package org.bouncycastle.crypto.tls;

import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.EOFException;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.security.SecureRandom;
import java.util.Enumeration;
import java.util.Hashtable;
import java.util.Vector;
import org.bouncycastle.crypto.Digest;
import org.bouncycastle.crypto.prng.RandomGenerator;
import org.bouncycastle.crypto.tls.SessionParameters;
import org.bouncycastle.util.Arrays;
import org.bouncycastle.util.Integers;

/* compiled from: ProGuard */
/* loaded from: classes7.dex */
public abstract class TlsProtocol {
    public static final short ADS_MODE_0_N = 1;
    public static final short ADS_MODE_0_N_FIRSTONLY = 2;
    public static final short ADS_MODE_1_Nsub1 = 0;
    public static final short CS_CERTIFICATE_REQUEST = 7;
    public static final short CS_CERTIFICATE_STATUS = 5;
    public static final short CS_CERTIFICATE_VERIFY = 12;
    public static final short CS_CLIENT_CERTIFICATE = 10;
    public static final short CS_CLIENT_FINISHED = 13;
    public static final short CS_CLIENT_HELLO = 1;
    public static final short CS_CLIENT_KEY_EXCHANGE = 11;
    public static final short CS_CLIENT_SUPPLEMENTAL_DATA = 9;
    public static final short CS_END = 16;
    public static final short CS_SERVER_CERTIFICATE = 4;
    public static final short CS_SERVER_FINISHED = 15;
    public static final short CS_SERVER_HELLO = 2;
    public static final short CS_SERVER_HELLO_DONE = 8;
    public static final short CS_SERVER_KEY_EXCHANGE = 6;
    public static final short CS_SERVER_SESSION_TICKET = 14;
    public static final short CS_SERVER_SUPPLEMENTAL_DATA = 3;
    public static final short CS_START = 0;
    public static final Integer EXT_RenegotiationInfo = Integers.valueOf(65281);
    public static final Integer EXT_SessionTicket = Integers.valueOf(35);
    private static final String TLS_ERROR_MESSAGE = "Internal TLS error, this could be an attack";
    private ByteQueue alertQueue;
    public boolean allowCertificateStatus;
    private volatile boolean appDataReady;
    private volatile boolean appDataSplitEnabled;
    private volatile int appDataSplitMode;
    private ByteQueue applicationDataQueue;
    public boolean blocking;
    public Hashtable clientExtensions;
    private volatile boolean closed;
    public short connection_state;
    public boolean expectSessionTicket;
    private byte[] expected_verify_data;
    private volatile boolean failedWithError;
    private ByteQueue handshakeQueue;
    public ByteQueueInputStream inputBuffers;
    public int[] offeredCipherSuites;
    public short[] offeredCompressionMethods;
    public ByteQueueOutputStream outputBuffer;
    public Certificate peerCertificate;
    public boolean receivedChangeCipherSpec;
    public RecordStream recordStream;
    public boolean resumedSession;
    public SecureRandom secureRandom;
    public boolean secure_renegotiation;
    public SecurityParameters securityParameters;
    public Hashtable serverExtensions;
    public SessionParameters sessionParameters;
    private TlsInputStream tlsInputStream;
    private TlsOutputStream tlsOutputStream;
    public TlsSession tlsSession;

    /* compiled from: ProGuard */
    /* loaded from: classes7.dex */
    public class HandshakeMessage extends ByteArrayOutputStream {
        public HandshakeMessage(TlsProtocol tlsProtocol, short s11) throws IOException {
            this(s11, 60);
        }

        public HandshakeMessage(short s11, int i11) throws IOException {
            super(i11 + 4);
            TlsUtils.writeUint8(s11, (OutputStream) this);
            ((ByteArrayOutputStream) this).count += 3;
        }

        public void writeToRecordStream() throws IOException {
            int i11 = ((ByteArrayOutputStream) this).count - 4;
            TlsUtils.checkUint24(i11);
            TlsUtils.writeUint24(i11, ((ByteArrayOutputStream) this).buf, 1);
            TlsProtocol.this.writeHandshakeMessage(((ByteArrayOutputStream) this).buf, 0, ((ByteArrayOutputStream) this).count);
            ((ByteArrayOutputStream) this).buf = null;
        }
    }

    public TlsProtocol(InputStream inputStream, OutputStream outputStream, SecureRandom secureRandom) {
        this.applicationDataQueue = new ByteQueue(0);
        this.alertQueue = new ByteQueue(2);
        this.handshakeQueue = new ByteQueue(0);
        this.tlsInputStream = null;
        this.tlsOutputStream = null;
        this.closed = false;
        this.failedWithError = false;
        this.appDataReady = false;
        this.appDataSplitEnabled = true;
        this.appDataSplitMode = 0;
        this.expected_verify_data = null;
        this.tlsSession = null;
        this.sessionParameters = null;
        this.securityParameters = null;
        this.peerCertificate = null;
        this.offeredCipherSuites = null;
        this.offeredCompressionMethods = null;
        this.clientExtensions = null;
        this.serverExtensions = null;
        this.connection_state = (short) 0;
        this.resumedSession = false;
        this.receivedChangeCipherSpec = false;
        this.secure_renegotiation = false;
        this.allowCertificateStatus = false;
        this.expectSessionTicket = false;
        this.blocking = true;
        this.recordStream = new RecordStream(this, inputStream, outputStream);
        this.secureRandom = secureRandom;
    }

    public TlsProtocol(SecureRandom secureRandom) {
        this.applicationDataQueue = new ByteQueue(0);
        this.alertQueue = new ByteQueue(2);
        this.handshakeQueue = new ByteQueue(0);
        this.tlsInputStream = null;
        this.tlsOutputStream = null;
        this.closed = false;
        this.failedWithError = false;
        this.appDataReady = false;
        this.appDataSplitEnabled = true;
        this.appDataSplitMode = 0;
        this.expected_verify_data = null;
        this.tlsSession = null;
        this.sessionParameters = null;
        this.securityParameters = null;
        this.peerCertificate = null;
        this.offeredCipherSuites = null;
        this.offeredCompressionMethods = null;
        this.clientExtensions = null;
        this.serverExtensions = null;
        this.connection_state = (short) 0;
        this.resumedSession = false;
        this.receivedChangeCipherSpec = false;
        this.secure_renegotiation = false;
        this.allowCertificateStatus = false;
        this.expectSessionTicket = false;
        this.blocking = false;
        this.inputBuffers = new ByteQueueInputStream();
        this.outputBuffer = new ByteQueueOutputStream();
        this.recordStream = new RecordStream(this, this.inputBuffers, this.outputBuffer);
        this.secureRandom = secureRandom;
    }

    /* JADX WARN: Unreachable blocks removed: 1, instructions: 1 */
    public static void assertEmpty(ByteArrayInputStream byteArrayInputStream) throws IOException {
        if (byteArrayInputStream.available() > 0) {
            throw new TlsFatalAlert((short) 50);
        }
    }

    public static byte[] createRandomBlock(boolean z11, RandomGenerator randomGenerator) {
        byte[] bArr = new byte[32];
        randomGenerator.nextBytes(bArr);
        if (z11) {
            TlsUtils.writeGMTUnixTime(bArr, 0);
        }
        return bArr;
    }

    public static byte[] createRenegotiationInfo(byte[] bArr) throws IOException {
        return TlsUtils.encodeOpaque8(bArr);
    }

    public static void establishMasterSecret(TlsContext tlsContext, TlsKeyExchange tlsKeyExchange) throws IOException {
        byte[] generatePremasterSecret = tlsKeyExchange.generatePremasterSecret();
        try {
            tlsContext.getSecurityParameters().masterSecret = TlsUtils.calculateMasterSecret(tlsContext, generatePremasterSecret);
            if (generatePremasterSecret != null) {
                Arrays.fill(generatePremasterSecret, (byte) 0);
            }
        } catch (Throwable th2) {
            if (generatePremasterSecret != null) {
                Arrays.fill(generatePremasterSecret, (byte) 0);
            }
            throw th2;
        }
    }

    public static byte[] getCurrentPRFHash(TlsContext tlsContext, TlsHandshakeHash tlsHandshakeHash, byte[] bArr) {
        Digest forkPRFHash = tlsHandshakeHash.forkPRFHash();
        if (bArr != null && TlsUtils.isSSL(tlsContext)) {
            forkPRFHash.update(bArr, 0, bArr.length);
        }
        byte[] bArr2 = new byte[forkPRFHash.getDigestSize()];
        forkPRFHash.doFinal(bArr2, 0);
        return bArr2;
    }

    /*  JADX ERROR: JadxRuntimeException in pass: RegionMakerVisitor
        jadx.core.utils.exceptions.JadxRuntimeException: Failed to find switch 'out' block (already processed)
        	at jadx.core.dex.visitors.regions.RegionMaker.calcSwitchOut(RegionMaker.java:923)
        	at jadx.core.dex.visitors.regions.RegionMaker.processSwitch(RegionMaker.java:797)
        	at jadx.core.dex.visitors.regions.RegionMaker.traverse(RegionMaker.java:157)
        	at jadx.core.dex.visitors.regions.RegionMaker.makeRegion(RegionMaker.java:91)
        	at jadx.core.dex.visitors.regions.RegionMaker.processFallThroughCases(RegionMaker.java:841)
        	at jadx.core.dex.visitors.regions.RegionMaker.processSwitch(RegionMaker.java:800)
        	at jadx.core.dex.visitors.regions.RegionMaker.traverse(RegionMaker.java:157)
        	at jadx.core.dex.visitors.regions.RegionMaker.makeRegion(RegionMaker.java:91)
        	at jadx.core.dex.visitors.regions.RegionMaker.processFallThroughCases(RegionMaker.java:841)
        	at jadx.core.dex.visitors.regions.RegionMaker.processSwitch(RegionMaker.java:800)
        	at jadx.core.dex.visitors.regions.RegionMaker.traverse(RegionMaker.java:157)
        	at jadx.core.dex.visitors.regions.RegionMaker.makeRegion(RegionMaker.java:91)
        	at jadx.core.dex.visitors.regions.RegionMaker.processFallThroughCases(RegionMaker.java:841)
        	at jadx.core.dex.visitors.regions.RegionMaker.processSwitch(RegionMaker.java:800)
        	at jadx.core.dex.visitors.regions.RegionMaker.traverse(RegionMaker.java:157)
        	at jadx.core.dex.visitors.regions.RegionMaker.makeRegion(RegionMaker.java:91)
        	at jadx.core.dex.visitors.regions.RegionMaker.processFallThroughCases(RegionMaker.java:841)
        	at jadx.core.dex.visitors.regions.RegionMaker.processSwitch(RegionMaker.java:800)
        	at jadx.core.dex.visitors.regions.RegionMaker.traverse(RegionMaker.java:157)
        	at jadx.core.dex.visitors.regions.RegionMaker.makeRegion(RegionMaker.java:91)
        	at jadx.core.dex.visitors.regions.RegionMaker.processFallThroughCases(RegionMaker.java:841)
        	at jadx.core.dex.visitors.regions.RegionMaker.processSwitch(RegionMaker.java:800)
        	at jadx.core.dex.visitors.regions.RegionMaker.traverse(RegionMaker.java:157)
        	at jadx.core.dex.visitors.regions.RegionMaker.makeRegion(RegionMaker.java:91)
        	at jadx.core.dex.visitors.regions.RegionMaker.processFallThroughCases(RegionMaker.java:841)
        	at jadx.core.dex.visitors.regions.RegionMaker.processSwitch(RegionMaker.java:800)
        	at jadx.core.dex.visitors.regions.RegionMaker.traverse(RegionMaker.java:157)
        	at jadx.core.dex.visitors.regions.RegionMaker.makeRegion(RegionMaker.java:91)
        	at jadx.core.dex.visitors.regions.RegionMaker.processFallThroughCases(RegionMaker.java:841)
        	at jadx.core.dex.visitors.regions.RegionMaker.processSwitch(RegionMaker.java:800)
        	at jadx.core.dex.visitors.regions.RegionMaker.traverse(RegionMaker.java:157)
        	at jadx.core.dex.visitors.regions.RegionMaker.makeRegion(RegionMaker.java:91)
        	at jadx.core.dex.visitors.regions.RegionMaker.processFallThroughCases(RegionMaker.java:841)
        	at jadx.core.dex.visitors.regions.RegionMaker.processSwitch(RegionMaker.java:800)
        	at jadx.core.dex.visitors.regions.RegionMaker.traverse(RegionMaker.java:157)
        	at jadx.core.dex.visitors.regions.RegionMaker.makeRegion(RegionMaker.java:91)
        	at jadx.core.dex.visitors.regions.RegionMaker.processFallThroughCases(RegionMaker.java:841)
        	at jadx.core.dex.visitors.regions.RegionMaker.processSwitch(RegionMaker.java:800)
        	at jadx.core.dex.visitors.regions.RegionMaker.traverse(RegionMaker.java:157)
        	at jadx.core.dex.visitors.regions.RegionMaker.makeRegion(RegionMaker.java:91)
        	at jadx.core.dex.visitors.regions.RegionMakerVisitor.visit(RegionMakerVisitor.java:52)
        */
    /* JADX WARN: Can't fix incorrect switch cases order, some code will duplicate */
    /* JADX WARN: Failed to find 'out' block for switch in B:10:0x001c. Please report as an issue. */
    /* JADX WARN: Failed to find 'out' block for switch in B:12:0x0020. Please report as an issue. */
    /* JADX WARN: Failed to find 'out' block for switch in B:13:0x0023. Please report as an issue. */
    /* JADX WARN: Failed to find 'out' block for switch in B:15:0x0027. Please report as an issue. */
    /* JADX WARN: Failed to find 'out' block for switch in B:17:0x002b. Please report as an issue. */
    /* JADX WARN: Failed to find 'out' block for switch in B:2:0x0009. Please report as an issue. */
    /* JADX WARN: Failed to find 'out' block for switch in B:4:0x000d. Please report as an issue. */
    /* JADX WARN: Failed to find 'out' block for switch in B:6:0x0012. Please report as an issue. */
    /* JADX WARN: Failed to find 'out' block for switch in B:8:0x0018. Please report as an issue. */
    /* JADX WARN: Removed duplicated region for block: B:27:0x0039  */
    /* JADX WARN: Removed duplicated region for block: B:38:0x003f  */
    /* JADX WARN: Unreachable blocks removed: 1, instructions: 2 */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public static int getPRFAlgorithm(org.bouncycastle.crypto.tls.TlsContext r6, int r7) throws java.io.IOException {
        /*
            boolean r4 = org.bouncycastle.crypto.tls.TlsUtils.isTLSv12(r6)
            r6 = r4
            r4 = 1
            r0 = r4
            r1 = 47
            switch(r7) {
                case 59: goto L4b;
                case 60: goto L4b;
                case 61: goto L4b;
                case 62: goto L4b;
                case 63: goto L4b;
                case 64: goto L4b;
                default: goto Lc;
            }
        Lc:
            r5 = 6
            switch(r7) {
                case 103: goto L4b;
                case 104: goto L4b;
                case 105: goto L4b;
                case 106: goto L4b;
                case 107: goto L4b;
                case 108: goto L4b;
                case 109: goto L4b;
                default: goto L10;
            }
        L10:
            r4 = 2
            r2 = r4
            switch(r7) {
                case 156: goto L4b;
                case 157: goto L3f;
                case 158: goto L4b;
                case 159: goto L3f;
                case 160: goto L4b;
                case 161: goto L3f;
                case 162: goto L4b;
                case 163: goto L3f;
                case 164: goto L4b;
                case 165: goto L3f;
                case 166: goto L4b;
                case 167: goto L3f;
                case 168: goto L4b;
                case 169: goto L3f;
                case 170: goto L4b;
                case 171: goto L3f;
                case 172: goto L4b;
                case 173: goto L3f;
                default: goto L15;
            }
        L15:
            r5 = 3
            r4 = 0
            r3 = r4
            switch(r7) {
                case 175: goto L39;
                case 177: goto L39;
                case 179: goto L39;
                case 181: goto L39;
                case 183: goto L39;
                case 49208: goto L39;
                case 49211: goto L39;
                case 49266: goto L4c;
                case 49267: goto L3f;
                case 49268: goto L4c;
                case 49269: goto L3f;
                case 49270: goto L4c;
                case 49271: goto L3f;
                case 49272: goto L4c;
                case 49273: goto L3f;
                case 49274: goto L4c;
                case 49275: goto L3f;
                case 49276: goto L4c;
                case 49277: goto L3f;
                case 49278: goto L4c;
                case 49279: goto L3f;
                case 49280: goto L4c;
                case 49281: goto L3f;
                case 49282: goto L4c;
                case 49283: goto L3f;
                case 49284: goto L4c;
                case 49285: goto L3f;
                case 49286: goto L4c;
                case 49287: goto L3f;
                case 49288: goto L4c;
                case 49289: goto L3f;
                case 49290: goto L4c;
                case 49291: goto L3f;
                case 49292: goto L4c;
                case 49293: goto L3f;
                case 49294: goto L4c;
                case 49295: goto L3f;
                case 49296: goto L4c;
                case 49297: goto L3f;
                case 49298: goto L4c;
                case 49299: goto L3f;
                case 49301: goto L39;
                case 49303: goto L39;
                case 49305: goto L39;
                default: goto L1b;
            }
        L1b:
            r5 = 6
            switch(r7) {
                case 185: goto L39;
                case 186: goto L4b;
                case 187: goto L4b;
                case 188: goto L4b;
                case 189: goto L4b;
                case 190: goto L4b;
                case 191: goto L4b;
                case 192: goto L4b;
                case 193: goto L4b;
                case 194: goto L4b;
                case 195: goto L4b;
                case 196: goto L4b;
                case 197: goto L4b;
                default: goto L1f;
            }
        L1f:
            r5 = 2
            switch(r7) {
                case 49187: goto L4b;
                case 49188: goto L3f;
                case 49189: goto L4b;
                case 49190: goto L3f;
                case 49191: goto L4b;
                case 49192: goto L3f;
                case 49193: goto L4b;
                case 49194: goto L3f;
                case 49195: goto L4b;
                case 49196: goto L3f;
                case 49197: goto L4b;
                case 49198: goto L3f;
                case 49199: goto L4b;
                case 49200: goto L3f;
                case 49201: goto L4b;
                case 49202: goto L3f;
                default: goto L23;
            }
        L23:
            switch(r7) {
                case 49307: goto L39;
                case 49308: goto L4b;
                case 49309: goto L4b;
                case 49310: goto L4b;
                case 49311: goto L4b;
                case 49312: goto L4b;
                case 49313: goto L4b;
                case 49314: goto L4b;
                case 49315: goto L4b;
                case 49316: goto L4b;
                case 49317: goto L4b;
                case 49318: goto L4b;
                case 49319: goto L4b;
                case 49320: goto L4b;
                case 49321: goto L4b;
                case 49322: goto L4b;
                case 49323: goto L4b;
                case 49324: goto L4b;
                case 49325: goto L4b;
                case 49326: goto L4b;
                case 49327: goto L4b;
                default: goto L26;
            }
        L26:
            r5 = 4
            switch(r7) {
                case 52392: goto L4b;
                case 52393: goto L4b;
                case 52394: goto L4b;
                case 52395: goto L4b;
                case 52396: goto L4b;
                case 52397: goto L4b;
                case 52398: goto L4b;
                default: goto L2a;
            }
        L2a:
            r5 = 6
            switch(r7) {
                case 65280: goto L4b;
                case 65281: goto L4b;
                case 65282: goto L4b;
                case 65283: goto L4b;
                case 65284: goto L4b;
                case 65285: goto L4b;
                default: goto L2e;
            }
        L2e:
            r5 = 7
            switch(r7) {
                case 65296: goto L4b;
                case 65297: goto L4b;
                case 65298: goto L4b;
                case 65299: goto L4b;
                case 65300: goto L4b;
                case 65301: goto L4b;
                default: goto L32;
            }
        L32:
            r5 = 2
            if (r6 == 0) goto L37
            r5 = 2
            return r0
        L37:
            r5 = 5
            return r3
        L39:
            r5 = 6
            if (r6 == 0) goto L3d
            return r2
        L3d:
            r5 = 4
            return r3
        L3f:
            if (r6 == 0) goto L42
            return r2
        L42:
            r5 = 4
            org.bouncycastle.crypto.tls.TlsFatalAlert r6 = new org.bouncycastle.crypto.tls.TlsFatalAlert
            r5 = 3
            r6.<init>(r1)
            r5 = 3
            throw r6
        L4b:
            r5 = 4
        L4c:
            r5 = 7
            if (r6 == 0) goto L51
            r5 = 1
            return r0
        L51:
            org.bouncycastle.crypto.tls.TlsFatalAlert r6 = new org.bouncycastle.crypto.tls.TlsFatalAlert
            r5 = 2
            r6.<init>(r1)
            r5 = 5
            throw r6
            r5 = 4
            r5 = 2
        */
        throw new UnsupportedOperationException("Method not decompiled: org.bouncycastle.crypto.tls.TlsProtocol.getPRFAlgorithm(org.bouncycastle.crypto.tls.TlsContext, int):int");
    }

    /* JADX WARN: Unreachable blocks removed: 2, instructions: 2 */
    private void processAlertQueue() throws IOException {
        while (this.alertQueue.available() >= 2) {
            byte[] removeData = this.alertQueue.removeData(2, 0);
            short s11 = removeData[0];
            short s12 = removeData[1];
            getPeer().notifyAlertReceived(s11, s12);
            if (s11 == 2) {
                invalidateSession();
                this.failedWithError = true;
                this.closed = true;
                this.recordStream.safeClose();
                throw new IOException(TLS_ERROR_MESSAGE);
            }
            if (s12 == 0) {
                if (!this.appDataReady) {
                    throw new TlsFatalAlert((short) 40);
                }
                handleClose(false);
            }
            handleWarningMessage(s12);
        }
    }

    private void processApplicationDataQueue() {
    }

    private void processChangeCipherSpec(byte[] bArr, int i11, int i12) throws IOException {
        for (int i13 = 0; i13 < i12; i13++) {
            if (TlsUtils.readUint8(bArr, i11 + i13) != 1) {
                throw new TlsFatalAlert((short) 50);
            }
            if (this.receivedChangeCipherSpec || this.alertQueue.available() > 0 || this.handshakeQueue.available() > 0) {
                throw new TlsFatalAlert((short) 10);
            }
            this.recordStream.receivedReadCipherSpec();
            this.receivedChangeCipherSpec = true;
            handleChangeCipherSpecMessage();
        }
    }

    /* JADX WARN: Removed duplicated region for block: B:13:0x003e  */
    /* JADX WARN: Removed duplicated region for block: B:23:0x006f A[SYNTHETIC] */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    private void processHandshakeQueue(org.bouncycastle.crypto.tls.ByteQueue r14) throws java.io.IOException {
        /*
            r13 = this;
            r9 = r13
        L1:
            int r12 = r14.available()
            r0 = r12
            r1 = 4
            if (r0 < r1) goto L7c
            byte[] r0 = new byte[r1]
            r2 = 0
            r14.read(r0, r2, r1, r2)
            r12 = 4
            short r12 = org.bouncycastle.crypto.tls.TlsUtils.readUint8(r0, r2)
            r3 = r12
            r4 = 1
            r11 = 5
            int r0 = org.bouncycastle.crypto.tls.TlsUtils.readUint24(r0, r4)
            int r5 = r0 + 4
            r11 = 3
            int r6 = r14.available()
            if (r6 >= r5) goto L26
            r11 = 4
            goto L7c
        L26:
            r11 = 1
            short r6 = r9.connection_state
            r11 = 6
            r12 = 16
            r7 = r12
            r12 = 20
            r8 = r12
            if (r6 == r7) goto L36
            r12 = 2
            if (r3 != r8) goto L38
            r11 = 4
        L36:
            r11 = 6
            r2 = r4
        L38:
            r9.checkReceivedChangeCipherSpec(r2)
            r12 = 6
            if (r3 == 0) goto L6f
            r11 = 1
            if (r3 == r8) goto L42
            goto L64
        L42:
            org.bouncycastle.crypto.tls.TlsContext r12 = r9.getContext()
            r2 = r12
            byte[] r6 = r9.expected_verify_data
            if (r6 != 0) goto L64
            r11 = 4
            org.bouncycastle.crypto.tls.SecurityParameters r6 = r2.getSecurityParameters()
            byte[] r12 = r6.getMasterSecret()
            r6 = r12
            if (r6 == 0) goto L64
            boolean r2 = r2.isServer()
            r2 = r2 ^ r4
            r11 = 1
            byte[] r2 = r9.createVerifyData(r2)
            r9.expected_verify_data = r2
            r11 = 4
        L64:
            org.bouncycastle.crypto.tls.RecordStream r2 = r9.recordStream
            r12 = 7
            java.io.OutputStream r11 = r2.getHandshakeHashUpdater()
            r2 = r11
            r14.copyTo(r2, r5)
        L6f:
            r12 = 7
            r14.removeData(r1)
            r12 = 2
            java.io.ByteArrayInputStream r0 = r14.readFrom(r0)
            r9.handleHandshakeMessage(r3, r0)
            goto L1
        L7c:
            return
        */
        throw new UnsupportedOperationException("Method not decompiled: org.bouncycastle.crypto.tls.TlsProtocol.processHandshakeQueue(org.bouncycastle.crypto.tls.ByteQueue):void");
    }

    /* JADX WARN: Unreachable blocks removed: 1, instructions: 1 */
    public static Hashtable readExtensions(ByteArrayInputStream byteArrayInputStream) throws IOException {
        if (byteArrayInputStream.available() < 1) {
            return null;
        }
        byte[] readOpaque16 = TlsUtils.readOpaque16(byteArrayInputStream);
        assertEmpty(byteArrayInputStream);
        ByteArrayInputStream byteArrayInputStream2 = new ByteArrayInputStream(readOpaque16);
        Hashtable hashtable = new Hashtable();
        while (byteArrayInputStream2.available() > 0) {
            if (hashtable.put(Integers.valueOf(TlsUtils.readUint16(byteArrayInputStream2)), TlsUtils.readOpaque16(byteArrayInputStream2)) != null) {
                throw new TlsFatalAlert((short) 47);
            }
        }
        return hashtable;
    }

    public static Vector readSupplementalDataMessage(ByteArrayInputStream byteArrayInputStream) throws IOException {
        byte[] readOpaque24 = TlsUtils.readOpaque24(byteArrayInputStream);
        assertEmpty(byteArrayInputStream);
        ByteArrayInputStream byteArrayInputStream2 = new ByteArrayInputStream(readOpaque24);
        Vector vector = new Vector();
        while (byteArrayInputStream2.available() > 0) {
            vector.addElement(new SupplementalDataEntry(TlsUtils.readUint16(byteArrayInputStream2), TlsUtils.readOpaque16(byteArrayInputStream2)));
        }
        return vector;
    }

    public static void writeExtensions(OutputStream outputStream, Hashtable hashtable) throws IOException {
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        writeSelectedExtensions(byteArrayOutputStream, hashtable, true);
        writeSelectedExtensions(byteArrayOutputStream, hashtable, false);
        TlsUtils.writeOpaque16(byteArrayOutputStream.toByteArray(), outputStream);
    }

    public static void writeSelectedExtensions(OutputStream outputStream, Hashtable hashtable, boolean z11) throws IOException {
        Enumeration keys = hashtable.keys();
        while (keys.hasMoreElements()) {
            Integer num = (Integer) keys.nextElement();
            int intValue = num.intValue();
            byte[] bArr = (byte[]) hashtable.get(num);
            if (z11 == (bArr.length == 0)) {
                TlsUtils.checkUint16(intValue);
                TlsUtils.writeUint16(intValue, outputStream);
                TlsUtils.writeOpaque16(bArr, outputStream);
            }
        }
    }

    public static void writeSupplementalData(OutputStream outputStream, Vector vector) throws IOException {
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        for (int i11 = 0; i11 < vector.size(); i11++) {
            SupplementalDataEntry supplementalDataEntry = (SupplementalDataEntry) vector.elementAt(i11);
            int dataType = supplementalDataEntry.getDataType();
            TlsUtils.checkUint16(dataType);
            TlsUtils.writeUint16(dataType, byteArrayOutputStream);
            TlsUtils.writeOpaque16(supplementalDataEntry.getData(), byteArrayOutputStream);
        }
        TlsUtils.writeOpaque24(byteArrayOutputStream.toByteArray(), outputStream);
    }

    public int applicationDataAvailable() {
        return this.applicationDataQueue.available();
    }

    /* JADX WARN: Unreachable blocks removed: 1, instructions: 1 */
    public void applyMaxFragmentLengthExtension() throws IOException {
        short s11 = this.securityParameters.maxFragmentLength;
        if (s11 >= 0) {
            if (!MaxFragmentLength.isValid(s11)) {
                throw new TlsFatalAlert((short) 80);
            }
            this.recordStream.setPlaintextLimit(1 << (this.securityParameters.maxFragmentLength + 8));
        }
    }

    public void blockForHandshake() throws IOException {
        if (this.blocking) {
            while (this.connection_state != 16) {
                if (this.closed) {
                    throw new TlsFatalAlert((short) 80);
                }
                safeReadRecord();
            }
        }
    }

    public void checkReceivedChangeCipherSpec(boolean z11) throws IOException {
        if (z11 != this.receivedChangeCipherSpec) {
            throw new TlsFatalAlert((short) 10);
        }
    }

    public void cleanupHandshake() {
        byte[] bArr = this.expected_verify_data;
        if (bArr != null) {
            Arrays.fill(bArr, (byte) 0);
            this.expected_verify_data = null;
        }
        this.securityParameters.clear();
        this.peerCertificate = null;
        this.offeredCipherSuites = null;
        this.offeredCompressionMethods = null;
        this.clientExtensions = null;
        this.serverExtensions = null;
        this.resumedSession = false;
        this.receivedChangeCipherSpec = false;
        this.secure_renegotiation = false;
        this.allowCertificateStatus = false;
        this.expectSessionTicket = false;
    }

    public void close() throws IOException {
        handleClose(true);
    }

    /* JADX WARN: Unreachable blocks removed: 3, instructions: 3 */
    public void closeInput() throws IOException {
        if (this.blocking) {
            throw new IllegalStateException("Cannot use closeInput() in blocking mode!");
        }
        if (this.closed) {
            return;
        }
        if (this.inputBuffers.available() > 0) {
            throw new EOFException();
        }
        if (!this.appDataReady) {
            throw new TlsFatalAlert((short) 40);
        }
        throw new TlsNoCloseNotifyException();
    }

    /* JADX WARN: Unreachable blocks removed: 1, instructions: 1 */
    public void completeHandshake() throws IOException {
        try {
            this.connection_state = (short) 16;
            this.alertQueue.shrink();
            this.handshakeQueue.shrink();
            this.recordStream.finaliseHandshake();
            this.appDataSplitEnabled = !TlsUtils.isTLSv11(getContext());
            if (!this.appDataReady) {
                this.appDataReady = true;
                if (this.blocking) {
                    this.tlsInputStream = new TlsInputStream(this);
                    this.tlsOutputStream = new TlsOutputStream(this);
                }
            }
            if (this.tlsSession != null) {
                if (this.sessionParameters == null) {
                    this.sessionParameters = new SessionParameters.Builder().setCipherSuite(this.securityParameters.getCipherSuite()).setCompressionAlgorithm(this.securityParameters.getCompressionAlgorithm()).setMasterSecret(this.securityParameters.getMasterSecret()).setPeerCertificate(this.peerCertificate).setPSKIdentity(this.securityParameters.getPSKIdentity()).setSRPIdentity(this.securityParameters.getSRPIdentity()).setServerExtensions(this.serverExtensions).build();
                    this.tlsSession = new TlsSessionImpl(this.tlsSession.getSessionID(), this.sessionParameters);
                }
                getContextAdmin().setResumableSession(this.tlsSession);
            }
            getPeer().notifyHandshakeComplete();
            cleanupHandshake();
        } catch (Throwable th2) {
            cleanupHandshake();
            throw th2;
        }
    }

    public byte[] createVerifyData(boolean z11) {
        TlsContext context = getContext();
        return TlsUtils.calculateVerifyData(context, z11 ? ExporterLabel.server_finished : ExporterLabel.client_finished, getCurrentPRFHash(context, this.recordStream.getHandshakeHash(), z11 ? TlsUtils.SSL_SERVER : TlsUtils.SSL_CLIENT));
    }

    public void failWithError(short s11, short s12, String str, Throwable th2) throws IOException {
        if (!this.closed) {
            this.closed = true;
            if (s11 == 2) {
                invalidateSession();
                this.failedWithError = true;
            }
            raiseAlert(s11, s12, str, th2);
            this.recordStream.safeClose();
            if (s11 != 2) {
                return;
            }
        }
        throw new IOException(TLS_ERROR_MESSAGE);
    }

    public void flush() throws IOException {
        this.recordStream.flush();
    }

    public int getAvailableInputBytes() {
        if (this.blocking) {
            throw new IllegalStateException("Cannot use getAvailableInputBytes() in blocking mode! Use getInputStream().available() instead.");
        }
        return applicationDataAvailable();
    }

    /* JADX WARN: Unreachable blocks removed: 1, instructions: 1 */
    public int getAvailableOutputBytes() {
        if (this.blocking) {
            throw new IllegalStateException("Cannot use getAvailableOutputBytes() in blocking mode! Use getOutputStream() instead.");
        }
        return this.outputBuffer.getBuffer().available();
    }

    public abstract TlsContext getContext();

    public abstract AbstractTlsContext getContextAdmin();

    public InputStream getInputStream() {
        if (this.blocking) {
            return this.tlsInputStream;
        }
        throw new IllegalStateException("Cannot use InputStream in non-blocking mode! Use offerInput() instead.");
    }

    /* JADX WARN: Unreachable blocks removed: 1, instructions: 1 */
    public OutputStream getOutputStream() {
        if (this.blocking) {
            return this.tlsOutputStream;
        }
        throw new IllegalStateException("Cannot use OutputStream in non-blocking mode! Use offerOutput() instead.");
    }

    public abstract TlsPeer getPeer();

    public void handleChangeCipherSpecMessage() throws IOException {
    }

    public void handleClose(boolean z11) throws IOException {
        if (this.closed) {
            return;
        }
        if (z11 && !this.appDataReady) {
            raiseWarning((short) 90, "User canceled handshake");
        }
        failWithError((short) 1, (short) 0, "Connection closed", null);
    }

    public abstract void handleHandshakeMessage(short s11, ByteArrayInputStream byteArrayInputStream) throws IOException;

    public void handleWarningMessage(short s11) throws IOException {
    }

    public void invalidateSession() {
        SessionParameters sessionParameters = this.sessionParameters;
        if (sessionParameters != null) {
            sessionParameters.clear();
            this.sessionParameters = null;
        }
        TlsSession tlsSession = this.tlsSession;
        if (tlsSession != null) {
            tlsSession.invalidate();
            this.tlsSession = null;
        }
    }

    public boolean isClosed() {
        return this.closed;
    }

    /* JADX WARN: Unreachable blocks removed: 3, instructions: 3 */
    public void offerInput(byte[] bArr) throws IOException {
        if (this.blocking) {
            throw new IllegalStateException("Cannot use offerInput() in blocking mode! Use getInputStream() instead.");
        }
        if (this.closed) {
            throw new IOException("Connection is closed, cannot accept any more input");
        }
        this.inputBuffers.addBytes(bArr);
        while (this.inputBuffers.available() >= 5) {
            byte[] bArr2 = new byte[5];
            this.inputBuffers.peek(bArr2);
            if (this.inputBuffers.available() < TlsUtils.readUint16(bArr2, 3) + 5) {
                safeCheckRecordHeader(bArr2);
                return;
            }
            safeReadRecord();
            if (this.closed) {
                if (this.connection_state != 16) {
                    throw new TlsFatalAlert((short) 80);
                }
                return;
            }
        }
    }

    /* JADX WARN: Unreachable blocks removed: 1, instructions: 1 */
    public void offerOutput(byte[] bArr, int i11, int i12) throws IOException {
        if (this.blocking) {
            throw new IllegalStateException("Cannot use offerOutput() in blocking mode! Use getOutputStream() instead.");
        }
        if (!this.appDataReady) {
            throw new IOException("Application data cannot be sent until the handshake is complete!");
        }
        writeData(bArr, i11, i12);
    }

    /* JADX WARN: Unreachable blocks removed: 1, instructions: 1 */
    public void processFinishedMessage(ByteArrayInputStream byteArrayInputStream) throws IOException {
        byte[] bArr = this.expected_verify_data;
        if (bArr == null) {
            throw new TlsFatalAlert((short) 80);
        }
        byte[] readFully = TlsUtils.readFully(bArr.length, byteArrayInputStream);
        assertEmpty(byteArrayInputStream);
        if (!Arrays.constantTimeAreEqual(this.expected_verify_data, readFully)) {
            throw new TlsFatalAlert((short) 51);
        }
    }

    /* JADX WARN: Code restructure failed: missing block: B:8:0x001b, code lost:
    
        if (r4 == org.bouncycastle.crypto.tls.TlsExtensionsUtils.getMaxFragmentLengthExtension(r6)) goto L14;
     */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public short processMaxFragmentLengthExtension(java.util.Hashtable r6, java.util.Hashtable r7, short r8) throws java.io.IOException {
        /*
            r5 = this;
            r1 = r5
            short r4 = org.bouncycastle.crypto.tls.TlsExtensionsUtils.getMaxFragmentLengthExtension(r7)
            r7 = r4
            if (r7 < 0) goto L26
            r3 = 1
            boolean r0 = org.bouncycastle.crypto.tls.MaxFragmentLength.isValid(r7)
            if (r0 == 0) goto L1e
            r3 = 1
            boolean r0 = r1.resumedSession
            r4 = 6
            if (r0 != 0) goto L26
            r3 = 6
            short r4 = org.bouncycastle.crypto.tls.TlsExtensionsUtils.getMaxFragmentLengthExtension(r6)
            r6 = r4
            if (r7 != r6) goto L1e
            goto L27
        L1e:
            org.bouncycastle.crypto.tls.TlsFatalAlert r6 = new org.bouncycastle.crypto.tls.TlsFatalAlert
            r4 = 7
            r6.<init>(r8)
            r3 = 7
            throw r6
        L26:
            r4 = 2
        L27:
            return r7
        */
        throw new UnsupportedOperationException("Method not decompiled: org.bouncycastle.crypto.tls.TlsProtocol.processMaxFragmentLengthExtension(java.util.Hashtable, java.util.Hashtable, short):short");
    }

    /* JADX WARN: Unreachable blocks removed: 1, instructions: 1 */
    public void processRecord(short s11, byte[] bArr, int i11, int i12) throws IOException {
        switch (s11) {
            case 20:
                processChangeCipherSpec(bArr, i11, i12);
                return;
            case 21:
                this.alertQueue.addData(bArr, i11, i12);
                processAlertQueue();
                return;
            case 22:
                if (this.handshakeQueue.available() > 0) {
                    this.handshakeQueue.addData(bArr, i11, i12);
                    processHandshakeQueue(this.handshakeQueue);
                    return;
                }
                ByteQueue byteQueue = new ByteQueue(bArr, i11, i12);
                processHandshakeQueue(byteQueue);
                int available = byteQueue.available();
                if (available > 0) {
                    this.handshakeQueue.addData(bArr, (i11 + i12) - available, available);
                    return;
                }
                return;
            case 23:
                if (!this.appDataReady) {
                    throw new TlsFatalAlert((short) 10);
                }
                this.applicationDataQueue.addData(bArr, i11, i12);
                processApplicationDataQueue();
                return;
            default:
                throw new TlsFatalAlert((short) 80);
        }
    }

    public void raiseAlert(short s11, short s12, String str, Throwable th2) throws IOException {
        getPeer().notifyAlertRaised(s11, s12, str, th2);
        safeWriteRecord((short) 21, new byte[]{(byte) s11, (byte) s12}, 0, 2);
    }

    public void raiseWarning(short s11, String str) throws IOException {
        raiseAlert((short) 1, s11, str, null);
    }

    /* JADX WARN: Unreachable blocks removed: 1, instructions: 1 */
    public int readApplicationData(byte[] bArr, int i11, int i12) throws IOException {
        if (i12 < 1) {
            return 0;
        }
        while (this.applicationDataQueue.available() == 0) {
            if (this.closed) {
                if (this.failedWithError) {
                    throw new IOException(TLS_ERROR_MESSAGE);
                }
                return -1;
            }
            safeReadRecord();
        }
        int min = Math.min(i12, this.applicationDataQueue.available());
        this.applicationDataQueue.removeData(bArr, i11, min, 0);
        return min;
    }

    /* JADX WARN: Unreachable blocks removed: 2, instructions: 2 */
    public int readInput(byte[] bArr, int i11, int i12) {
        if (this.blocking) {
            throw new IllegalStateException("Cannot use readInput() in blocking mode! Use getInputStream() instead.");
        }
        try {
            return readApplicationData(bArr, i11, Math.min(i12, applicationDataAvailable()));
        } catch (IOException e11) {
            throw new RuntimeException(e11.toString());
        }
    }

    /* JADX WARN: Unreachable blocks removed: 1, instructions: 1 */
    public int readOutput(byte[] bArr, int i11, int i12) {
        if (this.blocking) {
            throw new IllegalStateException("Cannot use readOutput() in blocking mode! Use getOutputStream() instead.");
        }
        int min = Math.min(getAvailableOutputBytes(), i12);
        this.outputBuffer.getBuffer().removeData(bArr, i11, min, 0);
        return min;
    }

    /* JADX WARN: Unreachable blocks removed: 1, instructions: 1 */
    public void refuseRenegotiation() throws IOException {
        if (TlsUtils.isSSL(getContext())) {
            throw new TlsFatalAlert((short) 40);
        }
        raiseWarning((short) 100, "Renegotiation not supported");
    }

    /* JADX WARN: Unreachable blocks removed: 3, instructions: 3 */
    public void safeCheckRecordHeader(byte[] bArr) throws IOException {
        try {
            this.recordStream.checkRecordHeader(bArr);
        } catch (RuntimeException e11) {
            failWithError((short) 2, (short) 80, "Failed to read record", e11);
            throw e11;
        } catch (TlsFatalAlert e12) {
            failWithError((short) 2, e12.getAlertDescription(), "Failed to read record", e12);
            throw e12;
        } catch (IOException e13) {
            failWithError((short) 2, (short) 80, "Failed to read record", e13);
            throw e13;
        }
    }

    /* JADX WARN: Unreachable blocks removed: 3, instructions: 3 */
    public void safeReadRecord() throws IOException {
        try {
            if (this.recordStream.readRecord()) {
                return;
            }
            if (!this.appDataReady) {
                throw new TlsFatalAlert((short) 40);
            }
            throw new TlsNoCloseNotifyException();
        } catch (TlsFatalAlert e11) {
            if (!this.closed) {
                failWithError((short) 2, e11.getAlertDescription(), "Failed to read record", e11);
            }
            throw e11;
        } catch (IOException e12) {
            if (!this.closed) {
                failWithError((short) 2, (short) 80, "Failed to read record", e12);
            }
            throw e12;
        } catch (RuntimeException e13) {
            if (!this.closed) {
                failWithError((short) 2, (short) 80, "Failed to read record", e13);
            }
            throw e13;
        }
    }

    /* JADX WARN: Unreachable blocks removed: 2, instructions: 2 */
    public void safeWriteRecord(short s11, byte[] bArr, int i11, int i12) throws IOException {
        try {
            this.recordStream.writeRecord(s11, bArr, i11, i12);
        } catch (IOException e11) {
            if (!this.closed) {
                failWithError((short) 2, (short) 80, "Failed to write record", e11);
            }
            throw e11;
        } catch (RuntimeException e12) {
            if (!this.closed) {
                failWithError((short) 2, (short) 80, "Failed to write record", e12);
            }
            throw e12;
        } catch (TlsFatalAlert e13) {
            if (!this.closed) {
                failWithError((short) 2, e13.getAlertDescription(), "Failed to write record", e13);
            }
            throw e13;
        }
    }

    public void sendCertificateMessage(Certificate certificate) throws IOException {
        if (certificate == null) {
            certificate = Certificate.EMPTY_CHAIN;
        }
        if (certificate.isEmpty() && !getContext().isServer()) {
            ProtocolVersion serverVersion = getContext().getServerVersion();
            if (serverVersion.isSSL()) {
                raiseWarning((short) 41, serverVersion.toString() + " client didn't provide credentials");
                return;
            }
        }
        HandshakeMessage handshakeMessage = new HandshakeMessage(this, (short) 11);
        certificate.encode(handshakeMessage);
        handshakeMessage.writeToRecordStream();
    }

    public void sendChangeCipherSpecMessage() throws IOException {
        safeWriteRecord((short) 20, new byte[]{1}, 0, 1);
        this.recordStream.sentWriteCipherSpec();
    }

    public void sendFinishedMessage() throws IOException {
        byte[] createVerifyData = createVerifyData(getContext().isServer());
        HandshakeMessage handshakeMessage = new HandshakeMessage((short) 20, createVerifyData.length);
        handshakeMessage.write(createVerifyData);
        handshakeMessage.writeToRecordStream();
    }

    public void sendSupplementalDataMessage(Vector vector) throws IOException {
        HandshakeMessage handshakeMessage = new HandshakeMessage(this, (short) 23);
        writeSupplementalData(handshakeMessage, vector);
        handshakeMessage.writeToRecordStream();
    }

    /* JADX WARN: Unreachable blocks removed: 1, instructions: 1 */
    public void setAppDataSplitMode(int i11) {
        if (i11 >= 0 && i11 <= 2) {
            this.appDataSplitMode = i11;
            return;
        }
        throw new IllegalArgumentException("Illegal appDataSplitMode mode: " + i11);
    }

    public void writeData(byte[] bArr, int i11, int i12) throws IOException {
        if (this.closed) {
            if (!this.failedWithError) {
                throw new IOException("Sorry, connection has been closed, you cannot write more data");
            }
            throw new IOException(TLS_ERROR_MESSAGE);
        }
        while (i12 > 0) {
            if (this.appDataSplitEnabled) {
                int i13 = this.appDataSplitMode;
                if (i13 != 1) {
                    if (i13 != 2) {
                        safeWriteRecord((short) 23, bArr, i11, 1);
                        i11++;
                        i12--;
                    } else {
                        this.appDataSplitEnabled = false;
                    }
                }
                safeWriteRecord((short) 23, TlsUtils.EMPTY_BYTES, 0, 0);
            }
            if (i12 > 0) {
                int min = Math.min(i12, this.recordStream.getPlaintextLimit());
                safeWriteRecord((short) 23, bArr, i11, min);
                i11 += min;
                i12 -= min;
            }
        }
    }

    public void writeHandshakeMessage(byte[] bArr, int i11, int i12) throws IOException {
        if (i12 < 4) {
            throw new TlsFatalAlert((short) 80);
        }
        if (TlsUtils.readUint8(bArr, i11) != 0) {
            this.recordStream.getHandshakeHashUpdater().write(bArr, i11, i12);
        }
        int i13 = 0;
        do {
            int min = Math.min(i12 - i13, this.recordStream.getPlaintextLimit());
            safeWriteRecord((short) 22, bArr, i11 + i13, min);
            i13 += min;
        } while (i13 < i12);
    }
}
