package org.bouncycastle.jsse.provider;

import androidx.appcompat.widget.ActionMenuView$$ExternalSyntheticOutline0;
import java.io.IOException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Collections;
import java.util.Hashtable;
import java.util.Iterator;
import java.util.LinkedHashMap;
import java.util.List;
import java.util.Map;
import java.util.Vector;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.security.auth.x500.X500Principal;
import org.bouncycastle.asn1.ocsp.OCSPResponse;
import org.bouncycastle.asn1.x500.X500Name;
import org.bouncycastle.jsse.BCSNIHostName;
import org.bouncycastle.jsse.BCSNIServerName;
import org.bouncycastle.jsse.BCX509Key;
import org.bouncycastle.jsse.provider.NamedGroupInfo;
import org.bouncycastle.tls.CertificateRequest;
import org.bouncycastle.tls.CertificateStatus;
import org.bouncycastle.tls.CertificateStatusRequest;
import org.bouncycastle.tls.CertificateStatusRequestItemV2;
import org.bouncycastle.tls.DefaultTlsClient;
import org.bouncycastle.tls.OCSPStatusRequest;
import org.bouncycastle.tls.ProtocolName;
import org.bouncycastle.tls.ProtocolVersion;
import org.bouncycastle.tls.SecurityParameters;
import org.bouncycastle.tls.ServerName;
import org.bouncycastle.tls.SignatureAlgorithm;
import org.bouncycastle.tls.SignatureAndHashAlgorithm;
import org.bouncycastle.tls.TlsAuthentication;
import org.bouncycastle.tls.TlsCredentials;
import org.bouncycastle.tls.TlsDHGroupVerifier;
import org.bouncycastle.tls.TlsExtensionsUtils;
import org.bouncycastle.tls.TlsFatalAlert;
import org.bouncycastle.tls.TlsServerCertificate;
import org.bouncycastle.tls.TlsSession;
import org.bouncycastle.tls.TlsUtils;
import org.bouncycastle.tls.TrustedAuthority;
import org.bouncycastle.tls.crypto.impl.jcajce.JcaTlsCrypto;
import org.bouncycastle.util.Arrays;
import org.bouncycastle.util.IPAddress;
import org.bouncycastle.util.encoders.Hex;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: classes5.dex */
public class ProvTlsClient extends DefaultTlsClient implements ProvTlsPeer {
    public static final Logger LOG = Logger.getLogger(ProvTlsClient.class.getName());
    public static final boolean provClientEnableCA = PropertyUtils.getBooleanSystemProperty("jdk.tls.client.enableCAExtension", false);
    public static final boolean provClientEnableSessionResumption = PropertyUtils.getBooleanSystemProperty("org.bouncycastle.jsse.client.enableSessionResumption", true);
    public static final boolean provClientEnableStatusRequest = PropertyUtils.getBooleanSystemProperty("jdk.tls.client.enableStatusRequestExtension", true);
    public static final boolean provClientEnableTrustedCAKeys = PropertyUtils.getBooleanSystemProperty("org.bouncycastle.jsse.client.enableTrustedCAKeysExtension", false);
    public static final boolean provEnableSNIExtension = PropertyUtils.getBooleanSystemProperty("jsse.enableSNIExtension", true);
    public boolean handshakeComplete;
    public final JsseSecurityParameters jsseSecurityParameters;
    public final ProvTlsManager manager;
    public final ProvSSLParameters sslParameters;
    public ProvSSLSession sslSession;

    public ProvTlsClient(ProvTlsManager provTlsManager, ProvSSLParameters provSSLParameters) {
        super(provTlsManager.getContextData().crypto);
        this.jsseSecurityParameters = new JsseSecurityParameters();
        this.sslSession = null;
        this.handshakeComplete = false;
        this.manager = provTlsManager;
        ProvSSLParameters copy = provSSLParameters.copy();
        if (ProvAlgorithmConstraints.DEFAULT != copy.algorithmConstraints) {
            copy.algorithmConstraints = new ProvAlgorithmConstraints(copy.algorithmConstraints, true);
        }
        this.sslParameters = copy;
    }

    @Override // org.bouncycastle.tls.AbstractTlsPeer, org.bouncycastle.tls.TlsPeer
    public final boolean allowLegacyResumption() {
        return JsseUtils.provTlsAllowLegacyResumption;
    }

    @Override // org.bouncycastle.tls.TlsClient
    public final TlsAuthentication getAuthentication() throws IOException {
        return new TlsAuthentication() { // from class: org.bouncycastle.jsse.provider.ProvTlsClient.1
            @Override // org.bouncycastle.tls.TlsAuthentication
            public final TlsCredentials getClientCredentials(CertificateRequest certificateRequest) throws IOException {
                BCX509Key chooseClientKey;
                String str;
                Logger logger;
                String str2;
                short clientCertificateType;
                Logger logger2;
                String str3;
                String str4;
                ContextData contextData = ProvTlsClient.this.manager.getContextData();
                SecurityParameters securityParametersHandshake = ProvTlsClient.this.context.getSecurityParametersHandshake();
                ProtocolVersion protocolVersion = securityParametersHandshake.negotiatedVersion;
                boolean isTLSv13 = TlsUtils.isTLSv13(protocolVersion);
                Vector<SignatureAndHashAlgorithm> vector = securityParametersHandshake.serverSigAlgs;
                Vector<SignatureAndHashAlgorithm> vector2 = securityParametersHandshake.serverSigAlgsCert;
                ProvTlsClient.this.jsseSecurityParameters.peerSigSchemes = contextData.getSignatureSchemes(vector);
                JsseSecurityParameters jsseSecurityParameters = ProvTlsClient.this.jsseSecurityParameters;
                jsseSecurityParameters.peerSigSchemesCert = vector == vector2 ? jsseSecurityParameters.peerSigSchemes : contextData.getSignatureSchemes(vector2);
                Logger logger3 = ProvTlsClient.LOG;
                if (logger3.isLoggable(Level.FINEST)) {
                    logger3.finest(JsseUtils.getSignatureAlgorithmsReport("Peer signature_algorithms", ProvTlsClient.this.jsseSecurityParameters.peerSigSchemes));
                    JsseSecurityParameters jsseSecurityParameters2 = ProvTlsClient.this.jsseSecurityParameters;
                    List<SignatureSchemeInfo> list = jsseSecurityParameters2.peerSigSchemesCert;
                    if (list != jsseSecurityParameters2.peerSigSchemes) {
                        logger3.finest(JsseUtils.getSignatureAlgorithmsReport("Peer signature_algorithms_cert", list));
                    }
                }
                if (DummyX509KeyManager.INSTANCE == contextData.x509KeyManager) {
                    return null;
                }
                X500Principal[] x500Principals = JsseUtils.toX500Principals(certificateRequest.certificateAuthorities);
                byte[] clone = TlsUtils.clone(certificateRequest.certificateRequestContext);
                if (isTLSv13 != (clone != null)) {
                    throw new TlsFatalAlert((short) 80);
                }
                short[] sArr = certificateRequest.certificateTypes;
                if (isTLSv13 != (sArr == null)) {
                    throw new TlsFatalAlert((short) 80);
                }
                if (isTLSv13) {
                    ProvTlsClient provTlsClient = ProvTlsClient.this;
                    provTlsClient.getClass();
                    LinkedHashMap<String, SignatureSchemeInfo> linkedHashMap = new LinkedHashMap<>();
                    for (SignatureSchemeInfo signatureSchemeInfo : provTlsClient.jsseSecurityParameters.peerSigSchemes) {
                        if ((!signatureSchemeInfo.disabled13 && signatureSchemeInfo.all.supportedPost13) && provTlsClient.jsseSecurityParameters.localSigSchemes.contains(signatureSchemeInfo)) {
                            str4 = signatureSchemeInfo.all.keyType13;
                            if (!linkedHashMap.containsKey(str4)) {
                                linkedHashMap.put(str4, signatureSchemeInfo);
                            }
                        }
                    }
                    if (linkedHashMap.isEmpty()) {
                        logger2 = ProvTlsClient.LOG;
                        str3 = "Client (1.3) found no usable signature schemes";
                    } else {
                        BCX509Key chooseClientKey2 = provTlsClient.manager.chooseClientKey((String[]) linkedHashMap.keySet().toArray(TlsUtils.EMPTY_STRINGS), x500Principals);
                        if (chooseClientKey2 != null) {
                            String keyType = chooseClientKey2.getKeyType();
                            provTlsClient.handleKeyManagerMisses(linkedHashMap, keyType);
                            SignatureSchemeInfo signatureSchemeInfo2 = linkedHashMap.get(keyType);
                            if (signatureSchemeInfo2 == null) {
                                throw new TlsFatalAlert((short) 80, "Key manager returned invalid key type");
                            }
                            Logger logger4 = ProvTlsClient.LOG;
                            if (logger4.isLoggable(Level.FINE)) {
                                logger4.fine("Client (1.3) selected credentials for signature scheme '" + signatureSchemeInfo2 + "' (keyType '" + keyType + "'), with private key algorithm '" + JsseUtils.getPrivateKeyAlgorithm(chooseClientKey2.getPrivateKey()) + "'");
                            }
                            return JsseUtils.createCredentialedSigner13(provTlsClient.context, provTlsClient.getCrypto(), chooseClientKey2, signatureSchemeInfo2.getSignatureAndHashAlgorithm(), clone);
                        }
                        provTlsClient.handleKeyManagerMisses(linkedHashMap, null);
                        logger2 = ProvTlsClient.LOG;
                        str3 = "Client (1.3) did not select any credentials";
                    }
                    logger2.fine(str3);
                    return null;
                }
                if (!TlsUtils.isSignatureAlgorithmsExtensionAllowed(protocolVersion)) {
                    ProvTlsClient provTlsClient2 = ProvTlsClient.this;
                    provTlsClient2.getClass();
                    int length = sArr.length;
                    String[] strArr = new String[length];
                    for (int i = 0; i < sArr.length; i++) {
                        short s = sArr[i];
                        boolean z = JsseUtils.provTlsAllowLegacyMasterSecret;
                        if (s == 1) {
                            str = "RSA";
                        } else if (s == 2) {
                            str = "DSA";
                        } else {
                            if (s != 64) {
                                throw new IllegalArgumentException();
                            }
                            str = "EC";
                        }
                        strArr[i] = str;
                    }
                    if (length >= 1 && (chooseClientKey = provTlsClient2.manager.chooseClientKey(strArr, x500Principals)) != null) {
                        return JsseUtils.createCredentialedSigner(provTlsClient2.context, provTlsClient2.getCrypto(), chooseClientKey, null);
                    }
                    return null;
                }
                ProvTlsClient provTlsClient3 = ProvTlsClient.this;
                provTlsClient3.getClass();
                LinkedHashMap<String, SignatureSchemeInfo> linkedHashMap2 = new LinkedHashMap<>();
                for (SignatureSchemeInfo signatureSchemeInfo3 : provTlsClient3.jsseSecurityParameters.peerSigSchemes) {
                    String str5 = signatureSchemeInfo3.all.keyAlgorithm;
                    if (!linkedHashMap2.containsKey(str5) && (clientCertificateType = SignatureAlgorithm.getClientCertificateType((short) (signatureSchemeInfo3.all.signatureScheme & 255))) >= 0 && Arrays.contains(clientCertificateType, sArr) && provTlsClient3.jsseSecurityParameters.localSigSchemes.contains(signatureSchemeInfo3)) {
                        linkedHashMap2.put(str5, signatureSchemeInfo3);
                    }
                }
                if (linkedHashMap2.isEmpty()) {
                    logger = ProvTlsClient.LOG;
                    str2 = "Client (1.2) found no usable signature schemes";
                } else {
                    BCX509Key chooseClientKey3 = provTlsClient3.manager.chooseClientKey((String[]) linkedHashMap2.keySet().toArray(TlsUtils.EMPTY_STRINGS), x500Principals);
                    if (chooseClientKey3 != null) {
                        String keyType2 = chooseClientKey3.getKeyType();
                        provTlsClient3.handleKeyManagerMisses(linkedHashMap2, keyType2);
                        SignatureSchemeInfo signatureSchemeInfo4 = linkedHashMap2.get(keyType2);
                        if (signatureSchemeInfo4 == null) {
                            throw new TlsFatalAlert((short) 80, "Key manager returned invalid key type");
                        }
                        Logger logger5 = ProvTlsClient.LOG;
                        if (logger5.isLoggable(Level.FINE)) {
                            logger5.fine("Client (1.2) selected credentials for signature scheme '" + signatureSchemeInfo4 + "' (keyType '" + keyType2 + "'), with private key algorithm '" + JsseUtils.getPrivateKeyAlgorithm(chooseClientKey3.getPrivateKey()) + "'");
                        }
                        return JsseUtils.createCredentialedSigner(provTlsClient3.context, provTlsClient3.getCrypto(), chooseClientKey3, signatureSchemeInfo4.getSignatureAndHashAlgorithm());
                    }
                    provTlsClient3.handleKeyManagerMisses(linkedHashMap2, null);
                    logger = ProvTlsClient.LOG;
                    str2 = "Client (1.2) did not select any credentials";
                }
                logger.fine(str2);
                return null;
            }

            @Override // org.bouncycastle.tls.TlsAuthentication
            public final void notifyServerCertificate(TlsServerCertificate tlsServerCertificate) throws IOException {
                List<byte[]> list;
                if (tlsServerCertificate.getCertificate() == null || tlsServerCertificate.getCertificate().isEmpty()) {
                    throw new TlsFatalAlert((short) 40);
                }
                X509Certificate[] x509CertificateChain = JsseUtils.getX509CertificateChain(ProvTlsClient.this.getCrypto(), tlsServerCertificate.getCertificate());
                String authTypeServer = JsseUtils.getAuthTypeServer(ProvTlsClient.this.context.getSecurityParametersHandshake().keyExchangeAlgorithm);
                JsseSecurityParameters jsseSecurityParameters = ProvTlsClient.this.jsseSecurityParameters;
                CertificateStatus certificateStatus = tlsServerCertificate.getCertificateStatus();
                if (certificateStatus != null) {
                    short s = certificateStatus.statusType;
                    if (s == 1) {
                        if (!CertificateStatus.isCorrectType(certificateStatus.response, (short) 1)) {
                            throw new IllegalStateException("'response' is not an OCSPResponse");
                        }
                        OCSPResponse oCSPResponse = (OCSPResponse) certificateStatus.response;
                        list = Collections.singletonList(oCSPResponse == null ? TlsUtils.EMPTY_BYTES : oCSPResponse.getEncoded("DER"));
                    } else if (s == 2) {
                        if (!CertificateStatus.isCorrectType(certificateStatus.response, (short) 2)) {
                            throw new IllegalStateException("'response' is not an OCSPResponseList");
                        }
                        Vector vector = (Vector) certificateStatus.response;
                        int size = vector.size();
                        ArrayList arrayList = new ArrayList(size);
                        for (int i = 0; i < size; i++) {
                            OCSPResponse oCSPResponse2 = (OCSPResponse) vector.elementAt(i);
                            arrayList.add(oCSPResponse2 == null ? TlsUtils.EMPTY_BYTES : oCSPResponse2.getEncoded("DER"));
                        }
                        list = Collections.unmodifiableList(arrayList);
                    }
                    jsseSecurityParameters.statusResponses = list;
                    ProvTlsClient.this.manager.checkServerTrusted(x509CertificateChain, authTypeServer);
                }
                list = null;
                jsseSecurityParameters.statusResponses = list;
                ProvTlsClient.this.manager.checkServerTrusted(x509CertificateChain, authTypeServer);
            }
        };
    }

    @Override // org.bouncycastle.tls.AbstractTlsClient
    public final Vector<X500Name> getCertificateAuthorities() {
        if (provClientEnableCA) {
            return JsseUtils.getCertificateAuthorities(this.manager.getContextData().x509TrustManager);
        }
        return null;
    }

    @Override // org.bouncycastle.tls.AbstractTlsClient
    public final CertificateStatusRequest getCertificateStatusRequest() {
        if (provClientEnableStatusRequest) {
            return new CertificateStatusRequest(new OCSPStatusRequest(null, null), (short) 1);
        }
        return null;
    }

    @Override // org.bouncycastle.tls.AbstractTlsPeer, org.bouncycastle.tls.TlsPeer
    public final JcaTlsCrypto getCrypto() {
        return this.manager.getContextData().crypto;
    }

    @Override // org.bouncycastle.tls.AbstractTlsClient, org.bouncycastle.tls.TlsClient
    public final TlsDHGroupVerifier getDHGroupVerifier() {
        return new ProvDHGroupVerifier();
    }

    @Override // org.bouncycastle.tls.AbstractTlsPeer, org.bouncycastle.tls.TlsPeer
    public final int getMaxCertificateChainLength() {
        return JsseUtils.provTlsMaxCertificateChainLength;
    }

    @Override // org.bouncycastle.tls.AbstractTlsPeer, org.bouncycastle.tls.TlsPeer
    public final int getMaxHandshakeMessageSize() {
        return JsseUtils.provTlsMaxHandshakeMessageSize;
    }

    @Override // org.bouncycastle.tls.AbstractTlsClient
    public final Vector<CertificateStatusRequestItemV2> getMultiCertStatusRequest() {
        if (!provClientEnableStatusRequest) {
            return null;
        }
        OCSPStatusRequest oCSPStatusRequest = new OCSPStatusRequest(null, null);
        Vector<CertificateStatusRequestItemV2> vector = new Vector<>(2);
        vector.add(new CertificateStatusRequestItemV2(oCSPStatusRequest, (short) 2));
        vector.add(new CertificateStatusRequestItemV2(oCSPStatusRequest, (short) 1));
        return vector;
    }

    @Override // org.bouncycastle.tls.AbstractTlsClient
    public final Vector<ProtocolName> getProtocolNames() {
        return JsseUtils.getProtocolNames((String[]) this.sslParameters.applicationProtocols.clone());
    }

    @Override // org.bouncycastle.tls.AbstractTlsClient
    public final Vector<ServerName> getSNIServerNames() {
        String peerHostSNI;
        if (!provEnableSNIExtension) {
            return null;
        }
        List<BCSNIServerName> copyList = ProvSSLParameters.copyList(this.sslParameters.sniServerNames);
        if (copyList == null && (peerHostSNI = this.manager.getPeerHostSNI()) != null && peerHostSNI.indexOf(46) > 0) {
            if (!(IPAddress.isValidIPv4(peerHostSNI) || IPAddress.isValidIPv6(peerHostSNI))) {
                try {
                    copyList = Collections.singletonList(new BCSNIHostName(peerHostSNI));
                } catch (RuntimeException unused) {
                    LOG.fine("Failed to add peer host as default SNI host_name: " + peerHostSNI);
                }
            }
        }
        if (copyList == null || copyList.isEmpty()) {
            return null;
        }
        Vector<ServerName> vector = new Vector<>(copyList.size());
        for (BCSNIServerName bCSNIServerName : copyList) {
            vector.add(new ServerName((short) bCSNIServerName.nameType, TlsUtils.clone(bCSNIServerName.encoded)));
        }
        return vector;
    }

    /* JADX WARN: Removed duplicated region for block: B:40:0x00ad  */
    @Override // org.bouncycastle.tls.AbstractTlsClient, org.bouncycastle.tls.TlsClient
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public final org.bouncycastle.tls.TlsSession getSessionToResume() {
        /*
            r8 = this;
            boolean r0 = org.bouncycastle.jsse.provider.ProvTlsClient.provClientEnableSessionResumption
            r1 = 0
            if (r0 == 0) goto Lc2
            org.bouncycastle.jsse.provider.ProvSSLParameters r0 = r8.sslParameters
            org.bouncycastle.jsse.provider.ProvSSLSession r0 = r0.sessionToResume
            if (r0 != 0) goto L4b
            org.bouncycastle.jsse.provider.ProvTlsManager r0 = r8.manager
            org.bouncycastle.jsse.provider.ContextData r0 = r0.getContextData()
            org.bouncycastle.jsse.provider.ProvSSLSessionContext r0 = r0.clientSessionContext
            org.bouncycastle.jsse.provider.ProvTlsManager r2 = r8.manager
            java.lang.String r2 = r2.getPeerHost()
            org.bouncycastle.jsse.provider.ProvTlsManager r3 = r8.manager
            int r3 = r3.getPeerPort()
            monitor-enter(r0)
            r0.processQueue()     // Catch: java.lang.Throwable -> L48
            java.util.HashMap r4 = r0.sessionsByPeer     // Catch: java.lang.Throwable -> L48
            java.lang.String r2 = org.bouncycastle.jsse.provider.ProvSSLSessionContext.makePeerKey(r3, r2)     // Catch: java.lang.Throwable -> L48
            r4.getClass()     // Catch: java.lang.Throwable -> L48
            if (r2 != 0) goto L30
            r2 = r1
            goto L34
        L30:
            java.lang.Object r2 = r4.get(r2)     // Catch: java.lang.Throwable -> L48
        L34:
            org.bouncycastle.jsse.provider.ProvSSLSessionContext$SessionEntry r2 = (org.bouncycastle.jsse.provider.ProvSSLSessionContext.SessionEntry) r2     // Catch: java.lang.Throwable -> L48
            org.bouncycastle.jsse.provider.ProvSSLSession r3 = r0.accessSession(r2)     // Catch: java.lang.Throwable -> L48
            if (r3 == 0) goto L45
            java.util.Map<org.bouncycastle.tls.SessionID, org.bouncycastle.jsse.provider.ProvSSLSessionContext$SessionEntry> r4 = r0.sessionsByID     // Catch: java.lang.Throwable -> L48
            org.bouncycastle.tls.SessionID r2 = r2.sessionID     // Catch: java.lang.Throwable -> L48
            java.util.LinkedHashMap r4 = (java.util.LinkedHashMap) r4     // Catch: java.lang.Throwable -> L48
            r4.get(r2)     // Catch: java.lang.Throwable -> L48
        L45:
            monitor-exit(r0)
            r0 = r3
            goto L4b
        L48:
            r1 = move-exception
            monitor-exit(r0)
            throw r1
        L4b:
            if (r0 == 0) goto Lc2
            org.bouncycastle.tls.TlsSession r2 = r0.tlsSession
            if (r2 == 0) goto Laa
            boolean r3 = r2.isResumable()
            if (r3 != 0) goto L58
            goto Laa
        L58:
            org.bouncycastle.tls.SessionParameters r3 = r2.exportSessionParameters()
            if (r3 == 0) goto Laa
            org.bouncycastle.tls.ProtocolVersion[] r4 = r8.protocolVersions
            org.bouncycastle.tls.ProtocolVersion r5 = r3.negotiatedVersion
            boolean r4 = org.bouncycastle.tls.ProtocolVersion.contains(r4, r5)
            if (r4 == 0) goto Laa
            int[] r4 = r8.cipherSuites
            int r5 = r3.cipherSuite
            boolean r4 = org.bouncycastle.util.Arrays.contains(r5, r4)
            if (r4 != 0) goto L73
            goto Laa
        L73:
            org.bouncycastle.tls.ProtocolVersion r4 = r3.negotiatedVersion
            boolean r4 = org.bouncycastle.tls.TlsUtils.isTLSv13(r4)
            if (r4 == 0) goto L7c
            goto Laa
        L7c:
            org.bouncycastle.jsse.provider.ProvSSLParameters r4 = r8.sslParameters
            java.lang.String r4 = r4.endpointIdentificationAlgorithm
            if (r4 == 0) goto Lab
            org.bouncycastle.jsse.provider.JsseSessionParameters r5 = r0.jsseSessionParameters
            java.lang.String r5 = r5.endpointIDAlgorithm
            boolean r6 = r4.equalsIgnoreCase(r5)
            if (r6 != 0) goto Lab
            java.util.logging.Logger r3 = org.bouncycastle.jsse.provider.ProvTlsClient.LOG
            java.lang.StringBuilder r6 = new java.lang.StringBuilder
            r6.<init>()
            java.lang.String r7 = "Session not resumable - endpoint ID algorithm mismatch; connection: "
            r6.append(r7)
            r6.append(r4)
            java.lang.String r4 = ", session: "
            r6.append(r4)
            r6.append(r5)
            java.lang.String r4 = r6.toString()
            r3.finer(r4)
        Laa:
            r3 = r1
        Lab:
            if (r3 == 0) goto Lc2
            r8.sslSession = r0
            org.bouncycastle.jsse.provider.ProvTlsManager r0 = r8.manager
            boolean r0 = r0.getEnableSessionCreation()
            if (r0 != 0) goto Lc1
            r0 = 1
            int[] r0 = new int[r0]
            r1 = 0
            int r3 = r3.cipherSuite
            r0[r1] = r3
            r8.cipherSuites = r0
        Lc1:
            return r2
        Lc2:
            org.bouncycastle.jsse.provider.ProvTlsManager r0 = r8.manager
            org.bouncycastle.jsse.provider.JsseUtils.checkSessionCreationEnabled(r0)
            return r1
        */
        throw new UnsupportedOperationException("Method not decompiled: org.bouncycastle.jsse.provider.ProvTlsClient.getSessionToResume():org.bouncycastle.tls.TlsSession");
    }

    @Override // org.bouncycastle.tls.DefaultTlsClient, org.bouncycastle.tls.AbstractTlsPeer
    public final int[] getSupportedCipherSuites() {
        return this.manager.getContextData().context.getActiveCipherSuites(getCrypto(), this.sslParameters, this.protocolVersions);
    }

    @Override // org.bouncycastle.tls.AbstractTlsClient
    public final Vector<Integer> getSupportedGroups(Vector vector) {
        NamedGroupInfo.PerConnection perConnection = this.jsseSecurityParameters.namedGroups;
        Logger logger = NamedGroupInfo.LOG;
        return new Vector<>(perConnection.local.keySet());
    }

    @Override // org.bouncycastle.tls.AbstractTlsClient
    public final Vector<SignatureAndHashAlgorithm> getSupportedSignatureAlgorithms() {
        List<SignatureSchemeInfo> activeCertsSignatureSchemes = this.manager.getContextData().getActiveCertsSignatureSchemes(false, this.sslParameters, this.protocolVersions, this.jsseSecurityParameters.namedGroups);
        JsseSecurityParameters jsseSecurityParameters = this.jsseSecurityParameters;
        jsseSecurityParameters.localSigSchemes = activeCertsSignatureSchemes;
        jsseSecurityParameters.localSigSchemesCert = activeCertsSignatureSchemes;
        return SignatureSchemeInfo.getSignatureAndHashAlgorithms(activeCertsSignatureSchemes);
    }

    @Override // org.bouncycastle.tls.AbstractTlsClient
    public final void getSupportedSignatureAlgorithmsCert() {
    }

    @Override // org.bouncycastle.tls.AbstractTlsPeer
    public final ProtocolVersion[] getSupportedVersions() {
        return this.manager.getContextData().context.getActiveProtocolVersions(this.sslParameters);
    }

    @Override // org.bouncycastle.tls.AbstractTlsClient
    public final Vector<TrustedAuthority> getTrustedCAIndication() {
        Vector<X500Name> certificateAuthorities;
        if (!provClientEnableTrustedCAKeys || (certificateAuthorities = JsseUtils.getCertificateAuthorities(this.manager.getContextData().x509TrustManager)) == null) {
            return null;
        }
        Vector<TrustedAuthority> vector = new Vector<>(certificateAuthorities.size());
        Iterator<X500Name> it = certificateAuthorities.iterator();
        while (it.hasNext()) {
            vector.add(new TrustedAuthority(it.next(), (short) 2));
        }
        return vector;
    }

    public final void handleKeyManagerMisses(LinkedHashMap<String, SignatureSchemeInfo> linkedHashMap, String str) {
        for (Map.Entry<String, SignatureSchemeInfo> entry : linkedHashMap.entrySet()) {
            String key = entry.getKey();
            if (key.equals(str)) {
                return;
            }
            Logger logger = LOG;
            if (logger.isLoggable(Level.FINER)) {
                logger.finer("Client found no credentials for signature scheme '" + entry.getValue() + "' (keyType '" + key + "')");
            }
        }
    }

    @Override // org.bouncycastle.jsse.provider.ProvTlsPeer
    public final synchronized boolean isHandshakeComplete() {
        return this.handshakeComplete;
    }

    @Override // org.bouncycastle.tls.AbstractTlsPeer, org.bouncycastle.tls.TlsPeer
    public final void notifyAlertRaised(short s, short s2, String str, Exception exc) {
        Level level = s == 1 ? Level.FINE : s2 == 80 ? Level.WARNING : Level.INFO;
        Logger logger = LOG;
        if (logger.isLoggable(level)) {
            logger.log(level, ActionMenuView$$ExternalSyntheticOutline0.m(JsseUtils.getAlertLogMessage("Client raised", s, s2), ": ", str), (Throwable) exc);
        }
    }

    @Override // org.bouncycastle.tls.AbstractTlsPeer, org.bouncycastle.tls.TlsPeer
    public final void notifyAlertReceived(short s, short s2) {
        Level level = s == 1 ? Level.FINE : Level.INFO;
        Logger logger = LOG;
        if (logger.isLoggable(level)) {
            logger.log(level, JsseUtils.getAlertLogMessage("Client received", s, s2));
        }
    }

    @Override // org.bouncycastle.tls.AbstractTlsClient, org.bouncycastle.tls.AbstractTlsPeer, org.bouncycastle.tls.TlsPeer
    public final void notifyHandshakeBeginning() throws IOException {
        super.notifyHandshakeBeginning();
        ContextData contextData = this.manager.getContextData();
        ProtocolVersion[] protocolVersionArr = this.protocolVersions;
        this.jsseSecurityParameters.namedGroups = contextData.getNamedGroups(this.sslParameters, protocolVersionArr);
    }

    @Override // org.bouncycastle.tls.AbstractTlsPeer, org.bouncycastle.tls.TlsPeer
    public final synchronized void notifyHandshakeComplete() throws IOException {
        boolean z = true;
        this.handshakeComplete = true;
        TlsSession session = this.context.getSession();
        ProvSSLSession provSSLSession = this.sslSession;
        if (provSSLSession == null || provSSLSession.tlsSession != session) {
            ProvSSLSessionContext provSSLSessionContext = this.manager.getContextData().clientSessionContext;
            String peerHost = this.manager.getPeerHost();
            int peerPort = this.manager.getPeerPort();
            JsseSessionParameters jsseSessionParameters = new JsseSessionParameters(this.sslParameters.endpointIdentificationAlgorithm, null);
            if (!provClientEnableSessionResumption || TlsUtils.isTLSv13(this.context)) {
                z = false;
            }
            this.sslSession = provSSLSessionContext.reportSession(peerHost, peerPort, session, jsseSessionParameters, z);
        }
        this.manager.notifyHandshakeComplete(new ProvSSLConnection(this.context, this.sslSession));
    }

    @Override // org.bouncycastle.tls.AbstractTlsPeer, org.bouncycastle.tls.TlsPeer
    public final void notifySecureRenegotiation(boolean z) throws IOException {
        if (!z && !PropertyUtils.getBooleanSystemProperty("sun.security.ssl.allowLegacyHelloMessages", true)) {
            throw new TlsFatalAlert((short) 40);
        }
    }

    @Override // org.bouncycastle.tls.AbstractTlsClient, org.bouncycastle.tls.TlsClient
    public final void notifySelectedCipherSuite(int i) {
        String validateNegotiatedCipherSuite = this.manager.getContextData().context.validateNegotiatedCipherSuite(this.sslParameters, i);
        LOG.fine("Client notified of selected cipher suite: " + validateNegotiatedCipherSuite);
    }

    @Override // org.bouncycastle.tls.AbstractTlsClient, org.bouncycastle.tls.TlsClient
    public final void notifyServerVersion(ProtocolVersion protocolVersion) throws IOException {
        String validateNegotiatedProtocol = this.manager.getContextData().context.validateNegotiatedProtocol(this.sslParameters, protocolVersion);
        LOG.fine("Client notified of selected protocol version: " + validateNegotiatedProtocol);
    }

    @Override // org.bouncycastle.tls.AbstractTlsClient, org.bouncycastle.tls.TlsClient
    public final void notifySessionID(byte[] bArr) {
        ProvSSLSession provSSLSession;
        if ((TlsUtils.isNullOrEmpty(bArr) || (provSSLSession = this.sslSession) == null || !java.util.Arrays.equals(bArr, provSSLSession.getId())) ? false : true) {
            Logger logger = LOG;
            StringBuilder m = ActionMenuView$$ExternalSyntheticOutline0.m("Server resumed session: ");
            m.append(Hex.toHexString(bArr, 0, bArr.length));
            logger.fine(m.toString());
        } else {
            this.sslSession = null;
            if (TlsUtils.isNullOrEmpty(bArr)) {
                LOG.fine("Server did not specify a session ID");
            } else {
                Logger logger2 = LOG;
                StringBuilder m2 = ActionMenuView$$ExternalSyntheticOutline0.m("Server specified new session: ");
                m2.append(Hex.toHexString(bArr, 0, bArr.length));
                logger2.fine(m2.toString());
            }
            JsseUtils.checkSessionCreationEnabled(this.manager);
        }
        ProvTlsManager provTlsManager = this.manager;
        provTlsManager.notifyHandshakeSession(provTlsManager.getContextData().clientSessionContext, this.context.getSecurityParametersHandshake(), this.jsseSecurityParameters, this.sslSession);
    }

    @Override // org.bouncycastle.tls.AbstractTlsClient, org.bouncycastle.tls.TlsClient
    public final void notifySessionToResume(TlsSession tlsSession) {
        if (tlsSession == null) {
            JsseUtils.checkSessionCreationEnabled(this.manager);
        }
    }

    @Override // org.bouncycastle.tls.AbstractTlsClient, org.bouncycastle.tls.TlsClient
    public final void processServerExtensions(Hashtable hashtable) throws IOException {
        boolean z;
        super.processServerExtensions(hashtable);
        if (this.context.getSecurityParametersHandshake().clientServerNames != null) {
            byte[] extensionData = TlsUtils.getExtensionData(hashtable, TlsExtensionsUtils.EXT_server_name);
            if (extensionData == null) {
                z = false;
            } else {
                TlsExtensionsUtils.readEmptyExtensionData(extensionData);
                z = true;
            }
            LOG.finer("Server accepted SNI?: " + z);
        }
    }

    @Override // org.bouncycastle.tls.AbstractTlsPeer, org.bouncycastle.tls.TlsPeer
    public final boolean requiresCloseNotify() {
        return JsseUtils.provTlsRequireCloseNotify;
    }

    @Override // org.bouncycastle.tls.AbstractTlsPeer, org.bouncycastle.tls.TlsPeer
    public final boolean requiresExtendedMasterSecret() {
        return !JsseUtils.provTlsAllowLegacyMasterSecret;
    }

    @Override // org.bouncycastle.tls.AbstractTlsPeer, org.bouncycastle.tls.TlsPeer
    public final boolean shouldUseExtendedMasterSecret() {
        return JsseUtils.provTlsUseExtendedMasterSecret;
    }
}
