package org.bouncycastle.tls;

import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.util.Enumeration;
import java.util.Hashtable;
import org.bouncycastle.tls.SessionParameters;
import org.bouncycastle.tls.crypto.TlsSecret;
import org.bouncycastle.util.Arrays;

/* loaded from: classes6.dex */
public class DTLSClientProtocol extends DTLSProtocol {

    /* JADX INFO: Access modifiers changed from: protected */
    /* loaded from: classes6.dex */
    public static class ClientHandshakeState {

        /* renamed from: a, reason: collision with root package name */
        TlsClient f84170a = null;

        /* renamed from: b, reason: collision with root package name */
        o f84171b = null;

        /* renamed from: c, reason: collision with root package name */
        TlsSession f84172c = null;

        /* renamed from: d, reason: collision with root package name */
        SessionParameters f84173d = null;

        /* renamed from: e, reason: collision with root package name */
        TlsSecret f84174e = null;

        /* renamed from: f, reason: collision with root package name */
        SessionParameters.Builder f84175f = null;

        /* renamed from: g, reason: collision with root package name */
        int[] f84176g = null;

        /* renamed from: h, reason: collision with root package name */
        Hashtable f84177h = null;

        /* renamed from: i, reason: collision with root package name */
        Hashtable f84178i = null;

        /* renamed from: j, reason: collision with root package name */
        boolean f84179j = false;

        /* renamed from: k, reason: collision with root package name */
        boolean f84180k = false;

        /* renamed from: l, reason: collision with root package name */
        Hashtable f84181l = null;

        /* renamed from: m, reason: collision with root package name */
        TlsKeyExchange f84182m = null;

        /* renamed from: n, reason: collision with root package name */
        TlsAuthentication f84183n = null;

        /* renamed from: o, reason: collision with root package name */
        CertificateStatus f84184o = null;

        /* renamed from: p, reason: collision with root package name */
        CertificateRequest f84185p = null;

        /* renamed from: q, reason: collision with root package name */
        TlsCredentials f84186q = null;

        /* renamed from: r, reason: collision with root package name */
        TlsHeartbeat f84187r = null;

        /* renamed from: s, reason: collision with root package name */
        short f84188s = 2;

        protected ClientHandshakeState() {
        }
    }

    protected static byte[] patchClientHelloWithCookie(byte[] bArr, byte[] bArr2) throws IOException {
        int readUint8 = 35 + TlsUtils.readUint8(bArr, 34);
        int i2 = readUint8 + 1;
        byte[] bArr3 = new byte[bArr.length + bArr2.length];
        System.arraycopy(bArr, 0, bArr3, 0, readUint8);
        TlsUtils.checkUint8(bArr2.length);
        TlsUtils.writeUint8(bArr2.length, bArr3, readUint8);
        System.arraycopy(bArr2, 0, bArr3, i2, bArr2.length);
        System.arraycopy(bArr, i2, bArr3, bArr2.length + i2, bArr.length - i2);
        return bArr3;
    }

    protected void abortClientHandshake(ClientHandshakeState clientHandshakeState, e eVar, short s2) {
        eVar.b(s2);
        invalidateSession(clientHandshakeState);
    }

    /* JADX WARN: Removed duplicated region for block: B:58:0x0205  */
    /* JADX WARN: Removed duplicated region for block: B:61:0x0236  */
    /* JADX WARN: Removed duplicated region for block: B:64:0x0263  */
    /* JADX WARN: Removed duplicated region for block: B:71:0x0333  */
    /* JADX WARN: Removed duplicated region for block: B:74:0x0335  */
    /* JADX WARN: Removed duplicated region for block: B:75:0x0207  */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    protected org.bouncycastle.tls.DTLSTransport clientHandshake(org.bouncycastle.tls.DTLSClientProtocol.ClientHandshakeState r20, org.bouncycastle.tls.e r21) throws java.io.IOException {
        /*
            Method dump skipped, instructions count: 854
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: org.bouncycastle.tls.DTLSClientProtocol.clientHandshake(org.bouncycastle.tls.DTLSClientProtocol$ClientHandshakeState, org.bouncycastle.tls.e):org.bouncycastle.tls.DTLSTransport");
    }

    public DTLSTransport connect(TlsClient tlsClient, DatagramTransport datagramTransport) throws IOException {
        SessionParameters exportSessionParameters;
        if (tlsClient == null) {
            throw new IllegalArgumentException("'client' cannot be null");
        }
        if (datagramTransport == null) {
            throw new IllegalArgumentException("'transport' cannot be null");
        }
        ClientHandshakeState clientHandshakeState = new ClientHandshakeState();
        clientHandshakeState.f84170a = tlsClient;
        o oVar = new o(tlsClient.getCrypto());
        clientHandshakeState.f84171b = oVar;
        tlsClient.init(oVar);
        clientHandshakeState.f84171b.e(tlsClient);
        SecurityParameters securityParametersHandshake = clientHandshakeState.f84171b.getSecurityParametersHandshake();
        securityParametersHandshake.E = tlsClient.shouldUseExtendedPadding();
        TlsSession sessionToResume = clientHandshakeState.f84170a.getSessionToResume();
        if (sessionToResume != null && sessionToResume.isResumable() && (exportSessionParameters = sessionToResume.exportSessionParameters()) != null && (exportSessionParameters.isExtendedMasterSecret() || (!clientHandshakeState.f84170a.requiresExtendedMasterSecret() && clientHandshakeState.f84170a.allowLegacyResumption()))) {
            TlsSecret masterSecret = exportSessionParameters.getMasterSecret();
            synchronized (masterSecret) {
                if (masterSecret.isAlive()) {
                    clientHandshakeState.f84172c = sessionToResume;
                    clientHandshakeState.f84173d = exportSessionParameters;
                    clientHandshakeState.f84174e = clientHandshakeState.f84171b.getCrypto().adoptSecret(masterSecret);
                }
            }
        }
        e eVar = new e(clientHandshakeState.f84171b, clientHandshakeState.f84170a, datagramTransport);
        tlsClient.notifyCloseHandle(eVar);
        try {
            try {
                try {
                    return clientHandshake(clientHandshakeState, eVar);
                } catch (RuntimeException e2) {
                    abortClientHandshake(clientHandshakeState, eVar, (short) 80);
                    throw new TlsFatalAlert((short) 80, (Throwable) e2);
                }
            } catch (TlsFatalAlert e3) {
                abortClientHandshake(clientHandshakeState, eVar, e3.getAlertDescription());
                throw e3;
            } catch (IOException e4) {
                abortClientHandshake(clientHandshakeState, eVar, (short) 80);
                throw e4;
            }
        } finally {
            securityParametersHandshake.a();
        }
    }

    protected byte[] generateCertificateVerify(ClientHandshakeState clientHandshakeState, DigitallySigned digitallySigned) throws IOException {
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        digitallySigned.encode(byteArrayOutputStream);
        return byteArrayOutputStream.toByteArray();
    }

    protected byte[] generateClientHello(ClientHandshakeState clientHandshakeState) throws IOException {
        ProtocolVersion protocolVersion;
        SessionParameters sessionParameters;
        o oVar = clientHandshakeState.f84171b;
        SecurityParameters securityParametersHandshake = oVar.getSecurityParametersHandshake();
        oVar.j(clientHandshakeState.f84170a.getProtocolVersions());
        ProtocolVersion latestDTLS = ProtocolVersion.getLatestDTLS(oVar.getClientSupportedVersions());
        if (!ProtocolVersion.c(latestDTLS)) {
            throw new TlsFatalAlert((short) 80);
        }
        oVar.k(latestDTLS);
        byte[] g02 = TlsUtils.g0(clientHandshakeState.f84172c);
        boolean isFallback = clientHandshakeState.f84170a.isFallback();
        int[] cipherSuites = clientHandshakeState.f84170a.getCipherSuites();
        clientHandshakeState.f84176g = cipherSuites;
        if (g02.length > 0 && (sessionParameters = clientHandshakeState.f84173d) != null && (!Arrays.contains(cipherSuites, sessionParameters.getCipherSuite()) || clientHandshakeState.f84173d.getCompressionAlgorithm() != 0)) {
            g02 = TlsUtils.EMPTY_BYTES;
        }
        byte[] bArr = g02;
        clientHandshakeState.f84177h = TlsExtensionsUtils.ensureExtensionsInitialised(clientHandshakeState.f84170a.getClientExtensions());
        ProtocolVersion protocolVersion2 = ProtocolVersion.DTLSv12;
        if (latestDTLS.isLaterVersionOf(protocolVersion2)) {
            TlsExtensionsUtils.addSupportedVersionsExtensionClient(clientHandshakeState.f84177h, oVar.getClientSupportedVersions());
            protocolVersion = protocolVersion2;
        } else {
            protocolVersion = latestDTLS;
        }
        oVar.l(protocolVersion);
        securityParametersHandshake.J = TlsExtensionsUtils.getServerNameExtensionClient(clientHandshakeState.f84177h);
        if (TlsUtils.isSignatureAlgorithmsExtensionAllowed(latestDTLS)) {
            TlsUtils.P(securityParametersHandshake, clientHandshakeState.f84177h);
        }
        securityParametersHandshake.M = TlsExtensionsUtils.getSupportedGroupsExtension(clientHandshakeState.f84177h);
        clientHandshakeState.f84181l = TlsUtils.c(clientHandshakeState.f84171b, clientHandshakeState.f84170a, clientHandshakeState.f84177h);
        if (TlsUtils.n0(oVar.getClientSupportedVersions()) && clientHandshakeState.f84170a.shouldUseExtendedMasterSecret()) {
            TlsExtensionsUtils.addExtendedMasterSecretExtension(clientHandshakeState.f84177h);
        } else if (!TlsUtils.isTLSv13(latestDTLS) && clientHandshakeState.f84170a.requiresExtendedMasterSecret()) {
            throw new TlsFatalAlert((short) 80);
        }
        securityParametersHandshake.f84268u = TlsProtocol.createRandomBlock(protocolVersion2.isEqualOrLaterVersionOf(latestDTLS) && clientHandshakeState.f84170a.shouldUseGMTUnixTime(), clientHandshakeState.f84171b);
        boolean z2 = TlsUtils.getExtensionData(clientHandshakeState.f84177h, TlsProtocol.EXT_RenegotiationInfo) == null;
        boolean z3 = !Arrays.contains(clientHandshakeState.f84176g, 255);
        if (z2 && z3) {
            clientHandshakeState.f84176g = Arrays.append(clientHandshakeState.f84176g, 255);
        }
        if (isFallback && !Arrays.contains(clientHandshakeState.f84176g, 22016)) {
            clientHandshakeState.f84176g = Arrays.append(clientHandshakeState.f84176g, 22016);
        }
        clientHandshakeState.f84187r = clientHandshakeState.f84170a.getHeartbeat();
        short heartbeatPolicy = clientHandshakeState.f84170a.getHeartbeatPolicy();
        clientHandshakeState.f84188s = heartbeatPolicy;
        if (clientHandshakeState.f84187r != null || 1 == heartbeatPolicy) {
            TlsExtensionsUtils.addHeartbeatExtension(clientHandshakeState.f84177h, new HeartbeatExtension(heartbeatPolicy));
        }
        ClientHello clientHello = new ClientHello(protocolVersion, securityParametersHandshake.getClientRandom(), bArr, TlsUtils.EMPTY_BYTES, clientHandshakeState.f84176g, clientHandshakeState.f84177h, 0);
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        clientHello.encode(clientHandshakeState.f84171b, byteArrayOutputStream);
        return byteArrayOutputStream.toByteArray();
    }

    protected byte[] generateClientKeyExchange(ClientHandshakeState clientHandshakeState) throws IOException {
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        clientHandshakeState.f84182m.generateClientKeyExchange(byteArrayOutputStream);
        return byteArrayOutputStream.toByteArray();
    }

    protected void invalidateSession(ClientHandshakeState clientHandshakeState) {
        TlsSecret tlsSecret = clientHandshakeState.f84174e;
        if (tlsSecret != null) {
            tlsSecret.destroy();
            clientHandshakeState.f84174e = null;
        }
        SessionParameters sessionParameters = clientHandshakeState.f84173d;
        if (sessionParameters != null) {
            sessionParameters.clear();
            clientHandshakeState.f84173d = null;
        }
        TlsSession tlsSession = clientHandshakeState.f84172c;
        if (tlsSession != null) {
            tlsSession.invalidate();
            clientHandshakeState.f84172c = null;
        }
    }

    protected void processCertificateRequest(ClientHandshakeState clientHandshakeState, byte[] bArr) throws IOException {
        if (clientHandshakeState.f84183n == null) {
            throw new TlsFatalAlert((short) 40);
        }
        ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(bArr);
        CertificateRequest parse = CertificateRequest.parse(clientHandshakeState.f84171b, byteArrayInputStream);
        TlsProtocol.assertEmpty(byteArrayInputStream);
        clientHandshakeState.f84185p = TlsUtils.a1(parse, clientHandshakeState.f84182m);
    }

    protected void processCertificateStatus(ClientHandshakeState clientHandshakeState, byte[] bArr) throws IOException {
        ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(bArr);
        clientHandshakeState.f84184o = CertificateStatus.parse(clientHandshakeState.f84171b, byteArrayInputStream);
        TlsProtocol.assertEmpty(byteArrayInputStream);
    }

    protected byte[] processHelloVerifyRequest(ClientHandshakeState clientHandshakeState, byte[] bArr) throws IOException {
        ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(bArr);
        ProtocolVersion readVersion = TlsUtils.readVersion(byteArrayInputStream);
        byte[] readOpaque8 = TlsUtils.readOpaque8(byteArrayInputStream, 0, ProtocolVersion.DTLSv12.isEqualOrEarlierVersionOf(readVersion) ? 255 : 32);
        TlsProtocol.assertEmpty(byteArrayInputStream);
        if (readVersion.isEqualOrEarlierVersionOf(clientHandshakeState.f84171b.getClientVersion())) {
            return readOpaque8;
        }
        throw new TlsFatalAlert((short) 47);
    }

    protected void processNewSessionTicket(ClientHandshakeState clientHandshakeState, byte[] bArr) throws IOException {
        ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(bArr);
        NewSessionTicket parse = NewSessionTicket.parse(byteArrayInputStream);
        TlsProtocol.assertEmpty(byteArrayInputStream);
        clientHandshakeState.f84170a.notifyNewSessionTicket(parse);
    }

    protected void processServerCertificate(ClientHandshakeState clientHandshakeState, byte[] bArr) throws IOException {
        clientHandshakeState.f84183n = TlsUtils.G0(clientHandshakeState.f84171b, clientHandshakeState.f84170a, new ByteArrayInputStream(bArr));
    }

    protected void processServerHello(ClientHandshakeState clientHandshakeState, byte[] bArr) throws IOException {
        TlsSession tlsSession;
        ServerHello parse = ServerHello.parse(new ByteArrayInputStream(bArr));
        ProtocolVersion version = parse.getVersion();
        clientHandshakeState.f84178i = parse.getExtensions();
        SecurityParameters securityParametersHandshake = clientHandshakeState.f84171b.getSecurityParametersHandshake();
        reportServerVersion(clientHandshakeState, version);
        securityParametersHandshake.f84269v = parse.getRandom();
        if (!clientHandshakeState.f84171b.getClientVersion().equals(version)) {
            TlsUtils.r(version, securityParametersHandshake.getServerRandom());
        }
        byte[] sessionID = parse.getSessionID();
        securityParametersHandshake.f84271x = sessionID;
        clientHandshakeState.f84170a.notifySessionID(sessionID);
        boolean z2 = false;
        clientHandshakeState.f84179j = sessionID.length > 0 && (tlsSession = clientHandshakeState.f84172c) != null && Arrays.areEqual(sessionID, tlsSession.getSessionID());
        int validateSelectedCipherSuite = DTLSProtocol.validateSelectedCipherSuite(parse.getCipherSuite(), (short) 47);
        if (!TlsUtils.r0(clientHandshakeState.f84176g, validateSelectedCipherSuite) || !TlsUtils.isValidVersionForCipherSuite(validateSelectedCipherSuite, securityParametersHandshake.getNegotiatedVersion())) {
            throw new TlsFatalAlert((short) 47);
        }
        TlsUtils.v0(securityParametersHandshake, validateSelectedCipherSuite);
        clientHandshakeState.f84170a.notifySelectedCipherSuite(validateSelectedCipherSuite);
        if (TlsUtils.isTLSv13(version)) {
            securityParametersHandshake.D = true;
        } else {
            boolean hasExtendedMasterSecretExtension = TlsExtensionsUtils.hasExtendedMasterSecretExtension(clientHandshakeState.f84178i);
            if (hasExtendedMasterSecretExtension) {
                if (!clientHandshakeState.f84179j && !clientHandshakeState.f84170a.shouldUseExtendedMasterSecret()) {
                    throw new TlsFatalAlert((short) 40);
                }
            } else if (clientHandshakeState.f84170a.requiresExtendedMasterSecret() || (clientHandshakeState.f84179j && !clientHandshakeState.f84170a.allowLegacyResumption())) {
                throw new TlsFatalAlert((short) 40);
            }
            securityParametersHandshake.D = hasExtendedMasterSecretExtension;
        }
        Hashtable hashtable = clientHandshakeState.f84178i;
        if (hashtable != null) {
            Enumeration keys = hashtable.keys();
            while (keys.hasMoreElements()) {
                Integer num = (Integer) keys.nextElement();
                if (!num.equals(TlsProtocol.EXT_RenegotiationInfo) && TlsUtils.getExtensionData(clientHandshakeState.f84177h, num) == null) {
                    throw new TlsFatalAlert((short) 110);
                }
            }
        }
        byte[] extensionData = TlsUtils.getExtensionData(clientHandshakeState.f84178i, TlsProtocol.EXT_RenegotiationInfo);
        if (extensionData != null) {
            securityParametersHandshake.f84250c = true;
            if (!Arrays.constantTimeAreEqual(extensionData, TlsProtocol.createRenegotiationInfo(TlsUtils.EMPTY_BYTES))) {
                throw new TlsFatalAlert((short) 40);
            }
        }
        clientHandshakeState.f84170a.notifySecureRenegotiation(securityParametersHandshake.isSecureRenegotiation());
        securityParametersHandshake.G = TlsExtensionsUtils.getALPNExtensionServer(clientHandshakeState.f84178i);
        securityParametersHandshake.H = true;
        HeartbeatExtension heartbeatExtension = TlsExtensionsUtils.getHeartbeatExtension(clientHandshakeState.f84178i);
        Hashtable hashtable2 = null;
        if (heartbeatExtension == null) {
            clientHandshakeState.f84187r = null;
            clientHandshakeState.f84188s = (short) 2;
        } else if (1 != heartbeatExtension.getMode()) {
            clientHandshakeState.f84187r = null;
        }
        Hashtable hashtable3 = clientHandshakeState.f84177h;
        Hashtable hashtable4 = clientHandshakeState.f84178i;
        if (!clientHandshakeState.f84179j) {
            hashtable2 = hashtable3;
        } else {
            if (securityParametersHandshake.getCipherSuite() != clientHandshakeState.f84173d.getCipherSuite() || clientHandshakeState.f84173d.getCompressionAlgorithm() != 0 || !version.equals(clientHandshakeState.f84173d.getNegotiatedVersion())) {
                throw new TlsFatalAlert((short) 47);
            }
            hashtable4 = clientHandshakeState.f84173d.readServerExtensions();
        }
        if (hashtable4 != null && !hashtable4.isEmpty()) {
            boolean hasEncryptThenMACExtension = TlsExtensionsUtils.hasEncryptThenMACExtension(hashtable4);
            if (hasEncryptThenMACExtension && !TlsUtils.isBlockCipherSuite(securityParametersHandshake.getCipherSuite())) {
                throw new TlsFatalAlert((short) 47);
            }
            securityParametersHandshake.C = hasEncryptThenMACExtension;
            securityParametersHandshake.f84253f = DTLSProtocol.evaluateMaxFragmentLengthExtension(clientHandshakeState.f84179j, hashtable2, hashtable4, (short) 47);
            securityParametersHandshake.F = TlsExtensionsUtils.hasTruncatedHMacExtension(hashtable4);
            if (!clientHandshakeState.f84179j) {
                if (TlsUtils.hasExpectedEmptyExtensionData(hashtable4, TlsExtensionsUtils.EXT_status_request_v2, (short) 47)) {
                    securityParametersHandshake.U = 2;
                } else if (TlsUtils.hasExpectedEmptyExtensionData(hashtable4, TlsExtensionsUtils.EXT_status_request, (short) 47)) {
                    securityParametersHandshake.U = 1;
                }
            }
            if (!clientHandshakeState.f84179j && TlsUtils.hasExpectedEmptyExtensionData(hashtable4, TlsProtocol.EXT_SessionTicket, (short) 47)) {
                z2 = true;
            }
            clientHandshakeState.f84180k = z2;
        }
        if (hashtable2 != null) {
            clientHandshakeState.f84170a.processServerExtensions(hashtable4);
        }
    }

    protected void processServerKeyExchange(ClientHandshakeState clientHandshakeState, byte[] bArr) throws IOException {
        ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(bArr);
        clientHandshakeState.f84182m.processServerKeyExchange(byteArrayInputStream);
        TlsProtocol.assertEmpty(byteArrayInputStream);
    }

    protected void processServerSupplementalData(ClientHandshakeState clientHandshakeState, byte[] bArr) throws IOException {
        clientHandshakeState.f84170a.processServerSupplementalData(TlsProtocol.readSupplementalDataMessage(new ByteArrayInputStream(bArr)));
    }

    protected void reportServerVersion(ClientHandshakeState clientHandshakeState, ProtocolVersion protocolVersion) throws IOException {
        o oVar = clientHandshakeState.f84171b;
        SecurityParameters securityParametersHandshake = oVar.getSecurityParametersHandshake();
        ProtocolVersion negotiatedVersion = securityParametersHandshake.getNegotiatedVersion();
        if (negotiatedVersion != null) {
            if (!negotiatedVersion.equals(protocolVersion)) {
                throw new TlsFatalAlert((short) 47);
            }
        } else {
            if (!ProtocolVersion.contains(oVar.getClientSupportedVersions(), protocolVersion)) {
                throw new TlsFatalAlert((short) 70);
            }
            securityParametersHandshake.T = protocolVersion;
            TlsUtils.x0(clientHandshakeState.f84171b, clientHandshakeState.f84170a);
        }
    }
}
