package org.eclipse.californium.scandium.dtls;

import java.security.GeneralSecurityException;
import java.security.MessageDigest;
import java.security.PublicKey;
import java.security.cert.CertPath;
import java.util.Arrays;
import java.util.Iterator;
import java.util.List;
import javax.crypto.SecretKey;
import org.eclipse.californium.elements.auth.RawPublicKeyIdentity;
import org.eclipse.californium.elements.auth.X509CertPath;
import org.eclipse.californium.scandium.config.DtlsConnectorConfig;
import org.eclipse.californium.scandium.dtls.AlertMessage;
import org.eclipse.californium.scandium.dtls.CertificateRequest;
import org.eclipse.californium.scandium.dtls.SignatureAndHashAlgorithm;
import org.eclipse.californium.scandium.dtls.SupportedPointFormatsExtension;
import org.eclipse.californium.scandium.dtls.cipher.CipherSuite;
import org.eclipse.californium.scandium.dtls.cipher.ECDHECryptography;
import org.eclipse.californium.scandium.dtls.x509.CertificateVerifier;
import org.eclipse.californium.scandium.util.SecretUtil;

/* loaded from: classes.dex */
public class ServerHandshaker extends Handshaker {
    private static HandshakeState[] CLIENT_CERTIFICATE = {new HandshakeState(HandshakeType.CERTIFICATE), new HandshakeState(HandshakeType.CLIENT_KEY_EXCHANGE), new HandshakeState(HandshakeType.CERTIFICATE_VERIFY), new HandshakeState(ContentType.CHANGE_CIPHER_SPEC), new HandshakeState(HandshakeType.FINISHED)};
    private static HandshakeState[] EMPTY_CLIENT_CERTIFICATE = {new HandshakeState(HandshakeType.CERTIFICATE), new HandshakeState(HandshakeType.CLIENT_KEY_EXCHANGE), new HandshakeState(ContentType.CHANGE_CIPHER_SPEC), new HandshakeState(HandshakeType.FINISHED)};
    protected static HandshakeState[] NO_CLIENT_CERTIFICATE = {new HandshakeState(HandshakeType.CLIENT_KEY_EXCHANGE), new HandshakeState(ContentType.CHANGE_CIPHER_SPEC), new HandshakeState(HandshakeType.FINISHED)};
    private CertificateVerify certificateVerify;
    private boolean clientAuthenticationRequired;
    private boolean clientAuthenticationWanted;
    private CertificateMessage clientCertificate;
    private PublicKey clientPublicKey;
    private CertificateType negotiatedClientCertificateType;
    private CertificateType negotiatedServerCertificateType;
    private ECDHECryptography.SupportedGroup negotiatedSupportedGroup;
    private PskPublicInformation preSharedKeyIdentity;
    private SignatureAndHashAlgorithm signatureAndHashAlgorithm;
    private List<CipherSuite> supportedCipherSuites;
    private final List<CertificateType> supportedClientCertificateTypes;
    private final List<CertificateType> supportedServerCertificateTypes;
    private boolean useNoSessionId;

    /* JADX INFO: Access modifiers changed from: package-private */
    /* renamed from: org.eclipse.californium.scandium.dtls.ServerHandshaker$1, reason: invalid class name */
    /* loaded from: classes.dex */
    public static /* synthetic */ class AnonymousClass1 {
        static final /* synthetic */ int[] $SwitchMap$org$eclipse$californium$scandium$dtls$HandshakeType;
        static final /* synthetic */ int[] $SwitchMap$org$eclipse$californium$scandium$dtls$cipher$CipherSuite$KeyExchangeAlgorithm;

        static {
            int[] iArr = new int[HandshakeType.values().length];
            $SwitchMap$org$eclipse$californium$scandium$dtls$HandshakeType = iArr;
            try {
                iArr[HandshakeType.CLIENT_HELLO.ordinal()] = 1;
            } catch (NoSuchFieldError unused) {
            }
            try {
                $SwitchMap$org$eclipse$californium$scandium$dtls$HandshakeType[HandshakeType.CERTIFICATE.ordinal()] = 2;
            } catch (NoSuchFieldError unused2) {
            }
            try {
                $SwitchMap$org$eclipse$californium$scandium$dtls$HandshakeType[HandshakeType.CLIENT_KEY_EXCHANGE.ordinal()] = 3;
            } catch (NoSuchFieldError unused3) {
            }
            try {
                $SwitchMap$org$eclipse$californium$scandium$dtls$HandshakeType[HandshakeType.CERTIFICATE_VERIFY.ordinal()] = 4;
            } catch (NoSuchFieldError unused4) {
            }
            try {
                $SwitchMap$org$eclipse$californium$scandium$dtls$HandshakeType[HandshakeType.FINISHED.ordinal()] = 5;
            } catch (NoSuchFieldError unused5) {
            }
            int[] iArr2 = new int[CipherSuite.KeyExchangeAlgorithm.values().length];
            $SwitchMap$org$eclipse$californium$scandium$dtls$cipher$CipherSuite$KeyExchangeAlgorithm = iArr2;
            try {
                iArr2[CipherSuite.KeyExchangeAlgorithm.PSK.ordinal()] = 1;
            } catch (NoSuchFieldError unused6) {
            }
            try {
                $SwitchMap$org$eclipse$californium$scandium$dtls$cipher$CipherSuite$KeyExchangeAlgorithm[CipherSuite.KeyExchangeAlgorithm.ECDHE_PSK.ordinal()] = 2;
            } catch (NoSuchFieldError unused7) {
            }
            try {
                $SwitchMap$org$eclipse$californium$scandium$dtls$cipher$CipherSuite$KeyExchangeAlgorithm[CipherSuite.KeyExchangeAlgorithm.EC_DIFFIE_HELLMAN.ordinal()] = 3;
            } catch (NoSuchFieldError unused8) {
            }
        }
    }

    public ServerHandshaker(int i, DTLSSession dTLSSession, RecordLayer recordLayer, Connection connection, DtlsConnectorConfig dtlsConnectorConfig, int i2) {
        super(false, i, dTLSSession, recordLayer, connection, dtlsConnectorConfig, i2);
        this.useNoSessionId = false;
        this.clientAuthenticationWanted = false;
        this.clientAuthenticationRequired = false;
        this.clientCertificate = null;
        this.certificateVerify = null;
        this.supportedCipherSuites = dtlsConnectorConfig.getSupportedCipherSuites();
        this.clientAuthenticationWanted = dtlsConnectorConfig.isClientAuthenticationWanted().booleanValue();
        this.clientAuthenticationRequired = dtlsConnectorConfig.isClientAuthenticationRequired().booleanValue();
        this.useNoSessionId = dtlsConnectorConfig.useNoServerSessionId().booleanValue();
        this.supportedClientCertificateTypes = dtlsConnectorConfig.getTrustCertificateTypes();
        this.supportedServerCertificateTypes = dtlsConnectorConfig.getIdentityCertificateTypes();
    }

    private void addServerHelloExtensions(CipherSuite cipherSuite, ClientHello clientHello, HelloExtensions helloExtensions) {
        CertificateType certificateType = this.negotiatedClientCertificateType;
        if (certificateType != null) {
            this.session.setReceiveCertificateType(certificateType);
            if (clientHello.getClientCertificateTypeExtension() != null) {
                helloExtensions.addExtension(new ClientCertificateTypeExtension(this.negotiatedClientCertificateType));
            }
        }
        CertificateType certificateType2 = this.negotiatedServerCertificateType;
        if (certificateType2 != null) {
            this.session.setSendCertificateType(certificateType2);
            if (clientHello.getServerCertificateTypeExtension() != null) {
                helloExtensions.addExtension(new ServerCertificateTypeExtension(this.negotiatedServerCertificateType));
            }
        }
        if (!cipherSuite.isEccBased() || clientHello.getSupportedPointFormatsExtension() == null) {
            return;
        }
        helloExtensions.addExtension(new SupportedPointFormatsExtension(Arrays.asList(SupportedPointFormatsExtension.ECPointFormat.UNCOMPRESSED)));
    }

    private void createCertificateMessage(ClientHello clientHello, DTLSFlight dTLSFlight) throws HandshakeException {
        CertificateMessage certificateMessage;
        if (this.session.getCipherSuite().requiresServerCertificateMessage()) {
            if (CertificateType.RAW_PUBLIC_KEY == this.session.sendCertificateType()) {
                certificateMessage = new CertificateMessage(this.publicKey.getEncoded(), this.session.getPeer());
            } else {
                if (CertificateType.X_509 != this.session.sendCertificateType()) {
                    throw new IllegalArgumentException("Certificate type " + this.session.sendCertificateType() + " not supported!");
                }
                certificateMessage = new CertificateMessage(this.certificateChain, this.session.getPeer());
            }
            wrapMessage(dTLSFlight, certificateMessage);
        }
    }

    private boolean createCertificateRequest(ClientHello clientHello, DTLSFlight dTLSFlight) throws HandshakeException {
        if ((!this.clientAuthenticationWanted && !this.clientAuthenticationRequired) || this.signatureAndHashAlgorithm == null) {
            return false;
        }
        CertificateRequest certificateRequest = new CertificateRequest(this.session.getPeer());
        certificateRequest.addCertificateType(CertificateRequest.ClientCertificateType.ECDSA_SIGN);
        certificateRequest.addSignatureAlgorithm(new SignatureAndHashAlgorithm(this.signatureAndHashAlgorithm.getHash(), this.signatureAndHashAlgorithm.getSignature()));
        CertificateVerifier certificateVerifier = this.certificateVerifier;
        if (certificateVerifier != null) {
            certificateRequest.addCertificateAuthorities(certificateVerifier.getAcceptedIssuers());
        }
        wrapMessage(dTLSFlight, certificateRequest);
        return true;
    }

    private void createServerHello(ClientHello clientHello, DTLSFlight dTLSFlight) throws HandshakeException {
        ProtocolVersion negotiateProtocolVersion = negotiateProtocolVersion(clientHello.getClientVersion());
        this.clientRandom = clientHello.getRandom();
        this.serverRandom = new Random();
        SessionId emptySessionId = this.useNoSessionId ? SessionId.emptySessionId() : new SessionId();
        this.session.setSessionIdentifier(emptySessionId);
        if (!clientHello.getCompressionMethods().contains(CompressionMethod.NULL)) {
            throw new HandshakeException("Client does not support NULL compression method", new AlertMessage(AlertMessage.AlertLevel.FATAL, AlertMessage.AlertDescription.HANDSHAKE_FAILURE, clientHello.getPeer()));
        }
        this.session.setCompressionMethod(CompressionMethod.NULL);
        HelloExtensions helloExtensions = new HelloExtensions();
        negotiateCipherSuite(clientHello, helloExtensions);
        processHelloExtensions(clientHello, helloExtensions);
        wrapMessage(dTLSFlight, new ServerHello(negotiateProtocolVersion, this.serverRandom, emptySessionId, this.session.getCipherSuite(), this.session.getCompressionMethod(), helloExtensions, this.session.getPeer()));
    }

    private void createServerKeyExchange(ClientHello clientHello, DTLSFlight dTLSFlight) throws HandshakeException {
        DTLSMessage ecdhPskServerKeyExchange;
        int i = AnonymousClass1.$SwitchMap$org$eclipse$californium$scandium$dtls$cipher$CipherSuite$KeyExchangeAlgorithm[getKeyExchangeAlgorithm().ordinal()];
        if (i == 2) {
            try {
                this.ecdhe = new ECDHECryptography(this.negotiatedSupportedGroup.getEcParams());
                ecdhPskServerKeyExchange = new EcdhPskServerKeyExchange(PskPublicInformation.EMPTY, this.ecdhe, this.clientRandom, this.serverRandom, this.negotiatedSupportedGroup.getId(), this.session.getPeer());
            } catch (GeneralSecurityException e) {
                throw new HandshakeException(String.format("Error performing EC Diffie Hellman key exchange: %s", e.getMessage()), new AlertMessage(AlertMessage.AlertLevel.FATAL, AlertMessage.AlertDescription.INTERNAL_ERROR, getPeerAddress()));
            }
        } else if (i != 3) {
            ecdhPskServerKeyExchange = null;
        } else {
            this.signatureAndHashAlgorithm = new SignatureAndHashAlgorithm(SignatureAndHashAlgorithm.HashAlgorithm.SHA256, SignatureAndHashAlgorithm.SignatureAlgorithm.ECDSA);
            try {
                this.ecdhe = new ECDHECryptography(this.negotiatedSupportedGroup.getEcParams());
                ecdhPskServerKeyExchange = new ECDHServerKeyExchange(this.signatureAndHashAlgorithm, this.ecdhe, this.privateKey, this.clientRandom, this.serverRandom, this.negotiatedSupportedGroup.getId(), this.session.getPeer());
            } catch (GeneralSecurityException e2) {
                throw new HandshakeException(String.format("Error performing EC Diffie Hellman key exchange: %s", e2.getMessage()), new AlertMessage(AlertMessage.AlertLevel.FATAL, AlertMessage.AlertDescription.INTERNAL_ERROR, getPeerAddress()));
            }
        }
        if (ecdhPskServerKeyExchange != null) {
            wrapMessage(dTLSFlight, ecdhPskServerKeyExchange);
        }
    }

    private static CertificateType getSupportedCertificateType(CertificateTypeExtension certificateTypeExtension, List<CertificateType> list) {
        if (list == null) {
            return null;
        }
        if (certificateTypeExtension == null) {
            if (list.contains(CertificateType.X_509)) {
                return CertificateType.X_509;
            }
            return null;
        }
        for (CertificateType certificateType : certificateTypeExtension.getCertificateTypes()) {
            if (list.contains(certificateType)) {
                return certificateType;
            }
        }
        return null;
    }

    private CertificateType getSupportedClientCertificateType(ClientHello clientHello) {
        return getSupportedCertificateType(clientHello.getClientCertificateTypeExtension(), this.supportedClientCertificateTypes);
    }

    private CertificateType getSupportedServerCertificateType(ClientHello clientHello) {
        return getSupportedCertificateType(clientHello.getServerCertificateTypeExtension(), this.supportedServerCertificateTypes);
    }

    private boolean isEligible(CipherSuite cipherSuite, CertificateType certificateType, CertificateType certificateType2, ECDHECryptography.SupportedGroup supportedGroup) {
        boolean z;
        if (cipherSuite.isEccBased()) {
            z = (supportedGroup != null) & true;
        } else {
            z = true;
        }
        if (!cipherSuite.requiresServerCertificateMessage()) {
            return z;
        }
        boolean z2 = z & (certificateType != null);
        if (this.clientAuthenticationRequired || this.clientAuthenticationWanted) {
            return z2 & (certificateType2 != null);
        }
        return z2;
    }

    private void negotiateCipherSuite(ClientHello clientHello, HelloExtensions helloExtensions) throws HandshakeException {
        CertificateType supportedServerCertificateType = getSupportedServerCertificateType(clientHello);
        CertificateType supportedClientCertificateType = getSupportedClientCertificateType(clientHello);
        ECDHECryptography.SupportedGroup negotiateNamedCurve = negotiateNamedCurve(clientHello);
        for (CipherSuite cipherSuite : clientHello.getCipherSuites()) {
            if (cipherSuite != CipherSuite.TLS_NULL_WITH_NULL_NULL && this.supportedCipherSuites.contains(cipherSuite) && isEligible(cipherSuite, supportedServerCertificateType, supportedClientCertificateType, negotiateNamedCurve)) {
                this.negotiatedServerCertificateType = supportedServerCertificateType;
                this.negotiatedClientCertificateType = supportedClientCertificateType;
                this.negotiatedSupportedGroup = negotiateNamedCurve;
                this.session.setCipherSuite(cipherSuite);
                addServerHelloExtensions(cipherSuite, clientHello, helloExtensions);
                this.session.setParameterAvailable();
                this.LOGGER.debug("Negotiated cipher suite [{}] with peer [{}]", cipherSuite.name(), getPeerAddress());
                return;
            }
        }
        throw new HandshakeException("Client proposed unsupported cipher suites only", new AlertMessage(AlertMessage.AlertLevel.FATAL, AlertMessage.AlertDescription.HANDSHAKE_FAILURE, this.session.getPeer()));
    }

    private static ECDHECryptography.SupportedGroup negotiateNamedCurve(ClientHello clientHello) {
        List<ECDHECryptography.SupportedGroup> preferredGroups = ECDHECryptography.SupportedGroup.getPreferredGroups();
        SupportedEllipticCurvesExtension supportedEllipticCurvesExtension = clientHello.getSupportedEllipticCurvesExtension();
        if (supportedEllipticCurvesExtension != null) {
            Iterator<Integer> it = supportedEllipticCurvesExtension.getSupportedGroupIds().iterator();
            while (it.hasNext()) {
                ECDHECryptography.SupportedGroup fromId = ECDHECryptography.SupportedGroup.fromId(it.next().intValue());
                if (fromId != null && fromId.isUsable() && preferredGroups.contains(fromId)) {
                    return fromId;
                }
            }
        } else if (!preferredGroups.isEmpty()) {
            return preferredGroups.get(0);
        }
        return null;
    }

    private ProtocolVersion negotiateProtocolVersion(ProtocolVersion protocolVersion) throws HandshakeException {
        if (protocolVersion.compareTo(new ProtocolVersion()) >= 0) {
            return new ProtocolVersion();
        }
        throw new HandshakeException("The server only supports DTLS v1.2", new AlertMessage(AlertMessage.AlertLevel.FATAL, AlertMessage.AlertDescription.PROTOCOL_VERSION, this.session.getPeer()));
    }

    private void receivedCertificateVerify(CertificateVerify certificateVerify) throws HandshakeException {
        this.certificateVerify = certificateVerify;
        this.handshakeMessages.remove(r0.size() - 1);
        certificateVerify.verifySignature(this.clientPublicKey, this.handshakeMessages);
        this.handshakeMessages.add(certificateVerify);
        CertPath certificateChain = this.clientCertificate.getCertificateChain();
        if (certificateChain != null) {
            this.session.setPeerIdentity(new X509CertPath(certificateChain));
        } else {
            this.session.setPeerIdentity(new RawPublicKeyIdentity(this.clientPublicKey));
        }
    }

    private void receivedClientCertificate(CertificateMessage certificateMessage) throws HandshakeException {
        this.clientCertificate = certificateMessage;
        if (this.clientAuthenticationRequired && certificateMessage.getCertificateChain() != null && certificateMessage.getPublicKey() == null) {
            this.LOGGER.debug("Client authentication failed: missing certificate!");
            throw new HandshakeException("Client Certificate required!", new AlertMessage(AlertMessage.AlertLevel.FATAL, AlertMessage.AlertDescription.HANDSHAKE_FAILURE, this.session.getPeer()));
        }
        verifyCertificate(certificateMessage);
        this.clientPublicKey = certificateMessage.getPublicKey();
        if (certificateMessage.getPublicKey() == null) {
            this.states = EMPTY_CLIENT_CERTIFICATE;
        }
    }

    private void receivedClientFinished(Finished finished) throws HandshakeException {
        if (CipherSuite.KeyExchangeAlgorithm.EC_DIFFIE_HELLMAN.equals(getKeyExchangeAlgorithm()) && this.clientAuthenticationRequired && (this.clientCertificate == null || this.certificateVerify == null)) {
            throw new HandshakeException("Client did not send required authentication messages.", new AlertMessage(AlertMessage.AlertLevel.FATAL, AlertMessage.AlertDescription.HANDSHAKE_FAILURE, this.session.getPeer()));
        }
        this.flightNumber += 2;
        DTLSFlight dTLSFlight = new DTLSFlight(getSession(), this.flightNumber);
        MessageDigest handshakeMessageDigest = getHandshakeMessageDigest();
        try {
            MessageDigest messageDigest = (MessageDigest) handshakeMessageDigest.clone();
            finished.verifyData(this.session.getCipherSuite().getThreadLocalPseudoRandomFunctionMac(), this.masterSecret, true, handshakeMessageDigest.digest());
            wrapMessage(dTLSFlight, new ChangeCipherSpecMessage(this.session.getPeer()));
            setCurrentWriteState();
            messageDigest.update(finished.toByteArray());
            wrapMessage(dTLSFlight, new Finished(this.session.getCipherSuite().getThreadLocalPseudoRandomFunctionMac(), this.masterSecret, this.isClient, messageDigest.digest(), this.session.getPeer()));
            sendLastFlight(dTLSFlight);
            sessionEstablished();
        } catch (CloneNotSupportedException unused) {
            throw new HandshakeException("Cannot create FINISHED message hash", new AlertMessage(AlertMessage.AlertLevel.FATAL, AlertMessage.AlertDescription.INTERNAL_ERROR, finished.getPeer()));
        }
    }

    private void receivedClientHello(ClientHello clientHello) throws HandshakeException {
        handshakeStarted();
        byte[] cookie = clientHello.getCookie();
        this.flightNumber = (cookie == null || cookie.length <= 0) ? 2 : 4;
        DTLSFlight dTLSFlight = new DTLSFlight(getSession(), this.flightNumber);
        createServerHello(clientHello, dTLSFlight);
        createCertificateMessage(clientHello, dTLSFlight);
        createServerKeyExchange(clientHello, dTLSFlight);
        if (createCertificateRequest(clientHello, dTLSFlight)) {
            this.states = CLIENT_CERTIFICATE;
        } else {
            this.states = NO_CLIENT_CERTIFICATE;
        }
        this.statesIndex = -1;
        wrapMessage(dTLSFlight, new ServerHelloDone(this.session.getPeer()));
        sendFlight(dTLSFlight);
    }

    private SecretKey receivedClientKeyExchange(ECDHClientKeyExchange eCDHClientKeyExchange) {
        return this.ecdhe.generateSecret(eCDHClientKeyExchange.getEncodedPoint());
    }

    private SecretKey receivedClientKeyExchange(EcdhPskClientKeyExchange ecdhPskClientKeyExchange) throws HandshakeException {
        this.preSharedKeyIdentity = ecdhPskClientKeyExchange.getIdentity();
        PskUtil pskUtil = new PskUtil(this.sniEnabled, this.session, this.pskStore, this.preSharedKeyIdentity);
        SecretKey generateSecret = this.ecdhe.generateSecret(ecdhPskClientKeyExchange.getEncodedPoint());
        SecretKey generatePremasterSecretFromPSK = pskUtil.generatePremasterSecretFromPSK(generateSecret);
        SecretUtil.destroy(pskUtil);
        SecretUtil.destroy(generateSecret);
        return generatePremasterSecretFromPSK;
    }

    private SecretKey receivedClientKeyExchange(PSKClientKeyExchange pSKClientKeyExchange) throws HandshakeException {
        this.preSharedKeyIdentity = pSKClientKeyExchange.getIdentity();
        PskUtil pskUtil = new PskUtil(this.sniEnabled, this.session, this.pskStore, this.preSharedKeyIdentity);
        SecretKey generatePremasterSecretFromPSK = pskUtil.generatePremasterSecretFromPSK(null);
        SecretUtil.destroy(pskUtil);
        return generatePremasterSecretFromPSK;
    }

    @Override // org.eclipse.californium.scandium.dtls.Handshaker
    protected void doProcessMessage(HandshakeMessage handshakeMessage) throws HandshakeException, GeneralSecurityException {
        SecretKey receivedClientKeyExchange;
        int i = AnonymousClass1.$SwitchMap$org$eclipse$californium$scandium$dtls$HandshakeType[handshakeMessage.getMessageType().ordinal()];
        if (i == 1) {
            receivedClientHello((ClientHello) handshakeMessage);
            return;
        }
        if (i == 2) {
            receivedClientCertificate((CertificateMessage) handshakeMessage);
            return;
        }
        if (i != 3) {
            if (i == 4) {
                receivedCertificateVerify((CertificateVerify) handshakeMessage);
                expectChangeCipherSpecMessage();
                return;
            } else {
                if (i != 5) {
                    throw new HandshakeException(String.format("Received unexpected %s message from peer %s", handshakeMessage.getMessageType(), handshakeMessage.getPeer()), new AlertMessage(AlertMessage.AlertLevel.FATAL, AlertMessage.AlertDescription.UNEXPECTED_MESSAGE, handshakeMessage.getPeer()));
                }
                receivedClientFinished((Finished) handshakeMessage);
                return;
            }
        }
        int i2 = AnonymousClass1.$SwitchMap$org$eclipse$californium$scandium$dtls$cipher$CipherSuite$KeyExchangeAlgorithm[getKeyExchangeAlgorithm().ordinal()];
        if (i2 == 1) {
            receivedClientKeyExchange = receivedClientKeyExchange((PSKClientKeyExchange) handshakeMessage);
        } else if (i2 == 2) {
            receivedClientKeyExchange = receivedClientKeyExchange((EcdhPskClientKeyExchange) handshakeMessage);
        } else {
            if (i2 != 3) {
                throw new HandshakeException(String.format("Unsupported key exchange algorithm %s", getKeyExchangeAlgorithm().name()), new AlertMessage(AlertMessage.AlertLevel.FATAL, AlertMessage.AlertDescription.HANDSHAKE_FAILURE, handshakeMessage.getPeer()));
            }
            receivedClientKeyExchange = receivedClientKeyExchange((ECDHClientKeyExchange) handshakeMessage);
        }
        if (receivedClientKeyExchange != null) {
            generateKeys(receivedClientKeyExchange);
            SecretUtil.destroy(receivedClientKeyExchange);
        }
        if (this.clientAuthenticationRequired && getKeyExchangeAlgorithm() == CipherSuite.KeyExchangeAlgorithm.EC_DIFFIE_HELLMAN) {
            return;
        }
        expectChangeCipherSpecMessage();
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void processHelloExtensions(ClientHello clientHello, HelloExtensions helloExtensions) {
        ConnectionIdExtension connectionIdExtension;
        MaxFragmentLengthExtension maxFragmentLengthExtension = clientHello.getMaxFragmentLengthExtension();
        if (maxFragmentLengthExtension != null) {
            this.session.setMaxFragmentLength(maxFragmentLengthExtension.getFragmentLength().length());
            helloExtensions.addExtension(maxFragmentLengthExtension);
            this.LOGGER.debug("Negotiated max. fragment length [{} bytes] with peer [{}]", Integer.valueOf(maxFragmentLengthExtension.getFragmentLength().length()), clientHello.getPeer());
        }
        ServerNameExtension serverNameExtension = clientHello.getServerNameExtension();
        if (serverNameExtension != null) {
            if (this.sniEnabled) {
                this.session.setServerNames(serverNameExtension.getServerNames());
                helloExtensions.addExtension(ServerNameExtension.emptyServerNameIndication());
                this.session.setSniSupported(true);
                this.LOGGER.debug("using server name indication received from peer [{}]", clientHello.getPeer());
            } else {
                this.LOGGER.debug("client [{}] included SNI in HELLO but SNI support is disabled", clientHello.getPeer());
            }
        }
        if (this.connectionIdGenerator == null || (connectionIdExtension = clientHello.getConnectionIdExtension()) == null) {
            return;
        }
        this.session.setWriteConnectionId(connectionIdExtension.getConnectionId());
        helloExtensions.addExtension(ConnectionIdExtension.fromConnectionId(this.connectionIdGenerator.useConnectionId() ? getConnection().getConnectionId() : ConnectionId.EMPTY));
    }
}
