package org.eclipse.californium.scandium.dtls;

import java.security.GeneralSecurityException;
import java.security.MessageDigest;
import java.security.PublicKey;
import java.security.cert.X509Certificate;
import java.util.Collections;
import java.util.List;
import java.util.concurrent.ScheduledExecutorService;
import javax.crypto.SecretKey;
import org.eclipse.californium.elements.auth.RawPublicKeyIdentity;
import org.eclipse.californium.elements.auth.X509CertPath;
import org.eclipse.californium.elements.util.Bytes;
import org.eclipse.californium.elements.util.NoPublicAPI;
import org.eclipse.californium.elements.util.StringUtil;
import org.eclipse.californium.scandium.config.DtlsConnectorConfig;
import org.eclipse.californium.scandium.dtls.AlertMessage;
import org.eclipse.californium.scandium.dtls.MaxFragmentLengthExtension;
import org.eclipse.californium.scandium.dtls.SupportedPointFormatsExtension;
import org.eclipse.californium.scandium.dtls.cipher.CipherSuite;
import org.eclipse.californium.scandium.dtls.cipher.PseudoRandomFunction;
import org.eclipse.californium.scandium.dtls.cipher.XECDHECryptography;
import org.eclipse.californium.scandium.util.SecretUtil;
import org.eclipse.californium.scandium.util.ServerNames;

@NoPublicAPI
/* loaded from: input_file:org/eclipse/californium/scandium/dtls/ClientHandshaker.class */
public class ClientHandshaker extends Handshaker {
    protected static HandshakeState[] SEVER_CERTIFICATE = {new HandshakeState(HandshakeType.HELLO_VERIFY_REQUEST, true), new HandshakeState(HandshakeType.SERVER_HELLO), new HandshakeState(HandshakeType.CERTIFICATE), new HandshakeState(HandshakeType.SERVER_KEY_EXCHANGE), new HandshakeState(HandshakeType.CERTIFICATE_REQUEST, true), new HandshakeState(HandshakeType.SERVER_HELLO_DONE), new HandshakeState(ContentType.CHANGE_CIPHER_SPEC), new HandshakeState(HandshakeType.FINISHED)};
    private static HandshakeState[] NO_SEVER_CERTIFICATE = {new HandshakeState(HandshakeType.HELLO_VERIFY_REQUEST, true), new HandshakeState(HandshakeType.SERVER_HELLO), new HandshakeState(HandshakeType.SERVER_KEY_EXCHANGE, true), new HandshakeState(HandshakeType.SERVER_HELLO_DONE), new HandshakeState(ContentType.CHANGE_CIPHER_SPEC), new HandshakeState(HandshakeType.FINISHED)};
    private ProtocolVersion maxProtocolVersion;
    private boolean probe;
    private PublicKey serverPublicKey;
    protected ECDHServerKeyExchange serverKeyExchange;
    protected ClientKeyExchange clientKeyExchange;
    protected ClientHello clientHello;
    private final List<CipherSuite> supportedCipherSuites;
    protected final List<XECDHECryptography.SupportedGroup> supportedGroups;
    protected final Integer maxFragmentLengthCode;
    protected final boolean truncateCertificatePath;
    protected final List<CertificateType> supportedClientCertificateTypes;
    protected final List<SignatureAndHashAlgorithm> supportedSignatureAlgorithms;
    protected final List<CertificateType> supportedServerCertificateTypes;
    protected CertificateRequest certificateRequest;
    protected boolean sentClientCertificate;
    protected byte[] handshakeHash;
    protected ServerNames indicatedServerNames;
    protected SignatureAndHashAlgorithm negotiatedSignatureAndHashAlgorithm;

    /* JADX INFO: Access modifiers changed from: package-private */
    /* renamed from: org.eclipse.californium.scandium.dtls.ClientHandshaker$1, reason: invalid class name */
    /* loaded from: input_file:org/eclipse/californium/scandium/dtls/ClientHandshaker$1.class */
    public static /* synthetic */ class AnonymousClass1 {
        static final /* synthetic */ int[] $SwitchMap$org$eclipse$californium$scandium$dtls$HandshakeType = new int[HandshakeType.values().length];

        static {
            try {
                $SwitchMap$org$eclipse$californium$scandium$dtls$HandshakeType[HandshakeType.HELLO_VERIFY_REQUEST.ordinal()] = 1;
            } catch (NoSuchFieldError e) {
            }
            try {
                $SwitchMap$org$eclipse$californium$scandium$dtls$HandshakeType[HandshakeType.SERVER_HELLO.ordinal()] = 2;
            } catch (NoSuchFieldError e2) {
            }
            try {
                $SwitchMap$org$eclipse$californium$scandium$dtls$HandshakeType[HandshakeType.CERTIFICATE.ordinal()] = 3;
            } catch (NoSuchFieldError e3) {
            }
            try {
                $SwitchMap$org$eclipse$californium$scandium$dtls$HandshakeType[HandshakeType.SERVER_KEY_EXCHANGE.ordinal()] = 4;
            } catch (NoSuchFieldError e4) {
            }
            try {
                $SwitchMap$org$eclipse$californium$scandium$dtls$HandshakeType[HandshakeType.CERTIFICATE_REQUEST.ordinal()] = 5;
            } catch (NoSuchFieldError e5) {
            }
            try {
                $SwitchMap$org$eclipse$californium$scandium$dtls$HandshakeType[HandshakeType.SERVER_HELLO_DONE.ordinal()] = 6;
            } catch (NoSuchFieldError e6) {
            }
            try {
                $SwitchMap$org$eclipse$californium$scandium$dtls$HandshakeType[HandshakeType.FINISHED.ordinal()] = 7;
            } catch (NoSuchFieldError e7) {
            }
            $SwitchMap$org$eclipse$californium$scandium$dtls$cipher$CipherSuite$KeyExchangeAlgorithm = new int[CipherSuite.KeyExchangeAlgorithm.values().length];
            try {
                $SwitchMap$org$eclipse$californium$scandium$dtls$cipher$CipherSuite$KeyExchangeAlgorithm[CipherSuite.KeyExchangeAlgorithm.EC_DIFFIE_HELLMAN.ordinal()] = 1;
            } catch (NoSuchFieldError e8) {
            }
            try {
                $SwitchMap$org$eclipse$californium$scandium$dtls$cipher$CipherSuite$KeyExchangeAlgorithm[CipherSuite.KeyExchangeAlgorithm.PSK.ordinal()] = 2;
            } catch (NoSuchFieldError e9) {
            }
            try {
                $SwitchMap$org$eclipse$californium$scandium$dtls$cipher$CipherSuite$KeyExchangeAlgorithm[CipherSuite.KeyExchangeAlgorithm.ECDHE_PSK.ordinal()] = 3;
            } catch (NoSuchFieldError e10) {
            }
            try {
                $SwitchMap$org$eclipse$californium$scandium$dtls$cipher$CipherSuite$KeyExchangeAlgorithm[CipherSuite.KeyExchangeAlgorithm.NULL.ordinal()] = 4;
            } catch (NoSuchFieldError e11) {
            }
        }
    }

    public ClientHandshaker(DTLSSession dTLSSession, RecordLayer recordLayer, ScheduledExecutorService scheduledExecutorService, Connection connection, DtlsConnectorConfig dtlsConnectorConfig, boolean z) {
        super(true, 0, dTLSSession, recordLayer, scheduledExecutorService, connection, dtlsConnectorConfig);
        this.maxProtocolVersion = ProtocolVersion.VERSION_DTLS_1_2;
        this.clientHello = null;
        this.certificateRequest = null;
        this.handshakeHash = null;
        this.supportedCipherSuites = dtlsConnectorConfig.getSupportedCipherSuites();
        this.supportedGroups = dtlsConnectorConfig.getSupportedGroups();
        this.maxFragmentLengthCode = dtlsConnectorConfig.getMaxFragmentLengthCode();
        this.truncateCertificatePath = dtlsConnectorConfig.useTruncatedCertificatePathForClientsCertificateMessage().booleanValue();
        this.supportedServerCertificateTypes = dtlsConnectorConfig.getTrustCertificateTypes();
        this.supportedClientCertificateTypes = dtlsConnectorConfig.getIdentityCertificateTypes();
        this.supportedSignatureAlgorithms = dtlsConnectorConfig.getSupportedSignatureAlgorithms();
        this.probe = z;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.eclipse.californium.scandium.dtls.Handshaker
    public void doProcessMessage(HandshakeMessage handshakeMessage) throws HandshakeException, GeneralSecurityException {
        switch (AnonymousClass1.$SwitchMap$org$eclipse$californium$scandium$dtls$HandshakeType[handshakeMessage.getMessageType().ordinal()]) {
            case 1:
                receivedHelloVerifyRequest((HelloVerifyRequest) handshakeMessage);
                return;
            case 2:
                receivedServerHello((ServerHello) handshakeMessage);
                return;
            case 3:
                receivedServerCertificate((CertificateMessage) handshakeMessage);
                return;
            case DtlsConnectorConfig.DEFAULT_MAX_RETRANSMISSIONS /* 4 */:
                switch (AnonymousClass1.$SwitchMap$org$eclipse$californium$scandium$dtls$cipher$CipherSuite$KeyExchangeAlgorithm[this.session.getKeyExchange().ordinal()]) {
                    case 1:
                        receivedServerKeyExchange((EcdhEcdsaServerKeyExchange) handshakeMessage);
                        return;
                    case 2:
                        return;
                    case 3:
                        this.serverKeyExchange = (EcdhPskServerKeyExchange) handshakeMessage;
                        return;
                    case DtlsConnectorConfig.DEFAULT_MAX_RETRANSMISSIONS /* 4 */:
                        this.LOGGER.info("Received unexpected ServerKeyExchange message in NULL key exchange mode.");
                        return;
                    default:
                        throw new HandshakeException(String.format("Unsupported key exchange algorithm %s", this.session.getKeyExchange().name()), new AlertMessage(AlertMessage.AlertLevel.FATAL, AlertMessage.AlertDescription.HANDSHAKE_FAILURE, handshakeMessage.getPeer()));
                }
            case 5:
                this.certificateRequest = (CertificateRequest) handshakeMessage;
                return;
            case 6:
                receivedServerHelloDone((ServerHelloDone) handshakeMessage);
                return;
            case 7:
                receivedServerFinished((Finished) handshakeMessage);
                return;
            default:
                throw new HandshakeException(String.format("Received unexpected handshake message [%s] from peer %s", handshakeMessage.getMessageType(), handshakeMessage.getPeer()), new AlertMessage(AlertMessage.AlertLevel.FATAL, AlertMessage.AlertDescription.UNEXPECTED_MESSAGE, handshakeMessage.getPeer()));
        }
    }

    private void receivedServerFinished(Finished finished) throws HandshakeException, GeneralSecurityException {
        finished.verifyData(this.session.getCipherSuite().getThreadLocalPseudoRandomFunctionMac(), this.masterSecret, false, this.handshakeHash);
        sessionEstablished();
        handshakeCompleted();
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void receivedHelloVerifyRequest(HelloVerifyRequest helloVerifyRequest) throws HandshakeException {
        this.handshakeMessages.clear();
        this.clientHello.setCookie(helloVerifyRequest.getCookie());
        this.flightNumber = 3;
        DTLSFlight createFlight = createFlight();
        wrapMessage(createFlight, this.clientHello);
        sendFlight(createFlight);
        this.statesIndex--;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void receivedServerHello(ServerHello serverHello) throws HandshakeException {
        ConnectionIdExtension connectionIdExtension;
        this.usedProtocol = serverHello.getServerVersion();
        if (this.usedProtocol.compareTo(ProtocolVersion.VERSION_DTLS_1_2) != 0) {
            throw new HandshakeException("The client only supports DTLS v1.2, not " + this.usedProtocol + "!", new AlertMessage(AlertMessage.AlertLevel.FATAL, AlertMessage.AlertDescription.PROTOCOL_VERSION, this.session.getPeer()));
        }
        this.serverRandom = serverHello.getRandom();
        this.session.setSessionIdentifier(serverHello.getSessionId());
        CipherSuite cipherSuite = serverHello.getCipherSuite();
        if (!this.supportedCipherSuites.contains(cipherSuite)) {
            throw new HandshakeException("Server wants to use not supported cipher suite " + cipherSuite, new AlertMessage(AlertMessage.AlertLevel.FATAL, AlertMessage.AlertDescription.ILLEGAL_PARAMETER, serverHello.getPeer()));
        }
        this.session.setCipherSuite(cipherSuite);
        CompressionMethod compressionMethod = serverHello.getCompressionMethod();
        if (compressionMethod != CompressionMethod.NULL) {
            throw new HandshakeException("Server wants to use not supported compression method " + compressionMethod, new AlertMessage(AlertMessage.AlertLevel.FATAL, AlertMessage.AlertDescription.ILLEGAL_PARAMETER, serverHello.getPeer()));
        }
        this.session.setCompressionMethod(serverHello.getCompressionMethod());
        verifyServerHelloExtensions(serverHello);
        if (this.connectionIdGenerator != null && (connectionIdExtension = serverHello.getConnectionIdExtension()) != null) {
            this.session.setWriteConnectionId(connectionIdExtension.getConnectionId());
            this.session.setReadConnectionId(getReadConnectionId());
        }
        this.session.setSendCertificateType(serverHello.getClientCertificateType());
        this.session.setSniSupported(serverHello.hasServerNameExtension());
        this.session.setParameterAvailable();
        if (cipherSuite.requiresServerCertificateMessage()) {
            return;
        }
        this.states = NO_SEVER_CERTIFICATE;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void verifyServerHelloExtensions(ServerHello serverHello) throws HandshakeException {
        HelloExtensions extensions = serverHello.getExtensions();
        if (extensions != null && !extensions.isEmpty()) {
            HelloExtensions extensions2 = this.clientHello.getExtensions();
            if (extensions2 == null || extensions2.isEmpty()) {
                throw new HandshakeException("Server wants extensions, but client not!", new AlertMessage(AlertMessage.AlertLevel.FATAL, AlertMessage.AlertDescription.UNSUPPORTED_EXTENSION, serverHello.getPeer()));
            }
            for (HelloExtension helloExtension : extensions.getExtensions()) {
                if (extensions2.getExtension(helloExtension.getType()) == null) {
                    throw new HandshakeException("Server wants " + helloExtension.getType() + ", but client not!", new AlertMessage(AlertMessage.AlertLevel.FATAL, AlertMessage.AlertDescription.UNSUPPORTED_EXTENSION, serverHello.getPeer()));
                }
            }
        }
        SupportedPointFormatsExtension supportedPointFormatsExtension = serverHello.getSupportedPointFormatsExtension();
        if (supportedPointFormatsExtension != null && !supportedPointFormatsExtension.contains(SupportedPointFormatsExtension.ECPointFormat.UNCOMPRESSED)) {
            throw new HandshakeException("Server wants to use only not supported EC point formats!", new AlertMessage(AlertMessage.AlertLevel.FATAL, AlertMessage.AlertDescription.ILLEGAL_PARAMETER, serverHello.getPeer()));
        }
        RecordSizeLimitExtension recordSizeLimit = serverHello.getRecordSizeLimit();
        if (recordSizeLimit != null) {
            this.session.setRecordSizeLimit(recordSizeLimit.getRecordSizeLimit());
        }
        MaxFragmentLengthExtension maxFragmentLength = serverHello.getMaxFragmentLength();
        if (maxFragmentLength != null) {
            if (recordSizeLimit != null) {
                throw new HandshakeException("Server wants to use record size limit and max. fragment size", new AlertMessage(AlertMessage.AlertLevel.FATAL, AlertMessage.AlertDescription.ILLEGAL_PARAMETER, serverHello.getPeer()));
            }
            MaxFragmentLengthExtension.Length fragmentLength = maxFragmentLength.getFragmentLength();
            if (fragmentLength.code() != this.maxFragmentLengthCode.intValue()) {
                throw new HandshakeException("Server wants to use other max. fragment size than proposed", new AlertMessage(AlertMessage.AlertLevel.FATAL, AlertMessage.AlertDescription.ILLEGAL_PARAMETER, serverHello.getPeer()));
            }
            this.session.setMaxFragmentLength(fragmentLength.length());
        }
        CertificateType serverCertificateType = serverHello.getServerCertificateType();
        if (!isSupportedCertificateType(serverCertificateType, this.supportedServerCertificateTypes)) {
            throw new HandshakeException("Server wants to use not supported server certificate type " + serverCertificateType, new AlertMessage(AlertMessage.AlertLevel.FATAL, AlertMessage.AlertDescription.ILLEGAL_PARAMETER, serverHello.getPeer()));
        }
        this.session.setReceiveCertificateType(serverCertificateType);
    }

    private void receivedServerCertificate(CertificateMessage certificateMessage) throws HandshakeException {
        if (certificateMessage.isEmpty()) {
            this.LOGGER.debug("Certificate validation failed: empty server certificate!");
            throw new HandshakeException("Empty server certificate!", new AlertMessage(AlertMessage.AlertLevel.FATAL, AlertMessage.AlertDescription.BAD_CERTIFICATE, this.session.getPeer()));
        }
        verifyCertificate(certificateMessage);
        this.serverPublicKey = certificateMessage.getPublicKey();
    }

    private void receivedServerKeyExchange(EcdhEcdsaServerKeyExchange ecdhEcdsaServerKeyExchange) throws HandshakeException {
        ecdhEcdsaServerKeyExchange.verifySignature(this.serverPublicKey, this.clientRandom, this.serverRandom);
        if (this.peerCertPath != null) {
            this.session.setPeerIdentity(new X509CertPath(this.peerCertPath));
        } else {
            this.session.setPeerIdentity(new RawPublicKeyIdentity(this.serverPublicKey));
        }
        this.serverKeyExchange = ecdhEcdsaServerKeyExchange;
    }

    private void receivedServerHelloDone(ServerHelloDone serverHelloDone) throws HandshakeException, GeneralSecurityException {
        this.flightNumber += 2;
        XECDHECryptography xECDHECryptography = this.serverKeyExchange == null ? null : new XECDHECryptography(this.serverKeyExchange.getSupportedGroup());
        switch (this.session.getKeyExchange()) {
            case EC_DIFFIE_HELLMAN:
                this.clientKeyExchange = new ECDHClientKeyExchange(xECDHECryptography.getEncodedPoint(), this.session.getPeer());
                SecretKey generateSecret = xECDHECryptography.generateSecret(this.serverKeyExchange.getEncodedPoint());
                SecretKey generateMasterSecret = PseudoRandomFunction.generateMasterSecret(this.session.getCipherSuite().getThreadLocalPseudoRandomFunctionMac(), generateSecret, generateRandomSeed());
                SecretUtil.destroy(generateSecret);
                processMasterSecret(generateMasterSecret);
                break;
            case PSK:
                PskPublicInformation pskClientIdentity = getPskClientIdentity();
                this.LOGGER.trace("Using PSK identity: {}", pskClientIdentity);
                this.clientKeyExchange = new PSKClientKeyExchange(pskClientIdentity, this.session.getPeer());
                PskSecretResult requestPskSecretResult = requestPskSecretResult(pskClientIdentity, null);
                if (requestPskSecretResult != null) {
                    processPskSecretResult(requestPskSecretResult);
                    break;
                }
                break;
            case ECDHE_PSK:
                PskPublicInformation pskClientIdentity2 = getPskClientIdentity();
                this.LOGGER.trace("Using ECDHE PSK identity: {}", pskClientIdentity2);
                this.clientKeyExchange = new EcdhPskClientKeyExchange(pskClientIdentity2, xECDHECryptography.getEncodedPoint(), this.session.getPeer());
                SecretKey generateSecret2 = xECDHECryptography.generateSecret(this.serverKeyExchange.getEncodedPoint());
                PskSecretResult requestPskSecretResult2 = requestPskSecretResult(pskClientIdentity2, generateSecret2);
                SecretUtil.destroy(generateSecret2);
                if (requestPskSecretResult2 != null) {
                    processPskSecretResult(requestPskSecretResult2);
                    break;
                }
                break;
            default:
                throw new HandshakeException("Unknown key exchange algorithm: " + this.session.getKeyExchange(), new AlertMessage(AlertMessage.AlertLevel.FATAL, AlertMessage.AlertDescription.HANDSHAKE_FAILURE, this.session.getPeer()));
        }
        SecretUtil.destroy(xECDHECryptography);
    }

    @Override // org.eclipse.californium.scandium.dtls.Handshaker
    protected void processMasterSecret(SecretKey secretKey) throws HandshakeException {
        applyMasterSecret(secretKey);
        SecretUtil.destroy(secretKey);
        if (this.states != SEVER_CERTIFICATE || this.certificateVerfied) {
            processServerHelloDone();
        }
    }

    @Override // org.eclipse.californium.scandium.dtls.Handshaker
    protected void processCertificateVerified() throws HandshakeException {
        if (this.masterSecret != null) {
            processServerHelloDone();
        }
    }

    private void processServerHelloDone() throws HandshakeException {
        DTLSFlight createFlight = createFlight();
        createCertificateMessage(createFlight);
        wrapMessage(createFlight, this.clientKeyExchange);
        if (this.sentClientCertificate && this.certificateRequest != null && this.negotiatedSignatureAndHashAlgorithm != null) {
            CertificateType sendCertificateType = this.session.sendCertificateType();
            if (!isSupportedCertificateType(sendCertificateType, this.supportedClientCertificateTypes)) {
                throw new HandshakeException("Server wants to use not supported client certificate type " + sendCertificateType, new AlertMessage(AlertMessage.AlertLevel.FATAL, AlertMessage.AlertDescription.ILLEGAL_PARAMETER, this.session.getPeer()));
            }
            wrapMessage(createFlight, new CertificateVerify(this.negotiatedSignatureAndHashAlgorithm, this.privateKey, this.handshakeMessages, this.session.getPeer()));
        }
        wrapMessage(createFlight, new ChangeCipherSpecMessage(this.session.getPeer()));
        setCurrentWriteState();
        MessageDigest handshakeMessageDigest = getHandshakeMessageDigest();
        try {
            MessageDigest messageDigest = (MessageDigest) handshakeMessageDigest.clone();
            Finished finished = new Finished(this.session.getCipherSuite().getThreadLocalPseudoRandomFunctionMac(), this.masterSecret, this.isClient, handshakeMessageDigest.digest(), this.session.getPeer());
            wrapMessage(createFlight, finished);
            messageDigest.update(finished.toByteArray());
            this.handshakeHash = messageDigest.digest();
            sendFlight(createFlight);
            expectChangeCipherSpecMessage();
        } catch (CloneNotSupportedException e) {
            throw new HandshakeException("Cannot create FINISHED message", new AlertMessage(AlertMessage.AlertLevel.FATAL, AlertMessage.AlertDescription.INTERNAL_ERROR, this.session.getPeer()));
        }
    }

    protected void createCertificateMessage(DTLSFlight dTLSFlight) throws HandshakeException {
        CertificateMessage certificateMessage;
        if (this.certificateRequest != null) {
            List<SignatureAndHashAlgorithm> list = this.supportedSignatureAlgorithms;
            if (list.isEmpty()) {
                list = SignatureAndHashAlgorithm.DEFAULT;
            }
            this.certificateRequest.selectSignatureAlgorithms(list);
            if (CertificateType.RAW_PUBLIC_KEY == this.session.sendCertificateType()) {
                PublicKey publicKey = this.publicKey;
                if (publicKey != null) {
                    this.negotiatedSignatureAndHashAlgorithm = this.certificateRequest.getSignatureAndHashAlgorithm(publicKey);
                    if (this.negotiatedSignatureAndHashAlgorithm == null) {
                        publicKey = null;
                    }
                }
                if (this.LOGGER.isDebugEnabled()) {
                    this.LOGGER.debug("sending CERTIFICATE message with client RawPublicKey [{}] to server", StringUtil.byteArray2HexString(publicKey == null ? Bytes.EMPTY : publicKey.getEncoded()));
                }
                certificateMessage = new CertificateMessage(publicKey, this.session.getPeer());
            } else {
                if (CertificateType.X_509 != this.session.sendCertificateType()) {
                    throw new IllegalArgumentException("Certificate type " + this.session.sendCertificateType() + " not supported!");
                }
                List<X509Certificate> emptyList = Collections.emptyList();
                if (this.certificateChain != null) {
                    this.negotiatedSignatureAndHashAlgorithm = this.certificateRequest.getSignatureAndHashAlgorithm(this.certificateChain);
                    if (this.negotiatedSignatureAndHashAlgorithm != null) {
                        emptyList = this.certificateChain;
                    }
                }
                certificateMessage = new CertificateMessage(emptyList, this.truncateCertificatePath ? this.certificateRequest.getCertificateAuthorities() : null, this.session.getPeer());
            }
            this.sentClientCertificate = certificateMessage.getMessageLength() > 3;
            wrapMessage(dTLSFlight, certificateMessage);
        }
    }

    protected static boolean isSupportedCertificateType(CertificateType certificateType, List<CertificateType> list) {
        return list != null ? list.contains(certificateType) : certificateType == CertificateType.X_509;
    }

    @Override // org.eclipse.californium.scandium.dtls.Handshaker
    public void startHandshake() throws HandshakeException {
        handshakeStarted();
        ClientHello clientHello = new ClientHello(this.maxProtocolVersion, this.supportedCipherSuites, this.supportedSignatureAlgorithms, this.supportedClientCertificateTypes, this.supportedServerCertificateTypes, this.supportedGroups, this.session.getPeer());
        this.clientRandom = clientHello.getRandom();
        clientHello.addCompressionMethod(CompressionMethod.NULL);
        addConnectionId(clientHello);
        addRecordSizeLimit(clientHello);
        addMaxFragmentLength(clientHello);
        addServerNameIndication(clientHello);
        this.flightNumber = 1;
        this.clientHello = clientHello;
        DTLSFlight createFlight = createFlight();
        wrapMessage(createFlight, clientHello);
        sendFlight(createFlight);
        this.states = SEVER_CERTIFICATE;
        this.statesIndex = 0;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void addRecordSizeLimit(ClientHello clientHello) {
        if (this.recordSizeLimit != null) {
            clientHello.addExtension(new RecordSizeLimitExtension(this.recordSizeLimit.intValue()));
            this.LOGGER.debug("Indicating record size limit [{}] to server [{}]", this.recordSizeLimit, getPeerAddress());
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void addMaxFragmentLength(ClientHello clientHello) {
        if (this.maxFragmentLengthCode != null) {
            clientHello.addExtension(new MaxFragmentLengthExtension(this.maxFragmentLengthCode.intValue()));
            this.LOGGER.debug("Indicating max. fragment length [{}] to server [{}]", this.maxFragmentLengthCode, getPeerAddress());
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void addConnectionId(ClientHello clientHello) {
        if (this.connectionIdGenerator != null) {
            clientHello.addExtension(ConnectionIdExtension.fromConnectionId(this.connectionIdGenerator.useConnectionId() ? getConnection().getConnectionId() : ConnectionId.EMPTY));
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void addServerNameIndication(ClientHello clientHello) {
        if (!this.sniEnabled || this.session.getServerNames() == null) {
            return;
        }
        this.LOGGER.debug("adding SNI extension to CLIENT_HELLO message [{}]", this.session.getHostName());
        clientHello.addExtension(ServerNameExtension.forServerNames(this.session.getServerNames()));
    }

    protected PskPublicInformation getPskClientIdentity() throws HandshakeException {
        ServerNames serverNames = this.sniEnabled ? this.session.getServerNames() : null;
        if (serverNames != null && !this.session.isSniSupported()) {
            this.LOGGER.warn("client is configured to use SNI but server does not support it, PSK authentication is likely to fail");
        }
        PskPublicInformation identity = this.advancedPskStore.getIdentity(this.session.getPeer(), serverNames);
        if (identity != null) {
            return identity;
        }
        AlertMessage alertMessage = new AlertMessage(AlertMessage.AlertLevel.FATAL, AlertMessage.AlertDescription.HANDSHAKE_FAILURE, this.session.getPeer());
        if (serverNames != null) {
            throw new HandshakeException(String.format("No Identity found for peer [address: %s, virtual host: %s]", this.session.getPeer(), this.session.getHostName()), alertMessage);
        }
        throw new HandshakeException(String.format("No Identity found for peer [address: %s]", this.session.getPeer()), alertMessage);
    }

    @Override // org.eclipse.californium.scandium.dtls.Handshaker
    public boolean isProbing() {
        return this.probe;
    }

    @Override // org.eclipse.californium.scandium.dtls.Handshaker
    public void resetProbing() {
        this.probe = false;
    }

    @Override // org.eclipse.californium.scandium.dtls.Handshaker
    public boolean isRemovingConnection() {
        return !this.probe && super.isRemovingConnection();
    }
}
