package org.bouncycastle.crypto.tls;

import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.security.SecureRandom;
import java.util.Enumeration;
import java.util.Hashtable;
import java.util.Vector;
import org.bouncycastle.crypto.prng.ThreadedSeedGenerator;
import org.bouncycastle.util.Arrays;

/* JADX WARN: Classes with same name are omitted:
  input_file:bcprov-ext-jdk15on-1.49.jar:org/bouncycastle/crypto/tls/TlsClientProtocol.class
  input_file:bcprov-jdk15on-1.49.jar:org/bouncycastle/crypto/tls/TlsClientProtocol.class
 */
/* loaded from: input_file:org/bouncycastle/crypto/tls/TlsClientProtocol.class */
public class TlsClientProtocol extends TlsProtocol {
    protected TlsClient tlsClient;
    protected TlsClientContextImpl tlsClientContext;
    protected int[] offeredCipherSuites;
    protected short[] offeredCompressionMethods;
    protected Hashtable clientExtensions;
    protected int selectedCipherSuite;
    protected short selectedCompressionMethod;
    protected TlsKeyExchange keyExchange;
    protected TlsAuthentication authentication;
    protected CertificateRequest certificateRequest;

    private static SecureRandom createSecureRandom() {
        ThreadedSeedGenerator threadedSeedGenerator = new ThreadedSeedGenerator();
        SecureRandom secureRandom = new SecureRandom();
        secureRandom.setSeed(threadedSeedGenerator.generateSeed(20, true));
        return secureRandom;
    }

    public TlsClientProtocol(InputStream inputStream, OutputStream outputStream) {
        this(inputStream, outputStream, createSecureRandom());
    }

    public TlsClientProtocol(InputStream inputStream, OutputStream outputStream, SecureRandom secureRandom) {
        super(inputStream, outputStream, secureRandom);
        this.tlsClient = null;
        this.tlsClientContext = null;
        this.offeredCipherSuites = null;
        this.offeredCompressionMethods = null;
        this.clientExtensions = null;
        this.keyExchange = null;
        this.authentication = null;
        this.certificateRequest = null;
    }

    public void connect(TlsClient tlsClient) throws IOException {
        if (tlsClient == null) {
            throw new IllegalArgumentException("'tlsClient' cannot be null");
        }
        if (this.tlsClient != null) {
            throw new IllegalStateException("connect can only be called once");
        }
        this.tlsClient = tlsClient;
        this.securityParameters = new SecurityParameters();
        this.securityParameters.entity = 1;
        this.securityParameters.clientRandom = createRandomBlock(this.secureRandom);
        this.tlsClientContext = new TlsClientContextImpl(this.secureRandom, this.securityParameters);
        this.tlsClient.init(this.tlsClientContext);
        this.recordStream.init(this.tlsClientContext);
        sendClientHelloMessage();
        this.connection_state = (short) 1;
        completeHandshake();
        this.tlsClient.notifyHandshakeComplete();
    }

    @Override // org.bouncycastle.crypto.tls.TlsProtocol
    protected AbstractTlsContext getContext() {
        return this.tlsClientContext;
    }

    @Override // org.bouncycastle.crypto.tls.TlsProtocol
    protected TlsPeer getPeer() {
        return this.tlsClient;
    }

    @Override // org.bouncycastle.crypto.tls.TlsProtocol
    protected void handleChangeCipherSpecMessage() throws IOException {
        switch (this.connection_state) {
            case 13:
                if (this.expectSessionTicket) {
                    failWithError((short) 2, (short) 40);
                    break;
                }
                break;
            case 14:
                break;
            default:
                failWithError((short) 2, (short) 40);
                return;
        }
        this.connection_state = (short) 15;
    }

    /* JADX WARN: Failed to find 'out' block for switch in B:30:0x0195. Please report as an issue. */
    @Override // org.bouncycastle.crypto.tls.TlsProtocol
    protected void handleHandshakeMessage(short s, byte[] bArr) throws IOException {
        ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(bArr);
        switch (s) {
            case 0:
                break;
            case 1:
            case 3:
            case 5:
            case 6:
            case 7:
            case 8:
            case 9:
            case 10:
            case 15:
            case 16:
            case 17:
            case 18:
            case 19:
            case 21:
            case 22:
            default:
                failWithError((short) 2, (short) 10);
                return;
            case 2:
                switch (this.connection_state) {
                    case 1:
                        receiveServerHelloMessage(byteArrayInputStream);
                        this.connection_state = (short) 2;
                        this.securityParameters.prfAlgorithm = getPRFAlgorithm(this.selectedCipherSuite);
                        this.securityParameters.compressionAlgorithm = this.selectedCompressionMethod;
                        this.securityParameters.verifyDataLength = 12;
                        this.recordStream.notifyHelloComplete();
                        return;
                    default:
                        failWithError((short) 2, (short) 10);
                        return;
                }
            case 4:
                switch (this.connection_state) {
                    case 13:
                        if (!this.expectSessionTicket) {
                            failWithError((short) 2, (short) 10);
                        }
                        receiveNewSessionTicketMessage(byteArrayInputStream);
                        this.connection_state = (short) 14;
                        break;
                    default:
                        failWithError((short) 2, (short) 10);
                        break;
                }
            case 11:
                switch (this.connection_state) {
                    case 2:
                        handleSupplementalData(null);
                    case 3:
                        Certificate parse = Certificate.parse(byteArrayInputStream);
                        assertEmpty(byteArrayInputStream);
                        this.keyExchange.processServerCertificate(parse);
                        this.authentication = this.tlsClient.getAuthentication();
                        this.authentication.notifyServerCertificate(parse);
                        break;
                    default:
                        failWithError((short) 2, (short) 10);
                        break;
                }
                this.connection_state = (short) 4;
                return;
            case 12:
                switch (this.connection_state) {
                    case 2:
                        handleSupplementalData(null);
                    case 3:
                        this.keyExchange.skipServerCredentials();
                        this.authentication = null;
                    case 4:
                        this.keyExchange.processServerKeyExchange(byteArrayInputStream);
                        assertEmpty(byteArrayInputStream);
                        break;
                    default:
                        failWithError((short) 2, (short) 10);
                        break;
                }
                this.connection_state = (short) 5;
                return;
            case 13:
                switch (this.connection_state) {
                    case 4:
                        this.keyExchange.skipServerKeyExchange();
                    case 5:
                        if (this.authentication == null) {
                            failWithError((short) 2, (short) 40);
                        }
                        this.certificateRequest = CertificateRequest.parse(byteArrayInputStream);
                        assertEmpty(byteArrayInputStream);
                        this.keyExchange.validateCertificateRequest(this.certificateRequest);
                        break;
                    default:
                        failWithError((short) 2, (short) 10);
                        break;
                }
                this.connection_state = (short) 6;
                return;
            case 14:
                switch (this.connection_state) {
                    case 2:
                        handleSupplementalData(null);
                    case 3:
                        this.keyExchange.skipServerCredentials();
                        this.authentication = null;
                    case 4:
                        this.keyExchange.skipServerKeyExchange();
                    case 5:
                    case 6:
                        assertEmpty(byteArrayInputStream);
                        this.connection_state = (short) 7;
                        Vector clientSupplementalData = this.tlsClient.getClientSupplementalData();
                        if (clientSupplementalData != null) {
                            sendSupplementalDataMessage(clientSupplementalData);
                        }
                        this.connection_state = (short) 8;
                        TlsCredentials tlsCredentials = null;
                        if (this.certificateRequest == null) {
                            this.keyExchange.skipClientCredentials();
                        } else {
                            tlsCredentials = this.authentication.getClientCredentials(this.certificateRequest);
                            if (tlsCredentials == null) {
                                this.keyExchange.skipClientCredentials();
                                sendCertificateMessage(Certificate.EMPTY_CHAIN);
                            } else {
                                this.keyExchange.processClientCredentials(tlsCredentials);
                                sendCertificateMessage(tlsCredentials.getCertificate());
                            }
                        }
                        this.connection_state = (short) 9;
                        sendClientKeyExchangeMessage();
                        establishMasterSecret(getContext(), this.keyExchange);
                        this.recordStream.setPendingConnectionState(this.tlsClient.getCompression(), this.tlsClient.getCipher());
                        this.connection_state = (short) 10;
                        if (tlsCredentials != null && (tlsCredentials instanceof TlsSignerCredentials)) {
                            sendCertificateVerifyMessage(((TlsSignerCredentials) tlsCredentials).generateCertificateSignature(this.recordStream.getCurrentHash(null)));
                            this.connection_state = (short) 11;
                        }
                        sendChangeCipherSpecMessage();
                        this.connection_state = (short) 12;
                        sendFinishedMessage();
                        this.connection_state = (short) 13;
                        return;
                    default:
                        failWithError((short) 2, (short) 40);
                        return;
                }
                break;
            case 20:
                switch (this.connection_state) {
                    case 15:
                        processFinishedMessage(byteArrayInputStream);
                        this.connection_state = (short) 16;
                        return;
                    default:
                        failWithError((short) 2, (short) 10);
                        return;
                }
            case 23:
                switch (this.connection_state) {
                    case 2:
                        handleSupplementalData(readSupplementalDataMessage(byteArrayInputStream));
                        return;
                    default:
                        failWithError((short) 2, (short) 10);
                        return;
                }
        }
        assertEmpty(byteArrayInputStream);
        if (this.connection_state == 16) {
            raiseWarning((short) 100, "Renegotiation not supported");
        }
    }

    protected void handleSupplementalData(Vector vector) throws IOException {
        this.tlsClient.processServerSupplementalData(vector);
        this.connection_state = (short) 3;
        this.keyExchange = this.tlsClient.getKeyExchange();
        this.keyExchange.init(getContext());
    }

    protected void receiveNewSessionTicketMessage(ByteArrayInputStream byteArrayInputStream) throws IOException {
        NewSessionTicket parse = NewSessionTicket.parse(byteArrayInputStream);
        TlsProtocol.assertEmpty(byteArrayInputStream);
        this.tlsClient.notifyNewSessionTicket(parse);
    }

    protected void receiveServerHelloMessage(ByteArrayInputStream byteArrayInputStream) throws IOException {
        ProtocolVersion readVersion = TlsUtils.readVersion(byteArrayInputStream);
        if (readVersion.isDTLS()) {
            failWithError((short) 2, (short) 47);
        }
        if (!readVersion.equals(this.recordStream.getReadVersion())) {
            failWithError((short) 2, (short) 47);
        }
        if (!readVersion.isEqualOrEarlierVersionOf(getContext().getClientVersion())) {
            failWithError((short) 2, (short) 47);
        }
        this.recordStream.setWriteVersion(readVersion);
        getContext().setServerVersion(readVersion);
        this.tlsClient.notifyServerVersion(readVersion);
        this.securityParameters.serverRandom = TlsUtils.readFully(32, byteArrayInputStream);
        byte[] readOpaque8 = TlsUtils.readOpaque8(byteArrayInputStream);
        if (readOpaque8.length > 32) {
            failWithError((short) 2, (short) 47);
        }
        this.tlsClient.notifySessionID(readOpaque8);
        this.selectedCipherSuite = TlsUtils.readUint16(byteArrayInputStream);
        if (!arrayContains(this.offeredCipherSuites, this.selectedCipherSuite) || this.selectedCipherSuite == 0 || this.selectedCipherSuite == 255) {
            failWithError((short) 2, (short) 47);
        }
        this.tlsClient.notifySelectedCipherSuite(this.selectedCipherSuite);
        short readUint8 = TlsUtils.readUint8(byteArrayInputStream);
        if (!arrayContains(this.offeredCompressionMethods, readUint8)) {
            failWithError((short) 2, (short) 47);
        }
        this.tlsClient.notifySelectedCompressionMethod(readUint8);
        Hashtable readExtensions = readExtensions(byteArrayInputStream);
        if (readExtensions != null) {
            Enumeration keys = readExtensions.keys();
            while (keys.hasMoreElements()) {
                Integer num = (Integer) keys.nextElement();
                if (!num.equals(EXT_RenegotiationInfo) && (this.clientExtensions == null || this.clientExtensions.get(num) == null)) {
                    failWithError((short) 2, (short) 110);
                }
            }
            byte[] bArr = (byte[]) readExtensions.get(EXT_RenegotiationInfo);
            if (bArr != null) {
                this.secure_renegotiation = true;
                if (!Arrays.constantTimeAreEqual(bArr, createRenegotiationInfo(TlsUtils.EMPTY_BYTES))) {
                    failWithError((short) 2, (short) 40);
                }
            }
            this.expectSessionTicket = readExtensions.containsKey(EXT_SessionTicket);
        }
        this.tlsClient.notifySecureRenegotiation(this.secure_renegotiation);
        if (this.clientExtensions != null) {
            this.tlsClient.processServerExtensions(readExtensions);
        }
    }

    protected void sendCertificateVerifyMessage(byte[] bArr) throws IOException {
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        TlsUtils.writeUint8((short) 15, byteArrayOutputStream);
        TlsUtils.writeUint24(bArr.length + 2, byteArrayOutputStream);
        TlsUtils.writeOpaque16(bArr, byteArrayOutputStream);
        byte[] byteArray = byteArrayOutputStream.toByteArray();
        safeWriteRecord((short) 22, byteArray, 0, byteArray.length);
    }

    protected void sendClientHelloMessage() throws IOException {
        this.recordStream.setWriteVersion(this.tlsClient.getClientHelloRecordLayerVersion());
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        TlsUtils.writeUint8((short) 1, byteArrayOutputStream);
        TlsUtils.writeUint24(0, byteArrayOutputStream);
        ProtocolVersion clientVersion = this.tlsClient.getClientVersion();
        if (clientVersion.isDTLS()) {
            failWithError((short) 2, (short) 80);
        }
        getContext().setClientVersion(clientVersion);
        TlsUtils.writeVersion(clientVersion, byteArrayOutputStream);
        byteArrayOutputStream.write(this.securityParameters.clientRandom);
        TlsUtils.writeOpaque8(TlsUtils.EMPTY_BYTES, byteArrayOutputStream);
        this.offeredCipherSuites = this.tlsClient.getCipherSuites();
        this.clientExtensions = this.tlsClient.getClientExtensions();
        boolean z = this.clientExtensions == null || this.clientExtensions.get(EXT_RenegotiationInfo) == null;
        int length = this.offeredCipherSuites.length;
        if (z) {
            length++;
        }
        TlsUtils.writeUint16(2 * length, byteArrayOutputStream);
        TlsUtils.writeUint16Array(this.offeredCipherSuites, byteArrayOutputStream);
        if (z) {
            TlsUtils.writeUint16(255, byteArrayOutputStream);
        }
        this.offeredCompressionMethods = this.tlsClient.getCompressionMethods();
        TlsUtils.writeUint8((short) this.offeredCompressionMethods.length, byteArrayOutputStream);
        TlsUtils.writeUint8Array(this.offeredCompressionMethods, byteArrayOutputStream);
        if (this.clientExtensions != null) {
            writeExtensions(byteArrayOutputStream, this.clientExtensions);
        }
        byte[] byteArray = byteArrayOutputStream.toByteArray();
        TlsUtils.writeUint24(byteArray.length - 4, byteArray, 1);
        safeWriteRecord((short) 22, byteArray, 0, byteArray.length);
    }

    protected void sendClientKeyExchangeMessage() throws IOException {
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        TlsUtils.writeUint8((short) 16, byteArrayOutputStream);
        TlsUtils.writeUint24(0, byteArrayOutputStream);
        this.keyExchange.generateClientKeyExchange(byteArrayOutputStream);
        byte[] byteArray = byteArrayOutputStream.toByteArray();
        TlsUtils.writeUint24(byteArray.length - 4, byteArray, 1);
        safeWriteRecord((short) 22, byteArray, 0, byteArray.length);
    }
}
