package org.eclipse.californium.scandium.dtls;

import java.security.MessageDigest;
import java.util.Objects;
import java.util.concurrent.ScheduledExecutorService;
import org.eclipse.californium.elements.util.NoPublicAPI;
import org.eclipse.californium.scandium.config.DtlsConnectorConfig;
import org.eclipse.californium.scandium.dtls.AlertMessage;
import org.eclipse.californium.scandium.dtls.cipher.CipherSuite;
import org.eclipse.californium.scandium.dtls.resumption.ResumptionVerifier;
import org.eclipse.californium.scandium.util.SecretUtil;
import org.eclipse.californium.scandium.util.ServerNames;

@NoPublicAPI
/* loaded from: classes17.dex */
public class ResumingServerHandshaker extends ServerHandshaker {
    private static final HandshakeState[] ABBREVIATED_HANDSHAKE = {new HandshakeState(ContentType.CHANGE_CIPHER_SPEC), new HandshakeState(HandshakeType.FINISHED)};
    private boolean fullHandshake;
    private byte[] handshakeHash;
    private ClientHello pendingClientHello;
    private final ResumptionVerifier resumptionHandler;

    /* renamed from: org.eclipse.californium.scandium.dtls.ResumingServerHandshaker$1, reason: invalid class name */
    /* loaded from: classes17.dex */
    static /* synthetic */ class AnonymousClass1 {
        static final /* synthetic */ int[] $SwitchMap$org$eclipse$californium$scandium$dtls$HandshakeType;

        static {
            int[] iArr = new int[HandshakeType.values().length];
            $SwitchMap$org$eclipse$californium$scandium$dtls$HandshakeType = iArr;
            try {
                iArr[HandshakeType.CLIENT_HELLO.ordinal()] = 1;
            } catch (NoSuchFieldError unused) {
            }
            try {
                $SwitchMap$org$eclipse$californium$scandium$dtls$HandshakeType[HandshakeType.FINISHED.ordinal()] = 2;
            } catch (NoSuchFieldError unused2) {
            }
        }
    }

    public ResumingServerHandshaker(long j, int i, RecordLayer recordLayer, ScheduledExecutorService scheduledExecutorService, Connection connection, DtlsConnectorConfig dtlsConnectorConfig) {
        super(j, i, recordLayer, scheduledExecutorService, connection, dtlsConnectorConfig);
        ResumptionVerifier resumptionVerifier = dtlsConnectorConfig.getResumptionVerifier();
        this.resumptionHandler = resumptionVerifier;
        if (resumptionVerifier == null) {
            throw new IllegalArgumentException("Resumption verifier missing!");
        }
    }

    private void processResumingClientHello(ClientHello clientHello) throws HandshakeException {
        DTLSSession session = getSession();
        CipherSuite cipherSuite = session.getCipherSuite();
        this.LOGGER.debug("Start resumption-handshake with peer [{}].", this.peerToLog);
        this.clientRandom = clientHello.getRandom();
        this.serverRandom = new Random();
        this.flightNumber += 2;
        DTLSFlight createFlight = createFlight();
        ServerHello serverHello = new ServerHello(clientHello.getClientVersion(), this.serverRandom, session.getSessionIdentifier(), cipherSuite, session.getCompressionMethod());
        addHelloExtensions(clientHello, serverHello);
        wrapMessage(createFlight, serverHello);
        wrapMessage(createFlight, new ChangeCipherSpecMessage());
        MessageDigest handshakeMessageDigest = getHandshakeMessageDigest();
        MessageDigest cloneMessageDigest = cloneMessageDigest(handshakeMessageDigest);
        resumeMasterSecret();
        setCurrentWriteState();
        Finished createFinishedMessage = createFinishedMessage(handshakeMessageDigest.digest());
        wrapMessage(createFlight, createFinishedMessage);
        cloneMessageDigest.update(createFinishedMessage.toByteArray());
        this.handshakeHash = cloneMessageDigest.digest();
        sendFlight(createFlight);
        setExpectedStates(ABBREVIATED_HANDSHAKE);
        expectChangeCipherSpecMessage();
    }

    private void processResumptionVerificationResult(ResumptionVerificationResult resumptionVerificationResult) throws HandshakeException {
        ClientHello clientHello = this.pendingClientHello;
        if (clientHello == null) {
            throw new IllegalStateException("resumption verification not pending!");
        }
        this.pendingClientHello = null;
        DTLSSession dTLSSession = resumptionVerificationResult.getDTLSSession();
        boolean z = !validateResumption(dTLSSession, clientHello);
        this.fullHandshake = z;
        if (z) {
            this.LOGGER.debug("DTLS session {} not available, switch to full-handshake with peer [{}]!", clientHello.getSessionId(), this.peerToLog);
            SecretUtil.destroy(dTLSSession);
            receivedClientHello(clientHello);
        } else {
            getSession().set(dTLSSession);
            SecretUtil.destroy(dTLSSession);
            setCustomArgument(resumptionVerificationResult);
            processResumingClientHello(clientHello);
        }
    }

    private void receivedClientFinished(Finished finished) throws HandshakeException {
        verifyFinished(finished, this.handshakeHash);
        contextEstablished();
        handshakeCompleted();
    }

    private void receivedResumingClientHello(ClientHello clientHello) throws HandshakeException {
        if (!clientHello.hasSessionId()) {
            throw new IllegalArgumentException("Client hello doesn't contain session id required for resumption!");
        }
        this.pendingClientHello = clientHello;
        ResumptionVerificationResult verifyResumptionRequest = this.resumptionHandler.verifyResumptionRequest(getConnection().getConnectionId(), clientHello.getServerNames(), clientHello.getSessionId());
        if (verifyResumptionRequest == null) {
            startInitialTimeout();
        } else {
            this.LOGGER.debug("Process client hello synchronous");
            processResumptionVerificationResult(verifyResumptionRequest);
        }
    }

    private boolean validateResumption(DTLSSession dTLSSession, ClientHello clientHello) {
        if (dTLSSession == null) {
            this.LOGGER.debug("DTLS session {} not available, switch to full-handshake with peer [{}]!", clientHello.getSessionId(), this.peerToLog);
            return false;
        }
        CipherSuite cipherSuite = dTLSSession.getCipherSuite();
        CompressionMethod compressionMethod = dTLSSession.getCompressionMethod();
        if (!clientHello.getCipherSuites().contains(cipherSuite)) {
            this.LOGGER.debug("Cipher-suite {} changed by client hello, switch to full-handshake with peer [{}]!", cipherSuite, this.peerToLog);
            return false;
        }
        if (!dTLSSession.getProtocolVersion().equals(clientHello.getClientVersion())) {
            this.LOGGER.debug("Protocol version {} changed by client hello {}, switch to full-handshake with peer [{}]!", dTLSSession.getProtocolVersion(), clientHello.getClientVersion(), this.peerToLog);
            return false;
        }
        if (!clientHello.getCompressionMethods().contains(compressionMethod)) {
            this.LOGGER.debug("Compression method {} changed by client hello, switch to full-handshake with peer [{}]!", dTLSSession.getCompressionMethod(), this.peerToLog);
            return false;
        }
        if (this.extendedMasterSecretMode.is(ExtendedMasterSecretMode.ENABLED) && !clientHello.hasExtendedMasterSecret()) {
            this.LOGGER.debug("Missing extended master secret extension in client hello, switch to full-handshake with peer [{}]!", this.peerToLog);
            return false;
        }
        if (this.extendedMasterSecretMode == ExtendedMasterSecretMode.OPTIONAL && dTLSSession.useExtendedMasterSecret() && !clientHello.hasExtendedMasterSecret()) {
            this.LOGGER.debug("Disabled extended master secret extension in client hello, switch to full-handshake with peer [{}]!", this.peerToLog);
            return false;
        }
        if (this.sniEnabled) {
            ServerNames serverNames = getServerNames();
            ServerNames serverNames2 = clientHello.getServerNames();
            if (!Objects.equals(serverNames, serverNames2)) {
                this.LOGGER.debug("SNI {} changed by client hello {}, switch to full-handshake with peer [{}]!", serverNames, serverNames2, this.peerToLog);
                return false;
            }
        }
        return true;
    }

    @Override // org.eclipse.californium.scandium.dtls.ServerHandshaker, org.eclipse.californium.scandium.dtls.Handshaker
    protected void doProcessMessage(HandshakeMessage handshakeMessage) throws HandshakeException {
        if (this.fullHandshake) {
            super.doProcessMessage(handshakeMessage);
            return;
        }
        int i = AnonymousClass1.$SwitchMap$org$eclipse$californium$scandium$dtls$HandshakeType[handshakeMessage.getMessageType().ordinal()];
        if (i == 1) {
            handshakeStarted();
            receivedResumingClientHello((ClientHello) handshakeMessage);
        } else {
            if (i != 2) {
                throw new HandshakeException(String.format("Received unexpected handshake message [%s] from peer %s", handshakeMessage.getMessageType(), this.peerToLog), new AlertMessage(AlertMessage.AlertLevel.FATAL, AlertMessage.AlertDescription.UNEXPECTED_MESSAGE));
            }
            receivedClientFinished((Finished) handshakeMessage);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.eclipse.californium.scandium.dtls.Handshaker
    public boolean hasPendingApiCall() {
        return this.pendingClientHello != null || super.hasPendingApiCall();
    }

    @Override // org.eclipse.californium.scandium.dtls.Handshaker
    public void processAsyncHandshakeResult(HandshakeResult handshakeResult) throws HandshakeException {
        if (handshakeResult instanceof ResumptionVerificationResult) {
            this.LOGGER.debug("Process client hello asynchronous");
            ensureUndestroyed();
            processResumptionVerificationResult((ResumptionVerificationResult) handshakeResult);
        }
        super.processAsyncHandshakeResult(handshakeResult);
    }
}
