package org.bouncycastle.crypto.tls;

import defpackage.h0;
import defpackage.i61;
import defpackage.m61;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.security.SecureRandom;
import java.util.Enumeration;
import java.util.Hashtable;
import java.util.Vector;
import org.bouncycastle.crypto.tls.TlsProtocol;
import org.bouncycastle.util.Arrays;

/* loaded from: classes4.dex */
public class TlsClientProtocol extends TlsProtocol {

    /* renamed from: a, reason: collision with root package name */
    public i61 f27787a;

    /* renamed from: a, reason: collision with other field name */
    public CertificateRequest f13530a;

    /* renamed from: a, reason: collision with other field name */
    public CertificateStatus f13531a;

    /* renamed from: a, reason: collision with other field name */
    public TlsAuthentication f13532a;

    /* renamed from: a, reason: collision with other field name */
    public TlsClient f13533a;

    /* renamed from: a, reason: collision with other field name */
    public TlsKeyExchange f13534a;

    /* renamed from: a, reason: collision with other field name */
    public byte[] f13535a;

    public TlsClientProtocol(InputStream inputStream, OutputStream outputStream, SecureRandom secureRandom) {
        super(inputStream, outputStream, secureRandom);
        this.f13533a = null;
        this.f27787a = null;
        this.f13535a = null;
        this.f13534a = null;
        this.f13532a = null;
        this.f13531a = null;
        this.f13530a = null;
    }

    public TlsClientProtocol(SecureRandom secureRandom) {
        super(secureRandom);
        this.f13533a = null;
        this.f27787a = null;
        this.f13535a = null;
        this.f13534a = null;
        this.f13532a = null;
        this.f13531a = null;
        this.f13530a = null;
    }

    public void U(Vector vector) throws IOException {
        this.f13533a.processServerSupplementalData(vector);
        ((TlsProtocol) this).f13576a = (short) 3;
        TlsKeyExchange keyExchange = this.f13533a.getKeyExchange();
        this.f13534a = keyExchange;
        keyExchange.init(m());
    }

    public void V(ByteArrayInputStream byteArrayInputStream) throws IOException {
        NewSessionTicket parse = NewSessionTicket.parse(byteArrayInputStream);
        TlsProtocol.c(byteArrayInputStream);
        this.f13533a.notifyNewSessionTicket(parse);
    }

    public void W(ByteArrayInputStream byteArrayInputStream) throws IOException {
        TlsSession tlsSession;
        ProtocolVersion readVersion = TlsUtils.readVersion(byteArrayInputStream);
        if (readVersion.isDTLS()) {
            throw new TlsFatalAlert((short) 47);
        }
        if (!readVersion.equals(((TlsProtocol) this).f13575a.l())) {
            throw new TlsFatalAlert((short) 47);
        }
        if (!readVersion.isEqualOrEarlierVersionOf(m().getClientVersion())) {
            throw new TlsFatalAlert((short) 47);
        }
        ((TlsProtocol) this).f13575a.x(readVersion);
        n().d(readVersion);
        this.f13533a.notifyServerVersion(readVersion);
        ((TlsProtocol) this).f13572a.f13512c = TlsUtils.readFully(32, byteArrayInputStream);
        byte[] readOpaque8 = TlsUtils.readOpaque8(byteArrayInputStream);
        this.f13535a = readOpaque8;
        if (readOpaque8.length > 32) {
            throw new TlsFatalAlert((short) 47);
        }
        this.f13533a.notifySessionID(readOpaque8);
        byte[] bArr = this.f13535a;
        boolean z = false;
        ((TlsProtocol) this).f13577a = bArr.length > 0 && (tlsSession = ((TlsProtocol) this).f13574a) != null && Arrays.areEqual(bArr, tlsSession.getSessionID());
        int readUint16 = TlsUtils.readUint16(byteArrayInputStream);
        if (!Arrays.contains(((TlsProtocol) this).f13578a, readUint16) || readUint16 == 0 || CipherSuite.isSCSV(readUint16) || !TlsUtils.isValidCipherSuiteForVersion(readUint16, m().getServerVersion())) {
            throw new TlsFatalAlert((short) 47);
        }
        this.f13533a.notifySelectedCipherSuite(readUint16);
        short readUint8 = TlsUtils.readUint8(byteArrayInputStream);
        if (!Arrays.contains(((TlsProtocol) this).f13579a, readUint8)) {
            throw new TlsFatalAlert((short) 47);
        }
        this.f13533a.notifySelectedCompressionMethod(readUint8);
        ((TlsProtocol) this).f13580b = TlsProtocol.F(byteArrayInputStream);
        ((TlsProtocol) this).f13572a.f13511c = !TlsUtils.isSSL(this.f27787a) && TlsExtensionsUtils.hasExtendedMasterSecretExtension(((TlsProtocol) this).f13580b);
        if (!((TlsProtocol) this).f13572a.isExtendedMasterSecret() && (((TlsProtocol) this).f13577a || this.f13533a.requiresExtendedMasterSecret())) {
            throw new TlsFatalAlert((short) 40);
        }
        Hashtable hashtable = ((TlsProtocol) this).f13580b;
        if (hashtable != null) {
            Enumeration keys = hashtable.keys();
            while (keys.hasMoreElements()) {
                Integer num = (Integer) keys.nextElement();
                if (!num.equals(TlsProtocol.f27799a) && TlsUtils.getExtensionData(((TlsProtocol) this).f13568a, num) == null) {
                    throw new TlsFatalAlert(AlertDescription.unsupported_extension);
                }
            }
        }
        byte[] extensionData = TlsUtils.getExtensionData(((TlsProtocol) this).f13580b, TlsProtocol.f27799a);
        if (extensionData != null) {
            this.c = true;
            if (!Arrays.constantTimeAreEqual(extensionData, TlsProtocol.i(TlsUtils.EMPTY_BYTES))) {
                throw new TlsFatalAlert((short) 40);
            }
        }
        this.f13533a.notifySecureRenegotiation(this.c);
        Hashtable hashtable2 = ((TlsProtocol) this).f13568a;
        Hashtable hashtable3 = ((TlsProtocol) this).f13580b;
        if (((TlsProtocol) this).f13577a) {
            if (readUint16 != ((TlsProtocol) this).f13573a.getCipherSuite() || readUint8 != ((TlsProtocol) this).f13573a.getCompressionAlgorithm()) {
                throw new TlsFatalAlert((short) 47);
            }
            hashtable2 = null;
            hashtable3 = ((TlsProtocol) this).f13573a.readServerExtensions();
        }
        SecurityParameters securityParameters = ((TlsProtocol) this).f13572a;
        securityParameters.b = readUint16;
        securityParameters.f13505a = readUint8;
        if (hashtable3 != null && !hashtable3.isEmpty()) {
            boolean hasEncryptThenMACExtension = TlsExtensionsUtils.hasEncryptThenMACExtension(hashtable3);
            if (hasEncryptThenMACExtension && !TlsUtils.isBlockCipherSuite(readUint16)) {
                throw new TlsFatalAlert((short) 47);
            }
            SecurityParameters securityParameters2 = ((TlsProtocol) this).f13572a;
            securityParameters2.f13509b = hasEncryptThenMACExtension;
            securityParameters2.f13508b = A(hashtable2, hashtable3, (short) 47);
            ((TlsProtocol) this).f13572a.f13506a = TlsExtensionsUtils.hasTruncatedHMacExtension(hashtable3);
            this.d = !((TlsProtocol) this).f13577a && TlsUtils.hasExpectedEmptyExtensionData(hashtable3, TlsExtensionsUtils.EXT_status_request, (short) 47);
            if (!((TlsProtocol) this).f13577a && TlsUtils.hasExpectedEmptyExtensionData(hashtable3, TlsProtocol.b, (short) 47)) {
                z = true;
            }
            this.e = z;
        }
        if (hashtable2 != null) {
            this.f13533a.processServerExtensions(hashtable3);
        }
        ((TlsProtocol) this).f13572a.c = TlsProtocol.p(m(), ((TlsProtocol) this).f13572a.getCipherSuite());
        ((TlsProtocol) this).f13572a.d = 12;
    }

    public void X(DigitallySigned digitallySigned) throws IOException {
        TlsProtocol.a aVar = new TlsProtocol.a(this, (short) 15);
        digitallySigned.encode(aVar);
        aVar.a();
    }

    public void Y() throws IOException {
        byte[] bArr;
        SessionParameters sessionParameters;
        ((TlsProtocol) this).f13575a.x(this.f13533a.getClientHelloRecordLayerVersion());
        ProtocolVersion clientVersion = this.f13533a.getClientVersion();
        if (clientVersion.isDTLS()) {
            throw new TlsFatalAlert((short) 80);
        }
        n().b(clientVersion);
        byte[] bArr2 = TlsUtils.EMPTY_BYTES;
        TlsSession tlsSession = ((TlsProtocol) this).f13574a;
        if (tlsSession == null || (bArr = tlsSession.getSessionID()) == null || bArr.length > 32) {
            bArr = bArr2;
        }
        boolean isFallback = this.f13533a.isFallback();
        ((TlsProtocol) this).f13578a = this.f13533a.getCipherSuites();
        ((TlsProtocol) this).f13579a = this.f13533a.getCompressionMethods();
        if (bArr.length <= 0 || (sessionParameters = ((TlsProtocol) this).f13573a) == null || (sessionParameters.isExtendedMasterSecret() && Arrays.contains(((TlsProtocol) this).f13578a, ((TlsProtocol) this).f13573a.getCipherSuite()) && Arrays.contains(((TlsProtocol) this).f13579a, ((TlsProtocol) this).f13573a.getCompressionAlgorithm()))) {
            bArr2 = bArr;
        }
        ((TlsProtocol) this).f13568a = TlsExtensionsUtils.ensureExtensionsInitialised(this.f13533a.getClientExtensions());
        if (!clientVersion.isSSL()) {
            TlsExtensionsUtils.addExtendedMasterSecretExtension(((TlsProtocol) this).f13568a);
        }
        TlsProtocol.a aVar = new TlsProtocol.a(this, (short) 1);
        TlsUtils.writeVersion(clientVersion, aVar);
        aVar.write(((TlsProtocol) this).f13572a.getClientRandom());
        TlsUtils.writeOpaque8(bArr2, aVar);
        boolean z = TlsUtils.getExtensionData(((TlsProtocol) this).f13568a, TlsProtocol.f27799a) == null;
        boolean z2 = !Arrays.contains(((TlsProtocol) this).f13578a, 255);
        if (z && z2) {
            ((TlsProtocol) this).f13578a = Arrays.append(((TlsProtocol) this).f13578a, 255);
        }
        if (isFallback && !Arrays.contains(((TlsProtocol) this).f13578a, CipherSuite.TLS_FALLBACK_SCSV)) {
            ((TlsProtocol) this).f13578a = Arrays.append(((TlsProtocol) this).f13578a, CipherSuite.TLS_FALLBACK_SCSV);
        }
        TlsUtils.writeUint16ArrayWithUint16Length(((TlsProtocol) this).f13578a, aVar);
        TlsUtils.writeUint8ArrayWithUint8Length(((TlsProtocol) this).f13579a, aVar);
        TlsProtocol.Q(aVar, ((TlsProtocol) this).f13568a);
        aVar.a();
    }

    public void Z() throws IOException {
        TlsProtocol.a aVar = new TlsProtocol.a(this, (short) 16);
        this.f13534a.generateClientKeyExchange(aVar);
        aVar.a();
    }

    public void connect(TlsClient tlsClient) throws IOException {
        SessionParameters exportSessionParameters;
        if (tlsClient == null) {
            throw new IllegalArgumentException("'tlsClient' cannot be null");
        }
        if (this.f13533a != null) {
            throw new IllegalStateException("'connect' can only be called once");
        }
        this.f13533a = tlsClient;
        SecurityParameters securityParameters = new SecurityParameters();
        ((TlsProtocol) this).f13572a = securityParameters;
        securityParameters.f27778a = 1;
        this.f27787a = new i61(((TlsProtocol) this).f13567a, ((TlsProtocol) this).f13572a);
        ((TlsProtocol) this).f13572a.f13510b = TlsProtocol.h(tlsClient.shouldUseGMTUnixTime(), this.f27787a.getNonceRandomGenerator());
        this.f13533a.init(this.f27787a);
        ((TlsProtocol) this).f13575a.m(this.f27787a);
        tlsClient.notifyCloseHandle(this);
        TlsSession sessionToResume = tlsClient.getSessionToResume();
        if (sessionToResume != null && sessionToResume.isResumable() && (exportSessionParameters = sessionToResume.exportSessionParameters()) != null && exportSessionParameters.isExtendedMasterSecret()) {
            ((TlsProtocol) this).f13574a = sessionToResume;
            ((TlsProtocol) this).f13573a = exportSessionParameters;
        }
        Y();
        ((TlsProtocol) this).f13576a = (short) 1;
        d();
    }

    @Override // org.bouncycastle.crypto.tls.TlsProtocol
    public void f() {
        super.f();
        this.f13535a = null;
        this.f13534a = null;
        this.f13532a = null;
        this.f13531a = null;
        this.f13530a = null;
    }

    @Override // org.bouncycastle.crypto.tls.TlsProtocol
    public TlsContext m() {
        return this.f27787a;
    }

    @Override // org.bouncycastle.crypto.tls.TlsProtocol
    public h0 n() {
        return this.f27787a;
    }

    @Override // org.bouncycastle.crypto.tls.TlsProtocol
    public TlsPeer q() {
        return this.f13533a;
    }

    /* JADX WARN: Failed to find 'out' block for switch in B:26:0x004c. Please report as an issue. */
    @Override // org.bouncycastle.crypto.tls.TlsProtocol
    public void x(short s, ByteArrayInputStream byteArrayInputStream) throws IOException {
        TlsCredentials clientCredentials;
        Certificate certificate;
        if (((TlsProtocol) this).f13577a) {
            if (s != 20 || ((TlsProtocol) this).f13576a != 2) {
                throw new TlsFatalAlert((short) 10);
            }
            z(byteArrayInputStream);
            ((TlsProtocol) this).f13576a = (short) 15;
            M();
            N();
            ((TlsProtocol) this).f13576a = (short) 13;
            g();
            return;
        }
        if (s == 0) {
            TlsProtocol.c(byteArrayInputStream);
            if (((TlsProtocol) this).f13576a == 16) {
                H();
                return;
            }
            return;
        }
        if (s == 2) {
            if (((TlsProtocol) this).f13576a != 1) {
                throw new TlsFatalAlert((short) 10);
            }
            W(byteArrayInputStream);
            ((TlsProtocol) this).f13576a = (short) 2;
            ((TlsProtocol) this).f13575a.n();
            b();
            if (((TlsProtocol) this).f13577a) {
                ((TlsProtocol) this).f13572a.f13507a = Arrays.clone(((TlsProtocol) this).f13573a.getMasterSecret());
                ((TlsProtocol) this).f13575a.t(q().getCompression(), q().getCipher());
                return;
            }
            y();
            byte[] bArr = this.f13535a;
            if (bArr.length > 0) {
                ((TlsProtocol) this).f13574a = new m61(bArr, null);
                return;
            }
            return;
        }
        if (s == 4) {
            if (((TlsProtocol) this).f13576a != 13) {
                throw new TlsFatalAlert((short) 10);
            }
            if (!this.e) {
                throw new TlsFatalAlert((short) 10);
            }
            y();
            V(byteArrayInputStream);
            ((TlsProtocol) this).f13576a = (short) 14;
            return;
        }
        if (s == 20) {
            short s2 = ((TlsProtocol) this).f13576a;
            if (s2 != 13) {
                if (s2 != 14) {
                    throw new TlsFatalAlert((short) 10);
                }
            } else if (this.e) {
                throw new TlsFatalAlert((short) 10);
            }
            z(byteArrayInputStream);
            ((TlsProtocol) this).f13576a = (short) 15;
            g();
            return;
        }
        if (s == 22) {
            if (((TlsProtocol) this).f13576a != 4) {
                throw new TlsFatalAlert((short) 10);
            }
            if (!this.d) {
                throw new TlsFatalAlert((short) 10);
            }
            this.f13531a = CertificateStatus.parse(byteArrayInputStream);
            TlsProtocol.c(byteArrayInputStream);
            ((TlsProtocol) this).f13576a = (short) 5;
            return;
        }
        if (s == 23) {
            if (((TlsProtocol) this).f13576a != 2) {
                throw new TlsFatalAlert((short) 10);
            }
            U(TlsProtocol.G(byteArrayInputStream));
            return;
        }
        switch (s) {
            case 11:
                short s3 = ((TlsProtocol) this).f13576a;
                if (s3 == 2) {
                    U(null);
                } else if (s3 != 3) {
                    throw new TlsFatalAlert((short) 10);
                }
                ((TlsProtocol) this).f13571a = Certificate.parse(byteArrayInputStream);
                TlsProtocol.c(byteArrayInputStream);
                Certificate certificate2 = ((TlsProtocol) this).f13571a;
                if (certificate2 == null || certificate2.isEmpty()) {
                    this.d = false;
                }
                this.f13534a.processServerCertificate(((TlsProtocol) this).f13571a);
                TlsAuthentication authentication = this.f13533a.getAuthentication();
                this.f13532a = authentication;
                authentication.notifyServerCertificate(((TlsProtocol) this).f13571a);
                ((TlsProtocol) this).f13576a = (short) 4;
                return;
            case 12:
                short s4 = ((TlsProtocol) this).f13576a;
                if (s4 == 2) {
                    U(null);
                } else if (s4 != 3) {
                    if (s4 != 4 && s4 != 5) {
                        throw new TlsFatalAlert((short) 10);
                    }
                    this.f13534a.processServerKeyExchange(byteArrayInputStream);
                    TlsProtocol.c(byteArrayInputStream);
                    ((TlsProtocol) this).f13576a = (short) 6;
                    return;
                }
                this.f13534a.skipServerCredentials();
                this.f13532a = null;
                this.f13534a.processServerKeyExchange(byteArrayInputStream);
                TlsProtocol.c(byteArrayInputStream);
                ((TlsProtocol) this).f13576a = (short) 6;
                return;
            case 13:
                short s5 = ((TlsProtocol) this).f13576a;
                if (s5 == 4 || s5 == 5) {
                    this.f13534a.skipServerKeyExchange();
                } else if (s5 != 6) {
                    throw new TlsFatalAlert((short) 10);
                }
                if (this.f13532a == null) {
                    throw new TlsFatalAlert((short) 40);
                }
                this.f13530a = CertificateRequest.parse(m(), byteArrayInputStream);
                TlsProtocol.c(byteArrayInputStream);
                this.f13534a.validateCertificateRequest(this.f13530a);
                TlsUtils.j(((TlsProtocol) this).f13575a.i(), this.f13530a.getSupportedSignatureAlgorithms());
                ((TlsProtocol) this).f13576a = (short) 7;
                return;
            case 14:
                switch (((TlsProtocol) this).f13576a) {
                    case 2:
                        U(null);
                    case 3:
                        this.f13534a.skipServerCredentials();
                        this.f13532a = null;
                    case 4:
                    case 5:
                        this.f13534a.skipServerKeyExchange();
                    case 6:
                    case 7:
                        TlsProtocol.c(byteArrayInputStream);
                        ((TlsProtocol) this).f13576a = (short) 8;
                        ((TlsProtocol) this).f13575a.i().sealHashAlgorithms();
                        Vector clientSupplementalData = this.f13533a.getClientSupplementalData();
                        if (clientSupplementalData != null) {
                            O(clientSupplementalData);
                        }
                        ((TlsProtocol) this).f13576a = (short) 9;
                        CertificateRequest certificateRequest = this.f13530a;
                        if (certificateRequest == null) {
                            this.f13534a.skipClientCredentials();
                            clientCredentials = null;
                        } else {
                            clientCredentials = this.f13532a.getClientCredentials(certificateRequest);
                            TlsKeyExchange tlsKeyExchange = this.f13534a;
                            if (clientCredentials == null) {
                                tlsKeyExchange.skipClientCredentials();
                                certificate = Certificate.EMPTY_CHAIN;
                            } else {
                                tlsKeyExchange.processClientCredentials(clientCredentials);
                                certificate = clientCredentials.getCertificate();
                            }
                            L(certificate);
                        }
                        ((TlsProtocol) this).f13576a = (short) 10;
                        Z();
                        ((TlsProtocol) this).f13576a = (short) 11;
                        if (TlsUtils.isSSL(m())) {
                            TlsProtocol.k(m(), this.f13534a);
                        }
                        TlsHandshakeHash o = ((TlsProtocol) this).f13575a.o();
                        ((TlsProtocol) this).f13572a.f13513d = TlsProtocol.o(m(), o, null);
                        if (!TlsUtils.isSSL(m())) {
                            TlsProtocol.k(m(), this.f13534a);
                        }
                        ((TlsProtocol) this).f13575a.t(q().getCompression(), q().getCipher());
                        if (clientCredentials != null && (clientCredentials instanceof TlsSignerCredentials)) {
                            TlsSignerCredentials tlsSignerCredentials = (TlsSignerCredentials) clientCredentials;
                            SignatureAndHashAlgorithm signatureAndHashAlgorithm = TlsUtils.getSignatureAndHashAlgorithm(m(), tlsSignerCredentials);
                            X(new DigitallySigned(signatureAndHashAlgorithm, tlsSignerCredentials.generateCertificateSignature(signatureAndHashAlgorithm == null ? ((TlsProtocol) this).f13572a.getSessionHash() : o.getFinalHash(signatureAndHashAlgorithm.getHash()))));
                            ((TlsProtocol) this).f13576a = (short) 12;
                        }
                        M();
                        N();
                        ((TlsProtocol) this).f13576a = (short) 13;
                        return;
                    default:
                        throw new TlsFatalAlert((short) 10);
                }
                break;
            default:
                throw new TlsFatalAlert((short) 10);
        }
    }
}
