package org.bouncycastle.crypto.tls;

import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.io.OutputStream;
import java.security.SecureRandom;
import java.util.Enumeration;
import java.util.Hashtable;
import java.util.Vector;
import org.bouncycastle.crypto.tls.DTLSReliableHandshake;
import org.bouncycastle.crypto.tls.SessionParameters;
import org.bouncycastle.util.Arrays;

/* loaded from: classes3.dex */
public class DTLSClientProtocol extends DTLSProtocol {

    /* JADX INFO: Access modifiers changed from: protected */
    /* loaded from: classes3.dex */
    public static class ClientHandshakeState {
        public TlsClient client = null;
        public TlsClientContextImpl WBb = null;
        public TlsSession XBb = null;
        public SessionParameters YBb = null;
        public SessionParameters.Builder ZBb = null;
        public int[] kxb = null;
        public short[] lxb = null;
        public Hashtable mxb = null;
        public byte[] _Bb = null;
        public int ixb = -1;
        public short jxb = -1;
        public boolean aCb = false;
        public short bCb = -1;
        public boolean cCb = false;
        public boolean dCb = false;
        public TlsKeyExchange Hwb = null;
        public TlsAuthentication eCb = null;
        public CertificateStatus fCb = null;
        public CertificateRequest gCb = null;
        public TlsCredentials hCb = null;
    }

    public DTLSClientProtocol(SecureRandom secureRandom) {
        super(secureRandom);
    }

    public static byte[] m(byte[] bArr, byte[] bArr2) throws IOException {
        int u = 35 + TlsUtils.u(bArr, 34);
        int i = u + 1;
        byte[] bArr3 = new byte[bArr.length + bArr2.length];
        System.arraycopy(bArr, 0, bArr3, 0, u);
        TlsUtils.oe(bArr2.length);
        TlsUtils.e(bArr2.length, bArr3, u);
        System.arraycopy(bArr2, 0, bArr3, i, bArr2.length);
        System.arraycopy(bArr, i, bArr3, bArr2.length + i, bArr.length - i);
        return bArr3;
    }

    public DTLSTransport a(ClientHandshakeState clientHandshakeState, DTLSRecordLayer dTLSRecordLayer) throws IOException {
        DTLSReliableHandshake.Message message;
        Certificate certificate;
        TlsSession tlsSession;
        SecurityParameters securityParameters = clientHandshakeState.WBb.getSecurityParameters();
        DTLSReliableHandshake dTLSReliableHandshake = new DTLSReliableHandshake(clientHandshakeState.WBb, dTLSRecordLayer);
        byte[] a = a(clientHandshakeState, clientHandshakeState.client);
        dTLSReliableHandshake.a((short) 1, a);
        while (true) {
            DTLSReliableHandshake.Message Ym = dTLSReliableHandshake.Ym();
            if (Ym.getType() != 3) {
                if (Ym.getType() != 2) {
                    throw new TlsFatalAlert((short) 10);
                }
                a(clientHandshakeState, dTLSRecordLayer.getDiscoveredPeerVersion());
                f(clientHandshakeState, Ym.getBody());
                short s = clientHandshakeState.bCb;
                if (s >= 0) {
                    dTLSRecordLayer.setPlaintextLimit(1 << (s + 8));
                }
                int i = clientHandshakeState.ixb;
                securityParameters.cipherSuite = i;
                securityParameters.kSa = clientHandshakeState.jxb;
                securityParameters.SFb = TlsProtocol.d(clientHandshakeState.WBb, i);
                securityParameters.TFb = 12;
                dTLSReliableHandshake.Wm();
                byte[] bArr = clientHandshakeState._Bb;
                if (bArr.length > 0 && (tlsSession = clientHandshakeState.XBb) != null && Arrays.x(bArr, tlsSession.getSessionID())) {
                    if (securityParameters.getCipherSuite() != clientHandshakeState.YBb.getCipherSuite() || securityParameters.getCompressionAlgorithm() != clientHandshakeState.YBb.getCompressionAlgorithm()) {
                        throw new TlsFatalAlert((short) 47);
                    }
                    securityParameters._Fb = TlsExtensionsUtils.w(clientHandshakeState.YBb.jn());
                    securityParameters.UFb = Arrays._a(clientHandshakeState.YBb.getMasterSecret());
                    dTLSRecordLayer.a(clientHandshakeState.client.getCipher());
                    TlsClientContextImpl tlsClientContextImpl = clientHandshakeState.WBb;
                    l(dTLSReliableHandshake.l((short) 20), TlsUtils.a(tlsClientContextImpl, ExporterLabel.DDb, TlsProtocol.a(tlsClientContextImpl, dTLSReliableHandshake.getHandshakeHash(), null)));
                    TlsClientContextImpl tlsClientContextImpl2 = clientHandshakeState.WBb;
                    dTLSReliableHandshake.a((short) 20, TlsUtils.a(tlsClientContextImpl2, ExporterLabel.CDb, TlsProtocol.a(tlsClientContextImpl2, dTLSReliableHandshake.getHandshakeHash(), null)));
                    dTLSReliableHandshake.finish();
                    clientHandshakeState.WBb.setResumableSession(clientHandshakeState.XBb);
                    clientHandshakeState.client.Wa();
                    return new DTLSTransport(dTLSRecordLayer);
                }
                b(clientHandshakeState);
                byte[] bArr2 = clientHandshakeState._Bb;
                if (bArr2.length > 0) {
                    clientHandshakeState.XBb = new TlsSessionImpl(bArr2, null);
                }
                DTLSReliableHandshake.Message Ym2 = dTLSReliableHandshake.Ym();
                if (Ym2.getType() == 23) {
                    h(clientHandshakeState, Ym2.getBody());
                    Ym2 = dTLSReliableHandshake.Ym();
                } else {
                    clientHandshakeState.client.b(null);
                }
                clientHandshakeState.Hwb = clientHandshakeState.client.getKeyExchange();
                clientHandshakeState.Hwb.a(clientHandshakeState.WBb);
                if (Ym2.getType() == 11) {
                    certificate = e(clientHandshakeState, Ym2.getBody());
                    message = dTLSReliableHandshake.Ym();
                } else {
                    clientHandshakeState.Hwb.ub();
                    message = Ym2;
                    certificate = null;
                }
                if (certificate == null || certificate.isEmpty()) {
                    clientHandshakeState.cCb = false;
                }
                if (message.getType() == 22) {
                    b(clientHandshakeState, message.getBody());
                    message = dTLSReliableHandshake.Ym();
                }
                if (message.getType() == 12) {
                    g(clientHandshakeState, message.getBody());
                    message = dTLSReliableHandshake.Ym();
                } else {
                    clientHandshakeState.Hwb.Qa();
                }
                if (message.getType() == 13) {
                    a(clientHandshakeState, message.getBody());
                    TlsUtils.a(dTLSReliableHandshake.getHandshakeHash(), clientHandshakeState.gCb.getSupportedSignatureAlgorithms());
                    message = dTLSReliableHandshake.Ym();
                }
                if (message.getType() != 14) {
                    throw new TlsFatalAlert((short) 10);
                }
                if (message.getBody().length != 0) {
                    throw new TlsFatalAlert((short) 50);
                }
                dTLSReliableHandshake.getHandshakeHash().Za();
                Vector clientSupplementalData = clientHandshakeState.client.getClientSupplementalData();
                if (clientSupplementalData != null) {
                    dTLSReliableHandshake.a((short) 23, DTLSProtocol.g(clientSupplementalData));
                }
                CertificateRequest certificateRequest = clientHandshakeState.gCb;
                if (certificateRequest != null) {
                    clientHandshakeState.hCb = clientHandshakeState.eCb.b(certificateRequest);
                    TlsCredentials tlsCredentials = clientHandshakeState.hCb;
                    Certificate certificate2 = tlsCredentials != null ? tlsCredentials.getCertificate() : null;
                    if (certificate2 == null) {
                        certificate2 = Certificate.nyb;
                    }
                    dTLSReliableHandshake.a((short) 11, DTLSProtocol.e(certificate2));
                }
                TlsCredentials tlsCredentials2 = clientHandshakeState.hCb;
                if (tlsCredentials2 != null) {
                    clientHandshakeState.Hwb.b(tlsCredentials2);
                } else {
                    clientHandshakeState.Hwb.Ga();
                }
                dTLSReliableHandshake.a((short) 16, a(clientHandshakeState));
                TlsHandshakeHash Xm = dTLSReliableHandshake.Xm();
                securityParameters.XFb = TlsProtocol.a(clientHandshakeState.WBb, Xm, null);
                TlsProtocol.a(clientHandshakeState.WBb, clientHandshakeState.Hwb);
                dTLSRecordLayer.a(clientHandshakeState.client.getCipher());
                TlsCredentials tlsCredentials3 = clientHandshakeState.hCb;
                if (tlsCredentials3 != null && (tlsCredentials3 instanceof TlsSignerCredentials)) {
                    TlsSignerCredentials tlsSignerCredentials = (TlsSignerCredentials) tlsCredentials3;
                    SignatureAndHashAlgorithm a2 = TlsUtils.a(clientHandshakeState.WBb, tlsSignerCredentials);
                    dTLSReliableHandshake.a((short) 15, a(clientHandshakeState, new DigitallySigned(a2, tlsSignerCredentials.x(a2 == null ? securityParameters.getSessionHash() : Xm.e(a2.getHash())))));
                }
                TlsClientContextImpl tlsClientContextImpl3 = clientHandshakeState.WBb;
                dTLSReliableHandshake.a((short) 20, TlsUtils.a(tlsClientContextImpl3, ExporterLabel.CDb, TlsProtocol.a(tlsClientContextImpl3, dTLSReliableHandshake.getHandshakeHash(), null)));
                if (clientHandshakeState.dCb) {
                    DTLSReliableHandshake.Message Ym3 = dTLSReliableHandshake.Ym();
                    if (Ym3.getType() != 4) {
                        throw new TlsFatalAlert((short) 10);
                    }
                    d(clientHandshakeState, Ym3.getBody());
                }
                TlsClientContextImpl tlsClientContextImpl4 = clientHandshakeState.WBb;
                l(dTLSReliableHandshake.l((short) 20), TlsUtils.a(tlsClientContextImpl4, ExporterLabel.DDb, TlsProtocol.a(tlsClientContextImpl4, dTLSReliableHandshake.getHandshakeHash(), null)));
                dTLSReliableHandshake.finish();
                if (clientHandshakeState.XBb != null) {
                    clientHandshakeState.YBb = new SessionParameters.Builder().de(securityParameters.cipherSuite).m(securityParameters.kSa).oa(securityParameters.UFb).f(certificate).pa(securityParameters.Vwb).ra(securityParameters.txb).build();
                    clientHandshakeState.XBb = TlsUtils.a(clientHandshakeState.XBb.getSessionID(), clientHandshakeState.YBb);
                    clientHandshakeState.WBb.setResumableSession(clientHandshakeState.XBb);
                }
                clientHandshakeState.client.Wa();
                return new DTLSTransport(dTLSRecordLayer);
            }
            if (!dTLSRecordLayer.Um().d(clientHandshakeState.WBb.getClientVersion())) {
                throw new TlsFatalAlert((short) 47);
            }
            byte[] m = m(a, c(clientHandshakeState, Ym.getBody()));
            dTLSReliableHandshake.Zm();
            dTLSReliableHandshake.a((short) 1, m);
        }
    }

    public DTLSTransport a(TlsClient tlsClient, DatagramTransport datagramTransport) throws IOException {
        SessionParameters Xa;
        if (tlsClient == null) {
            throw new IllegalArgumentException("'client' cannot be null");
        }
        if (datagramTransport == null) {
            throw new IllegalArgumentException("'transport' cannot be null");
        }
        SecurityParameters securityParameters = new SecurityParameters();
        securityParameters.RFb = 1;
        ClientHandshakeState clientHandshakeState = new ClientHandshakeState();
        clientHandshakeState.client = tlsClient;
        clientHandshakeState.WBb = new TlsClientContextImpl(this.Bwb, securityParameters);
        securityParameters.VFb = TlsProtocol.a(tlsClient.ob(), clientHandshakeState.WBb.getNonceRandomGenerator());
        tlsClient.a(clientHandshakeState.WBb);
        DTLSRecordLayer dTLSRecordLayer = new DTLSRecordLayer(datagramTransport, clientHandshakeState.WBb, tlsClient, (short) 22);
        TlsSession sessionToResume = clientHandshakeState.client.getSessionToResume();
        if (sessionToResume != null && (Xa = sessionToResume.Xa()) != null) {
            clientHandshakeState.XBb = sessionToResume;
            clientHandshakeState.YBb = Xa;
        }
        try {
            return a(clientHandshakeState, dTLSRecordLayer);
        } catch (IOException e) {
            dTLSRecordLayer.k((short) 80);
            throw e;
        } catch (RuntimeException e2) {
            dTLSRecordLayer.k((short) 80);
            throw new TlsFatalAlert((short) 80, e2);
        } catch (TlsFatalAlert e3) {
            dTLSRecordLayer.k(e3.getAlertDescription());
            throw e3;
        }
    }

    public void a(ClientHandshakeState clientHandshakeState, ProtocolVersion protocolVersion) throws IOException {
        TlsClientContextImpl tlsClientContextImpl = clientHandshakeState.WBb;
        ProtocolVersion serverVersion = tlsClientContextImpl.getServerVersion();
        if (serverVersion == null) {
            tlsClientContextImpl.setServerVersion(protocolVersion);
            clientHandshakeState.client.a(protocolVersion);
        } else if (!serverVersion.c(protocolVersion)) {
            throw new TlsFatalAlert((short) 47);
        }
    }

    public void a(ClientHandshakeState clientHandshakeState, byte[] bArr) throws IOException {
        if (clientHandshakeState.eCb == null) {
            throw new TlsFatalAlert((short) 40);
        }
        ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(bArr);
        clientHandshakeState.gCb = CertificateRequest.a(clientHandshakeState.WBb, byteArrayInputStream);
        TlsProtocol.a(byteArrayInputStream);
        clientHandshakeState.Hwb.a(clientHandshakeState.gCb);
    }

    public byte[] a(ClientHandshakeState clientHandshakeState) throws IOException {
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        clientHandshakeState.Hwb.b(byteArrayOutputStream);
        return byteArrayOutputStream.toByteArray();
    }

    public byte[] a(ClientHandshakeState clientHandshakeState, DigitallySigned digitallySigned) throws IOException {
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        digitallySigned.encode(byteArrayOutputStream);
        return byteArrayOutputStream.toByteArray();
    }

    public byte[] a(ClientHandshakeState clientHandshakeState, TlsClient tlsClient) throws IOException {
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        ProtocolVersion clientVersion = tlsClient.getClientVersion();
        if (!clientVersion.bn()) {
            throw new TlsFatalAlert((short) 80);
        }
        TlsClientContextImpl tlsClientContextImpl = clientHandshakeState.WBb;
        tlsClientContextImpl.setClientVersion(clientVersion);
        TlsUtils.a(clientVersion, byteArrayOutputStream);
        SecurityParameters securityParameters = tlsClientContextImpl.getSecurityParameters();
        byteArrayOutputStream.write(securityParameters.getClientRandom());
        byte[] bArr = TlsUtils.oJa;
        TlsSession tlsSession = clientHandshakeState.XBb;
        if (tlsSession != null && ((bArr = tlsSession.getSessionID()) == null || bArr.length > 32)) {
            bArr = TlsUtils.oJa;
        }
        TlsUtils.c(bArr, byteArrayOutputStream);
        TlsUtils.c(TlsUtils.oJa, byteArrayOutputStream);
        boolean ca = tlsClient.ca();
        clientHandshakeState.kxb = tlsClient.getCipherSuites();
        clientHandshakeState.mxb = tlsClient.getClientExtensions();
        securityParameters._Fb = TlsExtensionsUtils.w(clientHandshakeState.mxb);
        boolean z = TlsUtils.b(clientHandshakeState.mxb, TlsProtocol.QGb) == null;
        boolean z2 = !Arrays.contains(clientHandshakeState.kxb, 255);
        if (z && z2) {
            clientHandshakeState.kxb = Arrays.k(clientHandshakeState.kxb, 255);
        }
        if (ca && !Arrays.contains(clientHandshakeState.kxb, CipherSuite.TLS_FALLBACK_SCSV)) {
            clientHandshakeState.kxb = Arrays.k(clientHandshakeState.kxb, CipherSuite.TLS_FALLBACK_SCSV);
        }
        TlsUtils.b(clientHandshakeState.kxb, byteArrayOutputStream);
        clientHandshakeState.lxb = new short[]{0};
        TlsUtils.b(clientHandshakeState.lxb, (OutputStream) byteArrayOutputStream);
        Hashtable hashtable = clientHandshakeState.mxb;
        if (hashtable != null) {
            TlsProtocol.a(byteArrayOutputStream, hashtable);
        }
        return byteArrayOutputStream.toByteArray();
    }

    public void b(ClientHandshakeState clientHandshakeState) {
        SessionParameters sessionParameters = clientHandshakeState.YBb;
        if (sessionParameters != null) {
            sessionParameters.clear();
            clientHandshakeState.YBb = null;
        }
        TlsSession tlsSession = clientHandshakeState.XBb;
        if (tlsSession != null) {
            tlsSession.invalidate();
            clientHandshakeState.XBb = null;
        }
    }

    public void b(ClientHandshakeState clientHandshakeState, byte[] bArr) throws IOException {
        if (!clientHandshakeState.cCb) {
            throw new TlsFatalAlert((short) 10);
        }
        ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(bArr);
        clientHandshakeState.fCb = CertificateStatus.parse(byteArrayInputStream);
        TlsProtocol.a(byteArrayInputStream);
    }

    public byte[] c(ClientHandshakeState clientHandshakeState, byte[] bArr) throws IOException {
        ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(bArr);
        ProtocolVersion u = TlsUtils.u(byteArrayInputStream);
        byte[] o = TlsUtils.o(byteArrayInputStream);
        TlsProtocol.a(byteArrayInputStream);
        if (!u.d(clientHandshakeState.WBb.getClientVersion())) {
            throw new TlsFatalAlert((short) 47);
        }
        if (ProtocolVersion.vFb.d(u) || o.length <= 32) {
            return o;
        }
        throw new TlsFatalAlert((short) 47);
    }

    public void d(ClientHandshakeState clientHandshakeState, byte[] bArr) throws IOException {
        ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(bArr);
        NewSessionTicket parse = NewSessionTicket.parse(byteArrayInputStream);
        TlsProtocol.a(byteArrayInputStream);
        clientHandshakeState.client.a(parse);
    }

    public Certificate e(ClientHandshakeState clientHandshakeState, byte[] bArr) throws IOException {
        ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(bArr);
        Certificate parse = Certificate.parse(byteArrayInputStream);
        TlsProtocol.a(byteArrayInputStream);
        clientHandshakeState.Hwb.c(parse);
        clientHandshakeState.eCb = clientHandshakeState.client.getAuthentication();
        clientHandshakeState.eCb.d(parse);
        return parse;
    }

    public void f(ClientHandshakeState clientHandshakeState, byte[] bArr) throws IOException {
        int i;
        SecurityParameters securityParameters = clientHandshakeState.WBb.getSecurityParameters();
        ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(bArr);
        ProtocolVersion u = TlsUtils.u(byteArrayInputStream);
        a(clientHandshakeState, u);
        securityParameters.WFb = TlsUtils.e(32, byteArrayInputStream);
        clientHandshakeState._Bb = TlsUtils.o(byteArrayInputStream);
        byte[] bArr2 = clientHandshakeState._Bb;
        if (bArr2.length > 32) {
            throw new TlsFatalAlert((short) 47);
        }
        clientHandshakeState.client.v(bArr2);
        clientHandshakeState.ixb = TlsUtils.p(byteArrayInputStream);
        if (!Arrays.contains(clientHandshakeState.kxb, clientHandshakeState.ixb) || (i = clientHandshakeState.ixb) == 0 || CipherSuite.be(i) || !TlsUtils.a(clientHandshakeState.ixb, u)) {
            throw new TlsFatalAlert((short) 47);
        }
        DTLSProtocol.a(clientHandshakeState.ixb, (short) 47);
        clientHandshakeState.client.L(clientHandshakeState.ixb);
        clientHandshakeState.jxb = TlsUtils.t(byteArrayInputStream);
        if (!Arrays.contains(clientHandshakeState.lxb, clientHandshakeState.jxb)) {
            throw new TlsFatalAlert((short) 47);
        }
        clientHandshakeState.client.c(clientHandshakeState.jxb);
        Hashtable c = TlsProtocol.c(byteArrayInputStream);
        if (TlsExtensionsUtils.w(c) != securityParameters._Fb) {
            throw new TlsFatalAlert((short) 40);
        }
        if (c != null) {
            Enumeration keys = c.keys();
            while (keys.hasMoreElements()) {
                Integer num = (Integer) keys.nextElement();
                if (!num.equals(TlsProtocol.QGb)) {
                    if (TlsUtils.b(clientHandshakeState.mxb, num) == null) {
                        throw new TlsFatalAlert(AlertDescription.Txb);
                    }
                    num.equals(TlsExtensionsUtils.HGb);
                }
            }
            byte[] bArr3 = (byte[]) c.get(TlsProtocol.QGb);
            if (bArr3 != null) {
                clientHandshakeState.aCb = true;
                if (!Arrays.z(bArr3, TlsProtocol.Fa(TlsUtils.oJa))) {
                    throw new TlsFatalAlert((short) 40);
                }
            }
            boolean v = TlsExtensionsUtils.v(c);
            if (v && !TlsUtils.ve(clientHandshakeState.ixb)) {
                throw new TlsFatalAlert((short) 47);
            }
            securityParameters.ZFb = v;
            clientHandshakeState.bCb = DTLSProtocol.a(clientHandshakeState.mxb, c, (short) 47);
            securityParameters.YFb = TlsExtensionsUtils.x(c);
            clientHandshakeState.cCb = TlsUtils.a(c, TlsExtensionsUtils.LGb, (short) 47);
            clientHandshakeState.dCb = TlsUtils.a(c, TlsProtocol.RGb, (short) 47);
        }
        clientHandshakeState.client.l(clientHandshakeState.aCb);
        if (clientHandshakeState.mxb != null) {
            clientHandshakeState.client.a(c);
        }
    }

    public void g(ClientHandshakeState clientHandshakeState, byte[] bArr) throws IOException {
        ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(bArr);
        clientHandshakeState.Hwb.c(byteArrayInputStream);
        TlsProtocol.a(byteArrayInputStream);
    }

    public void h(ClientHandshakeState clientHandshakeState, byte[] bArr) throws IOException {
        clientHandshakeState.client.b(TlsProtocol.d(new ByteArrayInputStream(bArr)));
    }
}
