package org.bouncycastle.crypto.tls;

import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.security.SecureRandom;
import java.util.Enumeration;
import java.util.Hashtable;
import java.util.Vector;
import org.bouncycastle.crypto.tls.TlsProtocol;
import org.bouncycastle.util.Arrays;

/* loaded from: classes3.dex */
public class TlsClientProtocol extends TlsProtocol {
    public byte[] CJb;
    public TlsAuthentication HJb;
    public CertificateStatus IJb;
    public CertificateRequest JJb;
    public TlsClient YOb;
    public TlsClientContextImpl ZOb;
    public TlsKeyExchange jEb;

    public TlsClientProtocol(InputStream inputStream, OutputStream outputStream, SecureRandom secureRandom) {
        super(inputStream, outputStream, secureRandom);
        this.YOb = null;
        this.ZOb = null;
        this.CJb = null;
        this.jEb = null;
        this.HJb = null;
        this.IJb = null;
        this.JJb = null;
    }

    @Override // org.bouncycastle.crypto.tls.TlsProtocol
    public void Qq() {
        super.Qq();
        this.CJb = null;
        this.jEb = null;
        this.HJb = null;
        this.IJb = null;
        this.JJb = null;
    }

    public void Xq() throws IOException {
        SessionParameters sessionParameters;
        this.OOb.setWriteVersion(this.YOb.getClientHelloRecordLayerVersion());
        ProtocolVersion clientVersion = this.YOb.getClientVersion();
        if (clientVersion.Bq()) {
            throw new TlsFatalAlert((short) 80);
        }
        getContextAdmin().setClientVersion(clientVersion);
        byte[] bArr = TlsUtils.KKa;
        TlsSession tlsSession = this.zJb;
        if (tlsSession != null && ((bArr = tlsSession.getSessionID()) == null || bArr.length > 32)) {
            bArr = TlsUtils.KKa;
        }
        boolean ca = this.YOb.ca();
        this.NEb = this.YOb.getCipherSuites();
        this.OEb = this.YOb.getCompressionMethods();
        if (bArr.length > 0 && (sessionParameters = this.AJb) != null && (!Arrays.contains(this.NEb, sessionParameters.getCipherSuite()) || !Arrays.contains(this.OEb, this.AJb.getCompressionAlgorithm()))) {
            bArr = TlsUtils.KKa;
        }
        this.PEb = this.YOb.getClientExtensions();
        this.eEb.BNb = TlsExtensionsUtils.w(this.PEb);
        TlsProtocol.HandshakeMessage handshakeMessage = new TlsProtocol.HandshakeMessage(this, (short) 1);
        TlsUtils.a(clientVersion, handshakeMessage);
        handshakeMessage.write(this.eEb.getClientRandom());
        TlsUtils.c(bArr, handshakeMessage);
        boolean z = TlsUtils.b(this.PEb, TlsProtocol.rOb) == null;
        boolean z2 = !Arrays.contains(this.NEb, 255);
        if (z && z2) {
            this.NEb = Arrays.k(this.NEb, 255);
        }
        if (ca && !Arrays.contains(this.NEb, CipherSuite.TLS_FALLBACK_SCSV)) {
            this.NEb = Arrays.k(this.NEb, CipherSuite.TLS_FALLBACK_SCSV);
        }
        TlsUtils.b(this.NEb, handshakeMessage);
        TlsUtils.b(this.OEb, (OutputStream) handshakeMessage);
        Hashtable hashtable = this.PEb;
        if (hashtable != null) {
            TlsProtocol.a(handshakeMessage, hashtable);
        }
        handshakeMessage.Uk();
    }

    public void Yq() throws IOException {
        TlsProtocol.HandshakeMessage handshakeMessage = new TlsProtocol.HandshakeMessage(this, (short) 16);
        this.jEb.b(handshakeMessage);
        handshakeMessage.Uk();
    }

    public void a(DigitallySigned digitallySigned) throws IOException {
        TlsProtocol.HandshakeMessage handshakeMessage = new TlsProtocol.HandshakeMessage(this, (short) 15);
        digitallySigned.encode(handshakeMessage);
        handshakeMessage.Uk();
    }

    public void a(TlsClient tlsClient) throws IOException {
        SessionParameters fb;
        if (tlsClient == null) {
            throw new IllegalArgumentException("'tlsClient' cannot be null");
        }
        if (this.YOb != null) {
            throw new IllegalStateException("'connect' can only be called once");
        }
        this.YOb = tlsClient;
        this.eEb = new SecurityParameters();
        SecurityParameters securityParameters = this.eEb;
        securityParameters.sNb = 1;
        this.ZOb = new TlsClientContextImpl(this.dEb, securityParameters);
        this.eEb.wNb = TlsProtocol.a(tlsClient.xb(), this.ZOb.getNonceRandomGenerator());
        this.YOb.a(this.ZOb);
        this.OOb.a(this.ZOb);
        TlsSession sessionToResume = tlsClient.getSessionToResume();
        if (sessionToResume != null && (fb = sessionToResume.fb()) != null) {
            this.zJb = sessionToResume;
            this.AJb = fb;
        }
        Xq();
        this.VOb = (short) 1;
        Rq();
    }

    /* JADX WARN: Failed to find 'out' block for switch in B:27:0x0053. Please report as an issue. */
    @Override // org.bouncycastle.crypto.tls.TlsProtocol
    public void b(short s, byte[] bArr) throws IOException {
        TlsCredentials b;
        Certificate certificate;
        ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(bArr);
        if (this.WOb) {
            if (s != 20 || this.VOb != 2) {
                throw new TlsFatalAlert((short) 10);
            }
            b(byteArrayInputStream);
            this.VOb = (short) 15;
            Wq();
            this.VOb = (short) 13;
            this.VOb = (short) 16;
            return;
        }
        if (s == 0) {
            TlsProtocol.a(byteArrayInputStream);
            if (this.VOb == 16) {
                if (TlsUtils.c(getContext())) {
                    throw new TlsFatalAlert((short) 40);
                }
                c((short) 100, "Renegotiation not supported");
                return;
            }
            return;
        }
        if (s == 2) {
            if (this.VOb != 1) {
                throw new TlsFatalAlert((short) 10);
            }
            f(byteArrayInputStream);
            this.VOb = (short) 2;
            short s2 = this.eEb.EJb;
            if (s2 >= 0) {
                this.OOb.setPlaintextLimit(1 << (s2 + 8));
            }
            this.eEb.tNb = TlsProtocol.d(getContext(), this.eEb.getCipherSuite());
            this.eEb.uNb = 12;
            this.OOb.wq();
            if (this.WOb) {
                this.eEb.vNb = Arrays.ab(this.AJb.getMasterSecret());
                this.OOb.setPendingConnectionState(getPeer().getCompression(), getPeer().getCipher());
                Vq();
                return;
            } else {
                Tq();
                byte[] bArr2 = this.CJb;
                if (bArr2.length > 0) {
                    this.zJb = new TlsSessionImpl(bArr2, null);
                    return;
                }
                return;
            }
        }
        if (s == 4) {
            if (this.VOb != 13) {
                throw new TlsFatalAlert((short) 10);
            }
            if (!this.GJb) {
                throw new TlsFatalAlert((short) 10);
            }
            Tq();
            e(byteArrayInputStream);
            this.VOb = (short) 14;
            return;
        }
        if (s == 20) {
            short s3 = this.VOb;
            if (s3 != 13) {
                if (s3 != 14) {
                    throw new TlsFatalAlert((short) 10);
                }
            } else if (this.GJb) {
                throw new TlsFatalAlert((short) 10);
            }
            b(byteArrayInputStream);
            this.VOb = (short) 15;
            this.VOb = (short) 16;
            return;
        }
        if (s == 22) {
            if (this.VOb != 4) {
                throw new TlsFatalAlert((short) 10);
            }
            if (!this.FJb) {
                throw new TlsFatalAlert((short) 10);
            }
            this.IJb = CertificateStatus.parse(byteArrayInputStream);
            TlsProtocol.a(byteArrayInputStream);
            this.VOb = (short) 5;
            return;
        }
        if (s == 23) {
            if (this.VOb != 2) {
                throw new TlsFatalAlert((short) 10);
            }
            i(TlsProtocol.d(byteArrayInputStream));
            return;
        }
        switch (s) {
            case 11:
                short s4 = this.VOb;
                if (s4 == 2) {
                    i(null);
                } else if (s4 != 3) {
                    throw new TlsFatalAlert((short) 10);
                }
                this.ENb = Certificate.parse(byteArrayInputStream);
                TlsProtocol.a(byteArrayInputStream);
                Certificate certificate2 = this.ENb;
                if (certificate2 == null || certificate2.isEmpty()) {
                    this.FJb = false;
                }
                this.jEb.c(this.ENb);
                this.HJb = this.YOb.getAuthentication();
                this.HJb.d(this.ENb);
                this.VOb = (short) 4;
                return;
            case 12:
                short s5 = this.VOb;
                if (s5 == 2) {
                    i(null);
                } else if (s5 != 3) {
                    if (s5 != 4 && s5 != 5) {
                        throw new TlsFatalAlert((short) 10);
                    }
                    this.jEb.c(byteArrayInputStream);
                    TlsProtocol.a(byteArrayInputStream);
                    this.VOb = (short) 6;
                    return;
                }
                this.jEb.Eb();
                this.HJb = null;
                this.jEb.c(byteArrayInputStream);
                TlsProtocol.a(byteArrayInputStream);
                this.VOb = (short) 6;
                return;
            case 13:
                short s6 = this.VOb;
                if (s6 == 4 || s6 == 5) {
                    this.jEb.Xa();
                } else if (s6 != 6) {
                    throw new TlsFatalAlert((short) 10);
                }
                if (this.HJb == null) {
                    throw new TlsFatalAlert((short) 40);
                }
                this.JJb = CertificateRequest.a(getContext(), byteArrayInputStream);
                TlsProtocol.a(byteArrayInputStream);
                this.jEb.a(this.JJb);
                TlsUtils.a(this.OOb.getHandshakeHash(), this.JJb.getSupportedSignatureAlgorithms());
                this.VOb = (short) 7;
                return;
            case 14:
                switch (this.VOb) {
                    case 2:
                        i(null);
                    case 3:
                        this.jEb.Eb();
                        this.HJb = null;
                    case 4:
                    case 5:
                        this.jEb.Xa();
                    case 6:
                    case 7:
                        TlsProtocol.a(byteArrayInputStream);
                        this.VOb = (short) 8;
                        this.OOb.getHandshakeHash().hb();
                        Vector clientSupplementalData = this.YOb.getClientSupplementalData();
                        if (clientSupplementalData != null) {
                            h(clientSupplementalData);
                        }
                        this.VOb = (short) 9;
                        CertificateRequest certificateRequest = this.JJb;
                        if (certificateRequest == null) {
                            this.jEb.La();
                            b = null;
                        } else {
                            b = this.HJb.b(certificateRequest);
                            if (b == null) {
                                this.jEb.La();
                                certificate = Certificate.QFb;
                            } else {
                                this.jEb.b(b);
                                certificate = b.getCertificate();
                            }
                            g(certificate);
                        }
                        this.VOb = (short) 10;
                        Yq();
                        this.VOb = (short) 11;
                        TlsHandshakeHash xq = this.OOb.xq();
                        this.eEb.yNb = TlsProtocol.a(getContext(), xq, null);
                        TlsProtocol.a(getContext(), this.jEb);
                        this.OOb.setPendingConnectionState(getPeer().getCompression(), getPeer().getCipher());
                        if (b != null && (b instanceof TlsSignerCredentials)) {
                            TlsSignerCredentials tlsSignerCredentials = (TlsSignerCredentials) b;
                            SignatureAndHashAlgorithm a = TlsUtils.a(getContext(), tlsSignerCredentials);
                            a(new DigitallySigned(a, tlsSignerCredentials.x(a == null ? this.eEb.getSessionHash() : xq.e(a.getHash()))));
                            this.VOb = (short) 12;
                        }
                        Vq();
                        Wq();
                        this.VOb = (short) 13;
                        return;
                    default:
                        throw new TlsFatalAlert((short) 40);
                }
                break;
            default:
                throw new TlsFatalAlert((short) 10);
        }
    }

    public void e(ByteArrayInputStream byteArrayInputStream) throws IOException {
        NewSessionTicket parse = NewSessionTicket.parse(byteArrayInputStream);
        TlsProtocol.a(byteArrayInputStream);
        this.YOb.a(parse);
    }

    public void f(ByteArrayInputStream byteArrayInputStream) throws IOException {
        TlsSession tlsSession;
        ProtocolVersion u = TlsUtils.u(byteArrayInputStream);
        if (u.Bq()) {
            throw new TlsFatalAlert((short) 47);
        }
        if (!u.c(this.OOb.getReadVersion())) {
            throw new TlsFatalAlert((short) 47);
        }
        if (!u.d(getContext().getClientVersion())) {
            throw new TlsFatalAlert((short) 47);
        }
        this.OOb.setWriteVersion(u);
        getContextAdmin().setServerVersion(u);
        this.YOb.a(u);
        this.eEb.xNb = TlsUtils.e(32, byteArrayInputStream);
        this.CJb = TlsUtils.o(byteArrayInputStream);
        byte[] bArr = this.CJb;
        if (bArr.length > 32) {
            throw new TlsFatalAlert((short) 47);
        }
        this.YOb.v(bArr);
        byte[] bArr2 = this.CJb;
        boolean z = false;
        this.WOb = bArr2.length > 0 && (tlsSession = this.zJb) != null && Arrays.x(bArr2, tlsSession.getSessionID());
        int p = TlsUtils.p(byteArrayInputStream);
        if (!Arrays.contains(this.NEb, p) || p == 0 || CipherSuite.le(p) || !TlsUtils.a(p, u)) {
            throw new TlsFatalAlert((short) 47);
        }
        this.YOb.L(p);
        short t = TlsUtils.t(byteArrayInputStream);
        if (!Arrays.contains(this.OEb, t)) {
            throw new TlsFatalAlert((short) 47);
        }
        this.YOb.c(t);
        this.UEb = TlsProtocol.c(byteArrayInputStream);
        if (TlsExtensionsUtils.w(this.UEb) != this.eEb.BNb) {
            throw new TlsFatalAlert((short) 40);
        }
        Hashtable hashtable = this.UEb;
        if (hashtable != null) {
            Enumeration keys = hashtable.keys();
            while (keys.hasMoreElements()) {
                Integer num = (Integer) keys.nextElement();
                if (!num.equals(TlsProtocol.rOb)) {
                    if (TlsUtils.b(this.PEb, num) == null) {
                        throw new TlsFatalAlert(AlertDescription.vFb);
                    }
                    if (!num.equals(TlsExtensionsUtils.iOb)) {
                        boolean z2 = this.WOb;
                    }
                }
            }
        }
        byte[] b = TlsUtils.b(this.UEb, TlsProtocol.rOb);
        if (b != null) {
            this.DJb = true;
            if (!Arrays.z(b, TlsProtocol.Ga(TlsUtils.KKa))) {
                throw new TlsFatalAlert((short) 40);
            }
        }
        this.YOb.l(this.DJb);
        Hashtable hashtable2 = this.PEb;
        Hashtable hashtable3 = this.UEb;
        if (this.WOb) {
            if (p != this.AJb.getCipherSuite() || t != this.AJb.getCompressionAlgorithm()) {
                throw new TlsFatalAlert((short) 47);
            }
            hashtable2 = null;
            hashtable3 = this.AJb.Jq();
            this.eEb.BNb = TlsExtensionsUtils.w(hashtable3);
        }
        SecurityParameters securityParameters = this.eEb;
        securityParameters.cipherSuite = p;
        securityParameters.OZa = t;
        if (hashtable3 != null) {
            boolean v = TlsExtensionsUtils.v(hashtable3);
            if (v && !TlsUtils.Fe(p)) {
                throw new TlsFatalAlert((short) 47);
            }
            SecurityParameters securityParameters2 = this.eEb;
            securityParameters2.ANb = v;
            securityParameters2.EJb = b(hashtable2, hashtable3, (short) 47);
            this.eEb.zNb = TlsExtensionsUtils.x(hashtable3);
            this.FJb = !this.WOb && TlsUtils.a(hashtable3, TlsExtensionsUtils.mOb, (short) 47);
            if (!this.WOb && TlsUtils.a(hashtable3, TlsProtocol.sOb, (short) 47)) {
                z = true;
            }
            this.GJb = z;
        }
        if (hashtable2 != null) {
            this.YOb.a(hashtable3);
        }
    }

    @Override // org.bouncycastle.crypto.tls.TlsProtocol
    public TlsContext getContext() {
        return this.ZOb;
    }

    @Override // org.bouncycastle.crypto.tls.TlsProtocol
    public AbstractTlsContext getContextAdmin() {
        return this.ZOb;
    }

    @Override // org.bouncycastle.crypto.tls.TlsProtocol
    public TlsPeer getPeer() {
        return this.YOb;
    }

    public void i(Vector vector) throws IOException {
        this.YOb.b(vector);
        this.VOb = (short) 3;
        this.jEb = this.YOb.getKeyExchange();
        this.jEb.a(getContext());
    }
}
