package org.openjsse.sun.security.ssl;

import java.io.IOException;
import java.security.MessageDigest;
import java.security.SecureRandom;
import java.util.Arrays;
import org.openjsse.sun.security.ssl.ClientHello;
import sun.font.CompositeGlyphMapper;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: input_file:jre/lib/ext/openjsse.jar:org/openjsse/sun/security/ssl/HelloCookieManager.class */
public abstract class HelloCookieManager {

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:jre/lib/ext/openjsse.jar:org/openjsse/sun/security/ssl/HelloCookieManager$Builder.class */
    public static class Builder {
        final SecureRandom secureRandom;
        private volatile D10HelloCookieManager d10HelloCookieManager;
        private volatile D13HelloCookieManager d13HelloCookieManager;
        private volatile T13HelloCookieManager t13HelloCookieManager;

        /* JADX INFO: Access modifiers changed from: package-private */
        public Builder(SecureRandom secureRandom) {
            this.secureRandom = secureRandom;
        }

        /* JADX INFO: Access modifiers changed from: package-private */
        public HelloCookieManager valueOf(ProtocolVersion protocolVersion) {
            if (!protocolVersion.isDTLS) {
                if (!protocolVersion.useTLS13PlusSpec()) {
                    return null;
                }
                if (this.t13HelloCookieManager != null) {
                    return this.t13HelloCookieManager;
                }
                synchronized (this) {
                    if (this.t13HelloCookieManager == null) {
                        this.t13HelloCookieManager = new T13HelloCookieManager(this.secureRandom);
                    }
                }
                return this.t13HelloCookieManager;
            }
            if (protocolVersion.useTLS13PlusSpec()) {
                if (this.d13HelloCookieManager != null) {
                    return this.d13HelloCookieManager;
                }
                synchronized (this) {
                    if (this.d13HelloCookieManager == null) {
                        this.d13HelloCookieManager = new D13HelloCookieManager(this.secureRandom);
                    }
                }
                return this.d13HelloCookieManager;
            }
            if (this.d10HelloCookieManager != null) {
                return this.d10HelloCookieManager;
            }
            synchronized (this) {
                if (this.d10HelloCookieManager == null) {
                    this.d10HelloCookieManager = new D10HelloCookieManager(this.secureRandom);
                }
            }
            return this.d10HelloCookieManager;
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:jre/lib/ext/openjsse.jar:org/openjsse/sun/security/ssl/HelloCookieManager$D10HelloCookieManager.class */
    public static final class D10HelloCookieManager extends HelloCookieManager {
        final SecureRandom secureRandom;
        private int cookieVersion;
        private byte[] cookieSecret = new byte[32];
        private byte[] legacySecret = new byte[32];

        D10HelloCookieManager(SecureRandom secureRandom) {
            this.secureRandom = secureRandom;
            this.cookieVersion = secureRandom.nextInt();
            secureRandom.nextBytes(this.cookieSecret);
            System.arraycopy(this.cookieSecret, 0, this.legacySecret, 0, 32);
        }

        @Override // org.openjsse.sun.security.ssl.HelloCookieManager
        byte[] createCookie(ServerHandshakeContext serverHandshakeContext, ClientHello.ClientHelloMessage clientHelloMessage) throws IOException {
            int i;
            byte[] bArr;
            synchronized (this) {
                i = this.cookieVersion;
                bArr = this.cookieSecret;
                if ((this.cookieVersion & CompositeGlyphMapper.GLYPHMASK) == 0) {
                    System.arraycopy(this.cookieSecret, 0, this.legacySecret, 0, 32);
                    this.secureRandom.nextBytes(this.cookieSecret);
                }
                this.cookieVersion++;
            }
            MessageDigest messageDigest = JsseJce.getMessageDigest("SHA-256");
            messageDigest.update(clientHelloMessage.getHelloCookieBytes());
            byte[] digest = messageDigest.digest(bArr);
            digest[0] = (byte) ((i >> 24) & 255);
            return digest;
        }

        @Override // org.openjsse.sun.security.ssl.HelloCookieManager
        boolean isCookieValid(ServerHandshakeContext serverHandshakeContext, ClientHello.ClientHelloMessage clientHelloMessage, byte[] bArr) throws IOException {
            byte[] bArr2;
            if (bArr == null || bArr.length != 32) {
                return false;
            }
            synchronized (this) {
                bArr2 = ((this.cookieVersion >> 24) & 255) == bArr[0] ? this.cookieSecret : this.legacySecret;
            }
            MessageDigest messageDigest = JsseJce.getMessageDigest("SHA-256");
            messageDigest.update(clientHelloMessage.getHelloCookieBytes());
            byte[] digest = messageDigest.digest(bArr2);
            digest[0] = bArr[0];
            return MessageDigest.isEqual(digest, bArr);
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:jre/lib/ext/openjsse.jar:org/openjsse/sun/security/ssl/HelloCookieManager$D13HelloCookieManager.class */
    public static final class D13HelloCookieManager extends HelloCookieManager {
        D13HelloCookieManager(SecureRandom secureRandom) {
        }

        @Override // org.openjsse.sun.security.ssl.HelloCookieManager
        byte[] createCookie(ServerHandshakeContext serverHandshakeContext, ClientHello.ClientHelloMessage clientHelloMessage) throws IOException {
            throw new UnsupportedOperationException("Not supported yet.");
        }

        @Override // org.openjsse.sun.security.ssl.HelloCookieManager
        boolean isCookieValid(ServerHandshakeContext serverHandshakeContext, ClientHello.ClientHelloMessage clientHelloMessage, byte[] bArr) throws IOException {
            throw new UnsupportedOperationException("Not supported yet.");
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:jre/lib/ext/openjsse.jar:org/openjsse/sun/security/ssl/HelloCookieManager$T13HelloCookieManager.class */
    public static final class T13HelloCookieManager extends HelloCookieManager {
        final SecureRandom secureRandom;
        private int cookieVersion;
        private final byte[] cookieSecret = new byte[64];
        private final byte[] legacySecret = new byte[64];

        T13HelloCookieManager(SecureRandom secureRandom) {
            this.secureRandom = secureRandom;
            this.cookieVersion = secureRandom.nextInt();
            secureRandom.nextBytes(this.cookieSecret);
            System.arraycopy(this.cookieSecret, 0, this.legacySecret, 0, 64);
        }

        @Override // org.openjsse.sun.security.ssl.HelloCookieManager
        byte[] createCookie(ServerHandshakeContext serverHandshakeContext, ClientHello.ClientHelloMessage clientHelloMessage) throws IOException {
            int i;
            byte[] bArr;
            synchronized (this) {
                i = this.cookieVersion;
                bArr = this.cookieSecret;
                if ((this.cookieVersion & CompositeGlyphMapper.GLYPHMASK) == 0) {
                    System.arraycopy(this.cookieSecret, 0, this.legacySecret, 0, 64);
                    this.secureRandom.nextBytes(this.cookieSecret);
                }
                this.cookieVersion++;
            }
            MessageDigest messageDigest = JsseJce.getMessageDigest(serverHandshakeContext.negotiatedCipherSuite.hashAlg.name);
            messageDigest.update(clientHelloMessage.getHeaderBytes());
            byte[] digest = messageDigest.digest(bArr);
            serverHandshakeContext.handshakeHash.update();
            byte[] digest2 = serverHandshakeContext.handshakeHash.digest();
            byte[] bArr2 = {(byte) ((serverHandshakeContext.negotiatedCipherSuite.id >> 8) & 255), (byte) (serverHandshakeContext.negotiatedCipherSuite.id & 255), (byte) ((i >> 24) & 255)};
            byte[] copyOf = Arrays.copyOf(bArr2, bArr2.length + digest.length + digest2.length);
            System.arraycopy(digest, 0, copyOf, bArr2.length, digest.length);
            System.arraycopy(digest2, 0, copyOf, bArr2.length + digest.length, digest2.length);
            return copyOf;
        }

        @Override // org.openjsse.sun.security.ssl.HelloCookieManager
        boolean isCookieValid(ServerHandshakeContext serverHandshakeContext, ClientHello.ClientHelloMessage clientHelloMessage, byte[] bArr) throws IOException {
            CipherSuite valueOf;
            byte[] bArr2;
            if (bArr == null || bArr.length <= 32 || (valueOf = CipherSuite.valueOf(((bArr[0] & 255) << 8) | (bArr[1] & 255))) == null || valueOf.hashAlg == null || valueOf.hashAlg.hashLength == 0) {
                return false;
            }
            int i = valueOf.hashAlg.hashLength;
            if (bArr.length != 3 + (i * 2)) {
                return false;
            }
            byte[] copyOfRange = Arrays.copyOfRange(bArr, 3, 3 + i);
            byte[] copyOfRange2 = Arrays.copyOfRange(bArr, 3 + i, bArr.length);
            synchronized (this) {
                bArr2 = ((byte) ((this.cookieVersion >> 24) & 255)) == bArr[2] ? this.cookieSecret : this.legacySecret;
            }
            MessageDigest messageDigest = JsseJce.getMessageDigest(valueOf.hashAlg.name);
            messageDigest.update(clientHelloMessage.getHeaderBytes());
            if (!MessageDigest.isEqual(messageDigest.digest(bArr2), copyOfRange)) {
                return false;
            }
            serverHandshakeContext.handshakeHash.push(ServerHello.hrrReproducer.produce(serverHandshakeContext, clientHelloMessage));
            byte[] bArr3 = new byte[4 + i];
            bArr3[0] = SSLHandshake.MESSAGE_HASH.id;
            bArr3[1] = 0;
            bArr3[2] = 0;
            bArr3[3] = (byte) (i & 255);
            System.arraycopy(copyOfRange2, 0, bArr3, 4, i);
            serverHandshakeContext.handshakeHash.push(bArr3);
            return true;
        }
    }

    HelloCookieManager() {
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public abstract byte[] createCookie(ServerHandshakeContext serverHandshakeContext, ClientHello.ClientHelloMessage clientHelloMessage) throws IOException;

    /* JADX INFO: Access modifiers changed from: package-private */
    public abstract boolean isCookieValid(ServerHandshakeContext serverHandshakeContext, ClientHello.ClientHelloMessage clientHelloMessage, byte[] bArr) throws IOException;
}
