package org.spongycastle.crypto.tls;

import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.security.SecureRandom;
import java.util.Enumeration;
import java.util.Hashtable;
import java.util.Vector;
import org.spongycastle.crypto.tls.SessionParameters;
import org.spongycastle.crypto.tls.g;
import org.spongycastle.util.Arrays;

/* loaded from: classes3.dex */
public class DTLSClientProtocol extends DTLSProtocol {

    /* JADX INFO: Access modifiers changed from: protected */
    /* loaded from: classes3.dex */
    public static class ClientHandshakeState {

        /* renamed from: a, reason: collision with root package name */
        TlsClient f36737a = null;

        /* renamed from: b, reason: collision with root package name */
        m f36738b = null;

        /* renamed from: c, reason: collision with root package name */
        TlsSession f36739c = null;

        /* renamed from: d, reason: collision with root package name */
        SessionParameters f36740d = null;

        /* renamed from: e, reason: collision with root package name */
        SessionParameters.Builder f36741e = null;

        /* renamed from: f, reason: collision with root package name */
        int[] f36742f = null;

        /* renamed from: g, reason: collision with root package name */
        short[] f36743g = null;

        /* renamed from: h, reason: collision with root package name */
        Hashtable f36744h = null;

        /* renamed from: i, reason: collision with root package name */
        Hashtable f36745i = null;

        /* renamed from: j, reason: collision with root package name */
        byte[] f36746j = null;

        /* renamed from: k, reason: collision with root package name */
        boolean f36747k = false;

        /* renamed from: l, reason: collision with root package name */
        boolean f36748l = false;

        /* renamed from: m, reason: collision with root package name */
        boolean f36749m = false;

        /* renamed from: n, reason: collision with root package name */
        boolean f36750n = false;

        /* renamed from: o, reason: collision with root package name */
        TlsKeyExchange f36751o = null;

        /* renamed from: p, reason: collision with root package name */
        TlsAuthentication f36752p = null;

        /* renamed from: q, reason: collision with root package name */
        CertificateStatus f36753q = null;

        /* renamed from: r, reason: collision with root package name */
        CertificateRequest f36754r = null;

        /* renamed from: s, reason: collision with root package name */
        TlsCredentials f36755s = null;

        protected ClientHandshakeState() {
        }
    }

    public DTLSClientProtocol(SecureRandom secureRandom) {
        super(secureRandom);
    }

    protected static byte[] l(byte[] bArr, byte[] bArr2) {
        int readUint8 = 35 + TlsUtils.readUint8(bArr, 34);
        int i2 = readUint8 + 1;
        byte[] bArr3 = new byte[bArr.length + bArr2.length];
        System.arraycopy(bArr, 0, bArr3, 0, readUint8);
        TlsUtils.checkUint8(bArr2.length);
        TlsUtils.writeUint8(bArr2.length, bArr3, readUint8);
        System.arraycopy(bArr2, 0, bArr3, i2, bArr2.length);
        System.arraycopy(bArr, i2, bArr3, bArr2.length + i2, bArr.length - i2);
        return bArr3;
    }

    public DTLSTransport connect(TlsClient tlsClient, DatagramTransport datagramTransport) throws IOException {
        SessionParameters exportSessionParameters;
        if (tlsClient == null) {
            throw new IllegalArgumentException("'client' cannot be null");
        }
        if (datagramTransport == null) {
            throw new IllegalArgumentException("'transport' cannot be null");
        }
        SecurityParameters securityParameters = new SecurityParameters();
        securityParameters.f36813a = 1;
        ClientHandshakeState clientHandshakeState = new ClientHandshakeState();
        clientHandshakeState.f36737a = tlsClient;
        clientHandshakeState.f36738b = new m(this.f36756a, securityParameters);
        securityParameters.f36819g = TlsProtocol.h(tlsClient.shouldUseGMTUnixTime(), clientHandshakeState.f36738b.getNonceRandomGenerator());
        tlsClient.init(clientHandshakeState.f36738b);
        f fVar = new f(datagramTransport, clientHandshakeState.f36738b, tlsClient, (short) 22);
        TlsSession sessionToResume = clientHandshakeState.f36737a.getSessionToResume();
        if (sessionToResume != null && sessionToResume.isResumable() && (exportSessionParameters = sessionToResume.exportSessionParameters()) != null) {
            clientHandshakeState.f36739c = sessionToResume;
            clientHandshakeState.f36740d = exportSessionParameters;
        }
        try {
            return g(clientHandshakeState, fVar);
        } catch (TlsFatalAlert e2) {
            fVar.b(e2.getAlertDescription());
            throw e2;
        } catch (IOException e3) {
            fVar.b((short) 80);
            throw e3;
        } catch (RuntimeException e4) {
            fVar.b((short) 80);
            throw new TlsFatalAlert((short) 80, e4);
        }
    }

    protected DTLSTransport g(ClientHandshakeState clientHandshakeState, f fVar) {
        g.b bVar;
        Certificate certificate;
        SecurityParameters securityParameters = clientHandshakeState.f36738b.getSecurityParameters();
        g gVar = new g(clientHandshakeState.f36738b, fVar);
        byte[] i2 = i(clientHandshakeState, clientHandshakeState.f36737a);
        fVar.m(ProtocolVersion.DTLSv10);
        gVar.r((short) 1, i2);
        g.b m2 = gVar.m();
        while (m2.c() == 3) {
            if (!fVar.d().isEqualOrEarlierVersionOf(clientHandshakeState.f36738b.getClientVersion())) {
                throw new TlsFatalAlert((short) 47);
            }
            fVar.l(null);
            byte[] l2 = l(i2, o(clientHandshakeState, m2.a()));
            gVar.q();
            gVar.r((short) 1, l2);
            m2 = gVar.m();
        }
        if (m2.c() != 2) {
            throw new TlsFatalAlert((short) 10);
        }
        ProtocolVersion d2 = fVar.d();
        u(clientHandshakeState, d2);
        fVar.m(d2);
        r(clientHandshakeState, m2.a());
        gVar.j();
        DTLSProtocol.a(fVar, securityParameters.f36824l);
        if (clientHandshakeState.f36747k) {
            securityParameters.f36818f = Arrays.clone(clientHandshakeState.f36740d.getMasterSecret());
            fVar.f(clientHandshakeState.f36737a.getCipher());
            m mVar = clientHandshakeState.f36738b;
            e(gVar.n((short) 20), TlsUtils.f(mVar, ExporterLabel.server_finished, TlsProtocol.p(mVar, gVar.i(), null)));
            m mVar2 = clientHandshakeState.f36738b;
            gVar.r((short) 20, TlsUtils.f(mVar2, ExporterLabel.client_finished, TlsProtocol.p(mVar2, gVar.i(), null)));
            gVar.h();
            clientHandshakeState.f36738b.c(clientHandshakeState.f36739c);
            clientHandshakeState.f36737a.notifyHandshakeComplete();
            return new DTLSTransport(fVar);
        }
        k(clientHandshakeState);
        byte[] bArr = clientHandshakeState.f36746j;
        if (bArr.length > 0) {
            clientHandshakeState.f36739c = new q(bArr, null);
        }
        g.b m3 = gVar.m();
        if (m3.c() == 23) {
            t(clientHandshakeState, m3.a());
            m3 = gVar.m();
        } else {
            clientHandshakeState.f36737a.processServerSupplementalData(null);
        }
        TlsKeyExchange keyExchange = clientHandshakeState.f36737a.getKeyExchange();
        clientHandshakeState.f36751o = keyExchange;
        keyExchange.init(clientHandshakeState.f36738b);
        if (m3.c() == 11) {
            certificate = q(clientHandshakeState, m3.a());
            bVar = gVar.m();
        } else {
            clientHandshakeState.f36751o.skipServerCredentials();
            bVar = m3;
            certificate = null;
        }
        if (certificate == null || certificate.isEmpty()) {
            clientHandshakeState.f36749m = false;
        }
        if (bVar.c() == 22) {
            n(clientHandshakeState, bVar.a());
            bVar = gVar.m();
        }
        if (bVar.c() == 12) {
            s(clientHandshakeState, bVar.a());
            bVar = gVar.m();
        } else {
            clientHandshakeState.f36751o.skipServerKeyExchange();
        }
        if (bVar.c() == 13) {
            m(clientHandshakeState, bVar.a());
            TlsUtils.k(gVar.i(), clientHandshakeState.f36754r.getSupportedSignatureAlgorithms());
            bVar = gVar.m();
        }
        if (bVar.c() != 14) {
            throw new TlsFatalAlert((short) 10);
        }
        if (bVar.a().length != 0) {
            throw new TlsFatalAlert((short) 50);
        }
        gVar.i().sealHashAlgorithms();
        Vector clientSupplementalData = clientHandshakeState.f36737a.getClientSupplementalData();
        if (clientSupplementalData != null) {
            gVar.r((short) 23, DTLSProtocol.d(clientSupplementalData));
        }
        CertificateRequest certificateRequest = clientHandshakeState.f36754r;
        if (certificateRequest != null) {
            TlsCredentials clientCredentials = clientHandshakeState.f36752p.getClientCredentials(certificateRequest);
            clientHandshakeState.f36755s = clientCredentials;
            Certificate certificate2 = clientCredentials != null ? clientCredentials.getCertificate() : null;
            if (certificate2 == null) {
                certificate2 = Certificate.EMPTY_CHAIN;
            }
            gVar.r((short) 11, DTLSProtocol.c(certificate2));
        }
        TlsCredentials tlsCredentials = clientHandshakeState.f36755s;
        if (tlsCredentials != null) {
            clientHandshakeState.f36751o.processClientCredentials(tlsCredentials);
        } else {
            clientHandshakeState.f36751o.skipClientCredentials();
        }
        gVar.r((short) 16, j(clientHandshakeState));
        TlsHandshakeHash l3 = gVar.l();
        securityParameters.f36821i = TlsProtocol.p(clientHandshakeState.f36738b, l3, null);
        TlsProtocol.k(clientHandshakeState.f36738b, clientHandshakeState.f36751o);
        fVar.f(clientHandshakeState.f36737a.getCipher());
        TlsCredentials tlsCredentials2 = clientHandshakeState.f36755s;
        if (tlsCredentials2 != null && (tlsCredentials2 instanceof TlsSignerCredentials)) {
            TlsSignerCredentials tlsSignerCredentials = (TlsSignerCredentials) tlsCredentials2;
            SignatureAndHashAlgorithm signatureAndHashAlgorithm = TlsUtils.getSignatureAndHashAlgorithm(clientHandshakeState.f36738b, tlsSignerCredentials);
            gVar.r((short) 15, h(clientHandshakeState, new DigitallySigned(signatureAndHashAlgorithm, tlsSignerCredentials.generateCertificateSignature(signatureAndHashAlgorithm == null ? securityParameters.getSessionHash() : l3.getFinalHash(signatureAndHashAlgorithm.getHash())))));
        }
        m mVar3 = clientHandshakeState.f36738b;
        gVar.r((short) 20, TlsUtils.f(mVar3, ExporterLabel.client_finished, TlsProtocol.p(mVar3, gVar.i(), null)));
        if (clientHandshakeState.f36750n) {
            g.b m4 = gVar.m();
            if (m4.c() != 4) {
                throw new TlsFatalAlert((short) 10);
            }
            p(clientHandshakeState, m4.a());
        }
        m mVar4 = clientHandshakeState.f36738b;
        e(gVar.n((short) 20), TlsUtils.f(mVar4, ExporterLabel.server_finished, TlsProtocol.p(mVar4, gVar.i(), null)));
        gVar.h();
        if (clientHandshakeState.f36739c != null) {
            clientHandshakeState.f36740d = new SessionParameters.Builder().setCipherSuite(securityParameters.getCipherSuite()).setCompressionAlgorithm(securityParameters.getCompressionAlgorithm()).setMasterSecret(securityParameters.getMasterSecret()).setPeerCertificate(certificate).setPSKIdentity(securityParameters.getPSKIdentity()).setSRPIdentity(securityParameters.getSRPIdentity()).setServerExtensions(clientHandshakeState.f36745i).build();
            TlsSession importSession = TlsUtils.importSession(clientHandshakeState.f36739c.getSessionID(), clientHandshakeState.f36740d);
            clientHandshakeState.f36739c = importSession;
            clientHandshakeState.f36738b.c(importSession);
        }
        clientHandshakeState.f36737a.notifyHandshakeComplete();
        return new DTLSTransport(fVar);
    }

    protected byte[] h(ClientHandshakeState clientHandshakeState, DigitallySigned digitallySigned) {
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        digitallySigned.encode(byteArrayOutputStream);
        return byteArrayOutputStream.toByteArray();
    }

    protected byte[] i(ClientHandshakeState clientHandshakeState, TlsClient tlsClient) {
        byte[] bArr;
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        ProtocolVersion clientVersion = tlsClient.getClientVersion();
        if (!clientVersion.isDTLS()) {
            throw new TlsFatalAlert((short) 80);
        }
        m mVar = clientHandshakeState.f36738b;
        mVar.b(clientVersion);
        TlsUtils.writeVersion(clientVersion, byteArrayOutputStream);
        byteArrayOutputStream.write(mVar.getSecurityParameters().getClientRandom());
        byte[] bArr2 = TlsUtils.EMPTY_BYTES;
        TlsSession tlsSession = clientHandshakeState.f36739c;
        if (tlsSession == null || (bArr = tlsSession.getSessionID()) == null || bArr.length > 32) {
            bArr = bArr2;
        }
        TlsUtils.writeOpaque8(bArr, byteArrayOutputStream);
        TlsUtils.writeOpaque8(bArr2, byteArrayOutputStream);
        boolean isFallback = tlsClient.isFallback();
        clientHandshakeState.f36742f = tlsClient.getCipherSuites();
        Hashtable clientExtensions = tlsClient.getClientExtensions();
        clientHandshakeState.f36744h = clientExtensions;
        boolean z2 = TlsUtils.getExtensionData(clientExtensions, TlsProtocol.D) == null;
        boolean z3 = !Arrays.contains(clientHandshakeState.f36742f, 255);
        if (z2 && z3) {
            clientHandshakeState.f36742f = Arrays.append(clientHandshakeState.f36742f, 255);
        }
        if (isFallback && !Arrays.contains(clientHandshakeState.f36742f, CipherSuite.TLS_FALLBACK_SCSV)) {
            clientHandshakeState.f36742f = Arrays.append(clientHandshakeState.f36742f, CipherSuite.TLS_FALLBACK_SCSV);
        }
        TlsUtils.writeUint16ArrayWithUint16Length(clientHandshakeState.f36742f, byteArrayOutputStream);
        short[] sArr = {0};
        clientHandshakeState.f36743g = sArr;
        TlsUtils.writeUint8ArrayWithUint8Length(sArr, byteArrayOutputStream);
        Hashtable hashtable = clientHandshakeState.f36744h;
        if (hashtable != null) {
            TlsProtocol.R(byteArrayOutputStream, hashtable);
        }
        return byteArrayOutputStream.toByteArray();
    }

    protected byte[] j(ClientHandshakeState clientHandshakeState) {
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        clientHandshakeState.f36751o.generateClientKeyExchange(byteArrayOutputStream);
        return byteArrayOutputStream.toByteArray();
    }

    protected void k(ClientHandshakeState clientHandshakeState) {
        SessionParameters sessionParameters = clientHandshakeState.f36740d;
        if (sessionParameters != null) {
            sessionParameters.clear();
            clientHandshakeState.f36740d = null;
        }
        TlsSession tlsSession = clientHandshakeState.f36739c;
        if (tlsSession != null) {
            tlsSession.invalidate();
            clientHandshakeState.f36739c = null;
        }
    }

    protected void m(ClientHandshakeState clientHandshakeState, byte[] bArr) {
        if (clientHandshakeState.f36752p == null) {
            throw new TlsFatalAlert((short) 40);
        }
        ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(bArr);
        clientHandshakeState.f36754r = CertificateRequest.parse(clientHandshakeState.f36738b, byteArrayInputStream);
        TlsProtocol.c(byteArrayInputStream);
        clientHandshakeState.f36751o.validateCertificateRequest(clientHandshakeState.f36754r);
    }

    protected void n(ClientHandshakeState clientHandshakeState, byte[] bArr) {
        if (!clientHandshakeState.f36749m) {
            throw new TlsFatalAlert((short) 10);
        }
        ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(bArr);
        clientHandshakeState.f36753q = CertificateStatus.parse(byteArrayInputStream);
        TlsProtocol.c(byteArrayInputStream);
    }

    protected byte[] o(ClientHandshakeState clientHandshakeState, byte[] bArr) {
        ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(bArr);
        ProtocolVersion readVersion = TlsUtils.readVersion(byteArrayInputStream);
        byte[] readOpaque8 = TlsUtils.readOpaque8(byteArrayInputStream);
        TlsProtocol.c(byteArrayInputStream);
        if (!readVersion.isEqualOrEarlierVersionOf(clientHandshakeState.f36738b.getClientVersion())) {
            throw new TlsFatalAlert((short) 47);
        }
        if (ProtocolVersion.DTLSv12.isEqualOrEarlierVersionOf(readVersion) || readOpaque8.length <= 32) {
            return readOpaque8;
        }
        throw new TlsFatalAlert((short) 47);
    }

    protected void p(ClientHandshakeState clientHandshakeState, byte[] bArr) {
        ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(bArr);
        NewSessionTicket parse = NewSessionTicket.parse(byteArrayInputStream);
        TlsProtocol.c(byteArrayInputStream);
        clientHandshakeState.f36737a.notifyNewSessionTicket(parse);
    }

    protected Certificate q(ClientHandshakeState clientHandshakeState, byte[] bArr) {
        ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(bArr);
        Certificate parse = Certificate.parse(byteArrayInputStream);
        TlsProtocol.c(byteArrayInputStream);
        clientHandshakeState.f36751o.processServerCertificate(parse);
        TlsAuthentication authentication = clientHandshakeState.f36737a.getAuthentication();
        clientHandshakeState.f36752p = authentication;
        authentication.notifyServerCertificate(parse);
        return parse;
    }

    protected void r(ClientHandshakeState clientHandshakeState, byte[] bArr) {
        TlsSession tlsSession;
        SecurityParameters securityParameters = clientHandshakeState.f36738b.getSecurityParameters();
        ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(bArr);
        u(clientHandshakeState, TlsUtils.readVersion(byteArrayInputStream));
        securityParameters.f36820h = TlsUtils.readFully(32, byteArrayInputStream);
        byte[] readOpaque8 = TlsUtils.readOpaque8(byteArrayInputStream);
        clientHandshakeState.f36746j = readOpaque8;
        if (readOpaque8.length > 32) {
            throw new TlsFatalAlert((short) 47);
        }
        clientHandshakeState.f36737a.notifySessionID(readOpaque8);
        byte[] bArr2 = clientHandshakeState.f36746j;
        boolean z2 = false;
        clientHandshakeState.f36747k = bArr2.length > 0 && (tlsSession = clientHandshakeState.f36739c) != null && Arrays.areEqual(bArr2, tlsSession.getSessionID());
        int readUint16 = TlsUtils.readUint16(byteArrayInputStream);
        if (!Arrays.contains(clientHandshakeState.f36742f, readUint16) || readUint16 == 0 || CipherSuite.isSCSV(readUint16) || !TlsUtils.isValidCipherSuiteForVersion(readUint16, clientHandshakeState.f36738b.getServerVersion())) {
            throw new TlsFatalAlert((short) 47);
        }
        DTLSProtocol.f(readUint16, (short) 47);
        clientHandshakeState.f36737a.notifySelectedCipherSuite(readUint16);
        short readUint8 = TlsUtils.readUint8(byteArrayInputStream);
        if (!Arrays.contains(clientHandshakeState.f36743g, readUint8)) {
            throw new TlsFatalAlert((short) 47);
        }
        clientHandshakeState.f36737a.notifySelectedCompressionMethod(readUint8);
        Hashtable H = TlsProtocol.H(byteArrayInputStream);
        clientHandshakeState.f36745i = H;
        if (H != null) {
            Enumeration keys = H.keys();
            while (keys.hasMoreElements()) {
                Integer num = (Integer) keys.nextElement();
                if (!num.equals(TlsProtocol.D) && TlsUtils.getExtensionData(clientHandshakeState.f36744h, num) == null) {
                    throw new TlsFatalAlert((short) 110);
                }
            }
        }
        byte[] extensionData = TlsUtils.getExtensionData(clientHandshakeState.f36745i, TlsProtocol.D);
        if (extensionData != null) {
            clientHandshakeState.f36748l = true;
            if (!Arrays.constantTimeAreEqual(extensionData, TlsProtocol.i(TlsUtils.EMPTY_BYTES))) {
                throw new TlsFatalAlert((short) 40);
            }
        }
        clientHandshakeState.f36737a.notifySecureRenegotiation(clientHandshakeState.f36748l);
        Hashtable hashtable = clientHandshakeState.f36744h;
        Hashtable hashtable2 = clientHandshakeState.f36745i;
        if (clientHandshakeState.f36747k) {
            if (readUint16 != clientHandshakeState.f36740d.getCipherSuite() || readUint8 != clientHandshakeState.f36740d.getCompressionAlgorithm()) {
                throw new TlsFatalAlert((short) 47);
            }
            hashtable2 = clientHandshakeState.f36740d.readServerExtensions();
            hashtable = null;
        }
        securityParameters.f36814b = readUint16;
        securityParameters.f36815c = readUint8;
        if (hashtable2 != null) {
            boolean hasEncryptThenMACExtension = TlsExtensionsUtils.hasEncryptThenMACExtension(hashtable2);
            if (hasEncryptThenMACExtension && !TlsUtils.isBlockCipherSuite(securityParameters.getCipherSuite())) {
                throw new TlsFatalAlert((short) 47);
            }
            securityParameters.f36826n = hasEncryptThenMACExtension;
            securityParameters.f36827o = TlsExtensionsUtils.hasExtendedMasterSecretExtension(hashtable2);
            securityParameters.f36824l = DTLSProtocol.b(clientHandshakeState.f36747k, hashtable, hashtable2, (short) 47);
            securityParameters.f36825m = TlsExtensionsUtils.hasTruncatedHMacExtension(hashtable2);
            clientHandshakeState.f36749m = !clientHandshakeState.f36747k && TlsUtils.hasExpectedEmptyExtensionData(hashtable2, TlsExtensionsUtils.EXT_status_request, (short) 47);
            if (!clientHandshakeState.f36747k && TlsUtils.hasExpectedEmptyExtensionData(hashtable2, TlsProtocol.E, (short) 47)) {
                z2 = true;
            }
            clientHandshakeState.f36750n = z2;
        }
        if (hashtable != null) {
            clientHandshakeState.f36737a.processServerExtensions(hashtable2);
        }
        securityParameters.f36816d = TlsProtocol.q(clientHandshakeState.f36738b, securityParameters.getCipherSuite());
        securityParameters.f36817e = 12;
    }

    protected void s(ClientHandshakeState clientHandshakeState, byte[] bArr) {
        ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(bArr);
        clientHandshakeState.f36751o.processServerKeyExchange(byteArrayInputStream);
        TlsProtocol.c(byteArrayInputStream);
    }

    protected void t(ClientHandshakeState clientHandshakeState, byte[] bArr) {
        clientHandshakeState.f36737a.processServerSupplementalData(TlsProtocol.I(new ByteArrayInputStream(bArr)));
    }

    protected void u(ClientHandshakeState clientHandshakeState, ProtocolVersion protocolVersion) {
        m mVar = clientHandshakeState.f36738b;
        ProtocolVersion serverVersion = mVar.getServerVersion();
        if (serverVersion == null) {
            mVar.d(protocolVersion);
            clientHandshakeState.f36737a.notifyServerVersion(protocolVersion);
        } else if (!serverVersion.equals(protocolVersion)) {
            throw new TlsFatalAlert((short) 47);
        }
    }
}
