package org.bouncycastle.jsse.provider;

import android.support.v4.media.a;
import java.io.IOException;
import java.security.cert.X509Certificate;
import java.util.HashSet;
import java.util.Hashtable;
import java.util.Iterator;
import java.util.List;
import java.util.Vector;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.net.ssl.SSLException;
import org.bouncycastle.asn1.x500.X500Name;
import org.bouncycastle.jsse.BCSNIServerName;
import org.bouncycastle.tls.Certificate;
import org.bouncycastle.tls.CertificateRequest;
import org.bouncycastle.tls.DefaultTlsServer;
import org.bouncycastle.tls.ProtocolName;
import org.bouncycastle.tls.ProtocolVersion;
import org.bouncycastle.tls.SignatureAndHashAlgorithm;
import org.bouncycastle.tls.TlsCredentials;
import org.bouncycastle.tls.TlsECCUtils;
import org.bouncycastle.tls.TlsExtensionsUtils;
import org.bouncycastle.tls.TlsFatalAlert;
import org.bouncycastle.tls.TlsSession;
import org.bouncycastle.tls.TlsUtils;
import org.bouncycastle.tls.crypto.impl.jcajce.JcaTlsCertificate;
import org.bouncycastle.tls.crypto.impl.jcajce.JcaTlsCrypto;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: classes2.dex */
public class ProvTlsServer extends DefaultTlsServer implements ProvTlsPeer {
    public static final Logger t = Logger.getLogger(ProvTlsServer.class.getName());
    public static final int u = PropertyUtils.b(2048, 1024, 8192, "jdk.tls.ephemeralDHKeySize");
    public static final boolean v = PropertyUtils.a("org.bouncycastle.jsse.server.enableTrustedCAKeysExtension", false);
    public final ProvTlsManager m;
    public final ProvSSLParameters n;
    public final JsseSecurityParameters o;
    public ProvSSLSession p;
    public BCSNIServerName q;
    public HashSet r;
    public TlsCredentials s;

    public ProvTlsServer(ProvTlsManager provTlsManager, ProvSSLParameters provSSLParameters) throws SSLException {
        JcaTlsCrypto jcaTlsCrypto = provTlsManager.d().b;
        this.o = new JsseSecurityParameters();
        this.p = null;
        this.q = null;
        this.r = null;
        this.s = null;
        this.m = provTlsManager;
        ProvSSLParameters a = provSSLParameters.a();
        if (ProvAlgorithmConstraints.g != a.f) {
            a.f = new ProvAlgorithmConstraints(a.f, true);
        }
        this.n = a;
        if (!provTlsManager.getEnableSessionCreation()) {
            throw new SSLException("Session resumption not implemented yet and session creation is disabled");
        }
    }

    @Override // org.bouncycastle.tls.AbstractTlsServer
    public final int C() {
        int i;
        Iterator<NamedGroupInfo> it = NamedGroupInfo.a(this.o.a).iterator();
        int i2 = 0;
        while (it.hasNext()) {
            i = it.next().a.bitsECDH;
            i2 = Math.max(i2, i);
        }
        return i2;
    }

    @Override // org.bouncycastle.tls.AbstractTlsServer
    public final int D() {
        int i;
        Iterator<NamedGroupInfo> it = NamedGroupInfo.a(this.o.a).iterator();
        int i2 = 0;
        while (it.hasNext()) {
            i = it.next().a.bitsFFDHE;
            i2 = Math.max(i2, i);
        }
        if (i2 >= u) {
            return i2;
        }
        return 0;
    }

    @Override // org.bouncycastle.tls.AbstractTlsServer
    public final boolean E() {
        return this.n.h;
    }

    /* JADX WARN: Removed duplicated region for block: B:38:0x009f  */
    /* JADX WARN: Removed duplicated region for block: B:45:0x00b4 A[SYNTHETIC] */
    /* JADX WARN: Removed duplicated region for block: B:55:0x0049 A[SYNTHETIC] */
    @Override // org.bouncycastle.tls.AbstractTlsServer
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public final boolean F(int r17) throws java.io.IOException {
        /*
            Method dump skipped, instructions count: 348
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: org.bouncycastle.jsse.provider.ProvTlsServer.F(int):boolean");
    }

    @Override // org.bouncycastle.tls.AbstractTlsServer
    public final int G(int i) {
        int i2;
        int i3;
        int max = Math.max(i, u);
        for (NamedGroupInfo namedGroupInfo : NamedGroupInfo.a(this.o.a)) {
            i2 = namedGroupInfo.a.bitsFFDHE;
            if (i2 >= max) {
                i3 = namedGroupInfo.a.namedGroup;
                return i3;
            }
        }
        return -1;
    }

    @Override // org.bouncycastle.tls.AbstractTlsServer
    public final int H(int i) {
        int i2;
        int i3;
        for (NamedGroupInfo namedGroupInfo : NamedGroupInfo.a(this.o.a)) {
            i2 = namedGroupInfo.a.bitsECDH;
            if (i2 >= i) {
                i3 = namedGroupInfo.a.namedGroup;
                return i3;
            }
        }
        return -1;
    }

    public final boolean I() {
        return this.o.g != null;
    }

    @Override // org.bouncycastle.tls.TlsPeer
    /* renamed from: J, reason: merged with bridge method [inline-methods] */
    public final JcaTlsCrypto f() {
        return this.m.d().b;
    }

    public final Vector<ProtocolName> K() {
        return JsseUtils.k((String[]) this.n.k.clone());
    }

    public final ProtocolName L() throws IOException {
        ProtocolName protocolName;
        ProvSSLParameters provSSLParameters = this.n;
        provSSLParameters.getClass();
        provSSLParameters.getClass();
        Vector<ProtocolName> K = K();
        if (K == null || K.isEmpty()) {
            return null;
        }
        Vector vector = this.j;
        int i = 0;
        while (true) {
            if (i >= K.size()) {
                protocolName = null;
                break;
            }
            protocolName = K.elementAt(i);
            if (vector.contains(protocolName)) {
                break;
            }
            i++;
        }
        if (protocolName != null) {
            return protocolName;
        }
        throw new TlsFatalAlert((short) 120, null);
    }

    public final boolean M() {
        ProvSSLParameters provSSLParameters = this.n;
        provSSLParameters.getClass();
        provSSLParameters.getClass();
        return true;
    }

    @Override // org.bouncycastle.tls.AbstractTlsServer, org.bouncycastle.tls.TlsServer
    public final ProtocolVersion a() throws IOException {
        ProtocolVersion a = super.a();
        String n = this.m.d().a.n(this.n, a);
        t.fine("Server selected protocol version: " + n);
        return a;
    }

    @Override // org.bouncycastle.tls.TlsServer
    public final Hashtable<Integer, byte[]> b() throws IOException {
        Vector vector;
        if (!M() && (vector = this.j) != null && !vector.isEmpty()) {
            this.k = L();
        }
        if (this.k != null) {
            Hashtable z = z();
            ProtocolName protocolName = this.k;
            Integer num = TlsExtensionsUtils.a;
            Vector vector2 = new Vector();
            vector2.addElement(protocolName);
            z.put(num, TlsExtensionsUtils.c(vector2));
        }
        if (this.e) {
            if (1 == TlsUtils.s(TlsUtils.r(this.i))) {
                z().put(TlsExtensionsUtils.f, TlsUtils.d);
            }
        }
        short s = this.f;
        if (s >= 0) {
            if (s >= 1 && s <= 4) {
                Hashtable z2 = z();
                short s2 = this.f;
                Integer num2 = TlsExtensionsUtils.i;
                byte[] bArr = TlsUtils.a;
                if (!((s2 & 255) == s2)) {
                    throw new TlsFatalAlert((short) 80, null);
                }
                z2.put(num2, new byte[]{(byte) s2});
            }
        }
        if (this.g && TlsECCUtils.b(this.i)) {
            TlsExtensionsUtils.b(z(), new short[]{0});
        }
        if (this.h != null && I()) {
            z().put(TlsExtensionsUtils.s, TlsUtils.d);
        }
        if (this.q != null) {
            z().put(TlsExtensionsUtils.k, TlsUtils.d);
        }
        return this.l;
    }

    @Override // org.bouncycastle.jsse.provider.ProvTlsPeer
    public final synchronized boolean c() {
        throw null;
    }

    @Override // org.bouncycastle.tls.TlsServer
    public final TlsCredentials d() throws IOException {
        return this.s;
    }

    @Override // org.bouncycastle.tls.TlsPeer
    public final boolean e() {
        return JsseUtils.c;
    }

    /* JADX WARN: Code restructure failed: missing block: B:137:0x018d, code lost:
    
        continue;
     */
    /* JADX WARN: Code restructure failed: missing block: B:164:0x0230, code lost:
    
        throw new java.lang.IllegalStateException("TrustedAuthority is not of type x509_name");
     */
    @Override // org.bouncycastle.tls.TlsServer
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public final void g(java.util.Hashtable r12) throws java.io.IOException {
        /*
            Method dump skipped, instructions count: 565
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: org.bouncycastle.jsse.provider.ProvTlsServer.g(java.util.Hashtable):void");
    }

    @Override // org.bouncycastle.tls.TlsPeer
    public final void h(boolean z) throws IOException {
        if (!z && !PropertyUtils.a("sun.security.ssl.allowLegacyHelloMessages", true)) {
            throw new TlsFatalAlert((short) 40, null);
        }
    }

    @Override // org.bouncycastle.tls.TlsPeer
    public final void i(short s, short s2, String str, Exception exc) {
        Level level = s == 1 ? Level.FINE : s2 == 80 ? Level.WARNING : Level.INFO;
        Logger logger = t;
        if (logger.isLoggable(level)) {
            logger.log(level, a.l(JsseUtils.e("Server raised", s, s2), ": ", str), (Throwable) exc);
        }
    }

    @Override // org.bouncycastle.tls.TlsPeer
    public final void j(short s, short s2) {
        Level level = s == 1 ? Level.FINE : Level.INFO;
        Logger logger = t;
        if (logger.isLoggable(level)) {
            logger.log(level, JsseUtils.e("Server received", s, s2));
        }
    }

    @Override // org.bouncycastle.tls.TlsPeer
    public final synchronized void n() throws IOException {
        TlsSession e = this.a.e();
        ProvSSLSession provSSLSession = this.p;
        if (provSSLSession == null || provSSLSession.j != e) {
            this.p = this.m.d().f.f(this.m.getPeerHost(), this.m.getPeerPort(), e, new JsseSessionParameters(this.n.g));
        }
        this.m.b(new ProvSSLConnection(this.a, this.p));
    }

    @Override // org.bouncycastle.tls.TlsServer
    public final CertificateRequest p() throws IOException {
        ProvSSLParameters provSSLParameters = this.n;
        if (!(provSSLParameters.d || provSSLParameters.e)) {
            return null;
        }
        ContextData d = this.m.d();
        ProtocolVersion a = this.a.a();
        List<SignatureSchemeInfo> a2 = d.a(true, this.n, new ProtocolVersion[]{a}, this.o.a);
        JsseSecurityParameters jsseSecurityParameters = this.o;
        jsseSecurityParameters.b = a2;
        jsseSecurityParameters.c = a2;
        Vector<SignatureAndHashAlgorithm> e = SignatureSchemeInfo.e(a2);
        Vector<X500Name> g = JsseUtils.g(d.d);
        if (!TlsUtils.E(a)) {
            return new CertificateRequest(new short[]{64, 1, 2}, e, g);
        }
        byte[] bArr = TlsUtils.d;
        JsseSecurityParameters jsseSecurityParameters2 = this.o;
        List<SignatureSchemeInfo> list = jsseSecurityParameters2.b;
        List<SignatureSchemeInfo> list2 = jsseSecurityParameters2.c;
        return new CertificateRequest(bArr, e, list != list2 ? SignatureSchemeInfo.e(list2) : null, g);
    }

    @Override // org.bouncycastle.tls.TlsPeer
    public final boolean r() {
        return !JsseUtils.a;
    }

    /* JADX WARN: Removed duplicated region for block: B:21:0x008b A[EXC_TOP_SPLITTER, SYNTHETIC] */
    @Override // org.bouncycastle.tls.AbstractTlsServer, org.bouncycastle.tls.TlsServer
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public final int s() throws java.io.IOException {
        /*
            Method dump skipped, instructions count: 235
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: org.bouncycastle.jsse.provider.ProvTlsServer.s():int");
    }

    @Override // org.bouncycastle.tls.TlsPeer
    public final boolean u() {
        return JsseUtils.b;
    }

    @Override // org.bouncycastle.tls.TlsServer
    public final void w(Certificate certificate) throws IOException {
        String str;
        ProvSSLParameters provSSLParameters = this.n;
        if (!(provSSLParameters.d || provSSLParameters.e)) {
            throw new TlsFatalAlert((short) 80, null);
        }
        if (certificate == null || certificate.d()) {
            if (this.n.d) {
                throw new TlsFatalAlert(TlsUtils.F(this.a) ? (short) 116 : (short) 40, null);
            }
            return;
        }
        X509Certificate[] o = JsseUtils.o(f(), certificate);
        JcaTlsCertificate jcaTlsCertificate = (JcaTlsCertificate) certificate.c(0);
        short s = 7;
        if (!(!jcaTlsCertificate.g(0) ? false : jcaTlsCertificate.f((short) 7))) {
            s = jcaTlsCertificate.g(0) ? jcaTlsCertificate.f((short) 8) : false ? (short) 8 : jcaTlsCertificate.d();
        }
        if (s < 0) {
            throw new TlsFatalAlert((short) 43, null);
        }
        switch (s) {
            case 1:
            case 4:
            case 5:
            case 6:
                str = "RSA";
                break;
            case 2:
                str = "DSA";
                break;
            case 3:
                str = "EC";
                break;
            case 7:
                str = "Ed25519";
                break;
            case 8:
                str = "Ed448";
                break;
            case 9:
            case 10:
            case 11:
                str = "RSASSA-PSS";
                break;
            default:
                throw new IllegalArgumentException();
        }
        this.m.checkClientTrusted(o, str);
    }

    @Override // org.bouncycastle.tls.AbstractTlsPeer
    public final int[] x() {
        return this.m.d().a.b(f(), this.n);
    }

    @Override // org.bouncycastle.tls.AbstractTlsPeer
    public final ProtocolVersion[] y() {
        return this.m.d().a.c(this.n);
    }
}
