package com.tencent.kona.sun.security.ssl;

import com.tencent.kona.sun.security.ssl.ClientHello;
import com.tencent.kona.sun.security.ssl.SSLHandshake;
import java.io.IOException;
import java.util.Arrays;
import javax.net.ssl.SSLPeerUnverifiedException;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: input_file:com/tencent/kona/sun/security/ssl/TLCPClientHello.class */
public final class TLCPClientHello {
    static final HandshakeConsumer tlcpHandshakeConsumer = new TLCPClientHelloConsumer();

    /* loaded from: input_file:com/tencent/kona/sun/security/ssl/TLCPClientHello$TLCPClientHelloConsumer.class */
    private static final class TLCPClientHelloConsumer implements HandshakeConsumer {
        private TLCPClientHelloConsumer() {
        }

        @Override // com.tencent.kona.sun.security.ssl.HandshakeConsumer
        public void consume(ConnectionContext connectionContext, SSLHandshake.HandshakeMessage handshakeMessage) throws IOException {
            ServerHandshakeContext serverHandshakeContext = (ServerHandshakeContext) connectionContext;
            ClientHello.ClientHelloMessage clientHelloMessage = (ClientHello.ClientHelloMessage) handshakeMessage;
            if (serverHandshakeContext.conContext.isNegotiated) {
                if (!serverHandshakeContext.conContext.secureRenegotiation && !HandshakeContext.allowUnsafeRenegotiation) {
                    throw serverHandshakeContext.conContext.fatal(Alert.HANDSHAKE_FAILURE, "Unsafe renegotiation is not allowed");
                }
                if (ServerHandshakeContext.rejectClientInitiatedRenego && !serverHandshakeContext.kickstartMessageDelivered) {
                    throw serverHandshakeContext.conContext.fatal(Alert.HANDSHAKE_FAILURE, "Client initiated renegotiation is not allowed");
                }
            }
            clientHelloMessage.extensions.consumeOnLoad(serverHandshakeContext, new SSLExtension[]{SSLExtension.CH_SESSION_TICKET});
            if (clientHelloMessage.sessionId.length() != 0 || serverHandshakeContext.statelessResumption) {
                SSLSessionImpl sSLSessionImpl = serverHandshakeContext.statelessResumption ? serverHandshakeContext.resumingSession : ((SSLSessionContextImpl) serverHandshakeContext.sslContext.engineGetServerSessionContext()).get(clientHelloMessage.sessionId.getId());
                boolean z = sSLSessionImpl != null && sSLSessionImpl.isRejoinable();
                if (!z && SSLLogger.isOn && SSLLogger.isOn("ssl,handshake,verbose")) {
                    SSLLogger.finest("Can't resume, the existing session is not rejoinable", new Object[0]);
                }
                if (z && sSLSessionImpl.getProtocolVersion() != serverHandshakeContext.negotiatedProtocol) {
                    z = false;
                    if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake,verbose")) {
                        SSLLogger.finest("Can't resume, not the same protocol version", new Object[0]);
                    }
                }
                if (z && serverHandshakeContext.sslConfig.clientAuthType == ClientAuthType.CLIENT_AUTH_REQUIRED) {
                    try {
                        sSLSessionImpl.getPeerPrincipal();
                    } catch (SSLPeerUnverifiedException e) {
                        z = false;
                        if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake,verbose")) {
                            SSLLogger.finest("Can't resume, client authentication is required", new Object[0]);
                        }
                    }
                }
                if (z) {
                    CipherSuite suite = sSLSessionImpl.getSuite();
                    if (!serverHandshakeContext.isNegotiable(suite) || !clientHelloMessage.cipherSuites.contains(suite)) {
                        z = false;
                        if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake,verbose")) {
                            SSLLogger.finest("Can't resume, the session cipher suite is absent", new Object[0]);
                        }
                    }
                }
                String str = serverHandshakeContext.sslConfig.identificationProtocol;
                if (z && str != null) {
                    String identificationProtocol = sSLSessionImpl.getIdentificationProtocol();
                    if (!str.equalsIgnoreCase(identificationProtocol)) {
                        if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake,verbose")) {
                            SSLLogger.finest("Can't resume, endpoint id algorithm does not match, requested: " + str + ", cached: " + identificationProtocol, new Object[0]);
                        }
                        z = false;
                    }
                }
                serverHandshakeContext.isResumption = z;
                serverHandshakeContext.resumingSession = z ? sSLSessionImpl : null;
                if (!z && SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
                    SSLLogger.fine("Session not resumed.", new Object[0]);
                }
            }
            serverHandshakeContext.clientHelloRandom = clientHelloMessage.clientRandom;
            clientHelloMessage.extensions.consumeOnLoad(serverHandshakeContext, serverHandshakeContext.sslConfig.getExclusiveExtensions(SSLHandshake.CLIENT_HELLO, Arrays.asList(SSLExtension.CH_SESSION_TICKET)));
            if (!serverHandshakeContext.conContext.isNegotiated) {
                serverHandshakeContext.conContext.protocolVersion = serverHandshakeContext.negotiatedProtocol;
                serverHandshakeContext.conContext.outputRecord.setVersion(serverHandshakeContext.negotiatedProtocol);
            }
            serverHandshakeContext.handshakeProducers.put(Byte.valueOf(SSLHandshake.SERVER_HELLO.id), SSLHandshake.SERVER_HELLO);
            for (SSLHandshake sSLHandshake : new SSLHandshake[]{SSLHandshake.SERVER_HELLO, SSLHandshake.CERTIFICATE, SSLHandshake.CERTIFICATE_STATUS, SSLHandshake.SERVER_KEY_EXCHANGE, SSLHandshake.CERTIFICATE_REQUEST, SSLHandshake.SERVER_HELLO_DONE, SSLHandshake.FINISHED}) {
                HandshakeProducer remove = serverHandshakeContext.handshakeProducers.remove(Byte.valueOf(sSLHandshake.id));
                if (remove != null) {
                    remove.produce(connectionContext, clientHelloMessage);
                }
            }
        }
    }

    TLCPClientHello() {
    }
}
