package org.bouncycastle.tls;

import java.io.IOException;
import java.util.Hashtable;
import java.util.Vector;
import org.bouncycastle.tls.crypto.TlsCipher;
import org.bouncycastle.tls.crypto.TlsCrypto;
import org.bouncycastle.tls.crypto.TlsCryptoParameters;

/* loaded from: input_file:META-INF/jruby.home/lib/ruby/stdlib/org/bouncycastle/bctls-jdk15on/1.59/bctls-jdk15on-1.59.jar:org/bouncycastle/tls/AbstractTlsClient.class */
public abstract class AbstractTlsClient extends AbstractTlsPeer implements TlsClient {
    protected TlsKeyExchangeFactory keyExchangeFactory;
    protected TlsClientContext context;
    protected Vector supportedGroups;
    protected Vector supportedSignatureAlgorithms;
    protected short[] clientECPointFormats;
    protected short[] serverECPointFormats;
    protected int selectedCipherSuite;
    protected short selectedCompressionMethod;

    public AbstractTlsClient(TlsCrypto tlsCrypto) {
        this(tlsCrypto, new DefaultTlsKeyExchangeFactory());
    }

    public AbstractTlsClient(TlsCrypto tlsCrypto, TlsKeyExchangeFactory tlsKeyExchangeFactory) {
        super(tlsCrypto);
        this.keyExchangeFactory = tlsKeyExchangeFactory;
    }

    protected boolean allowUnexpectedServerExtension(Integer num, byte[] bArr) throws IOException {
        switch (num.intValue()) {
            case 10:
                TlsExtensionsUtils.readSupportedGroupsExtension(bArr);
                return true;
            case 11:
                TlsECCUtils.readSupportedPointFormatsExtension(bArr);
                return true;
            default:
                return false;
        }
    }

    protected void checkForUnexpectedServerExtension(Hashtable hashtable, Integer num) throws IOException {
        byte[] extensionData = TlsUtils.getExtensionData(hashtable, num);
        if (extensionData != null && !allowUnexpectedServerExtension(num, extensionData)) {
            throw new TlsFatalAlert((short) 47);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public TlsECConfigVerifier createECConfigVerifier() {
        return new DefaultTlsECConfigVerifier(TlsECCUtils.getMinimumCurveBits(this.selectedCipherSuite), this.supportedGroups);
    }

    protected CertificateStatusRequest getCertificateStatusRequest() {
        return new CertificateStatusRequest((short) 1, new OCSPStatusRequest(null, null));
    }

    protected Vector getSNIServerNames() {
        return null;
    }

    protected short[] getSupportedPointFormats() {
        return new short[]{0, 1, 2};
    }

    protected Vector getSupportedGroups(boolean z, boolean z2) {
        Vector vector = new Vector();
        if (z2) {
            vector.addElement(23);
            vector.addElement(24);
        }
        if (z) {
            vector.addElement(256);
            vector.addElement(257);
            vector.addElement(258);
        }
        return vector;
    }

    protected Vector getSupportedSignatureAlgorithms() {
        return TlsUtils.getDefaultSupportedSignatureAlgorithms(this.context);
    }

    @Override // org.bouncycastle.tls.TlsClient
    public void init(TlsClientContext tlsClientContext) {
        this.context = tlsClientContext;
    }

    public TlsSession getSessionToResume() {
        return null;
    }

    @Override // org.bouncycastle.tls.TlsClient
    public ProtocolVersion getClientHelloRecordLayerVersion() {
        return getClientVersion();
    }

    public ProtocolVersion getClientVersion() {
        return ProtocolVersion.TLSv12;
    }

    @Override // org.bouncycastle.tls.TlsClient
    public boolean isFallback() {
        return false;
    }

    @Override // org.bouncycastle.tls.TlsClient
    public Hashtable getClientExtensions() throws IOException {
        Hashtable hashtable = new Hashtable();
        TlsExtensionsUtils.addEncryptThenMACExtension(hashtable);
        TlsExtensionsUtils.addExtendedMasterSecretExtension(hashtable);
        Vector sNIServerNames = getSNIServerNames();
        if (sNIServerNames != null) {
            TlsExtensionsUtils.addServerNameExtension(hashtable, new ServerNameList(sNIServerNames));
        }
        CertificateStatusRequest certificateStatusRequest = getCertificateStatusRequest();
        if (certificateStatusRequest != null) {
            TlsExtensionsUtils.addStatusRequestExtension(hashtable, certificateStatusRequest);
        }
        if (TlsUtils.isSignatureAlgorithmsExtensionAllowed(this.context.getClientVersion())) {
            this.supportedSignatureAlgorithms = getSupportedSignatureAlgorithms();
            TlsUtils.addSignatureAlgorithmsExtension(hashtable, this.supportedSignatureAlgorithms);
        }
        int[] cipherSuites = getCipherSuites();
        boolean containsDHECipherSuites = TlsDHUtils.containsDHECipherSuites(cipherSuites);
        boolean containsECCipherSuites = TlsECCUtils.containsECCipherSuites(cipherSuites);
        if (containsECCipherSuites) {
            this.clientECPointFormats = getSupportedPointFormats();
            TlsECCUtils.addSupportedPointFormatsExtension(hashtable, this.clientECPointFormats);
        }
        Vector supportedGroups = getSupportedGroups(containsDHECipherSuites, containsECCipherSuites);
        if (supportedGroups != null && !supportedGroups.isEmpty()) {
            this.supportedGroups = supportedGroups;
            TlsExtensionsUtils.addSupportedGroupsExtension(hashtable, supportedGroups);
        }
        return hashtable;
    }

    public ProtocolVersion getMinimumVersion() {
        return ProtocolVersion.TLSv10;
    }

    public void notifyServerVersion(ProtocolVersion protocolVersion) throws IOException {
        if (!getMinimumVersion().isEqualOrEarlierVersionOf(protocolVersion)) {
            throw new TlsFatalAlert((short) 70);
        }
    }

    public short[] getCompressionMethods() {
        return new short[]{0};
    }

    public void notifySessionID(byte[] bArr) {
    }

    public void notifySelectedCipherSuite(int i) {
        this.selectedCipherSuite = i;
    }

    @Override // org.bouncycastle.tls.TlsClient
    public void notifySelectedCompressionMethod(short s) {
        this.selectedCompressionMethod = s;
    }

    @Override // org.bouncycastle.tls.TlsClient
    public void processServerExtensions(Hashtable hashtable) throws IOException {
        if (hashtable != null) {
            checkForUnexpectedServerExtension(hashtable, TlsUtils.EXT_signature_algorithms);
            checkForUnexpectedServerExtension(hashtable, TlsExtensionsUtils.EXT_supported_groups);
            if (TlsECCUtils.isECCipherSuite(this.selectedCipherSuite)) {
                this.serverECPointFormats = TlsECCUtils.getSupportedPointFormatsExtension(hashtable);
            } else {
                checkForUnexpectedServerExtension(hashtable, TlsECCUtils.EXT_ec_point_formats);
            }
            checkForUnexpectedServerExtension(hashtable, TlsExtensionsUtils.EXT_padding);
        }
    }

    @Override // org.bouncycastle.tls.TlsClient
    public void processServerSupplementalData(Vector vector) throws IOException {
        if (vector != null) {
            throw new TlsFatalAlert((short) 10);
        }
    }

    @Override // org.bouncycastle.tls.TlsClient
    public Vector getClientSupplementalData() throws IOException {
        return null;
    }

    @Override // org.bouncycastle.tls.TlsPeer
    public TlsCompression getCompression() throws IOException {
        switch (this.selectedCompressionMethod) {
            case 0:
                return new TlsNullCompression();
            default:
                throw new TlsFatalAlert((short) 80);
        }
    }

    @Override // org.bouncycastle.tls.TlsPeer
    public TlsCipher getCipher() throws IOException {
        int encryptionAlgorithm = TlsUtils.getEncryptionAlgorithm(this.selectedCipherSuite);
        int mACAlgorithm = TlsUtils.getMACAlgorithm(this.selectedCipherSuite);
        if (encryptionAlgorithm < 0 || mACAlgorithm < 0) {
            throw new TlsFatalAlert((short) 80);
        }
        return this.context.getSecurityParameters().getMasterSecret().createCipher(new TlsCryptoParameters(this.context), encryptionAlgorithm, mACAlgorithm);
    }

    @Override // org.bouncycastle.tls.TlsClient
    public void notifyNewSessionTicket(NewSessionTicket newSessionTicket) throws IOException {
    }
}
