package org.bouncycastle.tls;

import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.math.BigInteger;
import java.util.Arrays;
import java.util.Hashtable;
import java.util.Vector;
import org.bouncycastle.asn1.ASN1Integer;
import org.bouncycastle.asn1.ASN1Sequence;
import org.bouncycastle.tls.OfferedPsks;
import org.bouncycastle.tls.crypto.TlsAgreement;
import org.bouncycastle.tls.crypto.TlsCrypto;
import org.bouncycastle.tls.crypto.TlsCryptoUtils;
import org.bouncycastle.tls.crypto.TlsHash;
import org.bouncycastle.tls.crypto.TlsHashOutputStream;
import org.bouncycastle.tls.crypto.impl.AbstractTlsSecret;
import org.bouncycastle.tls.crypto.impl.jcajce.JcaTlsCrypto;
import org.bouncycastle.tls.crypto.impl.jcajce.JcaTlsHash;

/* loaded from: classes4.dex */
public class TlsClientProtocol extends TlsProtocol {
    protected TlsAuthentication authentication;
    protected CertificateRequest certificateRequest;
    protected CertificateStatus certificateStatus;
    protected Hashtable clientAgreements;
    OfferedPsks.BindersConfig clientBinders;
    protected ClientHello clientHello;
    protected AbstractTlsKeyExchange keyExchange;
    protected TlsClient tlsClient;
    TlsClientContextImpl tlsClientContext;

    public TlsClientProtocol() {
        this.tlsClient = null;
        this.tlsClientContext = null;
        this.clientAgreements = null;
        this.clientBinders = null;
        this.clientHello = null;
        this.keyExchange = null;
        this.authentication = null;
        this.certificateStatus = null;
        this.certificateRequest = null;
    }

    public TlsClientProtocol(InputStream inputStream, OutputStream outputStream) {
        super(inputStream, outputStream);
        this.tlsClient = null;
        this.tlsClientContext = null;
        this.clientAgreements = null;
        this.clientBinders = null;
        this.clientHello = null;
        this.keyExchange = null;
        this.authentication = null;
        this.certificateStatus = null;
        this.certificateRequest = null;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    /* JADX WARN: Removed duplicated region for block: B:65:0x0272  */
    /* JADX WARN: Removed duplicated region for block: B:74:0x02c4  */
    /* JADX WARN: Removed duplicated region for block: B:78:0x02c6  */
    /* JADX WARN: Removed duplicated region for block: B:82:0x0292  */
    @Override // org.bouncycastle.tls.TlsProtocol
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public void beginHandshake(boolean r21) throws java.io.IOException {
        /*
            Method dump skipped, instructions count: 763
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: org.bouncycastle.tls.TlsClientProtocol.beginHandshake(boolean):void");
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.bouncycastle.tls.TlsProtocol
    public void cleanupHandshake() {
        super.cleanupHandshake();
        this.clientAgreements = null;
        this.clientBinders = null;
        this.clientHello = null;
        this.keyExchange = null;
        this.authentication = null;
        this.certificateStatus = null;
        this.certificateRequest = null;
    }

    /* JADX WARN: Multi-variable type inference failed */
    public void connect(TlsClient tlsClient) throws IOException {
        if (this.tlsClient != null) {
            throw new IllegalStateException("'connect' can only be called once");
        }
        this.tlsClient = tlsClient;
        TlsClientContextImpl tlsClientContextImpl = new TlsClientContextImpl(tlsClient.getCrypto());
        this.tlsClientContext = tlsClientContextImpl;
        ((AbstractTlsClient) tlsClient).init(tlsClientContextImpl);
        ((AbstractTlsPeer) tlsClient).notifyCloseHandle(this);
        beginHandshake(false);
        if (this.blocking) {
            blockForHandshake();
        }
    }

    @Override // org.bouncycastle.tls.TlsProtocol
    protected TlsContext getContext() {
        return this.tlsClientContext;
    }

    @Override // org.bouncycastle.tls.TlsProtocol
    AbstractTlsContext getContextAdmin() {
        return this.tlsClientContext;
    }

    @Override // org.bouncycastle.tls.TlsProtocol
    protected TlsPeer getPeer() {
        return this.tlsClient;
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Removed duplicated region for block: B:199:0x037d  */
    /* JADX WARN: Removed duplicated region for block: B:202:0x0388  */
    /* JADX WARN: Removed duplicated region for block: B:204:0x03c4  */
    /* JADX WARN: Removed duplicated region for block: B:207:0x03e7  */
    /* JADX WARN: Removed duplicated region for block: B:210:0x03f8  */
    /* JADX WARN: Removed duplicated region for block: B:213:0x040c  */
    /* JADX WARN: Removed duplicated region for block: B:228:0x03c6  */
    /* JADX WARN: Removed duplicated region for block: B:229:0x038f  */
    /* JADX WARN: Removed duplicated region for block: B:239:0x0476  */
    /* JADX WARN: Removed duplicated region for block: B:298:0x055d  */
    /* JADX WARN: Removed duplicated region for block: B:44:0x0095  */
    @Override // org.bouncycastle.tls.TlsProtocol
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    protected void handleHandshakeMessage(short r18, org.bouncycastle.tls.HandshakeMessageInput r19) throws java.io.IOException {
        /*
            Method dump skipped, instructions count: 3066
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: org.bouncycastle.tls.TlsClientProtocol.handleHandshakeMessage(short, org.bouncycastle.tls.HandshakeMessageInput):void");
    }

    protected void handleServerCertificate() throws IOException {
        TlsClientContextImpl tlsClientContextImpl = this.tlsClientContext;
        CertificateStatus certificateStatus = this.certificateStatus;
        AbstractTlsKeyExchange abstractTlsKeyExchange = this.keyExchange;
        TlsAuthentication tlsAuthentication = this.authentication;
        Hashtable hashtable = this.clientExtensions;
        Hashtable hashtable2 = this.serverExtensions;
        byte[] bArr = TlsUtils.EMPTY_BYTES;
        SecurityParameters securityParametersHandshake = tlsClientContextImpl.getSecurityParametersHandshake();
        boolean isTLSv13 = TlsUtils.isTLSv13(securityParametersHandshake.negotiatedVersion);
        if (tlsAuthentication == null) {
            if (isTLSv13) {
                throw new TlsFatalAlert((short) 80);
            }
            if (securityParametersHandshake.renegotiating) {
                throw new TlsFatalAlert((short) 40);
            }
            abstractTlsKeyExchange.skipServerCredentials();
            return;
        }
        Certificate certificate = securityParametersHandshake.peerCertificate;
        byte[] extension = certificate.getCertificateAt(0).getExtension(TlsObjectIdentifiers.id_pe_tlsfeature);
        if (extension != null) {
            ASN1Sequence aSN1Sequence = (ASN1Sequence) TlsUtils.readASN1Object(extension);
            for (int i2 = 0; i2 < aSN1Sequence.size(); i2++) {
                if (!(aSN1Sequence.getObjectAt(i2) instanceof ASN1Integer)) {
                    throw new TlsFatalAlert((short) 42);
                }
            }
            TlsUtils.requireDEREncoding(aSN1Sequence, extension);
            for (int i3 = 0; i3 < aSN1Sequence.size(); i3++) {
                BigInteger positiveValue = ((ASN1Integer) aSN1Sequence.getObjectAt(i3)).getPositiveValue();
                if (positiveValue.bitLength() <= 16) {
                    Integer valueOf = Integer.valueOf(positiveValue.intValue());
                    if (hashtable.containsKey(valueOf) && !hashtable2.containsKey(valueOf)) {
                        throw new TlsFatalAlert((short) 46);
                    }
                }
            }
        }
        if (!isTLSv13) {
            abstractTlsKeyExchange.processServerCertificate(certificate);
        }
        tlsAuthentication.notifyServerCertificate(new TlsServerCertificateImpl(certificate, certificateStatus));
    }

    protected void handleSupplementalData(Vector vector) throws IOException {
        AbstractTlsKeyExchange createRSAKeyExchange;
        this.tlsClient.processServerSupplementalData(vector);
        this.connection_state = (short) 6;
        TlsClientContextImpl tlsClientContextImpl = this.tlsClientContext;
        TlsClient tlsClient = this.tlsClient;
        byte[] bArr = TlsUtils.EMPTY_BYTES;
        int keyExchangeAlgorithm = tlsClientContextImpl.getSecurityParametersHandshake().getKeyExchangeAlgorithm();
        AbstractTlsKeyExchangeFactory keyExchangeFactory = tlsClient.getKeyExchangeFactory();
        if (keyExchangeAlgorithm == 1) {
            createRSAKeyExchange = keyExchangeFactory.createRSAKeyExchange(keyExchangeAlgorithm);
        } else if (keyExchangeAlgorithm == 3 || keyExchangeAlgorithm == 5) {
            createRSAKeyExchange = keyExchangeFactory.createDHEKeyExchangeClient(keyExchangeAlgorithm, tlsClient.getDHGroupVerifier());
        } else if (keyExchangeAlgorithm == 7 || keyExchangeAlgorithm == 9) {
            createRSAKeyExchange = keyExchangeFactory.createDHKeyExchange(keyExchangeAlgorithm);
        } else if (keyExchangeAlgorithm != 11) {
            switch (keyExchangeAlgorithm) {
                case 13:
                case 15:
                case 24:
                    createRSAKeyExchange = keyExchangeFactory.createPSKKeyExchangeClient(keyExchangeAlgorithm, tlsClient.getPSKIdentity(), null);
                    break;
                case 14:
                    createRSAKeyExchange = keyExchangeFactory.createPSKKeyExchangeClient(keyExchangeAlgorithm, tlsClient.getPSKIdentity(), tlsClient.getDHGroupVerifier());
                    break;
                case 16:
                case 18:
                    createRSAKeyExchange = keyExchangeFactory.createECDHKeyExchange(keyExchangeAlgorithm);
                    break;
                case 17:
                case 19:
                    createRSAKeyExchange = keyExchangeFactory.createECDHEKeyExchangeClient(keyExchangeAlgorithm);
                    break;
                case 20:
                    createRSAKeyExchange = keyExchangeFactory.createECDHanonKeyExchangeClient(keyExchangeAlgorithm);
                    break;
                case 21:
                case 22:
                case 23:
                    createRSAKeyExchange = keyExchangeFactory.createSRPKeyExchangeClient(keyExchangeAlgorithm, tlsClient.getSRPIdentity(), tlsClient.getSRPConfigVerifier());
                    break;
                default:
                    throw new TlsFatalAlert((short) 80);
            }
        } else {
            createRSAKeyExchange = keyExchangeFactory.createDHanonKeyExchangeClient(keyExchangeAlgorithm, tlsClient.getDHGroupVerifier());
        }
        createRSAKeyExchange.context = tlsClientContextImpl;
        this.keyExchange = createRSAKeyExchange;
    }

    protected void process13ServerHello(ServerHello serverHello, boolean z) throws IOException {
        AbstractTlsSecret abstractTlsSecret;
        TlsPSK tlsPSK;
        KeyShareEntry keyShareEntry;
        AbstractTlsSecret calculateSecret;
        SecurityParameters securityParametersHandshake = this.tlsClientContext.getSecurityParametersHandshake();
        ProtocolVersion version = serverHello.getVersion();
        byte[] sessionID = serverHello.getSessionID();
        int cipherSuite = serverHello.getCipherSuite();
        if (!ProtocolVersion.TLSv12.equals(version) || !Arrays.equals(this.clientHello.getSessionID(), sessionID)) {
            throw new TlsFatalAlert((short) 47);
        }
        Hashtable extensions = serverHello.getExtensions();
        if (extensions == null) {
            throw new TlsFatalAlert((short) 47);
        }
        TlsUtils.checkExtensionData13(extensions, 2, (short) 47);
        if (z) {
            ProtocolVersion supportedVersionsExtensionServer = TlsExtensionsUtils.getSupportedVersionsExtensionServer(extensions);
            if (supportedVersionsExtensionServer == null) {
                throw new TlsFatalAlert((short) 109);
            }
            if (!securityParametersHandshake.negotiatedVersion.equals(supportedVersionsExtensionServer) || securityParametersHandshake.getCipherSuite() != cipherSuite) {
                throw new TlsFatalAlert((short) 47);
            }
        } else {
            if (!TlsUtils.isValidCipherSuiteSelection(this.clientHello.getCipherSuites(), cipherSuite) || !TlsUtils.isValidVersionForCipherSuite(cipherSuite, securityParametersHandshake.negotiatedVersion)) {
                throw new TlsFatalAlert((short) 47);
            }
            this.resumedSession = false;
            byte[] bArr = TlsUtils.EMPTY_BYTES;
            securityParametersHandshake.sessionID = bArr;
            this.tlsClient.notifySessionID(bArr);
            TlsUtils.negotiatedCipherSuite(securityParametersHandshake, cipherSuite);
            this.tlsClient.notifySelectedCipherSuite(cipherSuite);
        }
        this.clientHello = null;
        securityParametersHandshake.serverRandom = serverHello.getRandom();
        securityParametersHandshake.secureRenegotiation = false;
        securityParametersHandshake.extendedMasterSecret = true;
        securityParametersHandshake.statusRequestVersion = this.clientExtensions.containsKey(TlsExtensionsUtils.EXT_status_request) ? 1 : 0;
        byte[] extensionData = TlsUtils.getExtensionData(extensions, TlsExtensionsUtils.EXT_pre_shared_key);
        int decodeUint16 = extensionData == null ? -1 : TlsUtils.decodeUint16(extensionData);
        if (decodeUint16 >= 0) {
            OfferedPsks.BindersConfig bindersConfig = this.clientBinders;
            if (bindersConfig != null) {
                TlsPSK[] tlsPSKArr = bindersConfig.psks;
                if (decodeUint16 < tlsPSKArr.length) {
                    tlsPSK = tlsPSKArr[decodeUint16];
                    if (tlsPSK.getPRFAlgorithm() != securityParametersHandshake.getPRFAlgorithm()) {
                        throw new TlsFatalAlert((short) 47);
                    }
                    abstractTlsSecret = this.clientBinders.earlySecrets[decodeUint16];
                    this.selectedPSK13 = true;
                }
            }
            throw new TlsFatalAlert((short) 47);
        }
        abstractTlsSecret = null;
        tlsPSK = null;
        this.tlsClient.notifySelectedPSK(tlsPSK);
        byte[] extensionData2 = TlsUtils.getExtensionData(extensions, TlsExtensionsUtils.EXT_key_share);
        if (extensionData2 == null) {
            keyShareEntry = null;
        } else {
            ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(extensionData2);
            keyShareEntry = new KeyShareEntry(TlsUtils.readUint16(byteArrayInputStream), TlsUtils.readOpaque16(byteArrayInputStream, 1));
            TlsProtocol.assertEmpty(byteArrayInputStream);
        }
        if (keyShareEntry == null) {
            if (z || abstractTlsSecret == null || !org.bouncycastle.util.Arrays.contains(this.clientBinders.pskKeyExchangeModes, (short) 0)) {
                throw new TlsFatalAlert((short) 47);
            }
            calculateSecret = null;
        } else {
            if (abstractTlsSecret != null && !org.bouncycastle.util.Arrays.contains(this.clientBinders.pskKeyExchangeModes, (short) 1)) {
                throw new TlsFatalAlert((short) 47);
            }
            TlsAgreement tlsAgreement = (TlsAgreement) this.clientAgreements.get(Integer.valueOf(keyShareEntry.getNamedGroup()));
            if (tlsAgreement == null) {
                throw new TlsFatalAlert((short) 47);
            }
            tlsAgreement.receivePeerValue(keyShareEntry.keyExchange);
            calculateSecret = tlsAgreement.calculateSecret();
        }
        this.clientAgreements = null;
        this.clientBinders = null;
        TlsUtils.establish13PhaseSecrets(this.tlsClientContext, abstractTlsSecret, calculateSecret);
        invalidateSession();
        this.tlsSession = new TlsSessionImpl(securityParametersHandshake.sessionID, null);
    }

    protected void process13ServerHelloCoda(boolean z) throws IOException {
        TlsUtils.establish13PhaseHandshake(this.tlsClientContext, TlsUtils.getCurrentPRFHash(this.handshakeHash), this.recordStream);
        if (!z) {
            this.recordStream.setIgnoreChangeCipherSpec(true);
            sendChangeCipherSpecMessage();
        }
        this.recordStream.enablePendingCipherWrite();
        this.recordStream.enablePendingCipherRead(false);
    }

    protected ServerHello receiveServerHelloMessage(ByteArrayInputStream byteArrayInputStream) throws IOException {
        ProtocolVersion readVersion = TlsUtils.readVersion(byteArrayInputStream);
        byte[] readFully = TlsUtils.readFully(32, byteArrayInputStream);
        byte[] readOpaque8 = TlsUtils.readOpaque8(byteArrayInputStream, 0, 32);
        int readUint16 = TlsUtils.readUint16(byteArrayInputStream);
        if (TlsUtils.readUint8(byteArrayInputStream) == 0) {
            return new ServerHello(readVersion, readFully, readOpaque8, readUint16, TlsProtocol.readExtensions(byteArrayInputStream));
        }
        throw new TlsFatalAlert((short) 47);
    }

    protected void sendClientHelloMessage() throws IOException {
        HandshakeMessageOutput handshakeMessageOutput = new HandshakeMessageOutput((short) 1);
        this.clientHello.encode(handshakeMessageOutput);
        handshakeMessageOutput.prepareClientHello(this.handshakeHash, this.clientHello.getBindersSize());
        if (this.clientBinders != null) {
            TlsCrypto crypto = this.tlsClientContext.getCrypto();
            TlsHandshakeHash tlsHandshakeHash = this.handshakeHash;
            OfferedPsks.BindersConfig bindersConfig = this.clientBinders;
            TlsPSK[] tlsPSKArr = bindersConfig.psks;
            AbstractTlsSecret[] abstractTlsSecretArr = bindersConfig.earlySecrets;
            int i2 = bindersConfig.bindersSize - 2;
            TlsUtils.checkUint16(i2);
            handshakeMessageOutput.write(i2 >>> 8);
            handshakeMessageOutput.write(i2);
            int i3 = 0;
            for (int i4 = 0; i4 < tlsPSKArr.length; i4++) {
                TlsPSK tlsPSK = tlsPSKArr[i4];
                AbstractTlsSecret abstractTlsSecret = abstractTlsSecretArr[i4];
                int hashForPRF = TlsCryptoUtils.getHashForPRF(tlsPSK.getPRFAlgorithm());
                JcaTlsCrypto jcaTlsCrypto = (JcaTlsCrypto) crypto;
                TlsHash createHash = jcaTlsCrypto.createHash(hashForPRF);
                ((DeferredHash) tlsHandshakeHash).copyBufferTo(new TlsHashOutputStream(createHash));
                byte[] calculatePSKBinder = TlsUtils.calculatePSKBinder(jcaTlsCrypto, true, hashForPRF, abstractTlsSecret, ((JcaTlsHash) createHash).calculateHash());
                i3 += calculatePSKBinder.length + 1;
                TlsUtils.checkUint8(calculatePSKBinder.length);
                handshakeMessageOutput.write(calculatePSKBinder.length);
                handshakeMessageOutput.write(calculatePSKBinder);
            }
            if (i2 != i3) {
                throw new TlsFatalAlert((short) 80);
            }
        }
        handshakeMessageOutput.sendClientHello(this, this.handshakeHash, this.clientHello.getBindersSize());
    }
}
