package org.eclipse.californium.scandium;

import java.net.InetSocketAddress;
import java.security.GeneralSecurityException;
import java.security.SecureRandom;
import java.util.concurrent.TimeUnit;
import java.util.concurrent.locks.ReentrantReadWriteLock;
import javax.crypto.Mac;
import javax.crypto.SecretKey;
import org.eclipse.californium.elements.util.ClockUtil;
import org.eclipse.californium.scandium.dtls.ClientHello;
import org.eclipse.californium.scandium.dtls.cipher.CipherSuite;
import org.eclipse.californium.scandium.util.SecretUtil;

/* loaded from: classes21.dex */
public class CookieGenerator {
    public static final long COOKIE_LIFETIME_NANOS = TimeUnit.SECONDS.toNanos(60);
    private SecretKey currentSecretKey;
    private long nextKeyGenerationNanos;
    private SecretKey pastSecretKey;
    private final ReentrantReadWriteLock lock = new ReentrantReadWriteLock();
    private final SecureRandom randomGenerator = new SecureRandom();
    private final byte[] randomBytes = new byte[32];

    private byte[] generateCookie(InetSocketAddress inetSocketAddress, ClientHello clientHello, SecretKey secretKey) throws GeneralSecurityException {
        Mac threadLocalMac = CipherSuite.TLS_PSK_WITH_AES_128_CBC_SHA256.getThreadLocalMac();
        threadLocalMac.init(secretKey);
        threadLocalMac.update(inetSocketAddress.getAddress().getAddress());
        int port = inetSocketAddress.getPort();
        threadLocalMac.update((byte) (port >>> 8));
        threadLocalMac.update((byte) port);
        clientHello.updateForCookie(threadLocalMac);
        return threadLocalMac.doFinal();
    }

    private SecretKey getPastSecretKey() {
        this.lock.readLock().lock();
        try {
            return this.pastSecretKey;
        } finally {
            this.lock.readLock().unlock();
        }
    }

    private SecretKey getSecretKey() {
        this.lock.readLock().lock();
        long nanoRealtime = ClockUtil.nanoRealtime();
        try {
            SecretKey secretKey = this.currentSecretKey;
            if (secretKey != null) {
                if (nanoRealtime - this.nextKeyGenerationNanos < 0) {
                    return secretKey;
                }
            }
            this.lock.readLock().unlock();
            this.lock.writeLock().lock();
            try {
                SecretKey secretKey2 = this.currentSecretKey;
                if (secretKey2 != null && nanoRealtime - this.nextKeyGenerationNanos < 0) {
                    return secretKey2;
                }
                this.randomGenerator.nextBytes(this.randomBytes);
                this.nextKeyGenerationNanos = nanoRealtime + COOKIE_LIFETIME_NANOS;
                this.pastSecretKey = this.currentSecretKey;
                SecretKey create = SecretUtil.create(this.randomBytes, "MAC");
                this.currentSecretKey = create;
                return create;
            } finally {
                this.lock.writeLock().unlock();
            }
        } finally {
            this.lock.readLock().unlock();
        }
    }

    public byte[] generateCookie(InetSocketAddress inetSocketAddress, ClientHello clientHello) throws GeneralSecurityException {
        return generateCookie(inetSocketAddress, clientHello, getSecretKey());
    }

    public byte[] generatePastCookie(InetSocketAddress inetSocketAddress, ClientHello clientHello) throws GeneralSecurityException {
        SecretKey pastSecretKey = getPastSecretKey();
        if (pastSecretKey != null) {
            return generateCookie(inetSocketAddress, clientHello, pastSecretKey);
        }
        return null;
    }
}
