package org.bouncycastle.jsse.provider;

import com.safelogic.cryptocomply.asn1.x500.X500Name;
import com.safelogic.cryptocomply.util.Arrays;
import com.safelogic.cryptocomply.util.IPAddress;
import com.safelogic.cryptocomply.util.encoders.Hex;
import java.io.IOException;
import java.io.UnsupportedEncodingException;
import java.security.Principal;
import java.security.PrivateKey;
import java.util.List;
import java.util.Set;
import java.util.Vector;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.net.ssl.X509KeyManager;
import javax.security.auth.x500.X500Principal;
import org.bouncycastle.jsse.BCSNIServerName;
import org.bouncycastle.tls.Certificate;
import org.bouncycastle.tls.CertificateRequest;
import org.bouncycastle.tls.CertificateStatusRequest;
import org.bouncycastle.tls.DefaultTlsClient;
import org.bouncycastle.tls.DefaultTlsKeyExchangeFactory;
import org.bouncycastle.tls.ProtocolVersion;
import org.bouncycastle.tls.ServerName;
import org.bouncycastle.tls.TlsAuthentication;
import org.bouncycastle.tls.TlsCredentials;
import org.bouncycastle.tls.TlsFatalAlert;
import org.bouncycastle.tls.TlsServerCertificate;
import org.bouncycastle.tls.TlsSession;
import org.bouncycastle.tls.TlsUtils;
import org.bouncycastle.tls.crypto.TlsCrypto;
import org.bouncycastle.tls.crypto.TlsCryptoParameters;
import org.bouncycastle.tls.crypto.impl.jcajce.JcaDefaultTlsCredentialedSigner;
import org.bouncycastle.tls.crypto.impl.jcajce.JcaTlsCrypto;
import org.bouncycastle.tls.crypto.impl.jcajce.JceDefaultTlsCredentialedAgreement;
import yg.AbstractC0625;
import yg.C0520;
import yg.C0535;
import yg.C0543;
import yg.C0587;
import yg.C0601;
import yg.C0616;
import yg.C0635;
import yg.C0646;
import yg.C0648;
import yg.C0674;
import yg.C0678;
import yg.C0691;
import yg.C0692;
import yg.C0697;

/* loaded from: classes4.dex */
public class ProvTlsClient extends DefaultTlsClient implements ProvTlsPeer {
    public static Logger LOG = Logger.getLogger(ProvTlsClient.class.getName());
    public static final boolean provEnableSNIExtension;
    public boolean handshakeComplete;
    public final ProvTlsManager manager;
    public final ProvSSLParameters sslParameters;
    public ProvSSLSessionImpl sslSession;

    static {
        short m921 = (short) (C0543.m921() ^ (-18253));
        short m9212 = (short) (C0543.m921() ^ (-4396));
        int[] iArr = new int["D^?\u0012=M7\u000bjM'uS'\u0004\u0018r\\F,\u0005cC".length()];
        C0648 c0648 = new C0648("D^?\u0012=M7\u000bjM'uS'\u0004\u0018r\\F,\u0005cC");
        int i = 0;
        while (c0648.m1212()) {
            int m1211 = c0648.m1211();
            AbstractC0625 m1151 = AbstractC0625.m1151(m1211);
            iArr[i] = m1151.mo828(((i * m9212) ^ m921) + m1151.mo831(m1211));
            i++;
        }
        provEnableSNIExtension = PropertyUtils.getBooleanSystemProperty(new String(iArr, 0, i), true);
    }

    public ProvTlsClient(ProvTlsManager provTlsManager, ProvSSLParameters provSSLParameters) {
        super(provTlsManager.getContextData().getCrypto(), new DefaultTlsKeyExchangeFactory(), new ProvDHConfigVerifier());
        this.sslSession = null;
        this.handshakeComplete = false;
        this.manager = provTlsManager;
        this.sslParameters = provSSLParameters;
    }

    @Override // org.bouncycastle.tls.TlsClient
    public TlsAuthentication getAuthentication() throws IOException {
        return new TlsAuthentication() { // from class: org.bouncycastle.jsse.provider.ProvTlsClient.1
            @Override // org.bouncycastle.tls.TlsAuthentication
            public TlsCredentials getClientCredentials(CertificateRequest certificateRequest) throws IOException {
                short[] certificateTypes;
                Principal[] principalArr;
                int keyExchangeAlgorithm = TlsUtils.getKeyExchangeAlgorithm(ProvTlsClient.this.selectedCipherSuite);
                if (keyExchangeAlgorithm != 1 && keyExchangeAlgorithm != 3 && keyExchangeAlgorithm != 5) {
                    if (keyExchangeAlgorithm != 7 && keyExchangeAlgorithm != 9) {
                        switch (keyExchangeAlgorithm) {
                            case 16:
                            case 18:
                                break;
                            case 17:
                            case 19:
                                break;
                            default:
                                throw new TlsFatalAlert((short) 80);
                        }
                    }
                    return null;
                }
                X509KeyManager keyManager = ProvTlsClient.this.manager.getContextData().getKeyManager();
                if (keyManager == null || (certificateTypes = certificateRequest.getCertificateTypes()) == null || certificateTypes.length == 0) {
                    return null;
                }
                String[] strArr = new String[certificateTypes.length];
                for (int i = 0; i < certificateTypes.length; i++) {
                    strArr[i] = JsseUtils.getAuthTypeClient(certificateTypes[i]);
                }
                Vector certificateAuthorities = certificateRequest.getCertificateAuthorities();
                if (certificateAuthorities == null || certificateAuthorities.size() <= 0) {
                    principalArr = null;
                } else {
                    Set<X500Principal> x500Principals = JsseUtils.toX500Principals((X500Name[]) certificateAuthorities.toArray(new X500Name[certificateAuthorities.size()]));
                    principalArr = (Principal[]) x500Principals.toArray(new Principal[x500Principals.size()]);
                }
                String chooseClientAlias = keyManager.chooseClientAlias(strArr, principalArr, null);
                if (chooseClientAlias == null) {
                    return null;
                }
                TlsCrypto crypto = ProvTlsClient.this.getCrypto();
                if (!(crypto instanceof JcaTlsCrypto)) {
                    throw new UnsupportedOperationException();
                }
                PrivateKey privateKey = keyManager.getPrivateKey(chooseClientAlias);
                Certificate certificateMessage = JsseUtils.getCertificateMessage(crypto, keyManager.getCertificateChain(chooseClientAlias));
                if (privateKey == null || certificateMessage.isEmpty()) {
                    return null;
                }
                if (keyExchangeAlgorithm != 1 && keyExchangeAlgorithm != 3 && keyExchangeAlgorithm != 5) {
                    if (keyExchangeAlgorithm != 7 && keyExchangeAlgorithm != 9) {
                        switch (keyExchangeAlgorithm) {
                            case 16:
                            case 18:
                                break;
                            case 17:
                            case 19:
                                break;
                            default:
                                throw new TlsFatalAlert((short) 80);
                        }
                    }
                    return new JceDefaultTlsCredentialedAgreement((JcaTlsCrypto) crypto, certificateMessage, privateKey);
                }
                return new JcaDefaultTlsCredentialedSigner(new TlsCryptoParameters(ProvTlsClient.this.context), (JcaTlsCrypto) crypto, privateKey, certificateMessage, TlsUtils.chooseSignatureAndHashAlgorithm(ProvTlsClient.this.context, ProvTlsClient.this.supportedSignatureAlgorithms, TlsUtils.getSignatureAlgorithmClient(certificateMessage.getCertificateAt(0).getClientCertificateType())));
            }

            @Override // org.bouncycastle.tls.TlsAuthentication
            public void notifyServerCertificate(TlsServerCertificate tlsServerCertificate) throws IOException {
                if (tlsServerCertificate == null || tlsServerCertificate.getCertificate() == null || tlsServerCertificate.getCertificate().isEmpty()) {
                    throw new TlsFatalAlert((short) 40);
                }
                if (!ProvTlsClient.this.manager.isServerTrusted(JsseUtils.getX509CertificateChain(ProvTlsClient.this.manager.getContextData().getCrypto(), tlsServerCertificate.getCertificate()), JsseUtils.getAuthTypeServer(TlsUtils.getKeyExchangeAlgorithm(ProvTlsClient.this.selectedCipherSuite)))) {
                    throw new TlsFatalAlert((short) 42);
                }
            }
        };
    }

    @Override // org.bouncycastle.tls.AbstractTlsClient
    public CertificateStatusRequest getCertificateStatusRequest() {
        return null;
    }

    @Override // org.bouncycastle.tls.DefaultTlsClient, org.bouncycastle.tls.TlsClient
    public int[] getCipherSuites() {
        return TlsUtils.getSupportedCipherSuites(this.manager.getContextData().getCrypto(), this.manager.getContext().convertCipherSuites(this.sslParameters.getCipherSuites()));
    }

    @Override // org.bouncycastle.tls.AbstractTlsClient, org.bouncycastle.tls.TlsClient
    public ProtocolVersion getClientVersion() {
        return this.manager.getContext().getMaximumVersion(this.sslParameters.getProtocols());
    }

    @Override // org.bouncycastle.tls.AbstractTlsClient, org.bouncycastle.tls.TlsClient
    public short[] getCompressionMethods() {
        return this.manager.getContext().isFips() ? new short[]{0} : super.getCompressionMethods();
    }

    @Override // org.bouncycastle.tls.AbstractTlsClient
    public ProtocolVersion getMinimumVersion() {
        return this.manager.getContext().getMinimumVersion(this.sslParameters.getProtocols());
    }

    @Override // org.bouncycastle.tls.AbstractTlsClient
    public Vector getSNIServerNames() {
        if (!provEnableSNIExtension) {
            return null;
        }
        List<BCSNIServerName> serverNames = this.sslParameters.getServerNames();
        if (serverNames == null) {
            String peerHost = this.manager.getPeerHost();
            if (peerHost == null || peerHost.indexOf(46) <= 0 || IPAddress.isValid(peerHost)) {
                return null;
            }
            Vector vector = new Vector(1);
            vector.addElement(new ServerName((short) 0, peerHost));
            return vector;
        }
        Vector vector2 = new Vector(serverNames.size());
        for (BCSNIServerName bCSNIServerName : serverNames) {
            if (bCSNIServerName.getType() == 0) {
                try {
                    short type = (short) bCSNIServerName.getType();
                    byte[] encoded = bCSNIServerName.getEncoded();
                    short m903 = (short) (C0535.m903() ^ 7803);
                    short m9032 = (short) (C0535.m903() ^ 20196);
                    int[] iArr = new int["cH\u001fm)".length()];
                    C0648 c0648 = new C0648("cH\u001fm)");
                    int i = 0;
                    while (c0648.m1212()) {
                        int m1211 = c0648.m1211();
                        AbstractC0625 m1151 = AbstractC0625.m1151(m1211);
                        int mo831 = m1151.mo831(m1211);
                        short[] sArr = C0674.f504;
                        iArr[i] = m1151.mo828((sArr[i % sArr.length] ^ ((m903 + m903) + (i * m9032))) + mo831);
                        i++;
                    }
                    vector2.addElement(new ServerName(type, new String(encoded, new String(iArr, 0, i))));
                } catch (UnsupportedEncodingException e) {
                    LOG.log(Level.WARNING, C0635.m1161("\u001d5''0(a5/^'+\u001f'/\u001d\u001dV\t\u0003|R%\u0016\"%\u0013\u001fK\u0019\u000b\u0016\r", (short) (C0520.m825() ^ (-8349))), (Throwable) e);
                }
            }
        }
        if (vector2.isEmpty()) {
            return null;
        }
        return vector2;
    }

    @Override // org.bouncycastle.tls.AbstractTlsClient, org.bouncycastle.tls.TlsClient
    public TlsSession getSessionToResume() {
        TlsSession tlsSession;
        ProvSSLSessionImpl sessionImpl = this.manager.getContextData().getClientSessionContext().getSessionImpl(this.manager.getPeerHost(), this.manager.getPeerPort());
        this.sslSession = sessionImpl;
        if (sessionImpl != null && (tlsSession = sessionImpl.getTlsSession()) != null) {
            return tlsSession;
        }
        if (this.manager.getEnableSessionCreation()) {
            return null;
        }
        throw new IllegalStateException(C0691.m1335("|6\rVyNOmR\nZ\f|7_6%YF}Qd\u001e\u001a>P\r5:`/\u001cI3%\u000bl\u0011\u001b>\u0013\u000bbb=\u0018S~y>mn\u0018}", (short) (C0601.m1083() ^ 29204), (short) (C0601.m1083() ^ 19922)));
    }

    @Override // org.bouncycastle.tls.AbstractTlsClient
    public Vector getSupportedGroups(boolean z, boolean z2) {
        return SupportedGroups.getClientSupportedGroups(this.manager.getContext().isFips(), z, z2);
    }

    @Override // org.bouncycastle.tls.AbstractTlsClient
    public Vector getSupportedSignatureAlgorithms() {
        return JsseUtils.getSupportedSignatureAlgorithms(getCrypto());
    }

    @Override // org.bouncycastle.jsse.provider.ProvTlsPeer
    public synchronized boolean isHandshakeComplete() {
        return this.handshakeComplete;
    }

    @Override // org.bouncycastle.tls.AbstractTlsPeer, org.bouncycastle.tls.TlsPeer
    public void notifyAlertRaised(short s, short s2, String str, Throwable th) {
        super.notifyAlertRaised(s, s2, str, th);
        Level level = s == 1 ? Level.FINE : s2 == 80 ? Level.WARNING : Level.INFO;
        if (LOG.isLoggable(level)) {
            String alertLogMessage = JsseUtils.getAlertLogMessage(C0646.m1197("x#!\u001e(/[/\u001f(3&&", (short) (C0543.m921() ^ (-9590)), (short) (C0543.m921() ^ (-30476))), s, s2);
            if (str != null) {
                alertLogMessage = alertLogMessage + C0616.m1114("\u0004h", (short) (C0543.m921() ^ (-13321)), (short) (C0543.m921() ^ (-19464))) + str;
            }
            LOG.log(level, alertLogMessage, th);
        }
    }

    @Override // org.bouncycastle.tls.AbstractTlsPeer, org.bouncycastle.tls.TlsPeer
    public void notifyAlertReceived(short s, short s2) {
        super.notifyAlertReceived(s, s2);
        Level level = s == 1 ? Level.FINE : Level.INFO;
        if (LOG.isLoggable(level)) {
            LOG.log(level, JsseUtils.getAlertLogMessage(C0616.m1125("%OMJT[\b[ONQVdTT", (short) (C0601.m1083() ^ 17518)), s, s2));
        }
    }

    @Override // org.bouncycastle.tls.AbstractTlsPeer, org.bouncycastle.tls.TlsPeer
    public synchronized void notifyHandshakeComplete() throws IOException {
        this.handshakeComplete = true;
        TlsSession session = this.context.getSession();
        ProvSSLSessionImpl provSSLSessionImpl = this.sslSession;
        if (provSSLSessionImpl == null || provSSLSessionImpl.getTlsSession() != session) {
            this.sslSession = this.manager.getContextData().getClientSessionContext().reportSession(session, this.manager.getPeerHost(), this.manager.getPeerPort());
        }
        this.manager.notifyHandshakeComplete(new ProvSSLConnection(this.context, this.sslSession));
    }

    @Override // org.bouncycastle.tls.AbstractTlsPeer, org.bouncycastle.tls.TlsPeer
    public void notifySecureRenegotiation(boolean z) throws IOException {
        if (!z && !PropertyUtils.getBooleanSystemProperty(C0678.m1298("z{s2~ol}\u0002w\u0002\u0006A\u0006\u0005|Ew\u0002\u0001\u000b\u0012e}\u0007\u007f\u0001\u0016k\b\u000e\rV3JW^KPMb", (short) (C0692.m1350() ^ 21503)), true)) {
            throw new TlsFatalAlert((short) 40);
        }
    }

    @Override // org.bouncycastle.tls.AbstractTlsClient, org.bouncycastle.tls.TlsClient
    public void notifySelectedCipherSuite(int i) {
        this.manager.getContext().validateNegotiatedCipherSuite(i);
        super.notifySelectedCipherSuite(i);
        Logger logger = LOG;
        StringBuilder sb = new StringBuilder();
        short m1364 = (short) (C0697.m1364() ^ 17214);
        int[] iArr = new int["i\u0014\u0012\u000f\u0019 L\u001c\u001e$\u001a\u0018\u001c\u0019\u0019U&\u001eX- (\"!3%%a&-5.,:h=@5A3\to".length()];
        C0648 c0648 = new C0648("i\u0014\u0012\u000f\u0019 L\u001c\u001e$\u001a\u0018\u001c\u0019\u0019U&\u001eX- (\"!3%%a&-5.,:h=@5A3\to");
        int i2 = 0;
        while (c0648.m1212()) {
            int m1211 = c0648.m1211();
            AbstractC0625 m1151 = AbstractC0625.m1151(m1211);
            iArr[i2] = m1151.mo828(m1151.mo831(m1211) - ((m1364 + m1364) + i2));
            i2++;
        }
        sb.append(new String(iArr, 0, i2));
        sb.append(this.manager.getContext().getCipherSuiteString(i));
        logger.fine(sb.toString());
    }

    @Override // org.bouncycastle.tls.AbstractTlsClient, org.bouncycastle.tls.TlsClient
    public void notifyServerVersion(ProtocolVersion protocolVersion) throws IOException {
        String protocolString = this.manager.getContext().getProtocolString(protocolVersion);
        if (protocolString != null) {
            for (String str : this.sslParameters.getProtocols()) {
                if (protocolString.equals(str)) {
                    Logger logger = LOG;
                    StringBuilder sb = new StringBuilder();
                    short m825 = (short) (C0520.m825() ^ (-22173));
                    short m8252 = (short) (C0520.m825() ^ (-29963));
                    int[] iArr = new int["f\u0005Gndfos\u0012R0C^\u000e?&HF\u000ex(;Lv>$\u001d\u0003g\u001eOt4L\u001d\u0003^=\r\u001ap\u0016_h8a".length()];
                    C0648 c0648 = new C0648("f\u0005Gndfos\u0012R0C^\u000e?&HF\u000ex(;Lv>$\u001d\u0003g\u001eOt4L\u001d\u0003^=\r\u001ap\u0016_h8a");
                    int i = 0;
                    while (c0648.m1212()) {
                        int m1211 = c0648.m1211();
                        AbstractC0625 m1151 = AbstractC0625.m1151(m1211);
                        int mo831 = m1151.mo831(m1211);
                        short[] sArr = C0674.f504;
                        iArr[i] = m1151.mo828(mo831 - (sArr[i % sArr.length] ^ ((i * m8252) + m825)));
                        i++;
                    }
                    sb.append(new String(iArr, 0, i));
                    sb.append(protocolString);
                    logger.fine(sb.toString());
                    return;
                }
            }
        }
        throw new TlsFatalAlert((short) 70);
    }

    @Override // org.bouncycastle.tls.AbstractTlsClient, org.bouncycastle.tls.TlsClient
    public void notifySessionID(byte[] bArr) {
        super.notifySessionID(bArr);
        if (bArr == null || bArr.length == 0) {
            LOG.fine(C0691.m1329("\u0001\u0014\"'\u0017%S\u0019\u001f\u001bW')/[0.$#*(<c&e:-<=4;;m\u0018\u0014", (short) (C0520.m825() ^ (-8871))));
            return;
        }
        ProvSSLSessionImpl provSSLSessionImpl = this.sslSession;
        if (provSSLSessionImpl != null && Arrays.areEqual(bArr, provSSLSessionImpl.getId())) {
            LOG.fine(C0587.m1050("w\u000b\u0019\u001e\u000e\u001cJ\u001e\u0012!$\u001d\u0016\u0016R'\u001a)*!((t[", (short) (C0601.m1083() ^ 4626), (short) (C0601.m1083() ^ 32079)) + Hex.toHexString(bArr));
            return;
        }
        if (!this.manager.getEnableSessionCreation()) {
            throw new IllegalStateException(C0635.m1169("I\u000b{b4u9@gQ\u0005;js\u001dX\u007f\u0012.\u0010JO;3Sa{ZU;\u0013F^>a\u001cDb1KH$\u000e9p\u0003<\u0001\u00178\u001b:d(4\t\u0015`-=\u001ar", (short) (C0543.m921() ^ (-28531))));
        }
        Logger logger = LOG;
        StringBuilder sb = new StringBuilder();
        short m825 = (short) (C0520.m825() ^ (-19411));
        int[] iArr = new int["\u001ffeE\\=\u0003e\u0005\u0018\u001a@qt\u00172 z($\r\u0007\u0011\u00199u\u001ca9O".length()];
        C0648 c0648 = new C0648("\u001ffeE\\=\u0003e\u0005\u0018\u001a@qt\u00172 z($\r\u0007\u0011\u00199u\u001ca9O");
        int i = 0;
        while (c0648.m1212()) {
            int m1211 = c0648.m1211();
            AbstractC0625 m1151 = AbstractC0625.m1151(m1211);
            int mo831 = m1151.mo831(m1211);
            short[] sArr = C0674.f504;
            iArr[i] = m1151.mo828(mo831 - (sArr[i % sArr.length] ^ (m825 + i)));
            i++;
        }
        sb.append(new String(iArr, 0, i));
        sb.append(Hex.toHexString(bArr));
        logger.fine(sb.toString());
    }
}
