package org.bouncycastle.tls;

import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.util.Enumeration;
import java.util.Hashtable;
import org.bouncycastle.tls.SessionParameters;
import org.bouncycastle.util.Arrays;

/* loaded from: classes3.dex */
public class DTLSClientProtocol extends DTLSProtocol {

    /* loaded from: classes3.dex */
    public static class ClientHandshakeState {
        public TlsClient client = null;
        public TlsClientContextImpl clientContext = null;
        public TlsSession tlsSession = null;
        public SessionParameters sessionParameters = null;
        public SessionParameters.Builder sessionParametersBuilder = null;
        public int[] offeredCipherSuites = null;
        public Hashtable clientExtensions = null;
        public Hashtable serverExtensions = null;
        public boolean resumedSession = false;
        public boolean allowCertificateStatus = false;
        public boolean expectSessionTicket = false;
        public TlsKeyExchange keyExchange = null;
        public TlsAuthentication authentication = null;
        public CertificateStatus certificateStatus = null;
        public CertificateRequest certificateRequest = null;
        public TlsCredentials clientCredentials = null;
    }

    public static byte[] patchClientHelloWithCookie(byte[] bArr, byte[] bArr2) throws IOException {
        int readUint8 = TlsUtils.readUint8(bArr, 34) + 35;
        int i2 = readUint8 + 1;
        byte[] bArr3 = new byte[bArr.length + bArr2.length];
        System.arraycopy(bArr, 0, bArr3, 0, readUint8);
        TlsUtils.checkUint8(bArr2.length);
        TlsUtils.writeUint8(bArr2.length, bArr3, readUint8);
        System.arraycopy(bArr2, 0, bArr3, i2, bArr2.length);
        System.arraycopy(bArr, i2, bArr3, bArr2.length + i2, bArr.length - i2);
        return bArr3;
    }

    public void abortClientHandshake(ClientHandshakeState clientHandshakeState, DTLSRecordLayer dTLSRecordLayer, short s) {
        dTLSRecordLayer.fail(s);
        invalidateSession(clientHandshakeState);
    }

    /* JADX WARN: Removed duplicated region for block: B:56:0x01ee  */
    /* JADX WARN: Removed duplicated region for block: B:59:0x021f  */
    /* JADX WARN: Removed duplicated region for block: B:62:0x0243  */
    /* JADX WARN: Removed duplicated region for block: B:69:0x01f0  */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public org.bouncycastle.tls.DTLSTransport clientHandshake(org.bouncycastle.tls.DTLSClientProtocol.ClientHandshakeState r22, org.bouncycastle.tls.DTLSRecordLayer r23) throws java.io.IOException {
        /*
            Method dump skipped, instructions count: 789
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: org.bouncycastle.tls.DTLSClientProtocol.clientHandshake(org.bouncycastle.tls.DTLSClientProtocol$ClientHandshakeState, org.bouncycastle.tls.DTLSRecordLayer):org.bouncycastle.tls.DTLSTransport");
    }

    public DTLSTransport connect(TlsClient tlsClient, DatagramTransport datagramTransport) throws IOException {
        SessionParameters exportSessionParameters;
        if (tlsClient == null) {
            throw new IllegalArgumentException("'client' cannot be null");
        }
        if (datagramTransport == null) {
            throw new IllegalArgumentException("'transport' cannot be null");
        }
        ClientHandshakeState clientHandshakeState = new ClientHandshakeState();
        clientHandshakeState.client = tlsClient;
        TlsClientContextImpl tlsClientContextImpl = new TlsClientContextImpl(tlsClient.getCrypto());
        clientHandshakeState.clientContext = tlsClientContextImpl;
        tlsClient.init(tlsClientContextImpl);
        clientHandshakeState.clientContext.handshakeBeginning(tlsClient);
        SecurityParameters securityParametersHandshake = clientHandshakeState.clientContext.getSecurityParametersHandshake();
        securityParametersHandshake.extendedPadding = tlsClient.shouldUseExtendedPadding();
        TlsSession sessionToResume = clientHandshakeState.client.getSessionToResume();
        if (sessionToResume != null && sessionToResume.isResumable() && (exportSessionParameters = sessionToResume.exportSessionParameters()) != null && exportSessionParameters.isExtendedMasterSecret()) {
            clientHandshakeState.tlsSession = sessionToResume;
            clientHandshakeState.sessionParameters = exportSessionParameters;
        }
        DTLSRecordLayer dTLSRecordLayer = new DTLSRecordLayer(datagramTransport, tlsClient, (short) 22);
        try {
            try {
                try {
                    return clientHandshake(clientHandshakeState, dTLSRecordLayer);
                } catch (RuntimeException e2) {
                    abortClientHandshake(clientHandshakeState, dTLSRecordLayer, (short) 80);
                    throw new TlsFatalAlert((short) 80, e2);
                }
            } catch (TlsFatalAlert e3) {
                abortClientHandshake(clientHandshakeState, dTLSRecordLayer, e3.getAlertDescription());
                throw e3;
            } catch (IOException e4) {
                abortClientHandshake(clientHandshakeState, dTLSRecordLayer, (short) 80);
                throw e4;
            }
        } finally {
            securityParametersHandshake.clear();
        }
    }

    public byte[] generateCertificateVerify(ClientHandshakeState clientHandshakeState, DigitallySigned digitallySigned) throws IOException {
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        digitallySigned.encode(byteArrayOutputStream);
        return byteArrayOutputStream.toByteArray();
    }

    public byte[] generateClientHello(ClientHandshakeState clientHandshakeState) throws IOException {
        ProtocolVersion protocolVersion;
        SessionParameters sessionParameters;
        TlsClientContextImpl tlsClientContextImpl = clientHandshakeState.clientContext;
        SecurityParameters securityParametersHandshake = tlsClientContextImpl.getSecurityParametersHandshake();
        tlsClientContextImpl.setClientSupportedVersions(clientHandshakeState.client.getSupportedVersions());
        ProtocolVersion latestDTLS = ProtocolVersion.getLatestDTLS(tlsClientContextImpl.getClientSupportedVersions());
        if (latestDTLS == null || !ProtocolVersion.DTLSv10.isEqualOrEarlierVersionOf(latestDTLS)) {
            throw new TlsFatalAlert((short) 80);
        }
        tlsClientContextImpl.setClientVersion(latestDTLS);
        byte[] bArr = TlsUtils.EMPTY_BYTES;
        TlsSession tlsSession = clientHandshakeState.tlsSession;
        if (tlsSession != null && ((bArr = tlsSession.getSessionID()) == null || bArr.length > 32)) {
            bArr = TlsUtils.EMPTY_BYTES;
        }
        boolean isFallback = clientHandshakeState.client.isFallback();
        clientHandshakeState.offeredCipherSuites = clientHandshakeState.client.getCipherSuites();
        if (bArr.length > 0 && (sessionParameters = clientHandshakeState.sessionParameters) != null && (!sessionParameters.isExtendedMasterSecret() || !Arrays.contains(clientHandshakeState.offeredCipherSuites, clientHandshakeState.sessionParameters.getCipherSuite()) || clientHandshakeState.sessionParameters.getCompressionAlgorithm() != 0)) {
            bArr = TlsUtils.EMPTY_BYTES;
        }
        clientHandshakeState.clientExtensions = TlsExtensionsUtils.ensureExtensionsInitialised(clientHandshakeState.client.getClientExtensions());
        if (latestDTLS.isLaterVersionOf(ProtocolVersion.DTLSv12)) {
            protocolVersion = ProtocolVersion.DTLSv12;
            TlsExtensionsUtils.addSupportedVersionsExtensionClient(clientHandshakeState.clientExtensions, tlsClientContextImpl.getClientSupportedVersions());
        } else {
            protocolVersion = latestDTLS;
        }
        securityParametersHandshake.clientServerNames = TlsExtensionsUtils.getServerNameExtensionClient(clientHandshakeState.clientExtensions);
        if (TlsUtils.isSignatureAlgorithmsExtensionAllowed(latestDTLS)) {
            securityParametersHandshake.clientSigAlgs = TlsExtensionsUtils.getSignatureAlgorithmsExtension(clientHandshakeState.clientExtensions);
            securityParametersHandshake.clientSigAlgsCert = TlsExtensionsUtils.getSignatureAlgorithmsCertExtension(clientHandshakeState.clientExtensions);
        }
        securityParametersHandshake.clientSupportedGroups = TlsExtensionsUtils.getSupportedGroupsExtension(clientHandshakeState.clientExtensions);
        TlsExtensionsUtils.addExtendedMasterSecretExtension(clientHandshakeState.clientExtensions);
        securityParametersHandshake.clientRandom = TlsProtocol.createRandomBlock(clientHandshakeState.client.shouldUseGMTUnixTime(), clientHandshakeState.clientContext);
        boolean z = TlsUtils.getExtensionData(clientHandshakeState.clientExtensions, TlsProtocol.EXT_RenegotiationInfo) == null;
        boolean z2 = !Arrays.contains(clientHandshakeState.offeredCipherSuites, 255);
        if (z && z2) {
            clientHandshakeState.offeredCipherSuites = Arrays.append(clientHandshakeState.offeredCipherSuites, 255);
        }
        if (isFallback && !Arrays.contains(clientHandshakeState.offeredCipherSuites, 22016)) {
            clientHandshakeState.offeredCipherSuites = Arrays.append(clientHandshakeState.offeredCipherSuites, 22016);
        }
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        TlsUtils.writeVersion(protocolVersion, byteArrayOutputStream);
        byteArrayOutputStream.write(securityParametersHandshake.getClientRandom());
        TlsUtils.writeOpaque8(bArr, byteArrayOutputStream);
        TlsUtils.writeOpaque8(TlsUtils.EMPTY_BYTES, byteArrayOutputStream);
        TlsUtils.writeUint16ArrayWithUint16Length(clientHandshakeState.offeredCipherSuites, byteArrayOutputStream);
        TlsUtils.writeUint8ArrayWithUint8Length(new short[]{0}, byteArrayOutputStream);
        TlsProtocol.writeExtensions(byteArrayOutputStream, clientHandshakeState.clientExtensions);
        return byteArrayOutputStream.toByteArray();
    }

    public byte[] generateClientKeyExchange(ClientHandshakeState clientHandshakeState) throws IOException {
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        clientHandshakeState.keyExchange.generateClientKeyExchange(byteArrayOutputStream);
        return byteArrayOutputStream.toByteArray();
    }

    public void invalidateSession(ClientHandshakeState clientHandshakeState) {
        SessionParameters sessionParameters = clientHandshakeState.sessionParameters;
        if (sessionParameters != null) {
            sessionParameters.clear();
            clientHandshakeState.sessionParameters = null;
        }
        TlsSession tlsSession = clientHandshakeState.tlsSession;
        if (tlsSession != null) {
            tlsSession.invalidate();
            clientHandshakeState.tlsSession = null;
        }
    }

    public void processCertificateRequest(ClientHandshakeState clientHandshakeState, byte[] bArr) throws IOException {
        if (clientHandshakeState.authentication == null) {
            throw new TlsFatalAlert((short) 40);
        }
        ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(bArr);
        clientHandshakeState.certificateRequest = CertificateRequest.parse(clientHandshakeState.clientContext, byteArrayInputStream);
        TlsProtocol.assertEmpty(byteArrayInputStream);
        clientHandshakeState.certificateRequest = TlsUtils.validateCertificateRequest(clientHandshakeState.certificateRequest, clientHandshakeState.keyExchange);
    }

    public void processCertificateStatus(ClientHandshakeState clientHandshakeState, byte[] bArr) throws IOException {
        if (!clientHandshakeState.allowCertificateStatus) {
            throw new TlsFatalAlert((short) 10);
        }
        ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(bArr);
        clientHandshakeState.certificateStatus = CertificateStatus.parse(byteArrayInputStream);
        TlsProtocol.assertEmpty(byteArrayInputStream);
    }

    public byte[] processHelloVerifyRequest(ClientHandshakeState clientHandshakeState, byte[] bArr) throws IOException {
        ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(bArr);
        ProtocolVersion readVersion = TlsUtils.readVersion(byteArrayInputStream);
        byte[] readOpaque8 = TlsUtils.readOpaque8(byteArrayInputStream, 0, ProtocolVersion.DTLSv12.isEqualOrEarlierVersionOf(readVersion) ? 255 : 32);
        TlsProtocol.assertEmpty(byteArrayInputStream);
        if (readVersion.isEqualOrEarlierVersionOf(clientHandshakeState.clientContext.getClientVersion())) {
            return readOpaque8;
        }
        throw new TlsFatalAlert((short) 47);
    }

    public void processNewSessionTicket(ClientHandshakeState clientHandshakeState, byte[] bArr) throws IOException {
        ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(bArr);
        NewSessionTicket parse = NewSessionTicket.parse(byteArrayInputStream);
        TlsProtocol.assertEmpty(byteArrayInputStream);
        clientHandshakeState.client.notifyNewSessionTicket(parse);
    }

    public void processServerCertificate(ClientHandshakeState clientHandshakeState, byte[] bArr) throws IOException {
        TlsUtils.receiveServerCertificate(clientHandshakeState.clientContext, new ByteArrayInputStream(bArr));
        TlsAuthentication authentication = clientHandshakeState.client.getAuthentication();
        clientHandshakeState.authentication = authentication;
        if (authentication == null) {
            throw new TlsFatalAlert((short) 80);
        }
    }

    public void processServerHello(ClientHandshakeState clientHandshakeState, byte[] bArr) throws IOException {
        TlsSession tlsSession;
        ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(bArr);
        ProtocolVersion readVersion = TlsUtils.readVersion(byteArrayInputStream);
        byte[] readFully = TlsUtils.readFully(32, byteArrayInputStream);
        boolean z = false;
        byte[] readOpaque8 = TlsUtils.readOpaque8(byteArrayInputStream, 0, 32);
        int readUint16 = TlsUtils.readUint16(byteArrayInputStream);
        short readUint8 = TlsUtils.readUint8(byteArrayInputStream);
        clientHandshakeState.serverExtensions = TlsProtocol.readExtensions(byteArrayInputStream);
        SecurityParameters securityParametersHandshake = clientHandshakeState.clientContext.getSecurityParametersHandshake();
        reportServerVersion(clientHandshakeState, readVersion);
        if (!clientHandshakeState.clientContext.getClientVersion().equals(readVersion)) {
            TlsUtils.checkDowngradeMarker(readVersion, readFully);
        }
        securityParametersHandshake.serverRandom = readFully;
        securityParametersHandshake.sessionID = readOpaque8;
        clientHandshakeState.client.notifySessionID(readOpaque8);
        clientHandshakeState.resumedSession = readOpaque8.length > 0 && (tlsSession = clientHandshakeState.tlsSession) != null && Arrays.areEqual(readOpaque8, tlsSession.getSessionID());
        if (!Arrays.contains(clientHandshakeState.offeredCipherSuites, readUint16) || readUint16 == 0 || CipherSuite.isSCSV(readUint16) || !TlsUtils.isValidCipherSuiteForVersion(readUint16, clientHandshakeState.clientContext.getServerVersion())) {
            throw new TlsFatalAlert((short) 47);
        }
        securityParametersHandshake.cipherSuite = DTLSProtocol.validateSelectedCipherSuite(readUint16, (short) 47);
        clientHandshakeState.client.notifySelectedCipherSuite(readUint16);
        if (readUint8 != 0) {
            throw new TlsFatalAlert((short) 47);
        }
        securityParametersHandshake.extendedMasterSecret = TlsExtensionsUtils.hasExtendedMasterSecretExtension(clientHandshakeState.serverExtensions);
        if (!securityParametersHandshake.isExtendedMasterSecret() && (clientHandshakeState.resumedSession || clientHandshakeState.client.requiresExtendedMasterSecret())) {
            throw new TlsFatalAlert((short) 40);
        }
        Hashtable hashtable = clientHandshakeState.serverExtensions;
        if (hashtable != null) {
            Enumeration keys = hashtable.keys();
            while (keys.hasMoreElements()) {
                Integer num = (Integer) keys.nextElement();
                if (!num.equals(TlsProtocol.EXT_RenegotiationInfo) && TlsUtils.getExtensionData(clientHandshakeState.clientExtensions, num) == null) {
                    throw new TlsFatalAlert((short) 110);
                }
            }
        }
        byte[] extensionData = TlsUtils.getExtensionData(clientHandshakeState.serverExtensions, TlsProtocol.EXT_RenegotiationInfo);
        if (extensionData != null) {
            securityParametersHandshake.secureRenegotiation = true;
            if (!Arrays.constantTimeAreEqual(extensionData, TlsProtocol.createRenegotiationInfo(TlsUtils.EMPTY_BYTES))) {
                throw new TlsFatalAlert((short) 40);
            }
        }
        clientHandshakeState.client.notifySecureRenegotiation(securityParametersHandshake.isSecureRenegotiation());
        securityParametersHandshake.applicationProtocol = TlsExtensionsUtils.getALPNExtensionServer(clientHandshakeState.serverExtensions);
        Hashtable hashtable2 = clientHandshakeState.clientExtensions;
        Hashtable hashtable3 = clientHandshakeState.serverExtensions;
        if (clientHandshakeState.resumedSession) {
            if (securityParametersHandshake.getCipherSuite() != clientHandshakeState.sessionParameters.getCipherSuite() || clientHandshakeState.sessionParameters.getCompressionAlgorithm() != 0 || !readVersion.equals(clientHandshakeState.sessionParameters.getNegotiatedVersion())) {
                throw new TlsFatalAlert((short) 47);
            }
            hashtable2 = null;
            hashtable3 = clientHandshakeState.sessionParameters.readServerExtensions();
        }
        if (hashtable3 != null && !hashtable3.isEmpty()) {
            boolean hasEncryptThenMACExtension = TlsExtensionsUtils.hasEncryptThenMACExtension(hashtable3);
            if (hasEncryptThenMACExtension && !TlsUtils.isBlockCipherSuite(securityParametersHandshake.getCipherSuite())) {
                throw new TlsFatalAlert((short) 47);
            }
            securityParametersHandshake.encryptThenMAC = hasEncryptThenMACExtension;
            securityParametersHandshake.maxFragmentLength = DTLSProtocol.evaluateMaxFragmentLengthExtension(clientHandshakeState.resumedSession, hashtable2, hashtable3, (short) 47);
            securityParametersHandshake.truncatedHMac = TlsExtensionsUtils.hasTruncatedHMacExtension(hashtable3);
            clientHandshakeState.allowCertificateStatus = !clientHandshakeState.resumedSession && TlsUtils.hasExpectedEmptyExtensionData(hashtable3, TlsExtensionsUtils.EXT_status_request, (short) 47);
            if (!clientHandshakeState.resumedSession && TlsUtils.hasExpectedEmptyExtensionData(hashtable3, TlsProtocol.EXT_SessionTicket, (short) 47)) {
                z = true;
            }
            clientHandshakeState.expectSessionTicket = z;
        }
        if (hashtable2 != null) {
            clientHandshakeState.client.processServerExtensions(hashtable3);
        }
        securityParametersHandshake.prfAlgorithm = TlsProtocol.getPRFAlgorithm(clientHandshakeState.clientContext, securityParametersHandshake.getCipherSuite());
        securityParametersHandshake.verifyDataLength = 12;
    }

    public void processServerKeyExchange(ClientHandshakeState clientHandshakeState, byte[] bArr) throws IOException {
        ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(bArr);
        clientHandshakeState.keyExchange.processServerKeyExchange(byteArrayInputStream);
        TlsProtocol.assertEmpty(byteArrayInputStream);
    }

    public void processServerSupplementalData(ClientHandshakeState clientHandshakeState, byte[] bArr) throws IOException {
        clientHandshakeState.client.processServerSupplementalData(TlsProtocol.readSupplementalDataMessage(new ByteArrayInputStream(bArr)));
    }

    public void reportServerVersion(ClientHandshakeState clientHandshakeState, ProtocolVersion protocolVersion) throws IOException {
        TlsClientContextImpl tlsClientContextImpl = clientHandshakeState.clientContext;
        ProtocolVersion serverVersion = tlsClientContextImpl.getServerVersion();
        if (serverVersion != null) {
            if (!serverVersion.equals(protocolVersion)) {
                throw new TlsFatalAlert((short) 47);
            }
        } else {
            if (!ProtocolVersion.DTLSv10.isEqualOrEarlierVersionOf(protocolVersion)) {
                throw new TlsFatalAlert((short) 47);
            }
            if (!ProtocolVersion.contains(tlsClientContextImpl.getClientSupportedVersions(), protocolVersion)) {
                throw new TlsFatalAlert((short) 70);
            }
            tlsClientContextImpl.getSecurityParametersHandshake().negotiatedVersion = protocolVersion;
            clientHandshakeState.client.notifyServerVersion(protocolVersion);
        }
    }
}
