package org.openjsse.sun.security.ssl;

import androidx.fragment.app.E0;
import java.io.IOException;
import java.nio.ByteBuffer;
import java.security.AlgorithmConstraints;
import java.security.CryptoPrimitive;
import java.security.GeneralSecurityException;
import java.text.MessageFormat;
import java.util.Arrays;
import java.util.Collections;
import java.util.EnumSet;
import java.util.HashMap;
import java.util.Iterator;
import java.util.LinkedList;
import java.util.List;
import java.util.Locale;
import java.util.Map;
import javax.net.ssl.SSLProtocolException;
import org.openjsse.sun.security.ssl.DHKeyExchange;
import org.openjsse.sun.security.ssl.ECDHKeyExchange;
import org.openjsse.sun.security.ssl.SSLExtension;
import org.openjsse.sun.security.ssl.SSLHandshake;
import org.openjsse.sun.security.ssl.SupportedGroupsExtension;
import org.openjsse.sun.security.util.HexDumpEncoder;

/* loaded from: classes2.dex */
final class KeyShareExtension {
    static final HandshakeProducer chNetworkProducer;
    static final SSLExtension.ExtensionConsumer chOnLoadConsumer;
    static final HandshakeAbsence chOnTradAbsence;
    static final SSLStringizer chStringizer;
    static final HandshakeProducer hrrNetworkProducer;
    static final HandshakeProducer hrrNetworkReproducer;
    static final SSLExtension.ExtensionConsumer hrrOnLoadConsumer;
    static final SSLStringizer hrrStringizer;
    static final HandshakeProducer shNetworkProducer;
    static final HandshakeAbsence shOnLoadAbsence;
    static final SSLExtension.ExtensionConsumer shOnLoadConsumer;
    static final SSLStringizer shStringizer;

    /* loaded from: classes2.dex */
    public static final class CHKeyShareConsumer implements SSLExtension.ExtensionConsumer {
        private CHKeyShareConsumer() {
        }

        @Override // org.openjsse.sun.security.ssl.SSLExtension.ExtensionConsumer
        public void consume(ConnectionContext connectionContext, SSLHandshake.HandshakeMessage handshakeMessage, ByteBuffer byteBuffer) {
            ServerHandshakeContext serverHandshakeContext = (ServerHandshakeContext) connectionContext;
            Map<SSLExtension, SSLExtension.SSLExtensionSpec> map = serverHandshakeContext.handshakeExtensions;
            SSLExtension sSLExtension = SSLExtension.CH_KEY_SHARE;
            if (map.containsKey(sSLExtension)) {
                if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
                    SSLLogger.fine("The key_share extension has been loaded", new Object[0]);
                    return;
                }
                return;
            }
            if (!serverHandshakeContext.sslConfig.isAvailable(sSLExtension)) {
                if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
                    SSLLogger.fine("Ignore unavailable key_share extension", new Object[0]);
                    return;
                }
                return;
            }
            try {
                CHKeyShareSpec cHKeyShareSpec = new CHKeyShareSpec(byteBuffer);
                LinkedList linkedList = new LinkedList();
                for (KeyShareEntry keyShareEntry : cHKeyShareSpec.clientShares) {
                    SupportedGroupsExtension.NamedGroup valueOf = SupportedGroupsExtension.NamedGroup.valueOf(keyShareEntry.namedGroupId);
                    if (valueOf != null && SupportedGroupsExtension.SupportedGroups.isActivatable(serverHandshakeContext.algorithmConstraints, valueOf)) {
                        SupportedGroupsExtension.NamedGroupType namedGroupType = valueOf.type;
                        if (namedGroupType == SupportedGroupsExtension.NamedGroupType.NAMED_GROUP_ECDHE) {
                            try {
                                ECDHKeyExchange.ECDHECredentials valueOf2 = ECDHKeyExchange.ECDHECredentials.valueOf(valueOf, keyShareEntry.keyExchange);
                                if (valueOf2 != null) {
                                    AlgorithmConstraints algorithmConstraints = serverHandshakeContext.algorithmConstraints;
                                    if (algorithmConstraints == null || algorithmConstraints.permits(EnumSet.of(CryptoPrimitive.KEY_AGREEMENT), valueOf2.popPublicKey)) {
                                        linkedList.add(valueOf2);
                                    } else if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
                                        SSLLogger.warning("ECDHE key share entry does not comply to algorithm constraints", new Object[0]);
                                    }
                                }
                            } catch (IOException | GeneralSecurityException unused) {
                                if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
                                    SSLLogger.warning("Cannot decode named group: " + SupportedGroupsExtension.NamedGroup.nameOf(keyShareEntry.namedGroupId), new Object[0]);
                                }
                            }
                        } else if (namedGroupType == SupportedGroupsExtension.NamedGroupType.NAMED_GROUP_FFDHE) {
                            try {
                                DHKeyExchange.DHECredentials valueOf3 = DHKeyExchange.DHECredentials.valueOf(valueOf, keyShareEntry.keyExchange);
                                if (valueOf3 != null) {
                                    AlgorithmConstraints algorithmConstraints2 = serverHandshakeContext.algorithmConstraints;
                                    if (algorithmConstraints2 == null || algorithmConstraints2.permits(EnumSet.of(CryptoPrimitive.KEY_AGREEMENT), valueOf3.popPublicKey)) {
                                        linkedList.add(valueOf3);
                                    } else if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
                                        SSLLogger.warning("DHE key share entry does not comply to algorithm constraints", new Object[0]);
                                    }
                                }
                            } catch (IOException | GeneralSecurityException unused2) {
                                if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
                                    SSLLogger.warning("Cannot decode named group: " + SupportedGroupsExtension.NamedGroup.nameOf(keyShareEntry.namedGroupId), new Object[0]);
                                }
                            }
                        }
                    } else if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
                        SSLLogger.fine("Ignore unsupported named group: " + SupportedGroupsExtension.NamedGroup.nameOf(keyShareEntry.namedGroupId), new Object[0]);
                    }
                }
                if (linkedList.isEmpty()) {
                    HashMap<Byte, HandshakeProducer> hashMap = serverHandshakeContext.handshakeProducers;
                    SSLHandshake sSLHandshake = SSLHandshake.HELLO_RETRY_REQUEST;
                    hashMap.put(Byte.valueOf(sSLHandshake.id), sSLHandshake);
                } else {
                    serverHandshakeContext.handshakeCredentials.addAll(linkedList);
                }
                serverHandshakeContext.handshakeExtensions.put(SSLExtension.CH_KEY_SHARE, cHKeyShareSpec);
            } catch (IOException e9) {
                throw serverHandshakeContext.conContext.fatal(Alert.UNEXPECTED_MESSAGE, e9);
            }
        }
    }

    /* loaded from: classes2.dex */
    public static final class CHKeyShareOnTradeAbsence implements HandshakeAbsence {
        private CHKeyShareOnTradeAbsence() {
        }

        @Override // org.openjsse.sun.security.ssl.HandshakeAbsence
        public void absent(ConnectionContext connectionContext, SSLHandshake.HandshakeMessage handshakeMessage) {
            ServerHandshakeContext serverHandshakeContext = (ServerHandshakeContext) connectionContext;
            if (serverHandshakeContext.negotiatedProtocol.useTLS13PlusSpec() && serverHandshakeContext.handshakeExtensions.containsKey(SSLExtension.CH_SUPPORTED_GROUPS)) {
                throw serverHandshakeContext.conContext.fatal(Alert.MISSING_EXTENSION, "No key_share extension to work with the supported_groups extension");
            }
        }
    }

    /* loaded from: classes2.dex */
    public static final class CHKeyShareProducer implements HandshakeProducer {
        private CHKeyShareProducer() {
        }

        @Override // org.openjsse.sun.security.ssl.HandshakeProducer
        public byte[] produce(ConnectionContext connectionContext, SSLHandshake.HandshakeMessage handshakeMessage) {
            List<SupportedGroupsExtension.NamedGroup> list;
            ClientHandshakeContext clientHandshakeContext = (ClientHandshakeContext) connectionContext;
            int i8 = 0;
            if (!clientHandshakeContext.sslConfig.isAvailable(SSLExtension.CH_KEY_SHARE)) {
                if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
                    SSLLogger.fine("Ignore unavailable key_share extension", new Object[0]);
                }
                return null;
            }
            SupportedGroupsExtension.NamedGroup namedGroup = clientHandshakeContext.serverSelectedNamedGroup;
            if (namedGroup != null) {
                list = Arrays.asList(namedGroup);
            } else {
                list = clientHandshakeContext.clientRequestedNamedGroups;
                if (list == null || list.isEmpty()) {
                    if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
                        SSLLogger.warning("Ignore key_share extension, no supported groups", new Object[0]);
                    }
                    return null;
                }
            }
            LinkedList linkedList = new LinkedList();
            for (SupportedGroupsExtension.NamedGroup namedGroup2 : list) {
                SSLKeyExchange valueOf = SSLKeyExchange.valueOf(namedGroup2);
                if (valueOf != null) {
                    for (SSLPossession sSLPossession : valueOf.createPossessions(clientHandshakeContext)) {
                        clientHandshakeContext.handshakePossessions.add(sSLPossession);
                        if ((sSLPossession instanceof ECDHKeyExchange.ECDHEPossession) || (sSLPossession instanceof DHKeyExchange.DHEPossession)) {
                            linkedList.add(new KeyShareEntry(namedGroup2.id, sSLPossession.encode()));
                        }
                    }
                    if (!linkedList.isEmpty()) {
                        break;
                    }
                } else if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
                    SSLLogger.warning("No key exchange for named group " + namedGroup2.name, new Object[0]);
                }
            }
            Iterator it = linkedList.iterator();
            while (it.hasNext()) {
                i8 += ((KeyShareEntry) it.next()).getEncodedSize();
            }
            byte[] bArr = new byte[i8 + 2];
            ByteBuffer wrap = ByteBuffer.wrap(bArr);
            Record.putInt16(wrap, i8);
            Iterator it2 = linkedList.iterator();
            while (it2.hasNext()) {
                wrap.put(((KeyShareEntry) it2.next()).getEncoded());
            }
            clientHandshakeContext.handshakeExtensions.put(SSLExtension.CH_KEY_SHARE, new CHKeyShareSpec(linkedList));
            return bArr;
        }
    }

    /* loaded from: classes2.dex */
    public static final class CHKeyShareSpec implements SSLExtension.SSLExtensionSpec {
        final List<KeyShareEntry> clientShares;

        private CHKeyShareSpec(ByteBuffer byteBuffer) {
            if (byteBuffer.remaining() < 2) {
                throw new SSLProtocolException("Invalid key_share extension: insufficient data (length=" + byteBuffer.remaining() + ")");
            }
            int int16 = Record.getInt16(byteBuffer);
            if (int16 != byteBuffer.remaining()) {
                throw new SSLProtocolException(E0.h("Invalid key_share extension: incorrect list length (length=", int16, ")"));
            }
            LinkedList linkedList = new LinkedList();
            while (byteBuffer.hasRemaining()) {
                int int162 = Record.getInt16(byteBuffer);
                byte[] bytes16 = Record.getBytes16(byteBuffer);
                if (bytes16.length == 0) {
                    throw new SSLProtocolException("Invalid key_share extension: empty key_exchange");
                }
                linkedList.add(new KeyShareEntry(int162, bytes16));
            }
            this.clientShares = Collections.unmodifiableList(linkedList);
        }

        private CHKeyShareSpec(List<KeyShareEntry> list) {
            this.clientShares = list;
        }

        public String toString() {
            MessageFormat messageFormat = new MessageFormat("\"client_shares\": '['{0}\n']'", Locale.ENGLISH);
            StringBuilder sb = new StringBuilder(512);
            Iterator<KeyShareEntry> it = this.clientShares.iterator();
            while (it.hasNext()) {
                sb.append(it.next().toString());
            }
            return messageFormat.format(new Object[]{Utilities.indent(sb.toString())});
        }
    }

    /* loaded from: classes2.dex */
    public static final class CHKeyShareStringizer implements SSLStringizer {
        private CHKeyShareStringizer() {
        }

        @Override // org.openjsse.sun.security.ssl.SSLStringizer
        public String toString(ByteBuffer byteBuffer) {
            try {
                return new CHKeyShareSpec(byteBuffer).toString();
            } catch (IOException e9) {
                return e9.getMessage();
            }
        }
    }

    /* loaded from: classes2.dex */
    public static final class HRRKeyShareConsumer implements SSLExtension.ExtensionConsumer {
        private HRRKeyShareConsumer() {
        }

        @Override // org.openjsse.sun.security.ssl.SSLExtension.ExtensionConsumer
        public void consume(ConnectionContext connectionContext, SSLHandshake.HandshakeMessage handshakeMessage, ByteBuffer byteBuffer) {
            ClientHandshakeContext clientHandshakeContext = (ClientHandshakeContext) connectionContext;
            SSLConfiguration sSLConfiguration = clientHandshakeContext.sslConfig;
            SSLExtension sSLExtension = SSLExtension.HRR_KEY_SHARE;
            if (!sSLConfiguration.isAvailable(sSLExtension)) {
                throw clientHandshakeContext.conContext.fatal(Alert.UNEXPECTED_MESSAGE, "Unsupported key_share extension in HelloRetryRequest");
            }
            List<SupportedGroupsExtension.NamedGroup> list = clientHandshakeContext.clientRequestedNamedGroups;
            if (list == null || list.isEmpty()) {
                throw clientHandshakeContext.conContext.fatal(Alert.UNEXPECTED_MESSAGE, "Unexpected key_share extension in HelloRetryRequest");
            }
            try {
                HRRKeyShareSpec hRRKeyShareSpec = new HRRKeyShareSpec(byteBuffer);
                SupportedGroupsExtension.NamedGroup valueOf = SupportedGroupsExtension.NamedGroup.valueOf(hRRKeyShareSpec.selectedGroup);
                if (valueOf == null) {
                    throw clientHandshakeContext.conContext.fatal(Alert.UNEXPECTED_MESSAGE, "Unsupported HelloRetryRequest selected group: " + SupportedGroupsExtension.NamedGroup.nameOf(hRRKeyShareSpec.selectedGroup));
                }
                if (clientHandshakeContext.clientRequestedNamedGroups.contains(valueOf)) {
                    clientHandshakeContext.serverSelectedNamedGroup = valueOf;
                    clientHandshakeContext.handshakeExtensions.put(sSLExtension, hRRKeyShareSpec);
                } else {
                    throw clientHandshakeContext.conContext.fatal(Alert.UNEXPECTED_MESSAGE, "Unexpected HelloRetryRequest selected group: " + valueOf.name);
                }
            } catch (IOException e9) {
                throw clientHandshakeContext.conContext.fatal(Alert.UNEXPECTED_MESSAGE, e9);
            }
        }
    }

    /* loaded from: classes2.dex */
    public static final class HRRKeyShareProducer implements HandshakeProducer {
        private HRRKeyShareProducer() {
        }

        @Override // org.openjsse.sun.security.ssl.HandshakeProducer
        public byte[] produce(ConnectionContext connectionContext, SSLHandshake.HandshakeMessage handshakeMessage) {
            SupportedGroupsExtension.NamedGroup namedGroup;
            ServerHandshakeContext serverHandshakeContext = (ServerHandshakeContext) connectionContext;
            if (!serverHandshakeContext.sslConfig.isAvailable(SSLExtension.HRR_KEY_SHARE)) {
                throw serverHandshakeContext.conContext.fatal(Alert.UNEXPECTED_MESSAGE, "Unsupported key_share extension in HelloRetryRequest");
            }
            List<SupportedGroupsExtension.NamedGroup> list = serverHandshakeContext.clientRequestedNamedGroups;
            if (list == null || list.isEmpty()) {
                throw serverHandshakeContext.conContext.fatal(Alert.UNEXPECTED_MESSAGE, "Unexpected key_share extension in HelloRetryRequest");
            }
            Iterator<SupportedGroupsExtension.NamedGroup> it = serverHandshakeContext.clientRequestedNamedGroups.iterator();
            while (true) {
                if (!it.hasNext()) {
                    namedGroup = null;
                    break;
                }
                namedGroup = it.next();
                if (SupportedGroupsExtension.SupportedGroups.isActivatable(serverHandshakeContext.algorithmConstraints, namedGroup)) {
                    if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
                        SSLLogger.fine("HelloRetryRequest selected named group: " + namedGroup.name, new Object[0]);
                    }
                }
            }
            if (namedGroup == null) {
                throw serverHandshakeContext.conContext.fatal(Alert.UNEXPECTED_MESSAGE, "No common named group");
            }
            int i8 = namedGroup.id;
            byte[] bArr = {(byte) ((i8 >> 8) & 255), (byte) (i8 & 255)};
            serverHandshakeContext.serverSelectedNamedGroup = namedGroup;
            serverHandshakeContext.handshakeExtensions.put(SSLExtension.HRR_KEY_SHARE, new HRRKeyShareSpec(namedGroup));
            return bArr;
        }
    }

    /* loaded from: classes2.dex */
    public static final class HRRKeyShareReproducer implements HandshakeProducer {
        private HRRKeyShareReproducer() {
        }

        @Override // org.openjsse.sun.security.ssl.HandshakeProducer
        public byte[] produce(ConnectionContext connectionContext, SSLHandshake.HandshakeMessage handshakeMessage) {
            List<KeyShareEntry> list;
            ServerHandshakeContext serverHandshakeContext = (ServerHandshakeContext) connectionContext;
            if (!serverHandshakeContext.sslConfig.isAvailable(SSLExtension.HRR_KEY_SHARE)) {
                throw serverHandshakeContext.conContext.fatal(Alert.UNEXPECTED_MESSAGE, "Unsupported key_share extension in HelloRetryRequest");
            }
            CHKeyShareSpec cHKeyShareSpec = (CHKeyShareSpec) serverHandshakeContext.handshakeExtensions.get(SSLExtension.CH_KEY_SHARE);
            if (cHKeyShareSpec == null || (list = cHKeyShareSpec.clientShares) == null || list.size() != 1) {
                return null;
            }
            int i8 = cHKeyShareSpec.clientShares.get(0).namedGroupId;
            return new byte[]{(byte) ((i8 >> 8) & 255), (byte) (i8 & 255)};
        }
    }

    /* loaded from: classes2.dex */
    public static final class HRRKeyShareSpec implements SSLExtension.SSLExtensionSpec {
        final int selectedGroup;

        private HRRKeyShareSpec(ByteBuffer byteBuffer) {
            if (byteBuffer.remaining() == 2) {
                this.selectedGroup = Record.getInt16(byteBuffer);
                return;
            }
            throw new SSLProtocolException("Invalid key_share extension: improper data (length=" + byteBuffer.remaining() + ")");
        }

        public HRRKeyShareSpec(SupportedGroupsExtension.NamedGroup namedGroup) {
            this.selectedGroup = namedGroup.id;
        }

        public String toString() {
            return new MessageFormat("\"selected group\": '['{0}']'", Locale.ENGLISH).format(new Object[]{SupportedGroupsExtension.NamedGroup.nameOf(this.selectedGroup)});
        }
    }

    /* loaded from: classes2.dex */
    public static final class HRRKeyShareStringizer implements SSLStringizer {
        private HRRKeyShareStringizer() {
        }

        @Override // org.openjsse.sun.security.ssl.SSLStringizer
        public String toString(ByteBuffer byteBuffer) {
            try {
                return new HRRKeyShareSpec(byteBuffer).toString();
            } catch (IOException e9) {
                return e9.getMessage();
            }
        }
    }

    /* loaded from: classes2.dex */
    public static final class KeyShareEntry {
        final byte[] keyExchange;
        final int namedGroupId;

        private KeyShareEntry(int i8, byte[] bArr) {
            this.namedGroupId = i8;
            this.keyExchange = bArr;
        }

        /* JADX INFO: Access modifiers changed from: private */
        public byte[] getEncoded() {
            byte[] bArr = new byte[this.keyExchange.length + 4];
            ByteBuffer wrap = ByteBuffer.wrap(bArr);
            try {
                Record.putInt16(wrap, this.namedGroupId);
                Record.putBytes16(wrap, this.keyExchange);
            } catch (IOException e9) {
                if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
                    SSLLogger.warning("Unlikely IOException", e9);
                }
            }
            return bArr;
        }

        /* JADX INFO: Access modifiers changed from: private */
        public int getEncodedSize() {
            return this.keyExchange.length + 4;
        }

        public String toString() {
            return new MessageFormat("\n'{'\n  \"named group\": {0}\n  \"key_exchange\": '{'\n{1}\n  '}'\n'}',", Locale.ENGLISH).format(new Object[]{SupportedGroupsExtension.NamedGroup.nameOf(this.namedGroupId), Utilities.indent(new HexDumpEncoder().encode(this.keyExchange), "    ")});
        }
    }

    /* loaded from: classes2.dex */
    public static final class SHKeyShareAbsence implements HandshakeAbsence {
        private SHKeyShareAbsence() {
        }

        @Override // org.openjsse.sun.security.ssl.HandshakeAbsence
        public void absent(ConnectionContext connectionContext, SSLHandshake.HandshakeMessage handshakeMessage) {
            ClientHandshakeContext clientHandshakeContext = (ClientHandshakeContext) connectionContext;
            if (SSLLogger.isOn && SSLLogger.isOn("handshake")) {
                SSLLogger.fine("No key_share extension in ServerHello, cleanup the key shares if necessary", new Object[0]);
            }
            clientHandshakeContext.handshakePossessions.clear();
        }
    }

    /* loaded from: classes2.dex */
    public static final class SHKeyShareConsumer implements SSLExtension.ExtensionConsumer {
        private SHKeyShareConsumer() {
        }

        /* JADX WARN: Multi-variable type inference failed */
        /* JADX WARN: Removed duplicated region for block: B:37:0x00ad  */
        /* JADX WARN: Removed duplicated region for block: B:39:0x00ba  */
        @Override // org.openjsse.sun.security.ssl.SSLExtension.ExtensionConsumer
        /*
            Code decompiled incorrectly, please refer to instructions dump.
            To view partially-correct add '--show-bad-code' argument
        */
        public void consume(org.openjsse.sun.security.ssl.ConnectionContext r10, org.openjsse.sun.security.ssl.SSLHandshake.HandshakeMessage r11, java.nio.ByteBuffer r12) {
            /*
                Method dump skipped, instructions count: 347
                To view this dump add '--comments-level debug' option
            */
            throw new UnsupportedOperationException("Method not decompiled: org.openjsse.sun.security.ssl.KeyShareExtension.SHKeyShareConsumer.consume(org.openjsse.sun.security.ssl.ConnectionContext, org.openjsse.sun.security.ssl.SSLHandshake$HandshakeMessage, java.nio.ByteBuffer):void");
        }
    }

    /* loaded from: classes2.dex */
    public static final class SHKeyShareProducer implements HandshakeProducer {
        private SHKeyShareProducer() {
        }

        @Override // org.openjsse.sun.security.ssl.HandshakeProducer
        public byte[] produce(ConnectionContext connectionContext, SSLHandshake.HandshakeMessage handshakeMessage) {
            ServerHandshakeContext serverHandshakeContext = (ServerHandshakeContext) connectionContext;
            if (((CHKeyShareSpec) serverHandshakeContext.handshakeExtensions.get(SSLExtension.CH_KEY_SHARE)) == null) {
                if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
                    SSLLogger.warning("Ignore, no client key_share extension", new Object[0]);
                }
                return null;
            }
            if (!serverHandshakeContext.sslConfig.isAvailable(SSLExtension.SH_KEY_SHARE)) {
                if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
                    SSLLogger.warning("Ignore, no available server key_share extension", new Object[0]);
                }
                return null;
            }
            List<SSLCredentials> list = serverHandshakeContext.handshakeCredentials;
            if (list == null || list.isEmpty()) {
                if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
                    SSLLogger.warning("No available client key share entries", new Object[0]);
                }
                return null;
            }
            Iterator<SSLCredentials> it = serverHandshakeContext.handshakeCredentials.iterator();
            KeyShareEntry keyShareEntry = null;
            while (true) {
                if (!it.hasNext()) {
                    break;
                }
                SSLCredentials next = it.next();
                SupportedGroupsExtension.NamedGroup namedGroup = next instanceof ECDHKeyExchange.ECDHECredentials ? ((ECDHKeyExchange.ECDHECredentials) next).namedGroup : next instanceof DHKeyExchange.DHECredentials ? ((DHKeyExchange.DHECredentials) next).namedGroup : null;
                if (namedGroup != null) {
                    SSLKeyExchange valueOf = SSLKeyExchange.valueOf(namedGroup);
                    if (valueOf != null) {
                        for (SSLPossession sSLPossession : valueOf.createPossessions(serverHandshakeContext)) {
                            if ((sSLPossession instanceof ECDHKeyExchange.ECDHEPossession) || (sSLPossession instanceof DHKeyExchange.DHEPossession)) {
                                serverHandshakeContext.handshakeKeyExchange = valueOf;
                                serverHandshakeContext.handshakePossessions.add(sSLPossession);
                                keyShareEntry = new KeyShareEntry(namedGroup.id, sSLPossession.encode());
                                break;
                            }
                        }
                        if (keyShareEntry != null) {
                            Map.Entry<Byte, HandshakeProducer>[] handshakeProducers = valueOf.getHandshakeProducers(serverHandshakeContext);
                            for (Map.Entry<Byte, HandshakeProducer> entry : handshakeProducers) {
                                serverHandshakeContext.handshakeProducers.put(entry.getKey(), entry.getValue());
                            }
                        }
                    } else if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
                        SSLLogger.warning("No key exchange for named group " + namedGroup.name, new Object[0]);
                    }
                }
            }
            if (keyShareEntry != null) {
                byte[] encoded = keyShareEntry.getEncoded();
                serverHandshakeContext.handshakeExtensions.put(SSLExtension.SH_KEY_SHARE, new SHKeyShareSpec(keyShareEntry));
                return encoded;
            }
            if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
                SSLLogger.warning("No available server key_share extension", new Object[0]);
            }
            return null;
        }
    }

    /* loaded from: classes2.dex */
    public static final class SHKeyShareSpec implements SSLExtension.SSLExtensionSpec {
        final KeyShareEntry serverShare;

        private SHKeyShareSpec(ByteBuffer byteBuffer) {
            if (byteBuffer.remaining() < 5) {
                throw new SSLProtocolException("Invalid key_share extension: insufficient data (length=" + byteBuffer.remaining() + ")");
            }
            int int16 = Record.getInt16(byteBuffer);
            byte[] bytes16 = Record.getBytes16(byteBuffer);
            if (byteBuffer.hasRemaining()) {
                throw new SSLProtocolException("Invalid key_share extension: unknown extra data");
            }
            this.serverShare = new KeyShareEntry(int16, bytes16);
        }

        public SHKeyShareSpec(KeyShareEntry keyShareEntry) {
            this.serverShare = keyShareEntry;
        }

        public String toString() {
            return new MessageFormat("\"server_share\": '{'\n  \"named group\": {0}\n  \"key_exchange\": '{'\n{1}\n  '}'\n'}',", Locale.ENGLISH).format(new Object[]{SupportedGroupsExtension.NamedGroup.nameOf(this.serverShare.namedGroupId), Utilities.indent(new HexDumpEncoder().encode(this.serverShare.keyExchange), "    ")});
        }
    }

    /* loaded from: classes2.dex */
    public static final class SHKeyShareStringizer implements SSLStringizer {
        private SHKeyShareStringizer() {
        }

        @Override // org.openjsse.sun.security.ssl.SSLStringizer
        public String toString(ByteBuffer byteBuffer) {
            try {
                return new SHKeyShareSpec(byteBuffer).toString();
            } catch (IOException e9) {
                return e9.getMessage();
            }
        }
    }

    static {
        chNetworkProducer = new CHKeyShareProducer();
        chOnLoadConsumer = new CHKeyShareConsumer();
        chOnTradAbsence = new CHKeyShareOnTradeAbsence();
        chStringizer = new CHKeyShareStringizer();
        shNetworkProducer = new SHKeyShareProducer();
        shOnLoadConsumer = new SHKeyShareConsumer();
        shOnLoadAbsence = new SHKeyShareAbsence();
        shStringizer = new SHKeyShareStringizer();
        hrrNetworkProducer = new HRRKeyShareProducer();
        hrrOnLoadConsumer = new HRRKeyShareConsumer();
        hrrNetworkReproducer = new HRRKeyShareReproducer();
        hrrStringizer = new HRRKeyShareStringizer();
    }
}
