package org.bouncycastle.tls;

import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.util.Arrays;
import java.util.Hashtable;
import java.util.Vector;
import org.bouncycastle.asn1.x500.X500Name;

/* loaded from: classes4.dex */
public class TlsServerProtocol extends TlsProtocol {
    public CertificateRequest certificateRequest;
    public TlsKeyExchange keyExchange;
    public int[] offeredCipherSuites;
    public TlsServer tlsServer;
    public TlsServerContextImpl tlsServerContext;

    public TlsServerProtocol() {
        this.tlsServer = null;
        this.tlsServerContext = null;
        this.offeredCipherSuites = null;
        this.keyExchange = null;
        this.certificateRequest = null;
    }

    public TlsServerProtocol(InputStream inputStream, OutputStream outputStream) {
        super(inputStream, outputStream);
        this.tlsServer = null;
        this.tlsServerContext = null;
        this.offeredCipherSuites = null;
        this.keyExchange = null;
        this.certificateRequest = null;
    }

    /* JADX WARN: Multi-variable type inference failed */
    public final void accept(TlsServer tlsServer) throws IOException {
        if (this.tlsServer != null) {
            throw new IllegalStateException("'accept' can only be called once");
        }
        this.tlsServer = tlsServer;
        TlsServerContextImpl tlsServerContextImpl = new TlsServerContextImpl(tlsServer.getCrypto());
        this.tlsServerContext = tlsServerContextImpl;
        ((AbstractTlsServer) tlsServer).init(tlsServerContextImpl);
        ((AbstractTlsPeer) tlsServer).closeHandle = this;
        beginHandshake(false);
        if (this.blocking) {
            blockForHandshake();
        }
    }

    @Override // org.bouncycastle.tls.TlsProtocol
    public final void cleanupHandshake() {
        super.cleanupHandshake();
        this.offeredCipherSuites = null;
        this.keyExchange = null;
        this.certificateRequest = null;
    }

    public final boolean expectCertificateVerifyMessage() {
        Certificate certificate;
        if (this.certificateRequest == null || (certificate = this.tlsServerContext.getSecurityParametersHandshake().peerCertificate) == null || certificate.isEmpty()) {
            return false;
        }
        TlsKeyExchange tlsKeyExchange = this.keyExchange;
        return tlsKeyExchange == null || tlsKeyExchange.requiresCertificateVerify();
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Removed duplicated region for block: B:118:0x0249  */
    /* JADX WARN: Removed duplicated region for block: B:140:0x028a  */
    /* JADX WARN: Removed duplicated region for block: B:152:0x02f5  */
    /* JADX WARN: Removed duplicated region for block: B:160:0x02fd  */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public final org.bouncycastle.tls.ServerHello generate13ServerHello(org.bouncycastle.tls.ClientHello r19, org.bouncycastle.tls.HandshakeMessageInput r20, boolean r21) throws java.io.IOException {
        /*
            Method dump skipped, instructions count: 1052
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: org.bouncycastle.tls.TlsServerProtocol.generate13ServerHello(org.bouncycastle.tls.ClientHello, org.bouncycastle.tls.HandshakeMessageInput, boolean):org.bouncycastle.tls.ServerHello");
    }

    @Override // org.bouncycastle.tls.TlsProtocol
    public final TlsContext getContext() {
        return this.tlsServerContext;
    }

    @Override // org.bouncycastle.tls.TlsProtocol
    public final AbstractTlsContext getContextAdmin() {
        return this.tlsServerContext;
    }

    @Override // org.bouncycastle.tls.TlsProtocol
    public final TlsPeer getPeer() {
        return this.tlsServer;
    }

    /* JADX WARN: Code restructure failed: missing block: B:10:0x0018, code lost:
    
        if (r0 != 14) goto L16;
     */
    @Override // org.bouncycastle.tls.TlsProtocol
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public final void handleAlertWarningMessage(short r3) throws java.io.IOException {
        /*
            r2 = this;
            r0 = 41
            if (r0 != r3) goto L2b
            org.bouncycastle.tls.CertificateRequest r0 = r2.certificateRequest
            if (r0 == 0) goto L2b
            org.bouncycastle.tls.TlsServerContextImpl r0 = r2.tlsServerContext
            boolean r0 = org.bouncycastle.tls.TlsUtils.isSSL(r0)
            if (r0 == 0) goto L2b
            short r0 = r2.connection_state
            r1 = 12
            if (r0 == r1) goto L1b
            r1 = 14
            if (r0 == r1) goto L21
            goto L2b
        L1b:
            org.bouncycastle.tls.TlsServer r3 = r2.tlsServer
            r0 = 0
            r3.processClientSupplementalData(r0)
        L21:
            org.bouncycastle.tls.Certificate r3 = org.bouncycastle.tls.Certificate.EMPTY_CHAIN
            r2.notifyClientCertificate(r3)
            r3 = 15
            r2.connection_state = r3
            return
        L2b:
            super.handleAlertWarningMessage(r3)
            return
        */
        throw new UnsupportedOperationException("Method not decompiled: org.bouncycastle.tls.TlsServerProtocol.handleAlertWarningMessage(short):void");
    }

    /* JADX WARN: Failed to find 'out' block for switch in B:282:0x07d8. Please report as an issue. */
    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Removed duplicated region for block: B:108:0x01bd  */
    /* JADX WARN: Removed duplicated region for block: B:111:0x01d4  */
    /* JADX WARN: Removed duplicated region for block: B:114:0x01eb  */
    /* JADX WARN: Removed duplicated region for block: B:433:0x06cc  */
    /* JADX WARN: Type inference failed for: r0v184 */
    /* JADX WARN: Type inference failed for: r0v185 */
    /* JADX WARN: Type inference failed for: r0v42 */
    /* JADX WARN: Type inference failed for: r0v43, types: [org.bouncycastle.tls.TlsCredentials] */
    /* JADX WARN: Type inference failed for: r4v21, types: [org.bouncycastle.tls.TlsKeyExchange] */
    @Override // org.bouncycastle.tls.TlsProtocol
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public final void handleHandshakeMessage(short r25, org.bouncycastle.tls.HandshakeMessageInput r26) throws java.io.IOException {
        /*
            Method dump skipped, instructions count: 2568
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: org.bouncycastle.tls.TlsServerProtocol.handleHandshakeMessage(short, org.bouncycastle.tls.HandshakeMessageInput):void");
    }

    public final void notifyClientCertificate(Certificate certificate) throws IOException {
        if (this.certificateRequest == null) {
            throw new TlsFatalAlert((short) 80);
        }
        TlsServerContextImpl tlsServerContextImpl = this.tlsServerContext;
        TlsKeyExchange tlsKeyExchange = this.keyExchange;
        TlsServer tlsServer = this.tlsServer;
        byte[] bArr = TlsUtils.DOWNGRADE_TLS11;
        SecurityParameters securityParametersHandshake = tlsServerContextImpl.getSecurityParametersHandshake();
        if (securityParametersHandshake.peerCertificate != null) {
            throw new TlsFatalAlert((short) 10);
        }
        if (!TlsUtils.isTLSv13(securityParametersHandshake.negotiatedVersion)) {
            if (certificate.isEmpty()) {
                tlsKeyExchange.skipClientCredentials();
            } else {
                tlsKeyExchange.processClientCertificate(certificate);
            }
        }
        securityParametersHandshake.peerCertificate = certificate;
        tlsServer.notifyClientCertificate(certificate);
    }

    public final void send13ServerHelloCoda() throws IOException {
        TlsCredentialedSigner tlsCredentialedSigner;
        SecurityParameters securityParametersHandshake = this.tlsServerContext.getSecurityParametersHandshake();
        byte[] currentPRFHash = TlsUtils.getCurrentPRFHash(this.handshakeHash);
        TlsServerContextImpl tlsServerContextImpl = this.tlsServerContext;
        RecordStream recordStream = this.recordStream;
        SecurityParameters securityParametersHandshake2 = tlsServerContextImpl.getSecurityParametersHandshake();
        TlsUtils.establish13TrafficSecrets(tlsServerContextImpl, currentPRFHash, securityParametersHandshake2.handshakeSecret, "c hs traffic", "s hs traffic", recordStream);
        securityParametersHandshake2.baseKeyClient = securityParametersHandshake2.trafficSecretClient;
        securityParametersHandshake2.baseKeyServer = securityParametersHandshake2.trafficSecretServer;
        this.recordStream.enablePendingCipherWrite();
        this.recordStream.enablePendingCipherRead(true);
        byte[] writeExtensionsData = TlsProtocol.writeExtensionsData(this.serverExtensions, 0);
        HandshakeMessageOutput handshakeMessageOutput = new HandshakeMessageOutput((short) 8);
        TlsUtils.writeOpaque16(handshakeMessageOutput, writeExtensionsData);
        handshakeMessageOutput.send(this);
        this.connection_state = (short) 5;
        if (!this.selectedPSK13) {
            CertificateRequest certificateRequest = this.tlsServer.getCertificateRequest();
            this.certificateRequest = certificateRequest;
            if (certificateRequest != null) {
                if (!Arrays.equals(certificateRequest.certificateRequestContext, TlsUtils.EMPTY_BYTES)) {
                    throw new TlsFatalAlert((short) 80);
                }
                TlsUtils.establishServerSigAlgs(securityParametersHandshake, this.certificateRequest);
                sendCertificateRequestMessage(this.certificateRequest);
                this.connection_state = (short) 11;
            }
            TlsCredentials credentials = this.tlsServer.getCredentials();
            if (credentials == null) {
                tlsCredentialedSigner = null;
            } else {
                if (!(credentials instanceof TlsCredentialedSigner)) {
                    throw new TlsFatalAlert((short) 80);
                }
                tlsCredentialedSigner = (TlsCredentialedSigner) credentials;
            }
            if (tlsCredentialedSigner == null) {
                throw new TlsFatalAlert((short) 80);
            }
            send13CertificateMessage(tlsCredentialedSigner.getCertificate());
            securityParametersHandshake.getClass();
            this.connection_state = (short) 7;
            DigitallySigned generate13CertificateVerify = TlsUtils.generate13CertificateVerify(this.tlsServerContext, tlsCredentialedSigner, this.handshakeHash);
            HandshakeMessageOutput handshakeMessageOutput2 = new HandshakeMessageOutput((short) 15);
            SignatureAndHashAlgorithm signatureAndHashAlgorithm = generate13CertificateVerify.algorithm;
            if (signatureAndHashAlgorithm != null) {
                handshakeMessageOutput2.write(signatureAndHashAlgorithm.hash);
                handshakeMessageOutput2.write(signatureAndHashAlgorithm.signature);
            }
            TlsUtils.writeOpaque16(handshakeMessageOutput2, generate13CertificateVerify.signature);
            handshakeMessageOutput2.send(this);
            this.connection_state = (short) 17;
        }
        AbstractTlsContext abstractTlsContext = (AbstractTlsContext) getContext();
        SecurityParameters securityParametersHandshake3 = abstractTlsContext.getSecurityParametersHandshake();
        byte[] calculateVerifyData = TlsUtils.calculateVerifyData(abstractTlsContext, this.handshakeHash, abstractTlsContext.isServer());
        securityParametersHandshake3.localVerifyData = calculateVerifyData;
        HandshakeMessageOutput.send(this, (short) 20, calculateVerifyData);
        this.connection_state = (short) 20;
        TlsUtils.establish13PhaseApplication(this.tlsServerContext, TlsUtils.getCurrentPRFHash(this.handshakeHash), this.recordStream);
        this.recordStream.enablePendingCipherWrite();
    }

    public final void sendCertificateRequestMessage(CertificateRequest certificateRequest) throws IOException {
        HandshakeMessageOutput handshakeMessageOutput = new HandshakeMessageOutput((short) 13);
        TlsServerContextImpl tlsServerContextImpl = this.tlsServerContext;
        certificateRequest.getClass();
        ProtocolVersion serverVersion = tlsServerContextImpl.getServerVersion();
        boolean isTLSv12 = TlsUtils.isTLSv12(serverVersion);
        boolean isTLSv13 = TlsUtils.isTLSv13(serverVersion);
        byte[] bArr = certificateRequest.certificateRequestContext;
        if (isTLSv13 == (bArr != null)) {
            short[] sArr = certificateRequest.certificateTypes;
            if (isTLSv13 == (sArr == null)) {
                if (isTLSv12 == (certificateRequest.supportedSignatureAlgorithms != null) && (isTLSv13 || certificateRequest.supportedSignatureAlgorithmsCert == null)) {
                    if (isTLSv13) {
                        TlsUtils.writeOpaque8(handshakeMessageOutput, bArr);
                        Hashtable hashtable = new Hashtable();
                        Vector vector = certificateRequest.supportedSignatureAlgorithms;
                        Integer num = TlsExtensionsUtils.EXT_signature_algorithms;
                        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
                        TlsUtils.encodeSupportedSignatureAlgorithms(byteArrayOutputStream, vector);
                        hashtable.put(num, byteArrayOutputStream.toByteArray());
                        Vector vector2 = certificateRequest.supportedSignatureAlgorithmsCert;
                        if (vector2 != null) {
                            Integer num2 = TlsExtensionsUtils.EXT_signature_algorithms_cert;
                            ByteArrayOutputStream byteArrayOutputStream2 = new ByteArrayOutputStream();
                            TlsUtils.encodeSupportedSignatureAlgorithms(byteArrayOutputStream2, vector2);
                            hashtable.put(num2, byteArrayOutputStream2.toByteArray());
                        }
                        Vector vector3 = certificateRequest.certificateAuthorities;
                        if (vector3 != null) {
                            TlsExtensionsUtils.addCertificateAuthoritiesExtension(hashtable, vector3);
                        }
                        TlsUtils.writeOpaque16(handshakeMessageOutput, TlsProtocol.writeExtensionsData(hashtable, 0));
                    } else {
                        TlsUtils.checkUint8(sArr.length);
                        handshakeMessageOutput.write(sArr.length);
                        for (short s : sArr) {
                            handshakeMessageOutput.write(s);
                        }
                        if (isTLSv12) {
                            TlsUtils.encodeSupportedSignatureAlgorithms(handshakeMessageOutput, certificateRequest.supportedSignatureAlgorithms);
                        }
                        Vector vector4 = certificateRequest.certificateAuthorities;
                        if (vector4 == null || vector4.isEmpty()) {
                            handshakeMessageOutput.write(0);
                            handshakeMessageOutput.write(0);
                        } else {
                            Vector vector5 = new Vector(certificateRequest.certificateAuthorities.size());
                            int i = 0;
                            for (int i2 = 0; i2 < certificateRequest.certificateAuthorities.size(); i2++) {
                                byte[] encoded = ((X500Name) certificateRequest.certificateAuthorities.elementAt(i2)).getEncoded("DER");
                                vector5.addElement(encoded);
                                i += encoded.length + 2;
                            }
                            TlsUtils.checkUint16(i);
                            handshakeMessageOutput.write(i >>> 8);
                            handshakeMessageOutput.write(i);
                            for (int i3 = 0; i3 < vector5.size(); i3++) {
                                TlsUtils.writeOpaque16(handshakeMessageOutput, (byte[]) vector5.elementAt(i3));
                            }
                        }
                    }
                    handshakeMessageOutput.send(this);
                    return;
                }
            }
        }
        throw new IllegalStateException();
    }

    public final void sendServerHelloMessage(ServerHello serverHello) throws IOException {
        HandshakeMessageOutput handshakeMessageOutput = new HandshakeMessageOutput((short) 2);
        ProtocolVersion protocolVersion = serverHello.version;
        handshakeMessageOutput.write(protocolVersion.version >> 8);
        handshakeMessageOutput.write(protocolVersion.version & 255);
        handshakeMessageOutput.write(serverHello.random);
        TlsUtils.writeOpaque8(handshakeMessageOutput, serverHello.sessionID);
        int i = serverHello.cipherSuite;
        handshakeMessageOutput.write(i >>> 8);
        handshakeMessageOutput.write(i);
        handshakeMessageOutput.write(0);
        TlsProtocol.writeExtensions(handshakeMessageOutput, serverHello.extensions, 0);
        handshakeMessageOutput.send(this);
    }
}
