package org.bouncycastle.tls;

import java.io.ByteArrayInputStream;
import java.io.EOFException;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.math.BigInteger;
import java.util.Arrays;
import java.util.Hashtable;
import java.util.Vector;
import org.bouncycastle.asn1.ASN1Integer;
import org.bouncycastle.asn1.ASN1ObjectIdentifier;
import org.bouncycastle.asn1.ASN1OctetString;
import org.bouncycastle.asn1.ASN1Primitive;
import org.bouncycastle.asn1.ASN1Sequence;
import org.bouncycastle.tls.OfferedPsks;
import org.bouncycastle.tls.crypto.TlsAgreement;
import org.bouncycastle.tls.crypto.TlsCertificate;
import org.bouncycastle.tls.crypto.TlsCrypto;
import org.bouncycastle.tls.crypto.TlsCryptoUtils;
import org.bouncycastle.tls.crypto.TlsHashOutputStream;
import org.bouncycastle.tls.crypto.TlsSecret;
import org.bouncycastle.tls.crypto.impl.jcajce.JcaTlsCertificate;
import org.bouncycastle.tls.crypto.impl.jcajce.JcaTlsCrypto;
import org.bouncycastle.tls.crypto.impl.jcajce.JcaTlsHash;
import org.bouncycastle.tls.crypto.impl.jcajce.JceTlsSecret;

/* loaded from: classes4.dex */
public class TlsClientProtocol extends TlsProtocol {
    public TlsClient F;
    public TlsClientContextImpl G;
    public Hashtable H;
    public OfferedPsks.BindersConfig I;
    public ClientHello J;
    public AbstractTlsKeyExchange K;
    public TlsAuthentication L;
    public CertificateStatus M;
    public CertificateRequest N;

    public TlsClientProtocol() {
        this.F = null;
        this.G = null;
        this.H = null;
        this.I = null;
        this.J = null;
        this.K = null;
        this.L = null;
        this.M = null;
        this.N = null;
    }

    public TlsClientProtocol(InputStream inputStream, OutputStream outputStream) {
        super(inputStream, outputStream);
        this.F = null;
        this.G = null;
        this.H = null;
        this.I = null;
        this.J = null;
        this.K = null;
        this.L = null;
        this.M = null;
        this.N = null;
    }

    public static ServerHello j0(ByteArrayInputStream byteArrayInputStream) throws IOException {
        byte[] bArr = TlsUtils.f23559a;
        int read = byteArrayInputStream.read();
        int read2 = byteArrayInputStream.read();
        if (read2 < 0) {
            throw new EOFException();
        }
        ProtocolVersion c9 = ProtocolVersion.c(read, read2);
        byte[] e0 = TlsUtils.e0(32, byteArrayInputStream);
        byte[] i0 = TlsUtils.i0(byteArrayInputStream, 32);
        int k0 = TlsUtils.k0(byteArrayInputStream);
        if (TlsUtils.n0(byteArrayInputStream) == 0) {
            return new ServerHello(c9, e0, i0, k0, TlsProtocol.L(byteArrayInputStream));
        }
        throw new TlsFatalAlert((short) 47, null, null);
    }

    /* JADX WARN: Code restructure failed: missing block: B:14:0x008d, code lost:
    
        if (r2.length <= 32) goto L34;
     */
    /* JADX WARN: Code restructure failed: missing block: B:164:0x033a, code lost:
    
        if (r6 == false) goto L170;
     */
    /* JADX WARN: Removed duplicated region for block: B:254:0x0581  */
    /* JADX WARN: Removed duplicated region for block: B:257:0x0583  */
    /* JADX WARN: Removed duplicated region for block: B:297:0x0051  */
    /* JADX WARN: Removed duplicated region for block: B:298:0x059b  */
    @Override // org.bouncycastle.tls.TlsProtocol
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public final void c(boolean r23) throws java.io.IOException {
        /*
            Method dump skipped, instructions count: 1458
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: org.bouncycastle.tls.TlsClientProtocol.c(boolean):void");
    }

    @Override // org.bouncycastle.tls.TlsProtocol
    public final void e() {
        super.e();
        this.H = null;
        this.I = null;
        this.J = null;
        this.K = null;
        this.L = null;
        this.M = null;
        this.N = null;
    }

    public final void e0(TlsClient tlsClient) throws IOException {
        if (this.F != null) {
            throw new IllegalStateException("'connect' can only be called once");
        }
        this.F = tlsClient;
        TlsClientContextImpl tlsClientContextImpl = new TlsClientContextImpl(tlsClient.j());
        this.G = tlsClientContextImpl;
        AbstractTlsClient abstractTlsClient = (AbstractTlsClient) tlsClient;
        abstractTlsClient.f23377a = tlsClientContextImpl;
        abstractTlsClient.b = abstractTlsClient.H();
        abstractTlsClient.f23378c = abstractTlsClient.G();
        c(false);
        if (this.A) {
            d();
        }
    }

    public final void f0() throws IOException {
        TlsClientContextImpl tlsClientContextImpl = this.G;
        CertificateStatus certificateStatus = this.M;
        AbstractTlsKeyExchange abstractTlsKeyExchange = this.K;
        TlsAuthentication tlsAuthentication = this.L;
        Hashtable hashtable = this.f23546t;
        Hashtable hashtable2 = this.f23547u;
        byte[] bArr = TlsUtils.f23559a;
        SecurityParameters c9 = tlsClientContextImpl.c();
        boolean R = TlsUtils.R(c9.M);
        if (tlsAuthentication == null) {
            if (R) {
                throw new TlsFatalAlert((short) 80, null, null);
            }
            if (c9.b) {
                throw new TlsFatalAlert((short) 40, null, null);
            }
            abstractTlsKeyExchange.m();
            return;
        }
        Certificate certificate = c9.L;
        TlsCertificate c10 = certificate.c(0);
        ASN1ObjectIdentifier aSN1ObjectIdentifier = TlsObjectIdentifiers.f23529a;
        JcaTlsCertificate jcaTlsCertificate = (JcaTlsCertificate) c10;
        jcaTlsCertificate.getClass();
        byte[] extensionValue = jcaTlsCertificate.b.getExtensionValue(aSN1ObjectIdentifier.f22593d);
        byte[] bArr2 = extensionValue == null ? null : ((ASN1OctetString) ASN1Primitive.o(extensionValue)).f22595d;
        if (bArr2 != null) {
            ASN1Sequence aSN1Sequence = (ASN1Sequence) TlsUtils.d0(bArr2);
            for (int i7 = 0; i7 < aSN1Sequence.size(); i7++) {
                if (!(aSN1Sequence.v(i7) instanceof ASN1Integer)) {
                    throw new TlsFatalAlert((short) 42, null, null);
                }
            }
            TlsUtils.r0(aSN1Sequence, bArr2);
            for (int i9 = 0; i9 < aSN1Sequence.size(); i9++) {
                ASN1Integer aSN1Integer = (ASN1Integer) aSN1Sequence.v(i9);
                aSN1Integer.getClass();
                BigInteger bigInteger = new BigInteger(1, aSN1Integer.f22590d);
                if (bigInteger.bitLength() <= 16) {
                    Integer valueOf = Integer.valueOf(bigInteger.intValue());
                    if (hashtable.containsKey(valueOf) && !hashtable2.containsKey(valueOf)) {
                        throw new TlsFatalAlert((short) 46, null, null);
                    }
                }
            }
        }
        if (!R) {
            abstractTlsKeyExchange.i(certificate);
        }
        tlsAuthentication.b(new TlsServerCertificateImpl(certificate, certificateStatus));
    }

    /* JADX WARN: Failed to find 'out' block for switch in B:15:0x0033. Please report as an issue. */
    /* JADX WARN: Multi-variable type inference failed */
    public final void g0(Vector vector) throws IOException {
        AbstractTlsKeyExchange tlsRSAKeyExchange;
        AbstractTlsKeyExchange tlsDHEKeyExchange;
        ((AbstractTlsClient) this.F).getClass();
        if (vector != null) {
            throw new TlsFatalAlert((short) 10, null, null);
        }
        this.v = (short) 6;
        TlsClientContextImpl tlsClientContextImpl = this.G;
        TlsClient tlsClient = this.F;
        byte[] bArr = TlsUtils.f23559a;
        int i7 = tlsClientContextImpl.c().J;
        ((AbstractTlsPeer) tlsClient).getClass();
        if (i7 != 1) {
            if (i7 == 3 || i7 == 5) {
                tlsDHEKeyExchange = new TlsDHEKeyExchange(i7, tlsClient.E(), null);
            } else if (i7 == 7 || i7 == 9) {
                tlsRSAKeyExchange = new TlsDHKeyExchange(i7);
            } else if (i7 != 11) {
                switch (i7) {
                    case 13:
                    case 15:
                    case 24:
                        tlsRSAKeyExchange = new TlsPSKKeyExchange(i7, null, null, null);
                        break;
                    case 14:
                        tlsDHEKeyExchange = new TlsPSKKeyExchange(i7, tlsClient.E(), null, null);
                        break;
                    case 16:
                    case 18:
                        tlsRSAKeyExchange = new TlsECDHKeyExchange(i7);
                        break;
                    case 17:
                    case 19:
                        tlsRSAKeyExchange = new TlsECDHEKeyExchange(i7, null);
                        break;
                    case 20:
                        tlsRSAKeyExchange = new TlsECDHanonKeyExchange(i7, null);
                        break;
                    case 21:
                    case 22:
                    case 23:
                        tlsRSAKeyExchange = new TlsSRPKeyExchange(i7, new DefaultTlsSRPConfigVerifier());
                        break;
                    default:
                        throw new TlsFatalAlert((short) 80, null, null);
                }
            } else {
                tlsDHEKeyExchange = new TlsDHanonKeyExchange(i7, tlsClient.E(), null);
            }
            tlsRSAKeyExchange = tlsDHEKeyExchange;
        } else {
            tlsRSAKeyExchange = new TlsRSAKeyExchange(i7);
        }
        tlsRSAKeyExchange.b = tlsClientContextImpl;
        this.K = tlsRSAKeyExchange;
    }

    public final void h0(ServerHello serverHello, boolean z8) throws IOException {
        TlsSecret tlsSecret;
        KeyShareEntry keyShareEntry;
        JceTlsSecret c9;
        SecurityParameters c10 = this.G.c();
        if (!ProtocolVersion.f.b(serverHello.f23475a) || !Arrays.equals(this.J.f23411c, serverHello.f23476c)) {
            throw new TlsFatalAlert((short) 47, null, null);
        }
        Hashtable hashtable = serverHello.e;
        if (hashtable == null) {
            throw new TlsFatalAlert((short) 47, null, null);
        }
        TlsUtils.g(hashtable, 2, (short) 47);
        int i7 = serverHello.f23477d;
        if (z8) {
            ProtocolVersion m9 = TlsExtensionsUtils.m(hashtable);
            if (m9 == null) {
                throw new TlsFatalAlert((short) 109, null, null);
            }
            if (!c10.M.b(m9) || c10.f23461d != i7) {
                throw new TlsFatalAlert((short) 47, null, null);
            }
        } else {
            if (!TlsUtils.T(i7, this.J.e) || !TlsUtils.X(i7, c10.M)) {
                throw new TlsFatalAlert((short) 47, null, null);
            }
            this.w = false;
            byte[] bArr = TlsUtils.f23561d;
            c10.f23471u = bArr;
            this.F.t(bArr);
            TlsUtils.Y(c10, i7);
            this.F.x(i7);
        }
        this.J = null;
        c10.f23469s = serverHello.b;
        c10.f23460c = false;
        c10.f23473y = true;
        c10.N = this.f23546t.containsKey(TlsExtensionsUtils.p) ? 1 : 0;
        byte[] C = TlsUtils.C(hashtable, TlsExtensionsUtils.f23521k);
        int o8 = C == null ? -1 : TlsUtils.o(C);
        if (o8 >= 0) {
            OfferedPsks.BindersConfig bindersConfig = this.I;
            if (bindersConfig != null) {
                TlsPSK[] tlsPSKArr = bindersConfig.f23431a;
                if (o8 < tlsPSKArr.length) {
                    if (tlsPSKArr[o8].a() != c10.f) {
                        throw new TlsFatalAlert((short) 47, null, null);
                    }
                    tlsSecret = this.I.f23432c[o8];
                    this.f23548x = true;
                }
            }
            throw new TlsFatalAlert((short) 47, null, null);
        }
        tlsSecret = null;
        this.F.getClass();
        byte[] C2 = TlsUtils.C(hashtable, TlsExtensionsUtils.f23519h);
        if (C2 == null) {
            keyShareEntry = null;
        } else {
            ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(C2);
            keyShareEntry = new KeyShareEntry(TlsUtils.k0(byteArrayInputStream), TlsUtils.f0(byteArrayInputStream));
            TlsProtocol.b(byteArrayInputStream);
        }
        if (keyShareEntry == null) {
            if (z8 || tlsSecret == null || !org.bouncycastle.util.Arrays.f(this.I.b, (short) 0)) {
                throw new TlsFatalAlert((short) 47, null, null);
            }
            c9 = null;
        } else {
            if (tlsSecret != null && !org.bouncycastle.util.Arrays.f(this.I.b, (short) 1)) {
                throw new TlsFatalAlert((short) 47, null, null);
            }
            TlsAgreement tlsAgreement = (TlsAgreement) this.H.get(Integer.valueOf(keyShareEntry.f23427a));
            if (tlsAgreement == null) {
                throw new TlsFatalAlert((short) 47, null, null);
            }
            tlsAgreement.b(keyShareEntry.b);
            c9 = tlsAgreement.c();
        }
        this.H = null;
        this.I = null;
        TlsUtils.t(this.G, tlsSecret, c9);
        y();
        this.f23543o = new TlsSessionImpl(c10.f23471u, null);
    }

    public final void i0(boolean z8) throws IOException {
        byte[] z9 = TlsUtils.z(this.f23538g);
        TlsClientContextImpl tlsClientContextImpl = this.G;
        RecordStream recordStream = this.f23537d;
        SecurityParameters c9 = tlsClientContextImpl.c();
        TlsUtils.u(tlsClientContextImpl, z9, c9.n, "c hs traffic", "s hs traffic", recordStream);
        c9.j = c9.p;
        c9.f23465k = c9.f23468q;
        if (!z8) {
            recordStream.n = true;
            X();
        }
        recordStream.e();
        recordStream.d(false);
    }

    public final void k0() throws IOException {
        HandshakeMessageOutput handshakeMessageOutput = new HandshakeMessageOutput((short) 1);
        ClientHello clientHello = this.J;
        int i7 = clientHello.f23413g;
        if (i7 < 0) {
            throw new TlsFatalAlert((short) 80, null, null);
        }
        ProtocolVersion protocolVersion = clientHello.f23410a;
        handshakeMessageOutput.write(protocolVersion.f23442a >> 8);
        handshakeMessageOutput.write(protocolVersion.f23442a & 255);
        handshakeMessageOutput.write(clientHello.b);
        TlsUtils.C0(handshakeMessageOutput, clientHello.f23411c);
        byte[] bArr = clientHello.f23412d;
        if (bArr != null) {
            TlsUtils.C0(handshakeMessageOutput, bArr);
        }
        int[] iArr = clientHello.e;
        int length = iArr.length * 2;
        TlsUtils.h(length);
        handshakeMessageOutput.write(length >>> 8);
        handshakeMessageOutput.write(length);
        int i9 = 0;
        for (int i10 : iArr) {
            handshakeMessageOutput.write(i10 >>> 8);
            handshakeMessageOutput.write(i10);
        }
        TlsUtils.j(1);
        handshakeMessageOutput.write(1);
        handshakeMessageOutput.write(new short[]{0}[0]);
        TlsProtocol.a0(handshakeMessageOutput, clientHello.f, i7);
        handshakeMessageOutput.a(this.f23538g, this.J.f23413g);
        OfferedPsks.BindersConfig bindersConfig = this.I;
        if (bindersConfig != null) {
            TlsCrypto tlsCrypto = this.G.f23380a;
            TlsHandshakeHash tlsHandshakeHash = this.f23538g;
            int i11 = bindersConfig.f23433d - 2;
            TlsUtils.h(i11);
            handshakeMessageOutput.write(i11 >>> 8);
            handshakeMessageOutput.write(i11);
            int i12 = 0;
            while (true) {
                TlsPSK[] tlsPSKArr = bindersConfig.f23431a;
                if (i9 < tlsPSKArr.length) {
                    TlsPSK tlsPSK = tlsPSKArr[i9];
                    TlsSecret tlsSecret = bindersConfig.f23432c[i9];
                    int b = TlsCryptoUtils.b(tlsPSK.a());
                    JcaTlsCrypto jcaTlsCrypto = (JcaTlsCrypto) tlsCrypto;
                    JcaTlsHash i13 = jcaTlsCrypto.i(b);
                    TlsHashOutputStream tlsHashOutputStream = new TlsHashOutputStream(i13);
                    DigestInputBuffer digestInputBuffer = ((DeferredHash) tlsHandshakeHash).b;
                    if (digestInputBuffer == null) {
                        throw new IllegalStateException("Not buffering");
                    }
                    digestInputBuffer.a(tlsHashOutputStream);
                    byte[] b9 = i13.b();
                    int c9 = TlsCryptoUtils.c(b);
                    JceTlsSecret q4 = TlsUtils.q(b, c9, "ext binder", tlsSecret, jcaTlsCrypto.i(b).b());
                    try {
                        byte[] d9 = TlsUtils.d(b, c9, q4, b9);
                        q4.b();
                        i12 += d9.length + 1;
                        TlsUtils.C0(handshakeMessageOutput, d9);
                        i9++;
                    } catch (Throwable th) {
                        q4.b();
                        throw th;
                    }
                } else if (i11 != i12) {
                    throw new TlsFatalAlert((short) 80, null, null);
                }
            }
        }
        handshakeMessageOutput.e(this, this.f23538g, this.J.f23413g);
    }

    @Override // org.bouncycastle.tls.TlsProtocol
    public final TlsContext o() {
        return this.G;
    }

    @Override // org.bouncycastle.tls.TlsProtocol
    public final AbstractTlsContext p() {
        return this.G;
    }

    @Override // org.bouncycastle.tls.TlsProtocol
    public final TlsPeer q() {
        return this.F;
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Removed duplicated region for block: B:217:0x03d7  */
    /* JADX WARN: Removed duplicated region for block: B:219:0x0419  */
    /* JADX WARN: Removed duplicated region for block: B:222:0x0426  */
    /* JADX WARN: Removed duplicated region for block: B:262:0x0437  */
    /* JADX WARN: Removed duplicated region for block: B:263:0x0515  */
    /* JADX WARN: Removed duplicated region for block: B:265:0x041c  */
    /* JADX WARN: Removed duplicated region for block: B:266:0x03df  */
    /* JADX WARN: Removed duplicated region for block: B:278:0x051d  */
    /* JADX WARN: Removed duplicated region for block: B:337:0x0609  */
    /* JADX WARN: Removed duplicated region for block: B:42:0x0090  */
    @Override // org.bouncycastle.tls.TlsProtocol
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public final void w(short r19, org.bouncycastle.tls.HandshakeMessageInput r20) throws java.io.IOException {
        /*
            Method dump skipped, instructions count: 3428
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: org.bouncycastle.tls.TlsClientProtocol.w(short, org.bouncycastle.tls.HandshakeMessageInput):void");
    }
}
