package cn.com.easysec.crypto.tls;

import cn.com.easysec.asn1.x509.KeyUsage;
import cn.com.easysec.asn1.x509.X509CertificateStructure;
import cn.com.easysec.asn1.x509.X509Extension;
import cn.com.easysec.asn1.x509.X509Extensions;
import cn.com.easysec.crypto.AsymmetricCipherKeyPair;
import cn.com.easysec.crypto.CryptoException;
import cn.com.easysec.crypto.InvalidCipherTextException;
import cn.com.easysec.crypto.Signer;
import cn.com.easysec.crypto.agreement.DHBasicAgreement;
import cn.com.easysec.crypto.agreement.srp.SRP6Client;
import cn.com.easysec.crypto.digests.SHA1Digest;
import cn.com.easysec.crypto.encodings.PKCS1Encoding;
import cn.com.easysec.crypto.engines.RSABlindedEngine;
import cn.com.easysec.crypto.generators.DHBasicKeyPairGenerator;
import cn.com.easysec.crypto.io.SignerInputStream;
import cn.com.easysec.crypto.params.AsymmetricKeyParameter;
import cn.com.easysec.crypto.params.DHKeyGenerationParameters;
import cn.com.easysec.crypto.params.DHParameters;
import cn.com.easysec.crypto.params.DHPublicKeyParameters;
import cn.com.easysec.crypto.params.DSAPublicKeyParameters;
import cn.com.easysec.crypto.params.ParametersWithRandom;
import cn.com.easysec.crypto.params.RSAKeyParameters;
import cn.com.easysec.crypto.prng.ThreadedSeedGenerator;
import cn.com.easysec.crypto.util.PublicKeyFactory;
import cn.com.easysec.util.BigIntegers;
import easysec.sun.security.util.DerValue;
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.math.BigInteger;
import java.security.SecureRandom;
import java.util.Enumeration;
import java.util.Hashtable;

/* loaded from: classes.dex */
public class TlsProtocolHandler {
    protected static final short AL_fatal = 2;
    protected static final short AL_warning = 1;
    protected static final short AP_access_denied = 49;
    protected static final short AP_bad_certificate = 42;
    protected static final short AP_bad_record_mac = 20;
    protected static final short AP_certificate_expired = 45;
    protected static final short AP_certificate_revoked = 44;
    protected static final short AP_certificate_unknown = 46;
    protected static final short AP_close_notify = 0;
    protected static final short AP_decode_error = 50;
    protected static final short AP_decompression_failure = 30;
    protected static final short AP_decrypt_error = 51;
    protected static final short AP_decryption_failed = 21;
    protected static final short AP_export_restriction = 60;
    protected static final short AP_handshake_failure = 40;
    protected static final short AP_illegal_parameter = 47;
    protected static final short AP_insufficient_security = 71;
    protected static final short AP_internal_error = 80;
    protected static final short AP_no_renegotiation = 100;
    protected static final short AP_protocol_version = 70;
    protected static final short AP_record_overflow = 22;
    protected static final short AP_unexpected_message = 10;
    protected static final short AP_unknown_ca = 48;
    protected static final short AP_unsupported_certificate = 43;
    protected static final short AP_user_canceled = 90;
    private static final BigInteger a = BigInteger.valueOf(1);
    private static final BigInteger b = BigInteger.valueOf(2);
    private static final byte[] c = new byte[0];
    private RecordStream h;
    private SecureRandom i;
    private boolean p;
    private byte[] q;
    private byte[] r;
    private byte[] s;
    private BigInteger u;
    private BigInteger v;
    private byte[] w;
    private short y;
    private ByteQueue d = new ByteQueue();
    private ByteQueue e = new ByteQueue();
    private ByteQueue f = new ByteQueue();
    private ByteQueue g = new ByteQueue();
    private AsymmetricKeyParameter j = null;
    private TlsInputStream k = null;
    private TlsOuputStream l = null;
    private boolean m = false;
    private boolean n = false;
    private boolean o = false;
    private TlsCipherSuite t = null;
    private CertificateVerifyer x = null;

    public TlsProtocolHandler(InputStream inputStream, OutputStream outputStream) {
        ThreadedSeedGenerator threadedSeedGenerator = new ThreadedSeedGenerator();
        this.i = new SecureRandom();
        this.i.setSeed(threadedSeedGenerator.generateSeed(20, true));
        this.h = new RecordStream(this, inputStream, outputStream);
    }

    public TlsProtocolHandler(InputStream inputStream, OutputStream outputStream, SecureRandom secureRandom) {
        this.i = secureRandom;
        this.h = new RecordStream(this, inputStream, outputStream);
    }

    private void a() throws IOException {
        boolean z;
        do {
            if (this.g.size() >= 4) {
                byte[] bArr = new byte[4];
                this.g.read(bArr, 0, 4, 0);
                ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(bArr);
                short readUint8 = TlsUtils.readUint8(byteArrayInputStream);
                int readUint24 = TlsUtils.readUint24(byteArrayInputStream);
                if (this.g.size() >= readUint24 + 4) {
                    byte[] bArr2 = new byte[readUint24];
                    this.g.read(bArr2, 0, readUint24, 4);
                    this.g.removeData(readUint24 + 4);
                    if (readUint8 != 20) {
                        this.h.hash1.update(bArr, 0, 4);
                        this.h.hash2.update(bArr, 0, 4);
                        this.h.hash1.update(bArr2, 0, readUint24);
                        this.h.hash2.update(bArr2, 0, readUint24);
                    }
                    ByteArrayInputStream byteArrayInputStream2 = new ByteArrayInputStream(bArr2);
                    switch (readUint8) {
                        case 2:
                            switch (this.y) {
                                case 1:
                                    TlsUtils.checkVersion(byteArrayInputStream2, this);
                                    this.r = new byte[32];
                                    TlsUtils.readFully(this.r, byteArrayInputStream2);
                                    TlsUtils.readOpaque8(byteArrayInputStream2);
                                    this.t = TlsCipherSuiteManager.getCipherSuite(TlsUtils.readUint16(byteArrayInputStream2), this);
                                    if (TlsUtils.readUint8(byteArrayInputStream2) != 0) {
                                        failWithError(AL_fatal, AP_illegal_parameter);
                                    }
                                    if (this.p && byteArrayInputStream2.available() > 0) {
                                        byte[] readOpaque16 = TlsUtils.readOpaque16(byteArrayInputStream2);
                                        Hashtable hashtable = new Hashtable();
                                        ByteArrayInputStream byteArrayInputStream3 = new ByteArrayInputStream(readOpaque16);
                                        while (byteArrayInputStream3.available() > 0) {
                                            hashtable.put(new Integer(TlsUtils.readUint16(byteArrayInputStream3)), TlsUtils.readOpaque16(byteArrayInputStream3));
                                        }
                                    }
                                    assertEmpty(byteArrayInputStream2);
                                    this.y = AL_fatal;
                                    z = true;
                                    break;
                                default:
                                    failWithError(AL_fatal, AP_unexpected_message);
                                    z = false;
                                    break;
                            }
                        case 11:
                            switch (this.y) {
                                case 2:
                                    Certificate parse = Certificate.parse(byteArrayInputStream2);
                                    assertEmpty(byteArrayInputStream2);
                                    X509CertificateStructure x509CertificateStructure = parse.certs[0];
                                    try {
                                        this.j = PublicKeyFactory.createKey(x509CertificateStructure.getSubjectPublicKeyInfo());
                                    } catch (RuntimeException e) {
                                        failWithError(AL_fatal, AP_unsupported_certificate);
                                    }
                                    if (this.j.isPrivate()) {
                                        failWithError(AL_fatal, AP_internal_error);
                                    }
                                    switch (this.t.getKeyExchangeAlgorithm()) {
                                        case 1:
                                            if (!(this.j instanceof RSAKeyParameters)) {
                                                failWithError(AL_fatal, AP_certificate_unknown);
                                            }
                                            a(x509CertificateStructure, 32);
                                            break;
                                        case 3:
                                        case 12:
                                            if (!(this.j instanceof DSAPublicKeyParameters)) {
                                                failWithError(AL_fatal, AP_certificate_unknown);
                                                break;
                                            }
                                            break;
                                        case 5:
                                        case 11:
                                            if (!(this.j instanceof RSAKeyParameters)) {
                                                failWithError(AL_fatal, AP_certificate_unknown);
                                            }
                                            a(x509CertificateStructure, 128);
                                            break;
                                        default:
                                            failWithError(AL_fatal, AP_unsupported_certificate);
                                            break;
                                    }
                                    if (!this.x.isValid(parse.getCerts())) {
                                        failWithError(AL_fatal, AP_user_canceled);
                                        break;
                                    }
                                    break;
                                default:
                                    failWithError(AL_fatal, AP_unexpected_message);
                                    break;
                            }
                            this.y = (short) 3;
                            z = true;
                            break;
                        case 12:
                            switch (this.y) {
                                case 2:
                                    if (this.t.getKeyExchangeAlgorithm() != 10) {
                                        failWithError(AL_fatal, AP_unexpected_message);
                                        break;
                                    }
                                    break;
                                case 3:
                                    break;
                                default:
                                    failWithError(AL_fatal, AP_unexpected_message);
                                    break;
                            }
                            switch (this.t.getKeyExchangeAlgorithm()) {
                                case 3:
                                    a(byteArrayInputStream2, new a());
                                    break;
                                case 4:
                                case 6:
                                case 7:
                                case 8:
                                case 9:
                                default:
                                    failWithError(AL_fatal, AP_unexpected_message);
                                    break;
                                case 5:
                                    a(byteArrayInputStream2, new b());
                                    break;
                                case 10:
                                    b(byteArrayInputStream2, null);
                                    break;
                                case 11:
                                    b(byteArrayInputStream2, new b());
                                    break;
                                case 12:
                                    b(byteArrayInputStream2, new a());
                                    break;
                            }
                            this.y = (short) 4;
                            z = true;
                            break;
                        case 13:
                            switch (this.y) {
                                case 3:
                                    if (this.t.getKeyExchangeAlgorithm() != 1) {
                                        failWithError(AL_fatal, AP_unexpected_message);
                                        break;
                                    }
                                    break;
                                case 4:
                                    break;
                                default:
                                    failWithError(AL_fatal, AP_unexpected_message);
                                    break;
                            }
                            TlsUtils.readOpaque8(byteArrayInputStream2);
                            TlsUtils.readOpaque8(byteArrayInputStream2);
                            assertEmpty(byteArrayInputStream2);
                            this.y = (short) 5;
                            z = true;
                            break;
                        case 14:
                            switch (this.y) {
                                case 3:
                                    if (this.t.getKeyExchangeAlgorithm() != 1) {
                                        failWithError(AL_fatal, AP_unexpected_message);
                                        break;
                                    }
                                    break;
                                case 4:
                                case 5:
                                    break;
                                default:
                                    failWithError(AL_fatal, AP_handshake_failure);
                                    z = false;
                                    break;
                            }
                            assertEmpty(byteArrayInputStream2);
                            boolean z2 = this.y == 5;
                            this.y = (short) 6;
                            if (z2) {
                                ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
                                TlsUtils.writeUint8((short) 11, byteArrayOutputStream);
                                TlsUtils.writeUint24(3, byteArrayOutputStream);
                                TlsUtils.writeUint24(0, byteArrayOutputStream);
                                byte[] byteArray = byteArrayOutputStream.toByteArray();
                                this.h.writeMessage(AP_record_overflow, byteArray, 0, byteArray.length);
                            }
                            switch (this.t.getKeyExchangeAlgorithm()) {
                                case 1:
                                    this.w = new byte[48];
                                    this.i.nextBytes(this.w);
                                    this.w[0] = 3;
                                    this.w[1] = 1;
                                    PKCS1Encoding pKCS1Encoding = new PKCS1Encoding(new RSABlindedEngine());
                                    pKCS1Encoding.init(true, new ParametersWithRandom(this.j, this.i));
                                    byte[] bArr3 = null;
                                    try {
                                        bArr3 = pKCS1Encoding.processBlock(this.w, 0, this.w.length);
                                    } catch (InvalidCipherTextException e2) {
                                        failWithError(AL_fatal, AP_internal_error);
                                    }
                                    a(bArr3);
                                    break;
                                case 2:
                                case 4:
                                case 6:
                                case 7:
                                case 8:
                                case 9:
                                default:
                                    failWithError(AL_fatal, AP_unexpected_message);
                                    break;
                                case 3:
                                case 5:
                                    a(BigIntegers.asUnsignedByteArray(this.v));
                                    break;
                                case 10:
                                case 11:
                                case 12:
                                    a(BigIntegers.asUnsignedByteArray(this.u));
                                    break;
                            }
                            this.y = (short) 7;
                            this.h.writeMessage(AP_bad_record_mac, new byte[]{1}, 0, 1);
                            this.y = (short) 9;
                            this.s = new byte[48];
                            byte[] bArr4 = new byte[this.q.length + this.r.length];
                            System.arraycopy(this.q, 0, bArr4, 0, this.q.length);
                            System.arraycopy(this.r, 0, bArr4, this.q.length, this.r.length);
                            TlsUtils.PRF(this.w, TlsUtils.a("master secret"), bArr4, this.s);
                            this.h.writeSuite = this.t;
                            this.h.writeSuite.init(this.s, this.q, this.r);
                            byte[] bArr5 = new byte[12];
                            byte[] bArr6 = new byte[36];
                            this.h.hash1.doFinal(bArr6, 0);
                            TlsUtils.PRF(this.s, TlsUtils.a("client finished"), bArr6, bArr5);
                            ByteArrayOutputStream byteArrayOutputStream2 = new ByteArrayOutputStream();
                            TlsUtils.writeUint8(AP_bad_record_mac, byteArrayOutputStream2);
                            TlsUtils.writeUint24(12, byteArrayOutputStream2);
                            byteArrayOutputStream2.write(bArr5);
                            byte[] byteArray2 = byteArrayOutputStream2.toByteArray();
                            this.h.writeMessage(AP_record_overflow, byteArray2, 0, byteArray2.length);
                            this.y = AP_unexpected_message;
                            z = true;
                            break;
                        case 20:
                            switch (this.y) {
                                case 11:
                                    byte[] bArr7 = new byte[12];
                                    TlsUtils.readFully(bArr7, byteArrayInputStream2);
                                    assertEmpty(byteArrayInputStream2);
                                    byte[] bArr8 = new byte[12];
                                    byte[] bArr9 = new byte[36];
                                    this.h.hash2.doFinal(bArr9, 0);
                                    TlsUtils.PRF(this.s, TlsUtils.a("server finished"), bArr9, bArr8);
                                    for (int i = 0; i < 12; i++) {
                                        if (bArr7[i] != bArr8[i]) {
                                            failWithError(AL_fatal, AP_handshake_failure);
                                        }
                                    }
                                    this.y = (short) 12;
                                    this.o = true;
                                    z = true;
                                    break;
                                default:
                                    failWithError(AL_fatal, AP_unexpected_message);
                                    z = false;
                                    break;
                            }
                        default:
                            failWithError(AL_fatal, AP_unexpected_message);
                            break;
                    }
                }
            }
            z = false;
        } while (z);
    }

    private void a(X509CertificateStructure x509CertificateStructure, int i) throws IOException {
        X509Extension extension;
        X509Extensions extensions = x509CertificateStructure.getTBSCertificate().getExtensions();
        if (extensions == null || (extension = extensions.getExtension(X509Extensions.KeyUsage)) == null || (KeyUsage.getInstance(extension).getBytes()[0] & 255 & i) == i) {
            return;
        }
        failWithError(AL_fatal, AP_certificate_unknown);
    }

    private void a(ByteArrayInputStream byteArrayInputStream, Signer signer) throws IOException {
        signer.init(false, this.j);
        signer.update(this.q, 0, this.q.length);
        signer.update(this.r, 0, this.r.length);
        SignerInputStream signerInputStream = new SignerInputStream(byteArrayInputStream, signer);
        byte[] readOpaque16 = TlsUtils.readOpaque16(signerInputStream);
        byte[] readOpaque162 = TlsUtils.readOpaque16(signerInputStream);
        byte[] readOpaque163 = TlsUtils.readOpaque16(signerInputStream);
        if (!signer.verifySignature(TlsUtils.readOpaque16(byteArrayInputStream))) {
            failWithError(AL_fatal, AP_bad_certificate);
        }
        assertEmpty(byteArrayInputStream);
        BigInteger bigInteger = new BigInteger(1, readOpaque16);
        BigInteger bigInteger2 = new BigInteger(1, readOpaque162);
        BigInteger bigInteger3 = new BigInteger(1, readOpaque163);
        if (!bigInteger.isProbablePrime(10)) {
            failWithError(AL_fatal, AP_illegal_parameter);
        }
        if (bigInteger2.compareTo(b) < 0 || bigInteger2.compareTo(bigInteger.subtract(b)) > 0) {
            failWithError(AL_fatal, AP_illegal_parameter);
        }
        if (bigInteger3.compareTo(b) < 0 || bigInteger3.compareTo(bigInteger.subtract(a)) > 0) {
            failWithError(AL_fatal, AP_illegal_parameter);
        }
        DHParameters dHParameters = new DHParameters(bigInteger, bigInteger2);
        DHBasicKeyPairGenerator dHBasicKeyPairGenerator = new DHBasicKeyPairGenerator();
        dHBasicKeyPairGenerator.init(new DHKeyGenerationParameters(this.i, dHParameters));
        AsymmetricCipherKeyPair generateKeyPair = dHBasicKeyPairGenerator.generateKeyPair();
        this.v = ((DHPublicKeyParameters) generateKeyPair.getPublic()).getY();
        DHBasicAgreement dHBasicAgreement = new DHBasicAgreement();
        dHBasicAgreement.init(generateKeyPair.getPrivate());
        this.w = BigIntegers.asUnsignedByteArray(dHBasicAgreement.calculateAgreement(new DHPublicKeyParameters(bigInteger3, dHParameters)));
    }

    private void a(byte[] bArr) throws IOException {
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        TlsUtils.writeUint8((short) 16, byteArrayOutputStream);
        TlsUtils.writeUint24(bArr.length + 2, byteArrayOutputStream);
        TlsUtils.writeOpaque16(bArr, byteArrayOutputStream);
        byte[] byteArray = byteArrayOutputStream.toByteArray();
        this.h.writeMessage(AP_record_overflow, byteArray, 0, byteArray.length);
    }

    private void b(ByteArrayInputStream byteArrayInputStream, Signer signer) throws IOException {
        InputStream inputStream;
        if (signer != null) {
            signer.init(false, this.j);
            signer.update(this.q, 0, this.q.length);
            signer.update(this.r, 0, this.r.length);
            inputStream = new SignerInputStream(byteArrayInputStream, signer);
        } else {
            inputStream = byteArrayInputStream;
        }
        byte[] readOpaque16 = TlsUtils.readOpaque16(inputStream);
        byte[] readOpaque162 = TlsUtils.readOpaque16(inputStream);
        byte[] readOpaque8 = TlsUtils.readOpaque8(inputStream);
        byte[] readOpaque163 = TlsUtils.readOpaque16(inputStream);
        if (signer != null && !signer.verifySignature(TlsUtils.readOpaque16(byteArrayInputStream))) {
            failWithError(AL_fatal, AP_bad_certificate);
        }
        assertEmpty(byteArrayInputStream);
        BigInteger bigInteger = new BigInteger(1, readOpaque16);
        BigInteger bigInteger2 = new BigInteger(1, readOpaque162);
        BigInteger bigInteger3 = new BigInteger(1, readOpaque163);
        SRP6Client sRP6Client = new SRP6Client();
        sRP6Client.init(bigInteger, bigInteger2, new SHA1Digest(), this.i);
        this.u = sRP6Client.generateClientCredentials(readOpaque8, null, null);
        try {
            this.w = BigIntegers.asUnsignedByteArray(sRP6Client.calculateSecret(bigInteger3));
        } catch (CryptoException e) {
            failWithError(AL_fatal, AP_illegal_parameter);
        }
    }

    protected void assertEmpty(ByteArrayInputStream byteArrayInputStream) throws IOException {
        if (byteArrayInputStream.available() > 0) {
            failWithError(AL_fatal, AP_decode_error);
        }
    }

    public void close() throws IOException {
        if (this.m) {
            return;
        }
        failWithError(AL_warning, AP_close_notify);
    }

    public void connect(CertificateVerifyer certificateVerifyer) throws IOException {
        this.x = certificateVerifyer;
        this.q = new byte[32];
        this.i.nextBytes(this.q);
        int currentTimeMillis = (int) (System.currentTimeMillis() / 1000);
        this.q[0] = currentTimeMillis >> DerValue.tag_GeneralizedTime;
        this.q[1] = (byte) (currentTimeMillis >> 16);
        this.q[2] = (byte) (currentTimeMillis >> 8);
        this.q[3] = (byte) currentTimeMillis;
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        TlsUtils.writeVersion(byteArrayOutputStream);
        byteArrayOutputStream.write(this.q);
        TlsUtils.writeUint8(AP_close_notify, byteArrayOutputStream);
        TlsCipherSuiteManager.writeCipherSuites(byteArrayOutputStream);
        TlsUtils.writeOpaque8(new byte[1], byteArrayOutputStream);
        Hashtable hashtable = new Hashtable();
        this.p = !hashtable.isEmpty();
        if (this.p) {
            ByteArrayOutputStream byteArrayOutputStream2 = new ByteArrayOutputStream();
            Enumeration keys = hashtable.keys();
            while (keys.hasMoreElements()) {
                Integer num = (Integer) keys.nextElement();
                byte[] bArr = (byte[]) hashtable.get(num);
                TlsUtils.writeUint16(num.intValue(), byteArrayOutputStream2);
                TlsUtils.writeOpaque16(bArr, byteArrayOutputStream2);
            }
            TlsUtils.writeOpaque16(byteArrayOutputStream2.toByteArray(), byteArrayOutputStream);
        }
        ByteArrayOutputStream byteArrayOutputStream3 = new ByteArrayOutputStream();
        TlsUtils.writeUint8(AL_warning, byteArrayOutputStream3);
        TlsUtils.writeUint24(byteArrayOutputStream.size(), byteArrayOutputStream3);
        byteArrayOutputStream3.write(byteArrayOutputStream.toByteArray());
        byte[] byteArray = byteArrayOutputStream3.toByteArray();
        this.h.writeMessage(AP_record_overflow, byteArray, 0, byteArray.length);
        this.y = AL_warning;
        while (this.y != 12) {
            this.h.readData();
        }
        this.k = new TlsInputStream(this);
        this.l = new TlsOuputStream(this);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void failWithError(short s, short s2) throws IOException {
        if (this.m) {
            throw new IOException("Internal TLS error, this could be an attack");
        }
        byte[] bArr = {(byte) s, (byte) s2};
        this.m = true;
        if (s == 2) {
            this.n = true;
        }
        this.h.writeMessage(AP_decryption_failed, bArr, 0, 2);
        this.h.close();
        if (s == 2) {
            throw new IOException("Internal TLS error, this could be an attack");
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void flush() throws IOException {
        this.h.flush();
    }

    public InputStream getInputStream() {
        return this.k;
    }

    public OutputStream getOutputStream() {
        return this.l;
    }

    public TlsInputStream getTlsInputStream() {
        return this.k;
    }

    public TlsOuputStream getTlsOuputStream() {
        return this.l;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void processData(short s, byte[] bArr, int i, int i2) throws IOException {
        switch (s) {
            case 20:
                this.e.addData(bArr, i, i2);
                while (this.e.size() > 0) {
                    byte[] bArr2 = new byte[1];
                    this.e.read(bArr2, 0, 1, 0);
                    this.e.removeData(1);
                    if (bArr2[0] != 1) {
                        failWithError(AL_fatal, AP_unexpected_message);
                    } else if (this.y == 10) {
                        this.h.readSuite = this.h.writeSuite;
                        this.y = (short) 11;
                    } else {
                        failWithError(AL_fatal, AP_handshake_failure);
                    }
                }
                return;
            case 21:
                this.f.addData(bArr, i, i2);
                while (this.f.size() >= 2) {
                    byte[] bArr3 = new byte[2];
                    this.f.read(bArr3, 0, 2, 0);
                    this.f.removeData(2);
                    byte b2 = bArr3[0];
                    byte b3 = bArr3[1];
                    if (b2 == 2) {
                        this.n = true;
                        this.m = true;
                        try {
                            this.h.close();
                        } catch (Exception e) {
                        }
                        throw new IOException("Internal TLS error, this could be an attack");
                    }
                    if (b3 == 0) {
                        failWithError(AL_warning, AP_close_notify);
                    }
                }
                return;
            case 22:
                this.g.addData(bArr, i, i2);
                a();
                return;
            case 23:
                if (!this.o) {
                    failWithError(AL_fatal, AP_unexpected_message);
                }
                this.d.addData(bArr, i, i2);
                return;
            default:
                return;
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public int readApplicationData(byte[] bArr, int i, int i2) throws IOException {
        while (this.d.size() == 0) {
            if (this.n) {
                throw new IOException("Internal TLS error, this could be an attack");
            }
            if (this.m) {
                return -1;
            }
            try {
                this.h.readData();
            } catch (IOException e) {
                if (!this.m) {
                    failWithError(AL_fatal, AP_internal_error);
                }
                throw e;
            } catch (RuntimeException e2) {
                if (!this.m) {
                    failWithError(AL_fatal, AP_internal_error);
                }
                throw e2;
            }
        }
        int min = Math.min(i2, this.d.size());
        this.d.read(bArr, i, min, 0);
        this.d.removeData(min);
        return min;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void writeData(byte[] bArr, int i, int i2) throws IOException {
        if (this.n) {
            throw new IOException("Internal TLS error, this could be an attack");
        }
        if (this.m) {
            throw new IOException("Sorry, connection has been closed, you cannot write more data");
        }
        this.h.writeMessage((short) 23, c, 0, 0);
        do {
            int min = Math.min(i2, 16384);
            try {
                this.h.writeMessage((short) 23, bArr, i, min);
                i += min;
                i2 -= min;
            } catch (IOException e) {
                if (!this.m) {
                    failWithError(AL_fatal, AP_internal_error);
                }
                throw e;
            } catch (RuntimeException e2) {
                if (!this.m) {
                    failWithError(AL_fatal, AP_internal_error);
                }
                throw e2;
            }
        } while (i2 > 0);
    }
}
