package org.bouncycastle.crypto.tls;

import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.security.SecureRandom;
import java.util.Enumeration;
import java.util.Hashtable;
import java.util.Vector;
import org.bouncycastle.crypto.tls.DTLSReliableHandshake;
import org.bouncycastle.crypto.tls.SessionParameters;
import org.bouncycastle.util.Arrays;

/* loaded from: classes3.dex */
public class DTLSClientProtocol extends DTLSProtocol {

    /* loaded from: classes3.dex */
    public static class ClientHandshakeState {

        /* renamed from: a, reason: collision with other field name */
        public TlsClient f6250a = null;

        /* renamed from: a, reason: collision with other field name */
        public TlsClientContextImpl f6251a = null;

        /* renamed from: a, reason: collision with other field name */
        public TlsSession f6254a = null;

        /* renamed from: a, reason: collision with other field name */
        public SessionParameters f6248a = null;

        /* renamed from: a, reason: collision with other field name */
        public SessionParameters.Builder f6247a = null;

        /* renamed from: a, reason: collision with other field name */
        public int[] f6258a = null;

        /* renamed from: a, reason: collision with other field name */
        public short[] f6259a = null;

        /* renamed from: a, reason: collision with other field name */
        public Hashtable f6244a = null;

        /* renamed from: a, reason: collision with other field name */
        public byte[] f6257a = null;
        public int a = -1;

        /* renamed from: a, reason: collision with other field name */
        public short f6255a = -1;

        /* renamed from: a, reason: collision with other field name */
        public boolean f6256a = false;
        public short b = -1;

        /* renamed from: b, reason: collision with other field name */
        public boolean f6260b = false;
        public boolean c = false;

        /* renamed from: a, reason: collision with other field name */
        public TlsKeyExchange f6253a = null;

        /* renamed from: a, reason: collision with other field name */
        public TlsAuthentication f6249a = null;

        /* renamed from: a, reason: collision with other field name */
        public CertificateStatus f6246a = null;

        /* renamed from: a, reason: collision with other field name */
        public CertificateRequest f6245a = null;

        /* renamed from: a, reason: collision with other field name */
        public TlsCredentials f6252a = null;
    }

    public DTLSClientProtocol(SecureRandom secureRandom) {
        super(secureRandom);
    }

    public static byte[] l(byte[] bArr, byte[] bArr2) throws IOException {
        int F0 = 35 + TlsUtils.F0(bArr, 34);
        int i = F0 + 1;
        byte[] bArr3 = new byte[bArr.length + bArr2.length];
        System.arraycopy(bArr, 0, bArr3, 0, F0);
        TlsUtils.q(bArr2.length);
        TlsUtils.h1(bArr2.length, bArr3, F0);
        System.arraycopy(bArr2, 0, bArr3, i, bArr2.length);
        System.arraycopy(bArr, i, bArr3, bArr2.length + i, bArr.length - i);
        return bArr3;
    }

    public DTLSTransport f(ClientHandshakeState clientHandshakeState, DTLSRecordLayer dTLSRecordLayer) throws IOException {
        DTLSReliableHandshake.Message message;
        Certificate certificate;
        TlsSession tlsSession;
        SecurityParameters securityParameters = clientHandshakeState.f6251a.getSecurityParameters();
        DTLSReliableHandshake dTLSReliableHandshake = new DTLSReliableHandshake(clientHandshakeState.f6251a, dTLSRecordLayer);
        byte[] i = i(clientHandshakeState, clientHandshakeState.f6250a);
        dTLSReliableHandshake.q((short) 1, i);
        while (true) {
            DTLSReliableHandshake.Message l = dTLSReliableHandshake.l();
            if (l.getType() != 3) {
                if (l.getType() != 2) {
                    throw new TlsFatalAlert((short) 10);
                }
                u(clientHandshakeState, dTLSRecordLayer.getDiscoveredPeerVersion());
                r(clientHandshakeState, l.getBody());
                short s = clientHandshakeState.b;
                if (s >= 0) {
                    dTLSRecordLayer.setPlaintextLimit(1 << (s + 8));
                }
                int i2 = clientHandshakeState.a;
                securityParameters.b = i2;
                securityParameters.f6346a = clientHandshakeState.f6255a;
                securityParameters.c = TlsProtocol.m(clientHandshakeState.f6251a, i2);
                securityParameters.d = 12;
                dTLSReliableHandshake.i();
                byte[] bArr = clientHandshakeState.f6257a;
                if (bArr.length > 0 && (tlsSession = clientHandshakeState.f6254a) != null && Arrays.d(bArr, tlsSession.getSessionID())) {
                    if (securityParameters.getCipherSuite() != clientHandshakeState.f6248a.getCipherSuite() || securityParameters.getCompressionAlgorithm() != clientHandshakeState.f6248a.getCompressionAlgorithm()) {
                        throw new TlsFatalAlert((short) 47);
                    }
                    securityParameters.f6352c = TlsExtensionsUtils.v(clientHandshakeState.f6248a.c());
                    securityParameters.f6348a = Arrays.j(clientHandshakeState.f6248a.getMasterSecret());
                    dTLSRecordLayer.g(clientHandshakeState.f6250a.getCipher());
                    TlsClientContextImpl tlsClientContextImpl = clientHandshakeState.f6251a;
                    d(dTLSReliableHandshake.m((short) 20), TlsUtils.i(tlsClientContextImpl, ExporterLabel.b, TlsProtocol.l(tlsClientContextImpl, dTLSReliableHandshake.getHandshakeHash(), null)));
                    TlsClientContextImpl tlsClientContextImpl2 = clientHandshakeState.f6251a;
                    dTLSReliableHandshake.q((short) 20, TlsUtils.i(tlsClientContextImpl2, ExporterLabel.a, TlsProtocol.l(tlsClientContextImpl2, dTLSReliableHandshake.getHandshakeHash(), null)));
                    dTLSReliableHandshake.h();
                    clientHandshakeState.f6251a.setResumableSession(clientHandshakeState.f6254a);
                    clientHandshakeState.f6250a.b();
                    return new DTLSTransport(dTLSRecordLayer);
                }
                k(clientHandshakeState);
                byte[] bArr2 = clientHandshakeState.f6257a;
                if (bArr2.length > 0) {
                    clientHandshakeState.f6254a = new TlsSessionImpl(bArr2, null);
                }
                DTLSReliableHandshake.Message l2 = dTLSReliableHandshake.l();
                if (l2.getType() == 23) {
                    t(clientHandshakeState, l2.getBody());
                    l2 = dTLSReliableHandshake.l();
                } else {
                    clientHandshakeState.f6250a.f(null);
                }
                TlsKeyExchange keyExchange = clientHandshakeState.f6250a.getKeyExchange();
                clientHandshakeState.f6253a = keyExchange;
                keyExchange.a(clientHandshakeState.f6251a);
                if (l2.getType() == 11) {
                    certificate = q(clientHandshakeState, l2.getBody());
                    message = dTLSReliableHandshake.l();
                } else {
                    clientHandshakeState.f6253a.e();
                    message = l2;
                    certificate = null;
                }
                if (certificate == null || certificate.d()) {
                    clientHandshakeState.f6260b = false;
                }
                if (message.getType() == 22) {
                    n(clientHandshakeState, message.getBody());
                    message = dTLSReliableHandshake.l();
                }
                if (message.getType() == 12) {
                    s(clientHandshakeState, message.getBody());
                    message = dTLSReliableHandshake.l();
                } else {
                    clientHandshakeState.f6253a.o();
                }
                if (message.getType() == 13) {
                    m(clientHandshakeState, message.getBody());
                    TlsUtils.L0(dTLSReliableHandshake.getHandshakeHash(), clientHandshakeState.f6245a.getSupportedSignatureAlgorithms());
                    message = dTLSReliableHandshake.l();
                }
                if (message.getType() != 14) {
                    throw new TlsFatalAlert((short) 10);
                }
                if (message.getBody().length != 0) {
                    throw new TlsFatalAlert((short) 50);
                }
                dTLSReliableHandshake.getHandshakeHash().m();
                Vector clientSupplementalData = clientHandshakeState.f6250a.getClientSupplementalData();
                if (clientSupplementalData != null) {
                    dTLSReliableHandshake.q((short) 23, DTLSProtocol.c(clientSupplementalData));
                }
                CertificateRequest certificateRequest = clientHandshakeState.f6245a;
                if (certificateRequest != null) {
                    TlsCredentials b = clientHandshakeState.f6249a.b(certificateRequest);
                    clientHandshakeState.f6252a = b;
                    Certificate certificate2 = b != null ? b.getCertificate() : null;
                    if (certificate2 == null) {
                        certificate2 = Certificate.a;
                    }
                    dTLSReliableHandshake.q((short) 11, DTLSProtocol.b(certificate2));
                }
                TlsCredentials tlsCredentials = clientHandshakeState.f6252a;
                if (tlsCredentials != null) {
                    clientHandshakeState.f6253a.g(tlsCredentials);
                } else {
                    clientHandshakeState.f6253a.f();
                }
                dTLSReliableHandshake.q((short) 16, j(clientHandshakeState));
                TlsHandshakeHash k = dTLSReliableHandshake.k();
                securityParameters.f6354d = TlsProtocol.l(clientHandshakeState.f6251a, k, null);
                TlsProtocol.i(clientHandshakeState.f6251a, clientHandshakeState.f6253a);
                dTLSRecordLayer.g(clientHandshakeState.f6250a.getCipher());
                TlsCredentials tlsCredentials2 = clientHandshakeState.f6252a;
                if (tlsCredentials2 != null && (tlsCredentials2 instanceof TlsSignerCredentials)) {
                    TlsSignerCredentials tlsSignerCredentials = (TlsSignerCredentials) tlsCredentials2;
                    SignatureAndHashAlgorithm O = TlsUtils.O(clientHandshakeState.f6251a, tlsSignerCredentials);
                    dTLSReliableHandshake.q((short) 15, h(clientHandshakeState, new DigitallySigned(O, tlsSignerCredentials.a(O == null ? securityParameters.getSessionHash() : k.h(O.getHash())))));
                }
                TlsClientContextImpl tlsClientContextImpl3 = clientHandshakeState.f6251a;
                dTLSReliableHandshake.q((short) 20, TlsUtils.i(tlsClientContextImpl3, ExporterLabel.a, TlsProtocol.l(tlsClientContextImpl3, dTLSReliableHandshake.getHandshakeHash(), null)));
                if (clientHandshakeState.c) {
                    DTLSReliableHandshake.Message l3 = dTLSReliableHandshake.l();
                    if (l3.getType() != 4) {
                        throw new TlsFatalAlert((short) 10);
                    }
                    p(clientHandshakeState, l3.getBody());
                }
                TlsClientContextImpl tlsClientContextImpl4 = clientHandshakeState.f6251a;
                d(dTLSReliableHandshake.m((short) 20), TlsUtils.i(tlsClientContextImpl4, ExporterLabel.b, TlsProtocol.l(tlsClientContextImpl4, dTLSReliableHandshake.getHandshakeHash(), null)));
                dTLSReliableHandshake.h();
                if (clientHandshakeState.f6254a != null) {
                    clientHandshakeState.f6248a = new SessionParameters.Builder().b(securityParameters.b).c(securityParameters.f6346a).d(securityParameters.f6348a).f(certificate).e(securityParameters.e).h(securityParameters.f).a();
                    TlsSession S = TlsUtils.S(clientHandshakeState.f6254a.getSessionID(), clientHandshakeState.f6248a);
                    clientHandshakeState.f6254a = S;
                    clientHandshakeState.f6251a.setResumableSession(S);
                }
                clientHandshakeState.f6250a.b();
                return new DTLSTransport(dTLSRecordLayer);
            }
            if (!dTLSRecordLayer.j().e(clientHandshakeState.f6251a.getClientVersion())) {
                throw new TlsFatalAlert((short) 47);
            }
            byte[] l4 = l(i, o(clientHandshakeState, l.getBody()));
            dTLSReliableHandshake.p();
            dTLSReliableHandshake.q((short) 1, l4);
        }
    }

    public DTLSTransport g(TlsClient tlsClient, DatagramTransport datagramTransport) throws IOException {
        SessionParameters c;
        if (tlsClient == null) {
            throw new IllegalArgumentException("'client' cannot be null");
        }
        if (datagramTransport == null) {
            throw new IllegalArgumentException("'transport' cannot be null");
        }
        SecurityParameters securityParameters = new SecurityParameters();
        securityParameters.a = 1;
        ClientHandshakeState clientHandshakeState = new ClientHandshakeState();
        clientHandshakeState.f6250a = tlsClient;
        clientHandshakeState.f6251a = new TlsClientContextImpl(this.a, securityParameters);
        securityParameters.f6351b = TlsProtocol.f(tlsClient.s(), clientHandshakeState.f6251a.getNonceRandomGenerator());
        tlsClient.a(clientHandshakeState.f6251a);
        DTLSRecordLayer dTLSRecordLayer = new DTLSRecordLayer(datagramTransport, clientHandshakeState.f6251a, tlsClient, (short) 22);
        TlsSession sessionToResume = clientHandshakeState.f6250a.getSessionToResume();
        if (sessionToResume != null && (c = sessionToResume.c()) != null) {
            clientHandshakeState.f6254a = sessionToResume;
            clientHandshakeState.f6248a = c;
        }
        try {
            return f(clientHandshakeState, dTLSRecordLayer);
        } catch (IOException e) {
            dTLSRecordLayer.d((short) 80);
            throw e;
        } catch (RuntimeException e2) {
            dTLSRecordLayer.d((short) 80);
            throw new TlsFatalAlert((short) 80, e2);
        } catch (TlsFatalAlert e3) {
            dTLSRecordLayer.d(e3.getAlertDescription());
            throw e3;
        }
    }

    public byte[] h(ClientHandshakeState clientHandshakeState, DigitallySigned digitallySigned) throws IOException {
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        digitallySigned.a(byteArrayOutputStream);
        return byteArrayOutputStream.toByteArray();
    }

    public byte[] i(ClientHandshakeState clientHandshakeState, TlsClient tlsClient) throws IOException {
        byte[] bArr;
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        ProtocolVersion clientVersion = tlsClient.getClientVersion();
        if (!clientVersion.d()) {
            throw new TlsFatalAlert((short) 80);
        }
        TlsClientContextImpl tlsClientContextImpl = clientHandshakeState.f6251a;
        tlsClientContextImpl.setClientVersion(clientVersion);
        TlsUtils.o1(clientVersion, byteArrayOutputStream);
        SecurityParameters securityParameters = tlsClientContextImpl.getSecurityParameters();
        byteArrayOutputStream.write(securityParameters.getClientRandom());
        byte[] bArr2 = TlsUtils.f6473a;
        TlsSession tlsSession = clientHandshakeState.f6254a;
        if (tlsSession == null || (bArr = tlsSession.getSessionID()) == null || bArr.length > 32) {
            bArr = bArr2;
        }
        TlsUtils.R0(bArr, byteArrayOutputStream);
        TlsUtils.R0(bArr2, byteArrayOutputStream);
        boolean p = tlsClient.p();
        clientHandshakeState.f6258a = tlsClient.getCipherSuites();
        Hashtable clientExtensions = tlsClient.getClientExtensions();
        clientHandshakeState.f6244a = clientExtensions;
        securityParameters.f6352c = TlsExtensionsUtils.v(clientExtensions);
        boolean z = TlsUtils.J(clientHandshakeState.f6244a, TlsProtocol.a) == null;
        boolean z2 = !Arrays.x(clientHandshakeState.f6258a, 255);
        if (z && z2) {
            clientHandshakeState.f6258a = Arrays.b(clientHandshakeState.f6258a, 255);
        }
        if (p && !Arrays.x(clientHandshakeState.f6258a, CipherSuite.j4)) {
            clientHandshakeState.f6258a = Arrays.b(clientHandshakeState.f6258a, CipherSuite.j4);
        }
        TlsUtils.W0(clientHandshakeState.f6258a, byteArrayOutputStream);
        short[] sArr = {0};
        clientHandshakeState.f6259a = sArr;
        TlsUtils.m1(sArr, byteArrayOutputStream);
        Hashtable hashtable = clientHandshakeState.f6244a;
        if (hashtable != null) {
            TlsProtocol.M(byteArrayOutputStream, hashtable);
        }
        return byteArrayOutputStream.toByteArray();
    }

    public byte[] j(ClientHandshakeState clientHandshakeState) throws IOException {
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        clientHandshakeState.f6253a.h(byteArrayOutputStream);
        return byteArrayOutputStream.toByteArray();
    }

    public void k(ClientHandshakeState clientHandshakeState) {
        SessionParameters sessionParameters = clientHandshakeState.f6248a;
        if (sessionParameters != null) {
            sessionParameters.a();
            clientHandshakeState.f6248a = null;
        }
        TlsSession tlsSession = clientHandshakeState.f6254a;
        if (tlsSession != null) {
            tlsSession.a();
            clientHandshakeState.f6254a = null;
        }
    }

    public void m(ClientHandshakeState clientHandshakeState, byte[] bArr) throws IOException {
        if (clientHandshakeState.f6249a == null) {
            throw new TlsFatalAlert((short) 40);
        }
        ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(bArr);
        clientHandshakeState.f6245a = CertificateRequest.b(clientHandshakeState.f6251a, byteArrayInputStream);
        TlsProtocol.b(byteArrayInputStream);
        clientHandshakeState.f6253a.n(clientHandshakeState.f6245a);
    }

    public void n(ClientHandshakeState clientHandshakeState, byte[] bArr) throws IOException {
        if (!clientHandshakeState.f6260b) {
            throw new TlsFatalAlert((short) 10);
        }
        ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(bArr);
        clientHandshakeState.f6246a = CertificateStatus.c(byteArrayInputStream);
        TlsProtocol.b(byteArrayInputStream);
    }

    public byte[] o(ClientHandshakeState clientHandshakeState, byte[] bArr) throws IOException {
        ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(bArr);
        ProtocolVersion H0 = TlsUtils.H0(byteArrayInputStream);
        byte[] t0 = TlsUtils.t0(byteArrayInputStream);
        TlsProtocol.b(byteArrayInputStream);
        if (!H0.e(clientHandshakeState.f6251a.getClientVersion())) {
            throw new TlsFatalAlert((short) 47);
        }
        if (ProtocolVersion.f.e(H0) || t0.length <= 32) {
            return t0;
        }
        throw new TlsFatalAlert((short) 47);
    }

    public void p(ClientHandshakeState clientHandshakeState, byte[] bArr) throws IOException {
        ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(bArr);
        NewSessionTicket b = NewSessionTicket.b(byteArrayInputStream);
        TlsProtocol.b(byteArrayInputStream);
        clientHandshakeState.f6250a.k(b);
    }

    public Certificate q(ClientHandshakeState clientHandshakeState, byte[] bArr) throws IOException {
        ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(bArr);
        Certificate e = Certificate.e(byteArrayInputStream);
        TlsProtocol.b(byteArrayInputStream);
        clientHandshakeState.f6253a.c(e);
        TlsAuthentication authentication = clientHandshakeState.f6250a.getAuthentication();
        clientHandshakeState.f6249a = authentication;
        authentication.a(e);
        return e;
    }

    public void r(ClientHandshakeState clientHandshakeState, byte[] bArr) throws IOException {
        int i;
        SecurityParameters securityParameters = clientHandshakeState.f6251a.getSecurityParameters();
        ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(bArr);
        ProtocolVersion H0 = TlsUtils.H0(byteArrayInputStream);
        u(clientHandshakeState, H0);
        securityParameters.f6353c = TlsUtils.q0(32, byteArrayInputStream);
        byte[] t0 = TlsUtils.t0(byteArrayInputStream);
        clientHandshakeState.f6257a = t0;
        if (t0.length > 32) {
            throw new TlsFatalAlert((short) 47);
        }
        clientHandshakeState.f6250a.m(t0);
        int v0 = TlsUtils.v0(byteArrayInputStream);
        clientHandshakeState.a = v0;
        if (!Arrays.x(clientHandshakeState.f6258a, v0) || (i = clientHandshakeState.a) == 0 || CipherSuite.a(i) || !TlsUtils.a0(clientHandshakeState.a, H0)) {
            throw new TlsFatalAlert((short) 47);
        }
        DTLSProtocol.e(clientHandshakeState.a, (short) 47);
        clientHandshakeState.f6250a.q(clientHandshakeState.a);
        short E0 = TlsUtils.E0(byteArrayInputStream);
        clientHandshakeState.f6255a = E0;
        if (!Arrays.y(clientHandshakeState.f6259a, E0)) {
            throw new TlsFatalAlert((short) 47);
        }
        clientHandshakeState.f6250a.u(clientHandshakeState.f6255a);
        Hashtable D = TlsProtocol.D(byteArrayInputStream);
        if (TlsExtensionsUtils.v(D) != securityParameters.f6352c) {
            throw new TlsFatalAlert((short) 40);
        }
        if (D != null) {
            Enumeration keys = D.keys();
            while (keys.hasMoreElements()) {
                Integer num = (Integer) keys.nextElement();
                if (!num.equals(TlsProtocol.a)) {
                    if (TlsUtils.J(clientHandshakeState.f6244a, num) == null) {
                        throw new TlsFatalAlert(AlertDescription.y);
                    }
                    num.equals(TlsExtensionsUtils.b);
                }
            }
            byte[] bArr2 = (byte[]) D.get(TlsProtocol.a);
            if (bArr2 != null) {
                clientHandshakeState.f6256a = true;
                if (!Arrays.w(bArr2, TlsProtocol.g(TlsUtils.f6473a))) {
                    throw new TlsFatalAlert((short) 40);
                }
            }
            boolean u = TlsExtensionsUtils.u(D);
            if (u && !TlsUtils.U(clientHandshakeState.a)) {
                throw new TlsFatalAlert((short) 47);
            }
            securityParameters.f6350b = u;
            clientHandshakeState.b = DTLSProtocol.a(clientHandshakeState.f6244a, D, (short) 47);
            securityParameters.f6347a = TlsExtensionsUtils.w(D);
            clientHandshakeState.f6260b = TlsUtils.P(D, TlsExtensionsUtils.f, (short) 47);
            clientHandshakeState.c = TlsUtils.P(D, TlsProtocol.b, (short) 47);
        }
        clientHandshakeState.f6250a.i(clientHandshakeState.f6256a);
        if (clientHandshakeState.f6244a != null) {
            clientHandshakeState.f6250a.n(D);
        }
    }

    public void s(ClientHandshakeState clientHandshakeState, byte[] bArr) throws IOException {
        ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(bArr);
        clientHandshakeState.f6253a.b(byteArrayInputStream);
        TlsProtocol.b(byteArrayInputStream);
    }

    public void t(ClientHandshakeState clientHandshakeState, byte[] bArr) throws IOException {
        clientHandshakeState.f6250a.f(TlsProtocol.E(new ByteArrayInputStream(bArr)));
    }

    public void u(ClientHandshakeState clientHandshakeState, ProtocolVersion protocolVersion) throws IOException {
        TlsClientContextImpl tlsClientContextImpl = clientHandshakeState.f6251a;
        ProtocolVersion serverVersion = tlsClientContextImpl.getServerVersion();
        if (serverVersion == null) {
            tlsClientContextImpl.setServerVersion(protocolVersion);
            clientHandshakeState.f6250a.e(protocolVersion);
        } else if (!serverVersion.a(protocolVersion)) {
            throw new TlsFatalAlert((short) 47);
        }
    }
}
