package org.bouncycastle.tls;

import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.util.Enumeration;
import java.util.Hashtable;
import org.bouncycastle.tls.SessionParameters;
import org.bouncycastle.tls.crypto.TlsSecret;
import org.bouncycastle.util.Arrays;

/* loaded from: classes20.dex */
public class DTLSClientProtocol extends DTLSProtocol {

    /* JADX INFO: Access modifiers changed from: protected */
    /* loaded from: classes20.dex */
    public static class ClientHandshakeState {
        TlsClient client = null;
        TlsClientContextImpl clientContext = null;
        TlsSession tlsSession = null;
        SessionParameters sessionParameters = null;
        TlsSecret sessionMasterSecret = null;
        SessionParameters.Builder sessionParametersBuilder = null;
        int[] offeredCipherSuites = null;
        Hashtable clientExtensions = null;
        Hashtable serverExtensions = null;
        boolean resumedSession = false;
        boolean allowCertificateStatus = false;
        boolean expectSessionTicket = false;
        Hashtable clientAgreements = null;
        TlsKeyExchange keyExchange = null;
        TlsAuthentication authentication = null;
        CertificateStatus certificateStatus = null;
        CertificateRequest certificateRequest = null;
        TlsCredentials clientCredentials = null;
        TlsHeartbeat heartbeat = null;
        short heartbeatPolicy = 2;

        protected ClientHandshakeState() {
        }
    }

    protected static byte[] patchClientHelloWithCookie(byte[] bArr, byte[] bArr2) throws IOException {
        int readUint8 = 35 + TlsUtils.readUint8(bArr, 34);
        int i = readUint8 + 1;
        byte[] bArr3 = new byte[bArr.length + bArr2.length];
        System.arraycopy(bArr, 0, bArr3, 0, readUint8);
        TlsUtils.checkUint8(bArr2.length);
        TlsUtils.writeUint8(bArr2.length, bArr3, readUint8);
        System.arraycopy(bArr2, 0, bArr3, i, bArr2.length);
        System.arraycopy(bArr, i, bArr3, bArr2.length + i, bArr.length - i);
        return bArr3;
    }

    protected void abortClientHandshake(ClientHandshakeState clientHandshakeState, DTLSRecordLayer dTLSRecordLayer, short s) {
        dTLSRecordLayer.fail(s);
        invalidateSession(clientHandshakeState);
    }

    /* JADX WARN: Removed duplicated region for block: B:59:0x020a  */
    /* JADX WARN: Removed duplicated region for block: B:62:0x023b  */
    /* JADX WARN: Removed duplicated region for block: B:65:0x0266  */
    /* JADX WARN: Removed duplicated region for block: B:72:0x0325  */
    /* JADX WARN: Removed duplicated region for block: B:75:0x0327  */
    /* JADX WARN: Removed duplicated region for block: B:76:0x020c  */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    protected org.bouncycastle.tls.DTLSTransport clientHandshake(org.bouncycastle.tls.DTLSClientProtocol.ClientHandshakeState r22, org.bouncycastle.tls.DTLSRecordLayer r23) throws java.io.IOException {
        /*
            Method dump skipped, instructions count: 841
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: org.bouncycastle.tls.DTLSClientProtocol.clientHandshake(org.bouncycastle.tls.DTLSClientProtocol$ClientHandshakeState, org.bouncycastle.tls.DTLSRecordLayer):org.bouncycastle.tls.DTLSTransport");
    }

    public DTLSTransport connect(TlsClient tlsClient, DatagramTransport datagramTransport) throws IOException {
        SessionParameters exportSessionParameters;
        if (tlsClient == null) {
            throw new IllegalArgumentException("'client' cannot be null");
        }
        if (datagramTransport == null) {
            throw new IllegalArgumentException("'transport' cannot be null");
        }
        ClientHandshakeState clientHandshakeState = new ClientHandshakeState();
        clientHandshakeState.client = tlsClient;
        clientHandshakeState.clientContext = new TlsClientContextImpl(tlsClient.getCrypto());
        tlsClient.init(clientHandshakeState.clientContext);
        clientHandshakeState.clientContext.handshakeBeginning(tlsClient);
        SecurityParameters securityParametersHandshake = clientHandshakeState.clientContext.getSecurityParametersHandshake();
        securityParametersHandshake.extendedPadding = tlsClient.shouldUseExtendedPadding();
        TlsSession sessionToResume = clientHandshakeState.client.getSessionToResume();
        if (sessionToResume != null && sessionToResume.isResumable() && (exportSessionParameters = sessionToResume.exportSessionParameters()) != null && (exportSessionParameters.isExtendedMasterSecret() || (!clientHandshakeState.client.requiresExtendedMasterSecret() && clientHandshakeState.client.allowLegacyResumption()))) {
            TlsSecret masterSecret = exportSessionParameters.getMasterSecret();
            synchronized (masterSecret) {
                if (masterSecret.isAlive()) {
                    clientHandshakeState.tlsSession = sessionToResume;
                    clientHandshakeState.sessionParameters = exportSessionParameters;
                    clientHandshakeState.sessionMasterSecret = clientHandshakeState.clientContext.getCrypto().adoptSecret(masterSecret);
                }
            }
        }
        DTLSRecordLayer dTLSRecordLayer = new DTLSRecordLayer(clientHandshakeState.clientContext, clientHandshakeState.client, datagramTransport);
        tlsClient.notifyCloseHandle(dTLSRecordLayer);
        try {
            try {
                return clientHandshake(clientHandshakeState, dTLSRecordLayer);
            } catch (RuntimeException e) {
                abortClientHandshake(clientHandshakeState, dTLSRecordLayer, (short) 80);
                throw new TlsFatalAlert((short) 80, e);
            } catch (TlsFatalAlert e2) {
                abortClientHandshake(clientHandshakeState, dTLSRecordLayer, e2.getAlertDescription());
                throw e2;
            } catch (IOException e3) {
                abortClientHandshake(clientHandshakeState, dTLSRecordLayer, (short) 80);
                throw e3;
            }
        } finally {
            securityParametersHandshake.clear();
        }
    }

    protected byte[] generateCertificateVerify(ClientHandshakeState clientHandshakeState, DigitallySigned digitallySigned) throws IOException {
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        digitallySigned.encode(byteArrayOutputStream);
        return byteArrayOutputStream.toByteArray();
    }

    protected byte[] generateClientHello(ClientHandshakeState clientHandshakeState) throws IOException {
        ProtocolVersion protocolVersion;
        TlsClientContextImpl tlsClientContextImpl = clientHandshakeState.clientContext;
        SecurityParameters securityParametersHandshake = tlsClientContextImpl.getSecurityParametersHandshake();
        tlsClientContextImpl.setClientSupportedVersions(clientHandshakeState.client.getProtocolVersions());
        ProtocolVersion latestDTLS = ProtocolVersion.getLatestDTLS(tlsClientContextImpl.getClientSupportedVersions());
        if (!ProtocolVersion.isSupportedDTLSVersion(latestDTLS)) {
            throw new TlsFatalAlert((short) 80);
        }
        tlsClientContextImpl.setClientVersion(latestDTLS);
        byte[] sessionID = TlsUtils.getSessionID(clientHandshakeState.tlsSession);
        boolean isFallback = clientHandshakeState.client.isFallback();
        clientHandshakeState.offeredCipherSuites = clientHandshakeState.client.getCipherSuites();
        if (sessionID.length > 0 && clientHandshakeState.sessionParameters != null && (!Arrays.contains(clientHandshakeState.offeredCipherSuites, clientHandshakeState.sessionParameters.getCipherSuite()) || clientHandshakeState.sessionParameters.getCompressionAlgorithm() != 0)) {
            sessionID = TlsUtils.EMPTY_BYTES;
        }
        byte[] bArr = sessionID;
        clientHandshakeState.clientExtensions = TlsExtensionsUtils.ensureExtensionsInitialised(clientHandshakeState.client.getClientExtensions());
        if (latestDTLS.isLaterVersionOf(ProtocolVersion.DTLSv12)) {
            ProtocolVersion protocolVersion2 = ProtocolVersion.DTLSv12;
            TlsExtensionsUtils.addSupportedVersionsExtensionClient(clientHandshakeState.clientExtensions, tlsClientContextImpl.getClientSupportedVersions());
            protocolVersion = protocolVersion2;
        } else {
            protocolVersion = latestDTLS;
        }
        tlsClientContextImpl.setRSAPreMasterSecretVersion(protocolVersion);
        securityParametersHandshake.clientServerNames = TlsExtensionsUtils.getServerNameExtensionClient(clientHandshakeState.clientExtensions);
        if (TlsUtils.isSignatureAlgorithmsExtensionAllowed(latestDTLS)) {
            TlsUtils.establishClientSigAlgs(securityParametersHandshake, clientHandshakeState.clientExtensions);
        }
        securityParametersHandshake.clientSupportedGroups = TlsExtensionsUtils.getSupportedGroupsExtension(clientHandshakeState.clientExtensions);
        clientHandshakeState.clientAgreements = TlsUtils.addEarlyKeySharesToClientHello(clientHandshakeState.clientContext, clientHandshakeState.client, clientHandshakeState.clientExtensions);
        if (clientHandshakeState.client.shouldUseExtendedMasterSecret()) {
            TlsExtensionsUtils.addExtendedMasterSecretExtension(clientHandshakeState.clientExtensions);
        } else if (clientHandshakeState.client.requiresExtendedMasterSecret()) {
            throw new TlsFatalAlert((short) 80);
        }
        securityParametersHandshake.clientRandom = TlsProtocol.createRandomBlock(clientHandshakeState.client.shouldUseGMTUnixTime(), clientHandshakeState.clientContext);
        boolean z = TlsUtils.getExtensionData(clientHandshakeState.clientExtensions, TlsProtocol.EXT_RenegotiationInfo) == null;
        boolean z2 = !Arrays.contains(clientHandshakeState.offeredCipherSuites, 255);
        if (z && z2) {
            clientHandshakeState.offeredCipherSuites = Arrays.append(clientHandshakeState.offeredCipherSuites, 255);
        }
        if (isFallback && !Arrays.contains(clientHandshakeState.offeredCipherSuites, CipherSuite.TLS_FALLBACK_SCSV)) {
            clientHandshakeState.offeredCipherSuites = Arrays.append(clientHandshakeState.offeredCipherSuites, CipherSuite.TLS_FALLBACK_SCSV);
        }
        clientHandshakeState.heartbeat = clientHandshakeState.client.getHeartbeat();
        clientHandshakeState.heartbeatPolicy = clientHandshakeState.client.getHeartbeatPolicy();
        if (clientHandshakeState.heartbeat != null || 1 == clientHandshakeState.heartbeatPolicy) {
            TlsExtensionsUtils.addHeartbeatExtension(clientHandshakeState.clientExtensions, new HeartbeatExtension(clientHandshakeState.heartbeatPolicy));
        }
        ClientHello clientHello = new ClientHello(protocolVersion, securityParametersHandshake.getClientRandom(), bArr, TlsUtils.EMPTY_BYTES, clientHandshakeState.offeredCipherSuites, clientHandshakeState.clientExtensions);
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        clientHello.encode(clientHandshakeState.clientContext, byteArrayOutputStream);
        return byteArrayOutputStream.toByteArray();
    }

    protected byte[] generateClientKeyExchange(ClientHandshakeState clientHandshakeState) throws IOException {
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        clientHandshakeState.keyExchange.generateClientKeyExchange(byteArrayOutputStream);
        return byteArrayOutputStream.toByteArray();
    }

    protected void invalidateSession(ClientHandshakeState clientHandshakeState) {
        if (clientHandshakeState.sessionMasterSecret != null) {
            clientHandshakeState.sessionMasterSecret.destroy();
            clientHandshakeState.sessionMasterSecret = null;
        }
        if (clientHandshakeState.sessionParameters != null) {
            clientHandshakeState.sessionParameters.clear();
            clientHandshakeState.sessionParameters = null;
        }
        if (clientHandshakeState.tlsSession != null) {
            clientHandshakeState.tlsSession.invalidate();
            clientHandshakeState.tlsSession = null;
        }
    }

    protected void processCertificateRequest(ClientHandshakeState clientHandshakeState, byte[] bArr) throws IOException {
        if (clientHandshakeState.authentication == null) {
            throw new TlsFatalAlert((short) 40);
        }
        ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(bArr);
        clientHandshakeState.certificateRequest = CertificateRequest.parse(clientHandshakeState.clientContext, byteArrayInputStream);
        TlsProtocol.assertEmpty(byteArrayInputStream);
    }

    protected void processCertificateStatus(ClientHandshakeState clientHandshakeState, byte[] bArr) throws IOException {
        if (!clientHandshakeState.allowCertificateStatus) {
            throw new TlsFatalAlert((short) 10);
        }
        ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(bArr);
        clientHandshakeState.certificateStatus = CertificateStatus.parse(byteArrayInputStream);
        TlsProtocol.assertEmpty(byteArrayInputStream);
    }

    protected byte[] processHelloVerifyRequest(ClientHandshakeState clientHandshakeState, byte[] bArr) throws IOException {
        ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(bArr);
        ProtocolVersion readVersion = TlsUtils.readVersion(byteArrayInputStream);
        byte[] readOpaque8 = TlsUtils.readOpaque8(byteArrayInputStream, 0, ProtocolVersion.DTLSv12.isEqualOrEarlierVersionOf(readVersion) ? 255 : 32);
        TlsProtocol.assertEmpty(byteArrayInputStream);
        if (readVersion.isEqualOrEarlierVersionOf(clientHandshakeState.clientContext.getClientVersion())) {
            return readOpaque8;
        }
        throw new TlsFatalAlert((short) 47);
    }

    protected void processNewSessionTicket(ClientHandshakeState clientHandshakeState, byte[] bArr) throws IOException {
        ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(bArr);
        NewSessionTicket parse = NewSessionTicket.parse(byteArrayInputStream);
        TlsProtocol.assertEmpty(byteArrayInputStream);
        clientHandshakeState.client.notifyNewSessionTicket(parse);
    }

    protected void processServerCertificate(ClientHandshakeState clientHandshakeState, byte[] bArr) throws IOException {
        TlsUtils.receiveServerCertificate(clientHandshakeState.clientContext, new ByteArrayInputStream(bArr));
        clientHandshakeState.authentication = clientHandshakeState.client.getAuthentication();
        if (clientHandshakeState.authentication == null) {
            throw new TlsFatalAlert((short) 80);
        }
    }

    protected void processServerHello(ClientHandshakeState clientHandshakeState, byte[] bArr) throws IOException {
        ServerHello parse = ServerHello.parse(new ByteArrayInputStream(bArr));
        ProtocolVersion version = parse.getVersion();
        clientHandshakeState.serverExtensions = parse.getExtensions();
        SecurityParameters securityParametersHandshake = clientHandshakeState.clientContext.getSecurityParametersHandshake();
        reportServerVersion(clientHandshakeState, version);
        securityParametersHandshake.serverRandom = parse.getRandom();
        if (!clientHandshakeState.clientContext.getClientVersion().equals(version)) {
            TlsUtils.checkDowngradeMarker(version, securityParametersHandshake.getServerRandom());
        }
        byte[] sessionID = parse.getSessionID();
        securityParametersHandshake.sessionID = sessionID;
        clientHandshakeState.client.notifySessionID(sessionID);
        boolean z = false;
        clientHandshakeState.resumedSession = sessionID.length > 0 && clientHandshakeState.tlsSession != null && Arrays.areEqual(sessionID, clientHandshakeState.tlsSession.getSessionID());
        int cipherSuite = parse.getCipherSuite();
        if (!Arrays.contains(clientHandshakeState.offeredCipherSuites, cipherSuite) || cipherSuite == 0 || CipherSuite.isSCSV(cipherSuite) || !TlsUtils.isValidCipherSuiteForVersion(cipherSuite, clientHandshakeState.clientContext.getServerVersion())) {
            throw new TlsFatalAlert((short) 47);
        }
        securityParametersHandshake.cipherSuite = validateSelectedCipherSuite(cipherSuite, (short) 47);
        TlsUtils.negotiatedCipherSuite(clientHandshakeState.clientContext);
        clientHandshakeState.client.notifySelectedCipherSuite(cipherSuite);
        boolean hasExtendedMasterSecretExtension = TlsExtensionsUtils.hasExtendedMasterSecretExtension(clientHandshakeState.serverExtensions);
        if (hasExtendedMasterSecretExtension) {
            if (version.isSSL() || (!clientHandshakeState.resumedSession && !clientHandshakeState.client.shouldUseExtendedMasterSecret())) {
                throw new TlsFatalAlert((short) 40);
            }
        } else if (clientHandshakeState.client.requiresExtendedMasterSecret() || (clientHandshakeState.resumedSession && !clientHandshakeState.client.allowLegacyResumption())) {
            throw new TlsFatalAlert((short) 40);
        }
        securityParametersHandshake.extendedMasterSecret = hasExtendedMasterSecretExtension;
        if (clientHandshakeState.serverExtensions != null) {
            Enumeration keys = clientHandshakeState.serverExtensions.keys();
            while (keys.hasMoreElements()) {
                Integer num = (Integer) keys.nextElement();
                if (!num.equals(TlsProtocol.EXT_RenegotiationInfo)) {
                    if (TlsUtils.getExtensionData(clientHandshakeState.clientExtensions, num) == null) {
                        throw new TlsFatalAlert(AlertDescription.unsupported_extension);
                    }
                    boolean z2 = clientHandshakeState.resumedSession;
                }
            }
        }
        byte[] extensionData = TlsUtils.getExtensionData(clientHandshakeState.serverExtensions, TlsProtocol.EXT_RenegotiationInfo);
        if (extensionData != null) {
            securityParametersHandshake.secureRenegotiation = true;
            if (!Arrays.constantTimeAreEqual(extensionData, TlsProtocol.createRenegotiationInfo(TlsUtils.EMPTY_BYTES))) {
                throw new TlsFatalAlert((short) 40);
            }
        }
        clientHandshakeState.client.notifySecureRenegotiation(securityParametersHandshake.isSecureRenegotiation());
        securityParametersHandshake.applicationProtocol = TlsExtensionsUtils.getALPNExtensionServer(clientHandshakeState.serverExtensions);
        securityParametersHandshake.applicationProtocolSet = true;
        HeartbeatExtension heartbeatExtension = TlsExtensionsUtils.getHeartbeatExtension(clientHandshakeState.serverExtensions);
        Hashtable hashtable = null;
        if (heartbeatExtension == null) {
            clientHandshakeState.heartbeat = null;
            clientHandshakeState.heartbeatPolicy = (short) 2;
        } else if (1 != heartbeatExtension.getMode()) {
            clientHandshakeState.heartbeat = null;
        }
        Hashtable hashtable2 = clientHandshakeState.clientExtensions;
        Hashtable hashtable3 = clientHandshakeState.serverExtensions;
        if (!clientHandshakeState.resumedSession) {
            hashtable = hashtable2;
        } else {
            if (securityParametersHandshake.getCipherSuite() != clientHandshakeState.sessionParameters.getCipherSuite() || clientHandshakeState.sessionParameters.getCompressionAlgorithm() != 0 || !version.equals(clientHandshakeState.sessionParameters.getNegotiatedVersion())) {
                throw new TlsFatalAlert((short) 47);
            }
            hashtable3 = clientHandshakeState.sessionParameters.readServerExtensions();
        }
        if (hashtable3 != null && !hashtable3.isEmpty()) {
            boolean hasEncryptThenMACExtension = TlsExtensionsUtils.hasEncryptThenMACExtension(hashtable3);
            if (hasEncryptThenMACExtension && !TlsUtils.isBlockCipherSuite(securityParametersHandshake.getCipherSuite())) {
                throw new TlsFatalAlert((short) 47);
            }
            securityParametersHandshake.encryptThenMAC = hasEncryptThenMACExtension;
            securityParametersHandshake.maxFragmentLength = evaluateMaxFragmentLengthExtension(clientHandshakeState.resumedSession, hashtable, hashtable3, (short) 47);
            securityParametersHandshake.truncatedHMac = TlsExtensionsUtils.hasTruncatedHMacExtension(hashtable3);
            clientHandshakeState.allowCertificateStatus = !clientHandshakeState.resumedSession && TlsUtils.hasExpectedEmptyExtensionData(hashtable3, TlsExtensionsUtils.EXT_status_request, (short) 47);
            if (!clientHandshakeState.resumedSession && TlsUtils.hasExpectedEmptyExtensionData(hashtable3, TlsProtocol.EXT_SessionTicket, (short) 47)) {
                z = true;
            }
            clientHandshakeState.expectSessionTicket = z;
        }
        if (hashtable != null) {
            clientHandshakeState.client.processServerExtensions(hashtable3);
        }
        securityParametersHandshake.prfAlgorithm = TlsProtocol.getPRFAlgorithm(clientHandshakeState.clientContext, securityParametersHandshake.getCipherSuite());
        securityParametersHandshake.verifyDataLength = 12;
    }

    protected void processServerKeyExchange(ClientHandshakeState clientHandshakeState, byte[] bArr) throws IOException {
        ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(bArr);
        clientHandshakeState.keyExchange.processServerKeyExchange(byteArrayInputStream);
        TlsProtocol.assertEmpty(byteArrayInputStream);
    }

    protected void processServerSupplementalData(ClientHandshakeState clientHandshakeState, byte[] bArr) throws IOException {
        clientHandshakeState.client.processServerSupplementalData(TlsProtocol.readSupplementalDataMessage(new ByteArrayInputStream(bArr)));
    }

    protected void reportServerVersion(ClientHandshakeState clientHandshakeState, ProtocolVersion protocolVersion) throws IOException {
        TlsClientContextImpl tlsClientContextImpl = clientHandshakeState.clientContext;
        SecurityParameters securityParametersHandshake = tlsClientContextImpl.getSecurityParametersHandshake();
        ProtocolVersion negotiatedVersion = securityParametersHandshake.getNegotiatedVersion();
        if (negotiatedVersion != null) {
            if (!negotiatedVersion.equals(protocolVersion)) {
                throw new TlsFatalAlert((short) 47);
            }
        } else {
            if (!ProtocolVersion.isSupportedDTLSVersion(protocolVersion) || !ProtocolVersion.contains(tlsClientContextImpl.getClientSupportedVersions(), protocolVersion)) {
                throw new TlsFatalAlert((short) 47);
            }
            securityParametersHandshake.negotiatedVersion = protocolVersion;
            TlsUtils.negotiatedVersion(tlsClientContextImpl);
            clientHandshakeState.client.notifyServerVersion(protocolVersion);
        }
    }
}
