package org.bouncycastle.crypto.tls;

import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.security.SecureRandom;
import java.util.Hashtable;
import java.util.Vector;
import org.bouncycastle.crypto.params.AsymmetricKeyParameter;
import org.bouncycastle.crypto.tls.TlsProtocol;
import org.bouncycastle.crypto.util.PublicKeyFactory;
import org.bouncycastle.util.Arrays;

/* loaded from: classes9.dex */
public class TlsServerProtocol extends TlsProtocol {
    public TlsServer b0;
    public TlsServerContextImpl c0;
    public TlsKeyExchange d0;
    public TlsCredentials e0;
    public CertificateRequest f0;
    public short g0;
    public TlsHandshakeHash h0;

    public TlsServerProtocol(InputStream inputStream, OutputStream outputStream, SecureRandom secureRandom) {
        super(inputStream, outputStream, secureRandom);
        this.b0 = null;
        this.c0 = null;
        this.d0 = null;
        this.e0 = null;
        this.f0 = null;
        this.g0 = (short) -1;
        this.h0 = null;
    }

    public TlsServerProtocol(SecureRandom secureRandom) {
        super(secureRandom);
        this.b0 = null;
        this.c0 = null;
        this.d0 = null;
        this.e0 = null;
        this.f0 = null;
        this.g0 = (short) -1;
        this.h0 = null;
    }

    /* JADX WARN: Failed to find 'out' block for switch in B:12:0x0022. Please report as an issue. */
    @Override // org.bouncycastle.crypto.tls.TlsProtocol
    public void A(short s, ByteArrayInputStream byteArrayInputStream) throws IOException {
        CertificateStatus certificateStatus;
        Certificate certificate = null;
        if (s == 1) {
            short s2 = this.S;
            if (s2 != 0) {
                if (s2 != 16) {
                    throw new TlsFatalAlert((short) 10);
                }
                U();
                return;
            }
            n0(byteArrayInputStream);
            this.S = (short) 1;
            t0();
            this.S = (short) 2;
            this.A.n();
            Vector serverSupplementalData = this.b0.getServerSupplementalData();
            if (serverSupplementalData != null) {
                b0(serverSupplementalData);
            }
            this.S = (short) 3;
            TlsKeyExchange keyExchange = this.b0.getKeyExchange();
            this.d0 = keyExchange;
            keyExchange.init(r());
            TlsCredentials credentials = this.b0.getCredentials();
            this.e0 = credentials;
            if (credentials == null) {
                this.d0.skipServerCredentials();
            } else {
                this.d0.processServerCredentials(credentials);
                certificate = this.e0.getCertificate();
                Y(certificate);
            }
            this.S = (short) 4;
            if (certificate == null || certificate.f()) {
                this.W = false;
            }
            if (this.W && (certificateStatus = this.b0.getCertificateStatus()) != null) {
                q0(certificateStatus);
            }
            this.S = (short) 5;
            byte[] generateServerKeyExchange = this.d0.generateServerKeyExchange();
            if (generateServerKeyExchange != null) {
                u0(generateServerKeyExchange);
            }
            this.S = (short) 6;
            if (this.e0 != null) {
                CertificateRequest certificateRequest = this.b0.getCertificateRequest();
                this.f0 = certificateRequest;
                if (certificateRequest != null) {
                    if (TlsUtils.j0(r()) != (this.f0.d() != null)) {
                        throw new TlsFatalAlert((short) 80);
                    }
                    this.d0.validateCertificateRequest(this.f0);
                    p0(this.f0);
                    TlsUtils.W0(this.A.i(), this.f0.d());
                }
            }
            this.S = (short) 7;
            s0();
            this.S = (short) 8;
            this.A.i().sealHashAlgorithms();
            return;
        }
        if (s == 11) {
            short s3 = this.S;
            if (s3 == 8) {
                this.b0.processClientSupplementalData(null);
            } else if (s3 != 9) {
                throw new TlsFatalAlert((short) 10);
            }
            if (this.f0 == null) {
                throw new TlsFatalAlert((short) 10);
            }
            l0(byteArrayInputStream);
            this.S = (short) 10;
            return;
        }
        if (s == 20) {
            short s4 = this.S;
            if (s4 != 11) {
                if (s4 != 12) {
                    throw new TlsFatalAlert((short) 10);
                }
            } else if (j0()) {
                throw new TlsFatalAlert((short) 10);
            }
            J(byteArrayInputStream);
            this.S = (short) 13;
            if (this.X) {
                r0(this.b0.getNewSessionTicket());
                Z();
            }
            this.S = (short) 14;
            a0();
            this.S = (short) 15;
            i();
            return;
        }
        if (s == 23) {
            if (this.S != 8) {
                throw new TlsFatalAlert((short) 10);
            }
            this.b0.processClientSupplementalData(TlsProtocol.T(byteArrayInputStream));
            this.S = (short) 9;
            return;
        }
        if (s == 15) {
            if (this.S != 11) {
                throw new TlsFatalAlert((short) 10);
            }
            if (!j0()) {
                throw new TlsFatalAlert((short) 10);
            }
            m0(byteArrayInputStream);
            this.S = (short) 12;
            return;
        }
        if (s != 16) {
            throw new TlsFatalAlert((short) 10);
        }
        switch (this.S) {
            case 8:
                this.b0.processClientSupplementalData(null);
            case 9:
                if (this.f0 == null) {
                    this.d0.skipClientCredentials();
                } else {
                    if (TlsUtils.j0(r())) {
                        throw new TlsFatalAlert((short) 10);
                    }
                    if (!TlsUtils.d0(r())) {
                        k0(Certificate.f39935a);
                    } else if (this.N == null) {
                        throw new TlsFatalAlert((short) 10);
                    }
                }
            case 10:
                o0(byteArrayInputStream);
                this.S = (short) 11;
                return;
            default:
                throw new TlsFatalAlert((short) 10);
        }
    }

    @Override // org.bouncycastle.crypto.tls.TlsProtocol
    public void B(short s) throws IOException {
        if (s != 41) {
            super.B(s);
        } else {
            if (!TlsUtils.d0(r()) || this.f0 == null) {
                return;
            }
            k0(Certificate.f39935a);
        }
    }

    @Override // org.bouncycastle.crypto.tls.TlsProtocol
    public void f() {
        super.f();
        this.d0 = null;
        this.e0 = null;
        this.f0 = null;
        this.h0 = null;
    }

    public void i0(TlsServer tlsServer) throws IOException {
        if (tlsServer == null) {
            throw new IllegalArgumentException("'tlsServer' cannot be null");
        }
        if (this.b0 != null) {
            throw new IllegalStateException("'accept' can only be called once");
        }
        this.b0 = tlsServer;
        SecurityParameters securityParameters = new SecurityParameters();
        this.M = securityParameters;
        securityParameters.f40140a = 0;
        this.c0 = new TlsServerContextImpl(this.B, this.M);
        this.M.h = TlsProtocol.j(tlsServer.shouldUseGMTUnixTime(), this.c0.getNonceRandomGenerator());
        this.b0.init(this.c0);
        this.A.m(this.c0);
        this.A.w(false);
        d();
    }

    public boolean j0() {
        short s = this.g0;
        return s >= 0 && TlsUtils.Y(s);
    }

    public void k0(Certificate certificate) throws IOException {
        if (this.f0 == null) {
            throw new IllegalStateException();
        }
        if (this.N != null) {
            throw new TlsFatalAlert((short) 10);
        }
        this.N = certificate;
        if (certificate.f()) {
            this.d0.skipClientCredentials();
        } else {
            this.g0 = TlsUtils.I(certificate, this.e0.getCertificate());
            this.d0.processClientCertificate(certificate);
        }
        this.b0.notifyClientCertificate(certificate);
    }

    public void l0(ByteArrayInputStream byteArrayInputStream) throws IOException {
        Certificate g = Certificate.g(byteArrayInputStream);
        TlsProtocol.c(byteArrayInputStream);
        k0(g);
    }

    public void m0(ByteArrayInputStream byteArrayInputStream) throws IOException {
        byte[] l;
        if (this.f0 == null) {
            throw new IllegalStateException();
        }
        DigitallySigned d2 = DigitallySigned.d(r(), byteArrayInputStream);
        TlsProtocol.c(byteArrayInputStream);
        try {
            SignatureAndHashAlgorithm b2 = d2.b();
            if (TlsUtils.j0(r())) {
                TlsUtils.Z0(this.f0.d(), b2);
                l = this.h0.getFinalHash(b2.b());
            } else {
                l = this.M.l();
            }
            AsymmetricKeyParameter b3 = PublicKeyFactory.b(this.N.c(0).m());
            TlsSigner A = TlsUtils.A(this.g0);
            A.init(r());
            if (A.verifyRawSignature(b2, d2.c(), b3, l)) {
            } else {
                throw new TlsFatalAlert((short) 51);
            }
        } catch (TlsFatalAlert e2) {
            throw e2;
        } catch (Exception e3) {
            throw new TlsFatalAlert((short) 51, e3);
        }
    }

    public void n0(ByteArrayInputStream byteArrayInputStream) throws IOException {
        ProtocolVersion S0 = TlsUtils.S0(byteArrayInputStream);
        this.A.x(S0);
        if (S0.h()) {
            throw new TlsFatalAlert((short) 47);
        }
        byte[] B0 = TlsUtils.B0(32, byteArrayInputStream);
        if (TlsUtils.E0(byteArrayInputStream).length > 32) {
            throw new TlsFatalAlert((short) 47);
        }
        int G0 = TlsUtils.G0(byteArrayInputStream);
        if (G0 < 2 || (G0 & 1) != 0) {
            throw new TlsFatalAlert((short) 50);
        }
        this.O = TlsUtils.I0(G0 / 2, byteArrayInputStream);
        short P0 = TlsUtils.P0(byteArrayInputStream);
        if (P0 < 1) {
            throw new TlsFatalAlert((short) 47);
        }
        this.P = TlsUtils.R0(P0, byteArrayInputStream);
        Hashtable Q = TlsProtocol.Q(byteArrayInputStream);
        this.Q = Q;
        this.M.o = TlsExtensionsUtils.y(Q);
        s().b(S0);
        this.b0.notifyClientVersion(S0);
        this.b0.notifyFallback(Arrays.C(this.O, CipherSuite.Q3));
        this.M.g = B0;
        this.b0.notifyOfferedCipherSuites(this.O);
        this.b0.notifyOfferedCompressionMethods(this.P);
        if (Arrays.C(this.O, 255)) {
            this.V = true;
        }
        byte[] O = TlsUtils.O(this.Q, TlsProtocol.f40218a);
        if (O != null) {
            this.V = true;
            if (!Arrays.B(O, TlsProtocol.k(TlsUtils.f40240a))) {
                throw new TlsFatalAlert((short) 40);
            }
        }
        this.b0.notifySecureRenegotiation(this.V);
        Hashtable hashtable = this.Q;
        if (hashtable != null) {
            TlsExtensionsUtils.u(hashtable);
            this.b0.processClientExtensions(this.Q);
        }
    }

    public void o0(ByteArrayInputStream byteArrayInputStream) throws IOException {
        this.d0.processClientKeyExchange(byteArrayInputStream);
        TlsProtocol.c(byteArrayInputStream);
        if (TlsUtils.d0(r())) {
            TlsProtocol.m(r(), this.d0);
        }
        this.h0 = this.A.o();
        this.M.i = TlsProtocol.t(r(), this.h0, null);
        if (!TlsUtils.d0(r())) {
            TlsProtocol.m(r(), this.d0);
        }
        this.A.t(x().getCompression(), x().getCipher());
        if (this.X) {
            return;
        }
        Z();
    }

    public void p0(CertificateRequest certificateRequest) throws IOException {
        TlsProtocol.HandshakeMessage handshakeMessage = new TlsProtocol.HandshakeMessage(this, (short) 13);
        certificateRequest.a(handshakeMessage);
        handshakeMessage.a();
    }

    public void q0(CertificateStatus certificateStatus) throws IOException {
        TlsProtocol.HandshakeMessage handshakeMessage = new TlsProtocol.HandshakeMessage(this, (short) 22);
        certificateStatus.a(handshakeMessage);
        handshakeMessage.a();
    }

    @Override // org.bouncycastle.crypto.tls.TlsProtocol
    public TlsContext r() {
        return this.c0;
    }

    public void r0(NewSessionTicket newSessionTicket) throws IOException {
        if (newSessionTicket == null) {
            throw new TlsFatalAlert((short) 80);
        }
        TlsProtocol.HandshakeMessage handshakeMessage = new TlsProtocol.HandshakeMessage(this, (short) 4);
        newSessionTicket.a(handshakeMessage);
        handshakeMessage.a();
    }

    @Override // org.bouncycastle.crypto.tls.TlsProtocol
    public AbstractTlsContext s() {
        return this.c0;
    }

    public void s0() throws IOException {
        byte[] bArr = new byte[4];
        TlsUtils.v1((short) 14, bArr, 0);
        TlsUtils.l1(0, bArr, 1);
        f0(bArr, 0, 4);
    }

    public void t0() throws IOException {
        TlsProtocol.HandshakeMessage handshakeMessage = new TlsProtocol.HandshakeMessage(this, (short) 2);
        ProtocolVersion serverVersion = this.b0.getServerVersion();
        if (!serverVersion.i(r().getClientVersion())) {
            throw new TlsFatalAlert((short) 80);
        }
        this.A.v(serverVersion);
        this.A.x(serverVersion);
        this.A.w(true);
        s().d(serverVersion);
        TlsUtils.A1(serverVersion, handshakeMessage);
        handshakeMessage.write(this.M.h);
        byte[] bArr = TlsUtils.f40240a;
        TlsUtils.d1(bArr, handshakeMessage);
        int selectedCipherSuite = this.b0.getSelectedCipherSuite();
        if (!Arrays.C(this.O, selectedCipherSuite) || selectedCipherSuite == 0 || CipherSuite.a(selectedCipherSuite) || !TlsUtils.l0(selectedCipherSuite, r().getServerVersion())) {
            throw new TlsFatalAlert((short) 80);
        }
        this.M.f40141b = selectedCipherSuite;
        short selectedCompressionMethod = this.b0.getSelectedCompressionMethod();
        if (!Arrays.D(this.P, selectedCompressionMethod)) {
            throw new TlsFatalAlert((short) 80);
        }
        this.M.f40142c = selectedCompressionMethod;
        TlsUtils.e1(selectedCipherSuite, handshakeMessage);
        TlsUtils.u1(selectedCompressionMethod, handshakeMessage);
        Hashtable serverExtensions = this.b0.getServerExtensions();
        this.R = serverExtensions;
        if (this.V) {
            Integer num = TlsProtocol.f40218a;
            if (TlsUtils.O(serverExtensions, num) == null) {
                Hashtable r = TlsExtensionsUtils.r(this.R);
                this.R = r;
                r.put(num, TlsProtocol.k(bArr));
            }
        }
        if (this.M.o) {
            Hashtable r2 = TlsExtensionsUtils.r(this.R);
            this.R = r2;
            TlsExtensionsUtils.b(r2);
        }
        Hashtable hashtable = this.R;
        if (hashtable != null) {
            this.M.n = TlsExtensionsUtils.x(hashtable);
            this.M.l = L(this.Q, this.R, (short) 80);
            this.M.m = TlsExtensionsUtils.z(this.R);
            this.W = !this.T && TlsUtils.X(this.R, TlsExtensionsUtils.g, (short) 80);
            this.X = !this.T && TlsUtils.X(this.R, TlsProtocol.f40219b, (short) 80);
            TlsProtocol.e0(handshakeMessage, this.R);
        }
        this.M.f40143d = TlsProtocol.w(r(), this.M.b());
        this.M.f40144e = 12;
        b();
        handshakeMessage.a();
    }

    public void u0(byte[] bArr) throws IOException {
        TlsProtocol.HandshakeMessage handshakeMessage = new TlsProtocol.HandshakeMessage((short) 12, bArr.length);
        handshakeMessage.write(bArr);
        handshakeMessage.a();
    }

    @Override // org.bouncycastle.crypto.tls.TlsProtocol
    public TlsPeer x() {
        return this.b0;
    }
}
