package org.bouncycastle.tls;

import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.util.Arrays;
import java.util.Hashtable;
import java.util.Objects;
import java.util.Vector;
import org.bouncycastle.asn1.x500.X500Name;

/* loaded from: classes4.dex */
public class TlsServerProtocol extends TlsProtocol {
    protected CertificateRequest certificateRequest;
    protected AbstractTlsKeyExchange keyExchange;
    protected int[] offeredCipherSuites;
    protected TlsServer tlsServer;
    TlsServerContextImpl tlsServerContext;

    public TlsServerProtocol() {
        this.tlsServer = null;
        this.tlsServerContext = null;
        this.offeredCipherSuites = null;
        this.keyExchange = null;
        this.certificateRequest = null;
    }

    public TlsServerProtocol(InputStream inputStream, OutputStream outputStream) {
        super(inputStream, outputStream);
        this.tlsServer = null;
        this.tlsServerContext = null;
        this.offeredCipherSuites = null;
        this.keyExchange = null;
        this.certificateRequest = null;
    }

    /* JADX WARN: Multi-variable type inference failed */
    public void accept(TlsServer tlsServer) throws IOException {
        if (this.tlsServer != null) {
            throw new IllegalStateException("'accept' can only be called once");
        }
        this.tlsServer = tlsServer;
        TlsServerContextImpl tlsServerContextImpl = new TlsServerContextImpl(tlsServer.getCrypto());
        this.tlsServerContext = tlsServerContextImpl;
        ((AbstractTlsServer) tlsServer).init(tlsServerContextImpl);
        ((AbstractTlsPeer) tlsServer).notifyCloseHandle(this);
        beginHandshake(false);
        if (this.blocking) {
            blockForHandshake();
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.bouncycastle.tls.TlsProtocol
    public void cleanupHandshake() {
        super.cleanupHandshake();
        this.offeredCipherSuites = null;
        this.keyExchange = null;
        this.certificateRequest = null;
    }

    protected boolean expectCertificateVerifyMessage() {
        Certificate certificate;
        if (this.certificateRequest == null || (certificate = this.tlsServerContext.getSecurityParametersHandshake().peerCertificate) == null || certificate.isEmpty()) {
            return false;
        }
        AbstractTlsKeyExchange abstractTlsKeyExchange = this.keyExchange;
        return abstractTlsKeyExchange == null || abstractTlsKeyExchange.requiresCertificateVerify();
    }

    /* JADX WARN: Removed duplicated region for block: B:165:0x0117  */
    /* JADX WARN: Removed duplicated region for block: B:176:0x0109  */
    /* JADX WARN: Removed duplicated region for block: B:34:0x0115  */
    /* JADX WARN: Removed duplicated region for block: B:36:0x0144  */
    /* JADX WARN: Removed duplicated region for block: B:60:0x0334  */
    /* JADX WARN: Removed duplicated region for block: B:63:0x034d  */
    /* JADX WARN: Removed duplicated region for block: B:66:0x0369  */
    /* JADX WARN: Removed duplicated region for block: B:69:0x037b  */
    /* JADX WARN: Removed duplicated region for block: B:74:0x035e  */
    /* JADX WARN: Removed duplicated region for block: B:86:0x01b3  */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    protected org.bouncycastle.tls.ServerHello generate13ServerHello(org.bouncycastle.tls.ClientHello r20, org.bouncycastle.tls.HandshakeMessageInput r21, boolean r22) throws java.io.IOException {
        /*
            Method dump skipped, instructions count: 1046
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: org.bouncycastle.tls.TlsServerProtocol.generate13ServerHello(org.bouncycastle.tls.ClientHello, org.bouncycastle.tls.HandshakeMessageInput, boolean):org.bouncycastle.tls.ServerHello");
    }

    @Override // org.bouncycastle.tls.TlsProtocol
    protected TlsContext getContext() {
        return this.tlsServerContext;
    }

    @Override // org.bouncycastle.tls.TlsProtocol
    AbstractTlsContext getContextAdmin() {
        return this.tlsServerContext;
    }

    @Override // org.bouncycastle.tls.TlsProtocol
    protected TlsPeer getPeer() {
        return this.tlsServer;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    /* JADX WARN: Code restructure failed: missing block: B:10:0x0018, code lost:
    
        if (r0 != 14) goto L16;
     */
    @Override // org.bouncycastle.tls.TlsProtocol
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public void handleAlertWarningMessage(short r3) throws java.io.IOException {
        /*
            r2 = this;
            r0 = 41
            if (r0 != r3) goto L2b
            org.bouncycastle.tls.CertificateRequest r0 = r2.certificateRequest
            if (r0 == 0) goto L2b
            org.bouncycastle.tls.TlsServerContextImpl r0 = r2.tlsServerContext
            boolean r0 = org.bouncycastle.tls.TlsUtils.isSSL(r0)
            if (r0 == 0) goto L2b
            short r0 = r2.connection_state
            r1 = 12
            if (r0 == r1) goto L1b
            r1 = 14
            if (r0 == r1) goto L21
            goto L2b
        L1b:
            org.bouncycastle.tls.TlsServer r3 = r2.tlsServer
            r0 = 0
            r3.processClientSupplementalData(r0)
        L21:
            org.bouncycastle.tls.Certificate r3 = org.bouncycastle.tls.Certificate.EMPTY_CHAIN
            r2.notifyClientCertificate(r3)
            r3 = 15
            r2.connection_state = r3
            return
        L2b:
            super.handleAlertWarningMessage(r3)
            return
        */
        throw new UnsupportedOperationException("Method not decompiled: org.bouncycastle.tls.TlsServerProtocol.handleAlertWarningMessage(short):void");
    }

    /* JADX WARN: Removed duplicated region for block: B:101:0x01ab  */
    /* JADX WARN: Removed duplicated region for block: B:104:0x01c3  */
    /* JADX WARN: Removed duplicated region for block: B:391:0x0692  */
    /* JADX WARN: Removed duplicated region for block: B:98:0x0194  */
    @Override // org.bouncycastle.tls.TlsProtocol
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    protected void handleHandshakeMessage(short r26, org.bouncycastle.tls.HandshakeMessageInput r27) throws java.io.IOException {
        /*
            Method dump skipped, instructions count: 2534
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: org.bouncycastle.tls.TlsServerProtocol.handleHandshakeMessage(short, org.bouncycastle.tls.HandshakeMessageInput):void");
    }

    protected void notifyClientCertificate(Certificate certificate) throws IOException {
        if (this.certificateRequest == null) {
            throw new TlsFatalAlert((short) 80);
        }
        TlsServerContextImpl tlsServerContextImpl = this.tlsServerContext;
        AbstractTlsKeyExchange abstractTlsKeyExchange = this.keyExchange;
        TlsServer tlsServer = this.tlsServer;
        byte[] bArr = TlsUtils.EMPTY_BYTES;
        SecurityParameters securityParametersHandshake = tlsServerContextImpl.getSecurityParametersHandshake();
        if (securityParametersHandshake.peerCertificate != null) {
            throw new TlsFatalAlert((short) 10);
        }
        if (!TlsUtils.isTLSv13(securityParametersHandshake.negotiatedVersion)) {
            if (certificate.isEmpty()) {
                abstractTlsKeyExchange.skipClientCredentials();
            } else {
                abstractTlsKeyExchange.processClientCertificate(certificate);
            }
        }
        securityParametersHandshake.peerCertificate = certificate;
        tlsServer.notifyClientCertificate(certificate);
    }

    protected void send13ServerHelloCoda() throws IOException {
        SecurityParameters securityParametersHandshake = this.tlsServerContext.getSecurityParametersHandshake();
        TlsUtils.establish13PhaseHandshake(this.tlsServerContext, TlsUtils.getCurrentPRFHash(this.handshakeHash), this.recordStream);
        this.recordStream.enablePendingCipherWrite();
        this.recordStream.enablePendingCipherRead(true);
        byte[] writeExtensionsData = TlsProtocol.writeExtensionsData(this.serverExtensions);
        HandshakeMessageOutput handshakeMessageOutput = new HandshakeMessageOutput((short) 8);
        TlsUtils.writeOpaque16(writeExtensionsData, handshakeMessageOutput);
        handshakeMessageOutput.send(this);
        this.connection_state = (short) 5;
        if (!this.selectedPSK13) {
            CertificateRequest certificateRequest = this.tlsServer.getCertificateRequest();
            this.certificateRequest = certificateRequest;
            if (certificateRequest != null) {
                if (!Arrays.equals(certificateRequest.certificateRequestContext, TlsUtils.EMPTY_BYTES)) {
                    throw new TlsFatalAlert((short) 80);
                }
                TlsUtils.establishServerSigAlgs(securityParametersHandshake, this.certificateRequest);
                sendCertificateRequestMessage(this.certificateRequest);
                this.connection_state = (short) 11;
            }
            TlsCredentialedSigner validate13Credentials = TlsUtils.validate13Credentials(this.tlsServer.getCredentials());
            if (validate13Credentials == null) {
                throw new TlsFatalAlert((short) 80);
            }
            send13CertificateMessage(validate13Credentials.getCertificate());
            Objects.requireNonNull(securityParametersHandshake);
            this.connection_state = (short) 7;
            DigitallySigned generate13CertificateVerify = TlsUtils.generate13CertificateVerify(this.tlsServerContext, validate13Credentials, this.handshakeHash);
            HandshakeMessageOutput handshakeMessageOutput2 = new HandshakeMessageOutput((short) 15);
            generate13CertificateVerify.encode(handshakeMessageOutput2);
            handshakeMessageOutput2.send(this);
            this.connection_state = (short) 17;
        }
        send13FinishedMessage();
        this.connection_state = (short) 20;
        TlsUtils.establish13PhaseApplication(this.tlsServerContext, TlsUtils.getCurrentPRFHash(this.handshakeHash), this.recordStream);
        this.recordStream.enablePendingCipherWrite();
    }

    protected void sendCertificateRequestMessage(CertificateRequest certificateRequest) throws IOException {
        HandshakeMessageOutput handshakeMessageOutput = new HandshakeMessageOutput((short) 13);
        TlsServerContextImpl tlsServerContextImpl = this.tlsServerContext;
        Objects.requireNonNull(certificateRequest);
        ProtocolVersion serverVersion = tlsServerContextImpl.getServerVersion();
        boolean isTLSv12 = TlsUtils.isTLSv12(serverVersion);
        boolean isTLSv13 = TlsUtils.isTLSv13(serverVersion);
        byte[] bArr = certificateRequest.certificateRequestContext;
        if (isTLSv13 == (bArr != null)) {
            short[] sArr = certificateRequest.certificateTypes;
            if (isTLSv13 == (sArr == null)) {
                if (isTLSv12 == (certificateRequest.supportedSignatureAlgorithms != null) && (isTLSv13 || certificateRequest.supportedSignatureAlgorithmsCert == null)) {
                    if (isTLSv13) {
                        TlsUtils.writeOpaque8(bArr, handshakeMessageOutput);
                        Hashtable hashtable = new Hashtable();
                        Vector vector = certificateRequest.supportedSignatureAlgorithms;
                        Integer num = TlsExtensionsUtils.EXT_signature_algorithms;
                        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
                        TlsUtils.encodeSupportedSignatureAlgorithms(vector, byteArrayOutputStream);
                        hashtable.put(num, byteArrayOutputStream.toByteArray());
                        Vector vector2 = certificateRequest.supportedSignatureAlgorithmsCert;
                        if (vector2 != null) {
                            Integer num2 = TlsExtensionsUtils.EXT_signature_algorithms_cert;
                            ByteArrayOutputStream byteArrayOutputStream2 = new ByteArrayOutputStream();
                            TlsUtils.encodeSupportedSignatureAlgorithms(vector2, byteArrayOutputStream2);
                            hashtable.put(num2, byteArrayOutputStream2.toByteArray());
                        }
                        Vector vector3 = certificateRequest.certificateAuthorities;
                        if (vector3 != null) {
                            TlsExtensionsUtils.addCertificateAuthoritiesExtension(hashtable, vector3);
                        }
                        TlsUtils.writeOpaque16(TlsProtocol.writeExtensionsData(hashtable), handshakeMessageOutput);
                    } else {
                        TlsUtils.writeUint8ArrayWithUint8Length(sArr, handshakeMessageOutput);
                        if (isTLSv12) {
                            TlsUtils.encodeSupportedSignatureAlgorithms(certificateRequest.supportedSignatureAlgorithms, handshakeMessageOutput);
                        }
                        Vector vector4 = certificateRequest.certificateAuthorities;
                        if (vector4 == null || vector4.isEmpty()) {
                            handshakeMessageOutput.write(0);
                            handshakeMessageOutput.write(0);
                        } else {
                            Vector vector5 = new Vector(certificateRequest.certificateAuthorities.size());
                            int i2 = 0;
                            for (int i3 = 0; i3 < certificateRequest.certificateAuthorities.size(); i3++) {
                                byte[] encoded = ((X500Name) certificateRequest.certificateAuthorities.elementAt(i3)).getEncoded("DER");
                                vector5.addElement(encoded);
                                i2 += encoded.length + 2;
                            }
                            TlsUtils.checkUint16(i2);
                            handshakeMessageOutput.write(i2 >>> 8);
                            handshakeMessageOutput.write(i2);
                            for (int i4 = 0; i4 < vector5.size(); i4++) {
                                TlsUtils.writeOpaque16((byte[]) vector5.elementAt(i4), handshakeMessageOutput);
                            }
                        }
                    }
                    handshakeMessageOutput.send(this);
                    return;
                }
            }
        }
        throw new IllegalStateException();
    }

    protected void sendServerHelloMessage(ServerHello serverHello) throws IOException {
        HandshakeMessageOutput handshakeMessageOutput = new HandshakeMessageOutput((short) 2);
        serverHello.encode(handshakeMessageOutput);
        handshakeMessageOutput.send(this);
    }
}
