package org.conscrypt;

import java.security.KeyFactory;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.SecureRandom;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import javax.crypto.Cipher;
import javax.crypto.KeyAgreement;
import javax.crypto.interfaces.DHKey;
import javax.crypto.interfaces.DHPublicKey;
import javax.crypto.spec.DHParameterSpec;
import javax.crypto.spec.DHPublicKeySpec;
import javax.crypto.spec.SecretKeySpec;
import javax.net.ssl.X509ExtendedKeyManager;
import javax.net.ssl.X509KeyManager;
import javax.net.ssl.X509TrustManager;
import javax.security.auth.x500.X500Principal;
import org.bouncycastle.crypto.tls.ExporterLabel;

/* loaded from: classes4.dex */
public class ClientHandshakeImpl extends HandshakeProtocol {

    /* loaded from: classes4.dex */
    public class a implements Runnable {
        public a() {
        }

        @Override // java.lang.Runnable
        public void run() {
            ClientHandshakeImpl.this.processServerHelloDone();
        }
    }

    public ClientHandshakeImpl(Object obj) {
        super(obj);
    }

    private SSLSessionImpl findSessionToResume() {
        String peerHostName;
        int peerPort;
        SSLEngineImpl sSLEngineImpl = this.engineOwner;
        if (sSLEngineImpl != null) {
            peerHostName = sSLEngineImpl.getPeerHost();
            peerPort = this.engineOwner.getPeerPort();
        } else {
            peerHostName = this.socketOwner.getPeerHostName();
            peerPort = this.socketOwner.getPeerPort();
        }
        if (peerHostName == null || peerPort == -1) {
            return null;
        }
        SSLSessionImpl sSLSessionImpl = (SSLSessionImpl) this.parameters.getClientSessionContext().getSession(peerHostName, peerPort);
        return sSLSessionImpl != null ? (SSLSessionImpl) sSLSessionImpl.clone() : sSLSessionImpl;
    }

    private void renegotiateNewSession() {
        String peerHostName;
        int peerPort;
        if (!this.parameters.getEnableSessionCreation()) {
            this.status = 2;
            sendWarningAlert((byte) 100);
            return;
        }
        this.isResuming = false;
        SSLSessionImpl sSLSessionImpl = new SSLSessionImpl(this.parameters.getSecureRandom());
        this.session = sSLSessionImpl;
        SSLEngineImpl sSLEngineImpl = this.engineOwner;
        if (sSLEngineImpl != null) {
            peerHostName = sSLEngineImpl.getPeerHost();
            peerPort = this.engineOwner.getPeerPort();
        } else {
            peerHostName = this.socketOwner.getPeerHostName();
            peerPort = this.socketOwner.getPeerPort();
        }
        sSLSessionImpl.setPeer(peerHostName, peerPort);
        this.session.protocol = ProtocolVersion.getLatestVersion(this.parameters.getEnabledProtocols());
        this.recordProtocol.setVersion(this.session.protocol.version);
        startSession();
    }

    private void startSession() {
        CipherSuite[] enabledCipherSuitesMember = this.isResuming ? new CipherSuite[]{this.session.cipherSuite} : this.parameters.getEnabledCipherSuitesMember();
        SecureRandom secureRandom = this.parameters.getSecureRandom();
        SSLSessionImpl sSLSessionImpl = this.session;
        ClientHello clientHello = new ClientHello(secureRandom, sSLSessionImpl.protocol.version, sSLSessionImpl.id, enabledCipherSuitesMember);
        this.clientHello = clientHello;
        this.session.clientRandom = clientHello.random;
        send(clientHello);
        this.status = 1;
    }

    private void verifyServerCert() {
        String authType = this.session.cipherSuite.getAuthType(this.serverKeyExchange != null);
        if (authType == null) {
            return;
        }
        SSLEngineImpl sSLEngineImpl = this.engineOwner;
        String peerHost = sSLEngineImpl != null ? sSLEngineImpl.getPeerHost() : this.socketOwner.getWrappedHostName();
        try {
            X509TrustManager trustManager = this.parameters.getTrustManager();
            if (trustManager instanceof TrustManagerImpl) {
                ((TrustManagerImpl) trustManager).checkServerTrusted(this.serverCert.certs, authType, peerHost);
            } else {
                trustManager.checkServerTrusted(this.serverCert.certs, authType);
            }
            this.session.peerCertificates = this.serverCert.certs;
        } catch (CertificateException e2) {
            fatalAlert((byte) 42, "Not trusted server certificate", e2);
        }
    }

    @Override // org.conscrypt.HandshakeProtocol
    public void makeFinished() {
        byte[] bArr;
        if (this.serverHello.server_version[1] == 1) {
            bArr = new byte[12];
            computerVerifyDataTLS(ExporterLabel.client_finished, bArr);
        } else {
            bArr = new byte[36];
            computerVerifyDataSSLv3(SSLv3Constants.client, bArr);
        }
        Finished finished = new Finished(bArr);
        this.clientFinished = finished;
        send(finished);
        if (this.isResuming) {
            this.session.lastAccessedTime = System.currentTimeMillis();
            this.status = 3;
        } else {
            if (this.serverHello.server_version[1] == 1) {
                computerReferenceVerifyDataTLS(ExporterLabel.server_finished);
            } else {
                computerReferenceVerifyDataSSLv3(SSLv3Constants.server);
            }
            this.status = 1;
        }
    }

    public void processServerHelloDone() {
        PublicKey publicKey;
        DHParameterSpec params;
        ClientKeyExchange clientKeyExchange;
        String chooseClientAlias;
        if (this.serverCert != null) {
            if (this.session.cipherSuite.isAnonymous()) {
                unexpectedMessage();
                return;
            }
            verifyServerCert();
        } else if (!this.session.cipherSuite.isAnonymous()) {
            unexpectedMessage();
            return;
        }
        CertificateRequest certificateRequest = this.certificateRequest;
        PrivateKey privateKey = null;
        r2 = null;
        X509Certificate[] certificateChain = null;
        if (certificateRequest != null) {
            String[] typesAsString = certificateRequest.getTypesAsString();
            X500Principal[] x500PrincipalArr = this.certificateRequest.certificate_authorities;
            X509KeyManager keyManager = this.parameters.getKeyManager();
            if (keyManager instanceof X509ExtendedKeyManager) {
                X509ExtendedKeyManager x509ExtendedKeyManager = (X509ExtendedKeyManager) keyManager;
                SSLSocketImpl sSLSocketImpl = this.socketOwner;
                chooseClientAlias = sSLSocketImpl != null ? x509ExtendedKeyManager.chooseClientAlias(typesAsString, x500PrincipalArr, sSLSocketImpl) : x509ExtendedKeyManager.chooseEngineClientAlias(typesAsString, x500PrincipalArr, this.engineOwner);
                if (chooseClientAlias != null) {
                    certificateChain = x509ExtendedKeyManager.getCertificateChain(chooseClientAlias);
                }
            } else {
                chooseClientAlias = keyManager.chooseClientAlias(typesAsString, x500PrincipalArr, this.socketOwner);
                if (chooseClientAlias != null) {
                    certificateChain = keyManager.getCertificateChain(chooseClientAlias);
                }
            }
            this.session.localCertificates = certificateChain;
            this.clientCert = new CertificateMessage(certificateChain);
            privateKey = keyManager.getPrivateKey(chooseClientAlias);
            send(this.clientCert);
        }
        int i2 = this.session.cipherSuite.keyExchange;
        boolean z = true;
        if (i2 == 1 || i2 == 2) {
            try {
                Cipher cipher = Cipher.getInstance("RSA/ECB/PKCS1Padding");
                if (this.serverKeyExchange != null) {
                    cipher.init(3, this.serverKeyExchange.getRSAPublicKey());
                } else {
                    cipher.init(3, this.serverCert.certs[0]);
                }
                this.preMasterSecret = new byte[48];
                this.parameters.getSecureRandom().nextBytes(this.preMasterSecret);
                System.arraycopy(this.clientHello.client_version, 0, this.preMasterSecret, 0, 2);
                try {
                    byte[] wrap = cipher.wrap(new SecretKeySpec(this.preMasterSecret, "preMasterSecret"));
                    if (this.serverHello.server_version[1] != 1) {
                        z = false;
                    }
                    this.clientKeyExchange = new ClientKeyExchange(wrap, z);
                } catch (Exception e2) {
                    fatalAlert((byte) 80, "Unexpected exception", e2);
                    return;
                }
            } catch (Exception e3) {
                fatalAlert((byte) 80, "Unexpected exception", e3);
                return;
            }
        } else {
            try {
                KeyFactory keyFactory = KeyFactory.getInstance("DH");
                KeyAgreement keyAgreement = KeyAgreement.getInstance("DH");
                KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("DH");
                if (this.serverKeyExchange != null) {
                    publicKey = keyFactory.generatePublic(new DHPublicKeySpec(this.serverKeyExchange.par3, this.serverKeyExchange.par1, this.serverKeyExchange.par2));
                    params = new DHParameterSpec(this.serverKeyExchange.par1, this.serverKeyExchange.par2);
                } else {
                    publicKey = this.serverCert.certs[0].getPublicKey();
                    params = ((DHPublicKey) publicKey).getParams();
                }
                keyPairGenerator.initialize(params);
                KeyPair generateKeyPair = keyPairGenerator.generateKeyPair();
                PublicKey publicKey2 = generateKeyPair.getPublic();
                if (this.clientCert == null || this.serverCert == null || !(this.session.cipherSuite.keyExchange == 5 || this.session.cipherSuite.keyExchange == 3)) {
                    clientKeyExchange = new ClientKeyExchange(((DHPublicKey) publicKey2).getY());
                } else {
                    PublicKey publicKey3 = this.clientCert.certs[0].getPublicKey();
                    PublicKey publicKey4 = this.serverCert.certs[0].getPublicKey();
                    if ((publicKey3 instanceof DHKey) && (publicKey4 instanceof DHKey) && ((DHKey) publicKey3).getParams().getG().equals(((DHKey) publicKey4).getParams().getG()) && ((DHKey) publicKey3).getParams().getP().equals(((DHKey) publicKey4).getParams().getG())) {
                        clientKeyExchange = new ClientKeyExchange();
                    }
                    keyAgreement.init(generateKeyPair.getPrivate());
                    keyAgreement.doPhase(publicKey, true);
                    this.preMasterSecret = keyAgreement.generateSecret();
                }
                this.clientKeyExchange = clientKeyExchange;
                keyAgreement.init(generateKeyPair.getPrivate());
                keyAgreement.doPhase(publicKey, true);
                this.preMasterSecret = keyAgreement.generateSecret();
            } catch (Exception e4) {
                fatalAlert((byte) 80, "Unexpected exception", e4);
                return;
            }
        }
        Message message = this.clientKeyExchange;
        if (message != null) {
            send(message);
        }
        computerMasterSecret();
        CertificateMessage certificateMessage = this.clientCert;
        if (certificateMessage != null && certificateMessage.certs.length > 0 && !this.clientKeyExchange.isEmpty()) {
            String algorithm = privateKey.getAlgorithm();
            DigitalSignature digitalSignature = new DigitalSignature(algorithm);
            digitalSignature.init(privateKey);
            if ("RSA".equals(algorithm)) {
                digitalSignature.setMD5(this.io_stream.getDigestMD5());
                digitalSignature.setSHA(this.io_stream.getDigestSHA());
            } else if (CipherSuite.KEY_TYPE_DSA.equals(algorithm)) {
                digitalSignature.setSHA(this.io_stream.getDigestSHA());
            }
            CertificateVerify certificateVerify = new CertificateVerify(digitalSignature.sign());
            this.certificateVerify = certificateVerify;
            send(certificateVerify);
        }
        sendChangeCipherSpec();
    }

    @Override // org.conscrypt.HandshakeProtocol
    public void receiveChangeCipherSpec() {
        if (!this.isResuming ? this.clientFinished == null : this.serverHello == null) {
            unexpectedMessage();
        }
        this.changeCipherSpecReceived = true;
    }

    /* JADX WARN: Removed duplicated region for block: B:11:0x0027  */
    /* JADX WARN: Removed duplicated region for block: B:7:0x0023  */
    @Override // org.conscrypt.HandshakeProtocol
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public void start() {
        /*
            r3 = this;
            org.conscrypt.SSLSessionImpl r0 = r3.session
            if (r0 != 0) goto Lb
            org.conscrypt.SSLSessionImpl r0 = r3.findSessionToResume()
        L8:
            r3.session = r0
            goto L1f
        Lb:
            org.conscrypt.ClientHello r0 = r3.clientHello
            if (r0 == 0) goto L15
            int r0 = r3.status
            r1 = 3
            if (r0 == r1) goto L15
            return
        L15:
            org.conscrypt.SSLSessionImpl r0 = r3.session
            boolean r0 = r0.isValid()
            if (r0 != 0) goto L1f
            r0 = 0
            goto L8
        L1f:
            org.conscrypt.SSLSessionImpl r0 = r3.session
            if (r0 == 0) goto L27
            r0 = 1
            r3.isResuming = r0
            goto L7e
        L27:
            org.conscrypt.SSLParametersImpl r0 = r3.parameters
            boolean r0 = r0.getEnableSessionCreation()
            if (r0 == 0) goto L77
            r0 = 0
            r3.isResuming = r0
            org.conscrypt.SSLSessionImpl r0 = new org.conscrypt.SSLSessionImpl
            org.conscrypt.SSLParametersImpl r1 = r3.parameters
            java.security.SecureRandom r1 = r1.getSecureRandom()
            r0.<init>(r1)
            r3.session = r0
            org.conscrypt.SSLEngineImpl r1 = r3.engineOwner
            if (r1 == 0) goto L4e
            java.lang.String r1 = r1.getPeerHost()
            org.conscrypt.SSLEngineImpl r2 = r3.engineOwner
            int r2 = r2.getPeerPort()
            goto L5a
        L4e:
            org.conscrypt.SSLSocketImpl r1 = r3.socketOwner
            java.lang.String r1 = r1.getPeerHostName()
            org.conscrypt.SSLSocketImpl r2 = r3.socketOwner
            int r2 = r2.getPeerPort()
        L5a:
            r0.setPeer(r1, r2)
            org.conscrypt.SSLSessionImpl r0 = r3.session
            org.conscrypt.SSLParametersImpl r1 = r3.parameters
            java.lang.String[] r1 = r1.getEnabledProtocols()
            org.conscrypt.ProtocolVersion r1 = org.conscrypt.ProtocolVersion.getLatestVersion(r1)
            r0.protocol = r1
            org.conscrypt.SSLRecordProtocol r0 = r3.recordProtocol
            org.conscrypt.SSLSessionImpl r1 = r3.session
            org.conscrypt.ProtocolVersion r1 = r1.protocol
            byte[] r1 = r1.version
            r0.setVersion(r1)
            goto L7e
        L77:
            r0 = 40
            java.lang.String r1 = "SSL Session may not be created "
            r3.fatalAlert(r0, r1)
        L7e:
            r3.startSession()
            return
        */
        throw new UnsupportedOperationException("Method not decompiled: org.conscrypt.ClientHandshakeImpl.start():void");
    }

    /* JADX WARN: Removed duplicated region for block: B:72:0x01d7 A[Catch: IOException -> 0x0246, TryCatch #0 {IOException -> 0x0246, blocks: (B:9:0x0020, B:189:0x0034, B:113:0x0044, B:115:0x0047, B:169:0x004b, B:171:0x004f, B:173:0x0053, B:175:0x0058, B:180:0x0065, B:177:0x0075, B:184:0x0079, B:118:0x007d, B:120:0x0081, B:122:0x0085, B:124:0x008f, B:126:0x0094, B:130:0x009f, B:136:0x00a3, B:138:0x00a7, B:140:0x00ab, B:142:0x00b0, B:146:0x00c1, B:151:0x00c5, B:153:0x00c9, B:155:0x00cd, B:157:0x00d1, B:159:0x00d6, B:163:0x00e1, B:99:0x00e5, B:110:0x00e9, B:101:0x00ed, B:107:0x011e, B:104:0x0123, B:40:0x0130, B:42:0x0134, B:44:0x013a, B:45:0x0151, B:48:0x0156, B:53:0x0169, B:55:0x016f, B:56:0x0174, B:57:0x017b, B:60:0x0180, B:65:0x0193, B:67:0x0197, B:69:0x019e, B:70:0x01cf, B:72:0x01d7, B:73:0x01dd, B:74:0x01a1, B:77:0x01b0, B:79:0x01ba, B:80:0x01be, B:82:0x01cc, B:83:0x01e2, B:62:0x018d, B:86:0x0190, B:50:0x0163, B:88:0x0166, B:91:0x0211, B:14:0x0215, B:16:0x021e, B:19:0x0222, B:22:0x0228, B:29:0x0230, B:25:0x0241), top: B:8:0x0020 }] */
    /* JADX WARN: Removed duplicated region for block: B:73:0x01dd A[Catch: IOException -> 0x0246, TryCatch #0 {IOException -> 0x0246, blocks: (B:9:0x0020, B:189:0x0034, B:113:0x0044, B:115:0x0047, B:169:0x004b, B:171:0x004f, B:173:0x0053, B:175:0x0058, B:180:0x0065, B:177:0x0075, B:184:0x0079, B:118:0x007d, B:120:0x0081, B:122:0x0085, B:124:0x008f, B:126:0x0094, B:130:0x009f, B:136:0x00a3, B:138:0x00a7, B:140:0x00ab, B:142:0x00b0, B:146:0x00c1, B:151:0x00c5, B:153:0x00c9, B:155:0x00cd, B:157:0x00d1, B:159:0x00d6, B:163:0x00e1, B:99:0x00e5, B:110:0x00e9, B:101:0x00ed, B:107:0x011e, B:104:0x0123, B:40:0x0130, B:42:0x0134, B:44:0x013a, B:45:0x0151, B:48:0x0156, B:53:0x0169, B:55:0x016f, B:56:0x0174, B:57:0x017b, B:60:0x0180, B:65:0x0193, B:67:0x0197, B:69:0x019e, B:70:0x01cf, B:72:0x01d7, B:73:0x01dd, B:74:0x01a1, B:77:0x01b0, B:79:0x01ba, B:80:0x01be, B:82:0x01cc, B:83:0x01e2, B:62:0x018d, B:86:0x0190, B:50:0x0163, B:88:0x0166, B:91:0x0211, B:14:0x0215, B:16:0x021e, B:19:0x0222, B:22:0x0228, B:29:0x0230, B:25:0x0241), top: B:8:0x0020 }] */
    @Override // org.conscrypt.HandshakeProtocol
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public void unwrap(byte[] r10) {
        /*
            Method dump skipped, instructions count: 600
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: org.conscrypt.ClientHandshakeImpl.unwrap(byte[]):void");
    }

    @Override // org.conscrypt.HandshakeProtocol
    public void unwrapSSLv2(byte[] bArr) {
        unexpectedMessage();
    }
}
