package com.aspose.pdf.internal.imaging.internal.bouncycastle.crypto.tls;

import com.aspose.pdf.internal.imaging.internal.bouncycastle.crypto.tls.SessionParameters;
import com.aspose.pdf.internal.imaging.internal.bouncycastle.crypto.tls.z17;
import com.aspose.pdf.internal.imaging.internal.bouncycastle.util.Arrays;
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.security.SecureRandom;
import java.util.Enumeration;
import java.util.Hashtable;
import java.util.Vector;

/* loaded from: classes2.dex */
public class DTLSClientProtocol extends DTLSProtocol {

    /* loaded from: classes2.dex */
    public static class ClientHandshakeState {
        TlsClient m12160 = null;
        z7 m12161 = null;
        TlsSession m12162 = null;
        SessionParameters m12163 = null;
        int[] m12140 = null;
        short[] m12141 = null;
        Hashtable m12164 = null;
        Hashtable m12146 = null;
        byte[] m12165 = null;
        boolean m12166 = false;
        boolean m12167 = false;
        boolean m12168 = false;
        boolean m12169 = false;
        TlsKeyExchange m12170 = null;
        TlsAuthentication m12171 = null;
        CertificateRequest m12172 = null;
        TlsCredentials m12173 = null;

        protected ClientHandshakeState() {
        }
    }

    public DTLSClientProtocol(SecureRandom secureRandom) {
        super(secureRandom);
    }

    private DTLSTransport m1(ClientHandshakeState clientHandshakeState, z16 z16Var) throws IOException {
        z17.z1 z1Var;
        Certificate certificate;
        SecurityParameters securityParameters = clientHandshakeState.m12161.getSecurityParameters();
        z17 z17Var = new z17(clientHandshakeState.m12161, z16Var);
        TlsClient tlsClient = clientHandshakeState.m12160;
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        ProtocolVersion clientVersion = tlsClient.getClientVersion();
        if (!clientVersion.isDTLS()) {
            throw new TlsFatalAlert((short) 80);
        }
        z7 z7Var = clientHandshakeState.m12161;
        z7Var.m1(clientVersion);
        TlsUtils.writeVersion(clientVersion, byteArrayOutputStream);
        byteArrayOutputStream.write(z7Var.getSecurityParameters().getClientRandom());
        byte[] bArr = TlsUtils.EMPTY_BYTES;
        if (clientHandshakeState.m12162 != null && ((bArr = clientHandshakeState.m12162.getSessionID()) == null || bArr.length > 32)) {
            bArr = TlsUtils.EMPTY_BYTES;
        }
        TlsUtils.writeOpaque8(bArr, byteArrayOutputStream);
        TlsUtils.writeOpaque8(TlsUtils.EMPTY_BYTES, byteArrayOutputStream);
        boolean isFallback = tlsClient.isFallback();
        clientHandshakeState.m12140 = tlsClient.getCipherSuites();
        clientHandshakeState.m12164 = tlsClient.getClientExtensions();
        boolean z = TlsUtils.getExtensionData(clientHandshakeState.m12164, TlsProtocol.m12263) == null;
        boolean z2 = !Arrays.contains(clientHandshakeState.m12140, 255);
        if (z && z2) {
            clientHandshakeState.m12140 = Arrays.append(clientHandshakeState.m12140, 255);
        }
        if (isFallback && !Arrays.contains(clientHandshakeState.m12140, CipherSuite.TLS_FALLBACK_SCSV)) {
            clientHandshakeState.m12140 = Arrays.append(clientHandshakeState.m12140, CipherSuite.TLS_FALLBACK_SCSV);
        }
        TlsUtils.writeUint16ArrayWithUint16Length(clientHandshakeState.m12140, byteArrayOutputStream);
        clientHandshakeState.m12141 = new short[]{0};
        TlsUtils.writeUint8ArrayWithUint8Length(clientHandshakeState.m12141, byteArrayOutputStream);
        if (clientHandshakeState.m12164 != null) {
            TlsProtocol.m1(byteArrayOutputStream, clientHandshakeState.m12164);
        }
        byte[] byteArray = byteArrayOutputStream.toByteArray();
        z16Var.m2(ProtocolVersion.DTLSv10);
        z17Var.m1((short) 1, byteArray);
        while (true) {
            z17.z1 m3135 = z17Var.m3135();
            if (m3135.m2() != 3) {
                if (m3135.m2() != 2) {
                    throw new TlsFatalAlert((short) 10);
                }
                ProtocolVersion m3127 = z16Var.m3127();
                m1(clientHandshakeState, m3127);
                z16Var.m2(m3127);
                m1(clientHandshakeState, m3135.m3());
                z17Var.m1();
                m1(z16Var, securityParameters.m12212);
                if (clientHandshakeState.m12166) {
                    securityParameters.m12208 = Arrays.clone(clientHandshakeState.m12163.getMasterSecret());
                    z16Var.m1(clientHandshakeState.m12160.getCipher());
                    m19(z17Var.m1((short) 20), TlsUtils.m1(clientHandshakeState.m12161, ExporterLabel.server_finished, TlsProtocol.m1(clientHandshakeState.m12161, z17Var.m3133(), (byte[]) null)));
                    z17Var.m1((short) 20, TlsUtils.m1(clientHandshakeState.m12161, ExporterLabel.client_finished, TlsProtocol.m1(clientHandshakeState.m12161, z17Var.m3133(), (byte[]) null)));
                    z17Var.m5();
                    clientHandshakeState.m12161.m1(clientHandshakeState.m12162);
                    clientHandshakeState.m12160.notifyHandshakeComplete();
                    return new DTLSTransport(z16Var);
                }
                m1(clientHandshakeState);
                if (clientHandshakeState.m12165.length > 0) {
                    clientHandshakeState.m12162 = new z12(clientHandshakeState.m12165, null);
                }
                z17.z1 m31352 = z17Var.m3135();
                if (m31352.m2() == 23) {
                    clientHandshakeState.m12160.processServerSupplementalData(TlsProtocol.m4(new ByteArrayInputStream(m31352.m3())));
                    m31352 = z17Var.m3135();
                } else {
                    clientHandshakeState.m12160.processServerSupplementalData(null);
                }
                clientHandshakeState.m12170 = clientHandshakeState.m12160.getKeyExchange();
                clientHandshakeState.m12170.init(clientHandshakeState.m12161);
                if (m31352.m2() == 11) {
                    ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(m31352.m3());
                    certificate = Certificate.parse(byteArrayInputStream);
                    TlsProtocol.m2(byteArrayInputStream);
                    clientHandshakeState.m12170.processServerCertificate(certificate);
                    clientHandshakeState.m12171 = clientHandshakeState.m12160.getAuthentication();
                    clientHandshakeState.m12171.notifyServerCertificate(certificate);
                    z1Var = z17Var.m3135();
                } else {
                    clientHandshakeState.m12170.skipServerCredentials();
                    z1Var = m31352;
                    certificate = null;
                }
                if (certificate == null || certificate.isEmpty()) {
                    clientHandshakeState.m12168 = false;
                }
                if (z1Var.m2() == 22) {
                    byte[] m3 = z1Var.m3();
                    if (!clientHandshakeState.m12168) {
                        throw new TlsFatalAlert((short) 10);
                    }
                    ByteArrayInputStream byteArrayInputStream2 = new ByteArrayInputStream(m3);
                    CertificateStatus.parse(byteArrayInputStream2);
                    TlsProtocol.m2(byteArrayInputStream2);
                    z1Var = z17Var.m3135();
                }
                if (z1Var.m2() == 12) {
                    ByteArrayInputStream byteArrayInputStream3 = new ByteArrayInputStream(z1Var.m3());
                    clientHandshakeState.m12170.processServerKeyExchange(byteArrayInputStream3);
                    TlsProtocol.m2(byteArrayInputStream3);
                    z1Var = z17Var.m3135();
                } else {
                    clientHandshakeState.m12170.skipServerKeyExchange();
                }
                if (z1Var.m2() == 13) {
                    byte[] m32 = z1Var.m3();
                    if (clientHandshakeState.m12171 == null) {
                        throw new TlsFatalAlert((short) 40);
                    }
                    ByteArrayInputStream byteArrayInputStream4 = new ByteArrayInputStream(m32);
                    clientHandshakeState.m12172 = CertificateRequest.parse(clientHandshakeState.m12161, byteArrayInputStream4);
                    TlsProtocol.m2(byteArrayInputStream4);
                    clientHandshakeState.m12170.validateCertificateRequest(clientHandshakeState.m12172);
                    TlsUtils.m1(z17Var.m3133(), clientHandshakeState.m12172.getSupportedSignatureAlgorithms());
                    z1Var = z17Var.m3135();
                }
                if (z1Var.m2() != 14) {
                    throw new TlsFatalAlert((short) 10);
                }
                if (z1Var.m3().length != 0) {
                    throw new TlsFatalAlert((short) 50);
                }
                z17Var.m3133().sealHashAlgorithms();
                Vector clientSupplementalData = clientHandshakeState.m12160.getClientSupplementalData();
                if (clientSupplementalData != null) {
                    z17Var.m1((short) 23, m6(clientSupplementalData));
                }
                if (clientHandshakeState.m12172 != null) {
                    clientHandshakeState.m12173 = clientHandshakeState.m12171.getClientCredentials(clientHandshakeState.m12172);
                    Certificate certificate2 = clientHandshakeState.m12173 != null ? clientHandshakeState.m12173.getCertificate() : null;
                    if (certificate2 == null) {
                        certificate2 = Certificate.EMPTY_CHAIN;
                    }
                    z17Var.m1((short) 11, m1(certificate2));
                }
                if (clientHandshakeState.m12173 != null) {
                    clientHandshakeState.m12170.processClientCredentials(clientHandshakeState.m12173);
                } else {
                    clientHandshakeState.m12170.skipClientCredentials();
                }
                ByteArrayOutputStream byteArrayOutputStream2 = new ByteArrayOutputStream();
                clientHandshakeState.m12170.generateClientKeyExchange(byteArrayOutputStream2);
                z17Var.m1((short) 16, byteArrayOutputStream2.toByteArray());
                TlsHandshakeHash m3134 = z17Var.m3134();
                securityParameters.m12211 = TlsProtocol.m1(clientHandshakeState.m12161, m3134, (byte[]) null);
                TlsProtocol.m1(clientHandshakeState.m12161, clientHandshakeState.m12170);
                z16Var.m1(clientHandshakeState.m12160.getCipher());
                if (clientHandshakeState.m12173 != null && (clientHandshakeState.m12173 instanceof TlsSignerCredentials)) {
                    TlsSignerCredentials tlsSignerCredentials = (TlsSignerCredentials) clientHandshakeState.m12173;
                    SignatureAndHashAlgorithm signatureAndHashAlgorithm = TlsUtils.getSignatureAndHashAlgorithm(clientHandshakeState.m12161, tlsSignerCredentials);
                    DigitallySigned digitallySigned = new DigitallySigned(signatureAndHashAlgorithm, tlsSignerCredentials.generateCertificateSignature(signatureAndHashAlgorithm == null ? securityParameters.getSessionHash() : m3134.getFinalHash(signatureAndHashAlgorithm.getHash())));
                    ByteArrayOutputStream byteArrayOutputStream3 = new ByteArrayOutputStream();
                    digitallySigned.encode(byteArrayOutputStream3);
                    z17Var.m1((short) 15, byteArrayOutputStream3.toByteArray());
                }
                z17Var.m1((short) 20, TlsUtils.m1(clientHandshakeState.m12161, ExporterLabel.client_finished, TlsProtocol.m1(clientHandshakeState.m12161, z17Var.m3133(), (byte[]) null)));
                if (clientHandshakeState.m12169) {
                    z17.z1 m31353 = z17Var.m3135();
                    if (m31353.m2() != 4) {
                        throw new TlsFatalAlert((short) 10);
                    }
                    ByteArrayInputStream byteArrayInputStream5 = new ByteArrayInputStream(m31353.m3());
                    NewSessionTicket parse = NewSessionTicket.parse(byteArrayInputStream5);
                    TlsProtocol.m2(byteArrayInputStream5);
                    clientHandshakeState.m12160.notifyNewSessionTicket(parse);
                }
                m19(z17Var.m1((short) 20), TlsUtils.m1(clientHandshakeState.m12161, ExporterLabel.server_finished, TlsProtocol.m1(clientHandshakeState.m12161, z17Var.m3133(), (byte[]) null)));
                z17Var.m5();
                if (clientHandshakeState.m12162 != null) {
                    clientHandshakeState.m12163 = new SessionParameters.Builder().setCipherSuite(securityParameters.getCipherSuite()).setCompressionAlgorithm(securityParameters.getCompressionAlgorithm()).setMasterSecret(securityParameters.getMasterSecret()).setPeerCertificate(certificate).setPSKIdentity(securityParameters.getPSKIdentity()).setSRPIdentity(securityParameters.getSRPIdentity()).setServerExtensions(clientHandshakeState.m12146).build();
                    clientHandshakeState.m12162 = TlsUtils.importSession(clientHandshakeState.m12162.getSessionID(), clientHandshakeState.m12163);
                    clientHandshakeState.m12161.m1(clientHandshakeState.m12162);
                }
                clientHandshakeState.m12160.notifyHandshakeComplete();
                return new DTLSTransport(z16Var);
            }
            if (!z16Var.m3127().isEqualOrEarlierVersionOf(clientHandshakeState.m12161.getClientVersion())) {
                throw new TlsFatalAlert((short) 47);
            }
            z16Var.m1((ProtocolVersion) null);
            ByteArrayInputStream byteArrayInputStream6 = new ByteArrayInputStream(m3135.m3());
            ProtocolVersion readVersion = TlsUtils.readVersion(byteArrayInputStream6);
            byte[] readOpaque8 = TlsUtils.readOpaque8(byteArrayInputStream6);
            TlsProtocol.m2(byteArrayInputStream6);
            if (!readVersion.isEqualOrEarlierVersionOf(clientHandshakeState.m12161.getClientVersion())) {
                throw new TlsFatalAlert((short) 47);
            }
            if (!ProtocolVersion.DTLSv12.isEqualOrEarlierVersionOf(readVersion) && readOpaque8.length > 32) {
                throw new TlsFatalAlert((short) 47);
            }
            int readUint8 = TlsUtils.readUint8(byteArray, 34) + 35;
            int i = readUint8 + 1;
            byte[] bArr2 = new byte[byteArray.length + readOpaque8.length];
            System.arraycopy(byteArray, 0, bArr2, 0, readUint8);
            TlsUtils.checkUint8(readOpaque8.length);
            TlsUtils.writeUint8(readOpaque8.length, bArr2, readUint8);
            System.arraycopy(readOpaque8, 0, bArr2, i, readOpaque8.length);
            System.arraycopy(byteArray, i, bArr2, readOpaque8.length + i, byteArray.length - i);
            z17Var.m6();
            z17Var.m1((short) 1, bArr2);
        }
    }

    private static void m1(ClientHandshakeState clientHandshakeState) {
        if (clientHandshakeState.m12163 != null) {
            clientHandshakeState.m12163.clear();
            clientHandshakeState.m12163 = null;
        }
        if (clientHandshakeState.m12162 != null) {
            clientHandshakeState.m12162.invalidate();
            clientHandshakeState.m12162 = null;
        }
    }

    private static void m1(ClientHandshakeState clientHandshakeState, ProtocolVersion protocolVersion) throws IOException {
        z7 z7Var = clientHandshakeState.m12161;
        ProtocolVersion serverVersion = z7Var.getServerVersion();
        if (serverVersion == null) {
            z7Var.m2(protocolVersion);
            clientHandshakeState.m12160.notifyServerVersion(protocolVersion);
        } else if (!serverVersion.equals(protocolVersion)) {
            throw new TlsFatalAlert((short) 47);
        }
    }

    private void m1(ClientHandshakeState clientHandshakeState, z16 z16Var, short s) {
        z16Var.m1(s);
        m1(clientHandshakeState);
    }

    private void m1(ClientHandshakeState clientHandshakeState, byte[] bArr) throws IOException {
        SecurityParameters securityParameters = clientHandshakeState.m12161.getSecurityParameters();
        ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(bArr);
        m1(clientHandshakeState, TlsUtils.readVersion(byteArrayInputStream));
        securityParameters.m12210 = TlsUtils.readFully(32, byteArrayInputStream);
        clientHandshakeState.m12165 = TlsUtils.readOpaque8(byteArrayInputStream);
        if (clientHandshakeState.m12165.length > 32) {
            throw new TlsFatalAlert((short) 47);
        }
        clientHandshakeState.m12160.notifySessionID(clientHandshakeState.m12165);
        boolean z = false;
        clientHandshakeState.m12166 = clientHandshakeState.m12165.length > 0 && clientHandshakeState.m12162 != null && Arrays.areEqual(clientHandshakeState.m12165, clientHandshakeState.m12162.getSessionID());
        int readUint16 = TlsUtils.readUint16(byteArrayInputStream);
        if (!Arrays.contains(clientHandshakeState.m12140, readUint16) || readUint16 == 0 || CipherSuite.isSCSV(readUint16) || !TlsUtils.isValidCipherSuiteForVersion(readUint16, clientHandshakeState.m12161.getServerVersion())) {
            throw new TlsFatalAlert((short) 47);
        }
        m8(readUint16, (short) 47);
        clientHandshakeState.m12160.notifySelectedCipherSuite(readUint16);
        short readUint8 = TlsUtils.readUint8(byteArrayInputStream);
        if (!Arrays.contains(clientHandshakeState.m12141, readUint8)) {
            throw new TlsFatalAlert((short) 47);
        }
        clientHandshakeState.m12160.notifySelectedCompressionMethod(readUint8);
        clientHandshakeState.m12146 = TlsProtocol.m3(byteArrayInputStream);
        if (clientHandshakeState.m12146 != null) {
            Enumeration keys = clientHandshakeState.m12146.keys();
            while (keys.hasMoreElements()) {
                Integer num = (Integer) keys.nextElement();
                if (!num.equals(TlsProtocol.m12263)) {
                    if (TlsUtils.getExtensionData(clientHandshakeState.m12164, num) == null) {
                        throw new TlsFatalAlert(AlertDescription.unsupported_extension);
                    }
                    boolean z2 = clientHandshakeState.m12166;
                }
            }
        }
        byte[] extensionData = TlsUtils.getExtensionData(clientHandshakeState.m12146, TlsProtocol.m12263);
        if (extensionData != null) {
            clientHandshakeState.m12167 = true;
            if (!Arrays.constantTimeAreEqual(extensionData, TlsProtocol.m148(TlsUtils.EMPTY_BYTES))) {
                throw new TlsFatalAlert((short) 40);
            }
        }
        clientHandshakeState.m12160.notifySecureRenegotiation(clientHandshakeState.m12167);
        Hashtable hashtable = clientHandshakeState.m12164;
        Hashtable hashtable2 = clientHandshakeState.m12146;
        if (clientHandshakeState.m12166) {
            if (readUint16 != clientHandshakeState.m12163.getCipherSuite() || readUint8 != clientHandshakeState.m12163.getCompressionAlgorithm()) {
                throw new TlsFatalAlert((short) 47);
            }
            hashtable = null;
            hashtable2 = clientHandshakeState.m12163.readServerExtensions();
        }
        securityParameters.m12204 = readUint16;
        securityParameters.m12205 = readUint8;
        if (hashtable2 != null) {
            boolean hasEncryptThenMACExtension = TlsExtensionsUtils.hasEncryptThenMACExtension(hashtable2);
            if (hasEncryptThenMACExtension && !TlsUtils.isBlockCipherSuite(securityParameters.getCipherSuite())) {
                throw new TlsFatalAlert((short) 47);
            }
            securityParameters.m12214 = hasEncryptThenMACExtension;
            securityParameters.m12215 = TlsExtensionsUtils.hasExtendedMasterSecretExtension(hashtable2);
            securityParameters.m12212 = m1(clientHandshakeState.m12166, hashtable, hashtable2, (short) 47);
            securityParameters.m12213 = TlsExtensionsUtils.hasTruncatedHMacExtension(hashtable2);
            clientHandshakeState.m12168 = !clientHandshakeState.m12166 && TlsUtils.hasExpectedEmptyExtensionData(hashtable2, TlsExtensionsUtils.EXT_status_request, (short) 47);
            if (!clientHandshakeState.m12166 && TlsUtils.hasExpectedEmptyExtensionData(hashtable2, TlsProtocol.m12264, (short) 47)) {
                z = true;
            }
            clientHandshakeState.m12169 = z;
        }
        if (hashtable != null) {
            clientHandshakeState.m12160.processServerExtensions(hashtable2);
        }
        securityParameters.m12206 = TlsProtocol.m1(clientHandshakeState.m12161, securityParameters.getCipherSuite());
        securityParameters.m12207 = 12;
    }

    public DTLSTransport connect(TlsClient tlsClient, DatagramTransport datagramTransport) throws IOException {
        SessionParameters exportSessionParameters;
        if (tlsClient == null) {
            throw new IllegalArgumentException("'client' cannot be null");
        }
        if (datagramTransport == null) {
            throw new IllegalArgumentException("'transport' cannot be null");
        }
        SecurityParameters securityParameters = new SecurityParameters();
        securityParameters.m12203 = 1;
        ClientHandshakeState clientHandshakeState = new ClientHandshakeState();
        clientHandshakeState.m12160 = tlsClient;
        clientHandshakeState.m12161 = new z7(this.secureRandom, securityParameters);
        securityParameters.m12209 = TlsProtocol.m1(tlsClient.shouldUseGMTUnixTime(), clientHandshakeState.m12161.getNonceRandomGenerator());
        tlsClient.init(clientHandshakeState.m12161);
        z16 z16Var = new z16(datagramTransport, clientHandshakeState.m12161, tlsClient);
        TlsSession sessionToResume = clientHandshakeState.m12160.getSessionToResume();
        if (sessionToResume != null && sessionToResume.isResumable() && (exportSessionParameters = sessionToResume.exportSessionParameters()) != null) {
            clientHandshakeState.m12162 = sessionToResume;
            clientHandshakeState.m12163 = exportSessionParameters;
        }
        try {
            try {
                try {
                    return m1(clientHandshakeState, z16Var);
                } catch (RuntimeException e) {
                    m1(clientHandshakeState, z16Var, (short) 80);
                    throw new TlsFatalAlert((short) 80, e);
                }
            } catch (TlsFatalAlert e2) {
                m1(clientHandshakeState, z16Var, e2.getAlertDescription());
                throw e2;
            } catch (IOException e3) {
                m1(clientHandshakeState, z16Var, (short) 80);
                throw e3;
            }
        } finally {
            securityParameters.clear();
        }
    }
}
