package org.spongycastle.crypto.tls;

import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.security.SecureRandom;
import java.util.Enumeration;
import java.util.Hashtable;
import java.util.Vector;
import org.spongycastle.crypto.tls.TlsProtocol;
import org.spongycastle.util.Arrays;

/* loaded from: classes7.dex */
public class TlsClientProtocol extends TlsProtocol {
    public TlsClient G;
    public TlsClientContextImpl H;
    public byte[] I;
    public TlsKeyExchange J;
    public TlsAuthentication K;
    public CertificateStatus L;
    public CertificateRequest M;

    public TlsClientProtocol(InputStream inputStream, OutputStream outputStream, SecureRandom secureRandom) {
        super(inputStream, outputStream, secureRandom);
        this.G = null;
        this.H = null;
        this.I = null;
        this.J = null;
        this.K = null;
        this.L = null;
        this.M = null;
    }

    public TlsClientProtocol(SecureRandom secureRandom) {
        super(secureRandom);
        this.G = null;
        this.H = null;
        this.I = null;
        this.J = null;
        this.K = null;
        this.L = null;
        this.M = null;
    }

    @Override // org.spongycastle.crypto.tls.TlsProtocol
    public void cleanupHandshake() {
        super.cleanupHandshake();
        this.I = null;
        this.J = null;
        this.K = null;
        this.L = null;
        this.M = null;
    }

    @Override // org.spongycastle.crypto.tls.TlsProtocol
    public TlsContext getContext() {
        return this.H;
    }

    @Override // org.spongycastle.crypto.tls.TlsProtocol
    public AbstractTlsContext getContextAdmin() {
        return this.H;
    }

    @Override // org.spongycastle.crypto.tls.TlsProtocol
    public TlsPeer getPeer() {
        return this.G;
    }

    /* JADX WARN: Failed to find 'out' block for switch in B:26:0x0049. Please report as an issue. */
    @Override // org.spongycastle.crypto.tls.TlsProtocol
    public void handleHandshakeMessage(short s, ByteArrayInputStream byteArrayInputStream) throws IOException {
        TlsCredentials clientCredentials;
        if (this.w) {
            if (s != 20 || this.v != 2) {
                throw new TlsFatalAlert((short) 10);
            }
            processFinishedMessage(byteArrayInputStream);
            this.v = (short) 15;
            sendFinishedMessage();
            this.v = (short) 13;
            completeHandshake();
            return;
        }
        if (s == 0) {
            TlsProtocol.assertEmpty(byteArrayInputStream);
            if (this.v == 16) {
                refuseRenegotiation();
                return;
            }
            return;
        }
        if (s == 2) {
            if (this.v != 1) {
                throw new TlsFatalAlert((short) 10);
            }
            receiveServerHelloMessage(byteArrayInputStream);
            this.v = (short) 2;
            this.d.notifyHelloComplete();
            applyMaxFragmentLengthExtension();
            if (this.w) {
                this.p.f = Arrays.clone(this.o.getMasterSecret());
                this.d.setPendingConnectionState(getPeer().getCompression(), getPeer().getCipher());
                sendChangeCipherSpecMessage();
                return;
            } else {
                invalidateSession();
                byte[] bArr = this.I;
                if (bArr.length > 0) {
                    this.n = new TlsSessionImpl(bArr, null);
                    return;
                }
                return;
            }
        }
        if (s == 4) {
            if (this.v != 13) {
                throw new TlsFatalAlert((short) 10);
            }
            if (!this.A) {
                throw new TlsFatalAlert((short) 10);
            }
            invalidateSession();
            receiveNewSessionTicketMessage(byteArrayInputStream);
            this.v = (short) 14;
            return;
        }
        if (s == 20) {
            short s2 = this.v;
            if (s2 != 13) {
                if (s2 != 14) {
                    throw new TlsFatalAlert((short) 10);
                }
            } else if (this.A) {
                throw new TlsFatalAlert((short) 10);
            }
            processFinishedMessage(byteArrayInputStream);
            this.v = (short) 15;
            completeHandshake();
            return;
        }
        if (s == 22) {
            if (this.v != 4) {
                throw new TlsFatalAlert((short) 10);
            }
            if (!this.z) {
                throw new TlsFatalAlert((short) 10);
            }
            this.L = CertificateStatus.parse(byteArrayInputStream);
            TlsProtocol.assertEmpty(byteArrayInputStream);
            this.v = (short) 5;
            return;
        }
        if (s == 23) {
            if (this.v != 2) {
                throw new TlsFatalAlert((short) 10);
            }
            handleSupplementalData(TlsProtocol.readSupplementalDataMessage(byteArrayInputStream));
            return;
        }
        switch (s) {
            case 11:
                short s3 = this.v;
                if (s3 == 2) {
                    handleSupplementalData(null);
                } else if (s3 != 3) {
                    throw new TlsFatalAlert((short) 10);
                }
                this.q = Certificate.parse(byteArrayInputStream);
                TlsProtocol.assertEmpty(byteArrayInputStream);
                Certificate certificate = this.q;
                if (certificate == null || certificate.isEmpty()) {
                    this.z = false;
                }
                this.J.processServerCertificate(this.q);
                TlsAuthentication authentication = this.G.getAuthentication();
                this.K = authentication;
                authentication.notifyServerCertificate(this.q);
                this.v = (short) 4;
                return;
            case 12:
                short s4 = this.v;
                if (s4 == 2) {
                    handleSupplementalData(null);
                } else if (s4 != 3) {
                    if (s4 != 4 && s4 != 5) {
                        throw new TlsFatalAlert((short) 10);
                    }
                    this.J.processServerKeyExchange(byteArrayInputStream);
                    TlsProtocol.assertEmpty(byteArrayInputStream);
                    this.v = (short) 6;
                    return;
                }
                this.J.skipServerCredentials();
                this.K = null;
                this.J.processServerKeyExchange(byteArrayInputStream);
                TlsProtocol.assertEmpty(byteArrayInputStream);
                this.v = (short) 6;
                return;
            case 13:
                short s5 = this.v;
                if (s5 == 4 || s5 == 5) {
                    this.J.skipServerKeyExchange();
                } else if (s5 != 6) {
                    throw new TlsFatalAlert((short) 10);
                }
                if (this.K == null) {
                    throw new TlsFatalAlert((short) 40);
                }
                this.M = CertificateRequest.parse(getContext(), byteArrayInputStream);
                TlsProtocol.assertEmpty(byteArrayInputStream);
                this.J.validateCertificateRequest(this.M);
                TlsUtils.trackHashAlgorithms(this.d.getHandshakeHash(), this.M.getSupportedSignatureAlgorithms());
                this.v = (short) 7;
                return;
            case 14:
                switch (this.v) {
                    case 2:
                        handleSupplementalData(null);
                    case 3:
                        this.J.skipServerCredentials();
                        this.K = null;
                    case 4:
                    case 5:
                        this.J.skipServerKeyExchange();
                    case 6:
                    case 7:
                        TlsProtocol.assertEmpty(byteArrayInputStream);
                        this.v = (short) 8;
                        this.d.getHandshakeHash().sealHashAlgorithms();
                        Vector clientSupplementalData = this.G.getClientSupplementalData();
                        if (clientSupplementalData != null) {
                            sendSupplementalDataMessage(clientSupplementalData);
                        }
                        this.v = (short) 9;
                        CertificateRequest certificateRequest = this.M;
                        if (certificateRequest == null) {
                            this.J.skipClientCredentials();
                            clientCredentials = null;
                        } else {
                            clientCredentials = this.K.getClientCredentials(certificateRequest);
                            if (clientCredentials == null) {
                                this.J.skipClientCredentials();
                                sendCertificateMessage(Certificate.b);
                            } else {
                                this.J.processClientCredentials(clientCredentials);
                                sendCertificateMessage(clientCredentials.getCertificate());
                            }
                        }
                        this.v = (short) 10;
                        sendClientKeyExchangeMessage();
                        this.v = (short) 11;
                        if (TlsUtils.isSSL(getContext())) {
                            TlsProtocol.establishMasterSecret(getContext(), this.J);
                        }
                        TlsHandshakeHash prepareToFinish = this.d.prepareToFinish();
                        this.p.i = TlsProtocol.getCurrentPRFHash(getContext(), prepareToFinish, null);
                        if (!TlsUtils.isSSL(getContext())) {
                            TlsProtocol.establishMasterSecret(getContext(), this.J);
                        }
                        this.d.setPendingConnectionState(getPeer().getCompression(), getPeer().getCipher());
                        if (clientCredentials != null && (clientCredentials instanceof TlsSignerCredentials)) {
                            TlsSignerCredentials tlsSignerCredentials = (TlsSignerCredentials) clientCredentials;
                            SignatureAndHashAlgorithm signatureAndHashAlgorithm = TlsUtils.getSignatureAndHashAlgorithm(getContext(), tlsSignerCredentials);
                            sendCertificateVerifyMessage(new DigitallySigned(signatureAndHashAlgorithm, tlsSignerCredentials.generateCertificateSignature(signatureAndHashAlgorithm == null ? this.p.getSessionHash() : prepareToFinish.getFinalHash(signatureAndHashAlgorithm.getHash()))));
                            this.v = (short) 12;
                        }
                        sendChangeCipherSpecMessage();
                        sendFinishedMessage();
                        this.v = (short) 13;
                        return;
                    default:
                        throw new TlsFatalAlert((short) 10);
                }
                break;
            default:
                throw new TlsFatalAlert((short) 10);
        }
    }

    public void handleSupplementalData(Vector vector) throws IOException {
        this.G.processServerSupplementalData(vector);
        this.v = (short) 3;
        TlsKeyExchange keyExchange = this.G.getKeyExchange();
        this.J = keyExchange;
        keyExchange.init(getContext());
    }

    public void receiveNewSessionTicketMessage(ByteArrayInputStream byteArrayInputStream) throws IOException {
        NewSessionTicket parse = NewSessionTicket.parse(byteArrayInputStream);
        TlsProtocol.assertEmpty(byteArrayInputStream);
        this.G.notifyNewSessionTicket(parse);
    }

    public void receiveServerHelloMessage(ByteArrayInputStream byteArrayInputStream) throws IOException {
        TlsSession tlsSession;
        ProtocolVersion readVersion = TlsUtils.readVersion(byteArrayInputStream);
        if (readVersion.isDTLS()) {
            throw new TlsFatalAlert((short) 47);
        }
        if (!readVersion.equals(this.d.getReadVersion())) {
            throw new TlsFatalAlert((short) 47);
        }
        if (!readVersion.isEqualOrEarlierVersionOf(getContext().getClientVersion())) {
            throw new TlsFatalAlert((short) 47);
        }
        this.d.setWriteVersion(readVersion);
        getContextAdmin().setServerVersion(readVersion);
        this.G.notifyServerVersion(readVersion);
        this.p.h = TlsUtils.readFully(32, byteArrayInputStream);
        byte[] readOpaque8 = TlsUtils.readOpaque8(byteArrayInputStream);
        this.I = readOpaque8;
        if (readOpaque8.length > 32) {
            throw new TlsFatalAlert((short) 47);
        }
        this.G.notifySessionID(readOpaque8);
        byte[] bArr = this.I;
        boolean z = false;
        this.w = bArr.length > 0 && (tlsSession = this.n) != null && Arrays.areEqual(bArr, tlsSession.getSessionID());
        int readUint16 = TlsUtils.readUint16(byteArrayInputStream);
        if (!Arrays.contains(this.r, readUint16) || readUint16 == 0 || CipherSuite.isSCSV(readUint16) || !TlsUtils.isValidCipherSuiteForVersion(readUint16, getContext().getServerVersion())) {
            throw new TlsFatalAlert((short) 47);
        }
        this.G.notifySelectedCipherSuite(readUint16);
        short readUint8 = TlsUtils.readUint8(byteArrayInputStream);
        if (!Arrays.contains(this.s, readUint8)) {
            throw new TlsFatalAlert((short) 47);
        }
        this.G.notifySelectedCompressionMethod(readUint8);
        Hashtable readExtensions = TlsProtocol.readExtensions(byteArrayInputStream);
        this.u = readExtensions;
        if (readExtensions != null) {
            Enumeration keys = readExtensions.keys();
            while (keys.hasMoreElements()) {
                Integer num = (Integer) keys.nextElement();
                if (!num.equals(TlsProtocol.E) && TlsUtils.getExtensionData(this.t, num) == null) {
                    throw new TlsFatalAlert((short) 110);
                }
            }
        }
        byte[] extensionData = TlsUtils.getExtensionData(this.u, TlsProtocol.E);
        if (extensionData != null) {
            this.y = true;
            if (!Arrays.constantTimeAreEqual(extensionData, TlsProtocol.createRenegotiationInfo(TlsUtils.a))) {
                throw new TlsFatalAlert((short) 40);
            }
        }
        this.G.notifySecureRenegotiation(this.y);
        Hashtable hashtable = this.t;
        Hashtable hashtable2 = this.u;
        if (this.w) {
            if (readUint16 != this.o.getCipherSuite() || readUint8 != this.o.getCompressionAlgorithm()) {
                throw new TlsFatalAlert((short) 47);
            }
            hashtable2 = this.o.readServerExtensions();
            hashtable = null;
        }
        SecurityParameters securityParameters = this.p;
        securityParameters.b = readUint16;
        securityParameters.c = readUint8;
        if (hashtable2 != null) {
            boolean hasEncryptThenMACExtension = TlsExtensionsUtils.hasEncryptThenMACExtension(hashtable2);
            if (hasEncryptThenMACExtension && !TlsUtils.isBlockCipherSuite(readUint16)) {
                throw new TlsFatalAlert((short) 47);
            }
            SecurityParameters securityParameters2 = this.p;
            securityParameters2.n = hasEncryptThenMACExtension;
            securityParameters2.o = TlsExtensionsUtils.hasExtendedMasterSecretExtension(hashtable2);
            this.p.l = processMaxFragmentLengthExtension(hashtable, hashtable2, (short) 47);
            this.p.m = TlsExtensionsUtils.hasTruncatedHMacExtension(hashtable2);
            this.z = !this.w && TlsUtils.hasExpectedEmptyExtensionData(hashtable2, TlsExtensionsUtils.g, (short) 47);
            if (!this.w && TlsUtils.hasExpectedEmptyExtensionData(hashtable2, TlsProtocol.F, (short) 47)) {
                z = true;
            }
            this.A = z;
        }
        if (hashtable != null) {
            this.G.processServerExtensions(hashtable2);
        }
        this.p.d = TlsProtocol.getPRFAlgorithm(getContext(), this.p.getCipherSuite());
        this.p.e = 12;
    }

    public void sendCertificateVerifyMessage(DigitallySigned digitallySigned) throws IOException {
        TlsProtocol.HandshakeMessage handshakeMessage = new TlsProtocol.HandshakeMessage(this, (short) 15);
        digitallySigned.encode(handshakeMessage);
        handshakeMessage.writeToRecordStream();
    }

    public void sendClientKeyExchangeMessage() throws IOException {
        TlsProtocol.HandshakeMessage handshakeMessage = new TlsProtocol.HandshakeMessage(this, (short) 16);
        this.J.generateClientKeyExchange(handshakeMessage);
        handshakeMessage.writeToRecordStream();
    }
}
