package org.bouncycastle.tls;

import java.io.ByteArrayOutputStream;
import java.io.InterruptedIOException;
import java.net.SocketTimeoutException;
import org.bouncycastle.asn1.cmc.BodyPartID;
import org.bouncycastle.tls.crypto.TlsCipher;
import org.bouncycastle.tls.crypto.TlsEncodeResult;
import org.bouncycastle.tls.crypto.TlsNullNullCipher;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: classes4.dex */
public class DTLSRecordLayer implements DatagramTransport {
    private static final int MAX_FRAGMENT_LENGTH = 16384;
    static final int RECORD_HEADER_LENGTH = 13;
    private static final long RETRANSMIT_TIMEOUT = 240000;
    private static final long TCP_MSL = 120000;
    private final TlsContext context;
    private DTLSEpoch currentEpoch;
    private volatile boolean inConnection;
    private final TlsPeer peer;
    private DTLSEpoch pendingEpoch;
    private volatile int plaintextLimit;
    private DTLSEpoch readEpoch;
    private final DatagramTransport transport;
    private DTLSEpoch writeEpoch;
    private final ByteQueue recordQueue = new ByteQueue();
    private final Object writeLock = new Object();
    private volatile boolean closed = false;
    private volatile boolean failed = false;
    private volatile ProtocolVersion readVersion = null;
    private volatile ProtocolVersion writeVersion = null;
    private DTLSHandshakeRetransmit retransmit = null;
    private DTLSEpoch retransmitEpoch = null;
    private Timeout retransmitTimeout = null;
    private TlsHeartbeat heartbeat = null;
    private boolean heartBeatResponder = false;
    private HeartbeatMessage heartbeatInFlight = null;
    private Timeout heartbeatTimeout = null;
    private int heartbeatResendMillis = -1;
    private Timeout heartbeatResendTimeout = null;
    private volatile boolean inHandshake = true;

    /* JADX INFO: Access modifiers changed from: package-private */
    public DTLSRecordLayer(TlsContext tlsContext, TlsPeer tlsPeer, DatagramTransport datagramTransport) {
        this.context = tlsContext;
        this.peer = tlsPeer;
        this.transport = datagramTransport;
        DTLSEpoch dTLSEpoch = new DTLSEpoch(0, TlsNullNullCipher.INSTANCE, 13, 13);
        this.currentEpoch = dTLSEpoch;
        this.pendingEpoch = null;
        this.readEpoch = dTLSEpoch;
        this.writeEpoch = dTLSEpoch;
        setPlaintextLimit(16384);
    }

    private void closeTransport() {
        if (this.closed) {
            return;
        }
        try {
            if (!this.failed) {
                warn((short) 0, null);
            }
            this.transport.close();
        } catch (Exception unused) {
        }
        this.closed = true;
    }

    private static long getMacSequenceNumber(int i2, long j2) {
        return ((i2 & BodyPartID.bodyIdMax) << 48) | j2;
    }

    /* JADX WARN: Removed duplicated region for block: B:16:0x0048 A[RETURN] */
    /* JADX WARN: Removed duplicated region for block: B:17:0x0049  */
    /* JADX WARN: Removed duplicated region for block: B:45:0x00b1 A[RETURN] */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    private int processRecord(int r25, byte[] r26, byte[] r27, int r28, int r29, org.bouncycastle.tls.DTLSRecordCallback r30) {
        /*
            Method dump skipped, instructions count: 576
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: org.bouncycastle.tls.DTLSRecordLayer.processRecord(int, byte[], byte[], int, int, org.bouncycastle.tls.DTLSRecordCallback):int");
    }

    private void raiseAlert(short s2, short s3, String str, Throwable th) {
        this.peer.notifyAlertRaised(s2, s3, str, th);
        sendRecord((short) 21, new byte[]{(byte) s2, (byte) s3}, 0, 2);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static int receiveClientHelloRecord(byte[] bArr, int i2, int i3) {
        int readUint16;
        if (i3 < 13 || 22 != TlsUtils.readUint8(bArr, i2 + 0)) {
            return -1;
        }
        if (ProtocolVersion.DTLSv10.isEqualOrEarlierVersionOf(TlsUtils.readVersion(bArr, i2 + 1)) && TlsUtils.readUint16(bArr, i2 + 3) == 0 && (readUint16 = TlsUtils.readUint16(bArr, i2 + 11)) >= 1 && readUint16 <= 16384 && i3 >= readUint16 + 13 && 1 == TlsUtils.readUint8(bArr, i2 + 13)) {
            return readUint16;
        }
        return -1;
    }

    private int receiveDatagram(byte[] bArr, int i2, int i3, int i4) {
        try {
            int receive = this.transport.receive(bArr, i2, i3, i4);
            if (receive <= i3) {
                return receive;
            }
            return -1;
        } catch (SocketTimeoutException unused) {
            return -1;
        } catch (InterruptedIOException e2) {
            e2.bytesTransferred = 0;
            throw e2;
        }
    }

    private int receivePendingRecord(byte[] bArr, int i2, int i3) {
        DTLSEpoch dTLSEpoch;
        int i4 = 13;
        if (this.recordQueue.available() >= 13) {
            int readUint16 = this.recordQueue.readUint16(3);
            if (readUint16 == this.readEpoch.getEpoch()) {
                dTLSEpoch = this.readEpoch;
            } else {
                DTLSEpoch dTLSEpoch2 = this.retransmitEpoch;
                dTLSEpoch = (dTLSEpoch2 == null || readUint16 != dTLSEpoch2.getEpoch()) ? null : this.retransmitEpoch;
            }
            if (dTLSEpoch == null) {
                ByteQueue byteQueue = this.recordQueue;
                byteQueue.removeData(byteQueue.available());
                return -1;
            }
            i4 = dTLSEpoch.getRecordHeaderLengthRead();
            if (this.recordQueue.available() >= i4) {
                i4 += this.recordQueue.readUint16(i4 - 2);
            }
        }
        int min = Math.min(this.recordQueue.available(), i4);
        this.recordQueue.removeData(bArr, i2, min, 0);
        return min;
    }

    private int receiveRecord(byte[] bArr, int i2, int i3, int i4) {
        DTLSEpoch dTLSEpoch;
        int readUint16;
        if (this.recordQueue.available() > 0) {
            return receivePendingRecord(bArr, i2, i3);
        }
        int receiveDatagram = receiveDatagram(bArr, i2, i3, i4);
        if (receiveDatagram < 13) {
            return receiveDatagram;
        }
        this.inConnection = true;
        int readUint162 = TlsUtils.readUint16(bArr, i2 + 3);
        if (readUint162 == this.readEpoch.getEpoch()) {
            dTLSEpoch = this.readEpoch;
        } else {
            DTLSEpoch dTLSEpoch2 = this.retransmitEpoch;
            dTLSEpoch = (dTLSEpoch2 == null || readUint162 != dTLSEpoch2.getEpoch()) ? null : this.retransmitEpoch;
        }
        if (dTLSEpoch == null) {
            return -1;
        }
        int recordHeaderLengthRead = dTLSEpoch.getRecordHeaderLengthRead();
        if (receiveDatagram < recordHeaderLengthRead || receiveDatagram <= (readUint16 = recordHeaderLengthRead + TlsUtils.readUint16(bArr, (i2 + recordHeaderLengthRead) - 2))) {
            return receiveDatagram;
        }
        this.recordQueue.addData(bArr, i2 + readUint16, receiveDatagram - readUint16);
        return readUint16;
    }

    private void resetHeartbeat() {
        this.heartbeatInFlight = null;
        this.heartbeatResendMillis = -1;
        this.heartbeatResendTimeout = null;
        this.heartbeatTimeout = new Timeout(this.heartbeat.getIdleMillis());
    }

    private static void sendDatagram(DatagramSender datagramSender, byte[] bArr, int i2, int i3) {
        try {
            datagramSender.send(bArr, i2, i3);
        } catch (InterruptedIOException e2) {
            e2.bytesTransferred = 0;
            throw e2;
        }
    }

    private void sendHeartbeatMessage(HeartbeatMessage heartbeatMessage) {
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        heartbeatMessage.encode(byteArrayOutputStream);
        byte[] byteArray = byteArrayOutputStream.toByteArray();
        sendRecord((short) 24, byteArray, 0, byteArray.length);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static void sendHelloVerifyRequestRecord(DatagramSender datagramSender, long j2, byte[] bArr) {
        TlsUtils.checkUint16(bArr.length);
        int length = bArr.length + 13;
        byte[] bArr2 = new byte[length];
        TlsUtils.writeUint8((short) 22, bArr2, 0);
        TlsUtils.writeVersion(ProtocolVersion.DTLSv10, bArr2, 1);
        TlsUtils.writeUint16(0, bArr2, 3);
        TlsUtils.writeUint48(j2, bArr2, 5);
        TlsUtils.writeUint16(bArr.length, bArr2, 11);
        System.arraycopy(bArr, 0, bArr2, 13, bArr.length);
        sendDatagram(datagramSender, bArr2, 0, length);
    }

    private void sendRecord(short s2, byte[] bArr, int i2, int i3) {
        if (this.writeVersion == null) {
            return;
        }
        if (i3 > this.plaintextLimit) {
            throw new TlsFatalAlert((short) 80);
        }
        if (i3 < 1 && s2 != 23) {
            throw new TlsFatalAlert((short) 80);
        }
        synchronized (this.writeLock) {
            int epoch = this.writeEpoch.getEpoch();
            long allocateSequenceNumber = this.writeEpoch.allocateSequenceNumber();
            long macSequenceNumber = getMacSequenceNumber(epoch, allocateSequenceNumber);
            ProtocolVersion protocolVersion = this.writeVersion;
            int recordHeaderLengthWrite = this.writeEpoch.getRecordHeaderLengthWrite();
            TlsEncodeResult encodePlaintext = this.writeEpoch.getCipher().encodePlaintext(macSequenceNumber, s2, protocolVersion, recordHeaderLengthWrite, bArr, i2, i3);
            int i4 = encodePlaintext.len - recordHeaderLengthWrite;
            TlsUtils.checkUint16(i4);
            TlsUtils.writeUint8(encodePlaintext.recordType, encodePlaintext.buf, encodePlaintext.off + 0);
            TlsUtils.writeVersion(protocolVersion, encodePlaintext.buf, encodePlaintext.off + 1);
            TlsUtils.writeUint16(epoch, encodePlaintext.buf, encodePlaintext.off + 3);
            TlsUtils.writeUint48(allocateSequenceNumber, encodePlaintext.buf, encodePlaintext.off + 5);
            if (recordHeaderLengthWrite > 13) {
                byte[] connectionIDLocal = this.context.getSecurityParameters().getConnectionIDLocal();
                System.arraycopy(connectionIDLocal, 0, encodePlaintext.buf, encodePlaintext.off + 11, connectionIDLocal.length);
            }
            TlsUtils.writeUint16(i4, encodePlaintext.buf, encodePlaintext.off + (recordHeaderLengthWrite - 2));
            sendDatagram(this.transport, encodePlaintext.buf, encodePlaintext.off, encodePlaintext.len);
        }
    }

    @Override // org.bouncycastle.tls.TlsCloseable
    public void close() {
        if (this.closed) {
            return;
        }
        if (this.inHandshake && this.inConnection) {
            warn((short) 90, "User canceled handshake");
        }
        closeTransport();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void fail(short s2) {
        if (this.closed) {
            return;
        }
        if (this.inConnection) {
            try {
                raiseAlert((short) 2, s2, null, null);
            } catch (Exception unused) {
            }
        }
        this.failed = true;
        closeTransport();
    }

    void failed() {
        if (this.closed) {
            return;
        }
        this.failed = true;
        closeTransport();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public int getReadEpoch() {
        return this.readEpoch.getEpoch();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public ProtocolVersion getReadVersion() {
        return this.readVersion;
    }

    @Override // org.bouncycastle.tls.DatagramReceiver
    public int getReceiveLimit() {
        return Math.min(this.plaintextLimit, this.readEpoch.getCipher().getPlaintextDecodeLimit(this.transport.getReceiveLimit() - this.readEpoch.getRecordHeaderLengthRead()));
    }

    @Override // org.bouncycastle.tls.DatagramSender
    public int getSendLimit() {
        return Math.min(this.plaintextLimit, this.writeEpoch.getCipher().getPlaintextEncodeLimit(this.transport.getSendLimit() - this.writeEpoch.getRecordHeaderLengthWrite()));
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void handshakeSuccessful(DTLSHandshakeRetransmit dTLSHandshakeRetransmit) {
        DTLSEpoch dTLSEpoch = this.readEpoch;
        DTLSEpoch dTLSEpoch2 = this.currentEpoch;
        if (dTLSEpoch == dTLSEpoch2 || this.writeEpoch == dTLSEpoch2) {
            throw new IllegalStateException();
        }
        if (dTLSHandshakeRetransmit != null) {
            this.retransmit = dTLSHandshakeRetransmit;
            this.retransmitEpoch = dTLSEpoch2;
            this.retransmitTimeout = new Timeout(RETRANSMIT_TIMEOUT);
        }
        this.inHandshake = false;
        this.currentEpoch = this.pendingEpoch;
        this.pendingEpoch = null;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void initHeartbeat(TlsHeartbeat tlsHeartbeat, boolean z2) {
        if (this.inHandshake) {
            throw new IllegalStateException();
        }
        this.heartbeat = tlsHeartbeat;
        this.heartBeatResponder = z2;
        if (tlsHeartbeat != null) {
            resetHeartbeat();
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void initPendingEpoch(TlsCipher tlsCipher) {
        if (this.pendingEpoch != null) {
            throw new IllegalStateException();
        }
        SecurityParameters securityParameters = this.context.getSecurityParameters();
        byte[] connectionIDLocal = securityParameters.getConnectionIDLocal();
        byte[] connectionIDPeer = securityParameters.getConnectionIDPeer();
        this.pendingEpoch = new DTLSEpoch(this.writeEpoch.getEpoch() + 1, tlsCipher, (connectionIDPeer != null ? connectionIDPeer.length : 0) + 13, (connectionIDLocal != null ? connectionIDLocal.length : 0) + 13);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public boolean isClosed() {
        return this.closed;
    }

    @Override // org.bouncycastle.tls.DatagramReceiver
    public int receive(byte[] bArr, int i2, int i3, int i4) {
        return receive(bArr, i2, i3, i4, null);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public int receive(byte[] bArr, int i2, int i3, int i4, DTLSRecordCallback dTLSRecordCallback) {
        long currentTimeMillis = System.currentTimeMillis();
        int i5 = i4;
        Timeout forWaitMillis = Timeout.forWaitMillis(i5, currentTimeMillis);
        byte[] bArr2 = null;
        while (i5 >= 0) {
            Timeout timeout = this.retransmitTimeout;
            if (timeout != null && timeout.remainingMillis(currentTimeMillis) < 1) {
                this.retransmit = null;
                this.retransmitEpoch = null;
                this.retransmitTimeout = null;
            }
            if (Timeout.hasExpired(this.heartbeatTimeout, currentTimeMillis)) {
                if (this.heartbeatInFlight != null) {
                    throw new TlsTimeoutException("Heartbeat timed out");
                }
                this.heartbeatInFlight = HeartbeatMessage.create(this.context, (short) 1, this.heartbeat.generatePayload());
                this.heartbeatTimeout = new Timeout(this.heartbeat.getTimeoutMillis(), currentTimeMillis);
                int handshakeResendTimeMillis = this.peer.getHandshakeResendTimeMillis();
                this.heartbeatResendMillis = handshakeResendTimeMillis;
                this.heartbeatResendTimeout = new Timeout(handshakeResendTimeMillis, currentTimeMillis);
                sendHeartbeatMessage(this.heartbeatInFlight);
            } else if (Timeout.hasExpired(this.heartbeatResendTimeout, currentTimeMillis)) {
                int backOff = DTLSReliableHandshake.backOff(this.heartbeatResendMillis);
                this.heartbeatResendMillis = backOff;
                this.heartbeatResendTimeout = new Timeout(backOff, currentTimeMillis);
                sendHeartbeatMessage(this.heartbeatInFlight);
            }
            int constrainWaitMillis = Timeout.constrainWaitMillis(Timeout.constrainWaitMillis(i5, this.heartbeatTimeout, currentTimeMillis), this.heartbeatResendTimeout, currentTimeMillis);
            int i6 = constrainWaitMillis >= 0 ? constrainWaitMillis : 1;
            int receiveLimit = this.transport.getReceiveLimit();
            if (bArr2 == null || bArr2.length < receiveLimit) {
                bArr2 = new byte[receiveLimit];
            }
            byte[] bArr3 = bArr2;
            int processRecord = processRecord(receiveRecord(bArr3, 0, receiveLimit, i6), bArr3, bArr, i2, i3, dTLSRecordCallback);
            if (processRecord >= 0) {
                return processRecord;
            }
            currentTimeMillis = System.currentTimeMillis();
            i5 = Timeout.getWaitMillis(forWaitMillis, currentTimeMillis);
            bArr2 = bArr3;
        }
        return -1;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public int receivePending(byte[] bArr, int i2, int i3, DTLSRecordCallback dTLSRecordCallback) {
        if (this.recordQueue.available() <= 0) {
            return -1;
        }
        int available = this.recordQueue.available();
        byte[] bArr2 = new byte[available];
        do {
            int processRecord = processRecord(receivePendingRecord(bArr2, 0, available), bArr2, bArr, i2, i3, dTLSRecordCallback);
            if (processRecord >= 0) {
                return processRecord;
            }
        } while (this.recordQueue.available() > 0);
        return -1;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void resetAfterHelloVerifyRequestServer(long j2) {
        this.inConnection = true;
        this.currentEpoch.setSequenceNumber(j2);
        this.currentEpoch.getReplayWindow().reset(j2);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void resetWriteEpoch() {
        DTLSEpoch dTLSEpoch = this.retransmitEpoch;
        if (dTLSEpoch != null) {
            this.writeEpoch = dTLSEpoch;
        } else {
            this.writeEpoch = this.currentEpoch;
        }
    }

    @Override // org.bouncycastle.tls.DatagramSender
    public void send(byte[] bArr, int i2, int i3) {
        short s2;
        if (this.inHandshake || this.writeEpoch == this.retransmitEpoch) {
            if (TlsUtils.readUint8(bArr, i2) == 20) {
                DTLSEpoch dTLSEpoch = this.inHandshake ? this.pendingEpoch : this.writeEpoch == this.retransmitEpoch ? this.currentEpoch : null;
                if (dTLSEpoch == null) {
                    throw new IllegalStateException();
                }
                sendRecord((short) 20, new byte[]{1}, 0, 1);
                this.writeEpoch = dTLSEpoch;
            }
            s2 = 22;
        } else {
            s2 = 23;
        }
        sendRecord(s2, bArr, i2, i3);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void setPlaintextLimit(int i2) {
        this.plaintextLimit = i2;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void setReadVersion(ProtocolVersion protocolVersion) {
        this.readVersion = protocolVersion;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void setWriteVersion(ProtocolVersion protocolVersion) {
        this.writeVersion = protocolVersion;
    }

    void warn(short s2, String str) {
        raiseAlert((short) 1, s2, str, null);
    }
}
