package org.openjsse.sun.security.ssl;

import java.security.MessageDigest;
import java.security.SecureRandom;
import java.util.Arrays;
import org.openjsse.sun.security.ssl.CipherSuite;
import org.openjsse.sun.security.ssl.ClientHello;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: classes2.dex */
public abstract class HelloCookieManager {

    /* loaded from: classes2.dex */
    public static class Builder {
        private volatile D10HelloCookieManager d10HelloCookieManager;
        private volatile D13HelloCookieManager d13HelloCookieManager;
        final SecureRandom secureRandom;
        private volatile T13HelloCookieManager t13HelloCookieManager;

        public Builder(SecureRandom secureRandom) {
            this.secureRandom = secureRandom;
        }

        public HelloCookieManager valueOf(ProtocolVersion protocolVersion) {
            if (!protocolVersion.isDTLS) {
                if (!protocolVersion.useTLS13PlusSpec()) {
                    return null;
                }
                if (this.t13HelloCookieManager != null) {
                    return this.t13HelloCookieManager;
                }
                synchronized (this) {
                    try {
                        if (this.t13HelloCookieManager == null) {
                            this.t13HelloCookieManager = new T13HelloCookieManager(this.secureRandom);
                        }
                    } finally {
                    }
                }
                return this.t13HelloCookieManager;
            }
            if (protocolVersion.useTLS13PlusSpec()) {
                if (this.d13HelloCookieManager != null) {
                    return this.d13HelloCookieManager;
                }
                synchronized (this) {
                    try {
                        if (this.d13HelloCookieManager == null) {
                            this.d13HelloCookieManager = new D13HelloCookieManager(this.secureRandom);
                        }
                    } finally {
                    }
                }
                return this.d13HelloCookieManager;
            }
            if (this.d10HelloCookieManager != null) {
                return this.d10HelloCookieManager;
            }
            synchronized (this) {
                try {
                    if (this.d10HelloCookieManager == null) {
                        this.d10HelloCookieManager = new D10HelloCookieManager(this.secureRandom);
                    }
                } finally {
                }
            }
            return this.d10HelloCookieManager;
        }
    }

    /* loaded from: classes2.dex */
    public static final class D10HelloCookieManager extends HelloCookieManager {
        private byte[] cookieSecret;
        private int cookieVersion;
        private byte[] legacySecret = new byte[32];
        final SecureRandom secureRandom;

        public D10HelloCookieManager(SecureRandom secureRandom) {
            this.secureRandom = secureRandom;
            this.cookieVersion = secureRandom.nextInt();
            byte[] bArr = new byte[32];
            this.cookieSecret = bArr;
            secureRandom.nextBytes(bArr);
            System.arraycopy(this.cookieSecret, 0, this.legacySecret, 0, 32);
        }

        @Override // org.openjsse.sun.security.ssl.HelloCookieManager
        public byte[] createCookie(ServerHandshakeContext serverHandshakeContext, ClientHello.ClientHelloMessage clientHelloMessage) {
            int i8;
            byte[] bArr;
            synchronized (this) {
                try {
                    i8 = this.cookieVersion;
                    bArr = this.cookieSecret;
                    if ((16777215 & i8) == 0) {
                        System.arraycopy(bArr, 0, this.legacySecret, 0, 32);
                        this.secureRandom.nextBytes(this.cookieSecret);
                    }
                    this.cookieVersion++;
                } catch (Throwable th) {
                    throw th;
                }
            }
            MessageDigest messageDigest = JsseJce.getMessageDigest("SHA-256");
            messageDigest.update(clientHelloMessage.getHelloCookieBytes());
            byte[] digest = messageDigest.digest(bArr);
            digest[0] = (byte) ((i8 >> 24) & 255);
            return digest;
        }

        @Override // org.openjsse.sun.security.ssl.HelloCookieManager
        public boolean isCookieValid(ServerHandshakeContext serverHandshakeContext, ClientHello.ClientHelloMessage clientHelloMessage, byte[] bArr) {
            byte[] bArr2;
            if (bArr == null || bArr.length != 32) {
                return false;
            }
            synchronized (this) {
                try {
                    bArr2 = ((this.cookieVersion >> 24) & 255) == bArr[0] ? this.cookieSecret : this.legacySecret;
                } catch (Throwable th) {
                    throw th;
                }
            }
            MessageDigest messageDigest = JsseJce.getMessageDigest("SHA-256");
            messageDigest.update(clientHelloMessage.getHelloCookieBytes());
            byte[] digest = messageDigest.digest(bArr2);
            digest[0] = bArr[0];
            return MessageDigest.isEqual(digest, bArr);
        }
    }

    /* loaded from: classes2.dex */
    public static final class D13HelloCookieManager extends HelloCookieManager {
        public D13HelloCookieManager(SecureRandom secureRandom) {
        }

        @Override // org.openjsse.sun.security.ssl.HelloCookieManager
        public byte[] createCookie(ServerHandshakeContext serverHandshakeContext, ClientHello.ClientHelloMessage clientHelloMessage) {
            throw new UnsupportedOperationException("Not supported yet.");
        }

        @Override // org.openjsse.sun.security.ssl.HelloCookieManager
        public boolean isCookieValid(ServerHandshakeContext serverHandshakeContext, ClientHello.ClientHelloMessage clientHelloMessage, byte[] bArr) {
            throw new UnsupportedOperationException("Not supported yet.");
        }
    }

    /* loaded from: classes2.dex */
    public static final class T13HelloCookieManager extends HelloCookieManager {
        private final byte[] cookieSecret;
        private int cookieVersion;
        private final byte[] legacySecret;
        final SecureRandom secureRandom;

        public T13HelloCookieManager(SecureRandom secureRandom) {
            this.secureRandom = secureRandom;
            this.cookieVersion = secureRandom.nextInt();
            byte[] bArr = new byte[64];
            this.cookieSecret = bArr;
            byte[] bArr2 = new byte[64];
            this.legacySecret = bArr2;
            secureRandom.nextBytes(bArr);
            System.arraycopy(bArr, 0, bArr2, 0, 64);
        }

        @Override // org.openjsse.sun.security.ssl.HelloCookieManager
        public byte[] createCookie(ServerHandshakeContext serverHandshakeContext, ClientHello.ClientHelloMessage clientHelloMessage) {
            int i8;
            byte[] bArr;
            synchronized (this) {
                try {
                    i8 = this.cookieVersion;
                    bArr = this.cookieSecret;
                    if ((16777215 & i8) == 0) {
                        System.arraycopy(bArr, 0, this.legacySecret, 0, 64);
                        this.secureRandom.nextBytes(this.cookieSecret);
                    }
                    this.cookieVersion++;
                } catch (Throwable th) {
                    throw th;
                }
            }
            MessageDigest messageDigest = JsseJce.getMessageDigest(serverHandshakeContext.negotiatedCipherSuite.hashAlg.name);
            messageDigest.update(clientHelloMessage.getHeaderBytes());
            byte[] digest = messageDigest.digest(bArr);
            serverHandshakeContext.handshakeHash.update();
            byte[] digest2 = serverHandshakeContext.handshakeHash.digest();
            int i9 = serverHandshakeContext.negotiatedCipherSuite.id;
            byte[] copyOf = Arrays.copyOf(new byte[]{(byte) ((i9 >> 8) & 255), (byte) (i9 & 255), (byte) ((i8 >> 24) & 255)}, digest.length + 3 + digest2.length);
            System.arraycopy(digest, 0, copyOf, 3, digest.length);
            System.arraycopy(digest2, 0, copyOf, 3 + digest.length, digest2.length);
            return copyOf;
        }

        @Override // org.openjsse.sun.security.ssl.HelloCookieManager
        public boolean isCookieValid(ServerHandshakeContext serverHandshakeContext, ClientHello.ClientHelloMessage clientHelloMessage, byte[] bArr) {
            CipherSuite valueOf;
            CipherSuite.HashAlg hashAlg;
            int i8;
            byte[] bArr2;
            if (bArr == null || bArr.length <= 32 || (valueOf = CipherSuite.valueOf(((bArr[0] & 255) << 8) | (bArr[1] & 255))) == null || (hashAlg = valueOf.hashAlg) == null || (i8 = hashAlg.hashLength) == 0 || bArr.length != (i8 * 2) + 3) {
                return false;
            }
            int i9 = i8 + 3;
            byte[] copyOfRange = Arrays.copyOfRange(bArr, 3, i9);
            byte[] copyOfRange2 = Arrays.copyOfRange(bArr, i9, bArr.length);
            synchronized (this) {
                try {
                    bArr2 = ((byte) ((this.cookieVersion >> 24) & 255)) == bArr[2] ? this.cookieSecret : this.legacySecret;
                } catch (Throwable th) {
                    throw th;
                }
            }
            MessageDigest messageDigest = JsseJce.getMessageDigest(valueOf.hashAlg.name);
            messageDigest.update(clientHelloMessage.getHeaderBytes());
            if (!MessageDigest.isEqual(messageDigest.digest(bArr2), copyOfRange)) {
                return false;
            }
            serverHandshakeContext.handshakeHash.push(ServerHello.hrrReproducer.produce(serverHandshakeContext, clientHelloMessage));
            byte[] bArr3 = new byte[i8 + 4];
            bArr3[0] = SSLHandshake.MESSAGE_HASH.id;
            bArr3[1] = 0;
            bArr3[2] = 0;
            bArr3[3] = (byte) (i8 & 255);
            System.arraycopy(copyOfRange2, 0, bArr3, 4, i8);
            serverHandshakeContext.handshakeHash.push(bArr3);
            return true;
        }
    }

    public abstract byte[] createCookie(ServerHandshakeContext serverHandshakeContext, ClientHello.ClientHelloMessage clientHelloMessage);

    public abstract boolean isCookieValid(ServerHandshakeContext serverHandshakeContext, ClientHello.ClientHelloMessage clientHelloMessage, byte[] bArr);
}
