package org.bouncycastle.crypto.tls;

import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.math.BigInteger;
import java.security.SecureRandom;
import java.util.Enumeration;
import java.util.Hashtable;
import org.bouncycastle.asn1.x509.KeyUsage;
import org.bouncycastle.asn1.x509.X509CertificateStructure;
import org.bouncycastle.asn1.x509.X509Extension;
import org.bouncycastle.asn1.x509.X509Extensions;
import org.bouncycastle.crypto.AsymmetricCipherKeyPair;
import org.bouncycastle.crypto.CryptoException;
import org.bouncycastle.crypto.Signer;
import org.bouncycastle.crypto.agreement.DHBasicAgreement;
import org.bouncycastle.crypto.agreement.srp.SRP6Client;
import org.bouncycastle.crypto.digests.SHA1Digest;
import org.bouncycastle.crypto.generators.DHBasicKeyPairGenerator;
import org.bouncycastle.crypto.io.SignerInputStream;
import org.bouncycastle.crypto.params.AsymmetricKeyParameter;
import org.bouncycastle.crypto.params.DHKeyGenerationParameters;
import org.bouncycastle.crypto.params.DHParameters;
import org.bouncycastle.crypto.params.DHPublicKeyParameters;
import org.bouncycastle.crypto.prng.ThreadedSeedGenerator;
import org.bouncycastle.util.BigIntegers;

/* loaded from: classes6.dex */
public class TlsProtocolHandler {
    public static final short AL_fatal = 2;
    public static final short AL_warning = 1;
    public static final short AP_access_denied = 49;
    public static final short AP_bad_certificate = 42;
    public static final short AP_bad_record_mac = 20;
    public static final short AP_certificate_expired = 45;
    public static final short AP_certificate_revoked = 44;
    public static final short AP_certificate_unknown = 46;
    public static final short AP_close_notify = 0;
    public static final short AP_decode_error = 50;
    public static final short AP_decompression_failure = 30;
    public static final short AP_decrypt_error = 51;
    public static final short AP_decryption_failed = 21;
    public static final short AP_export_restriction = 60;
    public static final short AP_handshake_failure = 40;
    public static final short AP_illegal_parameter = 47;
    public static final short AP_insufficient_security = 71;
    public static final short AP_internal_error = 80;
    public static final short AP_no_renegotiation = 100;
    public static final short AP_protocol_version = 70;
    public static final short AP_record_overflow = 22;
    public static final short AP_unexpected_message = 10;
    public static final short AP_unknown_ca = 48;
    public static final short AP_unsupported_certificate = 43;
    public static final short AP_user_canceled = 90;

    /* renamed from: w, reason: collision with root package name */
    public static final BigInteger f56894w = BigInteger.valueOf(1);

    /* renamed from: x, reason: collision with root package name */
    public static final BigInteger f56895x = BigInteger.valueOf(2);

    /* renamed from: y, reason: collision with root package name */
    public static final byte[] f56896y = new byte[0];

    /* renamed from: e, reason: collision with root package name */
    public RecordStream f56901e;

    /* renamed from: f, reason: collision with root package name */
    public SecureRandom f56902f;

    /* renamed from: m, reason: collision with root package name */
    public boolean f56909m;

    /* renamed from: n, reason: collision with root package name */
    public byte[] f56910n;

    /* renamed from: o, reason: collision with root package name */
    public byte[] f56911o;

    /* renamed from: p, reason: collision with root package name */
    public byte[] f56912p;

    /* renamed from: r, reason: collision with root package name */
    public BigInteger f56914r;

    /* renamed from: s, reason: collision with root package name */
    public BigInteger f56915s;

    /* renamed from: t, reason: collision with root package name */
    public byte[] f56916t;

    /* renamed from: v, reason: collision with root package name */
    public short f56918v;

    /* renamed from: a, reason: collision with root package name */
    public ByteQueue f56897a = new ByteQueue();

    /* renamed from: b, reason: collision with root package name */
    public ByteQueue f56898b = new ByteQueue();

    /* renamed from: c, reason: collision with root package name */
    public ByteQueue f56899c = new ByteQueue();

    /* renamed from: d, reason: collision with root package name */
    public ByteQueue f56900d = new ByteQueue();

    /* renamed from: g, reason: collision with root package name */
    public AsymmetricKeyParameter f56903g = null;

    /* renamed from: h, reason: collision with root package name */
    public TlsInputStream f56904h = null;

    /* renamed from: i, reason: collision with root package name */
    public TlsOuputStream f56905i = null;

    /* renamed from: j, reason: collision with root package name */
    public boolean f56906j = false;

    /* renamed from: k, reason: collision with root package name */
    public boolean f56907k = false;

    /* renamed from: l, reason: collision with root package name */
    public boolean f56908l = false;

    /* renamed from: q, reason: collision with root package name */
    public TlsCipherSuite f56913q = null;

    /* renamed from: u, reason: collision with root package name */
    public CertificateVerifyer f56917u = null;

    public TlsProtocolHandler(InputStream inputStream, OutputStream outputStream) {
        ThreadedSeedGenerator threadedSeedGenerator = new ThreadedSeedGenerator();
        SecureRandom secureRandom = new SecureRandom();
        this.f56902f = secureRandom;
        secureRandom.setSeed(threadedSeedGenerator.generateSeed(20, true));
        this.f56901e = new RecordStream(this, inputStream, outputStream);
    }

    public TlsProtocolHandler(InputStream inputStream, OutputStream outputStream, SecureRandom secureRandom) {
        this.f56902f = secureRandom;
        this.f56901e = new RecordStream(this, inputStream, outputStream);
    }

    public final void a(ByteArrayInputStream byteArrayInputStream, Signer signer) throws IOException {
        signer.init(false, this.f56903g);
        byte[] bArr = this.f56910n;
        signer.update(bArr, 0, bArr.length);
        byte[] bArr2 = this.f56911o;
        signer.update(bArr2, 0, bArr2.length);
        SignerInputStream signerInputStream = new SignerInputStream(byteArrayInputStream, signer);
        byte[] readOpaque16 = TlsUtils.readOpaque16(signerInputStream);
        byte[] readOpaque162 = TlsUtils.readOpaque16(signerInputStream);
        byte[] readOpaque163 = TlsUtils.readOpaque16(signerInputStream);
        if (!signer.verifySignature(TlsUtils.readOpaque16(byteArrayInputStream))) {
            failWithError((short) 2, (short) 42);
        }
        assertEmpty(byteArrayInputStream);
        BigInteger bigInteger = new BigInteger(1, readOpaque16);
        BigInteger bigInteger2 = new BigInteger(1, readOpaque162);
        BigInteger bigInteger3 = new BigInteger(1, readOpaque163);
        if (!bigInteger.isProbablePrime(10)) {
            failWithError((short) 2, (short) 47);
        }
        BigInteger bigInteger4 = f56895x;
        if (bigInteger2.compareTo(bigInteger4) < 0 || bigInteger2.compareTo(bigInteger.subtract(bigInteger4)) > 0) {
            failWithError((short) 2, (short) 47);
        }
        if (bigInteger3.compareTo(bigInteger4) < 0 || bigInteger3.compareTo(bigInteger.subtract(f56894w)) > 0) {
            failWithError((short) 2, (short) 47);
        }
        DHParameters dHParameters = new DHParameters(bigInteger, bigInteger2);
        DHBasicKeyPairGenerator dHBasicKeyPairGenerator = new DHBasicKeyPairGenerator();
        dHBasicKeyPairGenerator.init(new DHKeyGenerationParameters(this.f56902f, dHParameters));
        AsymmetricCipherKeyPair generateKeyPair = dHBasicKeyPairGenerator.generateKeyPair();
        this.f56915s = ((DHPublicKeyParameters) generateKeyPair.getPublic()).getY();
        DHBasicAgreement dHBasicAgreement = new DHBasicAgreement();
        dHBasicAgreement.init(generateKeyPair.getPrivate());
        this.f56916t = BigIntegers.asUnsignedByteArray(dHBasicAgreement.calculateAgreement(new DHPublicKeyParameters(bigInteger3, dHParameters)));
    }

    public void assertEmpty(ByteArrayInputStream byteArrayInputStream) throws IOException {
        if (byteArrayInputStream.available() > 0) {
            failWithError((short) 2, (short) 50);
        }
    }

    public final void b(ByteArrayInputStream byteArrayInputStream, Signer signer) throws IOException {
        InputStream inputStream;
        if (signer != null) {
            signer.init(false, this.f56903g);
            byte[] bArr = this.f56910n;
            signer.update(bArr, 0, bArr.length);
            byte[] bArr2 = this.f56911o;
            signer.update(bArr2, 0, bArr2.length);
            inputStream = new SignerInputStream(byteArrayInputStream, signer);
        } else {
            inputStream = byteArrayInputStream;
        }
        byte[] readOpaque16 = TlsUtils.readOpaque16(inputStream);
        byte[] readOpaque162 = TlsUtils.readOpaque16(inputStream);
        byte[] readOpaque8 = TlsUtils.readOpaque8(inputStream);
        byte[] readOpaque163 = TlsUtils.readOpaque16(inputStream);
        if (signer != null && !signer.verifySignature(TlsUtils.readOpaque16(byteArrayInputStream))) {
            failWithError((short) 2, (short) 42);
        }
        assertEmpty(byteArrayInputStream);
        BigInteger bigInteger = new BigInteger(1, readOpaque16);
        BigInteger bigInteger2 = new BigInteger(1, readOpaque162);
        BigInteger bigInteger3 = new BigInteger(1, readOpaque163);
        SRP6Client sRP6Client = new SRP6Client();
        sRP6Client.init(bigInteger, bigInteger2, new SHA1Digest(), this.f56902f);
        this.f56914r = sRP6Client.generateClientCredentials(readOpaque8, null, null);
        try {
            this.f56916t = BigIntegers.asUnsignedByteArray(sRP6Client.calculateSecret(bigInteger3));
        } catch (CryptoException unused) {
            failWithError((short) 2, (short) 47);
        }
    }

    public final void c(byte[] bArr) throws IOException {
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        TlsUtils.writeUint8((short) 16, byteArrayOutputStream);
        TlsUtils.writeUint24(bArr.length + 2, byteArrayOutputStream);
        TlsUtils.writeOpaque16(bArr, byteArrayOutputStream);
        byte[] byteArray = byteArrayOutputStream.toByteArray();
        this.f56901e.writeMessage((short) 22, byteArray, 0, byteArray.length);
    }

    public void close() throws IOException {
        if (this.f56906j) {
            return;
        }
        failWithError((short) 1, (short) 0);
    }

    public void connect(CertificateVerifyer certificateVerifyer) throws IOException {
        this.f56917u = certificateVerifyer;
        byte[] bArr = new byte[32];
        this.f56910n = bArr;
        this.f56902f.nextBytes(bArr);
        int currentTimeMillis = (int) (System.currentTimeMillis() / 1000);
        byte[] bArr2 = this.f56910n;
        bArr2[0] = (byte) (currentTimeMillis >> 24);
        bArr2[1] = (byte) (currentTimeMillis >> 16);
        bArr2[2] = (byte) (currentTimeMillis >> 8);
        bArr2[3] = (byte) currentTimeMillis;
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        TlsUtils.writeVersion(byteArrayOutputStream);
        byteArrayOutputStream.write(this.f56910n);
        TlsUtils.writeUint8((short) 0, byteArrayOutputStream);
        TlsCipherSuiteManager.writeCipherSuites(byteArrayOutputStream);
        TlsUtils.writeOpaque8(new byte[]{0}, byteArrayOutputStream);
        Hashtable hashtable = new Hashtable();
        boolean z9 = !hashtable.isEmpty();
        this.f56909m = z9;
        if (z9) {
            ByteArrayOutputStream byteArrayOutputStream2 = new ByteArrayOutputStream();
            Enumeration keys = hashtable.keys();
            while (keys.hasMoreElements()) {
                Integer num = (Integer) keys.nextElement();
                byte[] bArr3 = (byte[]) hashtable.get(num);
                TlsUtils.writeUint16(num.intValue(), byteArrayOutputStream2);
                TlsUtils.writeOpaque16(bArr3, byteArrayOutputStream2);
            }
            TlsUtils.writeOpaque16(byteArrayOutputStream2.toByteArray(), byteArrayOutputStream);
        }
        ByteArrayOutputStream byteArrayOutputStream3 = new ByteArrayOutputStream();
        TlsUtils.writeUint8((short) 1, byteArrayOutputStream3);
        TlsUtils.writeUint24(byteArrayOutputStream.size(), byteArrayOutputStream3);
        byteArrayOutputStream3.write(byteArrayOutputStream.toByteArray());
        byte[] byteArray = byteArrayOutputStream3.toByteArray();
        this.f56901e.writeMessage((short) 22, byteArray, 0, byteArray.length);
        this.f56918v = (short) 1;
        while (this.f56918v != 12) {
            this.f56901e.readData();
        }
        this.f56904h = new TlsInputStream(this);
        this.f56905i = new TlsOuputStream(this);
    }

    public final void d(X509CertificateStructure x509CertificateStructure, int i10) throws IOException {
        X509Extension extension;
        X509Extensions extensions = x509CertificateStructure.getTBSCertificate().getExtensions();
        if (extensions == null || (extension = extensions.getExtension(X509Extensions.KeyUsage)) == null || (KeyUsage.getInstance(extension).getBytes()[0] & 255 & i10) == i10) {
            return;
        }
        failWithError((short) 2, (short) 46);
    }

    public void failWithError(short s10, short s11) throws IOException {
        if (this.f56906j) {
            throw new IOException("Internal TLS error, this could be an attack");
        }
        byte[] bArr = {(byte) s10, (byte) s11};
        this.f56906j = true;
        if (s10 == 2) {
            this.f56907k = true;
        }
        this.f56901e.writeMessage((short) 21, bArr, 0, 2);
        this.f56901e.close();
        if (s10 == 2) {
            throw new IOException("Internal TLS error, this could be an attack");
        }
    }

    public void flush() throws IOException {
        this.f56901e.flush();
    }

    public InputStream getInputStream() {
        return this.f56904h;
    }

    public OutputStream getOutputStream() {
        return this.f56905i;
    }

    public TlsInputStream getTlsInputStream() {
        return this.f56904h;
    }

    public TlsOuputStream getTlsOuputStream() {
        return this.f56905i;
    }

    /* JADX WARN: Code restructure failed: missing block: B:69:0x01d1, code lost:
    
        if (r5 != 3) goto L77;
     */
    /* JADX WARN: Failed to find 'out' block for switch in B:22:0x008f. Please report as an issue. */
    /* JADX WARN: Removed duplicated region for block: B:104:0x0289  */
    /* JADX WARN: Removed duplicated region for block: B:43:0x0332 A[LOOP:0: B:10:0x0029->B:43:0x0332, LOOP_END] */
    /* JADX WARN: Removed duplicated region for block: B:44:0x03a2 A[SYNTHETIC] */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public void processData(short r18, byte[] r19, int r20, int r21) throws java.io.IOException {
        /*
            Method dump skipped, instructions count: 976
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: org.bouncycastle.crypto.tls.TlsProtocolHandler.processData(short, byte[], int, int):void");
    }

    public int readApplicationData(byte[] bArr, int i10, int i11) throws IOException {
        while (this.f56897a.size() == 0) {
            if (this.f56907k) {
                throw new IOException("Internal TLS error, this could be an attack");
            }
            if (this.f56906j) {
                return -1;
            }
            try {
                this.f56901e.readData();
            } catch (IOException e10) {
                if (!this.f56906j) {
                    failWithError((short) 2, (short) 80);
                }
                throw e10;
            } catch (RuntimeException e11) {
                if (!this.f56906j) {
                    failWithError((short) 2, (short) 80);
                }
                throw e11;
            }
        }
        int min = Math.min(i11, this.f56897a.size());
        this.f56897a.read(bArr, i10, min, 0);
        this.f56897a.removeData(min);
        return min;
    }

    public void writeData(byte[] bArr, int i10, int i11) throws IOException {
        if (this.f56907k) {
            throw new IOException("Internal TLS error, this could be an attack");
        }
        if (this.f56906j) {
            throw new IOException("Sorry, connection has been closed, you cannot write more data");
        }
        this.f56901e.writeMessage((short) 23, f56896y, 0, 0);
        do {
            int min = Math.min(i11, 16384);
            try {
                this.f56901e.writeMessage((short) 23, bArr, i10, min);
                i10 += min;
                i11 -= min;
            } catch (IOException e10) {
                if (!this.f56906j) {
                    failWithError((short) 2, (short) 80);
                }
                throw e10;
            } catch (RuntimeException e11) {
                if (!this.f56906j) {
                    failWithError((short) 2, (short) 80);
                }
                throw e11;
            }
        } while (i11 > 0);
    }
}
