package org.spongycastle.crypto.tls;

import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.security.SecureRandom;
import java.util.Hashtable;
import java.util.Vector;
import org.spongycastle.crypto.params.AsymmetricKeyParameter;
import org.spongycastle.crypto.tls.TlsProtocol;
import org.spongycastle.crypto.util.PublicKeyFactory;
import org.spongycastle.util.Arrays;

/* loaded from: classes3.dex */
public class TlsServerProtocol extends TlsProtocol {
    protected TlsServer F;
    p G;
    protected TlsKeyExchange H;
    protected TlsCredentials I;
    protected CertificateRequest J;
    protected short K;
    protected TlsHandshakeHash L;

    public TlsServerProtocol(InputStream inputStream, OutputStream outputStream, SecureRandom secureRandom) {
        super(inputStream, outputStream, secureRandom);
        this.F = null;
        this.G = null;
        this.H = null;
        this.I = null;
        this.J = null;
        this.K = (short) -1;
        this.L = null;
    }

    public TlsServerProtocol(SecureRandom secureRandom) {
        super(secureRandom);
        this.F = null;
        this.G = null;
        this.H = null;
        this.I = null;
        this.J = null;
        this.K = (short) -1;
        this.L = null;
    }

    protected boolean U() {
        short s2 = this.K;
        return s2 >= 0 && TlsUtils.hasSigningCapability(s2);
    }

    protected void V(Certificate certificate) {
        if (this.J == null) {
            throw new IllegalStateException();
        }
        if (this.f36939p != null) {
            throw new TlsFatalAlert((short) 10);
        }
        this.f36939p = certificate;
        if (certificate.isEmpty()) {
            this.H.skipClientCredentials();
        } else {
            this.K = TlsUtils.i(certificate, this.I.getCertificate());
            this.H.processClientCertificate(certificate);
        }
        this.F.notifyClientCertificate(certificate);
    }

    protected void W(ByteArrayInputStream byteArrayInputStream) {
        Certificate parse = Certificate.parse(byteArrayInputStream);
        TlsProtocol.c(byteArrayInputStream);
        V(parse);
    }

    protected void X(ByteArrayInputStream byteArrayInputStream) {
        byte[] sessionHash;
        if (this.J == null) {
            throw new IllegalStateException();
        }
        DigitallySigned parse = DigitallySigned.parse(n(), byteArrayInputStream);
        TlsProtocol.c(byteArrayInputStream);
        try {
            SignatureAndHashAlgorithm algorithm = parse.getAlgorithm();
            if (TlsUtils.isTLSv12(n())) {
                TlsUtils.verifySupportedSignatureAlgorithm(this.J.getSupportedSignatureAlgorithms(), algorithm);
                sessionHash = this.L.getFinalHash(algorithm.getHash());
            } else {
                sessionHash = this.f36938o.getSessionHash();
            }
            AsymmetricKeyParameter createKey = PublicKeyFactory.createKey(this.f36939p.getCertificateAt(0).getSubjectPublicKeyInfo());
            TlsSigner createTlsSigner = TlsUtils.createTlsSigner(this.K);
            createTlsSigner.init(n());
            if (createTlsSigner.verifyRawSignature(algorithm, parse.getSignature(), createKey, sessionHash)) {
            } else {
                throw new TlsFatalAlert((short) 51);
            }
        } catch (TlsFatalAlert e2) {
            throw e2;
        } catch (Exception e3) {
            throw new TlsFatalAlert((short) 51, e3);
        }
    }

    protected void Y(ByteArrayInputStream byteArrayInputStream) {
        ProtocolVersion readVersion = TlsUtils.readVersion(byteArrayInputStream);
        this.f36927d.u(readVersion);
        if (readVersion.isDTLS()) {
            throw new TlsFatalAlert((short) 47);
        }
        byte[] readFully = TlsUtils.readFully(32, byteArrayInputStream);
        if (TlsUtils.readOpaque8(byteArrayInputStream).length > 32) {
            throw new TlsFatalAlert((short) 47);
        }
        int readUint16 = TlsUtils.readUint16(byteArrayInputStream);
        if (readUint16 < 2 || (readUint16 & 1) != 0) {
            throw new TlsFatalAlert((short) 50);
        }
        this.f36940q = TlsUtils.readUint16Array(readUint16 / 2, byteArrayInputStream);
        short readUint8 = TlsUtils.readUint8(byteArrayInputStream);
        if (readUint8 < 1) {
            throw new TlsFatalAlert((short) 47);
        }
        this.f36941r = TlsUtils.readUint8Array(readUint8, byteArrayInputStream);
        Hashtable H = TlsProtocol.H(byteArrayInputStream);
        this.f36942s = H;
        this.f36938o.f36827o = TlsExtensionsUtils.hasExtendedMasterSecretExtension(H);
        o().b(readVersion);
        this.F.notifyClientVersion(readVersion);
        this.F.notifyFallback(Arrays.contains(this.f36940q, CipherSuite.TLS_FALLBACK_SCSV));
        this.f36938o.f36819g = readFully;
        this.F.notifyOfferedCipherSuites(this.f36940q);
        this.F.notifyOfferedCompressionMethods(this.f36941r);
        if (Arrays.contains(this.f36940q, 255)) {
            this.f36947x = true;
        }
        byte[] extensionData = TlsUtils.getExtensionData(this.f36942s, TlsProtocol.D);
        if (extensionData != null) {
            this.f36947x = true;
            if (!Arrays.constantTimeAreEqual(extensionData, TlsProtocol.i(TlsUtils.EMPTY_BYTES))) {
                throw new TlsFatalAlert((short) 40);
            }
        }
        this.F.notifySecureRenegotiation(this.f36947x);
        Hashtable hashtable = this.f36942s;
        if (hashtable != null) {
            this.F.processClientExtensions(hashtable);
        }
    }

    protected void Z(ByteArrayInputStream byteArrayInputStream) {
        this.H.processClientKeyExchange(byteArrayInputStream);
        TlsProtocol.c(byteArrayInputStream);
        this.L = this.f36927d.l();
        this.f36938o.f36821i = TlsProtocol.p(n(), this.L, null);
        TlsProtocol.k(n(), this.H);
        this.f36927d.q(r().getCompression(), r().getCipher());
        if (this.f36949z) {
            return;
        }
        N();
    }

    protected void a0(CertificateRequest certificateRequest) {
        TlsProtocol.a aVar = new TlsProtocol.a(this, (short) 13);
        certificateRequest.encode(aVar);
        aVar.a();
    }

    public void accept(TlsServer tlsServer) throws IOException {
        if (tlsServer == null) {
            throw new IllegalArgumentException("'tlsServer' cannot be null");
        }
        if (this.F != null) {
            throw new IllegalStateException("'accept' can only be called once");
        }
        this.F = tlsServer;
        SecurityParameters securityParameters = new SecurityParameters();
        this.f36938o = securityParameters;
        securityParameters.f36813a = 0;
        this.G = new p(this.f36928e, this.f36938o);
        this.f36938o.f36820h = TlsProtocol.h(tlsServer.shouldUseGMTUnixTime(), this.G.getNonceRandomGenerator());
        this.F.init(this.G);
        this.f36927d.j(this.G);
        this.f36927d.t(false);
        d();
    }

    protected void b0(CertificateStatus certificateStatus) {
        TlsProtocol.a aVar = new TlsProtocol.a(this, (short) 22);
        certificateStatus.encode(aVar);
        aVar.a();
    }

    protected void c0(NewSessionTicket newSessionTicket) {
        if (newSessionTicket == null) {
            throw new TlsFatalAlert((short) 80);
        }
        TlsProtocol.a aVar = new TlsProtocol.a(this, (short) 4);
        newSessionTicket.encode(aVar);
        aVar.a();
    }

    protected void d0() {
        byte[] bArr = new byte[4];
        TlsUtils.writeUint8((short) 14, bArr, 0);
        TlsUtils.writeUint24(0, bArr, 1);
        S(bArr, 0, 4);
    }

    protected void e0() {
        TlsProtocol.a aVar = new TlsProtocol.a(this, (short) 2);
        ProtocolVersion serverVersion = this.F.getServerVersion();
        if (!serverVersion.isEqualOrEarlierVersionOf(n().getClientVersion())) {
            throw new TlsFatalAlert((short) 80);
        }
        this.f36927d.s(serverVersion);
        this.f36927d.u(serverVersion);
        this.f36927d.t(true);
        o().d(serverVersion);
        TlsUtils.writeVersion(serverVersion, aVar);
        aVar.write(this.f36938o.f36820h);
        byte[] bArr = TlsUtils.EMPTY_BYTES;
        TlsUtils.writeOpaque8(bArr, aVar);
        int selectedCipherSuite = this.F.getSelectedCipherSuite();
        if (!Arrays.contains(this.f36940q, selectedCipherSuite) || selectedCipherSuite == 0 || CipherSuite.isSCSV(selectedCipherSuite) || !TlsUtils.isValidCipherSuiteForVersion(selectedCipherSuite, n().getServerVersion())) {
            throw new TlsFatalAlert((short) 80);
        }
        this.f36938o.f36814b = selectedCipherSuite;
        short selectedCompressionMethod = this.F.getSelectedCompressionMethod();
        if (!Arrays.contains(this.f36941r, selectedCompressionMethod)) {
            throw new TlsFatalAlert((short) 80);
        }
        this.f36938o.f36815c = selectedCompressionMethod;
        TlsUtils.writeUint16(selectedCipherSuite, aVar);
        TlsUtils.writeUint8(selectedCompressionMethod, (OutputStream) aVar);
        Hashtable serverExtensions = this.F.getServerExtensions();
        this.f36943t = serverExtensions;
        if (this.f36947x) {
            Integer num = TlsProtocol.D;
            if (TlsUtils.getExtensionData(serverExtensions, num) == null) {
                Hashtable ensureExtensionsInitialised = TlsExtensionsUtils.ensureExtensionsInitialised(this.f36943t);
                this.f36943t = ensureExtensionsInitialised;
                ensureExtensionsInitialised.put(num, TlsProtocol.i(bArr));
            }
        }
        if (this.f36938o.f36827o) {
            Hashtable ensureExtensionsInitialised2 = TlsExtensionsUtils.ensureExtensionsInitialised(this.f36943t);
            this.f36943t = ensureExtensionsInitialised2;
            TlsExtensionsUtils.addExtendedMasterSecretExtension(ensureExtensionsInitialised2);
        }
        Hashtable hashtable = this.f36943t;
        if (hashtable != null) {
            this.f36938o.f36826n = TlsExtensionsUtils.hasEncryptThenMACExtension(hashtable);
            this.f36938o.f36824l = C(this.f36942s, this.f36943t, (short) 80);
            this.f36938o.f36825m = TlsExtensionsUtils.hasTruncatedHMacExtension(this.f36943t);
            this.f36948y = !this.f36945v && TlsUtils.hasExpectedEmptyExtensionData(this.f36943t, TlsExtensionsUtils.EXT_status_request, (short) 80);
            this.f36949z = !this.f36945v && TlsUtils.hasExpectedEmptyExtensionData(this.f36943t, TlsProtocol.E, (short) 80);
            TlsProtocol.R(aVar, this.f36943t);
        }
        this.f36938o.f36816d = TlsProtocol.q(n(), this.f36938o.getCipherSuite());
        this.f36938o.f36817e = 12;
        b();
        aVar.a();
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.spongycastle.crypto.tls.TlsProtocol
    public void f() {
        super.f();
        this.H = null;
        this.I = null;
        this.J = null;
        this.L = null;
    }

    protected void f0(byte[] bArr) {
        TlsProtocol.a aVar = new TlsProtocol.a((short) 12, bArr.length);
        aVar.write(bArr);
        aVar.a();
    }

    @Override // org.spongycastle.crypto.tls.TlsProtocol
    protected TlsContext n() {
        return this.G;
    }

    @Override // org.spongycastle.crypto.tls.TlsProtocol
    a o() {
        return this.G;
    }

    @Override // org.spongycastle.crypto.tls.TlsProtocol
    protected TlsPeer r() {
        return this.F;
    }

    /* JADX WARN: Failed to find 'out' block for switch in B:13:0x0027. Please report as an issue. */
    @Override // org.spongycastle.crypto.tls.TlsProtocol
    protected void u(short s2, byte[] bArr) {
        CertificateStatus certificateStatus;
        ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(bArr);
        Certificate certificate = null;
        if (s2 == 1) {
            short s3 = this.f36944u;
            if (s3 != 0) {
                if (s3 != 16) {
                    throw new TlsFatalAlert((short) 10);
                }
                J();
                return;
            }
            Y(byteArrayInputStream);
            this.f36944u = (short) 1;
            e0();
            this.f36944u = (short) 2;
            this.f36927d.k();
            Vector serverSupplementalData = this.F.getServerSupplementalData();
            if (serverSupplementalData != null) {
                P(serverSupplementalData);
            }
            this.f36944u = (short) 3;
            TlsKeyExchange keyExchange = this.F.getKeyExchange();
            this.H = keyExchange;
            keyExchange.init(n());
            TlsCredentials credentials = this.F.getCredentials();
            this.I = credentials;
            if (credentials == null) {
                this.H.skipServerCredentials();
            } else {
                this.H.processServerCredentials(credentials);
                certificate = this.I.getCertificate();
                M(certificate);
            }
            this.f36944u = (short) 4;
            if (certificate == null || certificate.isEmpty()) {
                this.f36948y = false;
            }
            if (this.f36948y && (certificateStatus = this.F.getCertificateStatus()) != null) {
                b0(certificateStatus);
            }
            this.f36944u = (short) 5;
            byte[] generateServerKeyExchange = this.H.generateServerKeyExchange();
            if (generateServerKeyExchange != null) {
                f0(generateServerKeyExchange);
            }
            this.f36944u = (short) 6;
            if (this.I != null) {
                CertificateRequest certificateRequest = this.F.getCertificateRequest();
                this.J = certificateRequest;
                if (certificateRequest != null) {
                    if (TlsUtils.isTLSv12(n()) != (this.J.getSupportedSignatureAlgorithms() != null)) {
                        throw new TlsFatalAlert((short) 80);
                    }
                    this.H.validateCertificateRequest(this.J);
                    a0(this.J);
                    TlsUtils.k(this.f36927d.g(), this.J.getSupportedSignatureAlgorithms());
                }
            }
            this.f36944u = (short) 7;
            d0();
            this.f36944u = (short) 8;
            this.f36927d.g().sealHashAlgorithms();
            return;
        }
        if (s2 == 11) {
            short s4 = this.f36944u;
            if (s4 == 8) {
                this.F.processClientSupplementalData(null);
            } else if (s4 != 9) {
                throw new TlsFatalAlert((short) 10);
            }
            if (this.J == null) {
                throw new TlsFatalAlert((short) 10);
            }
            W(byteArrayInputStream);
            this.f36944u = (short) 10;
            return;
        }
        if (s2 == 20) {
            short s5 = this.f36944u;
            if (s5 != 11) {
                if (s5 != 12) {
                    throw new TlsFatalAlert((short) 10);
                }
            } else if (U()) {
                throw new TlsFatalAlert((short) 10);
            }
            A(byteArrayInputStream);
            this.f36944u = (short) 13;
            if (this.f36949z) {
                c0(this.F.getNewSessionTicket());
                N();
            }
            this.f36944u = (short) 14;
            O();
            this.f36944u = (short) 16;
            g();
            return;
        }
        if (s2 == 23) {
            if (this.f36944u != 8) {
                throw new TlsFatalAlert((short) 10);
            }
            this.F.processClientSupplementalData(TlsProtocol.I(byteArrayInputStream));
            this.f36944u = (short) 9;
            return;
        }
        if (s2 == 15) {
            if (this.f36944u != 11) {
                throw new TlsFatalAlert((short) 10);
            }
            if (!U()) {
                throw new TlsFatalAlert((short) 10);
            }
            X(byteArrayInputStream);
            this.f36944u = (short) 12;
            return;
        }
        if (s2 != 16) {
            throw new TlsFatalAlert((short) 10);
        }
        switch (this.f36944u) {
            case 8:
                this.F.processClientSupplementalData(null);
            case 9:
                if (this.J == null) {
                    this.H.skipClientCredentials();
                } else {
                    if (TlsUtils.isTLSv12(n())) {
                        throw new TlsFatalAlert((short) 10);
                    }
                    if (!TlsUtils.isSSL(n())) {
                        V(Certificate.EMPTY_CHAIN);
                    } else if (this.f36939p == null) {
                        throw new TlsFatalAlert((short) 10);
                    }
                }
            case 10:
                Z(byteArrayInputStream);
                this.f36944u = (short) 11;
                return;
            default:
                throw new TlsFatalAlert((short) 10);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.spongycastle.crypto.tls.TlsProtocol
    public void v(short s2) {
        if (s2 != 41) {
            super.v(s2);
        } else {
            if (!TlsUtils.isSSL(n()) || this.J == null) {
                return;
            }
            V(Certificate.EMPTY_CHAIN);
        }
    }
}
