr));
        if (pskKeyEstablishmentMode != PskKeyEstablishmentMode.none) {
            this.extensions.add(createPskKeyExchangeModesExtension(pskKeyEstablishmentMode));
        }
        this.extensions.addAll(list3);
        ClientHelloPreSharedKeyExtension clientHelloPreSharedKeyExtension = null;
        allocate.putShort((short) this.extensions.stream().mapToInt(extension -> {
            return extension.getBytes().length;
        }).sum());
        int i = -1;
        for (Extension extension2 : this.extensions) {
            if (extension2 instanceof ClientHelloPreSharedKeyExtension) {
                clientHelloPreSharedKeyExtension = (ClientHelloPreSharedKeyExtension) extension2;
                i = allocate.position();
            }
            allocate.put(extension2.getBytes());
        }
        this.pskExtensionStartPosition = i;
        allocate.limit(allocate.position());
        int position = allocate.position() - 4;
        allocate.putShort(2, (short) position);
        this.data = new byte[position + 4];
        allocate.rewind();
        allocate.get(this.data);
        if (clientHelloPreSharedKeyExtension != null) {
            if (tlsState == null) {
                throw new IllegalArgumentException("TlsState cannot be null when ClientHelloPreSharedKeyExtension is present");
            }
            clientHelloPreSharedKeyExtension.calculateBinder(this.data, i, tlsState);
            allocate.position(i);
            allocate.put(clientHelloPreSharedKeyExtension.getBytes());
            allocate.rewind();
            allocate.get(this.data);
        }
    }

    private PskKeyExchangeModesExtension createPskKeyExchangeModesExtension(PskKeyEstablishmentMode pskKeyEstablishmentMode) {
        switch (AnonymousClass1.$SwitchMap$net$luminis$tls$handshake$ClientHello$PskKeyEstablishmentMode[pskKeyEstablishmentMode.ordinal()]) {
            case HelpFormatter.DEFAULT_LEFT_PAD /* 1 */:
                return new PskKeyExchangeModesExtension(TlsConstants.PskKeyExchangeMode.psk_ke);
            case 2:
                return new PskKeyExchangeModesExtension(TlsConstants.PskKeyExchangeMode.psk_dhe_ke);
            case 3:
                return new PskKeyExchangeModesExtension(TlsConstants.PskKeyExchangeMode.psk_ke, TlsConstants.PskKeyExchangeMode.psk_dhe_ke);
            default:
                throw new IllegalArgumentException();
        }
    }

    @Override // net.luminis.tls.handshake.HandshakeMessage
    public TlsConstants.HandshakeType getType() {
        return TlsConstants.HandshakeType.client_hello;
    }

    @Override // net.luminis.tls.handshake.HandshakeMessage
    public byte[] getBytes() {
        return this.data;
    }

    public byte[] getClientRandom() {
        return this.clientRandom;
    }

    public List<TlsConstants.CipherSuite> getCipherSuites() {
        return this.cipherSuites;
    }

    public List<Extension> getExtensions() {
        return this.extensions;
    }

    public int getPskExtensionStartPosition() {
        return this.pskExtensionStartPosition;
    }

    public String toString() {
        return "ClientHello[" + ((String) this.cipherSuites.stream().map(cipherSuite -> {
            return cipherSuite.toString();
        }).collect(Collectors.joining(","))) + "|" + ((String) this.extensions.stream().map(extension -> {
            return extension.toString();
        }).collect(Collectors.joining(","))) + "]";
    }
}
