package m.c.c.f1;

import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.security.SecureRandom;
import java.util.Enumeration;
import java.util.Hashtable;
import java.util.Vector;
import m.c.c.f1.o2;
import m.c.c.f1.q0;

/* loaded from: classes2.dex */
public class k0 extends n0 {

    /* JADX INFO: Access modifiers changed from: protected */
    /* loaded from: classes2.dex */
    public static class a {
        b3 client = null;
        d3 clientContext = null;
        t4 tlsSession = null;
        o2 sessionParameters = null;
        o2.b sessionParametersBuilder = null;
        int[] offeredCipherSuites = null;
        short[] offeredCompressionMethods = null;
        Hashtable clientExtensions = null;
        Hashtable serverExtensions = null;
        byte[] selectedSessionID = null;
        boolean resumedSession = false;
        boolean secure_renegotiation = false;
        boolean allowCertificateStatus = false;
        boolean expectSessionTicket = false;
        w3 keyExchange = null;
        x2 authentication = null;
        v certificateStatus = null;
        u certificateRequest = null;
        h3 clientCredentials = null;

        protected a() {
        }
    }

    public k0(SecureRandom secureRandom) {
        super(secureRandom);
    }

    protected static byte[] patchClientHelloWithCookie(byte[] bArr, byte[] bArr2) throws IOException {
        int readUint8 = 35 + y4.readUint8(bArr, 34);
        int i2 = readUint8 + 1;
        byte[] bArr3 = new byte[bArr.length + bArr2.length];
        System.arraycopy(bArr, 0, bArr3, 0, readUint8);
        y4.checkUint8(bArr2.length);
        y4.writeUint8(bArr2.length, bArr3, readUint8);
        System.arraycopy(bArr2, 0, bArr3, i2, bArr2.length);
        System.arraycopy(bArr, i2, bArr3, bArr2.length + i2, bArr.length - i2);
        return bArr3;
    }

    protected t0 clientHandshake(a aVar, p0 p0Var) throws IOException {
        q0.b bVar;
        t tVar;
        i2 securityParameters = aVar.clientContext.getSecurityParameters();
        q0 q0Var = new q0(aVar.clientContext, p0Var);
        byte[] generateClientHello = generateClientHello(aVar, aVar.client);
        p0Var.setWriteVersion(c2.DTLSv10);
        q0Var.sendMessage((short) 1, generateClientHello);
        while (true) {
            q0.b receiveMessage = q0Var.receiveMessage();
            if (receiveMessage.getType() != 3) {
                if (receiveMessage.getType() != 2) {
                    throw new t3((short) 10);
                }
                c2 readVersion = p0Var.getReadVersion();
                reportServerVersion(aVar, readVersion);
                p0Var.setWriteVersion(readVersion);
                processServerHello(aVar, receiveMessage.getBody());
                q0Var.notifyHelloComplete();
                n0.applyMaxFragmentLengthExtension(p0Var, securityParameters.maxFragmentLength);
                if (aVar.resumedSession) {
                    securityParameters.masterSecret = m.c.j.a.clone(aVar.sessionParameters.getMasterSecret());
                    p0Var.initPendingEpoch(aVar.client.getCipher());
                    d3 d3Var = aVar.clientContext;
                    processFinished(q0Var.receiveMessageBody((short) 20), y4.calculateVerifyData(d3Var, j1.server_finished, f4.getCurrentPRFHash(d3Var, q0Var.getHandshakeHash(), null)));
                    d3 d3Var2 = aVar.clientContext;
                    q0Var.sendMessage((short) 20, y4.calculateVerifyData(d3Var2, j1.client_finished, f4.getCurrentPRFHash(d3Var2, q0Var.getHandshakeHash(), null)));
                    q0Var.finish();
                    aVar.clientContext.setResumableSession(aVar.tlsSession);
                    aVar.client.notifyHandshakeComplete();
                    return new t0(p0Var);
                }
                invalidateSession(aVar);
                byte[] bArr = aVar.selectedSessionID;
                if (bArr.length > 0) {
                    aVar.tlsSession = new u4(bArr, null);
                }
                q0.b receiveMessage2 = q0Var.receiveMessage();
                if (receiveMessage2.getType() == 23) {
                    processServerSupplementalData(aVar, receiveMessage2.getBody());
                    receiveMessage2 = q0Var.receiveMessage();
                } else {
                    aVar.client.processServerSupplementalData(null);
                }
                w3 keyExchange = aVar.client.getKeyExchange();
                aVar.keyExchange = keyExchange;
                keyExchange.init(aVar.clientContext);
                if (receiveMessage2.getType() == 11) {
                    tVar = processServerCertificate(aVar, receiveMessage2.getBody());
                    bVar = q0Var.receiveMessage();
                } else {
                    aVar.keyExchange.skipServerCredentials();
                    bVar = receiveMessage2;
                    tVar = null;
                }
                if (tVar == null || tVar.isEmpty()) {
                    aVar.allowCertificateStatus = false;
                }
                if (bVar.getType() == 22) {
                    processCertificateStatus(aVar, bVar.getBody());
                    bVar = q0Var.receiveMessage();
                }
                if (bVar.getType() == 12) {
                    processServerKeyExchange(aVar, bVar.getBody());
                    bVar = q0Var.receiveMessage();
                } else {
                    aVar.keyExchange.skipServerKeyExchange();
                }
                if (bVar.getType() == 13) {
                    processCertificateRequest(aVar, bVar.getBody());
                    y4.trackHashAlgorithms(q0Var.getHandshakeHash(), aVar.certificateRequest.getSupportedSignatureAlgorithms());
                    bVar = q0Var.receiveMessage();
                }
                if (bVar.getType() != 14) {
                    throw new t3((short) 10);
                }
                if (bVar.getBody().length != 0) {
                    throw new t3((short) 50);
                }
                q0Var.getHandshakeHash().sealHashAlgorithms();
                Vector clientSupplementalData = aVar.client.getClientSupplementalData();
                if (clientSupplementalData != null) {
                    q0Var.sendMessage((short) 23, n0.generateSupplementalData(clientSupplementalData));
                }
                u uVar = aVar.certificateRequest;
                if (uVar != null) {
                    h3 clientCredentials = aVar.authentication.getClientCredentials(uVar);
                    aVar.clientCredentials = clientCredentials;
                    t certificate = clientCredentials != null ? clientCredentials.getCertificate() : null;
                    if (certificate == null) {
                        certificate = t.EMPTY_CHAIN;
                    }
                    q0Var.sendMessage((short) 11, n0.generateCertificate(certificate));
                }
                h3 h3Var = aVar.clientCredentials;
                if (h3Var != null) {
                    aVar.keyExchange.processClientCredentials(h3Var);
                } else {
                    aVar.keyExchange.skipClientCredentials();
                }
                q0Var.sendMessage((short) 16, generateClientKeyExchange(aVar));
                u3 prepareToFinish = q0Var.prepareToFinish();
                securityParameters.sessionHash = f4.getCurrentPRFHash(aVar.clientContext, prepareToFinish, null);
                f4.establishMasterSecret(aVar.clientContext, aVar.keyExchange);
                p0Var.initPendingEpoch(aVar.client.getCipher());
                h3 h3Var2 = aVar.clientCredentials;
                if (h3Var2 != null && (h3Var2 instanceof w4)) {
                    w4 w4Var = (w4) h3Var2;
                    q2 signatureAndHashAlgorithm = y4.getSignatureAndHashAlgorithm(aVar.clientContext, w4Var);
                    q0Var.sendMessage((short) 15, generateCertificateVerify(aVar, new e1(signatureAndHashAlgorithm, w4Var.generateCertificateSignature(signatureAndHashAlgorithm == null ? securityParameters.getSessionHash() : prepareToFinish.getFinalHash(signatureAndHashAlgorithm.getHash())))));
                }
                d3 d3Var3 = aVar.clientContext;
                q0Var.sendMessage((short) 20, y4.calculateVerifyData(d3Var3, j1.client_finished, f4.getCurrentPRFHash(d3Var3, q0Var.getHandshakeHash(), null)));
                if (aVar.expectSessionTicket) {
                    q0.b receiveMessage3 = q0Var.receiveMessage();
                    if (receiveMessage3.getType() != 4) {
                        throw new t3((short) 10);
                    }
                    processNewSessionTicket(aVar, receiveMessage3.getBody());
                }
                d3 d3Var4 = aVar.clientContext;
                processFinished(q0Var.receiveMessageBody((short) 20), y4.calculateVerifyData(d3Var4, j1.server_finished, f4.getCurrentPRFHash(d3Var4, q0Var.getHandshakeHash(), null)));
                q0Var.finish();
                if (aVar.tlsSession != null) {
                    aVar.sessionParameters = new o2.b().setCipherSuite(securityParameters.getCipherSuite()).setCompressionAlgorithm(securityParameters.getCompressionAlgorithm()).setMasterSecret(securityParameters.getMasterSecret()).setPeerCertificate(tVar).setPSKIdentity(securityParameters.getPSKIdentity()).setSRPIdentity(securityParameters.getSRPIdentity()).setServerExtensions(aVar.serverExtensions).build();
                    t4 importSession = y4.importSession(aVar.tlsSession.getSessionID(), aVar.sessionParameters);
                    aVar.tlsSession = importSession;
                    aVar.clientContext.setResumableSession(importSession);
                }
                aVar.client.notifyHandshakeComplete();
                return new t0(p0Var);
            }
            if (!p0Var.getReadVersion().isEqualOrEarlierVersionOf(aVar.clientContext.getClientVersion())) {
                throw new t3((short) 47);
            }
            p0Var.setReadVersion(null);
            byte[] patchClientHelloWithCookie = patchClientHelloWithCookie(generateClientHello, processHelloVerifyRequest(aVar, receiveMessage.getBody()));
            q0Var.resetHandshakeMessagesDigest();
            q0Var.sendMessage((short) 1, patchClientHelloWithCookie);
        }
    }

    public t0 connect(b3 b3Var, u0 u0Var) throws IOException {
        o2 exportSessionParameters;
        if (b3Var == null) {
            throw new IllegalArgumentException("'client' cannot be null");
        }
        if (u0Var == null) {
            throw new IllegalArgumentException("'transport' cannot be null");
        }
        i2 i2Var = new i2();
        i2Var.entity = 1;
        a aVar = new a();
        aVar.client = b3Var;
        aVar.clientContext = new d3(this.secureRandom, i2Var);
        i2Var.clientRandom = f4.createRandomBlock(b3Var.shouldUseGMTUnixTime(), aVar.clientContext.getNonceRandomGenerator());
        b3Var.init(aVar.clientContext);
        p0 p0Var = new p0(u0Var, aVar.clientContext, b3Var, (short) 22);
        t4 sessionToResume = aVar.client.getSessionToResume();
        if (sessionToResume != null && sessionToResume.isResumable() && (exportSessionParameters = sessionToResume.exportSessionParameters()) != null) {
            aVar.tlsSession = sessionToResume;
            aVar.sessionParameters = exportSessionParameters;
        }
        try {
            return clientHandshake(aVar, p0Var);
        } catch (t3 e2) {
            p0Var.fail(e2.getAlertDescription());
            throw e2;
        } catch (IOException e3) {
            p0Var.fail((short) 80);
            throw e3;
        } catch (RuntimeException e4) {
            p0Var.fail((short) 80);
            throw new t3((short) 80, e4);
        }
    }

    protected byte[] generateCertificateVerify(a aVar, e1 e1Var) throws IOException {
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        e1Var.encode(byteArrayOutputStream);
        return byteArrayOutputStream.toByteArray();
    }

    protected byte[] generateClientHello(a aVar, b3 b3Var) throws IOException {
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        c2 clientVersion = b3Var.getClientVersion();
        if (!clientVersion.isDTLS()) {
            throw new t3((short) 80);
        }
        d3 d3Var = aVar.clientContext;
        d3Var.setClientVersion(clientVersion);
        y4.writeVersion(clientVersion, byteArrayOutputStream);
        byteArrayOutputStream.write(d3Var.getSecurityParameters().getClientRandom());
        byte[] bArr = y4.EMPTY_BYTES;
        t4 t4Var = aVar.tlsSession;
        if (t4Var != null && ((bArr = t4Var.getSessionID()) == null || bArr.length > 32)) {
            bArr = y4.EMPTY_BYTES;
        }
        y4.writeOpaque8(bArr, byteArrayOutputStream);
        y4.writeOpaque8(y4.EMPTY_BYTES, byteArrayOutputStream);
        boolean isFallback = b3Var.isFallback();
        aVar.offeredCipherSuites = b3Var.getCipherSuites();
        Hashtable clientExtensions = b3Var.getClientExtensions();
        aVar.clientExtensions = clientExtensions;
        boolean z = y4.getExtensionData(clientExtensions, f4.EXT_RenegotiationInfo) == null;
        boolean z2 = !m.c.j.a.contains(aVar.offeredCipherSuites, 255);
        if (z && z2) {
            aVar.offeredCipherSuites = m.c.j.a.append(aVar.offeredCipherSuites, 255);
        }
        if (isFallback && !m.c.j.a.contains(aVar.offeredCipherSuites, c0.TLS_FALLBACK_SCSV)) {
            aVar.offeredCipherSuites = m.c.j.a.append(aVar.offeredCipherSuites, c0.TLS_FALLBACK_SCSV);
        }
        y4.writeUint16ArrayWithUint16Length(aVar.offeredCipherSuites, byteArrayOutputStream);
        short[] sArr = {0};
        aVar.offeredCompressionMethods = sArr;
        y4.writeUint8ArrayWithUint8Length(sArr, byteArrayOutputStream);
        Hashtable hashtable = aVar.clientExtensions;
        if (hashtable != null) {
            f4.writeExtensions(byteArrayOutputStream, hashtable);
        }
        return byteArrayOutputStream.toByteArray();
    }

    protected byte[] generateClientKeyExchange(a aVar) throws IOException {
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        aVar.keyExchange.generateClientKeyExchange(byteArrayOutputStream);
        return byteArrayOutputStream.toByteArray();
    }

    protected void invalidateSession(a aVar) {
        o2 o2Var = aVar.sessionParameters;
        if (o2Var != null) {
            o2Var.clear();
            aVar.sessionParameters = null;
        }
        t4 t4Var = aVar.tlsSession;
        if (t4Var != null) {
            t4Var.invalidate();
            aVar.tlsSession = null;
        }
    }

    protected void processCertificateRequest(a aVar, byte[] bArr) throws IOException {
        if (aVar.authentication == null) {
            throw new t3((short) 40);
        }
        ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(bArr);
        aVar.certificateRequest = u.parse(aVar.clientContext, byteArrayInputStream);
        f4.assertEmpty(byteArrayInputStream);
        aVar.keyExchange.validateCertificateRequest(aVar.certificateRequest);
    }

    protected void processCertificateStatus(a aVar, byte[] bArr) throws IOException {
        if (!aVar.allowCertificateStatus) {
            throw new t3((short) 10);
        }
        ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(bArr);
        aVar.certificateStatus = v.parse(byteArrayInputStream);
        f4.assertEmpty(byteArrayInputStream);
    }

    protected byte[] processHelloVerifyRequest(a aVar, byte[] bArr) throws IOException {
        ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(bArr);
        c2 readVersion = y4.readVersion(byteArrayInputStream);
        byte[] readOpaque8 = y4.readOpaque8(byteArrayInputStream);
        f4.assertEmpty(byteArrayInputStream);
        if (!readVersion.isEqualOrEarlierVersionOf(aVar.clientContext.getClientVersion())) {
            throw new t3((short) 47);
        }
        if (c2.DTLSv12.isEqualOrEarlierVersionOf(readVersion) || readOpaque8.length <= 32) {
            return readOpaque8;
        }
        throw new t3((short) 47);
    }

    protected void processNewSessionTicket(a aVar, byte[] bArr) throws IOException {
        ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(bArr);
        x1 parse = x1.parse(byteArrayInputStream);
        f4.assertEmpty(byteArrayInputStream);
        aVar.client.notifyNewSessionTicket(parse);
    }

    protected t processServerCertificate(a aVar, byte[] bArr) throws IOException {
        ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(bArr);
        t parse = t.parse(byteArrayInputStream);
        f4.assertEmpty(byteArrayInputStream);
        aVar.keyExchange.processServerCertificate(parse);
        x2 authentication = aVar.client.getAuthentication();
        aVar.authentication = authentication;
        authentication.notifyServerCertificate(parse);
        return parse;
    }

    protected void processServerHello(a aVar, byte[] bArr) throws IOException {
        t4 t4Var;
        i2 securityParameters = aVar.clientContext.getSecurityParameters();
        ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(bArr);
        reportServerVersion(aVar, y4.readVersion(byteArrayInputStream));
        securityParameters.serverRandom = y4.readFully(32, byteArrayInputStream);
        byte[] readOpaque8 = y4.readOpaque8(byteArrayInputStream);
        aVar.selectedSessionID = readOpaque8;
        if (readOpaque8.length > 32) {
            throw new t3((short) 47);
        }
        aVar.client.notifySessionID(readOpaque8);
        byte[] bArr2 = aVar.selectedSessionID;
        boolean z = false;
        aVar.resumedSession = bArr2.length > 0 && (t4Var = aVar.tlsSession) != null && m.c.j.a.areEqual(bArr2, t4Var.getSessionID());
        int readUint16 = y4.readUint16(byteArrayInputStream);
        if (!m.c.j.a.contains(aVar.offeredCipherSuites, readUint16) || readUint16 == 0 || c0.isSCSV(readUint16) || !y4.isValidCipherSuiteForVersion(readUint16, aVar.clientContext.getServerVersion())) {
            throw new t3((short) 47);
        }
        n0.validateSelectedCipherSuite(readUint16, (short) 47);
        aVar.client.notifySelectedCipherSuite(readUint16);
        short readUint8 = y4.readUint8(byteArrayInputStream);
        if (!m.c.j.a.contains(aVar.offeredCompressionMethods, readUint8)) {
            throw new t3((short) 47);
        }
        aVar.client.notifySelectedCompressionMethod(readUint8);
        Hashtable readExtensions = f4.readExtensions(byteArrayInputStream);
        aVar.serverExtensions = readExtensions;
        if (readExtensions != null) {
            Enumeration keys = readExtensions.keys();
            while (keys.hasMoreElements()) {
                Integer num = (Integer) keys.nextElement();
                if (!num.equals(f4.EXT_RenegotiationInfo)) {
                    if (y4.getExtensionData(aVar.clientExtensions, num) == null) {
                        throw new t3(l.unsupported_extension);
                    }
                    boolean z2 = aVar.resumedSession;
                }
            }
        }
        byte[] extensionData = y4.getExtensionData(aVar.serverExtensions, f4.EXT_RenegotiationInfo);
        if (extensionData != null) {
            aVar.secure_renegotiation = true;
            if (!m.c.j.a.constantTimeAreEqual(extensionData, f4.createRenegotiationInfo(y4.EMPTY_BYTES))) {
                throw new t3((short) 40);
            }
        }
        aVar.client.notifySecureRenegotiation(aVar.secure_renegotiation);
        Hashtable hashtable = aVar.clientExtensions;
        Hashtable hashtable2 = aVar.serverExtensions;
        if (aVar.resumedSession) {
            if (readUint16 != aVar.sessionParameters.getCipherSuite() || readUint8 != aVar.sessionParameters.getCompressionAlgorithm()) {
                throw new t3((short) 47);
            }
            hashtable = null;
            hashtable2 = aVar.sessionParameters.readServerExtensions();
        }
        securityParameters.cipherSuite = readUint16;
        securityParameters.compressionAlgorithm = readUint8;
        if (hashtable2 != null) {
            boolean hasEncryptThenMACExtension = s3.hasEncryptThenMACExtension(hashtable2);
            if (hasEncryptThenMACExtension && !y4.isBlockCipherSuite(securityParameters.getCipherSuite())) {
                throw new t3((short) 47);
            }
            securityParameters.encryptThenMAC = hasEncryptThenMACExtension;
            securityParameters.extendedMasterSecret = s3.hasExtendedMasterSecretExtension(hashtable2);
            securityParameters.maxFragmentLength = n0.evaluateMaxFragmentLengthExtension(aVar.resumedSession, hashtable, hashtable2, (short) 47);
            securityParameters.truncatedHMac = s3.hasTruncatedHMacExtension(hashtable2);
            aVar.allowCertificateStatus = !aVar.resumedSession && y4.hasExpectedEmptyExtensionData(hashtable2, s3.EXT_status_request, (short) 47);
            if (!aVar.resumedSession && y4.hasExpectedEmptyExtensionData(hashtable2, f4.EXT_SessionTicket, (short) 47)) {
                z = true;
            }
            aVar.expectSessionTicket = z;
        }
        if (hashtable != null) {
            aVar.client.processServerExtensions(hashtable2);
        }
        securityParameters.prfAlgorithm = f4.getPRFAlgorithm(aVar.clientContext, securityParameters.getCipherSuite());
        securityParameters.verifyDataLength = 12;
    }

    protected void processServerKeyExchange(a aVar, byte[] bArr) throws IOException {
        ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(bArr);
        aVar.keyExchange.processServerKeyExchange(byteArrayInputStream);
        f4.assertEmpty(byteArrayInputStream);
    }

    protected void processServerSupplementalData(a aVar, byte[] bArr) throws IOException {
        aVar.client.processServerSupplementalData(f4.readSupplementalDataMessage(new ByteArrayInputStream(bArr)));
    }

    protected void reportServerVersion(a aVar, c2 c2Var) throws IOException {
        d3 d3Var = aVar.clientContext;
        c2 serverVersion = d3Var.getServerVersion();
        if (serverVersion == null) {
            d3Var.setServerVersion(c2Var);
            aVar.client.notifyServerVersion(c2Var);
        } else if (!serverVersion.equals(c2Var)) {
            throw new t3((short) 47);
        }
    }
}
