package org.spongycastle.crypto.tls;

import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.security.SecureRandom;
import java.util.Enumeration;
import java.util.Hashtable;
import java.util.Vector;
import org.spongycastle.crypto.tls.DTLSReliableHandshake;
import org.spongycastle.crypto.tls.SessionParameters;
import org.spongycastle.util.Arrays;

/* loaded from: classes.dex */
public class DTLSClientProtocol extends DTLSProtocol {

    /* JADX INFO: Access modifiers changed from: protected */
    /* loaded from: classes.dex */
    public static class ClientHandshakeState {
        TlsClient a = null;
        TlsClientContextImpl b = null;
        TlsSession c = null;
        SessionParameters d = null;
        SessionParameters.Builder e = null;
        int[] f = null;
        short[] g = null;
        Hashtable h = null;
        byte[] i = null;
        int j = -1;
        short k = -1;
        boolean l = false;
        short m = -1;
        boolean n = false;
        boolean o = false;
        TlsKeyExchange p = null;
        TlsAuthentication q = null;
        CertificateStatus r = null;
        CertificateRequest s = null;
        TlsCredentials t = null;

        protected ClientHandshakeState() {
        }
    }

    public DTLSClientProtocol(SecureRandom secureRandom) {
        super(secureRandom);
    }

    protected static byte[] a(byte[] bArr, byte[] bArr2) throws IOException {
        int a = TlsUtils.a(bArr, 34) + 35;
        int i = a + 1;
        byte[] bArr3 = new byte[bArr.length + bArr2.length];
        System.arraycopy(bArr, 0, bArr3, 0, a);
        TlsUtils.a(bArr2.length);
        TlsUtils.a(bArr2.length, bArr3, a);
        System.arraycopy(bArr2, 0, bArr3, i, bArr2.length);
        System.arraycopy(bArr, i, bArr3, bArr2.length + i, bArr.length - i);
        return bArr3;
    }

    protected DTLSTransport a(ClientHandshakeState clientHandshakeState, DTLSRecordLayer dTLSRecordLayer) throws IOException {
        Certificate certificate;
        byte[] a;
        SignatureAndHashAlgorithm signatureAndHashAlgorithm;
        SecurityParameters c = clientHandshakeState.b.c();
        DTLSReliableHandshake dTLSReliableHandshake = new DTLSReliableHandshake(clientHandshakeState.b, dTLSRecordLayer);
        byte[] a2 = a(clientHandshakeState, clientHandshakeState.a);
        dTLSReliableHandshake.a((short) 1, a2);
        DTLSReliableHandshake.Message d = dTLSReliableHandshake.d();
        while (d.b() == 3) {
            if (!dTLSRecordLayer.b().a(clientHandshakeState.b.d())) {
                throw new TlsFatalAlert((short) 47);
            }
            byte[] a3 = a(a2, c(clientHandshakeState, d.c()));
            dTLSReliableHandshake.f();
            dTLSReliableHandshake.a((short) 1, a3);
            d = dTLSReliableHandshake.d();
        }
        if (d.b() != 2) {
            throw new TlsFatalAlert((short) 10);
        }
        a(clientHandshakeState, dTLSRecordLayer.a());
        f(clientHandshakeState, d.c());
        if (clientHandshakeState.m >= 0) {
            dTLSRecordLayer.a(1 << (clientHandshakeState.m + 8));
        }
        c.b = clientHandshakeState.j;
        c.c = clientHandshakeState.k;
        c.d = TlsProtocol.a(clientHandshakeState.b, clientHandshakeState.j);
        c.e = 12;
        dTLSReliableHandshake.a();
        if (clientHandshakeState.i.length > 0 && clientHandshakeState.c != null && Arrays.a(clientHandshakeState.i, clientHandshakeState.c.b())) {
            if (c.c() != clientHandshakeState.d.c() || c.d() != clientHandshakeState.d.d()) {
                throw new TlsFatalAlert((short) 47);
            }
            c.f = Arrays.b(clientHandshakeState.d.e());
            dTLSRecordLayer.a(clientHandshakeState.a.m());
            b(dTLSReliableHandshake.a((short) 20), TlsUtils.a(clientHandshakeState.b, ExporterLabel.b, TlsProtocol.a(clientHandshakeState.b, dTLSReliableHandshake.b(), (byte[]) null)));
            dTLSReliableHandshake.a((short) 20, TlsUtils.a(clientHandshakeState.b, ExporterLabel.a, TlsProtocol.a(clientHandshakeState.b, dTLSReliableHandshake.b(), (byte[]) null)));
            dTLSReliableHandshake.e();
            clientHandshakeState.b.a(clientHandshakeState.c);
            clientHandshakeState.a.j();
            return new DTLSTransport(dTLSRecordLayer);
        }
        b(clientHandshakeState);
        if (clientHandshakeState.i.length > 0) {
            clientHandshakeState.c = new TlsSessionImpl(clientHandshakeState.i, null);
        }
        DTLSReliableHandshake.Message d2 = dTLSReliableHandshake.d();
        if (d2.b() == 23) {
            h(clientHandshakeState, d2.c());
            d2 = dTLSReliableHandshake.d();
        } else {
            clientHandshakeState.a.a((Vector) null);
        }
        clientHandshakeState.p = clientHandshakeState.a.l();
        clientHandshakeState.p.a(clientHandshakeState.b);
        if (d2.b() == 11) {
            certificate = e(clientHandshakeState, d2.c());
            d2 = dTLSReliableHandshake.d();
        } else {
            clientHandshakeState.p.e();
            certificate = null;
        }
        if (certificate == null || certificate.d()) {
            clientHandshakeState.n = false;
        }
        if (d2.b() == 22) {
            b(clientHandshakeState, d2.c());
            d2 = dTLSReliableHandshake.d();
        }
        if (d2.b() == 12) {
            g(clientHandshakeState, d2.c());
            d2 = dTLSReliableHandshake.d();
        } else {
            clientHandshakeState.p.c();
        }
        if (d2.b() == 13) {
            a(clientHandshakeState, d2.c());
            TlsUtils.a(dTLSReliableHandshake.b(), clientHandshakeState.s.b());
            d2 = dTLSReliableHandshake.d();
        }
        if (d2.b() != 14) {
            throw new TlsFatalAlert((short) 10);
        }
        if (d2.c().length != 0) {
            throw new TlsFatalAlert((short) 50);
        }
        dTLSReliableHandshake.b().e();
        Vector g = clientHandshakeState.a.g();
        if (g != null) {
            dTLSReliableHandshake.a((short) 23, a(g));
        }
        if (clientHandshakeState.s != null) {
            clientHandshakeState.t = clientHandshakeState.q.a(clientHandshakeState.s);
            Certificate a4 = clientHandshakeState.t != null ? clientHandshakeState.t.a() : null;
            if (a4 == null) {
                a4 = Certificate.a;
            }
            dTLSReliableHandshake.a((short) 11, a(a4));
        }
        if (clientHandshakeState.t != null) {
            clientHandshakeState.p.b(clientHandshakeState.t);
        } else {
            clientHandshakeState.p.d();
        }
        dTLSReliableHandshake.a((short) 16, a(clientHandshakeState));
        TlsProtocol.a(clientHandshakeState.b, clientHandshakeState.p);
        dTLSRecordLayer.a(clientHandshakeState.a.m());
        TlsHandshakeHash c2 = dTLSReliableHandshake.c();
        if (clientHandshakeState.t != null && (clientHandshakeState.t instanceof TlsSignerCredentials)) {
            TlsSignerCredentials tlsSignerCredentials = (TlsSignerCredentials) clientHandshakeState.t;
            if (TlsUtils.c(clientHandshakeState.b)) {
                signatureAndHashAlgorithm = tlsSignerCredentials.k_();
                if (signatureAndHashAlgorithm == null) {
                    throw new TlsFatalAlert((short) 80);
                }
                a = c2.b(signatureAndHashAlgorithm.a());
            } else {
                a = TlsProtocol.a(clientHandshakeState.b, c2, (byte[]) null);
                signatureAndHashAlgorithm = null;
            }
            dTLSReliableHandshake.a((short) 15, a(clientHandshakeState, new DigitallySigned(signatureAndHashAlgorithm, tlsSignerCredentials.a(a))));
        }
        dTLSReliableHandshake.a((short) 20, TlsUtils.a(clientHandshakeState.b, ExporterLabel.a, TlsProtocol.a(clientHandshakeState.b, dTLSReliableHandshake.b(), (byte[]) null)));
        if (clientHandshakeState.o) {
            DTLSReliableHandshake.Message d3 = dTLSReliableHandshake.d();
            if (d3.b() != 4) {
                throw new TlsFatalAlert((short) 10);
            }
            d(clientHandshakeState, d3.c());
        }
        b(dTLSReliableHandshake.a((short) 20), TlsUtils.a(clientHandshakeState.b, ExporterLabel.b, TlsProtocol.a(clientHandshakeState.b, dTLSReliableHandshake.b(), (byte[]) null)));
        dTLSReliableHandshake.e();
        if (clientHandshakeState.c != null) {
            clientHandshakeState.d = new SessionParameters.Builder().a(c.b).a(c.c).a(c.f).a(certificate).a();
            clientHandshakeState.c = TlsUtils.a(clientHandshakeState.c.b(), clientHandshakeState.d);
            clientHandshakeState.b.a(clientHandshakeState.c);
        }
        clientHandshakeState.a.j();
        return new DTLSTransport(dTLSRecordLayer);
    }

    public DTLSTransport a(TlsClient tlsClient, DatagramTransport datagramTransport) throws IOException {
        SessionParameters a;
        if (tlsClient == null) {
            throw new IllegalArgumentException("'client' cannot be null");
        }
        if (datagramTransport == null) {
            throw new IllegalArgumentException("'transport' cannot be null");
        }
        SecurityParameters securityParameters = new SecurityParameters();
        securityParameters.a = 1;
        ClientHandshakeState clientHandshakeState = new ClientHandshakeState();
        clientHandshakeState.a = tlsClient;
        clientHandshakeState.b = new TlsClientContextImpl(this.a, securityParameters);
        securityParameters.g = TlsProtocol.a(tlsClient.i(), clientHandshakeState.b.a());
        tlsClient.a(clientHandshakeState.b);
        DTLSRecordLayer dTLSRecordLayer = new DTLSRecordLayer(datagramTransport, clientHandshakeState.b, tlsClient, (short) 22);
        TlsSession a2 = clientHandshakeState.a.a();
        if (a2 != null && (a = a2.a()) != null) {
            clientHandshakeState.c = a2;
            clientHandshakeState.d = a;
        }
        try {
            return a(clientHandshakeState, dTLSRecordLayer);
        } catch (RuntimeException e) {
            dTLSRecordLayer.a((short) 80);
            throw new TlsFatalAlert((short) 80);
        } catch (TlsFatalAlert e2) {
            dTLSRecordLayer.a(e2.a());
            throw e2;
        } catch (IOException e3) {
            dTLSRecordLayer.a((short) 80);
            throw e3;
        }
    }

    protected void a(ClientHandshakeState clientHandshakeState, ProtocolVersion protocolVersion) throws IOException {
        TlsClientContextImpl tlsClientContextImpl = clientHandshakeState.b;
        ProtocolVersion e = tlsClientContextImpl.e();
        if (e == null) {
            tlsClientContextImpl.b(protocolVersion);
            clientHandshakeState.a.a(protocolVersion);
        } else if (!e.c(protocolVersion)) {
            throw new TlsFatalAlert((short) 47);
        }
    }

    protected void a(ClientHandshakeState clientHandshakeState, byte[] bArr) throws IOException {
        if (clientHandshakeState.q == null) {
            throw new TlsFatalAlert((short) 40);
        }
        ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(bArr);
        clientHandshakeState.s = CertificateRequest.a(clientHandshakeState.b, byteArrayInputStream);
        TlsProtocol.d(byteArrayInputStream);
        clientHandshakeState.p.a(clientHandshakeState.s);
    }

    protected byte[] a(ClientHandshakeState clientHandshakeState) throws IOException {
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        clientHandshakeState.p.a(byteArrayOutputStream);
        return byteArrayOutputStream.toByteArray();
    }

    protected byte[] a(ClientHandshakeState clientHandshakeState, DigitallySigned digitallySigned) throws IOException {
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        digitallySigned.a(byteArrayOutputStream);
        return byteArrayOutputStream.toByteArray();
    }

    protected byte[] a(ClientHandshakeState clientHandshakeState, TlsClient tlsClient) throws IOException {
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        ProtocolVersion c = tlsClient.c();
        if (!c.d()) {
            throw new TlsFatalAlert((short) 80);
        }
        clientHandshakeState.b.a(c);
        TlsUtils.a(c, byteArrayOutputStream);
        byteArrayOutputStream.write(clientHandshakeState.b.c().h());
        byte[] bArr = TlsUtils.a;
        if (clientHandshakeState.c != null && ((bArr = clientHandshakeState.c.b()) == null || bArr.length > 32)) {
            bArr = TlsUtils.a;
        }
        TlsUtils.a(bArr, (OutputStream) byteArrayOutputStream);
        TlsUtils.a(TlsUtils.a, (OutputStream) byteArrayOutputStream);
        clientHandshakeState.f = tlsClient.k();
        clientHandshakeState.h = tlsClient.d();
        boolean z = TlsUtils.a(clientHandshakeState.h, TlsProtocol.h) == null;
        boolean z2 = !Arrays.a(clientHandshakeState.f, 255);
        if (z && z2) {
            clientHandshakeState.f = Arrays.d(clientHandshakeState.f, 255);
        }
        TlsUtils.b(clientHandshakeState.f, byteArrayOutputStream);
        clientHandshakeState.g = new short[]{0};
        TlsUtils.b(clientHandshakeState.g, (OutputStream) byteArrayOutputStream);
        if (clientHandshakeState.h != null) {
            TlsProtocol.a(byteArrayOutputStream, clientHandshakeState.h);
        }
        return byteArrayOutputStream.toByteArray();
    }

    protected void b(ClientHandshakeState clientHandshakeState) {
        if (clientHandshakeState.d != null) {
            clientHandshakeState.d.a();
            clientHandshakeState.d = null;
        }
        if (clientHandshakeState.c != null) {
            clientHandshakeState.c.c();
            clientHandshakeState.c = null;
        }
    }

    protected void b(ClientHandshakeState clientHandshakeState, byte[] bArr) throws IOException {
        if (!clientHandshakeState.n) {
            throw new TlsFatalAlert((short) 10);
        }
        ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(bArr);
        clientHandshakeState.r = CertificateStatus.a(byteArrayInputStream);
        TlsProtocol.d(byteArrayInputStream);
    }

    protected byte[] c(ClientHandshakeState clientHandshakeState, byte[] bArr) throws IOException {
        ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(bArr);
        ProtocolVersion i = TlsUtils.i(byteArrayInputStream);
        byte[] f = TlsUtils.f(byteArrayInputStream);
        TlsProtocol.d(byteArrayInputStream);
        if (!i.a(clientHandshakeState.b.d())) {
            throw new TlsFatalAlert((short) 47);
        }
        if (ProtocolVersion.f.a(i) || f.length <= 32) {
            return f;
        }
        throw new TlsFatalAlert((short) 47);
    }

    protected void d(ClientHandshakeState clientHandshakeState, byte[] bArr) throws IOException {
        ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(bArr);
        NewSessionTicket a = NewSessionTicket.a(byteArrayInputStream);
        TlsProtocol.d(byteArrayInputStream);
        clientHandshakeState.a.a(a);
    }

    protected Certificate e(ClientHandshakeState clientHandshakeState, byte[] bArr) throws IOException {
        ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(bArr);
        Certificate a = Certificate.a(byteArrayInputStream);
        TlsProtocol.d(byteArrayInputStream);
        clientHandshakeState.p.a(a);
        clientHandshakeState.q = clientHandshakeState.a.o();
        clientHandshakeState.q.a(a);
        return a;
    }

    protected void f(ClientHandshakeState clientHandshakeState, byte[] bArr) throws IOException {
        SecurityParameters c = clientHandshakeState.b.c();
        ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(bArr);
        ProtocolVersion i = TlsUtils.i(byteArrayInputStream);
        a(clientHandshakeState, i);
        c.h = TlsUtils.b(32, byteArrayInputStream);
        clientHandshakeState.i = TlsUtils.f(byteArrayInputStream);
        if (clientHandshakeState.i.length > 32) {
            throw new TlsFatalAlert((short) 47);
        }
        clientHandshakeState.a.a(clientHandshakeState.i);
        clientHandshakeState.j = TlsUtils.b(byteArrayInputStream);
        if (!Arrays.a(clientHandshakeState.f, clientHandshakeState.j) || clientHandshakeState.j == 0 || clientHandshakeState.j == 255 || !TlsUtils.a(clientHandshakeState.j, i)) {
            throw new TlsFatalAlert((short) 47);
        }
        a(clientHandshakeState.j, (short) 47);
        clientHandshakeState.a.a(clientHandshakeState.j);
        clientHandshakeState.k = TlsUtils.a((InputStream) byteArrayInputStream);
        if (!Arrays.a(clientHandshakeState.g, clientHandshakeState.k)) {
            throw new TlsFatalAlert((short) 47);
        }
        clientHandshakeState.a.a(clientHandshakeState.k);
        Hashtable e = TlsProtocol.e(byteArrayInputStream);
        if (e != null) {
            Enumeration keys = e.keys();
            while (keys.hasMoreElements()) {
                Integer num = (Integer) keys.nextElement();
                if (!num.equals(TlsProtocol.h) && TlsUtils.a(clientHandshakeState.h, num) == null) {
                    throw new TlsFatalAlert(AlertDescription.y);
                }
            }
            byte[] bArr2 = (byte[]) e.get(TlsProtocol.h);
            if (bArr2 != null) {
                clientHandshakeState.l = true;
                if (!Arrays.b(bArr2, TlsProtocol.a(TlsUtils.a))) {
                    throw new TlsFatalAlert((short) 40);
                }
            }
            boolean h = TlsExtensionsUtils.h(e);
            if (h && !TlsUtils.m(clientHandshakeState.j)) {
                throw new TlsFatalAlert((short) 47);
            }
            c.k = h;
            clientHandshakeState.m = a(clientHandshakeState.h, e, (short) 47);
            c.j = TlsExtensionsUtils.i(e);
            clientHandshakeState.n = TlsUtils.a(e, TlsExtensionsUtils.e, (short) 47);
            clientHandshakeState.o = TlsUtils.a(e, TlsProtocol.i, (short) 47);
        }
        clientHandshakeState.a.a(clientHandshakeState.l);
        if (clientHandshakeState.h != null) {
            clientHandshakeState.a.a(e);
        }
    }

    protected void g(ClientHandshakeState clientHandshakeState, byte[] bArr) throws IOException {
        ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(bArr);
        clientHandshakeState.p.a(byteArrayInputStream);
        TlsProtocol.d(byteArrayInputStream);
    }

    protected void h(ClientHandshakeState clientHandshakeState, byte[] bArr) throws IOException {
        clientHandshakeState.a.a(TlsProtocol.f(new ByteArrayInputStream(bArr)));
    }
}
