7  #net/luminis/tls/handshake/TlsEngine()V   0net/luminis/tls/handshake/TlsClientEngine$StatusInitial2Lnet/luminis/tls/handshake/TlsClientEngine$Status;   )net/luminis/tls/handshake/TlsClientEnginestatus  java/util/Collections emptyList()Ljava/util/List;  serverCertificateChainLjava/util/List;   pskAcceptedZ ! "#sender/Lnet/luminis/tls/handshake/ClientMessageSender; % &' statusHandler1Lnet/luminis/tls/handshake/TlsStatusEventHandler;)java/util/ArrayList ( , -supportedCiphers / 0requestedExtensions2'net/luminis/tls/DefaultHostnameVerifier 1 5 67hostnameVerifier"Lnet/luminis/tls/HostnameVerifier; 9 :obtainedNewSessionTickets< =>apply()Ljava/util/function/Function; @ ABclientCertificateSelectorLjava/util/function/Function; DEF GH'net/luminis/tls/TlsConstants$NamedGroup secp256r1)Lnet/luminis/tls/TlsConstants$NamedGroup; JKL MN,net/luminis/tls/TlsConstants$SignatureSchemersa_pss_rsae_sha256.Lnet/luminis/tls/TlsConstants$SignatureScheme; JP QNecdsa_secp256r1_sha256 STU VWjava/util/Listof6(Ljava/lang/Object;Ljava/lang/Object;)Ljava/util/List; Y Z[startHandshake<(Lnet/luminis/tls/TlsConstants$NamedGroup;Ljava/util/List;)V S] V^$(Ljava/lang/Object;)Ljava/util/List; S` abstream()Ljava/util/stream/Stream;d eftest ()Ljava/util/function/Predicate; hij kljava/util/stream/StreamanyMatch!(Ljava/util/function/Predicate;)Z (n o(Ljava/util/Collection;)V q rAVAILABLE_SIGNATURES (t uv removeAll(Ljava/util/Collection;)Zx"java/lang/IllegalArgumentExceptionz {|makeConcatWithConstants)(Ljava/util/ArrayList;)Ljava/lang/String; w~ (Ljava/lang/String;)V  newSessionTicket"Lnet/luminis/tls/NewSessionTicket;   net/luminis/tls/NewSessionTicket getCipher,()Lnet/luminis/tls/TlsConstants$CipherSuite; S contains(Ljava/lang/Object;)Zjava/lang/IllegalStateException  (net/luminis/tls/TlsConstants$CipherSuitetoString()Ljava/lang/String; {&(Ljava/lang/String;)Ljava/lang/String; ~  supportedSignatures   generateKeys,(Lnet/luminis/tls/TlsConstants$NamedGroup;)V   serverNameLjava/lang/String; S isEmpty()Z$not all mandatory properties are set S vaddAll:net/luminis/tls/extension/ClientHelloPreSharedKeyExtension %(Lnet/luminis/tls/NewSessionTicket;)V S addnet/luminis/tls/TranscriptHash   hashLength-(Lnet/luminis/tls/TlsConstants$CipherSuite;)I (I)V  transcriptHash Lnet/luminis/tls/TranscriptHash;net/luminis/tls/TlsState getPSK()[B   keyLength '(Lnet/luminis/tls/TranscriptHash;[BII)V  stateLnet/luminis/tls/TlsState;%net/luminis/tls/handshake/ClientHello   publicKeyLjava/security/PublicKey;  compatibilityMode  =net/luminis/tls/handshake/ClientHello$PskKeyEstablishmentMode PSKwithDHE?Lnet/luminis/tls/handshake/ClientHello$PskKeyEstablishmentMode; (Ljava/lang/String;Ljava/security/PublicKey;ZLjava/util/List;Ljava/util/List;Lnet/luminis/tls/TlsConstants$NamedGroup;Ljava/util/List;Lnet/luminis/tls/TlsState;Lnet/luminis/tls/handshake/ClientHello$PskKeyEstablishmentMode;)V   clientHello'Lnet/luminis/tls/handshake/ClientHello;  getExtensions  sentExtensions record/(Lnet/luminis/tls/handshake/HandshakeMessage;)V computeEarlyTrafficSecret  /net/luminis/tls/handshake/TlsStatusEventHandlerearlySecretsKnown  -net/luminis/tls/handshake/ClientMessageSendersend*(Lnet/luminis/tls/handshake/ClientHello;)V   ClientHelloSent %net/luminis/tls/handshake/ServerHellodd +net/luminis/tls/alert/MissingExtensionAlert  d h filter9(Ljava/util/function/Predicate;)Ljava/util/stream/Stream;< h map8(Ljava/util/function/Function;)Ljava/util/stream/Stream; h  findFirst()Ljava/util/Optional;  java/util/Optionalget()Ljava/lang/Object;!java/lang/Short  # $% shortValue()S'+net/luminis/tls/alert/IllegalParameterAlert)invalid tls version &~d-!illegal extension in server hello d < d 3O either the pre_shared_key extension or the key_share extension must be present  ~ 6 7 isPresent 9 :getCipherSuite<cipher suite does not match > ?@selectedCipher*Lnet/luminis/tls/TlsConstants$CipherSuite; B C%(Lnet/luminis/tls/TranscriptHash;II)VE5net/luminis/tls/extension/ServerPreSharedKeyExtension DG HIgetSelectedIdentity()I K LsetPskSelectedN)Server has accepted PSK key establishment PQR Snet/luminis/tls/Loggerdebug U VsetNoPskSelected X YZ privateKeyLjava/security/PrivateKey; \ ]^ setOwnKey(Ljava/security/PrivateKey;)V`9net/luminis/tls/extension/KeyShareExtension$KeyShareEntry _b cdgetKey()Ljava/security/PublicKey; f gh setPeerKey(Ljava/security/PublicKey;)V j kcomputeSharedSecret m ncomputeHandshakeSecrets p q ServerHelloReceived s thandshakeSecretsKnown vwx yz"net/luminis/tls/ProtectionKeysType Handshake$Lnet/luminis/tls/ProtectionKeysType;|,net/luminis/tls/alert/UnexpectedMessageAlert~incorrect protection level {~'unexpected encrypted extensions message <  java/util/stream/CollectorstoList()Ljava/util/stream/Collector; h collect0(Ljava/util/stream/Collector;)Ljava/lang/Object; -net/luminis/tls/handshake/EncryptedExtensions d e0(Ljava/util/List;)Ljava/util/function/Predicate; h lallMatch/net/luminis/tls/alert/UnsupportedExtensionAlert%extension response to missing request ~<  toSet java/util/Set  Isize S duplicate extensions not allowed   EncryptedExtensionsReceived  extensionsReceived(Ljava/util/List;)V   CertificateRequestReceivedunexpected certificate message  ,net/luminis/tls/handshake/CertificateMessagegetRequestContext1certificate request context should be zero length  getEndEntityCertificate&()Ljava/security/cert/X509Certificate;missing certificate  serverCertificate$Ljava/security/cert/X509Certificate;  getCertificateChain   recordServer   CertificateReceived%unexpected certificate verify message  2net/luminis/tls/handshake/CertificateVerifyMessagegetSignatureScheme0()Lnet/luminis/tls/TlsConstants$SignatureScheme;signature scheme does not match   getSignature  *net/luminis/tls/TlsConstants$HandshakeType certificate,Lnet/luminis/tls/TlsConstants$HandshakeType;   getServerHash0(Lnet/luminis/tls/TlsConstants$HandshakeType;)[B  verifySignatureU([BLnet/luminis/tls/TlsConstants$SignatureScheme;Ljava/security/cert/Certificate;[B)Z'net/luminis/tls/alert/DecryptErrorAlertsignature verification fails ~  checkCertificateValidity   net/luminis/tls/HostnameVerifierverify9(Ljava/lang/String;Ljava/security/cert/X509Certificate;)Z-net/luminis/tls/alert/CertificateUnknownAlertservername does not match ~   CertificateVerifyReceivedunexpected finished message  certificate_verify  getServerHandshakeTrafficSecret    computeFinishedVerifyData([B[B)[B    )net/luminis/tls/handshake/FinishedMessage getVerifyData  java/util/Arraysequals([B[B)Zincorrect finished message  clientAuthRequested  sendClientAuth    getClientHash " #getClientHandshakeTrafficSecret  % &([B)V ( ).(Lnet/luminis/tls/handshake/FinishedMessage;)V + , recordClient . /computeApplicationSecrets 1 2computeResumptionMasterSecret 4 5 Finished 7 8handshakeFinished v: ;z Application = >z(Lnet/luminis/tls/TlsState;Lnet/luminis/tls/handshake/NewSessionTicketMessage;Lnet/luminis/tls/TlsConstants$CipherSuite;)V @ AnewSessionTicketReceivedC&unexpected certificate request message EF3net/luminis/tls/handshake/CertificateRequestMessaged< J K3(Ljava/util/function/Function;)Ljava/util/Optional;M N()Ljava/util/function/Supplier; P QR orElseThrow1(Ljava/util/function/Supplier;)Ljava/lang/Object; T UserverSupportedSignatureSchemesd< Y Z[orElse&(Ljava/lang/Object;)Ljava/lang/Object; ] ^clientCertificateAuthorities`!TLS 1.3, server CertificateVerify b cd ISO_8859_1Ljava/nio/charset/Charset; fgh ijjava/lang/StringgetBytes(Ljava/nio/charset/Charset;)[B lmn opjava/nio/ByteBufferallocate(I)Ljava/nio/ByteBuffer; lr stput(B)Ljava/nio/ByteBuffer; lv sw([B)Ljava/nio/ByteBuffer; y z{getSignatureAlgorithmI(Lnet/luminis/tls/TlsConstants$SignatureScheme;)Ljava/security/Signature; }~ java/security/Signature initVerify#(Ljava/security/cert/Certificate;)V l array } &update } ([B)Z!java/security/InvalidKeyException Certificate verify: invalid key. java/security/SignatureException&Certificate verify: invalid signature.  customTrustManager Ljavax/net/ssl/X509TrustManager;"java/security/cert/X509Certificate S toArray(([Ljava/lang/Object;)[Ljava/lang/Object;%[Ljava/security/cert/X509Certificate;RSA  javax/net/ssl/X509TrustManagercheckServerTrusted:([Ljava/security/cert/X509Certificate;Ljava/lang/String;)VPKIX  !javax/net/ssl/TrustManagerFactory getInstance7(Ljava/lang/String;)Ljavax/net/ssl/TrustManagerFactory;java/security/KeyStore  init(Ljava/security/KeyStore;)V  getTrustManagers()[Ljavax/net/ssl/TrustManager;UNKNOWN&java/security/NoSuchAlgorithmExceptionjava/lang/RuntimeException#unsupported trust manager algorithm ~java/security/KeyStoreExceptionkeystore exception'java/security/cert/CertificateException)net/luminis/tls/alert/BadCertificateAlert   extractReason?(Ljava/security/cert/CertificateException;)Ljava/util/Optional;certificate validation failed ~  =[java/util/function/Function)net/luminis/tls/CertificateWithPrivateKey  getCertificate  '(Ljava/security/cert/X509Certificate;)V  1(Lnet/luminis/tls/handshake/CertificateMessage;)V  [java/util/ObjectsrequireNonNull ev(Lnet/luminis/tls/handshake/TlsClientEngine;Lnet/luminis/tls/CertificateWithPrivateKey;)Ljava/util/function/Predicate;M   getPrivateKey()Ljava/security/PrivateKey;  computeSignatureO([BLjava/security/PrivateKey;Lnet/luminis/tls/TlsConstants$SignatureScheme;Z)[B  3(Lnet/luminis/tls/TlsConstants$SignatureScheme;[B)V  7(Lnet/luminis/tls/handshake/CertificateVerifyMessage;)V   getSigAlgName f  toLowerCasewithrsa f (Ljava/lang/CharSequence;)Z J Nrsa_pss_rsae_sha384 withecdsa    getCause()Ljava/lang/Throwable; -java/security/cert/CertPathValidatorException  java/lang/Throwable getMessage    getReason8()Ljava/security/cert/CertPathValidatorException$Reason; {\(Ljava/lang/String;Ljava/security/cert/CertPathValidatorException$Reason;)Ljava/lang/String;  V((Ljava/lang/Object;)Ljava/util/Optional;+java/security/cert/CertPathBuilderException  !empty#$No (valid) server hello received yet%+net/luminis/tls/alert/HandshakeFailureAlert'$failed to negotiate signature scheme $~ * +,certificateSupportsSignatureU(Ljava/security/cert/X509Certificate;Lnet/luminis/tls/TlsConstants$SignatureScheme;)Z.9net/luminis/tls/extension/CertificateAuthoritiesExtension -0 1getAuthorities36net/luminis/tls/extension/SignatureAlgorithmsExtension 25 6getSignatureAlgorithms 89: ;<java/lang/ObjectgetClass()Ljava/lang/Class;>*net/luminis/tls/extension/UnknownExtension@+net/luminis/tls/extension/KeyShareExtension ?B CgetKeyShareEntries SE F(I)Ljava/lang/Object;H4net/luminis/tls/extension/SupportedVersionsExtensionJ/net/luminis/tls/extension/PreSharedKeyExtension GL M% getTlsVersion  O PQvalueOf(S)Ljava/lang/Short; JS TNrsa_pss_rsae_sha512 SV VWZ(Ljava/lang/Object;Ljava/lang/Object;Ljava/lang/Object;Ljava/lang/Object;)Ljava/util/List;Y ISO-8859-1 [\] ^_java/nio/charset/CharsetforName.(Ljava/lang/String;)Ljava/nio/charset/Charset;a0net/luminis/tls/handshake/ClientMessageProcessor Signature@Ljava/util/List;;7Ljava/util/List;6Ljava/util/List;4Ljava/util/List;:Ljava/util/List;Ljava/util/function/Function;Lnet/luminis/tls/CertificateWithPrivateKey;>;c(Lnet/luminis/tls/handshake/ClientMessageSender;Lnet/luminis/tls/handshake/TlsStatusEventHandler;)VCodeLineNumberTableLocalVariableTablethis+Lnet/luminis/tls/handshake/TlsClientEngine;clientMessageSendertlsStatusHandler Exceptionstjava/io/IOExceptionecCurveunsupportedSignaturesLjava/util/ArrayList;cipher extensionssignatureSchemesLocalVariableTypeTableELjava/util/ArrayList; StackMapTablel(Lnet/luminis/tls/TlsConstants$NamedGroup;Ljava/util/List;)VreceivedN(Lnet/luminis/tls/handshake/ServerHello;Lnet/luminis/tls/ProtectionKeysType;)V serverHello'Lnet/luminis/tls/handshake/ServerHello; protectedBycontainsSupportedVersionExtcontainsKeyExt tlsVersionSkeyShareLjava/util/Optional; preSharedKeyQLjava/util/Optional;;Ljava/util/Optional;V(Lnet/luminis/tls/handshake/EncryptedExtensions;Lnet/luminis/tls/ProtectionKeysType;)VencryptedExtensions/Lnet/luminis/tls/handshake/EncryptedExtensions;clientExtensionTypesallClientResponsesuniqueExtensionsI#Ljava/util/List;$net/luminis/tls/TlsProtocolExceptionU(Lnet/luminis/tls/handshake/CertificateMessage;Lnet/luminis/tls/ProtectionKeysType;)VcertificateMessage.Lnet/luminis/tls/handshake/CertificateMessage;[(Lnet/luminis/tls/handshake/CertificateVerifyMessage;Lnet/luminis/tls/ProtectionKeysType;)VcertificateVerifyMessage4Lnet/luminis/tls/handshake/CertificateVerifyMessage;signatureScheme signature[BR(Lnet/luminis/tls/handshake/FinishedMessage;Lnet/luminis/tls/ProtectionKeysType;)VexpectedStatusfinishedMessage+Lnet/luminis/tls/handshake/FinishedMessage; serverHmac clientHmacclientFinished net/luminis/tls/alert/ErrorAlertZ(Lnet/luminis/tls/handshake/NewSessionTicketMessage;Lnet/luminis/tls/ProtectionKeysType;)Vnst3Lnet/luminis/tls/handshake/NewSessionTicketMessage;ticket\(Lnet/luminis/tls/handshake/CertificateRequestMessage;Lnet/luminis/tls/ProtectionKeysType;)VcertificateRequestMessage5Lnet/luminis/tls/handshake/CertificateRequestMessage;isignatureAlgorithmLjava/security/Signature;e#Ljava/security/InvalidKeyException;"Ljava/security/SignatureException;signatureToVerify Ljava/security/cert/Certificate; contentToSignLjava/nio/ByteBuffer;verifiedjava/security/cert/CertificatetrustManagerFactory#Ljavax/net/ssl/TrustManagerFactory;trustMgr(Ljava/security/NoSuchAlgorithmException;!Ljava/security/KeyStoreException;)Ljava/security/cert/CertificateException; certificates9(Ljava/util/List;)VselectedSignatureSchemehashcertificateVerifycertificateWithKey+Lnet/luminis/tls/CertificateWithPrivateKey;cert certSignAlg exceptioncauseLjava/lang/Throwable;S(Ljava/security/cert/CertificateException;)Ljava/util/Optional; setServerNamesetCompatibilityMode(Z)VaddSupportedCiphers?(Ljava/util/List;)V addExtensions:(Ljava/util/List;)V((Lnet/luminis/tls/extension/Extension;)V extension%Lnet/luminis/tls/extension/Extension;setTrustManager#(Ljavax/net/ssl/X509TrustManager;)VsetNewSessionTicketgetSelectedCiphergetNewSessionTickets6()Ljava/util/List;getServerCertificateChain8()Ljava/util/List;setHostnameVerifier%(Lnet/luminis/tls/HostnameVerifier;)VsetClientCertificateCallback (Ljava/util/function/Function;)Vcallback(Ljava/util/function/Function;Lnet/luminis/tls/CertificateWithPrivateKey;>;)Vlambda$sendClientAuth$20/()Lnet/luminis/tls/alert/HandshakeFailureAlert;lambda$sendClientAuth$19\(Lnet/luminis/tls/CertificateWithPrivateKey;Lnet/luminis/tls/TlsConstants$SignatureScheme;)Zschemelambda$received$187(Lnet/luminis/tls/extension/Extension;)Ljava/util/List;lambda$received$17((Lnet/luminis/tls/extension/Extension;)Zlambda$received$16/()Lnet/luminis/tls/alert/MissingExtensionAlert;lambda$received$15lambda$received$14lambda$received$138(Lnet/luminis/tls/extension/Extension;)Ljava/lang/Class;lambda$received$128(Ljava/util/List;Lnet/luminis/tls/extension/Extension;)Zextlambda$received$11lambda$received$10lambda$received$9lambda$received$8b(Lnet/luminis/tls/extension/Extension;)Lnet/luminis/tls/extension/KeyShareExtension$KeyShareEntry;lambda$received$7lambda$received$6lambda$received$58(Lnet/luminis/tls/extension/Extension;)Ljava/lang/Short;lambda$received$4lambda$received$3lambda$received$2lambda$startHandshake$11(Lnet/luminis/tls/TlsConstants$SignatureScheme;)Z lambda$new$0=(Ljava/util/List;)Lnet/luminis/tls/CertificateWithPrivateKey;l SourceFileTlsClientEngine.java NestMembersBootstrapMethods  "java/lang/invoke/LambdaMetafactory metafactory(Ljava/lang/invoke/MethodHandles$Lookup;Ljava/lang/String;Ljava/lang/invoke/MethodType;Ljava/lang/invoke/MethodType;Ljava/lang/invoke/MethodHandle;Ljava/lang/invoke/MethodType;)Ljava/lang/invoke/CallSite;[       # $%& {'$java/lang/invoke/StringConcatFactory(Ljava/lang/invoke/MethodHandles$Lookup;Ljava/lang/String;Ljava/lang/invoke/MethodType;Ljava/lang/String;[Ljava/lang/Object;)Ljava/lang/invoke/CallSite;)"Unsupported signature scheme(s): +eFor session resumption, support ciphers should contain the cipher used with the session-to-resume ()- . 1 2 4 5 7 8 ; < > ? A B E F H I L M O P R S U V X Y ] ^ a b d e  h i k l o:  InnerClassesStatussnet/luminis/tls/TlsConstants NamedGroupSignatureScheme CipherSuitePskKeyEstablishmentMode KeyShareEntry HandshakeType{4java/security/cert/CertPathValidatorException$ReasonReason~%java/lang/invoke/MethodHandles$Lookupjava/lang/invoke/MethodHandlesLookup!`rbccd"#&'-bd?@0bebe bcbf67:bg^bhABbiUbc3jkW** ***+ *,$*(Y*+*(Y*.*1Y34*(Y*8*;?l2 XG LQYZ![,\7]B^M_V`m WnoWp#Wq'Zk?*CIORXl cdm norsZkD *+I\Xl g hm no uHrsZ[k{ a,_cg"(Y,mN-psWwY-y}*-*+*Y**,*+**+ Y*d(Y*N-*.W-Y*W*:*Y*Y**̵ϧ*.N*Y****+*+-*ϲܷ******϶*$* ** lrkmn$o2qLrcuhvmwx|}~*1<CLY`mHvw0x@YyanoauHazjy{*v|Yyeazcjye}20 gSTrsb~kS+_g>+_g6  Y +_   "6&Y(*+_+g&Y,*+_. /:+_0 :11 Y245**++8&Y;**+8=*M*Y*=*Y**=*=A***϶*$5*DFJMO *϶T5'**W[*_ae*϶i*+*϶l*o *$rl/)2:HRW\goz$+=Zelu}mRnoz)g,{,} 2? X X"+r &k,u{Y}* o{Y*_SN+_ -6Y+_6+Y*+* *$+lV'5FT_fk vm>nozFfk6{ F}NS=rkv,u{Y}* * {Y+&Y*+&Y**+*+ŵ*+*˵ l6 !&&1)9-D/K0V3^4f5n6u7m vnovvz}rkI,u{Y}* ˥{Yη+N*-&Yַ*+:*-**۶Y***4**Y*+* lB;<>B'E,F9JDMJNbOmSuTUXYZm4noz,xNJZ}J(&rk,u{Y}* NN* -{Y*+***϶:+ Y*****϶!: Y$:* '***϶-*϶0*3 *$6lZ^_bc f$h,i7l?xV{b|mtxmR noz$ Vw>3} 5 rsk9,9{Y}Y*+*=Nz8YZ, no%}1 rs+,k>+N-IR,-O\,l"/<m*>no>>N9} "fk3+M, ,, , ,l"# $ &''/*m 3no3.}  bk>*+l /0mnok>*ٱl 34mnokV *++Wl 7 8m no -{  -dbkV *.+Wl ; <m no y{  yebkD *.+Wl ? @m no k>*+l CDmnok>*+l KLmnokR*=*=Y"lPQ Tm no} k/*8l]m nobk/*lam nobkO +*+4lef hm no 67} 8kE* 3lkm no}@kP*+?l opmnoB{ ib k# $Y&(l kH *+,)lm  no  N k2*-/lm  k/*-lm  k  Y l k2*24lm  k/*2lm  k/*7lm  k? *+7lm   kB *=lm  } @ k/*7lm  k/*Dlm  k;*?AD_lm  k/*?lm  kP*G*I*?lm }@ k5 *GKNlm   k/*Glm  kJ*I *?lm }@ k/*Glm  kGp*lkm N}@   k,l_m   k8IROUpXZal ,2 !"("*,/0/3/69:/=/@CD/GJK/N/QJT/WZ[\_`/cZf!g![jm"npJ q@Drt@Jru@rv@w@_?x ry@z | }