package org.bouncycastle.jsse.provider;

import android.support.v4.media.a;
import java.io.IOException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collections;
import java.util.Iterator;
import java.util.List;
import java.util.Vector;
import java.util.logging.Level;
import java.util.logging.Logger;
import org.bouncycastle.asn1.ocsp.OCSPResponse;
import org.bouncycastle.asn1.x500.X500Name;
import org.bouncycastle.jsse.BCSNIHostName;
import org.bouncycastle.jsse.BCSNIServerName;
import org.bouncycastle.jsse.provider.NamedGroupInfo;
import org.bouncycastle.tls.CertificateStatus;
import org.bouncycastle.tls.CertificateStatusRequest;
import org.bouncycastle.tls.CertificateStatusRequestItemV2;
import org.bouncycastle.tls.DefaultTlsClient;
import org.bouncycastle.tls.OCSPStatusRequest;
import org.bouncycastle.tls.ProtocolName;
import org.bouncycastle.tls.ProtocolVersion;
import org.bouncycastle.tls.SecurityParameters;
import org.bouncycastle.tls.ServerName;
import org.bouncycastle.tls.SignatureAndHashAlgorithm;
import org.bouncycastle.tls.TlsAuthentication;
import org.bouncycastle.tls.TlsDHGroupVerifier;
import org.bouncycastle.tls.TlsFatalAlert;
import org.bouncycastle.tls.TlsServerCertificate;
import org.bouncycastle.tls.TlsSession;
import org.bouncycastle.tls.TlsUtils;
import org.bouncycastle.tls.TrustedAuthority;
import org.bouncycastle.tls.crypto.impl.jcajce.JcaTlsCrypto;
import org.bouncycastle.util.IPAddress;
import org.bouncycastle.util.Strings;
import org.bouncycastle.util.encoders.Hex;
import org.bouncycastle.util.encoders.HexEncoder;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: classes3.dex */
public class ProvTlsClient extends DefaultTlsClient implements ProvTlsPeer {
    public static final Logger j = Logger.getLogger(ProvTlsClient.class.getName());
    public static final boolean k = PropertyUtils.a("jsse.enableSNIExtension", true);
    public static final boolean l = PropertyUtils.a("jdk.tls.client.enableStatusRequestExtension", true);
    public static final boolean m = PropertyUtils.a("org.bouncycastle.jsse.client.enableTrustedCAKeysExtension", false);
    public final ProvTlsManager f;
    public final ProvSSLParameters g;
    public final JsseSecurityParameters h;
    public ProvSSLSession i;

    public ProvTlsClient(ProvTlsManager provTlsManager, ProvSSLParameters provSSLParameters) {
        JcaTlsCrypto jcaTlsCrypto = provTlsManager.d().b;
        this.h = new JsseSecurityParameters();
        this.i = null;
        this.f = provTlsManager;
        ProvSSLParameters a = provSSLParameters.a();
        if (ProvAlgorithmConstraints.g != a.f) {
            a.f = new ProvAlgorithmConstraints(a.f, true);
        }
        this.g = a;
    }

    @Override // org.bouncycastle.tls.AbstractTlsClient
    public final CertificateStatusRequest A() {
        if (l) {
            return new CertificateStatusRequest((short) 1, new OCSPStatusRequest(null, null));
        }
        return null;
    }

    @Override // org.bouncycastle.tls.AbstractTlsClient
    public final Vector<CertificateStatusRequestItemV2> B() {
        if (!l) {
            return null;
        }
        OCSPStatusRequest oCSPStatusRequest = new OCSPStatusRequest(null, null);
        Vector<CertificateStatusRequestItemV2> vector = new Vector<>(2);
        vector.add(new CertificateStatusRequestItemV2((short) 2, oCSPStatusRequest));
        vector.add(new CertificateStatusRequestItemV2((short) 1, oCSPStatusRequest));
        return vector;
    }

    @Override // org.bouncycastle.tls.AbstractTlsClient
    public final Vector<ProtocolName> C() {
        return JsseUtils.k((String[]) this.g.k.clone());
    }

    @Override // org.bouncycastle.tls.AbstractTlsClient
    public final Vector<ServerName> D() {
        String j2;
        if (!k) {
            return null;
        }
        List<BCSNIServerName> b = ProvSSLParameters.b(this.g.j);
        if (b == null && (j2 = this.f.j()) != null && j2.indexOf(46) > 0 && !IPAddress.a(j2)) {
            try {
                b = Collections.singletonList(new BCSNIHostName(j2));
            } catch (RuntimeException unused) {
                j.fine("Failed to add peer host as default SNI host_name: " + j2);
            }
        }
        if (b == null || b.isEmpty()) {
            return null;
        }
        Vector<ServerName> vector = new Vector<>(b.size());
        for (BCSNIServerName bCSNIServerName : b) {
            vector.add(new ServerName((short) bCSNIServerName.a, TlsUtils.h(bCSNIServerName.b)));
        }
        return vector;
    }

    @Override // org.bouncycastle.tls.AbstractTlsClient
    public final Vector E() {
        NamedGroupInfo.PerConnection perConnection = this.h.a;
        Logger logger = NamedGroupInfo.d;
        return new Vector(perConnection.a.keySet());
    }

    @Override // org.bouncycastle.tls.AbstractTlsClient
    public final Vector<SignatureAndHashAlgorithm> F() {
        List<SignatureSchemeInfo> a = this.f.d().a(false, this.g, this.b, this.h.a);
        JsseSecurityParameters jsseSecurityParameters = this.h;
        jsseSecurityParameters.b = a;
        jsseSecurityParameters.c = a;
        return SignatureSchemeInfo.e(a);
    }

    @Override // org.bouncycastle.tls.AbstractTlsClient
    public final Vector<TrustedAuthority> G() {
        Vector<X500Name> g;
        if (!m || (g = JsseUtils.g(this.f.d().d)) == null) {
            return null;
        }
        Vector<TrustedAuthority> vector = new Vector<>(g.size());
        Iterator<X500Name> it = g.iterator();
        while (it.hasNext()) {
            vector.add(new TrustedAuthority((short) 2, it.next()));
        }
        return vector;
    }

    @Override // org.bouncycastle.tls.TlsPeer
    /* renamed from: I, reason: merged with bridge method [inline-methods] */
    public final JcaTlsCrypto f() {
        return this.f.d().b;
    }

    @Override // org.bouncycastle.jsse.provider.ProvTlsPeer
    public final synchronized boolean c() {
        throw null;
    }

    @Override // org.bouncycastle.tls.TlsPeer
    public final boolean e() {
        return JsseUtils.c;
    }

    @Override // org.bouncycastle.tls.TlsPeer
    public final void h(boolean z) throws IOException {
        if (!z && !PropertyUtils.a("sun.security.ssl.allowLegacyHelloMessages", true)) {
            throw new TlsFatalAlert((short) 40, null);
        }
    }

    @Override // org.bouncycastle.tls.TlsPeer
    public final void i(short s, short s2, String str, Exception exc) {
        Level level = s == 1 ? Level.FINE : s2 == 80 ? Level.WARNING : Level.INFO;
        Logger logger = j;
        if (logger.isLoggable(level)) {
            logger.log(level, a.j(JsseUtils.e("Client raised", s, s2), ": ", str), (Throwable) exc);
        }
    }

    @Override // org.bouncycastle.tls.TlsPeer
    public final void j(short s, short s2) {
        Level level = s == 1 ? Level.FINE : Level.INFO;
        Logger logger = j;
        if (logger.isLoggable(level)) {
            logger.log(level, JsseUtils.e("Client received", s, s2));
        }
    }

    @Override // org.bouncycastle.tls.TlsPeer
    public final void k() throws IOException {
        this.d = null;
        this.e = null;
        ContextData d = this.f.d();
        ProtocolVersion[] protocolVersionArr = this.b;
        this.h.a = d.b(this.g, protocolVersionArr);
    }

    /* JADX WARN: Removed duplicated region for block: B:28:0x0080  */
    @Override // org.bouncycastle.tls.TlsClient
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public final org.bouncycastle.tls.TlsSession l() {
        /*
            r8 = this;
            org.bouncycastle.jsse.provider.ProvSSLParameters r0 = r8.g
            org.bouncycastle.jsse.provider.ProvSSLSession r0 = r0.l
            r1 = 0
            if (r0 != 0) goto L47
            org.bouncycastle.jsse.provider.ProvTlsManager r0 = r8.f
            org.bouncycastle.jsse.provider.ContextData r0 = r0.d()
            org.bouncycastle.jsse.provider.ProvSSLSessionContext r0 = r0.e
            org.bouncycastle.jsse.provider.ProvTlsManager r2 = r8.f
            java.lang.String r2 = r2.getPeerHost()
            org.bouncycastle.jsse.provider.ProvTlsManager r3 = r8.f
            int r3 = r3.getPeerPort()
            monitor-enter(r0)
            r0.d()     // Catch: java.lang.Throwable -> L44
            java.util.HashMap r4 = r0.b     // Catch: java.lang.Throwable -> L44
            java.lang.String r2 = org.bouncycastle.jsse.provider.ProvSSLSessionContext.b(r3, r2)     // Catch: java.lang.Throwable -> L44
            r4.getClass()     // Catch: java.lang.Throwable -> L44
            if (r2 != 0) goto L2c
            r2 = r1
            goto L30
        L2c:
            java.lang.Object r2 = r4.get(r2)     // Catch: java.lang.Throwable -> L44
        L30:
            org.bouncycastle.jsse.provider.ProvSSLSessionContext$SessionEntry r2 = (org.bouncycastle.jsse.provider.ProvSSLSessionContext.SessionEntry) r2     // Catch: java.lang.Throwable -> L44
            org.bouncycastle.jsse.provider.ProvSSLSession r3 = r0.a(r2)     // Catch: java.lang.Throwable -> L44
            if (r3 == 0) goto L41
            java.util.Map<org.bouncycastle.tls.SessionID, org.bouncycastle.jsse.provider.ProvSSLSessionContext$SessionEntry> r4 = r0.a     // Catch: java.lang.Throwable -> L44
            org.bouncycastle.tls.SessionID r2 = r2.a     // Catch: java.lang.Throwable -> L44
            java.util.LinkedHashMap r4 = (java.util.LinkedHashMap) r4     // Catch: java.lang.Throwable -> L44
            r4.get(r2)     // Catch: java.lang.Throwable -> L44
        L41:
            monitor-exit(r0)
            r0 = r3
            goto L47
        L44:
            r1 = move-exception
            monitor-exit(r0)
            throw r1
        L47:
            if (r0 == 0) goto L83
            org.bouncycastle.tls.TlsSession r2 = r0.j
            if (r2 == 0) goto L83
            org.bouncycastle.jsse.provider.JsseSessionParameters r3 = r0.l
            org.bouncycastle.jsse.provider.ProvSSLParameters r4 = r8.g
            java.lang.String r4 = r4.g
            if (r4 == 0) goto L7d
            java.lang.String r3 = r3.a
            boolean r5 = r4.equalsIgnoreCase(r3)
            if (r5 != 0) goto L7d
            java.util.logging.Logger r5 = org.bouncycastle.jsse.provider.ProvTlsClient.j
            java.lang.StringBuilder r6 = new java.lang.StringBuilder
            r6.<init>()
            java.lang.String r7 = "Session not resumed - endpoint ID algorithm mismatch; requested: "
            r6.append(r7)
            r6.append(r4)
            java.lang.String r4 = ", session: "
            r6.append(r4)
            r6.append(r3)
            java.lang.String r3 = r6.toString()
            r5.finest(r3)
            r3 = 0
            goto L7e
        L7d:
            r3 = 1
        L7e:
            if (r3 == 0) goto L83
            r8.i = r0
            return r2
        L83:
            org.bouncycastle.jsse.provider.ProvTlsManager r0 = r8.f
            boolean r0 = r0.getEnableSessionCreation()
            if (r0 == 0) goto L8c
            return r1
        L8c:
            java.lang.IllegalStateException r0 = new java.lang.IllegalStateException
            java.lang.String r1 = "No resumable sessions and session creation is disabled"
            r0.<init>(r1)
            throw r0
        */
        throw new UnsupportedOperationException("Method not decompiled: org.bouncycastle.jsse.provider.ProvTlsClient.l():org.bouncycastle.tls.TlsSession");
    }

    @Override // org.bouncycastle.tls.TlsClient
    public final void m(byte[] bArr) {
        ProvSSLSession provSSLSession;
        boolean z = bArr != null && bArr.length > 0 && (provSSLSession = this.i) != null && Arrays.equals(bArr, provSSLSession.getId());
        if (z) {
            Logger logger = j;
            StringBuilder w = a.w("Server resumed session: ");
            HexEncoder hexEncoder = Hex.a;
            w.append(Strings.a(Hex.b(bArr, bArr.length)));
            logger.fine(w.toString());
        } else {
            if (bArr == null || bArr.length < 1) {
                j.fine("Server did not specify a session ID");
            } else {
                Logger logger2 = j;
                StringBuilder w2 = a.w("Server specified new session: ");
                w2.append(Strings.a(Hex.b(bArr, bArr.length)));
                logger2.fine(w2.toString());
            }
            if (!this.f.getEnableSessionCreation()) {
                throw new IllegalStateException("Server did not resume session and session creation is disabled");
            }
        }
        ProvSSLSessionContext provSSLSessionContext = this.f.d().e;
        String peerHost = this.f.getPeerHost();
        int peerPort = this.f.getPeerPort();
        SecurityParameters c = this.a.c();
        this.f.c(!z ? new ProvSSLSessionHandshake(provSSLSessionContext, peerHost, peerPort, c, this.h) : new ProvSSLSessionResumed(provSSLSessionContext, peerHost, peerPort, c, this.h, this.i.j));
    }

    @Override // org.bouncycastle.tls.TlsPeer
    public final synchronized void n() throws IOException {
        TlsSession e = this.a.e();
        ProvSSLSession provSSLSession = this.i;
        if (provSSLSession == null || provSSLSession.j != e) {
            this.i = this.f.d().e.f(this.f.getPeerHost(), this.f.getPeerPort(), e, new JsseSessionParameters(this.g.g));
        }
        this.f.b(new ProvSSLConnection(this.a, this.i));
    }

    @Override // org.bouncycastle.tls.TlsClient
    public final TlsAuthentication o() throws IOException {
        return new TlsAuthentication() { // from class: org.bouncycastle.jsse.provider.ProvTlsClient.1
            /* JADX WARN: Removed duplicated region for block: B:36:0x00db A[SYNTHETIC] */
            /* JADX WARN: Removed duplicated region for block: B:56:0x00a6 A[SYNTHETIC] */
            @Override // org.bouncycastle.tls.TlsAuthentication
            /*
                Code decompiled incorrectly, please refer to instructions dump.
                To view partially-correct add '--show-bad-code' argument
            */
            public final org.bouncycastle.tls.crypto.impl.jcajce.JcaDefaultTlsCredentialedSigner a(org.bouncycastle.tls.CertificateRequest r19) throws java.io.IOException {
                /*
                    Method dump skipped, instructions count: 491
                    To view this dump add '--comments-level debug' option
                */
                throw new UnsupportedOperationException("Method not decompiled: org.bouncycastle.jsse.provider.ProvTlsClient.AnonymousClass1.a(org.bouncycastle.tls.CertificateRequest):org.bouncycastle.tls.crypto.impl.jcajce.JcaDefaultTlsCredentialedSigner");
            }

            @Override // org.bouncycastle.tls.TlsAuthentication
            public final void b(TlsServerCertificate tlsServerCertificate) throws IOException {
                List<byte[]> list = null;
                if (tlsServerCertificate.a() == null || tlsServerCertificate.a().d()) {
                    throw new TlsFatalAlert((short) 40, null);
                }
                X509Certificate[] o = JsseUtils.o(ProvTlsClient.this.f(), tlsServerCertificate.a());
                String f = JsseUtils.f(ProvTlsClient.this.a.c().G);
                JsseSecurityParameters jsseSecurityParameters = ProvTlsClient.this.h;
                CertificateStatus b = tlsServerCertificate.b();
                if (b != null) {
                    short s = b.a;
                    if (s == 1) {
                        if (!CertificateStatus.a((short) 1, b.b)) {
                            throw new IllegalStateException("'response' is not an OCSPResponse");
                        }
                        OCSPResponse oCSPResponse = (OCSPResponse) b.b;
                        list = Collections.singletonList(oCSPResponse == null ? TlsUtils.d : oCSPResponse.k("DER"));
                    } else if (s == 2) {
                        if (!CertificateStatus.a((short) 2, b.b)) {
                            throw new IllegalStateException("'response' is not an OCSPResponseList");
                        }
                        Vector vector = (Vector) b.b;
                        int size = vector.size();
                        ArrayList arrayList = new ArrayList(size);
                        for (int i = 0; i < size; i++) {
                            OCSPResponse oCSPResponse2 = (OCSPResponse) vector.elementAt(i);
                            arrayList.add(oCSPResponse2 == null ? TlsUtils.d : oCSPResponse2.k("DER"));
                        }
                        list = Collections.unmodifiableList(arrayList);
                    }
                }
                jsseSecurityParameters.f = list;
                ProvTlsClient.this.f.checkServerTrusted(o, f);
            }
        };
    }

    @Override // org.bouncycastle.tls.TlsClient
    public final void q(int i) {
        String m2 = this.f.d().a.m(this.g, i);
        j.fine("Client notified of selected cipher suite: " + m2);
    }

    @Override // org.bouncycastle.tls.TlsPeer
    public final boolean r() {
        return !JsseUtils.a;
    }

    @Override // org.bouncycastle.tls.TlsClient
    public final void t(ProtocolVersion protocolVersion) throws IOException {
        String n = this.f.d().a.n(this.g, protocolVersion);
        j.fine("Client notified of selected protocol version: " + n);
    }

    @Override // org.bouncycastle.tls.TlsPeer
    public final boolean u() {
        return JsseUtils.b;
    }

    @Override // org.bouncycastle.tls.TlsClient
    public final TlsDHGroupVerifier v() {
        return new ProvDHGroupVerifier();
    }

    @Override // org.bouncycastle.tls.AbstractTlsPeer
    public final int[] x() {
        return this.f.d().a.b(f(), this.g);
    }

    @Override // org.bouncycastle.tls.AbstractTlsPeer
    public final ProtocolVersion[] y() {
        return this.f.d().a.c(this.g);
    }
}
