package org.bouncycastle.tls;

import java.io.ByteArrayInputStream;
import java.io.EOFException;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.math.BigInteger;
import java.util.Arrays;
import java.util.Hashtable;
import java.util.Vector;
import org.bouncycastle.asn1.ASN1Integer;
import org.bouncycastle.asn1.ASN1Sequence;
import org.bouncycastle.tls.OfferedPsks;
import org.bouncycastle.tls.crypto.TlsAgreement;
import org.bouncycastle.tls.crypto.TlsCrypto;
import org.bouncycastle.tls.crypto.TlsCryptoUtils;
import org.bouncycastle.tls.crypto.TlsHash;
import org.bouncycastle.tls.crypto.TlsHashOutputStream;
import org.bouncycastle.tls.crypto.TlsSecret;

/* loaded from: classes7.dex */
public class TlsClientProtocol extends TlsProtocol {
    public TlsAuthentication authentication;
    public CertificateRequest certificateRequest;
    public CertificateStatus certificateStatus;
    public Hashtable clientAgreements;
    public OfferedPsks.BindersConfig clientBinders;
    public ClientHello clientHello;
    public TlsKeyExchange keyExchange;
    public TlsClient tlsClient;
    public TlsClientContextImpl tlsClientContext;

    public TlsClientProtocol() {
        this.tlsClient = null;
        this.tlsClientContext = null;
        this.clientAgreements = null;
        this.clientBinders = null;
        this.clientHello = null;
        this.keyExchange = null;
        this.authentication = null;
        this.certificateStatus = null;
        this.certificateRequest = null;
    }

    public TlsClientProtocol(InputStream inputStream, OutputStream outputStream) {
        super(inputStream, outputStream);
        this.tlsClient = null;
        this.tlsClientContext = null;
        this.clientAgreements = null;
        this.clientBinders = null;
        this.clientHello = null;
        this.keyExchange = null;
        this.authentication = null;
        this.certificateStatus = null;
        this.certificateRequest = null;
    }

    public static ServerHello receiveServerHelloMessage(ByteArrayInputStream byteArrayInputStream) throws IOException {
        byte[] bArr = TlsUtils.DOWNGRADE_TLS11;
        int read = byteArrayInputStream.read();
        int read2 = byteArrayInputStream.read();
        if (read2 < 0) {
            throw new EOFException();
        }
        ProtocolVersion protocolVersion = ProtocolVersion.get(read, read2);
        byte[] readFully = TlsUtils.readFully(byteArrayInputStream, 32);
        byte[] readOpaque8$1 = TlsUtils.readOpaque8$1(byteArrayInputStream, 32);
        int readUint16 = TlsUtils.readUint16(byteArrayInputStream);
        if (TlsUtils.readUint8(byteArrayInputStream) == 0) {
            return new ServerHello(protocolVersion, readFully, readOpaque8$1, readUint16, TlsProtocol.readExtensions(byteArrayInputStream));
        }
        throw new TlsFatalAlert((short) 47);
    }

    /* JADX WARN: Code restructure failed: missing block: B:17:0x009e, code lost:
    
        if (r2.length <= 32) goto L37;
     */
    /* JADX WARN: Removed duplicated region for block: B:86:0x024c  */
    /* JADX WARN: Removed duplicated region for block: B:90:0x024e  */
    @Override // org.bouncycastle.tls.TlsProtocol
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public final void beginHandshake(boolean r18) throws java.io.IOException {
        /*
            Method dump skipped, instructions count: 623
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: org.bouncycastle.tls.TlsClientProtocol.beginHandshake(boolean):void");
    }

    @Override // org.bouncycastle.tls.TlsProtocol
    public final void cleanupHandshake() {
        super.cleanupHandshake();
        this.clientAgreements = null;
        this.clientBinders = null;
        this.clientHello = null;
        this.keyExchange = null;
        this.authentication = null;
        this.certificateStatus = null;
        this.certificateRequest = null;
    }

    /* JADX WARN: Multi-variable type inference failed */
    public final void connect(TlsClient tlsClient) throws IOException {
        if (this.tlsClient != null) {
            throw new IllegalStateException("'connect' can only be called once");
        }
        this.tlsClient = tlsClient;
        TlsClientContextImpl tlsClientContextImpl = new TlsClientContextImpl(tlsClient.getCrypto());
        this.tlsClientContext = tlsClientContextImpl;
        ((AbstractTlsClient) tlsClient).init(tlsClientContextImpl);
        ((AbstractTlsPeer) tlsClient).closeHandle = this;
        beginHandshake(false);
        if (this.blocking) {
            blockForHandshake();
        }
    }

    @Override // org.bouncycastle.tls.TlsProtocol
    public final TlsContext getContext() {
        return this.tlsClientContext;
    }

    @Override // org.bouncycastle.tls.TlsProtocol
    public final AbstractTlsContext getContextAdmin() {
        return this.tlsClientContext;
    }

    @Override // org.bouncycastle.tls.TlsProtocol
    public final TlsPeer getPeer() {
        return this.tlsClient;
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Removed duplicated region for block: B:217:0x03da  */
    /* JADX WARN: Removed duplicated region for block: B:246:0x046d  */
    /* JADX WARN: Removed duplicated region for block: B:249:0x0481  */
    /* JADX WARN: Removed duplicated region for block: B:252:0x049f  */
    /* JADX WARN: Removed duplicated region for block: B:255:0x04b0  */
    /* JADX WARN: Removed duplicated region for block: B:258:0x04c3  */
    /* JADX WARN: Removed duplicated region for block: B:275:0x0473  */
    /* JADX WARN: Removed duplicated region for block: B:281:0x045f  */
    /* JADX WARN: Removed duplicated region for block: B:43:0x0090  */
    /* JADX WARN: Removed duplicated region for block: B:580:0x0a76  */
    /* JADX WARN: Removed duplicated region for block: B:721:0x0cfe  */
    @Override // org.bouncycastle.tls.TlsProtocol
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public final void handleHandshakeMessage(short r18, org.bouncycastle.tls.HandshakeMessageInput r19) throws java.io.IOException {
        /*
            Method dump skipped, instructions count: 3388
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: org.bouncycastle.tls.TlsClientProtocol.handleHandshakeMessage(short, org.bouncycastle.tls.HandshakeMessageInput):void");
    }

    public final void handleServerCertificate() throws IOException {
        TlsClientContextImpl tlsClientContextImpl = this.tlsClientContext;
        CertificateStatus certificateStatus = this.certificateStatus;
        TlsKeyExchange tlsKeyExchange = this.keyExchange;
        TlsAuthentication tlsAuthentication = this.authentication;
        Hashtable hashtable = this.clientExtensions;
        Hashtable hashtable2 = this.serverExtensions;
        byte[] bArr = TlsUtils.DOWNGRADE_TLS11;
        SecurityParameters securityParametersHandshake = tlsClientContextImpl.getSecurityParametersHandshake();
        boolean isTLSv13 = TlsUtils.isTLSv13(securityParametersHandshake.negotiatedVersion);
        if (tlsAuthentication == null) {
            if (isTLSv13) {
                throw new TlsFatalAlert((short) 80);
            }
            if (securityParametersHandshake.renegotiating) {
                throw new TlsFatalAlert((short) 40);
            }
            tlsKeyExchange.skipServerCredentials();
            return;
        }
        Certificate certificate = securityParametersHandshake.peerCertificate;
        byte[] extension = certificate.getCertificateAt(0).getExtension(TlsObjectIdentifiers.id_pe_tlsfeature);
        if (extension != null) {
            ASN1Sequence aSN1Sequence = (ASN1Sequence) TlsUtils.readASN1Object(extension);
            for (int i = 0; i < aSN1Sequence.size(); i++) {
                if (!(aSN1Sequence.getObjectAt(i) instanceof ASN1Integer)) {
                    throw new TlsFatalAlert((short) 42);
                }
            }
            TlsUtils.requireDEREncoding(aSN1Sequence, extension);
            for (int i2 = 0; i2 < aSN1Sequence.size(); i2++) {
                BigInteger positiveValue = ((ASN1Integer) aSN1Sequence.getObjectAt(i2)).getPositiveValue();
                if (positiveValue.bitLength() <= 16) {
                    Integer valueOf = Integer.valueOf(positiveValue.intValue());
                    if (hashtable.containsKey(valueOf) && !hashtable2.containsKey(valueOf)) {
                        throw new TlsFatalAlert((short) 46);
                    }
                }
            }
        }
        if (!isTLSv13) {
            tlsKeyExchange.processServerCertificate(certificate);
        }
        tlsAuthentication.notifyServerCertificate(new TlsServerCertificateImpl(certificate, certificateStatus));
    }

    public final void handleSupplementalData(Vector vector) throws IOException {
        TlsKeyExchange tlsRSAKeyExchange;
        this.tlsClient.processServerSupplementalData(vector);
        this.connection_state = (short) 6;
        TlsClientContextImpl tlsClientContextImpl = this.tlsClientContext;
        TlsClient tlsClient = this.tlsClient;
        byte[] bArr = TlsUtils.DOWNGRADE_TLS11;
        int i = tlsClientContextImpl.getSecurityParametersHandshake().keyExchangeAlgorithm;
        DefaultTlsKeyExchangeFactory keyExchangeFactory = tlsClient.getKeyExchangeFactory();
        if (i == 1) {
            keyExchangeFactory.getClass();
            tlsRSAKeyExchange = new TlsRSAKeyExchange(i);
        } else if (i == 3 || i == 5) {
            tlsRSAKeyExchange = keyExchangeFactory.createDHEKeyExchangeClient(i, tlsClient.getDHGroupVerifier());
        } else if (i == 7 || i == 9) {
            keyExchangeFactory.getClass();
            tlsRSAKeyExchange = new TlsDHKeyExchange(i);
        } else if (i != 11) {
            switch (i) {
                case 13:
                case 15:
                case 24:
                    tlsClient.getPSKIdentity();
                    tlsRSAKeyExchange = keyExchangeFactory.createPSKKeyExchangeClient(i, null, null);
                    break;
                case 14:
                    tlsClient.getPSKIdentity();
                    tlsRSAKeyExchange = keyExchangeFactory.createPSKKeyExchangeClient(i, null, tlsClient.getDHGroupVerifier());
                    break;
                case 16:
                case 18:
                    keyExchangeFactory.getClass();
                    tlsRSAKeyExchange = new TlsECDHKeyExchange(i);
                    break;
                case 17:
                case 19:
                    tlsRSAKeyExchange = keyExchangeFactory.createECDHEKeyExchangeClient(i);
                    break;
                case 20:
                    tlsRSAKeyExchange = keyExchangeFactory.createECDHanonKeyExchangeClient(i);
                    break;
                case 21:
                case 22:
                case 23:
                    tlsClient.getSRPIdentity();
                    DefaultTlsSRPConfigVerifier sRPConfigVerifier = tlsClient.getSRPConfigVerifier();
                    keyExchangeFactory.getClass();
                    tlsRSAKeyExchange = new TlsSRPKeyExchange(i, null, sRPConfigVerifier);
                    break;
                default:
                    throw new TlsFatalAlert((short) 80);
            }
        } else {
            tlsRSAKeyExchange = keyExchangeFactory.createDHanonKeyExchangeClient(i, tlsClient.getDHGroupVerifier());
        }
        ((AbstractTlsKeyExchange) tlsRSAKeyExchange).context = tlsClientContextImpl;
        this.keyExchange = tlsRSAKeyExchange;
    }

    public final void process13ServerHello(ServerHello serverHello, boolean z) throws IOException {
        int readUint16;
        TlsSecret tlsSecret;
        KeyShareEntry keyShareEntry;
        TlsSecret calculateSecret;
        SecurityParameters securityParametersHandshake = this.tlsClientContext.getSecurityParametersHandshake();
        ProtocolVersion protocolVersion = serverHello.version;
        byte[] bArr = serverHello.sessionID;
        int i = serverHello.cipherSuite;
        if (!ProtocolVersion.TLSv12.equals(protocolVersion) || !Arrays.equals(this.clientHello.sessionID, bArr)) {
            throw new TlsFatalAlert((short) 47);
        }
        Hashtable hashtable = serverHello.extensions;
        if (hashtable == null) {
            throw new TlsFatalAlert((short) 47);
        }
        TlsUtils.checkExtensionData13(hashtable, 2, (short) 47);
        if (z) {
            ProtocolVersion supportedVersionsExtensionServer = TlsExtensionsUtils.getSupportedVersionsExtensionServer(hashtable);
            if (supportedVersionsExtensionServer == null) {
                throw new TlsFatalAlert((short) 109);
            }
            if (!securityParametersHandshake.negotiatedVersion.equals(supportedVersionsExtensionServer) || securityParametersHandshake.cipherSuite != i) {
                throw new TlsFatalAlert((short) 47);
            }
        } else {
            if (!TlsUtils.isValidCipherSuiteSelection(i, this.clientHello.cipherSuites) || !TlsUtils.isValidVersionForCipherSuite(i, securityParametersHandshake.negotiatedVersion)) {
                throw new TlsFatalAlert((short) 47);
            }
            securityParametersHandshake.resumedSession = false;
            byte[] bArr2 = TlsUtils.EMPTY_BYTES;
            securityParametersHandshake.sessionID = bArr2;
            this.tlsClient.notifySessionID(bArr2);
            TlsUtils.negotiatedCipherSuite(securityParametersHandshake, i);
            this.tlsClient.notifySelectedCipherSuite(i);
        }
        this.clientHello = null;
        securityParametersHandshake.serverRandom = serverHello.random;
        securityParametersHandshake.secureRenegotiation = false;
        securityParametersHandshake.extendedMasterSecret = true;
        securityParametersHandshake.statusRequestVersion = this.clientExtensions.containsKey(TlsExtensionsUtils.EXT_status_request) ? 1 : 0;
        byte[] extensionData = TlsUtils.getExtensionData(hashtable, TlsExtensionsUtils.EXT_pre_shared_key);
        if (extensionData == null) {
            readUint16 = -1;
        } else {
            if (extensionData.length != 2) {
                throw new TlsFatalAlert((short) 50);
            }
            readUint16 = TlsUtils.readUint16(0, extensionData);
        }
        if (readUint16 >= 0) {
            OfferedPsks.BindersConfig bindersConfig = this.clientBinders;
            if (bindersConfig != null) {
                TlsPSK[] tlsPSKArr = bindersConfig.psks;
                if (readUint16 < tlsPSKArr.length) {
                    tlsPSKArr[readUint16].getPRFAlgorithm();
                    if (securityParametersHandshake.prfAlgorithm != 0) {
                        throw new TlsFatalAlert((short) 47);
                    }
                    tlsSecret = this.clientBinders.earlySecrets[readUint16];
                    this.selectedPSK13 = true;
                }
            }
            throw new TlsFatalAlert((short) 47);
        }
        tlsSecret = null;
        this.tlsClient.notifySelectedPSK();
        byte[] extensionData2 = TlsUtils.getExtensionData(hashtable, TlsExtensionsUtils.EXT_key_share);
        if (extensionData2 == null) {
            keyShareEntry = null;
        } else {
            ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(extensionData2);
            keyShareEntry = new KeyShareEntry(TlsUtils.readUint16(byteArrayInputStream), TlsUtils.readOpaque16(byteArrayInputStream));
            TlsProtocol.assertEmpty(byteArrayInputStream);
        }
        if (keyShareEntry == null) {
            if (z || tlsSecret == null || !org.bouncycastle.util.Arrays.contains((short) 0, this.clientBinders.pskKeyExchangeModes)) {
                throw new TlsFatalAlert((short) 47);
            }
            calculateSecret = null;
        } else {
            if (tlsSecret != null && !org.bouncycastle.util.Arrays.contains((short) 1, this.clientBinders.pskKeyExchangeModes)) {
                throw new TlsFatalAlert((short) 47);
            }
            TlsAgreement tlsAgreement = (TlsAgreement) this.clientAgreements.get(Integer.valueOf(keyShareEntry.namedGroup));
            if (tlsAgreement == null) {
                throw new TlsFatalAlert((short) 47);
            }
            tlsAgreement.receivePeerValue(keyShareEntry.keyExchange);
            calculateSecret = tlsAgreement.calculateSecret();
        }
        this.clientAgreements = null;
        this.clientBinders = null;
        TlsUtils.establish13PhaseSecrets(this.tlsClientContext, tlsSecret, calculateSecret);
        invalidateSession();
        this.tlsSession = new TlsSessionImpl(securityParametersHandshake.sessionID, null);
    }

    public final void process13ServerHelloCoda(boolean z) throws IOException {
        byte[] currentPRFHash = TlsUtils.getCurrentPRFHash(this.handshakeHash);
        TlsClientContextImpl tlsClientContextImpl = this.tlsClientContext;
        RecordStream recordStream = this.recordStream;
        SecurityParameters securityParametersHandshake = tlsClientContextImpl.getSecurityParametersHandshake();
        TlsUtils.establish13TrafficSecrets(tlsClientContextImpl, currentPRFHash, securityParametersHandshake.handshakeSecret, "c hs traffic", "s hs traffic", recordStream);
        securityParametersHandshake.baseKeyClient = securityParametersHandshake.trafficSecretClient;
        securityParametersHandshake.baseKeyServer = securityParametersHandshake.trafficSecretServer;
        if (!z) {
            this.recordStream.ignoreChangeCipherSpec = true;
            sendChangeCipherSpecMessage();
        }
        this.recordStream.enablePendingCipherWrite();
        this.recordStream.enablePendingCipherRead(false);
    }

    public final void sendClientHelloMessage() throws IOException {
        HandshakeMessageOutput handshakeMessageOutput = new HandshakeMessageOutput((short) 1);
        ClientHello clientHello = this.clientHello;
        if (clientHello.bindersSize < 0) {
            throw new TlsFatalAlert((short) 80);
        }
        ProtocolVersion protocolVersion = clientHello.version;
        handshakeMessageOutput.write(protocolVersion.version >> 8);
        handshakeMessageOutput.write(protocolVersion.version & 255);
        handshakeMessageOutput.write(clientHello.random);
        TlsUtils.writeOpaque8(handshakeMessageOutput, clientHello.sessionID);
        byte[] bArr = clientHello.cookie;
        if (bArr != null) {
            TlsUtils.writeOpaque8(handshakeMessageOutput, bArr);
        }
        int[] iArr = clientHello.cipherSuites;
        int length = iArr.length * 2;
        TlsUtils.checkUint16(length);
        handshakeMessageOutput.write(length >>> 8);
        handshakeMessageOutput.write(length);
        int i = 0;
        for (int i2 : iArr) {
            handshakeMessageOutput.write(i2 >>> 8);
            handshakeMessageOutput.write(i2);
        }
        short[] sArr = {0};
        TlsUtils.checkUint8(1);
        handshakeMessageOutput.write(1);
        for (int i3 = 0; i3 < 1; i3++) {
            handshakeMessageOutput.write(sArr[i3]);
        }
        TlsProtocol.writeExtensions(handshakeMessageOutput, clientHello.extensions, clientHello.bindersSize);
        handshakeMessageOutput.prepareClientHello(this.handshakeHash, this.clientHello.bindersSize);
        OfferedPsks.BindersConfig bindersConfig = this.clientBinders;
        if (bindersConfig != null) {
            TlsCrypto tlsCrypto = this.tlsClientContext.crypto;
            TlsHandshakeHash tlsHandshakeHash = this.handshakeHash;
            TlsPSK[] tlsPSKArr = bindersConfig.psks;
            TlsSecret[] tlsSecretArr = bindersConfig.earlySecrets;
            int i4 = bindersConfig.bindersSize - 2;
            TlsUtils.checkUint16(i4);
            handshakeMessageOutput.write(i4 >>> 8);
            handshakeMessageOutput.write(i4);
            int i5 = 0;
            int i6 = 0;
            while (i5 < tlsPSKArr.length) {
                TlsPSK tlsPSK = tlsPSKArr[i5];
                TlsSecret tlsSecret = tlsSecretArr[i5];
                tlsPSK.getPRFAlgorithm();
                int hashForPRF = TlsCryptoUtils.getHashForPRF(i);
                TlsHash createHash = tlsCrypto.createHash(hashForPRF);
                ((DeferredHash) tlsHandshakeHash).copyBufferTo(new TlsHashOutputStream(createHash));
                byte[] calculatePSKBinder = TlsUtils.calculatePSKBinder(tlsCrypto, hashForPRF, tlsSecret, createHash.calculateHash());
                i6 += calculatePSKBinder.length + 1;
                TlsUtils.writeOpaque8(handshakeMessageOutput, calculatePSKBinder);
                i5++;
                i = 0;
            }
            if (i4 != i6) {
                throw new TlsFatalAlert((short) 80);
            }
        }
        handshakeMessageOutput.sendClientHello(this, this.handshakeHash, this.clientHello.bindersSize);
    }
}
