package t6;

import java.nio.ByteBuffer;
import java.nio.charset.Charset;
import java.nio.charset.StandardCharsets;
import java.security.InvalidKeyException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.Signature;
import java.security.SignatureException;
import java.security.cert.CertPathBuilderException;
import java.security.cert.CertPathValidatorException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collections;
import java.util.List;
import java.util.Objects;
import java.util.Optional;
import java.util.Set;
import java.util.function.Function;
import java.util.function.Predicate;
import java.util.function.Supplier;
import java.util.stream.Collectors;
import java.util.stream.Stream;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;
import javax.security.auth.x500.X500Principal;
import s6.u;
import t6.n;

/* loaded from: classes.dex */
public class b1 extends d1 implements o {
    private static final String A;
    private static final Charset B;

    /* renamed from: z, reason: collision with root package name */
    public static final List<q6.r> f12311z;

    /* renamed from: d, reason: collision with root package name */
    private final p f12312d;

    /* renamed from: e, reason: collision with root package name */
    private final g2 f12313e;

    /* renamed from: i, reason: collision with root package name */
    private String f12317i;

    /* renamed from: j, reason: collision with root package name */
    private boolean f12318j;

    /* renamed from: k, reason: collision with root package name */
    private q6.b f12319k;

    /* renamed from: l, reason: collision with root package name */
    private List<s6.m> f12320l;

    /* renamed from: n, reason: collision with root package name */
    private q6.a0 f12322n;

    /* renamed from: o, reason: collision with root package name */
    private List<q6.r> f12323o;

    /* renamed from: p, reason: collision with root package name */
    private X509Certificate f12324p;

    /* renamed from: r, reason: collision with root package name */
    private X509TrustManager f12326r;

    /* renamed from: s, reason: collision with root package name */
    private q6.p f12327s;

    /* renamed from: v, reason: collision with root package name */
    private boolean f12330v;

    /* renamed from: w, reason: collision with root package name */
    private List<X500Principal> f12331w;

    /* renamed from: y, reason: collision with root package name */
    private List<q6.r> f12333y;

    /* renamed from: m, reason: collision with root package name */
    private a f12321m = a.Initial;

    /* renamed from: q, reason: collision with root package name */
    private List<X509Certificate> f12325q = Collections.emptyList();

    /* renamed from: u, reason: collision with root package name */
    private boolean f12329u = false;

    /* renamed from: f, reason: collision with root package name */
    private final List<q6.b> f12314f = new ArrayList();

    /* renamed from: g, reason: collision with root package name */
    private final List<s6.m> f12315g = new ArrayList();

    /* renamed from: t, reason: collision with root package name */
    private q6.m f12328t = new q6.j();

    /* renamed from: h, reason: collision with root package name */
    private final List<q6.p> f12316h = new ArrayList();

    /* renamed from: x, reason: collision with root package name */
    private Function<List<X500Principal>, q6.a> f12332x = new Function() { // from class: t6.u0
        @Override // java.util.function.Function
        public final Object apply(Object obj) {
            q6.a P;
            P = b1.P((List) obj);
            return P;
        }
    };

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: classes.dex */
    public enum a {
        Initial,
        ClientHelloSent,
        ServerHelloReceived,
        EncryptedExtensionsReceived,
        CertificateRequestReceived,
        CertificateReceived,
        CertificateVerifyReceived,
        Finished
    }

    static {
        List<q6.r> a10;
        a10 = d6.l.a(new Object[]{q6.r.rsa_pss_rsae_sha256, q6.r.rsa_pss_rsae_sha384, q6.r.rsa_pss_rsae_sha512, q6.r.ecdsa_secp256r1_sha256});
        f12311z = a10;
        A = b1.class.getSimpleName();
        B = StandardCharsets.ISO_8859_1;
    }

    public b1(p pVar, g2 g2Var) {
        this.f12312d = pVar;
        this.f12313e = g2Var;
    }

    private boolean L(X509Certificate x509Certificate, q6.r rVar) {
        List a10;
        String sigAlgName = x509Certificate.getSigAlgName();
        if (sigAlgName.toLowerCase().contains("withrsa")) {
            a10 = d6.l.a(new Object[]{q6.r.rsa_pss_rsae_sha256, q6.r.rsa_pss_rsae_sha384});
            return a10.contains(rVar);
        }
        if (sigAlgName.toLowerCase().contains("withecdsa")) {
            return Objects.equals(q6.r.ecdsa_secp256r1_sha256, rVar);
        }
        return false;
    }

    private Optional<String> N(CertificateException certificateException) {
        String message;
        Throwable cause = certificateException.getCause();
        if (!(cause instanceof CertPathValidatorException)) {
            return (!(cause instanceof CertPathBuilderException) || (message = cause.getMessage()) == null) ? Optional.empty() : Optional.of(message);
        }
        return Optional.of(cause.getMessage() + ": " + ((CertPathValidatorException) cause).getReason());
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static /* synthetic */ q6.a P(List list) {
        return null;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static /* synthetic */ boolean Q(s6.m mVar) {
        return !(mVar instanceof s6.d0);
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static /* synthetic */ boolean R(List list, s6.m mVar) {
        return list.contains(mVar.getClass());
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static /* synthetic */ boolean S(s6.m mVar) {
        return mVar instanceof s6.a0;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static /* synthetic */ List T(s6.m mVar) {
        return ((s6.a0) mVar).d();
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static /* synthetic */ boolean U(s6.m mVar) {
        return mVar instanceof s6.g;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static /* synthetic */ List V(s6.m mVar) {
        return ((s6.g) mVar).f();
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static /* synthetic */ boolean W(s6.m mVar) {
        return mVar instanceof s6.c0;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static /* synthetic */ boolean X(s6.m mVar) {
        return (mVar instanceof s6.v) || (mVar instanceof s6.u);
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static /* synthetic */ boolean Y(s6.m mVar) {
        return mVar instanceof s6.c0;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static /* synthetic */ Short Z(s6.m mVar) {
        return Short.valueOf(((s6.c0) mVar).d());
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static /* synthetic */ boolean a0(s6.m mVar) {
        return ((mVar instanceof s6.c0) || (mVar instanceof s6.v) || (mVar instanceof s6.u)) ? false : true;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static /* synthetic */ boolean b0(s6.m mVar) {
        return mVar instanceof s6.u;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static /* synthetic */ u.b c0(s6.m mVar) {
        return ((s6.u) mVar).g().get(0);
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static /* synthetic */ boolean d0(s6.m mVar) {
        return mVar instanceof s6.z;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public /* synthetic */ boolean e0(q6.a aVar, q6.r rVar) {
        return L(aVar.a(), rVar);
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static /* synthetic */ r6.f f0() {
        return new r6.f("failed to negotiate signature scheme");
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static /* synthetic */ boolean g0(q6.r rVar) {
        return !f12311z.contains(rVar);
    }

    private void h0() {
        final q6.a apply = this.f12332x.apply(this.f12331w);
        e eVar = new e(apply != null ? apply.a() : null);
        this.f12312d.a(eVar);
        this.f12322n.i(eVar);
        if (apply != null) {
            Stream<q6.r> stream = this.f12333y.stream();
            final List<q6.r> list = this.f12323o;
            Objects.requireNonNull(list);
            q6.r orElseThrow = stream.filter(new Predicate() { // from class: t6.a1
                @Override // java.util.function.Predicate
                public final boolean test(Object obj) {
                    return list.contains((q6.r) obj);
                }
            }).filter(new Predicate() { // from class: t6.h0
                @Override // java.util.function.Predicate
                public final boolean test(Object obj) {
                    boolean e02;
                    e02 = b1.this.e0(apply, (q6.r) obj);
                    return e02;
                }
            }).findFirst().orElseThrow(new Supplier() { // from class: t6.s0
                @Override // java.util.function.Supplier
                public final Object get() {
                    r6.f f02;
                    f02 = b1.f0();
                    return f02;
                }
            });
            g gVar = new g(orElseThrow, o(this.f12322n.d(q6.l.certificate), apply.b(), orElseThrow, true));
            this.f12312d.b(gVar);
            this.f12322n.i(gVar);
        }
    }

    public void J(s6.m mVar) {
        this.f12315g.add(mVar);
    }

    public void K(List<q6.b> list) {
        this.f12314f.addAll(list);
    }

    protected void M(List<X509Certificate> list) {
        try {
            X509TrustManager x509TrustManager = this.f12326r;
            if (x509TrustManager != null) {
                x509TrustManager.checkServerTrusted((X509Certificate[]) m3.a.b(list, X509Certificate.class), "RSA");
                return;
            }
            TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance("PKIX");
            trustManagerFactory.init((KeyStore) null);
            ((X509TrustManager) trustManagerFactory.getTrustManagers()[0]).checkServerTrusted((X509Certificate[]) m3.a.b(list, X509Certificate.class), "UNKNOWN");
        } catch (KeyStoreException unused) {
            throw new RuntimeException("keystore exception");
        } catch (NoSuchAlgorithmException unused2) {
            throw new RuntimeException("unsupported trust manager algorithm");
        } catch (CertificateException e10) {
            throw new r6.a(N(e10).orElse("certificate validation failed"));
        }
    }

    public q6.b O() {
        q6.b bVar = this.f12319k;
        if (bVar != null) {
            return bVar;
        }
        throw new IllegalStateException("No (valid) server hello received yet");
    }

    @Override // t6.w
    public void a(t tVar, q6.q qVar) {
        if (qVar != q6.q.Handshake) {
            throw new r6.k("incorrect protection level");
        }
        if (this.f12321m != a.ServerHelloReceived) {
            throw new r6.k("unexpected encrypted extensions message");
        }
        final List list = (List) this.f12320l.stream().map(new Function() { // from class: t6.v0
            @Override // java.util.function.Function
            public final Object apply(Object obj) {
                return ((s6.m) obj).getClass();
            }
        }).collect(Collectors.toList());
        if (!tVar.h().stream().filter(new Predicate() { // from class: t6.o0
            @Override // java.util.function.Predicate
            public final boolean test(Object obj) {
                boolean Q;
                Q = b1.Q((s6.m) obj);
                return Q;
            }
        }).allMatch(new Predicate() { // from class: t6.g0
            @Override // java.util.function.Predicate
            public final boolean test(Object obj) {
                boolean R;
                R = b1.R(list, (s6.m) obj);
                return R;
            }
        })) {
            throw new r6.l("extension response to missing request");
        }
        if (((Set) tVar.h().stream().map(new Function() { // from class: t6.v0
            @Override // java.util.function.Function
            public final Object apply(Object obj) {
                return ((s6.m) obj).getClass();
            }
        }).collect(Collectors.toSet())).size() != tVar.h().size()) {
            throw new r6.l("duplicate extensions not allowed");
        }
        this.f12322n.h(tVar);
        this.f12321m = a.EncryptedExtensionsReceived;
        this.f12313e.b(tVar.h());
    }

    @Override // t6.w
    public void b(x xVar, q6.q qVar) {
        if (qVar != q6.q.Application) {
            throw new r6.k("incorrect protection level");
        }
        q6.p pVar = new q6.p(this.f12347c, xVar);
        this.f12316h.add(pVar);
        this.f12313e.A(pVar);
    }

    @Override // t6.w
    public void d(f fVar, q6.q qVar) {
        if (qVar != q6.q.Handshake) {
            throw new r6.k("incorrect protection level");
        }
        if (this.f12321m != a.EncryptedExtensionsReceived) {
            throw new r6.k("unexpected certificate request message");
        }
        this.f12333y = (List) fVar.g().stream().filter(new Predicate() { // from class: t6.n0
            @Override // java.util.function.Predicate
            public final boolean test(Object obj) {
                boolean S;
                S = b1.S((s6.m) obj);
                return S;
            }
        }).findFirst().map(new Function() { // from class: t6.x0
            @Override // java.util.function.Function
            public final Object apply(Object obj) {
                List T;
                T = b1.T((s6.m) obj);
                return T;
            }
        }).orElseThrow(new Supplier() { // from class: t6.t0
            @Override // java.util.function.Supplier
            public final Object get() {
                return new r6.i();
            }
        });
        this.f12322n.h(fVar);
        this.f12331w = (List) fVar.g().stream().filter(new Predicate() { // from class: t6.p0
            @Override // java.util.function.Predicate
            public final boolean test(Object obj) {
                boolean U;
                U = b1.U((s6.m) obj);
                return U;
            }
        }).findFirst().map(new Function() { // from class: t6.z0
            @Override // java.util.function.Function
            public final Object apply(Object obj) {
                List V;
                V = b1.V((s6.m) obj);
                return V;
            }
        }).orElse(Collections.emptyList());
        this.f12330v = true;
        this.f12321m = a.CertificateRequestReceived;
    }

    @Override // t6.w
    public void e(g gVar, q6.q qVar) {
        if (qVar != q6.q.Handshake) {
            throw new r6.k("incorrect protection level");
        }
        if (this.f12321m != a.CertificateReceived) {
            throw new r6.k("unexpected certificate verify message");
        }
        q6.r h10 = gVar.h();
        if (!this.f12323o.contains(h10)) {
            throw new r6.g("signature scheme does not match");
        }
        if (!p0(gVar.g(), h10, this.f12324p, this.f12322n.g(q6.l.certificate))) {
            throw new r6.d("signature verification fails");
        }
        M(this.f12325q);
        if (!this.f12328t.a(this.f12317i, this.f12324p)) {
            throw new r6.b("servername does not match");
        }
        this.f12322n.j(gVar);
        this.f12321m = a.CertificateVerifyReceived;
    }

    @Override // t6.w
    public void f(a0 a0Var, q6.q qVar) {
        boolean anyMatch = a0Var.j().stream().anyMatch(new Predicate() { // from class: t6.r0
            @Override // java.util.function.Predicate
            public final boolean test(Object obj) {
                boolean W;
                W = b1.W((s6.m) obj);
                return W;
            }
        });
        boolean anyMatch2 = a0Var.j().stream().anyMatch(new Predicate() { // from class: t6.j0
            @Override // java.util.function.Predicate
            public final boolean test(Object obj) {
                boolean X;
                X = b1.X((s6.m) obj);
                return X;
            }
        });
        if (!anyMatch || !anyMatch2) {
            throw new r6.i();
        }
        Optional findFirst = a0Var.j().stream().filter(new Predicate() { // from class: t6.l0
            @Override // java.util.function.Predicate
            public final boolean test(Object obj) {
                boolean Y;
                Y = b1.Y((s6.m) obj);
                return Y;
            }
        }).map(new Function() { // from class: t6.w0
            @Override // java.util.function.Function
            public final Object apply(Object obj) {
                Short Z;
                Z = b1.Z((s6.m) obj);
                return Z;
            }
        }).findFirst();
        if (!findFirst.isPresent()) {
            throw new r6.g("invalid tls version");
        }
        if (((Short) findFirst.get()).shortValue() != 772) {
            throw new r6.g("invalid tls version");
        }
        if (a0Var.j().stream().anyMatch(new Predicate() { // from class: t6.q0
            @Override // java.util.function.Predicate
            public final boolean test(Object obj) {
                boolean a02;
                a02 = b1.a0((s6.m) obj);
                return a02;
            }
        })) {
            throw new r6.g("illegal extension in server hello");
        }
        Optional findFirst2 = a0Var.j().stream().filter(new Predicate() { // from class: t6.k0
            @Override // java.util.function.Predicate
            public final boolean test(Object obj) {
                boolean b02;
                b02 = b1.b0((s6.m) obj);
                return b02;
            }
        }).map(new Function() { // from class: t6.y0
            @Override // java.util.function.Function
            public final Object apply(Object obj) {
                u.b c02;
                c02 = b1.c0((s6.m) obj);
                return c02;
            }
        }).findFirst();
        Optional<s6.m> findFirst3 = a0Var.j().stream().filter(new Predicate() { // from class: t6.m0
            @Override // java.util.function.Predicate
            public final boolean test(Object obj) {
                boolean d02;
                d02 = b1.d0((s6.m) obj);
                return d02;
            }
        }).findFirst();
        if (!findFirst2.isPresent() && !findFirst3.isPresent()) {
            throw new r6.i(" either the pre_shared_key extension or the key_share extension must be present");
        }
        if (findFirst3.isPresent()) {
            this.f12329u = true;
            ia.g.b(A, "JOH! PSK accepted!");
        }
        if (!this.f12314f.contains(a0Var.i())) {
            throw new r6.g("cipher suite does not match");
        }
        this.f12319k = a0Var.i();
        if (findFirst3.isPresent()) {
            this.f12347c.u(((s6.z) findFirst3.get()).d());
            ia.g.b(A, "Server has accepted PSK key establishment");
        } else {
            this.f12347c.r();
        }
        if (findFirst2.isPresent()) {
            this.f12347c.t(((u.b) findFirst2.get()).a());
            this.f12347c.i();
        }
        this.f12322n.h(a0Var);
        this.f12347c.e();
        this.f12321m = a.ServerHelloReceived;
        this.f12313e.F();
    }

    @Override // t6.w
    public void g(e eVar, q6.q qVar) {
        if (qVar != q6.q.Handshake) {
            throw new r6.k("incorrect protection level");
        }
        a aVar = this.f12321m;
        if (aVar != a.EncryptedExtensionsReceived && aVar != a.CertificateRequestReceived) {
            throw new r6.k("unexpected certificate message");
        }
        if (eVar.l().length > 0) {
            throw new r6.g("certificate request context should be zero length");
        }
        if (eVar.k() == null) {
            throw new r6.g("missing certificate");
        }
        this.f12324p = eVar.k();
        this.f12325q = eVar.j();
        this.f12322n.j(eVar);
        this.f12321m = a.CertificateReceived;
    }

    public void i0(Function<List<X500Principal>, q6.a> function) {
        this.f12332x = function;
    }

    @Override // t6.w
    public void j(u uVar, q6.q qVar) {
        if (qVar != q6.q.Handshake) {
            throw new r6.k("incorrect protection level");
        }
        if (this.f12321m != (this.f12329u ? a.EncryptedExtensionsReceived : a.CertificateVerifyReceived)) {
            throw new r6.k("unexpected finished message");
        }
        this.f12322n.j(uVar);
        q6.a0 a0Var = this.f12322n;
        q6.l lVar = q6.l.certificate_verify;
        if (!Arrays.equals(uVar.g(), n(a0Var.g(lVar), this.f12347c.o()))) {
            throw new r6.d("incorrect finished message");
        }
        if (this.f12330v) {
            h0();
        }
        u uVar2 = new u(n(this.f12322n.d(lVar), this.f12347c.l()));
        this.f12312d.c(uVar2);
        this.f12322n.i(uVar2);
        this.f12347c.a();
        this.f12347c.h();
        this.f12321m = a.Finished;
        this.f12313e.x();
    }

    public void j0(q6.m mVar) {
        if (mVar != null) {
            this.f12328t = mVar;
        }
    }

    public void k0(q6.p pVar) {
        this.f12327s = pVar;
    }

    public void l0(String str) {
        this.f12317i = str;
    }

    public void m0(X509TrustManager x509TrustManager) {
        this.f12326r = x509TrustManager;
    }

    public void n0() {
        List<q6.r> a10;
        q6.o oVar = q6.o.secp256r1;
        a10 = d6.l.a(new Object[]{q6.r.rsa_pss_rsae_sha256, q6.r.ecdsa_secp256r1_sha256});
        o0(oVar, a10);
    }

    public void o0(q6.o oVar, List<q6.r> list) {
        if (list.stream().anyMatch(new Predicate() { // from class: t6.i0
            @Override // java.util.function.Predicate
            public final boolean test(Object obj) {
                boolean g02;
                g02 = b1.g0((q6.r) obj);
                return g02;
            }
        })) {
            ArrayList arrayList = new ArrayList(list);
            arrayList.removeAll(f12311z);
            throw new IllegalArgumentException("Unsupported signature scheme(s): " + arrayList);
        }
        this.f12323o = list;
        p(oVar);
        if (this.f12317i == null || this.f12314f.isEmpty()) {
            throw new IllegalStateException("not all mandatory properties are set");
        }
        this.f12322n = new q6.a0(32);
        List list2 = this.f12315g;
        if (this.f12327s != null) {
            list2 = new ArrayList(this.f12315g);
            this.f12347c = new q6.w(this.f12322n, this.f12327s.b());
            list2.add(new s6.k(this.f12327s));
        } else {
            this.f12347c = new q6.w(this.f12322n);
        }
        n nVar = new n(this.f12317i, this.f12345a, this.f12318j, this.f12314f, this.f12323o, oVar, list2, this.f12347c, n.b.PSKwithDHE);
        this.f12320l = nVar.k();
        this.f12312d.d(nVar);
        this.f12321m = a.ClientHelloSent;
        this.f12322n.h(nVar);
        this.f12347c.s(this.f12346b);
        this.f12347c.d();
        this.f12313e.a();
    }

    protected boolean p0(byte[] bArr, q6.r rVar, Certificate certificate, byte[] bArr2) {
        String str;
        String str2;
        ByteBuffer allocate = ByteBuffer.allocate("TLS 1.3, server CertificateVerify".getBytes(B).length + 64 + 1 + bArr2.length);
        for (int i10 = 0; i10 < 64; i10++) {
            allocate.put((byte) 32);
        }
        allocate.put("TLS 1.3, server CertificateVerify".getBytes(B));
        allocate.put((byte) 0);
        allocate.put(bArr2);
        try {
            Signature q10 = q(rVar);
            q10.initVerify(certificate);
            q10.update(allocate.array());
            return q10.verify(bArr);
        } catch (InvalidKeyException unused) {
            str = A;
            str2 = "Certificate verify: invalid key.";
            ia.g.b(str, str2);
            return false;
        } catch (SignatureException unused2) {
            str = A;
            str2 = "Certificate verify: invalid signature.";
            ia.g.b(str, str2);
            return false;
        }
    }
}
