package org.bouncycastle.crypto.tls;

import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.io.OutputStream;
import java.security.SecureRandom;
import java.util.Enumeration;
import java.util.Hashtable;
import java.util.Vector;
import org.bouncycastle.crypto.tls.DTLSReliableHandshake;
import org.bouncycastle.crypto.tls.SessionParameters;
import org.bouncycastle.util.Arrays;

/* loaded from: classes3.dex */
public class DTLSClientProtocol extends DTLSProtocol {

    /* JADX INFO: Access modifiers changed from: protected */
    /* loaded from: classes3.dex */
    public static class ClientHandshakeState {
        public TlsClient client = null;
        public TlsClientContextImpl yJb = null;
        public TlsSession zJb = null;
        public SessionParameters AJb = null;
        public SessionParameters.Builder BJb = null;
        public int[] NEb = null;
        public short[] OEb = null;
        public Hashtable PEb = null;
        public byte[] CJb = null;
        public int LEb = -1;
        public short MEb = -1;
        public boolean DJb = false;
        public short EJb = -1;
        public boolean FJb = false;
        public boolean GJb = false;
        public TlsKeyExchange jEb = null;
        public TlsAuthentication HJb = null;
        public CertificateStatus IJb = null;
        public CertificateRequest JJb = null;
        public TlsCredentials KJb = null;
    }

    public DTLSClientProtocol(SecureRandom secureRandom) {
        super(secureRandom);
    }

    public static byte[] m(byte[] bArr, byte[] bArr2) throws IOException {
        int v = 35 + TlsUtils.v(bArr, 34);
        int i = v + 1;
        byte[] bArr3 = new byte[bArr.length + bArr2.length];
        System.arraycopy(bArr, 0, bArr3, 0, v);
        TlsUtils.ye(bArr2.length);
        TlsUtils.e(bArr2.length, bArr3, v);
        System.arraycopy(bArr2, 0, bArr3, i, bArr2.length);
        System.arraycopy(bArr, i, bArr3, bArr2.length + i, bArr.length - i);
        return bArr3;
    }

    public DTLSTransport a(ClientHandshakeState clientHandshakeState, DTLSRecordLayer dTLSRecordLayer) throws IOException {
        DTLSReliableHandshake.Message message;
        Certificate certificate;
        TlsSession tlsSession;
        SecurityParameters securityParameters = clientHandshakeState.yJb.getSecurityParameters();
        DTLSReliableHandshake dTLSReliableHandshake = new DTLSReliableHandshake(clientHandshakeState.yJb, dTLSRecordLayer);
        byte[] a = a(clientHandshakeState, clientHandshakeState.client);
        dTLSReliableHandshake.a((short) 1, a);
        while (true) {
            DTLSReliableHandshake.Message yq = dTLSReliableHandshake.yq();
            if (yq.getType() != 3) {
                if (yq.getType() != 2) {
                    throw new TlsFatalAlert((short) 10);
                }
                a(clientHandshakeState, dTLSRecordLayer.getDiscoveredPeerVersion());
                f(clientHandshakeState, yq.getBody());
                short s = clientHandshakeState.EJb;
                if (s >= 0) {
                    dTLSRecordLayer.setPlaintextLimit(1 << (s + 8));
                }
                int i = clientHandshakeState.LEb;
                securityParameters.cipherSuite = i;
                securityParameters.OZa = clientHandshakeState.MEb;
                securityParameters.tNb = TlsProtocol.d(clientHandshakeState.yJb, i);
                securityParameters.uNb = 12;
                dTLSReliableHandshake.wq();
                byte[] bArr = clientHandshakeState.CJb;
                if (bArr.length > 0 && (tlsSession = clientHandshakeState.zJb) != null && Arrays.x(bArr, tlsSession.getSessionID())) {
                    if (securityParameters.getCipherSuite() != clientHandshakeState.AJb.getCipherSuite() || securityParameters.getCompressionAlgorithm() != clientHandshakeState.AJb.getCompressionAlgorithm()) {
                        throw new TlsFatalAlert((short) 47);
                    }
                    securityParameters.BNb = TlsExtensionsUtils.w(clientHandshakeState.AJb.Jq());
                    securityParameters.vNb = Arrays.ab(clientHandshakeState.AJb.getMasterSecret());
                    dTLSRecordLayer.a(clientHandshakeState.client.getCipher());
                    TlsClientContextImpl tlsClientContextImpl = clientHandshakeState.yJb;
                    l(dTLSReliableHandshake.l((short) 20), TlsUtils.a(tlsClientContextImpl, ExporterLabel.eLb, TlsProtocol.a(tlsClientContextImpl, dTLSReliableHandshake.getHandshakeHash(), null)));
                    TlsClientContextImpl tlsClientContextImpl2 = clientHandshakeState.yJb;
                    dTLSReliableHandshake.a((short) 20, TlsUtils.a(tlsClientContextImpl2, ExporterLabel.dLb, TlsProtocol.a(tlsClientContextImpl2, dTLSReliableHandshake.getHandshakeHash(), null)));
                    dTLSReliableHandshake.finish();
                    clientHandshakeState.yJb.setResumableSession(clientHandshakeState.zJb);
                    clientHandshakeState.client.eb();
                    return new DTLSTransport(dTLSRecordLayer);
                }
                b(clientHandshakeState);
                byte[] bArr2 = clientHandshakeState.CJb;
                if (bArr2.length > 0) {
                    clientHandshakeState.zJb = new TlsSessionImpl(bArr2, null);
                }
                DTLSReliableHandshake.Message yq2 = dTLSReliableHandshake.yq();
                if (yq2.getType() == 23) {
                    h(clientHandshakeState, yq2.getBody());
                    yq2 = dTLSReliableHandshake.yq();
                } else {
                    clientHandshakeState.client.b(null);
                }
                clientHandshakeState.jEb = clientHandshakeState.client.getKeyExchange();
                clientHandshakeState.jEb.a(clientHandshakeState.yJb);
                if (yq2.getType() == 11) {
                    certificate = e(clientHandshakeState, yq2.getBody());
                    message = dTLSReliableHandshake.yq();
                } else {
                    clientHandshakeState.jEb.Eb();
                    message = yq2;
                    certificate = null;
                }
                if (certificate == null || certificate.isEmpty()) {
                    clientHandshakeState.FJb = false;
                }
                if (message.getType() == 22) {
                    b(clientHandshakeState, message.getBody());
                    message = dTLSReliableHandshake.yq();
                }
                if (message.getType() == 12) {
                    g(clientHandshakeState, message.getBody());
                    message = dTLSReliableHandshake.yq();
                } else {
                    clientHandshakeState.jEb.Xa();
                }
                if (message.getType() == 13) {
                    a(clientHandshakeState, message.getBody());
                    TlsUtils.a(dTLSReliableHandshake.getHandshakeHash(), clientHandshakeState.JJb.getSupportedSignatureAlgorithms());
                    message = dTLSReliableHandshake.yq();
                }
                if (message.getType() != 14) {
                    throw new TlsFatalAlert((short) 10);
                }
                if (message.getBody().length != 0) {
                    throw new TlsFatalAlert((short) 50);
                }
                dTLSReliableHandshake.getHandshakeHash().hb();
                Vector clientSupplementalData = clientHandshakeState.client.getClientSupplementalData();
                if (clientSupplementalData != null) {
                    dTLSReliableHandshake.a((short) 23, DTLSProtocol.g(clientSupplementalData));
                }
                CertificateRequest certificateRequest = clientHandshakeState.JJb;
                if (certificateRequest != null) {
                    clientHandshakeState.KJb = clientHandshakeState.HJb.b(certificateRequest);
                    TlsCredentials tlsCredentials = clientHandshakeState.KJb;
                    Certificate certificate2 = tlsCredentials != null ? tlsCredentials.getCertificate() : null;
                    if (certificate2 == null) {
                        certificate2 = Certificate.QFb;
                    }
                    dTLSReliableHandshake.a((short) 11, DTLSProtocol.e(certificate2));
                }
                TlsCredentials tlsCredentials2 = clientHandshakeState.KJb;
                if (tlsCredentials2 != null) {
                    clientHandshakeState.jEb.b(tlsCredentials2);
                } else {
                    clientHandshakeState.jEb.La();
                }
                dTLSReliableHandshake.a((short) 16, a(clientHandshakeState));
                TlsHandshakeHash xq = dTLSReliableHandshake.xq();
                securityParameters.yNb = TlsProtocol.a(clientHandshakeState.yJb, xq, null);
                TlsProtocol.a(clientHandshakeState.yJb, clientHandshakeState.jEb);
                dTLSRecordLayer.a(clientHandshakeState.client.getCipher());
                TlsCredentials tlsCredentials3 = clientHandshakeState.KJb;
                if (tlsCredentials3 != null && (tlsCredentials3 instanceof TlsSignerCredentials)) {
                    TlsSignerCredentials tlsSignerCredentials = (TlsSignerCredentials) tlsCredentials3;
                    SignatureAndHashAlgorithm a2 = TlsUtils.a(clientHandshakeState.yJb, tlsSignerCredentials);
                    dTLSReliableHandshake.a((short) 15, a(clientHandshakeState, new DigitallySigned(a2, tlsSignerCredentials.x(a2 == null ? securityParameters.getSessionHash() : xq.e(a2.getHash())))));
                }
                TlsClientContextImpl tlsClientContextImpl3 = clientHandshakeState.yJb;
                dTLSReliableHandshake.a((short) 20, TlsUtils.a(tlsClientContextImpl3, ExporterLabel.dLb, TlsProtocol.a(tlsClientContextImpl3, dTLSReliableHandshake.getHandshakeHash(), null)));
                if (clientHandshakeState.GJb) {
                    DTLSReliableHandshake.Message yq3 = dTLSReliableHandshake.yq();
                    if (yq3.getType() != 4) {
                        throw new TlsFatalAlert((short) 10);
                    }
                    d(clientHandshakeState, yq3.getBody());
                }
                TlsClientContextImpl tlsClientContextImpl4 = clientHandshakeState.yJb;
                l(dTLSReliableHandshake.l((short) 20), TlsUtils.a(tlsClientContextImpl4, ExporterLabel.eLb, TlsProtocol.a(tlsClientContextImpl4, dTLSReliableHandshake.getHandshakeHash(), null)));
                dTLSReliableHandshake.finish();
                if (clientHandshakeState.zJb != null) {
                    clientHandshakeState.AJb = new SessionParameters.Builder().ne(securityParameters.cipherSuite).m(securityParameters.OZa).pa(securityParameters.vNb).f(certificate).qa(securityParameters.xEb).sa(securityParameters.WEb).build();
                    clientHandshakeState.zJb = TlsUtils.a(clientHandshakeState.zJb.getSessionID(), clientHandshakeState.AJb);
                    clientHandshakeState.yJb.setResumableSession(clientHandshakeState.zJb);
                }
                clientHandshakeState.client.eb();
                return new DTLSTransport(dTLSRecordLayer);
            }
            if (!dTLSRecordLayer.uq().d(clientHandshakeState.yJb.getClientVersion())) {
                throw new TlsFatalAlert((short) 47);
            }
            byte[] m = m(a, c(clientHandshakeState, yq.getBody()));
            dTLSReliableHandshake.zq();
            dTLSReliableHandshake.a((short) 1, m);
        }
    }

    public DTLSTransport a(TlsClient tlsClient, DatagramTransport datagramTransport) throws IOException {
        SessionParameters fb;
        if (tlsClient == null) {
            throw new IllegalArgumentException("'client' cannot be null");
        }
        if (datagramTransport == null) {
            throw new IllegalArgumentException("'transport' cannot be null");
        }
        SecurityParameters securityParameters = new SecurityParameters();
        securityParameters.sNb = 1;
        ClientHandshakeState clientHandshakeState = new ClientHandshakeState();
        clientHandshakeState.client = tlsClient;
        clientHandshakeState.yJb = new TlsClientContextImpl(this.dEb, securityParameters);
        securityParameters.wNb = TlsProtocol.a(tlsClient.xb(), clientHandshakeState.yJb.getNonceRandomGenerator());
        tlsClient.a(clientHandshakeState.yJb);
        DTLSRecordLayer dTLSRecordLayer = new DTLSRecordLayer(datagramTransport, clientHandshakeState.yJb, tlsClient, (short) 22);
        TlsSession sessionToResume = clientHandshakeState.client.getSessionToResume();
        if (sessionToResume != null && (fb = sessionToResume.fb()) != null) {
            clientHandshakeState.zJb = sessionToResume;
            clientHandshakeState.AJb = fb;
        }
        try {
            return a(clientHandshakeState, dTLSRecordLayer);
        } catch (IOException e) {
            dTLSRecordLayer.k((short) 80);
            throw e;
        } catch (RuntimeException e2) {
            dTLSRecordLayer.k((short) 80);
            throw new TlsFatalAlert((short) 80, e2);
        } catch (TlsFatalAlert e3) {
            dTLSRecordLayer.k(e3.getAlertDescription());
            throw e3;
        }
    }

    public void a(ClientHandshakeState clientHandshakeState, ProtocolVersion protocolVersion) throws IOException {
        TlsClientContextImpl tlsClientContextImpl = clientHandshakeState.yJb;
        ProtocolVersion serverVersion = tlsClientContextImpl.getServerVersion();
        if (serverVersion == null) {
            tlsClientContextImpl.setServerVersion(protocolVersion);
            clientHandshakeState.client.a(protocolVersion);
        } else if (!serverVersion.c(protocolVersion)) {
            throw new TlsFatalAlert((short) 47);
        }
    }

    public void a(ClientHandshakeState clientHandshakeState, byte[] bArr) throws IOException {
        if (clientHandshakeState.HJb == null) {
            throw new TlsFatalAlert((short) 40);
        }
        ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(bArr);
        clientHandshakeState.JJb = CertificateRequest.a(clientHandshakeState.yJb, byteArrayInputStream);
        TlsProtocol.a(byteArrayInputStream);
        clientHandshakeState.jEb.a(clientHandshakeState.JJb);
    }

    public byte[] a(ClientHandshakeState clientHandshakeState) throws IOException {
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        clientHandshakeState.jEb.b(byteArrayOutputStream);
        return byteArrayOutputStream.toByteArray();
    }

    public byte[] a(ClientHandshakeState clientHandshakeState, DigitallySigned digitallySigned) throws IOException {
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        digitallySigned.encode(byteArrayOutputStream);
        return byteArrayOutputStream.toByteArray();
    }

    public byte[] a(ClientHandshakeState clientHandshakeState, TlsClient tlsClient) throws IOException {
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        ProtocolVersion clientVersion = tlsClient.getClientVersion();
        if (!clientVersion.Bq()) {
            throw new TlsFatalAlert((short) 80);
        }
        TlsClientContextImpl tlsClientContextImpl = clientHandshakeState.yJb;
        tlsClientContextImpl.setClientVersion(clientVersion);
        TlsUtils.a(clientVersion, byteArrayOutputStream);
        SecurityParameters securityParameters = tlsClientContextImpl.getSecurityParameters();
        byteArrayOutputStream.write(securityParameters.getClientRandom());
        byte[] bArr = TlsUtils.KKa;
        TlsSession tlsSession = clientHandshakeState.zJb;
        if (tlsSession != null && ((bArr = tlsSession.getSessionID()) == null || bArr.length > 32)) {
            bArr = TlsUtils.KKa;
        }
        TlsUtils.c(bArr, byteArrayOutputStream);
        TlsUtils.c(TlsUtils.KKa, byteArrayOutputStream);
        boolean ca = tlsClient.ca();
        clientHandshakeState.NEb = tlsClient.getCipherSuites();
        clientHandshakeState.PEb = tlsClient.getClientExtensions();
        securityParameters.BNb = TlsExtensionsUtils.w(clientHandshakeState.PEb);
        boolean z = TlsUtils.b(clientHandshakeState.PEb, TlsProtocol.rOb) == null;
        boolean z2 = !Arrays.contains(clientHandshakeState.NEb, 255);
        if (z && z2) {
            clientHandshakeState.NEb = Arrays.k(clientHandshakeState.NEb, 255);
        }
        if (ca && !Arrays.contains(clientHandshakeState.NEb, CipherSuite.TLS_FALLBACK_SCSV)) {
            clientHandshakeState.NEb = Arrays.k(clientHandshakeState.NEb, CipherSuite.TLS_FALLBACK_SCSV);
        }
        TlsUtils.b(clientHandshakeState.NEb, byteArrayOutputStream);
        clientHandshakeState.OEb = new short[]{0};
        TlsUtils.b(clientHandshakeState.OEb, (OutputStream) byteArrayOutputStream);
        Hashtable hashtable = clientHandshakeState.PEb;
        if (hashtable != null) {
            TlsProtocol.a(byteArrayOutputStream, hashtable);
        }
        return byteArrayOutputStream.toByteArray();
    }

    public void b(ClientHandshakeState clientHandshakeState) {
        SessionParameters sessionParameters = clientHandshakeState.AJb;
        if (sessionParameters != null) {
            sessionParameters.clear();
            clientHandshakeState.AJb = null;
        }
        TlsSession tlsSession = clientHandshakeState.zJb;
        if (tlsSession != null) {
            tlsSession.invalidate();
            clientHandshakeState.zJb = null;
        }
    }

    public void b(ClientHandshakeState clientHandshakeState, byte[] bArr) throws IOException {
        if (!clientHandshakeState.FJb) {
            throw new TlsFatalAlert((short) 10);
        }
        ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(bArr);
        clientHandshakeState.IJb = CertificateStatus.parse(byteArrayInputStream);
        TlsProtocol.a(byteArrayInputStream);
    }

    public byte[] c(ClientHandshakeState clientHandshakeState, byte[] bArr) throws IOException {
        ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(bArr);
        ProtocolVersion u = TlsUtils.u(byteArrayInputStream);
        byte[] o = TlsUtils.o(byteArrayInputStream);
        TlsProtocol.a(byteArrayInputStream);
        if (!u.d(clientHandshakeState.yJb.getClientVersion())) {
            throw new TlsFatalAlert((short) 47);
        }
        if (ProtocolVersion.XMb.d(u) || o.length <= 32) {
            return o;
        }
        throw new TlsFatalAlert((short) 47);
    }

    public void d(ClientHandshakeState clientHandshakeState, byte[] bArr) throws IOException {
        ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(bArr);
        NewSessionTicket parse = NewSessionTicket.parse(byteArrayInputStream);
        TlsProtocol.a(byteArrayInputStream);
        clientHandshakeState.client.a(parse);
    }

    public Certificate e(ClientHandshakeState clientHandshakeState, byte[] bArr) throws IOException {
        ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(bArr);
        Certificate parse = Certificate.parse(byteArrayInputStream);
        TlsProtocol.a(byteArrayInputStream);
        clientHandshakeState.jEb.c(parse);
        clientHandshakeState.HJb = clientHandshakeState.client.getAuthentication();
        clientHandshakeState.HJb.d(parse);
        return parse;
    }

    public void f(ClientHandshakeState clientHandshakeState, byte[] bArr) throws IOException {
        int i;
        SecurityParameters securityParameters = clientHandshakeState.yJb.getSecurityParameters();
        ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(bArr);
        ProtocolVersion u = TlsUtils.u(byteArrayInputStream);
        a(clientHandshakeState, u);
        securityParameters.xNb = TlsUtils.e(32, byteArrayInputStream);
        clientHandshakeState.CJb = TlsUtils.o(byteArrayInputStream);
        byte[] bArr2 = clientHandshakeState.CJb;
        if (bArr2.length > 32) {
            throw new TlsFatalAlert((short) 47);
        }
        clientHandshakeState.client.v(bArr2);
        clientHandshakeState.LEb = TlsUtils.p(byteArrayInputStream);
        if (!Arrays.contains(clientHandshakeState.NEb, clientHandshakeState.LEb) || (i = clientHandshakeState.LEb) == 0 || CipherSuite.le(i) || !TlsUtils.a(clientHandshakeState.LEb, u)) {
            throw new TlsFatalAlert((short) 47);
        }
        DTLSProtocol.a(clientHandshakeState.LEb, (short) 47);
        clientHandshakeState.client.L(clientHandshakeState.LEb);
        clientHandshakeState.MEb = TlsUtils.t(byteArrayInputStream);
        if (!Arrays.contains(clientHandshakeState.OEb, clientHandshakeState.MEb)) {
            throw new TlsFatalAlert((short) 47);
        }
        clientHandshakeState.client.c(clientHandshakeState.MEb);
        Hashtable c = TlsProtocol.c(byteArrayInputStream);
        if (TlsExtensionsUtils.w(c) != securityParameters.BNb) {
            throw new TlsFatalAlert((short) 40);
        }
        if (c != null) {
            Enumeration keys = c.keys();
            while (keys.hasMoreElements()) {
                Integer num = (Integer) keys.nextElement();
                if (!num.equals(TlsProtocol.rOb)) {
                    if (TlsUtils.b(clientHandshakeState.PEb, num) == null) {
                        throw new TlsFatalAlert(AlertDescription.vFb);
                    }
                    num.equals(TlsExtensionsUtils.iOb);
                }
            }
            byte[] bArr3 = (byte[]) c.get(TlsProtocol.rOb);
            if (bArr3 != null) {
                clientHandshakeState.DJb = true;
                if (!Arrays.z(bArr3, TlsProtocol.Ga(TlsUtils.KKa))) {
                    throw new TlsFatalAlert((short) 40);
                }
            }
            boolean v = TlsExtensionsUtils.v(c);
            if (v && !TlsUtils.Fe(clientHandshakeState.LEb)) {
                throw new TlsFatalAlert((short) 47);
            }
            securityParameters.ANb = v;
            clientHandshakeState.EJb = DTLSProtocol.a(clientHandshakeState.PEb, c, (short) 47);
            securityParameters.zNb = TlsExtensionsUtils.x(c);
            clientHandshakeState.FJb = TlsUtils.a(c, TlsExtensionsUtils.mOb, (short) 47);
            clientHandshakeState.GJb = TlsUtils.a(c, TlsProtocol.sOb, (short) 47);
        }
        clientHandshakeState.client.l(clientHandshakeState.DJb);
        if (clientHandshakeState.PEb != null) {
            clientHandshakeState.client.a(c);
        }
    }

    public void g(ClientHandshakeState clientHandshakeState, byte[] bArr) throws IOException {
        ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(bArr);
        clientHandshakeState.jEb.c(byteArrayInputStream);
        TlsProtocol.a(byteArrayInputStream);
    }

    public void h(ClientHandshakeState clientHandshakeState, byte[] bArr) throws IOException {
        clientHandshakeState.client.b(TlsProtocol.d(new ByteArrayInputStream(bArr)));
    }
}
