package org.spongycastle.crypto.tls;

import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.security.SecureRandom;
import java.util.Enumeration;
import java.util.Hashtable;
import java.util.Vector;
import org.spongycastle.crypto.tls.DTLSReliableHandshake;
import org.spongycastle.crypto.tls.SessionParameters;
import org.spongycastle.util.Arrays;

/* loaded from: classes3.dex */
public class DTLSClientProtocol extends DTLSProtocol {

    /* JADX INFO: Access modifiers changed from: protected */
    /* loaded from: classes3.dex */
    public static class ClientHandshakeState {

        /* renamed from: a, reason: collision with root package name */
        TlsClient f28744a = null;

        /* renamed from: b, reason: collision with root package name */
        TlsClientContextImpl f28745b = null;

        /* renamed from: c, reason: collision with root package name */
        TlsSession f28746c = null;

        /* renamed from: d, reason: collision with root package name */
        SessionParameters f28747d = null;

        /* renamed from: e, reason: collision with root package name */
        SessionParameters.Builder f28748e = null;

        /* renamed from: f, reason: collision with root package name */
        int[] f28749f = null;

        /* renamed from: g, reason: collision with root package name */
        short[] f28750g = null;

        /* renamed from: h, reason: collision with root package name */
        Hashtable f28751h = null;

        /* renamed from: i, reason: collision with root package name */
        byte[] f28752i = null;

        /* renamed from: j, reason: collision with root package name */
        int f28753j = -1;

        /* renamed from: k, reason: collision with root package name */
        short f28754k = -1;

        /* renamed from: l, reason: collision with root package name */
        boolean f28755l = false;

        /* renamed from: m, reason: collision with root package name */
        short f28756m = -1;

        /* renamed from: n, reason: collision with root package name */
        boolean f28757n = false;

        /* renamed from: o, reason: collision with root package name */
        boolean f28758o = false;

        /* renamed from: p, reason: collision with root package name */
        TlsKeyExchange f28759p = null;

        /* renamed from: q, reason: collision with root package name */
        TlsAuthentication f28760q = null;

        /* renamed from: r, reason: collision with root package name */
        CertificateStatus f28761r = null;

        /* renamed from: s, reason: collision with root package name */
        CertificateRequest f28762s = null;

        /* renamed from: t, reason: collision with root package name */
        TlsCredentials f28763t = null;

        protected ClientHandshakeState() {
        }
    }

    public DTLSClientProtocol(SecureRandom secureRandom) {
        super(secureRandom);
    }

    protected static byte[] l(byte[] bArr, byte[] bArr2) throws IOException {
        int G0 = 35 + TlsUtils.G0(bArr, 34);
        int i4 = G0 + 1;
        byte[] bArr3 = new byte[bArr.length + bArr2.length];
        System.arraycopy(bArr, 0, bArr3, 0, G0);
        TlsUtils.q(bArr2.length);
        TlsUtils.i1(bArr2.length, bArr3, G0);
        System.arraycopy(bArr2, 0, bArr3, i4, bArr2.length);
        System.arraycopy(bArr, i4, bArr3, bArr2.length + i4, bArr.length - i4);
        return bArr3;
    }

    protected DTLSTransport f(ClientHandshakeState clientHandshakeState, DTLSRecordLayer dTLSRecordLayer) throws IOException {
        DTLSReliableHandshake.Message message;
        Certificate certificate;
        byte[] m4;
        SignatureAndHashAlgorithm signatureAndHashAlgorithm;
        TlsSession tlsSession;
        SecurityParameters j4 = clientHandshakeState.f28745b.j();
        DTLSReliableHandshake dTLSReliableHandshake = new DTLSReliableHandshake(clientHandshakeState.f28745b, dTLSRecordLayer);
        byte[] i4 = i(clientHandshakeState, clientHandshakeState.f28744a);
        dTLSReliableHandshake.r((short) 1, i4);
        DTLSReliableHandshake.Message m5 = dTLSReliableHandshake.m();
        while (m5.c() == 3) {
            if (!dTLSRecordLayer.m().i(clientHandshakeState.f28745b.c())) {
                throw new TlsFatalAlert((short) 47);
            }
            byte[] l4 = l(i4, o(clientHandshakeState, m5.a()));
            dTLSReliableHandshake.q();
            dTLSReliableHandshake.r((short) 1, l4);
            m5 = dTLSReliableHandshake.m();
        }
        if (m5.c() != 2) {
            throw new TlsFatalAlert((short) 10);
        }
        u(clientHandshakeState, dTLSRecordLayer.g());
        r(clientHandshakeState, m5.a());
        short s4 = clientHandshakeState.f28756m;
        if (s4 >= 0) {
            dTLSRecordLayer.p(1 << (s4 + 8));
        }
        int i5 = clientHandshakeState.f28753j;
        j4.f29059b = i5;
        j4.f29060c = clientHandshakeState.f28754k;
        j4.f29061d = TlsProtocol.p(clientHandshakeState.f28745b, i5);
        j4.f29062e = 12;
        dTLSReliableHandshake.j();
        byte[] bArr = clientHandshakeState.f28752i;
        if (bArr.length > 0 && (tlsSession = clientHandshakeState.f28746c) != null && Arrays.d(bArr, tlsSession.a())) {
            if (j4.c() != clientHandshakeState.f28747d.c() || j4.e() != clientHandshakeState.f28747d.d()) {
                throw new TlsFatalAlert((short) 47);
            }
            j4.f29063f = Arrays.j(clientHandshakeState.f28747d.e());
            dTLSRecordLayer.j(clientHandshakeState.f28744a.s());
            TlsClientContextImpl tlsClientContextImpl = clientHandshakeState.f28745b;
            d(dTLSReliableHandshake.n((short) 20), TlsUtils.i(tlsClientContextImpl, ExporterLabel.f28888b, TlsProtocol.m(tlsClientContextImpl, dTLSReliableHandshake.i(), null)));
            TlsClientContextImpl tlsClientContextImpl2 = clientHandshakeState.f28745b;
            dTLSReliableHandshake.r((short) 20, TlsUtils.i(tlsClientContextImpl2, ExporterLabel.f28887a, TlsProtocol.m(tlsClientContextImpl2, dTLSReliableHandshake.i(), null)));
            dTLSReliableHandshake.h();
            clientHandshakeState.f28745b.m(clientHandshakeState.f28746c);
            clientHandshakeState.f28744a.C();
            return new DTLSTransport(dTLSRecordLayer);
        }
        k(clientHandshakeState);
        byte[] bArr2 = clientHandshakeState.f28752i;
        if (bArr2.length > 0) {
            clientHandshakeState.f28746c = new TlsSessionImpl(bArr2, null);
        }
        DTLSReliableHandshake.Message m6 = dTLSReliableHandshake.m();
        if (m6.c() == 23) {
            t(clientHandshakeState, m6.a());
            m6 = dTLSReliableHandshake.m();
        } else {
            clientHandshakeState.f28744a.z(null);
        }
        TlsKeyExchange a5 = clientHandshakeState.f28744a.a();
        clientHandshakeState.f28759p = a5;
        a5.a(clientHandshakeState.f28745b);
        if (m6.c() == 11) {
            certificate = q(clientHandshakeState, m6.a());
            message = dTLSReliableHandshake.m();
        } else {
            clientHandshakeState.f28759p.o();
            message = m6;
            certificate = null;
        }
        if (certificate == null || certificate.g()) {
            clientHandshakeState.f28757n = false;
        }
        if (message.c() == 22) {
            n(clientHandshakeState, message.a());
            message = dTLSReliableHandshake.m();
        }
        if (message.c() == 12) {
            s(clientHandshakeState, message.a());
            message = dTLSReliableHandshake.m();
        } else {
            clientHandshakeState.f28759p.k();
        }
        if (message.c() == 13) {
            m(clientHandshakeState, message.a());
            TlsUtils.M0(dTLSReliableHandshake.i(), clientHandshakeState.f28762s.d());
            message = dTLSReliableHandshake.m();
        }
        if (message.c() != 14) {
            throw new TlsFatalAlert((short) 10);
        }
        if (message.a().length != 0) {
            throw new TlsFatalAlert((short) 50);
        }
        dTLSReliableHandshake.i().n();
        Vector f4 = clientHandshakeState.f28744a.f();
        if (f4 != null) {
            dTLSReliableHandshake.r((short) 23, DTLSProtocol.c(f4));
        }
        CertificateRequest certificateRequest = clientHandshakeState.f28762s;
        if (certificateRequest != null) {
            TlsCredentials a6 = clientHandshakeState.f28760q.a(certificateRequest);
            clientHandshakeState.f28763t = a6;
            Certificate e4 = a6 != null ? a6.e() : null;
            if (e4 == null) {
                e4 = Certificate.f28565b;
            }
            dTLSReliableHandshake.r((short) 11, DTLSProtocol.b(e4));
        }
        TlsCredentials tlsCredentials = clientHandshakeState.f28763t;
        if (tlsCredentials != null) {
            clientHandshakeState.f28759p.f(tlsCredentials);
        } else {
            clientHandshakeState.f28759p.g();
        }
        dTLSReliableHandshake.r((short) 16, j(clientHandshakeState));
        TlsProtocol.i(clientHandshakeState.f28745b, clientHandshakeState.f28759p);
        dTLSRecordLayer.j(clientHandshakeState.f28744a.s());
        TlsHandshakeHash l5 = dTLSReliableHandshake.l();
        TlsCredentials tlsCredentials2 = clientHandshakeState.f28763t;
        if (tlsCredentials2 != null && (tlsCredentials2 instanceof TlsSignerCredentials)) {
            TlsSignerCredentials tlsSignerCredentials = (TlsSignerCredentials) tlsCredentials2;
            if (TlsUtils.a0(clientHandshakeState.f28745b)) {
                signatureAndHashAlgorithm = tlsSignerCredentials.c();
                if (signatureAndHashAlgorithm == null) {
                    throw new TlsFatalAlert((short) 80);
                }
                m4 = l5.l(signatureAndHashAlgorithm.b());
            } else {
                m4 = TlsProtocol.m(clientHandshakeState.f28745b, l5, null);
                signatureAndHashAlgorithm = null;
            }
            dTLSReliableHandshake.r((short) 15, h(clientHandshakeState, new DigitallySigned(signatureAndHashAlgorithm, tlsSignerCredentials.d(m4))));
        }
        TlsClientContextImpl tlsClientContextImpl3 = clientHandshakeState.f28745b;
        dTLSReliableHandshake.r((short) 20, TlsUtils.i(tlsClientContextImpl3, ExporterLabel.f28887a, TlsProtocol.m(tlsClientContextImpl3, dTLSReliableHandshake.i(), null)));
        if (clientHandshakeState.f28758o) {
            DTLSReliableHandshake.Message m7 = dTLSReliableHandshake.m();
            if (m7.c() != 4) {
                throw new TlsFatalAlert((short) 10);
            }
            p(clientHandshakeState, m7.a());
        }
        TlsClientContextImpl tlsClientContextImpl4 = clientHandshakeState.f28745b;
        d(dTLSReliableHandshake.n((short) 20), TlsUtils.i(tlsClientContextImpl4, ExporterLabel.f28888b, TlsProtocol.m(tlsClientContextImpl4, dTLSReliableHandshake.i(), null)));
        dTLSReliableHandshake.h();
        if (clientHandshakeState.f28746c != null) {
            clientHandshakeState.f28747d = new SessionParameters.Builder().b(j4.f29059b).c(j4.f29060c).d(j4.f29063f).e(certificate).a();
            TlsSession T = TlsUtils.T(clientHandshakeState.f28746c.a(), clientHandshakeState.f28747d);
            clientHandshakeState.f28746c = T;
            clientHandshakeState.f28745b.m(T);
        }
        clientHandshakeState.f28744a.C();
        return new DTLSTransport(dTLSRecordLayer);
    }

    public DTLSTransport g(TlsClient tlsClient, DatagramTransport datagramTransport) throws IOException {
        SessionParameters c5;
        if (tlsClient == null) {
            throw new IllegalArgumentException("'client' cannot be null");
        }
        if (datagramTransport == null) {
            throw new IllegalArgumentException("'transport' cannot be null");
        }
        SecurityParameters securityParameters = new SecurityParameters();
        securityParameters.f29058a = 1;
        ClientHandshakeState clientHandshakeState = new ClientHandshakeState();
        clientHandshakeState.f28744a = tlsClient;
        clientHandshakeState.f28745b = new TlsClientContextImpl(this.f28768a, securityParameters);
        securityParameters.f29064g = TlsProtocol.f(tlsClient.J(), clientHandshakeState.f28745b.i());
        tlsClient.i(clientHandshakeState.f28745b);
        DTLSRecordLayer dTLSRecordLayer = new DTLSRecordLayer(datagramTransport, clientHandshakeState.f28745b, tlsClient, (short) 22);
        TlsSession A = clientHandshakeState.f28744a.A();
        if (A != null && (c5 = A.c()) != null) {
            clientHandshakeState.f28746c = A;
            clientHandshakeState.f28747d = c5;
        }
        try {
            return f(clientHandshakeState, dTLSRecordLayer);
        } catch (RuntimeException unused) {
            dTLSRecordLayer.f((short) 80);
            throw new TlsFatalAlert((short) 80);
        } catch (TlsFatalAlert e4) {
            dTLSRecordLayer.f(e4.a());
            throw e4;
        } catch (IOException e5) {
            dTLSRecordLayer.f((short) 80);
            throw e5;
        }
    }

    protected byte[] h(ClientHandshakeState clientHandshakeState, DigitallySigned digitallySigned) throws IOException {
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        digitallySigned.a(byteArrayOutputStream);
        return byteArrayOutputStream.toByteArray();
    }

    protected byte[] i(ClientHandshakeState clientHandshakeState, TlsClient tlsClient) throws IOException {
        byte[] bArr;
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        ProtocolVersion c5 = tlsClient.c();
        if (!c5.h()) {
            throw new TlsFatalAlert((short) 80);
        }
        clientHandshakeState.f28745b.l(c5);
        TlsUtils.p1(c5, byteArrayOutputStream);
        byteArrayOutputStream.write(clientHandshakeState.f28745b.j().d());
        byte[] bArr2 = TlsUtils.f29214a;
        TlsSession tlsSession = clientHandshakeState.f28746c;
        if (tlsSession == null || (bArr = tlsSession.a()) == null || bArr.length > 32) {
            bArr = bArr2;
        }
        TlsUtils.S0(bArr, byteArrayOutputStream);
        TlsUtils.S0(bArr2, byteArrayOutputStream);
        clientHandshakeState.f28749f = tlsClient.q();
        Hashtable K = tlsClient.K();
        clientHandshakeState.f28751h = K;
        boolean z4 = TlsUtils.L(K, TlsProtocol.A) == null;
        boolean z5 = !Arrays.x(clientHandshakeState.f28749f, 255);
        if (z4 && z5) {
            clientHandshakeState.f28749f = Arrays.b(clientHandshakeState.f28749f, 255);
        }
        TlsUtils.X0(clientHandshakeState.f28749f, byteArrayOutputStream);
        short[] sArr = {0};
        clientHandshakeState.f28750g = sArr;
        TlsUtils.n1(sArr, byteArrayOutputStream);
        Hashtable hashtable = clientHandshakeState.f28751h;
        if (hashtable != null) {
            TlsProtocol.P(byteArrayOutputStream, hashtable);
        }
        return byteArrayOutputStream.toByteArray();
    }

    protected byte[] j(ClientHandshakeState clientHandshakeState) throws IOException {
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        clientHandshakeState.f28759p.h(byteArrayOutputStream);
        return byteArrayOutputStream.toByteArray();
    }

    protected void k(ClientHandshakeState clientHandshakeState) {
        SessionParameters sessionParameters = clientHandshakeState.f28747d;
        if (sessionParameters != null) {
            sessionParameters.a();
            clientHandshakeState.f28747d = null;
        }
        TlsSession tlsSession = clientHandshakeState.f28746c;
        if (tlsSession != null) {
            tlsSession.invalidate();
            clientHandshakeState.f28746c = null;
        }
    }

    protected void m(ClientHandshakeState clientHandshakeState, byte[] bArr) throws IOException {
        if (clientHandshakeState.f28760q == null) {
            throw new TlsFatalAlert((short) 40);
        }
        ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(bArr);
        clientHandshakeState.f28762s = CertificateRequest.e(clientHandshakeState.f28745b, byteArrayInputStream);
        TlsProtocol.b(byteArrayInputStream);
        clientHandshakeState.f28759p.i(clientHandshakeState.f28762s);
    }

    protected void n(ClientHandshakeState clientHandshakeState, byte[] bArr) throws IOException {
        if (!clientHandshakeState.f28757n) {
            throw new TlsFatalAlert((short) 10);
        }
        ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(bArr);
        clientHandshakeState.f28761r = CertificateStatus.f(byteArrayInputStream);
        TlsProtocol.b(byteArrayInputStream);
    }

    protected byte[] o(ClientHandshakeState clientHandshakeState, byte[] bArr) throws IOException {
        ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(bArr);
        ProtocolVersion I0 = TlsUtils.I0(byteArrayInputStream);
        byte[] u02 = TlsUtils.u0(byteArrayInputStream);
        TlsProtocol.b(byteArrayInputStream);
        if (!I0.i(clientHandshakeState.f28745b.c())) {
            throw new TlsFatalAlert((short) 47);
        }
        if (ProtocolVersion.f29020h.i(I0) || u02.length <= 32) {
            return u02;
        }
        throw new TlsFatalAlert((short) 47);
    }

    protected void p(ClientHandshakeState clientHandshakeState, byte[] bArr) throws IOException {
        ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(bArr);
        NewSessionTicket d4 = NewSessionTicket.d(byteArrayInputStream);
        TlsProtocol.b(byteArrayInputStream);
        clientHandshakeState.f28744a.L(d4);
    }

    protected Certificate q(ClientHandshakeState clientHandshakeState, byte[] bArr) throws IOException {
        ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(bArr);
        Certificate h4 = Certificate.h(byteArrayInputStream);
        TlsProtocol.b(byteArrayInputStream);
        clientHandshakeState.f28759p.n(h4);
        TlsAuthentication l12 = clientHandshakeState.f28744a.l1();
        clientHandshakeState.f28760q = l12;
        l12.b(h4);
        return h4;
    }

    protected void r(ClientHandshakeState clientHandshakeState, byte[] bArr) throws IOException {
        int i4;
        SecurityParameters j4 = clientHandshakeState.f28745b.j();
        ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(bArr);
        ProtocolVersion I0 = TlsUtils.I0(byteArrayInputStream);
        u(clientHandshakeState, I0);
        j4.f29065h = TlsUtils.r0(32, byteArrayInputStream);
        byte[] u02 = TlsUtils.u0(byteArrayInputStream);
        clientHandshakeState.f28752i = u02;
        if (u02.length > 32) {
            throw new TlsFatalAlert((short) 47);
        }
        clientHandshakeState.f28744a.B(u02);
        int w02 = TlsUtils.w0(byteArrayInputStream);
        clientHandshakeState.f28753j = w02;
        if (!Arrays.x(clientHandshakeState.f28749f, w02) || (i4 = clientHandshakeState.f28753j) == 0 || i4 == 255 || !TlsUtils.b0(i4, I0)) {
            throw new TlsFatalAlert((short) 47);
        }
        DTLSProtocol.e(clientHandshakeState.f28753j, (short) 47);
        clientHandshakeState.f28744a.F(clientHandshakeState.f28753j);
        short F0 = TlsUtils.F0(byteArrayInputStream);
        clientHandshakeState.f28754k = F0;
        if (!Arrays.y(clientHandshakeState.f28750g, F0)) {
            throw new TlsFatalAlert((short) 47);
        }
        clientHandshakeState.f28744a.d(clientHandshakeState.f28754k);
        Hashtable G = TlsProtocol.G(byteArrayInputStream);
        if (G != null) {
            Enumeration keys = G.keys();
            while (keys.hasMoreElements()) {
                Integer num = (Integer) keys.nextElement();
                if (!num.equals(TlsProtocol.A) && TlsUtils.L(clientHandshakeState.f28751h, num) == null) {
                    throw new TlsFatalAlert(AlertDescription.f28547y);
                }
            }
            byte[] bArr2 = (byte[]) G.get(TlsProtocol.A);
            if (bArr2 != null) {
                clientHandshakeState.f28755l = true;
                if (!Arrays.w(bArr2, TlsProtocol.g(TlsUtils.f29214a))) {
                    throw new TlsFatalAlert((short) 40);
                }
            }
            boolean s4 = TlsExtensionsUtils.s(G);
            if (s4 && !TlsUtils.V(clientHandshakeState.f28753j)) {
                throw new TlsFatalAlert((short) 47);
            }
            j4.f29068k = s4;
            clientHandshakeState.f28756m = DTLSProtocol.a(clientHandshakeState.f28751h, G, (short) 47);
            j4.f29067j = TlsExtensionsUtils.t(G);
            clientHandshakeState.f28757n = TlsUtils.Q(G, TlsExtensionsUtils.f29137e, (short) 47);
            clientHandshakeState.f28758o = TlsUtils.Q(G, TlsProtocol.B, (short) 47);
        }
        clientHandshakeState.f28744a.r(clientHandshakeState.f28755l);
        if (clientHandshakeState.f28751h != null) {
            clientHandshakeState.f28744a.j(G);
        }
    }

    protected void s(ClientHandshakeState clientHandshakeState, byte[] bArr) throws IOException {
        ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(bArr);
        clientHandshakeState.f28759p.c(byteArrayInputStream);
        TlsProtocol.b(byteArrayInputStream);
    }

    protected void t(ClientHandshakeState clientHandshakeState, byte[] bArr) throws IOException {
        clientHandshakeState.f28744a.z(TlsProtocol.H(new ByteArrayInputStream(bArr)));
    }

    protected void u(ClientHandshakeState clientHandshakeState, ProtocolVersion protocolVersion) throws IOException {
        TlsClientContextImpl tlsClientContextImpl = clientHandshakeState.f28745b;
        ProtocolVersion b5 = tlsClientContextImpl.b();
        if (b5 == null) {
            tlsClientContextImpl.n(protocolVersion);
            clientHandshakeState.f28744a.w(protocolVersion);
        } else if (!b5.a(protocolVersion)) {
            throw new TlsFatalAlert((short) 47);
        }
    }
}
