package sun.security.ssl;

import java.io.IOException;
import java.nio.ByteBuffer;
import java.security.SecureRandom;
import java.security.cert.X509Certificate;
import java.text.MessageFormat;
import java.util.Arrays;
import java.util.Collections;
import java.util.Iterator;
import java.util.LinkedList;
import java.util.List;
import java.util.Locale;
import java.util.Objects;
import javax.net.ssl.SSLException;
import javax.net.ssl.SSLHandshakeException;
import javax.net.ssl.SSLPeerUnverifiedException;
import javax.net.ssl.SSLProtocolException;
import sun.security.ssl.SSLHandshake;
import sun.security.ssl.SupportedVersionsExtension;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: input_file:BOOT-INF/lib/java.base-2019-11-04.jar:META-INF/modules/java.base/classes/sun/security/ssl/ClientHello.class */
public final class ClientHello {
    static final SSLProducer kickstartProducer = new ClientHelloKickstartProducer();
    static final SSLConsumer handshakeConsumer = new ClientHelloConsumer();
    static final HandshakeProducer handshakeProducer = new ClientHelloProducer();
    private static final HandshakeConsumer t12HandshakeConsumer = new T12ClientHelloConsumer();
    private static final HandshakeConsumer t13HandshakeConsumer = new T13ClientHelloConsumer();
    private static final HandshakeConsumer d12HandshakeConsumer = new D12ClientHelloConsumer();
    private static final HandshakeConsumer d13HandshakeConsumer = new D13ClientHelloConsumer();

    /* loaded from: input_file:BOOT-INF/lib/java.base-2019-11-04.jar:META-INF/modules/java.base/classes/sun/security/ssl/ClientHello$ClientHelloConsumer.class */
    private static final class ClientHelloConsumer implements SSLConsumer {
        private ClientHelloConsumer() {
        }

        @Override // sun.security.ssl.SSLConsumer
        public void consume(ConnectionContext connectionContext, ByteBuffer byteBuffer) throws IOException {
            ServerHandshakeContext serverHandshakeContext = (ServerHandshakeContext) connectionContext;
            serverHandshakeContext.handshakeConsumers.remove(Byte.valueOf(SSLHandshake.CLIENT_HELLO.id));
            if (!serverHandshakeContext.handshakeConsumers.isEmpty()) {
                throw serverHandshakeContext.conContext.fatal(Alert.UNEXPECTED_MESSAGE, "No more handshake message allowed in a ClientHello flight");
            }
            ClientHelloMessage clientHelloMessage = new ClientHelloMessage(serverHandshakeContext, byteBuffer, serverHandshakeContext.sslConfig.getEnabledExtensions(SSLHandshake.CLIENT_HELLO));
            if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
                SSLLogger.fine("Consuming ClientHello handshake message", clientHelloMessage);
            }
            serverHandshakeContext.clientHelloVersion = clientHelloMessage.clientVersion;
            onClientHello(serverHandshakeContext, clientHelloMessage);
        }

        private void onClientHello(ServerHandshakeContext serverHandshakeContext, ClientHelloMessage clientHelloMessage) throws IOException {
            clientHelloMessage.extensions.consumeOnLoad(serverHandshakeContext, new SSLExtension[]{SSLExtension.CH_SUPPORTED_VERSIONS});
            SupportedVersionsExtension.CHSupportedVersionsSpec cHSupportedVersionsSpec = (SupportedVersionsExtension.CHSupportedVersionsSpec) serverHandshakeContext.handshakeExtensions.get(SSLExtension.CH_SUPPORTED_VERSIONS);
            ProtocolVersion negotiateProtocol = cHSupportedVersionsSpec != null ? negotiateProtocol(serverHandshakeContext, cHSupportedVersionsSpec.requestedProtocols) : negotiateProtocol(serverHandshakeContext, clientHelloMessage.clientVersion);
            serverHandshakeContext.negotiatedProtocol = negotiateProtocol;
            if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
                SSLLogger.fine("Negotiated protocol version: " + negotiateProtocol.name, new Object[0]);
            }
            if (negotiateProtocol.isDTLS) {
                if (negotiateProtocol.useTLS13PlusSpec()) {
                    ClientHello.d13HandshakeConsumer.consume(serverHandshakeContext, clientHelloMessage);
                    return;
                } else {
                    ClientHello.d12HandshakeConsumer.consume(serverHandshakeContext, clientHelloMessage);
                    return;
                }
            }
            if (negotiateProtocol.useTLS13PlusSpec()) {
                ClientHello.t13HandshakeConsumer.consume(serverHandshakeContext, clientHelloMessage);
            } else {
                ClientHello.t12HandshakeConsumer.consume(serverHandshakeContext, clientHelloMessage);
            }
        }

        private ProtocolVersion negotiateProtocol(ServerHandshakeContext serverHandshakeContext, int i) throws SSLException {
            int i2 = i;
            if (serverHandshakeContext.sslContext.isDTLS()) {
                if (i2 < ProtocolVersion.DTLS12.id) {
                    i2 = ProtocolVersion.DTLS12.id;
                }
            } else if (i2 > ProtocolVersion.TLS12.id) {
                i2 = ProtocolVersion.TLS12.id;
            }
            ProtocolVersion selectedFrom = ProtocolVersion.selectedFrom(serverHandshakeContext.activeProtocols, i2);
            if (selectedFrom == null || selectedFrom == ProtocolVersion.NONE || selectedFrom == ProtocolVersion.SSL20Hello) {
                throw serverHandshakeContext.conContext.fatal(Alert.PROTOCOL_VERSION, "Client requested protocol " + ProtocolVersion.nameOf(i) + " is not enabled or supported in server context");
            }
            return selectedFrom;
        }

        private ProtocolVersion negotiateProtocol(ServerHandshakeContext serverHandshakeContext, int[] iArr) throws SSLException {
            for (ProtocolVersion protocolVersion : serverHandshakeContext.activeProtocols) {
                if (protocolVersion != ProtocolVersion.SSL20Hello) {
                    for (int i : iArr) {
                        if (i != ProtocolVersion.SSL20Hello.id && protocolVersion.id == i) {
                            return protocolVersion;
                        }
                    }
                }
            }
            throw serverHandshakeContext.conContext.fatal(Alert.PROTOCOL_VERSION, "The client supported protocol versions " + Arrays.toString(ProtocolVersion.toStringArray(iArr)) + " are not accepted by server preferences " + ((Object) serverHandshakeContext.activeProtocols));
        }
    }

    /* loaded from: input_file:BOOT-INF/lib/java.base-2019-11-04.jar:META-INF/modules/java.base/classes/sun/security/ssl/ClientHello$ClientHelloKickstartProducer.class */
    private static final class ClientHelloKickstartProducer implements SSLProducer {
        private ClientHelloKickstartProducer() {
        }

        @Override // sun.security.ssl.SSLProducer
        public byte[] produce(ConnectionContext connectionContext) throws IOException {
            String str;
            ClientHandshakeContext clientHandshakeContext = (ClientHandshakeContext) connectionContext;
            clientHandshakeContext.handshakeProducers.remove(Byte.valueOf(SSLHandshake.CLIENT_HELLO.id));
            ProtocolVersion protocolVersion = clientHandshakeContext.maximumActiveProtocol;
            SessionId sessionId = SSLSessionImpl.nullSession.getSessionId();
            List<CipherSuite> list = clientHandshakeContext.activeCipherSuites;
            SSLSessionImpl sSLSessionImpl = ((SSLSessionContextImpl) clientHandshakeContext.sslContext.engineGetClientSessionContext()).get(clientHandshakeContext.conContext.transport.getPeerHost(), clientHandshakeContext.conContext.transport.getPeerPort());
            if (sSLSessionImpl != null) {
                if (!ClientHandshakeContext.allowUnsafeServerCertChange && sSLSessionImpl.isSessionResumption()) {
                    try {
                        clientHandshakeContext.reservedServerCerts = (X509Certificate[]) sSLSessionImpl.getPeerCertificates();
                    } catch (SSLPeerUnverifiedException e) {
                    }
                }
                if (!sSLSessionImpl.isRejoinable()) {
                    sSLSessionImpl = null;
                    if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake,verbose")) {
                        SSLLogger.finest("Can't resume, the session is not rejoinable", new Object[0]);
                    }
                }
            }
            CipherSuite cipherSuite = null;
            if (sSLSessionImpl != null) {
                cipherSuite = sSLSessionImpl.getSuite();
                if (!clientHandshakeContext.isNegotiable(cipherSuite)) {
                    sSLSessionImpl = null;
                    if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake,verbose")) {
                        SSLLogger.finest("Can't resume, unavailable session cipher suite", new Object[0]);
                    }
                }
            }
            ProtocolVersion protocolVersion2 = null;
            if (sSLSessionImpl != null) {
                protocolVersion2 = sSLSessionImpl.getProtocolVersion();
                if (!clientHandshakeContext.isNegotiable(protocolVersion2)) {
                    sSLSessionImpl = null;
                    if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake,verbose")) {
                        SSLLogger.finest("Can't resume, unavailable protocol version", new Object[0]);
                    }
                }
            }
            if (sSLSessionImpl != null && !protocolVersion2.useTLS13PlusSpec() && SSLConfiguration.useExtendedMasterSecret) {
                boolean isAvailable = clientHandshakeContext.sslConfig.isAvailable(SSLExtension.CH_EXTENDED_MASTER_SECRET, protocolVersion2);
                if (isAvailable && !sSLSessionImpl.useExtendedMasterSecret && !SSLConfiguration.allowLegacyResumption) {
                    sSLSessionImpl = null;
                }
                if (sSLSessionImpl != null && !ClientHandshakeContext.allowUnsafeServerCertChange && ((str = clientHandshakeContext.sslConfig.identificationProtocol) == null || str.isEmpty())) {
                    if (!isAvailable) {
                        sSLSessionImpl = null;
                    } else if (!sSLSessionImpl.useExtendedMasterSecret) {
                        sSLSessionImpl = null;
                    }
                }
            }
            String str2 = clientHandshakeContext.sslConfig.identificationProtocol;
            if (sSLSessionImpl != null && str2 != null) {
                String identificationProtocol = sSLSessionImpl.getIdentificationProtocol();
                if (!Objects.equals(str2, identificationProtocol)) {
                    if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake,verbose")) {
                        SSLLogger.finest("Can't resume, endpoint id algorithm does not match, requested: " + str2 + ", cached: " + identificationProtocol, new Object[0]);
                    }
                    sSLSessionImpl = null;
                }
            }
            if (sSLSessionImpl != null) {
                if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake,verbose")) {
                    SSLLogger.finest("Try resuming session", sSLSessionImpl);
                }
                if (!sSLSessionImpl.getProtocolVersion().useTLS13PlusSpec()) {
                    sessionId = sSLSessionImpl.getSessionId();
                }
                if (!protocolVersion.equals(protocolVersion2)) {
                    protocolVersion = protocolVersion2;
                    clientHandshakeContext.setVersion(protocolVersion2);
                }
                if (!clientHandshakeContext.sslConfig.enableSessionCreation) {
                    list = (clientHandshakeContext.conContext.isNegotiated || protocolVersion2.useTLS13PlusSpec() || !list.contains(CipherSuite.TLS_EMPTY_RENEGOTIATION_INFO_SCSV)) ? Arrays.asList(cipherSuite) : Arrays.asList(cipherSuite, CipherSuite.TLS_EMPTY_RENEGOTIATION_INFO_SCSV);
                    if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake,verbose")) {
                        SSLLogger.finest("No new session is allowed, so try to resume the session cipher suite only", cipherSuite);
                    }
                }
                clientHandshakeContext.isResumption = true;
                clientHandshakeContext.resumingSession = sSLSessionImpl;
            }
            if (sSLSessionImpl == null) {
                if (!clientHandshakeContext.sslConfig.enableSessionCreation) {
                    throw new SSLHandshakeException("No new session is allowed and no existing session can be resumed");
                }
                if (protocolVersion.useTLS13PlusSpec() && SSLConfiguration.useCompatibilityMode) {
                    sessionId = new SessionId(true, clientHandshakeContext.sslContext.getSecureRandom());
                }
            }
            ProtocolVersion protocolVersion3 = ProtocolVersion.NONE;
            for (ProtocolVersion protocolVersion4 : clientHandshakeContext.activeProtocols) {
                if (protocolVersion3 == ProtocolVersion.NONE || protocolVersion4.compare(protocolVersion3) < 0) {
                    protocolVersion3 = protocolVersion4;
                }
            }
            if (!protocolVersion3.useTLS13PlusSpec() && clientHandshakeContext.conContext.secureRenegotiation && list.contains(CipherSuite.TLS_EMPTY_RENEGOTIATION_INFO_SCSV)) {
                list = new LinkedList(list);
                list.remove(CipherSuite.TLS_EMPTY_RENEGOTIATION_INFO_SCSV);
            }
            boolean z = false;
            Iterator<CipherSuite> it = list.iterator();
            while (true) {
                if (!it.hasNext()) {
                    break;
                }
                if (clientHandshakeContext.isNegotiable(it.next())) {
                    z = true;
                    break;
                }
            }
            if (!z) {
                throw new SSLHandshakeException("No negotiable cipher suite");
            }
            ProtocolVersion protocolVersion5 = protocolVersion;
            if (protocolVersion5.useTLS13PlusSpec()) {
                protocolVersion5 = protocolVersion5.isDTLS ? ProtocolVersion.DTLS12 : ProtocolVersion.TLS12;
            }
            ClientHelloMessage clientHelloMessage = new ClientHelloMessage(clientHandshakeContext, protocolVersion5.id, sessionId, list, clientHandshakeContext.sslContext.getSecureRandom());
            clientHandshakeContext.clientHelloRandom = clientHelloMessage.clientRandom;
            clientHandshakeContext.clientHelloVersion = protocolVersion5.id;
            clientHelloMessage.extensions.produce(clientHandshakeContext, clientHandshakeContext.sslConfig.getEnabledExtensions(SSLHandshake.CLIENT_HELLO, clientHandshakeContext.activeProtocols));
            if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
                SSLLogger.fine("Produced ClientHello handshake message", clientHelloMessage);
            }
            clientHelloMessage.write(clientHandshakeContext.handshakeOutput);
            clientHandshakeContext.handshakeOutput.flush();
            clientHandshakeContext.initialClientHelloMsg = clientHelloMessage;
            clientHandshakeContext.handshakeConsumers.put(Byte.valueOf(SSLHandshake.SERVER_HELLO.id), SSLHandshake.SERVER_HELLO);
            if (!clientHandshakeContext.sslContext.isDTLS() || protocolVersion3.useTLS13PlusSpec()) {
                return null;
            }
            clientHandshakeContext.handshakeConsumers.put(Byte.valueOf(SSLHandshake.HELLO_VERIFY_REQUEST.id), SSLHandshake.HELLO_VERIFY_REQUEST);
            return null;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:BOOT-INF/lib/java.base-2019-11-04.jar:META-INF/modules/java.base/classes/sun/security/ssl/ClientHello$ClientHelloMessage.class */
    public static final class ClientHelloMessage extends SSLHandshake.HandshakeMessage {
        private final boolean isDTLS;
        final int clientVersion;
        final RandomCookie clientRandom;
        final SessionId sessionId;
        private byte[] cookie;
        final int[] cipherSuiteIds;
        final List<CipherSuite> cipherSuites;
        final byte[] compressionMethod;
        final SSLExtensions extensions;
        private static final byte[] NULL_COMPRESSION = {0};

        ClientHelloMessage(HandshakeContext handshakeContext, int i, SessionId sessionId, List<CipherSuite> list, SecureRandom secureRandom) {
            super(handshakeContext);
            this.isDTLS = handshakeContext.sslContext.isDTLS();
            this.clientVersion = i;
            this.clientRandom = new RandomCookie(secureRandom);
            this.sessionId = sessionId;
            if (this.isDTLS) {
                this.cookie = new byte[0];
            } else {
                this.cookie = null;
            }
            this.cipherSuites = list;
            this.cipherSuiteIds = getCipherSuiteIds(list);
            this.extensions = new SSLExtensions(this);
            this.compressionMethod = NULL_COMPRESSION;
        }

        /* JADX INFO: Access modifiers changed from: package-private */
        public static void readPartial(TransportContext transportContext, ByteBuffer byteBuffer) throws IOException {
            boolean isDTLS = transportContext.sslContext.isDTLS();
            Record.getInt16(byteBuffer);
            new RandomCookie(byteBuffer);
            Record.getBytes8(byteBuffer);
            if (isDTLS) {
                Record.getBytes8(byteBuffer);
            }
            Record.getBytes16(byteBuffer);
            Record.getBytes8(byteBuffer);
            if (byteBuffer.remaining() >= 2) {
                int int16 = Record.getInt16(byteBuffer);
                while (int16 > 0) {
                    int int162 = Record.getInt16(byteBuffer);
                    int int163 = Record.getInt16(byteBuffer);
                    int16 -= int163 + 4;
                    if (int162 == SSLExtension.CH_PRE_SHARED_KEY.id) {
                        if (int16 > 0) {
                            throw transportContext.fatal(Alert.ILLEGAL_PARAMETER, "pre_shared_key extension is not last");
                        }
                        Record.getBytes16(byteBuffer);
                        return;
                    }
                    byteBuffer.position(byteBuffer.position() + int163);
                }
            }
        }

        ClientHelloMessage(HandshakeContext handshakeContext, ByteBuffer byteBuffer, SSLExtension[] sSLExtensionArr) throws IOException {
            super(handshakeContext);
            this.isDTLS = handshakeContext.sslContext.isDTLS();
            this.clientVersion = ((byteBuffer.get() & 255) << 8) | (byteBuffer.get() & 255);
            this.clientRandom = new RandomCookie(byteBuffer);
            this.sessionId = new SessionId(Record.getBytes8(byteBuffer));
            try {
                this.sessionId.checkLength(this.clientVersion);
                if (this.isDTLS) {
                    this.cookie = Record.getBytes8(byteBuffer);
                } else {
                    this.cookie = null;
                }
                byte[] bytes16 = Record.getBytes16(byteBuffer);
                if (bytes16.length == 0 || (bytes16.length & 1) != 0) {
                    throw handshakeContext.conContext.fatal(Alert.ILLEGAL_PARAMETER, "Invalid ClientHello message");
                }
                this.cipherSuiteIds = new int[bytes16.length >> 1];
                int i = 0;
                int i2 = 0;
                while (i < bytes16.length) {
                    int i3 = i;
                    int i4 = i + 1;
                    this.cipherSuiteIds[i2] = ((bytes16[i3] & 255) << 8) | (bytes16[i4] & 255);
                    i = i4 + 1;
                    i2++;
                }
                this.cipherSuites = getCipherSuites(this.cipherSuiteIds);
                this.compressionMethod = Record.getBytes8(byteBuffer);
                if (byteBuffer.hasRemaining()) {
                    this.extensions = new SSLExtensions(this, byteBuffer, sSLExtensionArr);
                } else {
                    this.extensions = new SSLExtensions(this);
                }
            } catch (SSLProtocolException e) {
                throw handshakeContext.conContext.fatal(Alert.ILLEGAL_PARAMETER, e);
            }
        }

        /* JADX INFO: Access modifiers changed from: package-private */
        public void setHelloCookie(byte[] bArr) {
            this.cookie = bArr;
        }

        /* JADX INFO: Access modifiers changed from: package-private */
        public byte[] getHelloCookieBytes() {
            HandshakeOutStream handshakeOutStream = new HandshakeOutStream(null);
            try {
                handshakeOutStream.putInt8((byte) ((this.clientVersion >>> 8) & 255));
                handshakeOutStream.putInt8((byte) (this.clientVersion & 255));
                handshakeOutStream.write(this.clientRandom.randomBytes, 0, 32);
                handshakeOutStream.putBytes8(this.sessionId.getId());
                handshakeOutStream.putBytes16(getEncodedCipherSuites());
                handshakeOutStream.putBytes8(this.compressionMethod);
                this.extensions.send(handshakeOutStream);
            } catch (IOException e) {
            }
            return handshakeOutStream.toByteArray();
        }

        /* JADX INFO: Access modifiers changed from: package-private */
        public byte[] getHeaderBytes() {
            HandshakeOutStream handshakeOutStream = new HandshakeOutStream(null);
            try {
                handshakeOutStream.putInt8((byte) ((this.clientVersion >>> 8) & 255));
                handshakeOutStream.putInt8((byte) (this.clientVersion & 255));
                handshakeOutStream.write(this.clientRandom.randomBytes, 0, 32);
                handshakeOutStream.putBytes8(this.sessionId.getId());
                handshakeOutStream.putBytes16(getEncodedCipherSuites());
                handshakeOutStream.putBytes8(this.compressionMethod);
            } catch (IOException e) {
            }
            return handshakeOutStream.toByteArray();
        }

        private static int[] getCipherSuiteIds(List<CipherSuite> list) {
            if (list == null) {
                return new int[0];
            }
            int[] iArr = new int[list.size()];
            int i = 0;
            Iterator<CipherSuite> it = list.iterator();
            while (it.hasNext()) {
                int i2 = i;
                i++;
                iArr[i2] = it.next().id;
            }
            return iArr;
        }

        private static List<CipherSuite> getCipherSuites(int[] iArr) {
            LinkedList linkedList = new LinkedList();
            for (int i : iArr) {
                CipherSuite valueOf = CipherSuite.valueOf(i);
                if (valueOf != null) {
                    linkedList.add(valueOf);
                }
            }
            return Collections.unmodifiableList(linkedList);
        }

        private List<String> getCipherSuiteNames() {
            LinkedList linkedList = new LinkedList();
            for (int i : this.cipherSuiteIds) {
                linkedList.add(CipherSuite.nameOf(i) + "(" + Utilities.byte16HexString(i) + ")");
            }
            return linkedList;
        }

        private byte[] getEncodedCipherSuites() {
            byte[] bArr = new byte[this.cipherSuiteIds.length << 1];
            int i = 0;
            for (int i2 : this.cipherSuiteIds) {
                int i3 = i;
                int i4 = i + 1;
                bArr[i3] = (byte) (i2 >> 8);
                i = i4 + 1;
                bArr[i4] = (byte) i2;
            }
            return bArr;
        }

        @Override // sun.security.ssl.SSLHandshake.HandshakeMessage
        public SSLHandshake handshakeType() {
            return SSLHandshake.CLIENT_HELLO;
        }

        @Override // sun.security.ssl.SSLHandshake.HandshakeMessage
        public int messageLength() {
            return 38 + this.sessionId.length() + (this.isDTLS ? 1 + this.cookie.length : 0) + (this.cipherSuiteIds.length * 2) + this.compressionMethod.length + this.extensions.length();
        }

        @Override // sun.security.ssl.SSLHandshake.HandshakeMessage
        public void send(HandshakeOutStream handshakeOutStream) throws IOException {
            sendCore(handshakeOutStream);
            this.extensions.send(handshakeOutStream);
        }

        /* JADX INFO: Access modifiers changed from: package-private */
        public void sendCore(HandshakeOutStream handshakeOutStream) throws IOException {
            handshakeOutStream.putInt8((byte) (this.clientVersion >>> 8));
            handshakeOutStream.putInt8((byte) this.clientVersion);
            handshakeOutStream.write(this.clientRandom.randomBytes, 0, 32);
            handshakeOutStream.putBytes8(this.sessionId.getId());
            if (this.isDTLS) {
                handshakeOutStream.putBytes8(this.cookie);
            }
            handshakeOutStream.putBytes16(getEncodedCipherSuites());
            handshakeOutStream.putBytes8(this.compressionMethod);
        }

        public String toString() {
            return this.isDTLS ? new MessageFormat("\"ClientHello\": '{'\n  \"client version\"      : \"{0}\",\n  \"random\"              : \"{1}\",\n  \"session id\"          : \"{2}\",\n  \"cookie\"              : \"{3}\",\n  \"cipher suites\"       : \"{4}\",\n  \"compression methods\" : \"{5}\",\n  \"extensions\"          : [\n{6}\n  ]\n'}'", Locale.ENGLISH).format(new Object[]{ProtocolVersion.nameOf(this.clientVersion), Utilities.toHexString(this.clientRandom.randomBytes), this.sessionId.toString(), Utilities.toHexString(this.cookie), getCipherSuiteNames().toString(), Utilities.toHexString(this.compressionMethod), Utilities.indent(Utilities.indent(this.extensions.toString()))}) : new MessageFormat("\"ClientHello\": '{'\n  \"client version\"      : \"{0}\",\n  \"random\"              : \"{1}\",\n  \"session id\"          : \"{2}\",\n  \"cipher suites\"       : \"{3}\",\n  \"compression methods\" : \"{4}\",\n  \"extensions\"          : [\n{5}\n  ]\n'}'", Locale.ENGLISH).format(new Object[]{ProtocolVersion.nameOf(this.clientVersion), Utilities.toHexString(this.clientRandom.randomBytes), this.sessionId.toString(), getCipherSuiteNames().toString(), Utilities.toHexString(this.compressionMethod), Utilities.indent(Utilities.indent(this.extensions.toString()))});
        }
    }

    /* loaded from: input_file:BOOT-INF/lib/java.base-2019-11-04.jar:META-INF/modules/java.base/classes/sun/security/ssl/ClientHello$ClientHelloProducer.class */
    private static final class ClientHelloProducer implements HandshakeProducer {
        private ClientHelloProducer() {
        }

        @Override // sun.security.ssl.HandshakeProducer
        public byte[] produce(ConnectionContext connectionContext, SSLHandshake.HandshakeMessage handshakeMessage) throws IOException {
            ClientHandshakeContext clientHandshakeContext = (ClientHandshakeContext) connectionContext;
            SSLHandshake handshakeType = handshakeMessage.handshakeType();
            if (handshakeType == null) {
                throw new UnsupportedOperationException("Not supported yet.");
            }
            switch (handshakeType) {
                case HELLO_REQUEST:
                    try {
                        clientHandshakeContext.kickstart();
                        return null;
                    } catch (IOException e) {
                        throw clientHandshakeContext.conContext.fatal(Alert.HANDSHAKE_FAILURE, e);
                    }
                case HELLO_VERIFY_REQUEST:
                    if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
                        SSLLogger.fine("Produced ClientHello(cookie) handshake message", clientHandshakeContext.initialClientHelloMsg);
                    }
                    clientHandshakeContext.initialClientHelloMsg.write(clientHandshakeContext.handshakeOutput);
                    clientHandshakeContext.handshakeOutput.flush();
                    clientHandshakeContext.handshakeConsumers.put(Byte.valueOf(SSLHandshake.SERVER_HELLO.id), SSLHandshake.SERVER_HELLO);
                    ProtocolVersion protocolVersion = ProtocolVersion.NONE;
                    for (ProtocolVersion protocolVersion2 : clientHandshakeContext.activeProtocols) {
                        if (protocolVersion == ProtocolVersion.NONE || protocolVersion2.compare(protocolVersion) < 0) {
                            protocolVersion = protocolVersion2;
                        }
                    }
                    if (!clientHandshakeContext.sslContext.isDTLS() || protocolVersion.useTLS13PlusSpec()) {
                        return null;
                    }
                    clientHandshakeContext.handshakeConsumers.put(Byte.valueOf(SSLHandshake.HELLO_VERIFY_REQUEST.id), SSLHandshake.HELLO_VERIFY_REQUEST);
                    return null;
                case HELLO_RETRY_REQUEST:
                    if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
                        SSLLogger.fine("Produced ClientHello(HRR) handshake message", clientHandshakeContext.initialClientHelloMsg);
                    }
                    clientHandshakeContext.initialClientHelloMsg.write(clientHandshakeContext.handshakeOutput);
                    clientHandshakeContext.handshakeOutput.flush();
                    clientHandshakeContext.conContext.consumers.putIfAbsent(Byte.valueOf(ContentType.CHANGE_CIPHER_SPEC.id), ChangeCipherSpec.t13Consumer);
                    clientHandshakeContext.handshakeConsumers.put(Byte.valueOf(SSLHandshake.SERVER_HELLO.id), SSLHandshake.SERVER_HELLO);
                    return null;
                default:
                    throw new UnsupportedOperationException("Not supported yet.");
            }
        }
    }

    /* loaded from: input_file:BOOT-INF/lib/java.base-2019-11-04.jar:META-INF/modules/java.base/classes/sun/security/ssl/ClientHello$D12ClientHelloConsumer.class */
    private static final class D12ClientHelloConsumer implements HandshakeConsumer {
        private D12ClientHelloConsumer() {
        }

        @Override // sun.security.ssl.HandshakeConsumer
        public void consume(ConnectionContext connectionContext, SSLHandshake.HandshakeMessage handshakeMessage) throws IOException {
            ServerHandshakeContext serverHandshakeContext = (ServerHandshakeContext) connectionContext;
            ClientHelloMessage clientHelloMessage = (ClientHelloMessage) handshakeMessage;
            if (serverHandshakeContext.conContext.isNegotiated) {
                if (!serverHandshakeContext.conContext.secureRenegotiation && !HandshakeContext.allowUnsafeRenegotiation) {
                    throw serverHandshakeContext.conContext.fatal(Alert.HANDSHAKE_FAILURE, "Unsafe renegotiation is not allowed");
                }
                if (ServerHandshakeContext.rejectClientInitiatedRenego && !serverHandshakeContext.kickstartMessageDelivered) {
                    throw serverHandshakeContext.conContext.fatal(Alert.HANDSHAKE_FAILURE, "Client initiated renegotiation is not allowed");
                }
            }
            if (clientHelloMessage.sessionId.length() != 0) {
                SSLSessionImpl sSLSessionImpl = ((SSLSessionContextImpl) serverHandshakeContext.sslContext.engineGetServerSessionContext()).get(clientHelloMessage.sessionId.getId());
                boolean z = sSLSessionImpl != null && sSLSessionImpl.isRejoinable();
                if (!z && SSLLogger.isOn && SSLLogger.isOn("ssl,handshake,verbose")) {
                    SSLLogger.finest("Can't resume, the existing session is not rejoinable", new Object[0]);
                }
                if (z && sSLSessionImpl.getProtocolVersion() != serverHandshakeContext.negotiatedProtocol) {
                    z = false;
                    if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake,verbose")) {
                        SSLLogger.finest("Can't resume, not the same protocol version", new Object[0]);
                    }
                }
                if (z && serverHandshakeContext.sslConfig.clientAuthType == ClientAuthType.CLIENT_AUTH_REQUIRED) {
                    try {
                        sSLSessionImpl.getPeerPrincipal();
                    } catch (SSLPeerUnverifiedException e) {
                        z = false;
                        if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake,verbose")) {
                            SSLLogger.finest("Can't resume, client authentication is required", new Object[0]);
                        }
                    }
                }
                if (z) {
                    CipherSuite suite = sSLSessionImpl.getSuite();
                    if (!serverHandshakeContext.isNegotiable(suite) || !clientHelloMessage.cipherSuites.contains(suite)) {
                        z = false;
                        if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake,verbose")) {
                            SSLLogger.finest("Can't resume, the session cipher suite is absent", new Object[0]);
                        }
                    }
                }
                serverHandshakeContext.isResumption = z;
                serverHandshakeContext.resumingSession = z ? sSLSessionImpl : null;
            }
            HelloCookieManager helloCookieManager = serverHandshakeContext.sslContext.getHelloCookieManager(ProtocolVersion.DTLS10);
            if (!serverHandshakeContext.isResumption && !helloCookieManager.isCookieValid(serverHandshakeContext, clientHelloMessage, clientHelloMessage.cookie)) {
                serverHandshakeContext.handshakeProducers.put(Byte.valueOf(SSLHandshake.HELLO_VERIFY_REQUEST.id), SSLHandshake.HELLO_VERIFY_REQUEST);
                SSLHandshake.HELLO_VERIFY_REQUEST.produce(connectionContext, clientHelloMessage);
                return;
            }
            serverHandshakeContext.clientHelloRandom = clientHelloMessage.clientRandom;
            clientHelloMessage.extensions.consumeOnLoad(serverHandshakeContext, serverHandshakeContext.sslConfig.getEnabledExtensions(SSLHandshake.CLIENT_HELLO));
            if (!serverHandshakeContext.conContext.isNegotiated) {
                serverHandshakeContext.conContext.protocolVersion = serverHandshakeContext.negotiatedProtocol;
                serverHandshakeContext.conContext.outputRecord.setVersion(serverHandshakeContext.negotiatedProtocol);
            }
            serverHandshakeContext.handshakeProducers.put(Byte.valueOf(SSLHandshake.SERVER_HELLO.id), SSLHandshake.SERVER_HELLO);
            for (SSLHandshake sSLHandshake : new SSLHandshake[]{SSLHandshake.SERVER_HELLO, SSLHandshake.CERTIFICATE, SSLHandshake.CERTIFICATE_STATUS, SSLHandshake.SERVER_KEY_EXCHANGE, SSLHandshake.CERTIFICATE_REQUEST, SSLHandshake.SERVER_HELLO_DONE, SSLHandshake.FINISHED}) {
                HandshakeProducer remove = serverHandshakeContext.handshakeProducers.remove(Byte.valueOf(sSLHandshake.id));
                if (remove != null) {
                    remove.produce(connectionContext, clientHelloMessage);
                }
            }
        }
    }

    /* loaded from: input_file:BOOT-INF/lib/java.base-2019-11-04.jar:META-INF/modules/java.base/classes/sun/security/ssl/ClientHello$D13ClientHelloConsumer.class */
    private static final class D13ClientHelloConsumer implements HandshakeConsumer {
        private D13ClientHelloConsumer() {
        }

        @Override // sun.security.ssl.HandshakeConsumer
        public void consume(ConnectionContext connectionContext, SSLHandshake.HandshakeMessage handshakeMessage) throws IOException {
            throw new UnsupportedOperationException("Not supported yet.");
        }
    }

    /* loaded from: input_file:BOOT-INF/lib/java.base-2019-11-04.jar:META-INF/modules/java.base/classes/sun/security/ssl/ClientHello$T12ClientHelloConsumer.class */
    private static final class T12ClientHelloConsumer implements HandshakeConsumer {
        private T12ClientHelloConsumer() {
        }

        @Override // sun.security.ssl.HandshakeConsumer
        public void consume(ConnectionContext connectionContext, SSLHandshake.HandshakeMessage handshakeMessage) throws IOException {
            ServerHandshakeContext serverHandshakeContext = (ServerHandshakeContext) connectionContext;
            ClientHelloMessage clientHelloMessage = (ClientHelloMessage) handshakeMessage;
            if (serverHandshakeContext.conContext.isNegotiated) {
                if (!serverHandshakeContext.conContext.secureRenegotiation && !HandshakeContext.allowUnsafeRenegotiation) {
                    throw serverHandshakeContext.conContext.fatal(Alert.HANDSHAKE_FAILURE, "Unsafe renegotiation is not allowed");
                }
                if (ServerHandshakeContext.rejectClientInitiatedRenego && !serverHandshakeContext.kickstartMessageDelivered) {
                    throw serverHandshakeContext.conContext.fatal(Alert.HANDSHAKE_FAILURE, "Client initiated renegotiation is not allowed");
                }
            }
            if (clientHelloMessage.sessionId.length() != 0) {
                SSLSessionImpl sSLSessionImpl = ((SSLSessionContextImpl) serverHandshakeContext.sslContext.engineGetServerSessionContext()).get(clientHelloMessage.sessionId.getId());
                boolean z = sSLSessionImpl != null && sSLSessionImpl.isRejoinable();
                if (!z && SSLLogger.isOn && SSLLogger.isOn("ssl,handshake,verbose")) {
                    SSLLogger.finest("Can't resume, the existing session is not rejoinable", new Object[0]);
                }
                if (z && sSLSessionImpl.getProtocolVersion() != serverHandshakeContext.negotiatedProtocol) {
                    z = false;
                    if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake,verbose")) {
                        SSLLogger.finest("Can't resume, not the same protocol version", new Object[0]);
                    }
                }
                if (z && serverHandshakeContext.sslConfig.clientAuthType == ClientAuthType.CLIENT_AUTH_REQUIRED) {
                    try {
                        sSLSessionImpl.getPeerPrincipal();
                    } catch (SSLPeerUnverifiedException e) {
                        z = false;
                        if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake,verbose")) {
                            SSLLogger.finest("Can't resume, client authentication is required", new Object[0]);
                        }
                    }
                }
                if (z) {
                    CipherSuite suite = sSLSessionImpl.getSuite();
                    if (!serverHandshakeContext.isNegotiable(suite) || !clientHelloMessage.cipherSuites.contains(suite)) {
                        z = false;
                        if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake,verbose")) {
                            SSLLogger.finest("Can't resume, the session cipher suite is absent", new Object[0]);
                        }
                    }
                }
                String str = serverHandshakeContext.sslConfig.identificationProtocol;
                if (z && str != null) {
                    String identificationProtocol = sSLSessionImpl.getIdentificationProtocol();
                    if (!Objects.equals(str, identificationProtocol)) {
                        if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake,verbose")) {
                            SSLLogger.finest("Can't resume, endpoint id algorithm does not match, requested: " + str + ", cached: " + identificationProtocol, new Object[0]);
                        }
                        z = false;
                    }
                }
                serverHandshakeContext.isResumption = z;
                serverHandshakeContext.resumingSession = z ? sSLSessionImpl : null;
            }
            serverHandshakeContext.clientHelloRandom = clientHelloMessage.clientRandom;
            clientHelloMessage.extensions.consumeOnLoad(serverHandshakeContext, serverHandshakeContext.sslConfig.getEnabledExtensions(SSLHandshake.CLIENT_HELLO));
            if (!serverHandshakeContext.conContext.isNegotiated) {
                serverHandshakeContext.conContext.protocolVersion = serverHandshakeContext.negotiatedProtocol;
                serverHandshakeContext.conContext.outputRecord.setVersion(serverHandshakeContext.negotiatedProtocol);
            }
            serverHandshakeContext.handshakeProducers.put(Byte.valueOf(SSLHandshake.SERVER_HELLO.id), SSLHandshake.SERVER_HELLO);
            for (SSLHandshake sSLHandshake : new SSLHandshake[]{SSLHandshake.SERVER_HELLO, SSLHandshake.CERTIFICATE, SSLHandshake.CERTIFICATE_STATUS, SSLHandshake.SERVER_KEY_EXCHANGE, SSLHandshake.CERTIFICATE_REQUEST, SSLHandshake.SERVER_HELLO_DONE, SSLHandshake.FINISHED}) {
                HandshakeProducer remove = serverHandshakeContext.handshakeProducers.remove(Byte.valueOf(sSLHandshake.id));
                if (remove != null) {
                    remove.produce(connectionContext, clientHelloMessage);
                }
            }
        }
    }

    /* loaded from: input_file:BOOT-INF/lib/java.base-2019-11-04.jar:META-INF/modules/java.base/classes/sun/security/ssl/ClientHello$T13ClientHelloConsumer.class */
    private static final class T13ClientHelloConsumer implements HandshakeConsumer {
        private T13ClientHelloConsumer() {
        }

        @Override // sun.security.ssl.HandshakeConsumer
        public void consume(ConnectionContext connectionContext, SSLHandshake.HandshakeMessage handshakeMessage) throws IOException {
            ServerHandshakeContext serverHandshakeContext = (ServerHandshakeContext) connectionContext;
            ClientHelloMessage clientHelloMessage = (ClientHelloMessage) handshakeMessage;
            serverHandshakeContext.conContext.consumers.putIfAbsent(Byte.valueOf(ContentType.CHANGE_CIPHER_SPEC.id), ChangeCipherSpec.t13Consumer);
            serverHandshakeContext.isResumption = true;
            clientHelloMessage.extensions.consumeOnLoad(serverHandshakeContext, new SSLExtension[]{SSLExtension.PSK_KEY_EXCHANGE_MODES, SSLExtension.CH_PRE_SHARED_KEY});
            clientHelloMessage.extensions.consumeOnLoad(serverHandshakeContext, serverHandshakeContext.sslConfig.getExclusiveExtensions(SSLHandshake.CLIENT_HELLO, Arrays.asList(SSLExtension.PSK_KEY_EXCHANGE_MODES, SSLExtension.CH_PRE_SHARED_KEY, SSLExtension.CH_SUPPORTED_VERSIONS)));
            if (serverHandshakeContext.handshakeProducers.isEmpty()) {
                goServerHello(serverHandshakeContext, clientHelloMessage);
            } else {
                goHelloRetryRequest(serverHandshakeContext, clientHelloMessage);
            }
        }

        private void goHelloRetryRequest(ServerHandshakeContext serverHandshakeContext, ClientHelloMessage clientHelloMessage) throws IOException {
            HandshakeProducer remove = serverHandshakeContext.handshakeProducers.remove(Byte.valueOf(SSLHandshake.HELLO_RETRY_REQUEST.id));
            if (remove == null) {
                throw serverHandshakeContext.conContext.fatal(Alert.HANDSHAKE_FAILURE, "No HelloRetryRequest producer: " + ((Object) serverHandshakeContext.handshakeProducers));
            }
            remove.produce(serverHandshakeContext, clientHelloMessage);
            if (!serverHandshakeContext.handshakeProducers.isEmpty()) {
                throw serverHandshakeContext.conContext.fatal(Alert.HANDSHAKE_FAILURE, "unknown handshake producers: " + ((Object) serverHandshakeContext.handshakeProducers));
            }
        }

        private void goServerHello(ServerHandshakeContext serverHandshakeContext, ClientHelloMessage clientHelloMessage) throws IOException {
            serverHandshakeContext.clientHelloRandom = clientHelloMessage.clientRandom;
            if (!serverHandshakeContext.conContext.isNegotiated) {
                serverHandshakeContext.conContext.protocolVersion = serverHandshakeContext.negotiatedProtocol;
                serverHandshakeContext.conContext.outputRecord.setVersion(serverHandshakeContext.negotiatedProtocol);
            }
            serverHandshakeContext.handshakeProducers.put(Byte.valueOf(SSLHandshake.SERVER_HELLO.id), SSLHandshake.SERVER_HELLO);
            for (SSLHandshake sSLHandshake : new SSLHandshake[]{SSLHandshake.SERVER_HELLO, SSLHandshake.ENCRYPTED_EXTENSIONS, SSLHandshake.CERTIFICATE_REQUEST, SSLHandshake.CERTIFICATE, SSLHandshake.CERTIFICATE_VERIFY, SSLHandshake.FINISHED}) {
                HandshakeProducer remove = serverHandshakeContext.handshakeProducers.remove(Byte.valueOf(sSLHandshake.id));
                if (remove != null) {
                    remove.produce(serverHandshakeContext, clientHelloMessage);
                }
            }
        }
    }

    ClientHello() {
    }
}
