package org.bouncycastle.crypto.tls;

import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.io.OutputStream;
import java.security.SecureRandom;
import java.util.Hashtable;
import java.util.Vector;
import org.bouncycastle.crypto.params.AsymmetricKeyParameter;
import org.bouncycastle.crypto.tls.DTLSReliableHandshake;
import org.bouncycastle.crypto.tls.SessionParameters;
import org.bouncycastle.crypto.util.PublicKeyFactory;
import org.bouncycastle.util.Arrays;

/* loaded from: classes7.dex */
public class DTLSServerProtocol extends DTLSProtocol {
    public boolean b;

    /* loaded from: classes7.dex */
    public static class ServerHandshakeState {
        public TlsServer a = null;
        public TlsServerContextImpl b = null;
        public TlsSession c = null;
        public SessionParameters d = null;
        public SessionParameters.Builder e = null;
        public int[] f = null;
        public short[] g = null;

        /* renamed from: h, reason: collision with root package name */
        public Hashtable f18517h = null;

        /* renamed from: i, reason: collision with root package name */
        public Hashtable f18518i = null;

        /* renamed from: j, reason: collision with root package name */
        public boolean f18519j = false;

        /* renamed from: k, reason: collision with root package name */
        public boolean f18520k = false;

        /* renamed from: l, reason: collision with root package name */
        public boolean f18521l = false;

        /* renamed from: m, reason: collision with root package name */
        public boolean f18522m = false;

        /* renamed from: n, reason: collision with root package name */
        public TlsKeyExchange f18523n = null;

        /* renamed from: o, reason: collision with root package name */
        public TlsCredentials f18524o = null;

        /* renamed from: p, reason: collision with root package name */
        public CertificateRequest f18525p = null;

        /* renamed from: q, reason: collision with root package name */
        public short f18526q = -1;

        /* renamed from: r, reason: collision with root package name */
        public Certificate f18527r = null;
    }

    public DTLSServerProtocol(SecureRandom secureRandom) {
        super(secureRandom);
        this.b = true;
    }

    public DTLSTransport a(ServerHandshakeState serverHandshakeState, DTLSRecordLayer dTLSRecordLayer) throws IOException {
        Certificate a;
        CertificateStatus u2;
        SecurityParameters g = serverHandshakeState.b.g();
        DTLSReliableHandshake dTLSReliableHandshake = new DTLSReliableHandshake(serverHandshakeState.b, dTLSRecordLayer);
        DTLSReliableHandshake.Message e = dTLSReliableHandshake.e();
        if (e.c() != 1) {
            throw new TlsFatalAlert((short) 10);
        }
        b(serverHandshakeState, e.a());
        byte[] b = b(serverHandshakeState);
        DTLSProtocol.a(dTLSRecordLayer, g.f18643l);
        ProtocolVersion a2 = serverHandshakeState.b.a();
        dTLSRecordLayer.a(a2);
        dTLSRecordLayer.b(a2);
        dTLSReliableHandshake.a((short) 2, b);
        dTLSReliableHandshake.c();
        Vector n2 = serverHandshakeState.a.n();
        if (n2 != null) {
            dTLSReliableHandshake.a((short) 23, DTLSProtocol.a(n2));
        }
        serverHandshakeState.f18523n = serverHandshakeState.a.e();
        serverHandshakeState.f18523n.a(serverHandshakeState.b);
        serverHandshakeState.f18524o = serverHandshakeState.a.c();
        TlsCredentials tlsCredentials = serverHandshakeState.f18524o;
        if (tlsCredentials == null) {
            serverHandshakeState.f18523n.f();
            a = null;
        } else {
            serverHandshakeState.f18523n.a(tlsCredentials);
            a = serverHandshakeState.f18524o.a();
            dTLSReliableHandshake.a((short) 11, DTLSProtocol.a(a));
        }
        if (a == null || a.d()) {
            serverHandshakeState.f18521l = false;
        }
        if (serverHandshakeState.f18521l && (u2 = serverHandshakeState.a.u()) != null) {
            dTLSReliableHandshake.a((short) 22, a(serverHandshakeState, u2));
        }
        byte[] a3 = serverHandshakeState.f18523n.a();
        if (a3 != null) {
            dTLSReliableHandshake.a((short) 12, a3);
        }
        if (serverHandshakeState.f18524o != null) {
            serverHandshakeState.f18525p = serverHandshakeState.a.t();
            if (serverHandshakeState.f18525p != null) {
                if (TlsUtils.c(serverHandshakeState.b) != (serverHandshakeState.f18525p.c() != null)) {
                    throw new TlsFatalAlert((short) 80);
                }
                serverHandshakeState.f18523n.a(serverHandshakeState.f18525p);
                dTLSReliableHandshake.a((short) 13, a(serverHandshakeState, serverHandshakeState.f18525p));
                TlsUtils.a(dTLSReliableHandshake.b(), serverHandshakeState.f18525p.c());
            }
        }
        dTLSReliableHandshake.a((short) 14, TlsUtils.a);
        dTLSReliableHandshake.b().g();
        DTLSReliableHandshake.Message e2 = dTLSReliableHandshake.e();
        if (e2.c() == 23) {
            d(serverHandshakeState, e2.a());
            e2 = dTLSReliableHandshake.e();
        } else {
            serverHandshakeState.a.a((Vector) null);
        }
        if (serverHandshakeState.f18525p == null) {
            serverHandshakeState.f18523n.b();
        } else if (e2.c() == 11) {
            a(serverHandshakeState, e2.a());
            e2 = dTLSReliableHandshake.e();
        } else {
            if (TlsUtils.c(serverHandshakeState.b)) {
                throw new TlsFatalAlert((short) 10);
            }
            a(serverHandshakeState, Certificate.b);
        }
        if (e2.c() != 16) {
            throw new TlsFatalAlert((short) 10);
        }
        c(serverHandshakeState, e2.a());
        TlsHandshakeHash d = dTLSReliableHandshake.d();
        g.f18640i = TlsProtocol.a(serverHandshakeState.b, d, (byte[]) null);
        TlsProtocol.a(serverHandshakeState.b, serverHandshakeState.f18523n);
        dTLSRecordLayer.a(serverHandshakeState.a.f());
        if (a(serverHandshakeState)) {
            a(serverHandshakeState, dTLSReliableHandshake.a((short) 15), d);
        }
        TlsServerContextImpl tlsServerContextImpl = serverHandshakeState.b;
        a(dTLSReliableHandshake.a((short) 20), TlsUtils.a(tlsServerContextImpl, ExporterLabel.a, TlsProtocol.a(tlsServerContextImpl, dTLSReliableHandshake.b(), (byte[]) null)));
        if (serverHandshakeState.f18522m) {
            dTLSReliableHandshake.a((short) 4, a(serverHandshakeState, serverHandshakeState.a.m()));
        }
        TlsServerContextImpl tlsServerContextImpl2 = serverHandshakeState.b;
        dTLSReliableHandshake.a((short) 20, TlsUtils.a(tlsServerContextImpl2, ExporterLabel.b, TlsProtocol.a(tlsServerContextImpl2, dTLSReliableHandshake.b(), (byte[]) null)));
        dTLSReliableHandshake.a();
        serverHandshakeState.a.g();
        return new DTLSTransport(dTLSRecordLayer);
    }

    public DTLSTransport a(TlsServer tlsServer, DatagramTransport datagramTransport) throws IOException {
        if (tlsServer == null) {
            throw new IllegalArgumentException("'server' cannot be null");
        }
        if (datagramTransport == null) {
            throw new IllegalArgumentException("'transport' cannot be null");
        }
        SecurityParameters securityParameters = new SecurityParameters();
        securityParameters.a = 0;
        ServerHandshakeState serverHandshakeState = new ServerHandshakeState();
        serverHandshakeState.a = tlsServer;
        serverHandshakeState.b = new TlsServerContextImpl(this.a, securityParameters);
        securityParameters.f18639h = TlsProtocol.a(tlsServer.h(), serverHandshakeState.b.f());
        tlsServer.a(serverHandshakeState.b);
        DTLSRecordLayer dTLSRecordLayer = new DTLSRecordLayer(datagramTransport, serverHandshakeState.b, tlsServer, (short) 22);
        try {
            try {
                try {
                    return a(serverHandshakeState, dTLSRecordLayer);
                } catch (IOException e) {
                    a(serverHandshakeState, dTLSRecordLayer, (short) 80);
                    throw e;
                }
            } catch (RuntimeException e2) {
                a(serverHandshakeState, dTLSRecordLayer, (short) 80);
                throw new TlsFatalAlert((short) 80, e2);
            } catch (TlsFatalAlert e3) {
                a(serverHandshakeState, dTLSRecordLayer, e3.a());
                throw e3;
            }
        } finally {
            securityParameters.a();
        }
    }

    public void a(ServerHandshakeState serverHandshakeState, Certificate certificate) throws IOException {
        if (serverHandshakeState.f18525p == null) {
            throw new IllegalStateException();
        }
        if (serverHandshakeState.f18527r != null) {
            throw new TlsFatalAlert((short) 10);
        }
        serverHandshakeState.f18527r = certificate;
        if (certificate.d()) {
            serverHandshakeState.f18523n.b();
        } else {
            serverHandshakeState.f18526q = TlsUtils.a(certificate, serverHandshakeState.f18524o.a());
            serverHandshakeState.f18523n.a(certificate);
        }
        serverHandshakeState.a.a(certificate);
    }

    public void a(ServerHandshakeState serverHandshakeState, DTLSRecordLayer dTLSRecordLayer, short s2) {
        dTLSRecordLayer.a(s2);
        c(serverHandshakeState);
    }

    public void a(ServerHandshakeState serverHandshakeState, byte[] bArr) throws IOException {
        ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(bArr);
        Certificate a = Certificate.a(byteArrayInputStream);
        TlsProtocol.b(byteArrayInputStream);
        a(serverHandshakeState, a);
    }

    public void a(ServerHandshakeState serverHandshakeState, byte[] bArr, TlsHandshakeHash tlsHandshakeHash) throws IOException {
        byte[] l2;
        if (serverHandshakeState.f18525p == null) {
            throw new IllegalStateException();
        }
        ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(bArr);
        TlsServerContextImpl tlsServerContextImpl = serverHandshakeState.b;
        DigitallySigned a = DigitallySigned.a(tlsServerContextImpl, byteArrayInputStream);
        TlsProtocol.b(byteArrayInputStream);
        try {
            SignatureAndHashAlgorithm a2 = a.a();
            if (TlsUtils.c(tlsServerContextImpl)) {
                TlsUtils.a(serverHandshakeState.f18525p.c(), a2);
                l2 = tlsHandshakeHash.b(a2.a());
            } else {
                l2 = tlsServerContextImpl.g().l();
            }
            AsymmetricKeyParameter a3 = PublicKeyFactory.a(serverHandshakeState.f18527r.a(0).o());
            TlsSigner c = TlsUtils.c(serverHandshakeState.f18526q);
            c.a(tlsServerContextImpl);
            if (c.a(a2, a.b(), a3, l2)) {
            } else {
                throw new TlsFatalAlert((short) 51);
            }
        } catch (TlsFatalAlert e) {
            throw e;
        } catch (Exception e2) {
            throw new TlsFatalAlert((short) 51, e2);
        }
    }

    public void a(boolean z2) {
        this.b = z2;
    }

    public boolean a() {
        return this.b;
    }

    public boolean a(ServerHandshakeState serverHandshakeState) {
        short s2 = serverHandshakeState.f18526q;
        return s2 >= 0 && TlsUtils.e(s2);
    }

    public byte[] a(ServerHandshakeState serverHandshakeState, CertificateRequest certificateRequest) throws IOException {
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        certificateRequest.a(byteArrayOutputStream);
        return byteArrayOutputStream.toByteArray();
    }

    public byte[] a(ServerHandshakeState serverHandshakeState, CertificateStatus certificateStatus) throws IOException {
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        certificateStatus.a(byteArrayOutputStream);
        return byteArrayOutputStream.toByteArray();
    }

    public byte[] a(ServerHandshakeState serverHandshakeState, NewSessionTicket newSessionTicket) throws IOException {
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        newSessionTicket.a(byteArrayOutputStream);
        return byteArrayOutputStream.toByteArray();
    }

    public void b(ServerHandshakeState serverHandshakeState, byte[] bArr) throws IOException {
        ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(bArr);
        ProtocolVersion i2 = TlsUtils.i(byteArrayInputStream);
        if (!i2.e()) {
            throw new TlsFatalAlert((short) 47);
        }
        byte[] b = TlsUtils.b(32, byteArrayInputStream);
        if (TlsUtils.c(byteArrayInputStream).length > 32) {
            throw new TlsFatalAlert((short) 47);
        }
        TlsUtils.c(byteArrayInputStream);
        int d = TlsUtils.d(byteArrayInputStream);
        if (d < 2 || (d & 1) != 0) {
            throw new TlsFatalAlert((short) 50);
        }
        serverHandshakeState.f = TlsUtils.c(d / 2, byteArrayInputStream);
        short h2 = TlsUtils.h(byteArrayInputStream);
        if (h2 < 1) {
            throw new TlsFatalAlert((short) 47);
        }
        serverHandshakeState.g = TlsUtils.d(h2, byteArrayInputStream);
        serverHandshakeState.f18517h = TlsProtocol.c(byteArrayInputStream);
        TlsServerContextImpl tlsServerContextImpl = serverHandshakeState.b;
        SecurityParameters g = tlsServerContextImpl.g();
        g.f18646o = TlsExtensionsUtils.k(serverHandshakeState.f18517h);
        tlsServerContextImpl.a(i2);
        serverHandshakeState.a.b(i2);
        serverHandshakeState.a.b(Arrays.b(serverHandshakeState.f, CipherSuite.Q3));
        g.g = b;
        serverHandshakeState.a.a(serverHandshakeState.f);
        serverHandshakeState.a.a(serverHandshakeState.g);
        if (Arrays.b(serverHandshakeState.f, 255)) {
            serverHandshakeState.f18520k = true;
        }
        byte[] a = TlsUtils.a(serverHandshakeState.f18517h, TlsProtocol.E);
        if (a != null) {
            serverHandshakeState.f18520k = true;
            if (!Arrays.e(a, TlsProtocol.b(TlsUtils.a))) {
                throw new TlsFatalAlert((short) 40);
            }
        }
        serverHandshakeState.a.a(serverHandshakeState.f18520k);
        Hashtable hashtable = serverHandshakeState.f18517h;
        if (hashtable != null) {
            TlsExtensionsUtils.g(hashtable);
            serverHandshakeState.a.b(serverHandshakeState.f18517h);
        }
    }

    public byte[] b(ServerHandshakeState serverHandshakeState) throws IOException {
        SecurityParameters g = serverHandshakeState.b.g();
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        ProtocolVersion a = serverHandshakeState.a.a();
        if (!a.b(serverHandshakeState.b.b())) {
            throw new TlsFatalAlert((short) 80);
        }
        serverHandshakeState.b.b(a);
        TlsUtils.a(serverHandshakeState.b.a(), byteArrayOutputStream);
        byteArrayOutputStream.write(g.k());
        TlsUtils.c(TlsUtils.a, byteArrayOutputStream);
        int v2 = serverHandshakeState.a.v();
        if (!Arrays.b(serverHandshakeState.f, v2) || v2 == 0 || CipherSuite.a(v2) || !TlsUtils.a(v2, serverHandshakeState.b.a())) {
            throw new TlsFatalAlert((short) 80);
        }
        DTLSProtocol.a(v2, (short) 80);
        g.b = v2;
        short l2 = serverHandshakeState.a.l();
        if (!Arrays.b(serverHandshakeState.g, l2)) {
            throw new TlsFatalAlert((short) 80);
        }
        g.c = l2;
        TlsUtils.a(v2, (OutputStream) byteArrayOutputStream);
        TlsUtils.a(l2, (OutputStream) byteArrayOutputStream);
        serverHandshakeState.f18518i = serverHandshakeState.a.j();
        if (serverHandshakeState.f18520k) {
            if (TlsUtils.a(serverHandshakeState.f18518i, TlsProtocol.E) == null) {
                serverHandshakeState.f18518i = TlsExtensionsUtils.d(serverHandshakeState.f18518i);
                serverHandshakeState.f18518i.put(TlsProtocol.E, TlsProtocol.b(TlsUtils.a));
            }
        }
        if (g.f18646o) {
            serverHandshakeState.f18518i = TlsExtensionsUtils.d(serverHandshakeState.f18518i);
            TlsExtensionsUtils.b(serverHandshakeState.f18518i);
        }
        Hashtable hashtable = serverHandshakeState.f18518i;
        if (hashtable != null) {
            g.f18645n = TlsExtensionsUtils.j(hashtable);
            g.f18643l = DTLSProtocol.a(serverHandshakeState.f18519j, serverHandshakeState.f18517h, serverHandshakeState.f18518i, (short) 80);
            g.f18644m = TlsExtensionsUtils.l(serverHandshakeState.f18518i);
            serverHandshakeState.f18521l = !serverHandshakeState.f18519j && TlsUtils.a(serverHandshakeState.f18518i, TlsExtensionsUtils.g, (short) 80);
            serverHandshakeState.f18522m = !serverHandshakeState.f18519j && TlsUtils.a(serverHandshakeState.f18518i, TlsProtocol.F, (short) 80);
            TlsProtocol.a(byteArrayOutputStream, serverHandshakeState.f18518i);
        }
        g.d = TlsProtocol.a(serverHandshakeState.b, g.b());
        g.e = 12;
        return byteArrayOutputStream.toByteArray();
    }

    public void c(ServerHandshakeState serverHandshakeState) {
        SessionParameters sessionParameters = serverHandshakeState.d;
        if (sessionParameters != null) {
            sessionParameters.a();
            serverHandshakeState.d = null;
        }
        TlsSession tlsSession = serverHandshakeState.c;
        if (tlsSession != null) {
            tlsSession.invalidate();
            serverHandshakeState.c = null;
        }
    }

    public void c(ServerHandshakeState serverHandshakeState, byte[] bArr) throws IOException {
        ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(bArr);
        serverHandshakeState.f18523n.b(byteArrayInputStream);
        TlsProtocol.b(byteArrayInputStream);
    }

    public void d(ServerHandshakeState serverHandshakeState, byte[] bArr) throws IOException {
        serverHandshakeState.a.a(TlsProtocol.d(new ByteArrayInputStream(bArr)));
    }
}
