package org.bouncycastle.tls;

import androidx.appcompat.widget.ActionMenuView$$ExternalSyntheticOutline0;
import java.io.EOFException;
import java.io.IOException;
import java.io.InputStream;
import java.io.InterruptedIOException;
import java.io.OutputStream;
import okhttp3.internal.http2.Http2;
import org.bouncycastle.tls.crypto.TlsCipher;
import org.bouncycastle.tls.crypto.TlsDecodeResult;
import org.bouncycastle.tls.crypto.TlsEncodeResult;
import org.bouncycastle.tls.crypto.TlsNullNullCipher;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: classes7.dex */
public class RecordStream {
    public int ciphertextLimit;
    public TlsProtocol handler;
    public boolean ignoreChangeCipherSpec;
    public InputStream input;
    public OutputStream output;
    public int plaintextLimit;
    public TlsCipher readCipher;
    public TlsCipher readCipherDeferred;
    public TlsCipher writeCipher;
    public ProtocolVersion writeVersion;
    public final Record inputRecord = new Record();
    public final SequenceNumber readSeqNo = new SequenceNumber();
    public final SequenceNumber writeSeqNo = new SequenceNumber();
    public TlsCipher pendingCipher = null;

    /* loaded from: classes7.dex */
    public static class Record {
        public volatile byte[] buf;
        public final byte[] header;
        public volatile int pos = 0;

        public Record() {
            byte[] bArr = new byte[5];
            this.header = bArr;
            this.buf = bArr;
        }

        public final void fillTo(InputStream inputStream, int i) throws IOException {
            while (this.pos < i) {
                try {
                    int read = inputStream.read(this.buf, this.pos, i - this.pos);
                    if (read < 0) {
                        return;
                    } else {
                        this.pos += read;
                    }
                } catch (InterruptedIOException e) {
                    this.pos += e.bytesTransferred;
                    e.bytesTransferred = 0;
                    throw e;
                }
            }
        }
    }

    /* loaded from: classes7.dex */
    public static class SequenceNumber {
        public long value = 0;
        public boolean exhausted = false;

        public final synchronized long nextValue(short s) throws TlsFatalAlert {
            long j;
            if (this.exhausted) {
                throw new TlsFatalAlert(s, "Sequence numbers exhausted");
            }
            j = this.value;
            long j2 = 1 + j;
            this.value = j2;
            if (j2 == 0) {
                this.exhausted = true;
            }
            return j;
        }

        public final synchronized void reset() {
            this.value = 0L;
            this.exhausted = false;
        }
    }

    public RecordStream(TlsProtocol tlsProtocol, InputStream inputStream, OutputStream outputStream) {
        TlsNullNullCipher tlsNullNullCipher = TlsNullNullCipher.INSTANCE;
        this.readCipher = tlsNullNullCipher;
        this.readCipherDeferred = null;
        this.writeCipher = tlsNullNullCipher;
        this.writeVersion = null;
        this.plaintextLimit = Http2.INITIAL_MAX_FRAME_SIZE;
        this.ciphertextLimit = Http2.INITIAL_MAX_FRAME_SIZE;
        this.ignoreChangeCipherSpec = false;
        this.handler = tlsProtocol;
        this.input = inputStream;
        this.output = outputStream;
    }

    public static void checkChangeCipherSpec(byte[] bArr, int i, int i2) throws IOException {
        if (1 == i2 && 1 == bArr[i]) {
            return;
        }
        StringBuilder m = ActionMenuView$$ExternalSyntheticOutline0.m("Malformed ");
        m.append(ContentType.getText((short) 20));
        throw new TlsFatalAlert((short) 10, m.toString());
    }

    public final short checkRecordType(int i, byte[] bArr) throws IOException {
        byte[] bArr2 = TlsUtils.DOWNGRADE_TLS11;
        short s = (short) (bArr[i] & 255);
        TlsCipher tlsCipher = this.readCipherDeferred;
        if (tlsCipher != null && s == 23) {
            this.readCipher = tlsCipher;
            this.readCipherDeferred = null;
            this.ciphertextLimit = tlsCipher.getCiphertextDecodeLimit(this.plaintextLimit);
            this.readSeqNo.reset();
        } else if (!this.readCipher.usesOpaqueRecordType()) {
            switch (s) {
                case 23:
                    if (!this.handler.appDataReady) {
                        StringBuilder m = ActionMenuView$$ExternalSyntheticOutline0.m("Not ready for ");
                        m.append(ContentType.getText((short) 23));
                        throw new TlsFatalAlert((short) 10, m.toString());
                    }
                case 20:
                case 21:
                case 22:
                    return s;
                default:
                    StringBuilder m2 = ActionMenuView$$ExternalSyntheticOutline0.m("Unsupported ");
                    m2.append(ContentType.getText(s));
                    throw new TlsFatalAlert((short) 10, m2.toString());
            }
        } else if (23 != s && (!this.ignoreChangeCipherSpec || 20 != s)) {
            StringBuilder m3 = ActionMenuView$$ExternalSyntheticOutline0.m("Opaque ");
            m3.append(ContentType.getText(s));
            throw new TlsFatalAlert((short) 10, m3.toString());
        }
        return s;
    }

    public final TlsDecodeResult decodeAndVerify(short s, ProtocolVersion protocolVersion, byte[] bArr, int i, int i2) throws IOException {
        TlsDecodeResult decodeCiphertext = this.readCipher.decodeCiphertext(this.readSeqNo.nextValue((short) 10), s, protocolVersion, bArr, i, i2);
        int i3 = decodeCiphertext.len;
        if (i3 > this.plaintextLimit) {
            throw new TlsFatalAlert((short) 22);
        }
        if (i3 >= 1 || decodeCiphertext.contentType == 23) {
            return decodeCiphertext;
        }
        throw new TlsFatalAlert((short) 47);
    }

    public final void enablePendingCipherRead(boolean z) throws IOException {
        TlsCipher tlsCipher = this.pendingCipher;
        if (tlsCipher == null) {
            throw new TlsFatalAlert((short) 80);
        }
        if (this.readCipherDeferred != null) {
            throw new TlsFatalAlert((short) 80);
        }
        if (z) {
            this.readCipherDeferred = tlsCipher;
            return;
        }
        this.readCipher = tlsCipher;
        this.ciphertextLimit = tlsCipher.getCiphertextDecodeLimit(this.plaintextLimit);
        this.readSeqNo.reset();
    }

    public final void enablePendingCipherWrite() throws IOException {
        TlsCipher tlsCipher = this.pendingCipher;
        if (tlsCipher == null) {
            throw new TlsFatalAlert((short) 80);
        }
        this.writeCipher = tlsCipher;
        this.writeSeqNo.reset();
    }

    public final RecordPreview previewOutputRecord(int i) {
        int max = Math.max(0, Math.min(this.plaintextLimit, i));
        return new RecordPreview(this.writeCipher.getCiphertextEncodeLimit(max, this.plaintextLimit) + 5, max);
    }

    public final RecordPreview previewRecordHeader(byte[] bArr) throws IOException {
        int i = 0;
        short checkRecordType = checkRecordType(0, bArr);
        int readUint16 = TlsUtils.readUint16(3, bArr);
        if (readUint16 > this.ciphertextLimit) {
            throw new TlsFatalAlert((short) 22);
        }
        int i2 = readUint16 + 5;
        if (23 == checkRecordType && this.handler.appDataReady) {
            i = Math.max(0, Math.min(this.plaintextLimit, this.readCipher.getPlaintextLimit(readUint16)));
        }
        return new RecordPreview(i2, i);
    }

    public final boolean readFullRecord(byte[] bArr, int i) throws IOException {
        if (i < 5) {
            return false;
        }
        int readUint16 = TlsUtils.readUint16(3, bArr);
        if (i != readUint16 + 5) {
            return false;
        }
        short checkRecordType = checkRecordType(0, bArr);
        ProtocolVersion readVersion = TlsUtils.readVersion(1, bArr);
        if (readUint16 > this.ciphertextLimit) {
            throw new TlsFatalAlert((short) 22);
        }
        if (this.ignoreChangeCipherSpec && 20 == checkRecordType) {
            checkChangeCipherSpec(bArr, 5, readUint16);
            return true;
        }
        TlsDecodeResult decodeAndVerify = decodeAndVerify(checkRecordType, readVersion, bArr, 5, readUint16);
        this.handler.processRecord(decodeAndVerify.off, decodeAndVerify.len, decodeAndVerify.contentType, decodeAndVerify.buf);
        return true;
    }

    public final boolean readRecord() throws IOException {
        boolean z;
        Record record = this.inputRecord;
        record.fillTo(this.input, 5);
        if (record.pos == 0) {
            z = false;
        } else {
            if (record.pos < 5) {
                throw new EOFException();
            }
            z = true;
        }
        if (!z) {
            return false;
        }
        short checkRecordType = checkRecordType(0, this.inputRecord.buf);
        ProtocolVersion readVersion = TlsUtils.readVersion(1, this.inputRecord.buf);
        int readUint16 = TlsUtils.readUint16(3, this.inputRecord.buf);
        if (readUint16 > this.ciphertextLimit) {
            throw new TlsFatalAlert((short) 22);
        }
        Record record2 = this.inputRecord;
        InputStream inputStream = this.input;
        int i = readUint16 + 5;
        if (record2.buf.length < i) {
            byte[] bArr = new byte[i];
            System.arraycopy(record2.buf, 0, bArr, 0, record2.pos);
            record2.buf = bArr;
        }
        record2.fillTo(inputStream, i);
        if (record2.pos < i) {
            throw new EOFException();
        }
        try {
            if (this.ignoreChangeCipherSpec && 20 == checkRecordType) {
                checkChangeCipherSpec(this.inputRecord.buf, 5, readUint16);
                return true;
            }
            TlsDecodeResult decodeAndVerify = decodeAndVerify(checkRecordType, readVersion, this.inputRecord.buf, 5, readUint16);
            Record record3 = this.inputRecord;
            record3.buf = record3.header;
            record3.pos = 0;
            this.handler.processRecord(decodeAndVerify.off, decodeAndVerify.len, decodeAndVerify.contentType, decodeAndVerify.buf);
            return true;
        } finally {
            Record record4 = this.inputRecord;
            record4.buf = record4.header;
            record4.pos = 0;
        }
    }

    public final void writeRecord(int i, int i2, short s, byte[] bArr) throws IOException {
        if (this.writeVersion == null) {
            return;
        }
        if (i2 > this.plaintextLimit) {
            throw new TlsFatalAlert((short) 80);
        }
        if (i2 < 1 && s != 23) {
            throw new TlsFatalAlert((short) 80);
        }
        long nextValue = this.writeSeqNo.nextValue((short) 80);
        ProtocolVersion protocolVersion = this.writeVersion;
        TlsEncodeResult encodePlaintext = this.writeCipher.encodePlaintext(nextValue, s, protocolVersion, bArr, i, i2);
        int i3 = encodePlaintext.len - 5;
        TlsUtils.checkUint16(i3);
        short s2 = encodePlaintext.recordType;
        byte[] bArr2 = encodePlaintext.buf;
        int i4 = encodePlaintext.off;
        bArr2[i4 + 0] = (byte) s2;
        TlsUtils.writeVersion(protocolVersion, bArr2, i4 + 1);
        TlsUtils.writeUint16(encodePlaintext.buf, i3, encodePlaintext.off + 3);
        try {
            this.output.write(encodePlaintext.buf, encodePlaintext.off, encodePlaintext.len);
            this.output.flush();
        } catch (InterruptedIOException e) {
            throw new TlsFatalAlert((short) 80, (Throwable) e);
        }
    }
}
