package org.eclipse.californium.scandium.dtls;

import java.io.IOException;
import java.net.DatagramPacket;
import java.net.Inet6Address;
import java.net.InetSocketAddress;
import java.security.GeneralSecurityException;
import java.security.MessageDigest;
import java.security.Principal;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.cert.CertPath;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Comparator;
import java.util.Iterator;
import java.util.LinkedHashSet;
import java.util.List;
import java.util.Set;
import java.util.SortedSet;
import java.util.TreeSet;
import java.util.concurrent.RejectedExecutionException;
import java.util.concurrent.ScheduledExecutorService;
import java.util.concurrent.TimeUnit;
import java.util.concurrent.atomic.AtomicReference;
import java.util.concurrent.locks.ReentrantLock;
import javax.crypto.Mac;
import javax.crypto.SecretKey;
import javax.security.auth.DestroyFailedException;
import javax.security.auth.Destroyable;
import org.eclipse.californium.elements.RawData;
import org.eclipse.californium.elements.auth.AdditionalInfo;
import org.eclipse.californium.elements.auth.ExtensiblePrincipal;
import org.eclipse.californium.elements.auth.PreSharedKeyIdentity;
import org.eclipse.californium.elements.util.Bytes;
import org.eclipse.californium.elements.util.ClockUtil;
import org.eclipse.californium.elements.util.NoPublicAPI;
import org.eclipse.californium.elements.util.SerialExecutor;
import org.eclipse.californium.elements.util.StringUtil;
import org.eclipse.californium.scandium.auth.AdvancedApplicationLevelInfoSupplier;
import org.eclipse.californium.scandium.auth.ApplicationLevelInfoSupplier;
import org.eclipse.californium.scandium.config.DtlsConnectorConfig;
import org.eclipse.californium.scandium.dtls.AlertMessage;
import org.eclipse.californium.scandium.dtls.cipher.PseudoRandomFunction;
import org.eclipse.californium.scandium.dtls.pskstore.AdvancedPskStore;
import org.eclipse.californium.scandium.dtls.x509.NewAdvancedCertificateVerifier;
import org.eclipse.californium.scandium.util.SecretIvParameterSpec;
import org.eclipse.californium.scandium.util.SecretUtil;
import org.eclipse.californium.scandium.util.ServerNames;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/eclipse/californium/scandium/dtls/Handshaker.class */
public abstract class Handshaker implements Destroyable {
    protected final boolean isClient;
    protected ProtocolVersion usedProtocol;
    protected Random clientRandom;
    protected Random serverRandom;
    protected SecretKey masterSecret;
    private SecretKey clientWriteMACKey;
    private SecretKey serverWriteMACKey;
    private SecretKey clientWriteKey;
    private SecretKey serverWriteKey;
    private SecretIvParameterSpec clientWriteIV;
    private SecretIvParameterSpec serverWriteIV;
    private volatile boolean generateClusterMacKeys;
    private boolean destroyed;
    private final boolean ipv6;
    protected final DTLSSession session;
    protected final NewAdvancedCertificateVerifier certificateVerifier;
    protected final AdvancedPskStore advancedPskStore;
    protected final ConnectionIdGenerator connectionIdGenerator;
    private int sendMessageSequence;
    private int nextReceiveMessageSequence;
    private boolean lastFlight;
    private long flightSendNanos;
    private long nanosExpireTime;
    private final long nanosExpireTimeout;
    protected Integer recordSizeLimit;
    private int deferredRecordsSize;
    private final int maxFragmentedHandshakeMessageLength;
    private final int maxDeferredProcessedOutgoingApplicationDataMessages;
    private final int maxDeferredProcessedIncomingRecordsSize;
    private Runnable retransmitFlight;
    private final ScheduledExecutorService timer;
    private final RecordLayer recordLayer;
    private final Connection connection;
    private InboundMessageBuffer inboundMessageBuffer;
    protected ReassemblingHandshakeMessage reassembledMessage;
    protected final PrivateKey privateKey;
    protected final PublicKey publicKey;
    protected final List<X509Certificate> certificateChain;
    protected CertPath peerCertPath;
    protected boolean certificateVerfied;
    protected boolean sniEnabled;
    protected boolean useStateValidation;
    protected final boolean useKeyUsageVerification;
    protected final boolean useTruncatedCertificatePathForVerification;
    private final boolean useEarlyStopRetransmission;
    private Boolean useMultiRecordMessages;
    private Boolean useMultiHandshakeMessagesRecord;
    private final int backOffRetransmission;
    private final int maxRetransmissions;
    private final int retransmissionTimeout;
    protected int statesIndex;
    protected HandshakeState[] states;
    private SecretKey otherSecret;
    private Throwable cause;
    private Object customArgument;
    private ApplicationLevelInfoSupplier applicationLevelInfoSupplier;
    protected final Logger LOGGER = LoggerFactory.getLogger(getClass());
    private final ReentrantLock recursionProtection = new ReentrantLock();
    protected int flightNumber = 0;
    private final List<RawData> deferredApplicationData = new ArrayList();
    private final List<Record> deferredRecords = new ArrayList();
    private final AtomicReference<DTLSFlight> pendingFlight = new AtomicReference<>();
    protected final List<HandshakeMessage> handshakeMessages = new ArrayList();
    private final Set<SessionListener> sessionListeners = new LinkedHashSet();
    private boolean changeCipherSuiteMessageExpected = false;
    private boolean sessionEstablished = false;
    private boolean handshakeAborted = false;
    private boolean handshakeFailed = false;
    private boolean pskRequestPending = false;
    private boolean certificateVerificationPending = false;

    /* loaded from: input_file:org/eclipse/californium/scandium/dtls/Handshaker$ConnectionTask.class */
    private class ConnectionTask implements Runnable {
        private final Runnable task;
        private final boolean force;

        private ConnectionTask(Runnable runnable, boolean z) {
            this.task = runnable;
            this.force = z;
        }

        @Override // java.lang.Runnable
        public void run() {
            try {
                Handshaker.this.connection.getExecutor().execute(this.task);
            } catch (RejectedExecutionException e) {
                Handshaker.this.LOGGER.debug("Execution rejected while execute task of peer: {}", Handshaker.this.connection.getPeerAddress(), e);
                if (this.force) {
                    this.task.run();
                }
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/eclipse/californium/scandium/dtls/Handshaker$InboundMessageBuffer.class */
    public class InboundMessageBuffer {
        private Record changeCipherSpec;
        private SortedSet<Record> queue;

        private InboundMessageBuffer() {
            this.changeCipherSpec = null;
            this.queue = new TreeSet(new Comparator<Record>() { // from class: org.eclipse.californium.scandium.dtls.Handshaker.InboundMessageBuffer.1
                @Override // java.util.Comparator
                public int compare(Record record, Record record2) {
                    return Handshaker.compareRecords(record, record2);
                }
            });
        }

        boolean isEmpty() {
            return this.queue.isEmpty();
        }

        Record getNextRecord() {
            Record record = null;
            if (!Handshaker.this.isChangeCipherSpecMessageExpected() || this.changeCipherSpec == null) {
                Iterator<Record> it = this.queue.iterator();
                while (true) {
                    if (!it.hasNext()) {
                        break;
                    }
                    Record next = it.next();
                    int messageSeq = ((HandshakeMessage) next.getFragment()).getMessageSeq();
                    if (messageSeq > Handshaker.this.nextReceiveMessageSequence) {
                        break;
                    }
                    Handshaker.this.removeDeferredProcessedRecord(next, this.queue);
                    if (messageSeq == Handshaker.this.nextReceiveMessageSequence) {
                        record = next;
                        break;
                    }
                }
            } else {
                record = this.changeCipherSpec;
                this.changeCipherSpec = null;
            }
            return record;
        }

        Record getNextRecord(Record record) {
            int epoch = record.getEpoch();
            int readEpoch = Handshaker.this.session.getReadEpoch();
            if (epoch != readEpoch) {
                throw new IllegalArgumentException("record epoch " + epoch + " doesn't match session " + readEpoch);
            }
            DTLSMessage fragment = record.getFragment();
            switch (fragment.getContentType()) {
                case CHANGE_CIPHER_SPEC:
                    if (Handshaker.this.isChangeCipherSpecMessageExpected()) {
                        return record;
                    }
                    if (this.changeCipherSpec != null) {
                        Handshaker.this.LOGGER.debug("Change Cipher Spec is received again!");
                        return null;
                    }
                    Handshaker.this.LOGGER.debug("Change Cipher Spec is not expected and therefore kept for later processing!");
                    this.changeCipherSpec = record;
                    return null;
                case HANDSHAKE:
                    HandshakeMessage handshakeMessage = (HandshakeMessage) fragment;
                    int messageSeq = handshakeMessage.getMessageSeq();
                    if (messageSeq == Handshaker.this.nextReceiveMessageSequence) {
                        return record;
                    }
                    if (messageSeq <= Handshaker.this.nextReceiveMessageSequence) {
                        Handshaker.this.LOGGER.debug("Discarding old {} message_seq [{}] < next_receive_seq [{}]", new Object[]{handshakeMessage.getMessageType(), Integer.valueOf(messageSeq), Integer.valueOf(Handshaker.this.nextReceiveMessageSequence)});
                        return null;
                    }
                    Handshaker.this.LOGGER.debug("Queued newer {} message from current epoch, message_seq [{}] > next_receive_seq [{}]", new Object[]{handshakeMessage.getMessageType(), Integer.valueOf(messageSeq), Integer.valueOf(Handshaker.this.nextReceiveMessageSequence)});
                    Handshaker.this.addDeferredProcessedRecord(record, this.queue);
                    return null;
                default:
                    Handshaker.this.LOGGER.warn("Cannot process message of type [{}], discarding...", fragment.getContentType());
                    return null;
            }
        }

        public void clean(long j) {
            if (this.changeCipherSpec != null && this.changeCipherSpec.getSequenceNumber() == j) {
                this.changeCipherSpec = null;
            }
            for (Record record : this.queue) {
                if (record.getSequenceNumber() == j) {
                    Handshaker.this.removeDeferredProcessedRecord(record, this.queue);
                }
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/eclipse/californium/scandium/dtls/Handshaker$TimeoutPeerTask.class */
    public class TimeoutPeerTask extends ConnectionTask {
        private TimeoutPeerTask(final DTLSFlight dTLSFlight) {
            super(new Runnable() { // from class: org.eclipse.californium.scandium.dtls.Handshaker.TimeoutPeerTask.1
                @Override // java.lang.Runnable
                public void run() {
                    Handshaker.this.handleTimeout(dTLSFlight);
                }
            }, true);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @NoPublicAPI
    public Handshaker(boolean z, int i, DTLSSession dTLSSession, RecordLayer recordLayer, ScheduledExecutorService scheduledExecutorService, Connection connection, DtlsConnectorConfig dtlsConnectorConfig) {
        this.sendMessageSequence = 0;
        this.nextReceiveMessageSequence = 0;
        if (dTLSSession == null) {
            throw new NullPointerException("DTLS Session must not be null");
        }
        if (recordLayer == null) {
            throw new NullPointerException("Record layer must not be null");
        }
        if (scheduledExecutorService == null) {
            throw new NullPointerException("Timer must not be null");
        }
        if (connection == null) {
            throw new NullPointerException("Connection must not be null");
        }
        if (dtlsConnectorConfig == null) {
            throw new NullPointerException("Dtls Connector Config must not be null");
        }
        if (i < 0) {
            throw new IllegalArgumentException("Initial message sequence number must not be negative");
        }
        this.isClient = z;
        this.sendMessageSequence = i;
        this.nextReceiveMessageSequence = i;
        this.session = dTLSSession;
        this.recordLayer = recordLayer;
        this.timer = scheduledExecutorService;
        this.connection = connection;
        this.connectionIdGenerator = dtlsConnectorConfig.getConnectionIdGenerator();
        this.retransmissionTimeout = dtlsConnectorConfig.getRetransmissionTimeout().intValue();
        this.backOffRetransmission = dtlsConnectorConfig.getBackOffRetransmission().intValue();
        this.maxRetransmissions = dtlsConnectorConfig.getMaxRetransmissions().intValue();
        this.recordSizeLimit = dtlsConnectorConfig.getRecordSizeLimit();
        this.maxFragmentedHandshakeMessageLength = dtlsConnectorConfig.getMaxFragmentedHandshakeMessageLength().intValue();
        this.useMultiRecordMessages = dtlsConnectorConfig.useMultiRecordMessages();
        this.useMultiHandshakeMessagesRecord = dtlsConnectorConfig.useMultiHandshakeMessageRecords();
        this.maxDeferredProcessedOutgoingApplicationDataMessages = dtlsConnectorConfig.getMaxDeferredProcessedOutgoingApplicationDataMessages().intValue();
        this.maxDeferredProcessedIncomingRecordsSize = dtlsConnectorConfig.getMaxDeferredProcessedIncomingRecordsSize().intValue();
        this.sniEnabled = dtlsConnectorConfig.isSniEnabled().booleanValue();
        this.useStateValidation = dtlsConnectorConfig.useHandshakeStateValidation().booleanValue();
        this.useKeyUsageVerification = dtlsConnectorConfig.useKeyUsageVerification().booleanValue();
        this.useTruncatedCertificatePathForVerification = dtlsConnectorConfig.useTruncatedCertificatePathForValidation().booleanValue();
        this.useEarlyStopRetransmission = dtlsConnectorConfig.isEarlyStopRetransmission().booleanValue();
        this.privateKey = dtlsConnectorConfig.getPrivateKey();
        this.publicKey = dtlsConnectorConfig.getPublicKey();
        this.certificateChain = dtlsConnectorConfig.getCertificateChain();
        this.certificateVerifier = dtlsConnectorConfig.getAdvancedCertificateVerifier();
        this.advancedPskStore = dtlsConnectorConfig.getAdvancedPskStore();
        this.applicationLevelInfoSupplier = dtlsConnectorConfig.getApplicationLevelInfoSupplier();
        this.inboundMessageBuffer = new InboundMessageBuffer();
        this.ipv6 = connection.getPeerAddress().getAddress() instanceof Inet6Address;
        int i2 = this.retransmissionTimeout;
        int i3 = i2 * 2;
        for (int i4 = 0; i4 < this.maxRetransmissions; i4++) {
            i2 = DTLSFlight.incrementTimeout(i2);
            i3 += i2;
        }
        this.nanosExpireTimeout = TimeUnit.MILLISECONDS.toNanos(i3);
        addSessionListener(connection.getSessionListener());
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static int compareRecords(Record record, Record record2) {
        if (record.getEpoch() != record2.getEpoch()) {
            throw new IllegalArgumentException("records with different epoch! " + record.getEpoch() + " != " + record2.getEpoch());
        }
        HandshakeMessage handshakeMessage = (HandshakeMessage) record.getFragment();
        HandshakeMessage handshakeMessage2 = (HandshakeMessage) record2.getFragment();
        if (handshakeMessage.getMessageSeq() < handshakeMessage2.getMessageSeq()) {
            return -1;
        }
        if (handshakeMessage.getMessageSeq() > handshakeMessage2.getMessageSeq()) {
            return 1;
        }
        if (record.getSequenceNumber() < record2.getSequenceNumber()) {
            return -1;
        }
        return record.getSequenceNumber() > record2.getSequenceNumber() ? 1 : 0;
    }

    public boolean isInboundMessageProcessed() {
        return this.inboundMessageBuffer.isEmpty();
    }

    public final void processMessage(Record record) throws HandshakeException {
        int readEpoch = this.session.getReadEpoch();
        if (readEpoch != record.getEpoch()) {
            this.LOGGER.debug("Discarding {} message with wrong epoch received from peer [{}]:{}{}", new Object[]{record.getType(), record.getPeerAddress(), StringUtil.lineSeparator(), record});
            throw new IllegalArgumentException("processing record with wrong epoch! " + record.getEpoch() + " expected " + readEpoch);
        }
        if (record.getReceiveNanos() < this.flightSendNanos) {
            this.LOGGER.debug("Discarding {} message received from peer [{}] before last flight was sent:{}{}", new Object[]{record.getType(), record.getPeerAddress(), StringUtil.lineSeparator(), record});
            return;
        }
        Record nextRecord = this.inboundMessageBuffer.getNextRecord(record);
        if (nextRecord != null) {
            processNextMessages(nextRecord);
        }
    }

    private void processNextMessages(Record record) throws HandshakeException {
        if (this.recursionProtection.isHeldByCurrentThread()) {
            this.LOGGER.warn("Called from doProcessMessage, return immediately to process next message!", new Throwable("recursion-protection"));
            return;
        }
        try {
            int readEpoch = this.session.getReadEpoch();
            int i = 0;
            Record nextRecord = record != null ? record : this.inboundMessageBuffer.getNextRecord();
            while (nextRecord != null) {
                if (this.useMultiRecordMessages == null && nextRecord.isFollowUpRecord()) {
                    this.useMultiRecordMessages = true;
                }
                DTLSMessage fragment = nextRecord.getFragment();
                if (fragment.getContentType() != ContentType.CHANGE_CIPHER_SPEC) {
                    if (fragment.getContentType() != ContentType.HANDSHAKE) {
                        throw new HandshakeException(String.format("Received unexpected message [%s] from peer %s", fragment.getContentType(), fragment.getPeer()), new AlertMessage(AlertMessage.AlertLevel.FATAL, AlertMessage.AlertDescription.HANDSHAKE_FAILURE, fragment.getPeer()));
                    }
                    if (!processNextHandshakeMessages(readEpoch, i, (HandshakeMessage) fragment)) {
                        break;
                    }
                } else {
                    expectMessage(fragment);
                    this.LOGGER.debug("Processing {} message from peer [{}]", fragment.getContentType(), fragment.getPeer());
                    setCurrentReadState();
                    this.statesIndex++;
                    this.LOGGER.debug("Processed {} message from peer [{}]", fragment.getContentType(), fragment.getPeer());
                }
                this.session.markRecordAsRead(readEpoch, nextRecord.getSequenceNumber());
                this.inboundMessageBuffer.clean(nextRecord.getSequenceNumber());
                nextRecord = this.inboundMessageBuffer.getNextRecord();
                i++;
            }
            if (this.session.getReadEpoch() > readEpoch) {
                SerialExecutor executor = this.connection.getExecutor();
                List<Record> takeDeferredRecords = takeDeferredRecords();
                if (this.deferredRecordsSize > 0) {
                    throw new HandshakeException(String.format("Received unexpected message left from peer %s", record.getPeerAddress()), new AlertMessage(AlertMessage.AlertLevel.FATAL, AlertMessage.AlertDescription.HANDSHAKE_FAILURE, record.getPeerAddress()));
                }
                for (final Record record2 : takeDeferredRecords) {
                    if (executor != null && !executor.isShutdown()) {
                        try {
                            executor.execute(new Runnable() { // from class: org.eclipse.californium.scandium.dtls.Handshaker.1
                                @Override // java.lang.Runnable
                                public void run() {
                                    Handshaker.this.recordLayer.processRecord(record2, Handshaker.this.connection);
                                }
                            });
                        } catch (RejectedExecutionException e) {
                            this.LOGGER.debug("Execution rejected while processing record [type: {}, peer: {}]", new Object[]{record.getType(), record.getPeerAddress(), e});
                        }
                    }
                    this.recordLayer.processRecord(record2, this.connection);
                }
            }
        } catch (RuntimeException e2) {
            this.LOGGER.warn("Cannot process handshake message from peer [{}] due to [{}]", new Object[]{getSession().getPeer(), e2.getMessage(), e2});
            throw new HandshakeException("Cannot process handshake message, caused by " + e2.getMessage(), new AlertMessage(AlertMessage.AlertLevel.FATAL, AlertMessage.AlertDescription.INTERNAL_ERROR, this.session.getPeer()), e2);
        } catch (GeneralSecurityException e3) {
            this.LOGGER.warn("Cannot process handshake message from peer [{}] due to [{}]", new Object[]{getSession().getPeer(), e3.getMessage(), e3});
            throw new HandshakeException("Cannot process handshake message, caused by " + e3.getMessage(), new AlertMessage(AlertMessage.AlertLevel.FATAL, AlertMessage.AlertDescription.INTERNAL_ERROR, this.session.getPeer()), e3);
        }
    }

    private boolean processNextHandshakeMessages(int i, int i2, HandshakeMessage handshakeMessage) throws HandshakeException, GeneralSecurityException {
        if (this.recursionProtection.isHeldByCurrentThread()) {
            this.LOGGER.warn("Called from doProcessMessage, return immediately to process next message!", new Throwable("recursion-protection"));
            return false;
        }
        DTLSFlight dTLSFlight = this.pendingFlight.get();
        if (dTLSFlight != null) {
            this.LOGGER.debug("response for flight {} started", Integer.valueOf(dTLSFlight.getFlightNumber()));
            dTLSFlight.setResponseStarted();
        }
        while (handshakeMessage != null) {
            expectMessage(handshakeMessage);
            if (handshakeMessage.getMessageType() == HandshakeType.FINISHED && i == 0) {
                this.LOGGER.debug("FINISH with epoch 0 from peer [{}]!", getSession().getPeer());
                throw new HandshakeException("FINISH with epoch 0!", new AlertMessage(AlertMessage.AlertLevel.FATAL, AlertMessage.AlertDescription.UNEXPECTED_MESSAGE, getSession().getPeer()));
            }
            if (handshakeMessage instanceof FragmentedHandshakeMessage) {
                handshakeMessage = reassembleFragment((FragmentedHandshakeMessage) handshakeMessage);
                if (handshakeMessage == null) {
                    return true;
                }
            }
            if (handshakeMessage instanceof GenericHandshakeMessage) {
                handshakeMessage = HandshakeMessage.fromGenericHandshakeMessage((GenericHandshakeMessage) handshakeMessage, this.session.getParameter());
            }
            if (this.lastFlight) {
                if (dTLSFlight != null) {
                    this.LOGGER.debug("Received ({}) FINISHED message again, retransmitting last flight...", getPeerAddress());
                    dTLSFlight.incrementTries();
                    sendFlight(dTLSFlight);
                    return false;
                }
                if (this.cause != null) {
                    this.LOGGER.error("last flight missing, handshake already failed! {}", handshakeMessage, this.cause);
                    return false;
                }
                if (i2 == 0) {
                    this.LOGGER.error("last flight missing, resend failed! {}", handshakeMessage);
                    return false;
                }
                this.LOGGER.error("last flight missing, resend for buffered message {} failed! {}", Integer.valueOf(i2), handshakeMessage);
                return false;
            }
            if (this.LOGGER.isDebugEnabled()) {
                StringBuilder sb = new StringBuilder();
                sb.append(String.format("Processing %s message from peer [%s], seqn: [%d]", handshakeMessage.getMessageType(), handshakeMessage.getPeer(), Integer.valueOf(handshakeMessage.getMessageSeq())));
                if (this.LOGGER.isTraceEnabled()) {
                    sb.append(":").append(StringUtil.lineSeparator()).append(handshakeMessage);
                }
                this.LOGGER.debug(sb.toString());
            }
            if (i == 0) {
                this.handshakeMessages.add(handshakeMessage);
            }
            this.recursionProtection.lock();
            try {
                doProcessMessage(handshakeMessage);
                this.recursionProtection.unlock();
                this.LOGGER.debug("Processed {} message from peer [{}]", handshakeMessage.getMessageType(), handshakeMessage.getPeer());
                if (!this.lastFlight) {
                    this.nextReceiveMessageSequence++;
                    this.statesIndex++;
                }
                handshakeMessage = handshakeMessage.getNextHandshakeMessage();
                if (this.useMultiHandshakeMessagesRecord == null && handshakeMessage != null) {
                    this.useMultiHandshakeMessagesRecord = true;
                }
            } catch (Throwable th) {
                this.recursionProtection.unlock();
                throw th;
            }
        }
        return true;
    }

    protected void expectMessage(DTLSMessage dTLSMessage) throws HandshakeException {
        if (!this.useStateValidation || this.states == null) {
            return;
        }
        if (this.statesIndex >= this.states.length) {
            this.LOGGER.warn("Cannot process {} message from peer [{}], no more expected!", HandshakeState.toString(dTLSMessage), getSession().getPeer());
            throw new HandshakeException("Cannot process " + HandshakeState.toString(dTLSMessage) + " handshake message, no more expected!", new AlertMessage(AlertMessage.AlertLevel.FATAL, AlertMessage.AlertDescription.INTERNAL_ERROR, this.session.getPeer()));
        }
        HandshakeState handshakeState = this.states[this.statesIndex];
        boolean expect = handshakeState.expect(dTLSMessage);
        if (!expect && handshakeState.isOptional() && this.statesIndex + 1 < this.states.length && this.states[this.statesIndex + 1].expect(dTLSMessage)) {
            this.statesIndex++;
            expect = true;
        }
        if (expect) {
            return;
        }
        DTLSFlight dTLSFlight = this.pendingFlight.get();
        if (dTLSFlight == null || !dTLSFlight.contains(dTLSMessage)) {
            this.LOGGER.debug("Cannot process {} message from peer [{}], {} expected!", new Object[]{HandshakeState.toString(dTLSMessage), getSession().getPeer(), handshakeState});
        } else {
            this.LOGGER.debug("Cannot process {} message from itself [{}]!", HandshakeState.toString(dTLSMessage), getSession().getPeer());
        }
        throw new HandshakeException("Cannot process " + HandshakeState.toString(dTLSMessage) + " handshake message, " + handshakeState + " expected!", new AlertMessage(AlertMessage.AlertLevel.FATAL, AlertMessage.AlertDescription.INTERNAL_ERROR, this.session.getPeer()));
    }

    protected abstract void doProcessMessage(HandshakeMessage handshakeMessage) throws HandshakeException, GeneralSecurityException;

    public abstract void startHandshake() throws HandshakeException;

    public void processAsyncHandshakeResult(HandshakeResult handshakeResult) throws HandshakeException {
        if (handshakeResult instanceof PskSecretResult) {
            processAsyncPskSecretResult((PskSecretResult) handshakeResult);
        } else if (handshakeResult instanceof CertificateVerificationResult) {
            processCertificateVerificationResult((CertificateVerificationResult) handshakeResult);
            if (this.changeCipherSuiteMessageExpected) {
                processNextMessages(null);
            }
        }
    }

    @Deprecated
    public void processAsyncPskSecretResult(PskSecretResult pskSecretResult) throws HandshakeException {
        processPskSecretResult(pskSecretResult);
        if (this.changeCipherSuiteMessageExpected) {
            processNextMessages(null);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void processPskSecretResult(PskSecretResult pskSecretResult) throws HandshakeException {
        if (!this.pskRequestPending) {
            throw new IllegalStateException("psk secret not pending!");
        }
        this.pskRequestPending = false;
        try {
            ensureUndestroyed();
            String hostName = this.sniEnabled ? this.session.getHostName() : null;
            PskPublicInformation pskPublicInformation = pskSecretResult.getPskPublicInformation();
            SecretKey secret = pskSecretResult.getSecret();
            if (secret == null) {
                AlertMessage alertMessage = new AlertMessage(AlertMessage.AlertLevel.FATAL, AlertMessage.AlertDescription.UNKNOWN_PSK_IDENTITY, this.session.getPeer());
                if (hostName == null) {
                    throw new HandshakeException(String.format("No pre-shared key found for [identity: %s]", pskPublicInformation), alertMessage);
                }
                throw new HandshakeException(String.format("No pre-shared key found for [virtual host: %s, identity: %s]", hostName, pskPublicInformation), alertMessage);
            }
            if (hostName != null) {
                this.LOGGER.trace("client [{}] uses PSK identity [{}] for server [{}]", new Object[]{this.session.getPeer(), pskPublicInformation, hostName});
            } else {
                this.LOGGER.trace("client [{}] uses PSK identity [{}]", this.session.getPeer(), pskPublicInformation);
            }
            this.session.setPeerIdentity(this.sniEnabled ? new PreSharedKeyIdentity(hostName, pskPublicInformation.getPublicInfoAsString()) : new PreSharedKeyIdentity(pskPublicInformation.getPublicInfoAsString()));
            if (PskSecretResult.ALGORITHM_PSK.equals(secret.getAlgorithm())) {
                Mac threadLocalPseudoRandomFunctionMac = this.session.getCipherSuite().getThreadLocalPseudoRandomFunctionMac();
                SecretKey generatePremasterSecretFromPSK = PseudoRandomFunction.generatePremasterSecretFromPSK(this.otherSecret, secret);
                SecretKey generateMasterSecret = PseudoRandomFunction.generateMasterSecret(threadLocalPseudoRandomFunctionMac, generatePremasterSecretFromPSK, generateRandomSeed());
                SecretUtil.destroy(generatePremasterSecretFromPSK);
                SecretUtil.destroy(secret);
                secret = generateMasterSecret;
            }
            this.customArgument = pskSecretResult.getCustomArgument();
            processMasterSecret(secret);
        } finally {
            SecretUtil.destroy(this.otherSecret);
            this.otherSecret = null;
        }
    }

    protected abstract void processMasterSecret(SecretKey secretKey) throws HandshakeException;

    protected void processCertificateVerificationResult(CertificateVerificationResult certificateVerificationResult) throws HandshakeException {
        if (!this.certificateVerificationPending) {
            throw new IllegalStateException("certificate verification not pending!");
        }
        ensureUndestroyed();
        this.certificateVerificationPending = false;
        this.LOGGER.info("Process result of certificate verification.");
        if (certificateVerificationResult.getCertificatePath() != null) {
            this.peerCertPath = certificateVerificationResult.getCertificatePath();
            this.certificateVerfied = true;
            this.customArgument = certificateVerificationResult.getCustomArgument();
            processCertificateVerified();
            return;
        }
        if (certificateVerificationResult.getPublicKey() == null) {
            if (certificateVerificationResult.getException() == null) {
                throw new HandshakeException("Bad Certificate", new AlertMessage(AlertMessage.AlertLevel.FATAL, AlertMessage.AlertDescription.BAD_CERTIFICATE, this.session.getPeer()));
            }
            throw certificateVerificationResult.getException();
        }
        this.certificateVerfied = true;
        this.customArgument = certificateVerificationResult.getCustomArgument();
        processCertificateVerified();
    }

    protected abstract void processCertificateVerified() throws HandshakeException;

    /* JADX INFO: Access modifiers changed from: protected */
    public final MessageDigest getHandshakeMessageDigest() {
        MessageDigest threadLocalPseudoRandomFunctionMessageDigest = this.session.getCipherSuite().getThreadLocalPseudoRandomFunctionMessageDigest();
        int i = 0;
        for (HandshakeMessage handshakeMessage : this.handshakeMessages) {
            threadLocalPseudoRandomFunctionMessageDigest.update(handshakeMessage.toByteArray());
            this.LOGGER.trace("  [{}] - {}", Integer.valueOf(i), handshakeMessage.getMessageType());
            i++;
        }
        return threadLocalPseudoRandomFunctionMessageDigest;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void applyMasterSecret(SecretKey secretKey) {
        ensureUndestroyed();
        this.masterSecret = SecretUtil.create(secretKey);
        calculateKeys(secretKey);
        this.session.setMasterSecret(secretKey);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void calculateKeys(SecretKey secretKey) {
        ensureUndestroyed();
        int macKeyLength = this.session.getCipherSuite().getMacKeyLength();
        int encKeyLength = this.session.getCipherSuite().getEncKeyLength();
        int fixedIvLength = this.session.getCipherSuite().getFixedIvLength();
        int i = this.generateClusterMacKeys ? encKeyLength : 0;
        byte[] doPRF = PseudoRandomFunction.doPRF(this.session.getCipherSuite().getThreadLocalPseudoRandomFunctionMac(), secretKey, PseudoRandomFunction.Label.KEY_EXPANSION_LABEL, Bytes.concatenate(this.serverRandom, this.clientRandom), (macKeyLength + encKeyLength + fixedIvLength + i) * 2);
        this.clientWriteMACKey = SecretUtil.create(doPRF, 0, macKeyLength, "Mac");
        int i2 = 0 + macKeyLength;
        this.serverWriteMACKey = SecretUtil.create(doPRF, i2, macKeyLength, "Mac");
        int i3 = i2 + macKeyLength;
        this.clientWriteKey = SecretUtil.create(doPRF, i3, encKeyLength, "AES");
        int i4 = i3 + encKeyLength;
        this.serverWriteKey = SecretUtil.create(doPRF, i4, encKeyLength, "AES");
        int i5 = i4 + encKeyLength;
        this.clientWriteIV = SecretUtil.createIv(doPRF, i5, fixedIvLength);
        int i6 = i5 + fixedIvLength;
        this.serverWriteIV = SecretUtil.createIv(doPRF, i6, fixedIvLength);
        if (this.generateClusterMacKeys) {
            SecretKey create = SecretUtil.create(doPRF, i6, i, "Mac");
            int i7 = i6 + i;
            SecretKey create2 = SecretUtil.create(doPRF, i7, i, "Mac");
            int i8 = i7 + i;
            if (this.isClient) {
                this.session.setClusterMacKeys(create, create2);
            } else {
                this.session.setClusterMacKeys(create2, create);
            }
            SecretUtil.destroy(create);
            SecretUtil.destroy(create2);
        }
        Bytes.clear(doPRF);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public byte[] generateRandomSeed() {
        return Bytes.concatenate(this.clientRandom, this.serverRandom);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public PskSecretResult requestPskSecretResult(PskPublicInformation pskPublicInformation, SecretKey secretKey) {
        ServerNames serverNames = this.sniEnabled ? this.session.getServerNames() : null;
        String pseudoRandomFunctionMacName = this.session.getCipherSuite().getPseudoRandomFunctionMacName();
        this.pskRequestPending = true;
        this.otherSecret = SecretUtil.create(secretKey);
        return this.advancedPskStore.requestPskSecretResult(this.connection.getConnectionId(), serverNames, pskPublicInformation, pseudoRandomFunctionMacName, secretKey, generateRandomSeed());
    }

    protected final void setCurrentReadState() {
        this.session.setReadState(this.isClient ? DTLSConnectionState.create(this.session.getCipherSuite(), this.session.getCompressionMethod(), this.serverWriteKey, this.serverWriteIV, this.serverWriteMACKey) : DTLSConnectionState.create(this.session.getCipherSuite(), this.session.getCompressionMethod(), this.clientWriteKey, this.clientWriteIV, this.clientWriteMACKey));
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public final void setCurrentWriteState() {
        this.session.setWriteState(this.isClient ? DTLSConnectionState.create(this.session.getCipherSuite(), this.session.getCompressionMethod(), this.clientWriteKey, this.clientWriteIV, this.clientWriteMACKey) : DTLSConnectionState.create(this.session.getCipherSuite(), this.session.getCompressionMethod(), this.serverWriteKey, this.serverWriteIV, this.serverWriteMACKey));
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public final void wrapMessage(DTLSFlight dTLSFlight, DTLSMessage dTLSMessage) throws HandshakeException {
        switch (dTLSMessage.getContentType()) {
            case CHANGE_CIPHER_SPEC:
                dTLSFlight.addDtlsMessage(this.session.getWriteEpoch(), dTLSMessage);
                return;
            case HANDSHAKE:
                HandshakeMessage handshakeMessage = (HandshakeMessage) dTLSMessage;
                applySendMessageSequenceNumber(handshakeMessage);
                if (this.session.getWriteEpoch() == 0) {
                    this.handshakeMessages.add(handshakeMessage);
                }
                dTLSFlight.addDtlsMessage(this.session.getWriteEpoch(), dTLSMessage);
                return;
            default:
                throw new HandshakeException("Cannot create " + dTLSMessage.getContentType() + " record for flight", new AlertMessage(AlertMessage.AlertLevel.FATAL, AlertMessage.AlertDescription.INTERNAL_ERROR, this.session.getPeer()));
        }
    }

    protected GenericHandshakeMessage reassembleFragment(FragmentedHandshakeMessage fragmentedHandshakeMessage) throws HandshakeException {
        this.LOGGER.debug("Processing {} message fragment ...", fragmentedHandshakeMessage.getMessageType());
        try {
            if (fragmentedHandshakeMessage.getMessageLength() > this.maxFragmentedHandshakeMessageLength) {
                throw new IllegalArgumentException("Fragmented message length exceeded (" + fragmentedHandshakeMessage.getMessageLength() + " > " + this.maxFragmentedHandshakeMessageLength + ")!");
            }
            int messageSeq = fragmentedHandshakeMessage.getMessageSeq();
            if (this.reassembledMessage == null) {
                this.reassembledMessage = new ReassemblingHandshakeMessage(fragmentedHandshakeMessage);
            } else {
                if (this.reassembledMessage.getMessageSeq() != messageSeq) {
                    throw new IllegalArgumentException("Current reassemble message has different seqn " + this.reassembledMessage.getMessageSeq() + " != " + messageSeq);
                }
                this.reassembledMessage.add(fragmentedHandshakeMessage);
            }
            if (!this.reassembledMessage.isComplete()) {
                return null;
            }
            ReassemblingHandshakeMessage reassemblingHandshakeMessage = this.reassembledMessage;
            this.LOGGER.debug("Successfully re-assembled {} message", reassemblingHandshakeMessage.getMessageType());
            this.reassembledMessage = null;
            return reassemblingHandshakeMessage;
        } catch (IllegalArgumentException e) {
            throw new HandshakeException(e.getMessage(), new AlertMessage(AlertMessage.AlertLevel.FATAL, AlertMessage.AlertDescription.ILLEGAL_PARAMETER, fragmentedHandshakeMessage.getPeer()));
        }
    }

    public final DTLSSession getSession() {
        return this.session;
    }

    public final InetSocketAddress getPeerAddress() {
        return this.session.getPeer();
    }

    public final Connection getConnection() {
        return this.connection;
    }

    public DTLSFlight createFlight() {
        return new DTLSFlight(this.session, this.flightNumber);
    }

    public ConnectionId getReadConnectionId() {
        if (this.connectionIdGenerator == null) {
            return null;
        }
        return this.connectionIdGenerator.useConnectionId() ? this.connection.getConnectionId() : ConnectionId.EMPTY;
    }

    public Random getClientRandom() {
        return this.clientRandom;
    }

    public Random getServerRandom() {
        return this.serverRandom;
    }

    private void applySendMessageSequenceNumber(HandshakeMessage handshakeMessage) {
        handshakeMessage.setMessageSeq(this.sendMessageSequence);
        this.sendMessageSequence++;
    }

    final int getNextReceiveMessageSequenceNumber() {
        return this.nextReceiveMessageSequence;
    }

    public void addApplicationDataForDeferredProcessing(RawData rawData) {
        if (this.deferredApplicationData.size() < this.maxDeferredProcessedOutgoingApplicationDataMessages) {
            this.deferredApplicationData.add(rawData);
        }
    }

    public void addRecordsForDeferredProcessing(Record record) {
        addDeferredProcessedRecord(record, this.deferredRecords);
    }

    /* JADX INFO: Access modifiers changed from: private */
    public boolean addDeferredProcessedRecord(Record record, Collection<Record> collection) {
        int size = record.size();
        if (this.deferredRecordsSize + size < this.maxDeferredProcessedIncomingRecordsSize) {
            this.deferredRecordsSize += size;
            collection.add(record);
            return true;
        }
        this.LOGGER.debug("Dropped incoming record from peer [{}], limit of {} bytes exceeded by {}+{} bytes!", new Object[]{record.getPeerAddress(), Integer.valueOf(this.maxDeferredProcessedIncomingRecordsSize), Integer.valueOf(this.deferredRecordsSize), Integer.valueOf(size)});
        this.recordLayer.dropReceivedRecord(record);
        return false;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void removeDeferredProcessedRecord(Record record, Collection<Record> collection) {
        if (collection.remove(record)) {
            int size = record.size();
            if (this.deferredRecordsSize < size) {
                this.LOGGER.warn("deferred processed incoming records corrupted for peer [{}]! Removing {} bytes exceeds available {} bytes!", new Object[]{record.getPeerAddress(), Integer.valueOf(size), Integer.valueOf(this.deferredRecordsSize)});
                throw new IllegalArgumentException("deferred processing of incoming records corrupted!");
            }
            this.deferredRecordsSize -= size;
        }
    }

    public List<RawData> takeDeferredApplicationData() {
        ArrayList arrayList = new ArrayList(this.deferredApplicationData);
        this.deferredApplicationData.clear();
        return arrayList;
    }

    public List<Record> takeDeferredRecords() {
        ArrayList arrayList = new ArrayList(this.deferredRecords);
        Iterator it = arrayList.iterator();
        while (it.hasNext()) {
            removeDeferredProcessedRecord((Record) it.next(), this.deferredRecords);
        }
        if (!this.deferredRecords.isEmpty()) {
            this.LOGGER.warn("{} left deferred records", Integer.valueOf(this.deferredRecords.size()));
            this.deferredRecords.clear();
        }
        return arrayList;
    }

    public void takeDeferredApplicationData(Handshaker handshaker) {
        this.deferredApplicationData.addAll(handshaker.takeDeferredApplicationData());
    }

    public void completePendingFlight() {
        this.retransmitFlight = null;
        DTLSFlight dTLSFlight = this.pendingFlight.get();
        if (dTLSFlight != null) {
            dTLSFlight.setResponseCompleted();
        }
    }

    public void sendLastFlight(DTLSFlight dTLSFlight) {
        this.lastFlight = true;
        dTLSFlight.setRetransmissionNeeded(false);
        sendFlight(dTLSFlight);
    }

    public void sendFlight(DTLSFlight dTLSFlight) {
        completePendingFlight();
        try {
            dTLSFlight.setTimeout(this.retransmissionTimeout);
            this.flightSendNanos = ClockUtil.nanoRealtime();
            this.nanosExpireTime = this.nanosExpireTimeout + this.flightSendNanos;
            int maxDatagramSize = this.recordLayer.getMaxDatagramSize(this.ipv6);
            List<DatagramPacket> datagrams = dTLSFlight.getDatagrams(maxDatagramSize, this.session.getEffectiveFragmentLimit(), this.useMultiHandshakeMessagesRecord, this.useMultiRecordMessages, false);
            this.LOGGER.trace("Sending flight of {} message(s) to peer [{}] using {} datagram(s) of max. {} bytes", new Object[]{Integer.valueOf(dTLSFlight.getNumberOfMessages()), this.session.getPeer(), Integer.valueOf(datagrams.size()), Integer.valueOf(maxDatagramSize)});
            this.recordLayer.sendFlight(datagrams);
            this.pendingFlight.set(dTLSFlight);
            if (dTLSFlight.isRetransmissionNeeded()) {
                this.retransmitFlight = new TimeoutPeerTask(dTLSFlight);
                dTLSFlight.scheduleRetransmission(this.timer, this.retransmitFlight);
            }
        } catch (IOException e) {
            handshakeFailed(new Exception("handshake flight " + dTLSFlight.getFlightNumber() + " failed!", e));
        } catch (HandshakeException e2) {
            handshakeFailed(new Exception("handshake flight " + dTLSFlight.getFlightNumber() + " failed!", e2));
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* JADX WARN: Multi-variable type inference failed */
    public void handleTimeout(DTLSFlight dTLSFlight) {
        Handshaker ongoingHandshake;
        String str;
        if (dTLSFlight.isResponseCompleted() || null == (ongoingHandshake = this.connection.getOngoingHandshake())) {
            return;
        }
        if (ongoingHandshake.isProbing() || !this.connection.hasEstablishedSession()) {
            HandshakeException handshakeException = null;
            boolean z = false;
            InetSocketAddress peer = this.session.getPeer();
            if (this.connection.isExecuting() && this.recordLayer.isRunning()) {
                int tries = dTLSFlight.getTries();
                if (tries < this.maxRetransmissions && ongoingHandshake.isExpired()) {
                    str = " Stopped by expired realtime!";
                    z = true;
                } else if (tries < this.maxRetransmissions) {
                    if (this.useEarlyStopRetransmission && dTLSFlight.isResponseStarted()) {
                        while (tries < this.maxRetransmissions) {
                            tries++;
                            dTLSFlight.incrementTries();
                            dTLSFlight.incrementTimeout();
                        }
                        dTLSFlight.incrementTries();
                        this.LOGGER.trace("schedule handshake timeout {}ms after flight {}", Integer.valueOf(dTLSFlight.getTimeout()), Integer.valueOf(dTLSFlight.getFlightNumber()));
                        Runnable runnable = this.retransmitFlight;
                        if (runnable != null) {
                            dTLSFlight.scheduleRetransmission(this.timer, runnable);
                            return;
                        }
                        return;
                    }
                    this.LOGGER.trace("Re-transmitting flight for [{}], [{}] retransmissions left", this.session.getPeer(), Integer.valueOf((this.maxRetransmissions - tries) - 1));
                    try {
                        dTLSFlight.incrementTries();
                        dTLSFlight.incrementTimeout();
                        int maxDatagramSize = this.recordLayer.getMaxDatagramSize(this.ipv6);
                        List<DatagramPacket> datagrams = dTLSFlight.getDatagrams(maxDatagramSize, this.session.getEffectiveFragmentLimit(), this.useMultiHandshakeMessagesRecord, this.useMultiRecordMessages, this.backOffRetransmission > 0 && tries + 1 > this.backOffRetransmission);
                        this.LOGGER.debug("Resending flight {} of {} message(s) to peer [{}] using {} datagram(s) of max. {} bytes. Retransmission {} of {}.", new Object[]{Integer.valueOf(dTLSFlight.getFlightNumber()), Integer.valueOf(dTLSFlight.getNumberOfMessages()), peer, Integer.valueOf(datagrams.size()), Integer.valueOf(maxDatagramSize), Integer.valueOf(tries + 1), Integer.valueOf(this.maxRetransmissions)});
                        this.recordLayer.sendFlight(datagrams);
                        Runnable runnable2 = this.retransmitFlight;
                        if (runnable2 != null) {
                            dTLSFlight.scheduleRetransmission(this.timer, runnable2);
                        }
                        ongoingHandshake.handshakeFlightRetransmitted(dTLSFlight.getFlightNumber());
                        return;
                    } catch (IOException e) {
                        handshakeException = e;
                        str = " " + e.getMessage();
                        this.LOGGER.warn("Cannot retransmit flight to peer [{}]", peer, e);
                    } catch (HandshakeException e2) {
                        this.LOGGER.warn("Cannot retransmit flight to peer [{}]", peer, e2);
                        handshakeException = e2;
                        str = " " + e2.getMessage();
                    }
                } else if (tries > this.maxRetransmissions) {
                    this.LOGGER.debug("Flight for [{}] has reached timeout, discarding ...", peer);
                    str = " Stopped by timeout!";
                    z = true;
                } else {
                    this.LOGGER.debug("Flight for [{}] has reached maximum no. [{}] of retransmissions, discarding ...", peer, Integer.valueOf(this.maxRetransmissions));
                    str = " Stopped by timeout after " + this.maxRetransmissions + " retransmissions!";
                    z = true;
                }
            } else {
                str = " Stopped by shutdown!";
            }
            this.LOGGER.debug("Flight {} of {} message(s) to peer [{}] failed, {}. Retransmission {} of {}.", new Object[]{Integer.valueOf(dTLSFlight.getFlightNumber()), Integer.valueOf(dTLSFlight.getNumberOfMessages()), peer, str, Integer.valueOf(dTLSFlight.getTries()), Integer.valueOf(this.maxRetransmissions)});
            if (z) {
                ongoingHandshake.handshakeFailed(new DtlsHandshakeTimeoutException("Handshake flight " + dTLSFlight.getFlightNumber() + " failed!" + str, peer, dTLSFlight.getFlightNumber()));
            } else {
                ongoingHandshake.handshakeFailed(new DtlsException("Handshake flight " + dTLSFlight.getFlightNumber() + " failed!" + str, peer, handshakeException));
            }
        }
    }

    public final void addSessionListener(SessionListener sessionListener) {
        if (sessionListener != null) {
            this.sessionListeners.add(sessionListener);
        }
    }

    public final void removeSessionListener(SessionListener sessionListener) {
        if (sessionListener != null) {
            this.sessionListeners.remove(sessionListener);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public final void handshakeStarted() throws HandshakeException {
        this.LOGGER.debug("handshake started {}", this.connection);
        Iterator<SessionListener> it = this.sessionListeners.iterator();
        while (it.hasNext()) {
            it.next().handshakeStarted(this);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public final void sessionEstablished() throws HandshakeException {
        if (this.sessionEstablished) {
            return;
        }
        if (!getSession().getWriteState().hasValidCipherSuite()) {
            handshakeFailed(new DtlsException("Failed establishing a incomplete session.", this.connection.getPeerAddress()));
            return;
        }
        this.LOGGER.debug("session established {}", this.connection);
        amendPeerPrincipal();
        this.sessionEstablished = true;
        Iterator<SessionListener> it = this.sessionListeners.iterator();
        while (it.hasNext()) {
            it.next().sessionEstablished(this, getSession());
        }
    }

    public final void handshakeCompleted() {
        completePendingFlight();
        Iterator<SessionListener> it = this.sessionListeners.iterator();
        while (it.hasNext()) {
            it.next().handshakeCompleted(this);
        }
        SecretUtil.destroy(this);
        this.LOGGER.debug("handshake completed {}", this.connection);
    }

    public final void handshakeFailed(Throwable th) {
        if (this.cause == null) {
            this.cause = th;
        }
        if (this.handshakeFailed || this.cause != th) {
            return;
        }
        this.LOGGER.debug("handshake failed {}", this.connection, th);
        this.handshakeFailed = true;
        completePendingFlight();
        Iterator<SessionListener> it = this.sessionListeners.iterator();
        while (it.hasNext()) {
            it.next().handshakeFailed(this, th);
        }
        SecretUtil.destroy(this.session);
        SecretUtil.destroy(this);
    }

    public final void handshakeAborted(Throwable th) {
        this.handshakeAborted = true;
        handshakeFailed(th);
    }

    public boolean hasSessionEstablished() {
        return this.sessionEstablished;
    }

    public boolean isProbing() {
        return false;
    }

    public void resetProbing() {
    }

    public boolean isExpired() {
        return (this.sessionEstablished || this.pendingFlight.get() == null || this.nanosExpireTime >= ClockUtil.nanoRealtime()) ? false : true;
    }

    public boolean isPskRequestPending() {
        return this.pskRequestPending;
    }

    public boolean isRemovingConnection() {
        return (this.handshakeAborted || this.connection.hasEstablishedSession()) ? false : true;
    }

    public Throwable getFailureCause() {
        return this.cause;
    }

    public void setFailureCause(Throwable th) {
        completePendingFlight();
        this.cause = th;
    }

    public void setGenerateClusterMacKeys(boolean z) {
        this.generateClusterMacKeys = z;
    }

    public final void handshakeFlightRetransmitted(int i) {
        Iterator<SessionListener> it = this.sessionListeners.iterator();
        while (it.hasNext()) {
            it.next().handshakeFlightRetransmitted(this, i);
        }
        Iterator<RawData> it2 = this.deferredApplicationData.iterator();
        while (it2.hasNext()) {
            it2.next().onDtlsRetransmission(i);
        }
    }

    public final boolean isChangeCipherSpecMessageExpected() {
        return this.changeCipherSuiteMessageExpected;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public final void expectChangeCipherSpecMessage() {
        this.changeCipherSuiteMessageExpected = true;
    }

    public void verifyCertificate(CertificateMessage certificateMessage) throws HandshakeException {
        Boolean bool;
        if (this.certificateVerifier == null) {
            this.LOGGER.debug("Certificate validation failed: no verifier available!");
            throw new HandshakeException("Trust is not possible!", new AlertMessage(AlertMessage.AlertLevel.FATAL, AlertMessage.AlertDescription.UNEXPECTED_MESSAGE, this.session.getPeer()));
        }
        if (this.useKeyUsageVerification) {
            bool = Boolean.valueOf(!this.isClient);
        } else {
            bool = null;
        }
        this.LOGGER.info("Start certificate verification.");
        this.certificateVerificationPending = true;
        CertificateVerificationResult verifyCertificate = this.certificateVerifier.verifyCertificate(this.connection.getConnectionId(), null, bool, this.useTruncatedCertificatePathForVerification, certificateMessage, this.session);
        if (verifyCertificate != null) {
            processCertificateVerificationResult(verifyCertificate);
        }
    }

    @Override // javax.security.auth.Destroyable
    public void destroy() throws DestroyFailedException {
        SecretUtil.destroy(this.otherSecret);
        this.otherSecret = null;
        SecretUtil.destroy(this.masterSecret);
        this.masterSecret = null;
        SecretUtil.destroy(this.clientWriteKey);
        this.clientWriteKey = null;
        SecretUtil.destroy(this.clientWriteMACKey);
        this.clientWriteMACKey = null;
        SecretUtil.destroy(this.clientWriteIV);
        this.clientWriteIV = null;
        SecretUtil.destroy(this.serverWriteKey);
        this.serverWriteKey = null;
        SecretUtil.destroy(this.serverWriteMACKey);
        this.serverWriteMACKey = null;
        SecretUtil.destroy(this.serverWriteIV);
        this.serverWriteIV = null;
        this.destroyed = true;
    }

    @Override // javax.security.auth.Destroyable
    public boolean isDestroyed() {
        return this.destroyed;
    }

    protected void ensureUndestroyed() {
        if (this.destroyed) {
            if (this.handshakeFailed) {
                throw new IllegalStateException("secrets destroyed after failure!", this.cause);
            }
            if (!this.sessionEstablished) {
                throw new IllegalStateException("secrets destroyed ???");
            }
            throw new IllegalStateException("secrets destroyed after success!");
        }
    }

    private void amendPeerPrincipal() {
        ExtensiblePrincipal peerIdentity = this.session.getPeerIdentity();
        if (peerIdentity instanceof ExtensiblePrincipal) {
            this.session.setPeerIdentity(peerIdentity.amend(getAdditionalPeerInfo(peerIdentity)));
        }
    }

    private AdditionalInfo getAdditionalPeerInfo(Principal principal) {
        return (this.applicationLevelInfoSupplier == null || principal == null) ? AdditionalInfo.empty() : this.applicationLevelInfoSupplier instanceof AdvancedApplicationLevelInfoSupplier ? ((AdvancedApplicationLevelInfoSupplier) this.applicationLevelInfoSupplier).getInfo(principal, this.customArgument) : this.applicationLevelInfoSupplier.getInfo(principal);
    }
}
