package org.eclipse.californium.scandium.dtls;

import java.security.GeneralSecurityException;
import java.security.MessageDigest;
import java.security.PublicKey;
import java.util.List;
import java.util.concurrent.ScheduledExecutorService;
import javax.crypto.SecretKey;
import org.eclipse.californium.elements.util.NoPublicAPI;
import org.eclipse.californium.elements.util.StringUtil;
import org.eclipse.californium.scandium.config.DtlsConnectorConfig;
import org.eclipse.californium.scandium.dtls.AlertMessage;
import org.eclipse.californium.scandium.dtls.HelloExtension;
import org.eclipse.californium.scandium.dtls.MaxFragmentLengthExtension;
import org.eclipse.californium.scandium.dtls.SupportedPointFormatsExtension;
import org.eclipse.californium.scandium.dtls.cipher.CipherSuite;
import org.eclipse.californium.scandium.dtls.cipher.PseudoRandomFunction;
import org.eclipse.californium.scandium.dtls.cipher.XECDHECryptography;
import org.eclipse.californium.scandium.util.SecretUtil;
import org.eclipse.californium.scandium.util.ServerNames;

@NoPublicAPI
/* loaded from: input_file:org/eclipse/californium/scandium/dtls/ClientHandshaker.class */
public class ClientHandshaker extends Handshaker {
    protected static final HandshakeState[] INIT = {new HandshakeState(HandshakeType.HELLO_VERIFY_REQUEST, true), new HandshakeState(HandshakeType.SERVER_HELLO)};
    protected static final HandshakeState[] SEVER_CERTIFICATE = {new HandshakeState(HandshakeType.CERTIFICATE), new HandshakeState(HandshakeType.SERVER_KEY_EXCHANGE), new HandshakeState(HandshakeType.CERTIFICATE_REQUEST, true), new HandshakeState(HandshakeType.SERVER_HELLO_DONE), new HandshakeState(ContentType.CHANGE_CIPHER_SPEC), new HandshakeState(HandshakeType.FINISHED)};
    private static final HandshakeState[] NO_SEVER_CERTIFICATE = {new HandshakeState(HandshakeType.SERVER_KEY_EXCHANGE, true), new HandshakeState(HandshakeType.SERVER_HELLO_DONE), new HandshakeState(ContentType.CHANGE_CIPHER_SPEC), new HandshakeState(HandshakeType.FINISHED)};
    private ProtocolVersion maxProtocolVersion;
    private boolean probe;
    private boolean receivedServerHelloDone;
    private ECDHServerKeyExchange serverKeyExchange;
    protected ClientHello clientHello;
    protected DTLSFlight flight5;
    private final List<CipherSuite> supportedCipherSuites;
    protected final List<XECDHECryptography.SupportedGroup> supportedGroups;
    protected final MaxFragmentLengthExtension.Length maxFragmentLength;
    protected final boolean truncateCertificatePath;
    protected final List<CertificateType> supportedClientCertificateTypes;
    protected final List<SignatureAndHashAlgorithm> supportedSignatureAlgorithms;
    protected final List<CertificateType> supportedServerCertificateTypes;
    private final Integer useDeprecatedCid;
    private final boolean verifyServerCertificatesSubject;
    private CertificateRequest certificateRequest;
    protected byte[] handshakeHash;

    public ClientHandshaker(String str, RecordLayer recordLayer, ScheduledExecutorService scheduledExecutorService, Connection connection, DtlsConnectorConfig dtlsConnectorConfig, boolean z) {
        super(0L, 0, recordLayer, scheduledExecutorService, connection, dtlsConnectorConfig);
        this.maxProtocolVersion = ProtocolVersion.VERSION_DTLS_1_2;
        this.supportedCipherSuites = dtlsConnectorConfig.getSupportedCipherSuites();
        this.supportedGroups = dtlsConnectorConfig.getSupportedGroups();
        this.maxFragmentLength = dtlsConnectorConfig.getMaxFragmentLength();
        this.truncateCertificatePath = dtlsConnectorConfig.useTruncatedCertificatePathForClientsCertificateMessage().booleanValue();
        this.supportedServerCertificateTypes = dtlsConnectorConfig.getTrustCertificateTypes();
        this.supportedClientCertificateTypes = dtlsConnectorConfig.getIdentityCertificateTypes();
        this.supportedSignatureAlgorithms = dtlsConnectorConfig.getSupportedSignatureAlgorithms();
        this.useDeprecatedCid = dtlsConnectorConfig.useDeprecatedCid();
        this.verifyServerCertificatesSubject = dtlsConnectorConfig.verifyServerCertificatesSubject().booleanValue();
        this.probe = z;
        getSession().setHostName(str);
    }

    @Override // org.eclipse.californium.scandium.dtls.Handshaker
    protected boolean isClient() {
        return true;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.eclipse.californium.scandium.dtls.Handshaker
    public void doProcessMessage(HandshakeMessage handshakeMessage) throws HandshakeException {
        switch (handshakeMessage.getMessageType()) {
            case HELLO_VERIFY_REQUEST:
                receivedHelloVerifyRequest((HelloVerifyRequest) handshakeMessage);
                return;
            case SERVER_HELLO:
                receivedServerHello((ServerHello) handshakeMessage);
                return;
            case CERTIFICATE:
                receivedServerCertificate((CertificateMessage) handshakeMessage);
                return;
            case SERVER_KEY_EXCHANGE:
                switch (getSession().getKeyExchange()) {
                    case EC_DIFFIE_HELLMAN:
                        receivedEcdhSignedServerKeyExchange((EcdhSignedServerKeyExchange) handshakeMessage);
                        return;
                    case PSK:
                        return;
                    case ECDHE_PSK:
                        this.serverKeyExchange = (EcdhPskServerKeyExchange) handshakeMessage;
                        return;
                    default:
                        throw new HandshakeException(String.format("Unsupported key exchange algorithm %s", getSession().getKeyExchange().name()), new AlertMessage(AlertMessage.AlertLevel.FATAL, AlertMessage.AlertDescription.HANDSHAKE_FAILURE));
                }
            case CERTIFICATE_REQUEST:
                receivedCertificateRequest((CertificateRequest) handshakeMessage);
                return;
            case SERVER_HELLO_DONE:
                receivedServerHelloDone();
                return;
            case FINISHED:
                receivedServerFinished((Finished) handshakeMessage);
                return;
            default:
                throw new HandshakeException(String.format("Received unexpected handshake message [%s] from peer %s", handshakeMessage.getMessageType(), this.peerToLog), new AlertMessage(AlertMessage.AlertLevel.FATAL, AlertMessage.AlertDescription.UNEXPECTED_MESSAGE));
        }
    }

    private void receivedServerFinished(Finished finished) throws HandshakeException {
        verifyFinished(finished, this.handshakeHash);
        contextEstablished();
        handshakeCompleted();
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void receivedHelloVerifyRequest(HelloVerifyRequest helloVerifyRequest) {
        this.handshakeMessages.clear();
        if (CipherSuite.containsEccBasedCipherSuite(this.clientHello.getCipherSuites())) {
            expectEcc();
        }
        this.clientHello.setCookie(helloVerifyRequest.getCookie());
        this.flightNumber = 3;
        DTLSFlight createFlight = createFlight();
        wrapMessage(createFlight, this.clientHello);
        sendFlight(createFlight);
        setExpectedStates(INIT);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void receivedServerHello(ServerHello serverHello) throws HandshakeException {
        ProtocolVersion protocolVersion = serverHello.getProtocolVersion();
        if (!protocolVersion.equals(ProtocolVersion.VERSION_DTLS_1_2)) {
            throw new HandshakeException("The client only supports DTLS v1.2, not " + protocolVersion + "!", new AlertMessage(AlertMessage.AlertLevel.FATAL, AlertMessage.AlertDescription.PROTOCOL_VERSION));
        }
        this.serverRandom = serverHello.getRandom();
        DTLSSession session = getSession();
        session.setSessionIdentifier(serverHello.getSessionId());
        session.setProtocolVersion(protocolVersion);
        CipherSuite cipherSuite = serverHello.getCipherSuite();
        if (!this.supportedCipherSuites.contains(cipherSuite)) {
            throw new HandshakeException("Server wants to use not supported cipher suite " + cipherSuite, new AlertMessage(AlertMessage.AlertLevel.FATAL, AlertMessage.AlertDescription.ILLEGAL_PARAMETER));
        }
        session.setCipherSuite(cipherSuite);
        CompressionMethod compressionMethod = serverHello.getCompressionMethod();
        if (compressionMethod != CompressionMethod.NULL) {
            throw new HandshakeException("Server wants to use not supported compression method " + compressionMethod, new AlertMessage(AlertMessage.AlertLevel.FATAL, AlertMessage.AlertDescription.ILLEGAL_PARAMETER));
        }
        session.setCompressionMethod(serverHello.getCompressionMethod());
        verifyServerHelloExtensions(serverHello);
        if (supportsConnectionId()) {
            receivedConnectionIdExtension(serverHello.getConnectionIdExtension());
        }
        if (serverHello.hasExtendedMasterSecretExtension()) {
            session.setExtendedMasterSecret(true);
        } else if (this.extendedMasterSecretMode == ExtendedMasterSecretMode.REQUIRED) {
            throw new HandshakeException("Extended Master Secret required!", new AlertMessage(AlertMessage.AlertLevel.FATAL, AlertMessage.AlertDescription.HANDSHAKE_FAILURE));
        }
        session.setSniSupported(serverHello.getServerNameExtension() != null);
        setExpectedStates(cipherSuite.requiresServerCertificateMessage() ? SEVER_CERTIFICATE : NO_SEVER_CERTIFICATE);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void receivedConnectionIdExtension(ConnectionIdExtension connectionIdExtension) throws HandshakeException {
        if (connectionIdExtension != null) {
            ConnectionId connectionId = connectionIdExtension.getConnectionId();
            DTLSContext dtlsContext = getDtlsContext();
            dtlsContext.setWriteConnectionId(connectionId);
            dtlsContext.setReadConnectionId(getReadConnectionId());
            dtlsContext.setDeprecatedCid(connectionIdExtension.useDeprecatedCid());
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void verifyServerHelloExtensions(ServerHello serverHello) throws HandshakeException {
        HelloExtensions extensions = serverHello.getExtensions();
        if (extensions != null && !extensions.isEmpty()) {
            HelloExtensions extensions2 = this.clientHello.getExtensions();
            if (extensions2 == null || extensions2.isEmpty()) {
                throw new HandshakeException("Server wants extensions, but client not!", new AlertMessage(AlertMessage.AlertLevel.FATAL, AlertMessage.AlertDescription.UNSUPPORTED_EXTENSION));
            }
            for (HelloExtension helloExtension : extensions.getExtensions()) {
                if (extensions2.getExtension(helloExtension.getType()) == null) {
                    throw new HandshakeException("Server wants " + helloExtension.getType() + ", but client didn't propose it!", new AlertMessage(AlertMessage.AlertLevel.FATAL, AlertMessage.AlertDescription.UNSUPPORTED_EXTENSION));
                }
            }
        }
        SupportedPointFormatsExtension supportedPointFormatsExtension = serverHello.getSupportedPointFormatsExtension();
        if (supportedPointFormatsExtension != null && !supportedPointFormatsExtension.contains(SupportedPointFormatsExtension.ECPointFormat.UNCOMPRESSED)) {
            throw new HandshakeException("Server wants to use only not supported EC point formats!", new AlertMessage(AlertMessage.AlertLevel.FATAL, AlertMessage.AlertDescription.ILLEGAL_PARAMETER));
        }
        DTLSSession session = getSession();
        RecordSizeLimitExtension recordSizeLimitExtension = serverHello.getRecordSizeLimitExtension();
        if (recordSizeLimitExtension != null) {
            session.setRecordSizeLimit(recordSizeLimitExtension.getRecordSizeLimit());
        }
        MaxFragmentLengthExtension maxFragmentLengthExtension = serverHello.getMaxFragmentLengthExtension();
        if (maxFragmentLengthExtension != null) {
            if (recordSizeLimitExtension != null) {
                throw new HandshakeException("Server wants to use record size limit and max. fragment size", new AlertMessage(AlertMessage.AlertLevel.FATAL, AlertMessage.AlertDescription.ILLEGAL_PARAMETER));
            }
            MaxFragmentLengthExtension.Length fragmentLength = maxFragmentLengthExtension.getFragmentLength();
            if (this.maxFragmentLength != fragmentLength) {
                throw new HandshakeException("Server wants to use other max. fragment size than proposed", new AlertMessage(AlertMessage.AlertLevel.FATAL, AlertMessage.AlertDescription.ILLEGAL_PARAMETER));
            }
            session.setMaxFragmentLength(fragmentLength.length());
        }
        ServerCertificateTypeExtension serverCertificateTypeExtension = serverHello.getServerCertificateTypeExtension();
        if (serverCertificateTypeExtension != null) {
            CertificateType certificateType = serverCertificateTypeExtension.getCertificateType();
            if (!isSupportedCertificateType(certificateType, this.supportedServerCertificateTypes)) {
                throw new HandshakeException("Server wants to use not supported server certificate type " + certificateType, new AlertMessage(AlertMessage.AlertLevel.FATAL, AlertMessage.AlertDescription.ILLEGAL_PARAMETER));
            }
            session.setReceiveCertificateType(certificateType);
        }
        ClientCertificateTypeExtension clientCertificateTypeExtension = serverHello.getClientCertificateTypeExtension();
        if (clientCertificateTypeExtension != null) {
            CertificateType certificateType2 = clientCertificateTypeExtension.getCertificateType();
            if (!isSupportedCertificateType(certificateType2, this.supportedClientCertificateTypes)) {
                throw new HandshakeException("Server wants to use not supported client certificate type " + certificateType2, new AlertMessage(AlertMessage.AlertLevel.FATAL, AlertMessage.AlertDescription.ILLEGAL_PARAMETER));
            }
            session.setSendCertificateType(certificateType2);
        }
    }

    private void receivedServerCertificate(CertificateMessage certificateMessage) throws HandshakeException {
        if (certificateMessage.isEmpty()) {
            this.LOGGER.debug("Certificate validation failed: empty server certificate!");
            throw new HandshakeException("Empty server certificate!", new AlertMessage(AlertMessage.AlertLevel.FATAL, AlertMessage.AlertDescription.BAD_CERTIFICATE));
        }
        verifyCertificate(certificateMessage, this.verifyServerCertificatesSubject);
    }

    private void receivedEcdhSignedServerKeyExchange(EcdhSignedServerKeyExchange ecdhSignedServerKeyExchange) throws HandshakeException {
        ecdhSignedServerKeyExchange.verifySignature(this.otherPeersPublicKey, this.clientRandom, this.serverRandom);
        this.serverKeyExchange = ecdhSignedServerKeyExchange;
        setOtherPeersSignatureVerified();
    }

    private void receivedCertificateRequest(CertificateRequest certificateRequest) throws HandshakeException {
        this.certificateRequest = certificateRequest;
        requestCertificateIdentity(this.certificateRequest.getCertificateAuthorities(), getServerNames(), this.certificateRequest.getCertificateKeyAlgorithms(), this.certificateRequest.getSupportedSignatureAlgorithms(), null);
    }

    @Override // org.eclipse.californium.scandium.dtls.Handshaker
    protected void processCertificateIdentityAvailable() throws HandshakeException {
        if (this.receivedServerHelloDone) {
            processServerHelloDone();
        }
    }

    private void receivedServerHelloDone() throws HandshakeException {
        this.receivedServerHelloDone = true;
        if (this.certificateRequest == null || this.certificateIdentityAvailable) {
            processServerHelloDone();
        }
    }

    private void processServerHelloDone() throws HandshakeException {
        this.flightNumber += 2;
        this.flight5 = createFlight();
        createCertificateMessage(this.flight5);
        DTLSSession session = getSession();
        CipherSuite.KeyExchangeAlgorithm keyExchange = session.getKeyExchange();
        XECDHECryptography xECDHECryptography = null;
        SecretKey secretKey = null;
        byte[] bArr = null;
        if (CipherSuite.KeyExchangeAlgorithm.ECDHE_PSK == keyExchange || CipherSuite.KeyExchangeAlgorithm.EC_DIFFIE_HELLMAN == keyExchange) {
            try {
                XECDHECryptography.SupportedGroup supportedGroup = this.serverKeyExchange.getSupportedGroup();
                if (!this.supportedGroups.contains(supportedGroup)) {
                    throw new HandshakeException("Cannot process handshake message, ec-group not offered! ", new AlertMessage(AlertMessage.AlertLevel.FATAL, AlertMessage.AlertDescription.ILLEGAL_PARAMETER));
                }
                xECDHECryptography = new XECDHECryptography(supportedGroup);
                secretKey = xECDHECryptography.generateSecret(this.serverKeyExchange.getEncodedPoint());
                bArr = xECDHECryptography.getEncodedPoint();
                session.setEcGroup(supportedGroup);
            } catch (GeneralSecurityException e) {
                throw new HandshakeException("Cannot process handshake message, caused by " + e.getMessage(), new AlertMessage(AlertMessage.AlertLevel.FATAL, AlertMessage.AlertDescription.ILLEGAL_PARAMETER), e);
            }
        }
        switch (keyExchange) {
            case EC_DIFFIE_HELLMAN:
                wrapMessage(this.flight5, new ECDHClientKeyExchange(bArr));
                SecretKey generateMasterSecret = PseudoRandomFunction.generateMasterSecret(session.getCipherSuite().getThreadLocalPseudoRandomFunctionMac(), secretKey, generateMasterSecretSeed(), session.useExtendedMasterSecret());
                applyMasterSecret(generateMasterSecret);
                SecretUtil.destroy(generateMasterSecret);
                processMasterSecret();
                break;
            case PSK:
                PskPublicInformation pskClientIdentity = getPskClientIdentity();
                this.LOGGER.trace("Using PSK identity: {}", pskClientIdentity);
                wrapMessage(this.flight5, new PSKClientKeyExchange(pskClientIdentity));
                requestPskSecretResult(pskClientIdentity, null, generateMasterSecretSeed());
                break;
            case ECDHE_PSK:
                PskPublicInformation pskClientIdentity2 = getPskClientIdentity();
                this.LOGGER.trace("Using ECDHE PSK identity: {}", pskClientIdentity2);
                wrapMessage(this.flight5, new EcdhPskClientKeyExchange(pskClientIdentity2, bArr));
                requestPskSecretResult(pskClientIdentity2, secretKey, generateMasterSecretSeed());
                break;
        }
        SecretUtil.destroy(xECDHECryptography);
        SecretUtil.destroy(secretKey);
    }

    @Override // org.eclipse.californium.scandium.dtls.Handshaker
    protected void processMasterSecret() throws HandshakeException {
        if (!isExpectedStates(SEVER_CERTIFICATE) || this.otherPeersCertificateVerified) {
            completeProcessingServerHelloDone();
        }
    }

    @Override // org.eclipse.californium.scandium.dtls.Handshaker
    protected void processCertificateVerified() throws HandshakeException {
        if (hasMasterSecret()) {
            completeProcessingServerHelloDone();
        }
    }

    protected void completeProcessingServerHelloDone() throws HandshakeException {
        DTLSSession session = getSession();
        if (session.getCipherSuite().isEccBased()) {
            expectEcc();
        }
        SignatureAndHashAlgorithm signatureAndHashAlgorithm = session.getSignatureAndHashAlgorithm();
        if (signatureAndHashAlgorithm != null) {
            wrapMessage(this.flight5, new CertificateVerify(signatureAndHashAlgorithm, this.privateKey, this.handshakeMessages));
        }
        wrapMessage(this.flight5, new ChangeCipherSpecMessage());
        setCurrentWriteState();
        MessageDigest handshakeMessageDigest = getHandshakeMessageDigest();
        MessageDigest cloneMessageDigest = cloneMessageDigest(handshakeMessageDigest);
        Finished createFinishedMessage = createFinishedMessage(handshakeMessageDigest.digest());
        wrapMessage(this.flight5, createFinishedMessage);
        cloneMessageDigest.update(createFinishedMessage.toByteArray());
        this.handshakeHash = cloneMessageDigest.digest();
        sendFlight(this.flight5);
        expectChangeCipherSpecMessage();
    }

    private void createCertificateMessage(DTLSFlight dTLSFlight) {
        if (this.certificateRequest != null) {
            List<SignatureAndHashAlgorithm> list = this.supportedSignatureAlgorithms;
            if (list.isEmpty()) {
                list = SignatureAndHashAlgorithm.DEFAULT;
            }
            CertificateType sendCertificateType = getSession().sendCertificateType();
            CertificateMessage certificateMessage = null;
            SignatureAndHashAlgorithm signatureAndHashAlgorithm = null;
            if (CertificateType.RAW_PUBLIC_KEY == sendCertificateType) {
                PublicKey publicKey = this.publicKey;
                if (publicKey != null) {
                    signatureAndHashAlgorithm = this.certificateRequest.getSignatureAndHashAlgorithm(publicKey, list);
                    if (signatureAndHashAlgorithm != null) {
                        certificateMessage = new CertificateMessage(publicKey);
                        if (this.LOGGER.isDebugEnabled()) {
                            this.LOGGER.debug("sending CERTIFICATE message with client RawPublicKey [{}] to server", StringUtil.byteArray2HexString(publicKey.getEncoded()));
                        }
                    }
                }
            } else {
                if (CertificateType.X_509 != sendCertificateType) {
                    throw new IllegalArgumentException("Certificate type " + sendCertificateType + " not supported!");
                }
                if (this.certificateChain != null) {
                    signatureAndHashAlgorithm = this.certificateRequest.getSignatureAndHashAlgorithm(this.certificateChain, list);
                    if (signatureAndHashAlgorithm != null) {
                        certificateMessage = new CertificateMessage(this.certificateChain, this.truncateCertificatePath ? this.certificateRequest.getCertificateAuthorities() : null);
                        if (certificateMessage.isEmpty()) {
                            signatureAndHashAlgorithm = null;
                        }
                    }
                }
            }
            if (certificateMessage == null && signatureAndHashAlgorithm == null) {
                certificateMessage = new CertificateMessage();
            }
            wrapMessage(dTLSFlight, certificateMessage);
            getSession().setSignatureAndHashAlgorithm(signatureAndHashAlgorithm);
        }
    }

    protected static boolean isSupportedCertificateType(CertificateType certificateType, List<CertificateType> list) {
        return list != null ? list.contains(certificateType) : certificateType == CertificateType.X_509;
    }

    public void startHandshake() throws HandshakeException {
        handshakeStarted();
        ClientHello clientHello = new ClientHello(this.maxProtocolVersion, this.supportedCipherSuites, this.supportedSignatureAlgorithms, this.supportedClientCertificateTypes, this.supportedServerCertificateTypes, this.supportedGroups);
        if (CipherSuite.containsEccBasedCipherSuite(clientHello.getCipherSuites())) {
            expectEcc();
        }
        this.clientRandom = clientHello.getRandom();
        clientHello.addCompressionMethod(CompressionMethod.NULL);
        if (this.extendedMasterSecretMode != ExtendedMasterSecretMode.NONE) {
            clientHello.addExtension(ExtendedMasterSecretExtension.INSTANCE);
        }
        addConnectionId(clientHello);
        addRecordSizeLimit(clientHello);
        addMaxFragmentLength(clientHello);
        addServerNameIndication(clientHello);
        this.flightNumber = 1;
        this.clientHello = clientHello;
        DTLSFlight createFlight = createFlight();
        wrapMessage(createFlight, clientHello);
        sendFlight(createFlight);
        setExpectedStates(INIT);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void addRecordSizeLimit(ClientHello clientHello) {
        if (this.recordSizeLimit != null) {
            clientHello.addExtension(new RecordSizeLimitExtension(this.recordSizeLimit.intValue()));
            this.LOGGER.debug("Indicating record size limit [{}] to server [{}]", this.recordSizeLimit, this.peerToLog);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void addMaxFragmentLength(ClientHello clientHello) {
        if (this.maxFragmentLength != null) {
            clientHello.addExtension(new MaxFragmentLengthExtension(this.maxFragmentLength));
            this.LOGGER.debug("Indicating max. fragment length [{}] to server [{}]", this.maxFragmentLength, this.peerToLog);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void addConnectionId(ClientHello clientHello) {
        if (supportsConnectionId()) {
            clientHello.addExtension(ConnectionIdExtension.fromConnectionId(this.connectionIdGenerator.useConnectionId() ? getConnection().getConnectionId() : ConnectionId.EMPTY, this.useDeprecatedCid != null ? HelloExtension.ExtensionType.getExtensionTypeById(this.useDeprecatedCid.intValue()) : HelloExtension.ExtensionType.CONNECTION_ID));
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void addServerNameIndication(ClientHello clientHello) {
        ServerNames serverNames = getServerNames();
        if (serverNames != null) {
            this.LOGGER.debug("adding SNI extension to CLIENT_HELLO message [{}]", getSession().getHostName());
            clientHello.addExtension(ServerNameExtension.forServerNames(serverNames));
        }
    }

    protected PskPublicInformation getPskClientIdentity() throws HandshakeException {
        ServerNames serverNames = getServerNames();
        if (serverNames != null && !getSession().isSniSupported()) {
            this.LOGGER.warn("client is configured to use SNI but server does not support it, PSK authentication is likely to fail");
        }
        PskPublicInformation identity = this.advancedPskStore.getIdentity(getPeerAddress(), serverNames);
        if (identity != null) {
            return identity;
        }
        AlertMessage alertMessage = new AlertMessage(AlertMessage.AlertLevel.FATAL, AlertMessage.AlertDescription.INTERNAL_ERROR);
        if (serverNames != null) {
            throw new HandshakeException(String.format("No Identity found for peer [address: %s, virtual host: %s]", this.peerToLog, getSession().getHostName()), alertMessage);
        }
        throw new HandshakeException(String.format("No Identity found for peer [address: %s]", this.peerToLog), alertMessage);
    }

    @Override // org.eclipse.californium.scandium.dtls.Handshaker
    public boolean isProbing() {
        return this.probe;
    }

    @Override // org.eclipse.californium.scandium.dtls.Handshaker
    public void resetProbing() {
        this.probe = false;
    }

    @Override // org.eclipse.californium.scandium.dtls.Handshaker
    public boolean isRemovingConnection() {
        return !this.probe && super.isRemovingConnection();
    }
}
