package org.bouncycastle.crypto.tls;

import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.security.SecureRandom;
import java.util.Enumeration;
import java.util.Hashtable;
import java.util.Vector;
import org.bouncycastle.crypto.tls.DTLSReliableHandshake;
import org.bouncycastle.crypto.tls.SessionParameters;
import org.bouncycastle.util.Arrays;

/* loaded from: classes7.dex */
public class DTLSClientProtocol extends DTLSProtocol {

    /* loaded from: classes7.dex */
    public static class ClientHandshakeState {

        /* renamed from: a, reason: collision with root package name */
        public TlsClient f39665a = null;

        /* renamed from: b, reason: collision with root package name */
        public TlsClientContextImpl f39666b = null;

        /* renamed from: c, reason: collision with root package name */
        public TlsSession f39667c = null;

        /* renamed from: d, reason: collision with root package name */
        public SessionParameters f39668d = null;

        /* renamed from: e, reason: collision with root package name */
        public SessionParameters.Builder f39669e = null;

        /* renamed from: f, reason: collision with root package name */
        public int[] f39670f = null;

        /* renamed from: g, reason: collision with root package name */
        public short[] f39671g = null;

        /* renamed from: h, reason: collision with root package name */
        public Hashtable f39672h = null;

        /* renamed from: i, reason: collision with root package name */
        public Hashtable f39673i = null;

        /* renamed from: j, reason: collision with root package name */
        public byte[] f39674j = null;

        /* renamed from: k, reason: collision with root package name */
        public boolean f39675k = false;

        /* renamed from: l, reason: collision with root package name */
        public boolean f39676l = false;

        /* renamed from: m, reason: collision with root package name */
        public boolean f39677m = false;

        /* renamed from: n, reason: collision with root package name */
        public boolean f39678n = false;

        /* renamed from: o, reason: collision with root package name */
        public TlsKeyExchange f39679o = null;

        /* renamed from: p, reason: collision with root package name */
        public TlsAuthentication f39680p = null;

        /* renamed from: q, reason: collision with root package name */
        public CertificateStatus f39681q = null;

        /* renamed from: r, reason: collision with root package name */
        public CertificateRequest f39682r = null;

        /* renamed from: s, reason: collision with root package name */
        public TlsCredentials f39683s = null;
    }

    public DTLSClientProtocol(SecureRandom secureRandom) {
        super(secureRandom);
    }

    public static byte[] n(byte[] bArr, byte[] bArr2) throws IOException {
        int Q0 = 35 + TlsUtils.Q0(bArr, 34);
        int i2 = Q0 + 1;
        byte[] bArr3 = new byte[bArr.length + bArr2.length];
        System.arraycopy(bArr, 0, bArr3, 0, Q0);
        TlsUtils.q(bArr2.length);
        TlsUtils.t1(bArr2.length, bArr3, Q0);
        System.arraycopy(bArr2, 0, bArr3, i2, bArr2.length);
        System.arraycopy(bArr, i2, bArr3, bArr2.length + i2, bArr.length - i2);
        return bArr3;
    }

    public void g(ClientHandshakeState clientHandshakeState, DTLSRecordLayer dTLSRecordLayer, short s2) {
        dTLSRecordLayer.f(s2);
        m(clientHandshakeState);
    }

    public DTLSTransport h(ClientHandshakeState clientHandshakeState, DTLSRecordLayer dTLSRecordLayer) throws IOException {
        DTLSReliableHandshake.Message message;
        Certificate certificate;
        SecurityParameters j2 = clientHandshakeState.f39666b.j();
        DTLSReliableHandshake dTLSReliableHandshake = new DTLSReliableHandshake(clientHandshakeState.f39666b, dTLSRecordLayer);
        byte[] k2 = k(clientHandshakeState, clientHandshakeState.f39665a);
        dTLSRecordLayer.s(ProtocolVersion.f39953g);
        dTLSReliableHandshake.q((short) 1, k2);
        while (true) {
            DTLSReliableHandshake.Message l2 = dTLSReliableHandshake.l();
            if (l2.c() != 3) {
                if (l2.c() != 2) {
                    throw new TlsFatalAlert((short) 10);
                }
                ProtocolVersion j3 = dTLSRecordLayer.j();
                w(clientHandshakeState, j3);
                dTLSRecordLayer.s(j3);
                t(clientHandshakeState, l2.a());
                dTLSReliableHandshake.h();
                DTLSProtocol.a(dTLSRecordLayer, j2.f40015l);
                if (clientHandshakeState.f39675k) {
                    j2.f40009f = Arrays.m(clientHandshakeState.f39668d.e());
                    dTLSRecordLayer.l(clientHandshakeState.f39665a.u());
                    TlsClientContextImpl tlsClientContextImpl = clientHandshakeState.f39666b;
                    e(dTLSReliableHandshake.m((short) 20), TlsUtils.i(tlsClientContextImpl, ExporterLabel.f39807b, TlsProtocol.s(tlsClientContextImpl, dTLSReliableHandshake.f(), null)));
                    TlsClientContextImpl tlsClientContextImpl2 = clientHandshakeState.f39666b;
                    dTLSReliableHandshake.q((short) 20, TlsUtils.i(tlsClientContextImpl2, ExporterLabel.f39806a, TlsProtocol.s(tlsClientContextImpl2, dTLSReliableHandshake.f(), null)));
                    dTLSReliableHandshake.e();
                    clientHandshakeState.f39666b.m(clientHandshakeState.f39667c);
                    clientHandshakeState.f39665a.F();
                    return new DTLSTransport(dTLSRecordLayer);
                }
                m(clientHandshakeState);
                byte[] bArr = clientHandshakeState.f39674j;
                if (bArr.length > 0) {
                    clientHandshakeState.f39667c = new TlsSessionImpl(bArr, null);
                }
                DTLSReliableHandshake.Message l3 = dTLSReliableHandshake.l();
                if (l3.c() == 23) {
                    v(clientHandshakeState, l3.a());
                    l3 = dTLSReliableHandshake.l();
                } else {
                    clientHandshakeState.f39665a.C(null);
                }
                TlsKeyExchange a2 = clientHandshakeState.f39665a.a();
                clientHandshakeState.f39679o = a2;
                a2.a(clientHandshakeState.f39666b);
                if (l3.c() == 11) {
                    certificate = s(clientHandshakeState, l3.a());
                    message = dTLSReliableHandshake.l();
                } else {
                    clientHandshakeState.f39679o.o();
                    message = l3;
                    certificate = null;
                }
                if (certificate == null || certificate.f()) {
                    clientHandshakeState.f39677m = false;
                }
                if (message.c() == 22) {
                    p(clientHandshakeState, message.a());
                    message = dTLSReliableHandshake.l();
                }
                if (message.c() == 12) {
                    u(clientHandshakeState, message.a());
                    message = dTLSReliableHandshake.l();
                } else {
                    clientHandshakeState.f39679o.k();
                }
                if (message.c() == 13) {
                    o(clientHandshakeState, message.a());
                    TlsUtils.W0(dTLSReliableHandshake.f(), clientHandshakeState.f39682r.d());
                    message = dTLSReliableHandshake.l();
                }
                if (message.c() != 14) {
                    throw new TlsFatalAlert((short) 10);
                }
                if (message.a().length != 0) {
                    throw new TlsFatalAlert((short) 50);
                }
                dTLSReliableHandshake.f().o();
                Vector h2 = clientHandshakeState.f39665a.h();
                if (h2 != null) {
                    dTLSReliableHandshake.q((short) 23, DTLSProtocol.d(h2));
                }
                CertificateRequest certificateRequest = clientHandshakeState.f39682r;
                if (certificateRequest != null) {
                    TlsCredentials a3 = clientHandshakeState.f39680p.a(certificateRequest);
                    clientHandshakeState.f39683s = a3;
                    Certificate e2 = a3 != null ? a3.e() : null;
                    if (e2 == null) {
                        e2 = Certificate.f39580b;
                    }
                    dTLSReliableHandshake.q((short) 11, DTLSProtocol.c(e2));
                }
                TlsCredentials tlsCredentials = clientHandshakeState.f39683s;
                if (tlsCredentials != null) {
                    clientHandshakeState.f39679o.m(tlsCredentials);
                } else {
                    clientHandshakeState.f39679o.g();
                }
                dTLSReliableHandshake.q((short) 16, l(clientHandshakeState));
                TlsHandshakeHash j4 = dTLSReliableHandshake.j();
                j2.f40012i = TlsProtocol.s(clientHandshakeState.f39666b, j4, null);
                TlsProtocol.m(clientHandshakeState.f39666b, clientHandshakeState.f39679o);
                dTLSRecordLayer.l(clientHandshakeState.f39665a.u());
                TlsCredentials tlsCredentials2 = clientHandshakeState.f39683s;
                if (tlsCredentials2 != null && (tlsCredentials2 instanceof TlsSignerCredentials)) {
                    TlsSignerCredentials tlsSignerCredentials = (TlsSignerCredentials) tlsCredentials2;
                    SignatureAndHashAlgorithm V = TlsUtils.V(clientHandshakeState.f39666b, tlsSignerCredentials);
                    dTLSReliableHandshake.q((short) 15, j(clientHandshakeState, new DigitallySigned(V, tlsSignerCredentials.d(V == null ? j2.l() : j4.l(V.b())))));
                }
                TlsClientContextImpl tlsClientContextImpl3 = clientHandshakeState.f39666b;
                dTLSReliableHandshake.q((short) 20, TlsUtils.i(tlsClientContextImpl3, ExporterLabel.f39806a, TlsProtocol.s(tlsClientContextImpl3, dTLSReliableHandshake.f(), null)));
                if (clientHandshakeState.f39678n) {
                    DTLSReliableHandshake.Message l4 = dTLSReliableHandshake.l();
                    if (l4.c() != 4) {
                        throw new TlsFatalAlert((short) 10);
                    }
                    r(clientHandshakeState, l4.a());
                }
                TlsClientContextImpl tlsClientContextImpl4 = clientHandshakeState.f39666b;
                e(dTLSReliableHandshake.m((short) 20), TlsUtils.i(tlsClientContextImpl4, ExporterLabel.f39807b, TlsProtocol.s(tlsClientContextImpl4, dTLSReliableHandshake.f(), null)));
                dTLSReliableHandshake.e();
                if (clientHandshakeState.f39667c != null) {
                    clientHandshakeState.f39668d = new SessionParameters.Builder().b(j2.b()).c(j2.d()).d(j2.f()).f(certificate).e(j2.g()).h(j2.j()).i(clientHandshakeState.f39673i).a();
                    TlsSession a02 = TlsUtils.a0(clientHandshakeState.f39667c.a(), clientHandshakeState.f39668d);
                    clientHandshakeState.f39667c = a02;
                    clientHandshakeState.f39666b.m(a02);
                }
                clientHandshakeState.f39665a.F();
                return new DTLSTransport(dTLSRecordLayer);
            }
            if (!dTLSRecordLayer.j().i(clientHandshakeState.f39666b.c())) {
                throw new TlsFatalAlert((short) 47);
            }
            dTLSRecordLayer.r(null);
            byte[] n2 = n(k2, q(clientHandshakeState, l2.a()));
            dTLSReliableHandshake.p();
            dTLSReliableHandshake.q((short) 1, n2);
        }
    }

    public DTLSTransport i(TlsClient tlsClient, DatagramTransport datagramTransport) throws IOException {
        SessionParameters c2;
        if (tlsClient == null) {
            throw new IllegalArgumentException("'client' cannot be null");
        }
        if (datagramTransport == null) {
            throw new IllegalArgumentException("'transport' cannot be null");
        }
        SecurityParameters securityParameters = new SecurityParameters();
        securityParameters.f40004a = 1;
        ClientHandshakeState clientHandshakeState = new ClientHandshakeState();
        clientHandshakeState.f39665a = tlsClient;
        clientHandshakeState.f39666b = new TlsClientContextImpl(this.f39688a, securityParameters);
        securityParameters.f40010g = TlsProtocol.j(tlsClient.L(), clientHandshakeState.f39666b.i());
        tlsClient.k(clientHandshakeState.f39666b);
        DTLSRecordLayer dTLSRecordLayer = new DTLSRecordLayer(datagramTransport, clientHandshakeState.f39666b, tlsClient, (short) 22);
        TlsSession D = clientHandshakeState.f39665a.D();
        if (D != null && D.b() && (c2 = D.c()) != null) {
            clientHandshakeState.f39667c = D;
            clientHandshakeState.f39668d = c2;
        }
        try {
            try {
                return h(clientHandshakeState, dTLSRecordLayer);
            } catch (RuntimeException e2) {
                g(clientHandshakeState, dTLSRecordLayer, (short) 80);
                throw new TlsFatalAlert((short) 80, e2);
            } catch (TlsFatalAlert e3) {
                g(clientHandshakeState, dTLSRecordLayer, e3.getAlertDescription());
                throw e3;
            } catch (IOException e4) {
                g(clientHandshakeState, dTLSRecordLayer, (short) 80);
                throw e4;
            }
        } finally {
            securityParameters.a();
        }
    }

    public byte[] j(ClientHandshakeState clientHandshakeState, DigitallySigned digitallySigned) throws IOException {
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        digitallySigned.a(byteArrayOutputStream);
        return byteArrayOutputStream.toByteArray();
    }

    public byte[] k(ClientHandshakeState clientHandshakeState, TlsClient tlsClient) throws IOException {
        byte[] bArr;
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        ProtocolVersion c2 = tlsClient.c();
        if (!c2.h()) {
            throw new TlsFatalAlert((short) 80);
        }
        TlsClientContextImpl tlsClientContextImpl = clientHandshakeState.f39666b;
        tlsClientContextImpl.l(c2);
        TlsUtils.A1(c2, byteArrayOutputStream);
        byteArrayOutputStream.write(tlsClientContextImpl.j().c());
        byte[] bArr2 = TlsUtils.f40211a;
        TlsSession tlsSession = clientHandshakeState.f39667c;
        if (tlsSession == null || (bArr = tlsSession.a()) == null || bArr.length > 32) {
            bArr = bArr2;
        }
        TlsUtils.d1(bArr, byteArrayOutputStream);
        TlsUtils.d1(bArr2, byteArrayOutputStream);
        boolean f2 = tlsClient.f();
        clientHandshakeState.f39670f = tlsClient.s();
        Hashtable N = tlsClient.N();
        clientHandshakeState.f39672h = N;
        boolean z2 = TlsUtils.O(N, TlsProtocol.E) == null;
        boolean z3 = !Arrays.D(clientHandshakeState.f39670f, 255);
        if (z2 && z3) {
            clientHandshakeState.f39670f = Arrays.b(clientHandshakeState.f39670f, 255);
        }
        if (f2 && !Arrays.D(clientHandshakeState.f39670f, CipherSuite.Q3)) {
            clientHandshakeState.f39670f = Arrays.b(clientHandshakeState.f39670f, CipherSuite.Q3);
        }
        TlsUtils.i1(clientHandshakeState.f39670f, byteArrayOutputStream);
        short[] sArr = {0};
        clientHandshakeState.f39671g = sArr;
        TlsUtils.y1(sArr, byteArrayOutputStream);
        Hashtable hashtable = clientHandshakeState.f39672h;
        if (hashtable != null) {
            TlsProtocol.g0(byteArrayOutputStream, hashtable);
        }
        return byteArrayOutputStream.toByteArray();
    }

    public byte[] l(ClientHandshakeState clientHandshakeState) throws IOException {
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        clientHandshakeState.f39679o.h(byteArrayOutputStream);
        return byteArrayOutputStream.toByteArray();
    }

    public void m(ClientHandshakeState clientHandshakeState) {
        SessionParameters sessionParameters = clientHandshakeState.f39668d;
        if (sessionParameters != null) {
            sessionParameters.a();
            clientHandshakeState.f39668d = null;
        }
        TlsSession tlsSession = clientHandshakeState.f39667c;
        if (tlsSession != null) {
            tlsSession.invalidate();
            clientHandshakeState.f39667c = null;
        }
    }

    public void o(ClientHandshakeState clientHandshakeState, byte[] bArr) throws IOException {
        if (clientHandshakeState.f39680p == null) {
            throw new TlsFatalAlert((short) 40);
        }
        ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(bArr);
        clientHandshakeState.f39682r = CertificateRequest.e(clientHandshakeState.f39666b, byteArrayInputStream);
        TlsProtocol.c(byteArrayInputStream);
        clientHandshakeState.f39679o.e(clientHandshakeState.f39682r);
    }

    public void p(ClientHandshakeState clientHandshakeState, byte[] bArr) throws IOException {
        if (!clientHandshakeState.f39677m) {
            throw new TlsFatalAlert((short) 10);
        }
        ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(bArr);
        clientHandshakeState.f39681q = CertificateStatus.f(byteArrayInputStream);
        TlsProtocol.c(byteArrayInputStream);
    }

    public byte[] q(ClientHandshakeState clientHandshakeState, byte[] bArr) throws IOException {
        ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(bArr);
        ProtocolVersion S0 = TlsUtils.S0(byteArrayInputStream);
        byte[] E0 = TlsUtils.E0(byteArrayInputStream);
        TlsProtocol.c(byteArrayInputStream);
        if (!S0.i(clientHandshakeState.f39666b.c())) {
            throw new TlsFatalAlert((short) 47);
        }
        if (ProtocolVersion.f39954h.i(S0) || E0.length <= 32) {
            return E0;
        }
        throw new TlsFatalAlert((short) 47);
    }

    public void r(ClientHandshakeState clientHandshakeState, byte[] bArr) throws IOException {
        ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(bArr);
        NewSessionTicket d2 = NewSessionTicket.d(byteArrayInputStream);
        TlsProtocol.c(byteArrayInputStream);
        clientHandshakeState.f39665a.M(d2);
    }

    public Certificate s(ClientHandshakeState clientHandshakeState, byte[] bArr) throws IOException {
        ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(bArr);
        Certificate g2 = Certificate.g(byteArrayInputStream);
        TlsProtocol.c(byteArrayInputStream);
        clientHandshakeState.f39679o.l(g2);
        TlsAuthentication authentication = clientHandshakeState.f39665a.getAuthentication();
        clientHandshakeState.f39680p = authentication;
        authentication.b(g2);
        return g2;
    }

    public void t(ClientHandshakeState clientHandshakeState, byte[] bArr) throws IOException {
        TlsSession tlsSession;
        SecurityParameters j2 = clientHandshakeState.f39666b.j();
        ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(bArr);
        w(clientHandshakeState, TlsUtils.S0(byteArrayInputStream));
        j2.f40011h = TlsUtils.B0(32, byteArrayInputStream);
        byte[] E0 = TlsUtils.E0(byteArrayInputStream);
        clientHandshakeState.f39674j = E0;
        if (E0.length > 32) {
            throw new TlsFatalAlert((short) 47);
        }
        clientHandshakeState.f39665a.E(E0);
        byte[] bArr2 = clientHandshakeState.f39674j;
        boolean z2 = false;
        clientHandshakeState.f39675k = bArr2.length > 0 && (tlsSession = clientHandshakeState.f39667c) != null && Arrays.e(bArr2, tlsSession.a());
        int G0 = TlsUtils.G0(byteArrayInputStream);
        if (!Arrays.D(clientHandshakeState.f39670f, G0) || G0 == 0 || CipherSuite.a(G0) || !TlsUtils.l0(G0, clientHandshakeState.f39666b.b())) {
            throw new TlsFatalAlert((short) 47);
        }
        DTLSProtocol.f(G0, (short) 47);
        clientHandshakeState.f39665a.I(G0);
        short P0 = TlsUtils.P0(byteArrayInputStream);
        if (!Arrays.E(clientHandshakeState.f39671g, P0)) {
            throw new TlsFatalAlert((short) 47);
        }
        clientHandshakeState.f39665a.e(P0);
        Hashtable S = TlsProtocol.S(byteArrayInputStream);
        clientHandshakeState.f39673i = S;
        if (S != null) {
            Enumeration keys = S.keys();
            while (keys.hasMoreElements()) {
                Integer num = (Integer) keys.nextElement();
                if (!num.equals(TlsProtocol.E) && TlsUtils.O(clientHandshakeState.f39672h, num) == null) {
                    throw new TlsFatalAlert(AlertDescription.f39557y);
                }
            }
        }
        byte[] O = TlsUtils.O(clientHandshakeState.f39673i, TlsProtocol.E);
        if (O != null) {
            clientHandshakeState.f39676l = true;
            if (!Arrays.C(O, TlsProtocol.k(TlsUtils.f40211a))) {
                throw new TlsFatalAlert((short) 40);
            }
        }
        clientHandshakeState.f39665a.t(clientHandshakeState.f39676l);
        Hashtable hashtable = clientHandshakeState.f39672h;
        Hashtable hashtable2 = clientHandshakeState.f39673i;
        if (clientHandshakeState.f39675k) {
            if (G0 != clientHandshakeState.f39668d.c() || P0 != clientHandshakeState.f39668d.d()) {
                throw new TlsFatalAlert((short) 47);
            }
            hashtable = null;
            hashtable2 = clientHandshakeState.f39668d.j();
        }
        j2.f40005b = G0;
        j2.f40006c = P0;
        if (hashtable2 != null) {
            boolean x2 = TlsExtensionsUtils.x(hashtable2);
            if (x2 && !TlsUtils.c0(j2.b())) {
                throw new TlsFatalAlert((short) 47);
            }
            j2.f40017n = x2;
            j2.f40018o = TlsExtensionsUtils.y(hashtable2);
            j2.f40015l = DTLSProtocol.b(clientHandshakeState.f39675k, hashtable, hashtable2, (short) 47);
            j2.f40016m = TlsExtensionsUtils.z(hashtable2);
            clientHandshakeState.f39677m = !clientHandshakeState.f39675k && TlsUtils.X(hashtable2, TlsExtensionsUtils.f40117g, (short) 47);
            if (!clientHandshakeState.f39675k && TlsUtils.X(hashtable2, TlsProtocol.F, (short) 47)) {
                z2 = true;
            }
            clientHandshakeState.f39678n = z2;
        }
        if (hashtable != null) {
            clientHandshakeState.f39665a.m(hashtable2);
        }
        j2.f40007d = TlsProtocol.v(clientHandshakeState.f39666b, j2.b());
        j2.f40008e = 12;
    }

    public void u(ClientHandshakeState clientHandshakeState, byte[] bArr) throws IOException {
        ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(bArr);
        clientHandshakeState.f39679o.c(byteArrayInputStream);
        TlsProtocol.c(byteArrayInputStream);
    }

    public void v(ClientHandshakeState clientHandshakeState, byte[] bArr) throws IOException {
        clientHandshakeState.f39665a.C(TlsProtocol.V(new ByteArrayInputStream(bArr)));
    }

    public void w(ClientHandshakeState clientHandshakeState, ProtocolVersion protocolVersion) throws IOException {
        TlsClientContextImpl tlsClientContextImpl = clientHandshakeState.f39666b;
        ProtocolVersion b2 = tlsClientContextImpl.b();
        if (b2 == null) {
            tlsClientContextImpl.n(protocolVersion);
            clientHandshakeState.f39665a.w(protocolVersion);
        } else if (!b2.a(protocolVersion)) {
            throw new TlsFatalAlert((short) 47);
        }
    }
}
