package org.bouncycastle.crypto.tls;

import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.io.OutputStream;
import java.security.SecureRandom;
import java.util.Enumeration;
import java.util.Hashtable;
import java.util.Vector;
import org.bouncycastle.crypto.tls.DTLSReliableHandshake;
import org.bouncycastle.crypto.tls.SessionParameters;
import org.bouncycastle.util.Arrays;

/* loaded from: classes4.dex */
public class DTLSClientProtocol extends DTLSProtocol {

    /* JADX INFO: Access modifiers changed from: protected */
    /* loaded from: classes4.dex */
    public static class ClientHandshakeState {

        /* renamed from: a, reason: collision with root package name */
        TlsClient f7475a = null;
        TlsClientContextImpl b = null;
        TlsSession c = null;
        SessionParameters d = null;
        SessionParameters.Builder e = null;
        int[] f = null;
        short[] g = null;
        Hashtable h = null;
        Hashtable i = null;
        byte[] j = null;
        boolean k = false;
        boolean l = false;
        boolean m = false;
        boolean n = false;
        TlsKeyExchange o = null;
        TlsAuthentication p = null;
        CertificateStatus q = null;
        CertificateRequest r = null;
        TlsCredentials s = null;

        protected ClientHandshakeState() {
        }
    }

    public DTLSClientProtocol(SecureRandom secureRandom) {
        super(secureRandom);
    }

    protected static byte[] b(byte[] bArr, byte[] bArr2) throws IOException {
        int e = 35 + TlsUtils.e(bArr, 34);
        int i = e + 1;
        byte[] bArr3 = new byte[bArr.length + bArr2.length];
        System.arraycopy(bArr, 0, bArr3, 0, e);
        TlsUtils.c(bArr2.length);
        TlsUtils.c(bArr2.length, bArr3, e);
        System.arraycopy(bArr2, 0, bArr3, i, bArr2.length);
        System.arraycopy(bArr, i, bArr3, bArr2.length + i, bArr.length - i);
        return bArr3;
    }

    protected DTLSTransport a(ClientHandshakeState clientHandshakeState, DTLSRecordLayer dTLSRecordLayer) throws IOException {
        DTLSReliableHandshake.Message message;
        Certificate certificate;
        SecurityParameters g = clientHandshakeState.b.g();
        DTLSReliableHandshake dTLSReliableHandshake = new DTLSReliableHandshake(clientHandshakeState.b, dTLSRecordLayer);
        byte[] a2 = a(clientHandshakeState, clientHandshakeState.f7475a);
        dTLSRecordLayer.b(ProtocolVersion.g);
        dTLSReliableHandshake.a((short) 1, a2);
        while (true) {
            DTLSReliableHandshake.Message e = dTLSReliableHandshake.e();
            if (e.c() != 3) {
                if (e.c() != 2) {
                    throw new TlsFatalAlert((short) 10);
                }
                ProtocolVersion e2 = dTLSRecordLayer.e();
                a(clientHandshakeState, e2);
                dTLSRecordLayer.b(e2);
                f(clientHandshakeState, e.a());
                dTLSReliableHandshake.c();
                DTLSProtocol.a(dTLSRecordLayer, g.l);
                if (clientHandshakeState.k) {
                    g.f = Arrays.b(clientHandshakeState.d.e());
                    dTLSRecordLayer.a(clientHandshakeState.f7475a.e());
                    TlsClientContextImpl tlsClientContextImpl = clientHandshakeState.b;
                    a(dTLSReliableHandshake.a((short) 20), TlsUtils.a(tlsClientContextImpl, ExporterLabel.b, TlsProtocol.a(tlsClientContextImpl, dTLSReliableHandshake.b(), (byte[]) null)));
                    TlsClientContextImpl tlsClientContextImpl2 = clientHandshakeState.b;
                    dTLSReliableHandshake.a((short) 20, TlsUtils.a(tlsClientContextImpl2, ExporterLabel.f7497a, TlsProtocol.a(tlsClientContextImpl2, dTLSReliableHandshake.b(), (byte[]) null)));
                    dTLSReliableHandshake.a();
                    clientHandshakeState.b.a(clientHandshakeState.c);
                    clientHandshakeState.f7475a.f();
                    return new DTLSTransport(dTLSRecordLayer);
                }
                b(clientHandshakeState);
                byte[] bArr = clientHandshakeState.j;
                if (bArr.length > 0) {
                    clientHandshakeState.c = new TlsSessionImpl(bArr, null);
                }
                DTLSReliableHandshake.Message e3 = dTLSReliableHandshake.e();
                if (e3.c() == 23) {
                    h(clientHandshakeState, e3.a());
                    e3 = dTLSReliableHandshake.e();
                } else {
                    clientHandshakeState.f7475a.b(null);
                }
                clientHandshakeState.o = clientHandshakeState.f7475a.d();
                clientHandshakeState.o.a(clientHandshakeState.b);
                if (e3.c() == 11) {
                    certificate = e(clientHandshakeState, e3.a());
                    message = dTLSReliableHandshake.e();
                } else {
                    clientHandshakeState.o.f();
                    message = e3;
                    certificate = null;
                }
                if (certificate == null || certificate.d()) {
                    clientHandshakeState.m = false;
                }
                if (message.c() == 22) {
                    b(clientHandshakeState, message.a());
                    message = dTLSReliableHandshake.e();
                }
                if (message.c() == 12) {
                    g(clientHandshakeState, message.a());
                    message = dTLSReliableHandshake.e();
                } else {
                    clientHandshakeState.o.d();
                }
                if (message.c() == 13) {
                    a(clientHandshakeState, message.a());
                    TlsUtils.a(dTLSReliableHandshake.b(), clientHandshakeState.r.c());
                    message = dTLSReliableHandshake.e();
                }
                if (message.c() != 14) {
                    throw new TlsFatalAlert((short) 10);
                }
                if (message.a().length != 0) {
                    throw new TlsFatalAlert((short) 50);
                }
                dTLSReliableHandshake.b().g();
                Vector j = clientHandshakeState.f7475a.j();
                if (j != null) {
                    dTLSReliableHandshake.a((short) 23, DTLSProtocol.a(j));
                }
                CertificateRequest certificateRequest = clientHandshakeState.r;
                if (certificateRequest != null) {
                    clientHandshakeState.s = clientHandshakeState.p.a(certificateRequest);
                    TlsCredentials tlsCredentials = clientHandshakeState.s;
                    Certificate a3 = tlsCredentials != null ? tlsCredentials.a() : null;
                    if (a3 == null) {
                        a3 = Certificate.b;
                    }
                    dTLSReliableHandshake.a((short) 11, DTLSProtocol.a(a3));
                }
                TlsCredentials tlsCredentials2 = clientHandshakeState.s;
                if (tlsCredentials2 != null) {
                    clientHandshakeState.o.b(tlsCredentials2);
                } else {
                    clientHandshakeState.o.b();
                }
                dTLSReliableHandshake.a((short) 16, a(clientHandshakeState));
                TlsHandshakeHash d = dTLSReliableHandshake.d();
                g.i = TlsProtocol.a(clientHandshakeState.b, d, (byte[]) null);
                TlsProtocol.a(clientHandshakeState.b, clientHandshakeState.o);
                dTLSRecordLayer.a(clientHandshakeState.f7475a.e());
                TlsCredentials tlsCredentials3 = clientHandshakeState.s;
                if (tlsCredentials3 != null && (tlsCredentials3 instanceof TlsSignerCredentials)) {
                    TlsSignerCredentials tlsSignerCredentials = (TlsSignerCredentials) tlsCredentials3;
                    SignatureAndHashAlgorithm a4 = TlsUtils.a(clientHandshakeState.b, tlsSignerCredentials);
                    dTLSReliableHandshake.a((short) 15, a(clientHandshakeState, new DigitallySigned(a4, tlsSignerCredentials.b(a4 == null ? g.l() : d.b(a4.a())))));
                }
                TlsClientContextImpl tlsClientContextImpl3 = clientHandshakeState.b;
                dTLSReliableHandshake.a((short) 20, TlsUtils.a(tlsClientContextImpl3, ExporterLabel.f7497a, TlsProtocol.a(tlsClientContextImpl3, dTLSReliableHandshake.b(), (byte[]) null)));
                if (clientHandshakeState.n) {
                    DTLSReliableHandshake.Message e4 = dTLSReliableHandshake.e();
                    if (e4.c() != 4) {
                        throw new TlsFatalAlert((short) 10);
                    }
                    d(clientHandshakeState, e4.a());
                }
                TlsClientContextImpl tlsClientContextImpl4 = clientHandshakeState.b;
                a(dTLSReliableHandshake.a((short) 20), TlsUtils.a(tlsClientContextImpl4, ExporterLabel.b, TlsProtocol.a(tlsClientContextImpl4, dTLSReliableHandshake.b(), (byte[]) null)));
                dTLSReliableHandshake.a();
                if (clientHandshakeState.c != null) {
                    clientHandshakeState.d = new SessionParameters.Builder().a(g.b()).a(g.d()).a(g.f()).a(certificate).b(g.g()).d(g.j()).a(clientHandshakeState.i).a();
                    clientHandshakeState.c = TlsUtils.a(clientHandshakeState.c.a(), clientHandshakeState.d);
                    clientHandshakeState.b.a(clientHandshakeState.c);
                }
                clientHandshakeState.f7475a.f();
                return new DTLSTransport(dTLSRecordLayer);
            }
            if (!dTLSRecordLayer.e().b(clientHandshakeState.b.b())) {
                throw new TlsFatalAlert((short) 47);
            }
            dTLSRecordLayer.a((ProtocolVersion) null);
            byte[] b = b(a2, c(clientHandshakeState, e.a()));
            dTLSReliableHandshake.f();
            dTLSReliableHandshake.a((short) 1, b);
        }
    }

    public DTLSTransport a(TlsClient tlsClient, DatagramTransport datagramTransport) throws IOException {
        SessionParameters c;
        if (tlsClient == null) {
            throw new IllegalArgumentException("'client' cannot be null");
        }
        if (datagramTransport == null) {
            throw new IllegalArgumentException("'transport' cannot be null");
        }
        SecurityParameters securityParameters = new SecurityParameters();
        securityParameters.f7520a = 1;
        ClientHandshakeState clientHandshakeState = new ClientHandshakeState();
        clientHandshakeState.f7475a = tlsClient;
        clientHandshakeState.b = new TlsClientContextImpl(this.f7477a, securityParameters);
        securityParameters.g = TlsProtocol.a(tlsClient.g(), clientHandshakeState.b.f());
        tlsClient.a(clientHandshakeState.b);
        DTLSRecordLayer dTLSRecordLayer = new DTLSRecordLayer(datagramTransport, clientHandshakeState.b, tlsClient, (short) 22);
        TlsSession r = clientHandshakeState.f7475a.r();
        if (r != null && r.b() && (c = r.c()) != null) {
            clientHandshakeState.c = r;
            clientHandshakeState.d = c;
        }
        try {
            try {
                return a(clientHandshakeState, dTLSRecordLayer);
            } catch (RuntimeException e) {
                a(clientHandshakeState, dTLSRecordLayer, (short) 80);
                throw new TlsFatalAlert((short) 80, e);
            } catch (TlsFatalAlert e2) {
                a(clientHandshakeState, dTLSRecordLayer, e2.getAlertDescription());
                throw e2;
            } catch (IOException e3) {
                a(clientHandshakeState, dTLSRecordLayer, (short) 80);
                throw e3;
            }
        } finally {
            securityParameters.a();
        }
    }

    protected void a(ClientHandshakeState clientHandshakeState, DTLSRecordLayer dTLSRecordLayer, short s) {
        dTLSRecordLayer.a(s);
        b(clientHandshakeState);
    }

    protected void a(ClientHandshakeState clientHandshakeState, ProtocolVersion protocolVersion) throws IOException {
        TlsClientContextImpl tlsClientContextImpl = clientHandshakeState.b;
        ProtocolVersion a2 = tlsClientContextImpl.a();
        if (a2 == null) {
            tlsClientContextImpl.b(protocolVersion);
            clientHandshakeState.f7475a.a(protocolVersion);
        } else if (!a2.a(protocolVersion)) {
            throw new TlsFatalAlert((short) 47);
        }
    }

    protected void a(ClientHandshakeState clientHandshakeState, byte[] bArr) throws IOException {
        if (clientHandshakeState.p == null) {
            throw new TlsFatalAlert((short) 40);
        }
        ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(bArr);
        clientHandshakeState.r = CertificateRequest.a(clientHandshakeState.b, byteArrayInputStream);
        TlsProtocol.b(byteArrayInputStream);
        clientHandshakeState.o.a(clientHandshakeState.r);
    }

    protected byte[] a(ClientHandshakeState clientHandshakeState) throws IOException {
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        clientHandshakeState.o.a(byteArrayOutputStream);
        return byteArrayOutputStream.toByteArray();
    }

    protected byte[] a(ClientHandshakeState clientHandshakeState, DigitallySigned digitallySigned) throws IOException {
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        digitallySigned.a(byteArrayOutputStream);
        return byteArrayOutputStream.toByteArray();
    }

    protected byte[] a(ClientHandshakeState clientHandshakeState, TlsClient tlsClient) throws IOException {
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        ProtocolVersion b = tlsClient.b();
        if (!b.e()) {
            throw new TlsFatalAlert((short) 80);
        }
        TlsClientContextImpl tlsClientContextImpl = clientHandshakeState.b;
        tlsClientContextImpl.a(b);
        TlsUtils.a(b, byteArrayOutputStream);
        byteArrayOutputStream.write(tlsClientContextImpl.g().c());
        byte[] bArr = TlsUtils.f7548a;
        TlsSession tlsSession = clientHandshakeState.c;
        if (tlsSession != null && ((bArr = tlsSession.a()) == null || bArr.length > 32)) {
            bArr = TlsUtils.f7548a;
        }
        TlsUtils.c(bArr, byteArrayOutputStream);
        TlsUtils.c(TlsUtils.f7548a, byteArrayOutputStream);
        boolean h = tlsClient.h();
        clientHandshakeState.f = tlsClient.p();
        clientHandshakeState.h = tlsClient.w();
        boolean z = TlsUtils.a(clientHandshakeState.h, TlsProtocol.E) == null;
        boolean z2 = !Arrays.b(clientHandshakeState.f, 255);
        if (z && z2) {
            clientHandshakeState.f = Arrays.a(clientHandshakeState.f, 255);
        }
        if (h && !Arrays.b(clientHandshakeState.f, CipherSuite.Q3)) {
            clientHandshakeState.f = Arrays.a(clientHandshakeState.f, CipherSuite.Q3);
        }
        TlsUtils.b(clientHandshakeState.f, byteArrayOutputStream);
        clientHandshakeState.g = new short[]{0};
        TlsUtils.b(clientHandshakeState.g, (OutputStream) byteArrayOutputStream);
        Hashtable hashtable = clientHandshakeState.h;
        if (hashtable != null) {
            TlsProtocol.a(byteArrayOutputStream, hashtable);
        }
        return byteArrayOutputStream.toByteArray();
    }

    protected void b(ClientHandshakeState clientHandshakeState) {
        SessionParameters sessionParameters = clientHandshakeState.d;
        if (sessionParameters != null) {
            sessionParameters.a();
            clientHandshakeState.d = null;
        }
        TlsSession tlsSession = clientHandshakeState.c;
        if (tlsSession != null) {
            tlsSession.invalidate();
            clientHandshakeState.c = null;
        }
    }

    protected void b(ClientHandshakeState clientHandshakeState, byte[] bArr) throws IOException {
        if (!clientHandshakeState.m) {
            throw new TlsFatalAlert((short) 10);
        }
        ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(bArr);
        clientHandshakeState.q = CertificateStatus.a(byteArrayInputStream);
        TlsProtocol.b(byteArrayInputStream);
    }

    protected byte[] c(ClientHandshakeState clientHandshakeState, byte[] bArr) throws IOException {
        ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(bArr);
        ProtocolVersion i = TlsUtils.i(byteArrayInputStream);
        byte[] c = TlsUtils.c(byteArrayInputStream);
        TlsProtocol.b(byteArrayInputStream);
        if (!i.b(clientHandshakeState.b.b())) {
            throw new TlsFatalAlert((short) 47);
        }
        if (ProtocolVersion.h.b(i) || c.length <= 32) {
            return c;
        }
        throw new TlsFatalAlert((short) 47);
    }

    protected void d(ClientHandshakeState clientHandshakeState, byte[] bArr) throws IOException {
        ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(bArr);
        NewSessionTicket a2 = NewSessionTicket.a(byteArrayInputStream);
        TlsProtocol.b(byteArrayInputStream);
        clientHandshakeState.f7475a.a(a2);
    }

    protected Certificate e(ClientHandshakeState clientHandshakeState, byte[] bArr) throws IOException {
        ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(bArr);
        Certificate a2 = Certificate.a(byteArrayInputStream);
        TlsProtocol.b(byteArrayInputStream);
        clientHandshakeState.o.b(a2);
        clientHandshakeState.p = clientHandshakeState.f7475a.s();
        clientHandshakeState.p.a(a2);
        return a2;
    }

    protected void f(ClientHandshakeState clientHandshakeState, byte[] bArr) throws IOException {
        TlsSession tlsSession;
        SecurityParameters g = clientHandshakeState.b.g();
        ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(bArr);
        a(clientHandshakeState, TlsUtils.i(byteArrayInputStream));
        g.h = TlsUtils.b(32, byteArrayInputStream);
        clientHandshakeState.j = TlsUtils.c(byteArrayInputStream);
        byte[] bArr2 = clientHandshakeState.j;
        if (bArr2.length > 32) {
            throw new TlsFatalAlert((short) 47);
        }
        clientHandshakeState.f7475a.a(bArr2);
        byte[] bArr3 = clientHandshakeState.j;
        boolean z = false;
        clientHandshakeState.k = bArr3.length > 0 && (tlsSession = clientHandshakeState.c) != null && Arrays.a(bArr3, tlsSession.a());
        int d = TlsUtils.d(byteArrayInputStream);
        if (!Arrays.b(clientHandshakeState.f, d) || d == 0 || CipherSuite.a(d) || !TlsUtils.a(d, clientHandshakeState.b.a())) {
            throw new TlsFatalAlert((short) 47);
        }
        DTLSProtocol.a(d, (short) 47);
        clientHandshakeState.f7475a.a(d);
        short h = TlsUtils.h(byteArrayInputStream);
        if (!Arrays.b(clientHandshakeState.g, h)) {
            throw new TlsFatalAlert((short) 47);
        }
        clientHandshakeState.f7475a.a(h);
        clientHandshakeState.i = TlsProtocol.c(byteArrayInputStream);
        Hashtable hashtable = clientHandshakeState.i;
        if (hashtable != null) {
            Enumeration keys = hashtable.keys();
            while (keys.hasMoreElements()) {
                Integer num = (Integer) keys.nextElement();
                if (!num.equals(TlsProtocol.E)) {
                    if (TlsUtils.a(clientHandshakeState.h, num) == null) {
                        throw new TlsFatalAlert(AlertDescription.y);
                    }
                    boolean z2 = clientHandshakeState.k;
                }
            }
        }
        byte[] a2 = TlsUtils.a(clientHandshakeState.i, TlsProtocol.E);
        if (a2 != null) {
            clientHandshakeState.l = true;
            if (!Arrays.e(a2, TlsProtocol.c(TlsUtils.f7548a))) {
                throw new TlsFatalAlert((short) 40);
            }
        }
        clientHandshakeState.f7475a.a(clientHandshakeState.l);
        Hashtable hashtable2 = clientHandshakeState.h;
        Hashtable hashtable3 = clientHandshakeState.i;
        if (clientHandshakeState.k) {
            if (d != clientHandshakeState.d.c() || h != clientHandshakeState.d.d()) {
                throw new TlsFatalAlert((short) 47);
            }
            hashtable2 = null;
            hashtable3 = clientHandshakeState.d.j();
        }
        g.b = d;
        g.c = h;
        if (hashtable3 != null) {
            boolean j = TlsExtensionsUtils.j(hashtable3);
            if (j && !TlsUtils.l(g.b())) {
                throw new TlsFatalAlert((short) 47);
            }
            g.n = j;
            g.o = TlsExtensionsUtils.k(hashtable3);
            g.l = DTLSProtocol.a(clientHandshakeState.k, hashtable2, hashtable3, (short) 47);
            g.m = TlsExtensionsUtils.l(hashtable3);
            clientHandshakeState.m = !clientHandshakeState.k && TlsUtils.a(hashtable3, TlsExtensionsUtils.g, (short) 47);
            if (!clientHandshakeState.k && TlsUtils.a(hashtable3, TlsProtocol.F, (short) 47)) {
                z = true;
            }
            clientHandshakeState.n = z;
        }
        if (hashtable2 != null) {
            clientHandshakeState.f7475a.a(hashtable3);
        }
        g.d = TlsProtocol.a(clientHandshakeState.b, g.b());
        g.e = 12;
    }

    protected void g(ClientHandshakeState clientHandshakeState, byte[] bArr) throws IOException {
        ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(bArr);
        clientHandshakeState.o.a(byteArrayInputStream);
        TlsProtocol.b(byteArrayInputStream);
    }

    protected void h(ClientHandshakeState clientHandshakeState, byte[] bArr) throws IOException {
        clientHandshakeState.f7475a.b(TlsProtocol.d(new ByteArrayInputStream(bArr)));
    }
}
