package org.eclipse.californium.scandium.config;

import java.net.InetSocketAddress;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
import org.eclipse.californium.elements.util.Asn1DerDecoder;
import org.eclipse.californium.scandium.ConnectionListener;
import org.eclipse.californium.scandium.DtlsHealth;
import org.eclipse.californium.scandium.auth.ApplicationLevelInfoSupplier;
import org.eclipse.californium.scandium.dtls.CertificateType;
import org.eclipse.californium.scandium.dtls.ConnectionIdGenerator;
import org.eclipse.californium.scandium.dtls.ProtocolVersion;
import org.eclipse.californium.scandium.dtls.SignatureAndHashAlgorithm;
import org.eclipse.californium.scandium.dtls.cipher.CipherSuite;
import org.eclipse.californium.scandium.dtls.cipher.CipherSuiteSelector;
import org.eclipse.californium.scandium.dtls.cipher.XECDHECryptography;
import org.eclipse.californium.scandium.dtls.pskstore.AdvancedInMemoryPskStore;
import org.eclipse.californium.scandium.dtls.pskstore.AdvancedPskStore;
import org.eclipse.californium.scandium.dtls.pskstore.PskStore;
import org.eclipse.californium.scandium.dtls.rpkstore.TrustedRpkStore;
import org.eclipse.californium.scandium.dtls.x509.CertificateVerifier;
import org.eclipse.californium.scandium.dtls.x509.NewAdvancedCertificateVerifier;

/* loaded from: classes2.dex */
public final class DtlsConnectorConfig {
    private static final int DEFAULT_EXECUTOR_THREAD_POOL_SIZE = Runtime.getRuntime().availableProcessors() * 6;
    private static final int DEFAULT_RECEIVER_THREADS = (Runtime.getRuntime().availableProcessors() + 1) / 2;
    private InetSocketAddress address;
    private NewAdvancedCertificateVerifier advancedCertificateVerifier;
    private AdvancedPskStore advancedPskStore;
    private Long autoResumptionTimeoutMillis;
    private Integer backOffRetransmission;
    private List<X509Certificate> certChain;

    @Deprecated
    private CertificateVerifier certificateVerifier;
    private CipherSuiteSelector cipherSuiteSelector;
    private Boolean clientAuthenticationRequired;
    private Boolean clientAuthenticationWanted;
    private Boolean clientOnly;
    private ConnectionIdGenerator connectionIdGenerator;
    private Integer connectionThreadCount;
    private String defaultHandshakeMode;
    private Boolean earlyStopRetransmission;
    private Boolean enableMultiHandshakeMessageRecords;
    private Boolean enableMultiRecordMessages;
    private Boolean enableReuseAddress;
    private DtlsHealth healthHandler;
    private Integer healthStatusInterval;
    private List<CertificateType> identityCertificateTypes;
    private String loggingTag;
    private Integer maxConnections;
    private Integer maxDeferredProcessedIncomingRecordsSize;
    private Integer maxDeferredProcessedOutgoingApplicationDataMessages;
    private Integer maxFragmentLengthCode;
    private Integer maxFragmentedHandshakeMessageLength;
    private Integer maxRetransmissions;
    private Integer maxTransmissionUnit;
    private Integer maxTransmissionUnitLimit;
    private Integer outboundMessageBufferSize;
    private List<CipherSuite> preselectedCipherSuites;
    private PrivateKey privateKey;
    private ProtocolVersion protocolVersionForHelloVerifyRequests;

    @Deprecated
    private PskStore pskStore;
    private PublicKey publicKey;
    private Integer receiverThreadCount;
    private Boolean recommendedCipherSuitesOnly;
    private Boolean recommendedSupportedGroupsOnly;
    private Integer recordSizeLimit;
    private Integer retransmissionTimeout;
    private Boolean serverOnly;
    private Boolean sniEnabled;
    private Integer socketReceiveBufferSize;
    private Integer socketSendBufferSize;
    private Long staleConnectionThreshold;
    private List<CipherSuite> supportedCipherSuites;
    private List<XECDHECryptography.SupportedGroup> supportedGroups;
    private List<SignatureAndHashAlgorithm> supportedSignatureAlgorithms;
    private List<CertificateType> trustCertificateTypes;

    @Deprecated
    private X509Certificate[] trustStore;
    private Boolean useAntiReplayFilter;
    private Boolean useCidUpdateAddressOnNewerRecordFilter;
    private Integer useExtendedWindowFilter;
    private Boolean useHandshakeStateValidation;
    private Boolean useKeyUsageVerification;
    private Boolean useNoServerSessionId;
    private Boolean useTruncatedCertificatePathForClientsCertificateMessage;
    private Boolean useTruncatedCertificatePathForValidation;
    private Integer verifyPeersOnResumptionThreshold;

    /* loaded from: classes2.dex */
    public static final class Builder {
        private DtlsConnectorConfig config = new DtlsConnectorConfig();

        private void addSupportedGroups(List<XECDHECryptography.SupportedGroup> list, PublicKey publicKey) {
            XECDHECryptography.SupportedGroup fromPublicKey;
            if (publicKey == null || (fromPublicKey = XECDHECryptography.SupportedGroup.fromPublicKey(publicKey)) == null || !fromPublicKey.isUsable() || list.contains(fromPublicKey)) {
                return;
            }
            if (!this.config.recommendedSupportedGroupsOnly.booleanValue() || fromPublicKey.isRecommended()) {
                list.add(fromPublicKey);
            }
        }

        private void determineCipherSuitesFromConfig() {
            ArrayList arrayList = new ArrayList();
            if (isConfiguredWithKeyPair() || this.config.trustCertificateTypes != null) {
                arrayList.addAll(CipherSuite.getEcdsaCipherSuites(this.config.recommendedCipherSuitesOnly.booleanValue()));
            }
            if (this.config.advancedPskStore != null) {
                if (this.config.advancedPskStore.hasEcdhePskSupported()) {
                    arrayList.addAll(CipherSuite.getCipherSuitesByKeyExchangeAlgorithm(this.config.recommendedCipherSuitesOnly.booleanValue(), CipherSuite.KeyExchangeAlgorithm.ECDHE_PSK));
                }
                arrayList.addAll(CipherSuite.getCipherSuitesByKeyExchangeAlgorithm(this.config.recommendedCipherSuitesOnly.booleanValue(), CipherSuite.KeyExchangeAlgorithm.PSK));
            }
            if (this.config.preselectedCipherSuites != null) {
                ArrayList arrayList2 = new ArrayList();
                for (CipherSuite cipherSuite : this.config.preselectedCipherSuites) {
                    if (arrayList.contains(cipherSuite)) {
                        arrayList2.add(cipherSuite);
                    }
                }
                arrayList = arrayList2;
            }
            this.config.supportedCipherSuites = arrayList;
        }

        private List<XECDHECryptography.SupportedGroup> getDefaultSupportedGroups() {
            ArrayList arrayList = new ArrayList(XECDHECryptography.SupportedGroup.getPreferredGroups());
            if (this.config.certChain != null) {
                Iterator it = this.config.certChain.iterator();
                while (it.hasNext()) {
                    addSupportedGroups(arrayList, ((X509Certificate) it.next()).getPublicKey());
                }
            } else {
                addSupportedGroups(arrayList, this.config.publicKey);
            }
            return arrayList;
        }

        private boolean isConfiguredWithKeyPair() {
            return (this.config.privateKey == null || this.config.publicKey == null) ? false : true;
        }

        private void verifyCertificateBasedCipherConfig(CipherSuite cipherSuite) {
            if (this.config.privateKey != null && this.config.publicKey != null) {
                String name = cipherSuite.getCertificateKeyAlgorithm().name();
                if ((!name.equals(this.config.privateKey.getAlgorithm()) || !name.equals(this.config.publicKey.getAlgorithm())) && (!name.equals("EC") || !Asn1DerDecoder.isSupported(this.config.privateKey.getAlgorithm()) || !Asn1DerDecoder.isSupported(this.config.publicKey.getAlgorithm()))) {
                    throw new IllegalStateException("Keys must be " + name + " capable for configured " + cipherSuite.name());
                }
            } else if (!this.config.clientOnly.booleanValue()) {
                throw new IllegalStateException("Identity must be set for configured " + cipherSuite.name());
            }
            if ((this.config.clientOnly.booleanValue() || this.config.clientAuthenticationRequired.booleanValue() || this.config.clientAuthenticationWanted.booleanValue()) && this.config.trustCertificateTypes == null) {
                throw new IllegalStateException("trust must be set for configured " + cipherSuite.name());
            }
        }

        private void verifyPskBasedCipherConfig(CipherSuite cipherSuite) {
            if (this.config.advancedPskStore == null) {
                throw new IllegalStateException("PSK store must be set for configured " + cipherSuite.name());
            }
            if (this.config.advancedPskStore.hasEcdhePskSupported() || !cipherSuite.isEccBased()) {
                return;
            }
            throw new IllegalStateException("PSK store doesn't support ECDHE! " + cipherSuite.name());
        }

        private void verifySignatureAndHashAlgorithms(List<SignatureAndHashAlgorithm> list) {
            if (this.config.publicKey != null) {
                if (SignatureAndHashAlgorithm.getSupportedSignatureAlgorithm(list, this.config.publicKey) == null) {
                    throw new IllegalStateException("supported signature and hash algorithms doesn't match the public key!");
                }
                if (this.config.certChain != null && !SignatureAndHashAlgorithm.isSignedWithSupportedAlgorithms(list, this.config.certChain)) {
                    throw new IllegalStateException("supported signature and hash algorithms doesn't match the certificate chain!");
                }
            }
        }

        private void verifySupportedGroups(List<XECDHECryptography.SupportedGroup> list) {
            if (this.config.certChain == null) {
                verifySupportedGroups(list, this.config.publicKey);
                return;
            }
            Iterator it = this.config.certChain.iterator();
            while (it.hasNext()) {
                PublicKey publicKey = ((X509Certificate) it.next()).getPublicKey();
                if (XECDHECryptography.SupportedGroup.isEcPublicKey(publicKey)) {
                    verifySupportedGroups(list, publicKey);
                }
            }
        }

        private void verifySupportedGroups(List<XECDHECryptography.SupportedGroup> list, PublicKey publicKey) {
            if (publicKey != null) {
                XECDHECryptography.SupportedGroup fromPublicKey = XECDHECryptography.SupportedGroup.fromPublicKey(publicKey);
                if (fromPublicKey == null) {
                    throw new IllegalStateException("public key used with unknown group (curve)!");
                }
                if (!fromPublicKey.isUsable()) {
                    throw new IllegalStateException("public key used with unsupported group (curve) " + fromPublicKey.name() + "!");
                }
                if (!list.contains(fromPublicKey)) {
                    throw new IllegalStateException("public key used with not configured group (curve) " + fromPublicKey.name() + "!");
                }
                if (!this.config.recommendedSupportedGroupsOnly.booleanValue() || fromPublicKey.isRecommended()) {
                    return;
                }
                throw new IllegalStateException("public key used with unrecommended group (curve) " + fromPublicKey.name() + "!");
            }
        }

        /* JADX WARN: Code restructure failed: missing block: B:112:0x0290, code lost:
        
            if (r8.config.certificateVerifier != null) goto L114;
         */
        /*
            Code decompiled incorrectly, please refer to instructions dump.
            To view partially-correct add '--show-bad-code' argument
        */
        public org.eclipse.californium.scandium.config.DtlsConnectorConfig build() {
            /*
                Method dump skipped, instructions count: 1508
                To view this dump add '--comments-level debug' option
            */
            throw new UnsupportedOperationException("Method not decompiled: org.eclipse.californium.scandium.config.DtlsConnectorConfig.Builder.build():org.eclipse.californium.scandium.config.DtlsConnectorConfig");
        }

        @Deprecated
        public Builder setPskStore(PskStore pskStore) {
            this.config.advancedPskStore = pskStore == null ? null : new AdvancedInMemoryPskStore(pskStore);
            this.config.pskStore = pskStore;
            return this;
        }

        public Builder setRetransmissionTimeout(int i) {
            if (i < 0) {
                throw new IllegalArgumentException("Retransmission timeout must not be negative");
            }
            this.config.retransmissionTimeout = Integer.valueOf(i);
            return this;
        }
    }

    private DtlsConnectorConfig() {
    }

    static /* synthetic */ TrustedRpkStore access$4300(DtlsConnectorConfig dtlsConnectorConfig) {
        dtlsConnectorConfig.getClass();
        return null;
    }

    protected Object clone() {
        DtlsConnectorConfig dtlsConnectorConfig = new DtlsConnectorConfig();
        dtlsConnectorConfig.address = this.address;
        dtlsConnectorConfig.trustStore = this.trustStore;
        dtlsConnectorConfig.certificateVerifier = this.certificateVerifier;
        dtlsConnectorConfig.advancedCertificateVerifier = this.advancedCertificateVerifier;
        dtlsConnectorConfig.earlyStopRetransmission = this.earlyStopRetransmission;
        dtlsConnectorConfig.enableReuseAddress = this.enableReuseAddress;
        dtlsConnectorConfig.recordSizeLimit = this.recordSizeLimit;
        dtlsConnectorConfig.maxFragmentLengthCode = this.maxFragmentLengthCode;
        dtlsConnectorConfig.maxFragmentedHandshakeMessageLength = this.maxFragmentedHandshakeMessageLength;
        dtlsConnectorConfig.enableMultiRecordMessages = this.enableMultiRecordMessages;
        dtlsConnectorConfig.enableMultiHandshakeMessageRecords = this.enableMultiHandshakeMessageRecords;
        dtlsConnectorConfig.protocolVersionForHelloVerifyRequests = this.protocolVersionForHelloVerifyRequests;
        dtlsConnectorConfig.retransmissionTimeout = this.retransmissionTimeout;
        dtlsConnectorConfig.maxRetransmissions = this.maxRetransmissions;
        dtlsConnectorConfig.backOffRetransmission = this.backOffRetransmission;
        dtlsConnectorConfig.maxTransmissionUnit = this.maxTransmissionUnit;
        dtlsConnectorConfig.maxTransmissionUnitLimit = this.maxTransmissionUnitLimit;
        dtlsConnectorConfig.clientAuthenticationRequired = this.clientAuthenticationRequired;
        dtlsConnectorConfig.clientAuthenticationWanted = this.clientAuthenticationWanted;
        dtlsConnectorConfig.serverOnly = this.serverOnly;
        dtlsConnectorConfig.defaultHandshakeMode = this.defaultHandshakeMode;
        dtlsConnectorConfig.identityCertificateTypes = this.identityCertificateTypes;
        dtlsConnectorConfig.trustCertificateTypes = this.trustCertificateTypes;
        dtlsConnectorConfig.pskStore = this.pskStore;
        dtlsConnectorConfig.advancedPskStore = this.advancedPskStore;
        dtlsConnectorConfig.privateKey = this.privateKey;
        dtlsConnectorConfig.publicKey = this.publicKey;
        dtlsConnectorConfig.certChain = this.certChain;
        dtlsConnectorConfig.cipherSuiteSelector = this.cipherSuiteSelector;
        dtlsConnectorConfig.preselectedCipherSuites = this.preselectedCipherSuites;
        dtlsConnectorConfig.supportedCipherSuites = this.supportedCipherSuites;
        dtlsConnectorConfig.supportedSignatureAlgorithms = this.supportedSignatureAlgorithms;
        dtlsConnectorConfig.supportedGroups = this.supportedGroups;
        dtlsConnectorConfig.outboundMessageBufferSize = this.outboundMessageBufferSize;
        dtlsConnectorConfig.maxDeferredProcessedOutgoingApplicationDataMessages = this.maxDeferredProcessedOutgoingApplicationDataMessages;
        dtlsConnectorConfig.maxDeferredProcessedIncomingRecordsSize = this.maxDeferredProcessedIncomingRecordsSize;
        dtlsConnectorConfig.maxConnections = this.maxConnections;
        dtlsConnectorConfig.staleConnectionThreshold = this.staleConnectionThreshold;
        dtlsConnectorConfig.connectionThreadCount = this.connectionThreadCount;
        dtlsConnectorConfig.receiverThreadCount = this.receiverThreadCount;
        dtlsConnectorConfig.socketReceiveBufferSize = this.socketReceiveBufferSize;
        dtlsConnectorConfig.socketSendBufferSize = this.socketSendBufferSize;
        dtlsConnectorConfig.healthStatusInterval = this.healthStatusInterval;
        dtlsConnectorConfig.autoResumptionTimeoutMillis = this.autoResumptionTimeoutMillis;
        dtlsConnectorConfig.sniEnabled = this.sniEnabled;
        dtlsConnectorConfig.verifyPeersOnResumptionThreshold = this.verifyPeersOnResumptionThreshold;
        dtlsConnectorConfig.useNoServerSessionId = this.useNoServerSessionId;
        dtlsConnectorConfig.loggingTag = this.loggingTag;
        dtlsConnectorConfig.useAntiReplayFilter = this.useAntiReplayFilter;
        dtlsConnectorConfig.useExtendedWindowFilter = this.useExtendedWindowFilter;
        dtlsConnectorConfig.useCidUpdateAddressOnNewerRecordFilter = this.useCidUpdateAddressOnNewerRecordFilter;
        dtlsConnectorConfig.connectionIdGenerator = this.connectionIdGenerator;
        dtlsConnectorConfig.useHandshakeStateValidation = this.useHandshakeStateValidation;
        dtlsConnectorConfig.useTruncatedCertificatePathForClientsCertificateMessage = this.useTruncatedCertificatePathForClientsCertificateMessage;
        dtlsConnectorConfig.useTruncatedCertificatePathForValidation = this.useTruncatedCertificatePathForValidation;
        dtlsConnectorConfig.useKeyUsageVerification = this.useKeyUsageVerification;
        dtlsConnectorConfig.healthHandler = this.healthHandler;
        dtlsConnectorConfig.clientOnly = this.clientOnly;
        dtlsConnectorConfig.recommendedCipherSuitesOnly = this.recommendedCipherSuitesOnly;
        dtlsConnectorConfig.recommendedSupportedGroupsOnly = this.recommendedSupportedGroupsOnly;
        return dtlsConnectorConfig;
    }

    public InetSocketAddress getAddress() {
        return this.address;
    }

    public NewAdvancedCertificateVerifier getAdvancedCertificateVerifier() {
        return this.advancedCertificateVerifier;
    }

    public AdvancedPskStore getAdvancedPskStore() {
        return this.advancedPskStore;
    }

    public ApplicationLevelInfoSupplier getApplicationLevelInfoSupplier() {
        return null;
    }

    public Long getAutoResumptionTimeoutMillis() {
        return this.autoResumptionTimeoutMillis;
    }

    public Integer getBackOffRetransmission() {
        return this.backOffRetransmission;
    }

    public List<X509Certificate> getCertificateChain() {
        return this.certChain;
    }

    public CipherSuiteSelector getCipherSuiteSelector() {
        return this.cipherSuiteSelector;
    }

    public ConnectionIdGenerator getConnectionIdGenerator() {
        return this.connectionIdGenerator;
    }

    public ConnectionListener getConnectionListener() {
        return null;
    }

    public Integer getConnectionThreadCount() {
        return this.connectionThreadCount;
    }

    public String getDefaultHandshakeMode() {
        return this.defaultHandshakeMode;
    }

    public DtlsHealth getHealthHandler() {
        return this.healthHandler;
    }

    public Integer getHealthStatusInterval() {
        return this.healthStatusInterval;
    }

    public List<CertificateType> getIdentityCertificateTypes() {
        return this.identityCertificateTypes;
    }

    public String getLoggingTag() {
        return this.loggingTag;
    }

    public Integer getMaxConnections() {
        return this.maxConnections;
    }

    public Integer getMaxDeferredProcessedIncomingRecordsSize() {
        return this.maxDeferredProcessedIncomingRecordsSize;
    }

    public Integer getMaxDeferredProcessedOutgoingApplicationDataMessages() {
        return this.maxDeferredProcessedOutgoingApplicationDataMessages;
    }

    public Integer getMaxFragmentLengthCode() {
        return this.maxFragmentLengthCode;
    }

    public Integer getMaxFragmentedHandshakeMessageLength() {
        return this.maxFragmentedHandshakeMessageLength;
    }

    public Integer getMaxRetransmissions() {
        return this.maxRetransmissions;
    }

    public Integer getMaxTransmissionUnit() {
        return this.maxTransmissionUnit;
    }

    public Integer getMaxTransmissionUnitLimit() {
        return this.maxTransmissionUnitLimit;
    }

    public Integer getOutboundMessageBufferSize() {
        return this.outboundMessageBufferSize;
    }

    public PrivateKey getPrivateKey() {
        return this.privateKey;
    }

    public ProtocolVersion getProtocolVersionForHelloVerifyRequests() {
        return this.protocolVersionForHelloVerifyRequests;
    }

    public PublicKey getPublicKey() {
        return this.publicKey;
    }

    public Integer getReceiverThreadCount() {
        return this.receiverThreadCount;
    }

    public Integer getRecordSizeLimit() {
        return this.recordSizeLimit;
    }

    public Integer getRetransmissionTimeout() {
        return this.retransmissionTimeout;
    }

    public Integer getSocketReceiveBufferSize() {
        return this.socketReceiveBufferSize;
    }

    public Integer getSocketSendBufferSize() {
        return this.socketSendBufferSize;
    }

    public Long getStaleConnectionThreshold() {
        return this.staleConnectionThreshold;
    }

    public List<CipherSuite> getSupportedCipherSuites() {
        return this.supportedCipherSuites;
    }

    public List<XECDHECryptography.SupportedGroup> getSupportedGroups() {
        return this.supportedGroups;
    }

    public List<SignatureAndHashAlgorithm> getSupportedSignatureAlgorithms() {
        return this.supportedSignatureAlgorithms;
    }

    public List<CertificateType> getTrustCertificateTypes() {
        return this.trustCertificateTypes;
    }

    public Integer getVerifyPeersOnResumptionThreshold() {
        return this.verifyPeersOnResumptionThreshold;
    }

    public Boolean isAddressReuseEnabled() {
        return this.enableReuseAddress;
    }

    public Boolean isClientAuthenticationRequired() {
        return this.clientAuthenticationRequired;
    }

    public Boolean isClientAuthenticationWanted() {
        return this.clientAuthenticationWanted;
    }

    public Boolean isEarlyStopRetransmission() {
        return this.earlyStopRetransmission;
    }

    public Boolean isServerOnly() {
        return this.serverOnly;
    }

    public Boolean isSniEnabled() {
        return this.sniEnabled;
    }

    public Boolean useAntiReplayFilter() {
        return this.useAntiReplayFilter;
    }

    public Boolean useCidUpdateAddressOnNewerRecordFilter() {
        return this.useCidUpdateAddressOnNewerRecordFilter;
    }

    public Integer useExtendedWindowFilter() {
        return this.useExtendedWindowFilter;
    }

    public Boolean useHandshakeStateValidation() {
        return this.useHandshakeStateValidation;
    }

    public Boolean useKeyUsageVerification() {
        return this.useKeyUsageVerification;
    }

    public Boolean useMultiHandshakeMessageRecords() {
        return this.enableMultiHandshakeMessageRecords;
    }

    public Boolean useMultiRecordMessages() {
        return this.enableMultiRecordMessages;
    }

    public Boolean useNoServerSessionId() {
        return this.useNoServerSessionId;
    }

    public Boolean useTruncatedCertificatePathForClientsCertificateMessage() {
        return this.useTruncatedCertificatePathForClientsCertificateMessage;
    }

    public Boolean useTruncatedCertificatePathForValidation() {
        return this.useTruncatedCertificatePathForValidation;
    }
}
