package org.bouncycastle.crypto.tls;

import com.tencent.bigdata.dataacquisition.DeviceInfos;
import com.tencent.imsdk.TIMGroupManager;
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.math.BigInteger;
import java.security.SecureRandom;
import java.util.Hashtable;
import org.bouncycastle.asn1.x509.KeyUsage;
import org.bouncycastle.asn1.x509.X509CertificateStructure;
import org.bouncycastle.asn1.x509.X509Extension;
import org.bouncycastle.asn1.x509.X509Extensions;
import org.bouncycastle.crypto.AsymmetricCipherKeyPair;
import org.bouncycastle.crypto.CryptoException;
import org.bouncycastle.crypto.InvalidCipherTextException;
import org.bouncycastle.crypto.Signer;
import org.bouncycastle.crypto.agreement.DHBasicAgreement;
import org.bouncycastle.crypto.agreement.srp.SRP6Client;
import org.bouncycastle.crypto.digests.SHA1Digest;
import org.bouncycastle.crypto.encodings.PKCS1Encoding;
import org.bouncycastle.crypto.engines.RSABlindedEngine;
import org.bouncycastle.crypto.generators.DHBasicKeyPairGenerator;
import org.bouncycastle.crypto.io.SignerInputStream;
import org.bouncycastle.crypto.params.AsymmetricKeyParameter;
import org.bouncycastle.crypto.params.DHKeyGenerationParameters;
import org.bouncycastle.crypto.params.DHParameters;
import org.bouncycastle.crypto.params.DHPublicKeyParameters;
import org.bouncycastle.crypto.params.DSAPublicKeyParameters;
import org.bouncycastle.crypto.params.ParametersWithRandom;
import org.bouncycastle.crypto.params.RSAKeyParameters;
import org.bouncycastle.crypto.util.PublicKeyFactory;
import org.bouncycastle.util.BigIntegers;

/* loaded from: classes6.dex */
public class TlsProtocolHandler {
    private static final BigInteger a = BigInteger.valueOf(1);
    private static final BigInteger b = BigInteger.valueOf(2);
    private static final byte[] c = new byte[0];
    private ByteQueue d;
    private ByteQueue e;
    private ByteQueue f;
    private ByteQueue g;
    private RecordStream h;
    private SecureRandom i;
    private AsymmetricKeyParameter j;
    private boolean k;
    private boolean l;
    private boolean m;
    private boolean n;
    private byte[] o;
    private byte[] p;
    private byte[] q;
    private TlsCipherSuite r;
    private BigInteger s;

    /* renamed from: t, reason: collision with root package name */
    private byte[] f708t;
    private byte[] u;
    private BigInteger v;
    private byte[] w;
    private CertificateVerifyer x;
    private short y;

    private void a(ByteArrayInputStream byteArrayInputStream, Signer signer) throws IOException {
        InputStream inputStream;
        if (signer != null) {
            signer.a(false, this.j);
            signer.a(this.o, 0, this.o.length);
            signer.a(this.p, 0, this.p.length);
            inputStream = new SignerInputStream(byteArrayInputStream, signer);
        } else {
            inputStream = byteArrayInputStream;
        }
        byte[] e = TlsUtils.e(inputStream);
        byte[] e2 = TlsUtils.e(inputStream);
        byte[] e3 = TlsUtils.e(inputStream);
        if (signer != null && !signer.a(TlsUtils.e(byteArrayInputStream))) {
            a((short) 2, (short) 42);
        }
        a(byteArrayInputStream);
        BigInteger bigInteger = new BigInteger(1, e);
        BigInteger bigInteger2 = new BigInteger(1, e2);
        BigInteger bigInteger3 = new BigInteger(1, e3);
        if (!bigInteger.isProbablePrime(10)) {
            a((short) 2, (short) 47);
        }
        if (bigInteger2.compareTo(b) < 0 || bigInteger2.compareTo(bigInteger.subtract(b)) > 0) {
            a((short) 2, (short) 47);
        }
        if (bigInteger3.compareTo(b) < 0 || bigInteger3.compareTo(bigInteger.subtract(a)) > 0) {
            a((short) 2, (short) 47);
        }
        DHParameters dHParameters = new DHParameters(bigInteger, bigInteger2);
        DHBasicKeyPairGenerator dHBasicKeyPairGenerator = new DHBasicKeyPairGenerator();
        dHBasicKeyPairGenerator.a(new DHKeyGenerationParameters(this.i, dHParameters));
        AsymmetricCipherKeyPair a2 = dHBasicKeyPairGenerator.a();
        this.v = ((DHPublicKeyParameters) a2.a()).c();
        DHBasicAgreement dHBasicAgreement = new DHBasicAgreement();
        dHBasicAgreement.a(a2.b());
        this.w = BigIntegers.a(dHBasicAgreement.b(new DHPublicKeyParameters(bigInteger3, dHParameters)));
    }

    private void a(X509CertificateStructure x509CertificateStructure, int i) throws IOException {
        X509Extension a2;
        X509Extensions o = x509CertificateStructure.e().o();
        if (o == null || (a2 = o.a(X509Extensions.c)) == null || (KeyUsage.b(a2).f()[0] & DeviceInfos.NETWORK_TYPE_UNCONNECTED & i) == i) {
            return;
        }
        a((short) 2, (short) 46);
    }

    private void a(byte[] bArr) throws IOException {
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        TlsUtils.a((short) 16, (OutputStream) byteArrayOutputStream);
        TlsUtils.b(bArr.length + 2, byteArrayOutputStream);
        TlsUtils.a(bArr, byteArrayOutputStream);
        byte[] byteArray = byteArrayOutputStream.toByteArray();
        this.h.a((short) 22, byteArray, 0, byteArray.length);
    }

    private void b(ByteArrayInputStream byteArrayInputStream, Signer signer) throws IOException {
        InputStream inputStream;
        if (signer != null) {
            signer.a(false, this.j);
            signer.a(this.o, 0, this.o.length);
            signer.a(this.p, 0, this.p.length);
            inputStream = new SignerInputStream(byteArrayInputStream, signer);
        } else {
            inputStream = byteArrayInputStream;
        }
        byte[] e = TlsUtils.e(inputStream);
        byte[] e2 = TlsUtils.e(inputStream);
        byte[] d = TlsUtils.d(inputStream);
        byte[] e3 = TlsUtils.e(inputStream);
        if (signer != null && !signer.a(TlsUtils.e(byteArrayInputStream))) {
            a((short) 2, (short) 42);
        }
        a(byteArrayInputStream);
        BigInteger bigInteger = new BigInteger(1, e);
        BigInteger bigInteger2 = new BigInteger(1, e2);
        BigInteger bigInteger3 = new BigInteger(1, e3);
        SRP6Client sRP6Client = new SRP6Client();
        sRP6Client.a(bigInteger, bigInteger2, new SHA1Digest(), this.i);
        this.s = sRP6Client.a(d, this.f708t, this.u);
        try {
            this.w = BigIntegers.a(sRP6Client.a(bigInteger3));
        } catch (CryptoException unused) {
            a((short) 2, (short) 47);
        }
    }

    /* JADX WARN: Failed to find 'out' block for switch in B:15:0x0073. Please report as an issue. */
    /* JADX WARN: Failed to find 'out' block for switch in B:59:0x019e. Please report as an issue. */
    private void c() throws IOException {
        boolean z;
        Signer tlsDSSSigner;
        Signer tlsRSASigner;
        byte[] bArr;
        BigInteger bigInteger;
        do {
            z = true;
            if (this.g.a() >= 4) {
                byte[] bArr2 = new byte[4];
                this.g.a(bArr2, 0, 4, 0);
                ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(bArr2);
                short a2 = TlsUtils.a(byteArrayInputStream);
                int c2 = TlsUtils.c(byteArrayInputStream);
                int i = c2 + 4;
                if (this.g.a() >= i) {
                    byte[] bArr3 = new byte[c2];
                    this.g.a(bArr3, 0, c2, 4);
                    this.g.b(i);
                    if (a2 != 20) {
                        this.h.a.a(bArr2, 0, 4);
                        this.h.b.a(bArr2, 0, 4);
                        this.h.a.a(bArr3, 0, c2);
                        this.h.b.a(bArr3, 0, c2);
                    }
                    ByteArrayInputStream byteArrayInputStream2 = new ByteArrayInputStream(bArr3);
                    if (a2 == 2) {
                        if (this.y == 1) {
                            TlsUtils.a(byteArrayInputStream2, this);
                            this.p = new byte[32];
                            TlsUtils.a(this.p, byteArrayInputStream2);
                            TlsUtils.d(byteArrayInputStream2);
                            this.r = TlsCipherSuiteManager.a(TlsUtils.b(byteArrayInputStream2), this);
                            if (TlsUtils.a(byteArrayInputStream2) != 0) {
                                a((short) 2, (short) 47);
                            }
                            if (this.n && byteArrayInputStream2.available() > 0) {
                                byte[] e = TlsUtils.e(byteArrayInputStream2);
                                Hashtable hashtable = new Hashtable();
                                ByteArrayInputStream byteArrayInputStream3 = new ByteArrayInputStream(e);
                                while (byteArrayInputStream3.available() > 0) {
                                    hashtable.put(new Integer(TlsUtils.b(byteArrayInputStream3)), TlsUtils.e(byteArrayInputStream3));
                                }
                            }
                            a(byteArrayInputStream2);
                            this.y = (short) 2;
                        }
                        a((short) 2, (short) 10);
                    } else if (a2 != 20) {
                        switch (a2) {
                            case 11:
                                if (this.y != 2) {
                                    a((short) 2, (short) 10);
                                } else {
                                    Certificate a3 = Certificate.a(byteArrayInputStream2);
                                    a(byteArrayInputStream2);
                                    X509CertificateStructure x509CertificateStructure = a3.a[0];
                                    try {
                                        this.j = PublicKeyFactory.a(x509CertificateStructure.l());
                                    } catch (RuntimeException unused) {
                                        a((short) 2, (short) 43);
                                    }
                                    if (this.j.a()) {
                                        a((short) 2, (short) 80);
                                    }
                                    short a4 = this.r.a();
                                    if (a4 != 1) {
                                        if (a4 != 3) {
                                            if (a4 != 5) {
                                                switch (a4) {
                                                    case 11:
                                                        break;
                                                    case 12:
                                                        break;
                                                    default:
                                                        a((short) 2, (short) 43);
                                                        break;
                                                }
                                            }
                                            if (!(this.j instanceof RSAKeyParameters)) {
                                                a((short) 2, (short) 46);
                                            }
                                            a(x509CertificateStructure, 128);
                                        }
                                        if (!(this.j instanceof DSAPublicKeyParameters)) {
                                            a((short) 2, (short) 46);
                                        }
                                    } else {
                                        if (!(this.j instanceof RSAKeyParameters)) {
                                            a((short) 2, (short) 46);
                                        }
                                        a(x509CertificateStructure, 32);
                                    }
                                    if (!this.x.a(a3.a())) {
                                        a((short) 2, (short) 90);
                                    }
                                }
                                this.y = (short) 3;
                                break;
                            case 12:
                                switch (this.y) {
                                    case 2:
                                        if (this.r.a() != 10) {
                                            a((short) 2, (short) 10);
                                        }
                                    case 3:
                                        short a5 = this.r.a();
                                        if (a5 == 3) {
                                            tlsDSSSigner = new TlsDSSSigner();
                                        } else if (a5 != 5) {
                                            switch (a5) {
                                                case 10:
                                                    b(byteArrayInputStream2, null);
                                                    break;
                                                case 11:
                                                    tlsRSASigner = new TlsRSASigner();
                                                    break;
                                                case 12:
                                                    tlsRSASigner = new TlsDSSSigner();
                                                    break;
                                            }
                                            b(byteArrayInputStream2, tlsRSASigner);
                                            break;
                                        } else {
                                            tlsDSSSigner = new TlsRSASigner();
                                        }
                                        a(byteArrayInputStream2, tlsDSSSigner);
                                        break;
                                    default:
                                        a((short) 2, (short) 10);
                                        break;
                                }
                                this.y = (short) 4;
                                break;
                            case 13:
                                switch (this.y) {
                                    case 3:
                                        if (this.r.a() != 1) {
                                            a((short) 2, (short) 10);
                                            break;
                                        }
                                        break;
                                    case 4:
                                        break;
                                    default:
                                        a((short) 2, (short) 10);
                                        break;
                                }
                                TlsUtils.d(byteArrayInputStream2);
                                TlsUtils.d(byteArrayInputStream2);
                                a(byteArrayInputStream2);
                                this.y = (short) 5;
                                break;
                            case 14:
                                switch (this.y) {
                                    case 3:
                                        if (this.r.a() != 1) {
                                            a((short) 2, (short) 10);
                                        }
                                    case 4:
                                    case 5:
                                        a(byteArrayInputStream2);
                                        boolean z2 = this.y == 5;
                                        this.y = (short) 6;
                                        if (z2) {
                                            g();
                                        }
                                        short a6 = this.r.a();
                                        if (a6 != 1) {
                                            if (a6 != 3 && a6 != 5) {
                                                switch (a6) {
                                                    case 10:
                                                    case 11:
                                                    case 12:
                                                        bigInteger = this.s;
                                                        break;
                                                    default:
                                                        a((short) 2, (short) 10);
                                                        break;
                                                }
                                            } else {
                                                bigInteger = this.v;
                                            }
                                            bArr = BigIntegers.a(bigInteger);
                                        } else {
                                            this.w = new byte[48];
                                            this.i.nextBytes(this.w);
                                            this.w[0] = 3;
                                            this.w[1] = 1;
                                            PKCS1Encoding pKCS1Encoding = new PKCS1Encoding(new RSABlindedEngine());
                                            pKCS1Encoding.a(true, new ParametersWithRandom(this.j, this.i));
                                            try {
                                                bArr = pKCS1Encoding.a(this.w, 0, this.w.length);
                                            } catch (InvalidCipherTextException unused2) {
                                                a((short) 2, (short) 80);
                                                bArr = null;
                                            }
                                        }
                                        a(bArr);
                                        this.y = (short) 7;
                                        byte[] bArr4 = {1};
                                        this.h.a((short) 20, bArr4, 0, bArr4.length);
                                        this.y = (short) 9;
                                        this.q = new byte[48];
                                        byte[] bArr5 = new byte[this.o.length + this.p.length];
                                        System.arraycopy(this.o, 0, bArr5, 0, this.o.length);
                                        System.arraycopy(this.p, 0, bArr5, this.o.length, this.p.length);
                                        TlsUtils.a(this.w, TlsUtils.a("master secret"), bArr5, this.q);
                                        this.h.d = this.r;
                                        this.h.d.a(this.q, this.o, this.p);
                                        byte[] bArr6 = new byte[12];
                                        byte[] bArr7 = new byte[36];
                                        this.h.a.a(bArr7, 0);
                                        TlsUtils.a(this.q, TlsUtils.a("client finished"), bArr7, bArr6);
                                        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
                                        TlsUtils.a((short) 20, (OutputStream) byteArrayOutputStream);
                                        TlsUtils.b(12, byteArrayOutputStream);
                                        byteArrayOutputStream.write(bArr6);
                                        byte[] byteArray = byteArrayOutputStream.toByteArray();
                                        this.h.a((short) 22, byteArray, 0, byteArray.length);
                                        this.y = (short) 10;
                                        break;
                                    default:
                                        a((short) 2, (short) 40);
                                        break;
                                }
                            default:
                                a((short) 2, (short) 10);
                                break;
                        }
                    } else {
                        if (this.y == 11) {
                            byte[] bArr8 = new byte[12];
                            TlsUtils.a(bArr8, byteArrayInputStream2);
                            a(byteArrayInputStream2);
                            byte[] bArr9 = new byte[12];
                            byte[] bArr10 = new byte[36];
                            this.h.b.a(bArr10, 0);
                            TlsUtils.a(this.q, TlsUtils.a("server finished"), bArr10, bArr9);
                            for (int i2 = 0; i2 < bArr8.length; i2++) {
                                if (bArr8[i2] != bArr9[i2]) {
                                    a((short) 2, (short) 40);
                                }
                            }
                            this.y = (short) 12;
                            this.m = true;
                        }
                        a((short) 2, (short) 10);
                    }
                }
            }
            z = false;
        } while (z);
    }

    private void d() {
    }

    private void e() throws IOException {
        while (this.f.a() >= 2) {
            byte[] bArr = new byte[2];
            this.f.a(bArr, 0, 2, 0);
            this.f.b(2);
            short s = bArr[0];
            short s2 = bArr[1];
            if (s == 2) {
                this.l = true;
                this.k = true;
                try {
                    this.h.b();
                } catch (Exception unused) {
                }
                throw new IOException("Internal TLS error, this could be an attack");
            }
            if (s2 == 0) {
                a((short) 1, (short) 0);
            }
        }
    }

    private void f() throws IOException {
        while (this.e.a() > 0) {
            byte[] bArr = new byte[1];
            this.e.a(bArr, 0, 1, 0);
            this.e.b(1);
            if (bArr[0] != 1) {
                a((short) 2, (short) 10);
            } else if (this.y == 10) {
                this.h.c = this.h.d;
                this.y = (short) 11;
            } else {
                a((short) 2, (short) 40);
            }
        }
    }

    private void g() throws IOException {
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        TlsUtils.a((short) 11, (OutputStream) byteArrayOutputStream);
        TlsUtils.b(3, byteArrayOutputStream);
        TlsUtils.b(0, byteArrayOutputStream);
        byte[] byteArray = byteArrayOutputStream.toByteArray();
        this.h.a((short) 22, byteArray, 0, byteArray.length);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public int a(byte[] bArr, int i, int i2) throws IOException {
        while (this.d.a() == 0) {
            if (this.l) {
                throw new IOException("Internal TLS error, this could be an attack");
            }
            if (this.k) {
                return -1;
            }
            try {
                this.h.a();
            } catch (IOException e) {
                if (!this.k) {
                    a((short) 2, (short) 80);
                }
                throw e;
            } catch (RuntimeException e2) {
                if (!this.k) {
                    a((short) 2, (short) 80);
                }
                throw e2;
            }
        }
        int min = Math.min(i2, this.d.a());
        this.d.a(bArr, i, min, 0);
        this.d.b(min);
        return min;
    }

    public void a() throws IOException {
        if (this.k) {
            return;
        }
        a((short) 1, (short) 0);
    }

    protected void a(ByteArrayInputStream byteArrayInputStream) throws IOException {
        if (byteArrayInputStream.available() > 0) {
            a((short) 2, (short) 50);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void a(short s, short s2) throws IOException {
        if (this.k) {
            throw new IOException("Internal TLS error, this could be an attack");
        }
        byte[] bArr = {(byte) s, (byte) s2};
        this.k = true;
        if (s == 2) {
            this.l = true;
        }
        this.h.a((short) 21, bArr, 0, 2);
        this.h.b();
        if (s == 2) {
            throw new IOException("Internal TLS error, this could be an attack");
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void a(short s, byte[] bArr, int i, int i2) throws IOException {
        switch (s) {
            case 20:
                this.e.a(bArr, i, i2);
                f();
                return;
            case 21:
                this.f.a(bArr, i, i2);
                e();
                return;
            case 22:
                this.g.a(bArr, i, i2);
                c();
                return;
            case 23:
                if (!this.m) {
                    a((short) 2, (short) 10);
                }
                this.d.a(bArr, i, i2);
                d();
                return;
            default:
                return;
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void b() throws IOException {
        this.h.c();
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void b(byte[] bArr, int i, int i2) throws IOException {
        if (this.l) {
            throw new IOException("Internal TLS error, this could be an attack");
        }
        if (this.k) {
            throw new IOException("Sorry, connection has been closed, you cannot write more data");
        }
        this.h.a((short) 23, c, 0, 0);
        do {
            int min = Math.min(i2, TIMGroupManager.TIM_GET_GROUP_BASE_INFO_FLAG_GROUP_TYPE);
            try {
                this.h.a((short) 23, bArr, i, min);
                i += min;
                i2 -= min;
            } catch (IOException e) {
                if (!this.k) {
                    a((short) 2, (short) 80);
                }
                throw e;
            } catch (RuntimeException e2) {
                if (!this.k) {
                    a((short) 2, (short) 80);
                }
                throw e2;
            }
        } while (i2 > 0);
    }
}
