package org.openjsse.sun.security.ssl;

import java.io.IOException;
import java.nio.ByteBuffer;
import java.security.SecureRandom;
import java.text.MessageFormat;
import java.util.Arrays;
import java.util.Collections;
import java.util.HashMap;
import java.util.Iterator;
import java.util.LinkedHashMap;
import java.util.LinkedList;
import java.util.List;
import java.util.Locale;
import javax.net.ssl.SSLPeerUnverifiedException;
import javax.net.ssl.SSLProtocolException;
import org.openjsse.sun.security.ssl.AlpnExtension;
import org.openjsse.sun.security.ssl.SSLHandshake;
import org.openjsse.sun.security.ssl.SupportedVersionsExtension;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: classes.dex */
public final class ClientHello {
    private static final HandshakeConsumer d12HandshakeConsumer;
    private static final HandshakeConsumer d13HandshakeConsumer;
    public static final SSLConsumer handshakeConsumer;
    public static final HandshakeProducer handshakeProducer;
    public static final SSLProducer kickstartProducer;
    private static final HandshakeConsumer t12HandshakeConsumer;
    private static final HandshakeConsumer t13HandshakeConsumer;

    /* renamed from: org.openjsse.sun.security.ssl.ClientHello$1, reason: invalid class name */
    /* loaded from: classes.dex */
    public static /* synthetic */ class AnonymousClass1 {
        public static final /* synthetic */ int[] $SwitchMap$org$openjsse$sun$security$ssl$SSLHandshake;

        static {
            int[] iArr = new int[SSLHandshake.values().length];
            $SwitchMap$org$openjsse$sun$security$ssl$SSLHandshake = iArr;
            try {
                iArr[SSLHandshake.HELLO_REQUEST.ordinal()] = 1;
            } catch (NoSuchFieldError unused) {
            }
            try {
                $SwitchMap$org$openjsse$sun$security$ssl$SSLHandshake[SSLHandshake.HELLO_VERIFY_REQUEST.ordinal()] = 2;
            } catch (NoSuchFieldError unused2) {
            }
            try {
                $SwitchMap$org$openjsse$sun$security$ssl$SSLHandshake[SSLHandshake.HELLO_RETRY_REQUEST.ordinal()] = 3;
            } catch (NoSuchFieldError unused3) {
            }
        }
    }

    /* loaded from: classes.dex */
    public static final class ClientHelloConsumer implements SSLConsumer {
        private ClientHelloConsumer() {
        }

        public /* synthetic */ ClientHelloConsumer(AnonymousClass1 anonymousClass1) {
            this();
        }

        private ProtocolVersion negotiateProtocol(ServerHandshakeContext serverHandshakeContext, int i5) {
            int i6;
            if (!serverHandshakeContext.sslContext.isDTLS() ? i5 <= (i6 = ProtocolVersion.TLS12.id) : i5 >= (i6 = ProtocolVersion.DTLS12.id)) {
                i6 = i5;
            }
            ProtocolVersion selectedFrom = ProtocolVersion.selectedFrom(serverHandshakeContext.activeProtocols, i6);
            if (selectedFrom == null || selectedFrom == ProtocolVersion.NONE || selectedFrom == ProtocolVersion.SSL20Hello) {
                throw serverHandshakeContext.conContext.fatal(Alert.PROTOCOL_VERSION, androidx.activity.b.v(androidx.activity.b.y("Client requested protocol "), ProtocolVersion.nameOf(i5), " is not enabled or supported in server context"));
            }
            return selectedFrom;
        }

        private ProtocolVersion negotiateProtocol(ServerHandshakeContext serverHandshakeContext, int[] iArr) {
            for (ProtocolVersion protocolVersion : serverHandshakeContext.activeProtocols) {
                if (protocolVersion != ProtocolVersion.SSL20Hello) {
                    for (int i5 : iArr) {
                        if (i5 != ProtocolVersion.SSL20Hello.id && protocolVersion.id == i5) {
                            return protocolVersion;
                        }
                    }
                }
            }
            TransportContext transportContext = serverHandshakeContext.conContext;
            Alert alert = Alert.PROTOCOL_VERSION;
            StringBuilder y5 = androidx.activity.b.y("The client supported protocol versions ");
            y5.append(Arrays.toString(ProtocolVersion.toStringArray(iArr)));
            y5.append(" are not accepted by server preferences ");
            y5.append(serverHandshakeContext.activeProtocols);
            throw transportContext.fatal(alert, y5.toString());
        }

        private void onClientHello(ServerHandshakeContext serverHandshakeContext, ClientHelloMessage clientHelloMessage) {
            SSLExtension sSLExtension = SSLExtension.CH_SUPPORTED_VERSIONS;
            clientHelloMessage.extensions.consumeOnLoad(serverHandshakeContext, new SSLExtension[]{sSLExtension});
            SupportedVersionsExtension.CHSupportedVersionsSpec cHSupportedVersionsSpec = (SupportedVersionsExtension.CHSupportedVersionsSpec) serverHandshakeContext.handshakeExtensions.get(sSLExtension);
            ProtocolVersion negotiateProtocol = cHSupportedVersionsSpec != null ? negotiateProtocol(serverHandshakeContext, cHSupportedVersionsSpec.requestedProtocols) : negotiateProtocol(serverHandshakeContext, clientHelloMessage.clientVersion);
            serverHandshakeContext.negotiatedProtocol = negotiateProtocol;
            if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
                StringBuilder y5 = androidx.activity.b.y("Negotiated protocol version: ");
                y5.append(negotiateProtocol.name);
                SSLLogger.fine(y5.toString(), new Object[0]);
            }
            boolean z5 = negotiateProtocol.isDTLS;
            boolean useTLS13PlusSpec = negotiateProtocol.useTLS13PlusSpec();
            (z5 ? useTLS13PlusSpec ? ClientHello.d13HandshakeConsumer : ClientHello.d12HandshakeConsumer : useTLS13PlusSpec ? ClientHello.t13HandshakeConsumer : ClientHello.t12HandshakeConsumer).consume(serverHandshakeContext, clientHelloMessage);
        }

        @Override // org.openjsse.sun.security.ssl.SSLConsumer
        public void consume(ConnectionContext connectionContext, ByteBuffer byteBuffer) {
            ServerHandshakeContext serverHandshakeContext = (ServerHandshakeContext) connectionContext;
            LinkedHashMap<Byte, SSLConsumer> linkedHashMap = serverHandshakeContext.handshakeConsumers;
            SSLHandshake sSLHandshake = SSLHandshake.CLIENT_HELLO;
            linkedHashMap.remove(Byte.valueOf(sSLHandshake.id));
            if (!serverHandshakeContext.handshakeConsumers.isEmpty()) {
                throw serverHandshakeContext.conContext.fatal(Alert.UNEXPECTED_MESSAGE, "No more handshake message allowed in a ClientHello flight");
            }
            ClientHelloMessage clientHelloMessage = new ClientHelloMessage(serverHandshakeContext, byteBuffer, serverHandshakeContext.sslConfig.getEnabledExtensions(sSLHandshake));
            if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
                SSLLogger.fine("Consuming ClientHello handshake message", clientHelloMessage);
            }
            serverHandshakeContext.clientHelloVersion = clientHelloMessage.clientVersion;
            onClientHello(serverHandshakeContext, clientHelloMessage);
        }
    }

    /* loaded from: classes.dex */
    public static final class ClientHelloKickstartProducer implements SSLProducer {
        private ClientHelloKickstartProducer() {
        }

        public /* synthetic */ ClientHelloKickstartProducer(AnonymousClass1 anonymousClass1) {
            this();
        }

        /* JADX WARN: Removed duplicated region for block: B:133:0x01fb  */
        /* JADX WARN: Removed duplicated region for block: B:138:0x020c  */
        /* JADX WARN: Removed duplicated region for block: B:155:0x028c  */
        /* JADX WARN: Removed duplicated region for block: B:158:0x0209 A[SYNTHETIC] */
        @Override // org.openjsse.sun.security.ssl.SSLProducer
        /*
            Code decompiled incorrectly, please refer to instructions dump.
            To view partially-correct add '--show-bad-code' argument
        */
        public byte[] produce(org.openjsse.sun.security.ssl.ConnectionContext r14) {
            /*
                Method dump skipped, instructions count: 660
                To view this dump add '--comments-level debug' option
            */
            throw new UnsupportedOperationException("Method not decompiled: org.openjsse.sun.security.ssl.ClientHello.ClientHelloKickstartProducer.produce(org.openjsse.sun.security.ssl.ConnectionContext):byte[]");
        }
    }

    /* loaded from: classes.dex */
    public static final class ClientHelloMessage extends SSLHandshake.HandshakeMessage {
        private static final byte[] NULL_COMPRESSION = {0};
        public final int[] cipherSuiteIds;
        public final List<CipherSuite> cipherSuites;
        public final RandomCookie clientRandom;
        public final int clientVersion;
        public final byte[] compressionMethod;
        private byte[] cookie;
        public final SSLExtensions extensions;
        private final boolean isDTLS;
        public final SessionId sessionId;

        public ClientHelloMessage(HandshakeContext handshakeContext, int i5, SessionId sessionId, List<CipherSuite> list, SecureRandom secureRandom) {
            super(handshakeContext);
            boolean isDTLS = handshakeContext.sslContext.isDTLS();
            this.isDTLS = isDTLS;
            this.clientVersion = i5;
            this.clientRandom = new RandomCookie(secureRandom);
            this.sessionId = sessionId;
            if (isDTLS) {
                this.cookie = new byte[0];
            } else {
                this.cookie = null;
            }
            this.cipherSuites = list;
            this.cipherSuiteIds = getCipherSuiteIds(list);
            this.extensions = new SSLExtensions(this);
            this.compressionMethod = NULL_COMPRESSION;
        }

        public ClientHelloMessage(HandshakeContext handshakeContext, ByteBuffer byteBuffer, SSLExtension[] sSLExtensionArr) {
            super(handshakeContext);
            boolean isDTLS = handshakeContext.sslContext.isDTLS();
            this.isDTLS = isDTLS;
            int i5 = ((byteBuffer.get() & 255) << 8) | (byteBuffer.get() & 255);
            this.clientVersion = i5;
            this.clientRandom = new RandomCookie(byteBuffer);
            SessionId sessionId = new SessionId(d.c(byteBuffer));
            this.sessionId = sessionId;
            try {
                sessionId.checkLength(i5);
                if (isDTLS) {
                    this.cookie = d.c(byteBuffer);
                } else {
                    this.cookie = null;
                }
                byte[] a6 = d.a(byteBuffer);
                if (a6.length == 0 || (a6.length & 1) != 0) {
                    throw handshakeContext.conContext.fatal(Alert.ILLEGAL_PARAMETER, "Invalid ClientHello message");
                }
                this.cipherSuiteIds = new int[a6.length >> 1];
                int i6 = 0;
                int i7 = 0;
                while (i6 < a6.length) {
                    int i8 = i6 + 1;
                    this.cipherSuiteIds[i7] = ((a6[i6] & 255) << 8) | (a6[i8] & 255);
                    i6 = i8 + 1;
                    i7++;
                }
                this.cipherSuites = getCipherSuites(this.cipherSuiteIds);
                this.compressionMethod = d.c(byteBuffer);
                this.extensions = byteBuffer.hasRemaining() ? new SSLExtensions(this, byteBuffer, sSLExtensionArr) : new SSLExtensions(this);
            } catch (SSLProtocolException e5) {
                throw handshakeContext.conContext.fatal(Alert.ILLEGAL_PARAMETER, e5);
            }
        }

        private static int[] getCipherSuiteIds(List<CipherSuite> list) {
            int i5 = 0;
            if (list == null) {
                return new int[0];
            }
            int[] iArr = new int[list.size()];
            Iterator<CipherSuite> it = list.iterator();
            while (it.hasNext()) {
                iArr[i5] = it.next().id;
                i5++;
            }
            return iArr;
        }

        private List<String> getCipherSuiteNames() {
            LinkedList linkedList = new LinkedList();
            for (int i5 : this.cipherSuiteIds) {
                linkedList.add(CipherSuite.nameOf(i5) + "(" + Utilities.byte16HexString(i5) + ")");
            }
            return linkedList;
        }

        private static List<CipherSuite> getCipherSuites(int[] iArr) {
            LinkedList linkedList = new LinkedList();
            for (int i5 : iArr) {
                CipherSuite valueOf = CipherSuite.valueOf(i5);
                if (valueOf != null) {
                    linkedList.add(valueOf);
                }
            }
            return Collections.unmodifiableList(linkedList);
        }

        private byte[] getEncodedCipherSuites() {
            int[] iArr = this.cipherSuiteIds;
            byte[] bArr = new byte[iArr.length << 1];
            int i5 = 0;
            for (int i6 : iArr) {
                int i7 = i5 + 1;
                bArr[i5] = (byte) (i6 >> 8);
                i5 = i7 + 1;
                bArr[i7] = (byte) i6;
            }
            return bArr;
        }

        public static void readPartial(TransportContext transportContext, ByteBuffer byteBuffer) {
            boolean isDTLS = transportContext.sslContext.isDTLS();
            d.d(byteBuffer);
            new RandomCookie(byteBuffer);
            d.c(byteBuffer);
            if (isDTLS) {
                d.c(byteBuffer);
            }
            d.a(byteBuffer);
            d.c(byteBuffer);
            if (byteBuffer.remaining() >= 2) {
                int d5 = d.d(byteBuffer);
                while (d5 > 0) {
                    int d6 = d.d(byteBuffer);
                    int d7 = d.d(byteBuffer);
                    d5 -= d7 + 4;
                    if (d6 == SSLExtension.CH_PRE_SHARED_KEY.id) {
                        if (d5 > 0) {
                            throw transportContext.fatal(Alert.ILLEGAL_PARAMETER, "pre_shared_key extension is not last");
                        }
                        d.a(byteBuffer);
                        return;
                    }
                    byteBuffer.position(byteBuffer.position() + d7);
                }
            }
        }

        public byte[] getHeaderBytes() {
            HandshakeOutStream handshakeOutStream = new HandshakeOutStream(null);
            try {
                handshakeOutStream.putInt8((byte) ((this.clientVersion >>> 8) & AlpnExtension.CHAlpnProducer.MAX_AP_LENGTH));
                handshakeOutStream.putInt8((byte) (this.clientVersion & AlpnExtension.CHAlpnProducer.MAX_AP_LENGTH));
                handshakeOutStream.write(this.clientRandom.randomBytes, 0, 32);
                handshakeOutStream.putBytes8(this.sessionId.getId());
                handshakeOutStream.putBytes16(getEncodedCipherSuites());
                handshakeOutStream.putBytes8(this.compressionMethod);
            } catch (IOException unused) {
            }
            return handshakeOutStream.toByteArray();
        }

        public byte[] getHelloCookieBytes() {
            HandshakeOutStream handshakeOutStream = new HandshakeOutStream(null);
            try {
                handshakeOutStream.putInt8((byte) ((this.clientVersion >>> 8) & AlpnExtension.CHAlpnProducer.MAX_AP_LENGTH));
                handshakeOutStream.putInt8((byte) (this.clientVersion & AlpnExtension.CHAlpnProducer.MAX_AP_LENGTH));
                handshakeOutStream.write(this.clientRandom.randomBytes, 0, 32);
                handshakeOutStream.putBytes8(this.sessionId.getId());
                handshakeOutStream.putBytes16(getEncodedCipherSuites());
                handshakeOutStream.putBytes8(this.compressionMethod);
                this.extensions.send(handshakeOutStream);
            } catch (IOException unused) {
            }
            return handshakeOutStream.toByteArray();
        }

        @Override // org.openjsse.sun.security.ssl.SSLHandshake.HandshakeMessage
        public SSLHandshake handshakeType() {
            return SSLHandshake.CLIENT_HELLO;
        }

        @Override // org.openjsse.sun.security.ssl.SSLHandshake.HandshakeMessage
        public int messageLength() {
            return (this.cipherSuiteIds.length * 2) + this.sessionId.length() + 38 + (this.isDTLS ? this.cookie.length + 1 : 0) + this.compressionMethod.length + this.extensions.length();
        }

        @Override // org.openjsse.sun.security.ssl.SSLHandshake.HandshakeMessage
        public void send(HandshakeOutStream handshakeOutStream) {
            sendCore(handshakeOutStream);
            this.extensions.send(handshakeOutStream);
        }

        public void sendCore(HandshakeOutStream handshakeOutStream) {
            handshakeOutStream.putInt8((byte) (this.clientVersion >>> 8));
            handshakeOutStream.putInt8((byte) this.clientVersion);
            handshakeOutStream.write(this.clientRandom.randomBytes, 0, 32);
            handshakeOutStream.putBytes8(this.sessionId.getId());
            if (this.isDTLS) {
                handshakeOutStream.putBytes8(this.cookie);
            }
            handshakeOutStream.putBytes16(getEncodedCipherSuites());
            handshakeOutStream.putBytes8(this.compressionMethod);
        }

        public void setHelloCookie(byte[] bArr) {
            this.cookie = bArr;
        }

        public String toString() {
            return this.isDTLS ? new MessageFormat("\"ClientHello\": '{'\n  \"client version\"      : \"{0}\",\n  \"random\"              : \"{1}\",\n  \"session id\"          : \"{2}\",\n  \"cookie\"              : \"{3}\",\n  \"cipher suites\"       : \"{4}\",\n  \"compression methods\" : \"{5}\",\n  \"extensions\"          : [\n{6}\n  ]\n'}'", Locale.ENGLISH).format(new Object[]{ProtocolVersion.nameOf(this.clientVersion), Utilities.toHexString(this.clientRandom.randomBytes), this.sessionId.toString(), Utilities.toHexString(this.cookie), getCipherSuiteNames().toString(), Utilities.toHexString(this.compressionMethod), Utilities.indent(Utilities.indent(this.extensions.toString()))}) : new MessageFormat("\"ClientHello\": '{'\n  \"client version\"      : \"{0}\",\n  \"random\"              : \"{1}\",\n  \"session id\"          : \"{2}\",\n  \"cipher suites\"       : \"{3}\",\n  \"compression methods\" : \"{4}\",\n  \"extensions\"          : [\n{5}\n  ]\n'}'", Locale.ENGLISH).format(new Object[]{ProtocolVersion.nameOf(this.clientVersion), Utilities.toHexString(this.clientRandom.randomBytes), this.sessionId.toString(), getCipherSuiteNames().toString(), Utilities.toHexString(this.compressionMethod), Utilities.indent(Utilities.indent(this.extensions.toString()))});
        }
    }

    /* loaded from: classes.dex */
    public static final class ClientHelloProducer implements HandshakeProducer {
        private ClientHelloProducer() {
        }

        public /* synthetic */ ClientHelloProducer(AnonymousClass1 anonymousClass1) {
            this();
        }

        @Override // org.openjsse.sun.security.ssl.HandshakeProducer
        public byte[] produce(ConnectionContext connectionContext, SSLHandshake.HandshakeMessage handshakeMessage) {
            ClientHandshakeContext clientHandshakeContext = (ClientHandshakeContext) connectionContext;
            SSLHandshake handshakeType = handshakeMessage.handshakeType();
            if (handshakeType == null) {
                throw new UnsupportedOperationException("Not supported yet.");
            }
            int i5 = AnonymousClass1.$SwitchMap$org$openjsse$sun$security$ssl$SSLHandshake[handshakeType.ordinal()];
            if (i5 == 1) {
                try {
                    clientHandshakeContext.kickstart();
                    return null;
                } catch (IOException e5) {
                    throw clientHandshakeContext.conContext.fatal(Alert.HANDSHAKE_FAILURE, e5);
                }
            }
            if (i5 != 2) {
                if (i5 != 3) {
                    throw new UnsupportedOperationException("Not supported yet.");
                }
                if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
                    SSLLogger.fine("Produced ClientHello(HRR) handshake message", clientHandshakeContext.initialClientHelloMsg);
                }
                clientHandshakeContext.initialClientHelloMsg.write(clientHandshakeContext.handshakeOutput);
                clientHandshakeContext.handshakeOutput.flush();
                clientHandshakeContext.conContext.consumers.putIfAbsent(Byte.valueOf(ContentType.CHANGE_CIPHER_SPEC.id), ChangeCipherSpec.t13Consumer);
                LinkedHashMap<Byte, SSLConsumer> linkedHashMap = clientHandshakeContext.handshakeConsumers;
                SSLHandshake sSLHandshake = SSLHandshake.SERVER_HELLO;
                linkedHashMap.put(Byte.valueOf(sSLHandshake.id), sSLHandshake);
                return null;
            }
            if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
                SSLLogger.fine("Produced ClientHello(cookie) handshake message", clientHandshakeContext.initialClientHelloMsg);
            }
            clientHandshakeContext.initialClientHelloMsg.write(clientHandshakeContext.handshakeOutput);
            clientHandshakeContext.handshakeOutput.flush();
            LinkedHashMap<Byte, SSLConsumer> linkedHashMap2 = clientHandshakeContext.handshakeConsumers;
            SSLHandshake sSLHandshake2 = SSLHandshake.SERVER_HELLO;
            linkedHashMap2.put(Byte.valueOf(sSLHandshake2.id), sSLHandshake2);
            ProtocolVersion protocolVersion = ProtocolVersion.NONE;
            for (ProtocolVersion protocolVersion2 : clientHandshakeContext.activeProtocols) {
                if (protocolVersion == ProtocolVersion.NONE || protocolVersion2.compare(protocolVersion) < 0) {
                    protocolVersion = protocolVersion2;
                }
            }
            if (clientHandshakeContext.sslContext.isDTLS() && !protocolVersion.useTLS13PlusSpec()) {
                LinkedHashMap<Byte, SSLConsumer> linkedHashMap3 = clientHandshakeContext.handshakeConsumers;
                SSLHandshake sSLHandshake3 = SSLHandshake.HELLO_VERIFY_REQUEST;
                linkedHashMap3.put(Byte.valueOf(sSLHandshake3.id), sSLHandshake3);
            }
            return null;
        }
    }

    /* loaded from: classes.dex */
    public static final class D12ClientHelloConsumer implements HandshakeConsumer {
        private D12ClientHelloConsumer() {
        }

        public /* synthetic */ D12ClientHelloConsumer(AnonymousClass1 anonymousClass1) {
            this();
        }

        @Override // org.openjsse.sun.security.ssl.HandshakeConsumer
        public void consume(ConnectionContext connectionContext, SSLHandshake.HandshakeMessage handshakeMessage) {
            ServerHandshakeContext serverHandshakeContext = (ServerHandshakeContext) connectionContext;
            ClientHelloMessage clientHelloMessage = (ClientHelloMessage) handshakeMessage;
            TransportContext transportContext = serverHandshakeContext.conContext;
            if (transportContext.isNegotiated) {
                if (!transportContext.secureRenegotiation && !HandshakeContext.allowUnsafeRenegotiation) {
                    throw transportContext.fatal(Alert.HANDSHAKE_FAILURE, "Unsafe renegotiation is not allowed");
                }
                if (ServerHandshakeContext.rejectClientInitiatedRenego && !serverHandshakeContext.kickstartMessageDelivered) {
                    throw transportContext.fatal(Alert.HANDSHAKE_FAILURE, "Client initiated renegotiation is not allowed");
                }
            }
            if (clientHelloMessage.sessionId.length() != 0) {
                SSLSessionImpl sSLSessionImpl = ((SSLSessionContextImpl) serverHandshakeContext.sslContext.engineGetServerSessionContext()).get(clientHelloMessage.sessionId.getId());
                boolean z5 = sSLSessionImpl != null && sSLSessionImpl.isRejoinable();
                if (!z5 && SSLLogger.isOn && SSLLogger.isOn("ssl,handshake,verbose")) {
                    SSLLogger.finest("Can't resume, the existing session is not rejoinable", new Object[0]);
                }
                if (z5 && sSLSessionImpl.getProtocolVersion() != serverHandshakeContext.negotiatedProtocol) {
                    if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake,verbose")) {
                        SSLLogger.finest("Can't resume, not the same protocol version", new Object[0]);
                    }
                    z5 = false;
                }
                if (z5 && serverHandshakeContext.sslConfig.clientAuthType == ClientAuthType.CLIENT_AUTH_REQUIRED) {
                    try {
                        sSLSessionImpl.getPeerPrincipal();
                    } catch (SSLPeerUnverifiedException unused) {
                        if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake,verbose")) {
                            SSLLogger.finest("Can't resume, client authentication is required", new Object[0]);
                        }
                        z5 = false;
                    }
                }
                if (z5) {
                    CipherSuite suite = sSLSessionImpl.getSuite();
                    if (!serverHandshakeContext.isNegotiable(suite) || !clientHelloMessage.cipherSuites.contains(suite)) {
                        if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake,verbose")) {
                            SSLLogger.finest("Can't resume, the session cipher suite is absent", new Object[0]);
                        }
                        z5 = false;
                    }
                }
                serverHandshakeContext.isResumption = z5;
                if (!z5) {
                    sSLSessionImpl = null;
                }
                serverHandshakeContext.resumingSession = sSLSessionImpl;
            }
            HelloCookieManager helloCookieManager = serverHandshakeContext.sslContext.getHelloCookieManager(ProtocolVersion.DTLS10);
            if (!serverHandshakeContext.isResumption && !helloCookieManager.isCookieValid(serverHandshakeContext, clientHelloMessage, clientHelloMessage.cookie)) {
                HashMap<Byte, HandshakeProducer> hashMap = serverHandshakeContext.handshakeProducers;
                SSLHandshake sSLHandshake = SSLHandshake.HELLO_VERIFY_REQUEST;
                hashMap.put(Byte.valueOf(sSLHandshake.id), sSLHandshake);
                sSLHandshake.produce(connectionContext, clientHelloMessage);
                return;
            }
            serverHandshakeContext.clientHelloRandom = clientHelloMessage.clientRandom;
            clientHelloMessage.extensions.consumeOnLoad(serverHandshakeContext, serverHandshakeContext.sslConfig.getEnabledExtensions(SSLHandshake.CLIENT_HELLO));
            TransportContext transportContext2 = serverHandshakeContext.conContext;
            if (!transportContext2.isNegotiated) {
                ProtocolVersion protocolVersion = serverHandshakeContext.negotiatedProtocol;
                transportContext2.protocolVersion = protocolVersion;
                transportContext2.outputRecord.setVersion(protocolVersion);
            }
            HashMap<Byte, HandshakeProducer> hashMap2 = serverHandshakeContext.handshakeProducers;
            SSLHandshake sSLHandshake2 = SSLHandshake.SERVER_HELLO;
            hashMap2.put(Byte.valueOf(sSLHandshake2.id), sSLHandshake2);
            SSLHandshake[] sSLHandshakeArr = {sSLHandshake2, SSLHandshake.CERTIFICATE, SSLHandshake.CERTIFICATE_STATUS, SSLHandshake.SERVER_KEY_EXCHANGE, SSLHandshake.CERTIFICATE_REQUEST, SSLHandshake.SERVER_HELLO_DONE, SSLHandshake.FINISHED};
            for (int i5 = 0; i5 < 7; i5++) {
                HandshakeProducer remove = serverHandshakeContext.handshakeProducers.remove(Byte.valueOf(sSLHandshakeArr[i5].id));
                if (remove != null) {
                    remove.produce(connectionContext, clientHelloMessage);
                }
            }
        }
    }

    /* loaded from: classes.dex */
    public static final class D13ClientHelloConsumer implements HandshakeConsumer {
        private D13ClientHelloConsumer() {
        }

        public /* synthetic */ D13ClientHelloConsumer(AnonymousClass1 anonymousClass1) {
            this();
        }

        @Override // org.openjsse.sun.security.ssl.HandshakeConsumer
        public void consume(ConnectionContext connectionContext, SSLHandshake.HandshakeMessage handshakeMessage) {
            throw new UnsupportedOperationException("Not supported yet.");
        }
    }

    /* loaded from: classes.dex */
    public static final class T12ClientHelloConsumer implements HandshakeConsumer {
        private T12ClientHelloConsumer() {
        }

        public /* synthetic */ T12ClientHelloConsumer(AnonymousClass1 anonymousClass1) {
            this();
        }

        @Override // org.openjsse.sun.security.ssl.HandshakeConsumer
        public void consume(ConnectionContext connectionContext, SSLHandshake.HandshakeMessage handshakeMessage) {
            ServerHandshakeContext serverHandshakeContext = (ServerHandshakeContext) connectionContext;
            ClientHelloMessage clientHelloMessage = (ClientHelloMessage) handshakeMessage;
            TransportContext transportContext = serverHandshakeContext.conContext;
            if (transportContext.isNegotiated) {
                if (!transportContext.secureRenegotiation && !HandshakeContext.allowUnsafeRenegotiation) {
                    throw transportContext.fatal(Alert.HANDSHAKE_FAILURE, "Unsafe renegotiation is not allowed");
                }
                if (ServerHandshakeContext.rejectClientInitiatedRenego && !serverHandshakeContext.kickstartMessageDelivered) {
                    throw transportContext.fatal(Alert.HANDSHAKE_FAILURE, "Client initiated renegotiation is not allowed");
                }
            }
            if (clientHelloMessage.sessionId.length() != 0) {
                SSLSessionImpl sSLSessionImpl = ((SSLSessionContextImpl) serverHandshakeContext.sslContext.engineGetServerSessionContext()).get(clientHelloMessage.sessionId.getId());
                boolean z5 = sSLSessionImpl != null && sSLSessionImpl.isRejoinable();
                if (!z5 && SSLLogger.isOn && SSLLogger.isOn("ssl,handshake,verbose")) {
                    SSLLogger.finest("Can't resume, the existing session is not rejoinable", new Object[0]);
                }
                if (z5 && sSLSessionImpl.getProtocolVersion() != serverHandshakeContext.negotiatedProtocol) {
                    if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake,verbose")) {
                        SSLLogger.finest("Can't resume, not the same protocol version", new Object[0]);
                    }
                    z5 = false;
                }
                if (z5 && serverHandshakeContext.sslConfig.clientAuthType == ClientAuthType.CLIENT_AUTH_REQUIRED) {
                    try {
                        sSLSessionImpl.getPeerPrincipal();
                    } catch (SSLPeerUnverifiedException unused) {
                        if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake,verbose")) {
                            SSLLogger.finest("Can't resume, client authentication is required", new Object[0]);
                        }
                        z5 = false;
                    }
                }
                if (z5) {
                    CipherSuite suite = sSLSessionImpl.getSuite();
                    if (!serverHandshakeContext.isNegotiable(suite) || !clientHelloMessage.cipherSuites.contains(suite)) {
                        if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake,verbose")) {
                            SSLLogger.finest("Can't resume, the session cipher suite is absent", new Object[0]);
                        }
                        z5 = false;
                    }
                }
                String str = serverHandshakeContext.sslConfig.identificationProtocol;
                if (z5 && str != null) {
                    String identificationProtocol = sSLSessionImpl.getIdentificationProtocol();
                    if (!str.equals(identificationProtocol)) {
                        if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake,verbose")) {
                            SSLLogger.finest("Can't resume, endpoint id algorithm does not match, requested: " + str + ", cached: " + identificationProtocol, new Object[0]);
                        }
                        z5 = false;
                    }
                }
                serverHandshakeContext.isResumption = z5;
                if (!z5) {
                    sSLSessionImpl = null;
                }
                serverHandshakeContext.resumingSession = sSLSessionImpl;
            }
            serverHandshakeContext.clientHelloRandom = clientHelloMessage.clientRandom;
            clientHelloMessage.extensions.consumeOnLoad(serverHandshakeContext, serverHandshakeContext.sslConfig.getEnabledExtensions(SSLHandshake.CLIENT_HELLO));
            TransportContext transportContext2 = serverHandshakeContext.conContext;
            if (!transportContext2.isNegotiated) {
                ProtocolVersion protocolVersion = serverHandshakeContext.negotiatedProtocol;
                transportContext2.protocolVersion = protocolVersion;
                transportContext2.outputRecord.setVersion(protocolVersion);
            }
            HashMap<Byte, HandshakeProducer> hashMap = serverHandshakeContext.handshakeProducers;
            SSLHandshake sSLHandshake = SSLHandshake.SERVER_HELLO;
            hashMap.put(Byte.valueOf(sSLHandshake.id), sSLHandshake);
            SSLHandshake[] sSLHandshakeArr = {sSLHandshake, SSLHandshake.CERTIFICATE, SSLHandshake.CERTIFICATE_STATUS, SSLHandshake.SERVER_KEY_EXCHANGE, SSLHandshake.CERTIFICATE_REQUEST, SSLHandshake.SERVER_HELLO_DONE, SSLHandshake.FINISHED};
            for (int i5 = 0; i5 < 7; i5++) {
                HandshakeProducer remove = serverHandshakeContext.handshakeProducers.remove(Byte.valueOf(sSLHandshakeArr[i5].id));
                if (remove != null) {
                    remove.produce(connectionContext, clientHelloMessage);
                }
            }
        }
    }

    /* loaded from: classes.dex */
    public static final class T13ClientHelloConsumer implements HandshakeConsumer {
        private T13ClientHelloConsumer() {
        }

        public /* synthetic */ T13ClientHelloConsumer(AnonymousClass1 anonymousClass1) {
            this();
        }

        private void goHelloRetryRequest(ServerHandshakeContext serverHandshakeContext, ClientHelloMessage clientHelloMessage) {
            HandshakeProducer remove = serverHandshakeContext.handshakeProducers.remove(Byte.valueOf(SSLHandshake.HELLO_RETRY_REQUEST.id));
            if (remove == null) {
                TransportContext transportContext = serverHandshakeContext.conContext;
                Alert alert = Alert.HANDSHAKE_FAILURE;
                StringBuilder y5 = androidx.activity.b.y("No HelloRetryRequest producer: ");
                y5.append(serverHandshakeContext.handshakeProducers);
                throw transportContext.fatal(alert, y5.toString());
            }
            remove.produce(serverHandshakeContext, clientHelloMessage);
            if (serverHandshakeContext.handshakeProducers.isEmpty()) {
                return;
            }
            TransportContext transportContext2 = serverHandshakeContext.conContext;
            Alert alert2 = Alert.HANDSHAKE_FAILURE;
            StringBuilder y6 = androidx.activity.b.y("unknown handshake producers: ");
            y6.append(serverHandshakeContext.handshakeProducers);
            throw transportContext2.fatal(alert2, y6.toString());
        }

        private void goServerHello(ServerHandshakeContext serverHandshakeContext, ClientHelloMessage clientHelloMessage) {
            serverHandshakeContext.clientHelloRandom = clientHelloMessage.clientRandom;
            TransportContext transportContext = serverHandshakeContext.conContext;
            if (!transportContext.isNegotiated) {
                ProtocolVersion protocolVersion = serverHandshakeContext.negotiatedProtocol;
                transportContext.protocolVersion = protocolVersion;
                transportContext.outputRecord.setVersion(protocolVersion);
            }
            HashMap<Byte, HandshakeProducer> hashMap = serverHandshakeContext.handshakeProducers;
            SSLHandshake sSLHandshake = SSLHandshake.SERVER_HELLO;
            hashMap.put(Byte.valueOf(sSLHandshake.id), sSLHandshake);
            SSLHandshake[] sSLHandshakeArr = {sSLHandshake, SSLHandshake.ENCRYPTED_EXTENSIONS, SSLHandshake.CERTIFICATE_REQUEST, SSLHandshake.CERTIFICATE, SSLHandshake.CERTIFICATE_VERIFY, SSLHandshake.FINISHED};
            for (int i5 = 0; i5 < 6; i5++) {
                HandshakeProducer remove = serverHandshakeContext.handshakeProducers.remove(Byte.valueOf(sSLHandshakeArr[i5].id));
                if (remove != null) {
                    remove.produce(serverHandshakeContext, clientHelloMessage);
                }
            }
        }

        @Override // org.openjsse.sun.security.ssl.HandshakeConsumer
        public void consume(ConnectionContext connectionContext, SSLHandshake.HandshakeMessage handshakeMessage) {
            ServerHandshakeContext serverHandshakeContext = (ServerHandshakeContext) connectionContext;
            ClientHelloMessage clientHelloMessage = (ClientHelloMessage) handshakeMessage;
            TransportContext transportContext = serverHandshakeContext.conContext;
            if (transportContext.isNegotiated) {
                throw transportContext.fatal(Alert.UNEXPECTED_MESSAGE, "Received unexpected renegotiation handshake message");
            }
            transportContext.consumers.putIfAbsent(Byte.valueOf(ContentType.CHANGE_CIPHER_SPEC.id), ChangeCipherSpec.t13Consumer);
            serverHandshakeContext.isResumption = true;
            SSLExtension sSLExtension = SSLExtension.PSK_KEY_EXCHANGE_MODES;
            SSLExtension sSLExtension2 = SSLExtension.CH_PRE_SHARED_KEY;
            clientHelloMessage.extensions.consumeOnLoad(serverHandshakeContext, new SSLExtension[]{sSLExtension, sSLExtension2});
            clientHelloMessage.extensions.consumeOnLoad(serverHandshakeContext, serverHandshakeContext.sslConfig.getExclusiveExtensions(SSLHandshake.CLIENT_HELLO, Arrays.asList(sSLExtension, sSLExtension2, SSLExtension.CH_SUPPORTED_VERSIONS)));
            if (serverHandshakeContext.handshakeProducers.isEmpty()) {
                goServerHello(serverHandshakeContext, clientHelloMessage);
            } else {
                goHelloRetryRequest(serverHandshakeContext, clientHelloMessage);
            }
        }
    }

    static {
        AnonymousClass1 anonymousClass1 = null;
        kickstartProducer = new ClientHelloKickstartProducer(anonymousClass1);
        handshakeConsumer = new ClientHelloConsumer(anonymousClass1);
        handshakeProducer = new ClientHelloProducer(anonymousClass1);
        t12HandshakeConsumer = new T12ClientHelloConsumer(anonymousClass1);
        t13HandshakeConsumer = new T13ClientHelloConsumer(anonymousClass1);
        d12HandshakeConsumer = new D12ClientHelloConsumer(anonymousClass1);
        d13HandshakeConsumer = new D13ClientHelloConsumer(anonymousClass1);
    }
}
