package org.bouncycastle.crypto.tls;

import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.security.SecureRandom;
import java.util.Enumeration;
import java.util.Hashtable;
import java.util.Vector;
import org.bouncycastle.crypto.tls.TlsProtocol;
import org.bouncycastle.util.Arrays;

/* loaded from: classes3.dex */
public class TlsClientProtocol extends TlsProtocol {
    public TlsClient P;
    public TlsClientContextImpl Q;
    public byte[] R;
    public TlsKeyExchange S;
    public TlsAuthentication T;
    public CertificateStatus U;
    public CertificateRequest V;

    public TlsClientProtocol(InputStream inputStream, OutputStream outputStream, SecureRandom secureRandom) {
        super(inputStream, outputStream, secureRandom);
        this.P = null;
        this.Q = null;
        this.R = null;
        this.S = null;
        this.T = null;
        this.U = null;
        this.V = null;
    }

    public TlsClientProtocol(SecureRandom secureRandom) {
        super(secureRandom);
        this.P = null;
        this.Q = null;
        this.R = null;
        this.S = null;
        this.T = null;
        this.U = null;
        this.V = null;
    }

    public void V(Vector vector) throws IOException {
        this.P.processServerSupplementalData(vector);
        this.f19730k = (short) 3;
        TlsKeyExchange keyExchange = this.P.getKeyExchange();
        this.S = keyExchange;
        keyExchange.init(m());
    }

    public void W(ByteArrayInputStream byteArrayInputStream) throws IOException {
        NewSessionTicket parse = NewSessionTicket.parse(byteArrayInputStream);
        TlsProtocol.c(byteArrayInputStream);
        this.P.notifyNewSessionTicket(parse);
    }

    public void X(ByteArrayInputStream byteArrayInputStream) throws IOException {
        TlsSession tlsSession;
        ProtocolVersion readVersion = TlsUtils.readVersion(byteArrayInputStream);
        if (readVersion.isDTLS()) {
            throw new TlsFatalAlert((short) 47);
        }
        if (!readVersion.equals(this.f19720a.i())) {
            throw new TlsFatalAlert((short) 47);
        }
        if (!readVersion.isEqualOrEarlierVersionOf(m().getClientVersion())) {
            throw new TlsFatalAlert((short) 47);
        }
        this.f19720a.u(readVersion);
        n().c(readVersion);
        this.P.notifyServerVersion(readVersion);
        this.f19724e.f19639h = TlsUtils.readFully(32, byteArrayInputStream);
        byte[] readOpaque8 = TlsUtils.readOpaque8(byteArrayInputStream);
        this.R = readOpaque8;
        if (readOpaque8.length > 32) {
            throw new TlsFatalAlert((short) 47);
        }
        this.P.notifySessionID(readOpaque8);
        byte[] bArr = this.R;
        boolean z = false;
        this.f19731l = bArr.length > 0 && (tlsSession = this.f19722c) != null && Arrays.areEqual(bArr, tlsSession.getSessionID());
        int readUint16 = TlsUtils.readUint16(byteArrayInputStream);
        if (!Arrays.contains(this.f19726g, readUint16) || readUint16 == 0 || CipherSuite.isSCSV(readUint16) || !TlsUtils.isValidCipherSuiteForVersion(readUint16, m().getServerVersion())) {
            throw new TlsFatalAlert((short) 47);
        }
        this.P.notifySelectedCipherSuite(readUint16);
        short readUint8 = TlsUtils.readUint8(byteArrayInputStream);
        if (!Arrays.contains(this.f19727h, readUint8)) {
            throw new TlsFatalAlert((short) 47);
        }
        this.P.notifySelectedCompressionMethod(readUint8);
        this.f19729j = TlsProtocol.F(byteArrayInputStream);
        this.f19724e.o = !TlsUtils.isSSL(this.Q) && TlsExtensionsUtils.hasExtendedMasterSecretExtension(this.f19729j);
        if (!this.f19724e.isExtendedMasterSecret() && (this.f19731l || this.P.requiresExtendedMasterSecret())) {
            throw new TlsFatalAlert((short) 40);
        }
        Hashtable hashtable = this.f19729j;
        if (hashtable != null) {
            Enumeration keys = hashtable.keys();
            while (keys.hasMoreElements()) {
                Integer num = (Integer) keys.nextElement();
                if (!num.equals(TlsProtocol.t) && TlsUtils.getExtensionData(this.f19728i, num) == null) {
                    throw new TlsFatalAlert(AlertDescription.unsupported_extension);
                }
            }
        }
        byte[] extensionData = TlsUtils.getExtensionData(this.f19729j, TlsProtocol.t);
        if (extensionData != null) {
            this.f19733n = true;
            if (!Arrays.constantTimeAreEqual(extensionData, TlsProtocol.i(TlsUtils.EMPTY_BYTES))) {
                throw new TlsFatalAlert((short) 40);
            }
        }
        this.P.notifySecureRenegotiation(this.f19733n);
        Hashtable hashtable2 = this.f19728i;
        Hashtable hashtable3 = this.f19729j;
        if (this.f19731l) {
            if (readUint16 != this.f19723d.getCipherSuite() || readUint8 != this.f19723d.getCompressionAlgorithm()) {
                throw new TlsFatalAlert((short) 47);
            }
            hashtable2 = null;
            hashtable3 = this.f19723d.readServerExtensions();
        }
        SecurityParameters securityParameters = this.f19724e;
        securityParameters.f19633b = readUint16;
        securityParameters.f19634c = readUint8;
        if (hashtable3 != null && !hashtable3.isEmpty()) {
            boolean hasEncryptThenMACExtension = TlsExtensionsUtils.hasEncryptThenMACExtension(hashtable3);
            if (hasEncryptThenMACExtension && !TlsUtils.isBlockCipherSuite(readUint16)) {
                throw new TlsFatalAlert((short) 47);
            }
            SecurityParameters securityParameters2 = this.f19724e;
            securityParameters2.f19645n = hasEncryptThenMACExtension;
            securityParameters2.f19643l = A(hashtable2, hashtable3, (short) 47);
            this.f19724e.f19644m = TlsExtensionsUtils.hasTruncatedHMacExtension(hashtable3);
            this.o = !this.f19731l && TlsUtils.hasExpectedEmptyExtensionData(hashtable3, TlsExtensionsUtils.EXT_status_request, (short) 47);
            if (!this.f19731l && TlsUtils.hasExpectedEmptyExtensionData(hashtable3, TlsProtocol.u, (short) 47)) {
                z = true;
            }
            this.p = z;
        }
        if (hashtable2 != null) {
            this.P.processServerExtensions(hashtable3);
        }
        this.f19724e.f19635d = TlsProtocol.p(m(), this.f19724e.getCipherSuite());
        this.f19724e.f19636e = 12;
    }

    public void Y(DigitallySigned digitallySigned) throws IOException {
        TlsProtocol.HandshakeMessage handshakeMessage = new TlsProtocol.HandshakeMessage(this, (short) 15);
        digitallySigned.encode(handshakeMessage);
        handshakeMessage.a();
    }

    public void Z() throws IOException {
        byte[] bArr;
        SessionParameters sessionParameters;
        this.f19720a.u(this.P.getClientHelloRecordLayerVersion());
        ProtocolVersion clientVersion = this.P.getClientVersion();
        if (clientVersion.isDTLS()) {
            throw new TlsFatalAlert((short) 80);
        }
        n().a(clientVersion);
        byte[] bArr2 = TlsUtils.EMPTY_BYTES;
        TlsSession tlsSession = this.f19722c;
        if (tlsSession == null || (bArr = tlsSession.getSessionID()) == null || bArr.length > 32) {
            bArr = bArr2;
        }
        boolean isFallback = this.P.isFallback();
        this.f19726g = this.P.getCipherSuites();
        this.f19727h = this.P.getCompressionMethods();
        if (bArr.length <= 0 || (sessionParameters = this.f19723d) == null || (sessionParameters.isExtendedMasterSecret() && Arrays.contains(this.f19726g, this.f19723d.getCipherSuite()) && Arrays.contains(this.f19727h, this.f19723d.getCompressionAlgorithm()))) {
            bArr2 = bArr;
        }
        this.f19728i = TlsExtensionsUtils.ensureExtensionsInitialised(this.P.getClientExtensions());
        if (!clientVersion.isSSL()) {
            TlsExtensionsUtils.addExtendedMasterSecretExtension(this.f19728i);
        }
        TlsProtocol.HandshakeMessage handshakeMessage = new TlsProtocol.HandshakeMessage(this, (short) 1);
        TlsUtils.writeVersion(clientVersion, handshakeMessage);
        handshakeMessage.write(this.f19724e.getClientRandom());
        TlsUtils.writeOpaque8(bArr2, handshakeMessage);
        boolean z = TlsUtils.getExtensionData(this.f19728i, TlsProtocol.t) == null;
        boolean z2 = !Arrays.contains(this.f19726g, 255);
        if (z && z2) {
            this.f19726g = Arrays.append(this.f19726g, 255);
        }
        if (isFallback && !Arrays.contains(this.f19726g, CipherSuite.TLS_FALLBACK_SCSV)) {
            this.f19726g = Arrays.append(this.f19726g, CipherSuite.TLS_FALLBACK_SCSV);
        }
        TlsUtils.writeUint16ArrayWithUint16Length(this.f19726g, handshakeMessage);
        TlsUtils.writeUint8ArrayWithUint8Length(this.f19727h, handshakeMessage);
        TlsProtocol.R(handshakeMessage, this.f19728i);
        handshakeMessage.a();
    }

    public void a0() throws IOException {
        TlsProtocol.HandshakeMessage handshakeMessage = new TlsProtocol.HandshakeMessage(this, (short) 16);
        this.S.generateClientKeyExchange(handshakeMessage);
        handshakeMessage.a();
    }

    public void connect(TlsClient tlsClient) throws IOException {
        SessionParameters exportSessionParameters;
        if (tlsClient == null) {
            throw new IllegalArgumentException("'tlsClient' cannot be null");
        }
        if (this.P != null) {
            throw new IllegalStateException("'connect' can only be called once");
        }
        this.P = tlsClient;
        SecurityParameters securityParameters = new SecurityParameters();
        this.f19724e = securityParameters;
        securityParameters.f19632a = 1;
        this.Q = new TlsClientContextImpl(this.f19721b, this.f19724e);
        this.f19724e.f19638g = TlsProtocol.h(tlsClient.shouldUseGMTUnixTime(), this.Q.getNonceRandomGenerator());
        this.P.init(this.Q);
        this.f19720a.j(this.Q);
        TlsSession sessionToResume = tlsClient.getSessionToResume();
        if (sessionToResume != null && sessionToResume.isResumable() && (exportSessionParameters = sessionToResume.exportSessionParameters()) != null && exportSessionParameters.isExtendedMasterSecret()) {
            this.f19722c = sessionToResume;
            this.f19723d = exportSessionParameters;
        }
        Z();
        this.f19730k = (short) 1;
        d();
    }

    @Override // org.bouncycastle.crypto.tls.TlsProtocol
    public void f() {
        super.f();
        this.R = null;
        this.S = null;
        this.T = null;
        this.U = null;
        this.V = null;
    }

    @Override // org.bouncycastle.crypto.tls.TlsProtocol
    public TlsContext m() {
        return this.Q;
    }

    @Override // org.bouncycastle.crypto.tls.TlsProtocol
    public AbstractTlsContext n() {
        return this.Q;
    }

    @Override // org.bouncycastle.crypto.tls.TlsProtocol
    public TlsPeer q() {
        return this.P;
    }

    /* JADX WARN: Failed to find 'out' block for switch in B:26:0x004c. Please report as an issue. */
    @Override // org.bouncycastle.crypto.tls.TlsProtocol
    public void x(short s, ByteArrayInputStream byteArrayInputStream) throws IOException {
        TlsCredentials clientCredentials;
        Certificate certificate;
        if (this.f19731l) {
            if (s != 20 || this.f19730k != 2) {
                throw new TlsFatalAlert((short) 10);
            }
            z(byteArrayInputStream);
            this.f19730k = (short) 15;
            M();
            N();
            this.f19730k = (short) 13;
            g();
            return;
        }
        if (s == 0) {
            TlsProtocol.c(byteArrayInputStream);
            if (this.f19730k == 16) {
                H();
                return;
            }
            return;
        }
        if (s == 2) {
            if (this.f19730k != 1) {
                throw new TlsFatalAlert((short) 10);
            }
            X(byteArrayInputStream);
            this.f19730k = (short) 2;
            this.f19720a.k();
            b();
            if (this.f19731l) {
                this.f19724e.f19637f = Arrays.clone(this.f19723d.getMasterSecret());
                this.f19720a.q(q().getCompression(), q().getCipher());
                return;
            }
            y();
            byte[] bArr = this.R;
            if (bArr.length > 0) {
                this.f19722c = new TlsSessionImpl(bArr, null);
                return;
            }
            return;
        }
        if (s == 4) {
            if (this.f19730k != 13) {
                throw new TlsFatalAlert((short) 10);
            }
            if (!this.p) {
                throw new TlsFatalAlert((short) 10);
            }
            y();
            W(byteArrayInputStream);
            this.f19730k = (short) 14;
            return;
        }
        if (s == 20) {
            short s2 = this.f19730k;
            if (s2 != 13) {
                if (s2 != 14) {
                    throw new TlsFatalAlert((short) 10);
                }
            } else if (this.p) {
                throw new TlsFatalAlert((short) 10);
            }
            z(byteArrayInputStream);
            this.f19730k = (short) 15;
            g();
            return;
        }
        if (s == 22) {
            if (this.f19730k != 4) {
                throw new TlsFatalAlert((short) 10);
            }
            if (!this.o) {
                throw new TlsFatalAlert((short) 10);
            }
            this.U = CertificateStatus.parse(byteArrayInputStream);
            TlsProtocol.c(byteArrayInputStream);
            this.f19730k = (short) 5;
            return;
        }
        if (s == 23) {
            if (this.f19730k != 2) {
                throw new TlsFatalAlert((short) 10);
            }
            V(TlsProtocol.G(byteArrayInputStream));
            return;
        }
        switch (s) {
            case 11:
                short s3 = this.f19730k;
                if (s3 == 2) {
                    V(null);
                } else if (s3 != 3) {
                    throw new TlsFatalAlert((short) 10);
                }
                this.f19725f = Certificate.parse(byteArrayInputStream);
                TlsProtocol.c(byteArrayInputStream);
                Certificate certificate2 = this.f19725f;
                if (certificate2 == null || certificate2.isEmpty()) {
                    this.o = false;
                }
                this.S.processServerCertificate(this.f19725f);
                TlsAuthentication authentication = this.P.getAuthentication();
                this.T = authentication;
                authentication.notifyServerCertificate(this.f19725f);
                this.f19730k = (short) 4;
                return;
            case 12:
                short s4 = this.f19730k;
                if (s4 == 2) {
                    V(null);
                } else if (s4 != 3) {
                    if (s4 != 4 && s4 != 5) {
                        throw new TlsFatalAlert((short) 10);
                    }
                    this.S.processServerKeyExchange(byteArrayInputStream);
                    TlsProtocol.c(byteArrayInputStream);
                    this.f19730k = (short) 6;
                    return;
                }
                this.S.skipServerCredentials();
                this.T = null;
                this.S.processServerKeyExchange(byteArrayInputStream);
                TlsProtocol.c(byteArrayInputStream);
                this.f19730k = (short) 6;
                return;
            case 13:
                short s5 = this.f19730k;
                if (s5 == 4 || s5 == 5) {
                    this.S.skipServerKeyExchange();
                } else if (s5 != 6) {
                    throw new TlsFatalAlert((short) 10);
                }
                if (this.T == null) {
                    throw new TlsFatalAlert((short) 40);
                }
                this.V = CertificateRequest.parse(m(), byteArrayInputStream);
                TlsProtocol.c(byteArrayInputStream);
                this.S.validateCertificateRequest(this.V);
                TlsUtils.j(this.f19720a.f(), this.V.getSupportedSignatureAlgorithms());
                this.f19730k = (short) 7;
                return;
            case 14:
                switch (this.f19730k) {
                    case 2:
                        V(null);
                    case 3:
                        this.S.skipServerCredentials();
                        this.T = null;
                    case 4:
                    case 5:
                        this.S.skipServerKeyExchange();
                    case 6:
                    case 7:
                        TlsProtocol.c(byteArrayInputStream);
                        this.f19730k = (short) 8;
                        this.f19720a.f().sealHashAlgorithms();
                        Vector clientSupplementalData = this.P.getClientSupplementalData();
                        if (clientSupplementalData != null) {
                            O(clientSupplementalData);
                        }
                        this.f19730k = (short) 9;
                        CertificateRequest certificateRequest = this.V;
                        if (certificateRequest == null) {
                            this.S.skipClientCredentials();
                            clientCredentials = null;
                        } else {
                            clientCredentials = this.T.getClientCredentials(certificateRequest);
                            TlsKeyExchange tlsKeyExchange = this.S;
                            if (clientCredentials == null) {
                                tlsKeyExchange.skipClientCredentials();
                                certificate = Certificate.EMPTY_CHAIN;
                            } else {
                                tlsKeyExchange.processClientCredentials(clientCredentials);
                                certificate = clientCredentials.getCertificate();
                            }
                            L(certificate);
                        }
                        this.f19730k = (short) 10;
                        a0();
                        this.f19730k = (short) 11;
                        if (TlsUtils.isSSL(m())) {
                            TlsProtocol.k(m(), this.S);
                        }
                        TlsHandshakeHash l2 = this.f19720a.l();
                        this.f19724e.f19640i = TlsProtocol.o(m(), l2, null);
                        if (!TlsUtils.isSSL(m())) {
                            TlsProtocol.k(m(), this.S);
                        }
                        this.f19720a.q(q().getCompression(), q().getCipher());
                        if (clientCredentials != null && (clientCredentials instanceof TlsSignerCredentials)) {
                            TlsSignerCredentials tlsSignerCredentials = (TlsSignerCredentials) clientCredentials;
                            SignatureAndHashAlgorithm signatureAndHashAlgorithm = TlsUtils.getSignatureAndHashAlgorithm(m(), tlsSignerCredentials);
                            Y(new DigitallySigned(signatureAndHashAlgorithm, tlsSignerCredentials.generateCertificateSignature(signatureAndHashAlgorithm == null ? this.f19724e.getSessionHash() : l2.getFinalHash(signatureAndHashAlgorithm.getHash()))));
                            this.f19730k = (short) 12;
                        }
                        M();
                        N();
                        this.f19730k = (short) 13;
                        return;
                    default:
                        throw new TlsFatalAlert((short) 10);
                }
                break;
            default:
                throw new TlsFatalAlert((short) 10);
        }
    }
}
