package net.luminis.tls.engine.impl;

import com.startapp.simple.bloomfilter.codec.CharEncoding;
import j$.util.function.Function$CC;
import java.io.IOException;
import java.nio.ByteBuffer;
import java.nio.charset.Charset;
import java.security.InvalidKeyException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.Signature;
import java.security.SignatureException;
import java.security.cert.CertPathBuilderException;
import java.security.cert.CertPathValidatorException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collections;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.function.Function;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;
import javax.security.auth.x500.X500Principal;
import net.luminis.tls.NewSessionTicket;
import net.luminis.tls.ProtectionKeysType;
import net.luminis.tls.TlsConstants;
import net.luminis.tls.TlsProtocolException;
import net.luminis.tls.alert.BadCertificateAlert;
import net.luminis.tls.alert.CertificateUnknownAlert;
import net.luminis.tls.alert.DecryptErrorAlert;
import net.luminis.tls.alert.ErrorAlert;
import net.luminis.tls.alert.HandshakeFailureAlert;
import net.luminis.tls.alert.IllegalParameterAlert;
import net.luminis.tls.alert.MissingExtensionAlert;
import net.luminis.tls.alert.UnexpectedMessageAlert;
import net.luminis.tls.alert.UnsupportedExtensionAlert;
import net.luminis.tls.engine.CertificateWithPrivateKey;
import net.luminis.tls.engine.ClientMessageProcessor;
import net.luminis.tls.engine.ClientMessageSender;
import net.luminis.tls.engine.DefaultHostnameVerifier;
import net.luminis.tls.engine.HostnameVerifier;
import net.luminis.tls.engine.TlsClientEngine;
import net.luminis.tls.engine.TlsStatusEventHandler;
import net.luminis.tls.extension.CertificateAuthoritiesExtension;
import net.luminis.tls.extension.ClientHelloPreSharedKeyExtension;
import net.luminis.tls.extension.Extension;
import net.luminis.tls.extension.KeyShareExtension;
import net.luminis.tls.extension.PreSharedKeyExtension;
import net.luminis.tls.extension.ServerPreSharedKeyExtension;
import net.luminis.tls.extension.SignatureAlgorithmsExtension;
import net.luminis.tls.extension.SupportedVersionsExtension;
import net.luminis.tls.extension.UnknownExtension;
import net.luminis.tls.handshake.CertificateMessage;
import net.luminis.tls.handshake.CertificateRequestMessage;
import net.luminis.tls.handshake.CertificateVerifyMessage;
import net.luminis.tls.handshake.ClientHello;
import net.luminis.tls.handshake.EncryptedExtensions;
import net.luminis.tls.handshake.FinishedMessage;
import net.luminis.tls.handshake.NewSessionTicketMessage;
import net.luminis.tls.handshake.ServerHello;
import net.luminis.tls.log.Logger;

/* loaded from: classes4.dex */
public class TlsClientEngineImpl extends TlsEngineImpl implements TlsClientEngine, ClientMessageProcessor {
    public static final List<TlsConstants.SignatureScheme> C;
    public static final Charset D;
    public List<TlsConstants.SignatureScheme> B;
    public final ClientMessageSender e;
    public final TlsStatusEventHandler f;
    public String g;
    public boolean h;
    public TlsConstants.NamedGroup j;
    public TlsConstants.CipherSuite k;
    public List<Extension> m;
    public ClientHello o;
    public TranscriptHash p;
    public List<TlsConstants.SignatureScheme> q;
    public X509Certificate r;
    public X509TrustManager t;
    public NewSessionTicket u;
    public boolean y;
    public List<X500Principal> z;
    public Status n = Status.Start;
    public List<X509Certificate> s = Collections.emptyList();
    public boolean x = false;
    public List<TlsConstants.CipherSuite> i = new ArrayList();
    public List<Extension> l = new ArrayList();
    public HostnameVerifier v = new DefaultHostnameVerifier();
    public List<NewSessionTicket> w = new ArrayList();
    public Function<List<X500Principal>, CertificateWithPrivateKey> A = new Function() { // from class: net.luminis.tls.engine.impl.b
        @Override // java.util.function.Function
        /* renamed from: andThen */
        public /* synthetic */ Function mo938andThen(Function function) {
            return Function$CC.$default$andThen(this, function);
        }

        @Override // java.util.function.Function
        public final Object apply(Object obj) {
            CertificateWithPrivateKey L;
            L = TlsClientEngineImpl.L((List) obj);
            return L;
        }

        public /* synthetic */ Function compose(Function function) {
            return Function$CC.$default$compose(this, function);
        }
    };

    /* loaded from: classes4.dex */
    public enum Status {
        Start,
        WaitServerHello,
        WaitEncryptedExtensions,
        WaitCertificateRequest,
        WaitCertificate,
        WaitCertificateVerify,
        WaitFinished,
        Connected
    }

    static {
        ArrayList arrayList = new ArrayList();
        C = arrayList;
        arrayList.add(TlsConstants.SignatureScheme.rsa_pss_rsae_sha256);
        arrayList.add(TlsConstants.SignatureScheme.rsa_pss_rsae_sha384);
        arrayList.add(TlsConstants.SignatureScheme.rsa_pss_rsae_sha512);
        arrayList.add(TlsConstants.SignatureScheme.ecdsa_secp256r1_sha256);
        arrayList.add(TlsConstants.SignatureScheme.ecdsa_secp384r1_sha384);
        arrayList.add(TlsConstants.SignatureScheme.ecdsa_secp521r1_sha512);
        D = Charset.forName(CharEncoding.ISO_8859_1);
    }

    public TlsClientEngineImpl(ClientMessageSender clientMessageSender, TlsStatusEventHandler tlsStatusEventHandler) {
        this.e = clientMessageSender;
        this.f = tlsStatusEventHandler;
    }

    public static /* synthetic */ CertificateWithPrivateKey L(List list) {
        return null;
    }

    public final boolean I(X509Certificate x509Certificate, TlsConstants.SignatureScheme signatureScheme) {
        String sigAlgName = x509Certificate.getSigAlgName();
        if (sigAlgName.toLowerCase().contains("withrsa")) {
            ArrayList arrayList = new ArrayList(2);
            arrayList.add(TlsConstants.SignatureScheme.rsa_pss_rsae_sha256);
            arrayList.add(TlsConstants.SignatureScheme.rsa_pss_rsae_sha384);
            return arrayList.contains(signatureScheme);
        }
        if (!sigAlgName.toLowerCase().contains("withecdsa")) {
            return false;
        }
        ArrayList arrayList2 = new ArrayList(1);
        arrayList2.add(TlsConstants.SignatureScheme.ecdsa_secp256r1_sha256);
        return arrayList2.contains(signatureScheme);
    }

    public void J(List<X509Certificate> list) throws BadCertificateAlert {
        try {
            X509Certificate[] x509CertificateArr = new X509Certificate[list.size()];
            for (int i = 0; i < list.size(); i++) {
                x509CertificateArr[i] = list.get(i);
            }
            X509TrustManager x509TrustManager = this.t;
            if (x509TrustManager != null) {
                x509TrustManager.checkServerTrusted(x509CertificateArr, "RSA");
                return;
            }
            TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance("PKIX");
            trustManagerFactory.init((KeyStore) null);
            ((X509TrustManager) trustManagerFactory.getTrustManagers()[0]).checkServerTrusted(x509CertificateArr, "UNKNOWN");
        } catch (KeyStoreException unused) {
            throw new RuntimeException("keystore exception");
        } catch (NoSuchAlgorithmException unused2) {
            throw new RuntimeException("unsupported trust manager algorithm");
        } catch (CertificateException e) {
            String K = K(e);
            if (K == null) {
                K = "certificate validation failed";
            }
            throw new BadCertificateAlert(K);
        }
    }

    public final String K(CertificateException certificateException) {
        CertPathValidatorException.Reason reason;
        Throwable cause = certificateException.getCause();
        if (!(cause instanceof CertPathValidatorException)) {
            if (cause instanceof CertPathBuilderException) {
                return cause.getMessage();
            }
            return null;
        }
        StringBuilder sb = new StringBuilder();
        sb.append(cause.getMessage());
        sb.append(": ");
        reason = ((CertPathValidatorException) cause).getReason();
        sb.append(reason);
        return sb.toString();
    }

    public final void M() throws IOException, ErrorAlert {
        CertificateWithPrivateKey apply = this.A.apply(this.z);
        TlsConstants.SignatureScheme signatureScheme = null;
        CertificateMessage certificateMessage = new CertificateMessage(apply != null ? apply.a() : null);
        this.e.c(certificateMessage);
        this.p.i(certificateMessage);
        if (apply != null) {
            Iterator<TlsConstants.SignatureScheme> it2 = this.B.iterator();
            while (true) {
                if (!it2.hasNext()) {
                    break;
                }
                TlsConstants.SignatureScheme next = it2.next();
                if (this.q.contains(next) && I(apply.a(), next)) {
                    signatureScheme = next;
                    break;
                }
            }
            if (signatureScheme == null) {
                throw new HandshakeFailureAlert("failed to negotiate signature scheme");
            }
            CertificateVerifyMessage certificateVerifyMessage = new CertificateVerifyMessage(signatureScheme, B(this.p.d(TlsConstants.HandshakeType.certificate), apply.b(), signatureScheme, true));
            this.e.a(certificateVerifyMessage);
            this.p.i(certificateVerifyMessage);
        }
    }

    public void N(TlsConstants.NamedGroup namedGroup, List<TlsConstants.SignatureScheme> list) throws IOException {
        List list2;
        if (this.n != Status.Start) {
            throw new IllegalStateException("Handshake already started");
        }
        if (!KeyShareExtension.d.contains(namedGroup)) {
            throw new IllegalArgumentException("Named group " + namedGroup + " not supported");
        }
        for (TlsConstants.SignatureScheme signatureScheme : list) {
            List<TlsConstants.SignatureScheme> list3 = C;
            if (!list3.contains(signatureScheme)) {
                ArrayList arrayList = new ArrayList(list);
                arrayList.removeAll(list3);
                throw new IllegalArgumentException("Unsupported signature scheme(s): " + arrayList);
            }
        }
        NewSessionTicket newSessionTicket = this.u;
        if (newSessionTicket != null && !this.i.contains(newSessionTicket.a())) {
            throw new IllegalStateException("For session resumption, support ciphers should contain the cipher used with the session-to-resume (" + this.u.a().toString() + ")");
        }
        this.q = list;
        this.j = namedGroup;
        C(namedGroup);
        if (this.g == null || this.i.isEmpty()) {
            throw new IllegalStateException("not all mandatory properties are set");
        }
        if (this.u != null) {
            list2 = new ArrayList(this.l);
            list2.add(new ClientHelloPreSharedKeyExtension(this.u));
            TlsConstants.CipherSuite a2 = this.u.a();
            this.p = new TranscriptHash(TlsEngineImpl.E(a2));
            this.c = new TlsState(this.p, this.u.c(), TlsEngineImpl.F(a2), TlsEngineImpl.E(a2));
        } else {
            list2 = this.l;
        }
        ClientHello clientHello = new ClientHello(this.g, this.f24147a, this.h, this.i, this.q, namedGroup, list2, this.c, ClientHello.PskKeyEstablishmentMode.PSKwithDHE);
        this.o = clientHello;
        this.m = clientHello.j();
        if (this.c != null) {
            this.p.h(this.o);
            this.c.e();
            this.f.f();
        }
        this.e.d(this.o);
        this.n = Status.WaitServerHello;
    }

    public boolean O(byte[] bArr, TlsConstants.SignatureScheme signatureScheme, Certificate certificate, byte[] bArr2) throws HandshakeFailureAlert {
        ByteBuffer allocate = ByteBuffer.allocate("TLS 1.3, server CertificateVerify".getBytes(D).length + 65 + bArr2.length);
        for (int i = 0; i < 64; i++) {
            allocate.put((byte) 32);
        }
        allocate.put("TLS 1.3, server CertificateVerify".getBytes(D));
        allocate.put((byte) 0);
        allocate.put(bArr2);
        try {
            Signature D2 = D(signatureScheme);
            D2.initVerify(certificate);
            D2.update(allocate.array());
            return D2.verify(bArr);
        } catch (InvalidKeyException unused) {
            Logger.a("Certificate verify: invalid key.");
            return false;
        } catch (SignatureException unused2) {
            Logger.a("Certificate verify: invalid signature.");
            return false;
        }
    }

    @Override // net.luminis.tls.engine.TlsClientEngine
    public void a(List<TlsConstants.CipherSuite> list) {
        this.i.addAll(list);
    }

    @Override // net.luminis.tls.engine.TlsClientEngine
    public TlsConstants.CipherSuite b() {
        TlsConstants.CipherSuite cipherSuite = this.k;
        if (cipherSuite != null) {
            return cipherSuite;
        }
        throw new IllegalStateException("No (valid) server hello received yet");
    }

    @Override // net.luminis.tls.engine.MessageProcessor
    public void c(EncryptedExtensions encryptedExtensions, ProtectionKeysType protectionKeysType) throws TlsProtocolException {
        if (protectionKeysType != ProtectionKeysType.Handshake) {
            throw new UnexpectedMessageAlert("incorrect protection level");
        }
        if (this.n != Status.WaitEncryptedExtensions) {
            throw new UnexpectedMessageAlert("unexpected encrypted extensions message");
        }
        ArrayList arrayList = new ArrayList();
        Iterator<Extension> it2 = this.m.iterator();
        while (it2.hasNext()) {
            arrayList.add(it2.next().getClass());
        }
        for (Extension extension : encryptedExtensions.g()) {
            if (!(extension instanceof UnknownExtension) && !arrayList.contains(extension.getClass())) {
                throw new UnsupportedExtensionAlert("extension response to missing request");
            }
        }
        HashSet hashSet = new HashSet();
        Iterator<Extension> it3 = encryptedExtensions.g().iterator();
        while (it3.hasNext()) {
            hashSet.add(it3.next().getClass());
        }
        if (hashSet.size() != encryptedExtensions.g().size()) {
            throw new UnsupportedExtensionAlert("duplicate extensions not allowed");
        }
        this.p.h(encryptedExtensions);
        this.n = this.x ? Status.WaitFinished : Status.WaitCertificateRequest;
        this.f.u(encryptedExtensions.g());
    }

    @Override // net.luminis.tls.engine.TlsClientEngine
    public void d(String str) {
        this.g = str;
    }

    @Override // net.luminis.tls.engine.MessageProcessor
    public void e(FinishedMessage finishedMessage, ProtectionKeysType protectionKeysType) throws ErrorAlert, IOException {
        if (protectionKeysType != ProtectionKeysType.Handshake) {
            throw new UnexpectedMessageAlert("incorrect protection level");
        }
        if (this.n != Status.WaitFinished) {
            throw new UnexpectedMessageAlert("unexpected finished message");
        }
        this.p.j(finishedMessage);
        TranscriptHash transcriptHash = this.p;
        TlsConstants.HandshakeType handshakeType = TlsConstants.HandshakeType.certificate_verify;
        if (!Arrays.equals(finishedMessage.g(), A(transcriptHash.g(handshakeType), this.c.o()))) {
            throw new DecryptErrorAlert("incorrect finished message");
        }
        if (this.y) {
            M();
        }
        FinishedMessage finishedMessage2 = new FinishedMessage(A(this.p.d(handshakeType), this.c.l()));
        this.e.b(finishedMessage2);
        this.p.i(finishedMessage2);
        this.c.b();
        this.c.h();
        this.n = Status.Connected;
        this.f.b();
    }

    @Override // net.luminis.tls.engine.MessageProcessor
    public void f(CertificateMessage certificateMessage, ProtectionKeysType protectionKeysType) throws TlsProtocolException {
        if (protectionKeysType != ProtectionKeysType.Handshake) {
            throw new UnexpectedMessageAlert("incorrect protection level");
        }
        Status status = this.n;
        if (status != Status.WaitCertificate && status != Status.WaitCertificateRequest) {
            throw new UnexpectedMessageAlert("unexpected certificate message");
        }
        if (certificateMessage.j().length > 0) {
            throw new IllegalParameterAlert("certificate request context should be zero length");
        }
        if (certificateMessage.i() == null) {
            throw new IllegalParameterAlert("missing certificate");
        }
        this.r = certificateMessage.i();
        this.s = certificateMessage.h();
        this.p.j(certificateMessage);
        this.n = Status.WaitCertificateVerify;
    }

    @Override // net.luminis.tls.engine.MessageProcessor
    public void h(CertificateRequestMessage certificateRequestMessage, ProtectionKeysType protectionKeysType) throws TlsProtocolException, IOException {
        List<TlsConstants.SignatureScheme> list;
        if (protectionKeysType != ProtectionKeysType.Handshake) {
            throw new UnexpectedMessageAlert("incorrect protection level");
        }
        if (this.n != Status.WaitCertificateRequest) {
            throw new UnexpectedMessageAlert("unexpected certificate request message");
        }
        Iterator<Extension> it2 = certificateRequestMessage.g().iterator();
        while (true) {
            if (!it2.hasNext()) {
                list = null;
                break;
            }
            Extension next = it2.next();
            if (next instanceof SignatureAlgorithmsExtension) {
                list = ((SignatureAlgorithmsExtension) next).d();
                break;
            }
        }
        if (list == null) {
            throw new MissingExtensionAlert();
        }
        this.B = list;
        this.p.h(certificateRequestMessage);
        this.z = new ArrayList();
        Iterator<Extension> it3 = certificateRequestMessage.g().iterator();
        while (true) {
            if (!it3.hasNext()) {
                break;
            }
            Extension next2 = it3.next();
            if (next2 instanceof CertificateAuthoritiesExtension) {
                this.z = ((CertificateAuthoritiesExtension) next2).d();
                break;
            }
        }
        this.y = true;
        this.n = Status.WaitCertificate;
    }

    @Override // net.luminis.tls.engine.MessageProcessor
    public void i(ServerHello serverHello, ProtectionKeysType protectionKeysType) throws MissingExtensionAlert, IllegalParameterAlert {
        ServerPreSharedKeyExtension serverPreSharedKeyExtension;
        KeyShareExtension keyShareExtension;
        KeyShareExtension.KeyShareEntry keyShareEntry;
        if (this.n != Status.WaitServerHello) {
            return;
        }
        Iterator<Extension> it2 = serverHello.h().iterator();
        boolean z = false;
        while (it2.hasNext()) {
            if (it2.next() instanceof SupportedVersionsExtension) {
                z = true;
            }
        }
        boolean z2 = false;
        for (Extension extension : serverHello.h()) {
            if ((extension instanceof PreSharedKeyExtension) || (extension instanceof KeyShareExtension)) {
                z2 = true;
            }
        }
        if (!z || !z2) {
            throw new MissingExtensionAlert();
        }
        short s = -1;
        for (Extension extension2 : serverHello.h()) {
            if (extension2 instanceof SupportedVersionsExtension) {
                s = ((SupportedVersionsExtension) extension2).d();
            }
        }
        if (s != 772) {
            throw new IllegalParameterAlert("invalid tls version");
        }
        for (Extension extension3 : serverHello.h()) {
            if (G(extension3) && !(extension3 instanceof SupportedVersionsExtension) && !(extension3 instanceof PreSharedKeyExtension) && !(extension3 instanceof KeyShareExtension)) {
                throw new IllegalParameterAlert("illegal extension in server hello");
            }
        }
        Iterator<Extension> it3 = serverHello.h().iterator();
        while (true) {
            serverPreSharedKeyExtension = null;
            if (!it3.hasNext()) {
                keyShareExtension = null;
                break;
            }
            Extension next = it3.next();
            if (next instanceof KeyShareExtension) {
                keyShareExtension = (KeyShareExtension) next;
                break;
            }
        }
        if (keyShareExtension != null) {
            keyShareEntry = !keyShareExtension.e().isEmpty() ? keyShareExtension.e().get(0) : null;
            if (keyShareEntry == null) {
                throw new IllegalParameterAlert("");
            }
            if (keyShareEntry.b() != this.j) {
                throw new IllegalParameterAlert("server supplied key share does not match client supported named group");
            }
        } else {
            keyShareEntry = null;
        }
        Iterator<Extension> it4 = serverHello.h().iterator();
        while (true) {
            if (!it4.hasNext()) {
                break;
            }
            Extension next2 = it4.next();
            if (next2 instanceof ServerPreSharedKeyExtension) {
                serverPreSharedKeyExtension = (ServerPreSharedKeyExtension) next2;
                break;
            }
        }
        if (keyShareEntry == null && serverPreSharedKeyExtension == null) {
            throw new MissingExtensionAlert(" either the pre_shared_key extension or the key_share extension must be present");
        }
        if (serverPreSharedKeyExtension != null) {
            this.x = true;
        }
        if (!this.i.contains(serverHello.g())) {
            throw new IllegalParameterAlert("cipher suite does not match");
        }
        this.k = serverHello.g();
        if (this.c == null) {
            this.p = new TranscriptHash(TlsEngineImpl.E(this.k));
            this.c = new TlsState(this.p, TlsEngineImpl.F(this.k), TlsEngineImpl.E(this.k));
            this.p.h(this.o);
            this.c.e();
            this.f.f();
        }
        if (serverPreSharedKeyExtension != null) {
            this.c.u(serverPreSharedKeyExtension.d());
            Logger.a("Server has accepted PSK key establishment");
        } else {
            this.c.r();
        }
        if (keyShareEntry != null) {
            this.c.s(this.b);
            this.c.t(keyShareEntry.a());
            this.c.i();
        }
        this.p.h(serverHello);
        this.c.f();
        this.n = Status.WaitEncryptedExtensions;
        this.f.C();
    }

    @Override // net.luminis.tls.engine.TlsClientEngine
    public void j(HostnameVerifier hostnameVerifier) {
        if (hostnameVerifier != null) {
            this.v = hostnameVerifier;
        }
    }

    @Override // net.luminis.tls.engine.TlsClientEngine
    public void k() throws IOException {
        ArrayList arrayList = new ArrayList(2);
        arrayList.add(TlsConstants.SignatureScheme.rsa_pss_rsae_sha256);
        arrayList.add(TlsConstants.SignatureScheme.ecdsa_secp256r1_sha256);
        N(TlsConstants.NamedGroup.secp256r1, arrayList);
    }

    @Override // net.luminis.tls.engine.MessageProcessor
    public void m(CertificateVerifyMessage certificateVerifyMessage, ProtectionKeysType protectionKeysType) throws TlsProtocolException {
        if (protectionKeysType != ProtectionKeysType.Handshake) {
            throw new UnexpectedMessageAlert("incorrect protection level");
        }
        if (this.n != Status.WaitCertificateVerify) {
            throw new UnexpectedMessageAlert("unexpected certificate verify message");
        }
        TlsConstants.SignatureScheme h = certificateVerifyMessage.h();
        if (h == null || !this.q.contains(h)) {
            throw new IllegalParameterAlert("signature scheme does not match");
        }
        if (!O(certificateVerifyMessage.g(), h, this.r, this.p.g(TlsConstants.HandshakeType.certificate))) {
            throw new DecryptErrorAlert("signature verification fails");
        }
        J(this.s);
        if (!this.v.a(this.g, this.r)) {
            throw new CertificateUnknownAlert("servername does not match");
        }
        this.p.j(certificateVerifyMessage);
        this.n = Status.WaitFinished;
    }

    @Override // net.luminis.tls.engine.TlsClientEngine
    public void o(X509TrustManager x509TrustManager) {
        this.t = x509TrustManager;
    }

    @Override // net.luminis.tls.engine.TlsClientEngine
    public void q(NewSessionTicket newSessionTicket) {
        this.u = newSessionTicket;
    }

    @Override // net.luminis.tls.engine.TlsClientEngine
    public void s(Extension extension) {
        this.l.add(extension);
    }

    @Override // net.luminis.tls.engine.MessageProcessor
    public void t(ClientHello clientHello, ProtectionKeysType protectionKeysType) throws TlsProtocolException {
        throw new UnexpectedMessageAlert("no client hello expected");
    }

    @Override // net.luminis.tls.engine.MessageProcessor
    public void u(NewSessionTicketMessage newSessionTicketMessage, ProtectionKeysType protectionKeysType) throws UnexpectedMessageAlert {
        if (protectionKeysType != ProtectionKeysType.Application) {
            throw new UnexpectedMessageAlert("incorrect protection level");
        }
        NewSessionTicket newSessionTicket = new NewSessionTicket(this.c.g(newSessionTicketMessage.k()), newSessionTicketMessage, this.k);
        this.w.add(newSessionTicket);
        this.f.K(newSessionTicket);
    }

    @Override // net.luminis.tls.engine.TlsClientEngine
    public void z(Function<List<X500Principal>, CertificateWithPrivateKey> function) {
        this.A = function;
    }
}
