package n6;

import java.nio.ByteBuffer;
import java.nio.charset.Charset;
import java.security.InvalidKeyException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.Signature;
import java.security.SignatureException;
import java.security.cert.CertPathBuilderException;
import java.security.cert.CertPathValidatorException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collections;
import java.util.List;
import java.util.Objects;
import java.util.Optional;
import java.util.Set;
import java.util.function.Function;
import java.util.function.Predicate;
import java.util.function.Supplier;
import java.util.stream.Collectors;
import java.util.stream.Stream;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;
import javax.security.auth.x500.X500Principal;
import m6.w;
import n6.r;

/* loaded from: classes.dex */
public class k1 extends l1 implements s {
    public static final List<k6.n> A;
    private static final Charset B;

    /* renamed from: d, reason: collision with root package name */
    private final t f11497d;

    /* renamed from: e, reason: collision with root package name */
    private final p2 f11498e;

    /* renamed from: f, reason: collision with root package name */
    private String f11499f;

    /* renamed from: g, reason: collision with root package name */
    private boolean f11500g;

    /* renamed from: i, reason: collision with root package name */
    private k6.i f11502i;

    /* renamed from: k, reason: collision with root package name */
    private List<m6.m> f11504k;

    /* renamed from: m, reason: collision with root package name */
    private r f11506m;

    /* renamed from: n, reason: collision with root package name */
    private k6.t f11507n;

    /* renamed from: o, reason: collision with root package name */
    private List<k6.n> f11508o;

    /* renamed from: p, reason: collision with root package name */
    private X509Certificate f11509p;

    /* renamed from: r, reason: collision with root package name */
    private X509TrustManager f11511r;

    /* renamed from: s, reason: collision with root package name */
    private k6.f f11512s;

    /* renamed from: w, reason: collision with root package name */
    private boolean f11516w;

    /* renamed from: x, reason: collision with root package name */
    private List<X500Principal> f11517x;

    /* renamed from: z, reason: collision with root package name */
    private List<k6.n> f11519z;

    /* renamed from: l, reason: collision with root package name */
    private a f11505l = a.Initial;

    /* renamed from: q, reason: collision with root package name */
    private List<X509Certificate> f11510q = Collections.emptyList();

    /* renamed from: v, reason: collision with root package name */
    private boolean f11515v = false;

    /* renamed from: h, reason: collision with root package name */
    private List<k6.i> f11501h = new ArrayList();

    /* renamed from: j, reason: collision with root package name */
    private List<m6.m> f11503j = new ArrayList();

    /* renamed from: t, reason: collision with root package name */
    private k6.c f11513t = new k6.b();

    /* renamed from: u, reason: collision with root package name */
    private List<k6.f> f11514u = new ArrayList();

    /* renamed from: y, reason: collision with root package name */
    private Function<List<X500Principal>, k6.a> f11518y = new Function() { // from class: n6.e1
        @Override // java.util.function.Function
        public final Object apply(Object obj) {
            k6.a S;
            S = k1.S((List) obj);
            return S;
        }
    };

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: classes.dex */
    public enum a {
        Initial,
        ClientHelloSent,
        ServerHelloReceived,
        EncryptedExtensionsReceived,
        CertificateRequestReceived,
        CertificateReceived,
        CertificateVerifyReceived,
        Finished
    }

    static {
        List<k6.n> a10;
        a10 = e6.d0.a(new Object[]{k6.n.rsa_pss_rsae_sha256, k6.n.rsa_pss_rsae_sha384, k6.n.rsa_pss_rsae_sha512, k6.n.ecdsa_secp256r1_sha256});
        A = a10;
        B = Charset.forName("ISO-8859-1");
    }

    public k1(t tVar, p2 p2Var) {
        this.f11497d = tVar;
        this.f11498e = p2Var;
    }

    private boolean O(X509Certificate x509Certificate, k6.n nVar) {
        List a10;
        String sigAlgName = x509Certificate.getSigAlgName();
        if (sigAlgName.toLowerCase().contains("withrsa")) {
            a10 = e6.d0.a(new Object[]{k6.n.rsa_pss_rsae_sha256, k6.n.rsa_pss_rsae_sha384});
        } else {
            if (!sigAlgName.toLowerCase().contains("withecdsa")) {
                return false;
            }
            a10 = e6.d0.a(new Object[]{k6.n.ecdsa_secp256r1_sha256});
        }
        return a10.contains(nVar);
    }

    private Optional<String> Q(CertificateException certificateException) {
        String message;
        Throwable cause = certificateException.getCause();
        if (cause instanceof CertPathValidatorException) {
            message = cause.getMessage() + ": " + ((CertPathValidatorException) cause).getReason();
        } else {
            if (!(cause instanceof CertPathBuilderException)) {
                return Optional.empty();
            }
            message = cause.getMessage();
        }
        return Optional.of(message);
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static /* synthetic */ k6.a S(List list) {
        return null;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static /* synthetic */ boolean U(m6.m mVar) {
        return !(mVar instanceof m6.j0);
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static /* synthetic */ boolean V(List list, m6.m mVar) {
        return list.contains(mVar.getClass());
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static /* synthetic */ boolean X(m6.m mVar) {
        return mVar instanceof m6.e0;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static /* synthetic */ List Y(m6.m mVar) {
        return ((m6.e0) mVar).f();
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static /* synthetic */ l6.h Z() {
        return new l6.h();
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static /* synthetic */ boolean a0(m6.m mVar) {
        return mVar instanceof m6.g;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static /* synthetic */ List b0(m6.m mVar) {
        return ((m6.g) mVar).f();
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static /* synthetic */ boolean c0(m6.m mVar) {
        return mVar instanceof m6.i0;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static /* synthetic */ boolean d0(m6.m mVar) {
        return (mVar instanceof m6.x) || (mVar instanceof m6.w);
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static /* synthetic */ boolean e0(m6.m mVar) {
        return mVar instanceof m6.i0;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static /* synthetic */ Short f0(m6.m mVar) {
        return Short.valueOf(((m6.i0) mVar).d());
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static /* synthetic */ boolean g0(m6.m mVar) {
        return ((mVar instanceof m6.i0) || (mVar instanceof m6.x) || (mVar instanceof m6.w)) ? false : true;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static /* synthetic */ boolean h0(m6.m mVar) {
        return mVar instanceof m6.w;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static /* synthetic */ w.b i0(m6.m mVar) {
        return ((m6.w) mVar).j().get(0);
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static /* synthetic */ boolean j0(m6.m mVar) {
        return mVar instanceof m6.b0;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public /* synthetic */ boolean k0(k6.a aVar, k6.n nVar) {
        return O(aVar.a(), nVar);
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static /* synthetic */ l6.e l0() {
        return new l6.e("failed to negotiate signature scheme");
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static /* synthetic */ boolean m0(k6.n nVar) {
        return !A.contains(nVar);
    }

    private void n0() {
        final k6.a apply = this.f11518y.apply(this.f11517x);
        e eVar = new e(apply != null ? apply.a() : null);
        this.f11497d.c(eVar);
        this.f11507n.i(eVar);
        if (apply != null) {
            Stream<k6.n> stream = this.f11519z.stream();
            final List<k6.n> list = this.f11508o;
            Objects.requireNonNull(list);
            k6.n orElseThrow = stream.filter(new Predicate() { // from class: n6.p0
                @Override // java.util.function.Predicate
                public final boolean test(Object obj) {
                    return list.contains((k6.n) obj);
                }
            }).filter(new Predicate() { // from class: n6.r0
                @Override // java.util.function.Predicate
                public final boolean test(Object obj) {
                    boolean k02;
                    k02 = k1.this.k0(apply, (k6.n) obj);
                    return k02;
                }
            }).findFirst().orElseThrow(new Supplier() { // from class: n6.c1
                @Override // java.util.function.Supplier
                public final Object get() {
                    l6.e l02;
                    l02 = k1.l0();
                    return l02;
                }
            });
            i iVar = new i(orElseThrow, o(this.f11507n.d(k6.k.certificate), apply.b(), orElseThrow, true));
            this.f11497d.b(iVar);
            this.f11507n.i(iVar);
        }
    }

    public void M(m6.m mVar) {
        this.f11503j.add(mVar);
    }

    public void N(List<k6.i> list) {
        this.f11501h.addAll(list);
    }

    protected void P(List<X509Certificate> list) {
        try {
            X509TrustManager x509TrustManager = this.f11511r;
            if (x509TrustManager != null) {
                x509TrustManager.checkServerTrusted((X509Certificate[]) u3.a.b(list, X509Certificate.class), "RSA");
                return;
            }
            TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance("PKIX");
            trustManagerFactory.init((KeyStore) null);
            ((X509TrustManager) trustManagerFactory.getTrustManagers()[0]).checkServerTrusted((X509Certificate[]) u3.a.b(list, X509Certificate.class), "UNKNOWN");
        } catch (KeyStoreException unused) {
            throw new RuntimeException("keystore exception");
        } catch (NoSuchAlgorithmException unused2) {
            throw new RuntimeException("unsupported trust manager algorithm");
        } catch (CertificateException e10) {
            throw new l6.a(Q(e10).orElse("certificate validation failed"));
        }
    }

    public k6.i R() {
        k6.i iVar = this.f11502i;
        if (iVar != null) {
            return iVar;
        }
        throw new IllegalStateException("No (valid) server hello received yet");
    }

    @Override // n6.b0
    public void a(f fVar, k6.g gVar) {
        if (gVar != k6.g.Handshake) {
            throw new l6.j("incorrect protection level");
        }
        if (this.f11505l != a.EncryptedExtensionsReceived) {
            throw new l6.j("unexpected certificate request message");
        }
        this.f11519z = (List) fVar.i().stream().filter(new Predicate() { // from class: n6.z0
            @Override // java.util.function.Predicate
            public final boolean test(Object obj) {
                boolean X;
                X = k1.X((m6.m) obj);
                return X;
            }
        }).findFirst().map(new Function() { // from class: n6.j1
            @Override // java.util.function.Function
            public final Object apply(Object obj) {
                List Y;
                Y = k1.Y((m6.m) obj);
                return Y;
            }
        }).orElseThrow(new Supplier() { // from class: n6.d1
            @Override // java.util.function.Supplier
            public final Object get() {
                l6.h Z;
                Z = k1.Z();
                return Z;
            }
        });
        this.f11507n.h(fVar);
        this.f11517x = (List) fVar.i().stream().filter(new Predicate() { // from class: n6.y0
            @Override // java.util.function.Predicate
            public final boolean test(Object obj) {
                boolean a02;
                a02 = k1.a0((m6.m) obj);
                return a02;
            }
        }).findFirst().map(new Function() { // from class: n6.i1
            @Override // java.util.function.Function
            public final Object apply(Object obj) {
                List b02;
                b02 = k1.b0((m6.m) obj);
                return b02;
            }
        }).orElse(Collections.emptyList());
        this.f11516w = true;
        this.f11505l = a.CertificateRequestReceived;
    }

    @Override // n6.b0
    public void b(i iVar, k6.g gVar) {
        if (gVar != k6.g.Handshake) {
            throw new l6.j("incorrect protection level");
        }
        if (this.f11505l != a.CertificateReceived) {
            throw new l6.j("unexpected certificate verify message");
        }
        k6.n l10 = iVar.l();
        if (!this.f11508o.contains(l10)) {
            throw new l6.f("signature scheme does not match");
        }
        if (!u0(iVar.k(), l10, this.f11509p, this.f11507n.g(k6.k.certificate))) {
            throw new l6.c("signature verification fails");
        }
        P(this.f11510q);
        this.f11507n.j(iVar);
        this.f11505l = a.CertificateVerifyReceived;
    }

    @Override // n6.b0
    public void c(e eVar, k6.g gVar) {
        if (gVar != k6.g.Handshake) {
            throw new l6.j("incorrect protection level");
        }
        a aVar = this.f11505l;
        if (aVar != a.EncryptedExtensionsReceived && aVar != a.CertificateRequestReceived) {
            throw new l6.j("unexpected certificate message");
        }
        if (eVar.o().length > 0) {
            throw new l6.f("certificate request context should be zero length");
        }
        if (eVar.n() == null) {
            throw new l6.f("missing certificate");
        }
        this.f11509p = eVar.n();
        this.f11510q = eVar.m();
        this.f11507n.j(eVar);
        this.f11505l = a.CertificateReceived;
    }

    @Override // n6.b0
    public void d(c0 c0Var, k6.g gVar) {
        if (gVar != k6.g.Application) {
            throw new l6.j("incorrect protection level");
        }
        k6.f fVar = new k6.f(this.f11533c, c0Var);
        this.f11514u.add(fVar);
        this.f11498e.k(fVar);
    }

    @Override // n6.b0
    public void e(x xVar, k6.g gVar) {
        if (gVar != k6.g.Handshake) {
            throw new l6.j("incorrect protection level");
        }
        if (this.f11505l != a.ServerHelloReceived) {
            throw new l6.j("unexpected encrypted extensions message");
        }
        final List list = (List) this.f11504k.stream().map(new Function() { // from class: n6.g1
            @Override // java.util.function.Function
            public final Object apply(Object obj) {
                Class cls;
                cls = ((m6.m) obj).getClass();
                return cls;
            }
        }).collect(Collectors.toList());
        if (!xVar.l().stream().filter(new Predicate() { // from class: n6.x0
            @Override // java.util.function.Predicate
            public final boolean test(Object obj) {
                boolean U;
                U = k1.U((m6.m) obj);
                return U;
            }
        }).allMatch(new Predicate() { // from class: n6.q0
            @Override // java.util.function.Predicate
            public final boolean test(Object obj) {
                boolean V;
                V = k1.V(list, (m6.m) obj);
                return V;
            }
        })) {
            throw new l6.k("extension response to missing request");
        }
        if (((Set) xVar.l().stream().map(new Function() { // from class: n6.o0
            @Override // java.util.function.Function
            public final Object apply(Object obj) {
                Class cls;
                cls = ((m6.m) obj).getClass();
                return cls;
            }
        }).collect(Collectors.toSet())).size() != xVar.l().size()) {
            throw new l6.k("duplicate extensions not allowed");
        }
        this.f11507n.h(xVar);
        this.f11505l = a.EncryptedExtensionsReceived;
        this.f11498e.c(xVar.l());
    }

    @Override // n6.b0
    public void f(h0 h0Var, k6.g gVar) {
        boolean anyMatch = h0Var.n().stream().anyMatch(new Predicate() { // from class: n6.b1
            @Override // java.util.function.Predicate
            public final boolean test(Object obj) {
                boolean c02;
                c02 = k1.c0((m6.m) obj);
                return c02;
            }
        });
        boolean anyMatch2 = h0Var.n().stream().anyMatch(new Predicate() { // from class: n6.t0
            @Override // java.util.function.Predicate
            public final boolean test(Object obj) {
                boolean d02;
                d02 = k1.d0((m6.m) obj);
                return d02;
            }
        });
        if (!anyMatch || !anyMatch2) {
            throw new l6.h();
        }
        if (((Short) h0Var.n().stream().filter(new Predicate() { // from class: n6.v0
            @Override // java.util.function.Predicate
            public final boolean test(Object obj) {
                boolean e02;
                e02 = k1.e0((m6.m) obj);
                return e02;
            }
        }).map(new Function() { // from class: n6.f1
            @Override // java.util.function.Function
            public final Object apply(Object obj) {
                Short f02;
                f02 = k1.f0((m6.m) obj);
                return f02;
            }
        }).findFirst().get()).shortValue() != 772) {
            throw new l6.f("invalid tls version");
        }
        if (h0Var.n().stream().anyMatch(new Predicate() { // from class: n6.a1
            @Override // java.util.function.Predicate
            public final boolean test(Object obj) {
                boolean g02;
                g02 = k1.g0((m6.m) obj);
                return g02;
            }
        })) {
            throw new l6.f("illegal extension in server hello");
        }
        Optional findFirst = h0Var.n().stream().filter(new Predicate() { // from class: n6.u0
            @Override // java.util.function.Predicate
            public final boolean test(Object obj) {
                boolean h02;
                h02 = k1.h0((m6.m) obj);
                return h02;
            }
        }).map(new Function() { // from class: n6.h1
            @Override // java.util.function.Function
            public final Object apply(Object obj) {
                w.b i02;
                i02 = k1.i0((m6.m) obj);
                return i02;
            }
        }).findFirst();
        Optional<m6.m> findFirst2 = h0Var.n().stream().filter(new Predicate() { // from class: n6.w0
            @Override // java.util.function.Predicate
            public final boolean test(Object obj) {
                boolean j02;
                j02 = k1.j0((m6.m) obj);
                return j02;
            }
        }).findFirst();
        if (!findFirst.isPresent() && !findFirst2.isPresent()) {
            throw new l6.h(" either the pre_shared_key extension or the key_share extension must be present");
        }
        if (findFirst2.isPresent()) {
            this.f11515v = true;
            System.out.println("JOH! PSK accepted!");
        }
        if (!this.f11501h.contains(h0Var.m())) {
            throw new l6.f("cipher suite does not match");
        }
        this.f11502i = h0Var.m();
        if (findFirst2.isPresent()) {
            this.f11533c.u(((m6.b0) findFirst2.get()).d());
            k6.d.a("Server has accepted PSK key establishment");
        } else {
            this.f11533c.r();
        }
        if (findFirst.isPresent()) {
            this.f11533c.t(((w.b) findFirst.get()).a());
            this.f11533c.i();
        }
        this.f11507n.h(h0Var);
        this.f11533c.e();
        this.f11505l = a.ServerHelloReceived;
        this.f11498e.C();
    }

    @Override // n6.b0
    public void h(y yVar, k6.g gVar) {
        if (gVar != k6.g.Handshake) {
            throw new l6.j("incorrect protection level");
        }
        if (this.f11505l != (this.f11515v ? a.EncryptedExtensionsReceived : a.CertificateVerifyReceived)) {
            throw new l6.j("unexpected finished message");
        }
        this.f11507n.j(yVar);
        k6.t tVar = this.f11507n;
        k6.k kVar = k6.k.certificate_verify;
        if (!Arrays.equals(yVar.i(), n(tVar.g(kVar), this.f11533c.o()))) {
            throw new l6.c("incorrect finished message");
        }
        if (this.f11516w) {
            n0();
        }
        y yVar2 = new y(n(this.f11507n.d(kVar), this.f11533c.l()));
        this.f11497d.a(yVar2);
        this.f11507n.i(yVar2);
        this.f11533c.a();
        this.f11533c.h();
        this.f11505l = a.Finished;
        this.f11498e.p();
    }

    public void o0(Function<List<X500Principal>, k6.a> function) {
        this.f11518y = function;
    }

    public void p0(k6.f fVar) {
        this.f11512s = fVar;
    }

    public void q0(String str) {
        this.f11499f = str;
    }

    public void r0(X509TrustManager x509TrustManager) {
        this.f11511r = x509TrustManager;
    }

    public void s0() {
        List<k6.n> a10;
        k6.l lVar = k6.l.secp256r1;
        a10 = e6.d0.a(new Object[]{k6.n.rsa_pss_rsae_sha256, k6.n.ecdsa_secp256r1_sha256});
        t0(lVar, a10);
    }

    public void t0(k6.l lVar, List<k6.n> list) {
        if (list.stream().anyMatch(new Predicate() { // from class: n6.s0
            @Override // java.util.function.Predicate
            public final boolean test(Object obj) {
                boolean m02;
                m02 = k1.m0((k6.n) obj);
                return m02;
            }
        })) {
            ArrayList arrayList = new ArrayList(list);
            arrayList.removeAll(A);
            throw new IllegalArgumentException("Unsupported signature scheme(s): " + arrayList);
        }
        this.f11508o = list;
        p(lVar);
        if (this.f11499f == null || this.f11501h.isEmpty()) {
            throw new IllegalStateException("not all mandatory properties are set");
        }
        this.f11507n = new k6.t(32);
        List list2 = this.f11503j;
        if (this.f11512s != null) {
            list2 = new ArrayList();
            list2.addAll(this.f11503j);
            this.f11533c = new k6.p(this.f11507n, this.f11512s.b());
            list2.add(new m6.k(this.f11512s));
        } else {
            this.f11533c = new k6.p(this.f11507n);
        }
        r rVar = new r(this.f11499f, this.f11531a, this.f11500g, this.f11501h, this.f11508o, lVar, list2, this.f11533c, r.b.PSKwithDHE);
        this.f11506m = rVar;
        this.f11504k = rVar.r();
        this.f11497d.d(this.f11506m);
        this.f11505l = a.ClientHelloSent;
        this.f11507n.h(this.f11506m);
        this.f11533c.s(this.f11532b);
        this.f11533c.d();
        this.f11498e.b();
    }

    protected boolean u0(byte[] bArr, k6.n nVar, Certificate certificate, byte[] bArr2) {
        String str;
        ByteBuffer allocate = ByteBuffer.allocate("TLS 1.3, server CertificateVerify".getBytes(B).length + 64 + 1 + bArr2.length);
        for (int i10 = 0; i10 < 64; i10++) {
            allocate.put((byte) 32);
        }
        allocate.put("TLS 1.3, server CertificateVerify".getBytes(B));
        allocate.put((byte) 0);
        allocate.put(bArr2);
        try {
            Signature q10 = q(nVar);
            q10.initVerify(certificate);
            q10.update(allocate.array());
            return q10.verify(bArr);
        } catch (InvalidKeyException unused) {
            str = "Certificate verify: invalid key.";
            k6.d.a(str);
            return false;
        } catch (SignatureException unused2) {
            str = "Certificate verify: invalid signature.";
            k6.d.a(str);
            return false;
        }
    }
}
