package org.bouncycastle.crypto.tls;

import defpackage.db3;
import defpackage.eb3;
import defpackage.kb3;
import defpackage.ob3;
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.security.SecureRandom;
import java.util.Enumeration;
import java.util.Hashtable;
import java.util.Vector;
import org.bouncycastle.crypto.tls.SessionParameters;
import org.bouncycastle.util.Arrays;

/* loaded from: classes7.dex */
public class DTLSClientProtocol extends DTLSProtocol {

    /* loaded from: classes7.dex */
    public static class ClientHandshakeState {
        public CertificateStatus p;

        /* renamed from: a, reason: collision with root package name */
        public TlsClient f9806a = null;
        public kb3 b = null;
        public TlsSession c = null;
        public SessionParameters d = null;
        public int[] e = null;
        public short[] f = null;
        public Hashtable g = null;
        public Hashtable h = null;
        public byte[] i = null;
        public boolean j = false;
        public boolean k = false;
        public boolean l = false;
        public boolean m = false;
        public TlsKeyExchange n = null;
        public TlsAuthentication o = null;
        public CertificateRequest q = null;
        public TlsCredentials r = null;
    }

    public DTLSClientProtocol(SecureRandom secureRandom) {
        super(secureRandom);
    }

    public static byte[] patchClientHelloWithCookie(byte[] bArr, byte[] bArr2) throws IOException {
        int readUint8 = TlsUtils.readUint8(bArr, 34) + 35;
        int i = readUint8 + 1;
        byte[] bArr3 = new byte[bArr.length + bArr2.length];
        System.arraycopy(bArr, 0, bArr3, 0, readUint8);
        TlsUtils.checkUint8(bArr2.length);
        TlsUtils.writeUint8(bArr2.length, bArr3, readUint8);
        System.arraycopy(bArr2, 0, bArr3, i, bArr2.length);
        System.arraycopy(bArr, i, bArr3, bArr2.length + i, bArr.length - i);
        return bArr3;
    }

    public DTLSTransport clientHandshake(ClientHandshakeState clientHandshakeState, db3 db3Var) throws IOException {
        eb3.b bVar;
        Certificate certificate;
        kb3 kb3Var = clientHandshakeState.b;
        SecurityParameters securityParameters = kb3Var.c;
        eb3 eb3Var = new eb3(kb3Var, db3Var);
        byte[] generateClientHello = generateClientHello(clientHandshakeState, clientHandshakeState.f9806a);
        db3Var.g = ProtocolVersion.DTLSv10;
        eb3Var.a((short) 1, generateClientHello);
        while (true) {
            eb3.b c = eb3Var.c();
            short s = c.b;
            if (s != 3) {
                if (s != 2) {
                    throw new TlsFatalAlert((short) 10);
                }
                ProtocolVersion protocolVersion = db3Var.f;
                reportServerVersion(clientHandshakeState, protocolVersion);
                db3Var.g = protocolVersion;
                processServerHello(clientHandshakeState, c.c);
                eb3Var.b = eb3Var.b.notifyPRFDetermined();
                DTLSProtocol.applyMaxFragmentLengthExtension(db3Var, securityParameters.l);
                if (clientHandshakeState.j) {
                    securityParameters.f = Arrays.clone(clientHandshakeState.d.getMasterSecret());
                    db3Var.a(clientHandshakeState.f9806a.getCipher());
                    kb3 kb3Var2 = clientHandshakeState.b;
                    processFinished(eb3Var.a((short) 20), TlsUtils.a(kb3Var2, ExporterLabel.server_finished, TlsProtocol.getCurrentPRFHash(kb3Var2, eb3Var.b, null)));
                    kb3 kb3Var3 = clientHandshakeState.b;
                    eb3Var.a((short) 20, TlsUtils.a(kb3Var3, ExporterLabel.client_finished, TlsProtocol.getCurrentPRFHash(kb3Var3, eb3Var.b, null)));
                    eb3Var.b();
                    clientHandshakeState.b.f = clientHandshakeState.c;
                    clientHandshakeState.f9806a.notifyHandshakeComplete();
                    return new DTLSTransport(db3Var);
                }
                invalidateSession(clientHandshakeState);
                byte[] bArr = clientHandshakeState.i;
                if (bArr.length > 0) {
                    clientHandshakeState.c = new ob3(bArr, null);
                }
                eb3.b c2 = eb3Var.c();
                if (c2.b == 23) {
                    processServerSupplementalData(clientHandshakeState, c2.c);
                    c2 = eb3Var.c();
                } else {
                    clientHandshakeState.f9806a.processServerSupplementalData(null);
                }
                clientHandshakeState.n = clientHandshakeState.f9806a.getKeyExchange();
                clientHandshakeState.n.init(clientHandshakeState.b);
                if (c2.b == 11) {
                    certificate = processServerCertificate(clientHandshakeState, c2.c);
                    bVar = eb3Var.c();
                } else {
                    clientHandshakeState.n.skipServerCredentials();
                    bVar = c2;
                    certificate = null;
                }
                if (certificate == null || certificate.isEmpty()) {
                    clientHandshakeState.l = false;
                }
                if (bVar.b == 22) {
                    processCertificateStatus(clientHandshakeState, bVar.c);
                    bVar = eb3Var.c();
                }
                if (bVar.b == 12) {
                    processServerKeyExchange(clientHandshakeState, bVar.c);
                    bVar = eb3Var.c();
                } else {
                    clientHandshakeState.n.skipServerKeyExchange();
                }
                if (bVar.b == 13) {
                    processCertificateRequest(clientHandshakeState, bVar.c);
                    TlsUtils.a(eb3Var.b, clientHandshakeState.q.getSupportedSignatureAlgorithms());
                    bVar = eb3Var.c();
                }
                if (bVar.b != 14) {
                    throw new TlsFatalAlert((short) 10);
                }
                if (bVar.c.length != 0) {
                    throw new TlsFatalAlert((short) 50);
                }
                eb3Var.b.sealHashAlgorithms();
                Vector clientSupplementalData = clientHandshakeState.f9806a.getClientSupplementalData();
                if (clientSupplementalData != null) {
                    eb3Var.a((short) 23, DTLSProtocol.generateSupplementalData(clientSupplementalData));
                }
                CertificateRequest certificateRequest = clientHandshakeState.q;
                if (certificateRequest != null) {
                    clientHandshakeState.r = clientHandshakeState.o.getClientCredentials(certificateRequest);
                    TlsCredentials tlsCredentials = clientHandshakeState.r;
                    Certificate certificate2 = tlsCredentials != null ? tlsCredentials.getCertificate() : null;
                    if (certificate2 == null) {
                        certificate2 = Certificate.EMPTY_CHAIN;
                    }
                    eb3Var.a((short) 11, DTLSProtocol.generateCertificate(certificate2));
                }
                TlsCredentials tlsCredentials2 = clientHandshakeState.r;
                if (tlsCredentials2 != null) {
                    clientHandshakeState.n.processClientCredentials(tlsCredentials2);
                } else {
                    clientHandshakeState.n.skipClientCredentials();
                }
                eb3Var.a((short) 16, generateClientKeyExchange(clientHandshakeState));
                TlsHandshakeHash tlsHandshakeHash = eb3Var.b;
                eb3Var.b = tlsHandshakeHash.stopTracking();
                securityParameters.i = TlsProtocol.getCurrentPRFHash(clientHandshakeState.b, tlsHandshakeHash, null);
                TlsProtocol.establishMasterSecret(clientHandshakeState.b, clientHandshakeState.n);
                db3Var.a(clientHandshakeState.f9806a.getCipher());
                TlsCredentials tlsCredentials3 = clientHandshakeState.r;
                if (tlsCredentials3 != null && (tlsCredentials3 instanceof TlsSignerCredentials)) {
                    TlsSignerCredentials tlsSignerCredentials = (TlsSignerCredentials) tlsCredentials3;
                    SignatureAndHashAlgorithm signatureAndHashAlgorithm = TlsUtils.getSignatureAndHashAlgorithm(clientHandshakeState.b, tlsSignerCredentials);
                    eb3Var.a((short) 15, generateCertificateVerify(clientHandshakeState, new DigitallySigned(signatureAndHashAlgorithm, tlsSignerCredentials.generateCertificateSignature(signatureAndHashAlgorithm == null ? securityParameters.getSessionHash() : tlsHandshakeHash.getFinalHash(signatureAndHashAlgorithm.getHash())))));
                }
                kb3 kb3Var4 = clientHandshakeState.b;
                eb3Var.a((short) 20, TlsUtils.a(kb3Var4, ExporterLabel.client_finished, TlsProtocol.getCurrentPRFHash(kb3Var4, eb3Var.b, null)));
                if (clientHandshakeState.m) {
                    eb3.b c3 = eb3Var.c();
                    if (c3.b != 4) {
                        throw new TlsFatalAlert((short) 10);
                    }
                    processNewSessionTicket(clientHandshakeState, c3.c);
                }
                kb3 kb3Var5 = clientHandshakeState.b;
                processFinished(eb3Var.a((short) 20), TlsUtils.a(kb3Var5, ExporterLabel.server_finished, TlsProtocol.getCurrentPRFHash(kb3Var5, eb3Var.b, null)));
                eb3Var.b();
                if (clientHandshakeState.c != null) {
                    clientHandshakeState.d = new SessionParameters.Builder().setCipherSuite(securityParameters.getCipherSuite()).setCompressionAlgorithm(securityParameters.getCompressionAlgorithm()).setMasterSecret(securityParameters.getMasterSecret()).setPeerCertificate(certificate).setPSKIdentity(securityParameters.getPSKIdentity()).setSRPIdentity(securityParameters.getSRPIdentity()).setServerExtensions(clientHandshakeState.h).build();
                    clientHandshakeState.c = TlsUtils.importSession(clientHandshakeState.c.getSessionID(), clientHandshakeState.d);
                    clientHandshakeState.b.f = clientHandshakeState.c;
                }
                clientHandshakeState.f9806a.notifyHandshakeComplete();
                return new DTLSTransport(db3Var);
            }
            if (!db3Var.f.isEqualOrEarlierVersionOf(clientHandshakeState.b.d)) {
                throw new TlsFatalAlert((short) 47);
            }
            db3Var.f = null;
            byte[] patchClientHelloWithCookie = patchClientHelloWithCookie(generateClientHello, processHelloVerifyRequest(clientHandshakeState, c.c));
            eb3Var.b.reset();
            eb3Var.a((short) 1, patchClientHelloWithCookie);
        }
    }

    public DTLSTransport connect(TlsClient tlsClient, DatagramTransport datagramTransport) throws IOException {
        SessionParameters exportSessionParameters;
        if (tlsClient == null) {
            throw new IllegalArgumentException("'client' cannot be null");
        }
        if (datagramTransport == null) {
            throw new IllegalArgumentException("'transport' cannot be null");
        }
        SecurityParameters securityParameters = new SecurityParameters();
        securityParameters.f9811a = 1;
        ClientHandshakeState clientHandshakeState = new ClientHandshakeState();
        clientHandshakeState.f9806a = tlsClient;
        clientHandshakeState.b = new kb3(this.secureRandom, securityParameters);
        securityParameters.g = TlsProtocol.createRandomBlock(tlsClient.shouldUseGMTUnixTime(), clientHandshakeState.b.f11573a);
        tlsClient.init(clientHandshakeState.b);
        db3 db3Var = new db3(datagramTransport, clientHandshakeState.b, tlsClient);
        TlsSession sessionToResume = clientHandshakeState.f9806a.getSessionToResume();
        if (sessionToResume != null && sessionToResume.isResumable() && (exportSessionParameters = sessionToResume.exportSessionParameters()) != null) {
            clientHandshakeState.c = sessionToResume;
            clientHandshakeState.d = exportSessionParameters;
        }
        try {
            return clientHandshake(clientHandshakeState, db3Var);
        } catch (IOException e) {
            db3Var.a((short) 80);
            throw e;
        } catch (RuntimeException e2) {
            db3Var.a((short) 80);
            throw new TlsFatalAlert((short) 80, e2);
        } catch (TlsFatalAlert e3) {
            db3Var.a(e3.getAlertDescription());
            throw e3;
        }
    }

    public byte[] generateCertificateVerify(ClientHandshakeState clientHandshakeState, DigitallySigned digitallySigned) throws IOException {
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        digitallySigned.encode(byteArrayOutputStream);
        return byteArrayOutputStream.toByteArray();
    }

    public byte[] generateClientHello(ClientHandshakeState clientHandshakeState, TlsClient tlsClient) throws IOException {
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        ProtocolVersion clientVersion = tlsClient.getClientVersion();
        if (!clientVersion.isDTLS()) {
            throw new TlsFatalAlert((short) 80);
        }
        kb3 kb3Var = clientHandshakeState.b;
        kb3Var.d = clientVersion;
        TlsUtils.writeVersion(clientVersion, byteArrayOutputStream);
        byteArrayOutputStream.write(kb3Var.c.getClientRandom());
        byte[] bArr = TlsUtils.EMPTY_BYTES;
        TlsSession tlsSession = clientHandshakeState.c;
        if (tlsSession != null && ((bArr = tlsSession.getSessionID()) == null || bArr.length > 32)) {
            bArr = TlsUtils.EMPTY_BYTES;
        }
        TlsUtils.writeOpaque8(bArr, byteArrayOutputStream);
        TlsUtils.writeOpaque8(TlsUtils.EMPTY_BYTES, byteArrayOutputStream);
        boolean isFallback = tlsClient.isFallback();
        clientHandshakeState.e = tlsClient.getCipherSuites();
        clientHandshakeState.g = tlsClient.getClientExtensions();
        boolean z = TlsUtils.getExtensionData(clientHandshakeState.g, TlsProtocol.EXT_RenegotiationInfo) == null;
        boolean z2 = !Arrays.contains(clientHandshakeState.e, 255);
        if (z && z2) {
            clientHandshakeState.e = Arrays.append(clientHandshakeState.e, 255);
        }
        if (isFallback && !Arrays.contains(clientHandshakeState.e, CipherSuite.TLS_FALLBACK_SCSV)) {
            clientHandshakeState.e = Arrays.append(clientHandshakeState.e, CipherSuite.TLS_FALLBACK_SCSV);
        }
        TlsUtils.writeUint16ArrayWithUint16Length(clientHandshakeState.e, byteArrayOutputStream);
        clientHandshakeState.f = new short[]{0};
        TlsUtils.writeUint8ArrayWithUint8Length(clientHandshakeState.f, byteArrayOutputStream);
        Hashtable hashtable = clientHandshakeState.g;
        if (hashtable != null) {
            TlsProtocol.writeExtensions(byteArrayOutputStream, hashtable);
        }
        return byteArrayOutputStream.toByteArray();
    }

    public byte[] generateClientKeyExchange(ClientHandshakeState clientHandshakeState) throws IOException {
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        clientHandshakeState.n.generateClientKeyExchange(byteArrayOutputStream);
        return byteArrayOutputStream.toByteArray();
    }

    public void invalidateSession(ClientHandshakeState clientHandshakeState) {
        SessionParameters sessionParameters = clientHandshakeState.d;
        if (sessionParameters != null) {
            sessionParameters.clear();
            clientHandshakeState.d = null;
        }
        TlsSession tlsSession = clientHandshakeState.c;
        if (tlsSession != null) {
            tlsSession.invalidate();
            clientHandshakeState.c = null;
        }
    }

    public void processCertificateRequest(ClientHandshakeState clientHandshakeState, byte[] bArr) throws IOException {
        if (clientHandshakeState.o == null) {
            throw new TlsFatalAlert((short) 40);
        }
        ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(bArr);
        clientHandshakeState.q = CertificateRequest.parse(clientHandshakeState.b, byteArrayInputStream);
        TlsProtocol.assertEmpty(byteArrayInputStream);
        clientHandshakeState.n.validateCertificateRequest(clientHandshakeState.q);
    }

    public void processCertificateStatus(ClientHandshakeState clientHandshakeState, byte[] bArr) throws IOException {
        if (!clientHandshakeState.l) {
            throw new TlsFatalAlert((short) 10);
        }
        ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(bArr);
        clientHandshakeState.p = CertificateStatus.parse(byteArrayInputStream);
        TlsProtocol.assertEmpty(byteArrayInputStream);
    }

    public byte[] processHelloVerifyRequest(ClientHandshakeState clientHandshakeState, byte[] bArr) throws IOException {
        ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(bArr);
        ProtocolVersion readVersion = TlsUtils.readVersion(byteArrayInputStream);
        byte[] readOpaque8 = TlsUtils.readOpaque8(byteArrayInputStream);
        TlsProtocol.assertEmpty(byteArrayInputStream);
        if (!readVersion.isEqualOrEarlierVersionOf(clientHandshakeState.b.d)) {
            throw new TlsFatalAlert((short) 47);
        }
        if (ProtocolVersion.DTLSv12.isEqualOrEarlierVersionOf(readVersion) || readOpaque8.length <= 32) {
            return readOpaque8;
        }
        throw new TlsFatalAlert((short) 47);
    }

    public void processNewSessionTicket(ClientHandshakeState clientHandshakeState, byte[] bArr) throws IOException {
        ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(bArr);
        NewSessionTicket parse = NewSessionTicket.parse(byteArrayInputStream);
        TlsProtocol.assertEmpty(byteArrayInputStream);
        clientHandshakeState.f9806a.notifyNewSessionTicket(parse);
    }

    public Certificate processServerCertificate(ClientHandshakeState clientHandshakeState, byte[] bArr) throws IOException {
        ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(bArr);
        Certificate parse = Certificate.parse(byteArrayInputStream);
        TlsProtocol.assertEmpty(byteArrayInputStream);
        clientHandshakeState.n.processServerCertificate(parse);
        clientHandshakeState.o = clientHandshakeState.f9806a.getAuthentication();
        clientHandshakeState.o.notifyServerCertificate(parse);
        return parse;
    }

    public void processServerHello(ClientHandshakeState clientHandshakeState, byte[] bArr) throws IOException {
        TlsSession tlsSession;
        SecurityParameters securityParameters = clientHandshakeState.b.c;
        ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(bArr);
        reportServerVersion(clientHandshakeState, TlsUtils.readVersion(byteArrayInputStream));
        securityParameters.h = TlsUtils.readFully(32, byteArrayInputStream);
        clientHandshakeState.i = TlsUtils.readOpaque8(byteArrayInputStream);
        byte[] bArr2 = clientHandshakeState.i;
        if (bArr2.length > 32) {
            throw new TlsFatalAlert((short) 47);
        }
        clientHandshakeState.f9806a.notifySessionID(bArr2);
        byte[] bArr3 = clientHandshakeState.i;
        boolean z = false;
        clientHandshakeState.j = bArr3.length > 0 && (tlsSession = clientHandshakeState.c) != null && Arrays.areEqual(bArr3, tlsSession.getSessionID());
        int readUint16 = TlsUtils.readUint16(byteArrayInputStream);
        if (!Arrays.contains(clientHandshakeState.e, readUint16) || readUint16 == 0 || CipherSuite.isSCSV(readUint16) || !TlsUtils.isValidCipherSuiteForVersion(readUint16, clientHandshakeState.b.e)) {
            throw new TlsFatalAlert((short) 47);
        }
        DTLSProtocol.validateSelectedCipherSuite(readUint16, (short) 47);
        clientHandshakeState.f9806a.notifySelectedCipherSuite(readUint16);
        short readUint8 = TlsUtils.readUint8(byteArrayInputStream);
        if (!Arrays.contains(clientHandshakeState.f, readUint8)) {
            throw new TlsFatalAlert((short) 47);
        }
        clientHandshakeState.f9806a.notifySelectedCompressionMethod(readUint8);
        clientHandshakeState.h = TlsProtocol.readExtensions(byteArrayInputStream);
        Hashtable hashtable = clientHandshakeState.h;
        if (hashtable != null) {
            Enumeration keys = hashtable.keys();
            while (keys.hasMoreElements()) {
                Integer num = (Integer) keys.nextElement();
                if (!num.equals(TlsProtocol.EXT_RenegotiationInfo)) {
                    if (TlsUtils.getExtensionData(clientHandshakeState.g, num) == null) {
                        throw new TlsFatalAlert(AlertDescription.unsupported_extension);
                    }
                    boolean z2 = clientHandshakeState.j;
                }
            }
        }
        byte[] extensionData = TlsUtils.getExtensionData(clientHandshakeState.h, TlsProtocol.EXT_RenegotiationInfo);
        if (extensionData != null) {
            clientHandshakeState.k = true;
            if (!Arrays.constantTimeAreEqual(extensionData, TlsProtocol.createRenegotiationInfo(TlsUtils.EMPTY_BYTES))) {
                throw new TlsFatalAlert((short) 40);
            }
        }
        clientHandshakeState.f9806a.notifySecureRenegotiation(clientHandshakeState.k);
        Hashtable hashtable2 = clientHandshakeState.g;
        Hashtable hashtable3 = clientHandshakeState.h;
        if (clientHandshakeState.j) {
            if (readUint16 != clientHandshakeState.d.getCipherSuite() || readUint8 != clientHandshakeState.d.getCompressionAlgorithm()) {
                throw new TlsFatalAlert((short) 47);
            }
            hashtable2 = null;
            hashtable3 = clientHandshakeState.d.readServerExtensions();
        }
        securityParameters.b = readUint16;
        securityParameters.c = readUint8;
        if (hashtable3 != null) {
            boolean hasEncryptThenMACExtension = TlsExtensionsUtils.hasEncryptThenMACExtension(hashtable3);
            if (hasEncryptThenMACExtension && !TlsUtils.isBlockCipherSuite(securityParameters.getCipherSuite())) {
                throw new TlsFatalAlert((short) 47);
            }
            securityParameters.n = hasEncryptThenMACExtension;
            securityParameters.o = TlsExtensionsUtils.hasExtendedMasterSecretExtension(hashtable3);
            securityParameters.l = DTLSProtocol.evaluateMaxFragmentLengthExtension(clientHandshakeState.j, hashtable2, hashtable3, (short) 47);
            securityParameters.m = TlsExtensionsUtils.hasTruncatedHMacExtension(hashtable3);
            clientHandshakeState.l = !clientHandshakeState.j && TlsUtils.hasExpectedEmptyExtensionData(hashtable3, TlsExtensionsUtils.EXT_status_request, (short) 47);
            if (!clientHandshakeState.j && TlsUtils.hasExpectedEmptyExtensionData(hashtable3, TlsProtocol.EXT_SessionTicket, (short) 47)) {
                z = true;
            }
            clientHandshakeState.m = z;
        }
        if (hashtable2 != null) {
            clientHandshakeState.f9806a.processServerExtensions(hashtable3);
        }
        securityParameters.d = TlsProtocol.getPRFAlgorithm(clientHandshakeState.b, securityParameters.getCipherSuite());
        securityParameters.e = 12;
    }

    public void processServerKeyExchange(ClientHandshakeState clientHandshakeState, byte[] bArr) throws IOException {
        ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(bArr);
        clientHandshakeState.n.processServerKeyExchange(byteArrayInputStream);
        TlsProtocol.assertEmpty(byteArrayInputStream);
    }

    public void processServerSupplementalData(ClientHandshakeState clientHandshakeState, byte[] bArr) throws IOException {
        clientHandshakeState.f9806a.processServerSupplementalData(TlsProtocol.readSupplementalDataMessage(new ByteArrayInputStream(bArr)));
    }

    public void reportServerVersion(ClientHandshakeState clientHandshakeState, ProtocolVersion protocolVersion) throws IOException {
        kb3 kb3Var = clientHandshakeState.b;
        ProtocolVersion protocolVersion2 = kb3Var.e;
        if (protocolVersion2 == null) {
            kb3Var.e = protocolVersion;
            clientHandshakeState.f9806a.notifyServerVersion(protocolVersion);
        } else if (!protocolVersion2.equals(protocolVersion)) {
            throw new TlsFatalAlert((short) 47);
        }
    }
}
