package cn.org.bjca.mssp.msspjce.crypto.tls;

import cn.org.bjca.mssp.msspjce.crypto.tls.SessionParameters;
import cn.org.bjca.mssp.msspjce.util.Arrays;
import defpackage.a7;
import defpackage.g7;
import defpackage.h7;
import defpackage.l7;
import defpackage.z6;
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.security.SecureRandom;
import java.util.Enumeration;
import java.util.Hashtable;
import java.util.Vector;

/* loaded from: classes.dex */
public class DTLSClientProtocol extends DTLSProtocol {

    /* loaded from: classes.dex */
    public static class ClientHandshakeState {
        public CertificateStatus q;
        public TlsClient a = null;
        public g7 b = null;
        public TlsSession c = null;
        public SessionParameters d = null;
        public int[] e = null;
        public short[] f = null;
        public Hashtable g = null;
        public byte[] h = null;
        public int i = -1;
        public short j = -1;
        public boolean k = false;
        public short l = -1;
        public boolean m = false;
        public boolean n = false;
        public TlsKeyExchange o = null;
        public TlsAuthentication p = null;
        public CertificateRequest r = null;
        public TlsCredentials s = null;
    }

    public DTLSClientProtocol(SecureRandom secureRandom) {
        super(secureRandom);
    }

    public static byte[] patchClientHelloWithCookie(byte[] bArr, byte[] bArr2) throws IOException {
        int readUint8 = 35 + TlsUtils.readUint8(bArr, 34);
        int i = readUint8 + 1;
        byte[] bArr3 = new byte[bArr.length + bArr2.length];
        System.arraycopy(bArr, 0, bArr3, 0, readUint8);
        TlsUtils.checkUint8(bArr2.length);
        TlsUtils.writeUint8(bArr2.length, bArr3, readUint8);
        System.arraycopy(bArr2, 0, bArr3, i, bArr2.length);
        System.arraycopy(bArr, i, bArr3, bArr2.length + i, bArr.length - i);
        return bArr3;
    }

    public DTLSTransport clientHandshake(ClientHandshakeState clientHandshakeState, z6 z6Var) throws IOException {
        a7.b bVar;
        Certificate certificate;
        byte[] currentPRFHash;
        SignatureAndHashAlgorithm signatureAndHashAlgorithm;
        TlsSession tlsSession;
        SecurityParameters securityParameters = clientHandshakeState.b.getSecurityParameters();
        a7 a7Var = new a7(clientHandshakeState.b, z6Var);
        byte[] generateClientHello = generateClientHello(clientHandshakeState, clientHandshakeState.a);
        a7Var.r((short) 1, generateClientHello);
        a7.b m = a7Var.m();
        while (m.c() == 3) {
            if (!z6Var.i().isEqualOrEarlierVersionOf(clientHandshakeState.b.getClientVersion())) {
                throw new TlsFatalAlert((short) 47);
            }
            byte[] patchClientHelloWithCookie = patchClientHelloWithCookie(generateClientHello, processHelloVerifyRequest(clientHandshakeState, m.a()));
            a7Var.q();
            a7Var.r((short) 1, patchClientHelloWithCookie);
            m = a7Var.m();
        }
        if (m.c() != 2) {
            throw new TlsFatalAlert((short) 10);
        }
        reportServerVersion(clientHandshakeState, z6Var.c());
        processServerHello(clientHandshakeState, m.a());
        short s = clientHandshakeState.l;
        if (s >= 0) {
            z6Var.l(1 << (s + 8));
        }
        int i = clientHandshakeState.i;
        securityParameters.b = i;
        securityParameters.c = clientHandshakeState.j;
        securityParameters.d = TlsProtocol.getPRFAlgorithm(clientHandshakeState.b, i);
        securityParameters.e = 12;
        a7Var.j();
        byte[] bArr = clientHandshakeState.h;
        if (bArr.length > 0 && (tlsSession = clientHandshakeState.c) != null && Arrays.areEqual(bArr, tlsSession.getSessionID())) {
            if (securityParameters.getCipherSuite() != clientHandshakeState.d.getCipherSuite() || securityParameters.getCompressionAlgorithm() != clientHandshakeState.d.getCompressionAlgorithm()) {
                throw new TlsFatalAlert((short) 47);
            }
            securityParameters.f = Arrays.clone(clientHandshakeState.d.getMasterSecret());
            z6Var.f(clientHandshakeState.a.getCipher());
            g7 g7Var = clientHandshakeState.b;
            processFinished(a7Var.n((short) 20), TlsUtils.f(g7Var, ExporterLabel.server_finished, TlsProtocol.getCurrentPRFHash(g7Var, a7Var.i(), null)));
            g7 g7Var2 = clientHandshakeState.b;
            a7Var.r((short) 20, TlsUtils.f(g7Var2, ExporterLabel.client_finished, TlsProtocol.getCurrentPRFHash(g7Var2, a7Var.i(), null)));
            a7Var.h();
            clientHandshakeState.b.b(clientHandshakeState.c);
            clientHandshakeState.a.notifyHandshakeComplete();
            return new DTLSTransport(z6Var);
        }
        invalidateSession(clientHandshakeState);
        byte[] bArr2 = clientHandshakeState.h;
        if (bArr2.length > 0) {
            clientHandshakeState.c = new l7(bArr2, null);
        }
        a7.b m2 = a7Var.m();
        if (m2.c() == 23) {
            processServerSupplementalData(clientHandshakeState, m2.a());
            m2 = a7Var.m();
        } else {
            clientHandshakeState.a.processServerSupplementalData(null);
        }
        TlsKeyExchange keyExchange = clientHandshakeState.a.getKeyExchange();
        clientHandshakeState.o = keyExchange;
        keyExchange.init(clientHandshakeState.b);
        if (m2.c() == 11) {
            certificate = processServerCertificate(clientHandshakeState, m2.a());
            bVar = a7Var.m();
        } else {
            clientHandshakeState.o.skipServerCredentials();
            bVar = m2;
            certificate = null;
        }
        if (certificate == null || certificate.isEmpty()) {
            clientHandshakeState.m = false;
        }
        if (bVar.c() == 22) {
            processCertificateStatus(clientHandshakeState, bVar.a());
            bVar = a7Var.m();
        }
        if (bVar.c() == 12) {
            processServerKeyExchange(clientHandshakeState, bVar.a());
            bVar = a7Var.m();
        } else {
            clientHandshakeState.o.skipServerKeyExchange();
        }
        if (bVar.c() == 13) {
            processCertificateRequest(clientHandshakeState, bVar.a());
            TlsUtils.k(a7Var.i(), clientHandshakeState.r.getSupportedSignatureAlgorithms());
            bVar = a7Var.m();
        }
        if (bVar.c() != 14) {
            throw new TlsFatalAlert((short) 10);
        }
        if (bVar.a().length != 0) {
            throw new TlsFatalAlert((short) 50);
        }
        a7Var.i().f();
        Vector clientSupplementalData = clientHandshakeState.a.getClientSupplementalData();
        if (clientSupplementalData != null) {
            a7Var.r((short) 23, DTLSProtocol.generateSupplementalData(clientSupplementalData));
        }
        CertificateRequest certificateRequest = clientHandshakeState.r;
        if (certificateRequest != null) {
            TlsCredentials clientCredentials = clientHandshakeState.p.getClientCredentials(certificateRequest);
            clientHandshakeState.s = clientCredentials;
            Certificate certificate2 = clientCredentials != null ? clientCredentials.getCertificate() : null;
            if (certificate2 == null) {
                certificate2 = Certificate.EMPTY_CHAIN;
            }
            a7Var.r((short) 11, DTLSProtocol.generateCertificate(certificate2));
        }
        TlsCredentials tlsCredentials = clientHandshakeState.s;
        if (tlsCredentials != null) {
            clientHandshakeState.o.processClientCredentials(tlsCredentials);
        } else {
            clientHandshakeState.o.skipClientCredentials();
        }
        a7Var.r((short) 16, generateClientKeyExchange(clientHandshakeState));
        TlsProtocol.establishMasterSecret(clientHandshakeState.b, clientHandshakeState.o);
        z6Var.f(clientHandshakeState.a.getCipher());
        h7 l = a7Var.l();
        TlsCredentials tlsCredentials2 = clientHandshakeState.s;
        if (tlsCredentials2 != null && (tlsCredentials2 instanceof TlsSignerCredentials)) {
            TlsSignerCredentials tlsSignerCredentials = (TlsSignerCredentials) tlsCredentials2;
            if (TlsUtils.isTLSv12(clientHandshakeState.b)) {
                signatureAndHashAlgorithm = tlsSignerCredentials.getSignatureAndHashAlgorithm();
                if (signatureAndHashAlgorithm == null) {
                    throw new TlsFatalAlert((short) 80);
                }
                currentPRFHash = l.e(signatureAndHashAlgorithm.getHash());
            } else {
                currentPRFHash = TlsProtocol.getCurrentPRFHash(clientHandshakeState.b, l, null);
                signatureAndHashAlgorithm = null;
            }
            a7Var.r((short) 15, generateCertificateVerify(clientHandshakeState, new DigitallySigned(signatureAndHashAlgorithm, tlsSignerCredentials.generateCertificateSignature(currentPRFHash))));
        }
        g7 g7Var3 = clientHandshakeState.b;
        a7Var.r((short) 20, TlsUtils.f(g7Var3, ExporterLabel.client_finished, TlsProtocol.getCurrentPRFHash(g7Var3, a7Var.i(), null)));
        if (clientHandshakeState.n) {
            a7.b m3 = a7Var.m();
            if (m3.c() != 4) {
                throw new TlsFatalAlert((short) 10);
            }
            processNewSessionTicket(clientHandshakeState, m3.a());
        }
        g7 g7Var4 = clientHandshakeState.b;
        processFinished(a7Var.n((short) 20), TlsUtils.f(g7Var4, ExporterLabel.server_finished, TlsProtocol.getCurrentPRFHash(g7Var4, a7Var.i(), null)));
        a7Var.h();
        if (clientHandshakeState.c != null) {
            clientHandshakeState.d = new SessionParameters.Builder().setCipherSuite(securityParameters.b).setCompressionAlgorithm(securityParameters.c).setMasterSecret(securityParameters.f).setPeerCertificate(certificate).build();
            TlsSession importSession = TlsUtils.importSession(clientHandshakeState.c.getSessionID(), clientHandshakeState.d);
            clientHandshakeState.c = importSession;
            clientHandshakeState.b.b(importSession);
        }
        clientHandshakeState.a.notifyHandshakeComplete();
        return new DTLSTransport(z6Var);
    }

    public DTLSTransport connect(TlsClient tlsClient, DatagramTransport datagramTransport) throws IOException {
        SessionParameters exportSessionParameters;
        if (tlsClient == null) {
            throw new IllegalArgumentException("'client' cannot be null");
        }
        if (datagramTransport == null) {
            throw new IllegalArgumentException("'transport' cannot be null");
        }
        SecurityParameters securityParameters = new SecurityParameters();
        securityParameters.a = 1;
        securityParameters.g = TlsProtocol.createRandomBlock(this.secureRandom);
        ClientHandshakeState clientHandshakeState = new ClientHandshakeState();
        clientHandshakeState.a = tlsClient;
        g7 g7Var = new g7(this.secureRandom, securityParameters);
        clientHandshakeState.b = g7Var;
        tlsClient.init(g7Var);
        z6 z6Var = new z6(datagramTransport, clientHandshakeState.b, tlsClient, (short) 22);
        TlsSession sessionToResume = clientHandshakeState.a.getSessionToResume();
        if (sessionToResume != null && (exportSessionParameters = sessionToResume.exportSessionParameters()) != null) {
            clientHandshakeState.c = sessionToResume;
            clientHandshakeState.d = exportSessionParameters;
        }
        try {
            return clientHandshake(clientHandshakeState, z6Var);
        } catch (TlsFatalAlert e) {
            z6Var.b(e.getAlertDescription());
            throw e;
        } catch (IOException e2) {
            z6Var.b((short) 80);
            throw e2;
        } catch (RuntimeException unused) {
            z6Var.b((short) 80);
            throw new TlsFatalAlert((short) 80);
        }
    }

    public byte[] generateCertificateVerify(ClientHandshakeState clientHandshakeState, DigitallySigned digitallySigned) throws IOException {
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        digitallySigned.encode(byteArrayOutputStream);
        return byteArrayOutputStream.toByteArray();
    }

    public byte[] generateClientHello(ClientHandshakeState clientHandshakeState, TlsClient tlsClient) throws IOException {
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        ProtocolVersion clientVersion = tlsClient.getClientVersion();
        if (!clientVersion.isDTLS()) {
            throw new TlsFatalAlert((short) 80);
        }
        clientHandshakeState.b.a(clientVersion);
        TlsUtils.writeVersion(clientVersion, byteArrayOutputStream);
        byteArrayOutputStream.write(clientHandshakeState.b.getSecurityParameters().getClientRandom());
        byte[] bArr = TlsUtils.EMPTY_BYTES;
        TlsSession tlsSession = clientHandshakeState.c;
        if (tlsSession != null && ((bArr = tlsSession.getSessionID()) == null || bArr.length > 32)) {
            bArr = TlsUtils.EMPTY_BYTES;
        }
        TlsUtils.writeOpaque8(bArr, byteArrayOutputStream);
        TlsUtils.writeOpaque8(TlsUtils.EMPTY_BYTES, byteArrayOutputStream);
        clientHandshakeState.e = tlsClient.getCipherSuites();
        Hashtable clientExtensions = tlsClient.getClientExtensions();
        clientHandshakeState.g = clientExtensions;
        boolean z = TlsUtils.getExtensionData(clientExtensions, TlsProtocol.EXT_RenegotiationInfo) == null;
        boolean z2 = !Arrays.contains(clientHandshakeState.e, 255);
        if (z && z2) {
            clientHandshakeState.e = Arrays.append(clientHandshakeState.e, 255);
        }
        TlsUtils.writeUint16ArrayWithUint16Length(clientHandshakeState.e, byteArrayOutputStream);
        short[] sArr = new short[1];
        clientHandshakeState.f = sArr;
        TlsUtils.writeUint8ArrayWithUint8Length(sArr, byteArrayOutputStream);
        Hashtable hashtable = clientHandshakeState.g;
        if (hashtable != null) {
            TlsProtocol.writeExtensions(byteArrayOutputStream, hashtable);
        }
        return byteArrayOutputStream.toByteArray();
    }

    public byte[] generateClientKeyExchange(ClientHandshakeState clientHandshakeState) throws IOException {
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        clientHandshakeState.o.generateClientKeyExchange(byteArrayOutputStream);
        return byteArrayOutputStream.toByteArray();
    }

    public void invalidateSession(ClientHandshakeState clientHandshakeState) {
        SessionParameters sessionParameters = clientHandshakeState.d;
        if (sessionParameters != null) {
            sessionParameters.clear();
            clientHandshakeState.d = null;
        }
        TlsSession tlsSession = clientHandshakeState.c;
        if (tlsSession != null) {
            tlsSession.invalidate();
            clientHandshakeState.c = null;
        }
    }

    public void processCertificateRequest(ClientHandshakeState clientHandshakeState, byte[] bArr) throws IOException {
        if (clientHandshakeState.p == null) {
            throw new TlsFatalAlert((short) 40);
        }
        ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(bArr);
        clientHandshakeState.r = CertificateRequest.parse(clientHandshakeState.b, byteArrayInputStream);
        TlsProtocol.assertEmpty(byteArrayInputStream);
        clientHandshakeState.o.validateCertificateRequest(clientHandshakeState.r);
    }

    public void processCertificateStatus(ClientHandshakeState clientHandshakeState, byte[] bArr) throws IOException {
        if (!clientHandshakeState.m) {
            throw new TlsFatalAlert((short) 10);
        }
        ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(bArr);
        clientHandshakeState.q = CertificateStatus.parse(byteArrayInputStream);
        TlsProtocol.assertEmpty(byteArrayInputStream);
    }

    public byte[] processHelloVerifyRequest(ClientHandshakeState clientHandshakeState, byte[] bArr) throws IOException {
        ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(bArr);
        ProtocolVersion readVersion = TlsUtils.readVersion(byteArrayInputStream);
        byte[] readOpaque8 = TlsUtils.readOpaque8(byteArrayInputStream);
        TlsProtocol.assertEmpty(byteArrayInputStream);
        if (!readVersion.isEqualOrEarlierVersionOf(clientHandshakeState.b.getClientVersion())) {
            throw new TlsFatalAlert((short) 47);
        }
        if (ProtocolVersion.DTLSv12.isEqualOrEarlierVersionOf(readVersion) || readOpaque8.length <= 32) {
            return readOpaque8;
        }
        throw new TlsFatalAlert((short) 47);
    }

    public void processNewSessionTicket(ClientHandshakeState clientHandshakeState, byte[] bArr) throws IOException {
        ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(bArr);
        NewSessionTicket parse = NewSessionTicket.parse(byteArrayInputStream);
        TlsProtocol.assertEmpty(byteArrayInputStream);
        clientHandshakeState.a.notifyNewSessionTicket(parse);
    }

    public Certificate processServerCertificate(ClientHandshakeState clientHandshakeState, byte[] bArr) throws IOException {
        ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(bArr);
        Certificate parse = Certificate.parse(byteArrayInputStream);
        TlsProtocol.assertEmpty(byteArrayInputStream);
        clientHandshakeState.o.processServerCertificate(parse);
        TlsAuthentication authentication = clientHandshakeState.a.getAuthentication();
        clientHandshakeState.p = authentication;
        authentication.notifyServerCertificate(parse);
        return parse;
    }

    public void processServerHello(ClientHandshakeState clientHandshakeState, byte[] bArr) throws IOException {
        int i;
        SecurityParameters securityParameters = clientHandshakeState.b.getSecurityParameters();
        ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(bArr);
        reportServerVersion(clientHandshakeState, TlsUtils.readVersion(byteArrayInputStream));
        securityParameters.h = TlsUtils.readFully(32, byteArrayInputStream);
        byte[] readOpaque8 = TlsUtils.readOpaque8(byteArrayInputStream);
        clientHandshakeState.h = readOpaque8;
        if (readOpaque8.length > 32) {
            throw new TlsFatalAlert((short) 47);
        }
        clientHandshakeState.a.notifySessionID(readOpaque8);
        int readUint16 = TlsUtils.readUint16(byteArrayInputStream);
        clientHandshakeState.i = readUint16;
        if (!Arrays.contains(clientHandshakeState.e, readUint16) || (i = clientHandshakeState.i) == 0 || i == 255) {
            throw new TlsFatalAlert((short) 47);
        }
        DTLSProtocol.validateSelectedCipherSuite(i, (short) 47);
        clientHandshakeState.a.notifySelectedCipherSuite(clientHandshakeState.i);
        short readUint8 = TlsUtils.readUint8(byteArrayInputStream);
        clientHandshakeState.j = readUint8;
        if (!Arrays.contains(clientHandshakeState.f, readUint8)) {
            throw new TlsFatalAlert((short) 47);
        }
        clientHandshakeState.a.notifySelectedCompressionMethod(clientHandshakeState.j);
        Hashtable readExtensions = TlsProtocol.readExtensions(byteArrayInputStream);
        if (readExtensions != null) {
            Enumeration keys = readExtensions.keys();
            while (keys.hasMoreElements()) {
                Integer num = (Integer) keys.nextElement();
                if (!num.equals(TlsProtocol.EXT_RenegotiationInfo) && TlsUtils.getExtensionData(clientHandshakeState.g, num) == null) {
                    throw new TlsFatalAlert(AlertDescription.unsupported_extension);
                }
            }
            byte[] bArr2 = (byte[]) readExtensions.get(TlsProtocol.EXT_RenegotiationInfo);
            if (bArr2 != null) {
                clientHandshakeState.k = true;
                if (!Arrays.constantTimeAreEqual(bArr2, TlsProtocol.createRenegotiationInfo(TlsUtils.EMPTY_BYTES))) {
                    throw new TlsFatalAlert((short) 40);
                }
            }
            clientHandshakeState.l = DTLSProtocol.evaluateMaxFragmentLengthExtension(clientHandshakeState.g, readExtensions, (short) 47);
            securityParameters.j = TlsExtensionsUtils.hasTruncatedHMacExtension(readExtensions);
            clientHandshakeState.m = TlsUtils.hasExpectedEmptyExtensionData(readExtensions, TlsExtensionsUtils.EXT_status_request, (short) 47);
            clientHandshakeState.n = TlsUtils.hasExpectedEmptyExtensionData(readExtensions, TlsProtocol.EXT_SessionTicket, (short) 47);
        }
        clientHandshakeState.a.notifySecureRenegotiation(clientHandshakeState.k);
        if (clientHandshakeState.g != null) {
            clientHandshakeState.a.processServerExtensions(readExtensions);
        }
    }

    public void processServerKeyExchange(ClientHandshakeState clientHandshakeState, byte[] bArr) throws IOException {
        ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(bArr);
        clientHandshakeState.o.processServerKeyExchange(byteArrayInputStream);
        TlsProtocol.assertEmpty(byteArrayInputStream);
    }

    public void processServerSupplementalData(ClientHandshakeState clientHandshakeState, byte[] bArr) throws IOException {
        clientHandshakeState.a.processServerSupplementalData(TlsProtocol.readSupplementalDataMessage(new ByteArrayInputStream(bArr)));
    }

    public void reportServerVersion(ClientHandshakeState clientHandshakeState, ProtocolVersion protocolVersion) throws IOException {
        g7 g7Var = clientHandshakeState.b;
        ProtocolVersion serverVersion = g7Var.getServerVersion();
        if (serverVersion == null) {
            g7Var.c(protocolVersion);
            clientHandshakeState.a.notifyServerVersion(protocolVersion);
        } else if (!serverVersion.equals(protocolVersion)) {
            throw new TlsFatalAlert((short) 47);
        }
    }
}
