package de.rub.nds.tlsattacker.core.protocol.preparator.extension;

import de.rub.nds.modifiablevariable.util.ArrayConverter;
import de.rub.nds.tlsattacker.core.constants.AlgorithmResolver;
import de.rub.nds.tlsattacker.core.constants.CipherSuite;
import de.rub.nds.tlsattacker.core.constants.NamedGroup;
import de.rub.nds.tlsattacker.core.constants.ProtocolVersion;
import de.rub.nds.tlsattacker.core.crypto.HKDFunction;
import de.rub.nds.tlsattacker.core.crypto.KeyShareCalculator;
import de.rub.nds.tlsattacker.core.crypto.cipher.CipherWrapper;
import de.rub.nds.tlsattacker.core.exceptions.CryptoException;
import de.rub.nds.tlsattacker.core.exceptions.PreparationException;
import de.rub.nds.tlsattacker.core.protocol.message.ClientHelloMessage;
import de.rub.nds.tlsattacker.core.protocol.message.extension.EncryptedServerNameIndicationExtensionMessage;
import de.rub.nds.tlsattacker.core.protocol.message.extension.ExtensionMessage;
import de.rub.nds.tlsattacker.core.protocol.message.extension.KeyShareExtensionMessage;
import de.rub.nds.tlsattacker.core.protocol.message.extension.keyshare.KeyShareEntry;
import de.rub.nds.tlsattacker.core.protocol.message.extension.keyshare.KeyShareStoreEntry;
import de.rub.nds.tlsattacker.core.protocol.parser.extension.ClientEsniInnerParser;
import de.rub.nds.tlsattacker.core.protocol.serializer.extension.ClientEsniInnerSerializer;
import de.rub.nds.tlsattacker.core.protocol.serializer.extension.ExtensionSerializer;
import de.rub.nds.tlsattacker.core.protocol.serializer.extension.KeyShareEntrySerializer;
import de.rub.nds.tlsattacker.core.record.cipher.cryptohelper.KeySet;
import de.rub.nds.tlsattacker.core.workflow.chooser.Chooser;
import de.rub.nds.tlsattacker.core.workflow.chooser.DefaultChooser;
import de.rub.nds.tlsattacker.transport.ConnectionEndType;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.math.BigInteger;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.util.Arrays;
import java.util.Iterator;
import java.util.LinkedList;
import java.util.List;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;

/* loaded from: input_file:de/rub/nds/tlsattacker/core/protocol/preparator/extension/EncryptedServerNameIndicationExtensionPreparator.class */
public class EncryptedServerNameIndicationExtensionPreparator extends ExtensionPreparator<EncryptedServerNameIndicationExtensionMessage> {
    private static final int IV_LENGTH = 12;
    private static final Logger LOGGER = LogManager.getLogger();
    private final Chooser chooser;
    private final EncryptedServerNameIndicationExtensionMessage msg;
    private ClientHelloMessage clientHelloMessage;
    private EsniPreparatorMode esniPreparatorMode;

    /* loaded from: input_file:de/rub/nds/tlsattacker/core/protocol/preparator/extension/EncryptedServerNameIndicationExtensionPreparator$EsniPreparatorMode.class */
    public enum EsniPreparatorMode {
        CLIENT,
        SERVER
    }

    public EncryptedServerNameIndicationExtensionPreparator(Chooser chooser, EncryptedServerNameIndicationExtensionMessage encryptedServerNameIndicationExtensionMessage, ExtensionSerializer<EncryptedServerNameIndicationExtensionMessage> extensionSerializer) {
        super(chooser, encryptedServerNameIndicationExtensionMessage, extensionSerializer);
        this.msg = encryptedServerNameIndicationExtensionMessage;
        this.chooser = chooser;
        if (chooser.getConnectionEndType() == ConnectionEndType.CLIENT) {
            this.esniPreparatorMode = EsniPreparatorMode.CLIENT;
        } else {
            this.esniPreparatorMode = EsniPreparatorMode.SERVER;
        }
    }

    public ClientHelloMessage getClientHelloMessage() {
        return this.clientHelloMessage;
    }

    public void setClientHelloMessage(ClientHelloMessage clientHelloMessage) {
        this.clientHelloMessage = clientHelloMessage;
    }

    @Override // de.rub.nds.tlsattacker.core.protocol.preparator.extension.ExtensionPreparator
    public void prepareExtensionContent() {
        LOGGER.debug("Preparing EncryptedServerNameIndicationExtension");
        switch (this.esniPreparatorMode) {
            case CLIENT:
                configurateEsniMessageType(this.msg);
                prepareClientEsniInner(this.msg);
                prepareClientEsniInnerBytes(this.msg);
                prepareCipherSuite(this.msg);
                prepareNamedGroup(this.msg);
                prepareKeyShareEntry(this.msg);
                prepareEsniServerPublicKey(this.msg);
                prepareEsniRecordBytes(this.msg);
                prepareRecordDigest(this.msg);
                prepareRecordDigestLength(this.msg);
                prepareClientRandom(this.msg);
                prepareEsniContents(this.msg);
                prepareEsniContentsHash(this.msg);
                prepareEsniClientSharedSecret(this.msg);
                prepareEsniMasterSecret(this.msg);
                prepareEsniKey(this.msg);
                prepareEsniIv(this.msg);
                prepareClientHelloKeyShare(this.msg);
                prepareEncryptedSni(this.msg);
                prepareEncryptedSniLength(this.msg);
                return;
            case SERVER:
                configurateEsniMessageType(this.msg);
                prepareServerNonce(this.msg);
                return;
            default:
                return;
        }
    }

    @Override // de.rub.nds.tlsattacker.core.protocol.preparator.extension.ExtensionPreparator
    public void afterPrepareExtensionContent() {
        LOGGER.debug("AfterPreparing EncryptedServerNameIndicationExtension");
        if (this.esniPreparatorMode == EsniPreparatorMode.CLIENT) {
            LOGGER.debug("Afterpreparing EncryptedServerNameIndicationExtension");
            prepareClientRandom(this.msg);
            prepareEsniContents(this.msg);
            prepareEsniContentsHash(this.msg);
            prepareEsniClientSharedSecret(this.msg);
            prepareEsniMasterSecret(this.msg);
            prepareEsniKey(this.msg);
            prepareEsniIv(this.msg);
            prepareClientHelloKeyShare(this.msg);
            prepareEncryptedSni(this.msg);
            prepareEncryptedSniLength(this.msg);
        }
    }

    public void prepareAfterParse() {
        LOGGER.debug("PreparingAfterParse EncryptedServerNameIndicationExtension");
        if (this.esniPreparatorMode == EsniPreparatorMode.SERVER) {
            try {
                prepareClientRandom(this.msg);
                prepareEsniContents(this.msg);
                prepareEsniContentsHash(this.msg);
                prepareEsniServerSharedSecret(this.msg);
                prepareEsniMasterSecret(this.msg);
                prepareEsniKey(this.msg);
                prepareEsniIv(this.msg);
                prepareClientHelloKeyShare(this.msg);
                parseEncryptedSni(this.msg);
                parseClientEsniInnerBytes(this.msg);
            } catch (NullPointerException e) {
                throw new PreparationException("Missing parameters to prepareAfterParse EncryptedServerNameIndicationExtension", e);
            }
        }
    }

    private void configurateEsniMessageType(EncryptedServerNameIndicationExtensionMessage encryptedServerNameIndicationExtensionMessage) {
        if (encryptedServerNameIndicationExtensionMessage.getEsniMessageTypeConfig() == null) {
            switch (this.esniPreparatorMode) {
                case CLIENT:
                    encryptedServerNameIndicationExtensionMessage.setEsniMessageTypeConfig(EncryptedServerNameIndicationExtensionMessage.EsniMessageType.CLIENT);
                    return;
                case SERVER:
                    encryptedServerNameIndicationExtensionMessage.setEsniMessageTypeConfig(EncryptedServerNameIndicationExtensionMessage.EsniMessageType.SERVER);
                    return;
                default:
                    return;
            }
        }
    }

    private void prepareClientEsniInner(EncryptedServerNameIndicationExtensionMessage encryptedServerNameIndicationExtensionMessage) {
        new ClientEsniInnerPreparator(this.chooser, encryptedServerNameIndicationExtensionMessage.getClientEsniInner()).prepare();
    }

    private void prepareClientEsniInnerBytes(EncryptedServerNameIndicationExtensionMessage encryptedServerNameIndicationExtensionMessage) {
        encryptedServerNameIndicationExtensionMessage.setClientEsniInnerBytes(new ClientEsniInnerSerializer(encryptedServerNameIndicationExtensionMessage.getClientEsniInner()).serialize());
        LOGGER.debug("clientEsniInnerBytes: " + ArrayConverter.bytesToHexString((byte[]) encryptedServerNameIndicationExtensionMessage.getClientEsniInnerBytes().getValue()));
    }

    private void parseClientEsniInnerBytes(EncryptedServerNameIndicationExtensionMessage encryptedServerNameIndicationExtensionMessage) {
        encryptedServerNameIndicationExtensionMessage.setClientEsniInner(new ClientEsniInnerParser(0, (byte[]) encryptedServerNameIndicationExtensionMessage.getClientEsniInnerBytes().getValue()).parse());
    }

    private void prepareEsniServerPublicKey(EncryptedServerNameIndicationExtensionMessage encryptedServerNameIndicationExtensionMessage) {
        byte[] publicKey = this.chooser.getEsniServerKeyShareEntries().get(0).getPublicKey();
        Iterator<KeyShareStoreEntry> it = this.chooser.getEsniServerKeyShareEntries().iterator();
        while (true) {
            if (!it.hasNext()) {
                break;
            }
            KeyShareStoreEntry next = it.next();
            if (Arrays.equals(next.getGroup().getValue(), (byte[]) encryptedServerNameIndicationExtensionMessage.getKeyShareEntry().getGroup().getValue())) {
                publicKey = next.getPublicKey();
                break;
            }
        }
        encryptedServerNameIndicationExtensionMessage.getEncryptedSniComputation().setEsniServerPublicKey(publicKey);
        LOGGER.debug("esniServerPublicKey: " + ArrayConverter.bytesToHexString((byte[]) encryptedServerNameIndicationExtensionMessage.getEncryptedSniComputation().getEsniServerPublicKey().getValue()));
    }

    private void prepareNamedGroup(EncryptedServerNameIndicationExtensionMessage encryptedServerNameIndicationExtensionMessage) {
        List<NamedGroup> implemented = KeyShareCalculator.getImplemented();
        List<NamedGroup> clientSupportedEsniNamedGroups = this.chooser.getConfig().getClientSupportedEsniNamedGroups();
        LinkedList linkedList = new LinkedList();
        Iterator<KeyShareStoreEntry> it = this.chooser.getEsniServerKeyShareEntries().iterator();
        while (it.hasNext()) {
            linkedList.add(it.next().getGroup());
        }
        NamedGroup namedGroup = implemented.get(0);
        boolean z = false;
        Iterator<NamedGroup> it2 = clientSupportedEsniNamedGroups.iterator();
        while (true) {
            if (!it2.hasNext()) {
                break;
            }
            NamedGroup next = it2.next();
            if (implemented.contains(next)) {
                namedGroup = next;
                if (linkedList.contains(next)) {
                    z = true;
                    break;
                }
            }
        }
        if (!z) {
            LOGGER.warn("Found no shared named group. Using " + namedGroup);
        }
        encryptedServerNameIndicationExtensionMessage.getKeyShareEntry().setGroupConfig(namedGroup);
        LOGGER.debug("NamedGroup: " + ArrayConverter.bytesToHexString(encryptedServerNameIndicationExtensionMessage.getKeyShareEntry().getGroupConfig().getValue()));
    }

    private void prepareKeyShareEntry(EncryptedServerNameIndicationExtensionMessage encryptedServerNameIndicationExtensionMessage) {
        KeyShareEntry keyShareEntry = encryptedServerNameIndicationExtensionMessage.getKeyShareEntry();
        keyShareEntry.setPrivateKey(this.chooser.getConfig().getDefaultEsniClientPrivateKey());
        new KeyShareEntryPreparator(this.chooser, keyShareEntry).prepare();
        LOGGER.debug("ClientPrivateKey: " + ArrayConverter.bytesToHexString(encryptedServerNameIndicationExtensionMessage.getKeyShareEntry().getPrivateKey().toByteArray()));
        LOGGER.debug("ClientPublicKey: " + ArrayConverter.bytesToHexString((byte[]) encryptedServerNameIndicationExtensionMessage.getKeyShareEntry().getPublicKey().getValue()));
    }

    private void prepareCipherSuite(EncryptedServerNameIndicationExtensionMessage encryptedServerNameIndicationExtensionMessage) {
        List<CipherSuite> clientSupportedEsniCiphersuites = this.chooser.getConfig().getClientSupportedEsniCiphersuites();
        List<CipherSuite> esniServerCiphersuites = ((DefaultChooser) this.chooser).getEsniServerCiphersuites();
        List<CipherSuite> esniImplemented = CipherSuite.getEsniImplemented();
        CipherSuite cipherSuite = esniImplemented.get(0);
        boolean z = false;
        Iterator<CipherSuite> it = clientSupportedEsniCiphersuites.iterator();
        while (true) {
            if (!it.hasNext()) {
                break;
            }
            CipherSuite next = it.next();
            if (esniImplemented.contains(next)) {
                cipherSuite = next;
                if (esniServerCiphersuites.contains(next)) {
                    z = true;
                    break;
                }
            }
        }
        if (!z) {
            LOGGER.warn("Found no shared cipher. Using " + cipherSuite);
        }
        encryptedServerNameIndicationExtensionMessage.setCipherSuite(cipherSuite.getByteValue());
        LOGGER.debug("CipherSuite: " + ArrayConverter.bytesToHexString((byte[]) encryptedServerNameIndicationExtensionMessage.getCipherSuite().getValue()));
    }

    private void prepareEsniRecordBytes(EncryptedServerNameIndicationExtensionMessage encryptedServerNameIndicationExtensionMessage) {
        encryptedServerNameIndicationExtensionMessage.getEncryptedSniComputation().setEsniRecordBytes(this.chooser.getEsniRecordBytes());
        LOGGER.debug("esniRecordBytes: " + ArrayConverter.bytesToHexString(encryptedServerNameIndicationExtensionMessage.getEncryptedSniComputation().getEsniRecordBytes()));
    }

    private void prepareRecordDigest(EncryptedServerNameIndicationExtensionMessage encryptedServerNameIndicationExtensionMessage) {
        try {
            encryptedServerNameIndicationExtensionMessage.setRecordDigest(MessageDigest.getInstance(AlgorithmResolver.getDigestAlgorithm(ProtocolVersion.TLS13, CipherSuite.getCipherSuite((byte[]) encryptedServerNameIndicationExtensionMessage.getCipherSuite().getValue())).getJavaName()).digest((byte[]) encryptedServerNameIndicationExtensionMessage.getEncryptedSniComputation().getEsniRecordBytes().getValue()));
            LOGGER.debug("RecordDigest: " + ArrayConverter.bytesToHexString((byte[]) encryptedServerNameIndicationExtensionMessage.getRecordDigest().getValue()));
        } catch (NoSuchAlgorithmException e) {
            throw new PreparationException("Could not prepare recordDigest", e);
        }
    }

    private void prepareRecordDigestLength(EncryptedServerNameIndicationExtensionMessage encryptedServerNameIndicationExtensionMessage) {
        encryptedServerNameIndicationExtensionMessage.setRecordDigestLength(((byte[]) encryptedServerNameIndicationExtensionMessage.getRecordDigest().getValue()).length);
        LOGGER.debug("RecordDigestLength: " + encryptedServerNameIndicationExtensionMessage.getRecordDigestLength().getValue());
    }

    private void prepareClientRandom(EncryptedServerNameIndicationExtensionMessage encryptedServerNameIndicationExtensionMessage) {
        this.chooser.getClientRandom();
        byte[] clientRandom = this.clientHelloMessage != null ? (byte[]) this.clientHelloMessage.getRandom().getValue() : this.chooser.getClientRandom();
        encryptedServerNameIndicationExtensionMessage.getEncryptedSniComputation().setClientHelloRandom(clientRandom);
        LOGGER.debug("ClientHello: " + ArrayConverter.bytesToHexString(clientRandom));
    }

    private void prepareEsniContents(EncryptedServerNameIndicationExtensionMessage encryptedServerNameIndicationExtensionMessage) {
        encryptedServerNameIndicationExtensionMessage.getEncryptedSniComputation().setEsniContents(generateEsniContents(encryptedServerNameIndicationExtensionMessage));
        LOGGER.debug("EsniContents: " + ArrayConverter.bytesToHexString((byte[]) encryptedServerNameIndicationExtensionMessage.getEncryptedSniComputation().getEsniContents().getValue()));
    }

    private void prepareEsniContentsHash(EncryptedServerNameIndicationExtensionMessage encryptedServerNameIndicationExtensionMessage) {
        try {
            encryptedServerNameIndicationExtensionMessage.getEncryptedSniComputation().setEsniContentsHash(MessageDigest.getInstance(AlgorithmResolver.getDigestAlgorithm(ProtocolVersion.TLS13, CipherSuite.getCipherSuite((byte[]) encryptedServerNameIndicationExtensionMessage.getCipherSuite().getValue())).getJavaName()).digest((byte[]) encryptedServerNameIndicationExtensionMessage.getEncryptedSniComputation().getEsniContents().getValue()));
            LOGGER.debug("EsniContentsHash: " + ArrayConverter.bytesToHexString((byte[]) encryptedServerNameIndicationExtensionMessage.getEncryptedSniComputation().getEsniContentsHash().getValue()));
        } catch (NoSuchAlgorithmException e) {
            throw new PreparationException("Could not prepare esniContentsHash", e);
        }
    }

    private void prepareEsniClientSharedSecret(EncryptedServerNameIndicationExtensionMessage encryptedServerNameIndicationExtensionMessage) {
        encryptedServerNameIndicationExtensionMessage.getEncryptedSniComputation().setEsniSharedSecret(KeyShareCalculator.computeSharedSecret(NamedGroup.getNamedGroup((byte[]) encryptedServerNameIndicationExtensionMessage.getKeyShareEntry().getGroup().getValue()), encryptedServerNameIndicationExtensionMessage.getKeyShareEntry().getPrivateKey(), (byte[]) encryptedServerNameIndicationExtensionMessage.getEncryptedSniComputation().getEsniServerPublicKey().getValue()));
        LOGGER.debug("esniSharedSecret: " + ArrayConverter.bytesToHexString((byte[]) encryptedServerNameIndicationExtensionMessage.getEncryptedSniComputation().getEsniSharedSecret().getValue()));
    }

    private void prepareEsniServerSharedSecret(EncryptedServerNameIndicationExtensionMessage encryptedServerNameIndicationExtensionMessage) {
        NamedGroup namedGroup = NamedGroup.getNamedGroup((byte[]) encryptedServerNameIndicationExtensionMessage.getKeyShareEntry().getGroup().getValue());
        boolean z = false;
        BigInteger privateKey = this.chooser.getConfig().getEsniServerKeyPairs().get(0).getPrivateKey();
        Iterator<KeyShareEntry> it = this.chooser.getConfig().getEsniServerKeyPairs().iterator();
        while (true) {
            if (!it.hasNext()) {
                break;
            }
            KeyShareEntry next = it.next();
            if (Arrays.equals((byte[]) next.getGroup().getValue(), namedGroup.getValue())) {
                privateKey = next.getPrivateKey();
                z = true;
                break;
            }
        }
        if (!z) {
            LOGGER.warn("No private key available for selected named group: " + namedGroup);
        }
        encryptedServerNameIndicationExtensionMessage.getEncryptedSniComputation().setEsniSharedSecret(KeyShareCalculator.computeSharedSecret(namedGroup, privateKey, (byte[]) encryptedServerNameIndicationExtensionMessage.getKeyShareEntry().getPublicKey().getValue()));
        LOGGER.debug("esniSharedSecret: " + ArrayConverter.bytesToHexString((byte[]) encryptedServerNameIndicationExtensionMessage.getEncryptedSniComputation().getEsniSharedSecret().getValue()));
    }

    private void prepareEsniMasterSecret(EncryptedServerNameIndicationExtensionMessage encryptedServerNameIndicationExtensionMessage) {
        try {
            encryptedServerNameIndicationExtensionMessage.getEncryptedSniComputation().setEsniMasterSecret(HKDFunction.extract(AlgorithmResolver.getHKDFAlgorithm(CipherSuite.getCipherSuite((byte[]) encryptedServerNameIndicationExtensionMessage.getCipherSuite().getValue())), null, (byte[]) encryptedServerNameIndicationExtensionMessage.getEncryptedSniComputation().getEsniSharedSecret().getValue()));
            LOGGER.debug("esniMasterSecret: " + ArrayConverter.bytesToHexString((byte[]) encryptedServerNameIndicationExtensionMessage.getEncryptedSniComputation().getEsniMasterSecret().getValue()));
        } catch (CryptoException e) {
            throw new PreparationException("Could not prepare esniMasterSecret", e);
        }
    }

    private void prepareEsniKey(EncryptedServerNameIndicationExtensionMessage encryptedServerNameIndicationExtensionMessage) {
        byte[] bArr = (byte[]) encryptedServerNameIndicationExtensionMessage.getEncryptedSniComputation().getEsniMasterSecret().getValue();
        byte[] bArr2 = (byte[]) encryptedServerNameIndicationExtensionMessage.getEncryptedSniComputation().getEsniContentsHash().getValue();
        CipherSuite cipherSuite = CipherSuite.getCipherSuite((byte[]) encryptedServerNameIndicationExtensionMessage.getCipherSuite().getValue());
        try {
            encryptedServerNameIndicationExtensionMessage.getEncryptedSniComputation().setEsniKey(HKDFunction.expandLabel(AlgorithmResolver.getHKDFAlgorithm(cipherSuite), bArr, HKDFunction.ESNI_KEY, bArr2, AlgorithmResolver.getCipher(cipherSuite).getKeySize()));
            LOGGER.debug("esniKey: " + ArrayConverter.bytesToHexString((byte[]) encryptedServerNameIndicationExtensionMessage.getEncryptedSniComputation().getEsniKey().getValue()));
        } catch (CryptoException e) {
            throw new PreparationException("Could not prepare esniKey", e);
        }
    }

    private void prepareEsniIv(EncryptedServerNameIndicationExtensionMessage encryptedServerNameIndicationExtensionMessage) {
        try {
            encryptedServerNameIndicationExtensionMessage.getEncryptedSniComputation().setEsniIv(HKDFunction.expandLabel(AlgorithmResolver.getHKDFAlgorithm(CipherSuite.getCipherSuite((byte[]) encryptedServerNameIndicationExtensionMessage.getCipherSuite().getValue())), (byte[]) encryptedServerNameIndicationExtensionMessage.getEncryptedSniComputation().getEsniMasterSecret().getValue(), HKDFunction.ESNI_IV, (byte[]) encryptedServerNameIndicationExtensionMessage.getEncryptedSniComputation().getEsniContentsHash().getValue(), 12));
            LOGGER.debug("esniIv: " + ArrayConverter.bytesToHexString((byte[]) encryptedServerNameIndicationExtensionMessage.getEncryptedSniComputation().getEsniIv().getValue()));
        } catch (CryptoException e) {
            throw new PreparationException("Could not prepare esniIv", e);
        }
    }

    private void prepareClientHelloKeyShare(EncryptedServerNameIndicationExtensionMessage encryptedServerNameIndicationExtensionMessage) {
        int i = 0;
        byte[] bArr = null;
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        boolean z = false;
        if (this.clientHelloMessage != null) {
            Iterator<ExtensionMessage> it = this.clientHelloMessage.getExtensions().iterator();
            while (true) {
                if (!it.hasNext()) {
                    break;
                }
                ExtensionMessage next = it.next();
                if (next instanceof KeyShareExtensionMessage) {
                    KeyShareExtensionMessage keyShareExtensionMessage = (KeyShareExtensionMessage) next;
                    i = ((Integer) keyShareExtensionMessage.getKeyShareListLength().getValue()).intValue();
                    bArr = (byte[]) keyShareExtensionMessage.getKeyShareListBytes().getValue();
                    z = true;
                    break;
                }
            }
        }
        if (!z) {
            ByteArrayOutputStream byteArrayOutputStream2 = new ByteArrayOutputStream();
            for (KeyShareStoreEntry keyShareStoreEntry : this.chooser.getClientKeyShares()) {
                KeyShareEntry keyShareEntry = new KeyShareEntry();
                KeyShareEntrySerializer keyShareEntrySerializer = new KeyShareEntrySerializer(keyShareEntry);
                keyShareEntry.setGroup(keyShareStoreEntry.getGroup().getValue());
                keyShareEntry.setPublicKeyLength(keyShareStoreEntry.getPublicKey().length);
                keyShareEntry.setPublicKey(keyShareStoreEntry.getPublicKey());
                try {
                    byteArrayOutputStream2.write(keyShareEntrySerializer.serialize());
                } catch (IOException e) {
                    throw new PreparationException("Failed to write esniContents", e);
                }
            }
            bArr = byteArrayOutputStream2.toByteArray();
            i = bArr.length;
        }
        try {
            byteArrayOutputStream.write(ArrayConverter.intToBytes(i, 2));
            byteArrayOutputStream.write(bArr);
            byte[] byteArray = byteArrayOutputStream.toByteArray();
            encryptedServerNameIndicationExtensionMessage.getEncryptedSniComputation().setClientHelloKeyShare(byteArray);
            LOGGER.debug("clientHelloKeyShare: " + ArrayConverter.bytesToHexString(byteArray));
        } catch (IOException e2) {
            throw new PreparationException("Failed to write ClientHelloKeyShare", e2);
        }
    }

    private void prepareEncryptedSni(EncryptedServerNameIndicationExtensionMessage encryptedServerNameIndicationExtensionMessage) {
        CipherSuite cipherSuite = CipherSuite.getCipherSuite((byte[]) encryptedServerNameIndicationExtensionMessage.getCipherSuite().getValue());
        byte[] bArr = (byte[]) encryptedServerNameIndicationExtensionMessage.getClientEsniInnerBytes().getValue();
        byte[] bArr2 = (byte[]) encryptedServerNameIndicationExtensionMessage.getEncryptedSniComputation().getEsniKey().getValue();
        byte[] bArr3 = (byte[]) encryptedServerNameIndicationExtensionMessage.getEncryptedSniComputation().getEsniIv().getValue();
        byte[] bArr4 = (byte[]) encryptedServerNameIndicationExtensionMessage.getEncryptedSniComputation().getClientHelloKeyShare().getValue();
        int i = cipherSuite.isCCM_8() ? 64 : 128;
        KeySet keySet = new KeySet();
        keySet.setClientWriteKey(bArr2);
        try {
            encryptedServerNameIndicationExtensionMessage.setEncryptedSni(CipherWrapper.getEncryptionCipher(cipherSuite, ConnectionEndType.CLIENT, keySet).encrypt(bArr3, i, bArr4, bArr));
            LOGGER.debug("EncryptedSni: " + ArrayConverter.bytesToHexString((byte[]) encryptedServerNameIndicationExtensionMessage.getEncryptedSni().getValue()));
        } catch (CryptoException e) {
            throw new PreparationException("Could not encrypt clientEsniInnerBytes", e);
        }
    }

    private void parseEncryptedSni(EncryptedServerNameIndicationExtensionMessage encryptedServerNameIndicationExtensionMessage) {
        CipherSuite cipherSuite = CipherSuite.getCipherSuite((byte[]) encryptedServerNameIndicationExtensionMessage.getCipherSuite().getValue());
        byte[] bArr = (byte[]) encryptedServerNameIndicationExtensionMessage.getEncryptedSni().getValue();
        byte[] bArr2 = (byte[]) encryptedServerNameIndicationExtensionMessage.getEncryptedSniComputation().getEsniKey().getValue();
        byte[] bArr3 = (byte[]) encryptedServerNameIndicationExtensionMessage.getEncryptedSniComputation().getEsniIv().getValue();
        byte[] bArr4 = (byte[]) encryptedServerNameIndicationExtensionMessage.getEncryptedSniComputation().getClientHelloKeyShare().getValue();
        int i = cipherSuite.isCCM_8() ? 64 : 128;
        KeySet keySet = new KeySet();
        keySet.setClientWriteKey(bArr2);
        try {
            encryptedServerNameIndicationExtensionMessage.setClientEsniInnerBytes(CipherWrapper.getDecryptionCipher(cipherSuite, ConnectionEndType.SERVER, keySet).decrypt(bArr3, i, bArr4, bArr));
            LOGGER.debug("ClientesniInnerBytes: " + ArrayConverter.bytesToHexString((byte[]) encryptedServerNameIndicationExtensionMessage.getClientEsniInnerBytes().getValue()));
        } catch (CryptoException e) {
            throw new PreparationException("Could not decrypt encryptedSni", e);
        }
    }

    private void prepareEncryptedSniLength(EncryptedServerNameIndicationExtensionMessage encryptedServerNameIndicationExtensionMessage) {
        encryptedServerNameIndicationExtensionMessage.setEncryptedSniLength(((byte[]) encryptedServerNameIndicationExtensionMessage.getEncryptedSni().getValue()).length);
        LOGGER.debug("EncryptedSniLength: " + encryptedServerNameIndicationExtensionMessage.getEncryptedSniLength().getValue());
    }

    private void prepareServerNonce(EncryptedServerNameIndicationExtensionMessage encryptedServerNameIndicationExtensionMessage) {
        encryptedServerNameIndicationExtensionMessage.setServerNonce(this.chooser.getEsniClientNonce());
        LOGGER.debug("ServerNonce: " + ArrayConverter.bytesToHexString((byte[]) encryptedServerNameIndicationExtensionMessage.getServerNonce().getValue()));
    }

    private byte[] generateEsniContents(EncryptedServerNameIndicationExtensionMessage encryptedServerNameIndicationExtensionMessage) {
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        try {
            byteArrayOutputStream.write(encryptedServerNameIndicationExtensionMessage.getRecordDigestLength().getByteArray(2));
            byteArrayOutputStream.write((byte[]) encryptedServerNameIndicationExtensionMessage.getRecordDigest().getValue());
            byteArrayOutputStream.write((byte[]) encryptedServerNameIndicationExtensionMessage.getKeyShareEntry().getGroup().getValue());
            byteArrayOutputStream.write(encryptedServerNameIndicationExtensionMessage.getKeyShareEntry().getPublicKeyLength().getByteArray(2));
            byteArrayOutputStream.write((byte[]) encryptedServerNameIndicationExtensionMessage.getKeyShareEntry().getPublicKey().getValue());
            byteArrayOutputStream.write((byte[]) encryptedServerNameIndicationExtensionMessage.getEncryptedSniComputation().getClientHelloRandom().getValue());
            return byteArrayOutputStream.toByteArray();
        } catch (IOException e) {
            throw new PreparationException("Failed to generate esniContents", e);
        }
    }

    public EsniPreparatorMode getEsniPreparatorMode() {
        return this.esniPreparatorMode;
    }

    public void setEsniPreparatorMode(EsniPreparatorMode esniPreparatorMode) {
        this.esniPreparatorMode = esniPreparatorMode;
    }
}
