package org.bouncycastle.tls;

import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import org.bouncycastle.tls.crypto.TlsCrypto;
import org.bouncycastle.tls.crypto.TlsHMAC;
import org.bouncycastle.tls.crypto.TlsMACOutputStream;
import org.bouncycastle.util.Arrays;

/* loaded from: input_file:BOOT-INF/lib/bctls-jdk18on-1.78.jar:org/bouncycastle/tls/DTLSVerifier.class */
public class DTLSVerifier {
    private final TlsCrypto crypto;
    private final byte[] macKey = new byte[32];

    public DTLSVerifier(TlsCrypto tlsCrypto) {
        this.crypto = tlsCrypto;
        tlsCrypto.getSecureRandom().nextBytes(this.macKey);
    }

    public DTLSRequest verifyRequest(byte[] bArr, byte[] bArr2, int i, int i2, DatagramSender datagramSender) {
        int i3;
        int i4;
        ByteArrayInputStream receiveClientHelloMessage;
        ByteArrayOutputStream byteArrayOutputStream;
        ClientHello parse;
        try {
            int receiveClientHelloRecord = DTLSRecordLayer.receiveClientHelloRecord(bArr2, i, i2);
            if (receiveClientHelloRecord < 0 || (i3 = receiveClientHelloRecord - 12) < 39 || (receiveClientHelloMessage = DTLSReliableHandshake.receiveClientHelloMessage(bArr2, (i4 = i + 13), receiveClientHelloRecord)) == null || (parse = ClientHello.parse(receiveClientHelloMessage, (byteArrayOutputStream = new ByteArrayOutputStream(i3)))) == null) {
                return null;
            }
            long readUint48 = TlsUtils.readUint48(bArr2, i + 5);
            byte[] cookie = parse.getCookie();
            TlsHMAC createHMAC = this.crypto.createHMAC(3);
            createHMAC.setKey(this.macKey, 0, this.macKey.length);
            createHMAC.update(bArr, 0, bArr.length);
            byteArrayOutputStream.writeTo(new TlsMACOutputStream(createHMAC));
            byte[] calculateMAC = createHMAC.calculateMAC();
            if (Arrays.constantTimeAreEqual(calculateMAC, cookie)) {
                return new DTLSRequest(readUint48, TlsUtils.copyOfRangeExact(bArr2, i4, i4 + receiveClientHelloRecord), parse);
            }
            DTLSReliableHandshake.sendHelloVerifyRequest(datagramSender, readUint48, calculateMAC);
            return null;
        } catch (IOException e) {
            return null;
        }
    }
}
