package org.bouncycastle.jsse.provider;

import com.android.tools.r8.GeneratedOutlineSupport;
import java.io.IOException;
import java.math.BigInteger;
import java.security.Principal;
import java.util.ArrayList;
import java.util.Collections;
import java.util.Hashtable;
import java.util.Iterator;
import java.util.LinkedHashMap;
import java.util.List;
import java.util.Map;
import java.util.Set;
import java.util.Vector;
import java.util.logging.Level;
import java.util.logging.Logger;
import org.bouncycastle.asn1.x500.X500Name;
import org.bouncycastle.jsse.BCSNIServerName;
import org.bouncycastle.jsse.BCX509Key;
import org.bouncycastle.jsse.java.security.BCAlgorithmConstraints;
import org.bouncycastle.jsse.java.security.BCCryptoPrimitive;
import org.bouncycastle.tls.CertificateRequest;
import org.bouncycastle.tls.CertificateStatus;
import org.bouncycastle.tls.DefaultTlsServer;
import org.bouncycastle.tls.ProtocolName;
import org.bouncycastle.tls.ProtocolVersion;
import org.bouncycastle.tls.SessionParameters;
import org.bouncycastle.tls.SignatureAndHashAlgorithm;
import org.bouncycastle.tls.TlsCredentialedSigner;
import org.bouncycastle.tls.TlsCredentials;
import org.bouncycastle.tls.TlsDHUtils;
import org.bouncycastle.tls.TlsExtensionsUtils;
import org.bouncycastle.tls.TlsFatalAlert;
import org.bouncycastle.tls.TlsSession;
import org.bouncycastle.tls.TlsUtils;
import org.bouncycastle.tls.crypto.DHGroup;
import org.bouncycastle.tls.crypto.impl.jcajce.JcaTlsCrypto;
import org.bouncycastle.tls.crypto.impl.jcajce.JceDefaultTlsCredentialedDecryptor;
import org.bouncycastle.util.Arrays;
import org.bouncycastle.util.encoders.Hex;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: classes4.dex */
public class ProvTlsServer extends DefaultTlsServer implements ProvTlsPeer {
    private static final Logger LOG = Logger.getLogger(ProvTlsServer.class.getName());
    private static final int provEphemeralDHKeySize = PropertyUtils.getIntegerSystemProperty("jdk.tls.ephemeralDHKeySize", 2048, 1024, 8192);
    private static final boolean provServerEnableCA;
    private static final boolean provServerEnableSessionResumption;
    private static final boolean provServerEnableTrustedCAKeys;
    protected TlsCredentials credentials;
    protected boolean handshakeComplete;
    protected final JsseSecurityParameters jsseSecurityParameters;
    protected Set<String> keyManagerMissCache;
    protected final ProvTlsManager manager;
    protected BCSNIServerName matchedSNIServerName;
    protected final ProvSSLParameters sslParameters;
    protected ProvSSLSession sslSession;

    static {
        int i2;
        int indexOf;
        int i3;
        int indexOf2;
        String stringSecurityProperty = PropertyUtils.getStringSecurityProperty("jdk.tls.server.defaultDHEParameters");
        if (stringSecurityProperty != null) {
            Set<BCCryptoPrimitive> set = JsseUtils.KEY_AGREEMENT_CRYPTO_PRIMITIVES_BC;
            if (!(stringSecurityProperty.length() < 1)) {
                int length = stringSecurityProperty.length();
                char[] cArr = new char[length];
                int i4 = 0;
                for (int i5 = 0; i5 < length; i5++) {
                    char charAt = stringSecurityProperty.charAt(i5);
                    if (!Character.isWhitespace(charAt)) {
                        cArr[i4] = charAt;
                        i4++;
                    }
                }
                if (i4 == 0) {
                    stringSecurityProperty = JsseUtils.EMPTY_STRING;
                } else if (i4 != length) {
                    stringSecurityProperty = new String(cArr, 0, i4);
                }
            }
            String stripDoubleQuotes = JsseUtils.stripDoubleQuotes(stringSecurityProperty);
            int length2 = stripDoubleQuotes.length();
            if (length2 >= 1) {
                ArrayList arrayList = new ArrayList();
                int i6 = -1;
                do {
                    int i7 = i6 + 1;
                    if (i7 >= length2 || '{' != stripDoubleQuotes.charAt(i7) || (indexOf = stripDoubleQuotes.indexOf(44, (i2 = i7 + 1))) <= i2 || (indexOf2 = stripDoubleQuotes.indexOf(125, (i3 = indexOf + 1))) <= i3) {
                        break;
                    }
                    try {
                        BigInteger bigInteger = new BigInteger(stripDoubleQuotes.substring(i2, indexOf), 16);
                        BigInteger bigInteger2 = new BigInteger(stripDoubleQuotes.substring(i3, indexOf2), 16);
                        DHGroup standardGroupForDHParameters = TlsDHUtils.getStandardGroupForDHParameters(bigInteger, bigInteger2);
                        if (standardGroupForDHParameters != null) {
                            arrayList.add(standardGroupForDHParameters);
                        } else if (bigInteger.isProbablePrime(120)) {
                            arrayList.add(new DHGroup(bigInteger, null, bigInteger2, 0));
                        } else {
                            LOG.log(Level.WARNING, "Non-prime modulus ignored in security property [jdk.tls.server.defaultDHEParameters]: " + bigInteger.toString(16));
                        }
                        i6 = indexOf2 + 1;
                        if (i6 >= length2) {
                            break;
                        }
                    } catch (Exception unused) {
                    }
                } while (',' == stripDoubleQuotes.charAt(i6));
                LOG.log(Level.WARNING, "Invalid syntax for security property [jdk.tls.server.defaultDHEParameters]");
            }
        }
        provServerEnableCA = PropertyUtils.getBooleanSystemProperty("jdk.tls.server.enableCAExtension", true);
        provServerEnableSessionResumption = PropertyUtils.getBooleanSystemProperty("org.bouncycastle.jsse.server.enableSessionResumption", true);
        provServerEnableTrustedCAKeys = PropertyUtils.getBooleanSystemProperty("org.bouncycastle.jsse.server.enableTrustedCAKeysExtension", false);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public ProvTlsServer(ProvTlsManager provTlsManager, ProvSSLParameters provSSLParameters) {
        super(provTlsManager.getContextData().getCrypto());
        this.jsseSecurityParameters = new JsseSecurityParameters();
        this.sslSession = null;
        this.matchedSNIServerName = null;
        this.keyManagerMissCache = null;
        this.credentials = null;
        this.handshakeComplete = false;
        this.manager = provTlsManager;
        this.sslParameters = provSSLParameters.copyForConnection();
    }

    private void handleKeyManagerMisses(LinkedHashMap<String, SignatureSchemeInfo> linkedHashMap, String str) {
        for (Map.Entry<String, SignatureSchemeInfo> entry : linkedHashMap.entrySet()) {
            String key = entry.getKey();
            if (key.equals(str)) {
                return;
            }
            this.keyManagerMissCache.add(key);
            Logger logger = LOG;
            if (logger.isLoggable(Level.FINER)) {
                logger.finer("Server found no credentials for signature scheme '" + entry.getValue() + "' (keyType '" + key + "')");
            }
        }
    }

    @Override // org.bouncycastle.tls.AbstractTlsServer
    protected boolean allowCertificateStatus() {
        return false;
    }

    @Override // org.bouncycastle.tls.AbstractTlsPeer, org.bouncycastle.tls.TlsPeer
    public boolean allowLegacyResumption() {
        return JsseUtils.allowLegacyResumption();
    }

    @Override // org.bouncycastle.tls.AbstractTlsServer
    protected boolean allowMultiCertStatus() {
        return false;
    }

    @Override // org.bouncycastle.tls.AbstractTlsServer
    protected boolean allowTrustedCAIndication() {
        return this.jsseSecurityParameters.trustedIssuers != null;
    }

    @Override // org.bouncycastle.tls.AbstractTlsServer, org.bouncycastle.tls.TlsServer
    public CertificateRequest getCertificateRequest() throws IOException {
        if (!isClientAuthEnabled()) {
            return null;
        }
        ContextData contextData = this.manager.getContextData();
        ProtocolVersion serverVersion = this.context.getServerVersion();
        List<SignatureSchemeInfo> activeCertsSignatureSchemes = contextData.getActiveCertsSignatureSchemes(true, this.sslParameters, new ProtocolVersion[]{serverVersion}, this.jsseSecurityParameters.namedGroups);
        JsseSecurityParameters jsseSecurityParameters = this.jsseSecurityParameters;
        jsseSecurityParameters.localSigSchemes = activeCertsSignatureSchemes;
        jsseSecurityParameters.localSigSchemesCert = activeCertsSignatureSchemes;
        Vector<SignatureAndHashAlgorithm> signatureAndHashAlgorithms = SignatureSchemeInfo.getSignatureAndHashAlgorithms(activeCertsSignatureSchemes);
        Vector<X500Name> certificateAuthorities = provServerEnableCA ? JsseUtils.getCertificateAuthorities(contextData.getX509TrustManager()) : null;
        if (!TlsUtils.isTLSv13(serverVersion)) {
            return new CertificateRequest(new short[]{64, 1, 2}, signatureAndHashAlgorithms, certificateAuthorities);
        }
        byte[] bArr = TlsUtils.EMPTY_BYTES;
        JsseSecurityParameters jsseSecurityParameters2 = this.jsseSecurityParameters;
        List<SignatureSchemeInfo> list = jsseSecurityParameters2.localSigSchemes;
        List<SignatureSchemeInfo> list2 = jsseSecurityParameters2.localSigSchemesCert;
        return new CertificateRequest(bArr, signatureAndHashAlgorithms, list != list2 ? SignatureSchemeInfo.getSignatureAndHashAlgorithms(list2) : null, certificateAuthorities);
    }

    @Override // org.bouncycastle.tls.AbstractTlsServer, org.bouncycastle.tls.TlsServer
    public CertificateStatus getCertificateStatus() throws IOException {
        return null;
    }

    @Override // org.bouncycastle.tls.DefaultTlsServer, org.bouncycastle.tls.TlsServer
    public TlsCredentials getCredentials() throws IOException {
        return this.credentials;
    }

    @Override // org.bouncycastle.tls.AbstractTlsPeer, org.bouncycastle.tls.TlsPeer
    public JcaTlsCrypto getCrypto() {
        return this.manager.getContextData().getCrypto();
    }

    @Override // org.bouncycastle.tls.AbstractTlsPeer, org.bouncycastle.tls.TlsPeer, org.bouncycastle.tls.TlsClient
    public int getMaxCertificateChainLength() {
        return JsseUtils.getMaxCertificateChainLength();
    }

    @Override // org.bouncycastle.tls.AbstractTlsPeer, org.bouncycastle.tls.TlsPeer, org.bouncycastle.tls.TlsClient
    public int getMaxHandshakeMessageSize() {
        return JsseUtils.getMaxHandshakeMessageSize();
    }

    @Override // org.bouncycastle.tls.AbstractTlsServer
    protected int getMaximumNegotiableCurveBits() {
        return NamedGroupInfo.getMaximumBitsServerECDH(this.jsseSecurityParameters.namedGroups);
    }

    @Override // org.bouncycastle.tls.AbstractTlsServer
    protected int getMaximumNegotiableFiniteFieldBits() {
        int maximumBitsServerFFDHE = NamedGroupInfo.getMaximumBitsServerFFDHE(this.jsseSecurityParameters.namedGroups);
        if (maximumBitsServerFFDHE >= provEphemeralDHKeySize) {
            return maximumBitsServerFFDHE;
        }
        return 0;
    }

    @Override // org.bouncycastle.tls.AbstractTlsServer, org.bouncycastle.tls.TlsServer
    public byte[] getNewSessionID() {
        if (!provServerEnableSessionResumption || TlsUtils.isTLSv13(this.context)) {
            return null;
        }
        return this.context.getNonceGenerator().generateNonce(32);
    }

    @Override // org.bouncycastle.tls.AbstractTlsServer
    protected Vector<ProtocolName> getProtocolNames() {
        return JsseUtils.getProtocolNames(this.sslParameters.getApplicationProtocols());
    }

    /* JADX WARN: Removed duplicated region for block: B:17:0x0063  */
    /* JADX WARN: Removed duplicated region for block: B:20:0x0076  */
    /* JADX WARN: Removed duplicated region for block: B:25:0x009c  */
    /* JADX WARN: Removed duplicated region for block: B:28:0x00cf  */
    /* JADX WARN: Removed duplicated region for block: B:30:0x0066  */
    @Override // org.bouncycastle.tls.AbstractTlsServer, org.bouncycastle.tls.TlsServer
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public int getSelectedCipherSuite() throws java.io.IOException {
        /*
            r9 = this;
            org.bouncycastle.jsse.provider.ProvTlsManager r0 = r9.manager
            org.bouncycastle.jsse.provider.ContextData r0 = r0.getContextData()
            org.bouncycastle.tls.TlsServerContext r1 = r9.context
            org.bouncycastle.tls.SecurityParameters r1 = r1.getSecurityParametersHandshake()
            int[] r2 = r1.getClientSupportedGroups()
            org.bouncycastle.jsse.provider.JsseSecurityParameters r3 = r9.jsseSecurityParameters
            org.bouncycastle.jsse.provider.NamedGroupInfo$PerConnection r3 = r3.namedGroups
            int r4 = org.bouncycastle.jsse.provider.NamedGroupInfo.$r8$clinit
            java.util.Map r4 = org.bouncycastle.jsse.provider.NamedGroupInfo.PerConnection.access$100(r3)
            boolean r5 = org.bouncycastle.tls.TlsUtils.isNullOrEmpty(r2)
            if (r5 == 0) goto L21
            goto L44
        L21:
            int r5 = r2.length
            java.util.ArrayList r6 = new java.util.ArrayList
            r6.<init>(r5)
            r7 = 0
        L28:
            if (r7 >= r5) goto L3e
            r8 = r2[r7]
            java.lang.Integer r8 = java.lang.Integer.valueOf(r8)
            java.lang.Object r8 = r4.get(r8)
            org.bouncycastle.jsse.provider.NamedGroupInfo r8 = (org.bouncycastle.jsse.provider.NamedGroupInfo) r8
            if (r8 == 0) goto L3b
            r6.add(r8)
        L3b:
            int r7 = r7 + 1
            goto L28
        L3e:
            boolean r2 = r6.isEmpty()
            if (r2 == 0) goto L49
        L44:
            java.util.List r6 = java.util.Collections.emptyList()
            goto L4c
        L49:
            r6.trimToSize()
        L4c:
            org.bouncycastle.jsse.provider.NamedGroupInfo.PerConnection.access$300(r3, r6)
            java.util.Vector r2 = r1.getClientSigAlgs()
            java.util.Vector r1 = r1.getClientSigAlgsCert()
            org.bouncycastle.jsse.provider.JsseSecurityParameters r3 = r9.jsseSecurityParameters
            java.util.List r4 = r0.getSignatureSchemes(r2)
            r3.peerSigSchemes = r4
            org.bouncycastle.jsse.provider.JsseSecurityParameters r3 = r9.jsseSecurityParameters
            if (r2 != r1) goto L66
            java.util.List<org.bouncycastle.jsse.provider.SignatureSchemeInfo> r1 = r3.peerSigSchemes
            goto L6a
        L66:
            java.util.List r1 = r0.getSignatureSchemes(r1)
        L6a:
            r3.peerSigSchemesCert = r1
            java.util.logging.Logger r1 = org.bouncycastle.jsse.provider.ProvTlsServer.LOG
            java.util.logging.Level r2 = java.util.logging.Level.FINEST
            boolean r2 = r1.isLoggable(r2)
            if (r2 == 0) goto L94
            org.bouncycastle.jsse.provider.JsseSecurityParameters r2 = r9.jsseSecurityParameters
            java.util.List<org.bouncycastle.jsse.provider.SignatureSchemeInfo> r2 = r2.peerSigSchemes
            java.lang.String r3 = "Peer signature_algorithms"
            java.lang.String r2 = org.bouncycastle.jsse.provider.JsseUtils.getSignatureAlgorithmsReport(r3, r2)
            r1.finest(r2)
            org.bouncycastle.jsse.provider.JsseSecurityParameters r2 = r9.jsseSecurityParameters
            java.util.List<org.bouncycastle.jsse.provider.SignatureSchemeInfo> r3 = r2.peerSigSchemesCert
            java.util.List<org.bouncycastle.jsse.provider.SignatureSchemeInfo> r2 = r2.peerSigSchemes
            if (r3 == r2) goto L94
            java.lang.String r2 = "Peer signature_algorithms_cert"
            java.lang.String r2 = org.bouncycastle.jsse.provider.JsseUtils.getSignatureAlgorithmsReport(r2, r3)
            r1.finest(r2)
        L94:
            org.bouncycastle.jsse.BCX509ExtendedKeyManager r2 = org.bouncycastle.jsse.provider.DummyX509KeyManager.INSTANCE
            org.bouncycastle.jsse.BCX509ExtendedKeyManager r0 = r0.getX509KeyManager()
            if (r2 == r0) goto Lcf
            java.util.HashSet r0 = new java.util.HashSet
            r0.<init>()
            r9.keyManagerMissCache = r0
            int r0 = super.getSelectedCipherSuite()
            r2 = 0
            r9.keyManagerMissCache = r2
            org.bouncycastle.jsse.provider.ProvTlsManager r2 = r9.manager
            org.bouncycastle.jsse.provider.ContextData r2 = r2.getContextData()
            org.bouncycastle.jsse.provider.ProvSSLContextSpi r2 = r2.getContext()
            org.bouncycastle.jsse.provider.ProvSSLParameters r3 = r9.sslParameters
            java.lang.String r2 = r2.validateNegotiatedCipherSuite(r3, r0)
            java.lang.StringBuilder r3 = new java.lang.StringBuilder
            r3.<init>()
            java.lang.String r4 = "Server selected cipher suite: "
            r3.append(r4)
            r3.append(r2)
            java.lang.String r2 = r3.toString()
            r1.fine(r2)
            return r0
        Lcf:
            org.bouncycastle.tls.TlsFatalAlert r0 = new org.bouncycastle.tls.TlsFatalAlert
            r1 = 40
            r0.<init>(r1)
            throw r0
        */
        throw new UnsupportedOperationException("Method not decompiled: org.bouncycastle.jsse.provider.ProvTlsServer.getSelectedCipherSuite():int");
    }

    @Override // org.bouncycastle.tls.AbstractTlsServer, org.bouncycastle.tls.TlsServer
    public Hashtable<Integer, byte[]> getServerExtensions() throws IOException {
        super.getServerExtensions();
        if (this.matchedSNIServerName != null) {
            this.serverExtensions.put(TlsExtensionsUtils.EXT_server_name, TlsUtils.EMPTY_BYTES);
        }
        return this.serverExtensions;
    }

    @Override // org.bouncycastle.tls.AbstractTlsServer, org.bouncycastle.tls.TlsServer
    public ProtocolVersion getServerVersion() throws IOException {
        ProtocolVersion serverVersion = super.getServerVersion();
        String validateNegotiatedProtocol = this.manager.getContextData().getContext().validateNegotiatedProtocol(this.sslParameters, serverVersion);
        LOG.fine("Server selected protocol version: " + validateNegotiatedProtocol);
        return serverVersion;
    }

    @Override // org.bouncycastle.tls.AbstractTlsServer, org.bouncycastle.tls.TlsServer
    public TlsSession getSessionToResume(byte[] bArr) {
        ProvSSLSession sessionImpl;
        ProvSSLSessionContext serverSessionContext = this.manager.getContextData().getServerSessionContext();
        if (provServerEnableSessionResumption && (sessionImpl = serverSessionContext.getSessionImpl(bArr)) != null) {
            TlsSession tlsSession = sessionImpl.tlsSession;
            if (isResumable(sessionImpl, tlsSession)) {
                this.sslSession = sessionImpl;
                return tlsSession;
            }
        }
        JsseUtils.checkSessionCreationEnabled(this.manager);
        return null;
    }

    @Override // org.bouncycastle.tls.DefaultTlsServer, org.bouncycastle.tls.AbstractTlsPeer
    protected int[] getSupportedCipherSuites() {
        return this.manager.getContextData().getContext().getActiveCipherSuites(getCrypto(), this.sslParameters, getProtocolVersions());
    }

    @Override // org.bouncycastle.tls.AbstractTlsServer, org.bouncycastle.tls.TlsServer
    public int[] getSupportedGroups() throws IOException {
        int i2 = 0;
        this.jsseSecurityParameters.namedGroups = this.manager.getContextData().getNamedGroups(this.sslParameters, new ProtocolVersion[]{this.context.getServerVersion()});
        Set keySet = this.jsseSecurityParameters.namedGroups.local.keySet();
        int[] iArr = new int[keySet.size()];
        Iterator it = keySet.iterator();
        while (it.hasNext()) {
            iArr[i2] = ((Integer) it.next()).intValue();
            i2++;
        }
        return iArr;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.bouncycastle.tls.AbstractTlsPeer
    public ProtocolVersion[] getSupportedVersions() {
        return this.manager.getContextData().getContext().getActiveProtocolVersions(this.sslParameters);
    }

    protected boolean isClientAuthEnabled() {
        return this.sslParameters.getNeedClientAuth() || this.sslParameters.getWantClientAuth();
    }

    @Override // org.bouncycastle.jsse.provider.ProvTlsPeer
    public synchronized boolean isHandshakeComplete() {
        return this.handshakeComplete;
    }

    protected boolean isResumable(ProvSSLSession provSSLSession, TlsSession tlsSession) {
        SessionParameters exportSessionParameters;
        if (tlsSession != null && tlsSession.isResumable()) {
            ProtocolVersion negotiatedVersion = this.context.getSecurityParametersHandshake().getNegotiatedVersion();
            if (TlsUtils.isTLSv13(negotiatedVersion) || (exportSessionParameters = tlsSession.exportSessionParameters()) == null || !negotiatedVersion.equals(exportSessionParameters.getNegotiatedVersion()) || !Arrays.contains(getCipherSuites(), exportSessionParameters.getCipherSuite()) || !Arrays.contains(this.offeredCipherSuites, exportSessionParameters.getCipherSuite()) || !exportSessionParameters.isExtendedMasterSecret()) {
                return false;
            }
            JsseSessionParameters jsseSessionParameters = provSSLSession.jsseSessionParameters;
            BCSNIServerName bCSNIServerName = this.matchedSNIServerName;
            BCSNIServerName matchedSNIServerName = jsseSessionParameters.getMatchedSNIServerName();
            Set<BCCryptoPrimitive> set = JsseUtils.KEY_AGREEMENT_CRYPTO_PRIMITIVES_BC;
            if (bCSNIServerName == matchedSNIServerName || !(bCSNIServerName == null || matchedSNIServerName == null || !bCSNIServerName.equals(matchedSNIServerName))) {
                return true;
            }
            LOG.finest("Session not resumable - SNI mismatch; connection: " + bCSNIServerName + ", session: " + matchedSNIServerName);
            return false;
        }
        return false;
    }

    @Override // org.bouncycastle.tls.AbstractTlsPeer, org.bouncycastle.tls.TlsPeer
    public void notifyAlertRaised(short s2, short s3, String str, Throwable th) {
        Level level = s2 == 1 ? Level.FINE : s3 == 80 ? Level.WARNING : Level.INFO;
        Logger logger = LOG;
        if (logger.isLoggable(level)) {
            String alertLogMessage = JsseUtils.getAlertLogMessage("Server raised", s2, s3);
            if (str != null) {
                alertLogMessage = GeneratedOutlineSupport.outline46(alertLogMessage, ": ", str);
            }
            logger.log(level, alertLogMessage, th);
        }
    }

    @Override // org.bouncycastle.tls.AbstractTlsPeer, org.bouncycastle.tls.TlsPeer
    public void notifyAlertReceived(short s2, short s3) {
        Level level = s2 == 1 ? Level.FINE : Level.INFO;
        Logger logger = LOG;
        if (logger.isLoggable(level)) {
            logger.log(level, JsseUtils.getAlertLogMessage("Server received", s2, s3));
        }
    }

    /*  JADX ERROR: JadxRuntimeException in pass: RegionMakerVisitor
        jadx.core.utils.exceptions.JadxRuntimeException: Failed to find switch 'out' block (already processed)
        	at jadx.core.dex.visitors.regions.RegionMaker.calcSwitchOut(RegionMaker.java:923)
        	at jadx.core.dex.visitors.regions.RegionMaker.processSwitch(RegionMaker.java:797)
        	at jadx.core.dex.visitors.regions.RegionMaker.traverse(RegionMaker.java:157)
        	at jadx.core.dex.visitors.regions.RegionMaker.makeRegion(RegionMaker.java:91)
        	at jadx.core.dex.visitors.regions.RegionMaker.processFallThroughCases(RegionMaker.java:841)
        	at jadx.core.dex.visitors.regions.RegionMaker.processSwitch(RegionMaker.java:800)
        	at jadx.core.dex.visitors.regions.RegionMaker.traverse(RegionMaker.java:157)
        	at jadx.core.dex.visitors.regions.RegionMaker.makeRegion(RegionMaker.java:91)
        	at jadx.core.dex.visitors.regions.RegionMaker.processIf(RegionMaker.java:735)
        	at jadx.core.dex.visitors.regions.RegionMaker.traverse(RegionMaker.java:152)
        	at jadx.core.dex.visitors.regions.RegionMaker.makeRegion(RegionMaker.java:91)
        	at jadx.core.dex.visitors.regions.RegionMaker.processIf(RegionMaker.java:740)
        	at jadx.core.dex.visitors.regions.RegionMaker.traverse(RegionMaker.java:152)
        	at jadx.core.dex.visitors.regions.RegionMaker.makeRegion(RegionMaker.java:91)
        	at jadx.core.dex.visitors.regions.RegionMaker.processIf(RegionMaker.java:735)
        	at jadx.core.dex.visitors.regions.RegionMaker.traverse(RegionMaker.java:152)
        	at jadx.core.dex.visitors.regions.RegionMaker.makeRegion(RegionMaker.java:91)
        	at jadx.core.dex.visitors.regions.RegionMakerVisitor.visit(RegionMakerVisitor.java:52)
        */
    /* JADX WARN: Can't fix incorrect switch cases order, some code will duplicate */
    /* JADX WARN: Failed to find 'out' block for switch in B:14:0x0037. Please report as an issue. */
    @Override // org.bouncycastle.tls.AbstractTlsServer, org.bouncycastle.tls.TlsServer
    public void notifyClientCertificate(org.bouncycastle.tls.Certificate r5) throws java.io.IOException {
        /*
            r4 = this;
            boolean r0 = r4.isClientAuthEnabled()
            if (r0 == 0) goto L7b
            if (r5 == 0) goto L5f
            boolean r0 = r5.isEmpty()
            if (r0 == 0) goto Lf
            goto L5f
        Lf:
            org.bouncycastle.tls.crypto.impl.jcajce.JcaTlsCrypto r0 = r4.getCrypto()
            java.security.cert.X509Certificate[] r0 = org.bouncycastle.jsse.provider.JsseUtils.getX509CertificateChain(r0, r5)
            r1 = 0
            org.bouncycastle.tls.crypto.impl.jcajce.JcaTlsCertificate r5 = r5.getCertificateAt(r1)
            r1 = 7
            boolean r2 = r5.supportsSignatureAlgorithm(r1)
            r3 = 8
            if (r2 == 0) goto L26
            goto L33
        L26:
            boolean r1 = r5.supportsSignatureAlgorithm(r3)
            if (r1 == 0) goto L2f
            r1 = 8
            goto L33
        L2f:
            short r1 = r5.getLegacySignatureAlgorithm()
        L33:
            if (r1 < 0) goto L57
            java.lang.String r5 = "RSA"
            switch(r1) {
                case 1: goto L51;
                case 2: goto L4c;
                case 3: goto L4f;
                case 4: goto L51;
                case 5: goto L51;
                case 6: goto L51;
                case 7: goto L49;
                case 8: goto L46;
                case 9: goto L43;
                case 10: goto L43;
                case 11: goto L43;
                default: goto L3a;
            }
        L3a:
            switch(r1) {
                case 26: goto L4f;
                case 27: goto L4f;
                case 28: goto L4f;
                default: goto L3d;
            }
        L3d:
            java.lang.IllegalArgumentException r5 = new java.lang.IllegalArgumentException
            r5.<init>()
            throw r5
        L43:
            java.lang.String r5 = "RSASSA-PSS"
            goto L51
        L46:
            java.lang.String r5 = "Ed448"
            goto L51
        L49:
            java.lang.String r5 = "Ed25519"
            goto L51
        L4c:
            java.lang.String r5 = "DSA"
            goto L51
        L4f:
            java.lang.String r5 = "EC"
        L51:
            org.bouncycastle.jsse.provider.ProvTlsManager r1 = r4.manager
            r1.checkClientTrusted(r0, r5)
            goto L7a
        L57:
            org.bouncycastle.tls.TlsFatalAlert r5 = new org.bouncycastle.tls.TlsFatalAlert
            r0 = 43
            r5.<init>(r0)
            throw r5
        L5f:
            org.bouncycastle.jsse.provider.ProvSSLParameters r5 = r4.sslParameters
            boolean r5 = r5.getNeedClientAuth()
            if (r5 == 0) goto L7a
            org.bouncycastle.tls.TlsServerContext r5 = r4.context
            boolean r5 = org.bouncycastle.tls.TlsUtils.isTLSv13(r5)
            if (r5 == 0) goto L72
            r5 = 116(0x74, float:1.63E-43)
            goto L74
        L72:
            r5 = 40
        L74:
            org.bouncycastle.tls.TlsFatalAlert r0 = new org.bouncycastle.tls.TlsFatalAlert
            r0.<init>(r5)
            throw r0
        L7a:
            return
        L7b:
            org.bouncycastle.tls.TlsFatalAlert r5 = new org.bouncycastle.tls.TlsFatalAlert
            r0 = 80
            r5.<init>(r0)
            throw r5
        */
        throw new UnsupportedOperationException("Method not decompiled: org.bouncycastle.jsse.provider.ProvTlsServer.notifyClientCertificate(org.bouncycastle.tls.Certificate):void");
    }

    @Override // org.bouncycastle.tls.AbstractTlsPeer, org.bouncycastle.tls.TlsPeer
    public synchronized void notifyHandshakeComplete() throws IOException {
        this.handshakeComplete = true;
        TlsSession session = this.context.getSession();
        ProvSSLSession provSSLSession = this.sslSession;
        if (provSSLSession == null || provSSLSession.tlsSession != session) {
            this.sslSession = this.manager.getContextData().getServerSessionContext().reportSession(this.manager.getPeerHost(), this.manager.getPeerPort(), session, new JsseSessionParameters(null, this.matchedSNIServerName), provServerEnableSessionResumption && !TlsUtils.isTLSv13(this.context) && this.context.getSecurityParametersConnection().isExtendedMasterSecret());
        }
        this.manager.notifyHandshakeComplete(new ProvSSLConnection(this.context, this.sslSession));
    }

    @Override // org.bouncycastle.tls.AbstractTlsPeer, org.bouncycastle.tls.TlsPeer
    public void notifySecureRenegotiation(boolean z) throws IOException {
        if (!z && !PropertyUtils.getBooleanSystemProperty("sun.security.ssl.allowLegacyHelloMessages", true)) {
            throw new TlsFatalAlert((short) 40);
        }
    }

    @Override // org.bouncycastle.tls.AbstractTlsServer, org.bouncycastle.tls.TlsServer
    public void notifySession(TlsSession tlsSession) {
        Logger logger;
        String sb;
        byte[] sessionID = tlsSession.getSessionID();
        ProvSSLSession provSSLSession = this.sslSession;
        if (provSSLSession != null && provSSLSession.tlsSession == tlsSession) {
            Logger logger2 = LOG;
            StringBuilder outline65 = GeneratedOutlineSupport.outline65("Server resumed session: ");
            outline65.append(Hex.toHexString(sessionID));
            logger2.fine(outline65.toString());
        } else {
            this.sslSession = null;
            if (TlsUtils.isNullOrEmpty(sessionID)) {
                logger = LOG;
                sb = "Server did not specify a session ID";
            } else {
                logger = LOG;
                StringBuilder outline652 = GeneratedOutlineSupport.outline65("Server specified new session: ");
                outline652.append(Hex.toHexString(sessionID));
                sb = outline652.toString();
            }
            logger.fine(sb);
            JsseUtils.checkSessionCreationEnabled(this.manager);
        }
        ProvTlsManager provTlsManager = this.manager;
        provTlsManager.notifyHandshakeSession(provTlsManager.getContextData().getServerSessionContext(), this.context.getSecurityParametersHandshake(), this.jsseSecurityParameters, this.sslSession);
    }

    @Override // org.bouncycastle.tls.AbstractTlsServer
    protected boolean preferLocalCipherSuites() {
        return this.sslParameters.getUseCipherSuitesOrder();
    }

    /* JADX WARN: Code restructure failed: missing block: B:39:0x002f, code lost:
    
        continue;
     */
    @Override // org.bouncycastle.tls.AbstractTlsServer, org.bouncycastle.tls.TlsServer
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public void processClientExtensions(java.util.Hashtable r9) throws java.io.IOException {
        /*
            r8 = this;
            super.processClientExtensions(r9)
            org.bouncycastle.tls.TlsServerContext r0 = r8.context
            org.bouncycastle.tls.SecurityParameters r0 = r0.getSecurityParametersHandshake()
            java.util.Vector r0 = r0.getClientServerNames()
            r1 = 0
            if (r0 == 0) goto L87
            org.bouncycastle.jsse.provider.ProvSSLParameters r2 = r8.sslParameters
            java.util.Collection r2 = r2.getSNIMatchers()
            if (r2 == 0) goto L80
            boolean r3 = r2.isEmpty()
            if (r3 == 0) goto L1f
            goto L80
        L1f:
            java.util.Set<org.bouncycastle.jsse.java.security.BCCryptoPrimitive> r3 = org.bouncycastle.jsse.provider.JsseUtils.KEY_AGREEMENT_CRYPTO_PRIMITIVES_BC
            boolean r3 = r0.isEmpty()
            if (r3 != 0) goto L61
            java.util.List r0 = org.bouncycastle.jsse.provider.JsseUtils.convertSNIServerNames(r0)
            java.util.Iterator r2 = r2.iterator()
        L2f:
            boolean r3 = r2.hasNext()
            if (r3 == 0) goto L61
            java.lang.Object r3 = r2.next()
            org.bouncycastle.jsse.BCSNIMatcher r3 = (org.bouncycastle.jsse.BCSNIMatcher) r3
            if (r3 == 0) goto L2f
            int r4 = r3.getType()
            java.util.Iterator r5 = r0.iterator()
        L45:
            boolean r6 = r5.hasNext()
            if (r6 == 0) goto L2f
            java.lang.Object r6 = r5.next()
            org.bouncycastle.jsse.BCSNIServerName r6 = (org.bouncycastle.jsse.BCSNIServerName) r6
            if (r6 == 0) goto L45
            int r7 = r6.getType()
            if (r7 == r4) goto L5a
            goto L45
        L5a:
            boolean r3 = r3.matches(r6)
            if (r3 == 0) goto L2f
            goto L62
        L61:
            r6 = r1
        L62:
            r8.matchedSNIServerName = r6
            if (r6 == 0) goto L78
            java.util.logging.Logger r0 = org.bouncycastle.jsse.provider.ProvTlsServer.LOG
            java.lang.String r2 = "Server accepted SNI: "
            java.lang.StringBuilder r2 = com.android.tools.r8.GeneratedOutlineSupport.outline65(r2)
            org.bouncycastle.jsse.BCSNIServerName r3 = r8.matchedSNIServerName
            r2.append(r3)
            java.lang.String r2 = r2.toString()
            goto L84
        L78:
            org.bouncycastle.tls.TlsFatalAlert r9 = new org.bouncycastle.tls.TlsFatalAlert
            r0 = 112(0x70, float:1.57E-43)
            r9.<init>(r0)
            throw r9
        L80:
            java.util.logging.Logger r0 = org.bouncycastle.jsse.provider.ProvTlsServer.LOG
            java.lang.String r2 = "Server ignored SNI (no matchers specified)"
        L84:
            r0.fine(r2)
        L87:
            org.bouncycastle.tls.TlsServerContext r0 = r8.context
            boolean r0 = org.bouncycastle.tls.TlsUtils.isTLSv13(r0)
            if (r0 == 0) goto L9c
            java.util.Vector r9 = org.bouncycastle.tls.TlsExtensionsUtils.getCertificateAuthoritiesExtension(r9)
            org.bouncycastle.jsse.provider.JsseSecurityParameters r0 = r8.jsseSecurityParameters
            javax.security.auth.x500.X500Principal[] r9 = org.bouncycastle.jsse.provider.JsseUtils.toX500Principals(r9)
            r0.trustedIssuers = r9
            goto Le1
        L9c:
            boolean r9 = org.bouncycastle.jsse.provider.ProvTlsServer.provServerEnableTrustedCAKeys
            if (r9 == 0) goto Le1
            java.util.Vector r9 = r8.trustedCAKeys
            org.bouncycastle.jsse.provider.JsseSecurityParameters r0 = r8.jsseSecurityParameters
            java.util.Set<org.bouncycastle.jsse.java.security.BCCryptoPrimitive> r2 = org.bouncycastle.jsse.provider.JsseUtils.KEY_AGREEMENT_CRYPTO_PRIMITIVES_BC
            if (r9 == 0) goto Ldf
            boolean r2 = r9.isEmpty()
            if (r2 == 0) goto Laf
            goto Ldf
        Laf:
            int r2 = r9.size()
            javax.security.auth.x500.X500Principal[] r3 = new javax.security.auth.x500.X500Principal[r2]
            r4 = 0
        Lb6:
            if (r4 >= r2) goto Lde
            java.lang.Object r5 = r9.get(r4)
            org.bouncycastle.tls.TrustedAuthority r5 = (org.bouncycastle.tls.TrustedAuthority) r5
            r6 = 2
            short r7 = r5.getIdentifierType()
            if (r6 == r7) goto Lc6
            goto Ldf
        Lc6:
            org.bouncycastle.asn1.x500.X500Name r5 = r5.getX509Name()
            if (r5 != 0) goto Lce
            r6 = r1
            goto Ld9
        Lce:
            javax.security.auth.x500.X500Principal r6 = new javax.security.auth.x500.X500Principal
            java.lang.String r7 = "DER"
            byte[] r5 = r5.getEncoded(r7)
            r6.<init>(r5)
        Ld9:
            r3[r4] = r6
            int r4 = r4 + 1
            goto Lb6
        Lde:
            r1 = r3
        Ldf:
            r0.trustedIssuers = r1
        Le1:
            return
        */
        throw new UnsupportedOperationException("Method not decompiled: org.bouncycastle.jsse.provider.ProvTlsServer.processClientExtensions(java.util.Hashtable):void");
    }

    @Override // org.bouncycastle.tls.AbstractTlsPeer, org.bouncycastle.tls.TlsPeer
    public boolean requiresCloseNotify() {
        return JsseUtils.requireCloseNotify();
    }

    @Override // org.bouncycastle.tls.AbstractTlsPeer, org.bouncycastle.tls.TlsPeer
    public boolean requiresExtendedMasterSecret() {
        return !JsseUtils.allowLegacyMasterSecret();
    }

    @Override // org.bouncycastle.tls.AbstractTlsServer
    protected boolean selectCipherSuite(int i2) throws IOException {
        TlsCredentialedSigner createCredentialedSigner13;
        TlsCredentials tlsCredentials;
        Logger logger;
        String str;
        TlsCredentials tlsCredentials2;
        Logger logger2;
        StringBuilder sb;
        String str2;
        Principal[] principalArr = this.jsseSecurityParameters.trustedIssuers;
        int keyExchangeAlgorithm = TlsUtils.getKeyExchangeAlgorithm(i2);
        if (keyExchangeAlgorithm != 0) {
            if (keyExchangeAlgorithm == 1 || keyExchangeAlgorithm == 3 || keyExchangeAlgorithm == 5 || keyExchangeAlgorithm == 17 || keyExchangeAlgorithm == 19) {
                if (1 == keyExchangeAlgorithm || !TlsUtils.isSignatureAlgorithmsExtensionAllowed(this.context.getServerVersion())) {
                    tlsCredentials2 = selectServerCredentialsLegacy(principalArr, keyExchangeAlgorithm);
                } else {
                    BCAlgorithmConstraints algorithmConstraints = this.sslParameters.getAlgorithmConstraints();
                    short legacySignatureAlgorithmServer = TlsUtils.getLegacySignatureAlgorithmServer(keyExchangeAlgorithm);
                    LinkedHashMap<String, SignatureSchemeInfo> linkedHashMap = new LinkedHashMap<>();
                    for (SignatureSchemeInfo signatureSchemeInfo : this.jsseSecurityParameters.peerSigSchemes) {
                        if (TlsUtils.isValidSignatureSchemeForServerKeyExchange(signatureSchemeInfo.getSignatureScheme(), keyExchangeAlgorithm)) {
                            String authTypeServer = legacySignatureAlgorithmServer == signatureSchemeInfo.getSignatureAlgorithm() ? JsseUtils.getAuthTypeServer(keyExchangeAlgorithm) : signatureSchemeInfo.getKeyType();
                            if (!this.keyManagerMissCache.contains(authTypeServer) && !linkedHashMap.containsKey(authTypeServer) && signatureSchemeInfo.isActive(algorithmConstraints, false, true, this.jsseSecurityParameters.namedGroups)) {
                                linkedHashMap.put(authTypeServer, signatureSchemeInfo);
                            }
                        }
                    }
                    if (linkedHashMap.isEmpty()) {
                        logger2 = LOG;
                        sb = new StringBuilder();
                        str2 = "Server (1.2) has no key types to try for KeyExchangeAlgorithm ";
                    } else {
                        BCX509Key chooseServerKey = this.manager.chooseServerKey((String[]) linkedHashMap.keySet().toArray(TlsUtils.EMPTY_STRINGS), principalArr);
                        if (chooseServerKey == null) {
                            handleKeyManagerMisses(linkedHashMap, null);
                            logger2 = LOG;
                            sb = new StringBuilder();
                            str2 = "Server (1.2) did not select any credentials for KeyExchangeAlgorithm ";
                        } else {
                            ProvX509Key provX509Key = (ProvX509Key) chooseServerKey;
                            String keyType = provX509Key.getKeyType();
                            handleKeyManagerMisses(linkedHashMap, keyType);
                            SignatureSchemeInfo signatureSchemeInfo2 = linkedHashMap.get(keyType);
                            if (signatureSchemeInfo2 == null) {
                                throw new TlsFatalAlert((short) 80, "Key manager returned invalid key type");
                            }
                            Logger logger3 = LOG;
                            if (logger3.isLoggable(Level.FINE)) {
                                logger3.fine("Server (1.2) selected credentials for signature scheme '" + signatureSchemeInfo2 + "' (keyType '" + keyType + "'), with private key algorithm '" + JsseUtils.getPrivateKeyAlgorithm(provX509Key.getPrivateKey()) + "'");
                            }
                            createCredentialedSigner13 = JsseUtils.createCredentialedSigner(this.context, getCrypto(), provX509Key, signatureSchemeInfo2.getSignatureAndHashAlgorithm());
                            tlsCredentials2 = createCredentialedSigner13;
                        }
                    }
                    sb.append(str2);
                    sb.append(keyExchangeAlgorithm);
                    logger2.fine(sb.toString());
                }
            }
            tlsCredentials2 = null;
        } else {
            byte[] bArr = TlsUtils.EMPTY_BYTES;
            BCAlgorithmConstraints algorithmConstraints2 = this.sslParameters.getAlgorithmConstraints();
            LinkedHashMap<String, SignatureSchemeInfo> linkedHashMap2 = new LinkedHashMap<>();
            for (SignatureSchemeInfo signatureSchemeInfo3 : this.jsseSecurityParameters.peerSigSchemes) {
                String keyType13 = signatureSchemeInfo3.getKeyType13();
                if (!this.keyManagerMissCache.contains(keyType13) && !linkedHashMap2.containsKey(keyType13) && signatureSchemeInfo3.isActive(algorithmConstraints2, true, false, this.jsseSecurityParameters.namedGroups)) {
                    linkedHashMap2.put(keyType13, signatureSchemeInfo3);
                }
            }
            if (linkedHashMap2.isEmpty()) {
                logger = LOG;
                str = "Server (1.3) found no usable signature schemes";
                tlsCredentials = null;
            } else {
                BCX509Key chooseServerKey2 = this.manager.chooseServerKey((String[]) linkedHashMap2.keySet().toArray(TlsUtils.EMPTY_STRINGS), principalArr);
                if (chooseServerKey2 == null) {
                    tlsCredentials = null;
                    handleKeyManagerMisses(linkedHashMap2, null);
                    logger = LOG;
                    str = "Server (1.3) did not select any credentials";
                } else {
                    ProvX509Key provX509Key2 = (ProvX509Key) chooseServerKey2;
                    String keyType2 = provX509Key2.getKeyType();
                    handleKeyManagerMisses(linkedHashMap2, keyType2);
                    SignatureSchemeInfo signatureSchemeInfo4 = linkedHashMap2.get(keyType2);
                    if (signatureSchemeInfo4 == null) {
                        throw new TlsFatalAlert((short) 80, "Key manager returned invalid key type");
                    }
                    Logger logger4 = LOG;
                    if (logger4.isLoggable(Level.FINE)) {
                        logger4.fine("Server (1.3) selected credentials for signature scheme '" + signatureSchemeInfo4 + "' (keyType '" + keyType2 + "'), with private key algorithm '" + JsseUtils.getPrivateKeyAlgorithm(provX509Key2.getPrivateKey()) + "'");
                    }
                    createCredentialedSigner13 = JsseUtils.createCredentialedSigner13(this.context, getCrypto(), provX509Key2, signatureSchemeInfo4.getSignatureAndHashAlgorithm(), bArr);
                    tlsCredentials2 = createCredentialedSigner13;
                }
            }
            logger.fine(str);
            tlsCredentials2 = tlsCredentials;
        }
        if (tlsCredentials2 != null) {
            super.selectCipherSuite(i2);
            this.credentials = tlsCredentials2;
            return true;
        }
        String cipherSuiteName = ProvSSLContextSpi.getCipherSuiteName(i2);
        LOG.finer("Server found no credentials for cipher suite: " + cipherSuiteName);
        return false;
    }

    @Override // org.bouncycastle.tls.AbstractTlsServer
    protected int selectDH(int i2) {
        return NamedGroupInfo.selectServerFFDHE(this.jsseSecurityParameters.namedGroups, Math.max(i2, provEphemeralDHKeySize));
    }

    @Override // org.bouncycastle.tls.AbstractTlsServer
    protected int selectDHDefault(int i2) {
        throw new UnsupportedOperationException();
    }

    @Override // org.bouncycastle.tls.AbstractTlsServer
    protected int selectECDH(int i2) {
        return NamedGroupInfo.selectServerECDH(this.jsseSecurityParameters.namedGroups, i2);
    }

    @Override // org.bouncycastle.tls.AbstractTlsServer
    protected int selectECDHDefault(int i2) {
        throw new UnsupportedOperationException();
    }

    @Override // org.bouncycastle.tls.AbstractTlsServer
    protected ProtocolName selectProtocolName() throws IOException {
        ArrayList arrayList;
        if (this.sslParameters.getEngineAPSelector() == null && this.sslParameters.getSocketAPSelector() == null) {
            return super.selectProtocolName();
        }
        Vector vector = this.clientProtocolNames;
        Set<BCCryptoPrimitive> set = JsseUtils.KEY_AGREEMENT_CRYPTO_PRIMITIVES_BC;
        if (vector == null || vector.isEmpty()) {
            arrayList = null;
        } else {
            arrayList = new ArrayList(vector.size());
            Iterator it = vector.iterator();
            while (it.hasNext()) {
                arrayList.add(((ProtocolName) it.next()).getUtf8Decoding());
            }
        }
        String selectApplicationProtocol = this.manager.selectApplicationProtocol(Collections.unmodifiableList(arrayList));
        if (selectApplicationProtocol == null) {
            throw new TlsFatalAlert((short) 120);
        }
        if (selectApplicationProtocol.length() < 1) {
            return null;
        }
        if (arrayList.contains(selectApplicationProtocol)) {
            return ProtocolName.asUtf8Encoding(selectApplicationProtocol);
        }
        throw new TlsFatalAlert((short) 120);
    }

    protected TlsCredentials selectServerCredentialsLegacy(Principal[] principalArr, int i2) throws IOException {
        String authTypeServer = JsseUtils.getAuthTypeServer(i2);
        if (this.keyManagerMissCache.contains(authTypeServer)) {
            return null;
        }
        BCX509Key chooseServerKey = this.manager.chooseServerKey(new String[]{authTypeServer}, principalArr);
        if (chooseServerKey == null) {
            this.keyManagerMissCache.add(authTypeServer);
            return null;
        }
        if (1 != i2) {
            return JsseUtils.createCredentialedSigner(this.context, getCrypto(), chooseServerKey, null);
        }
        JcaTlsCrypto crypto = getCrypto();
        ProvX509Key provX509Key = (ProvX509Key) chooseServerKey;
        return new JceDefaultTlsCredentialedDecryptor(crypto, JsseUtils.getCertificateMessage(crypto, provX509Key.getCertificateChain()), provX509Key.getPrivateKey());
    }

    @Override // org.bouncycastle.tls.AbstractTlsServer
    protected boolean shouldSelectProtocolNameEarly() {
        return this.sslParameters.getEngineAPSelector() == null && this.sslParameters.getSocketAPSelector() == null;
    }

    @Override // org.bouncycastle.tls.AbstractTlsPeer, org.bouncycastle.tls.TlsPeer
    public boolean shouldUseExtendedMasterSecret() {
        return JsseUtils.useExtendedMasterSecret();
    }
}
