package org.bouncycastle.tls;

import com.visualon.OSMPUtils.voOSType;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.util.Hashtable;
import java.util.Vector;
import org.bouncycastle.asn1.x500.X500Name;
import org.bouncycastle.tls.crypto.TlsCrypto;
import org.bouncycastle.tls.crypto.TlsDHConfig;
import org.bouncycastle.tls.crypto.TlsECConfig;

/* loaded from: classes4.dex */
public abstract class AbstractTlsServer extends AbstractTlsPeer implements TlsServer {
    protected CertificateStatusRequest certificateStatusRequest;
    protected int[] cipherSuites;
    protected Vector clientProtocolNames;
    protected boolean clientSentECPointFormats;
    protected TlsServerContext context;
    protected boolean encryptThenMACOffered;
    protected short maxFragmentLengthOffered;
    protected int[] offeredCipherSuites;
    protected ProtocolVersion[] protocolVersions;
    protected int selectedCipherSuite;
    protected ProtocolName selectedProtocolName;
    protected final Hashtable serverExtensions;
    protected Vector statusRequestV2;
    protected boolean truncatedHMacOffered;
    protected Vector trustedCAKeys;

    public AbstractTlsServer(TlsCrypto tlsCrypto) {
        super(tlsCrypto);
        this.serverExtensions = new Hashtable();
    }

    protected boolean allowCertificateStatus() {
        return true;
    }

    protected boolean allowMultiCertStatus() {
        return false;
    }

    protected boolean allowTrustedCAIndication() {
        return false;
    }

    public CertificateRequest getCertificateRequest() throws IOException {
        return null;
    }

    public CertificateStatus getCertificateStatus() throws IOException {
        return null;
    }

    @Override // org.bouncycastle.tls.TlsPeer
    public int[] getCipherSuites() {
        return this.cipherSuites;
    }

    @Override // org.bouncycastle.tls.TlsServer
    public TlsDHConfig getDHConfig() throws IOException {
        int selectDH = selectDH(TlsDHUtils.getMinimumFiniteFieldBits(this.selectedCipherSuite));
        TlsServerContext tlsServerContext = this.context;
        if (selectDH < 0 || NamedGroup.getFiniteFieldBits(selectDH) < 1) {
            return null;
        }
        return new TlsDHConfig(selectDH, TlsUtils.isTLSv13(tlsServerContext));
    }

    @Override // org.bouncycastle.tls.TlsServer
    public TlsECConfig getECDHConfig() throws IOException {
        int selectECDH = selectECDH(TlsECCUtils.isECCCipherSuite(this.selectedCipherSuite) ? 1 : 0);
        if (NamedGroup.getCurveBits(selectECDH) >= 1) {
            return new TlsECConfig(selectECDH);
        }
        throw new TlsFatalAlert((short) 80);
    }

    @Override // org.bouncycastle.tls.TlsServer
    public TlsPSKExternal getExternalPSK(Vector vector) {
        return null;
    }

    protected int getMaximumNegotiableCurveBits() {
        int[] iArr = ((AbstractTlsContext) this.context).getSecurityParametersHandshake().clientSupportedGroups;
        if (iArr == null) {
            return NamedGroup.getMaximumCurveBits();
        }
        int i2 = 0;
        for (int i3 : iArr) {
            i2 = Math.max(i2, NamedGroup.getCurveBits(i3));
        }
        return i2;
    }

    protected int getMaximumNegotiableFiniteFieldBits() {
        int[] iArr = ((AbstractTlsContext) this.context).getSecurityParametersHandshake().clientSupportedGroups;
        if (iArr == null) {
            return NamedGroup.getMaximumFiniteFieldBits();
        }
        int i2 = 0;
        for (int i3 : iArr) {
            i2 = Math.max(i2, NamedGroup.getFiniteFieldBits(i3));
        }
        return i2;
    }

    public byte[] getNewSessionID() {
        return null;
    }

    @Override // org.bouncycastle.tls.TlsServer
    public NewSessionTicket getNewSessionTicket() throws IOException {
        return new NewSessionTicket(0L, TlsUtils.EMPTY_BYTES);
    }

    @Override // org.bouncycastle.tls.TlsServer
    public TlsPSKIdentityManager getPSKIdentityManager() throws IOException {
        return null;
    }

    protected Vector getProtocolNames() {
        return null;
    }

    @Override // org.bouncycastle.tls.TlsPeer
    public ProtocolVersion[] getProtocolVersions() {
        return this.protocolVersions;
    }

    @Override // org.bouncycastle.tls.TlsServer
    public TlsSRPLoginParameters getSRPLoginParameters() throws IOException {
        return null;
    }

    /* JADX WARN: Removed duplicated region for block: B:79:0x0134  */
    /* JADX WARN: Type inference failed for: r9v12, types: [boolean] */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public int getSelectedCipherSuite() throws java.io.IOException {
        /*
            Method dump skipped, instructions count: 333
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: org.bouncycastle.tls.AbstractTlsServer.getSelectedCipherSuite():int");
    }

    public Hashtable getServerExtensions() throws IOException {
        if (!TlsUtils.isTLSv13(this.context)) {
            if (this.encryptThenMACOffered) {
                if (1 == TlsUtils.getEncryptionAlgorithmType(TlsUtils.getEncryptionAlgorithm(this.selectedCipherSuite))) {
                    this.serverExtensions.put(TlsExtensionsUtils.EXT_encrypt_then_mac, TlsUtils.EMPTY_BYTES);
                }
            }
            if (this.clientSentECPointFormats && TlsECCUtils.isECCCipherSuite(this.selectedCipherSuite)) {
                TlsExtensionsUtils.addSupportedPointFormatsExtension(this.serverExtensions, new short[]{0});
            }
            if (this.statusRequestV2 != null && allowMultiCertStatus()) {
                this.serverExtensions.put(TlsExtensionsUtils.EXT_status_request_v2, TlsUtils.EMPTY_BYTES);
            } else if (this.certificateStatusRequest != null && allowCertificateStatus()) {
                this.serverExtensions.put(TlsExtensionsUtils.EXT_status_request, TlsUtils.EMPTY_BYTES);
            }
            if (this.trustedCAKeys != null && allowTrustedCAIndication()) {
                this.serverExtensions.put(TlsExtensionsUtils.EXT_trusted_ca_keys, TlsUtils.EMPTY_BYTES);
            }
        } else if (this.certificateStatusRequest != null) {
            allowCertificateStatus();
        }
        short s2 = this.maxFragmentLengthOffered;
        if (s2 >= 0 && MaxFragmentLength.isValid(s2)) {
            Hashtable hashtable = this.serverExtensions;
            short s3 = this.maxFragmentLengthOffered;
            Integer num = TlsExtensionsUtils.EXT_max_fragment_length;
            TlsUtils.checkUint8(s3);
            hashtable.put(num, new byte[]{(byte) s3});
        }
        return this.serverExtensions;
    }

    @Override // org.bouncycastle.tls.TlsServer
    public void getServerExtensionsForConnection(Hashtable hashtable) throws IOException {
        Vector vector;
        if (!shouldSelectProtocolNameEarly() && (vector = this.clientProtocolNames) != null && !vector.isEmpty()) {
            this.selectedProtocolName = selectProtocolName();
        }
        ProtocolName protocolName = this.selectedProtocolName;
        if (protocolName == null) {
            hashtable.remove(TlsExtensionsUtils.EXT_application_layer_protocol_negotiation);
            return;
        }
        Integer num = TlsExtensionsUtils.EXT_application_layer_protocol_negotiation;
        Vector vector2 = new Vector();
        vector2.addElement(protocolName);
        hashtable.put(num, TlsExtensionsUtils.createALPNExtensionClient(vector2));
    }

    @Override // org.bouncycastle.tls.TlsServer
    public Vector getServerSupplementalData() throws IOException {
        return null;
    }

    public ProtocolVersion getServerVersion() throws IOException {
        ProtocolVersion[] protocolVersionArr = this.protocolVersions;
        for (ProtocolVersion protocolVersion : ((AbstractTlsContext) this.context).getClientSupportedVersions()) {
            if (ProtocolVersion.contains(protocolVersionArr, protocolVersion)) {
                return protocolVersion;
            }
        }
        throw new TlsFatalAlert((short) 70);
    }

    public TlsSession getSessionToResume(byte[] bArr) {
        return null;
    }

    public int[] getSupportedGroups() throws IOException {
        return new int[]{29, 30, 23, 24, voOSType.VOOSMP_SRC_FFMOVIE_FLV, 257, 258};
    }

    public void init(TlsServerContext tlsServerContext) {
        this.context = tlsServerContext;
        this.protocolVersions = getSupportedVersions();
        this.cipherSuites = getSupportedCipherSuites();
    }

    public void notifyClientCertificate(Certificate certificate) throws IOException {
        throw new TlsFatalAlert((short) 80);
    }

    @Override // org.bouncycastle.tls.TlsServer
    public void notifyClientVersion(ProtocolVersion protocolVersion) throws IOException {
    }

    @Override // org.bouncycastle.tls.TlsServer
    public void notifyFallback(boolean z) throws IOException {
        ProtocolVersion protocolVersion;
        if (z) {
            ProtocolVersion[] protocolVersionArr = this.protocolVersions;
            ProtocolVersion clientVersion = ((AbstractTlsContext) this.context).getClientVersion();
            if (clientVersion.isTLS()) {
                protocolVersion = ProtocolVersion.getLatestTLS(protocolVersionArr);
            } else {
                if (!clientVersion.isDTLS()) {
                    throw new TlsFatalAlert((short) 80);
                }
                ProtocolVersion protocolVersion2 = null;
                if (protocolVersionArr != null) {
                    for (ProtocolVersion protocolVersion3 : protocolVersionArr) {
                        if (protocolVersion3 != null && protocolVersion3.isDTLS() && (protocolVersion2 == null || protocolVersion3.getMinorVersion() < protocolVersion2.getMinorVersion())) {
                            protocolVersion2 = protocolVersion3;
                        }
                    }
                }
                protocolVersion = protocolVersion2;
            }
            if (protocolVersion != null && protocolVersion.isLaterVersionOf(clientVersion)) {
                throw new TlsFatalAlert((short) 86);
            }
        }
    }

    @Override // org.bouncycastle.tls.AbstractTlsPeer, org.bouncycastle.tls.TlsPeer
    public void notifyHandshakeBeginning() throws IOException {
        this.offeredCipherSuites = null;
        this.encryptThenMACOffered = false;
        this.maxFragmentLengthOffered = (short) 0;
        this.truncatedHMacOffered = false;
        this.clientSentECPointFormats = false;
        this.certificateStatusRequest = null;
        this.selectedCipherSuite = -1;
        this.selectedProtocolName = null;
        this.serverExtensions.clear();
    }

    @Override // org.bouncycastle.tls.TlsServer
    public void notifyOfferedCipherSuites(int[] iArr) throws IOException {
        this.offeredCipherSuites = iArr;
    }

    public void notifySession(TlsSession tlsSession) {
    }

    protected boolean preferLocalCipherSuites() {
        return false;
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r9v2 */
    /* JADX WARN: Type inference failed for: r9v4, types: [byte[]] */
    /* JADX WARN: Type inference failed for: r9v6, types: [org.bouncycastle.asn1.x500.X500Name, org.bouncycastle.asn1.ASN1Object] */
    public void processClientExtensions(Hashtable hashtable) throws IOException {
        Vector vector;
        Vector vector2;
        Object obj;
        Vector vector3;
        if (hashtable != null) {
            byte[] extensionData = TlsUtils.getExtensionData(hashtable, TlsExtensionsUtils.EXT_application_layer_protocol_negotiation);
            CertificateStatusRequest certificateStatusRequest = null;
            this.clientProtocolNames = extensionData == null ? null : TlsExtensionsUtils.readALPNExtensionClient(extensionData);
            if (shouldSelectProtocolNameEarly() && (vector3 = this.clientProtocolNames) != null && !vector3.isEmpty()) {
                this.selectedProtocolName = selectProtocolName();
            }
            this.encryptThenMACOffered = TlsExtensionsUtils.hasEncryptThenMACExtension(hashtable);
            this.truncatedHMacOffered = TlsExtensionsUtils.hasTruncatedHMacExtension(hashtable);
            byte[] extensionData2 = TlsUtils.getExtensionData(hashtable, TlsExtensionsUtils.EXT_status_request_v2);
            if (extensionData2 == null) {
                vector = null;
            } else {
                if (extensionData2.length < 3) {
                    throw new TlsFatalAlert((short) 50);
                }
                ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(extensionData2);
                if (TlsUtils.readUint16(byteArrayInputStream) != extensionData2.length - 2) {
                    throw new TlsFatalAlert((short) 50);
                }
                vector = new Vector();
                while (byteArrayInputStream.available() > 0) {
                    short readUint8 = TlsUtils.readUint8(byteArrayInputStream);
                    ByteArrayInputStream byteArrayInputStream2 = new ByteArrayInputStream(TlsUtils.readFully(TlsUtils.readUint16(byteArrayInputStream), byteArrayInputStream));
                    if (readUint8 != 1 && readUint8 != 2) {
                        throw new TlsFatalAlert((short) 50);
                    }
                    OCSPStatusRequest parse = OCSPStatusRequest.parse(byteArrayInputStream2);
                    TlsProtocol.assertEmpty(byteArrayInputStream2);
                    vector.add(new CertificateStatusRequestItemV2(readUint8, parse));
                }
            }
            this.statusRequestV2 = vector;
            byte[] extensionData3 = TlsUtils.getExtensionData(hashtable, TlsExtensionsUtils.EXT_trusted_ca_keys);
            if (extensionData3 == null) {
                vector2 = null;
            } else {
                if (extensionData3.length < 2) {
                    throw new TlsFatalAlert((short) 50);
                }
                ByteArrayInputStream byteArrayInputStream3 = new ByteArrayInputStream(extensionData3);
                if (TlsUtils.readUint16(byteArrayInputStream3) != extensionData3.length - 2) {
                    throw new TlsFatalAlert((short) 50);
                }
                vector2 = new Vector();
                while (byteArrayInputStream3.available() > 0) {
                    short readUint82 = TlsUtils.readUint8(byteArrayInputStream3);
                    if (readUint82 != 0) {
                        if (readUint82 != 1) {
                            if (readUint82 == 2) {
                                byte[] readOpaque16 = TlsUtils.readOpaque16(byteArrayInputStream3, 1);
                                obj = X500Name.getInstance(TlsUtils.readASN1Object(readOpaque16));
                                TlsUtils.requireDEREncoding(obj, readOpaque16);
                            } else if (readUint82 != 3) {
                                throw new TlsFatalAlert((short) 50);
                            }
                        }
                        obj = TlsUtils.readFully(20, byteArrayInputStream3);
                    } else {
                        obj = 0;
                    }
                    vector2.addElement(new TrustedAuthority(readUint82, obj));
                }
            }
            this.trustedCAKeys = vector2;
            byte[] extensionData4 = TlsUtils.getExtensionData(hashtable, TlsExtensionsUtils.EXT_ec_point_formats);
            this.clientSentECPointFormats = (extensionData4 == null ? null : TlsExtensionsUtils.readSupportedPointFormatsExtension(extensionData4)) != null;
            byte[] extensionData5 = TlsUtils.getExtensionData(hashtable, TlsExtensionsUtils.EXT_status_request);
            if (extensionData5 != null) {
                ByteArrayInputStream byteArrayInputStream4 = new ByteArrayInputStream(extensionData5);
                short readUint83 = TlsUtils.readUint8(byteArrayInputStream4);
                if (readUint83 != 1) {
                    throw new TlsFatalAlert((short) 50);
                }
                CertificateStatusRequest certificateStatusRequest2 = new CertificateStatusRequest(readUint83, OCSPStatusRequest.parse(byteArrayInputStream4));
                TlsProtocol.assertEmpty(byteArrayInputStream4);
                certificateStatusRequest = certificateStatusRequest2;
            }
            this.certificateStatusRequest = certificateStatusRequest;
            short maxFragmentLengthExtension = TlsExtensionsUtils.getMaxFragmentLengthExtension(hashtable);
            this.maxFragmentLengthOffered = maxFragmentLengthExtension;
            if (maxFragmentLengthExtension >= 0 && !MaxFragmentLength.isValid(maxFragmentLengthExtension)) {
                throw new TlsFatalAlert((short) 47);
            }
        }
    }

    @Override // org.bouncycastle.tls.TlsServer
    public void processClientSupplementalData(Vector vector) throws IOException {
        if (vector != null) {
            throw new TlsFatalAlert((short) 10);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public boolean selectCipherSuite(int i2) throws IOException {
        this.selectedCipherSuite = i2;
        return true;
    }

    protected int selectDH(int i2) {
        int[] iArr = ((AbstractTlsContext) this.context).getSecurityParametersHandshake().clientSupportedGroups;
        if (iArr == null) {
            return selectDHDefault(i2);
        }
        for (int i3 : iArr) {
            if (NamedGroup.getFiniteFieldBits(i3) >= i2) {
                return i3;
            }
        }
        return -1;
    }

    protected int selectDHDefault(int i2) {
        if (i2 <= 2048) {
            return voOSType.VOOSMP_SRC_FFMOVIE_FLV;
        }
        if (i2 <= 3072) {
            return 257;
        }
        if (i2 <= 4096) {
            return 258;
        }
        if (i2 <= 6144) {
            return 259;
        }
        return i2 <= 8192 ? 260 : -1;
    }

    protected int selectECDH(int i2) {
        int[] iArr = ((AbstractTlsContext) this.context).getSecurityParametersHandshake().clientSupportedGroups;
        if (iArr == null) {
            return selectECDHDefault(i2);
        }
        for (int i3 : iArr) {
            if (NamedGroup.getCurveBits(i3) >= i2) {
                return i3;
            }
        }
        return -1;
    }

    protected int selectECDHDefault(int i2) {
        if (i2 <= 256) {
            return 23;
        }
        if (i2 <= 384) {
            return 24;
        }
        return i2 <= 521 ? 25 : -1;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public ProtocolName selectProtocolName() throws IOException {
        Vector protocolNames = getProtocolNames();
        ProtocolName protocolName = null;
        if (protocolNames == null || protocolNames.isEmpty()) {
            return null;
        }
        Vector vector = this.clientProtocolNames;
        int i2 = 0;
        while (true) {
            if (i2 >= protocolNames.size()) {
                break;
            }
            ProtocolName protocolName2 = (ProtocolName) protocolNames.elementAt(i2);
            if (vector.contains(protocolName2)) {
                protocolName = protocolName2;
                break;
            }
            i2++;
        }
        if (protocolName != null) {
            return protocolName;
        }
        throw new TlsFatalAlert((short) 120);
    }

    protected boolean shouldSelectProtocolNameEarly() {
        return true;
    }
}
