package org.spongycastle.crypto.tls;

import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.io.OutputStream;
import java.security.SecureRandom;
import java.util.Hashtable;
import java.util.Vector;
import org.spongycastle.crypto.params.AsymmetricKeyParameter;
import org.spongycastle.crypto.tls.DTLSReliableHandshake;
import org.spongycastle.crypto.tls.SessionParameters;
import org.spongycastle.crypto.util.PublicKeyFactory;
import org.spongycastle.util.Arrays;

/* loaded from: classes6.dex */
public class DTLSServerProtocol extends DTLSProtocol {
    protected boolean b;

    /* JADX INFO: Access modifiers changed from: protected */
    /* loaded from: classes6.dex */
    public static class ServerHandshakeState {
        TlsServer a = null;
        TlsServerContextImpl b = null;
        TlsSession c = null;
        SessionParameters d = null;
        SessionParameters.Builder e = null;
        int[] f = null;
        short[] g = null;
        Hashtable h = null;
        Hashtable i = null;
        boolean j = false;
        boolean k = false;
        boolean l = false;
        boolean m = false;
        TlsKeyExchange n = null;
        TlsCredentials o = null;
        CertificateRequest p = null;
        short q = -1;
        Certificate r = null;

        protected ServerHandshakeState() {
        }
    }

    public DTLSServerProtocol(SecureRandom secureRandom) {
        super(secureRandom);
        this.b = true;
    }

    protected DTLSTransport a(ServerHandshakeState serverHandshakeState, DTLSRecordLayer dTLSRecordLayer) throws IOException {
        Certificate a;
        CertificateStatus t;
        SecurityParameters g = serverHandshakeState.b.g();
        DTLSReliableHandshake dTLSReliableHandshake = new DTLSReliableHandshake(serverHandshakeState.b, dTLSRecordLayer);
        DTLSReliableHandshake.Message e = dTLSReliableHandshake.e();
        if (e.c() != 1) {
            throw new TlsFatalAlert((short) 10);
        }
        b(serverHandshakeState, e.a());
        byte[] b = b(serverHandshakeState);
        DTLSProtocol.a(dTLSRecordLayer, g.l);
        ProtocolVersion a2 = serverHandshakeState.b.a();
        dTLSRecordLayer.a(a2);
        dTLSRecordLayer.b(a2);
        dTLSReliableHandshake.a((short) 2, b);
        dTLSReliableHandshake.c();
        Vector m = serverHandshakeState.a.m();
        if (m != null) {
            dTLSReliableHandshake.a((short) 23, DTLSProtocol.a(m));
        }
        serverHandshakeState.n = serverHandshakeState.a.d();
        serverHandshakeState.n.a(serverHandshakeState.b);
        serverHandshakeState.o = serverHandshakeState.a.getCredentials();
        TlsCredentials tlsCredentials = serverHandshakeState.o;
        if (tlsCredentials == null) {
            serverHandshakeState.n.f();
            a = null;
        } else {
            serverHandshakeState.n.b(tlsCredentials);
            a = serverHandshakeState.o.a();
            dTLSReliableHandshake.a((short) 11, DTLSProtocol.a(a));
        }
        if (a == null || a.d()) {
            serverHandshakeState.l = false;
        }
        if (serverHandshakeState.l && (t = serverHandshakeState.a.t()) != null) {
            dTLSReliableHandshake.a((short) 22, a(serverHandshakeState, t));
        }
        byte[] a3 = serverHandshakeState.n.a();
        if (a3 != null) {
            dTLSReliableHandshake.a((short) 12, a3);
        }
        if (serverHandshakeState.o != null) {
            serverHandshakeState.p = serverHandshakeState.a.s();
            if (serverHandshakeState.p != null) {
                if (TlsUtils.c(serverHandshakeState.b) != (serverHandshakeState.p.c() != null)) {
                    throw new TlsFatalAlert((short) 80);
                }
                serverHandshakeState.n.a(serverHandshakeState.p);
                dTLSReliableHandshake.a((short) 13, a(serverHandshakeState, serverHandshakeState.p));
                TlsUtils.a(dTLSReliableHandshake.b(), serverHandshakeState.p.c());
            }
        }
        dTLSReliableHandshake.a((short) 14, TlsUtils.a);
        dTLSReliableHandshake.b().g();
        DTLSReliableHandshake.Message e2 = dTLSReliableHandshake.e();
        if (e2.c() == 23) {
            d(serverHandshakeState, e2.a());
            e2 = dTLSReliableHandshake.e();
        } else {
            serverHandshakeState.a.a((Vector) null);
        }
        if (serverHandshakeState.p == null) {
            serverHandshakeState.n.b();
        } else if (e2.c() == 11) {
            a(serverHandshakeState, e2.a());
            e2 = dTLSReliableHandshake.e();
        } else {
            if (TlsUtils.c(serverHandshakeState.b)) {
                throw new TlsFatalAlert((short) 10);
            }
            a(serverHandshakeState, Certificate.b);
        }
        if (e2.c() != 16) {
            throw new TlsFatalAlert((short) 10);
        }
        c(serverHandshakeState, e2.a());
        TlsHandshakeHash d = dTLSReliableHandshake.d();
        g.i = TlsProtocol.a(serverHandshakeState.b, d, (byte[]) null);
        TlsProtocol.a(serverHandshakeState.b, serverHandshakeState.n);
        dTLSRecordLayer.a(serverHandshakeState.a.e());
        if (a(serverHandshakeState)) {
            a(serverHandshakeState, dTLSReliableHandshake.a((short) 15), d);
        }
        TlsServerContextImpl tlsServerContextImpl = serverHandshakeState.b;
        a(dTLSReliableHandshake.a((short) 20), TlsUtils.a(tlsServerContextImpl, ExporterLabel.a, TlsProtocol.a(tlsServerContextImpl, dTLSReliableHandshake.b(), (byte[]) null)));
        if (serverHandshakeState.m) {
            dTLSReliableHandshake.a((short) 4, a(serverHandshakeState, serverHandshakeState.a.l()));
        }
        TlsServerContextImpl tlsServerContextImpl2 = serverHandshakeState.b;
        dTLSReliableHandshake.a((short) 20, TlsUtils.a(tlsServerContextImpl2, ExporterLabel.b, TlsProtocol.a(tlsServerContextImpl2, dTLSReliableHandshake.b(), (byte[]) null)));
        dTLSReliableHandshake.a();
        serverHandshakeState.a.f();
        return new DTLSTransport(dTLSRecordLayer);
    }

    public DTLSTransport a(TlsServer tlsServer, DatagramTransport datagramTransport) throws IOException {
        if (tlsServer == null) {
            throw new IllegalArgumentException("'server' cannot be null");
        }
        if (datagramTransport == null) {
            throw new IllegalArgumentException("'transport' cannot be null");
        }
        SecurityParameters securityParameters = new SecurityParameters();
        securityParameters.a = 0;
        ServerHandshakeState serverHandshakeState = new ServerHandshakeState();
        serverHandshakeState.a = tlsServer;
        serverHandshakeState.b = new TlsServerContextImpl(this.a, securityParameters);
        securityParameters.h = TlsProtocol.a(tlsServer.g(), serverHandshakeState.b.f());
        tlsServer.a(serverHandshakeState.b);
        DTLSRecordLayer dTLSRecordLayer = new DTLSRecordLayer(datagramTransport, serverHandshakeState.b, tlsServer, (short) 22);
        try {
            try {
                try {
                    return a(serverHandshakeState, dTLSRecordLayer);
                } catch (IOException e) {
                    a(serverHandshakeState, dTLSRecordLayer, (short) 80);
                    throw e;
                }
            } catch (RuntimeException e2) {
                a(serverHandshakeState, dTLSRecordLayer, (short) 80);
                throw new TlsFatalAlert((short) 80, e2);
            } catch (TlsFatalAlert e3) {
                a(serverHandshakeState, dTLSRecordLayer, e3.getAlertDescription());
                throw e3;
            }
        } finally {
            securityParameters.a();
        }
    }

    protected void a(ServerHandshakeState serverHandshakeState, Certificate certificate) throws IOException {
        if (serverHandshakeState.p == null) {
            throw new IllegalStateException();
        }
        if (serverHandshakeState.r != null) {
            throw new TlsFatalAlert((short) 10);
        }
        serverHandshakeState.r = certificate;
        if (certificate.d()) {
            serverHandshakeState.n.b();
        } else {
            serverHandshakeState.q = TlsUtils.a(certificate, serverHandshakeState.o.a());
            serverHandshakeState.n.a(certificate);
        }
        serverHandshakeState.a.a(certificate);
    }

    protected void a(ServerHandshakeState serverHandshakeState, DTLSRecordLayer dTLSRecordLayer, short s) {
        dTLSRecordLayer.a(s);
        c(serverHandshakeState);
    }

    protected void a(ServerHandshakeState serverHandshakeState, byte[] bArr) throws IOException {
        ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(bArr);
        Certificate a = Certificate.a(byteArrayInputStream);
        TlsProtocol.b(byteArrayInputStream);
        a(serverHandshakeState, a);
    }

    protected void a(ServerHandshakeState serverHandshakeState, byte[] bArr, TlsHandshakeHash tlsHandshakeHash) throws IOException {
        byte[] l;
        if (serverHandshakeState.p == null) {
            throw new IllegalStateException();
        }
        ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(bArr);
        TlsServerContextImpl tlsServerContextImpl = serverHandshakeState.b;
        DigitallySigned a = DigitallySigned.a(tlsServerContextImpl, byteArrayInputStream);
        TlsProtocol.b(byteArrayInputStream);
        try {
            SignatureAndHashAlgorithm a2 = a.a();
            if (TlsUtils.c(tlsServerContextImpl)) {
                TlsUtils.a(serverHandshakeState.p.c(), a2);
                l = tlsHandshakeHash.b(a2.a());
            } else {
                l = tlsServerContextImpl.g().l();
            }
            AsymmetricKeyParameter a3 = PublicKeyFactory.a(serverHandshakeState.r.a(0).o());
            TlsSigner c = TlsUtils.c(serverHandshakeState.q);
            c.a(tlsServerContextImpl);
            if (c.a(a2, a.b(), a3, l)) {
            } else {
                throw new TlsFatalAlert((short) 51);
            }
        } catch (TlsFatalAlert e) {
            throw e;
        } catch (Exception e2) {
            throw new TlsFatalAlert((short) 51, e2);
        }
    }

    public void a(boolean z) {
        this.b = z;
    }

    public boolean a() {
        return this.b;
    }

    protected boolean a(ServerHandshakeState serverHandshakeState) {
        short s = serverHandshakeState.q;
        return s >= 0 && TlsUtils.e(s);
    }

    protected byte[] a(ServerHandshakeState serverHandshakeState, CertificateRequest certificateRequest) throws IOException {
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        certificateRequest.a(byteArrayOutputStream);
        return byteArrayOutputStream.toByteArray();
    }

    protected byte[] a(ServerHandshakeState serverHandshakeState, CertificateStatus certificateStatus) throws IOException {
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        certificateStatus.a(byteArrayOutputStream);
        return byteArrayOutputStream.toByteArray();
    }

    protected byte[] a(ServerHandshakeState serverHandshakeState, NewSessionTicket newSessionTicket) throws IOException {
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        newSessionTicket.a(byteArrayOutputStream);
        return byteArrayOutputStream.toByteArray();
    }

    protected void b(ServerHandshakeState serverHandshakeState, byte[] bArr) throws IOException {
        ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(bArr);
        ProtocolVersion i = TlsUtils.i(byteArrayInputStream);
        if (!i.e()) {
            throw new TlsFatalAlert((short) 47);
        }
        byte[] b = TlsUtils.b(32, byteArrayInputStream);
        if (TlsUtils.c(byteArrayInputStream).length > 32) {
            throw new TlsFatalAlert((short) 47);
        }
        TlsUtils.c(byteArrayInputStream);
        int d = TlsUtils.d(byteArrayInputStream);
        if (d < 2 || (d & 1) != 0) {
            throw new TlsFatalAlert((short) 50);
        }
        serverHandshakeState.f = TlsUtils.c(d / 2, byteArrayInputStream);
        short h = TlsUtils.h(byteArrayInputStream);
        if (h < 1) {
            throw new TlsFatalAlert((short) 47);
        }
        serverHandshakeState.g = TlsUtils.d(h, byteArrayInputStream);
        serverHandshakeState.h = TlsProtocol.c(byteArrayInputStream);
        TlsServerContextImpl tlsServerContextImpl = serverHandshakeState.b;
        SecurityParameters g = tlsServerContextImpl.g();
        g.o = TlsExtensionsUtils.k(serverHandshakeState.h);
        tlsServerContextImpl.a(i);
        serverHandshakeState.a.b(i);
        serverHandshakeState.a.b(Arrays.b(serverHandshakeState.f, CipherSuite.Q3));
        g.g = b;
        serverHandshakeState.a.a(serverHandshakeState.f);
        serverHandshakeState.a.a(serverHandshakeState.g);
        if (Arrays.b(serverHandshakeState.f, 255)) {
            serverHandshakeState.k = true;
        }
        byte[] a = TlsUtils.a(serverHandshakeState.h, TlsProtocol.E);
        if (a != null) {
            serverHandshakeState.k = true;
            if (!Arrays.e(a, TlsProtocol.c(TlsUtils.a))) {
                throw new TlsFatalAlert((short) 40);
            }
        }
        serverHandshakeState.a.a(serverHandshakeState.k);
        Hashtable hashtable = serverHandshakeState.h;
        if (hashtable != null) {
            TlsExtensionsUtils.g(hashtable);
            serverHandshakeState.a.b(serverHandshakeState.h);
        }
    }

    protected byte[] b(ServerHandshakeState serverHandshakeState) throws IOException {
        SecurityParameters g = serverHandshakeState.b.g();
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        ProtocolVersion a = serverHandshakeState.a.a();
        if (!a.b(serverHandshakeState.b.b())) {
            throw new TlsFatalAlert((short) 80);
        }
        serverHandshakeState.b.b(a);
        TlsUtils.a(serverHandshakeState.b.a(), byteArrayOutputStream);
        byteArrayOutputStream.write(g.k());
        TlsUtils.c(TlsUtils.a, byteArrayOutputStream);
        int u = serverHandshakeState.a.u();
        if (!Arrays.b(serverHandshakeState.f, u) || u == 0 || CipherSuite.a(u) || !TlsUtils.a(u, serverHandshakeState.b.a())) {
            throw new TlsFatalAlert((short) 80);
        }
        DTLSProtocol.a(u, (short) 80);
        g.b = u;
        short k = serverHandshakeState.a.k();
        if (!Arrays.b(serverHandshakeState.g, k)) {
            throw new TlsFatalAlert((short) 80);
        }
        g.c = k;
        TlsUtils.a(u, (OutputStream) byteArrayOutputStream);
        TlsUtils.a(k, (OutputStream) byteArrayOutputStream);
        serverHandshakeState.i = serverHandshakeState.a.i();
        if (serverHandshakeState.k) {
            if (TlsUtils.a(serverHandshakeState.i, TlsProtocol.E) == null) {
                serverHandshakeState.i = TlsExtensionsUtils.d(serverHandshakeState.i);
                serverHandshakeState.i.put(TlsProtocol.E, TlsProtocol.c(TlsUtils.a));
            }
        }
        if (g.o) {
            serverHandshakeState.i = TlsExtensionsUtils.d(serverHandshakeState.i);
            TlsExtensionsUtils.b(serverHandshakeState.i);
        }
        Hashtable hashtable = serverHandshakeState.i;
        if (hashtable != null) {
            g.n = TlsExtensionsUtils.j(hashtable);
            g.l = DTLSProtocol.a(serverHandshakeState.j, serverHandshakeState.h, serverHandshakeState.i, (short) 80);
            g.m = TlsExtensionsUtils.l(serverHandshakeState.i);
            serverHandshakeState.l = !serverHandshakeState.j && TlsUtils.a(serverHandshakeState.i, TlsExtensionsUtils.g, (short) 80);
            serverHandshakeState.m = !serverHandshakeState.j && TlsUtils.a(serverHandshakeState.i, TlsProtocol.F, (short) 80);
            TlsProtocol.a(byteArrayOutputStream, serverHandshakeState.i);
        }
        g.d = TlsProtocol.a(serverHandshakeState.b, g.b());
        g.e = 12;
        return byteArrayOutputStream.toByteArray();
    }

    protected void c(ServerHandshakeState serverHandshakeState) {
        SessionParameters sessionParameters = serverHandshakeState.d;
        if (sessionParameters != null) {
            sessionParameters.a();
            serverHandshakeState.d = null;
        }
        TlsSession tlsSession = serverHandshakeState.c;
        if (tlsSession != null) {
            tlsSession.b();
            serverHandshakeState.c = null;
        }
    }

    protected void c(ServerHandshakeState serverHandshakeState, byte[] bArr) throws IOException {
        ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(bArr);
        serverHandshakeState.n.b(byteArrayInputStream);
        TlsProtocol.b(byteArrayInputStream);
    }

    protected void d(ServerHandshakeState serverHandshakeState, byte[] bArr) throws IOException {
        serverHandshakeState.a.a(TlsProtocol.d(new ByteArrayInputStream(bArr)));
    }
}
