package org.bouncycastle.jsse.provider;

import com.safelogic.cryptocomply.asn1.x500.X500Name;
import java.security.PrivateKey;
import java.security.cert.X509Certificate;
import java.util.Collection;
import java.util.HashSet;
import java.util.Hashtable;
import java.util.Set;
import java.util.Vector;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.net.ssl.SSLException;
import javax.net.ssl.X509KeyManager;
import javax.net.ssl.X509TrustManager;
import org.bouncycastle.jsse.BCSNIMatcher;
import org.bouncycastle.jsse.BCSNIServerName;
import org.bouncycastle.tls.AlertDescription;
import org.bouncycastle.tls.Certificate;
import org.bouncycastle.tls.CertificateRequest;
import org.bouncycastle.tls.DefaultTlsServer;
import org.bouncycastle.tls.ProtocolVersion;
import org.bouncycastle.tls.ServerNameList;
import org.bouncycastle.tls.TlsCredentials;
import org.bouncycastle.tls.TlsDHUtils;
import org.bouncycastle.tls.TlsExtensionsUtils;
import org.bouncycastle.tls.TlsFatalAlert;
import org.bouncycastle.tls.TlsSession;
import org.bouncycastle.tls.TlsUtils;
import org.bouncycastle.tls.crypto.TlsCrypto;
import org.bouncycastle.tls.crypto.TlsCryptoParameters;
import org.bouncycastle.tls.crypto.TlsDHConfig;
import org.bouncycastle.tls.crypto.impl.jcajce.JcaDefaultTlsCredentialedSigner;
import org.bouncycastle.tls.crypto.impl.jcajce.JcaTlsCrypto;
import org.bouncycastle.tls.crypto.impl.jcajce.JceDefaultTlsCredentialedAgreement;
import org.bouncycastle.tls.crypto.impl.jcajce.JceDefaultTlsCredentialedDecryptor;
import yg.AbstractC0608;
import yg.C0567;
import yg.C0569;
import yg.C0578;
import yg.C0581;
import yg.C0594;
import yg.C0605;
import yg.C0612;
import yg.C0618;
import yg.C0642;
import yg.C0679;
import yg.C0689;

/* loaded from: classes2.dex */
public class ProvTlsServer extends DefaultTlsServer implements ProvTlsPeer {
    public static final /* synthetic */ boolean $assertionsDisabled = false;
    public static Logger LOG = Logger.getLogger(ProvTlsServer.class.getName());
    public static final int provEphemeralDHKeySize;
    public TlsCredentials credentials;
    public boolean handshakeComplete;
    public Set<String> keyManagerMissCache;
    public final ProvTlsManager manager;
    public BCSNIServerName matchedSNIServerName;
    public final ProvSSLParameters sslParameters;
    public ProvSSLSessionImpl sslSession;

    static {
        short m192 = (short) (C0567.m192() ^ 7734);
        int[] iArr = new int["\u000f\n\u0012U\u001d\u0016\u001eY\u0012\u001e\u0017\u0015\u001e\u0017%\u0015!y~\u0003\u001e3\u000e%7#".length()];
        C0569 c0569 = new C0569("\u000f\n\u0012U\u001d\u0016\u001eY\u0012\u001e\u0017\u0015\u001e\u0017%\u0015!y~\u0003\u001e3\u000e%7#");
        int i10 = 0;
        while (c0569.m195()) {
            int m194 = c0569.m194();
            AbstractC0608 m253 = AbstractC0608.m253(m194);
            iArr[i10] = m253.mo254(m253.mo256(m194) - (m192 + i10));
            i10++;
        }
        provEphemeralDHKeySize = PropertyUtils.getIntegerSystemProperty(new String(iArr, 0, i10), 2048, 1024, 8192);
    }

    public ProvTlsServer(ProvTlsManager provTlsManager, ProvSSLParameters provSSLParameters) {
        super(provTlsManager.getContextData().crypto);
        this.sslSession = null;
        this.matchedSNIServerName = null;
        this.keyManagerMissCache = null;
        this.credentials = null;
        this.handshakeComplete = false;
        this.manager = provTlsManager;
        this.sslParameters = provSSLParameters;
        if (!provTlsManager.getEnableSessionCreation()) {
            throw new SSLException(C0642.m341("\u001e1@A8??q5)8;48=3**\\,.4`+ $!\u001b$\u001d'.\u0010\u0010L'\u0014$P\u0013\u0011\bD\u0019\f\u001b\u001c\u0013\n\n<\u0001\u0011\u0005\u0002\u0016{\u0003\u00035\u007f\u000b8}t\u007fnp{uu", (short) (C0594.m246() ^ 13111)));
        }
    }

    @Override // org.bouncycastle.tls.AbstractTlsServer, org.bouncycastle.tls.TlsServer
    public CertificateRequest getCertificateRequest() {
        if (!(this.sslParameters.needClientAuth || this.sslParameters.wantClientAuth)) {
            return null;
        }
        short[] sArr = {1, 2, 64};
        Vector supportedSignatureAlgorithms = TlsUtils.isSignatureAlgorithmsExtensionAllowed(this.serverVersion) ? JsseUtils.getSupportedSignatureAlgorithms(getCrypto()) : null;
        Vector vector = new Vector();
        X509TrustManager x509TrustManager = this.manager.getContextData().tm;
        if (x509TrustManager != null) {
            for (X509Certificate x509Certificate : x509TrustManager.getAcceptedIssuers()) {
                vector.addElement(X500Name.getInstance(x509Certificate.getSubjectX500Principal().getEncoded()));
            }
        }
        return new CertificateRequest(sArr, supportedSignatureAlgorithms, vector);
    }

    @Override // org.bouncycastle.tls.DefaultTlsServer, org.bouncycastle.tls.AbstractTlsServer
    public int[] getCipherSuites() {
        return TlsUtils.getSupportedCipherSuites(this.manager.getContextData().crypto, this.manager.getContext().convertCipherSuites(this.sslParameters.getCipherSuites()));
    }

    @Override // org.bouncycastle.tls.AbstractTlsServer
    public short[] getCompressionMethods() {
        return this.manager.getContext().isFips() ? new short[]{0} : super.getCompressionMethods();
    }

    @Override // org.bouncycastle.tls.DefaultTlsServer, org.bouncycastle.tls.TlsServer
    public TlsCredentials getCredentials() {
        return this.credentials;
    }

    @Override // org.bouncycastle.tls.AbstractTlsServer
    public int getMaximumNegotiableCurveBits() {
        return SupportedGroups.getServerMaximumNegotiableCurveBits(this.manager.getContext().isFips(), this.clientSupportedGroups);
    }

    @Override // org.bouncycastle.tls.AbstractTlsServer
    public int getMaximumNegotiableFiniteFieldBits() {
        int serverMaximumNegotiableFiniteFieldBits = SupportedGroups.getServerMaximumNegotiableFiniteFieldBits(this.manager.getContext().isFips(), this.clientSupportedGroups);
        if (serverMaximumNegotiableFiniteFieldBits >= provEphemeralDHKeySize) {
            return serverMaximumNegotiableFiniteFieldBits;
        }
        return 0;
    }

    @Override // org.bouncycastle.tls.AbstractTlsServer
    public ProtocolVersion getMaximumVersion() {
        return this.manager.getContext().getMaximumVersion(this.sslParameters.getProtocols());
    }

    @Override // org.bouncycastle.tls.AbstractTlsServer, org.bouncycastle.tls.TlsServer
    public int getSelectedCipherSuite() {
        this.keyManagerMissCache = new HashSet();
        int selectedCipherSuite = super.getSelectedCipherSuite();
        Logger logger = LOG;
        StringBuilder sb2 = new StringBuilder();
        short m192 = (short) (C0567.m192() ^ 13002);
        int[] iArr = new int["ATbgWe\u0014h[c]\\n``\u001dahpigu$x{p|nD+".length()];
        C0569 c0569 = new C0569("ATbgWe\u0014h[c]\\n``\u001dahpigu$x{p|nD+");
        int i10 = 0;
        while (c0569.m195()) {
            int m194 = c0569.m194();
            AbstractC0608 m253 = AbstractC0608.m253(m194);
            iArr[i10] = m253.mo254(m253.mo256(m194) - ((m192 + m192) + i10));
            i10++;
        }
        sb2.append(new String(iArr, 0, i10));
        sb2.append(this.manager.getContext().getCipherSuiteString(selectedCipherSuite));
        logger.fine(sb2.toString());
        this.keyManagerMissCache = null;
        return selectedCipherSuite;
    }

    @Override // org.bouncycastle.tls.AbstractTlsServer, org.bouncycastle.tls.TlsServer
    public Hashtable getServerExtensions() {
        super.getServerExtensions();
        if (this.matchedSNIServerName != null) {
            checkServerExtensions().put(TlsExtensionsUtils.EXT_server_name, TlsUtils.EMPTY_BYTES);
        }
        return this.serverExtensions;
    }

    @Override // org.bouncycastle.tls.AbstractTlsServer, org.bouncycastle.tls.TlsServer
    public ProtocolVersion getServerVersion() {
        String[] protocols = this.sslParameters.getProtocols();
        if (protocols != null && protocols.length > 0) {
            for (ProtocolVersion protocolVersion = this.clientVersion; protocolVersion != null; protocolVersion = protocolVersion.getPreviousVersion()) {
                String protocolString = this.manager.getContext().getProtocolString(protocolVersion);
                if (protocolString != null && JsseUtils.contains(protocols, protocolString)) {
                    Logger logger = LOG;
                    StringBuilder sb2 = new StringBuilder();
                    short m250 = (short) (C0605.m250() ^ (-20583));
                    short m2502 = (short) (C0605.m250() ^ (-413));
                    int[] iArr = new int["@`Q*#JKYD~BBDk:nBEV@4I8_WMu\u001a8h\u0001)\"*".length()];
                    C0569 c0569 = new C0569("@`Q*#JKYD~BBDk:nBEV@4I8_WMu\u001a8h\u0001)\"*");
                    int i10 = 0;
                    while (c0569.m195()) {
                        int m194 = c0569.m194();
                        AbstractC0608 m253 = AbstractC0608.m253(m194);
                        int mo256 = m253.mo256(m194);
                        short[] sArr = C0679.f286;
                        iArr[i10] = m253.mo254(mo256 - (sArr[i10 % sArr.length] ^ ((i10 * m2502) + m250)));
                        i10++;
                    }
                    sb2.append(new String(iArr, 0, i10));
                    sb2.append(protocolVersion);
                    logger.fine(sb2.toString());
                    this.serverVersion = protocolVersion;
                    return protocolVersion;
                }
            }
        }
        throw new TlsFatalAlert((short) 70);
    }

    @Override // org.bouncycastle.tls.AbstractTlsServer, org.bouncycastle.tls.TlsServer
    public TlsSession getSessionToResume(byte[] bArr) {
        TlsSession tlsSession;
        ProvSSLSessionImpl sessionImpl = this.manager.getContextData().serverSessionContext.getSessionImpl(bArr);
        this.sslSession = sessionImpl;
        if (sessionImpl != null && (tlsSession = sessionImpl.tlsSession) != null) {
            return tlsSession;
        }
        if (this.manager.getEnableSessionCreation()) {
            return null;
        }
        short m202 = (short) (C0578.m202() ^ (-20413));
        short m2022 = (short) (C0578.m202() ^ (-14594));
        int[] iArr = new int["g\n;\u000f\u0003\u0012\u0015\u000e\u0003\u0005\u0010\nE\u001a\r\u001c\u001d\u0014\u001b\u001b!N\u0011\u001f\u0016R'\u001a)*!((Z\u001f/# 4*11c.9f,2=,.933".length()];
        C0569 c0569 = new C0569("g\n;\u000f\u0003\u0012\u0015\u000e\u0003\u0005\u0010\nE\u001a\r\u001c\u001d\u0014\u001b\u001b!N\u0011\u001f\u0016R'\u001a)*!((Z\u001f/# 4*11c.9f,2=,.933");
        int i10 = 0;
        while (c0569.m195()) {
            int m194 = c0569.m194();
            AbstractC0608 m253 = AbstractC0608.m253(m194);
            iArr[i10] = m253.mo254((m253.mo256(m194) - (m202 + i10)) + m2022);
            i10++;
        }
        throw new IllegalStateException(new String(iArr, 0, i10));
    }

    @Override // org.bouncycastle.jsse.provider.ProvTlsPeer
    public synchronized boolean isHandshakeComplete() {
        return this.handshakeComplete;
    }

    @Override // org.bouncycastle.tls.AbstractTlsPeer, org.bouncycastle.tls.TlsPeer
    public void notifyAlertRaised(short s10, short s11, String str, Throwable th2) {
        Level level = s10 == 1 ? Level.FINE : s11 == 80 ? Level.WARNING : Level.INFO;
        if (LOG.isLoggable(level)) {
            short m192 = (short) (C0567.m192() ^ 10428);
            int[] iArr = new int[",\t&OL\u001d,L\u0011.4J\u0017".length()];
            C0569 c0569 = new C0569(",\t&OL\u001d,L\u0011.4J\u0017");
            int i10 = 0;
            while (c0569.m195()) {
                int m194 = c0569.m194();
                AbstractC0608 m253 = AbstractC0608.m253(m194);
                int mo256 = m253.mo256(m194);
                short[] sArr = C0679.f286;
                iArr[i10] = m253.mo254(mo256 - (sArr[i10 % sArr.length] ^ (m192 + i10)));
                i10++;
            }
            String alertLogMessage = JsseUtils.getAlertLogMessage(new String(iArr, 0, i10), s10, s11);
            if (str != null) {
                alertLogMessage = alertLogMessage + C0581.m227("\u0006$", (short) (C0689.m414() ^ 6655)) + str;
            }
            LOG.log(level, alertLogMessage, th2);
        }
    }

    @Override // org.bouncycastle.tls.AbstractTlsPeer, org.bouncycastle.tls.TlsPeer
    public void notifyAlertReceived(short s10, short s11) {
        super.notifyAlertReceived(s10, s11);
        Level level = s10 == 1 ? Level.FINE : Level.INFO;
        if (LOG.isLoggable(level)) {
            short m272 = (short) (C0612.m272() ^ 23131);
            int[] iArr = new int["\u0012%38(6d8,+.3A11".length()];
            C0569 c0569 = new C0569("\u0012%38(6d8,+.3A11");
            int i10 = 0;
            while (c0569.m195()) {
                int m194 = c0569.m194();
                AbstractC0608 m253 = AbstractC0608.m253(m194);
                iArr[i10] = m253.mo254(m253.mo256(m194) - (((m272 + m272) + m272) + i10));
                i10++;
            }
            LOG.log(level, JsseUtils.getAlertLogMessage(new String(iArr, 0, i10), s10, s11));
        }
    }

    @Override // org.bouncycastle.tls.AbstractTlsServer, org.bouncycastle.tls.TlsServer
    public void notifyClientCertificate(Certificate certificate) {
        if (certificate == null || certificate.isEmpty()) {
            if (this.sslParameters.needClientAuth) {
                throw new TlsFatalAlert((short) 40);
            }
        } else {
            if (!this.manager.isClientTrusted(JsseUtils.getX509CertificateChain(this.manager.getContextData().crypto, certificate), JsseUtils.getAuthTypeClient(certificate.certificateList[0].getClientCertificateType()))) {
                throw new TlsFatalAlert((short) 42);
            }
        }
    }

    @Override // org.bouncycastle.tls.AbstractTlsPeer, org.bouncycastle.tls.TlsPeer
    public synchronized void notifyHandshakeComplete() {
        this.handshakeComplete = true;
        TlsSession session = this.context.getSession();
        ProvSSLSessionImpl provSSLSessionImpl = this.sslSession;
        if (provSSLSessionImpl == null || provSSLSessionImpl.tlsSession != session) {
            this.sslSession = this.manager.getContextData().serverSessionContext.reportSession(session, null, -1);
        }
        this.manager.notifyHandshakeComplete(new ProvSSLConnection(this.context, this.sslSession));
    }

    @Override // org.bouncycastle.tls.AbstractTlsPeer, org.bouncycastle.tls.TlsPeer
    public void notifySecureRenegotiation(boolean z10) {
        if (!z10 && !PropertyUtils.getBooleanSystemProperty(C0618.m279("STL\u000bO@=NJ@JN\u0002FE=}0:9;B\u0016./()>\f(.-/\f#0/\u001c!\u001e+", (short) (C0605.m250() ^ (-19919))), true)) {
            throw new TlsFatalAlert((short) 40);
        }
    }

    @Override // org.bouncycastle.tls.AbstractTlsServer, org.bouncycastle.tls.TlsServer
    public void processClientExtensions(Hashtable hashtable) {
        Collection<BCSNIMatcher> sNIMatchers;
        ServerNameList serverNameExtension;
        super.processClientExtensions(hashtable);
        if (hashtable == null || (sNIMatchers = this.sslParameters.getSNIMatchers()) == null || sNIMatchers.isEmpty() || (serverNameExtension = TlsExtensionsUtils.getServerNameExtension(hashtable)) == null) {
            return;
        }
        BCSNIServerName findMatchingSNIServerName = JsseUtils.findMatchingSNIServerName(serverNameExtension, sNIMatchers);
        this.matchedSNIServerName = findMatchingSNIServerName;
        if (findMatchingSNIServerName == null) {
            throw new TlsFatalAlert(AlertDescription.unrecognized_name);
        }
    }

    @Override // org.bouncycastle.tls.AbstractTlsServer
    public boolean selectCipherSuite(int i10) {
        if (!selectCredentials(i10)) {
            return false;
        }
        this.manager.getContext().validateNegotiatedCipherSuite(i10);
        return super.selectCipherSuite(i10);
    }

    public boolean selectCredentials(int i10) {
        this.credentials = null;
        int keyExchangeAlgorithm = TlsUtils.getKeyExchangeAlgorithm(i10);
        if (keyExchangeAlgorithm != 1 && keyExchangeAlgorithm != 3 && keyExchangeAlgorithm != 5 && keyExchangeAlgorithm != 7 && keyExchangeAlgorithm != 9) {
            if (keyExchangeAlgorithm != 11) {
                switch (keyExchangeAlgorithm) {
                    case 16:
                    case 17:
                    case 18:
                    case 19:
                        break;
                    case 20:
                        break;
                    default:
                        return false;
                }
            }
            return true;
        }
        X509KeyManager x509KeyManager = this.manager.getContextData().km;
        if (x509KeyManager == null) {
            return false;
        }
        String authTypeServer = JsseUtils.getAuthTypeServer(keyExchangeAlgorithm);
        if (this.keyManagerMissCache.contains(authTypeServer)) {
            return false;
        }
        String chooseServerAlias = x509KeyManager.chooseServerAlias(authTypeServer, null, null);
        if (chooseServerAlias == null) {
            this.keyManagerMissCache.add(authTypeServer);
            return false;
        }
        TlsCrypto crypto = getCrypto();
        if (!(crypto instanceof JcaTlsCrypto)) {
            throw new UnsupportedOperationException();
        }
        PrivateKey privateKey = x509KeyManager.getPrivateKey(chooseServerAlias);
        Certificate certificateMessage = JsseUtils.getCertificateMessage(crypto, x509KeyManager.getCertificateChain(chooseServerAlias));
        if (privateKey == null || !JsseUtils.isUsableKeyForServer(keyExchangeAlgorithm, privateKey) || certificateMessage.isEmpty()) {
            this.keyManagerMissCache.add(authTypeServer);
            return false;
        }
        if (keyExchangeAlgorithm == 1) {
            this.credentials = new JceDefaultTlsCredentialedDecryptor((JcaTlsCrypto) crypto, certificateMessage, privateKey);
            return true;
        }
        if (keyExchangeAlgorithm != 3 && keyExchangeAlgorithm != 5) {
            if (keyExchangeAlgorithm != 7 && keyExchangeAlgorithm != 9) {
                switch (keyExchangeAlgorithm) {
                    case 16:
                    case 18:
                        break;
                    case 17:
                    case 19:
                        break;
                    default:
                        return false;
                }
            }
            this.credentials = new JceDefaultTlsCredentialedAgreement((JcaTlsCrypto) crypto, certificateMessage, privateKey);
            return true;
        }
        this.credentials = new JcaDefaultTlsCredentialedSigner(new TlsCryptoParameters(this.context), (JcaTlsCrypto) crypto, privateKey, certificateMessage, TlsUtils.chooseSignatureAndHashAlgorithm(this.context, this.supportedSignatureAlgorithms, TlsUtils.getSignatureAlgorithm(keyExchangeAlgorithm)));
        return true;
    }

    @Override // org.bouncycastle.tls.AbstractTlsServer
    public int selectCurve(int i10) {
        return this.clientSupportedGroups == null ? selectDefaultCurve(i10) : SupportedGroups.getServerSelectedCurve(this.manager.getContext().isFips(), i10, this.clientSupportedGroups);
    }

    @Override // org.bouncycastle.tls.AbstractTlsServer
    public TlsDHConfig selectDHConfig(int i10) {
        int max = Math.max(i10, provEphemeralDHKeySize);
        return this.clientSupportedGroups == null ? selectDefaultDHConfig(max) : TlsDHUtils.createNamedDHConfig(SupportedGroups.getServerSelectedFiniteField(this.manager.getContext().isFips(), max, this.clientSupportedGroups));
    }

    @Override // org.bouncycastle.tls.AbstractTlsServer
    public int selectDefaultCurve(int i10) {
        return SupportedGroups.getServerDefaultCurve(this.manager.getContext().isFips(), i10);
    }

    @Override // org.bouncycastle.tls.AbstractTlsServer
    public TlsDHConfig selectDefaultDHConfig(int i10) {
        return SupportedGroups.getServerDefaultDHConfig(this.manager.getContext().isFips(), i10);
    }
}
