package org.spongycastle.crypto.tls;

import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.io.OutputStream;
import java.security.SecureRandom;
import java.util.Enumeration;
import java.util.Hashtable;
import java.util.Vector;
import org.spongycastle.crypto.tls.SessionParameters;
import org.spongycastle.crypto.tls.g;
import org.spongycastle.util.Arrays;

/* loaded from: classes2.dex */
public class DTLSClientProtocol extends DTLSProtocol {

    /* JADX INFO: Access modifiers changed from: protected */
    /* loaded from: classes2.dex */
    public static class ClientHandshakeState {
        TlsClient a = null;
        m b = null;
        TlsSession c = null;
        SessionParameters d = null;
        SessionParameters.Builder e = null;
        int[] f = null;
        short[] g = null;
        Hashtable h = null;
        Hashtable i = null;
        byte[] j = null;
        boolean k = false;
        boolean l = false;
        boolean m = false;
        boolean n = false;
        TlsKeyExchange o = null;
        TlsAuthentication p = null;
        CertificateStatus q = null;
        CertificateRequest r = null;
        TlsCredentials s = null;

        protected ClientHandshakeState() {
        }
    }

    public DTLSClientProtocol(SecureRandom secureRandom) {
        super(secureRandom);
    }

    protected static byte[] b(byte[] bArr, byte[] bArr2) {
        int e = 35 + TlsUtils.e(bArr, 34);
        int i = e + 1;
        byte[] bArr3 = new byte[bArr.length + bArr2.length];
        System.arraycopy(bArr, 0, bArr3, 0, e);
        TlsUtils.c(bArr2.length);
        TlsUtils.c(bArr2.length, bArr3, e);
        System.arraycopy(bArr2, 0, bArr3, i, bArr2.length);
        System.arraycopy(bArr, i, bArr3, bArr2.length + i, bArr.length - i);
        return bArr3;
    }

    protected DTLSTransport a(ClientHandshakeState clientHandshakeState, f fVar) {
        g.b bVar;
        Certificate certificate;
        SecurityParameters g = clientHandshakeState.b.g();
        g gVar = new g(clientHandshakeState.b, fVar);
        byte[] a = a(clientHandshakeState, clientHandshakeState.a);
        fVar.b(ProtocolVersion.g);
        gVar.a((short) 1, a);
        g.b e = gVar.e();
        while (e.c() == 3) {
            if (!fVar.c().b(clientHandshakeState.b.b())) {
                throw new TlsFatalAlert((short) 47);
            }
            fVar.a((ProtocolVersion) null);
            byte[] b = b(a, c(clientHandshakeState, e.a()));
            gVar.f();
            gVar.a((short) 1, b);
            e = gVar.e();
        }
        if (e.c() != 2) {
            throw new TlsFatalAlert((short) 10);
        }
        ProtocolVersion c = fVar.c();
        a(clientHandshakeState, c);
        fVar.b(c);
        f(clientHandshakeState, e.a());
        gVar.c();
        DTLSProtocol.a(fVar, g.l);
        if (clientHandshakeState.k) {
            g.f = Arrays.a(clientHandshakeState.d.e());
            fVar.a(clientHandshakeState.a.w());
            m mVar = clientHandshakeState.b;
            a(gVar.a((short) 20), TlsUtils.a(mVar, ExporterLabel.b, TlsProtocol.a(mVar, gVar.b(), (byte[]) null)));
            m mVar2 = clientHandshakeState.b;
            gVar.a((short) 20, TlsUtils.a(mVar2, ExporterLabel.a, TlsProtocol.a(mVar2, gVar.b(), (byte[]) null)));
            gVar.a();
            clientHandshakeState.b.a(clientHandshakeState.c);
            clientHandshakeState.a.k();
            return new DTLSTransport(fVar);
        }
        b(clientHandshakeState);
        byte[] bArr = clientHandshakeState.j;
        if (bArr.length > 0) {
            clientHandshakeState.c = new q(bArr, null);
        }
        g.b e2 = gVar.e();
        if (e2.c() == 23) {
            h(clientHandshakeState, e2.a());
            e2 = gVar.e();
        } else {
            clientHandshakeState.a.b((Vector) null);
        }
        TlsKeyExchange c2 = clientHandshakeState.a.c();
        clientHandshakeState.o = c2;
        c2.a(clientHandshakeState.b);
        if (e2.c() == 11) {
            certificate = e(clientHandshakeState, e2.a());
            bVar = gVar.e();
        } else {
            clientHandshakeState.o.f();
            bVar = e2;
            certificate = null;
        }
        if (certificate == null || certificate.d()) {
            clientHandshakeState.m = false;
        }
        if (bVar.c() == 22) {
            b(clientHandshakeState, bVar.a());
            bVar = gVar.e();
        }
        if (bVar.c() == 12) {
            g(clientHandshakeState, bVar.a());
            bVar = gVar.e();
        } else {
            clientHandshakeState.o.d();
        }
        if (bVar.c() == 13) {
            a(clientHandshakeState, bVar.a());
            TlsUtils.a(gVar.b(), clientHandshakeState.r.c());
            bVar = gVar.e();
        }
        if (bVar.c() != 14) {
            throw new TlsFatalAlert((short) 10);
        }
        if (bVar.a().length != 0) {
            throw new TlsFatalAlert((short) 50);
        }
        gVar.b().g();
        Vector f = clientHandshakeState.a.f();
        if (f != null) {
            gVar.a((short) 23, DTLSProtocol.a(f));
        }
        CertificateRequest certificateRequest = clientHandshakeState.r;
        if (certificateRequest != null) {
            TlsCredentials a2 = clientHandshakeState.p.a(certificateRequest);
            clientHandshakeState.s = a2;
            Certificate a3 = a2 != null ? a2.a() : null;
            if (a3 == null) {
                a3 = Certificate.b;
            }
            gVar.a((short) 11, DTLSProtocol.a(a3));
        }
        TlsCredentials tlsCredentials = clientHandshakeState.s;
        if (tlsCredentials != null) {
            clientHandshakeState.o.a(tlsCredentials);
        } else {
            clientHandshakeState.o.b();
        }
        gVar.a((short) 16, a(clientHandshakeState));
        TlsHandshakeHash d = gVar.d();
        g.i = TlsProtocol.a(clientHandshakeState.b, d, (byte[]) null);
        TlsProtocol.a(clientHandshakeState.b, clientHandshakeState.o);
        fVar.a(clientHandshakeState.a.w());
        TlsCredentials tlsCredentials2 = clientHandshakeState.s;
        if (tlsCredentials2 != null && (tlsCredentials2 instanceof TlsSignerCredentials)) {
            TlsSignerCredentials tlsSignerCredentials = (TlsSignerCredentials) tlsCredentials2;
            SignatureAndHashAlgorithm a4 = TlsUtils.a(clientHandshakeState.b, tlsSignerCredentials);
            gVar.a((short) 15, a(clientHandshakeState, new DigitallySigned(a4, tlsSignerCredentials.b(a4 == null ? g.l() : d.b(a4.a())))));
        }
        m mVar3 = clientHandshakeState.b;
        gVar.a((short) 20, TlsUtils.a(mVar3, ExporterLabel.a, TlsProtocol.a(mVar3, gVar.b(), (byte[]) null)));
        if (clientHandshakeState.n) {
            g.b e3 = gVar.e();
            if (e3.c() != 4) {
                throw new TlsFatalAlert((short) 10);
            }
            d(clientHandshakeState, e3.a());
        }
        m mVar4 = clientHandshakeState.b;
        a(gVar.a((short) 20), TlsUtils.a(mVar4, ExporterLabel.b, TlsProtocol.a(mVar4, gVar.b(), (byte[]) null)));
        gVar.a();
        if (clientHandshakeState.c != null) {
            clientHandshakeState.d = new SessionParameters.Builder().a(g.b()).a(g.d()).a(g.f()).a(certificate).b(g.g()).d(g.j()).a(clientHandshakeState.i).a();
            TlsSession a5 = TlsUtils.a(clientHandshakeState.c.a(), clientHandshakeState.d);
            clientHandshakeState.c = a5;
            clientHandshakeState.b.a(a5);
        }
        clientHandshakeState.a.k();
        return new DTLSTransport(fVar);
    }

    public DTLSTransport a(TlsClient tlsClient, DatagramTransport datagramTransport) {
        SessionParameters c;
        if (tlsClient == null) {
            throw new IllegalArgumentException("'client' cannot be null");
        }
        if (datagramTransport == null) {
            throw new IllegalArgumentException("'transport' cannot be null");
        }
        SecurityParameters securityParameters = new SecurityParameters();
        securityParameters.a = 1;
        ClientHandshakeState clientHandshakeState = new ClientHandshakeState();
        clientHandshakeState.a = tlsClient;
        clientHandshakeState.b = new m(this.a, securityParameters);
        securityParameters.g = TlsProtocol.a(tlsClient.u(), clientHandshakeState.b.f());
        tlsClient.a(clientHandshakeState.b);
        f fVar = new f(datagramTransport, clientHandshakeState.b, tlsClient, (short) 22);
        TlsSession j = clientHandshakeState.a.j();
        if (j != null && j.b() && (c = j.c()) != null) {
            clientHandshakeState.c = j;
            clientHandshakeState.d = c;
        }
        try {
            return a(clientHandshakeState, fVar);
        } catch (TlsFatalAlert e) {
            fVar.a(e.getAlertDescription());
            throw e;
        } catch (IOException e2) {
            fVar.a((short) 80);
            throw e2;
        } catch (RuntimeException e3) {
            fVar.a((short) 80);
            throw new TlsFatalAlert((short) 80, e3);
        }
    }

    protected void a(ClientHandshakeState clientHandshakeState, ProtocolVersion protocolVersion) {
        m mVar = clientHandshakeState.b;
        ProtocolVersion a = mVar.a();
        if (a == null) {
            mVar.b(protocolVersion);
            clientHandshakeState.a.a(protocolVersion);
        } else if (!a.a(protocolVersion)) {
            throw new TlsFatalAlert((short) 47);
        }
    }

    protected void a(ClientHandshakeState clientHandshakeState, byte[] bArr) {
        if (clientHandshakeState.p == null) {
            throw new TlsFatalAlert((short) 40);
        }
        ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(bArr);
        clientHandshakeState.r = CertificateRequest.a(clientHandshakeState.b, byteArrayInputStream);
        TlsProtocol.b(byteArrayInputStream);
        clientHandshakeState.o.a(clientHandshakeState.r);
    }

    protected byte[] a(ClientHandshakeState clientHandshakeState) {
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        clientHandshakeState.o.a(byteArrayOutputStream);
        return byteArrayOutputStream.toByteArray();
    }

    protected byte[] a(ClientHandshakeState clientHandshakeState, DigitallySigned digitallySigned) {
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        digitallySigned.a(byteArrayOutputStream);
        return byteArrayOutputStream.toByteArray();
    }

    protected byte[] a(ClientHandshakeState clientHandshakeState, TlsClient tlsClient) {
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        ProtocolVersion b = tlsClient.b();
        if (!b.e()) {
            throw new TlsFatalAlert((short) 80);
        }
        m mVar = clientHandshakeState.b;
        mVar.a(b);
        TlsUtils.a(b, byteArrayOutputStream);
        byteArrayOutputStream.write(mVar.g().c());
        byte[] bArr = TlsUtils.a;
        TlsSession tlsSession = clientHandshakeState.c;
        if (tlsSession != null && ((bArr = tlsSession.a()) == null || bArr.length > 32)) {
            bArr = TlsUtils.a;
        }
        TlsUtils.c(bArr, byteArrayOutputStream);
        TlsUtils.c(TlsUtils.a, byteArrayOutputStream);
        boolean d = tlsClient.d();
        clientHandshakeState.f = tlsClient.t();
        Hashtable v = tlsClient.v();
        clientHandshakeState.h = v;
        boolean z = TlsUtils.a(v, TlsProtocol.D) == null;
        boolean z2 = !Arrays.b(clientHandshakeState.f, 255);
        if (z && z2) {
            clientHandshakeState.f = Arrays.a(clientHandshakeState.f, 255);
        }
        if (d && !Arrays.b(clientHandshakeState.f, CipherSuite.j4)) {
            clientHandshakeState.f = Arrays.a(clientHandshakeState.f, CipherSuite.j4);
        }
        TlsUtils.b(clientHandshakeState.f, byteArrayOutputStream);
        short[] sArr = {0};
        clientHandshakeState.g = sArr;
        TlsUtils.b(sArr, (OutputStream) byteArrayOutputStream);
        Hashtable hashtable = clientHandshakeState.h;
        if (hashtable != null) {
            TlsProtocol.a(byteArrayOutputStream, hashtable);
        }
        return byteArrayOutputStream.toByteArray();
    }

    protected void b(ClientHandshakeState clientHandshakeState) {
        SessionParameters sessionParameters = clientHandshakeState.d;
        if (sessionParameters != null) {
            sessionParameters.a();
            clientHandshakeState.d = null;
        }
        TlsSession tlsSession = clientHandshakeState.c;
        if (tlsSession != null) {
            tlsSession.d();
            clientHandshakeState.c = null;
        }
    }

    protected void b(ClientHandshakeState clientHandshakeState, byte[] bArr) {
        if (!clientHandshakeState.m) {
            throw new TlsFatalAlert((short) 10);
        }
        ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(bArr);
        clientHandshakeState.q = CertificateStatus.a(byteArrayInputStream);
        TlsProtocol.b(byteArrayInputStream);
    }

    protected byte[] c(ClientHandshakeState clientHandshakeState, byte[] bArr) {
        ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(bArr);
        ProtocolVersion i = TlsUtils.i(byteArrayInputStream);
        byte[] c = TlsUtils.c(byteArrayInputStream);
        TlsProtocol.b(byteArrayInputStream);
        if (!i.b(clientHandshakeState.b.b())) {
            throw new TlsFatalAlert((short) 47);
        }
        if (ProtocolVersion.h.b(i) || c.length <= 32) {
            return c;
        }
        throw new TlsFatalAlert((short) 47);
    }

    protected void d(ClientHandshakeState clientHandshakeState, byte[] bArr) {
        ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(bArr);
        NewSessionTicket a = NewSessionTicket.a(byteArrayInputStream);
        TlsProtocol.b(byteArrayInputStream);
        clientHandshakeState.a.a(a);
    }

    protected Certificate e(ClientHandshakeState clientHandshakeState, byte[] bArr) {
        ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(bArr);
        Certificate a = Certificate.a(byteArrayInputStream);
        TlsProtocol.b(byteArrayInputStream);
        clientHandshakeState.o.b(a);
        TlsAuthentication l = clientHandshakeState.a.l();
        clientHandshakeState.p = l;
        l.a(a);
        return a;
    }

    protected void f(ClientHandshakeState clientHandshakeState, byte[] bArr) {
        TlsSession tlsSession;
        SecurityParameters g = clientHandshakeState.b.g();
        ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(bArr);
        a(clientHandshakeState, TlsUtils.i(byteArrayInputStream));
        g.h = TlsUtils.b(32, byteArrayInputStream);
        byte[] c = TlsUtils.c(byteArrayInputStream);
        clientHandshakeState.j = c;
        if (c.length > 32) {
            throw new TlsFatalAlert((short) 47);
        }
        clientHandshakeState.a.a(c);
        byte[] bArr2 = clientHandshakeState.j;
        boolean z = false;
        clientHandshakeState.k = bArr2.length > 0 && (tlsSession = clientHandshakeState.c) != null && Arrays.a(bArr2, tlsSession.a());
        int d = TlsUtils.d(byteArrayInputStream);
        if (!Arrays.b(clientHandshakeState.f, d) || d == 0 || CipherSuite.a(d) || !TlsUtils.a(d, clientHandshakeState.b.a())) {
            throw new TlsFatalAlert((short) 47);
        }
        DTLSProtocol.a(d, (short) 47);
        clientHandshakeState.a.a(d);
        short h = TlsUtils.h(byteArrayInputStream);
        if (!Arrays.b(clientHandshakeState.g, h)) {
            throw new TlsFatalAlert((short) 47);
        }
        clientHandshakeState.a.a(h);
        Hashtable c2 = TlsProtocol.c(byteArrayInputStream);
        clientHandshakeState.i = c2;
        if (c2 != null) {
            Enumeration keys = c2.keys();
            while (keys.hasMoreElements()) {
                Integer num = (Integer) keys.nextElement();
                if (!num.equals(TlsProtocol.D)) {
                    if (TlsUtils.a(clientHandshakeState.h, num) == null) {
                        throw new TlsFatalAlert(AlertDescription.y);
                    }
                    boolean z2 = clientHandshakeState.k;
                }
            }
        }
        byte[] a = TlsUtils.a(clientHandshakeState.i, TlsProtocol.D);
        if (a != null) {
            clientHandshakeState.l = true;
            if (!Arrays.d(a, TlsProtocol.b(TlsUtils.a))) {
                throw new TlsFatalAlert((short) 40);
            }
        }
        clientHandshakeState.a.b(clientHandshakeState.l);
        Hashtable hashtable = clientHandshakeState.h;
        Hashtable hashtable2 = clientHandshakeState.i;
        if (clientHandshakeState.k) {
            if (d != clientHandshakeState.d.c() || h != clientHandshakeState.d.d()) {
                throw new TlsFatalAlert((short) 47);
            }
            hashtable = null;
            hashtable2 = clientHandshakeState.d.j();
        }
        g.b = d;
        g.c = h;
        if (hashtable2 != null) {
            boolean i = TlsExtensionsUtils.i(hashtable2);
            if (i && !TlsUtils.l(g.b())) {
                throw new TlsFatalAlert((short) 47);
            }
            g.n = i;
            g.o = TlsExtensionsUtils.j(hashtable2);
            g.l = DTLSProtocol.a(clientHandshakeState.k, hashtable, hashtable2, (short) 47);
            g.m = TlsExtensionsUtils.k(hashtable2);
            clientHandshakeState.m = !clientHandshakeState.k && TlsUtils.a(hashtable2, TlsExtensionsUtils.f, (short) 47);
            if (!clientHandshakeState.k && TlsUtils.a(hashtable2, TlsProtocol.E, (short) 47)) {
                z = true;
            }
            clientHandshakeState.n = z;
        }
        if (hashtable != null) {
            clientHandshakeState.a.a(hashtable2);
        }
        g.d = TlsProtocol.a(clientHandshakeState.b, g.b());
        g.e = 12;
    }

    protected void g(ClientHandshakeState clientHandshakeState, byte[] bArr) {
        ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(bArr);
        clientHandshakeState.o.a(byteArrayInputStream);
        TlsProtocol.b(byteArrayInputStream);
    }

    protected void h(ClientHandshakeState clientHandshakeState, byte[] bArr) {
        clientHandshakeState.a.b(TlsProtocol.d(new ByteArrayInputStream(bArr)));
    }
}
