package org.spongycastle.crypto.tls;

import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.security.SecureRandom;
import java.util.Enumeration;
import java.util.Hashtable;
import java.util.Vector;
import org.spongycastle.crypto.tls.TlsProtocol;
import org.spongycastle.util.Arrays;

/* loaded from: classes6.dex */
public class TlsClientProtocol extends TlsProtocol {
    protected TlsClient aa;
    TlsClientContextImpl ba;
    protected byte[] ca;
    protected TlsKeyExchange da;
    protected TlsAuthentication ea;
    protected CertificateStatus fa;
    protected CertificateRequest ga;

    public TlsClientProtocol(InputStream inputStream, OutputStream outputStream, SecureRandom secureRandom) {
        super(inputStream, outputStream, secureRandom);
        this.aa = null;
        this.ba = null;
        this.ca = null;
        this.da = null;
        this.ea = null;
        this.fa = null;
        this.ga = null;
    }

    public TlsClientProtocol(SecureRandom secureRandom) {
        super(secureRandom);
        this.aa = null;
        this.ba = null;
        this.ca = null;
        this.da = null;
        this.ea = null;
        this.fa = null;
        this.ga = null;
    }

    protected void a(DigitallySigned digitallySigned) throws IOException {
        TlsProtocol.HandshakeMessage handshakeMessage = new TlsProtocol.HandshakeMessage(this, (short) 15);
        digitallySigned.a(handshakeMessage);
        handshakeMessage.a();
    }

    public void a(TlsClient tlsClient) throws IOException {
        SessionParameters exportSessionParameters;
        if (tlsClient == null) {
            throw new IllegalArgumentException("'tlsClient' cannot be null");
        }
        if (this.aa != null) {
            throw new IllegalStateException("'connect' can only be called once");
        }
        this.aa = tlsClient;
        this.L = new SecurityParameters();
        SecurityParameters securityParameters = this.L;
        securityParameters.a = 1;
        this.ba = new TlsClientContextImpl(this.A, securityParameters);
        this.L.g = TlsProtocol.a(tlsClient.shouldUseGMTUnixTime(), this.ba.getNonceRandomGenerator());
        this.aa.init(this.ba);
        this.z.a(this.ba);
        TlsSession sessionToResume = tlsClient.getSessionToResume();
        if (sessionToResume != null && sessionToResume.isResumable() && (exportSessionParameters = sessionToResume.exportSessionParameters()) != null) {
            this.J = sessionToResume;
            this.K = exportSessionParameters;
        }
        x();
        this.R = (short) 1;
        c();
    }

    /* JADX WARN: Failed to find 'out' block for switch in B:26:0x0049. Please report as an issue. */
    @Override // org.spongycastle.crypto.tls.TlsProtocol
    protected void a(short s, ByteArrayInputStream byteArrayInputStream) throws IOException {
        TlsCredentials clientCredentials;
        if (this.S) {
            if (s != 20 || this.R != 2) {
                throw new TlsFatalAlert((short) 10);
            }
            b(byteArrayInputStream);
            this.R = (short) 15;
            w();
            this.R = (short) 13;
            g();
            return;
        }
        if (s == 0) {
            TlsProtocol.a(byteArrayInputStream);
            if (this.R == 16) {
                t();
                return;
            }
            return;
        }
        if (s == 2) {
            if (this.R != 1) {
                throw new TlsFatalAlert((short) 10);
            }
            f(byteArrayInputStream);
            this.R = (short) 2;
            this.z.g();
            b();
            if (this.S) {
                this.L.f = Arrays.a(this.K.e());
                this.z.a(o().getCompression(), o().getCipher());
                v();
                return;
            } else {
                r();
                byte[] bArr = this.ca;
                if (bArr.length > 0) {
                    this.J = new TlsSessionImpl(bArr, null);
                    return;
                }
                return;
            }
        }
        if (s == 4) {
            if (this.R != 13) {
                throw new TlsFatalAlert((short) 10);
            }
            if (!this.W) {
                throw new TlsFatalAlert((short) 10);
            }
            r();
            e(byteArrayInputStream);
            this.R = (short) 14;
            return;
        }
        if (s == 20) {
            short s2 = this.R;
            if (s2 != 13) {
                if (s2 != 14) {
                    throw new TlsFatalAlert((short) 10);
                }
            } else if (this.W) {
                throw new TlsFatalAlert((short) 10);
            }
            b(byteArrayInputStream);
            this.R = (short) 15;
            g();
            return;
        }
        if (s == 22) {
            if (this.R != 4) {
                throw new TlsFatalAlert((short) 10);
            }
            if (!this.V) {
                throw new TlsFatalAlert((short) 10);
            }
            this.fa = CertificateStatus.a(byteArrayInputStream);
            TlsProtocol.a(byteArrayInputStream);
            this.R = (short) 5;
            return;
        }
        if (s == 23) {
            if (this.R != 2) {
                throw new TlsFatalAlert((short) 10);
            }
            b(TlsProtocol.d(byteArrayInputStream));
            return;
        }
        switch (s) {
            case 11:
                short s3 = this.R;
                if (s3 == 2) {
                    b((Vector) null);
                } else if (s3 != 3) {
                    throw new TlsFatalAlert((short) 10);
                }
                this.M = Certificate.a(byteArrayInputStream);
                TlsProtocol.a(byteArrayInputStream);
                Certificate certificate = this.M;
                if (certificate == null || certificate.d()) {
                    this.V = false;
                }
                this.da.processServerCertificate(this.M);
                this.ea = this.aa.getAuthentication();
                this.ea.notifyServerCertificate(this.M);
                this.R = (short) 4;
                return;
            case 12:
                short s4 = this.R;
                if (s4 == 2) {
                    b((Vector) null);
                } else if (s4 != 3) {
                    if (s4 != 4 && s4 != 5) {
                        throw new TlsFatalAlert((short) 10);
                    }
                    this.da.processServerKeyExchange(byteArrayInputStream);
                    TlsProtocol.a(byteArrayInputStream);
                    this.R = (short) 6;
                    return;
                }
                this.da.skipServerCredentials();
                this.ea = null;
                this.da.processServerKeyExchange(byteArrayInputStream);
                TlsProtocol.a(byteArrayInputStream);
                this.R = (short) 6;
                return;
            case 13:
                short s5 = this.R;
                if (s5 == 4 || s5 == 5) {
                    this.da.skipServerKeyExchange();
                } else if (s5 != 6) {
                    throw new TlsFatalAlert((short) 10);
                }
                if (this.ea == null) {
                    throw new TlsFatalAlert((short) 40);
                }
                this.ga = CertificateRequest.a(k(), byteArrayInputStream);
                TlsProtocol.a(byteArrayInputStream);
                this.da.validateCertificateRequest(this.ga);
                TlsUtils.a(this.z.c(), this.ga.c());
                this.R = (short) 7;
                return;
            case 14:
                switch (this.R) {
                    case 2:
                        b((Vector) null);
                    case 3:
                        this.da.skipServerCredentials();
                        this.ea = null;
                    case 4:
                    case 5:
                        this.da.skipServerKeyExchange();
                    case 6:
                    case 7:
                        TlsProtocol.a(byteArrayInputStream);
                        this.R = (short) 8;
                        this.z.c().sealHashAlgorithms();
                        Vector clientSupplementalData = this.aa.getClientSupplementalData();
                        if (clientSupplementalData != null) {
                            a(clientSupplementalData);
                        }
                        this.R = (short) 9;
                        CertificateRequest certificateRequest = this.ga;
                        if (certificateRequest == null) {
                            this.da.skipClientCredentials();
                            clientCredentials = null;
                        } else {
                            clientCredentials = this.ea.getClientCredentials(certificateRequest);
                            if (clientCredentials == null) {
                                this.da.skipClientCredentials();
                                a(Certificate.a);
                            } else {
                                this.da.processClientCredentials(clientCredentials);
                                a(clientCredentials.getCertificate());
                            }
                        }
                        this.R = (short) 10;
                        y();
                        this.R = (short) 11;
                        if (TlsUtils.a(k())) {
                            TlsProtocol.a(k(), this.da);
                        }
                        TlsHandshakeHash h = this.z.h();
                        this.L.i = TlsProtocol.a(k(), h, (byte[]) null);
                        if (!TlsUtils.a(k())) {
                            TlsProtocol.a(k(), this.da);
                        }
                        this.z.a(o().getCompression(), o().getCipher());
                        if (clientCredentials != null && (clientCredentials instanceof TlsSignerCredentials)) {
                            TlsSignerCredentials tlsSignerCredentials = (TlsSignerCredentials) clientCredentials;
                            SignatureAndHashAlgorithm a = TlsUtils.a(k(), tlsSignerCredentials);
                            a(new DigitallySigned(a, tlsSignerCredentials.generateCertificateSignature(a == null ? this.L.l() : h.getFinalHash(a.a()))));
                            this.R = (short) 12;
                        }
                        v();
                        w();
                        this.R = (short) 13;
                        return;
                    default:
                        throw new TlsFatalAlert((short) 10);
                }
                break;
            default:
                throw new TlsFatalAlert((short) 10);
        }
    }

    protected void b(Vector vector) throws IOException {
        this.aa.processServerSupplementalData(vector);
        this.R = (short) 3;
        this.da = this.aa.getKeyExchange();
        this.da.init(k());
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.spongycastle.crypto.tls.TlsProtocol
    public void d() {
        super.d();
        this.ca = null;
        this.da = null;
        this.ea = null;
        this.fa = null;
        this.ga = null;
    }

    protected void e(ByteArrayInputStream byteArrayInputStream) throws IOException {
        NewSessionTicket a = NewSessionTicket.a(byteArrayInputStream);
        TlsProtocol.a(byteArrayInputStream);
        this.aa.notifyNewSessionTicket(a);
    }

    protected void f(ByteArrayInputStream byteArrayInputStream) throws IOException {
        TlsSession tlsSession;
        ProtocolVersion i = TlsUtils.i(byteArrayInputStream);
        if (i.e()) {
            throw new TlsFatalAlert((short) 47);
        }
        if (!i.a(this.z.f())) {
            throw new TlsFatalAlert((short) 47);
        }
        if (!i.b(k().getClientVersion())) {
            throw new TlsFatalAlert((short) 47);
        }
        this.z.b(i);
        l().b(i);
        this.aa.notifyServerVersion(i);
        this.L.h = TlsUtils.b(32, byteArrayInputStream);
        this.ca = TlsUtils.c(byteArrayInputStream);
        byte[] bArr = this.ca;
        if (bArr.length > 32) {
            throw new TlsFatalAlert((short) 47);
        }
        this.aa.notifySessionID(bArr);
        byte[] bArr2 = this.ca;
        boolean z = false;
        this.S = bArr2.length > 0 && (tlsSession = this.J) != null && Arrays.a(bArr2, tlsSession.getSessionID());
        int d = TlsUtils.d(byteArrayInputStream);
        if (!Arrays.b(this.N, d) || d == 0 || CipherSuite.a(d) || !TlsUtils.a(d, k().getServerVersion())) {
            throw new TlsFatalAlert((short) 47);
        }
        this.aa.notifySelectedCipherSuite(d);
        short h = TlsUtils.h(byteArrayInputStream);
        if (!Arrays.b(this.O, h)) {
            throw new TlsFatalAlert((short) 47);
        }
        this.aa.notifySelectedCompressionMethod(h);
        this.Q = TlsProtocol.c(byteArrayInputStream);
        Hashtable hashtable = this.Q;
        if (hashtable != null) {
            Enumeration keys = hashtable.keys();
            while (keys.hasMoreElements()) {
                Integer num = (Integer) keys.nextElement();
                if (!num.equals(TlsProtocol.a)) {
                    if (TlsUtils.a(this.P, num) == null) {
                        throw new TlsFatalAlert(AlertDescription.y);
                    }
                    boolean z2 = this.S;
                }
            }
        }
        byte[] a = TlsUtils.a(this.Q, TlsProtocol.a);
        if (a != null) {
            this.U = true;
            if (!Arrays.e(a, TlsProtocol.a(TlsUtils.a))) {
                throw new TlsFatalAlert((short) 40);
            }
        }
        this.aa.notifySecureRenegotiation(this.U);
        Hashtable hashtable2 = this.P;
        Hashtable hashtable3 = this.Q;
        if (this.S) {
            if (d != this.K.c() || h != this.K.d()) {
                throw new TlsFatalAlert((short) 47);
            }
            hashtable2 = null;
            hashtable3 = this.K.j();
        }
        SecurityParameters securityParameters = this.L;
        securityParameters.b = d;
        securityParameters.c = h;
        if (hashtable3 != null) {
            boolean j = TlsExtensionsUtils.j(hashtable3);
            if (j && !TlsUtils.l(d)) {
                throw new TlsFatalAlert((short) 47);
            }
            SecurityParameters securityParameters2 = this.L;
            securityParameters2.n = j;
            securityParameters2.o = TlsExtensionsUtils.k(hashtable3);
            this.L.l = a(hashtable2, hashtable3, (short) 47);
            this.L.m = TlsExtensionsUtils.l(hashtable3);
            this.V = !this.S && TlsUtils.a(hashtable3, TlsExtensionsUtils.g, (short) 47);
            if (!this.S && TlsUtils.a(hashtable3, TlsProtocol.b, (short) 47)) {
                z = true;
            }
            this.W = z;
        }
        if (hashtable2 != null) {
            this.aa.processServerExtensions(hashtable3);
        }
        this.L.d = TlsProtocol.a(k(), this.L.b());
        this.L.e = 12;
    }

    @Override // org.spongycastle.crypto.tls.TlsProtocol
    protected TlsContext k() {
        return this.ba;
    }

    @Override // org.spongycastle.crypto.tls.TlsProtocol
    AbstractTlsContext l() {
        return this.ba;
    }

    @Override // org.spongycastle.crypto.tls.TlsProtocol
    protected TlsPeer o() {
        return this.aa;
    }

    protected void x() throws IOException {
        SessionParameters sessionParameters;
        this.z.b(this.aa.getClientHelloRecordLayerVersion());
        ProtocolVersion clientVersion = this.aa.getClientVersion();
        if (clientVersion.e()) {
            throw new TlsFatalAlert((short) 80);
        }
        l().a(clientVersion);
        byte[] bArr = TlsUtils.a;
        TlsSession tlsSession = this.J;
        if (tlsSession != null && ((bArr = tlsSession.getSessionID()) == null || bArr.length > 32)) {
            bArr = TlsUtils.a;
        }
        boolean isFallback = this.aa.isFallback();
        this.N = this.aa.getCipherSuites();
        this.O = this.aa.getCompressionMethods();
        if (bArr.length > 0 && (sessionParameters = this.K) != null && (!Arrays.b(this.N, sessionParameters.c()) || !Arrays.b(this.O, this.K.d()))) {
            bArr = TlsUtils.a;
        }
        this.P = this.aa.getClientExtensions();
        TlsProtocol.HandshakeMessage handshakeMessage = new TlsProtocol.HandshakeMessage(this, (short) 1);
        TlsUtils.a(clientVersion, handshakeMessage);
        handshakeMessage.write(this.L.c());
        TlsUtils.c(bArr, handshakeMessage);
        boolean z = TlsUtils.a(this.P, TlsProtocol.a) == null;
        boolean z2 = !Arrays.b(this.N, 255);
        if (z && z2) {
            this.N = Arrays.a(this.N, 255);
        }
        if (isFallback && !Arrays.b(this.N, CipherSuite.Nd)) {
            this.N = Arrays.a(this.N, CipherSuite.Nd);
        }
        TlsUtils.b(this.N, handshakeMessage);
        TlsUtils.b(this.O, (OutputStream) handshakeMessage);
        Hashtable hashtable = this.P;
        if (hashtable != null) {
            TlsProtocol.a(handshakeMessage, hashtable);
        }
        handshakeMessage.a();
    }

    protected void y() throws IOException {
        TlsProtocol.HandshakeMessage handshakeMessage = new TlsProtocol.HandshakeMessage(this, (short) 16);
        this.da.generateClientKeyExchange(handshakeMessage);
        handshakeMessage.a();
    }
}
