package org.eclipse.californium.scandium.dtls;

import javax.crypto.SecretKey;
import javax.security.auth.Destroyable;
import org.eclipse.californium.elements.auth.PreSharedKeyIdentity;
import org.eclipse.californium.elements.util.Bytes;
import org.eclipse.californium.elements.util.DatagramWriter;
import org.eclipse.californium.scandium.dtls.AlertMessage;
import org.eclipse.californium.scandium.dtls.pskstore.PskStore;
import org.eclipse.californium.scandium.util.SecretUtil;
import org.eclipse.californium.scandium.util.ServerNames;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: classes.dex */
public class PskUtil implements Destroyable {
    private static final Logger LOGGER = LoggerFactory.getLogger(PskUtil.class.getName());
    private final PskPublicInformation pskIdentity;
    private final PreSharedKeyIdentity pskPrincipal;
    private final SecretKey pskSecret;

    public PskUtil(boolean z, DTLSSession dTLSSession, PskStore pskStore) {
        this(z, dTLSSession, pskStore, lookupIdentity(z, dTLSSession, pskStore));
    }

    public PskUtil(boolean z, DTLSSession dTLSSession, PskStore pskStore, PskPublicInformation pskPublicInformation) {
        if (dTLSSession == null) {
            throw new NullPointerException("Dtls session must not be null");
        }
        if (pskStore == null) {
            throw new NullPointerException("psk store must not be null");
        }
        if (pskPublicInformation == null) {
            throw new NullPointerException("psk identity must not be null");
        }
        this.pskIdentity = pskPublicInformation;
        String str = null;
        ServerNames serverNames = dTLSSession.getServerNames();
        if (!z || serverNames == null) {
            LOGGER.debug("client [{}] uses PSK identity [{}]", dTLSSession.getPeer(), pskPublicInformation);
            this.pskSecret = pskStore.getKey(pskPublicInformation);
        } else {
            str = dTLSSession.getHostName();
            LOGGER.debug("client [{}] uses PSK identity [{}] for server [{}]", dTLSSession.getPeer(), pskPublicInformation, str);
            this.pskSecret = pskStore.getKey(serverNames, pskPublicInformation);
        }
        if (this.pskSecret == null) {
            AlertMessage alertMessage = new AlertMessage(AlertMessage.AlertLevel.FATAL, AlertMessage.AlertDescription.UNKNOWN_PSK_IDENTITY, dTLSSession.getPeer());
            if (str == null) {
                throw new HandshakeException(String.format("No pre-shared key found for [identity: %s]", pskPublicInformation), alertMessage);
            }
            throw new HandshakeException(String.format("No pre-shared key found for [virtual host: %s, identity: %s]", str, pskPublicInformation), alertMessage);
        }
        if (z) {
            this.pskPrincipal = new PreSharedKeyIdentity(str, pskPublicInformation.getPublicInfoAsString());
        } else {
            this.pskPrincipal = new PreSharedKeyIdentity(pskPublicInformation.getPublicInfoAsString());
        }
        dTLSSession.setPeerIdentity(this.pskPrincipal);
    }

    private static PskPublicInformation lookupIdentity(boolean z, DTLSSession dTLSSession, PskStore pskStore) {
        PskPublicInformation identity;
        if (dTLSSession == null) {
            throw new NullPointerException("Dtls session must not be null");
        }
        if (pskStore == null) {
            throw new NullPointerException("psk store must not be null");
        }
        ServerNames serverNames = dTLSSession.getServerNames();
        if (!z || serverNames == null) {
            identity = pskStore.getIdentity(dTLSSession.getPeer());
            if (identity == null) {
                throw new HandshakeException(String.format("No Identity found for peer [address: %s]", dTLSSession.getPeer()), new AlertMessage(AlertMessage.AlertLevel.FATAL, AlertMessage.AlertDescription.HANDSHAKE_FAILURE, dTLSSession.getPeer()));
            }
        } else {
            if (!dTLSSession.isSniSupported()) {
                LOGGER.warn("client is configured to use SNI but server does not support it, PSK authentication is likely to fail");
            }
            identity = pskStore.getIdentity(dTLSSession.getPeer(), serverNames);
            if (identity == null) {
                throw new HandshakeException(String.format("No Identity found for peer [address: %s, virtual host: %s]", dTLSSession.getPeer(), dTLSSession.getHostName()), new AlertMessage(AlertMessage.AlertLevel.FATAL, AlertMessage.AlertDescription.HANDSHAKE_FAILURE, dTLSSession.getPeer()));
            }
        }
        return identity;
    }

    @Override // javax.security.auth.Destroyable
    public void destroy() {
        SecretUtil.destroy(this.pskSecret);
    }

    public SecretKey generatePremasterSecretFromPSK(SecretKey secretKey) {
        byte[] encoded = this.pskSecret.getEncoded();
        int length = encoded.length;
        byte[] encoded2 = secretKey != null ? secretKey.getEncoded() : new byte[length];
        DatagramWriter datagramWriter = new DatagramWriter(true);
        datagramWriter.write(encoded2.length, 16);
        datagramWriter.writeBytes(encoded2);
        datagramWriter.write(length, 16);
        datagramWriter.writeBytes(encoded);
        byte[] byteArray = datagramWriter.toByteArray();
        datagramWriter.close();
        SecretKey create = SecretUtil.create(byteArray, "MAC");
        Bytes.clear(encoded);
        Bytes.clear(encoded2);
        Bytes.clear(byteArray);
        return create;
    }

    public PreSharedKeyIdentity getPskPrincipal() {
        return this.pskPrincipal;
    }

    public PskPublicInformation getPskPublicIdentity() {
        return this.pskIdentity;
    }

    @Override // javax.security.auth.Destroyable
    public boolean isDestroyed() {
        return SecretUtil.isDestroyed(this.pskSecret);
    }
}
