package org.eclipse.californium.scandium.dtls;

import java.security.MessageDigest;
import java.util.Objects;
import java.util.concurrent.ScheduledExecutorService;
import org.eclipse.californium.elements.util.NoPublicAPI;
import org.eclipse.californium.scandium.config.DtlsConnectorConfig;
import org.eclipse.californium.scandium.dtls.AlertMessage;
import org.eclipse.californium.scandium.dtls.cipher.CipherSuite;
import org.eclipse.californium.scandium.dtls.resumption.ResumptionVerifier;
import org.eclipse.californium.scandium.util.SecretUtil;
import org.eclipse.californium.scandium.util.ServerNames;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@NoPublicAPI
/* loaded from: input_file:org/eclipse/californium/scandium/dtls/ResumingServerHandshaker.class */
public class ResumingServerHandshaker extends ServerHandshaker {
    private static final Logger LOGGER = LoggerFactory.getLogger(ResumingServerHandshaker.class);
    private static final HandshakeState[] ABBREVIATED_HANDSHAKE = {new HandshakeState(ContentType.CHANGE_CIPHER_SPEC), new HandshakeState(HandshakeType.FINISHED)};
    private final ResumptionVerifier resumptionHandler;
    private ClientHello pendingClientHello;
    private boolean fullHandshake;
    private byte[] handshakeHash;

    public ResumingServerHandshaker(long j, int i, RecordLayer recordLayer, ScheduledExecutorService scheduledExecutorService, Connection connection, DtlsConnectorConfig dtlsConnectorConfig) {
        super(j, i, recordLayer, scheduledExecutorService, connection, dtlsConnectorConfig);
        this.resumptionHandler = dtlsConnectorConfig.getResumptionVerifier();
        if (this.resumptionHandler == null) {
            throw new IllegalArgumentException("Resumption verifier missing!");
        }
    }

    @Override // org.eclipse.californium.scandium.dtls.ServerHandshaker, org.eclipse.californium.scandium.dtls.Handshaker
    protected void doProcessMessage(HandshakeMessage handshakeMessage) throws HandshakeException {
        if (this.fullHandshake) {
            super.doProcessMessage(handshakeMessage);
            return;
        }
        switch (handshakeMessage.getMessageType()) {
            case CLIENT_HELLO:
                handshakeStarted();
                receivedResumingClientHello((ClientHello) handshakeMessage);
                return;
            case FINISHED:
                receivedClientFinished((Finished) handshakeMessage);
                return;
            default:
                throw new HandshakeException(String.format("Received unexpected handshake message [%s] from peer %s", handshakeMessage.getMessageType(), this.peerToLog), new AlertMessage(AlertMessage.AlertLevel.FATAL, AlertMessage.AlertDescription.UNEXPECTED_MESSAGE));
        }
    }

    private void receivedResumingClientHello(ClientHello clientHello) throws HandshakeException {
        if (!clientHello.hasSessionId()) {
            throw new IllegalArgumentException("Client hello doesn't contain session id required for resumption!");
        }
        this.pendingClientHello = clientHello;
        ResumptionVerificationResult verifyResumptionRequest = this.resumptionHandler.verifyResumptionRequest(getConnection().getConnectionId(), clientHello.getServerNames(), clientHello.getSessionId());
        if (verifyResumptionRequest == null) {
            startInitialTimeout();
        } else {
            LOGGER.debug("Process client hello synchronous");
            processResumptionVerificationResult(verifyResumptionRequest);
        }
    }

    private void receivedClientFinished(Finished finished) throws HandshakeException {
        verifyFinished(finished, this.handshakeHash);
        contextEstablished();
        handshakeCompleted();
    }

    @Override // org.eclipse.californium.scandium.dtls.Handshaker
    protected boolean hasPendingApiCall() {
        return this.pendingClientHello != null || super.hasPendingApiCall();
    }

    @Override // org.eclipse.californium.scandium.dtls.Handshaker
    public void processAsyncHandshakeResult(HandshakeResult handshakeResult) throws HandshakeException {
        if (handshakeResult instanceof ResumptionVerificationResult) {
            LOGGER.debug("Process client hello asynchronous");
            ensureUndestroyed();
            processResumptionVerificationResult((ResumptionVerificationResult) handshakeResult);
        }
        super.processAsyncHandshakeResult(handshakeResult);
    }

    private void processResumptionVerificationResult(ResumptionVerificationResult resumptionVerificationResult) throws HandshakeException {
        if (this.pendingClientHello == null) {
            throw new IllegalStateException("resumption verification not pending!");
        }
        ClientHello clientHello = this.pendingClientHello;
        this.pendingClientHello = null;
        DTLSSession dTLSSession = resumptionVerificationResult.getDTLSSession();
        this.fullHandshake = !validateResumption(dTLSSession, clientHello, this.sniEnabled, this.extendedMasterSecretMode);
        if (this.fullHandshake) {
            LOGGER.debug("DTLS session {} not available, switch to full-handshake with peer [{}]!", clientHello.getSessionId(), this.peerToLog);
            SecretUtil.destroy(dTLSSession);
            receivedClientHello(clientHello);
        } else {
            getSession().set(dTLSSession);
            SecretUtil.destroy(dTLSSession);
            setCustomArgument(resumptionVerificationResult);
            processResumingClientHello(clientHello);
        }
    }

    private void processResumingClientHello(ClientHello clientHello) throws HandshakeException {
        DTLSSession session = getSession();
        CipherSuite cipherSuite = session.getCipherSuite();
        LOGGER.debug("Start resumption-handshake with peer [{}].", this.peerToLog);
        this.clientRandom = clientHello.getRandom();
        this.flightNumber += 2;
        DTLSFlight createFlight = createFlight();
        ServerHello serverHello = new ServerHello(clientHello.getProtocolVersion(), session.getSessionIdentifier(), cipherSuite, session.getCompressionMethod());
        addHelloExtensions(clientHello, serverHello);
        wrapMessage(createFlight, serverHello);
        this.serverRandom = serverHello.getRandom();
        wrapMessage(createFlight, new ChangeCipherSpecMessage());
        MessageDigest handshakeMessageDigest = getHandshakeMessageDigest();
        MessageDigest cloneMessageDigest = cloneMessageDigest(handshakeMessageDigest);
        resumeMasterSecret();
        setCurrentWriteState();
        Finished createFinishedMessage = createFinishedMessage(handshakeMessageDigest.digest());
        wrapMessage(createFlight, createFinishedMessage);
        cloneMessageDigest.update(createFinishedMessage.toByteArray());
        this.handshakeHash = cloneMessageDigest.digest();
        sendFlight(createFlight);
        setExpectedStates(ABBREVIATED_HANDSHAKE);
        expectChangeCipherSpecMessage();
    }

    public static boolean validateResumption(DTLSSession dTLSSession, ClientHello clientHello, boolean z, ExtendedMasterSecretMode extendedMasterSecretMode) {
        if (dTLSSession == null) {
            LOGGER.debug("DTLS session {} not available, switch to full-handshake!", clientHello.getSessionId());
            return false;
        }
        CipherSuite cipherSuite = dTLSSession.getCipherSuite();
        CompressionMethod compressionMethod = dTLSSession.getCompressionMethod();
        if (!clientHello.getCipherSuites().contains(cipherSuite)) {
            LOGGER.debug("Cipher-suite {} changed by client hello, switch to full-handshake!", cipherSuite);
            return false;
        }
        if (!dTLSSession.getProtocolVersion().equals(clientHello.getProtocolVersion())) {
            LOGGER.debug("Protocol version {} changed by client hello {}, switch to full-handshake!", dTLSSession.getProtocolVersion(), clientHello.getProtocolVersion());
            return false;
        }
        if (!clientHello.getCompressionMethods().contains(compressionMethod)) {
            LOGGER.debug("Compression method {} changed by client hello, switch to full-handshake!", dTLSSession.getCompressionMethod());
            return false;
        }
        if (extendedMasterSecretMode.is(ExtendedMasterSecretMode.ENABLED) && !clientHello.hasExtendedMasterSecretExtension()) {
            LOGGER.debug("Missing extended master secret extension in client hello, switch to full-handshake!");
            return false;
        }
        if (extendedMasterSecretMode == ExtendedMasterSecretMode.OPTIONAL && dTLSSession.useExtendedMasterSecret() && !clientHello.hasExtendedMasterSecretExtension()) {
            LOGGER.debug("Disabled extended master secret extension in client hello, switch to full-handshake!");
            return false;
        }
        if (!z) {
            return true;
        }
        ServerNames serverNames = dTLSSession.getServerNames();
        ServerNames serverNames2 = clientHello.getServerNames();
        if (Objects.equals(serverNames, serverNames2)) {
            return true;
        }
        LOGGER.debug("SNI {} changed by client hello {}, switch to full-handshake!", serverNames, serverNames2);
        return false;
    }
}
