package org.bouncycastle.tls;

import com.braze.support.ValidationUtils;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.math.BigInteger;
import java.util.Arrays;
import java.util.Enumeration;
import java.util.Hashtable;
import java.util.Vector;
import org.bouncycastle.asn1.ASN1Integer;
import org.bouncycastle.asn1.ASN1OctetString;
import org.bouncycastle.asn1.ASN1Primitive;
import org.bouncycastle.asn1.ASN1Sequence;
import org.bouncycastle.tls.crypto.TlsAgreement;
import org.bouncycastle.tls.crypto.TlsCryptoUtils;
import org.bouncycastle.tls.crypto.TlsNullNullCipher;
import org.bouncycastle.tls.crypto.TlsSecret;
import org.bouncycastle.tls.crypto.impl.AbstractTlsSecret;
import org.bouncycastle.tls.crypto.impl.jcajce.JcaTlsCertificate;
import org.bouncycastle.tls.crypto.impl.jcajce.JcaTlsCrypto;
import org.bouncycastle.tls.crypto.impl.jcajce.JceTlsSecret;

/* loaded from: classes3.dex */
public class TlsClientProtocol extends TlsProtocol {
    public Hashtable A;
    public ClientHello B;
    public byte[] C;
    public int D;
    public AbstractTlsKeyExchange E;
    public TlsAuthentication F;
    public CertificateStatus G;
    public CertificateRequest H;
    public TlsClient y;
    public TlsClientContextImpl z;

    public TlsClientProtocol() {
        this.y = null;
        this.z = null;
        this.A = null;
        this.B = null;
        this.C = null;
        this.D = -1;
        this.E = null;
        this.F = null;
        this.G = null;
        this.H = null;
    }

    public TlsClientProtocol(InputStream inputStream, OutputStream outputStream) {
        super(inputStream, outputStream);
        this.y = null;
        this.z = null;
        this.A = null;
        this.B = null;
        this.C = null;
        this.D = -1;
        this.E = null;
        this.F = null;
        this.G = null;
        this.H = null;
    }

    public final void X(TlsClient tlsClient) throws IOException {
        if (this.y != null) {
            throw new IllegalStateException("'connect' can only be called once");
        }
        this.y = tlsClient;
        TlsClientContextImpl tlsClientContextImpl = new TlsClientContextImpl(tlsClient.f());
        this.z = tlsClientContextImpl;
        AbstractTlsClient abstractTlsClient = (AbstractTlsClient) tlsClient;
        abstractTlsClient.a = tlsClientContextImpl;
        abstractTlsClient.b = abstractTlsClient.y();
        abstractTlsClient.c = abstractTlsClient.x();
        RecordStream recordStream = this.d;
        recordStream.getClass();
        TlsNullNullCipher tlsNullNullCipher = TlsNullNullCipher.a;
        recordStream.f = tlsNullNullCipher;
        recordStream.g = tlsNullNullCipher;
        recordStream.k = 16384;
        tlsNullNullCipher.e(16384);
        recordStream.l = 16384;
        c();
        if (this.t) {
            d();
        }
    }

    public final void Y() throws IOException {
        TlsClientContextImpl tlsClientContextImpl = this.z;
        CertificateStatus certificateStatus = this.G;
        AbstractTlsKeyExchange abstractTlsKeyExchange = this.E;
        TlsAuthentication tlsAuthentication = this.F;
        Hashtable hashtable = this.n;
        Hashtable hashtable2 = this.o;
        byte[] bArr = TlsUtils.a;
        SecurityParameters c = tlsClientContextImpl.c();
        boolean E = TlsUtils.E(c.J);
        if (tlsAuthentication == null) {
            if (E) {
                throw new TlsFatalAlert((short) 80, null);
            }
            abstractTlsKeyExchange.m();
            return;
        }
        Certificate certificate = c.I;
        byte[] extensionValue = ((JcaTlsCertificate) certificate.c(0)).b.getExtensionValue(TlsObjectIdentifiers.a.a);
        byte[] bArr2 = extensionValue == null ? null : ((ASN1OctetString) ASN1Primitive.z(extensionValue)).a;
        if (bArr2 != null) {
            Enumeration G = ((ASN1Sequence) TlsUtils.O(bArr2)).G();
            while (G.hasMoreElements()) {
                ASN1Integer aSN1Integer = (ASN1Integer) G.nextElement();
                aSN1Integer.getClass();
                BigInteger bigInteger = new BigInteger(1, aSN1Integer.a);
                if (bigInteger.bitLength() <= 16) {
                    Integer valueOf = Integer.valueOf(bigInteger.intValue());
                    if (hashtable.containsKey(valueOf) && !hashtable2.containsKey(valueOf)) {
                        throw new TlsFatalAlert((short) 46, null);
                    }
                }
            }
        }
        if (!E) {
            abstractTlsKeyExchange.i(certificate);
        }
        tlsAuthentication.b(new TlsServerCertificateImpl(certificate, certificateStatus));
    }

    /* JADX WARN: Failed to find 'out' block for switch in B:15:0x0038. Please report as an issue. */
    /* JADX WARN: Multi-variable type inference failed */
    public final void Z(Vector vector) throws IOException {
        AbstractTlsKeyExchange tlsRSAKeyExchange;
        AbstractTlsKeyExchange tlsDHEKeyExchange;
        ((AbstractTlsClient) this.y).getClass();
        if (vector != null) {
            throw new TlsFatalAlert((short) 10, null);
        }
        this.p = (short) 6;
        TlsClientContextImpl tlsClientContextImpl = this.z;
        TlsClient tlsClient = this.y;
        byte[] bArr = TlsUtils.a;
        int i = tlsClientContextImpl.c().G;
        ((AbstractTlsPeer) tlsClient).getClass();
        new DefaultTlsKeyExchangeFactory();
        if (i != 1) {
            if (i == 3 || i == 5) {
                tlsDHEKeyExchange = new TlsDHEKeyExchange(i, tlsClient.v(), null);
            } else if (i == 7 || i == 9) {
                tlsRSAKeyExchange = new TlsDHKeyExchange(i);
            } else if (i != 11) {
                switch (i) {
                    case 13:
                    case 15:
                    case 24:
                        tlsRSAKeyExchange = new TlsPSKKeyExchange(i, null, null, null);
                        break;
                    case 14:
                        tlsDHEKeyExchange = new TlsPSKKeyExchange(i, tlsClient.v(), null, null);
                        break;
                    case 16:
                    case 18:
                        tlsRSAKeyExchange = new TlsECDHKeyExchange(i);
                        break;
                    case 17:
                    case 19:
                        tlsRSAKeyExchange = new TlsECDHEKeyExchange(i, null);
                        break;
                    case 20:
                        tlsRSAKeyExchange = new TlsECDHanonKeyExchange(i, null);
                        break;
                    case 21:
                    case 22:
                    case 23:
                        tlsRSAKeyExchange = new TlsSRPKeyExchange(i, new DefaultTlsSRPConfigVerifier());
                        break;
                    default:
                        throw new TlsFatalAlert((short) 80, null);
                }
            } else {
                tlsDHEKeyExchange = new TlsDHanonKeyExchange(i, tlsClient.v(), null);
            }
            tlsRSAKeyExchange = tlsDHEKeyExchange;
        } else {
            tlsRSAKeyExchange = new TlsRSAKeyExchange(i);
        }
        tlsRSAKeyExchange.b = tlsClientContextImpl;
        this.E = tlsRSAKeyExchange;
    }

    public final void a0(ServerHello serverHello, boolean z) throws IOException {
        KeyShareEntry keyShareEntry;
        byte[] bArr;
        SecurityParameters c = this.z.c();
        ProtocolVersion protocolVersion = serverHello.a;
        byte[] bArr2 = serverHello.c;
        int i = serverHello.d;
        if (!ProtocolVersion.f.b(protocolVersion) || !Arrays.equals(this.B.c, bArr2)) {
            throw new TlsFatalAlert((short) 47, null);
        }
        Hashtable hashtable = serverHello.e;
        if (hashtable == null) {
            throw new TlsFatalAlert((short) 47, null);
        }
        if (z) {
            ProtocolVersion g = TlsExtensionsUtils.g(hashtable);
            if (g == null) {
                throw new TlsFatalAlert((short) 109, null);
            }
            if (!c.J.b(g) || c.c != i) {
                throw new TlsFatalAlert((short) 47, null);
            }
        } else {
            if (!TlsUtils.G(i, this.B.e) || !TlsUtils.J(i, c.J)) {
                throw new TlsFatalAlert((short) 47, null);
            }
            this.q = false;
            byte[] bArr3 = TlsUtils.d;
            c.s = bArr3;
            this.y.m(bArr3);
            TlsUtils.K(c, i);
            this.y.q(i);
        }
        this.B = null;
        c.q = serverHello.b;
        c.b = true;
        this.y.getClass();
        c.w = true;
        byte[] t = TlsUtils.t(hashtable, TlsExtensionsUtils.h);
        if (t == null) {
            keyShareEntry = null;
        } else {
            ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(t);
            keyShareEntry = new KeyShareEntry(TlsUtils.V(byteArrayInputStream), TlsUtils.Q(byteArrayInputStream));
            TlsProtocol.b(byteArrayInputStream);
        }
        if (keyShareEntry == null) {
            throw new TlsFatalAlert((short) 47, null);
        }
        TlsAgreement tlsAgreement = (TlsAgreement) this.A.get(Integer.valueOf(keyShareEntry.a));
        if (tlsAgreement == null) {
            throw new TlsFatalAlert((short) 47, null);
        }
        this.A = null;
        tlsAgreement.b(keyShareEntry.b);
        c.m = tlsAgreement.c();
        TlsClientContextImpl tlsClientContextImpl = this.z;
        SecurityParameters c2 = tlsClientContextImpl.c();
        short s = c2.f;
        byte[] bArr4 = new byte[c2.g];
        TlsSecret tlsSecret = c2.m;
        if (tlsSecret != null) {
            c2.m = null;
            bArr = ((AbstractTlsSecret) tlsSecret).c();
        } else {
            bArr = bArr4;
        }
        JcaTlsCrypto jcaTlsCrypto = (JcaTlsCrypto) tlsClientContextImpl.a;
        byte[] b = jcaTlsCrypto.m(s).b();
        JceTlsSecret e = new JceTlsSecret(jcaTlsCrypto, new byte[HashAlgorithm.b(s)]).e(s, bArr4);
        JceTlsSecret e2 = TlsCryptoUtils.a(e, c2.f, "derived", b, c2.g).e(s, bArr);
        JceTlsSecret e3 = TlsCryptoUtils.a(e2, c2.f, "derived", b, c2.g).e(s, bArr4);
        c2.i = e;
        c2.k = e2;
        c2.l = e3;
        w();
        this.k = new TlsSessionImpl(c.s, null);
        this.l = null;
        this.m = null;
    }

    public final void b0() throws IOException {
        HandshakeMessageOutput handshakeMessageOutput = new HandshakeMessageOutput((short) 1);
        ClientHello clientHello = this.B;
        ProtocolVersion protocolVersion = clientHello.a;
        handshakeMessageOutput.write(protocolVersion.a >> 8);
        handshakeMessageOutput.write(protocolVersion.a & ValidationUtils.APPBOY_STRING_MAX_LENGTH);
        handshakeMessageOutput.write(clientHello.b);
        TlsUtils.k0(handshakeMessageOutput, clientHello.c);
        byte[] bArr = clientHello.d;
        if (bArr != null) {
            TlsUtils.k0(handshakeMessageOutput, bArr);
        }
        int[] iArr = clientHello.e;
        int length = iArr.length * 2;
        TlsUtils.f(length);
        handshakeMessageOutput.write(length >>> 8);
        handshakeMessageOutput.write(length);
        for (int i : iArr) {
            handshakeMessageOutput.write(i >>> 8);
            handshakeMessageOutput.write(i);
        }
        short[] sArr = {0};
        TlsUtils.g(1);
        handshakeMessageOutput.write(1);
        for (int i2 = 0; i2 < 1; i2++) {
            handshakeMessageOutput.write(sArr[i2]);
        }
        TlsProtocol.U(handshakeMessageOutput, clientHello.f);
        handshakeMessageOutput.a(this);
    }

    /* JADX WARN: Code restructure failed: missing block: B:191:0x037a, code lost:
    
        if (r5 == false) goto L194;
     */
    /* JADX WARN: Code restructure failed: missing block: B:47:0x00c2, code lost:
    
        if (r8.length <= 32) goto L62;
     */
    @Override // org.bouncycastle.tls.TlsProtocol
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public final void c() throws java.io.IOException {
        /*
            Method dump skipped, instructions count: 1502
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: org.bouncycastle.tls.TlsClientProtocol.c():void");
    }

    @Override // org.bouncycastle.tls.TlsProtocol
    public final void e() {
        super.e();
        this.A = null;
        this.B = null;
        this.C = null;
        this.D = -1;
        this.E = null;
        this.F = null;
        this.G = null;
        this.H = null;
    }

    @Override // org.bouncycastle.tls.TlsProtocol
    public final TlsContext o() {
        return this.z;
    }

    @Override // org.bouncycastle.tls.TlsProtocol
    public final AbstractTlsContext p() {
        return this.z;
    }

    @Override // org.bouncycastle.tls.TlsProtocol
    public final TlsPeer q() {
        return this.y;
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Removed duplicated region for block: B:179:0x031d  */
    /* JADX WARN: Removed duplicated region for block: B:181:0x035e  */
    /* JADX WARN: Removed duplicated region for block: B:184:0x0367  */
    /* JADX WARN: Removed duplicated region for block: B:228:0x0378  */
    /* JADX WARN: Removed duplicated region for block: B:229:0x0464  */
    /* JADX WARN: Removed duplicated region for block: B:231:0x0325  */
    /* JADX WARN: Removed duplicated region for block: B:243:0x046c  */
    @Override // org.bouncycastle.tls.TlsProtocol
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public final void v(short r18, org.bouncycastle.tls.HandshakeMessageInput r19) throws java.io.IOException {
        /*
            Method dump skipped, instructions count: 2906
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: org.bouncycastle.tls.TlsClientProtocol.v(short, org.bouncycastle.tls.HandshakeMessageInput):void");
    }
}
