package org.bouncycastle.crypto.tls;

import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.io.OutputStream;
import java.security.SecureRandom;
import java.util.Enumeration;
import java.util.Hashtable;
import java.util.Vector;
import org.bouncycastle.crypto.tls.DTLSReliableHandshake;
import org.bouncycastle.crypto.tls.SessionParameters;
import org.bouncycastle.util.Arrays;

/* loaded from: classes3.dex */
public class DTLSClientProtocol extends DTLSProtocol {

    /* JADX INFO: Access modifiers changed from: protected */
    /* loaded from: classes3.dex */
    public static class ClientHandshakeState {
        public TlsClient client = null;
        public TlsClientContextImpl yVb = null;
        public TlsSession zVb = null;
        public SessionParameters AVb = null;
        public SessionParameters.Builder BVb = null;
        public int[] NQb = null;
        public short[] OQb = null;
        public Hashtable PQb = null;
        public byte[] CVb = null;
        public int LQb = -1;
        public short MQb = -1;
        public boolean DVb = false;
        public short EVb = -1;
        public boolean FVb = false;
        public boolean GVb = false;
        public TlsKeyExchange jQb = null;
        public TlsAuthentication HVb = null;
        public CertificateStatus IVb = null;
        public CertificateRequest JVb = null;
        public TlsCredentials KVb = null;
    }

    public DTLSClientProtocol(SecureRandom secureRandom) {
        super(secureRandom);
    }

    public static byte[] m(byte[] bArr, byte[] bArr2) throws IOException {
        int v = 35 + TlsUtils.v(bArr, 34);
        int i = v + 1;
        byte[] bArr3 = new byte[bArr.length + bArr2.length];
        System.arraycopy(bArr, 0, bArr3, 0, v);
        TlsUtils.Ue(bArr2.length);
        TlsUtils.e(bArr2.length, bArr3, v);
        System.arraycopy(bArr2, 0, bArr3, i, bArr2.length);
        System.arraycopy(bArr, i, bArr3, bArr2.length + i, bArr.length - i);
        return bArr3;
    }

    public DTLSTransport a(ClientHandshakeState clientHandshakeState, DTLSRecordLayer dTLSRecordLayer) throws IOException {
        DTLSReliableHandshake.Message message;
        Certificate certificate;
        TlsSession tlsSession;
        SecurityParameters securityParameters = clientHandshakeState.yVb.getSecurityParameters();
        DTLSReliableHandshake dTLSReliableHandshake = new DTLSReliableHandshake(clientHandshakeState.yVb, dTLSRecordLayer);
        byte[] a = a(clientHandshakeState, clientHandshakeState.client);
        dTLSReliableHandshake.a((short) 1, a);
        while (true) {
            DTLSReliableHandshake.Message mt = dTLSReliableHandshake.mt();
            if (mt.getType() != 3) {
                if (mt.getType() != 2) {
                    throw new TlsFatalAlert((short) 10);
                }
                a(clientHandshakeState, dTLSRecordLayer.getDiscoveredPeerVersion());
                f(clientHandshakeState, mt.getBody());
                short s = clientHandshakeState.EVb;
                if (s >= 0) {
                    dTLSRecordLayer.setPlaintextLimit(1 << (s + 8));
                }
                int i = clientHandshakeState.LQb;
                securityParameters.qZa = i;
                securityParameters.Hkb = clientHandshakeState.MQb;
                securityParameters.tZb = TlsProtocol.d(clientHandshakeState.yVb, i);
                securityParameters.uZb = 12;
                dTLSReliableHandshake.jt();
                byte[] bArr = clientHandshakeState.CVb;
                if (bArr.length > 0 && (tlsSession = clientHandshakeState.zVb) != null && Arrays.x(bArr, tlsSession.getSessionID())) {
                    if (securityParameters.getCipherSuite() != clientHandshakeState.AVb.getCipherSuite() || securityParameters.getCompressionAlgorithm() != clientHandshakeState.AVb.getCompressionAlgorithm()) {
                        throw new TlsFatalAlert((short) 47);
                    }
                    securityParameters.BZb = TlsExtensionsUtils.w(clientHandshakeState.AVb.xt());
                    securityParameters.vZb = Arrays.bb(clientHandshakeState.AVb.getMasterSecret());
                    dTLSRecordLayer.a(clientHandshakeState.client.getCipher());
                    TlsClientContextImpl tlsClientContextImpl = clientHandshakeState.yVb;
                    l(dTLSReliableHandshake.l((short) 20), TlsUtils.a(tlsClientContextImpl, ExporterLabel.eXb, TlsProtocol.a(tlsClientContextImpl, dTLSReliableHandshake.getHandshakeHash(), null)));
                    TlsClientContextImpl tlsClientContextImpl2 = clientHandshakeState.yVb;
                    dTLSReliableHandshake.a((short) 20, TlsUtils.a(tlsClientContextImpl2, ExporterLabel.dXb, TlsProtocol.a(tlsClientContextImpl2, dTLSReliableHandshake.getHandshakeHash(), null)));
                    dTLSReliableHandshake.finish();
                    clientHandshakeState.yVb.setResumableSession(clientHandshakeState.zVb);
                    clientHandshakeState.client.nb();
                    return new DTLSTransport(dTLSRecordLayer);
                }
                b(clientHandshakeState);
                byte[] bArr2 = clientHandshakeState.CVb;
                if (bArr2.length > 0) {
                    clientHandshakeState.zVb = new TlsSessionImpl(bArr2, null);
                }
                DTLSReliableHandshake.Message mt2 = dTLSReliableHandshake.mt();
                if (mt2.getType() == 23) {
                    h(clientHandshakeState, mt2.getBody());
                    mt2 = dTLSReliableHandshake.mt();
                } else {
                    clientHandshakeState.client.b(null);
                }
                clientHandshakeState.jQb = clientHandshakeState.client.getKeyExchange();
                clientHandshakeState.jQb.a(clientHandshakeState.yVb);
                if (mt2.getType() == 11) {
                    certificate = e(clientHandshakeState, mt2.getBody());
                    message = dTLSReliableHandshake.mt();
                } else {
                    clientHandshakeState.jQb.Qb();
                    message = mt2;
                    certificate = null;
                }
                if (certificate == null || certificate.isEmpty()) {
                    clientHandshakeState.FVb = false;
                }
                if (message.getType() == 22) {
                    b(clientHandshakeState, message.getBody());
                    message = dTLSReliableHandshake.mt();
                }
                if (message.getType() == 12) {
                    g(clientHandshakeState, message.getBody());
                    message = dTLSReliableHandshake.mt();
                } else {
                    clientHandshakeState.jQb.gb();
                }
                if (message.getType() == 13) {
                    a(clientHandshakeState, message.getBody());
                    TlsUtils.a(dTLSReliableHandshake.getHandshakeHash(), clientHandshakeState.JVb.getSupportedSignatureAlgorithms());
                    message = dTLSReliableHandshake.mt();
                }
                if (message.getType() != 14) {
                    throw new TlsFatalAlert((short) 10);
                }
                if (message.getBody().length != 0) {
                    throw new TlsFatalAlert((short) 50);
                }
                dTLSReliableHandshake.getHandshakeHash().qb();
                Vector clientSupplementalData = clientHandshakeState.client.getClientSupplementalData();
                if (clientSupplementalData != null) {
                    dTLSReliableHandshake.a((short) 23, DTLSProtocol.g(clientSupplementalData));
                }
                CertificateRequest certificateRequest = clientHandshakeState.JVb;
                if (certificateRequest != null) {
                    clientHandshakeState.KVb = clientHandshakeState.HVb.b(certificateRequest);
                    TlsCredentials tlsCredentials = clientHandshakeState.KVb;
                    Certificate certificate2 = tlsCredentials != null ? tlsCredentials.getCertificate() : null;
                    if (certificate2 == null) {
                        certificate2 = Certificate.QRb;
                    }
                    dTLSReliableHandshake.a((short) 11, DTLSProtocol.e(certificate2));
                }
                TlsCredentials tlsCredentials2 = clientHandshakeState.KVb;
                if (tlsCredentials2 != null) {
                    clientHandshakeState.jQb.b(tlsCredentials2);
                } else {
                    clientHandshakeState.jQb.Ra();
                }
                dTLSReliableHandshake.a((short) 16, a(clientHandshakeState));
                TlsHandshakeHash kt = dTLSReliableHandshake.kt();
                securityParameters.yZb = TlsProtocol.a(clientHandshakeState.yVb, kt, null);
                TlsProtocol.a(clientHandshakeState.yVb, clientHandshakeState.jQb);
                dTLSRecordLayer.a(clientHandshakeState.client.getCipher());
                TlsCredentials tlsCredentials3 = clientHandshakeState.KVb;
                if (tlsCredentials3 != null && (tlsCredentials3 instanceof TlsSignerCredentials)) {
                    TlsSignerCredentials tlsSignerCredentials = (TlsSignerCredentials) tlsCredentials3;
                    SignatureAndHashAlgorithm a2 = TlsUtils.a(clientHandshakeState.yVb, tlsSignerCredentials);
                    dTLSReliableHandshake.a((short) 15, a(clientHandshakeState, new DigitallySigned(a2, tlsSignerCredentials.x(a2 == null ? securityParameters.getSessionHash() : kt.e(a2.getHash())))));
                }
                TlsClientContextImpl tlsClientContextImpl3 = clientHandshakeState.yVb;
                dTLSReliableHandshake.a((short) 20, TlsUtils.a(tlsClientContextImpl3, ExporterLabel.dXb, TlsProtocol.a(tlsClientContextImpl3, dTLSReliableHandshake.getHandshakeHash(), null)));
                if (clientHandshakeState.GVb) {
                    DTLSReliableHandshake.Message mt3 = dTLSReliableHandshake.mt();
                    if (mt3.getType() != 4) {
                        throw new TlsFatalAlert((short) 10);
                    }
                    d(clientHandshakeState, mt3.getBody());
                }
                TlsClientContextImpl tlsClientContextImpl4 = clientHandshakeState.yVb;
                l(dTLSReliableHandshake.l((short) 20), TlsUtils.a(tlsClientContextImpl4, ExporterLabel.eXb, TlsProtocol.a(tlsClientContextImpl4, dTLSReliableHandshake.getHandshakeHash(), null)));
                dTLSReliableHandshake.finish();
                if (clientHandshakeState.zVb != null) {
                    clientHandshakeState.AVb = new SessionParameters.Builder().Je(securityParameters.qZa).m(securityParameters.Hkb).qa(securityParameters.vZb).f(certificate).ra(securityParameters.xQb).ta(securityParameters.WQb).build();
                    clientHandshakeState.zVb = TlsUtils.a(clientHandshakeState.zVb.getSessionID(), clientHandshakeState.AVb);
                    clientHandshakeState.yVb.setResumableSession(clientHandshakeState.zVb);
                }
                clientHandshakeState.client.nb();
                return new DTLSTransport(dTLSRecordLayer);
            }
            if (!dTLSRecordLayer.ht().d(clientHandshakeState.yVb.getClientVersion())) {
                throw new TlsFatalAlert((short) 47);
            }
            byte[] m = m(a, c(clientHandshakeState, mt.getBody()));
            dTLSReliableHandshake.nt();
            dTLSReliableHandshake.a((short) 1, m);
        }
    }

    public DTLSTransport a(TlsClient tlsClient, DatagramTransport datagramTransport) throws IOException {
        SessionParameters ob;
        if (tlsClient == null) {
            throw new IllegalArgumentException("'client' cannot be null");
        }
        if (datagramTransport == null) {
            throw new IllegalArgumentException("'transport' cannot be null");
        }
        SecurityParameters securityParameters = new SecurityParameters();
        securityParameters.sZb = 1;
        ClientHandshakeState clientHandshakeState = new ClientHandshakeState();
        clientHandshakeState.client = tlsClient;
        clientHandshakeState.yVb = new TlsClientContextImpl(this.dQb, securityParameters);
        securityParameters.wZb = TlsProtocol.a(tlsClient.Jb(), clientHandshakeState.yVb.getNonceRandomGenerator());
        tlsClient.a(clientHandshakeState.yVb);
        DTLSRecordLayer dTLSRecordLayer = new DTLSRecordLayer(datagramTransport, clientHandshakeState.yVb, tlsClient, (short) 22);
        TlsSession sessionToResume = clientHandshakeState.client.getSessionToResume();
        if (sessionToResume != null && (ob = sessionToResume.ob()) != null) {
            clientHandshakeState.zVb = sessionToResume;
            clientHandshakeState.AVb = ob;
        }
        try {
            return a(clientHandshakeState, dTLSRecordLayer);
        } catch (IOException e) {
            dTLSRecordLayer.k((short) 80);
            throw e;
        } catch (RuntimeException e2) {
            dTLSRecordLayer.k((short) 80);
            throw new TlsFatalAlert((short) 80, e2);
        } catch (TlsFatalAlert e3) {
            dTLSRecordLayer.k(e3.getAlertDescription());
            throw e3;
        }
    }

    public void a(ClientHandshakeState clientHandshakeState, ProtocolVersion protocolVersion) throws IOException {
        TlsClientContextImpl tlsClientContextImpl = clientHandshakeState.yVb;
        ProtocolVersion serverVersion = tlsClientContextImpl.getServerVersion();
        if (serverVersion == null) {
            tlsClientContextImpl.setServerVersion(protocolVersion);
            clientHandshakeState.client.a(protocolVersion);
        } else if (!serverVersion.c(protocolVersion)) {
            throw new TlsFatalAlert((short) 47);
        }
    }

    public void a(ClientHandshakeState clientHandshakeState, byte[] bArr) throws IOException {
        if (clientHandshakeState.HVb == null) {
            throw new TlsFatalAlert((short) 40);
        }
        ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(bArr);
        clientHandshakeState.JVb = CertificateRequest.a(clientHandshakeState.yVb, byteArrayInputStream);
        TlsProtocol.a(byteArrayInputStream);
        clientHandshakeState.jQb.a(clientHandshakeState.JVb);
    }

    public byte[] a(ClientHandshakeState clientHandshakeState) throws IOException {
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        clientHandshakeState.jQb.b(byteArrayOutputStream);
        return byteArrayOutputStream.toByteArray();
    }

    public byte[] a(ClientHandshakeState clientHandshakeState, DigitallySigned digitallySigned) throws IOException {
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        digitallySigned.encode(byteArrayOutputStream);
        return byteArrayOutputStream.toByteArray();
    }

    public byte[] a(ClientHandshakeState clientHandshakeState, TlsClient tlsClient) throws IOException {
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        ProtocolVersion clientVersion = tlsClient.getClientVersion();
        if (!clientVersion.pt()) {
            throw new TlsFatalAlert((short) 80);
        }
        TlsClientContextImpl tlsClientContextImpl = clientHandshakeState.yVb;
        tlsClientContextImpl.setClientVersion(clientVersion);
        TlsUtils.a(clientVersion, byteArrayOutputStream);
        SecurityParameters securityParameters = tlsClientContextImpl.getSecurityParameters();
        byteArrayOutputStream.write(securityParameters.getClientRandom());
        byte[] bArr = TlsUtils.QLa;
        TlsSession tlsSession = clientHandshakeState.zVb;
        if (tlsSession != null && ((bArr = tlsSession.getSessionID()) == null || bArr.length > 32)) {
            bArr = TlsUtils.QLa;
        }
        TlsUtils.c(bArr, byteArrayOutputStream);
        TlsUtils.c(TlsUtils.QLa, byteArrayOutputStream);
        boolean ca = tlsClient.ca();
        clientHandshakeState.NQb = tlsClient.getCipherSuites();
        clientHandshakeState.PQb = tlsClient.getClientExtensions();
        securityParameters.BZb = TlsExtensionsUtils.w(clientHandshakeState.PQb);
        boolean z = TlsUtils.b(clientHandshakeState.PQb, TlsProtocol.r_b) == null;
        boolean z2 = !Arrays.contains(clientHandshakeState.NQb, 255);
        if (z && z2) {
            clientHandshakeState.NQb = Arrays.l(clientHandshakeState.NQb, 255);
        }
        if (ca && !Arrays.contains(clientHandshakeState.NQb, CipherSuite.KXa)) {
            clientHandshakeState.NQb = Arrays.l(clientHandshakeState.NQb, CipherSuite.KXa);
        }
        TlsUtils.b(clientHandshakeState.NQb, byteArrayOutputStream);
        clientHandshakeState.OQb = new short[]{0};
        TlsUtils.b(clientHandshakeState.OQb, (OutputStream) byteArrayOutputStream);
        Hashtable hashtable = clientHandshakeState.PQb;
        if (hashtable != null) {
            TlsProtocol.a(byteArrayOutputStream, hashtable);
        }
        return byteArrayOutputStream.toByteArray();
    }

    public void b(ClientHandshakeState clientHandshakeState) {
        SessionParameters sessionParameters = clientHandshakeState.AVb;
        if (sessionParameters != null) {
            sessionParameters.clear();
            clientHandshakeState.AVb = null;
        }
        TlsSession tlsSession = clientHandshakeState.zVb;
        if (tlsSession != null) {
            tlsSession.invalidate();
            clientHandshakeState.zVb = null;
        }
    }

    public void b(ClientHandshakeState clientHandshakeState, byte[] bArr) throws IOException {
        if (!clientHandshakeState.FVb) {
            throw new TlsFatalAlert((short) 10);
        }
        ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(bArr);
        clientHandshakeState.IVb = CertificateStatus.parse(byteArrayInputStream);
        TlsProtocol.a(byteArrayInputStream);
    }

    public byte[] c(ClientHandshakeState clientHandshakeState, byte[] bArr) throws IOException {
        ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(bArr);
        ProtocolVersion u = TlsUtils.u(byteArrayInputStream);
        byte[] o = TlsUtils.o(byteArrayInputStream);
        TlsProtocol.a(byteArrayInputStream);
        if (!u.d(clientHandshakeState.yVb.getClientVersion())) {
            throw new TlsFatalAlert((short) 47);
        }
        if (ProtocolVersion.XYb.d(u) || o.length <= 32) {
            return o;
        }
        throw new TlsFatalAlert((short) 47);
    }

    public void d(ClientHandshakeState clientHandshakeState, byte[] bArr) throws IOException {
        ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(bArr);
        NewSessionTicket parse = NewSessionTicket.parse(byteArrayInputStream);
        TlsProtocol.a(byteArrayInputStream);
        clientHandshakeState.client.a(parse);
    }

    public Certificate e(ClientHandshakeState clientHandshakeState, byte[] bArr) throws IOException {
        ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(bArr);
        Certificate parse = Certificate.parse(byteArrayInputStream);
        TlsProtocol.a(byteArrayInputStream);
        clientHandshakeState.jQb.c(parse);
        clientHandshakeState.HVb = clientHandshakeState.client.getAuthentication();
        clientHandshakeState.HVb.d(parse);
        return parse;
    }

    public void f(ClientHandshakeState clientHandshakeState, byte[] bArr) throws IOException {
        int i;
        SecurityParameters securityParameters = clientHandshakeState.yVb.getSecurityParameters();
        ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(bArr);
        ProtocolVersion u = TlsUtils.u(byteArrayInputStream);
        a(clientHandshakeState, u);
        securityParameters.xZb = TlsUtils.e(32, byteArrayInputStream);
        clientHandshakeState.CVb = TlsUtils.o(byteArrayInputStream);
        byte[] bArr2 = clientHandshakeState.CVb;
        if (bArr2.length > 32) {
            throw new TlsFatalAlert((short) 47);
        }
        clientHandshakeState.client.v(bArr2);
        clientHandshakeState.LQb = TlsUtils.p(byteArrayInputStream);
        if (!Arrays.contains(clientHandshakeState.NQb, clientHandshakeState.LQb) || (i = clientHandshakeState.LQb) == 0 || CipherSuite.He(i) || !TlsUtils.a(clientHandshakeState.LQb, u)) {
            throw new TlsFatalAlert((short) 47);
        }
        DTLSProtocol.a(clientHandshakeState.LQb, (short) 47);
        clientHandshakeState.client.M(clientHandshakeState.LQb);
        clientHandshakeState.MQb = TlsUtils.t(byteArrayInputStream);
        if (!Arrays.contains(clientHandshakeState.OQb, clientHandshakeState.MQb)) {
            throw new TlsFatalAlert((short) 47);
        }
        clientHandshakeState.client.c(clientHandshakeState.MQb);
        Hashtable c = TlsProtocol.c(byteArrayInputStream);
        if (TlsExtensionsUtils.w(c) != securityParameters.BZb) {
            throw new TlsFatalAlert((short) 40);
        }
        if (c != null) {
            Enumeration keys = c.keys();
            while (keys.hasMoreElements()) {
                Integer num = (Integer) keys.nextElement();
                if (!num.equals(TlsProtocol.r_b)) {
                    if (TlsUtils.b(clientHandshakeState.PQb, num) == null) {
                        throw new TlsFatalAlert(AlertDescription.vRb);
                    }
                    num.equals(TlsExtensionsUtils.i_b);
                }
            }
            byte[] bArr3 = (byte[]) c.get(TlsProtocol.r_b);
            if (bArr3 != null) {
                clientHandshakeState.DVb = true;
                if (!Arrays.z(bArr3, TlsProtocol.Ha(TlsUtils.QLa))) {
                    throw new TlsFatalAlert((short) 40);
                }
            }
            boolean v = TlsExtensionsUtils.v(c);
            if (v && !TlsUtils.af(clientHandshakeState.LQb)) {
                throw new TlsFatalAlert((short) 47);
            }
            securityParameters.AZb = v;
            clientHandshakeState.EVb = DTLSProtocol.a(clientHandshakeState.PQb, c, (short) 47);
            securityParameters.zZb = TlsExtensionsUtils.x(c);
            clientHandshakeState.FVb = TlsUtils.a(c, TlsExtensionsUtils.m_b, (short) 47);
            clientHandshakeState.GVb = TlsUtils.a(c, TlsProtocol.s_b, (short) 47);
        }
        clientHandshakeState.client.l(clientHandshakeState.DVb);
        if (clientHandshakeState.PQb != null) {
            clientHandshakeState.client.a(c);
        }
    }

    public void g(ClientHandshakeState clientHandshakeState, byte[] bArr) throws IOException {
        ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(bArr);
        clientHandshakeState.jQb.c(byteArrayInputStream);
        TlsProtocol.a(byteArrayInputStream);
    }

    public void h(ClientHandshakeState clientHandshakeState, byte[] bArr) throws IOException {
        clientHandshakeState.client.b(TlsProtocol.d(new ByteArrayInputStream(bArr)));
    }
}
