package org.bouncycastle.crypto.tls;

import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.security.SecureRandom;
import java.util.Hashtable;
import java.util.Vector;
import org.bouncycastle.crypto.params.AsymmetricKeyParameter;
import org.bouncycastle.crypto.tls.TlsProtocol;
import org.bouncycastle.crypto.util.PublicKeyFactory;
import org.bouncycastle.util.Arrays;

/* loaded from: classes3.dex */
public class TlsServerProtocol extends TlsProtocol {
    public TlsHandshakeHash AHb;
    public TlsKeyExchange Hwb;
    public TlsCredentials Pwb;
    public short RCb;
    public CertificateRequest gCb;
    public TlsServer yHb;
    public TlsServerContextImpl zHb;

    public TlsServerProtocol(InputStream inputStream, OutputStream outputStream, SecureRandom secureRandom) {
        super(inputStream, outputStream, secureRandom);
        this.yHb = null;
        this.zHb = null;
        this.Hwb = null;
        this.Pwb = null;
        this.gCb = null;
        this.RCb = (short) -1;
        this.AHb = null;
    }

    public boolean An() {
        short s = this.RCb;
        return s >= 0 && TlsUtils.v(s);
    }

    public void Bn() throws IOException {
        byte[] bArr = new byte[4];
        TlsUtils.a((short) 14, bArr, 0);
        TlsUtils.d(0, bArr, 1);
        t(bArr, 0, bArr.length);
    }

    public void Cn() throws IOException {
        TlsProtocol.HandshakeMessage handshakeMessage = new TlsProtocol.HandshakeMessage(this, (short) 2);
        ProtocolVersion serverVersion = this.yHb.getServerVersion();
        if (!serverVersion.d(getContext().getClientVersion())) {
            throw new TlsFatalAlert((short) 80);
        }
        this.mHb.setReadVersion(serverVersion);
        this.mHb.setWriteVersion(serverVersion);
        this.mHb.setRestrictReadVersion(true);
        getContextAdmin().setServerVersion(serverVersion);
        TlsUtils.a(serverVersion, handshakeMessage);
        handshakeMessage.write(this.Cwb.WFb);
        TlsUtils.c(TlsUtils.oJa, handshakeMessage);
        int selectedCipherSuite = this.yHb.getSelectedCipherSuite();
        if (!Arrays.contains(this.kxb, selectedCipherSuite) || selectedCipherSuite == 0 || CipherSuite.be(selectedCipherSuite) || !TlsUtils.a(selectedCipherSuite, serverVersion)) {
            throw new TlsFatalAlert((short) 80);
        }
        this.Cwb.cipherSuite = selectedCipherSuite;
        short selectedCompressionMethod = this.yHb.getSelectedCompressionMethod();
        if (!Arrays.contains(this.lxb, selectedCompressionMethod)) {
            throw new TlsFatalAlert((short) 80);
        }
        this.Cwb.kSa = selectedCompressionMethod;
        TlsUtils.c(selectedCipherSuite, (OutputStream) handshakeMessage);
        TlsUtils.a(selectedCompressionMethod, (OutputStream) handshakeMessage);
        this.rxb = this.yHb.getServerExtensions();
        boolean z = false;
        if (this.aCb) {
            if (TlsUtils.b(this.rxb, TlsProtocol.QGb) == null) {
                this.rxb = TlsExtensionsUtils.q(this.rxb);
                this.rxb.put(TlsProtocol.QGb, TlsProtocol.Fa(TlsUtils.oJa));
            }
        }
        if (this.Cwb._Fb) {
            this.rxb = TlsExtensionsUtils.q(this.rxb);
            TlsExtensionsUtils.o(this.rxb);
        }
        Hashtable hashtable = this.rxb;
        if (hashtable != null) {
            this.Cwb.ZFb = TlsExtensionsUtils.v(hashtable);
            this.Cwb.bCb = b(this.mxb, this.rxb, (short) 80);
            this.Cwb.YFb = TlsExtensionsUtils.x(this.rxb);
            this.cCb = !this.uHb && TlsUtils.a(this.rxb, TlsExtensionsUtils.LGb, (short) 80);
            if (!this.uHb && TlsUtils.a(this.rxb, TlsProtocol.RGb, (short) 80)) {
                z = true;
            }
            this.dCb = z;
            TlsProtocol.a(handshakeMessage, this.rxb);
        }
        short s = this.Cwb.bCb;
        if (s >= 0) {
            this.mHb.setPlaintextLimit(1 << (s + 8));
        }
        this.Cwb.SFb = TlsProtocol.d(getContext(), this.Cwb.getCipherSuite());
        this.Cwb.TFb = 12;
        handshakeMessage.Dk();
        this.mHb.Wm();
    }

    public void Ga(byte[] bArr) throws IOException {
        TlsProtocol.HandshakeMessage handshakeMessage = new TlsProtocol.HandshakeMessage((short) 12, bArr.length);
        handshakeMessage.write(bArr);
        handshakeMessage.Dk();
    }

    public void a(Certificate certificate) throws IOException {
        if (this.gCb == null) {
            throw new IllegalStateException();
        }
        if (this.cGb != null) {
            throw new TlsFatalAlert((short) 10);
        }
        this.cGb = certificate;
        if (certificate.isEmpty()) {
            this.Hwb.Ga();
        } else {
            this.RCb = TlsUtils.a(certificate, this.Pwb.getCertificate());
            this.Hwb.b(certificate);
        }
        this.yHb.a(certificate);
    }

    public void a(CertificateStatus certificateStatus) throws IOException {
        TlsProtocol.HandshakeMessage handshakeMessage = new TlsProtocol.HandshakeMessage(this, (short) 22);
        certificateStatus.encode(handshakeMessage);
        handshakeMessage.Dk();
    }

    public void a(TlsServer tlsServer) throws IOException {
        if (tlsServer == null) {
            throw new IllegalArgumentException("'tlsServer' cannot be null");
        }
        if (this.yHb != null) {
            throw new IllegalStateException("'accept' can only be called once");
        }
        this.yHb = tlsServer;
        this.Cwb = new SecurityParameters();
        SecurityParameters securityParameters = this.Cwb;
        securityParameters.RFb = 0;
        this.zHb = new TlsServerContextImpl(this.Bwb, securityParameters);
        this.Cwb.WFb = TlsProtocol.a(tlsServer.ob(), this.zHb.getNonceRandomGenerator());
        this.yHb.a(this.zHb);
        this.mHb.a(this.zHb);
        this.mHb.setRestrictReadVersion(false);
        sn();
    }

    public void b(NewSessionTicket newSessionTicket) throws IOException {
        if (newSessionTicket == null) {
            throw new TlsFatalAlert((short) 80);
        }
        TlsProtocol.HandshakeMessage handshakeMessage = new TlsProtocol.HandshakeMessage(this, (short) 4);
        newSessionTicket.encode(handshakeMessage);
        handshakeMessage.Dk();
    }

    /* JADX WARN: Failed to find 'out' block for switch in B:12:0x0027. Please report as an issue. */
    @Override // org.bouncycastle.crypto.tls.TlsProtocol
    public void b(short s, byte[] bArr) throws IOException {
        CertificateStatus certificateStatus;
        ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(bArr);
        Certificate certificate = null;
        if (s == 1) {
            if (this.tHb != 0) {
                throw new TlsFatalAlert((short) 10);
            }
            i(byteArrayInputStream);
            this.tHb = (short) 1;
            Cn();
            this.tHb = (short) 2;
            Vector serverSupplementalData = this.yHb.getServerSupplementalData();
            if (serverSupplementalData != null) {
                h(serverSupplementalData);
            }
            this.tHb = (short) 3;
            this.Hwb = this.yHb.getKeyExchange();
            this.Hwb.a(getContext());
            this.Pwb = this.yHb.getCredentials();
            TlsCredentials tlsCredentials = this.Pwb;
            if (tlsCredentials == null) {
                this.Hwb.ub();
            } else {
                this.Hwb.a(tlsCredentials);
                certificate = this.Pwb.getCertificate();
                g(certificate);
            }
            this.tHb = (short) 4;
            if (certificate == null || certificate.isEmpty()) {
                this.cCb = false;
            }
            if (this.cCb && (certificateStatus = this.yHb.getCertificateStatus()) != null) {
                a(certificateStatus);
            }
            this.tHb = (short) 5;
            byte[] ba = this.Hwb.ba();
            if (ba != null) {
                Ga(ba);
            }
            this.tHb = (short) 6;
            if (this.Pwb != null) {
                this.gCb = this.yHb.getCertificateRequest();
                CertificateRequest certificateRequest = this.gCb;
                if (certificateRequest != null) {
                    this.Hwb.a(certificateRequest);
                    c(this.gCb);
                    TlsUtils.a(this.mHb.getHandshakeHash(), this.gCb.getSupportedSignatureAlgorithms());
                }
            }
            this.tHb = (short) 7;
            Bn();
            this.tHb = (short) 8;
            this.mHb.getHandshakeHash().Za();
            return;
        }
        if (s == 11) {
            short s2 = this.tHb;
            if (s2 == 8) {
                this.yHb.a((Vector) null);
            } else if (s2 != 9) {
                throw new TlsFatalAlert((short) 10);
            }
            if (this.gCb == null) {
                throw new TlsFatalAlert((short) 10);
            }
            g(byteArrayInputStream);
            this.tHb = (short) 10;
            return;
        }
        if (s == 20) {
            short s3 = this.tHb;
            if (s3 != 11) {
                if (s3 != 12) {
                    throw new TlsFatalAlert((short) 10);
                }
            } else if (An()) {
                throw new TlsFatalAlert((short) 10);
            }
            b(byteArrayInputStream);
            this.tHb = (short) 13;
            if (this.dCb) {
                b(this.yHb.getNewSessionTicket());
                wn();
            }
            this.tHb = (short) 14;
            xn();
            this.tHb = (short) 15;
            this.tHb = (short) 16;
            return;
        }
        if (s == 23) {
            if (this.tHb != 8) {
                throw new TlsFatalAlert((short) 10);
            }
            this.yHb.a(TlsProtocol.d(byteArrayInputStream));
            this.tHb = (short) 9;
            return;
        }
        if (s == 15) {
            if (this.tHb != 11) {
                throw new TlsFatalAlert((short) 10);
            }
            if (!An()) {
                throw new TlsFatalAlert((short) 10);
            }
            h(byteArrayInputStream);
            this.tHb = (short) 12;
            return;
        }
        if (s != 16) {
            throw new TlsFatalAlert((short) 10);
        }
        switch (this.tHb) {
            case 8:
                this.yHb.a((Vector) null);
            case 9:
                if (this.gCb == null) {
                    this.Hwb.Ga();
                } else {
                    if (TlsUtils.e(getContext())) {
                        throw new TlsFatalAlert((short) 10);
                    }
                    if (!TlsUtils.c(getContext())) {
                        a(Certificate.nyb);
                    } else if (this.cGb == null) {
                        throw new TlsFatalAlert((short) 10);
                    }
                }
            case 10:
                j(byteArrayInputStream);
                this.tHb = (short) 11;
                return;
            default:
                throw new TlsFatalAlert((short) 10);
        }
    }

    public void c(CertificateRequest certificateRequest) throws IOException {
        TlsProtocol.HandshakeMessage handshakeMessage = new TlsProtocol.HandshakeMessage(this, (short) 13);
        certificateRequest.encode(handshakeMessage);
        handshakeMessage.Dk();
    }

    public void g(ByteArrayInputStream byteArrayInputStream) throws IOException {
        Certificate parse = Certificate.parse(byteArrayInputStream);
        TlsProtocol.a(byteArrayInputStream);
        a(parse);
    }

    @Override // org.bouncycastle.crypto.tls.TlsProtocol
    public TlsContext getContext() {
        return this.zHb;
    }

    @Override // org.bouncycastle.crypto.tls.TlsProtocol
    public AbstractTlsContext getContextAdmin() {
        return this.zHb;
    }

    @Override // org.bouncycastle.crypto.tls.TlsProtocol
    public TlsPeer getPeer() {
        return this.yHb;
    }

    public void h(ByteArrayInputStream byteArrayInputStream) throws IOException {
        DigitallySigned a = DigitallySigned.a(getContext(), byteArrayInputStream);
        TlsProtocol.a(byteArrayInputStream);
        try {
            byte[] e = TlsUtils.e(getContext()) ? this.AHb.e(a.getAlgorithm().getHash()) : this.Cwb.getSessionHash();
            AsymmetricKeyParameter d = PublicKeyFactory.d(this.cGb.ae(0).getSubjectPublicKeyInfo());
            TlsSigner t = TlsUtils.t(this.RCb);
            t.a(getContext());
            if (t.a(a.getAlgorithm(), a.getSignature(), d, e)) {
            } else {
                throw new TlsFatalAlert((short) 51);
            }
        } catch (Exception e2) {
            throw new TlsFatalAlert((short) 51, e2);
        }
    }

    public void i(ByteArrayInputStream byteArrayInputStream) throws IOException {
        ProtocolVersion u = TlsUtils.u(byteArrayInputStream);
        this.mHb.setWriteVersion(u);
        if (u.bn()) {
            throw new TlsFatalAlert((short) 47);
        }
        byte[] e = TlsUtils.e(32, byteArrayInputStream);
        if (TlsUtils.o(byteArrayInputStream).length > 32) {
            throw new TlsFatalAlert((short) 47);
        }
        int p = TlsUtils.p(byteArrayInputStream);
        if (p < 2 || (p & 1) != 0) {
            throw new TlsFatalAlert((short) 50);
        }
        this.kxb = TlsUtils.f(p / 2, byteArrayInputStream);
        short t = TlsUtils.t(byteArrayInputStream);
        if (t < 1) {
            throw new TlsFatalAlert((short) 47);
        }
        this.lxb = TlsUtils.g(t, byteArrayInputStream);
        this.mxb = TlsProtocol.c(byteArrayInputStream);
        this.Cwb._Fb = TlsExtensionsUtils.w(this.mxb);
        getContextAdmin().setClientVersion(u);
        this.yHb.b(u);
        this.yHb.k(Arrays.contains(this.kxb, CipherSuite.TLS_FALLBACK_SCSV));
        this.Cwb.VFb = e;
        this.yHb.b(this.kxb);
        this.yHb.b(this.lxb);
        if (Arrays.contains(this.kxb, 255)) {
            this.aCb = true;
        }
        byte[] b = TlsUtils.b(this.mxb, TlsProtocol.QGb);
        if (b != null) {
            this.aCb = true;
            if (!Arrays.z(b, TlsProtocol.Fa(TlsUtils.oJa))) {
                throw new TlsFatalAlert((short) 40);
            }
        }
        this.yHb.l(this.aCb);
        Hashtable hashtable = this.mxb;
        if (hashtable != null) {
            this.yHb.b(hashtable);
        }
    }

    public void j(ByteArrayInputStream byteArrayInputStream) throws IOException {
        this.Hwb.e(byteArrayInputStream);
        TlsProtocol.a(byteArrayInputStream);
        this.AHb = this.mHb.Xm();
        this.Cwb.XFb = TlsProtocol.a(getContext(), this.AHb, null);
        TlsProtocol.a(getContext(), this.Hwb);
        this.mHb.setPendingConnectionState(getPeer().getCompression(), getPeer().getCipher());
        if (this.dCb) {
            return;
        }
        wn();
    }

    @Override // org.bouncycastle.crypto.tls.TlsProtocol
    public void q(short s) throws IOException {
        if (s != 41) {
            super.q(s);
        } else {
            if (!TlsUtils.c(getContext()) || this.gCb == null) {
                return;
            }
            a(Certificate.nyb);
        }
    }

    @Override // org.bouncycastle.crypto.tls.TlsProtocol
    public void rn() {
        super.rn();
        this.Hwb = null;
        this.Pwb = null;
        this.gCb = null;
        this.AHb = null;
    }
}
