package org.spongycastle.crypto.tls;

import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.io.OutputStream;
import java.security.SecureRandom;
import java.util.Enumeration;
import java.util.Hashtable;
import java.util.Vector;
import org.spongycastle.crypto.tls.DTLSReliableHandshake;
import org.spongycastle.crypto.tls.SessionParameters;
import org.spongycastle.util.Arrays;

/* loaded from: classes4.dex */
public class DTLSClientProtocol extends DTLSProtocol {

    /* JADX INFO: Access modifiers changed from: protected */
    /* loaded from: classes4.dex */
    public static class ClientHandshakeState {

        /* renamed from: a, reason: collision with root package name */
        TlsClient f43086a = null;

        /* renamed from: b, reason: collision with root package name */
        TlsClientContextImpl f43087b = null;

        /* renamed from: c, reason: collision with root package name */
        TlsSession f43088c = null;

        /* renamed from: d, reason: collision with root package name */
        SessionParameters f43089d = null;

        /* renamed from: e, reason: collision with root package name */
        SessionParameters.Builder f43090e = null;

        /* renamed from: f, reason: collision with root package name */
        int[] f43091f = null;

        /* renamed from: g, reason: collision with root package name */
        short[] f43092g = null;

        /* renamed from: h, reason: collision with root package name */
        Hashtable f43093h = null;

        /* renamed from: i, reason: collision with root package name */
        Hashtable f43094i = null;

        /* renamed from: j, reason: collision with root package name */
        byte[] f43095j = null;

        /* renamed from: k, reason: collision with root package name */
        boolean f43096k = false;

        /* renamed from: l, reason: collision with root package name */
        boolean f43097l = false;

        /* renamed from: m, reason: collision with root package name */
        boolean f43098m = false;

        /* renamed from: n, reason: collision with root package name */
        boolean f43099n = false;

        /* renamed from: o, reason: collision with root package name */
        TlsKeyExchange f43100o = null;
        TlsAuthentication p = null;
        CertificateStatus q = null;
        CertificateRequest r = null;
        TlsCredentials s = null;

        protected ClientHandshakeState() {
        }
    }

    public DTLSClientProtocol(SecureRandom secureRandom) {
        super(secureRandom);
    }

    protected static byte[] b(byte[] bArr, byte[] bArr2) throws IOException {
        int e2 = 35 + TlsUtils.e(bArr, 34);
        int i2 = e2 + 1;
        byte[] bArr3 = new byte[bArr.length + bArr2.length];
        System.arraycopy(bArr, 0, bArr3, 0, e2);
        TlsUtils.c(bArr2.length);
        TlsUtils.c(bArr2.length, bArr3, e2);
        System.arraycopy(bArr2, 0, bArr3, i2, bArr2.length);
        System.arraycopy(bArr, i2, bArr3, bArr2.length + i2, bArr.length - i2);
        return bArr3;
    }

    protected DTLSTransport a(ClientHandshakeState clientHandshakeState, DTLSRecordLayer dTLSRecordLayer) throws IOException {
        DTLSReliableHandshake.Message message;
        Certificate certificate;
        SecurityParameters g2 = clientHandshakeState.f43087b.g();
        DTLSReliableHandshake dTLSReliableHandshake = new DTLSReliableHandshake(clientHandshakeState.f43087b, dTLSRecordLayer);
        byte[] a2 = a(clientHandshakeState, clientHandshakeState.f43086a);
        dTLSReliableHandshake.a((short) 1, a2);
        DTLSReliableHandshake.Message e2 = dTLSReliableHandshake.e();
        while (e2.c() == 3) {
            if (!dTLSRecordLayer.d().b(clientHandshakeState.f43087b.b())) {
                throw new TlsFatalAlert((short) 47);
            }
            byte[] b2 = b(a2, c(clientHandshakeState, e2.a()));
            dTLSReliableHandshake.f();
            dTLSReliableHandshake.a((short) 1, b2);
            e2 = dTLSReliableHandshake.e();
        }
        if (e2.c() != 2) {
            throw new TlsFatalAlert((short) 10);
        }
        a(clientHandshakeState, dTLSRecordLayer.c());
        f(clientHandshakeState, e2.a());
        dTLSReliableHandshake.c();
        DTLSProtocol.a(dTLSRecordLayer, g2.f43362l);
        if (clientHandshakeState.f43096k) {
            g2.f43356f = Arrays.a(clientHandshakeState.f43089d.e());
            dTLSRecordLayer.a(clientHandshakeState.f43086a.e());
            TlsClientContextImpl tlsClientContextImpl = clientHandshakeState.f43087b;
            a(dTLSReliableHandshake.a((short) 20), TlsUtils.a(tlsClientContextImpl, ExporterLabel.f43205b, TlsProtocol.a(tlsClientContextImpl, dTLSReliableHandshake.b(), (byte[]) null)));
            TlsClientContextImpl tlsClientContextImpl2 = clientHandshakeState.f43087b;
            dTLSReliableHandshake.a((short) 20, TlsUtils.a(tlsClientContextImpl2, ExporterLabel.f43204a, TlsProtocol.a(tlsClientContextImpl2, dTLSReliableHandshake.b(), (byte[]) null)));
            dTLSReliableHandshake.a();
            clientHandshakeState.f43087b.a(clientHandshakeState.f43088c);
            clientHandshakeState.f43086a.f();
            return new DTLSTransport(dTLSRecordLayer);
        }
        b(clientHandshakeState);
        byte[] bArr = clientHandshakeState.f43095j;
        if (bArr.length > 0) {
            clientHandshakeState.f43088c = new TlsSessionImpl(bArr, null);
        }
        DTLSReliableHandshake.Message e3 = dTLSReliableHandshake.e();
        if (e3.c() == 23) {
            h(clientHandshakeState, e3.a());
            e3 = dTLSReliableHandshake.e();
        } else {
            clientHandshakeState.f43086a.b(null);
        }
        clientHandshakeState.f43100o = clientHandshakeState.f43086a.d();
        clientHandshakeState.f43100o.a(clientHandshakeState.f43087b);
        if (e3.c() == 11) {
            certificate = e(clientHandshakeState, e3.a());
            message = dTLSReliableHandshake.e();
        } else {
            clientHandshakeState.f43100o.f();
            message = e3;
            certificate = null;
        }
        if (certificate == null || certificate.d()) {
            clientHandshakeState.f43098m = false;
        }
        if (message.c() == 22) {
            b(clientHandshakeState, message.a());
            message = dTLSReliableHandshake.e();
        }
        if (message.c() == 12) {
            g(clientHandshakeState, message.a());
            message = dTLSReliableHandshake.e();
        } else {
            clientHandshakeState.f43100o.d();
        }
        if (message.c() == 13) {
            a(clientHandshakeState, message.a());
            TlsUtils.a(dTLSReliableHandshake.b(), clientHandshakeState.r.c());
            message = dTLSReliableHandshake.e();
        }
        if (message.c() != 14) {
            throw new TlsFatalAlert((short) 10);
        }
        if (message.a().length != 0) {
            throw new TlsFatalAlert((short) 50);
        }
        dTLSReliableHandshake.b().g();
        Vector j2 = clientHandshakeState.f43086a.j();
        if (j2 != null) {
            dTLSReliableHandshake.a((short) 23, DTLSProtocol.a(j2));
        }
        CertificateRequest certificateRequest = clientHandshakeState.r;
        if (certificateRequest != null) {
            clientHandshakeState.s = clientHandshakeState.p.a(certificateRequest);
            TlsCredentials tlsCredentials = clientHandshakeState.s;
            Certificate a3 = tlsCredentials != null ? tlsCredentials.a() : null;
            if (a3 == null) {
                a3 = Certificate.f43026b;
            }
            dTLSReliableHandshake.a((short) 11, DTLSProtocol.a(a3));
        }
        TlsCredentials tlsCredentials2 = clientHandshakeState.s;
        if (tlsCredentials2 != null) {
            clientHandshakeState.f43100o.a(tlsCredentials2);
        } else {
            clientHandshakeState.f43100o.b();
        }
        dTLSReliableHandshake.a((short) 16, a(clientHandshakeState));
        TlsHandshakeHash d2 = dTLSReliableHandshake.d();
        g2.f43359i = TlsProtocol.a(clientHandshakeState.f43087b, d2, (byte[]) null);
        TlsProtocol.a(clientHandshakeState.f43087b, clientHandshakeState.f43100o);
        dTLSRecordLayer.a(clientHandshakeState.f43086a.e());
        TlsCredentials tlsCredentials3 = clientHandshakeState.s;
        if (tlsCredentials3 != null && (tlsCredentials3 instanceof TlsSignerCredentials)) {
            TlsSignerCredentials tlsSignerCredentials = (TlsSignerCredentials) tlsCredentials3;
            SignatureAndHashAlgorithm a4 = TlsUtils.a(clientHandshakeState.f43087b, tlsSignerCredentials);
            dTLSReliableHandshake.a((short) 15, a(clientHandshakeState, new DigitallySigned(a4, tlsSignerCredentials.b(a4 == null ? g2.l() : d2.b(a4.a())))));
        }
        TlsClientContextImpl tlsClientContextImpl3 = clientHandshakeState.f43087b;
        dTLSReliableHandshake.a((short) 20, TlsUtils.a(tlsClientContextImpl3, ExporterLabel.f43204a, TlsProtocol.a(tlsClientContextImpl3, dTLSReliableHandshake.b(), (byte[]) null)));
        if (clientHandshakeState.f43099n) {
            DTLSReliableHandshake.Message e4 = dTLSReliableHandshake.e();
            if (e4.c() != 4) {
                throw new TlsFatalAlert((short) 10);
            }
            d(clientHandshakeState, e4.a());
        }
        TlsClientContextImpl tlsClientContextImpl4 = clientHandshakeState.f43087b;
        a(dTLSReliableHandshake.a((short) 20), TlsUtils.a(tlsClientContextImpl4, ExporterLabel.f43205b, TlsProtocol.a(tlsClientContextImpl4, dTLSReliableHandshake.b(), (byte[]) null)));
        dTLSReliableHandshake.a();
        if (clientHandshakeState.f43088c != null) {
            clientHandshakeState.f43089d = new SessionParameters.Builder().a(g2.b()).a(g2.d()).a(g2.f()).a(certificate).b(g2.g()).d(g2.j()).a(clientHandshakeState.f43094i).a();
            clientHandshakeState.f43088c = TlsUtils.a(clientHandshakeState.f43088c.a(), clientHandshakeState.f43089d);
            clientHandshakeState.f43087b.a(clientHandshakeState.f43088c);
        }
        clientHandshakeState.f43086a.f();
        return new DTLSTransport(dTLSRecordLayer);
    }

    public DTLSTransport a(TlsClient tlsClient, DatagramTransport datagramTransport) throws IOException {
        SessionParameters c2;
        if (tlsClient == null) {
            throw new IllegalArgumentException("'client' cannot be null");
        }
        if (datagramTransport == null) {
            throw new IllegalArgumentException("'transport' cannot be null");
        }
        SecurityParameters securityParameters = new SecurityParameters();
        securityParameters.f43351a = 1;
        ClientHandshakeState clientHandshakeState = new ClientHandshakeState();
        clientHandshakeState.f43086a = tlsClient;
        clientHandshakeState.f43087b = new TlsClientContextImpl(this.f43105a, securityParameters);
        securityParameters.f43357g = TlsProtocol.a(tlsClient.g(), clientHandshakeState.f43087b.f());
        tlsClient.a(clientHandshakeState.f43087b);
        DTLSRecordLayer dTLSRecordLayer = new DTLSRecordLayer(datagramTransport, clientHandshakeState.f43087b, tlsClient, (short) 22);
        TlsSession r = clientHandshakeState.f43086a.r();
        if (r != null && r.b() && (c2 = r.c()) != null) {
            clientHandshakeState.f43088c = r;
            clientHandshakeState.f43089d = c2;
        }
        try {
            return a(clientHandshakeState, dTLSRecordLayer);
        } catch (TlsFatalAlert e2) {
            dTLSRecordLayer.a(e2.a());
            throw e2;
        } catch (IOException e3) {
            dTLSRecordLayer.a((short) 80);
            throw e3;
        } catch (RuntimeException e4) {
            dTLSRecordLayer.a((short) 80);
            throw new TlsFatalAlert((short) 80, e4);
        }
    }

    protected void a(ClientHandshakeState clientHandshakeState, ProtocolVersion protocolVersion) throws IOException {
        TlsClientContextImpl tlsClientContextImpl = clientHandshakeState.f43087b;
        ProtocolVersion a2 = tlsClientContextImpl.a();
        if (a2 == null) {
            tlsClientContextImpl.b(protocolVersion);
            clientHandshakeState.f43086a.a(protocolVersion);
        } else if (!a2.a(protocolVersion)) {
            throw new TlsFatalAlert((short) 47);
        }
    }

    protected void a(ClientHandshakeState clientHandshakeState, byte[] bArr) throws IOException {
        if (clientHandshakeState.p == null) {
            throw new TlsFatalAlert((short) 40);
        }
        ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(bArr);
        clientHandshakeState.r = CertificateRequest.a(clientHandshakeState.f43087b, byteArrayInputStream);
        TlsProtocol.b(byteArrayInputStream);
        clientHandshakeState.f43100o.a(clientHandshakeState.r);
    }

    protected byte[] a(ClientHandshakeState clientHandshakeState) throws IOException {
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        clientHandshakeState.f43100o.a(byteArrayOutputStream);
        return byteArrayOutputStream.toByteArray();
    }

    protected byte[] a(ClientHandshakeState clientHandshakeState, DigitallySigned digitallySigned) throws IOException {
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        digitallySigned.a(byteArrayOutputStream);
        return byteArrayOutputStream.toByteArray();
    }

    protected byte[] a(ClientHandshakeState clientHandshakeState, TlsClient tlsClient) throws IOException {
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        ProtocolVersion b2 = tlsClient.b();
        if (!b2.e()) {
            throw new TlsFatalAlert((short) 80);
        }
        TlsClientContextImpl tlsClientContextImpl = clientHandshakeState.f43087b;
        tlsClientContextImpl.a(b2);
        TlsUtils.a(b2, byteArrayOutputStream);
        byteArrayOutputStream.write(tlsClientContextImpl.g().c());
        byte[] bArr = TlsUtils.f43527a;
        TlsSession tlsSession = clientHandshakeState.f43088c;
        if (tlsSession != null && ((bArr = tlsSession.a()) == null || bArr.length > 32)) {
            bArr = TlsUtils.f43527a;
        }
        TlsUtils.c(bArr, byteArrayOutputStream);
        TlsUtils.c(TlsUtils.f43527a, byteArrayOutputStream);
        boolean h2 = tlsClient.h();
        clientHandshakeState.f43091f = tlsClient.p();
        clientHandshakeState.f43093h = tlsClient.v();
        boolean z = TlsUtils.a(clientHandshakeState.f43093h, TlsProtocol.A) == null;
        boolean z2 = !Arrays.b(clientHandshakeState.f43091f, 255);
        if (z && z2) {
            clientHandshakeState.f43091f = Arrays.a(clientHandshakeState.f43091f, 255);
        }
        if (h2 && !Arrays.b(clientHandshakeState.f43091f, CipherSuite.j4)) {
            clientHandshakeState.f43091f = Arrays.a(clientHandshakeState.f43091f, CipherSuite.j4);
        }
        TlsUtils.b(clientHandshakeState.f43091f, byteArrayOutputStream);
        clientHandshakeState.f43092g = new short[]{0};
        TlsUtils.b(clientHandshakeState.f43092g, (OutputStream) byteArrayOutputStream);
        Hashtable hashtable = clientHandshakeState.f43093h;
        if (hashtable != null) {
            TlsProtocol.a(byteArrayOutputStream, hashtable);
        }
        return byteArrayOutputStream.toByteArray();
    }

    protected void b(ClientHandshakeState clientHandshakeState) {
        SessionParameters sessionParameters = clientHandshakeState.f43089d;
        if (sessionParameters != null) {
            sessionParameters.a();
            clientHandshakeState.f43089d = null;
        }
        TlsSession tlsSession = clientHandshakeState.f43088c;
        if (tlsSession != null) {
            tlsSession.invalidate();
            clientHandshakeState.f43088c = null;
        }
    }

    protected void b(ClientHandshakeState clientHandshakeState, byte[] bArr) throws IOException {
        if (!clientHandshakeState.f43098m) {
            throw new TlsFatalAlert((short) 10);
        }
        ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(bArr);
        clientHandshakeState.q = CertificateStatus.a(byteArrayInputStream);
        TlsProtocol.b(byteArrayInputStream);
    }

    protected byte[] c(ClientHandshakeState clientHandshakeState, byte[] bArr) throws IOException {
        ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(bArr);
        ProtocolVersion i2 = TlsUtils.i(byteArrayInputStream);
        byte[] c2 = TlsUtils.c(byteArrayInputStream);
        TlsProtocol.b(byteArrayInputStream);
        if (!i2.b(clientHandshakeState.f43087b.b())) {
            throw new TlsFatalAlert((short) 47);
        }
        if (ProtocolVersion.f43319h.b(i2) || c2.length <= 32) {
            return c2;
        }
        throw new TlsFatalAlert((short) 47);
    }

    protected void d(ClientHandshakeState clientHandshakeState, byte[] bArr) throws IOException {
        ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(bArr);
        NewSessionTicket a2 = NewSessionTicket.a(byteArrayInputStream);
        TlsProtocol.b(byteArrayInputStream);
        clientHandshakeState.f43086a.a(a2);
    }

    protected Certificate e(ClientHandshakeState clientHandshakeState, byte[] bArr) throws IOException {
        ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(bArr);
        Certificate a2 = Certificate.a(byteArrayInputStream);
        TlsProtocol.b(byteArrayInputStream);
        clientHandshakeState.f43100o.b(a2);
        clientHandshakeState.p = clientHandshakeState.f43086a.O();
        clientHandshakeState.p.a(a2);
        return a2;
    }

    protected void f(ClientHandshakeState clientHandshakeState, byte[] bArr) throws IOException {
        TlsSession tlsSession;
        SecurityParameters g2 = clientHandshakeState.f43087b.g();
        ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(bArr);
        a(clientHandshakeState, TlsUtils.i(byteArrayInputStream));
        g2.f43358h = TlsUtils.b(32, byteArrayInputStream);
        clientHandshakeState.f43095j = TlsUtils.c(byteArrayInputStream);
        byte[] bArr2 = clientHandshakeState.f43095j;
        if (bArr2.length > 32) {
            throw new TlsFatalAlert((short) 47);
        }
        clientHandshakeState.f43086a.a(bArr2);
        byte[] bArr3 = clientHandshakeState.f43095j;
        boolean z = false;
        clientHandshakeState.f43096k = bArr3.length > 0 && (tlsSession = clientHandshakeState.f43088c) != null && Arrays.a(bArr3, tlsSession.a());
        int d2 = TlsUtils.d(byteArrayInputStream);
        if (!Arrays.b(clientHandshakeState.f43091f, d2) || d2 == 0 || CipherSuite.a(d2) || !TlsUtils.a(d2, clientHandshakeState.f43087b.a())) {
            throw new TlsFatalAlert((short) 47);
        }
        DTLSProtocol.a(d2, (short) 47);
        clientHandshakeState.f43086a.a(d2);
        short h2 = TlsUtils.h(byteArrayInputStream);
        if (!Arrays.b(clientHandshakeState.f43092g, h2)) {
            throw new TlsFatalAlert((short) 47);
        }
        clientHandshakeState.f43086a.a(h2);
        clientHandshakeState.f43094i = TlsProtocol.c(byteArrayInputStream);
        Hashtable hashtable = clientHandshakeState.f43094i;
        if (hashtable != null) {
            Enumeration keys = hashtable.keys();
            while (keys.hasMoreElements()) {
                Integer num = (Integer) keys.nextElement();
                if (!num.equals(TlsProtocol.A)) {
                    if (TlsUtils.a(clientHandshakeState.f43093h, num) == null) {
                        throw new TlsFatalAlert(AlertDescription.y);
                    }
                    boolean z2 = clientHandshakeState.f43096k;
                }
            }
        }
        byte[] a2 = TlsUtils.a(clientHandshakeState.f43094i, TlsProtocol.A);
        if (a2 != null) {
            clientHandshakeState.f43097l = true;
            if (!Arrays.d(a2, TlsProtocol.a(TlsUtils.f43527a))) {
                throw new TlsFatalAlert((short) 40);
            }
        }
        clientHandshakeState.f43086a.a(clientHandshakeState.f43097l);
        Hashtable hashtable2 = clientHandshakeState.f43093h;
        Hashtable hashtable3 = clientHandshakeState.f43094i;
        if (clientHandshakeState.f43096k) {
            if (d2 != clientHandshakeState.f43089d.c() || h2 != clientHandshakeState.f43089d.d()) {
                throw new TlsFatalAlert((short) 47);
            }
            hashtable2 = null;
            hashtable3 = clientHandshakeState.f43089d.j();
        }
        g2.f43352b = d2;
        g2.f43353c = h2;
        if (hashtable3 != null) {
            boolean i2 = TlsExtensionsUtils.i(hashtable3);
            if (i2 && !TlsUtils.l(g2.b())) {
                throw new TlsFatalAlert((short) 47);
            }
            g2.f43364n = i2;
            g2.f43365o = TlsExtensionsUtils.j(hashtable3);
            g2.f43362l = DTLSProtocol.a(clientHandshakeState.f43096k, hashtable2, hashtable3, (short) 47);
            g2.f43363m = TlsExtensionsUtils.k(hashtable3);
            clientHandshakeState.f43098m = !clientHandshakeState.f43096k && TlsUtils.a(hashtable3, TlsExtensionsUtils.f43453f, (short) 47);
            if (!clientHandshakeState.f43096k && TlsUtils.a(hashtable3, TlsProtocol.B, (short) 47)) {
                z = true;
            }
            clientHandshakeState.f43099n = z;
        }
        if (hashtable2 != null) {
            clientHandshakeState.f43086a.a(hashtable3);
        }
        g2.f43354d = TlsProtocol.a(clientHandshakeState.f43087b, g2.b());
        g2.f43355e = 12;
    }

    protected void g(ClientHandshakeState clientHandshakeState, byte[] bArr) throws IOException {
        ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(bArr);
        clientHandshakeState.f43100o.a(byteArrayInputStream);
        TlsProtocol.b(byteArrayInputStream);
    }

    protected void h(ClientHandshakeState clientHandshakeState, byte[] bArr) throws IOException {
        clientHandshakeState.f43086a.b(TlsProtocol.d(new ByteArrayInputStream(bArr)));
    }
}
