package org.bouncycastle.jsse.provider;

import _COROUTINE.CoroutineDebuggingKt$$ExternalSyntheticOutline0;
import com.nike.shared.features.events.net.EventsServiceInterface;
import java.io.IOException;
import java.util.ArrayList;
import java.util.Collections;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Hashtable;
import java.util.Iterator;
import java.util.LinkedHashMap;
import java.util.List;
import java.util.Map;
import java.util.Set;
import java.util.Vector;
import java.util.logging.Level;
import java.util.logging.Logger;
import org.bouncycastle.asn1.x500.X500Name;
import org.bouncycastle.jsse.BCSNIServerName;
import org.bouncycastle.jsse.provider.NamedGroupInfo;
import org.bouncycastle.jsse.provider.ProvSSLSessionContext;
import org.bouncycastle.tls.Certificate;
import org.bouncycastle.tls.CertificateRequest;
import org.bouncycastle.tls.DefaultTlsServer;
import org.bouncycastle.tls.ProtocolName;
import org.bouncycastle.tls.ProtocolVersion;
import org.bouncycastle.tls.SessionID;
import org.bouncycastle.tls.SessionParameters;
import org.bouncycastle.tls.SignatureAndHashAlgorithm;
import org.bouncycastle.tls.TlsCredentials;
import org.bouncycastle.tls.TlsExtensionsUtils;
import org.bouncycastle.tls.TlsFatalAlert;
import org.bouncycastle.tls.TlsSession;
import org.bouncycastle.tls.TlsUtils;
import org.bouncycastle.tls.crypto.impl.jcajce.JcaTlsCrypto;
import org.bouncycastle.util.Arrays;
import org.bouncycastle.util.Strings;
import org.bouncycastle.util.encoders.Hex;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: classes4.dex */
public class ProvTlsServer extends DefaultTlsServer implements ProvTlsPeer {
    public static final Logger LOG = Logger.getLogger(ProvTlsServer.class.getName());
    public static final int provEphemeralDHKeySize = PropertyUtils.getIntegerSystemProperty(2048, 1024, 8192, "jdk.tls.ephemeralDHKeySize");
    public static final boolean provServerEnableCA;
    public static final boolean provServerEnableSessionResumption;
    public static final boolean provServerEnableTrustedCAKeys;
    public TlsCredentials credentials;
    public boolean handshakeComplete;
    public final JsseSecurityParameters jsseSecurityParameters;
    public HashSet keyManagerMissCache;
    public final ProvTlsManager manager;
    public BCSNIServerName matchedSNIServerName;
    public final ProvSSLParameters sslParameters;
    public ProvSSLSession sslSession;

    /* JADX WARN: Removed duplicated region for block: B:49:0x011d  */
    /* JADX WARN: Removed duplicated region for block: B:54:0x0110 A[SYNTHETIC] */
    static {
        /*
            Method dump skipped, instructions count: 325
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: org.bouncycastle.jsse.provider.ProvTlsServer.<clinit>():void");
    }

    public ProvTlsServer(ProvTlsManager provTlsManager, ProvSSLParameters provSSLParameters) {
        super(provTlsManager.getContextData().crypto);
        this.jsseSecurityParameters = new JsseSecurityParameters();
        this.sslSession = null;
        this.matchedSNIServerName = null;
        this.keyManagerMissCache = null;
        this.credentials = null;
        this.handshakeComplete = false;
        this.manager = provTlsManager;
        ProvSSLParameters copy = provSSLParameters.copy();
        if (ProvAlgorithmConstraints.DEFAULT != copy.algorithmConstraints) {
            copy.algorithmConstraints = new ProvAlgorithmConstraints(copy.algorithmConstraints, true);
        }
        this.sslParameters = copy;
    }

    @Override // org.bouncycastle.tls.AbstractTlsServer
    public final boolean allowCertificateStatus() {
        return false;
    }

    @Override // org.bouncycastle.tls.AbstractTlsPeer, org.bouncycastle.tls.TlsPeer
    public final boolean allowLegacyResumption() {
        return JsseUtils.provTlsAllowLegacyResumption;
    }

    @Override // org.bouncycastle.tls.AbstractTlsServer
    public final boolean allowTrustedCAIndication() {
        return this.jsseSecurityParameters.trustedIssuers != null;
    }

    @Override // org.bouncycastle.tls.AbstractTlsServer, org.bouncycastle.tls.TlsServer
    public final CertificateRequest getCertificateRequest() throws IOException {
        ProvSSLParameters provSSLParameters = this.sslParameters;
        if (!(provSSLParameters.needClientAuth || provSSLParameters.wantClientAuth)) {
            return null;
        }
        ContextData contextData = this.manager.getContextData();
        ProtocolVersion serverVersion = this.context.getServerVersion();
        List<SignatureSchemeInfo> activeCertsSignatureSchemes = contextData.getActiveCertsSignatureSchemes(true, this.sslParameters, new ProtocolVersion[]{serverVersion}, this.jsseSecurityParameters.namedGroups);
        JsseSecurityParameters jsseSecurityParameters = this.jsseSecurityParameters;
        jsseSecurityParameters.localSigSchemes = activeCertsSignatureSchemes;
        jsseSecurityParameters.localSigSchemesCert = activeCertsSignatureSchemes;
        Vector<SignatureAndHashAlgorithm> signatureAndHashAlgorithms = SignatureSchemeInfo.getSignatureAndHashAlgorithms(activeCertsSignatureSchemes);
        Vector<X500Name> certificateAuthorities = provServerEnableCA ? JsseUtils.getCertificateAuthorities(contextData.x509TrustManager) : null;
        if (!TlsUtils.isTLSv13(serverVersion)) {
            return new CertificateRequest(new short[]{64, 1, 2}, signatureAndHashAlgorithms, certificateAuthorities);
        }
        byte[] bArr = TlsUtils.EMPTY_BYTES;
        JsseSecurityParameters jsseSecurityParameters2 = this.jsseSecurityParameters;
        List<SignatureSchemeInfo> list = jsseSecurityParameters2.localSigSchemes;
        List<SignatureSchemeInfo> list2 = jsseSecurityParameters2.localSigSchemesCert;
        return new CertificateRequest(bArr, signatureAndHashAlgorithms, list != list2 ? SignatureSchemeInfo.getSignatureAndHashAlgorithms(list2) : null, certificateAuthorities);
    }

    @Override // org.bouncycastle.tls.AbstractTlsServer, org.bouncycastle.tls.TlsServer
    public final void getCertificateStatus() throws IOException {
    }

    @Override // org.bouncycastle.tls.DefaultTlsServer, org.bouncycastle.tls.TlsServer
    public final TlsCredentials getCredentials() throws IOException {
        TlsCredentials tlsCredentials = this.credentials;
        if (tlsCredentials != null) {
            return tlsCredentials;
        }
        throw new TlsFatalAlert((short) 80);
    }

    @Override // org.bouncycastle.tls.AbstractTlsPeer, org.bouncycastle.tls.TlsPeer
    public final JcaTlsCrypto getCrypto() {
        return this.manager.getContextData().crypto;
    }

    @Override // org.bouncycastle.tls.AbstractTlsPeer, org.bouncycastle.tls.TlsPeer
    public final int getMaxCertificateChainLength() {
        return JsseUtils.provTlsMaxCertificateChainLength;
    }

    @Override // org.bouncycastle.tls.AbstractTlsPeer, org.bouncycastle.tls.TlsPeer
    public final int getMaxHandshakeMessageSize() {
        return JsseUtils.provTlsMaxHandshakeMessageSize;
    }

    @Override // org.bouncycastle.tls.AbstractTlsServer
    public final int getMaximumNegotiableCurveBits() {
        int i;
        Iterator<NamedGroupInfo> it = NamedGroupInfo.getEffectivePeer(this.jsseSecurityParameters.namedGroups).iterator();
        int i2 = 0;
        while (it.hasNext()) {
            i = it.next().all.bitsECDH;
            i2 = Math.max(i2, i);
        }
        return i2;
    }

    @Override // org.bouncycastle.tls.AbstractTlsServer
    public final int getMaximumNegotiableFiniteFieldBits() {
        int i;
        Iterator<NamedGroupInfo> it = NamedGroupInfo.getEffectivePeer(this.jsseSecurityParameters.namedGroups).iterator();
        int i2 = 0;
        while (it.hasNext()) {
            i = it.next().all.bitsFFDHE;
            i2 = Math.max(i2, i);
        }
        if (i2 >= provEphemeralDHKeySize) {
            return i2;
        }
        return 0;
    }

    @Override // org.bouncycastle.tls.AbstractTlsServer, org.bouncycastle.tls.TlsServer
    public final byte[] getNewSessionID() {
        if (!provServerEnableSessionResumption || TlsUtils.isTLSv13(this.context)) {
            return null;
        }
        return this.context.getNonceGenerator().generateNonce(32);
    }

    @Override // org.bouncycastle.tls.AbstractTlsServer
    public final Vector<ProtocolName> getProtocolNames() {
        return JsseUtils.getProtocolNames((String[]) this.sslParameters.applicationProtocols.clone());
    }

    /* JADX WARN: Removed duplicated region for block: B:16:0x0049 A[EXC_TOP_SPLITTER, SYNTHETIC] */
    @Override // org.bouncycastle.tls.AbstractTlsServer, org.bouncycastle.tls.TlsServer
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public final int getSelectedCipherSuite() throws java.io.IOException {
        /*
            r9 = this;
            org.bouncycastle.jsse.provider.ProvTlsManager r0 = r9.manager
            org.bouncycastle.jsse.provider.ContextData r0 = r0.getContextData()
            org.bouncycastle.tls.TlsServerContext r1 = r9.context
            org.bouncycastle.tls.SecurityParameters r1 = r1.getSecurityParametersHandshake()
            int[] r2 = r1.clientSupportedGroups
            org.bouncycastle.jsse.provider.JsseSecurityParameters r3 = r9.jsseSecurityParameters
            org.bouncycastle.jsse.provider.NamedGroupInfo$PerConnection r3 = r3.namedGroups
            java.util.logging.Logger r4 = org.bouncycastle.jsse.provider.NamedGroupInfo.LOG
            java.util.Map<java.lang.Integer, org.bouncycastle.jsse.provider.NamedGroupInfo> r4 = r3.local
            boolean r5 = org.bouncycastle.tls.TlsUtils.isNullOrEmpty(r2)
            if (r5 == 0) goto L1d
            goto L40
        L1d:
            int r5 = r2.length
            java.util.ArrayList r6 = new java.util.ArrayList
            r6.<init>(r5)
            r7 = 0
        L24:
            if (r7 >= r5) goto L3a
            r8 = r2[r7]
            java.lang.Integer r8 = java.lang.Integer.valueOf(r8)
            java.lang.Object r8 = r4.get(r8)
            org.bouncycastle.jsse.provider.NamedGroupInfo r8 = (org.bouncycastle.jsse.provider.NamedGroupInfo) r8
            if (r8 == 0) goto L37
            r6.add(r8)
        L37:
            int r7 = r7 + 1
            goto L24
        L3a:
            boolean r2 = r6.isEmpty()
            if (r2 == 0) goto L45
        L40:
            java.util.List r6 = java.util.Collections.emptyList()
            goto L48
        L45:
            r6.trimToSize()
        L48:
            monitor-enter(r3)
            r3.peer = r6     // Catch: java.lang.Throwable -> Lcc
            monitor-exit(r3)
            java.util.Vector r2 = r1.clientSigAlgs
            java.util.Vector r1 = r1.clientSigAlgsCert
            org.bouncycastle.jsse.provider.JsseSecurityParameters r3 = r9.jsseSecurityParameters
            java.util.List r4 = r0.getSignatureSchemes(r2)
            r3.peerSigSchemes = r4
            org.bouncycastle.jsse.provider.JsseSecurityParameters r3 = r9.jsseSecurityParameters
            if (r2 != r1) goto L5f
            java.util.List<org.bouncycastle.jsse.provider.SignatureSchemeInfo> r1 = r3.peerSigSchemes
            goto L63
        L5f:
            java.util.List r1 = r0.getSignatureSchemes(r1)
        L63:
            r3.peerSigSchemesCert = r1
            java.util.logging.Logger r1 = org.bouncycastle.jsse.provider.ProvTlsServer.LOG
            java.util.logging.Level r2 = java.util.logging.Level.FINEST
            boolean r2 = r1.isLoggable(r2)
            if (r2 == 0) goto L8d
            java.lang.String r2 = "Peer signature_algorithms"
            org.bouncycastle.jsse.provider.JsseSecurityParameters r3 = r9.jsseSecurityParameters
            java.util.List<org.bouncycastle.jsse.provider.SignatureSchemeInfo> r3 = r3.peerSigSchemes
            java.lang.String r2 = org.bouncycastle.jsse.provider.JsseUtils.getSignatureAlgorithmsReport(r2, r3)
            r1.finest(r2)
            org.bouncycastle.jsse.provider.JsseSecurityParameters r2 = r9.jsseSecurityParameters
            java.util.List<org.bouncycastle.jsse.provider.SignatureSchemeInfo> r3 = r2.peerSigSchemesCert
            java.util.List<org.bouncycastle.jsse.provider.SignatureSchemeInfo> r2 = r2.peerSigSchemes
            if (r3 == r2) goto L8d
            java.lang.String r2 = "Peer signature_algorithms_cert"
            java.lang.String r2 = org.bouncycastle.jsse.provider.JsseUtils.getSignatureAlgorithmsReport(r2, r3)
            r1.finest(r2)
        L8d:
            org.bouncycastle.jsse.BCX509ExtendedKeyManager r2 = org.bouncycastle.jsse.provider.DummyX509KeyManager.INSTANCE
            org.bouncycastle.jsse.BCX509ExtendedKeyManager r0 = r0.x509KeyManager
            if (r2 == r0) goto Lc4
            java.util.HashSet r0 = new java.util.HashSet
            r0.<init>()
            r9.keyManagerMissCache = r0
            int r0 = super.getSelectedCipherSuite()
            r2 = 0
            r9.keyManagerMissCache = r2
            org.bouncycastle.jsse.provider.ProvTlsManager r2 = r9.manager
            org.bouncycastle.jsse.provider.ContextData r2 = r2.getContextData()
            org.bouncycastle.jsse.provider.ProvSSLContextSpi r2 = r2.context
            org.bouncycastle.jsse.provider.ProvSSLParameters r3 = r9.sslParameters
            java.lang.String r2 = r2.validateNegotiatedCipherSuite(r3, r0)
            java.lang.StringBuilder r3 = new java.lang.StringBuilder
            r3.<init>()
            java.lang.String r4 = "Server selected cipher suite: "
            r3.append(r4)
            r3.append(r2)
            java.lang.String r2 = r3.toString()
            r1.fine(r2)
            return r0
        Lc4:
            org.bouncycastle.tls.TlsFatalAlert r0 = new org.bouncycastle.tls.TlsFatalAlert
            r1 = 40
            r0.<init>(r1)
            throw r0
        Lcc:
            r0 = move-exception
            monitor-exit(r3)
            throw r0
        */
        throw new UnsupportedOperationException("Method not decompiled: org.bouncycastle.jsse.provider.ProvTlsServer.getSelectedCipherSuite():int");
    }

    @Override // org.bouncycastle.tls.AbstractTlsServer, org.bouncycastle.tls.TlsServer
    public final Hashtable<Integer, byte[]> getServerExtensions() throws IOException {
        super.getServerExtensions();
        if (this.matchedSNIServerName != null) {
            this.serverExtensions.put(TlsExtensionsUtils.EXT_server_name, TlsUtils.EMPTY_BYTES);
        }
        return this.serverExtensions;
    }

    @Override // org.bouncycastle.tls.AbstractTlsServer, org.bouncycastle.tls.TlsServer
    public final ProtocolVersion getServerVersion() throws IOException {
        ProtocolVersion serverVersion = super.getServerVersion();
        String validateNegotiatedProtocol = this.manager.getContextData().context.validateNegotiatedProtocol(this.sslParameters, serverVersion);
        LOG.fine("Server selected protocol version: " + validateNegotiatedProtocol);
        return serverVersion;
    }

    @Override // org.bouncycastle.tls.AbstractTlsServer, org.bouncycastle.tls.TlsServer
    public final TlsSession getSessionToResume(byte[] bArr) {
        ProvSSLSession accessSession;
        SessionParameters exportSessionParameters;
        ProvSSLSessionContext provSSLSessionContext = this.manager.getContextData().serverSessionContext;
        if (provServerEnableSessionResumption) {
            synchronized (provSSLSessionContext) {
                provSSLSessionContext.processQueue();
                Map<SessionID, ProvSSLSessionContext.SessionEntry> map = provSSLSessionContext.sessionsByID;
                SessionID sessionID = TlsUtils.isNullOrEmpty(bArr) ? null : new SessionID(bArr);
                HashMap hashMap = (HashMap) map;
                hashMap.getClass();
                accessSession = provSSLSessionContext.accessSession((ProvSSLSessionContext.SessionEntry) (sessionID == null ? null : hashMap.get(sessionID)));
            }
            if (accessSession != null) {
                TlsSession tlsSession = accessSession.tlsSession;
                boolean z = false;
                if (tlsSession != null && tlsSession.isResumable()) {
                    ProtocolVersion protocolVersion = this.context.getSecurityParametersHandshake().negotiatedVersion;
                    if (!TlsUtils.isTLSv13(protocolVersion) && (exportSessionParameters = tlsSession.exportSessionParameters()) != null && protocolVersion.equals(exportSessionParameters.negotiatedVersion)) {
                        if (Arrays.contains(exportSessionParameters.cipherSuite, this.cipherSuites)) {
                            if (Arrays.contains(exportSessionParameters.cipherSuite, this.offeredCipherSuites) && exportSessionParameters.extendedMasterSecret) {
                                JsseSessionParameters jsseSessionParameters = accessSession.jsseSessionParameters;
                                BCSNIServerName bCSNIServerName = this.matchedSNIServerName;
                                BCSNIServerName bCSNIServerName2 = jsseSessionParameters.matchedSNIServerName;
                                boolean z2 = JsseUtils.provTlsAllowLegacyMasterSecret;
                                if (bCSNIServerName == bCSNIServerName2 || !(bCSNIServerName == null || bCSNIServerName2 == null || !bCSNIServerName.equals(bCSNIServerName2))) {
                                    z = true;
                                } else {
                                    LOG.finest("Session not resumable - SNI mismatch; connection: " + bCSNIServerName + ", session: " + bCSNIServerName2);
                                }
                            }
                        }
                    }
                }
                if (z) {
                    this.sslSession = accessSession;
                    return tlsSession;
                }
            }
        }
        JsseUtils.checkSessionCreationEnabled(this.manager);
        return null;
    }

    @Override // org.bouncycastle.tls.DefaultTlsServer, org.bouncycastle.tls.AbstractTlsPeer
    public final int[] getSupportedCipherSuites() {
        return this.manager.getContextData().context.getActiveCipherSuites(getCrypto(), this.sslParameters, this.protocolVersions);
    }

    @Override // org.bouncycastle.tls.AbstractTlsServer, org.bouncycastle.tls.TlsServer
    public final int[] getSupportedGroups() throws IOException {
        int i = 0;
        this.jsseSecurityParameters.namedGroups = this.manager.getContextData().getNamedGroups(this.sslParameters, new ProtocolVersion[]{this.context.getServerVersion()});
        NamedGroupInfo.PerConnection perConnection = this.jsseSecurityParameters.namedGroups;
        Logger logger = NamedGroupInfo.LOG;
        Set<Integer> keySet = perConnection.local.keySet();
        int[] iArr = new int[keySet.size()];
        Iterator<Integer> it = keySet.iterator();
        while (it.hasNext()) {
            iArr[i] = it.next().intValue();
            i++;
        }
        return iArr;
    }

    @Override // org.bouncycastle.tls.AbstractTlsPeer
    public final ProtocolVersion[] getSupportedVersions() {
        return this.manager.getContextData().context.getActiveProtocolVersions(this.sslParameters);
    }

    public final void handleKeyManagerMisses(LinkedHashMap<String, SignatureSchemeInfo> linkedHashMap, String str) {
        for (Map.Entry<String, SignatureSchemeInfo> entry : linkedHashMap.entrySet()) {
            String key = entry.getKey();
            if (key.equals(str)) {
                return;
            }
            this.keyManagerMissCache.add(key);
            Logger logger = LOG;
            if (logger.isLoggable(Level.FINER)) {
                logger.finer("Server found no credentials for signature scheme '" + entry.getValue() + "' (keyType '" + key + "')");
            }
        }
    }

    @Override // org.bouncycastle.jsse.provider.ProvTlsPeer
    public final synchronized boolean isHandshakeComplete() {
        return this.handshakeComplete;
    }

    @Override // org.bouncycastle.tls.AbstractTlsPeer, org.bouncycastle.tls.TlsPeer
    public final void notifyAlertRaised(short s, short s2, String str, Exception exc) {
        Level level = s == 1 ? Level.FINE : s2 == 80 ? Level.WARNING : Level.INFO;
        Logger logger = LOG;
        if (logger.isLoggable(level)) {
            logger.log(level, CoroutineDebuggingKt$$ExternalSyntheticOutline0.m(JsseUtils.getAlertLogMessage("Server raised", s, s2), EventsServiceInterface.CL_SP, str), (Throwable) exc);
        }
    }

    @Override // org.bouncycastle.tls.AbstractTlsPeer, org.bouncycastle.tls.TlsPeer
    public final void notifyAlertReceived(short s, short s2) {
        Level level = s == 1 ? Level.FINE : Level.INFO;
        Logger logger = LOG;
        if (logger.isLoggable(level)) {
            logger.log(level, JsseUtils.getAlertLogMessage("Server received", s, s2));
        }
    }

    @Override // org.bouncycastle.tls.AbstractTlsServer, org.bouncycastle.tls.TlsServer
    public final void notifyClientCertificate(Certificate certificate) throws IOException {
        ProvSSLParameters provSSLParameters = this.sslParameters;
        if (!(provSSLParameters.needClientAuth || provSSLParameters.wantClientAuth)) {
            throw new TlsFatalAlert((short) 80);
        }
        if (certificate != null && !certificate.isEmpty()) {
            this.manager.checkClientTrusted(JsseUtils.getX509CertificateChain(getCrypto(), certificate));
        } else if (this.sslParameters.needClientAuth) {
            throw new TlsFatalAlert(TlsUtils.isTLSv13(this.context) ? (short) 116 : (short) 40);
        }
    }

    @Override // org.bouncycastle.tls.AbstractTlsPeer, org.bouncycastle.tls.TlsPeer
    public final synchronized void notifyHandshakeComplete() throws IOException {
        boolean z = true;
        this.handshakeComplete = true;
        TlsSession session = this.context.getSession();
        ProvSSLSession provSSLSession = this.sslSession;
        if (provSSLSession == null || provSSLSession.tlsSession != session) {
            ProvSSLSessionContext provSSLSessionContext = this.manager.getContextData().serverSessionContext;
            String peerHost = this.manager.getPeerHost();
            int peerPort = this.manager.getPeerPort();
            JsseSessionParameters jsseSessionParameters = new JsseSessionParameters(null, this.matchedSNIServerName);
            if (!provServerEnableSessionResumption || TlsUtils.isTLSv13(this.context) || !this.context.getSecurityParametersConnection().extendedMasterSecret) {
                z = false;
            }
            this.sslSession = provSSLSessionContext.reportSession(peerHost, peerPort, session, jsseSessionParameters, z);
        }
        this.manager.notifyHandshakeComplete(new ProvSSLConnection(this.context, this.sslSession));
    }

    @Override // org.bouncycastle.tls.AbstractTlsPeer, org.bouncycastle.tls.TlsPeer
    public final void notifySecureRenegotiation(boolean z) throws IOException {
        if (!z && !PropertyUtils.getBooleanSystemProperty("sun.security.ssl.allowLegacyHelloMessages", true)) {
            throw new TlsFatalAlert((short) 40);
        }
    }

    @Override // org.bouncycastle.tls.AbstractTlsServer, org.bouncycastle.tls.TlsServer
    public final void notifySession(TlsSession tlsSession) {
        Logger logger;
        String sb;
        byte[] sessionID = tlsSession.getSessionID();
        ProvSSLSession provSSLSession = this.sslSession;
        if (provSSLSession != null && provSSLSession.tlsSession == tlsSession) {
            Logger logger2 = LOG;
            StringBuilder m = CoroutineDebuggingKt$$ExternalSyntheticOutline0.m("Server resumed session: ");
            m.append(Hex.toHexString(sessionID));
            logger2.fine(m.toString());
        } else {
            this.sslSession = null;
            if (TlsUtils.isNullOrEmpty(sessionID)) {
                logger = LOG;
                sb = "Server did not specify a session ID";
            } else {
                logger = LOG;
                StringBuilder m2 = CoroutineDebuggingKt$$ExternalSyntheticOutline0.m("Server specified new session: ");
                m2.append(Hex.toHexString(sessionID));
                sb = m2.toString();
            }
            logger.fine(sb);
            JsseUtils.checkSessionCreationEnabled(this.manager);
        }
        ProvTlsManager provTlsManager = this.manager;
        provTlsManager.notifyHandshakeSession(provTlsManager.getContextData().serverSessionContext, this.context.getSecurityParametersHandshake(), this.jsseSecurityParameters, this.sslSession);
    }

    @Override // org.bouncycastle.tls.AbstractTlsServer
    public final boolean preferLocalCipherSuites() {
        return this.sslParameters.useCipherSuitesOrder;
    }

    /* JADX WARN: Code restructure failed: missing block: B:39:0x002f, code lost:
    
        continue;
     */
    /* JADX WARN: Code restructure failed: missing block: B:70:0x00e9, code lost:
    
        throw new java.lang.IllegalStateException("TrustedAuthority is not of type x509_name");
     */
    @Override // org.bouncycastle.tls.AbstractTlsServer, org.bouncycastle.tls.TlsServer
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public final void processClientExtensions(java.util.Hashtable r9) throws java.io.IOException {
        /*
            Method dump skipped, instructions count: 238
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: org.bouncycastle.jsse.provider.ProvTlsServer.processClientExtensions(java.util.Hashtable):void");
    }

    @Override // org.bouncycastle.tls.AbstractTlsPeer, org.bouncycastle.tls.TlsPeer
    public final boolean requiresCloseNotify() {
        return JsseUtils.provTlsRequireCloseNotify;
    }

    @Override // org.bouncycastle.tls.AbstractTlsPeer, org.bouncycastle.tls.TlsPeer
    public final boolean requiresExtendedMasterSecret() {
        return !JsseUtils.provTlsAllowLegacyMasterSecret;
    }

    /* JADX WARN: Removed duplicated region for block: B:22:0x0259  */
    @Override // org.bouncycastle.tls.AbstractTlsServer
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public final boolean selectCipherSuite(int r17) throws java.io.IOException {
        /*
            Method dump skipped, instructions count: 644
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: org.bouncycastle.jsse.provider.ProvTlsServer.selectCipherSuite(int):boolean");
    }

    @Override // org.bouncycastle.tls.AbstractTlsServer
    public final int selectDH(int i) {
        int i2;
        int i3;
        int max = Math.max(i, provEphemeralDHKeySize);
        for (NamedGroupInfo namedGroupInfo : NamedGroupInfo.getEffectivePeer(this.jsseSecurityParameters.namedGroups)) {
            i2 = namedGroupInfo.all.bitsFFDHE;
            if (i2 >= max) {
                i3 = namedGroupInfo.all.namedGroup;
                return i3;
            }
        }
        return -1;
    }

    @Override // org.bouncycastle.tls.AbstractTlsServer
    public final int selectDHDefault(int i) {
        throw new UnsupportedOperationException();
    }

    @Override // org.bouncycastle.tls.AbstractTlsServer
    public final int selectECDH(int i) {
        int i2;
        int i3;
        for (NamedGroupInfo namedGroupInfo : NamedGroupInfo.getEffectivePeer(this.jsseSecurityParameters.namedGroups)) {
            i2 = namedGroupInfo.all.bitsECDH;
            if (i2 >= i) {
                i3 = namedGroupInfo.all.namedGroup;
                return i3;
            }
        }
        return -1;
    }

    @Override // org.bouncycastle.tls.AbstractTlsServer
    public final int selectECDHDefault(int i) {
        throw new UnsupportedOperationException();
    }

    @Override // org.bouncycastle.tls.AbstractTlsServer
    public final ProtocolName selectProtocolName() throws IOException {
        ArrayList arrayList;
        ProvSSLParameters provSSLParameters = this.sslParameters;
        if (provSSLParameters.engineAPSelector == null && provSSLParameters.socketAPSelector == null) {
            return super.selectProtocolName();
        }
        Vector vector = this.clientProtocolNames;
        boolean z = JsseUtils.provTlsAllowLegacyMasterSecret;
        if (vector == null || vector.isEmpty()) {
            arrayList = null;
        } else {
            arrayList = new ArrayList(vector.size());
            Iterator it = vector.iterator();
            while (it.hasNext()) {
                arrayList.add(Strings.fromUTF8ByteArray(((ProtocolName) it.next()).bytes));
            }
        }
        String selectApplicationProtocol = this.manager.selectApplicationProtocol(Collections.unmodifiableList(arrayList));
        if (selectApplicationProtocol == null) {
            throw new TlsFatalAlert((short) 120);
        }
        if (selectApplicationProtocol.length() < 1) {
            return null;
        }
        if (arrayList.contains(selectApplicationProtocol)) {
            return ProtocolName.asUtf8Encoding(selectApplicationProtocol);
        }
        throw new TlsFatalAlert((short) 120);
    }

    @Override // org.bouncycastle.tls.AbstractTlsServer
    public final boolean shouldSelectProtocolNameEarly() {
        ProvSSLParameters provSSLParameters = this.sslParameters;
        return provSSLParameters.engineAPSelector == null && provSSLParameters.socketAPSelector == null;
    }

    @Override // org.bouncycastle.tls.AbstractTlsPeer, org.bouncycastle.tls.TlsPeer
    public final boolean shouldUseExtendedMasterSecret() {
        return JsseUtils.provTlsUseExtendedMasterSecret;
    }
}
