package org.eclipse.californium.scandium.dtls;

import java.security.GeneralSecurityException;
import java.security.MessageDigest;
import java.security.PublicKey;
import java.security.SecureRandom;
import java.security.cert.CertPath;
import java.security.cert.X509Certificate;
import java.security.interfaces.ECPublicKey;
import java.util.ArrayList;
import java.util.List;
import java.util.logging.Level;
import java.util.logging.Logger;
import org.eclipse.californium.scandium.auth.PreSharedKeyIdentity;
import org.eclipse.californium.scandium.auth.RawPublicKeyIdentity;
import org.eclipse.californium.scandium.auth.X509CertPath;
import org.eclipse.californium.scandium.config.DtlsConnectorConfig;
import org.eclipse.californium.scandium.dtls.AlertMessage;
import org.eclipse.californium.scandium.dtls.CertificateTypeExtension;
import org.eclipse.californium.scandium.dtls.MaxFragmentLengthExtension;
import org.eclipse.californium.scandium.dtls.cipher.CipherSuite;
import org.eclipse.californium.scandium.dtls.cipher.ECDHECryptography;
import org.eclipse.californium.scandium.dtls.pskstore.PskStore;
import org.eclipse.californium.scandium.util.ByteArrayUtils;
import org.eclipse.californium.scandium.util.ServerNames;

/* loaded from: classes2.dex */
public class ClientHandshaker extends Handshaker {
    private static final Logger LOGGER = Logger.getLogger(ClientHandshaker.class.getName());
    protected CertificateRequest certificateRequest;
    protected CertificateVerify certificateVerify;
    protected CertificateMessage clientCertificate;
    protected ClientHello clientHello;
    private ECPublicKey ephemeralServerPublicKey;
    protected byte[] handshakeHash;
    protected ServerNames indicatedServerNames;
    protected Integer maxFragmentLengthCode;
    private ProtocolVersion maxProtocolVersion;
    protected SignatureAndHashAlgorithm negotiatedSignatureAndHashAlgorithm;
    private CertPath peerCertPath;
    private final CipherSuite[] preferredCipherSuites;
    protected final PskStore pskStore;
    protected CertificateMessage serverCertificate;
    protected ServerHello serverHello;
    protected ServerHelloDone serverHelloDone;
    protected ServerKeyExchange serverKeyExchange;
    protected final ServerNameResolver serverNameResolver;
    private PublicKey serverPublicKey;
    protected List<CertificateTypeExtension.CertificateType> supportedClientCertificateTypes;
    protected List<CertificateTypeExtension.CertificateType> supportedServerCertificateTypes;

    /* JADX INFO: Access modifiers changed from: package-private */
    /* renamed from: org.eclipse.californium.scandium.dtls.ClientHandshaker$1, reason: invalid class name */
    /* loaded from: classes2.dex */
    public static /* synthetic */ class AnonymousClass1 {
        static final /* synthetic */ int[] $SwitchMap$org$eclipse$californium$scandium$dtls$ContentType = new int[ContentType.values().length];
        static final /* synthetic */ int[] $SwitchMap$org$eclipse$californium$scandium$dtls$cipher$CipherSuite$KeyExchangeAlgorithm;

        static {
            try {
                $SwitchMap$org$eclipse$californium$scandium$dtls$ContentType[ContentType.ALERT.ordinal()] = 1;
            } catch (NoSuchFieldError unused) {
            }
            try {
                $SwitchMap$org$eclipse$californium$scandium$dtls$ContentType[ContentType.CHANGE_CIPHER_SPEC.ordinal()] = 2;
            } catch (NoSuchFieldError unused2) {
            }
            try {
                $SwitchMap$org$eclipse$californium$scandium$dtls$ContentType[ContentType.HANDSHAKE.ordinal()] = 3;
            } catch (NoSuchFieldError unused3) {
            }
            $SwitchMap$org$eclipse$californium$scandium$dtls$HandshakeType = new int[HandshakeType.values().length];
            try {
                $SwitchMap$org$eclipse$californium$scandium$dtls$HandshakeType[HandshakeType.HELLO_REQUEST.ordinal()] = 1;
            } catch (NoSuchFieldError unused4) {
            }
            try {
                $SwitchMap$org$eclipse$californium$scandium$dtls$HandshakeType[HandshakeType.HELLO_VERIFY_REQUEST.ordinal()] = 2;
            } catch (NoSuchFieldError unused5) {
            }
            try {
                $SwitchMap$org$eclipse$californium$scandium$dtls$HandshakeType[HandshakeType.SERVER_HELLO.ordinal()] = 3;
            } catch (NoSuchFieldError unused6) {
            }
            try {
                $SwitchMap$org$eclipse$californium$scandium$dtls$HandshakeType[HandshakeType.CERTIFICATE.ordinal()] = 4;
            } catch (NoSuchFieldError unused7) {
            }
            try {
                $SwitchMap$org$eclipse$californium$scandium$dtls$HandshakeType[HandshakeType.SERVER_KEY_EXCHANGE.ordinal()] = 5;
            } catch (NoSuchFieldError unused8) {
            }
            try {
                $SwitchMap$org$eclipse$californium$scandium$dtls$HandshakeType[HandshakeType.CERTIFICATE_REQUEST.ordinal()] = 6;
            } catch (NoSuchFieldError unused9) {
            }
            try {
                $SwitchMap$org$eclipse$californium$scandium$dtls$HandshakeType[HandshakeType.SERVER_HELLO_DONE.ordinal()] = 7;
            } catch (NoSuchFieldError unused10) {
            }
            try {
                $SwitchMap$org$eclipse$californium$scandium$dtls$HandshakeType[HandshakeType.FINISHED.ordinal()] = 8;
            } catch (NoSuchFieldError unused11) {
            }
            $SwitchMap$org$eclipse$californium$scandium$dtls$cipher$CipherSuite$KeyExchangeAlgorithm = new int[CipherSuite.KeyExchangeAlgorithm.values().length];
            try {
                $SwitchMap$org$eclipse$californium$scandium$dtls$cipher$CipherSuite$KeyExchangeAlgorithm[CipherSuite.KeyExchangeAlgorithm.EC_DIFFIE_HELLMAN.ordinal()] = 1;
            } catch (NoSuchFieldError unused12) {
            }
            try {
                $SwitchMap$org$eclipse$californium$scandium$dtls$cipher$CipherSuite$KeyExchangeAlgorithm[CipherSuite.KeyExchangeAlgorithm.PSK.ordinal()] = 2;
            } catch (NoSuchFieldError unused13) {
            }
            try {
                $SwitchMap$org$eclipse$californium$scandium$dtls$cipher$CipherSuite$KeyExchangeAlgorithm[CipherSuite.KeyExchangeAlgorithm.NULL.ordinal()] = 3;
            } catch (NoSuchFieldError unused14) {
            }
        }
    }

    public ClientHandshaker(DTLSSession dTLSSession, RecordLayer recordLayer, SessionListener sessionListener, DtlsConnectorConfig dtlsConnectorConfig, int i) {
        super(true, dTLSSession, recordLayer, sessionListener, dtlsConnectorConfig.getTrustStore(), i, dtlsConnectorConfig.getRpkTrustStore());
        this.maxProtocolVersion = new ProtocolVersion();
        this.clientHello = null;
        this.serverCertificate = null;
        this.clientCertificate = null;
        this.certificateRequest = null;
        this.certificateVerify = null;
        this.serverKeyExchange = null;
        this.handshakeHash = null;
        this.privateKey = dtlsConnectorConfig.getPrivateKey();
        this.certificateChain = dtlsConnectorConfig.getCertificateChain();
        this.publicKey = dtlsConnectorConfig.getPublicKey();
        this.pskStore = dtlsConnectorConfig.getPskStore();
        this.serverNameResolver = dtlsConnectorConfig.getServerNameResolver();
        this.preferredCipherSuites = dtlsConnectorConfig.getSupportedCipherSuites();
        this.maxFragmentLengthCode = dtlsConnectorConfig.getMaxFragmentLengthCode();
        this.supportedServerCertificateTypes = new ArrayList();
        this.supportedServerCertificateTypes.add(CertificateTypeExtension.CertificateType.RAW_PUBLIC_KEY);
        if (this.rootCertificates != null && this.rootCertificates.length > 0) {
            boolean isSendRawKey = dtlsConnectorConfig.isSendRawKey();
            this.supportedServerCertificateTypes.add(isSendRawKey ? 1 : 0, CertificateTypeExtension.CertificateType.X_509);
        }
        this.supportedClientCertificateTypes = new ArrayList();
        if (this.privateKey == null || this.publicKey == null) {
            return;
        }
        if (this.certificateChain == null || this.certificateChain.length == 0) {
            this.supportedClientCertificateTypes.add(CertificateTypeExtension.CertificateType.RAW_PUBLIC_KEY);
        } else if (dtlsConnectorConfig.isSendRawKey()) {
            this.supportedClientCertificateTypes.add(CertificateTypeExtension.CertificateType.RAW_PUBLIC_KEY);
            this.supportedClientCertificateTypes.add(CertificateTypeExtension.CertificateType.X_509);
        } else {
            this.supportedClientCertificateTypes.add(CertificateTypeExtension.CertificateType.X_509);
            this.supportedClientCertificateTypes.add(CertificateTypeExtension.CertificateType.RAW_PUBLIC_KEY);
        }
    }

    private void addServerNameIndication(ClientHello clientHello) {
        ServerNameResolver serverNameResolver = this.serverNameResolver;
        if (serverNameResolver != null) {
            this.indicatedServerNames = serverNameResolver.getServerNames(this.session.getPeer());
            ServerNames serverNames = this.indicatedServerNames;
            if (serverNames != null) {
                clientHello.addExtension(ServerNameExtension.forServerNames(serverNames));
            }
        }
    }

    private void createCertificateMessage(DTLSFlight dTLSFlight) throws HandshakeException {
        if (this.certificateRequest != null) {
            if (this.session.sendRawPublicKey()) {
                byte[] bArr = new byte[0];
                PublicKey determineClientRawPublicKey = determineClientRawPublicKey(this.certificateRequest);
                if (determineClientRawPublicKey != null) {
                    bArr = determineClientRawPublicKey.getEncoded();
                }
                LOGGER.log(Level.FINE, "sending CERTIFICATE message with client RawPublicKey [{0}] to server", ByteArrayUtils.toHexString(bArr));
                this.clientCertificate = new CertificateMessage(bArr, this.session.getPeer());
            } else {
                X509Certificate[] removeTrustedCertificates = this.certificateRequest.removeTrustedCertificates(determineClientCertificateChain(this.certificateRequest));
                LOGGER.log(Level.FINE, "sending CERTIFICATE message with client certificate chain [length: {0}] to server", Integer.valueOf(removeTrustedCertificates.length));
                this.clientCertificate = new CertificateMessage(removeTrustedCertificates, this.session.getPeer());
            }
            dTLSFlight.addMessage(wrapMessage(this.clientCertificate));
        }
    }

    private void receivedHelloRequest() throws HandshakeException {
        if (this.state < HandshakeType.HELLO_REQUEST.getCode()) {
            startHandshake();
        }
    }

    private void receivedServerCertificate(CertificateMessage certificateMessage) throws HandshakeException {
        CertificateMessage certificateMessage2 = this.serverCertificate;
        if (certificateMessage2 == null || certificateMessage2.getMessageSeq() != certificateMessage.getMessageSeq()) {
            this.serverCertificate = certificateMessage;
            verifyCertificate(this.serverCertificate);
            this.serverPublicKey = this.serverCertificate.getPublicKey();
            this.peerCertPath = certificateMessage.getCertificateChain();
        }
    }

    private void receivedServerFinished(Finished finished) throws HandshakeException, GeneralSecurityException {
        finished.verifyData(getMasterSecret(), false, this.handshakeHash);
        this.state = HandshakeType.FINISHED.getCode();
        sessionEstablished();
        handshakeCompleted();
    }

    private void receivedServerHelloDone(ServerHelloDone serverHelloDone) throws HandshakeException, GeneralSecurityException {
        DTLSMessage eCDHClientKeyExchange;
        ServerHelloDone serverHelloDone2 = this.serverHelloDone;
        if (serverHelloDone2 == null || serverHelloDone2.getMessageSeq() != serverHelloDone.getMessageSeq()) {
            this.serverHelloDone = serverHelloDone;
            DTLSFlight dTLSFlight = new DTLSFlight(getSession());
            createCertificateMessage(dTLSFlight);
            int i = AnonymousClass1.$SwitchMap$org$eclipse$californium$scandium$dtls$cipher$CipherSuite$KeyExchangeAlgorithm[getKeyExchangeAlgorithm().ordinal()];
            if (i == 1) {
                eCDHClientKeyExchange = new ECDHClientKeyExchange(this.ecdhe.getPublicKey(), this.session.getPeer());
                generateKeys(this.ecdhe.getSecret(this.ephemeralServerPublicKey).getEncoded());
            } else if (i == 2) {
                String identity = this.pskStore.getIdentity(getPeerAddress());
                if (identity == null) {
                    throw new HandshakeException("No Identity found for peer: " + getPeerAddress(), new AlertMessage(AlertMessage.AlertLevel.FATAL, AlertMessage.AlertDescription.HANDSHAKE_FAILURE, this.session.getPeer()));
                }
                byte[] key = this.pskStore.getKey(identity);
                if (key == null) {
                    throw new HandshakeException("No preshared secret found for identity: " + identity, new AlertMessage(AlertMessage.AlertLevel.FATAL, AlertMessage.AlertDescription.HANDSHAKE_FAILURE, this.session.getPeer()));
                }
                this.session.setPeerIdentity(new PreSharedKeyIdentity(identity));
                PSKClientKeyExchange pSKClientKeyExchange = new PSKClientKeyExchange(identity, this.session.getPeer());
                LOGGER.log(Level.FINER, "Using PSK identity: {0}", identity);
                generateKeys(generatePremasterSecretFromPSK(key));
                eCDHClientKeyExchange = pSKClientKeyExchange;
            } else {
                if (i != 3) {
                    throw new HandshakeException("Unknown key exchange algorithm: " + getKeyExchangeAlgorithm(), new AlertMessage(AlertMessage.AlertLevel.FATAL, AlertMessage.AlertDescription.HANDSHAKE_FAILURE, this.session.getPeer()));
                }
                eCDHClientKeyExchange = new NULLClientKeyExchange(this.session.getPeer());
                generateKeys(new byte[0]);
            }
            dTLSFlight.addMessage(wrapMessage(eCDHClientKeyExchange));
            if (this.certificateRequest != null && this.negotiatedSignatureAndHashAlgorithm != null) {
                this.handshakeMessages = ByteArrayUtils.concatenate(this.handshakeMessages, this.clientHello.toByteArray());
                this.handshakeMessages = ByteArrayUtils.concatenate(this.handshakeMessages, this.serverHello.toByteArray());
                this.handshakeMessages = ByteArrayUtils.concatenate(this.handshakeMessages, this.serverCertificate.toByteArray());
                this.handshakeMessages = ByteArrayUtils.concatenate(this.handshakeMessages, this.serverKeyExchange.toByteArray());
                this.handshakeMessages = ByteArrayUtils.concatenate(this.handshakeMessages, this.certificateRequest.toByteArray());
                this.handshakeMessages = ByteArrayUtils.concatenate(this.handshakeMessages, this.serverHelloDone.toByteArray());
                this.handshakeMessages = ByteArrayUtils.concatenate(this.handshakeMessages, this.clientCertificate.toByteArray());
                this.handshakeMessages = ByteArrayUtils.concatenate(this.handshakeMessages, eCDHClientKeyExchange.toByteArray());
                this.certificateVerify = new CertificateVerify(this.negotiatedSignatureAndHashAlgorithm, this.privateKey, this.handshakeMessages, this.session.getPeer());
                dTLSFlight.addMessage(wrapMessage(this.certificateVerify));
            }
            dTLSFlight.addMessage(wrapMessage(new ChangeCipherSpecMessage(this.session.getPeer())));
            setCurrentWriteState();
            this.md.update(this.clientHello.toByteArray());
            this.md.update(this.serverHello.toByteArray());
            if (this.serverCertificate != null) {
                this.md.update(this.serverCertificate.toByteArray());
            }
            if (this.serverKeyExchange != null) {
                this.md.update(this.serverKeyExchange.toByteArray());
            }
            if (this.certificateRequest != null) {
                this.md.update(this.certificateRequest.toByteArray());
            }
            this.md.update(this.serverHelloDone.toByteArray());
            if (this.clientCertificate != null) {
                this.md.update(this.clientCertificate.toByteArray());
            }
            this.md.update(eCDHClientKeyExchange.toByteArray());
            if (this.certificateVerify != null) {
                this.md.update(this.certificateVerify.toByteArray());
            }
            try {
                MessageDigest messageDigest = (MessageDigest) this.md.clone();
                this.handshakeHash = this.md.digest();
                Finished finished = new Finished(getMasterSecret(), this.isClient, this.handshakeHash, this.session.getPeer());
                dTLSFlight.addMessage(wrapMessage(finished));
                messageDigest.update(finished.toByteArray());
                this.handshakeHash = messageDigest.digest();
                this.recordLayer.sendFlight(dTLSFlight);
            } catch (CloneNotSupportedException unused) {
                throw new HandshakeException("Cannot create FINISHED message", new AlertMessage(AlertMessage.AlertLevel.FATAL, AlertMessage.AlertDescription.INTERNAL_ERROR, serverHelloDone.getPeer()));
            }
        }
    }

    private void receivedServerKeyExchange(ECDHServerKeyExchange eCDHServerKeyExchange) throws HandshakeException {
        ServerKeyExchange serverKeyExchange = this.serverKeyExchange;
        if (serverKeyExchange == null || serverKeyExchange.getMessageSeq() != eCDHServerKeyExchange.getMessageSeq()) {
            this.serverKeyExchange = eCDHServerKeyExchange;
            eCDHServerKeyExchange.verifySignature(this.serverPublicKey, this.clientRandom, this.serverRandom);
            if (this.peerCertPath != null) {
                this.session.setPeerIdentity(new X509CertPath(this.peerCertPath));
            } else {
                this.session.setPeerIdentity(new RawPublicKeyIdentity(this.serverPublicKey));
            }
            this.ephemeralServerPublicKey = eCDHServerKeyExchange.getPublicKey();
            try {
                this.ecdhe = new ECDHECryptography(this.ephemeralServerPublicKey.getParams());
            } catch (GeneralSecurityException e) {
                throw new HandshakeException(String.format("Cannot create ephemeral keys from domain params provided by server: %s", e.getMessage()), new AlertMessage(AlertMessage.AlertLevel.FATAL, AlertMessage.AlertDescription.HANDSHAKE_FAILURE, getPeerAddress()));
            }
        }
    }

    X509Certificate[] determineClientCertificateChain(CertificateRequest certificateRequest) throws HandshakeException {
        if (this.certificateChain == null) {
            throw new HandshakeException("no client certificate configured", new AlertMessage(AlertMessage.AlertLevel.FATAL, AlertMessage.AlertDescription.INTERNAL_ERROR, getPeerAddress()));
        }
        this.negotiatedSignatureAndHashAlgorithm = certificateRequest.getSignatureAndHashAlgorithm(this.certificateChain);
        return this.negotiatedSignatureAndHashAlgorithm == null ? new X509Certificate[0] : this.certificateChain;
    }

    PublicKey determineClientRawPublicKey(CertificateRequest certificateRequest) throws HandshakeException {
        if (this.publicKey == null) {
            throw new HandshakeException("no public key configured", new AlertMessage(AlertMessage.AlertLevel.FATAL, AlertMessage.AlertDescription.INTERNAL_ERROR, getPeerAddress()));
        }
        this.negotiatedSignatureAndHashAlgorithm = certificateRequest.getSignatureAndHashAlgorithm(this.publicKey);
        if (this.negotiatedSignatureAndHashAlgorithm == null) {
            return null;
        }
        return this.publicKey;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.eclipse.californium.scandium.dtls.Handshaker
    public synchronized void doProcessMessage(DTLSMessage dTLSMessage) throws HandshakeException, GeneralSecurityException {
        if (LOGGER.isLoggable(Level.FINE)) {
            StringBuilder sb = new StringBuilder();
            sb.append(String.format("Processing %s message from peer [%s]", dTLSMessage.getContentType(), dTLSMessage.getPeer()));
            if (LOGGER.isLoggable(Level.FINEST)) {
                sb.append(":");
                sb.append(System.lineSeparator());
                sb.append(dTLSMessage);
            }
            LOGGER.fine(sb.toString());
        }
        int i = AnonymousClass1.$SwitchMap$org$eclipse$californium$scandium$dtls$ContentType[dTLSMessage.getContentType().ordinal()];
        if (i != 1) {
            if (i == 2) {
                setCurrentReadState();
                LOGGER.log(Level.FINE, "Processed {1} message from peer [{0}]", new Object[]{dTLSMessage.getPeer(), dTLSMessage.getContentType()});
            } else {
                if (i != 3) {
                    throw new HandshakeException(String.format("Received unexpected message [%s] from peer %s", dTLSMessage.getContentType(), dTLSMessage.getPeer()), new AlertMessage(AlertMessage.AlertLevel.FATAL, AlertMessage.AlertDescription.HANDSHAKE_FAILURE, dTLSMessage.getPeer()));
                }
                HandshakeMessage handshakeMessage = (HandshakeMessage) dTLSMessage;
                switch (handshakeMessage.getMessageType()) {
                    case HELLO_REQUEST:
                        receivedHelloRequest();
                        break;
                    case HELLO_VERIFY_REQUEST:
                        receivedHelloVerifyRequest((HelloVerifyRequest) handshakeMessage);
                        break;
                    case SERVER_HELLO:
                        receivedServerHello((ServerHello) handshakeMessage);
                        break;
                    case CERTIFICATE:
                        receivedServerCertificate((CertificateMessage) handshakeMessage);
                        break;
                    case SERVER_KEY_EXCHANGE:
                        int i2 = AnonymousClass1.$SwitchMap$org$eclipse$californium$scandium$dtls$cipher$CipherSuite$KeyExchangeAlgorithm[getKeyExchangeAlgorithm().ordinal()];
                        if (i2 == 1) {
                            receivedServerKeyExchange((ECDHServerKeyExchange) handshakeMessage);
                            break;
                        } else if (i2 == 2) {
                            this.serverKeyExchange = (PSKServerKeyExchange) handshakeMessage;
                            break;
                        } else {
                            if (i2 != 3) {
                                throw new HandshakeException(String.format("Unsupported key exchange algorithm %s", getKeyExchangeAlgorithm().name()), new AlertMessage(AlertMessage.AlertLevel.FATAL, AlertMessage.AlertDescription.HANDSHAKE_FAILURE, handshakeMessage.getPeer()));
                            }
                            LOGGER.info("Received unexpected ServerKeyExchange message in NULL key exchange mode.");
                            break;
                        }
                    case CERTIFICATE_REQUEST:
                        this.certificateRequest = (CertificateRequest) handshakeMessage;
                        break;
                    case SERVER_HELLO_DONE:
                        receivedServerHelloDone((ServerHelloDone) handshakeMessage);
                        expectChangeCipherSpecMessage();
                        break;
                    case FINISHED:
                        receivedServerFinished((Finished) handshakeMessage);
                        break;
                    default:
                        throw new HandshakeException(String.format("Received unexpected handshake message [%s] from peer %s", handshakeMessage.getMessageType(), handshakeMessage.getPeer()), new AlertMessage(AlertMessage.AlertLevel.FATAL, AlertMessage.AlertDescription.UNEXPECTED_MESSAGE, handshakeMessage.getPeer()));
                }
                incrementNextReceiveSeq();
                LOGGER.log(Level.FINE, "Processed {1} message with sequence no [{2}] from peer [{0}]", new Object[]{handshakeMessage.getPeer(), handshakeMessage.getMessageType(), Integer.valueOf(handshakeMessage.getMessageSeq())});
            }
        }
    }

    final SignatureAndHashAlgorithm getNegotiatedSignatureAndHashAlgorithm() {
        return this.negotiatedSignatureAndHashAlgorithm;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void receivedHelloVerifyRequest(HelloVerifyRequest helloVerifyRequest) throws HandshakeException {
        this.clientHello.setCookie(helloVerifyRequest.getCookie());
        ClientHello clientHello = this.clientHello;
        clientHello.setFragmentLength(clientHello.getMessageLength());
        DTLSFlight dTLSFlight = new DTLSFlight(getSession());
        dTLSFlight.addMessage(wrapMessage(this.clientHello));
        this.recordLayer.sendFlight(dTLSFlight);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void receivedServerHello(ServerHello serverHello) throws HandshakeException {
        if (this.serverHello == null || serverHello.getMessageSeq() != this.serverHello.getMessageSeq()) {
            this.serverHello = serverHello;
            this.usedProtocol = serverHello.getServerVersion();
            this.serverRandom = serverHello.getRandom();
            this.session.setSessionIdentifier(serverHello.getSessionId());
            this.session.setCipherSuite(serverHello.getCipherSuite());
            this.session.setCompressionMethod(serverHello.getCompressionMethod());
            if (serverHello.getMaxFragmentLength() != null) {
                MaxFragmentLengthExtension.Length fragmentLength = serverHello.getMaxFragmentLength().getFragmentLength();
                if (fragmentLength.code() != this.maxFragmentLengthCode.intValue()) {
                    throw new HandshakeException("Server wants to use other max. fragment size than proposed", new AlertMessage(AlertMessage.AlertLevel.FATAL, AlertMessage.AlertDescription.ILLEGAL_PARAMETER, serverHello.getPeer()));
                }
                this.session.setMaxFragmentLength(fragmentLength.length());
            }
            this.session.setSendRawPublicKey(CertificateTypeExtension.CertificateType.RAW_PUBLIC_KEY.equals(this.serverHello.getClientCertificateType()));
            this.session.setReceiveRawPublicKey(CertificateTypeExtension.CertificateType.RAW_PUBLIC_KEY.equals(this.serverHello.getServerCertificateType()));
        }
    }

    @Override // org.eclipse.californium.scandium.dtls.Handshaker
    public void startHandshake() throws HandshakeException {
        handshakeStarted();
        ClientHello clientHello = new ClientHello(this.maxProtocolVersion, new SecureRandom(), this.supportedClientCertificateTypes, this.supportedServerCertificateTypes, this.session.getPeer());
        this.clientRandom = clientHello.getRandom();
        for (CipherSuite cipherSuite : this.preferredCipherSuites) {
            clientHello.addCipherSuite(cipherSuite);
        }
        clientHello.addCompressionMethod(CompressionMethod.NULL);
        Integer num = this.maxFragmentLengthCode;
        if (num != null) {
            clientHello.addExtension(new MaxFragmentLengthExtension(num.intValue()));
            LOGGER.log(Level.FINE, "Indicating max. fragment length [{0}] to server [{1}]", new Object[]{this.maxFragmentLengthCode, getPeerAddress()});
        }
        addServerNameIndication(clientHello);
        this.state = clientHello.getMessageType().getCode();
        this.clientHello = clientHello;
        DTLSFlight dTLSFlight = new DTLSFlight(this.session);
        dTLSFlight.addMessage(wrapMessage(clientHello));
        this.recordLayer.sendFlight(dTLSFlight);
    }
}
