package org.bouncycastle.tls;

import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.util.Hashtable;
import java.util.Vector;
import org.bouncycastle.asn1.x500.X500Name;
import org.bouncycastle.tls.crypto.TlsDHConfig;
import org.bouncycastle.tls.crypto.TlsECConfig;
import org.bouncycastle.tls.crypto.impl.jcajce.JcaTlsCrypto;
import org.bouncycastle.util.Arrays;

/* loaded from: classes7.dex */
public abstract class AbstractTlsServer extends AbstractTlsPeer implements TlsServer {
    public CertificateStatusRequest certificateStatusRequest;
    public int[] cipherSuites;
    public Hashtable clientExtensions;
    public Vector clientProtocolNames;
    public boolean clientSentECPointFormats;
    public TlsServerContext context;
    public boolean encryptThenMACOffered;
    public short maxFragmentLengthOffered;
    public int[] offeredCipherSuites;
    public ProtocolVersion[] protocolVersions;
    public int selectedCipherSuite;
    public ProtocolName selectedProtocolName;
    public final Hashtable serverExtensions;
    public Vector trustedCAKeys;

    public AbstractTlsServer(JcaTlsCrypto jcaTlsCrypto) {
        super(jcaTlsCrypto);
        this.serverExtensions = new Hashtable();
    }

    public boolean allowCertificateStatus() {
        return true;
    }

    public boolean allowTrustedCAIndication() {
        return false;
    }

    public CertificateRequest getCertificateRequest() throws IOException {
        return null;
    }

    public void getCertificateStatus() throws IOException {
    }

    @Override // org.bouncycastle.tls.TlsServer
    public final TlsDHConfig getDHConfig() throws IOException {
        int selectDH = selectDH(TlsDHUtils.isDHCipherSuite(this.selectedCipherSuite) ? 1 : 0);
        TlsServerContext tlsServerContext = this.context;
        if (selectDH < 0 || NamedGroup.getFiniteFieldBits(selectDH) < 1) {
            return null;
        }
        byte[] bArr = TlsUtils.DOWNGRADE_TLS11;
        return new TlsDHConfig(selectDH, TlsUtils.isTLSv13(tlsServerContext.getServerVersion()));
    }

    @Override // org.bouncycastle.tls.TlsServer
    public final TlsECConfig getECDHConfig() throws IOException {
        int selectECDH = selectECDH(TlsECCUtils.isECCCipherSuite(this.selectedCipherSuite) ? 1 : 0);
        if (NamedGroup.getCurveBits(selectECDH) >= 1) {
            return new TlsECConfig(selectECDH);
        }
        throw new TlsFatalAlert((short) 80);
    }

    @Override // org.bouncycastle.tls.TlsServer
    public final void getExternalPSK() {
    }

    public int getMaximumNegotiableCurveBits() {
        int[] iArr = this.context.getSecurityParametersHandshake().clientSupportedGroups;
        if (iArr == null) {
            return 571;
        }
        int i = 0;
        for (int i2 : iArr) {
            i = Math.max(i, NamedGroup.getCurveBits(i2));
        }
        return i;
    }

    public int getMaximumNegotiableFiniteFieldBits() {
        int[] iArr = this.context.getSecurityParametersHandshake().clientSupportedGroups;
        if (iArr == null) {
            return 8192;
        }
        int i = 0;
        for (int i2 : iArr) {
            i = Math.max(i, NamedGroup.getFiniteFieldBits(i2));
        }
        return i;
    }

    public byte[] getNewSessionID() {
        return null;
    }

    @Override // org.bouncycastle.tls.TlsServer
    public final NewSessionTicket getNewSessionTicket() throws IOException {
        return new NewSessionTicket(TlsUtils.EMPTY_BYTES, 0L);
    }

    @Override // org.bouncycastle.tls.TlsServer
    public void getPSKIdentityManager() throws IOException {
    }

    public Vector getProtocolNames() {
        return null;
    }

    @Override // org.bouncycastle.tls.TlsPeer
    public final ProtocolVersion[] getProtocolVersions() {
        return this.protocolVersions;
    }

    @Override // org.bouncycastle.tls.TlsServer
    public void getSRPLoginParameters() throws IOException {
    }

    /* JADX WARN: Removed duplicated region for block: B:79:0x0130  */
    /* JADX WARN: Type inference failed for: r9v11, types: [boolean] */
    /* JADX WARN: Type inference failed for: r9v12, types: [boolean] */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public int getSelectedCipherSuite() throws java.io.IOException {
        /*
            Method dump skipped, instructions count: 329
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: org.bouncycastle.tls.AbstractTlsServer.getSelectedCipherSuite():int");
    }

    public Hashtable getServerExtensions() throws IOException {
        short[] decodeUint8ArrayWithUint8Length;
        boolean z;
        if (!TlsUtils.isTLSv13(this.context)) {
            if (this.encryptThenMACOffered) {
                if (1 == TlsUtils.getEncryptionAlgorithmType(TlsUtils.getEncryptionAlgorithm(this.selectedCipherSuite))) {
                    this.serverExtensions.put(TlsExtensionsUtils.EXT_encrypt_then_mac, TlsUtils.EMPTY_BYTES);
                }
            }
            if (this.clientSentECPointFormats && TlsECCUtils.isECCCipherSuite(this.selectedCipherSuite)) {
                TlsExtensionsUtils.addSupportedPointFormatsExtension(this.serverExtensions, new short[]{0});
            }
            if (this.certificateStatusRequest != null && allowCertificateStatus()) {
                this.serverExtensions.put(TlsExtensionsUtils.EXT_status_request, TlsUtils.EMPTY_BYTES);
            }
            if (this.trustedCAKeys != null && allowTrustedCAIndication()) {
                this.serverExtensions.put(TlsExtensionsUtils.EXT_trusted_ca_keys, TlsUtils.EMPTY_BYTES);
            }
        } else if (this.certificateStatusRequest != null) {
            allowCertificateStatus();
        }
        short s = this.maxFragmentLengthOffered;
        if (s >= 0) {
            if (s >= 1 && s <= 4) {
                Hashtable hashtable = this.serverExtensions;
                Integer num = TlsExtensionsUtils.EXT_max_fragment_length;
                if (!((s & 255) == s)) {
                    throw new TlsFatalAlert((short) 80);
                }
                hashtable.put(num, new byte[]{(byte) s});
            }
        }
        Hashtable hashtable2 = this.clientExtensions;
        Integer num2 = TlsExtensionsUtils.EXT_server_certificate_type;
        byte[] extensionData = TlsUtils.getExtensionData(hashtable2, num2);
        if (extensionData == null) {
            decodeUint8ArrayWithUint8Length = null;
        } else {
            decodeUint8ArrayWithUint8Length = TlsUtils.decodeUint8ArrayWithUint8Length(extensionData);
            if (decodeUint8ArrayWithUint8Length.length < 1) {
                throw new TlsFatalAlert((short) 50);
            }
        }
        if (decodeUint8ArrayWithUint8Length != null) {
            TlsCredentials credentials = getCredentials();
            if (credentials != null) {
                int length = decodeUint8ArrayWithUint8Length.length;
                short s2 = credentials.getCertificate().certificateType;
                int i = 0;
                while (true) {
                    if (i >= length) {
                        z = false;
                        break;
                    }
                    if (s2 == decodeUint8ArrayWithUint8Length[0 + i]) {
                        z = true;
                        break;
                    }
                    i++;
                }
                if (z) {
                    Hashtable hashtable3 = this.serverExtensions;
                    short s3 = credentials.getCertificate().certificateType;
                    if (!((s3 & 255) == s3)) {
                        throw new TlsFatalAlert((short) 80);
                    }
                    hashtable3.put(num2, new byte[]{(byte) s3});
                }
            }
            throw new TlsFatalAlert((short) 43);
        }
        byte[] extensionData2 = TlsUtils.getExtensionData(this.clientExtensions, TlsExtensionsUtils.EXT_client_certificate_type);
        if (extensionData2 != null && TlsUtils.decodeUint8ArrayWithUint8Length(extensionData2).length < 1) {
            throw new TlsFatalAlert((short) 50);
        }
        return this.serverExtensions;
    }

    @Override // org.bouncycastle.tls.TlsServer
    public final void getServerExtensionsForConnection(Hashtable hashtable) throws IOException {
        Vector vector;
        if (!shouldSelectProtocolNameEarly() && (vector = this.clientProtocolNames) != null && !vector.isEmpty()) {
            this.selectedProtocolName = selectProtocolName();
        }
        ProtocolName protocolName = this.selectedProtocolName;
        if (protocolName == null) {
            hashtable.remove(TlsExtensionsUtils.EXT_application_layer_protocol_negotiation);
            return;
        }
        Integer num = TlsExtensionsUtils.EXT_application_layer_protocol_negotiation;
        Vector vector2 = new Vector();
        vector2.addElement(protocolName);
        hashtable.put(num, TlsExtensionsUtils.createALPNExtensionClient(vector2));
    }

    @Override // org.bouncycastle.tls.TlsServer
    public final void getServerSupplementalData() throws IOException {
    }

    public ProtocolVersion getServerVersion() throws IOException {
        ProtocolVersion[] protocolVersionArr = this.protocolVersions;
        for (ProtocolVersion protocolVersion : this.context.getClientSupportedVersions()) {
            if (ProtocolVersion.contains(protocolVersionArr, protocolVersion)) {
                return protocolVersion;
            }
        }
        throw new TlsFatalAlert((short) 70);
    }

    public TlsSession getSessionToResume(byte[] bArr) {
        return null;
    }

    public int[] getSupportedGroups() throws IOException {
        return new int[]{29, 30, 23, 24, 256, 257, 258};
    }

    public final void init(TlsServerContext tlsServerContext) {
        this.context = tlsServerContext;
        this.protocolVersions = getSupportedVersions();
        this.cipherSuites = getSupportedCipherSuites();
    }

    public void notifyClientCertificate(Certificate certificate) throws IOException {
        throw new TlsFatalAlert((short) 80);
    }

    @Override // org.bouncycastle.tls.TlsServer
    public final void notifyClientVersion() throws IOException {
    }

    @Override // org.bouncycastle.tls.TlsServer
    public final void notifyFallback(boolean z) throws IOException {
        ProtocolVersion protocolVersion;
        if (z) {
            ProtocolVersion[] protocolVersionArr = this.protocolVersions;
            ProtocolVersion clientVersion = this.context.getClientVersion();
            if ((clientVersion.version >> 8) == 3) {
                protocolVersion = ProtocolVersion.getLatestTLS(protocolVersionArr);
            } else {
                if (!clientVersion.isDTLS()) {
                    throw new TlsFatalAlert((short) 80);
                }
                ProtocolVersion protocolVersion2 = null;
                if (protocolVersionArr != null) {
                    for (ProtocolVersion protocolVersion3 : protocolVersionArr) {
                        if (protocolVersion3 != null && protocolVersion3.isDTLS() && (protocolVersion2 == null || (protocolVersion3.version & 255) < (protocolVersion2.version & 255))) {
                            protocolVersion2 = protocolVersion3;
                        }
                    }
                }
                protocolVersion = protocolVersion2;
            }
            if (protocolVersion != null && protocolVersion.isLaterVersionOf(clientVersion)) {
                throw new TlsFatalAlert((short) 86);
            }
        }
    }

    @Override // org.bouncycastle.tls.AbstractTlsPeer, org.bouncycastle.tls.TlsPeer
    public final void notifyHandshakeBeginning() throws IOException {
        this.offeredCipherSuites = null;
        this.clientExtensions = null;
        this.encryptThenMACOffered = false;
        this.maxFragmentLengthOffered = (short) 0;
        this.clientSentECPointFormats = false;
        this.certificateStatusRequest = null;
        this.selectedCipherSuite = -1;
        this.selectedProtocolName = null;
        this.serverExtensions.clear();
    }

    @Override // org.bouncycastle.tls.TlsServer
    public final void notifyOfferedCipherSuites(int[] iArr) throws IOException {
        this.offeredCipherSuites = iArr;
    }

    public void notifySession(TlsSession tlsSession) {
    }

    public boolean preferLocalCipherSuites() {
        return false;
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r10v0 */
    /* JADX WARN: Type inference failed for: r10v2, types: [byte[]] */
    /* JADX WARN: Type inference failed for: r10v4, types: [org.bouncycastle.asn1.x500.X500Name, org.bouncycastle.asn1.ASN1Object] */
    public void processClientExtensions(Hashtable hashtable) throws IOException {
        boolean z;
        Vector vector;
        Object obj;
        short[] decodeUint8ArrayWithUint8Length;
        Vector vector2;
        this.clientExtensions = hashtable;
        if (hashtable != null) {
            byte[] extensionData = TlsUtils.getExtensionData(hashtable, TlsExtensionsUtils.EXT_application_layer_protocol_negotiation);
            CertificateStatusRequest certificateStatusRequest = null;
            this.clientProtocolNames = extensionData == null ? null : TlsExtensionsUtils.readALPNExtensionClient(extensionData);
            if (shouldSelectProtocolNameEarly() && (vector2 = this.clientProtocolNames) != null && !vector2.isEmpty()) {
                this.selectedProtocolName = selectProtocolName();
            }
            byte[] extensionData2 = TlsUtils.getExtensionData(hashtable, TlsExtensionsUtils.EXT_encrypt_then_mac);
            if (extensionData2 == null) {
                z = false;
            } else {
                TlsExtensionsUtils.readEmptyExtensionData(extensionData2);
                z = true;
            }
            this.encryptThenMACOffered = z;
            byte[] extensionData3 = TlsUtils.getExtensionData(hashtable, TlsExtensionsUtils.EXT_truncated_hmac);
            if (extensionData3 != null) {
                TlsExtensionsUtils.readEmptyExtensionData(extensionData3);
            }
            byte[] extensionData4 = TlsUtils.getExtensionData(hashtable, TlsExtensionsUtils.EXT_status_request_v2);
            if (extensionData4 != null) {
                if (extensionData4.length < 3) {
                    throw new TlsFatalAlert((short) 50);
                }
                ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(extensionData4);
                if (TlsUtils.readUint16(byteArrayInputStream) != extensionData4.length - 2) {
                    throw new TlsFatalAlert((short) 50);
                }
                Vector vector3 = new Vector();
                while (byteArrayInputStream.available() > 0) {
                    short readUint8 = TlsUtils.readUint8(byteArrayInputStream);
                    ByteArrayInputStream byteArrayInputStream2 = new ByteArrayInputStream(TlsUtils.readFully(byteArrayInputStream, TlsUtils.readUint16(byteArrayInputStream)));
                    if (readUint8 != 1 && readUint8 != 2) {
                        throw new TlsFatalAlert((short) 50);
                    }
                    OCSPStatusRequest parse = OCSPStatusRequest.parse(byteArrayInputStream2);
                    TlsProtocol.assertEmpty(byteArrayInputStream2);
                    vector3.add(new CertificateStatusRequestItemV2(parse, readUint8));
                }
            }
            byte[] extensionData5 = TlsUtils.getExtensionData(hashtable, TlsExtensionsUtils.EXT_trusted_ca_keys);
            if (extensionData5 == null) {
                vector = null;
            } else {
                if (extensionData5.length < 2) {
                    throw new TlsFatalAlert((short) 50);
                }
                ByteArrayInputStream byteArrayInputStream3 = new ByteArrayInputStream(extensionData5);
                if (TlsUtils.readUint16(byteArrayInputStream3) != extensionData5.length - 2) {
                    throw new TlsFatalAlert((short) 50);
                }
                vector = new Vector();
                while (byteArrayInputStream3.available() > 0) {
                    short readUint82 = TlsUtils.readUint8(byteArrayInputStream3);
                    if (readUint82 != 0) {
                        if (readUint82 != 1) {
                            if (readUint82 == 2) {
                                byte[] readOpaque16 = TlsUtils.readOpaque16(byteArrayInputStream3);
                                obj = X500Name.getInstance(TlsUtils.readASN1Object(readOpaque16));
                                TlsUtils.requireDEREncoding(obj, readOpaque16);
                            } else if (readUint82 != 3) {
                                throw new TlsFatalAlert((short) 50);
                            }
                        }
                        obj = TlsUtils.readFully(byteArrayInputStream3, 20);
                    } else {
                        obj = 0;
                    }
                    vector.addElement(new TrustedAuthority(obj, readUint82));
                }
            }
            this.trustedCAKeys = vector;
            byte[] extensionData6 = TlsUtils.getExtensionData(hashtable, TlsExtensionsUtils.EXT_ec_point_formats);
            if (extensionData6 == null) {
                decodeUint8ArrayWithUint8Length = null;
            } else {
                decodeUint8ArrayWithUint8Length = TlsUtils.decodeUint8ArrayWithUint8Length(extensionData6);
                if (!Arrays.contains((short) 0, decodeUint8ArrayWithUint8Length)) {
                    throw new TlsFatalAlert((short) 47);
                }
            }
            this.clientSentECPointFormats = decodeUint8ArrayWithUint8Length != null;
            byte[] extensionData7 = TlsUtils.getExtensionData(hashtable, TlsExtensionsUtils.EXT_status_request);
            if (extensionData7 != null) {
                ByteArrayInputStream byteArrayInputStream4 = new ByteArrayInputStream(extensionData7);
                short readUint83 = TlsUtils.readUint8(byteArrayInputStream4);
                if (readUint83 != 1) {
                    throw new TlsFatalAlert((short) 50);
                }
                CertificateStatusRequest certificateStatusRequest2 = new CertificateStatusRequest(OCSPStatusRequest.parse(byteArrayInputStream4), readUint83);
                TlsProtocol.assertEmpty(byteArrayInputStream4);
                certificateStatusRequest = certificateStatusRequest2;
            }
            this.certificateStatusRequest = certificateStatusRequest;
            byte[] extensionData8 = TlsUtils.getExtensionData(hashtable, TlsExtensionsUtils.EXT_max_fragment_length);
            short decodeUint8 = extensionData8 == null ? (short) -1 : TlsUtils.decodeUint8(extensionData8);
            this.maxFragmentLengthOffered = decodeUint8;
            if (decodeUint8 >= 0) {
                if (!(decodeUint8 >= 1 && decodeUint8 <= 4)) {
                    throw new TlsFatalAlert((short) 47);
                }
            }
        }
    }

    @Override // org.bouncycastle.tls.TlsServer
    public final void processClientSupplementalData(Vector vector) throws IOException {
        if (vector != null) {
            throw new TlsFatalAlert((short) 10);
        }
    }

    public boolean selectCipherSuite(int i) throws IOException {
        this.selectedCipherSuite = i;
        return true;
    }

    public int selectDH(int i) {
        int[] iArr = this.context.getSecurityParametersHandshake().clientSupportedGroups;
        if (iArr == null) {
            return selectDHDefault(i);
        }
        for (int i2 : iArr) {
            if (NamedGroup.getFiniteFieldBits(i2) >= i) {
                return i2;
            }
        }
        return -1;
    }

    public int selectDHDefault(int i) {
        if (i <= 2048) {
            return 256;
        }
        if (i <= 3072) {
            return 257;
        }
        if (i <= 4096) {
            return 258;
        }
        if (i <= 6144) {
            return 259;
        }
        return i <= 8192 ? 260 : -1;
    }

    public int selectECDH(int i) {
        int[] iArr = this.context.getSecurityParametersHandshake().clientSupportedGroups;
        if (iArr == null) {
            return selectECDHDefault(i);
        }
        for (int i2 : iArr) {
            if (NamedGroup.getCurveBits(i2) >= i) {
                return i2;
            }
        }
        return -1;
    }

    public int selectECDHDefault(int i) {
        if (i <= 256) {
            return 23;
        }
        if (i <= 384) {
            return 24;
        }
        return i <= 521 ? 25 : -1;
    }

    public ProtocolName selectProtocolName() throws IOException {
        Vector protocolNames = getProtocolNames();
        ProtocolName protocolName = null;
        if (protocolNames == null || protocolNames.isEmpty()) {
            return null;
        }
        Vector vector = this.clientProtocolNames;
        int i = 0;
        while (true) {
            if (i >= protocolNames.size()) {
                break;
            }
            ProtocolName protocolName2 = (ProtocolName) protocolNames.elementAt(i);
            if (vector.contains(protocolName2)) {
                protocolName = protocolName2;
                break;
            }
            i++;
        }
        if (protocolName != null) {
            return protocolName;
        }
        throw new TlsFatalAlert((short) 120);
    }

    public boolean shouldSelectProtocolNameEarly() {
        return true;
    }
}
