package org.spongycastle.crypto.tls;

import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.security.SecureRandom;
import java.util.Enumeration;
import java.util.Hashtable;
import java.util.Vector;
import org.spongycastle.crypto.prng.ThreadedSeedGenerator;
import org.spongycastle.crypto.tls.TlsProtocol;
import org.spongycastle.util.Arrays;

/* loaded from: classes7.dex */
public class TlsClientProtocol extends TlsProtocol {
    protected TlsClient U;
    protected TlsClientContextImpl V;
    protected byte[] W;
    protected TlsKeyExchange X;
    protected TlsAuthentication Y;
    protected CertificateStatus Z;
    protected CertificateRequest a0;

    public TlsClientProtocol(InputStream inputStream, OutputStream outputStream) {
        this(inputStream, outputStream, S());
    }

    public TlsClientProtocol(InputStream inputStream, OutputStream outputStream, SecureRandom secureRandom) {
        super(inputStream, outputStream, secureRandom);
        this.U = null;
        this.V = null;
        this.W = null;
        this.X = null;
        this.Y = null;
        this.Z = null;
        this.a0 = null;
    }

    private static SecureRandom S() {
        ThreadedSeedGenerator threadedSeedGenerator = new ThreadedSeedGenerator();
        SecureRandom secureRandom = new SecureRandom();
        secureRandom.setSeed(threadedSeedGenerator.a(20, true));
        return secureRandom;
    }

    public void R(TlsClient tlsClient) throws IOException {
        SessionParameters c2;
        if (tlsClient == null) {
            throw new IllegalArgumentException("'tlsClient' cannot be null");
        }
        if (this.U != null) {
            throw new IllegalStateException("'connect' can only be called once");
        }
        this.U = tlsClient;
        SecurityParameters securityParameters = new SecurityParameters();
        this.o = securityParameters;
        securityParameters.f69478a = 1;
        securityParameters.f69484g = TlsProtocol.e(this.f69567e);
        TlsClientContextImpl tlsClientContextImpl = new TlsClientContextImpl(this.f69567e, this.o);
        this.V = tlsClientContextImpl;
        this.U.i(tlsClientContextImpl);
        this.f69566d.j(this.V);
        TlsSession z = tlsClient.z();
        if (z != null && (c2 = z.c()) != null) {
            this.m = z;
            this.n = c2;
        }
        X();
        this.u = (short) 1;
        d();
    }

    protected void T(Vector vector) throws IOException {
        this.U.y(vector);
        this.u = (short) 3;
        TlsKeyExchange a2 = this.U.a();
        this.X = a2;
        a2.a(k());
    }

    protected void U(ByteArrayInputStream byteArrayInputStream) throws IOException {
        NewSessionTicket d2 = NewSessionTicket.d(byteArrayInputStream);
        TlsProtocol.a(byteArrayInputStream);
        this.U.J(d2);
    }

    protected void V(ByteArrayInputStream byteArrayInputStream) throws IOException {
        TlsSession tlsSession;
        ProtocolVersion t0 = TlsUtils.t0(byteArrayInputStream);
        if (t0.f()) {
            throw new TlsFatalAlert((short) 47);
        }
        if (!t0.equals(this.f69566d.i())) {
            throw new TlsFatalAlert((short) 47);
        }
        if (!t0.g(k().c())) {
            throw new TlsFatalAlert((short) 47);
        }
        this.f69566d.u(t0);
        k().l(t0);
        this.U.v(t0);
        this.o.f69485h = TlsUtils.d0(32, byteArrayInputStream);
        byte[] g0 = TlsUtils.g0(byteArrayInputStream);
        this.W = g0;
        if (g0.length > 32) {
            throw new TlsFatalAlert((short) 47);
        }
        this.U.A(g0);
        byte[] bArr = this.W;
        boolean z = false;
        this.v = bArr.length > 0 && (tlsSession = this.m) != null && Arrays.c(bArr, tlsSession.a());
        int i0 = TlsUtils.i0(byteArrayInputStream);
        if (!Arrays.v(this.q, i0) || i0 == 0 || i0 == 255) {
            throw new TlsFatalAlert((short) 47);
        }
        this.U.E(i0);
        short q0 = TlsUtils.q0(byteArrayInputStream);
        if (!Arrays.w(this.r, q0)) {
            throw new TlsFatalAlert((short) 47);
        }
        this.U.d(q0);
        Hashtable F = TlsProtocol.F(byteArrayInputStream);
        this.t = F;
        if (F != null) {
            Enumeration keys = F.keys();
            while (keys.hasMoreElements()) {
                Integer num = (Integer) keys.nextElement();
                if (!num.equals(TlsProtocol.A) && TlsUtils.F(this.s, num) == null) {
                    throw new TlsFatalAlert(AlertDescription.y);
                }
            }
        }
        byte[] F2 = TlsUtils.F(this.t, TlsProtocol.A);
        if (F2 != null) {
            this.x = true;
            if (!Arrays.u(F2, TlsProtocol.f(TlsUtils.f69592a))) {
                throw new TlsFatalAlert((short) 40);
            }
        }
        this.U.q(this.x);
        Hashtable hashtable = this.s;
        Hashtable hashtable2 = this.t;
        if (this.v) {
            if (i0 != this.n.c() || q0 != this.n.d()) {
                throw new TlsFatalAlert((short) 47);
            }
            hashtable = null;
            hashtable2 = this.n.g();
        }
        SecurityParameters securityParameters = this.o;
        securityParameters.f69479b = i0;
        securityParameters.f69480c = q0;
        if (hashtable2 != null) {
            securityParameters.i = A(hashtable, hashtable2, (short) 47);
            this.o.j = TlsExtensionsUtils.q(hashtable2);
            this.y = !this.v && TlsUtils.J(hashtable2, TlsExtensionsUtils.f69542d, (short) 47);
            if (!this.v && TlsUtils.J(hashtable2, TlsProtocol.B, (short) 47)) {
                z = true;
            }
            this.z = z;
        }
        if (hashtable != null) {
            this.U.j(hashtable2);
        }
    }

    protected void W(DigitallySigned digitallySigned) throws IOException {
        TlsProtocol.HandshakeMessage handshakeMessage = new TlsProtocol.HandshakeMessage(this, (short) 15);
        digitallySigned.a(handshakeMessage);
        handshakeMessage.a();
    }

    protected void X() throws IOException {
        SessionParameters sessionParameters;
        this.f69566d.u(this.U.o());
        ProtocolVersion c2 = this.U.c();
        if (c2.f()) {
            throw new TlsFatalAlert((short) 80);
        }
        k().a(c2);
        byte[] bArr = TlsUtils.f69592a;
        TlsSession tlsSession = this.m;
        if (tlsSession != null && ((bArr = tlsSession.a()) == null || bArr.length > 32)) {
            bArr = TlsUtils.f69592a;
        }
        this.q = this.U.p();
        this.r = this.U.u();
        if (bArr.length > 0 && (sessionParameters = this.n) != null && (!Arrays.v(this.q, sessionParameters.c()) || !Arrays.w(this.r, this.n.d()))) {
            bArr = TlsUtils.f69592a;
        }
        this.s = this.U.I();
        TlsProtocol.HandshakeMessage handshakeMessage = new TlsProtocol.HandshakeMessage(this, (short) 1);
        TlsUtils.a1(c2, handshakeMessage);
        handshakeMessage.write(this.o.d());
        TlsUtils.D0(bArr, handshakeMessage);
        boolean z = TlsUtils.F(this.s, TlsProtocol.A) == null;
        boolean z2 = !Arrays.v(this.q, 255);
        if (z && z2) {
            this.q = Arrays.b(this.q, 255);
        }
        TlsUtils.I0(this.q, handshakeMessage);
        TlsUtils.Y0(this.r, handshakeMessage);
        Hashtable hashtable = this.s;
        if (hashtable != null) {
            TlsProtocol.O(handshakeMessage, hashtable);
        }
        handshakeMessage.a();
    }

    protected void Y() throws IOException {
        TlsProtocol.HandshakeMessage handshakeMessage = new TlsProtocol.HandshakeMessage(this, (short) 16);
        this.X.h(handshakeMessage);
        handshakeMessage.a();
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.spongycastle.crypto.tls.TlsProtocol
    public void b() {
        super.b();
        this.W = null;
        this.X = null;
        this.Y = null;
        this.Z = null;
        this.a0 = null;
    }

    @Override // org.spongycastle.crypto.tls.TlsProtocol
    protected AbstractTlsContext k() {
        return this.V;
    }

    @Override // org.spongycastle.crypto.tls.TlsProtocol
    protected TlsPeer p() {
        return this.U;
    }

    /* JADX WARN: Failed to find 'out' block for switch in B:27:0x0053. Please report as an issue. */
    @Override // org.spongycastle.crypto.tls.TlsProtocol
    protected void s(short s, byte[] bArr) throws IOException {
        TlsCredentials a2;
        byte[] l;
        ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(bArr);
        if (this.v) {
            if (s != 20 || this.u != 2) {
                throw new TlsFatalAlert((short) 10);
            }
            y(byteArrayInputStream);
            this.u = (short) 15;
            L();
            this.u = (short) 13;
            this.u = (short) 16;
            return;
        }
        if (s != 0) {
            SignatureAndHashAlgorithm signatureAndHashAlgorithm = null;
            if (s == 2) {
                if (this.u != 1) {
                    throw new TlsFatalAlert((short) 10);
                }
                V(byteArrayInputStream);
                this.u = (short) 2;
                short s2 = this.o.i;
                if (s2 >= 0) {
                    this.f69566d.r(1 << (s2 + 8));
                }
                this.o.f69481d = TlsProtocol.o(k(), this.o.c());
                this.o.f69482e = 12;
                this.f69566d.k();
                if (this.v) {
                    this.o.f69483f = Arrays.i(this.n.e());
                    this.f69566d.q(p().h(), p().r());
                    K();
                    return;
                }
                u();
                byte[] bArr2 = this.W;
                if (bArr2.length > 0) {
                    this.m = new TlsSessionImpl(bArr2, null);
                    return;
                }
                return;
            }
            if (s != 4) {
                if (s == 20) {
                    if (this.u != 13) {
                        throw new TlsFatalAlert((short) 10);
                    }
                    y(byteArrayInputStream);
                    this.u = (short) 15;
                    this.u = (short) 16;
                    return;
                }
                if (s == 22) {
                    if (this.u != 4) {
                        throw new TlsFatalAlert((short) 10);
                    }
                    if (!this.y) {
                        throw new TlsFatalAlert((short) 10);
                    }
                    this.Z = CertificateStatus.f(byteArrayInputStream);
                    TlsProtocol.a(byteArrayInputStream);
                    this.u = (short) 5;
                    return;
                }
                if (s == 23) {
                    if (this.u != 2) {
                        throw new TlsFatalAlert((short) 10);
                    }
                    T(TlsProtocol.G(byteArrayInputStream));
                    return;
                }
                switch (s) {
                    case 11:
                        short s3 = this.u;
                        if (s3 == 2) {
                            T(null);
                        } else if (s3 != 3) {
                            throw new TlsFatalAlert((short) 10);
                        }
                        this.p = Certificate.h(byteArrayInputStream);
                        TlsProtocol.a(byteArrayInputStream);
                        Certificate certificate = this.p;
                        if (certificate == null || certificate.g()) {
                            this.y = false;
                        }
                        this.X.n(this.p);
                        TlsAuthentication X1 = this.U.X1();
                        this.Y = X1;
                        X1.b(this.p);
                        this.u = (short) 4;
                        return;
                    case 12:
                        short s4 = this.u;
                        if (s4 == 2) {
                            T(null);
                        } else if (s4 != 3) {
                            if (s4 != 4 && s4 != 5) {
                                throw new TlsFatalAlert((short) 10);
                            }
                            this.X.c(byteArrayInputStream);
                            TlsProtocol.a(byteArrayInputStream);
                            this.u = (short) 6;
                            return;
                        }
                        this.X.o();
                        this.Y = null;
                        this.X.c(byteArrayInputStream);
                        TlsProtocol.a(byteArrayInputStream);
                        this.u = (short) 6;
                        return;
                    case 13:
                        short s5 = this.u;
                        if (s5 == 4 || s5 == 5) {
                            this.X.k();
                        } else if (s5 != 6) {
                            throw new TlsFatalAlert((short) 10);
                        }
                        if (this.Y == null) {
                            throw new TlsFatalAlert((short) 40);
                        }
                        this.a0 = CertificateRequest.e(k(), byteArrayInputStream);
                        TlsProtocol.a(byteArrayInputStream);
                        this.X.i(this.a0);
                        TlsUtils.x0(this.f69566d.g(), this.a0.d());
                        this.u = (short) 7;
                        return;
                    case 14:
                        switch (this.u) {
                            case 2:
                                T(null);
                            case 3:
                                this.X.o();
                                this.Y = null;
                            case 4:
                            case 5:
                                this.X.k();
                            case 6:
                            case 7:
                                TlsProtocol.a(byteArrayInputStream);
                                this.u = (short) 8;
                                this.f69566d.g().o();
                                Vector f2 = this.U.f();
                                if (f2 != null) {
                                    M(f2);
                                }
                                this.u = (short) 9;
                                CertificateRequest certificateRequest = this.a0;
                                if (certificateRequest == null) {
                                    this.X.g();
                                    a2 = null;
                                } else {
                                    a2 = this.Y.a(certificateRequest);
                                    if (a2 == null) {
                                        this.X.g();
                                        J(Certificate.f69233b);
                                    } else {
                                        this.X.f(a2);
                                        J(a2.e());
                                    }
                                }
                                this.u = (short) 10;
                                Y();
                                this.u = (short) 11;
                                TlsProtocol.h(k(), this.X);
                                this.f69566d.q(p().h(), p().r());
                                TlsHandshakeHash l2 = this.f69566d.l();
                                if (a2 != null && (a2 instanceof TlsSignerCredentials)) {
                                    TlsSignerCredentials tlsSignerCredentials = (TlsSignerCredentials) a2;
                                    if (TlsUtils.Q(k())) {
                                        signatureAndHashAlgorithm = tlsSignerCredentials.c();
                                        if (signatureAndHashAlgorithm == null) {
                                            throw new TlsFatalAlert((short) 80);
                                        }
                                        l = l2.m(signatureAndHashAlgorithm.b());
                                    } else {
                                        l = TlsProtocol.l(k(), l2, null);
                                    }
                                    W(new DigitallySigned(signatureAndHashAlgorithm, tlsSignerCredentials.d(l)));
                                    this.u = (short) 12;
                                }
                                K();
                                L();
                                this.u = (short) 13;
                                return;
                            default:
                                throw new TlsFatalAlert((short) 40);
                        }
                        break;
                    default:
                        throw new TlsFatalAlert((short) 10);
                }
            } else {
                if (this.u != 13) {
                    throw new TlsFatalAlert((short) 10);
                }
                if (!this.z) {
                    throw new TlsFatalAlert((short) 10);
                }
                u();
                U(byteArrayInputStream);
                this.u = (short) 14;
            }
        }
        TlsProtocol.a(byteArrayInputStream);
        if (this.u == 16) {
            if (TlsUtils.N(k())) {
                throw new TlsFatalAlert((short) 40);
            }
            D((short) 100, "Renegotiation not supported");
        }
    }
}
