package org.eclipse.californium.scandium.dtls;

import java.security.GeneralSecurityException;
import java.security.MessageDigest;
import java.security.PublicKey;
import java.security.SecureRandom;
import java.security.cert.CertPath;
import java.security.cert.X509Certificate;
import java.security.interfaces.ECPublicKey;
import java.util.Collections;
import java.util.List;
import org.eclipse.californium.core.coap.OptionNumberRegistry;
import org.eclipse.californium.elements.auth.RawPublicKeyIdentity;
import org.eclipse.californium.elements.auth.X509CertPath;
import org.eclipse.californium.elements.util.Bytes;
import org.eclipse.californium.elements.util.StringUtil;
import org.eclipse.californium.scandium.config.DtlsConnectorConfig;
import org.eclipse.californium.scandium.dtls.AlertMessage;
import org.eclipse.californium.scandium.dtls.MaxFragmentLengthExtension;
import org.eclipse.californium.scandium.dtls.cipher.CipherSuite;
import org.eclipse.californium.scandium.dtls.cipher.ECDHECryptography;
import org.eclipse.californium.scandium.dtls.pskstore.PskStore;
import org.eclipse.californium.scandium.util.ByteArrayUtils;
import org.eclipse.californium.scandium.util.PskUtil;
import org.eclipse.californium.scandium.util.ServerNames;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/eclipse/californium/scandium/dtls/ClientHandshaker.class */
public class ClientHandshaker extends Handshaker {
    private static final Logger LOGGER = LoggerFactory.getLogger(ClientHandshaker.class.getName());
    private ProtocolVersion maxProtocolVersion;
    private PublicKey serverPublicKey;
    private CertPath peerCertPath;
    private ECPublicKey ephemeralServerPublicKey;
    protected ClientHello clientHello;
    private final List<CipherSuite> preferredCipherSuites;
    protected Integer maxFragmentLengthCode;
    protected final List<CertificateType> supportedClientCertificateTypes;
    protected final List<CertificateType> supportedServerCertificateTypes;
    protected ServerHello serverHello;
    protected CertificateMessage serverCertificate;
    protected CertificateMessage clientCertificate;
    protected CertificateRequest certificateRequest;
    protected CertificateVerify certificateVerify;
    protected ServerKeyExchange serverKeyExchange;
    protected ServerHelloDone serverHelloDone;
    protected byte[] handshakeHash;
    protected final PskStore pskStore;
    protected ServerNames indicatedServerNames;
    protected SignatureAndHashAlgorithm negotiatedSignatureAndHashAlgorithm;

    /* JADX INFO: Access modifiers changed from: package-private */
    /* renamed from: org.eclipse.californium.scandium.dtls.ClientHandshaker$1, reason: invalid class name */
    /* loaded from: input_file:org/eclipse/californium/scandium/dtls/ClientHandshaker$1.class */
    public static /* synthetic */ class AnonymousClass1 {
        static final /* synthetic */ int[] $SwitchMap$org$eclipse$californium$scandium$dtls$HandshakeType;

        static {
            try {
                $SwitchMap$org$eclipse$californium$scandium$dtls$ContentType[ContentType.ALERT.ordinal()] = 1;
            } catch (NoSuchFieldError e) {
            }
            try {
                $SwitchMap$org$eclipse$californium$scandium$dtls$ContentType[ContentType.CHANGE_CIPHER_SPEC.ordinal()] = 2;
            } catch (NoSuchFieldError e2) {
            }
            try {
                $SwitchMap$org$eclipse$californium$scandium$dtls$ContentType[ContentType.HANDSHAKE.ordinal()] = 3;
            } catch (NoSuchFieldError e3) {
            }
            $SwitchMap$org$eclipse$californium$scandium$dtls$HandshakeType = new int[HandshakeType.values().length];
            try {
                $SwitchMap$org$eclipse$californium$scandium$dtls$HandshakeType[HandshakeType.HELLO_REQUEST.ordinal()] = 1;
            } catch (NoSuchFieldError e4) {
            }
            try {
                $SwitchMap$org$eclipse$californium$scandium$dtls$HandshakeType[HandshakeType.HELLO_VERIFY_REQUEST.ordinal()] = 2;
            } catch (NoSuchFieldError e5) {
            }
            try {
                $SwitchMap$org$eclipse$californium$scandium$dtls$HandshakeType[HandshakeType.SERVER_HELLO.ordinal()] = 3;
            } catch (NoSuchFieldError e6) {
            }
            try {
                $SwitchMap$org$eclipse$californium$scandium$dtls$HandshakeType[HandshakeType.CERTIFICATE.ordinal()] = 4;
            } catch (NoSuchFieldError e7) {
            }
            try {
                $SwitchMap$org$eclipse$californium$scandium$dtls$HandshakeType[HandshakeType.SERVER_KEY_EXCHANGE.ordinal()] = 5;
            } catch (NoSuchFieldError e8) {
            }
            try {
                $SwitchMap$org$eclipse$californium$scandium$dtls$HandshakeType[HandshakeType.CERTIFICATE_REQUEST.ordinal()] = 6;
            } catch (NoSuchFieldError e9) {
            }
            try {
                $SwitchMap$org$eclipse$californium$scandium$dtls$HandshakeType[HandshakeType.SERVER_HELLO_DONE.ordinal()] = 7;
            } catch (NoSuchFieldError e10) {
            }
            try {
                $SwitchMap$org$eclipse$californium$scandium$dtls$HandshakeType[HandshakeType.FINISHED.ordinal()] = 8;
            } catch (NoSuchFieldError e11) {
            }
            $SwitchMap$org$eclipse$californium$scandium$dtls$cipher$CipherSuite$KeyExchangeAlgorithm = new int[CipherSuite.KeyExchangeAlgorithm.values().length];
            try {
                $SwitchMap$org$eclipse$californium$scandium$dtls$cipher$CipherSuite$KeyExchangeAlgorithm[CipherSuite.KeyExchangeAlgorithm.EC_DIFFIE_HELLMAN.ordinal()] = 1;
            } catch (NoSuchFieldError e12) {
            }
            try {
                $SwitchMap$org$eclipse$californium$scandium$dtls$cipher$CipherSuite$KeyExchangeAlgorithm[CipherSuite.KeyExchangeAlgorithm.PSK.ordinal()] = 2;
            } catch (NoSuchFieldError e13) {
            }
            try {
                $SwitchMap$org$eclipse$californium$scandium$dtls$cipher$CipherSuite$KeyExchangeAlgorithm[CipherSuite.KeyExchangeAlgorithm.ECDHE_PSK.ordinal()] = 3;
            } catch (NoSuchFieldError e14) {
            }
            try {
                $SwitchMap$org$eclipse$californium$scandium$dtls$cipher$CipherSuite$KeyExchangeAlgorithm[CipherSuite.KeyExchangeAlgorithm.NULL.ordinal()] = 4;
            } catch (NoSuchFieldError e15) {
            }
        }
    }

    public ClientHandshaker(DTLSSession dTLSSession, RecordLayer recordLayer, Connection connection, DtlsConnectorConfig dtlsConnectorConfig, int i) {
        super(true, 0, dTLSSession, recordLayer, connection, dtlsConnectorConfig, i);
        this.maxProtocolVersion = new ProtocolVersion();
        this.clientHello = null;
        this.serverCertificate = null;
        this.clientCertificate = null;
        this.certificateRequest = null;
        this.certificateVerify = null;
        this.serverKeyExchange = null;
        this.handshakeHash = null;
        this.privateKey = dtlsConnectorConfig.getPrivateKey();
        this.certificateChain = dtlsConnectorConfig.getCertificateChain();
        this.publicKey = dtlsConnectorConfig.getPublicKey();
        this.pskStore = dtlsConnectorConfig.getPskStore();
        this.preferredCipherSuites = dtlsConnectorConfig.getSupportedCipherSuites();
        this.maxFragmentLengthCode = dtlsConnectorConfig.getMaxFragmentLengthCode();
        this.sniEnabled = dtlsConnectorConfig.isSniEnabled().booleanValue();
        this.supportedServerCertificateTypes = dtlsConnectorConfig.getTrustCertificateTypes();
        this.supportedClientCertificateTypes = dtlsConnectorConfig.getIdentityCertificateTypes();
    }

    final SignatureAndHashAlgorithm getNegotiatedSignatureAndHashAlgorithm() {
        return this.negotiatedSignatureAndHashAlgorithm;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.eclipse.californium.scandium.dtls.Handshaker
    public void doProcessMessage(DTLSMessage dTLSMessage) throws HandshakeException, GeneralSecurityException {
        if (LOGGER.isDebugEnabled()) {
            StringBuilder sb = new StringBuilder();
            sb.append(String.format("Processing %s message from peer [%s]", dTLSMessage.getContentType(), dTLSMessage.getPeer()));
            if (LOGGER.isTraceEnabled()) {
                sb.append(":").append(StringUtil.lineSeparator()).append(dTLSMessage);
            }
            LOGGER.debug(sb.toString());
        }
        switch (dTLSMessage.getContentType()) {
            case ALERT:
                return;
            case CHANGE_CIPHER_SPEC:
                setCurrentReadState();
                LOGGER.debug("Processed {} message from peer [{}]", dTLSMessage.getContentType(), dTLSMessage.getPeer());
                return;
            case HANDSHAKE:
                HandshakeMessage handshakeMessage = (HandshakeMessage) dTLSMessage;
                switch (AnonymousClass1.$SwitchMap$org$eclipse$californium$scandium$dtls$HandshakeType[handshakeMessage.getMessageType().ordinal()]) {
                    case 1:
                        receivedHelloRequest();
                        break;
                    case 2:
                        receivedHelloVerifyRequest((HelloVerifyRequest) handshakeMessage);
                        break;
                    case 3:
                        receivedServerHello((ServerHello) handshakeMessage);
                        break;
                    case 4:
                        receivedServerCertificate((CertificateMessage) handshakeMessage);
                        break;
                    case OptionNumberRegistry.IF_NONE_MATCH /* 5 */:
                        switch (getKeyExchangeAlgorithm()) {
                            case EC_DIFFIE_HELLMAN:
                                receivedServerKeyExchange((ECDHServerKeyExchange) handshakeMessage);
                                break;
                            case PSK:
                                this.serverKeyExchange = (PSKServerKeyExchange) handshakeMessage;
                                break;
                            case ECDHE_PSK:
                                receivedServerKeyExchange((EcdhPskServerKeyExchange) handshakeMessage);
                                break;
                            case NULL:
                                LOGGER.info("Received unexpected ServerKeyExchange message in NULL key exchange mode.");
                                break;
                            default:
                                throw new HandshakeException(String.format("Unsupported key exchange algorithm %s", getKeyExchangeAlgorithm().name()), new AlertMessage(AlertMessage.AlertLevel.FATAL, AlertMessage.AlertDescription.HANDSHAKE_FAILURE, handshakeMessage.getPeer()));
                        }
                    case OptionNumberRegistry.OBSERVE /* 6 */:
                        this.certificateRequest = (CertificateRequest) handshakeMessage;
                        break;
                    case OptionNumberRegistry.URI_PORT /* 7 */:
                        receivedServerHelloDone((ServerHelloDone) handshakeMessage);
                        expectChangeCipherSpecMessage();
                        break;
                    case 8:
                        receivedServerFinished((Finished) handshakeMessage);
                        break;
                    default:
                        throw new HandshakeException(String.format("Received unexpected handshake message [%s] from peer %s", handshakeMessage.getMessageType(), handshakeMessage.getPeer()), new AlertMessage(AlertMessage.AlertLevel.FATAL, AlertMessage.AlertDescription.UNEXPECTED_MESSAGE, handshakeMessage.getPeer()));
                }
                incrementNextReceiveSeq();
                LOGGER.debug("Processed {} message with sequence no [{}] from peer [{}]", new Object[]{handshakeMessage.getMessageType(), Integer.valueOf(handshakeMessage.getMessageSeq()), handshakeMessage.getPeer()});
                return;
            default:
                throw new HandshakeException(String.format("Received unexpected message [%s] from peer %s", dTLSMessage.getContentType(), dTLSMessage.getPeer()), new AlertMessage(AlertMessage.AlertLevel.FATAL, AlertMessage.AlertDescription.HANDSHAKE_FAILURE, dTLSMessage.getPeer()));
        }
    }

    private void receivedServerFinished(Finished finished) throws HandshakeException, GeneralSecurityException {
        finished.verifyData(this.session.getMasterSecret(), false, this.handshakeHash);
        this.state = HandshakeType.FINISHED.getCode();
        sessionEstablished();
        handshakeCompleted();
    }

    private void receivedHelloRequest() throws HandshakeException {
        if (this.state < HandshakeType.HELLO_REQUEST.getCode()) {
            startHandshake();
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void receivedHelloVerifyRequest(HelloVerifyRequest helloVerifyRequest) throws HandshakeException {
        this.clientHello.setCookie(helloVerifyRequest.getCookie());
        this.flightNumber = 3;
        DTLSFlight dTLSFlight = new DTLSFlight(getSession(), this.flightNumber);
        wrapMessage(dTLSFlight, this.clientHello);
        sendFlight(dTLSFlight);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void receivedServerHello(ServerHello serverHello) throws HandshakeException {
        ConnectionIdExtension connectionIdExtension;
        if (this.serverHello == null || serverHello.getMessageSeq() != this.serverHello.getMessageSeq()) {
            this.serverHello = serverHello;
            this.usedProtocol = serverHello.getServerVersion();
            this.serverRandom = serverHello.getRandom();
            this.session.setSessionIdentifier(serverHello.getSessionId());
            this.session.setCipherSuite(serverHello.getCipherSuite());
            this.session.setCompressionMethod(serverHello.getCompressionMethod());
            if (serverHello.getMaxFragmentLength() != null) {
                MaxFragmentLengthExtension.Length fragmentLength = serverHello.getMaxFragmentLength().getFragmentLength();
                if (fragmentLength.code() != this.maxFragmentLengthCode.intValue()) {
                    throw new HandshakeException("Server wants to use other max. fragment size than proposed", new AlertMessage(AlertMessage.AlertLevel.FATAL, AlertMessage.AlertDescription.ILLEGAL_PARAMETER, serverHello.getPeer()));
                }
                this.session.setMaxFragmentLength(fragmentLength.length());
            }
            if (this.connectionIdLength != null && (connectionIdExtension = this.serverHello.getConnectionIdExtension()) != null) {
                this.session.setWriteConnectionId(connectionIdExtension.getConnectionId());
            }
            this.session.setSendCertificateType(this.serverHello.getClientCertificateType());
            this.session.setReceiveCertificateType(this.serverHello.getServerCertificateType());
            this.session.setSniSupported(this.serverHello.hasServerNameExtension());
            this.session.setParameterAvailable();
        }
    }

    private void receivedServerCertificate(CertificateMessage certificateMessage) throws HandshakeException {
        if (this.serverCertificate == null || this.serverCertificate.getMessageSeq() != certificateMessage.getMessageSeq()) {
            this.serverCertificate = certificateMessage;
            verifyCertificate(this.serverCertificate);
            this.serverPublicKey = this.serverCertificate.getPublicKey();
            this.peerCertPath = certificateMessage.getCertificateChain();
        }
    }

    private void receivedServerKeyExchange(ECDHServerKeyExchange eCDHServerKeyExchange) throws HandshakeException {
        if (this.serverKeyExchange == null || this.serverKeyExchange.getMessageSeq() != eCDHServerKeyExchange.getMessageSeq()) {
            this.serverKeyExchange = eCDHServerKeyExchange;
            eCDHServerKeyExchange.verifySignature(this.serverPublicKey, this.clientRandom, this.serverRandom);
            if (this.peerCertPath != null) {
                this.session.setPeerIdentity(new X509CertPath(this.peerCertPath));
            } else {
                this.session.setPeerIdentity(new RawPublicKeyIdentity(this.serverPublicKey));
            }
            this.ephemeralServerPublicKey = eCDHServerKeyExchange.getPublicKey();
            try {
                this.ecdhe = new ECDHECryptography(this.ephemeralServerPublicKey.getParams());
            } catch (GeneralSecurityException e) {
                throw new HandshakeException(String.format("Cannot create ephemeral keys from domain params provided by server: %s", e.getMessage()), new AlertMessage(AlertMessage.AlertLevel.FATAL, AlertMessage.AlertDescription.HANDSHAKE_FAILURE, getPeerAddress()));
            }
        }
    }

    private void receivedServerKeyExchange(EcdhPskServerKeyExchange ecdhPskServerKeyExchange) throws HandshakeException {
        if (this.serverKeyExchange == null || this.serverKeyExchange.getMessageSeq() != ecdhPskServerKeyExchange.getMessageSeq()) {
            this.serverKeyExchange = ecdhPskServerKeyExchange;
            this.ephemeralServerPublicKey = ecdhPskServerKeyExchange.getPublicKey();
            try {
                this.ecdhe = new ECDHECryptography(this.ephemeralServerPublicKey.getParams());
            } catch (GeneralSecurityException e) {
                throw new HandshakeException(String.format("Cannot create ephemeral keys from domain params provided by server: %s", e.getMessage()), new AlertMessage(AlertMessage.AlertLevel.FATAL, AlertMessage.AlertDescription.HANDSHAKE_FAILURE, getPeerAddress()));
            }
        }
    }

    private void receivedServerHelloDone(ServerHelloDone serverHelloDone) throws HandshakeException, GeneralSecurityException {
        DTLSMessage nULLClientKeyExchange;
        if (this.serverHelloDone == null || this.serverHelloDone.getMessageSeq() != serverHelloDone.getMessageSeq()) {
            this.serverHelloDone = serverHelloDone;
            this.flightNumber += 2;
            DTLSFlight dTLSFlight = new DTLSFlight(getSession(), this.flightNumber);
            createCertificateMessage(dTLSFlight);
            switch (getKeyExchangeAlgorithm()) {
                case EC_DIFFIE_HELLMAN:
                    nULLClientKeyExchange = new ECDHClientKeyExchange(this.ecdhe.getPublicKey(), this.session.getPeer());
                    generateKeys(this.ecdhe.getSecret(this.ephemeralServerPublicKey).getEncoded());
                    break;
                case PSK:
                    PskUtil pskUtil = new PskUtil(this.sniEnabled, this.session, this.pskStore);
                    LOGGER.debug("Using PSK identity: {}", pskUtil.getPskIdentity());
                    this.session.setPeerIdentity(pskUtil.getPskIdentity());
                    nULLClientKeyExchange = new PSKClientKeyExchange(pskUtil.getPskIdentity().getIdentity(), this.session.getPeer());
                    generateKeys(generatePremasterSecretFromPSK(pskUtil.getPreSharedKey(), null));
                    break;
                case ECDHE_PSK:
                    PskUtil pskUtil2 = new PskUtil(this.sniEnabled, this.session, this.pskStore);
                    LOGGER.debug("Using PSK identity: {}", pskUtil2.getPskIdentity());
                    this.session.setPeerIdentity(pskUtil2.getPskIdentity());
                    nULLClientKeyExchange = new EcdhPskClientKeyExchange(pskUtil2.getPskIdentity().getIdentity(), this.ecdhe.getPublicKey(), this.session.getPeer());
                    generateKeys(generatePremasterSecretFromPSK(pskUtil2.getPreSharedKey(), this.ecdhe.getSecret(this.ephemeralServerPublicKey).getEncoded()));
                    break;
                case NULL:
                    nULLClientKeyExchange = new NULLClientKeyExchange(this.session.getPeer());
                    generateKeys(Bytes.EMPTY);
                    break;
                default:
                    throw new HandshakeException("Unknown key exchange algorithm: " + getKeyExchangeAlgorithm(), new AlertMessage(AlertMessage.AlertLevel.FATAL, AlertMessage.AlertDescription.HANDSHAKE_FAILURE, this.session.getPeer()));
            }
            wrapMessage(dTLSFlight, nULLClientKeyExchange);
            if (this.certificateRequest != null && this.negotiatedSignatureAndHashAlgorithm != null) {
                this.handshakeMessages = ByteArrayUtils.concatenate(this.handshakeMessages, this.clientHello.toByteArray());
                this.handshakeMessages = ByteArrayUtils.concatenate(this.handshakeMessages, this.serverHello.toByteArray());
                this.handshakeMessages = ByteArrayUtils.concatenate(this.handshakeMessages, this.serverCertificate.toByteArray());
                this.handshakeMessages = ByteArrayUtils.concatenate(this.handshakeMessages, this.serverKeyExchange.toByteArray());
                this.handshakeMessages = ByteArrayUtils.concatenate(this.handshakeMessages, this.certificateRequest.toByteArray());
                this.handshakeMessages = ByteArrayUtils.concatenate(this.handshakeMessages, this.serverHelloDone.toByteArray());
                this.handshakeMessages = ByteArrayUtils.concatenate(this.handshakeMessages, this.clientCertificate.toByteArray());
                this.handshakeMessages = ByteArrayUtils.concatenate(this.handshakeMessages, nULLClientKeyExchange.toByteArray());
                this.certificateVerify = new CertificateVerify(this.negotiatedSignatureAndHashAlgorithm, this.privateKey, this.handshakeMessages, this.session.getPeer());
                wrapMessage(dTLSFlight, this.certificateVerify);
            }
            wrapMessage(dTLSFlight, new ChangeCipherSpecMessage(this.session.getPeer()));
            setCurrentWriteState();
            this.md.update(this.clientHello.toByteArray());
            this.md.update(this.serverHello.toByteArray());
            if (this.serverCertificate != null) {
                this.md.update(this.serverCertificate.toByteArray());
            }
            if (this.serverKeyExchange != null) {
                this.md.update(this.serverKeyExchange.toByteArray());
            }
            if (this.certificateRequest != null) {
                this.md.update(this.certificateRequest.toByteArray());
            }
            this.md.update(this.serverHelloDone.toByteArray());
            if (this.clientCertificate != null) {
                this.md.update(this.clientCertificate.toByteArray());
            }
            this.md.update(nULLClientKeyExchange.toByteArray());
            if (this.certificateVerify != null) {
                this.md.update(this.certificateVerify.toByteArray());
            }
            try {
                MessageDigest messageDigest = (MessageDigest) this.md.clone();
                this.handshakeHash = this.md.digest();
                Finished finished = new Finished(this.session.getMasterSecret(), this.isClient, this.handshakeHash, this.session.getPeer());
                wrapMessage(dTLSFlight, finished);
                messageDigest.update(finished.toByteArray());
                this.handshakeHash = messageDigest.digest();
                sendFlight(dTLSFlight);
            } catch (CloneNotSupportedException e) {
                throw new HandshakeException("Cannot create FINISHED message", new AlertMessage(AlertMessage.AlertLevel.FATAL, AlertMessage.AlertDescription.INTERNAL_ERROR, serverHelloDone.getPeer()));
            }
        }
    }

    private void createCertificateMessage(DTLSFlight dTLSFlight) throws HandshakeException {
        if (this.certificateRequest != null) {
            if (CertificateType.RAW_PUBLIC_KEY == this.session.sendCertificateType()) {
                byte[] bArr = Bytes.EMPTY;
                PublicKey determineClientRawPublicKey = determineClientRawPublicKey(this.certificateRequest);
                if (determineClientRawPublicKey != null) {
                    bArr = determineClientRawPublicKey.getEncoded();
                }
                if (LOGGER.isDebugEnabled()) {
                    LOGGER.debug("sending CERTIFICATE message with client RawPublicKey [{}] to server", ByteArrayUtils.toHexString(bArr));
                }
                this.clientCertificate = new CertificateMessage(bArr, this.session.getPeer());
            } else {
                if (CertificateType.X_509 != this.session.sendCertificateType()) {
                    throw new IllegalArgumentException("Certificate type " + this.session.sendCertificateType() + " not supported!");
                }
                List<X509Certificate> removeTrustedCertificates = this.certificateRequest.removeTrustedCertificates(determineClientCertificateChain(this.certificateRequest));
                LOGGER.debug("sending CERTIFICATE message with client certificate chain [length: {}] to server", Integer.valueOf(removeTrustedCertificates.size()));
                this.clientCertificate = new CertificateMessage(removeTrustedCertificates, this.session.getPeer());
            }
            wrapMessage(dTLSFlight, this.clientCertificate);
        }
    }

    PublicKey determineClientRawPublicKey(CertificateRequest certificateRequest) throws HandshakeException {
        if (this.publicKey == null) {
            return null;
        }
        this.negotiatedSignatureAndHashAlgorithm = certificateRequest.getSignatureAndHashAlgorithm(this.publicKey);
        if (this.negotiatedSignatureAndHashAlgorithm == null) {
            return null;
        }
        return this.publicKey;
    }

    List<X509Certificate> determineClientCertificateChain(CertificateRequest certificateRequest) throws HandshakeException {
        if (this.certificateChain == null) {
            return Collections.emptyList();
        }
        this.negotiatedSignatureAndHashAlgorithm = certificateRequest.getSignatureAndHashAlgorithm(this.certificateChain);
        return this.negotiatedSignatureAndHashAlgorithm == null ? Collections.emptyList() : this.certificateChain;
    }

    @Override // org.eclipse.californium.scandium.dtls.Handshaker
    public void startHandshake() throws HandshakeException {
        handshakeStarted();
        ClientHello clientHello = new ClientHello(this.maxProtocolVersion, new SecureRandom(), this.preferredCipherSuites, this.supportedClientCertificateTypes, this.supportedServerCertificateTypes, this.session.getPeer());
        this.clientRandom = clientHello.getRandom();
        clientHello.addCompressionMethod(CompressionMethod.NULL);
        addConnectionId(clientHello);
        addMaxFragmentLength(clientHello);
        addServerNameIndication(clientHello);
        this.state = clientHello.getMessageType().getCode();
        this.flightNumber = 1;
        this.clientHello = clientHello;
        DTLSFlight dTLSFlight = new DTLSFlight(this.session, this.flightNumber);
        wrapMessage(dTLSFlight, clientHello);
        sendFlight(dTLSFlight);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void addMaxFragmentLength(ClientHello clientHello) {
        if (this.maxFragmentLengthCode != null) {
            clientHello.addExtension(new MaxFragmentLengthExtension(this.maxFragmentLengthCode.intValue()));
            LOGGER.debug("Indicating max. fragment length [{}] to server [{}]", this.maxFragmentLengthCode, getPeerAddress());
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void addConnectionId(ClientHello clientHello) {
        if (this.connectionIdLength != null) {
            clientHello.addExtension(ConnectionIdExtension.fromConnectionId(this.connectionIdLength.intValue() > 0 ? getConnection().getConnectionId() : ConnectionId.EMPTY));
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void addServerNameIndication(ClientHello clientHello) {
        if (!this.sniEnabled || this.session.getVirtualHost() == null) {
            return;
        }
        LOGGER.debug("adding SNI extension to CLIENT_HELLO message [{}]", this.session.getVirtualHost());
        clientHello.addExtension(ServerNameExtension.forHostName(this.session.getVirtualHost()));
    }
}
