package org.bouncycastle.tls;

import java.io.IOException;
import org.bouncycastle.tls.crypto.TlsCrypto;
import org.bouncycastle.tls.crypto.TlsHMAC;
import org.bouncycastle.tls.crypto.TlsMAC;
import org.bouncycastle.tls.crypto.TlsMACOutputStream;
import org.bouncycastle.util.Arrays;

/* loaded from: input_file:META-INF/jruby.home/lib/ruby/stdlib/org/bouncycastle/bctls-jdk15on/1.65/bctls-jdk15on-1.65.jar:org/bouncycastle/tls/DTLSVerifier.class */
public class DTLSVerifier {
    private final TlsMAC cookieMAC;
    private final TlsMACOutputStream cookieMACOutputStream;

    private static TlsMAC createCookieMAC(TlsCrypto tlsCrypto) {
        TlsHMAC createHMAC = tlsCrypto.createHMAC(3);
        byte[] bArr = new byte[createHMAC.getMacLength()];
        tlsCrypto.getSecureRandom().nextBytes(bArr);
        createHMAC.setKey(bArr, 0, bArr.length);
        return createHMAC;
    }

    public DTLSVerifier(TlsCrypto tlsCrypto) {
        this.cookieMAC = createCookieMAC(tlsCrypto);
        this.cookieMACOutputStream = new TlsMACOutputStream(this.cookieMAC);
    }

    public synchronized DTLSRequest verifyRequest(byte[] bArr, byte[] bArr2, int i, int i2, DatagramSender datagramSender) {
        boolean z = true;
        try {
            this.cookieMAC.update(bArr, 0, bArr.length);
            DTLSRequest readClientRequest = DTLSReliableHandshake.readClientRequest(bArr2, i, i2, this.cookieMACOutputStream);
            if (null != readClientRequest) {
                byte[] calculateMAC = this.cookieMAC.calculateMAC();
                z = false;
                if (Arrays.constantTimeAreEqual(calculateMAC, readClientRequest.getClientHello().getCookie())) {
                    if (0 != 0) {
                        this.cookieMAC.reset();
                    }
                    return readClientRequest;
                }
                DTLSReliableHandshake.sendHelloVerifyRequest(datagramSender, readClientRequest.getRecordSeq(), readClientRequest.getMessageSeq(), calculateMAC);
            }
            if (!z) {
                return null;
            }
            this.cookieMAC.reset();
            return null;
        } catch (IOException e) {
            if (!z) {
                return null;
            }
            this.cookieMAC.reset();
            return null;
        } catch (Throwable th) {
            if (z) {
                this.cookieMAC.reset();
            }
            throw th;
        }
    }
}
