package org.eclipse.californium.scandium.config;

import java.net.InetSocketAddress;
import java.util.ArrayList;
import java.util.Collections;
import java.util.List;
import java.util.concurrent.TimeUnit;
import org.eclipse.californium.elements.config.BasicDefinition;
import org.eclipse.californium.elements.config.BasicListDefinition;
import org.eclipse.californium.elements.config.CertificateAuthenticationMode;
import org.eclipse.californium.elements.config.Configuration;
import org.eclipse.californium.elements.config.SystemConfig;
import org.eclipse.californium.elements.config.TimeDefinition;
import org.eclipse.californium.elements.util.StringUtil;
import org.eclipse.californium.scandium.ConnectionListener;
import org.eclipse.californium.scandium.DatagramFilter;
import org.eclipse.californium.scandium.DtlsDatagramFilter;
import org.eclipse.californium.scandium.DtlsHealth;
import org.eclipse.californium.scandium.auth.ApplicationLevelInfoSupplier;
import org.eclipse.californium.scandium.config.DtlsConfig;
import org.eclipse.californium.scandium.dtls.CertificateType;
import org.eclipse.californium.scandium.dtls.ConnectionIdGenerator;
import org.eclipse.californium.scandium.dtls.ExtendedMasterSecretMode;
import org.eclipse.californium.scandium.dtls.HelloExtension;
import org.eclipse.californium.scandium.dtls.MaxFragmentLengthExtension;
import org.eclipse.californium.scandium.dtls.MultiNodeConnectionIdGenerator;
import org.eclipse.californium.scandium.dtls.ProtocolVersion;
import org.eclipse.californium.scandium.dtls.Record;
import org.eclipse.californium.scandium.dtls.SessionListener;
import org.eclipse.californium.scandium.dtls.SessionStore;
import org.eclipse.californium.scandium.dtls.SignatureAndHashAlgorithm;
import org.eclipse.californium.scandium.dtls.SingleNodeConnectionIdGenerator;
import org.eclipse.californium.scandium.dtls.cipher.CipherSuite;
import org.eclipse.californium.scandium.dtls.cipher.CipherSuiteSelector;
import org.eclipse.californium.scandium.dtls.cipher.DefaultCipherSuiteSelector;
import org.eclipse.californium.scandium.dtls.cipher.XECDHECryptography;
import org.eclipse.californium.scandium.dtls.pskstore.AdvancedPskStore;
import org.eclipse.californium.scandium.dtls.resumption.ConnectionStoreResumptionVerifier;
import org.eclipse.californium.scandium.dtls.resumption.ResumptionVerifier;
import org.eclipse.californium.scandium.dtls.x509.CertificateConfigurationHelper;
import org.eclipse.californium.scandium.dtls.x509.CertificateProvider;
import org.eclipse.californium.scandium.dtls.x509.ConfigurationHelperSetup;
import org.eclipse.californium.scandium.dtls.x509.NewAdvancedCertificateVerifier;
import org.eclipse.californium.scandium.util.ListUtils;

/* loaded from: input_file:org/eclipse/californium/scandium/config/DtlsConnectorConfig.class */
public final class DtlsConnectorConfig {
    private InetSocketAddress address;
    private NewAdvancedCertificateVerifier advancedCertificateVerifier;
    private Configuration configuration;
    private Boolean useReuseAddress;
    private ProtocolVersion protocolVersionForHelloVerifyRequests;
    private AdvancedPskStore advancedPskStore;
    private CertificateProvider certificateIdentityProvider;
    private CertificateConfigurationHelper certificateConfigurationHelper;
    private CipherSuiteSelector cipherSuiteSelector;
    private List<CipherSuite.CertificateKeyAlgorithm> supportedCertificatekeyAlgorithms;
    private List<CipherSuite> supportedCipherSuites;
    private List<SignatureAndHashAlgorithm> supportedSignatureAlgorithms;
    private List<XECDHECryptography.SupportedGroup> supportedGroups;
    private String loggingTag;
    private String serializationLabel;
    private ConnectionIdGenerator connectionIdGenerator;
    private ApplicationLevelInfoSupplier applicationLevelInfoSupplier;
    private ConnectionListener connectionListener;
    private SessionListener sessionListener;
    private DatagramFilter datagramFilter;
    private SessionStore sessionStore;
    private ResumptionVerifier resumptionVerifier;
    private DtlsHealth healthHandler;

    /* loaded from: input_file:org/eclipse/californium/scandium/config/DtlsConnectorConfig$Builder.class */
    public static final class Builder {
        private DtlsConnectorConfig config;

        public Builder(Configuration configuration) {
            this.config = new DtlsConnectorConfig(configuration);
        }

        private Builder(DtlsConnectorConfig dtlsConnectorConfig) {
            this.config = (DtlsConnectorConfig) dtlsConnectorConfig.clone();
        }

        public <T> Builder set(BasicDefinition<T> basicDefinition, T t) {
            this.config.configuration.set(basicDefinition, t);
            return this;
        }

        public <T> Builder setAsList(BasicListDefinition<T> basicListDefinition, T... tArr) {
            this.config.configuration.setAsList(basicListDefinition, tArr);
            return this;
        }

        public <T> Builder setAsListFromText(BasicListDefinition<T> basicListDefinition, String... strArr) {
            this.config.configuration.setAsListFromText(basicListDefinition, strArr);
            return this;
        }

        public Builder set(TimeDefinition timeDefinition, Long l, TimeUnit timeUnit) {
            this.config.configuration.set(timeDefinition, l, timeUnit);
            return this;
        }

        public Builder set(TimeDefinition timeDefinition, int i, TimeUnit timeUnit) {
            this.config.configuration.set(timeDefinition, i, timeUnit);
            return this;
        }

        public Builder setAddress(InetSocketAddress inetSocketAddress) {
            if (inetSocketAddress.isUnresolved()) {
                throw new IllegalArgumentException("Bind address must not be unresolved");
            }
            this.config.address = inetSocketAddress;
            return this;
        }

        public Builder setReuseAddress(boolean z) {
            this.config.useReuseAddress = Boolean.valueOf(z);
            return this;
        }

        public Builder setProtocolVersionForHelloVerifyRequests(ProtocolVersion protocolVersion) {
            this.config.protocolVersionForHelloVerifyRequests = protocolVersion;
            return this;
        }

        public Builder setHealthHandler(DtlsHealth dtlsHealth) {
            this.config.healthHandler = dtlsHealth;
            return this;
        }

        public Builder setCipherSuiteSelector(CipherSuiteSelector cipherSuiteSelector) {
            this.config.cipherSuiteSelector = cipherSuiteSelector;
            return this;
        }

        public Builder setAdvancedPskStore(AdvancedPskStore advancedPskStore) {
            this.config.advancedPskStore = advancedPskStore;
            return this;
        }

        public Builder setCertificateIdentityProvider(CertificateProvider certificateProvider) {
            this.config.certificateIdentityProvider = certificateProvider;
            return this;
        }

        public Builder setAdvancedCertificateVerifier(NewAdvancedCertificateVerifier newAdvancedCertificateVerifier) {
            if (newAdvancedCertificateVerifier == null) {
                throw new NullPointerException("CertificateVerifier must not be null");
            }
            this.config.advancedCertificateVerifier = newAdvancedCertificateVerifier;
            return this;
        }

        public Builder setApplicationLevelInfoSupplier(ApplicationLevelInfoSupplier applicationLevelInfoSupplier) {
            if (applicationLevelInfoSupplier == null) {
                throw new NullPointerException("Supplier must not be null");
            }
            this.config.applicationLevelInfoSupplier = applicationLevelInfoSupplier;
            return this;
        }

        public Builder setConnectionIdGenerator(ConnectionIdGenerator connectionIdGenerator) {
            this.config.connectionIdGenerator = connectionIdGenerator;
            return this;
        }

        public Builder setLoggingTag(String str) {
            this.config.loggingTag = str;
            return this;
        }

        public Builder setSerializationLabel(String str) {
            this.config.serializationLabel = str;
            return this;
        }

        public Builder setConnectionListener(ConnectionListener connectionListener) {
            this.config.connectionListener = connectionListener;
            return this;
        }

        public Builder setSessionListener(SessionListener sessionListener) {
            this.config.sessionListener = sessionListener;
            return this;
        }

        public Builder setDatagramFilter(DatagramFilter datagramFilter) {
            this.config.datagramFilter = datagramFilter;
            return this;
        }

        public Builder setSessionStore(SessionStore sessionStore) {
            this.config.sessionStore = sessionStore;
            return this;
        }

        public Builder setResumptionVerifier(ResumptionVerifier resumptionVerifier) {
            this.config.resumptionVerifier = resumptionVerifier;
            return this;
        }

        public Builder setCertificateHelper(CertificateConfigurationHelper certificateConfigurationHelper) {
            this.config.certificateConfigurationHelper = certificateConfigurationHelper;
            return this;
        }

        public DtlsConnectorConfig getIncompleteConfig() {
            return this.config;
        }

        public DtlsConnectorConfig build() {
            this.config.loggingTag = StringUtil.normalizeLoggingTag(this.config.loggingTag);
            if (this.config.address == null) {
                this.config.address = new InetSocketAddress(0);
            }
            if (this.config.useReuseAddress == null) {
                this.config.useReuseAddress = Boolean.FALSE;
            }
            int intValue = ((Integer) this.config.get(DtlsConfig.DTLS_MAX_RETRANSMISSIONS)).intValue();
            if (intValue < 1) {
                throw new IllegalStateException("Maximum retransmissions " + intValue + " must not be less than 1!");
            }
            Integer num = (Integer) this.config.configuration.get(DtlsConfig.DTLS_RETRANSMISSION_BACKOFF);
            if (num != null && num.intValue() >= intValue) {
                throw new IllegalStateException("Backoff for handshake retransmissions (" + num + ") must be less than the maximum retransmissions (" + intValue + ")!");
            }
            int timeAsInt = this.config.getTimeAsInt(DtlsConfig.DTLS_RETRANSMISSION_TIMEOUT, TimeUnit.MILLISECONDS);
            int timeAsInt2 = this.config.getTimeAsInt(DtlsConfig.DTLS_MAX_RETRANSMISSION_TIMEOUT, TimeUnit.MILLISECONDS);
            if (timeAsInt > timeAsInt2) {
                throw new IllegalStateException("Retransmission timeout " + timeAsInt + " is more than the maximum " + timeAsInt2 + "!");
            }
            if (timeAsInt <= 0) {
                throw new IllegalStateException("Retransmission timeout " + timeAsInt + " must not be 0 or less!");
            }
            if (timeAsInt2 <= 0) {
                throw new IllegalStateException("Maximum retransmission timeout " + timeAsInt2 + " must not be 0 or less!");
            }
            if (((Float) this.config.get(DtlsConfig.DTLS_RETRANSMISSION_INIT_RANDOM)).floatValue() < 1.0f) {
                throw new IllegalStateException("Retransmission timeout random factor " + this.config.get(DtlsConfig.DTLS_RETRANSMISSION_INIT_RANDOM) + " must not be less than 1.0!");
            }
            if (((Float) this.config.get(DtlsConfig.DTLS_RETRANSMISSION_TIMEOUT_SCALE)).floatValue() < 1.0f) {
                throw new IllegalStateException("Retransmission timeout scale factor " + this.config.get(DtlsConfig.DTLS_RETRANSMISSION_TIMEOUT_SCALE) + " must not be less than 1.0!");
            }
            Integer num2 = (Integer) this.config.get(DtlsConfig.DTLS_MAX_TRANSMISSION_UNIT);
            Integer num3 = (Integer) this.config.get(DtlsConfig.DTLS_MAX_TRANSMISSION_UNIT_LIMIT);
            if (num2 != null && num3 != null && num2.intValue() > num3.intValue()) {
                throw new IllegalStateException("MTU (" + num2 + " bytes) is larger than the limit (" + num3 + " bytes)!");
            }
            Integer num4 = (Integer) this.config.get(DtlsConfig.DTLS_RECORD_SIZE_LIMIT);
            if (num4 != null && num4.intValue() > 16384) {
                throw new IllegalStateException("Record size limit " + num4 + " must be less than " + Record.DTLS_MAX_PLAINTEXT_FRAGMENT_LENGTH + "!");
            }
            DtlsConfig.DtlsRole dtlsRole = (DtlsConfig.DtlsRole) this.config.get(DtlsConfig.DTLS_ROLE);
            if (dtlsRole == DtlsConfig.DtlsRole.SERVER_ONLY) {
                if (this.config.get(DtlsConfig.DTLS_CLIENT_AUTHENTICATION_MODE) == CertificateAuthenticationMode.NONE && this.config.advancedCertificateVerifier != null) {
                    throw new IllegalStateException("configured certificate verifier is not used for client authentication mode NONE!");
                }
                if (this.config.getAutoHandshakeTimeoutMillis() != null) {
                    throw new IllegalStateException("DTLS_AUTO_HANDSHAKE_TIMEOUT must not be used with SERVER_ONLY!");
                }
            }
            if (((Boolean) this.config.get(DtlsConfig.DTLS_REMOVE_STALE_DOUBLE_PRINCIPALS)).booleanValue() && !((Boolean) this.config.get(DtlsConfig.DTLS_READ_WRITE_LOCK_CONNECTION_STORE)).booleanValue()) {
                throw new IllegalStateException("Removing stale double principals requires the read-write-lock connection store!!");
            }
            long longValue = this.config.get(DtlsConfig.DTLS_MAC_ERROR_FILTER_QUIET_TIME, TimeUnit.NANOSECONDS).longValue();
            int intValue2 = ((Integer) this.config.get(DtlsConfig.DTLS_MAC_ERROR_FILTER_THRESHOLD)).intValue();
            if ((longValue == 0) ^ (intValue2 == 0)) {
                throw new IllegalStateException("DTLS MAC error filter configuration ambig! Use 0 for both, or larger than 0 for both!");
            }
            if (this.config.datagramFilter == null && ((Boolean) this.config.get(DtlsConfig.DTLS_USE_DEFAULT_RECORD_FILTER)).booleanValue()) {
                this.config.datagramFilter = new DtlsDatagramFilter(this.config.configuration);
            }
            if (this.config.datagramFilter == null && intValue2 > 0) {
                throw new IllegalStateException("Enabled DTLS MAC error filter requires a record-filter!");
            }
            Integer num5 = (Integer) this.config.get(DtlsConfig.DTLS_USE_DEPRECATED_CID);
            if (num5 != null) {
                HelloExtension.ExtensionType extensionTypeById = HelloExtension.ExtensionType.getExtensionTypeById(num5.intValue());
                if (extensionTypeById == null) {
                    throw new IllegalStateException(num5 + " code point is not supported for extensions!");
                }
                if (extensionTypeById != HelloExtension.ExtensionType.CONNECTION_ID && extensionTypeById.getReplacementType() != HelloExtension.ExtensionType.CONNECTION_ID) {
                    throw new IllegalStateException(num5 + " (" + extensionTypeById + ") is no supported CID extension code point!");
                }
            }
            this.config.supportedGroups = (List) this.config.configuration.get(DtlsConfig.DTLS_CURVES);
            if (this.config.supportedGroups == null) {
                this.config.supportedGroups = Collections.emptyList();
            }
            this.config.supportedSignatureAlgorithms = (List) this.config.configuration.get(DtlsConfig.DTLS_SIGNATURE_AND_HASH_ALGORITHMS);
            if (this.config.supportedSignatureAlgorithms == null) {
                this.config.supportedSignatureAlgorithms = Collections.emptyList();
            }
            this.config.supportedCertificatekeyAlgorithms = (List) this.config.configuration.get(DtlsConfig.DTLS_CERTIFICATE_KEY_ALGORITHMS);
            if (this.config.supportedCertificatekeyAlgorithms == null) {
                this.config.supportedCertificatekeyAlgorithms = Collections.emptyList();
            }
            if (this.config.cipherSuiteSelector == null && dtlsRole != DtlsConfig.DtlsRole.CLIENT_ONLY) {
                this.config.cipherSuiteSelector = new DefaultCipherSuiteSelector();
            }
            if (this.config.resumptionVerifier == null && ((Boolean) this.config.get(DtlsConfig.DTLS_SERVER_USE_SESSION_ID)).booleanValue() && dtlsRole != DtlsConfig.DtlsRole.CLIENT_ONLY) {
                this.config.resumptionVerifier = new ConnectionStoreResumptionVerifier();
            }
            CertificateProvider certificateProvider = this.config.certificateIdentityProvider;
            NewAdvancedCertificateVerifier newAdvancedCertificateVerifier = this.config.advancedCertificateVerifier;
            if (this.config.certificateConfigurationHelper == null) {
                CertificateConfigurationHelper certificateConfigurationHelper = new CertificateConfigurationHelper();
                if (certificateProvider instanceof ConfigurationHelperSetup) {
                    ((ConfigurationHelperSetup) certificateProvider).setupConfigurationHelper(certificateConfigurationHelper);
                    this.config.certificateConfigurationHelper = certificateConfigurationHelper;
                }
                if (newAdvancedCertificateVerifier instanceof ConfigurationHelperSetup) {
                    ((ConfigurationHelperSetup) newAdvancedCertificateVerifier).setupConfigurationHelper(certificateConfigurationHelper);
                    this.config.certificateConfigurationHelper = certificateConfigurationHelper;
                }
            }
            this.config.supportedCipherSuites = (List) this.config.configuration.get(DtlsConfig.DTLS_CIPHER_SUITES);
            if (this.config.supportedCipherSuites == null || this.config.supportedCipherSuites.isEmpty()) {
                determineCipherSuitesFromConfig();
            }
            if (this.config.supportedCipherSuites.isEmpty()) {
                throw new IllegalStateException("Supported cipher suites must be set either explicitly or implicitly by means of setting the identity or PSK store");
            }
            if (((Boolean) this.config.get(DtlsConfig.DTLS_RECOMMENDED_CIPHER_SUITES_ONLY)).booleanValue()) {
                verifyRecommendedCipherSuitesOnly(this.config.supportedCipherSuites);
            }
            boolean z = false;
            boolean z2 = false;
            boolean z3 = false;
            for (CipherSuite cipherSuite : this.config.supportedCipherSuites) {
                if (cipherSuite.isPskBased()) {
                    verifyPskBasedCipherConfig(cipherSuite);
                    z3 = true;
                } else if (cipherSuite.requiresServerCertificateMessage()) {
                    verifyCertificateBasedCipherConfig(cipherSuite);
                    z = true;
                }
                if (cipherSuite.isEccBased()) {
                    z2 = true;
                }
            }
            if (!z3 && this.config.advancedPskStore != null) {
                throw new IllegalStateException("Advanced PSK store set, but no PSK cipher suite!");
            }
            if (z) {
                if (this.config.supportedSignatureAlgorithms.isEmpty()) {
                    ArrayList arrayList = new ArrayList(SignatureAndHashAlgorithm.DEFAULT);
                    if (this.config.certificateConfigurationHelper != null) {
                        ListUtils.addIfAbsent((List) arrayList, (List) this.config.certificateConfigurationHelper.getDefaultSignatureAndHashAlgorithms());
                    }
                    this.config.supportedSignatureAlgorithms = arrayList;
                }
                if (this.config.supportedCertificatekeyAlgorithms.isEmpty()) {
                    ArrayList arrayList2 = new ArrayList();
                    if (SignatureAndHashAlgorithm.isSupportedAlgorithm((List<SignatureAndHashAlgorithm>) this.config.supportedSignatureAlgorithms, CipherSuite.CertificateKeyAlgorithm.EC)) {
                        ListUtils.addIfAbsent(arrayList2, CipherSuite.CertificateKeyAlgorithm.EC);
                    }
                    if (SignatureAndHashAlgorithm.isSupportedAlgorithm((List<SignatureAndHashAlgorithm>) this.config.supportedSignatureAlgorithms, CipherSuite.CertificateKeyAlgorithm.RSA)) {
                        ListUtils.addIfAbsent(arrayList2, CipherSuite.CertificateKeyAlgorithm.RSA);
                    }
                    if (this.config.getConfiguration().get(DtlsConfig.DTLS_ROLE) == DtlsConfig.DtlsRole.CLIENT_ONLY) {
                        ListUtils.addIfAbsent(arrayList2, CipherSuite.CertificateKeyAlgorithm.EC);
                    }
                    this.config.supportedCertificatekeyAlgorithms = arrayList2;
                }
            } else {
                if (!this.config.supportedSignatureAlgorithms.isEmpty()) {
                    throw new IllegalStateException("supported signature and hash algorithms set, but no ecdhe based cipher suite!");
                }
                if (certificateProvider != null) {
                    throw new IllegalStateException("certificate identity set, but no certificate based cipher suite!");
                }
                if (this.config.advancedCertificateVerifier != null) {
                    throw new IllegalStateException("certificate trust set, but no certificate based cipher suite!");
                }
            }
            if (z2) {
                if (this.config.supportedGroups.isEmpty()) {
                    ArrayList arrayList3 = new ArrayList(XECDHECryptography.SupportedGroup.getPreferredGroups());
                    if (this.config.certificateConfigurationHelper != null) {
                        ListUtils.addIfAbsent((List) arrayList3, (List) this.config.certificateConfigurationHelper.getDefaultSupportedGroups());
                    }
                    this.config.supportedGroups = arrayList3;
                }
            } else if (!this.config.supportedGroups.isEmpty()) {
                throw new IllegalStateException("supported groups set, but no ecdhe based cipher suite!");
            }
            if (((Boolean) this.config.get(DtlsConfig.DTLS_RECOMMENDED_CURVES_ONLY)).booleanValue()) {
                verifyRecommendedSupportedGroupsOnly(this.config.supportedGroups);
            }
            if (((Boolean) this.config.get(DtlsConfig.DTLS_RECOMMENDED_SIGNATURE_AND_HASH_ALGORITHMS_ONLY)).booleanValue()) {
                verifyRecommendedSignatureAndHashAlgorithmsOnly(this.config.supportedSignatureAlgorithms);
            }
            if (this.config.certificateConfigurationHelper != null) {
                this.config.certificateConfigurationHelper.verifySignatureAndHashAlgorithmsConfiguration(this.config.supportedSignatureAlgorithms);
                this.config.certificateConfigurationHelper.verifySupportedGroupsConfiguration(this.config.supportedGroups);
                if (certificateProvider != null && certificateProvider.getSupportedCertificateTypes().contains(CertificateType.X_509)) {
                    if (dtlsRole == DtlsConfig.DtlsRole.CLIENT_ONLY) {
                        if (!this.config.certificateConfigurationHelper.canBeUsedForAuthentication(true)) {
                            throw new IllegalStateException("certificate has no proper key usage for clients!");
                        }
                    } else if (dtlsRole != DtlsConfig.DtlsRole.SERVER_ONLY) {
                        if (!this.config.certificateConfigurationHelper.canBeUsedForAuthentication(true)) {
                            throw new IllegalStateException("certificate has no proper key usage as clients!");
                        }
                        if (!this.config.certificateConfigurationHelper.canBeUsedForAuthentication(false)) {
                            throw new IllegalStateException("certificate has no proper key usage as servers!");
                        }
                    } else if (!this.config.certificateConfigurationHelper.canBeUsedForAuthentication(false)) {
                        throw new IllegalStateException("certificate has no proper key usage for servers!");
                    }
                }
            }
            if (((Boolean) this.config.get(DtlsConfig.DTLS_USE_HELLO_VERIFY_REQUEST)).booleanValue() && !((Boolean) this.config.get(DtlsConfig.DTLS_USE_HELLO_VERIFY_REQUEST_FOR_PSK)).booleanValue() && !CipherSuite.containsPskBasedCipherSuite(this.config.supportedCipherSuites)) {
                throw new IllegalStateException("HELLO_VERIFY_REQUEST disabled for PSK, requires at least one PSK cipher suite!");
            }
            this.config.supportedCertificatekeyAlgorithms = ListUtils.init(this.config.supportedCertificatekeyAlgorithms);
            this.config.supportedCipherSuites = ListUtils.init(this.config.supportedCipherSuites);
            this.config.supportedGroups = ListUtils.init(this.config.supportedGroups);
            this.config.supportedSignatureAlgorithms = ListUtils.init(this.config.supportedSignatureAlgorithms);
            if (this.config.connectionIdGenerator == null) {
                Integer num6 = (Integer) this.config.configuration.get(DtlsConfig.DTLS_CONNECTION_ID_LENGTH);
                Integer num7 = (Integer) this.config.configuration.get(DtlsConfig.DTLS_CONNECTION_ID_NODE_ID);
                if (num6 != null) {
                    if (num7 == null) {
                        setConnectionIdGenerator(new SingleNodeConnectionIdGenerator(num6.intValue()));
                    } else {
                        if (num6.intValue() <= 4) {
                            throw new IllegalStateException(num6 + " bytes are too small for multiple nodes CID! At least, 5 bytes are required.");
                        }
                        setConnectionIdGenerator(new MultiNodeConnectionIdGenerator(num7.intValue(), num6.intValue()));
                    }
                }
            }
            return this.config;
        }

        private void verifyPskBasedCipherConfig(CipherSuite cipherSuite) {
            if (this.config.advancedPskStore == null) {
                throw new IllegalStateException("PSK store must be set for configured " + cipherSuite.name());
            }
            if (!this.config.advancedPskStore.hasEcdhePskSupported() && cipherSuite.isEccBased()) {
                throw new IllegalStateException("PSK store doesn't support ECDHE! " + cipherSuite.name());
            }
        }

        private void verifyCertificateBasedCipherConfig(CipherSuite cipherSuite) {
            if (this.config.get(DtlsConfig.DTLS_ROLE) == DtlsConfig.DtlsRole.CLIENT_ONLY) {
                if (this.config.advancedCertificateVerifier == null) {
                    throw new IllegalStateException("certificate verifier must be set on client for configured " + cipherSuite.name());
                }
            } else {
                if (this.config.certificateIdentityProvider == null) {
                    throw new IllegalStateException("Identity must be set for configured " + cipherSuite.name());
                }
                List<CipherSuite.CertificateKeyAlgorithm> supportedCertificateKeyAlgorithms = this.config.certificateIdentityProvider.getSupportedCertificateKeyAlgorithms();
                if (!supportedCertificateKeyAlgorithms.contains(cipherSuite.getCertificateKeyAlgorithm())) {
                    throw new IllegalStateException("One of the keys (" + supportedCertificateKeyAlgorithms + ") must be capable for configured " + cipherSuite.name());
                }
                if (this.config.get(DtlsConfig.DTLS_CLIENT_AUTHENTICATION_MODE) != CertificateAuthenticationMode.NONE && this.config.advancedCertificateVerifier == null) {
                    throw new IllegalStateException("certificate verifier must be set for authentication using the configured " + cipherSuite.name());
                }
            }
        }

        private void verifyRecommendedCipherSuitesOnly(List<CipherSuite> list) {
            StringBuilder sb = new StringBuilder();
            for (CipherSuite cipherSuite : list) {
                if (!cipherSuite.isRecommended()) {
                    if (sb.length() > 0) {
                        sb.append(", ");
                    }
                    sb.append(cipherSuite.name());
                }
            }
            if (sb.length() > 0) {
                throw new IllegalStateException("Not recommended cipher suites " + ((Object) sb) + " used! (Requires to set DTLS_RECOMMENDED_CIPHER_SUITES_ONLY to false.)");
            }
        }

        private void verifyRecommendedSupportedGroupsOnly(List<XECDHECryptography.SupportedGroup> list) {
            StringBuilder sb = new StringBuilder();
            for (XECDHECryptography.SupportedGroup supportedGroup : list) {
                if (!supportedGroup.isRecommended()) {
                    if (sb.length() > 0) {
                        sb.append(", ");
                    }
                    sb.append(supportedGroup.name());
                }
            }
            if (sb.length() > 0) {
                throw new IllegalStateException("Not recommended supported groups (curves) " + ((Object) sb) + " used! (Requires to set DTLS_RECOMMENDED_CURVES_ONLY to false.)");
            }
        }

        private void verifyRecommendedSignatureAndHashAlgorithmsOnly(List<SignatureAndHashAlgorithm> list) {
            StringBuilder sb = new StringBuilder();
            for (SignatureAndHashAlgorithm signatureAndHashAlgorithm : list) {
                if (!signatureAndHashAlgorithm.isRecommended()) {
                    if (sb.length() > 0) {
                        sb.append(", ");
                    }
                    sb.append(signatureAndHashAlgorithm.getJcaName());
                }
            }
            if (sb.length() > 0) {
                throw new IllegalStateException("Not recommended signature and hash algorithms " + ((Object) sb) + " used! (Requires to set DTLS_RECOMMENDED_SIGNATURE_AND_HASH_ALGORITHMS_ONLY to false.)");
            }
        }

        /* JADX WARN: Multi-variable type inference failed */
        private void determineCipherSuitesFromConfig() {
            List arrayList = new ArrayList();
            if (this.config.certificateIdentityProvider != null || this.config.advancedCertificateVerifier != null) {
                ArrayList arrayList2 = new ArrayList();
                if (this.config.getConfiguration().get(DtlsConfig.DTLS_ROLE) == DtlsConfig.DtlsRole.CLIENT_ONLY) {
                    if (this.config.supportedCertificatekeyAlgorithms.isEmpty()) {
                        ListUtils.addIfAbsent(arrayList2, CipherSuite.CertificateKeyAlgorithm.EC);
                        if (this.config.certificateIdentityProvider != null) {
                            ListUtils.addIfAbsent((List) arrayList2, (List) this.config.certificateIdentityProvider.getSupportedCertificateKeyAlgorithms());
                        }
                    } else {
                        ListUtils.addIfAbsent((List) arrayList2, this.config.supportedCertificatekeyAlgorithms);
                    }
                } else if (this.config.certificateIdentityProvider != null) {
                    ListUtils.addIfAbsent((List) arrayList2, (List) this.config.certificateIdentityProvider.getSupportedCertificateKeyAlgorithms());
                }
                if (!arrayList2.isEmpty()) {
                    arrayList.addAll(CipherSuite.getCertificateCipherSuites(((Boolean) this.config.get(DtlsConfig.DTLS_RECOMMENDED_CIPHER_SUITES_ONLY)).booleanValue(), arrayList2));
                }
            }
            if (this.config.advancedPskStore != null) {
                if (this.config.advancedPskStore.hasEcdhePskSupported()) {
                    arrayList.addAll(CipherSuite.getCipherSuitesByKeyExchangeAlgorithm(((Boolean) this.config.get(DtlsConfig.DTLS_RECOMMENDED_CIPHER_SUITES_ONLY)).booleanValue(), CipherSuite.KeyExchangeAlgorithm.ECDHE_PSK));
                }
                arrayList.addAll(CipherSuite.getCipherSuitesByKeyExchangeAlgorithm(((Boolean) this.config.get(DtlsConfig.DTLS_RECOMMENDED_CIPHER_SUITES_ONLY)).booleanValue(), CipherSuite.KeyExchangeAlgorithm.PSK));
            }
            List list = (List) this.config.get(DtlsConfig.DTLS_PRESELECTED_CIPHER_SUITES);
            if (list != null && !list.isEmpty()) {
                arrayList = CipherSuite.preselectCipherSuites(arrayList, list);
            }
            this.config.supportedCipherSuites = arrayList;
        }
    }

    private DtlsConnectorConfig(Configuration configuration) {
        if (configuration == null) {
            throw new NullPointerException("Configuration must not be null!");
        }
        this.configuration = new Configuration(configuration);
    }

    public Configuration getConfiguration() {
        return this.configuration;
    }

    public <T> T get(BasicDefinition<T> basicDefinition) {
        return (T) this.configuration.get(basicDefinition);
    }

    public Long get(TimeDefinition timeDefinition, TimeUnit timeUnit) {
        return this.configuration.get(timeDefinition, timeUnit);
    }

    public int getTimeAsInt(TimeDefinition timeDefinition, TimeUnit timeUnit) {
        return this.configuration.getTimeAsInt(timeDefinition, timeUnit);
    }

    public ProtocolVersion getProtocolVersionForHelloVerifyRequests() {
        return this.protocolVersionForHelloVerifyRequests;
    }

    @Deprecated
    public Integer getRecordSizeLimit() {
        return (Integer) this.configuration.get(DtlsConfig.DTLS_RECORD_SIZE_LIMIT);
    }

    @Deprecated
    public MaxFragmentLengthExtension.Length getMaxFragmentLength() {
        return (MaxFragmentLengthExtension.Length) this.configuration.get(DtlsConfig.DTLS_MAX_FRAGMENT_LENGTH);
    }

    @Deprecated
    public Integer getMaxFragmentedHandshakeMessageLength() {
        return (Integer) this.configuration.get(DtlsConfig.DTLS_MAX_FRAGMENTED_HANDSHAKE_MESSAGE_LENGTH);
    }

    @Deprecated
    public Boolean useMultiRecordMessages() {
        return (Boolean) this.configuration.get(DtlsConfig.DTLS_USE_MULTI_RECORD_MESSAGES);
    }

    @Deprecated
    public Boolean useMultiHandshakeMessageRecords() {
        return (Boolean) this.configuration.get(DtlsConfig.DTLS_USE_MULTI_HANDSHAKE_MESSAGE_RECORDS);
    }

    @Deprecated
    public int getRetransmissionTimeout() {
        return this.configuration.getTimeAsInt(DtlsConfig.DTLS_RETRANSMISSION_TIMEOUT, TimeUnit.MILLISECONDS);
    }

    @Deprecated
    public Integer getMaxRetransmissionTimeout() {
        return Integer.valueOf(this.configuration.getTimeAsInt(DtlsConfig.DTLS_MAX_RETRANSMISSION_TIMEOUT, TimeUnit.MILLISECONDS));
    }

    @Deprecated
    public Float getRetransmissionRandomFactor() {
        return (Float) this.configuration.get(DtlsConfig.DTLS_RETRANSMISSION_INIT_RANDOM);
    }

    @Deprecated
    public Float getRetransmissionTimeoutScale() {
        return (Float) this.configuration.get(DtlsConfig.DTLS_RETRANSMISSION_TIMEOUT_SCALE);
    }

    @Deprecated
    public int getAdditionalTimeoutForEcc() {
        return this.configuration.getTimeAsInt(DtlsConfig.DTLS_ADDITIONAL_ECC_TIMEOUT, TimeUnit.MILLISECONDS);
    }

    public Integer getBackOffRetransmission() {
        Integer num = (Integer) this.configuration.get(DtlsConfig.DTLS_RETRANSMISSION_BACKOFF);
        if (num == null) {
            num = Integer.valueOf(((Integer) this.configuration.get(DtlsConfig.DTLS_MAX_RETRANSMISSIONS)).intValue() / 2);
        }
        return num;
    }

    @Deprecated
    public Integer getMaxRetransmissions() {
        return (Integer) this.configuration.get(DtlsConfig.DTLS_MAX_RETRANSMISSIONS);
    }

    @Deprecated
    public Integer getMaxDeferredProcessedOutgoingApplicationDataMessages() {
        return (Integer) this.configuration.get(DtlsConfig.DTLS_MAX_DEFERRED_OUTBOUND_APPLICATION_MESSAGES);
    }

    @Deprecated
    public Integer getMaxDeferredProcessedIncomingRecordsSize() {
        return (Integer) this.configuration.get(DtlsConfig.DTLS_MAX_DEFERRED_INBOUND_RECORDS_SIZE);
    }

    @Deprecated
    public Integer getMaxTransmissionUnit() {
        return (Integer) this.configuration.get(DtlsConfig.DTLS_MAX_TRANSMISSION_UNIT);
    }

    @Deprecated
    public Integer getMaxTransmissionUnitLimit() {
        return (Integer) this.configuration.get(DtlsConfig.DTLS_MAX_TRANSMISSION_UNIT_LIMIT);
    }

    @Deprecated
    public Boolean useEarlyStopRetransmission() {
        return (Boolean) this.configuration.get(DtlsConfig.DTLS_USE_EARLY_STOP_RETRANSMISSION);
    }

    public Boolean useReuseAddress() {
        return this.useReuseAddress;
    }

    @Deprecated
    public Boolean useServerNameIndication() {
        return (Boolean) this.configuration.get(DtlsConfig.DTLS_USE_SERVER_NAME_INDICATION);
    }

    @Deprecated
    public ExtendedMasterSecretMode getExtendedMasterSecretMode() {
        return (ExtendedMasterSecretMode) this.configuration.get(DtlsConfig.DTLS_EXTENDED_MASTER_SECRET_MODE);
    }

    @Deprecated
    public Integer getVerifyPeersOnResumptionThreshold() {
        return (Integer) this.configuration.get(DtlsConfig.DTLS_VERIFY_PEERS_ON_RESUMPTION_THRESHOLD);
    }

    @Deprecated
    public Boolean useHelloVerifyRequestForPsk() {
        return (Boolean) this.configuration.get(DtlsConfig.DTLS_USE_HELLO_VERIFY_REQUEST_FOR_PSK);
    }

    @Deprecated
    public Boolean useHelloVerifyRequest() {
        return (Boolean) this.configuration.get(DtlsConfig.DTLS_USE_HELLO_VERIFY_REQUEST);
    }

    public ConnectionIdGenerator getConnectionIdGenerator() {
        return this.connectionIdGenerator;
    }

    @Deprecated
    public Integer useDeprecatedCid() {
        return (Integer) this.configuration.get(DtlsConfig.DTLS_USE_DEPRECATED_CID);
    }

    @Deprecated
    public Boolean supportsDeprecatedCid() {
        return (Boolean) this.configuration.get(DtlsConfig.DTLS_SUPPORT_DEPRECATED_CID);
    }

    @Deprecated
    public Integer getOutboundMessageBufferSize() {
        return (Integer) this.configuration.get(DtlsConfig.DTLS_OUTBOUND_MESSAGE_BUFFER_SIZE);
    }

    public InetSocketAddress getAddress() {
        return this.address;
    }

    public CertificateProvider getCertificateIdentityProvider() {
        return this.certificateIdentityProvider;
    }

    public CipherSuiteSelector getCipherSuiteSelector() {
        return this.cipherSuiteSelector;
    }

    @Deprecated
    public List<CipherSuite> getPreselectedCipherSuites() {
        return (List) this.configuration.get(DtlsConfig.DTLS_PRESELECTED_CIPHER_SUITES);
    }

    public List<CipherSuite.CertificateKeyAlgorithm> getSupportedCertificateKeyAlgorithm() {
        return this.supportedCertificatekeyAlgorithms;
    }

    public List<CipherSuite> getSupportedCipherSuites() {
        return this.supportedCipherSuites;
    }

    public List<SignatureAndHashAlgorithm> getSupportedSignatureAlgorithms() {
        return this.supportedSignatureAlgorithms;
    }

    public List<XECDHECryptography.SupportedGroup> getSupportedGroups() {
        return this.supportedGroups;
    }

    public AdvancedPskStore getAdvancedPskStore() {
        return this.advancedPskStore;
    }

    public NewAdvancedCertificateVerifier getAdvancedCertificateVerifier() {
        return this.advancedCertificateVerifier;
    }

    public ApplicationLevelInfoSupplier getApplicationLevelInfoSupplier() {
        return this.applicationLevelInfoSupplier;
    }

    @Deprecated
    public CertificateAuthenticationMode getCertificateAuthenticationMode() {
        return (CertificateAuthenticationMode) this.configuration.get(DtlsConfig.DTLS_CLIENT_AUTHENTICATION_MODE);
    }

    @Deprecated
    public Boolean verifyServerCertificatesSubject() {
        return (Boolean) this.configuration.get(DtlsConfig.DTLS_VERIFY_SERVER_CERTIFICATES_SUBJECT);
    }

    @Deprecated
    public DtlsConfig.DtlsRole getDtlsRole() {
        return (DtlsConfig.DtlsRole) this.configuration.get(DtlsConfig.DTLS_ROLE);
    }

    public String getDefaultHandshakeMode() {
        return this.configuration.get(DtlsConfig.DTLS_ROLE) == DtlsConfig.DtlsRole.SERVER_ONLY ? "none" : (String) this.configuration.get(DtlsConfig.DTLS_DEFAULT_HANDSHAKE_MODE);
    }

    public List<CertificateType> getIdentityCertificateTypes() {
        if (this.certificateIdentityProvider == null) {
            return null;
        }
        return this.certificateIdentityProvider.getSupportedCertificateTypes();
    }

    public List<CertificateType> getTrustCertificateTypes() {
        if (this.advancedCertificateVerifier == null) {
            return null;
        }
        return this.advancedCertificateVerifier.getSupportedCertificateTypes();
    }

    @Deprecated
    public Integer getMaxConnections() {
        return (Integer) this.configuration.get(DtlsConfig.DTLS_MAX_CONNECTIONS);
    }

    @Deprecated
    public Long getStaleConnectionThresholdSeconds() {
        return this.configuration.get(DtlsConfig.DTLS_STALE_CONNECTION_THRESHOLD, TimeUnit.SECONDS);
    }

    @Deprecated
    public Integer getConnectorThreadCount() {
        return (Integer) this.configuration.get(DtlsConfig.DTLS_CONNECTOR_THREAD_COUNT);
    }

    @Deprecated
    public Integer getReceiverThreadCount() {
        return (Integer) this.configuration.get(DtlsConfig.DTLS_RECEIVER_THREAD_COUNT);
    }

    @Deprecated
    public Integer getSocketReceiveBufferSize() {
        return (Integer) this.configuration.get(DtlsConfig.DTLS_RECEIVE_BUFFER_SIZE);
    }

    @Deprecated
    public Integer getSocketSendBufferSize() {
        return (Integer) this.configuration.get(DtlsConfig.DTLS_SEND_BUFFER_SIZE);
    }

    public Long getAutoHandshakeTimeoutMillis() {
        Long l = this.configuration.get(DtlsConfig.DTLS_AUTO_HANDSHAKE_TIMEOUT, TimeUnit.MILLISECONDS);
        if (l != null && l.longValue() <= 0) {
            l = null;
        }
        return l;
    }

    @Deprecated
    public Boolean useServerSessionId() {
        return (Boolean) this.configuration.get(DtlsConfig.DTLS_SERVER_USE_SESSION_ID);
    }

    @Deprecated
    public Boolean useAntiReplayFilter() {
        return (Boolean) this.configuration.get(DtlsConfig.DTLS_USE_ANTI_REPLAY_FILTER);
    }

    @Deprecated
    public Integer useDisabledWindowFilter() {
        return (Integer) this.configuration.get(DtlsConfig.DTLS_USE_DISABLED_WINDOW_FOR_ANTI_REPLAY_FILTER);
    }

    @Deprecated
    public Boolean useUpdateAddressUsingCidOnNewerRecords() {
        return (Boolean) this.configuration.get(DtlsConfig.DTLS_UPDATE_ADDRESS_USING_CID_ON_NEWER_RECORDS);
    }

    @Deprecated
    public Boolean useTruncatedCertificatePathForClientsCertificateMessage() {
        return (Boolean) this.configuration.get(DtlsConfig.DTLS_TRUNCATE_CLIENT_CERTIFICATE_PATH);
    }

    @Deprecated
    public Boolean useTruncatedCertificatePathForValidation() {
        return (Boolean) this.configuration.get(DtlsConfig.DTLS_TRUNCATE_CERTIFICATE_PATH_FOR_VALIDATION);
    }

    public ConnectionListener getConnectionListener() {
        return this.connectionListener;
    }

    public SessionListener getSessionListener() {
        return this.sessionListener;
    }

    public DatagramFilter getDatagramFilter() {
        return this.datagramFilter;
    }

    public SessionStore getSessionStore() {
        return this.sessionStore;
    }

    public ResumptionVerifier getResumptionVerifier() {
        return this.resumptionVerifier;
    }

    public String getLoggingTag() {
        return this.loggingTag;
    }

    public String getSerializationLabel() {
        return this.serializationLabel;
    }

    @Deprecated
    public int getHealthStatusIntervalMilliseconds() {
        return this.configuration.getTimeAsInt(SystemConfig.HEALTH_STATUS_INTERVAL, TimeUnit.MILLISECONDS);
    }

    public DtlsHealth getHealthHandler() {
        return this.healthHandler;
    }

    @Deprecated
    public Boolean useRecommendedCipherSuitesOnly() {
        return (Boolean) this.configuration.get(DtlsConfig.DTLS_RECOMMENDED_CIPHER_SUITES_ONLY);
    }

    @Deprecated
    public Boolean useRecommendedSupportedGroupsOnly() {
        return (Boolean) this.configuration.get(DtlsConfig.DTLS_RECOMMENDED_CURVES_ONLY);
    }

    @Deprecated
    public Boolean useRecommendedSignatureAndHashAlgorithmsOnly() {
        return (Boolean) this.configuration.get(DtlsConfig.DTLS_RECOMMENDED_SIGNATURE_AND_HASH_ALGORITHMS_ONLY);
    }

    protected Object clone() {
        DtlsConnectorConfig dtlsConnectorConfig = new DtlsConnectorConfig(this.configuration);
        dtlsConnectorConfig.address = this.address;
        dtlsConnectorConfig.advancedCertificateVerifier = this.advancedCertificateVerifier;
        dtlsConnectorConfig.useReuseAddress = this.useReuseAddress;
        dtlsConnectorConfig.protocolVersionForHelloVerifyRequests = this.protocolVersionForHelloVerifyRequests;
        dtlsConnectorConfig.advancedPskStore = this.advancedPskStore;
        dtlsConnectorConfig.certificateIdentityProvider = this.certificateIdentityProvider;
        dtlsConnectorConfig.certificateConfigurationHelper = this.certificateConfigurationHelper;
        dtlsConnectorConfig.cipherSuiteSelector = this.cipherSuiteSelector;
        dtlsConnectorConfig.supportedCertificatekeyAlgorithms = this.supportedCertificatekeyAlgorithms;
        dtlsConnectorConfig.supportedCipherSuites = this.supportedCipherSuites;
        dtlsConnectorConfig.supportedSignatureAlgorithms = this.supportedSignatureAlgorithms;
        dtlsConnectorConfig.supportedGroups = this.supportedGroups;
        dtlsConnectorConfig.loggingTag = this.loggingTag;
        dtlsConnectorConfig.serializationLabel = this.serializationLabel;
        dtlsConnectorConfig.connectionIdGenerator = this.connectionIdGenerator;
        dtlsConnectorConfig.applicationLevelInfoSupplier = this.applicationLevelInfoSupplier;
        dtlsConnectorConfig.connectionListener = this.connectionListener;
        dtlsConnectorConfig.sessionListener = this.sessionListener;
        dtlsConnectorConfig.datagramFilter = this.datagramFilter;
        dtlsConnectorConfig.sessionStore = this.sessionStore;
        dtlsConnectorConfig.resumptionVerifier = this.resumptionVerifier;
        dtlsConnectorConfig.healthHandler = this.healthHandler;
        return dtlsConnectorConfig;
    }

    public static Builder builder(Configuration configuration) {
        return new Builder(configuration);
    }

    public static Builder builder(DtlsConnectorConfig dtlsConnectorConfig) {
        return new Builder();
    }
}
