package org.bouncycastle.tls;

import defpackage.q70;
import defpackage.vp2;
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.util.Enumeration;
import java.util.Hashtable;
import org.bouncycastle.tls.crypto.TlsSecret;
import org.bouncycastle.util.Arrays;

/* loaded from: classes5.dex */
public class DTLSClientProtocol extends DTLSProtocol {

    /* loaded from: classes5.dex */
    public static class ClientHandshakeState {
        public TlsClient a = null;
        public vp2 b = null;
        public TlsSession c = null;
        public SessionParameters d = null;
        public TlsSecret e = null;
        public int[] f = null;
        public Hashtable g = null;
        public Hashtable h = null;
        public boolean i = false;
        public boolean j = false;
        public TlsKeyExchange k = null;
        public TlsAuthentication l = null;
        public CertificateStatus m = null;
        public CertificateRequest n = null;
        public TlsCredentials o = null;
        public TlsHeartbeat p = null;
        public short q = 2;
    }

    public static byte[] patchClientHelloWithCookie(byte[] bArr, byte[] bArr2) {
        int readUint8 = TlsUtils.readUint8(bArr, 34) + 35;
        int i = readUint8 + 1;
        byte[] bArr3 = new byte[bArr.length + bArr2.length];
        System.arraycopy(bArr, 0, bArr3, 0, readUint8);
        TlsUtils.checkUint8(bArr2.length);
        TlsUtils.writeUint8(bArr2.length, bArr3, readUint8);
        System.arraycopy(bArr2, 0, bArr3, i, bArr2.length);
        System.arraycopy(bArr, i, bArr3, bArr2.length + i, bArr.length - i);
        return bArr3;
    }

    public void abortClientHandshake(ClientHandshakeState clientHandshakeState, q70 q70Var, short s) {
        q70Var.b(s);
        invalidateSession(clientHandshakeState);
    }

    /* JADX WARN: Removed duplicated region for block: B:64:0x01ef  */
    /* JADX WARN: Removed duplicated region for block: B:67:0x021c  */
    /* JADX WARN: Removed duplicated region for block: B:70:0x024a  */
    /* JADX WARN: Removed duplicated region for block: B:77:0x0304  */
    /* JADX WARN: Removed duplicated region for block: B:80:0x01f1  */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public org.bouncycastle.tls.DTLSTransport clientHandshake(org.bouncycastle.tls.DTLSClientProtocol.ClientHandshakeState r21, defpackage.q70 r22) {
        /*
            Method dump skipped, instructions count: 806
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: org.bouncycastle.tls.DTLSClientProtocol.clientHandshake(org.bouncycastle.tls.DTLSClientProtocol$ClientHandshakeState, q70):org.bouncycastle.tls.DTLSTransport");
    }

    public DTLSTransport connect(TlsClient tlsClient, DatagramTransport datagramTransport) {
        SessionParameters exportSessionParameters;
        if (tlsClient == null) {
            throw new IllegalArgumentException("'client' cannot be null");
        }
        if (datagramTransport == null) {
            throw new IllegalArgumentException("'transport' cannot be null");
        }
        ClientHandshakeState clientHandshakeState = new ClientHandshakeState();
        clientHandshakeState.a = tlsClient;
        vp2 vp2Var = new vp2(tlsClient.getCrypto());
        clientHandshakeState.b = vp2Var;
        tlsClient.init(vp2Var);
        clientHandshakeState.b.b(tlsClient);
        SecurityParameters securityParametersHandshake = clientHandshakeState.b.getSecurityParametersHandshake();
        securityParametersHandshake.B = tlsClient.shouldUseExtendedPadding();
        TlsSession sessionToResume = clientHandshakeState.a.getSessionToResume();
        if (sessionToResume != null && sessionToResume.isResumable() && (exportSessionParameters = sessionToResume.exportSessionParameters()) != null && (exportSessionParameters.isExtendedMasterSecret() || (!clientHandshakeState.a.requiresExtendedMasterSecret() && clientHandshakeState.a.allowLegacyResumption()))) {
            TlsSecret masterSecret = exportSessionParameters.getMasterSecret();
            synchronized (masterSecret) {
                if (masterSecret.isAlive()) {
                    clientHandshakeState.c = sessionToResume;
                    clientHandshakeState.d = exportSessionParameters;
                    clientHandshakeState.e = clientHandshakeState.b.a.adoptSecret(masterSecret);
                }
            }
        }
        q70 q70Var = new q70(clientHandshakeState.b, clientHandshakeState.a, datagramTransport);
        tlsClient.notifyCloseHandle(q70Var);
        try {
            try {
                try {
                    return clientHandshake(clientHandshakeState, q70Var);
                } catch (RuntimeException e) {
                    abortClientHandshake(clientHandshakeState, q70Var, (short) 80);
                    throw new TlsFatalAlert((short) 80, (Throwable) e);
                }
            } catch (TlsFatalAlert e2) {
                abortClientHandshake(clientHandshakeState, q70Var, e2.getAlertDescription());
                throw e2;
            } catch (IOException e3) {
                abortClientHandshake(clientHandshakeState, q70Var, (short) 80);
                throw e3;
            }
        } finally {
            securityParametersHandshake.a();
        }
    }

    public byte[] generateCertificateVerify(ClientHandshakeState clientHandshakeState, DigitallySigned digitallySigned) {
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        digitallySigned.encode(byteArrayOutputStream);
        return byteArrayOutputStream.toByteArray();
    }

    /* JADX WARN: Code restructure failed: missing block: B:17:0x0043, code lost:
    
        if (r6.length <= 32) goto L22;
     */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public byte[] generateClientHello(org.bouncycastle.tls.DTLSClientProtocol.ClientHandshakeState r17) {
        /*
            Method dump skipped, instructions count: 385
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: org.bouncycastle.tls.DTLSClientProtocol.generateClientHello(org.bouncycastle.tls.DTLSClientProtocol$ClientHandshakeState):byte[]");
    }

    public byte[] generateClientKeyExchange(ClientHandshakeState clientHandshakeState) {
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        clientHandshakeState.k.generateClientKeyExchange(byteArrayOutputStream);
        return byteArrayOutputStream.toByteArray();
    }

    public void invalidateSession(ClientHandshakeState clientHandshakeState) {
        TlsSecret tlsSecret = clientHandshakeState.e;
        if (tlsSecret != null) {
            tlsSecret.destroy();
            clientHandshakeState.e = null;
        }
        SessionParameters sessionParameters = clientHandshakeState.d;
        if (sessionParameters != null) {
            sessionParameters.clear();
            clientHandshakeState.d = null;
        }
        TlsSession tlsSession = clientHandshakeState.c;
        if (tlsSession != null) {
            tlsSession.invalidate();
            clientHandshakeState.c = null;
        }
    }

    public void processCertificateRequest(ClientHandshakeState clientHandshakeState, byte[] bArr) {
        if (clientHandshakeState.l == null) {
            throw new TlsFatalAlert((short) 40);
        }
        ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(bArr);
        CertificateRequest parse = CertificateRequest.parse(clientHandshakeState.b, byteArrayInputStream);
        TlsProtocol.assertEmpty(byteArrayInputStream);
        clientHandshakeState.n = TlsUtils.N(parse, clientHandshakeState.k);
    }

    public void processCertificateStatus(ClientHandshakeState clientHandshakeState, byte[] bArr) {
        ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(bArr);
        clientHandshakeState.m = CertificateStatus.parse(clientHandshakeState.b, byteArrayInputStream);
        TlsProtocol.assertEmpty(byteArrayInputStream);
    }

    public byte[] processHelloVerifyRequest(ClientHandshakeState clientHandshakeState, byte[] bArr) {
        ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(bArr);
        ProtocolVersion readVersion = TlsUtils.readVersion(byteArrayInputStream);
        byte[] readOpaque8 = TlsUtils.readOpaque8(byteArrayInputStream, 0, ProtocolVersion.DTLSv12.isEqualOrEarlierVersionOf(readVersion) ? 255 : 32);
        TlsProtocol.assertEmpty(byteArrayInputStream);
        if (readVersion.isEqualOrEarlierVersionOf(clientHandshakeState.b.g)) {
            return readOpaque8;
        }
        throw new TlsFatalAlert((short) 47);
    }

    public void processNewSessionTicket(ClientHandshakeState clientHandshakeState, byte[] bArr) {
        ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(bArr);
        NewSessionTicket parse = NewSessionTicket.parse(byteArrayInputStream);
        TlsProtocol.assertEmpty(byteArrayInputStream);
        clientHandshakeState.a.notifyNewSessionTicket(parse);
    }

    public void processServerCertificate(ClientHandshakeState clientHandshakeState, byte[] bArr) {
        clientHandshakeState.l = TlsUtils.H(clientHandshakeState.b, clientHandshakeState.a, new ByteArrayInputStream(bArr));
    }

    public void processServerHello(ClientHandshakeState clientHandshakeState, byte[] bArr) {
        TlsSession tlsSession;
        ServerHello parse = ServerHello.parse(new ByteArrayInputStream(bArr));
        ProtocolVersion version = parse.getVersion();
        clientHandshakeState.h = parse.getExtensions();
        SecurityParameters securityParametersHandshake = clientHandshakeState.b.getSecurityParametersHandshake();
        reportServerVersion(clientHandshakeState, version);
        securityParametersHandshake.s = parse.getRandom();
        if (!clientHandshakeState.b.g.equals(version)) {
            TlsUtils.g(version, securityParametersHandshake.getServerRandom());
        }
        byte[] sessionID = parse.getSessionID();
        securityParametersHandshake.u = sessionID;
        clientHandshakeState.a.notifySessionID(sessionID);
        boolean z = false;
        clientHandshakeState.i = sessionID.length > 0 && (tlsSession = clientHandshakeState.c) != null && Arrays.areEqual(sessionID, tlsSession.getSessionID());
        int validateSelectedCipherSuite = DTLSProtocol.validateSelectedCipherSuite(parse.getCipherSuite(), (short) 47);
        if (!TlsUtils.z(validateSelectedCipherSuite, clientHandshakeState.f) || !TlsUtils.isValidVersionForCipherSuite(validateSelectedCipherSuite, securityParametersHandshake.getNegotiatedVersion())) {
            throw new TlsFatalAlert((short) 47);
        }
        TlsUtils.B(securityParametersHandshake, validateSelectedCipherSuite);
        clientHandshakeState.a.notifySelectedCipherSuite(validateSelectedCipherSuite);
        if (TlsUtils.isTLSv13(version)) {
            securityParametersHandshake.A = true;
        } else {
            boolean hasExtendedMasterSecretExtension = TlsExtensionsUtils.hasExtendedMasterSecretExtension(clientHandshakeState.h);
            if (hasExtendedMasterSecretExtension) {
                if (!clientHandshakeState.i && !clientHandshakeState.a.shouldUseExtendedMasterSecret()) {
                    throw new TlsFatalAlert((short) 40);
                }
            } else if (clientHandshakeState.a.requiresExtendedMasterSecret() || (clientHandshakeState.i && !clientHandshakeState.a.allowLegacyResumption())) {
                throw new TlsFatalAlert((short) 40);
            }
            securityParametersHandshake.A = hasExtendedMasterSecretExtension;
        }
        Hashtable hashtable = clientHandshakeState.h;
        if (hashtable != null) {
            Enumeration keys = hashtable.keys();
            while (keys.hasMoreElements()) {
                Integer num = (Integer) keys.nextElement();
                if (!num.equals(TlsProtocol.EXT_RenegotiationInfo) && TlsUtils.getExtensionData(clientHandshakeState.g, num) == null) {
                    throw new TlsFatalAlert(AlertDescription.unsupported_extension);
                }
            }
        }
        byte[] extensionData = TlsUtils.getExtensionData(clientHandshakeState.h, TlsProtocol.EXT_RenegotiationInfo);
        if (extensionData != null) {
            securityParametersHandshake.b = true;
            if (!Arrays.constantTimeAreEqual(extensionData, TlsProtocol.createRenegotiationInfo(TlsUtils.EMPTY_BYTES))) {
                throw new TlsFatalAlert((short) 40);
            }
        }
        clientHandshakeState.a.notifySecureRenegotiation(securityParametersHandshake.isSecureRenegotiation());
        securityParametersHandshake.D = TlsExtensionsUtils.getALPNExtensionServer(clientHandshakeState.h);
        securityParametersHandshake.E = true;
        HeartbeatExtension heartbeatExtension = TlsExtensionsUtils.getHeartbeatExtension(clientHandshakeState.h);
        Hashtable hashtable2 = null;
        if (heartbeatExtension == null) {
            clientHandshakeState.p = null;
            clientHandshakeState.q = (short) 2;
        } else if (1 != heartbeatExtension.getMode()) {
            clientHandshakeState.p = null;
        }
        Hashtable hashtable3 = clientHandshakeState.g;
        Hashtable hashtable4 = clientHandshakeState.h;
        if (!clientHandshakeState.i) {
            hashtable2 = hashtable3;
        } else {
            if (securityParametersHandshake.getCipherSuite() != clientHandshakeState.d.getCipherSuite() || clientHandshakeState.d.getCompressionAlgorithm() != 0 || !version.equals(clientHandshakeState.d.getNegotiatedVersion())) {
                throw new TlsFatalAlert((short) 47);
            }
            hashtable4 = clientHandshakeState.d.readServerExtensions();
        }
        if (hashtable4 != null && !hashtable4.isEmpty()) {
            boolean hasEncryptThenMACExtension = TlsExtensionsUtils.hasEncryptThenMACExtension(hashtable4);
            if (hasEncryptThenMACExtension && !TlsUtils.isBlockCipherSuite(securityParametersHandshake.getCipherSuite())) {
                throw new TlsFatalAlert((short) 47);
            }
            securityParametersHandshake.z = hasEncryptThenMACExtension;
            securityParametersHandshake.d = DTLSProtocol.evaluateMaxFragmentLengthExtension(clientHandshakeState.i, hashtable2, hashtable4, (short) 47);
            securityParametersHandshake.C = TlsExtensionsUtils.hasTruncatedHMacExtension(hashtable4);
            if (!clientHandshakeState.i) {
                if (TlsUtils.hasExpectedEmptyExtensionData(hashtable4, TlsExtensionsUtils.EXT_status_request_v2, (short) 47)) {
                    securityParametersHandshake.R = 2;
                } else if (TlsUtils.hasExpectedEmptyExtensionData(hashtable4, TlsExtensionsUtils.EXT_status_request, (short) 47)) {
                    securityParametersHandshake.R = 1;
                }
            }
            if (!clientHandshakeState.i && TlsUtils.hasExpectedEmptyExtensionData(hashtable4, TlsProtocol.EXT_SessionTicket, (short) 47)) {
                z = true;
            }
            clientHandshakeState.j = z;
        }
        if (hashtable2 != null) {
            clientHandshakeState.a.processServerExtensions(hashtable4);
        }
    }

    public void processServerKeyExchange(ClientHandshakeState clientHandshakeState, byte[] bArr) {
        ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(bArr);
        clientHandshakeState.k.processServerKeyExchange(byteArrayInputStream);
        TlsProtocol.assertEmpty(byteArrayInputStream);
    }

    public void processServerSupplementalData(ClientHandshakeState clientHandshakeState, byte[] bArr) {
        clientHandshakeState.a.processServerSupplementalData(TlsProtocol.readSupplementalDataMessage(new ByteArrayInputStream(bArr)));
    }

    public void reportServerVersion(ClientHandshakeState clientHandshakeState, ProtocolVersion protocolVersion) {
        vp2 vp2Var = clientHandshakeState.b;
        SecurityParameters securityParametersHandshake = vp2Var.getSecurityParametersHandshake();
        ProtocolVersion negotiatedVersion = securityParametersHandshake.getNegotiatedVersion();
        if (negotiatedVersion != null) {
            if (!negotiatedVersion.equals(protocolVersion)) {
                throw new TlsFatalAlert((short) 47);
            }
            return;
        }
        if (!ProtocolVersion.contains(vp2Var.f, protocolVersion)) {
            throw new TlsFatalAlert((short) 70);
        }
        securityParametersHandshake.Q = protocolVersion;
        vp2 vp2Var2 = clientHandshakeState.b;
        TlsClient tlsClient = clientHandshakeState.a;
        byte[] bArr = TlsUtils.a;
        SecurityParameters securityParametersHandshake2 = vp2Var2.getSecurityParametersHandshake();
        ProtocolVersion negotiatedVersion2 = securityParametersHandshake2.getNegotiatedVersion();
        if (!(negotiatedVersion2 != null && negotiatedVersion2.isEqualOrLaterVersionOf(ProtocolVersion.c) && negotiatedVersion2.isEqualOrEarlierVersionOf(ProtocolVersion.e))) {
            throw new TlsFatalAlert((short) 80);
        }
        TlsUtils.C(securityParametersHandshake2);
        tlsClient.notifyServerVersion(negotiatedVersion2);
    }
}
