package org.bouncycastle.crypto.tls;

import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.math.BigInteger;
import java.security.SecureRandom;
import org.bouncycastle.asn1.x509.KeyUsage;
import org.bouncycastle.asn1.x509.X509CertificateStructure;
import org.bouncycastle.asn1.x509.X509Extension;
import org.bouncycastle.asn1.x509.X509Extensions;
import org.bouncycastle.crypto.AsymmetricCipherKeyPair;
import org.bouncycastle.crypto.CryptoException;
import org.bouncycastle.crypto.Signer;
import org.bouncycastle.crypto.agreement.DHBasicAgreement;
import org.bouncycastle.crypto.agreement.srp.SRP6Client;
import org.bouncycastle.crypto.digests.SHA1Digest;
import org.bouncycastle.crypto.generators.DHBasicKeyPairGenerator;
import org.bouncycastle.crypto.io.SignerInputStream;
import org.bouncycastle.crypto.params.AsymmetricKeyParameter;
import org.bouncycastle.crypto.params.DHKeyGenerationParameters;
import org.bouncycastle.crypto.params.DHParameters;
import org.bouncycastle.crypto.params.DHPublicKeyParameters;
import org.bouncycastle.util.BigIntegers;

/* loaded from: classes3.dex */
public class TlsProtocolHandler {

    /* renamed from: a, reason: collision with root package name */
    private static final BigInteger f22472a = BigInteger.valueOf(1);

    /* renamed from: b, reason: collision with root package name */
    private static final BigInteger f22473b = BigInteger.valueOf(2);

    /* renamed from: c, reason: collision with root package name */
    private static final byte[] f22474c = new byte[0];

    /* renamed from: d, reason: collision with root package name */
    private ByteQueue f22475d;

    /* renamed from: e, reason: collision with root package name */
    private ByteQueue f22476e;

    /* renamed from: f, reason: collision with root package name */
    private ByteQueue f22477f;

    /* renamed from: g, reason: collision with root package name */
    private ByteQueue f22478g;

    /* renamed from: h, reason: collision with root package name */
    private RecordStream f22479h;

    /* renamed from: i, reason: collision with root package name */
    private SecureRandom f22480i;

    /* renamed from: j, reason: collision with root package name */
    private AsymmetricKeyParameter f22481j;

    /* renamed from: k, reason: collision with root package name */
    private boolean f22482k;

    /* renamed from: l, reason: collision with root package name */
    private boolean f22483l;
    private boolean m;
    private boolean n;
    private byte[] o;
    private byte[] p;
    private byte[] q;
    private TlsCipherSuite r;
    private BigInteger s;
    private byte[] t;
    private byte[] u;
    private BigInteger v;
    private byte[] w;
    private CertificateVerifyer x;
    private short y;

    private void a(ByteArrayInputStream byteArrayInputStream, Signer signer) throws IOException {
        InputStream inputStream;
        if (signer != null) {
            signer.a(false, this.f22481j);
            byte[] bArr = this.o;
            signer.update(bArr, 0, bArr.length);
            byte[] bArr2 = this.p;
            signer.update(bArr2, 0, bArr2.length);
            inputStream = new SignerInputStream(byteArrayInputStream, signer);
        } else {
            inputStream = byteArrayInputStream;
        }
        byte[] a2 = TlsUtils.a(inputStream);
        byte[] a3 = TlsUtils.a(inputStream);
        byte[] a4 = TlsUtils.a(inputStream);
        if (signer != null && !signer.a(TlsUtils.a(byteArrayInputStream))) {
            a((short) 2, (short) 42);
        }
        a(byteArrayInputStream);
        BigInteger bigInteger = new BigInteger(1, a2);
        BigInteger bigInteger2 = new BigInteger(1, a3);
        BigInteger bigInteger3 = new BigInteger(1, a4);
        if (!bigInteger.isProbablePrime(10)) {
            a((short) 2, (short) 47);
        }
        if (bigInteger2.compareTo(f22473b) < 0 || bigInteger2.compareTo(bigInteger.subtract(f22473b)) > 0) {
            a((short) 2, (short) 47);
        }
        if (bigInteger3.compareTo(f22473b) < 0 || bigInteger3.compareTo(bigInteger.subtract(f22472a)) > 0) {
            a((short) 2, (short) 47);
        }
        DHParameters dHParameters = new DHParameters(bigInteger, bigInteger2);
        DHBasicKeyPairGenerator dHBasicKeyPairGenerator = new DHBasicKeyPairGenerator();
        dHBasicKeyPairGenerator.a(new DHKeyGenerationParameters(this.f22480i, dHParameters));
        AsymmetricCipherKeyPair a5 = dHBasicKeyPairGenerator.a();
        this.v = ((DHPublicKeyParameters) a5.b()).c();
        DHBasicAgreement dHBasicAgreement = new DHBasicAgreement();
        dHBasicAgreement.a(a5.a());
        this.w = BigIntegers.a(dHBasicAgreement.b(new DHPublicKeyParameters(bigInteger3, dHParameters)));
    }

    private void a(X509CertificateStructure x509CertificateStructure, int i2) throws IOException {
        X509Extension a2;
        X509Extensions g2 = x509CertificateStructure.n().g();
        if (g2 == null || (a2 = g2.a(X509Extensions.f21461c)) == null || (KeyUsage.a(a2).f()[0] & 255 & i2) == i2) {
            return;
        }
        a((short) 2, (short) 46);
    }

    private void a(byte[] bArr) throws IOException {
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        TlsUtils.a((short) 16, (OutputStream) byteArrayOutputStream);
        TlsUtils.b(bArr.length + 2, byteArrayOutputStream);
        TlsUtils.a(bArr, byteArrayOutputStream);
        byte[] byteArray = byteArrayOutputStream.toByteArray();
        this.f22479h.a((short) 22, byteArray, 0, byteArray.length);
    }

    private void b(ByteArrayInputStream byteArrayInputStream, Signer signer) throws IOException {
        InputStream inputStream;
        if (signer != null) {
            signer.a(false, this.f22481j);
            byte[] bArr = this.o;
            signer.update(bArr, 0, bArr.length);
            byte[] bArr2 = this.p;
            signer.update(bArr2, 0, bArr2.length);
            inputStream = new SignerInputStream(byteArrayInputStream, signer);
        } else {
            inputStream = byteArrayInputStream;
        }
        byte[] a2 = TlsUtils.a(inputStream);
        byte[] a3 = TlsUtils.a(inputStream);
        byte[] b2 = TlsUtils.b(inputStream);
        byte[] a4 = TlsUtils.a(inputStream);
        if (signer != null && !signer.a(TlsUtils.a(byteArrayInputStream))) {
            a((short) 2, (short) 42);
        }
        a(byteArrayInputStream);
        BigInteger bigInteger = new BigInteger(1, a2);
        BigInteger bigInteger2 = new BigInteger(1, a3);
        BigInteger bigInteger3 = new BigInteger(1, a4);
        SRP6Client sRP6Client = new SRP6Client();
        sRP6Client.a(bigInteger, bigInteger2, new SHA1Digest(), this.f22480i);
        this.s = sRP6Client.a(b2, this.t, this.u);
        try {
            this.w = BigIntegers.a(sRP6Client.a(bigInteger3));
        } catch (CryptoException unused) {
            a((short) 2, (short) 47);
        }
    }

    private void c() throws IOException {
        while (this.f22477f.a() >= 2) {
            byte[] bArr = new byte[2];
            this.f22477f.a(bArr, 0, 2, 0);
            this.f22477f.b(2);
            short s = bArr[0];
            short s2 = bArr[1];
            if (s == 2) {
                this.f22483l = true;
                this.f22482k = true;
                try {
                    this.f22479h.a();
                } catch (Exception unused) {
                }
                throw new IOException("Internal TLS error, this could be an attack");
            }
            if (s2 == 0) {
                a((short) 1, (short) 0);
            }
        }
    }

    private void d() {
    }

    private void e() throws IOException {
        while (this.f22476e.a() > 0) {
            byte[] bArr = new byte[1];
            this.f22476e.a(bArr, 0, 1, 0);
            this.f22476e.b(1);
            if (bArr[0] != 1) {
                a((short) 2, (short) 10);
            } else if (this.y == 10) {
                RecordStream recordStream = this.f22479h;
                recordStream.f22456f = recordStream.f22457g;
                this.y = (short) 11;
            } else {
                a((short) 2, (short) 40);
            }
        }
    }

    /* JADX WARN: Code restructure failed: missing block: B:63:0x01a4, code lost:
    
        if (r4 != 3) goto L58;
     */
    /* JADX WARN: Removed duplicated region for block: B:101:0x0261  */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    private void f() throws java.io.IOException {
        /*
            Method dump skipped, instructions count: 810
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: org.bouncycastle.crypto.tls.TlsProtocolHandler.f():void");
    }

    private void g() throws IOException {
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        TlsUtils.a((short) 11, (OutputStream) byteArrayOutputStream);
        TlsUtils.b(3, byteArrayOutputStream);
        TlsUtils.b(0, byteArrayOutputStream);
        byte[] byteArray = byteArrayOutputStream.toByteArray();
        this.f22479h.a((short) 22, byteArray, 0, byteArray.length);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public int a(byte[] bArr, int i2, int i3) throws IOException {
        while (this.f22475d.a() == 0) {
            if (this.f22483l) {
                throw new IOException("Internal TLS error, this could be an attack");
            }
            if (this.f22482k) {
                return -1;
            }
            try {
                this.f22479h.c();
            } catch (IOException e2) {
                if (!this.f22482k) {
                    a((short) 2, (short) 80);
                }
                throw e2;
            } catch (RuntimeException e3) {
                if (!this.f22482k) {
                    a((short) 2, (short) 80);
                }
                throw e3;
            }
        }
        int min = Math.min(i3, this.f22475d.a());
        this.f22475d.a(bArr, i2, min, 0);
        this.f22475d.b(min);
        return min;
    }

    public void a() throws IOException {
        if (this.f22482k) {
            return;
        }
        a((short) 1, (short) 0);
    }

    protected void a(ByteArrayInputStream byteArrayInputStream) throws IOException {
        if (byteArrayInputStream.available() > 0) {
            a((short) 2, (short) 50);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void a(short s, short s2) throws IOException {
        if (this.f22482k) {
            throw new IOException("Internal TLS error, this could be an attack");
        }
        byte[] bArr = {(byte) s, (byte) s2};
        this.f22482k = true;
        if (s == 2) {
            this.f22483l = true;
        }
        this.f22479h.a((short) 21, bArr, 0, 2);
        this.f22479h.a();
        if (s == 2) {
            throw new IOException("Internal TLS error, this could be an attack");
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void a(short s, byte[] bArr, int i2, int i3) throws IOException {
        switch (s) {
            case 20:
                this.f22476e.a(bArr, i2, i3);
                e();
                return;
            case 21:
                this.f22477f.a(bArr, i2, i3);
                c();
                return;
            case 22:
                this.f22478g.a(bArr, i2, i3);
                f();
                return;
            case 23:
                if (!this.m) {
                    a((short) 2, (short) 10);
                }
                this.f22475d.a(bArr, i2, i3);
                d();
                return;
            default:
                return;
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void b() throws IOException {
        this.f22479h.b();
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void b(byte[] bArr, int i2, int i3) throws IOException {
        if (this.f22483l) {
            throw new IOException("Internal TLS error, this could be an attack");
        }
        if (this.f22482k) {
            throw new IOException("Sorry, connection has been closed, you cannot write more data");
        }
        this.f22479h.a((short) 23, f22474c, 0, 0);
        do {
            int min = Math.min(i3, 16384);
            try {
                this.f22479h.a((short) 23, bArr, i2, min);
                i2 += min;
                i3 -= min;
            } catch (IOException e2) {
                if (!this.f22482k) {
                    a((short) 2, (short) 80);
                }
                throw e2;
            } catch (RuntimeException e3) {
                if (!this.f22482k) {
                    a((short) 2, (short) 80);
                }
                throw e3;
            }
        } while (i3 > 0);
    }
}
