package org.spongycastle.crypto.tls;

import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.security.SecureRandom;
import java.util.Enumeration;
import java.util.Hashtable;
import java.util.Vector;
import org.spongycastle.crypto.tls.DTLSReliableHandshake;
import org.spongycastle.crypto.tls.SessionParameters;
import org.spongycastle.util.Arrays;

/* loaded from: classes7.dex */
public class DTLSClientProtocol extends DTLSProtocol {

    /* JADX INFO: Access modifiers changed from: protected */
    /* loaded from: classes7.dex */
    public static class ClientHandshakeState {

        /* renamed from: a, reason: collision with root package name */
        TlsClient f69282a = null;

        /* renamed from: b, reason: collision with root package name */
        TlsClientContextImpl f69283b = null;

        /* renamed from: c, reason: collision with root package name */
        TlsSession f69284c = null;

        /* renamed from: d, reason: collision with root package name */
        SessionParameters f69285d = null;

        /* renamed from: e, reason: collision with root package name */
        SessionParameters.Builder f69286e = null;

        /* renamed from: f, reason: collision with root package name */
        int[] f69287f = null;

        /* renamed from: g, reason: collision with root package name */
        short[] f69288g = null;

        /* renamed from: h, reason: collision with root package name */
        Hashtable f69289h = null;
        byte[] i = null;
        int j = -1;
        short k = -1;
        boolean l = false;
        short m = -1;
        boolean n = false;
        boolean o = false;
        TlsKeyExchange p = null;
        TlsAuthentication q = null;
        CertificateStatus r = null;
        CertificateRequest s = null;
        TlsCredentials t = null;

        protected ClientHandshakeState() {
        }
    }

    public DTLSClientProtocol(SecureRandom secureRandom) {
        super(secureRandom);
    }

    protected static byte[] l(byte[] bArr, byte[] bArr2) throws IOException {
        int r0 = 35 + TlsUtils.r0(bArr, 34);
        int i = r0 + 1;
        byte[] bArr3 = new byte[bArr.length + bArr2.length];
        System.arraycopy(bArr, 0, bArr3, 0, r0);
        TlsUtils.n(bArr2.length);
        TlsUtils.T0(bArr2.length, bArr3, r0);
        System.arraycopy(bArr2, 0, bArr3, i, bArr2.length);
        System.arraycopy(bArr, i, bArr3, bArr2.length + i, bArr.length - i);
        return bArr3;
    }

    protected DTLSTransport f(ClientHandshakeState clientHandshakeState, DTLSRecordLayer dTLSRecordLayer) throws IOException {
        DTLSReliableHandshake.Message message;
        Certificate certificate;
        byte[] l;
        SignatureAndHashAlgorithm signatureAndHashAlgorithm;
        TlsSession tlsSession;
        SecurityParameters i = clientHandshakeState.f69283b.i();
        DTLSReliableHandshake dTLSReliableHandshake = new DTLSReliableHandshake(clientHandshakeState.f69283b, dTLSRecordLayer);
        byte[] i2 = i(clientHandshakeState, clientHandshakeState.f69282a);
        dTLSReliableHandshake.r((short) 1, i2);
        DTLSReliableHandshake.Message m = dTLSReliableHandshake.m();
        while (m.c() == 3) {
            if (!dTLSRecordLayer.m().g(clientHandshakeState.f69283b.c())) {
                throw new TlsFatalAlert((short) 47);
            }
            byte[] l2 = l(i2, o(clientHandshakeState, m.a()));
            dTLSReliableHandshake.q();
            dTLSReliableHandshake.r((short) 1, l2);
            m = dTLSReliableHandshake.m();
        }
        if (m.c() != 2) {
            throw new TlsFatalAlert((short) 10);
        }
        u(clientHandshakeState, dTLSRecordLayer.g());
        r(clientHandshakeState, m.a());
        short s = clientHandshakeState.m;
        if (s >= 0) {
            dTLSRecordLayer.p(1 << (s + 8));
        }
        int i3 = clientHandshakeState.j;
        i.f69479b = i3;
        i.f69480c = clientHandshakeState.k;
        i.f69481d = TlsProtocol.o(clientHandshakeState.f69283b, i3);
        i.f69482e = 12;
        dTLSReliableHandshake.j();
        byte[] bArr = clientHandshakeState.i;
        if (bArr.length > 0 && (tlsSession = clientHandshakeState.f69284c) != null && Arrays.c(bArr, tlsSession.a())) {
            if (i.c() != clientHandshakeState.f69285d.c() || i.e() != clientHandshakeState.f69285d.d()) {
                throw new TlsFatalAlert((short) 47);
            }
            i.f69483f = Arrays.i(clientHandshakeState.f69285d.e());
            dTLSRecordLayer.j(clientHandshakeState.f69282a.r());
            TlsClientContextImpl tlsClientContextImpl = clientHandshakeState.f69283b;
            d(dTLSReliableHandshake.n((short) 20), TlsUtils.h(tlsClientContextImpl, ExporterLabel.f69376b, TlsProtocol.l(tlsClientContextImpl, dTLSReliableHandshake.i(), null)));
            TlsClientContextImpl tlsClientContextImpl2 = clientHandshakeState.f69283b;
            dTLSReliableHandshake.r((short) 20, TlsUtils.h(tlsClientContextImpl2, ExporterLabel.f69375a, TlsProtocol.l(tlsClientContextImpl2, dTLSReliableHandshake.i(), null)));
            dTLSReliableHandshake.h();
            clientHandshakeState.f69283b.k(clientHandshakeState.f69284c);
            clientHandshakeState.f69282a.B();
            return new DTLSTransport(dTLSRecordLayer);
        }
        k(clientHandshakeState);
        byte[] bArr2 = clientHandshakeState.i;
        if (bArr2.length > 0) {
            clientHandshakeState.f69284c = new TlsSessionImpl(bArr2, null);
        }
        DTLSReliableHandshake.Message m2 = dTLSReliableHandshake.m();
        if (m2.c() == 23) {
            t(clientHandshakeState, m2.a());
            m2 = dTLSReliableHandshake.m();
        } else {
            clientHandshakeState.f69282a.y(null);
        }
        TlsKeyExchange a2 = clientHandshakeState.f69282a.a();
        clientHandshakeState.p = a2;
        a2.a(clientHandshakeState.f69283b);
        if (m2.c() == 11) {
            certificate = q(clientHandshakeState, m2.a());
            message = dTLSReliableHandshake.m();
        } else {
            clientHandshakeState.p.o();
            message = m2;
            certificate = null;
        }
        if (certificate == null || certificate.g()) {
            clientHandshakeState.n = false;
        }
        if (message.c() == 22) {
            n(clientHandshakeState, message.a());
            message = dTLSReliableHandshake.m();
        }
        if (message.c() == 12) {
            s(clientHandshakeState, message.a());
            message = dTLSReliableHandshake.m();
        } else {
            clientHandshakeState.p.k();
        }
        if (message.c() == 13) {
            m(clientHandshakeState, message.a());
            TlsUtils.x0(dTLSReliableHandshake.i(), clientHandshakeState.s.d());
            message = dTLSReliableHandshake.m();
        }
        if (message.c() != 14) {
            throw new TlsFatalAlert((short) 10);
        }
        if (message.a().length != 0) {
            throw new TlsFatalAlert((short) 50);
        }
        dTLSReliableHandshake.i().o();
        Vector f2 = clientHandshakeState.f69282a.f();
        if (f2 != null) {
            dTLSReliableHandshake.r((short) 23, DTLSProtocol.c(f2));
        }
        CertificateRequest certificateRequest = clientHandshakeState.s;
        if (certificateRequest != null) {
            TlsCredentials a3 = clientHandshakeState.q.a(certificateRequest);
            clientHandshakeState.t = a3;
            Certificate e2 = a3 != null ? a3.e() : null;
            if (e2 == null) {
                e2 = Certificate.f69233b;
            }
            dTLSReliableHandshake.r((short) 11, DTLSProtocol.b(e2));
        }
        TlsCredentials tlsCredentials = clientHandshakeState.t;
        if (tlsCredentials != null) {
            clientHandshakeState.p.f(tlsCredentials);
        } else {
            clientHandshakeState.p.g();
        }
        dTLSReliableHandshake.r((short) 16, j(clientHandshakeState));
        TlsProtocol.h(clientHandshakeState.f69283b, clientHandshakeState.p);
        dTLSRecordLayer.j(clientHandshakeState.f69282a.r());
        TlsHandshakeHash l3 = dTLSReliableHandshake.l();
        TlsCredentials tlsCredentials2 = clientHandshakeState.t;
        if (tlsCredentials2 != null && (tlsCredentials2 instanceof TlsSignerCredentials)) {
            TlsSignerCredentials tlsSignerCredentials = (TlsSignerCredentials) tlsCredentials2;
            if (TlsUtils.Q(clientHandshakeState.f69283b)) {
                signatureAndHashAlgorithm = tlsSignerCredentials.c();
                if (signatureAndHashAlgorithm == null) {
                    throw new TlsFatalAlert((short) 80);
                }
                l = l3.m(signatureAndHashAlgorithm.b());
            } else {
                l = TlsProtocol.l(clientHandshakeState.f69283b, l3, null);
                signatureAndHashAlgorithm = null;
            }
            dTLSReliableHandshake.r((short) 15, h(clientHandshakeState, new DigitallySigned(signatureAndHashAlgorithm, tlsSignerCredentials.d(l))));
        }
        TlsClientContextImpl tlsClientContextImpl3 = clientHandshakeState.f69283b;
        dTLSReliableHandshake.r((short) 20, TlsUtils.h(tlsClientContextImpl3, ExporterLabel.f69375a, TlsProtocol.l(tlsClientContextImpl3, dTLSReliableHandshake.i(), null)));
        if (clientHandshakeState.o) {
            DTLSReliableHandshake.Message m3 = dTLSReliableHandshake.m();
            if (m3.c() != 4) {
                throw new TlsFatalAlert((short) 10);
            }
            p(clientHandshakeState, m3.a());
        }
        TlsClientContextImpl tlsClientContextImpl4 = clientHandshakeState.f69283b;
        d(dTLSReliableHandshake.n((short) 20), TlsUtils.h(tlsClientContextImpl4, ExporterLabel.f69376b, TlsProtocol.l(tlsClientContextImpl4, dTLSReliableHandshake.i(), null)));
        dTLSReliableHandshake.h();
        if (clientHandshakeState.f69284c != null) {
            clientHandshakeState.f69285d = new SessionParameters.Builder().b(i.f69479b).c(i.f69480c).d(i.f69483f).e(certificate).a();
            TlsSession M = TlsUtils.M(clientHandshakeState.f69284c.a(), clientHandshakeState.f69285d);
            clientHandshakeState.f69284c = M;
            clientHandshakeState.f69283b.k(M);
        }
        clientHandshakeState.f69282a.B();
        return new DTLSTransport(dTLSRecordLayer);
    }

    public DTLSTransport g(TlsClient tlsClient, DatagramTransport datagramTransport) throws IOException {
        SessionParameters c2;
        if (tlsClient == null) {
            throw new IllegalArgumentException("'client' cannot be null");
        }
        if (datagramTransport == null) {
            throw new IllegalArgumentException("'transport' cannot be null");
        }
        SecurityParameters securityParameters = new SecurityParameters();
        securityParameters.f69478a = 1;
        securityParameters.f69484g = TlsProtocol.e(this.f69294a);
        ClientHandshakeState clientHandshakeState = new ClientHandshakeState();
        clientHandshakeState.f69282a = tlsClient;
        TlsClientContextImpl tlsClientContextImpl = new TlsClientContextImpl(this.f69294a, securityParameters);
        clientHandshakeState.f69283b = tlsClientContextImpl;
        tlsClient.i(tlsClientContextImpl);
        DTLSRecordLayer dTLSRecordLayer = new DTLSRecordLayer(datagramTransport, clientHandshakeState.f69283b, tlsClient, (short) 22);
        TlsSession z = clientHandshakeState.f69282a.z();
        if (z != null && (c2 = z.c()) != null) {
            clientHandshakeState.f69284c = z;
            clientHandshakeState.f69285d = c2;
        }
        try {
            return f(clientHandshakeState, dTLSRecordLayer);
        } catch (TlsFatalAlert e2) {
            dTLSRecordLayer.f(e2.a());
            throw e2;
        } catch (IOException e3) {
            dTLSRecordLayer.f((short) 80);
            throw e3;
        } catch (RuntimeException unused) {
            dTLSRecordLayer.f((short) 80);
            throw new TlsFatalAlert((short) 80);
        }
    }

    protected byte[] h(ClientHandshakeState clientHandshakeState, DigitallySigned digitallySigned) throws IOException {
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        digitallySigned.a(byteArrayOutputStream);
        return byteArrayOutputStream.toByteArray();
    }

    protected byte[] i(ClientHandshakeState clientHandshakeState, TlsClient tlsClient) throws IOException {
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        ProtocolVersion c2 = tlsClient.c();
        if (!c2.f()) {
            throw new TlsFatalAlert((short) 80);
        }
        clientHandshakeState.f69283b.a(c2);
        TlsUtils.a1(c2, byteArrayOutputStream);
        byteArrayOutputStream.write(clientHandshakeState.f69283b.i().d());
        byte[] bArr = TlsUtils.f69592a;
        TlsSession tlsSession = clientHandshakeState.f69284c;
        if (tlsSession != null && ((bArr = tlsSession.a()) == null || bArr.length > 32)) {
            bArr = TlsUtils.f69592a;
        }
        TlsUtils.D0(bArr, byteArrayOutputStream);
        TlsUtils.D0(TlsUtils.f69592a, byteArrayOutputStream);
        clientHandshakeState.f69287f = tlsClient.p();
        Hashtable I = tlsClient.I();
        clientHandshakeState.f69289h = I;
        boolean z = TlsUtils.F(I, TlsProtocol.A) == null;
        boolean z2 = !Arrays.v(clientHandshakeState.f69287f, 255);
        if (z && z2) {
            clientHandshakeState.f69287f = Arrays.b(clientHandshakeState.f69287f, 255);
        }
        TlsUtils.I0(clientHandshakeState.f69287f, byteArrayOutputStream);
        short[] sArr = {0};
        clientHandshakeState.f69288g = sArr;
        TlsUtils.Y0(sArr, byteArrayOutputStream);
        Hashtable hashtable = clientHandshakeState.f69289h;
        if (hashtable != null) {
            TlsProtocol.O(byteArrayOutputStream, hashtable);
        }
        return byteArrayOutputStream.toByteArray();
    }

    protected byte[] j(ClientHandshakeState clientHandshakeState) throws IOException {
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        clientHandshakeState.p.h(byteArrayOutputStream);
        return byteArrayOutputStream.toByteArray();
    }

    protected void k(ClientHandshakeState clientHandshakeState) {
        SessionParameters sessionParameters = clientHandshakeState.f69285d;
        if (sessionParameters != null) {
            sessionParameters.a();
            clientHandshakeState.f69285d = null;
        }
        TlsSession tlsSession = clientHandshakeState.f69284c;
        if (tlsSession != null) {
            tlsSession.invalidate();
            clientHandshakeState.f69284c = null;
        }
    }

    protected void m(ClientHandshakeState clientHandshakeState, byte[] bArr) throws IOException {
        if (clientHandshakeState.q == null) {
            throw new TlsFatalAlert((short) 40);
        }
        ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(bArr);
        clientHandshakeState.s = CertificateRequest.e(clientHandshakeState.f69283b, byteArrayInputStream);
        TlsProtocol.a(byteArrayInputStream);
        clientHandshakeState.p.i(clientHandshakeState.s);
    }

    protected void n(ClientHandshakeState clientHandshakeState, byte[] bArr) throws IOException {
        if (!clientHandshakeState.n) {
            throw new TlsFatalAlert((short) 10);
        }
        ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(bArr);
        clientHandshakeState.r = CertificateStatus.f(byteArrayInputStream);
        TlsProtocol.a(byteArrayInputStream);
    }

    protected byte[] o(ClientHandshakeState clientHandshakeState, byte[] bArr) throws IOException {
        ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(bArr);
        ProtocolVersion t0 = TlsUtils.t0(byteArrayInputStream);
        byte[] g0 = TlsUtils.g0(byteArrayInputStream);
        TlsProtocol.a(byteArrayInputStream);
        if (!t0.g(clientHandshakeState.f69283b.c())) {
            throw new TlsFatalAlert((short) 47);
        }
        if (ProtocolVersion.f69456h.g(t0) || g0.length <= 32) {
            return g0;
        }
        throw new TlsFatalAlert((short) 47);
    }

    protected void p(ClientHandshakeState clientHandshakeState, byte[] bArr) throws IOException {
        ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(bArr);
        NewSessionTicket d2 = NewSessionTicket.d(byteArrayInputStream);
        TlsProtocol.a(byteArrayInputStream);
        clientHandshakeState.f69282a.J(d2);
    }

    protected Certificate q(ClientHandshakeState clientHandshakeState, byte[] bArr) throws IOException {
        ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(bArr);
        Certificate h2 = Certificate.h(byteArrayInputStream);
        TlsProtocol.a(byteArrayInputStream);
        clientHandshakeState.p.n(h2);
        TlsAuthentication X1 = clientHandshakeState.f69282a.X1();
        clientHandshakeState.q = X1;
        X1.b(h2);
        return h2;
    }

    protected void r(ClientHandshakeState clientHandshakeState, byte[] bArr) throws IOException {
        int i;
        SecurityParameters i2 = clientHandshakeState.f69283b.i();
        ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(bArr);
        u(clientHandshakeState, TlsUtils.t0(byteArrayInputStream));
        i2.f69485h = TlsUtils.d0(32, byteArrayInputStream);
        byte[] g0 = TlsUtils.g0(byteArrayInputStream);
        clientHandshakeState.i = g0;
        if (g0.length > 32) {
            throw new TlsFatalAlert((short) 47);
        }
        clientHandshakeState.f69282a.A(g0);
        int i0 = TlsUtils.i0(byteArrayInputStream);
        clientHandshakeState.j = i0;
        if (!Arrays.v(clientHandshakeState.f69287f, i0) || (i = clientHandshakeState.j) == 0 || i == 255) {
            throw new TlsFatalAlert((short) 47);
        }
        DTLSProtocol.e(i, (short) 47);
        clientHandshakeState.f69282a.E(clientHandshakeState.j);
        short q0 = TlsUtils.q0(byteArrayInputStream);
        clientHandshakeState.k = q0;
        if (!Arrays.w(clientHandshakeState.f69288g, q0)) {
            throw new TlsFatalAlert((short) 47);
        }
        clientHandshakeState.f69282a.d(clientHandshakeState.k);
        Hashtable F = TlsProtocol.F(byteArrayInputStream);
        if (F != null) {
            Enumeration keys = F.keys();
            while (keys.hasMoreElements()) {
                Integer num = (Integer) keys.nextElement();
                if (!num.equals(TlsProtocol.A) && TlsUtils.F(clientHandshakeState.f69289h, num) == null) {
                    throw new TlsFatalAlert(AlertDescription.y);
                }
            }
            byte[] bArr2 = (byte[]) F.get(TlsProtocol.A);
            if (bArr2 != null) {
                clientHandshakeState.l = true;
                if (!Arrays.u(bArr2, TlsProtocol.f(TlsUtils.f69592a))) {
                    throw new TlsFatalAlert((short) 40);
                }
            }
            clientHandshakeState.m = DTLSProtocol.a(clientHandshakeState.f69289h, F, (short) 47);
            i2.j = TlsExtensionsUtils.q(F);
            clientHandshakeState.n = TlsUtils.J(F, TlsExtensionsUtils.f69542d, (short) 47);
            clientHandshakeState.o = TlsUtils.J(F, TlsProtocol.B, (short) 47);
        }
        clientHandshakeState.f69282a.q(clientHandshakeState.l);
        if (clientHandshakeState.f69289h != null) {
            clientHandshakeState.f69282a.j(F);
        }
    }

    protected void s(ClientHandshakeState clientHandshakeState, byte[] bArr) throws IOException {
        ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(bArr);
        clientHandshakeState.p.c(byteArrayInputStream);
        TlsProtocol.a(byteArrayInputStream);
    }

    protected void t(ClientHandshakeState clientHandshakeState, byte[] bArr) throws IOException {
        clientHandshakeState.f69282a.y(TlsProtocol.G(new ByteArrayInputStream(bArr)));
    }

    protected void u(ClientHandshakeState clientHandshakeState, ProtocolVersion protocolVersion) throws IOException {
        TlsClientContextImpl tlsClientContextImpl = clientHandshakeState.f69283b;
        ProtocolVersion b2 = tlsClientContextImpl.b();
        if (b2 == null) {
            tlsClientContextImpl.l(protocolVersion);
            clientHandshakeState.f69282a.v(protocolVersion);
        } else if (!b2.equals(protocolVersion)) {
            throw new TlsFatalAlert((short) 47);
        }
    }
}
