package org.bouncycastle.tls;

import java.io.IOException;
import org.bouncycastle.tls.crypto.TlsCrypto;
import org.bouncycastle.tls.crypto.TlsCryptoUtils;
import org.bouncycastle.tls.crypto.TlsHash;
import org.bouncycastle.tls.crypto.TlsNonceGenerator;
import org.bouncycastle.tls.crypto.TlsSecret;
import org.bouncycastle.util.Arrays;
import org.bouncycastle.util.Pack;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: input_file:WEB-INF/lib/bctls-fips-1.0.13.jar:org/bouncycastle/tls/AbstractTlsContext.class */
public abstract class AbstractTlsContext implements TlsContext {
    private static long counter = Times.nanoTime();
    private TlsCrypto crypto;
    private int connectionEnd;
    private TlsNonceGenerator nonceGenerator;
    private SecurityParameters securityParametersHandshake = null;
    private SecurityParameters securityParametersConnection = null;
    private ProtocolVersion[] clientSupportedVersions = null;
    private ProtocolVersion clientVersion = null;
    private ProtocolVersion rsaPreMasterSecretVersion = null;
    private TlsSession session = null;
    private Object userObject = null;

    private static synchronized long nextCounterValue() {
        long j = counter + 1;
        counter = j;
        return j;
    }

    private static TlsNonceGenerator createNonceGenerator(TlsCrypto tlsCrypto, int i) {
        byte[] bArr = new byte[16];
        Pack.longToBigEndian(nextCounterValue(), bArr, 0);
        Pack.longToBigEndian(Times.nanoTime(), bArr, 8);
        bArr[0] = (byte) (bArr[0] & Byte.MAX_VALUE);
        bArr[0] = (byte) (bArr[0] | ((byte) (i << 7)));
        return tlsCrypto.createNonceGenerator(bArr);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public AbstractTlsContext(TlsCrypto tlsCrypto, int i) {
        this.crypto = tlsCrypto;
        this.connectionEnd = i;
        this.nonceGenerator = createNonceGenerator(tlsCrypto, i);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void handshakeBeginning(TlsPeer tlsPeer) throws IOException {
        synchronized (this) {
            if (null != this.securityParametersHandshake) {
                throw new TlsFatalAlert((short) 80, "Handshake already started");
            }
            this.securityParametersHandshake = new SecurityParameters();
            this.securityParametersHandshake.entity = this.connectionEnd;
            if (null != this.securityParametersConnection) {
                this.securityParametersHandshake.renegotiating = true;
                this.securityParametersHandshake.secureRenegotiation = this.securityParametersConnection.isSecureRenegotiation();
                this.securityParametersHandshake.negotiatedVersion = this.securityParametersConnection.getNegotiatedVersion();
            }
        }
        tlsPeer.notifyHandshakeBeginning();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void handshakeComplete(TlsPeer tlsPeer, TlsSession tlsSession) throws IOException {
        synchronized (this) {
            if (null == this.securityParametersHandshake) {
                throw new TlsFatalAlert((short) 80);
            }
            this.session = tlsSession;
            this.securityParametersConnection = this.securityParametersHandshake;
            this.securityParametersHandshake = null;
        }
        tlsPeer.notifyHandshakeComplete();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public synchronized boolean isConnected() {
        return null != this.securityParametersConnection;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public synchronized boolean isHandshaking() {
        return null != this.securityParametersHandshake;
    }

    @Override // org.bouncycastle.tls.TlsContext
    public TlsCrypto getCrypto() {
        return this.crypto;
    }

    @Override // org.bouncycastle.tls.TlsContext
    public TlsNonceGenerator getNonceGenerator() {
        return this.nonceGenerator;
    }

    @Override // org.bouncycastle.tls.TlsContext
    public synchronized SecurityParameters getSecurityParameters() {
        return null != this.securityParametersHandshake ? this.securityParametersHandshake : this.securityParametersConnection;
    }

    @Override // org.bouncycastle.tls.TlsContext
    public synchronized SecurityParameters getSecurityParametersConnection() {
        return this.securityParametersConnection;
    }

    @Override // org.bouncycastle.tls.TlsContext
    public synchronized SecurityParameters getSecurityParametersHandshake() {
        return this.securityParametersHandshake;
    }

    @Override // org.bouncycastle.tls.TlsContext
    public ProtocolVersion[] getClientSupportedVersions() {
        return this.clientSupportedVersions;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void setClientSupportedVersions(ProtocolVersion[] protocolVersionArr) {
        this.clientSupportedVersions = protocolVersionArr;
    }

    @Override // org.bouncycastle.tls.TlsContext
    public ProtocolVersion getClientVersion() {
        return this.clientVersion;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void setClientVersion(ProtocolVersion protocolVersion) {
        this.clientVersion = protocolVersion;
    }

    @Override // org.bouncycastle.tls.TlsContext
    public ProtocolVersion getRSAPreMasterSecretVersion() {
        return this.rsaPreMasterSecretVersion;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void setRSAPreMasterSecretVersion(ProtocolVersion protocolVersion) {
        this.rsaPreMasterSecretVersion = protocolVersion;
    }

    @Override // org.bouncycastle.tls.TlsContext
    public ProtocolVersion getServerVersion() {
        return getSecurityParameters().getNegotiatedVersion();
    }

    @Override // org.bouncycastle.tls.TlsContext
    public TlsSession getResumableSession() {
        TlsSession session = getSession();
        if (session == null || !session.isResumable()) {
            return null;
        }
        return session;
    }

    @Override // org.bouncycastle.tls.TlsContext
    public TlsSession getSession() {
        return this.session;
    }

    @Override // org.bouncycastle.tls.TlsContext
    public Object getUserObject() {
        return this.userObject;
    }

    @Override // org.bouncycastle.tls.TlsContext
    public void setUserObject(Object obj) {
        this.userObject = obj;
    }

    @Override // org.bouncycastle.tls.TlsContext
    public byte[] exportChannelBinding(int i) {
        SecurityParameters securityParametersConnection = getSecurityParametersConnection();
        if (null == securityParametersConnection) {
            throw new IllegalStateException("Export of channel bindings unavailable before handshake completion");
        }
        if (TlsUtils.isTLSv13(securityParametersConnection.getNegotiatedVersion())) {
            return null;
        }
        switch (i) {
            case 0:
                byte[] tLSServerEndPoint = securityParametersConnection.getTLSServerEndPoint();
                if (TlsUtils.isNullOrEmpty(tLSServerEndPoint)) {
                    return null;
                }
                return Arrays.clone(tLSServerEndPoint);
            case 1:
                return Arrays.clone(securityParametersConnection.getTLSUnique());
            case 2:
            default:
                throw new UnsupportedOperationException();
        }
    }

    @Override // org.bouncycastle.tls.TlsContext
    public byte[] exportEarlyKeyingMaterial(String str, byte[] bArr, int i) {
        SecurityParameters securityParametersHandshake = getSecurityParametersHandshake();
        if (null == securityParametersHandshake) {
            throw new IllegalStateException("Export of early key material only available during handshake");
        }
        return exportKeyingMaterial13(checkEarlyExportSecret(securityParametersHandshake.getEarlyExporterMasterSecret()), securityParametersHandshake.getPRFCryptoHashAlgorithm(), str, bArr, i);
    }

    @Override // org.bouncycastle.tls.TlsContext
    public byte[] exportKeyingMaterial(String str, byte[] bArr, int i) {
        SecurityParameters securityParametersConnection = getSecurityParametersConnection();
        if (null == securityParametersConnection) {
            throw new IllegalStateException("Export of key material unavailable before handshake completion");
        }
        if (!securityParametersConnection.isExtendedMasterSecret()) {
            throw new IllegalStateException("Export of key material requires extended_master_secret");
        }
        if (TlsUtils.isTLSv13(securityParametersConnection.getNegotiatedVersion())) {
            return exportKeyingMaterial13(checkExportSecret(securityParametersConnection.getExporterMasterSecret()), securityParametersConnection.getPRFCryptoHashAlgorithm(), str, bArr, i);
        }
        return TlsUtils.PRF(securityParametersConnection, checkExportSecret(securityParametersConnection.getMasterSecret()), str, TlsUtils.calculateExporterSeed(securityParametersConnection, bArr), i).extract();
    }

    protected byte[] exportKeyingMaterial13(TlsSecret tlsSecret, int i, String str, byte[] bArr, int i2) {
        if (null == bArr) {
            bArr = TlsUtils.EMPTY_BYTES;
        } else if (!TlsUtils.isValidUint16(bArr.length)) {
            throw new IllegalArgumentException("'context' must have length less than 2^16 (or be null)");
        }
        try {
            TlsHash createHash = getCrypto().createHash(i);
            byte[] calculateHash = createHash.calculateHash();
            TlsSecret deriveSecret = TlsUtils.deriveSecret(getSecurityParametersConnection(), tlsSecret, str, calculateHash);
            byte[] bArr2 = calculateHash;
            if (bArr.length > 0) {
                createHash.update(bArr, 0, bArr.length);
                bArr2 = createHash.calculateHash();
            }
            return TlsCryptoUtils.hkdfExpandLabel(deriveSecret, i, "exporter", bArr2, i2).extract();
        } catch (IOException e) {
            throw new RuntimeException(e);
        }
    }

    protected TlsSecret checkEarlyExportSecret(TlsSecret tlsSecret) {
        if (null == tlsSecret) {
            throw new IllegalStateException("Export of early key material not available for this handshake");
        }
        return tlsSecret;
    }

    protected TlsSecret checkExportSecret(TlsSecret tlsSecret) {
        if (null == tlsSecret) {
            throw new IllegalStateException("Export of key material only available from notifyHandshakeComplete()");
        }
        return tlsSecret;
    }
}
