package org.spongycastle.crypto.tls;

import java.io.ByteArrayInputStream;
import java.io.InputStream;
import java.io.OutputStream;
import java.security.SecureRandom;
import java.util.Enumeration;
import java.util.Hashtable;
import java.util.Vector;
import org.spongycastle.crypto.tls.TlsProtocol;
import org.spongycastle.util.Arrays;

/* loaded from: classes9.dex */
public class TlsClientProtocol extends TlsProtocol {
    public CertificateRequest A;

    /* renamed from: v, reason: collision with root package name */
    public TlsClient f28619v;

    /* renamed from: w, reason: collision with root package name */
    public TlsClientContextImpl f28620w;

    /* renamed from: x, reason: collision with root package name */
    public byte[] f28621x;

    /* renamed from: y, reason: collision with root package name */
    public TlsKeyExchange f28622y;

    /* renamed from: z, reason: collision with root package name */
    public TlsAuthentication f28623z;

    public TlsClientProtocol(InputStream inputStream, OutputStream outputStream, SecureRandom secureRandom) {
        super(inputStream, outputStream, secureRandom);
        this.f28619v = null;
        this.f28620w = null;
        this.f28621x = null;
        this.f28622y = null;
        this.f28623z = null;
        this.A = null;
    }

    public TlsClientProtocol(SecureRandom secureRandom) {
        super(secureRandom);
        this.f28619v = null;
        this.f28620w = null;
        this.f28621x = null;
        this.f28622y = null;
        this.f28623z = null;
        this.A = null;
    }

    public void U(Vector vector) {
        this.f28619v.processServerSupplementalData(vector);
        this.f28686k = (short) 3;
        TlsKeyExchange keyExchange = this.f28619v.getKeyExchange();
        this.f28622y = keyExchange;
        keyExchange.init(m());
    }

    public void V(ByteArrayInputStream byteArrayInputStream) {
        NewSessionTicket parse = NewSessionTicket.parse(byteArrayInputStream);
        TlsProtocol.c(byteArrayInputStream);
        this.f28619v.notifyNewSessionTicket(parse);
    }

    public void W(ByteArrayInputStream byteArrayInputStream) {
        TlsSession tlsSession;
        ProtocolVersion readVersion = TlsUtils.readVersion(byteArrayInputStream);
        if (readVersion.isDTLS()) {
            throw new TlsFatalAlert((short) 47);
        }
        if (!readVersion.equals(this.f28676a.i())) {
            throw new TlsFatalAlert((short) 47);
        }
        if (!readVersion.isEqualOrEarlierVersionOf(m().getClientVersion())) {
            throw new TlsFatalAlert((short) 47);
        }
        this.f28676a.u(readVersion);
        n().c(readVersion);
        this.f28619v.notifyServerVersion(readVersion);
        this.f28680e.f28580h = TlsUtils.readFully(32, byteArrayInputStream);
        byte[] readOpaque8 = TlsUtils.readOpaque8(byteArrayInputStream);
        this.f28621x = readOpaque8;
        if (readOpaque8.length > 32) {
            throw new TlsFatalAlert((short) 47);
        }
        this.f28619v.notifySessionID(readOpaque8);
        byte[] bArr = this.f28621x;
        boolean z8 = false;
        this.f28687l = bArr.length > 0 && (tlsSession = this.f28678c) != null && Arrays.areEqual(bArr, tlsSession.getSessionID());
        int readUint16 = TlsUtils.readUint16(byteArrayInputStream);
        if (!Arrays.contains(this.f28682g, readUint16) || readUint16 == 0 || CipherSuite.isSCSV(readUint16) || !TlsUtils.isValidCipherSuiteForVersion(readUint16, m().getServerVersion())) {
            throw new TlsFatalAlert((short) 47);
        }
        this.f28619v.notifySelectedCipherSuite(readUint16);
        short readUint8 = TlsUtils.readUint8(byteArrayInputStream);
        if (!Arrays.contains(this.f28683h, readUint8)) {
            throw new TlsFatalAlert((short) 47);
        }
        this.f28619v.notifySelectedCompressionMethod(readUint8);
        Hashtable F = TlsProtocol.F(byteArrayInputStream);
        this.f28685j = F;
        if (F != null) {
            Enumeration keys = F.keys();
            while (keys.hasMoreElements()) {
                Integer num = (Integer) keys.nextElement();
                if (!num.equals(TlsProtocol.f28674t) && TlsUtils.getExtensionData(this.f28684i, num) == null) {
                    throw new TlsFatalAlert(AlertDescription.unsupported_extension);
                }
            }
        }
        byte[] extensionData = TlsUtils.getExtensionData(this.f28685j, TlsProtocol.f28674t);
        if (extensionData != null) {
            this.f28689n = true;
            if (!Arrays.constantTimeAreEqual(extensionData, TlsProtocol.i(TlsUtils.EMPTY_BYTES))) {
                throw new TlsFatalAlert((short) 40);
            }
        }
        this.f28619v.notifySecureRenegotiation(this.f28689n);
        Hashtable hashtable = this.f28684i;
        Hashtable hashtable2 = this.f28685j;
        if (this.f28687l) {
            if (readUint16 != this.f28679d.getCipherSuite() || readUint8 != this.f28679d.getCompressionAlgorithm()) {
                throw new TlsFatalAlert((short) 47);
            }
            hashtable = null;
            hashtable2 = this.f28679d.readServerExtensions();
        }
        SecurityParameters securityParameters = this.f28680e;
        securityParameters.f28574b = readUint16;
        securityParameters.f28575c = readUint8;
        if (hashtable2 != null) {
            boolean hasEncryptThenMACExtension = TlsExtensionsUtils.hasEncryptThenMACExtension(hashtable2);
            if (hasEncryptThenMACExtension && !TlsUtils.isBlockCipherSuite(readUint16)) {
                throw new TlsFatalAlert((short) 47);
            }
            SecurityParameters securityParameters2 = this.f28680e;
            securityParameters2.f28586n = hasEncryptThenMACExtension;
            securityParameters2.f28587o = TlsExtensionsUtils.hasExtendedMasterSecretExtension(hashtable2);
            this.f28680e.f28584l = A(hashtable, hashtable2, (short) 47);
            this.f28680e.f28585m = TlsExtensionsUtils.hasTruncatedHMacExtension(hashtable2);
            this.f28690o = !this.f28687l && TlsUtils.hasExpectedEmptyExtensionData(hashtable2, TlsExtensionsUtils.EXT_status_request, (short) 47);
            if (!this.f28687l && TlsUtils.hasExpectedEmptyExtensionData(hashtable2, TlsProtocol.f28675u, (short) 47)) {
                z8 = true;
            }
            this.f28691p = z8;
        }
        if (hashtable != null) {
            this.f28619v.processServerExtensions(hashtable2);
        }
        this.f28680e.f28576d = TlsProtocol.p(m(), this.f28680e.getCipherSuite());
        this.f28680e.f28577e = 12;
    }

    public void X(DigitallySigned digitallySigned) {
        TlsProtocol.HandshakeMessage handshakeMessage = new TlsProtocol.HandshakeMessage(this, (short) 15);
        digitallySigned.encode(handshakeMessage);
        handshakeMessage.a();
    }

    public void Y() {
        byte[] bArr;
        SessionParameters sessionParameters;
        this.f28676a.u(this.f28619v.getClientHelloRecordLayerVersion());
        ProtocolVersion clientVersion = this.f28619v.getClientVersion();
        if (clientVersion.isDTLS()) {
            throw new TlsFatalAlert((short) 80);
        }
        n().a(clientVersion);
        byte[] bArr2 = TlsUtils.EMPTY_BYTES;
        TlsSession tlsSession = this.f28678c;
        if (tlsSession == null || (bArr = tlsSession.getSessionID()) == null || bArr.length > 32) {
            bArr = bArr2;
        }
        boolean isFallback = this.f28619v.isFallback();
        this.f28682g = this.f28619v.getCipherSuites();
        this.f28683h = this.f28619v.getCompressionMethods();
        if (bArr.length <= 0 || (sessionParameters = this.f28679d) == null || (Arrays.contains(this.f28682g, sessionParameters.getCipherSuite()) && Arrays.contains(this.f28683h, this.f28679d.getCompressionAlgorithm()))) {
            bArr2 = bArr;
        }
        this.f28684i = this.f28619v.getClientExtensions();
        TlsProtocol.HandshakeMessage handshakeMessage = new TlsProtocol.HandshakeMessage(this, (short) 1);
        TlsUtils.writeVersion(clientVersion, handshakeMessage);
        handshakeMessage.write(this.f28680e.getClientRandom());
        TlsUtils.writeOpaque8(bArr2, handshakeMessage);
        boolean z8 = TlsUtils.getExtensionData(this.f28684i, TlsProtocol.f28674t) == null;
        boolean z9 = !Arrays.contains(this.f28682g, 255);
        if (z8 && z9) {
            this.f28682g = Arrays.append(this.f28682g, 255);
        }
        if (isFallback && !Arrays.contains(this.f28682g, CipherSuite.TLS_FALLBACK_SCSV)) {
            this.f28682g = Arrays.append(this.f28682g, CipherSuite.TLS_FALLBACK_SCSV);
        }
        TlsUtils.writeUint16ArrayWithUint16Length(this.f28682g, handshakeMessage);
        TlsUtils.writeUint8ArrayWithUint8Length(this.f28683h, handshakeMessage);
        Hashtable hashtable = this.f28684i;
        if (hashtable != null) {
            TlsProtocol.Q(handshakeMessage, hashtable);
        }
        handshakeMessage.a();
    }

    public void Z() {
        TlsProtocol.HandshakeMessage handshakeMessage = new TlsProtocol.HandshakeMessage(this, (short) 16);
        this.f28622y.generateClientKeyExchange(handshakeMessage);
        handshakeMessage.a();
    }

    public void connect(TlsClient tlsClient) {
        SessionParameters exportSessionParameters;
        if (tlsClient == null) {
            throw new IllegalArgumentException("'tlsClient' cannot be null");
        }
        if (this.f28619v != null) {
            throw new IllegalStateException("'connect' can only be called once");
        }
        this.f28619v = tlsClient;
        SecurityParameters securityParameters = new SecurityParameters();
        this.f28680e = securityParameters;
        securityParameters.f28573a = 1;
        this.f28620w = new TlsClientContextImpl(this.f28677b, this.f28680e);
        this.f28680e.f28579g = TlsProtocol.h(tlsClient.shouldUseGMTUnixTime(), this.f28620w.getNonceRandomGenerator());
        this.f28619v.init(this.f28620w);
        this.f28676a.j(this.f28620w);
        TlsSession sessionToResume = tlsClient.getSessionToResume();
        if (sessionToResume != null && sessionToResume.isResumable() && (exportSessionParameters = sessionToResume.exportSessionParameters()) != null) {
            this.f28678c = sessionToResume;
            this.f28679d = exportSessionParameters;
        }
        Y();
        this.f28686k = (short) 1;
        d();
    }

    @Override // org.spongycastle.crypto.tls.TlsProtocol
    public void f() {
        super.f();
        this.f28621x = null;
        this.f28622y = null;
        this.f28623z = null;
        this.A = null;
    }

    @Override // org.spongycastle.crypto.tls.TlsProtocol
    public TlsContext m() {
        return this.f28620w;
    }

    @Override // org.spongycastle.crypto.tls.TlsProtocol
    public AbstractTlsContext n() {
        return this.f28620w;
    }

    @Override // org.spongycastle.crypto.tls.TlsProtocol
    public TlsPeer q() {
        return this.f28619v;
    }

    /* JADX WARN: Failed to find 'out' block for switch in B:26:0x0049. Please report as an issue. */
    @Override // org.spongycastle.crypto.tls.TlsProtocol
    public void x(short s3, ByteArrayInputStream byteArrayInputStream) {
        TlsCredentials clientCredentials;
        if (this.f28687l) {
            if (s3 != 20 || this.f28686k != 2) {
                throw new TlsFatalAlert((short) 10);
            }
            z(byteArrayInputStream);
            this.f28686k = (short) 15;
            N();
            this.f28686k = (short) 13;
            g();
            return;
        }
        if (s3 == 0) {
            TlsProtocol.c(byteArrayInputStream);
            if (this.f28686k == 16) {
                H();
                return;
            }
            return;
        }
        if (s3 == 2) {
            if (this.f28686k != 1) {
                throw new TlsFatalAlert((short) 10);
            }
            W(byteArrayInputStream);
            this.f28686k = (short) 2;
            this.f28676a.k();
            b();
            if (this.f28687l) {
                this.f28680e.f28578f = Arrays.clone(this.f28679d.getMasterSecret());
                this.f28676a.q(q().getCompression(), q().getCipher());
                M();
                return;
            } else {
                y();
                byte[] bArr = this.f28621x;
                if (bArr.length > 0) {
                    this.f28678c = new TlsSessionImpl(bArr, null);
                    return;
                }
                return;
            }
        }
        if (s3 == 4) {
            if (this.f28686k != 13) {
                throw new TlsFatalAlert((short) 10);
            }
            if (!this.f28691p) {
                throw new TlsFatalAlert((short) 10);
            }
            y();
            V(byteArrayInputStream);
            this.f28686k = (short) 14;
            return;
        }
        if (s3 == 20) {
            short s8 = this.f28686k;
            if (s8 != 13) {
                if (s8 != 14) {
                    throw new TlsFatalAlert((short) 10);
                }
            } else if (this.f28691p) {
                throw new TlsFatalAlert((short) 10);
            }
            z(byteArrayInputStream);
            this.f28686k = (short) 15;
            g();
            return;
        }
        if (s3 == 22) {
            if (this.f28686k != 4) {
                throw new TlsFatalAlert((short) 10);
            }
            if (!this.f28690o) {
                throw new TlsFatalAlert((short) 10);
            }
            CertificateStatus.parse(byteArrayInputStream);
            TlsProtocol.c(byteArrayInputStream);
            this.f28686k = (short) 5;
            return;
        }
        if (s3 == 23) {
            if (this.f28686k != 2) {
                throw new TlsFatalAlert((short) 10);
            }
            U(TlsProtocol.G(byteArrayInputStream));
            return;
        }
        switch (s3) {
            case 11:
                short s9 = this.f28686k;
                if (s9 == 2) {
                    U(null);
                } else if (s9 != 3) {
                    throw new TlsFatalAlert((short) 10);
                }
                this.f28681f = Certificate.parse(byteArrayInputStream);
                TlsProtocol.c(byteArrayInputStream);
                Certificate certificate = this.f28681f;
                if (certificate == null || certificate.isEmpty()) {
                    this.f28690o = false;
                }
                this.f28622y.processServerCertificate(this.f28681f);
                TlsAuthentication authentication = this.f28619v.getAuthentication();
                this.f28623z = authentication;
                authentication.notifyServerCertificate(this.f28681f);
                this.f28686k = (short) 4;
                return;
            case 12:
                short s10 = this.f28686k;
                if (s10 == 2) {
                    U(null);
                } else if (s10 != 3) {
                    if (s10 != 4 && s10 != 5) {
                        throw new TlsFatalAlert((short) 10);
                    }
                    this.f28622y.processServerKeyExchange(byteArrayInputStream);
                    TlsProtocol.c(byteArrayInputStream);
                    this.f28686k = (short) 6;
                    return;
                }
                this.f28622y.skipServerCredentials();
                this.f28623z = null;
                this.f28622y.processServerKeyExchange(byteArrayInputStream);
                TlsProtocol.c(byteArrayInputStream);
                this.f28686k = (short) 6;
                return;
            case 13:
                short s11 = this.f28686k;
                if (s11 == 4 || s11 == 5) {
                    this.f28622y.skipServerKeyExchange();
                } else if (s11 != 6) {
                    throw new TlsFatalAlert((short) 10);
                }
                if (this.f28623z == null) {
                    throw new TlsFatalAlert((short) 40);
                }
                this.A = CertificateRequest.parse(m(), byteArrayInputStream);
                TlsProtocol.c(byteArrayInputStream);
                this.f28622y.validateCertificateRequest(this.A);
                TlsUtils.j(this.f28676a.f(), this.A.getSupportedSignatureAlgorithms());
                this.f28686k = (short) 7;
                return;
            case 14:
                switch (this.f28686k) {
                    case 2:
                        U(null);
                    case 3:
                        this.f28622y.skipServerCredentials();
                        this.f28623z = null;
                    case 4:
                    case 5:
                        this.f28622y.skipServerKeyExchange();
                    case 6:
                    case 7:
                        TlsProtocol.c(byteArrayInputStream);
                        this.f28686k = (short) 8;
                        this.f28676a.f().sealHashAlgorithms();
                        Vector clientSupplementalData = this.f28619v.getClientSupplementalData();
                        if (clientSupplementalData != null) {
                            O(clientSupplementalData);
                        }
                        this.f28686k = (short) 9;
                        CertificateRequest certificateRequest = this.A;
                        if (certificateRequest == null) {
                            this.f28622y.skipClientCredentials();
                            clientCredentials = null;
                        } else {
                            clientCredentials = this.f28623z.getClientCredentials(certificateRequest);
                            if (clientCredentials == null) {
                                this.f28622y.skipClientCredentials();
                                L(Certificate.EMPTY_CHAIN);
                            } else {
                                this.f28622y.processClientCredentials(clientCredentials);
                                L(clientCredentials.getCertificate());
                            }
                        }
                        this.f28686k = (short) 10;
                        Z();
                        this.f28686k = (short) 11;
                        if (TlsUtils.isSSL(m())) {
                            TlsProtocol.k(m(), this.f28622y);
                        }
                        TlsHandshakeHash l9 = this.f28676a.l();
                        this.f28680e.f28581i = TlsProtocol.o(m(), l9, null);
                        if (!TlsUtils.isSSL(m())) {
                            TlsProtocol.k(m(), this.f28622y);
                        }
                        this.f28676a.q(q().getCompression(), q().getCipher());
                        if (clientCredentials != null && (clientCredentials instanceof TlsSignerCredentials)) {
                            TlsSignerCredentials tlsSignerCredentials = (TlsSignerCredentials) clientCredentials;
                            SignatureAndHashAlgorithm signatureAndHashAlgorithm = TlsUtils.getSignatureAndHashAlgorithm(m(), tlsSignerCredentials);
                            X(new DigitallySigned(signatureAndHashAlgorithm, tlsSignerCredentials.generateCertificateSignature(signatureAndHashAlgorithm == null ? this.f28680e.getSessionHash() : l9.getFinalHash(signatureAndHashAlgorithm.getHash()))));
                            this.f28686k = (short) 12;
                        }
                        M();
                        N();
                        this.f28686k = (short) 13;
                        return;
                    default:
                        throw new TlsFatalAlert((short) 10);
                }
                break;
            default:
                throw new TlsFatalAlert((short) 10);
        }
    }
}
