package org.bouncycastle.crypto.tls;

import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.security.SecureRandom;
import java.util.Enumeration;
import java.util.Hashtable;
import java.util.Vector;
import org.bouncycastle.crypto.tls.TlsProtocol;
import org.bouncycastle.util.Arrays;

/* loaded from: classes3.dex */
public class TlsClientProtocol extends TlsProtocol {
    public byte[] CVb;
    public TlsAuthentication HVb;
    public CertificateStatus IVb;
    public CertificateRequest JVb;
    public TlsClient Y_b;
    public TlsClientContextImpl Z_b;
    public TlsKeyExchange jQb;

    public TlsClientProtocol(InputStream inputStream, OutputStream outputStream, SecureRandom secureRandom) {
        super(inputStream, outputStream, secureRandom);
        this.Y_b = null;
        this.Z_b = null;
        this.CVb = null;
        this.jQb = null;
        this.HVb = null;
        this.IVb = null;
        this.JVb = null;
    }

    @Override // org.bouncycastle.crypto.tls.TlsProtocol
    public void Et() {
        super.Et();
        this.CVb = null;
        this.jQb = null;
        this.HVb = null;
        this.IVb = null;
        this.JVb = null;
    }

    public void Lt() throws IOException {
        SessionParameters sessionParameters;
        this.O_b.setWriteVersion(this.Y_b.getClientHelloRecordLayerVersion());
        ProtocolVersion clientVersion = this.Y_b.getClientVersion();
        if (clientVersion.pt()) {
            throw new TlsFatalAlert((short) 80);
        }
        getContextAdmin().setClientVersion(clientVersion);
        byte[] bArr = TlsUtils.QLa;
        TlsSession tlsSession = this.zVb;
        if (tlsSession != null && ((bArr = tlsSession.getSessionID()) == null || bArr.length > 32)) {
            bArr = TlsUtils.QLa;
        }
        boolean ca = this.Y_b.ca();
        this.NQb = this.Y_b.getCipherSuites();
        this.OQb = this.Y_b.getCompressionMethods();
        if (bArr.length > 0 && (sessionParameters = this.AVb) != null && (!Arrays.contains(this.NQb, sessionParameters.getCipherSuite()) || !Arrays.contains(this.OQb, this.AVb.getCompressionAlgorithm()))) {
            bArr = TlsUtils.QLa;
        }
        this.PQb = this.Y_b.getClientExtensions();
        this.eQb.BZb = TlsExtensionsUtils.w(this.PQb);
        TlsProtocol.HandshakeMessage handshakeMessage = new TlsProtocol.HandshakeMessage(this, (short) 1);
        TlsUtils.a(clientVersion, handshakeMessage);
        handshakeMessage.write(this.eQb.getClientRandom());
        TlsUtils.c(bArr, handshakeMessage);
        boolean z = TlsUtils.b(this.PQb, TlsProtocol.r_b) == null;
        boolean z2 = !Arrays.contains(this.NQb, 255);
        if (z && z2) {
            this.NQb = Arrays.l(this.NQb, 255);
        }
        if (ca && !Arrays.contains(this.NQb, CipherSuite.KXa)) {
            this.NQb = Arrays.l(this.NQb, CipherSuite.KXa);
        }
        TlsUtils.b(this.NQb, handshakeMessage);
        TlsUtils.b(this.OQb, (OutputStream) handshakeMessage);
        Hashtable hashtable = this.PQb;
        if (hashtable != null) {
            TlsProtocol.a(handshakeMessage, hashtable);
        }
        handshakeMessage.Sk();
    }

    public void Mt() throws IOException {
        TlsProtocol.HandshakeMessage handshakeMessage = new TlsProtocol.HandshakeMessage(this, (short) 16);
        this.jQb.b(handshakeMessage);
        handshakeMessage.Sk();
    }

    public void a(DigitallySigned digitallySigned) throws IOException {
        TlsProtocol.HandshakeMessage handshakeMessage = new TlsProtocol.HandshakeMessage(this, (short) 15);
        digitallySigned.encode(handshakeMessage);
        handshakeMessage.Sk();
    }

    public void a(TlsClient tlsClient) throws IOException {
        SessionParameters ob;
        if (tlsClient == null) {
            throw new IllegalArgumentException("'tlsClient' cannot be null");
        }
        if (this.Y_b != null) {
            throw new IllegalStateException("'connect' can only be called once");
        }
        this.Y_b = tlsClient;
        this.eQb = new SecurityParameters();
        SecurityParameters securityParameters = this.eQb;
        securityParameters.sZb = 1;
        this.Z_b = new TlsClientContextImpl(this.dQb, securityParameters);
        this.eQb.wZb = TlsProtocol.a(tlsClient.Jb(), this.Z_b.getNonceRandomGenerator());
        this.Y_b.a(this.Z_b);
        this.O_b.a(this.Z_b);
        TlsSession sessionToResume = tlsClient.getSessionToResume();
        if (sessionToResume != null && (ob = sessionToResume.ob()) != null) {
            this.zVb = sessionToResume;
            this.AVb = ob;
        }
        Lt();
        this.V_b = (short) 1;
        Ft();
    }

    /* JADX WARN: Failed to find 'out' block for switch in B:27:0x0053. Please report as an issue. */
    @Override // org.bouncycastle.crypto.tls.TlsProtocol
    public void b(short s, byte[] bArr) throws IOException {
        TlsCredentials b;
        Certificate certificate;
        ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(bArr);
        if (this.W_b) {
            if (s != 20 || this.V_b != 2) {
                throw new TlsFatalAlert((short) 10);
            }
            b(byteArrayInputStream);
            this.V_b = (short) 15;
            Kt();
            this.V_b = (short) 13;
            this.V_b = (short) 16;
            return;
        }
        if (s == 0) {
            TlsProtocol.a(byteArrayInputStream);
            if (this.V_b == 16) {
                if (TlsUtils.c(getContext())) {
                    throw new TlsFatalAlert((short) 40);
                }
                c((short) 100, "Renegotiation not supported");
                return;
            }
            return;
        }
        if (s == 2) {
            if (this.V_b != 1) {
                throw new TlsFatalAlert((short) 10);
            }
            f(byteArrayInputStream);
            this.V_b = (short) 2;
            short s2 = this.eQb.EVb;
            if (s2 >= 0) {
                this.O_b.setPlaintextLimit(1 << (s2 + 8));
            }
            this.eQb.tZb = TlsProtocol.d(getContext(), this.eQb.getCipherSuite());
            this.eQb.uZb = 12;
            this.O_b.jt();
            if (this.W_b) {
                this.eQb.vZb = Arrays.bb(this.AVb.getMasterSecret());
                this.O_b.setPendingConnectionState(getPeer().getCompression(), getPeer().getCipher());
                Jt();
                return;
            } else {
                Ht();
                byte[] bArr2 = this.CVb;
                if (bArr2.length > 0) {
                    this.zVb = new TlsSessionImpl(bArr2, null);
                    return;
                }
                return;
            }
        }
        if (s == 4) {
            if (this.V_b != 13) {
                throw new TlsFatalAlert((short) 10);
            }
            if (!this.GVb) {
                throw new TlsFatalAlert((short) 10);
            }
            Ht();
            e(byteArrayInputStream);
            this.V_b = (short) 14;
            return;
        }
        if (s == 20) {
            short s3 = this.V_b;
            if (s3 != 13) {
                if (s3 != 14) {
                    throw new TlsFatalAlert((short) 10);
                }
            } else if (this.GVb) {
                throw new TlsFatalAlert((short) 10);
            }
            b(byteArrayInputStream);
            this.V_b = (short) 15;
            this.V_b = (short) 16;
            return;
        }
        if (s == 22) {
            if (this.V_b != 4) {
                throw new TlsFatalAlert((short) 10);
            }
            if (!this.FVb) {
                throw new TlsFatalAlert((short) 10);
            }
            this.IVb = CertificateStatus.parse(byteArrayInputStream);
            TlsProtocol.a(byteArrayInputStream);
            this.V_b = (short) 5;
            return;
        }
        if (s == 23) {
            if (this.V_b != 2) {
                throw new TlsFatalAlert((short) 10);
            }
            i(TlsProtocol.d(byteArrayInputStream));
            return;
        }
        switch (s) {
            case 11:
                short s4 = this.V_b;
                if (s4 == 2) {
                    i(null);
                } else if (s4 != 3) {
                    throw new TlsFatalAlert((short) 10);
                }
                this.EZb = Certificate.parse(byteArrayInputStream);
                TlsProtocol.a(byteArrayInputStream);
                Certificate certificate2 = this.EZb;
                if (certificate2 == null || certificate2.isEmpty()) {
                    this.FVb = false;
                }
                this.jQb.c(this.EZb);
                this.HVb = this.Y_b.getAuthentication();
                this.HVb.d(this.EZb);
                this.V_b = (short) 4;
                return;
            case 12:
                short s5 = this.V_b;
                if (s5 == 2) {
                    i(null);
                } else if (s5 != 3) {
                    if (s5 != 4 && s5 != 5) {
                        throw new TlsFatalAlert((short) 10);
                    }
                    this.jQb.c(byteArrayInputStream);
                    TlsProtocol.a(byteArrayInputStream);
                    this.V_b = (short) 6;
                    return;
                }
                this.jQb.Qb();
                this.HVb = null;
                this.jQb.c(byteArrayInputStream);
                TlsProtocol.a(byteArrayInputStream);
                this.V_b = (short) 6;
                return;
            case 13:
                short s6 = this.V_b;
                if (s6 == 4 || s6 == 5) {
                    this.jQb.gb();
                } else if (s6 != 6) {
                    throw new TlsFatalAlert((short) 10);
                }
                if (this.HVb == null) {
                    throw new TlsFatalAlert((short) 40);
                }
                this.JVb = CertificateRequest.a(getContext(), byteArrayInputStream);
                TlsProtocol.a(byteArrayInputStream);
                this.jQb.a(this.JVb);
                TlsUtils.a(this.O_b.getHandshakeHash(), this.JVb.getSupportedSignatureAlgorithms());
                this.V_b = (short) 7;
                return;
            case 14:
                switch (this.V_b) {
                    case 2:
                        i(null);
                    case 3:
                        this.jQb.Qb();
                        this.HVb = null;
                    case 4:
                    case 5:
                        this.jQb.gb();
                    case 6:
                    case 7:
                        TlsProtocol.a(byteArrayInputStream);
                        this.V_b = (short) 8;
                        this.O_b.getHandshakeHash().qb();
                        Vector clientSupplementalData = this.Y_b.getClientSupplementalData();
                        if (clientSupplementalData != null) {
                            h(clientSupplementalData);
                        }
                        this.V_b = (short) 9;
                        CertificateRequest certificateRequest = this.JVb;
                        if (certificateRequest == null) {
                            this.jQb.Ra();
                            b = null;
                        } else {
                            b = this.HVb.b(certificateRequest);
                            if (b == null) {
                                this.jQb.Ra();
                                certificate = Certificate.QRb;
                            } else {
                                this.jQb.b(b);
                                certificate = b.getCertificate();
                            }
                            g(certificate);
                        }
                        this.V_b = (short) 10;
                        Mt();
                        this.V_b = (short) 11;
                        TlsHandshakeHash kt = this.O_b.kt();
                        this.eQb.yZb = TlsProtocol.a(getContext(), kt, null);
                        TlsProtocol.a(getContext(), this.jQb);
                        this.O_b.setPendingConnectionState(getPeer().getCompression(), getPeer().getCipher());
                        if (b != null && (b instanceof TlsSignerCredentials)) {
                            TlsSignerCredentials tlsSignerCredentials = (TlsSignerCredentials) b;
                            SignatureAndHashAlgorithm a = TlsUtils.a(getContext(), tlsSignerCredentials);
                            a(new DigitallySigned(a, tlsSignerCredentials.x(a == null ? this.eQb.getSessionHash() : kt.e(a.getHash()))));
                            this.V_b = (short) 12;
                        }
                        Jt();
                        Kt();
                        this.V_b = (short) 13;
                        return;
                    default:
                        throw new TlsFatalAlert((short) 40);
                }
                break;
            default:
                throw new TlsFatalAlert((short) 10);
        }
    }

    public void e(ByteArrayInputStream byteArrayInputStream) throws IOException {
        NewSessionTicket parse = NewSessionTicket.parse(byteArrayInputStream);
        TlsProtocol.a(byteArrayInputStream);
        this.Y_b.a(parse);
    }

    public void f(ByteArrayInputStream byteArrayInputStream) throws IOException {
        TlsSession tlsSession;
        ProtocolVersion u = TlsUtils.u(byteArrayInputStream);
        if (u.pt()) {
            throw new TlsFatalAlert((short) 47);
        }
        if (!u.c(this.O_b.getReadVersion())) {
            throw new TlsFatalAlert((short) 47);
        }
        if (!u.d(getContext().getClientVersion())) {
            throw new TlsFatalAlert((short) 47);
        }
        this.O_b.setWriteVersion(u);
        getContextAdmin().setServerVersion(u);
        this.Y_b.a(u);
        this.eQb.xZb = TlsUtils.e(32, byteArrayInputStream);
        this.CVb = TlsUtils.o(byteArrayInputStream);
        byte[] bArr = this.CVb;
        if (bArr.length > 32) {
            throw new TlsFatalAlert((short) 47);
        }
        this.Y_b.v(bArr);
        byte[] bArr2 = this.CVb;
        boolean z = false;
        this.W_b = bArr2.length > 0 && (tlsSession = this.zVb) != null && Arrays.x(bArr2, tlsSession.getSessionID());
        int p = TlsUtils.p(byteArrayInputStream);
        if (!Arrays.contains(this.NQb, p) || p == 0 || CipherSuite.He(p) || !TlsUtils.a(p, u)) {
            throw new TlsFatalAlert((short) 47);
        }
        this.Y_b.M(p);
        short t = TlsUtils.t(byteArrayInputStream);
        if (!Arrays.contains(this.OQb, t)) {
            throw new TlsFatalAlert((short) 47);
        }
        this.Y_b.c(t);
        this.UQb = TlsProtocol.c(byteArrayInputStream);
        if (TlsExtensionsUtils.w(this.UQb) != this.eQb.BZb) {
            throw new TlsFatalAlert((short) 40);
        }
        Hashtable hashtable = this.UQb;
        if (hashtable != null) {
            Enumeration keys = hashtable.keys();
            while (keys.hasMoreElements()) {
                Integer num = (Integer) keys.nextElement();
                if (!num.equals(TlsProtocol.r_b)) {
                    if (TlsUtils.b(this.PQb, num) == null) {
                        throw new TlsFatalAlert(AlertDescription.vRb);
                    }
                    if (!num.equals(TlsExtensionsUtils.i_b)) {
                        boolean z2 = this.W_b;
                    }
                }
            }
        }
        byte[] b = TlsUtils.b(this.UQb, TlsProtocol.r_b);
        if (b != null) {
            this.DVb = true;
            if (!Arrays.z(b, TlsProtocol.Ha(TlsUtils.QLa))) {
                throw new TlsFatalAlert((short) 40);
            }
        }
        this.Y_b.l(this.DVb);
        Hashtable hashtable2 = this.PQb;
        Hashtable hashtable3 = this.UQb;
        if (this.W_b) {
            if (p != this.AVb.getCipherSuite() || t != this.AVb.getCompressionAlgorithm()) {
                throw new TlsFatalAlert((short) 47);
            }
            hashtable2 = null;
            hashtable3 = this.AVb.xt();
            this.eQb.BZb = TlsExtensionsUtils.w(hashtable3);
        }
        SecurityParameters securityParameters = this.eQb;
        securityParameters.qZa = p;
        securityParameters.Hkb = t;
        if (hashtable3 != null) {
            boolean v = TlsExtensionsUtils.v(hashtable3);
            if (v && !TlsUtils.af(p)) {
                throw new TlsFatalAlert((short) 47);
            }
            SecurityParameters securityParameters2 = this.eQb;
            securityParameters2.AZb = v;
            securityParameters2.EVb = b(hashtable2, hashtable3, (short) 47);
            this.eQb.zZb = TlsExtensionsUtils.x(hashtable3);
            this.FVb = !this.W_b && TlsUtils.a(hashtable3, TlsExtensionsUtils.m_b, (short) 47);
            if (!this.W_b && TlsUtils.a(hashtable3, TlsProtocol.s_b, (short) 47)) {
                z = true;
            }
            this.GVb = z;
        }
        if (hashtable2 != null) {
            this.Y_b.a(hashtable3);
        }
    }

    @Override // org.bouncycastle.crypto.tls.TlsProtocol
    public TlsContext getContext() {
        return this.Z_b;
    }

    @Override // org.bouncycastle.crypto.tls.TlsProtocol
    public AbstractTlsContext getContextAdmin() {
        return this.Z_b;
    }

    @Override // org.bouncycastle.crypto.tls.TlsProtocol
    public TlsPeer getPeer() {
        return this.Y_b;
    }

    public void i(Vector vector) throws IOException {
        this.Y_b.b(vector);
        this.V_b = (short) 3;
        this.jQb = this.Y_b.getKeyExchange();
        this.jQb.a(getContext());
    }
}
