package sun.security.ssl;

import java.io.IOException;
import java.security.MessageDigest;
import java.security.SecureRandom;
import javax.net.ssl.SSLProtocolException;
import org.apache.commons.codec.digest.MessageDigestAlgorithms;
import sun.security.ssl.HandshakeMessage;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: input_file:WEB-INF/lib/java.base-2018-04-10.jar:META-INF/modules/java.base/classes/sun/security/ssl/HelloCookieManager.class */
public final class HelloCookieManager {
    private static long COOKIE_TIMING_WINDOW = 3600000;
    private static int COOKIE_MAX_LENGTH_DTLS10 = 32;
    private static int COOKIE_MAX_LENGTH_DTLS12 = 255;
    private final SecureRandom secureRandom;
    private int cookieVersion;
    private final MessageDigest cookieDigest = JsseJce.getMessageDigest(MessageDigestAlgorithms.SHA_256);
    private long secretLifetime = 0;
    private byte[] cookieSecret = null;
    private int prevCookieVersion = 0;
    private byte[] prevCookieSecret = null;

    /* JADX INFO: Access modifiers changed from: package-private */
    public HelloCookieManager(SecureRandom secureRandom) {
        this.secureRandom = secureRandom;
        this.cookieVersion = secureRandom.nextInt();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public synchronized byte[] getCookie(HandshakeMessage.ClientHello clientHello) {
        if (this.secretLifetime < System.currentTimeMillis()) {
            if (this.cookieSecret != null) {
                this.prevCookieVersion = this.cookieVersion;
                this.prevCookieSecret = (byte[]) this.cookieSecret.clone();
            } else {
                this.cookieSecret = new byte[32];
            }
            this.cookieVersion++;
            this.secureRandom.nextBytes(this.cookieSecret);
            this.secretLifetime = System.currentTimeMillis() + COOKIE_TIMING_WINDOW;
        }
        clientHello.updateHelloCookie(this.cookieDigest);
        byte[] digest = this.cookieDigest.digest(this.cookieSecret);
        digest[0] = (byte) ((this.cookieVersion >> 24) & 255);
        digest[1] = (byte) ((this.cookieVersion >> 16) & 255);
        digest[2] = (byte) ((this.cookieVersion >> 8) & 255);
        digest[3] = (byte) (this.cookieVersion & 255);
        return digest;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public synchronized boolean isValid(HandshakeMessage.ClientHello clientHello) {
        byte[] bArr;
        byte[] bArr2 = clientHello.cookie;
        if (bArr2 == null || bArr2.length != 32) {
            return false;
        }
        int i = ((bArr2[0] & 255) << 24) | ((bArr2[1] & 255) << 16) | ((bArr2[2] & 255) << 8) | (bArr2[3] & 255);
        if (i == this.cookieVersion) {
            bArr = this.cookieSecret;
        } else {
            if (i != this.prevCookieVersion) {
                return false;
            }
            bArr = this.prevCookieSecret;
        }
        clientHello.updateHelloCookie(this.cookieDigest);
        byte[] digest = this.cookieDigest.digest(bArr);
        for (int i2 = 4; i2 < 32; i2++) {
            if (bArr2[i2] != digest[i2]) {
                return false;
            }
        }
        return true;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static void checkCookie(ProtocolVersion protocolVersion, byte[] bArr) throws IOException {
        if (bArr == null || bArr.length == 0) {
            return;
        }
        int i = COOKIE_MAX_LENGTH_DTLS12;
        if (protocolVersion.v == ProtocolVersion.DTLS10.v) {
            int i2 = COOKIE_MAX_LENGTH_DTLS10;
        }
        if (bArr.length > COOKIE_MAX_LENGTH_DTLS10) {
            throw new SSLProtocolException("Invalid HelloVerifyRequest.cookie (length = " + bArr.length + " bytes)");
        }
    }
}
