package org.bouncycastle.tls;

import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.util.Enumeration;
import java.util.Hashtable;
import java.util.Vector;
import org.bouncycastle.tls.crypto.TlsSecret;
import org.bouncycastle.util.Arrays;

/* loaded from: classes4.dex */
public class TlsClientProtocol extends TlsProtocol {
    protected TlsAuthentication authentication;
    protected CertificateRequest certificateRequest;
    protected CertificateStatus certificateStatus;
    protected Hashtable clientAgreements;
    protected TlsKeyExchange keyExchange;
    protected TlsClient tlsClient;
    TlsClientContextImpl tlsClientContext;

    public TlsClientProtocol() {
        this.tlsClient = null;
        this.tlsClientContext = null;
        this.clientAgreements = null;
        this.keyExchange = null;
        this.authentication = null;
        this.certificateStatus = null;
        this.certificateRequest = null;
    }

    public TlsClientProtocol(InputStream inputStream, OutputStream outputStream) {
        super(inputStream, outputStream);
        this.tlsClient = null;
        this.tlsClientContext = null;
        this.clientAgreements = null;
        this.keyExchange = null;
        this.authentication = null;
        this.certificateStatus = null;
        this.certificateRequest = null;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.bouncycastle.tls.TlsProtocol
    public void beginHandshake(boolean z) throws IOException {
        SessionParameters exportSessionParameters;
        super.beginHandshake(z);
        TlsSession sessionToResume = this.tlsClient.getSessionToResume();
        if (sessionToResume != null && sessionToResume.isResumable() && (exportSessionParameters = sessionToResume.exportSessionParameters()) != null && (exportSessionParameters.isExtendedMasterSecret() || (!this.tlsClient.requiresExtendedMasterSecret() && this.tlsClient.allowLegacyResumption()))) {
            TlsSecret masterSecret = exportSessionParameters.getMasterSecret();
            synchronized (masterSecret) {
                if (masterSecret.isAlive()) {
                    this.tlsSession = sessionToResume;
                    this.sessionParameters = exportSessionParameters;
                    this.sessionMasterSecret = this.tlsClientContext.getCrypto().adoptSecret(masterSecret);
                }
            }
        }
        sendClientHelloMessage();
        this.connection_state = (short) 1;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.bouncycastle.tls.TlsProtocol
    public void cleanupHandshake() {
        super.cleanupHandshake();
        this.keyExchange = null;
        this.authentication = null;
        this.certificateStatus = null;
        this.certificateRequest = null;
    }

    public void connect(TlsClient tlsClient) throws IOException {
        if (tlsClient == null) {
            throw new IllegalArgumentException("'tlsClient' cannot be null");
        }
        if (this.tlsClient != null) {
            throw new IllegalStateException("'connect' can only be called once");
        }
        this.tlsClient = tlsClient;
        TlsClientContextImpl tlsClientContextImpl = new TlsClientContextImpl(tlsClient.getCrypto());
        this.tlsClientContext = tlsClientContextImpl;
        this.tlsClient.init(tlsClientContextImpl);
        this.recordStream.init(this.tlsClientContext);
        tlsClient.notifyCloseHandle(this);
        beginHandshake(false);
        if (this.blocking) {
            blockForHandshake();
        }
    }

    @Override // org.bouncycastle.tls.TlsProtocol
    protected TlsContext getContext() {
        return this.tlsClientContext;
    }

    @Override // org.bouncycastle.tls.TlsProtocol
    AbstractTlsContext getContextAdmin() {
        return this.tlsClientContext;
    }

    @Override // org.bouncycastle.tls.TlsProtocol
    protected TlsPeer getPeer() {
        return this.tlsClient;
    }

    protected void handle13HandshakeMessage(short s, HandshakeMessageInput handshakeMessageInput) throws IOException {
        if (!isTLSv13ConnectionState()) {
            throw new TlsFatalAlert((short) 80);
        }
        if (this.resumedSession) {
            throw new TlsFatalAlert((short) 80);
        }
        short s2 = 4;
        if (s == 2) {
            short s3 = this.connection_state;
            if (s3 == 1) {
                throw new TlsFatalAlert((short) 80);
            }
            if (s3 != 3) {
                throw new TlsFatalAlert((short) 10);
            }
            ServerHello parse = ServerHello.parse(handshakeMessageInput);
            if (parse.isHelloRetryRequest()) {
                throw new TlsFatalAlert((short) 10);
            }
            process13ServerHello(parse, true);
            handshakeMessageInput.updateHash(this.handshakeHash);
        } else {
            if (s == 4) {
                if (this.connection_state != 21) {
                    throw new TlsFatalAlert((short) 10);
                }
                receive13NewSessionTicket(handshakeMessageInput);
                return;
            }
            if (s == 8) {
                if (this.connection_state != 4) {
                    throw new TlsFatalAlert((short) 10);
                }
                receive13EncryptedExtensions(handshakeMessageInput);
                this.connection_state = (short) 5;
                return;
            }
            s2 = 11;
            if (s == 11) {
                short s4 = this.connection_state;
                if (s4 == 5) {
                    skip13CertificateRequest();
                } else if (s4 != 11) {
                    throw new TlsFatalAlert((short) 10);
                }
                receive13ServerCertificate(handshakeMessageInput);
                this.connection_state = (short) 7;
                return;
            }
            if (s != 13) {
                if (s == 15) {
                    if (this.connection_state != 7) {
                        throw new TlsFatalAlert((short) 10);
                    }
                    receive13ServerCertificateVerify(handshakeMessageInput);
                    handshakeMessageInput.updateHash(this.handshakeHash);
                    this.connection_state = (short) 9;
                    return;
                }
                if (s != 20) {
                    if (s != 24) {
                        throw new TlsFatalAlert((short) 10);
                    }
                    if (this.connection_state != 21) {
                        throw new TlsFatalAlert((short) 10);
                    }
                    receive13ServerKeyUpdate(handshakeMessageInput);
                    return;
                }
                short s5 = this.connection_state;
                if (s5 != 5) {
                    if (s5 != 9) {
                        if (s5 != 11) {
                            throw new TlsFatalAlert((short) 10);
                        }
                    }
                    receive13ServerFinished(handshakeMessageInput);
                    handshakeMessageInput.updateHash(this.handshakeHash);
                    this.connection_state = (short) 20;
                    this.connection_state = (short) 18;
                    completeHandshake();
                    return;
                }
                skip13CertificateRequest();
                skip13ServerCertificate();
                receive13ServerFinished(handshakeMessageInput);
                handshakeMessageInput.updateHash(this.handshakeHash);
                this.connection_state = (short) 20;
                this.connection_state = (short) 18;
                completeHandshake();
                return;
            }
            short s6 = this.connection_state;
            if (s6 != 5) {
                if (s6 == 21) {
                    throw new TlsFatalAlert((short) 10);
                }
                throw new TlsFatalAlert((short) 10);
            }
            receive13CertificateRequest(handshakeMessageInput);
        }
        this.connection_state = s2;
    }

    /* JADX WARN: Removed duplicated region for block: B:44:0x00a2  */
    /* JADX WARN: Removed duplicated region for block: B:47:0x00ad  */
    /* JADX WARN: Removed duplicated region for block: B:50:0x00e6  */
    /* JADX WARN: Removed duplicated region for block: B:53:0x00fd  */
    /* JADX WARN: Removed duplicated region for block: B:56:0x0114  */
    /* JADX WARN: Removed duplicated region for block: B:59:0x0128  */
    /* JADX WARN: Removed duplicated region for block: B:62:0x00b4  */
    @Override // org.bouncycastle.tls.TlsProtocol
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    protected void handleHandshakeMessage(short r12, org.bouncycastle.tls.HandshakeMessageInput r13) throws java.io.IOException {
        /*
            Method dump skipped, instructions count: 684
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: org.bouncycastle.tls.TlsClientProtocol.handleHandshakeMessage(short, org.bouncycastle.tls.HandshakeMessageInput):void");
    }

    protected void handleServerCertificate() throws IOException {
        TlsUtils.processServerCertificate(this.tlsClientContext, this.tlsClient, this.certificateStatus, this.keyExchange, this.authentication, this.clientExtensions, this.serverExtensions);
    }

    protected void handleSupplementalData(Vector vector) throws IOException {
        this.tlsClient.processServerSupplementalData(vector);
        this.connection_state = (short) 6;
        this.keyExchange = TlsUtils.initKeyExchangeClient(this.tlsClientContext, this.tlsClient);
    }

    protected void process13HelloRetryRequest(ServerHello serverHello) throws IOException {
        throw new TlsFatalAlert((short) 80);
    }

    protected void process13ServerHello(ServerHello serverHello, boolean z) throws IOException {
        throw new TlsFatalAlert((short) 80);
    }

    protected void processServerHelloMessage(ServerHello serverHello) throws IOException {
        this.serverExtensions = serverHello.getExtensions();
        ProtocolVersion version = serverHello.getVersion();
        ProtocolVersion supportedVersionsExtensionServer = TlsExtensionsUtils.getSupportedVersionsExtensionServer(this.serverExtensions);
        if (supportedVersionsExtensionServer != null) {
            if (!ProtocolVersion.TLSv13.isEqualOrEarlierVersionOf(supportedVersionsExtensionServer)) {
                throw new TlsFatalAlert((short) 47);
            }
            version = supportedVersionsExtensionServer;
        }
        if (!ProtocolVersion.isSupportedTLSVersion(version)) {
            throw new TlsFatalAlert((short) 47);
        }
        SecurityParameters securityParametersHandshake = this.tlsClientContext.getSecurityParametersHandshake();
        if (securityParametersHandshake.isRenegotiating()) {
            if (!version.equals(this.tlsClientContext.getServerVersion())) {
                throw new TlsFatalAlert((short) 47);
            }
        } else {
            if (!ProtocolVersion.contains(this.tlsClientContext.getClientSupportedVersions(), version)) {
                throw new TlsFatalAlert((short) 47);
            }
            this.recordStream.setWriteVersion(version.isLaterVersionOf(ProtocolVersion.TLSv12) ? ProtocolVersion.TLSv12 : version);
            securityParametersHandshake.negotiatedVersion = version;
        }
        TlsUtils.negotiatedVersion(this.tlsClientContext);
        this.tlsClient.notifyServerVersion(version);
        securityParametersHandshake.serverRandom = serverHello.getRandom();
        if (!this.tlsClientContext.getClientVersion().equals(version)) {
            TlsUtils.checkDowngradeMarker(version, securityParametersHandshake.getServerRandom());
        }
        byte[] sessionID = serverHello.getSessionID();
        if (ProtocolVersion.TLSv13.isEqualOrEarlierVersionOf(version)) {
            if (!Arrays.areEqual(TlsUtils.getSessionID(this.tlsSession), sessionID)) {
                throw new TlsFatalAlert((short) 47);
            }
            sessionID = TlsUtils.EMPTY_BYTES;
        }
        securityParametersHandshake.sessionID = sessionID;
        this.tlsClient.notifySessionID(sessionID);
        boolean z = false;
        this.resumedSession = sessionID.length > 0 && this.tlsSession != null && Arrays.areEqual(sessionID, this.tlsSession.getSessionID());
        int cipherSuite = serverHello.getCipherSuite();
        if (!Arrays.contains(this.offeredCipherSuites, cipherSuite) || cipherSuite == 0 || CipherSuite.isSCSV(cipherSuite) || !TlsUtils.isValidCipherSuiteForVersion(cipherSuite, this.tlsClientContext.getServerVersion())) {
            throw new TlsFatalAlert((short) 47);
        }
        securityParametersHandshake.cipherSuite = cipherSuite;
        TlsUtils.negotiatedCipherSuite(this.tlsClientContext);
        this.tlsClient.notifySelectedCipherSuite(cipherSuite);
        if (this.serverExtensions != null) {
            Enumeration keys = this.serverExtensions.keys();
            while (keys.hasMoreElements()) {
                Integer num = (Integer) keys.nextElement();
                if (!num.equals(EXT_RenegotiationInfo)) {
                    if (TlsUtils.getExtensionData(this.clientExtensions, num) == null) {
                        throw new TlsFatalAlert(AlertDescription.unsupported_extension);
                    }
                    boolean z2 = this.resumedSession;
                }
            }
        }
        byte[] extensionData = TlsUtils.getExtensionData(this.serverExtensions, EXT_RenegotiationInfo);
        if (securityParametersHandshake.isRenegotiating()) {
            if (!securityParametersHandshake.isSecureRenegotiation()) {
                throw new TlsFatalAlert((short) 80);
            }
            if (extensionData == null) {
                throw new TlsFatalAlert((short) 40);
            }
            SecurityParameters securityParametersConnection = this.tlsClientContext.getSecurityParametersConnection();
            if (!Arrays.constantTimeAreEqual(extensionData, createRenegotiationInfo(TlsUtils.concat(securityParametersConnection.getLocalVerifyData(), securityParametersConnection.getPeerVerifyData())))) {
                throw new TlsFatalAlert((short) 40);
            }
        } else if (extensionData == null) {
            securityParametersHandshake.secureRenegotiation = false;
        } else {
            securityParametersHandshake.secureRenegotiation = true;
            if (!Arrays.constantTimeAreEqual(extensionData, createRenegotiationInfo(TlsUtils.EMPTY_BYTES))) {
                throw new TlsFatalAlert((short) 40);
            }
        }
        this.tlsClient.notifySecureRenegotiation(securityParametersHandshake.isSecureRenegotiation());
        boolean hasExtendedMasterSecretExtension = TlsExtensionsUtils.hasExtendedMasterSecretExtension(this.serverExtensions);
        if (hasExtendedMasterSecretExtension) {
            if (version.isSSL() || (!this.resumedSession && !this.tlsClient.shouldUseExtendedMasterSecret())) {
                throw new TlsFatalAlert((short) 40);
            }
        } else if (this.tlsClient.requiresExtendedMasterSecret() || (this.resumedSession && !this.tlsClient.allowLegacyResumption())) {
            throw new TlsFatalAlert((short) 40);
        }
        securityParametersHandshake.extendedMasterSecret = hasExtendedMasterSecretExtension;
        securityParametersHandshake.applicationProtocol = TlsExtensionsUtils.getALPNExtensionServer(this.serverExtensions);
        securityParametersHandshake.applicationProtocolSet = true;
        Hashtable hashtable = this.clientExtensions;
        Hashtable hashtable2 = this.serverExtensions;
        if (this.resumedSession) {
            if (securityParametersHandshake.getCipherSuite() != this.sessionParameters.getCipherSuite() || this.sessionParameters.getCompressionAlgorithm() != 0 || !version.equals(this.sessionParameters.getNegotiatedVersion())) {
                throw new TlsFatalAlert((short) 47);
            }
            hashtable2 = this.sessionParameters.readServerExtensions();
            hashtable = null;
        }
        if (hashtable2 != null && !hashtable2.isEmpty()) {
            boolean hasEncryptThenMACExtension = TlsExtensionsUtils.hasEncryptThenMACExtension(hashtable2);
            if (hasEncryptThenMACExtension && !TlsUtils.isBlockCipherSuite(securityParametersHandshake.getCipherSuite())) {
                throw new TlsFatalAlert((short) 47);
            }
            securityParametersHandshake.encryptThenMAC = hasEncryptThenMACExtension;
            securityParametersHandshake.maxFragmentLength = processMaxFragmentLengthExtension(hashtable, hashtable2, (short) 47);
            securityParametersHandshake.truncatedHMac = TlsExtensionsUtils.hasTruncatedHMacExtension(hashtable2);
            this.allowCertificateStatus = !this.resumedSession && TlsUtils.hasExpectedEmptyExtensionData(hashtable2, TlsExtensionsUtils.EXT_status_request, (short) 47);
            if (!this.resumedSession && TlsUtils.hasExpectedEmptyExtensionData(hashtable2, TlsProtocol.EXT_SessionTicket, (short) 47)) {
                z = true;
            }
            this.expectSessionTicket = z;
        }
        if (hashtable != null) {
            this.tlsClient.processServerExtensions(hashtable2);
        }
        securityParametersHandshake.prfAlgorithm = getPRFAlgorithm(this.tlsClientContext, securityParametersHandshake.getCipherSuite());
        securityParametersHandshake.verifyDataLength = securityParametersHandshake.getNegotiatedVersion().isSSL() ? 36 : 12;
        applyMaxFragmentLengthExtension();
        if (this.resumedSession) {
            securityParametersHandshake.masterSecret = this.sessionMasterSecret;
            this.recordStream.setPendingConnectionState(TlsUtils.initCipher(this.tlsClientContext));
        } else {
            invalidateSession();
            this.tlsSession = TlsUtils.importSession(securityParametersHandshake.getSessionID(), null);
            this.sessionParameters = null;
            this.sessionMasterSecret = null;
        }
    }

    protected void receive13CertificateRequest(ByteArrayInputStream byteArrayInputStream) throws IOException {
        throw new TlsFatalAlert((short) 80);
    }

    protected void receive13EncryptedExtensions(ByteArrayInputStream byteArrayInputStream) throws IOException {
        throw new TlsFatalAlert((short) 80);
    }

    protected void receive13NewSessionTicket(ByteArrayInputStream byteArrayInputStream) throws IOException {
        throw new TlsFatalAlert((short) 80);
    }

    protected void receive13ServerCertificate(ByteArrayInputStream byteArrayInputStream) throws IOException {
        throw new TlsFatalAlert((short) 80);
    }

    protected void receive13ServerCertificateVerify(ByteArrayInputStream byteArrayInputStream) throws IOException {
        throw new TlsFatalAlert((short) 80);
    }

    protected void receive13ServerFinished(ByteArrayInputStream byteArrayInputStream) throws IOException {
        throw new TlsFatalAlert((short) 80);
    }

    protected void receive13ServerKeyUpdate(ByteArrayInputStream byteArrayInputStream) throws IOException {
        throw new TlsFatalAlert((short) 80);
    }

    protected void receiveNewSessionTicketMessage(ByteArrayInputStream byteArrayInputStream) throws IOException {
        NewSessionTicket parse = NewSessionTicket.parse(byteArrayInputStream);
        assertEmpty(byteArrayInputStream);
        this.tlsClient.notifyNewSessionTicket(parse);
    }

    protected void send13ClientHelloRetryMessage() throws IOException {
        throw new TlsFatalAlert((short) 80);
    }

    protected void sendCertificateVerifyMessage(DigitallySigned digitallySigned) throws IOException {
        HandshakeMessageOutput handshakeMessageOutput = new HandshakeMessageOutput((short) 15);
        digitallySigned.encode(handshakeMessageOutput);
        handshakeMessageOutput.send(this);
    }

    protected void sendClientHelloMessage() throws IOException {
        RecordStream recordStream;
        ProtocolVersion protocolVersion;
        ProtocolVersion latestTLS;
        ProtocolVersion protocolVersion2;
        SecurityParameters securityParametersHandshake = this.tlsClientContext.getSecurityParametersHandshake();
        if (securityParametersHandshake.isRenegotiating()) {
            latestTLS = this.tlsClientContext.getClientVersion();
        } else {
            this.tlsClientContext.setClientSupportedVersions(this.tlsClient.getProtocolVersions());
            if (ProtocolVersion.contains(this.tlsClientContext.getClientSupportedVersions(), ProtocolVersion.SSLv3)) {
                recordStream = this.recordStream;
                protocolVersion = ProtocolVersion.SSLv3;
            } else {
                recordStream = this.recordStream;
                protocolVersion = ProtocolVersion.TLSv10;
            }
            recordStream.setWriteVersion(protocolVersion);
            latestTLS = ProtocolVersion.getLatestTLS(this.tlsClientContext.getClientSupportedVersions());
            if (!ProtocolVersion.isSupportedTLSVersion(latestTLS)) {
                throw new TlsFatalAlert((short) 80);
            }
            this.tlsClientContext.setClientVersion(latestTLS);
        }
        byte[] sessionID = TlsUtils.getSessionID(this.tlsSession);
        boolean isFallback = this.tlsClient.isFallback();
        this.offeredCipherSuites = this.tlsClient.getCipherSuites();
        if (sessionID.length > 0 && this.sessionParameters != null && (!Arrays.contains(this.offeredCipherSuites, this.sessionParameters.getCipherSuite()) || this.sessionParameters.getCompressionAlgorithm() != 0)) {
            sessionID = TlsUtils.EMPTY_BYTES;
        }
        byte[] bArr = sessionID;
        this.clientExtensions = TlsExtensionsUtils.ensureExtensionsInitialised(this.tlsClient.getClientExtensions());
        if (latestTLS.isLaterVersionOf(ProtocolVersion.TLSv12)) {
            ProtocolVersion protocolVersion3 = ProtocolVersion.TLSv12;
            TlsExtensionsUtils.addSupportedVersionsExtensionClient(this.clientExtensions, this.tlsClientContext.getClientSupportedVersions());
            protocolVersion2 = protocolVersion3;
        } else {
            protocolVersion2 = latestTLS;
        }
        this.tlsClientContext.setRSAPreMasterSecretVersion(protocolVersion2);
        securityParametersHandshake.clientServerNames = TlsExtensionsUtils.getServerNameExtensionClient(this.clientExtensions);
        if (TlsUtils.isSignatureAlgorithmsExtensionAllowed(latestTLS)) {
            TlsUtils.establishClientSigAlgs(securityParametersHandshake, this.clientExtensions);
        }
        securityParametersHandshake.clientSupportedGroups = TlsExtensionsUtils.getSupportedGroupsExtension(this.clientExtensions);
        this.clientAgreements = TlsUtils.addEarlyKeySharesToClientHello(this.tlsClientContext, this.tlsClient, this.clientExtensions);
        if (!latestTLS.isSSL() && this.tlsClient.shouldUseExtendedMasterSecret()) {
            TlsExtensionsUtils.addExtendedMasterSecretExtension(this.clientExtensions);
        } else if (this.tlsClient.requiresExtendedMasterSecret()) {
            throw new TlsFatalAlert((short) 80);
        }
        securityParametersHandshake.clientRandom = createRandomBlock(this.tlsClient.shouldUseGMTUnixTime(), this.tlsClientContext);
        if (!securityParametersHandshake.isRenegotiating()) {
            boolean z = TlsUtils.getExtensionData(this.clientExtensions, EXT_RenegotiationInfo) == null;
            boolean z2 = !Arrays.contains(this.offeredCipherSuites, 255);
            if (z && z2) {
                this.offeredCipherSuites = Arrays.append(this.offeredCipherSuites, 255);
            }
        } else {
            if (!securityParametersHandshake.isSecureRenegotiation()) {
                throw new TlsFatalAlert((short) 80);
            }
            this.clientExtensions.put(EXT_RenegotiationInfo, createRenegotiationInfo(this.tlsClientContext.getSecurityParametersConnection().getLocalVerifyData()));
        }
        if (isFallback && !Arrays.contains(this.offeredCipherSuites, CipherSuite.TLS_FALLBACK_SCSV)) {
            this.offeredCipherSuites = Arrays.append(this.offeredCipherSuites, CipherSuite.TLS_FALLBACK_SCSV);
        }
        ClientHello clientHello = new ClientHello(protocolVersion2, securityParametersHandshake.getClientRandom(), bArr, null, this.offeredCipherSuites, this.clientExtensions);
        HandshakeMessageOutput handshakeMessageOutput = new HandshakeMessageOutput((short) 1);
        clientHello.encode(this.tlsClientContext, handshakeMessageOutput);
        handshakeMessageOutput.send(this);
    }

    protected void sendClientKeyExchangeMessage() throws IOException {
        HandshakeMessageOutput handshakeMessageOutput = new HandshakeMessageOutput((short) 16);
        this.keyExchange.generateClientKeyExchange(handshakeMessageOutput);
        handshakeMessageOutput.send(this);
    }

    protected void skip13CertificateRequest() throws IOException {
        throw new TlsFatalAlert((short) 80);
    }

    protected void skip13ServerCertificate() throws IOException {
        throw new TlsFatalAlert((short) 80);
    }
}
