package org.bouncycastle.tls;

import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.util.Hashtable;
import java.util.Vector;
import org.bouncycastle.tls.Certificate;
import org.bouncycastle.tls.crypto.TlsAgreement;
import org.bouncycastle.tls.crypto.TlsCrypto;
import org.bouncycastle.tls.crypto.TlsDHConfig;
import org.bouncycastle.tls.crypto.TlsECConfig;
import org.bouncycastle.util.Arrays;

/* loaded from: classes6.dex */
public class TlsServerProtocol extends TlsProtocol {
    protected CertificateRequest certificateRequest;
    protected TlsKeyExchange keyExchange;
    protected int[] offeredCipherSuites;
    protected TlsServer tlsServer;
    TlsServerContextImpl tlsServerContext;

    public TlsServerProtocol() {
        this.tlsServer = null;
        this.tlsServerContext = null;
        this.offeredCipherSuites = null;
        this.keyExchange = null;
        this.certificateRequest = null;
    }

    public TlsServerProtocol(InputStream inputStream, OutputStream outputStream) {
        super(inputStream, outputStream);
        this.tlsServer = null;
        this.tlsServerContext = null;
        this.offeredCipherSuites = null;
        this.keyExchange = null;
        this.certificateRequest = null;
    }

    public void accept(TlsServer tlsServer) throws IOException {
        if (tlsServer == null) {
            throw new IllegalArgumentException("'tlsServer' cannot be null");
        }
        if (this.tlsServer != null) {
            throw new IllegalStateException("'accept' can only be called once");
        }
        this.tlsServer = tlsServer;
        TlsServerContextImpl tlsServerContextImpl = new TlsServerContextImpl(tlsServer.getCrypto());
        this.tlsServerContext = tlsServerContextImpl;
        tlsServer.init(tlsServerContextImpl);
        tlsServer.notifyCloseHandle(this);
        beginHandshake();
        if (this.blocking) {
            blockForHandshake();
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.bouncycastle.tls.TlsProtocol
    public void cleanupHandshake() {
        super.cleanupHandshake();
        this.offeredCipherSuites = null;
        this.keyExchange = null;
        this.certificateRequest = null;
    }

    protected boolean expectCertificateVerifyMessage() {
        Certificate peerCertificate;
        if (this.certificateRequest == null || (peerCertificate = this.tlsServerContext.getSecurityParametersHandshake().getPeerCertificate()) == null || peerCertificate.isEmpty()) {
            return false;
        }
        TlsKeyExchange tlsKeyExchange = this.keyExchange;
        return tlsKeyExchange == null || tlsKeyExchange.requiresCertificateVerify();
    }

    protected ServerHello generate13HelloRetryRequest(ClientHello clientHello) throws IOException {
        if (this.retryGroup < 0) {
            throw new TlsFatalAlert((short) 80);
        }
        SecurityParameters securityParametersHandshake = this.tlsServerContext.getSecurityParametersHandshake();
        ProtocolVersion negotiatedVersion = securityParametersHandshake.getNegotiatedVersion();
        Hashtable hashtable = new Hashtable();
        TlsExtensionsUtils.addSupportedVersionsExtensionServer(hashtable, negotiatedVersion);
        int i = this.retryGroup;
        if (i >= 0) {
            TlsExtensionsUtils.addKeyShareHelloRetryRequest(hashtable, i);
        }
        byte[] bArr = this.retryCookie;
        if (bArr != null) {
            TlsExtensionsUtils.addCookieExtension(hashtable, bArr);
        }
        TlsUtils.checkExtensionData13(hashtable, 6, (short) 80);
        return new ServerHello(clientHello.getSessionID(), securityParametersHandshake.getCipherSuite(), hashtable);
    }

    protected ServerHello generate13ServerHello(ClientHello clientHello, boolean z) throws IOException {
        KeyShareEntry keyShareEntry;
        TlsAgreement createDH;
        SecurityParameters securityParametersHandshake = this.tlsServerContext.getSecurityParametersHandshake();
        byte[] sessionID = clientHello.getSessionID();
        Hashtable extensions = clientHello.getExtensions();
        if (extensions == null) {
            throw new TlsFatalAlert((short) 109);
        }
        ProtocolVersion negotiatedVersion = securityParametersHandshake.getNegotiatedVersion();
        TlsCrypto crypto = this.tlsServerContext.getCrypto();
        Vector keyShareClientHello = TlsExtensionsUtils.getKeyShareClientHello(extensions);
        if (!z) {
            this.clientExtensions = extensions;
            securityParametersHandshake.secureRenegotiation = false;
            TlsExtensionsUtils.getPaddingExtension(extensions);
            securityParametersHandshake.clientServerNames = TlsExtensionsUtils.getServerNameExtensionClient(extensions);
            TlsUtils.establishClientSigAlgs(securityParametersHandshake, extensions);
            if (securityParametersHandshake.getClientSigAlgs() == null) {
                throw new TlsFatalAlert((short) 109);
            }
            this.tlsServer.processClientExtensions(extensions);
            TlsSession importSession = TlsUtils.importSession(TlsUtils.EMPTY_BYTES, null);
            this.tlsSession = importSession;
            this.sessionParameters = null;
            this.sessionMasterSecret = null;
            securityParametersHandshake.sessionID = importSession.getSessionID();
            this.tlsServer.notifySession(this.tlsSession);
            TlsUtils.negotiatedVersionTLSServer(this.tlsServerContext);
            securityParametersHandshake.serverRandom = TlsProtocol.createRandomBlock(false, this.tlsServerContext);
            if (!negotiatedVersion.equals(ProtocolVersion.getLatestTLS(this.tlsServer.getProtocolVersions()))) {
                TlsUtils.writeDowngradeMarker(negotiatedVersion, securityParametersHandshake.getServerRandom());
            }
            int selectedCipherSuite = this.tlsServer.getSelectedCipherSuite();
            if (!TlsUtils.isValidCipherSuiteSelection(this.offeredCipherSuites, selectedCipherSuite) || !TlsUtils.isValidVersionForCipherSuite(selectedCipherSuite, negotiatedVersion)) {
                throw new TlsFatalAlert((short) 80);
            }
            TlsUtils.negotiatedCipherSuite(securityParametersHandshake, selectedCipherSuite);
            int[] clientSupportedGroups = securityParametersHandshake.getClientSupportedGroups();
            int[] serverSupportedGroups = securityParametersHandshake.getServerSupportedGroups();
            KeyShareEntry selectKeyShare = TlsUtils.selectKeyShare(crypto, negotiatedVersion, keyShareClientHello, clientSupportedGroups, serverSupportedGroups);
            if (selectKeyShare == null) {
                int selectKeyShareGroup = TlsUtils.selectKeyShareGroup(crypto, negotiatedVersion, clientSupportedGroups, serverSupportedGroups);
                this.retryGroup = selectKeyShareGroup;
                if (selectKeyShareGroup < 0) {
                    throw new TlsFatalAlert((short) 40);
                }
                this.retryCookie = this.tlsServerContext.getNonceGenerator().generateNonce(16);
                return generate13HelloRetryRequest(clientHello);
            }
            selectKeyShare.getNamedGroup();
            int i = serverSupportedGroups[0];
            keyShareEntry = selectKeyShare;
        } else {
            if (this.retryGroup < 0) {
                throw new TlsFatalAlert((short) 80);
            }
            if (!Arrays.areEqual(this.retryCookie, TlsExtensionsUtils.getCookieExtension(extensions))) {
                throw new TlsFatalAlert((short) 47);
            }
            this.retryCookie = null;
            keyShareEntry = TlsUtils.selectKeyShare(keyShareClientHello, this.retryGroup);
            if (keyShareEntry == null) {
                throw new TlsFatalAlert((short) 47);
            }
        }
        Hashtable hashtable = new Hashtable();
        Hashtable ensureExtensionsInitialised = TlsExtensionsUtils.ensureExtensionsInitialised(this.tlsServer.getServerExtensions());
        this.tlsServer.getServerExtensionsForConnection(ensureExtensionsInitialised);
        ProtocolVersion protocolVersion = ProtocolVersion.TLSv12;
        TlsExtensionsUtils.addSupportedVersionsExtensionServer(hashtable, negotiatedVersion);
        securityParametersHandshake.extendedMasterSecret = true;
        securityParametersHandshake.applicationProtocol = TlsExtensionsUtils.getALPNExtensionServer(ensureExtensionsInitialised);
        securityParametersHandshake.applicationProtocolSet = true;
        if (!ensureExtensionsInitialised.isEmpty()) {
            securityParametersHandshake.maxFragmentLength = processMaxFragmentLengthExtension(extensions, ensureExtensionsInitialised, (short) 80);
        }
        securityParametersHandshake.encryptThenMAC = false;
        securityParametersHandshake.truncatedHMac = false;
        securityParametersHandshake.statusRequestVersion = extensions.containsKey(TlsExtensionsUtils.EXT_status_request) ? 1 : 0;
        this.expectSessionTicket = false;
        int namedGroup = keyShareEntry.getNamedGroup();
        if (NamedGroup.refersToASpecificCurve(namedGroup)) {
            createDH = crypto.createECDomain(new TlsECConfig(namedGroup)).createECDH();
        } else {
            if (!NamedGroup.refersToASpecificFiniteField(namedGroup)) {
                throw new TlsFatalAlert((short) 80);
            }
            createDH = crypto.createDHDomain(new TlsDHConfig(namedGroup, true)).createDH();
        }
        TlsExtensionsUtils.addKeyShareServerHello(hashtable, new KeyShareEntry(namedGroup, createDH.generateEphemeral()));
        createDH.receivePeerValue(keyShareEntry.getKeyExchange());
        securityParametersHandshake.sharedSecret = createDH.calculateSecret();
        TlsUtils.establish13PhaseSecrets(this.tlsServerContext);
        this.serverExtensions = ensureExtensionsInitialised;
        applyMaxFragmentLengthExtension(securityParametersHandshake.getMaxFragmentLength());
        TlsUtils.checkExtensionData13(hashtable, 2, (short) 80);
        return new ServerHello(protocolVersion, securityParametersHandshake.getServerRandom(), sessionID, securityParametersHandshake.getCipherSuite(), hashtable);
    }

    /* JADX WARN: Removed duplicated region for block: B:69:0x024a  */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    protected org.bouncycastle.tls.ServerHello generateServerHello(org.bouncycastle.tls.ClientHello r12) throws java.io.IOException {
        /*
            Method dump skipped, instructions count: 716
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: org.bouncycastle.tls.TlsServerProtocol.generateServerHello(org.bouncycastle.tls.ClientHello):org.bouncycastle.tls.ServerHello");
    }

    @Override // org.bouncycastle.tls.TlsProtocol
    protected TlsContext getContext() {
        return this.tlsServerContext;
    }

    @Override // org.bouncycastle.tls.TlsProtocol
    AbstractTlsContext getContextAdmin() {
        return this.tlsServerContext;
    }

    @Override // org.bouncycastle.tls.TlsProtocol
    protected TlsPeer getPeer() {
        return this.tlsServer;
    }

    protected void handle13HandshakeMessage(short s, HandshakeMessageInput handshakeMessageInput) throws IOException {
        if (!isTLSv13ConnectionState()) {
            throw new TlsFatalAlert((short) 80);
        }
        if (this.resumedSession) {
            throw new TlsFatalAlert((short) 80);
        }
        if (s == 1) {
            short s2 = this.connection_state;
            if (s2 == 0) {
                throw new TlsFatalAlert((short) 80);
            }
            if (s2 != 2) {
                throw new TlsFatalAlert((short) 10);
            }
            ClientHello receiveClientHelloMessage = receiveClientHelloMessage(handshakeMessageInput);
            handshakeMessageInput.updateHash(this.handshakeHash);
            this.connection_state = (short) 3;
            ServerHello generate13ServerHello = generate13ServerHello(receiveClientHelloMessage, true);
            sendServerHelloMessage(generate13ServerHello);
            this.connection_state = (short) 4;
            send13ServerHelloCoda(generate13ServerHello, true);
            return;
        }
        if (s == 11) {
            if (this.connection_state != 20) {
                throw new TlsFatalAlert((short) 10);
            }
            receive13ClientCertificate(handshakeMessageInput);
            this.connection_state = (short) 15;
            return;
        }
        if (s == 15) {
            if (this.connection_state != 15) {
                throw new TlsFatalAlert((short) 10);
            }
            receive13ClientCertificateVerify(handshakeMessageInput);
            handshakeMessageInput.updateHash(this.handshakeHash);
            this.connection_state = (short) 17;
            return;
        }
        if (s != 20) {
            if (s != 24) {
                throw new TlsFatalAlert((short) 10);
            }
            receive13KeyUpdate(handshakeMessageInput);
            return;
        }
        short s3 = this.connection_state;
        if (s3 != 15) {
            if (s3 != 17) {
                if (s3 != 20) {
                    throw new TlsFatalAlert((short) 10);
                }
                skip13ClientCertificate();
            }
            receive13ClientFinished(handshakeMessageInput);
            this.connection_state = (short) 18;
            this.recordStream.setIgnoreChangeCipherSpec(false);
            this.recordStream.enablePendingCipherRead(false);
            completeHandshake();
        }
        skip13ClientCertificateVerify();
        receive13ClientFinished(handshakeMessageInput);
        this.connection_state = (short) 18;
        this.recordStream.setIgnoreChangeCipherSpec(false);
        this.recordStream.enablePendingCipherRead(false);
        completeHandshake();
    }

    /* JADX INFO: Access modifiers changed from: protected */
    /* JADX WARN: Code restructure failed: missing block: B:10:0x0018, code lost:
    
        if (r0 != 14) goto L16;
     */
    @Override // org.bouncycastle.tls.TlsProtocol
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public void handleAlertWarningMessage(short r3) throws java.io.IOException {
        /*
            r2 = this;
            r0 = 41
            if (r0 != r3) goto L2b
            org.bouncycastle.tls.CertificateRequest r0 = r2.certificateRequest
            if (r0 == 0) goto L2b
            org.bouncycastle.tls.TlsServerContextImpl r0 = r2.tlsServerContext
            boolean r0 = org.bouncycastle.tls.TlsUtils.isSSL(r0)
            if (r0 == 0) goto L2b
            short r0 = r2.connection_state
            r1 = 12
            if (r0 == r1) goto L1b
            r1 = 14
            if (r0 == r1) goto L21
            goto L2b
        L1b:
            org.bouncycastle.tls.TlsServer r3 = r2.tlsServer
            r0 = 0
            r3.processClientSupplementalData(r0)
        L21:
            org.bouncycastle.tls.Certificate r3 = org.bouncycastle.tls.Certificate.EMPTY_CHAIN
            r2.notifyClientCertificate(r3)
            r3 = 15
            r2.connection_state = r3
            return
        L2b:
            super.handleAlertWarningMessage(r3)
            return
        */
        throw new UnsupportedOperationException("Method not decompiled: org.bouncycastle.tls.TlsServerProtocol.handleAlertWarningMessage(short):void");
    }

    @Override // org.bouncycastle.tls.TlsProtocol
    protected void handleHandshakeMessage(short s, HandshakeMessageInput handshakeMessageInput) throws IOException {
        CertificateStatus certificateStatus;
        SecurityParameters securityParameters = this.tlsServerContext.getSecurityParameters();
        if (this.connection_state > 1 && TlsUtils.isTLSv13(securityParameters.getNegotiatedVersion())) {
            handle13HandshakeMessage(s, handshakeMessageInput);
            return;
        }
        if (!isLegacyConnectionState()) {
            throw new TlsFatalAlert((short) 80);
        }
        if (this.resumedSession) {
            if (s != 20 || this.connection_state != 20) {
                throw new TlsFatalAlert((short) 10);
            }
            processFinishedMessage(handshakeMessageInput);
            this.connection_state = (short) 18;
            completeHandshake();
            return;
        }
        Certificate certificate = null;
        if (s != 1) {
            if (s == 11) {
                short s2 = this.connection_state;
                if (s2 == 12) {
                    this.tlsServer.processClientSupplementalData(null);
                } else if (s2 != 14) {
                    throw new TlsFatalAlert((short) 10);
                }
                if (this.certificateRequest == null) {
                    throw new TlsFatalAlert((short) 10);
                }
                receiveCertificateMessage(handshakeMessageInput);
                this.connection_state = (short) 15;
                return;
            }
            if (s == 20) {
                short s3 = this.connection_state;
                if (s3 != 16) {
                    if (s3 != 17) {
                        throw new TlsFatalAlert((short) 10);
                    }
                } else if (expectCertificateVerifyMessage()) {
                    throw new TlsFatalAlert((short) 10);
                }
                processFinishedMessage(handshakeMessageInput);
                handshakeMessageInput.updateHash(this.handshakeHash);
                this.connection_state = (short) 18;
                if (this.expectSessionTicket) {
                    sendNewSessionTicketMessage(this.tlsServer.getNewSessionTicket());
                    this.connection_state = (short) 19;
                }
                sendChangeCipherSpec();
                sendFinishedMessage();
                this.connection_state = (short) 20;
                completeHandshake();
                return;
            }
            if (s == 23) {
                if (this.connection_state != 12) {
                    throw new TlsFatalAlert((short) 10);
                }
                this.tlsServer.processClientSupplementalData(TlsProtocol.readSupplementalDataMessage(handshakeMessageInput));
                this.connection_state = (short) 14;
                return;
            }
            if (s == 15) {
                if (this.connection_state != 16) {
                    throw new TlsFatalAlert((short) 10);
                }
                if (!expectCertificateVerifyMessage()) {
                    throw new TlsFatalAlert((short) 10);
                }
                receiveCertificateVerifyMessage(handshakeMessageInput);
                handshakeMessageInput.updateHash(this.handshakeHash);
                this.connection_state = (short) 17;
                return;
            }
            if (s != 16) {
                throw new TlsFatalAlert((short) 10);
            }
            short s4 = this.connection_state;
            if (s4 == 12) {
                this.tlsServer.processClientSupplementalData(null);
            } else if (s4 != 14) {
                if (s4 != 15) {
                    throw new TlsFatalAlert((short) 10);
                }
                receiveClientKeyExchangeMessage(handshakeMessageInput);
                this.connection_state = (short) 16;
                return;
            }
            if (this.certificateRequest == null) {
                this.keyExchange.skipClientCredentials();
            } else {
                if (TlsUtils.isTLSv12(this.tlsServerContext)) {
                    throw new TlsFatalAlert((short) 10);
                }
                if (TlsUtils.isSSL(this.tlsServerContext)) {
                    throw new TlsFatalAlert((short) 10);
                }
                notifyClientCertificate(Certificate.EMPTY_CHAIN);
            }
            receiveClientKeyExchangeMessage(handshakeMessageInput);
            this.connection_state = (short) 16;
            return;
        }
        if (isApplicationDataReady()) {
            refuseRenegotiation();
            return;
        }
        short s5 = this.connection_state;
        if (s5 != 0) {
            if (s5 == 21) {
                throw new TlsFatalAlert((short) 80);
            }
            throw new TlsFatalAlert((short) 10);
        }
        ClientHello receiveClientHelloMessage = receiveClientHelloMessage(handshakeMessageInput);
        handshakeMessageInput.updateHash(this.handshakeHash);
        this.connection_state = (short) 1;
        ServerHello generateServerHello = generateServerHello(receiveClientHelloMessage);
        this.handshakeHash.notifyPRFDetermined();
        if (TlsUtils.isTLSv13(securityParameters.getNegotiatedVersion())) {
            if (generateServerHello.isHelloRetryRequest()) {
                TlsUtils.adjustTranscriptForRetry(this.handshakeHash);
                sendServerHelloMessage(generateServerHello);
                this.connection_state = (short) 2;
                sendChangeCipherSpecMessage();
                return;
            }
            sendServerHelloMessage(generateServerHello);
            this.connection_state = (short) 4;
            sendChangeCipherSpecMessage();
            send13ServerHelloCoda(generateServerHello, false);
            return;
        }
        sendServerHelloMessage(generateServerHello);
        this.connection_state = (short) 4;
        if (this.resumedSession) {
            securityParameters.masterSecret = this.sessionMasterSecret;
            this.recordStream.setPendingCipher(TlsUtils.initCipher(this.tlsServerContext));
            sendChangeCipherSpec();
            sendFinishedMessage();
            this.connection_state = (short) 20;
            return;
        }
        Vector serverSupplementalData = this.tlsServer.getServerSupplementalData();
        if (serverSupplementalData != null) {
            sendSupplementalDataMessage(serverSupplementalData);
            this.connection_state = (short) 6;
        }
        this.keyExchange = TlsUtils.initKeyExchangeServer(this.tlsServerContext, this.tlsServer);
        TlsCredentials establishServerCredentials = TlsUtils.establishServerCredentials(this.tlsServer);
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        TlsKeyExchange tlsKeyExchange = this.keyExchange;
        if (establishServerCredentials == null) {
            tlsKeyExchange.skipServerCredentials();
        } else {
            tlsKeyExchange.processServerCredentials(establishServerCredentials);
            certificate = establishServerCredentials.getCertificate();
            sendCertificateMessage(certificate, byteArrayOutputStream);
            this.connection_state = (short) 7;
        }
        securityParameters.tlsServerEndPoint = byteArrayOutputStream.toByteArray();
        if (certificate == null || certificate.isEmpty()) {
            securityParameters.statusRequestVersion = 0;
        }
        if (securityParameters.getStatusRequestVersion() > 0 && (certificateStatus = this.tlsServer.getCertificateStatus()) != null) {
            sendCertificateStatusMessage(certificateStatus);
            this.connection_state = (short) 8;
        }
        byte[] generateServerKeyExchange = this.keyExchange.generateServerKeyExchange();
        if (generateServerKeyExchange != null) {
            sendServerKeyExchangeMessage(generateServerKeyExchange);
            this.connection_state = (short) 10;
        }
        if (establishServerCredentials != null) {
            CertificateRequest certificateRequest = this.tlsServer.getCertificateRequest();
            this.certificateRequest = certificateRequest;
            if (certificateRequest != null) {
                if (TlsUtils.isTLSv12(this.tlsServerContext) != (this.certificateRequest.getSupportedSignatureAlgorithms() != null)) {
                    throw new TlsFatalAlert((short) 80);
                }
                CertificateRequest validateCertificateRequest = TlsUtils.validateCertificateRequest(this.certificateRequest, this.keyExchange);
                this.certificateRequest = validateCertificateRequest;
                TlsUtils.establishServerSigAlgs(securityParameters, validateCertificateRequest);
                TlsUtils.trackHashAlgorithms(this.handshakeHash, securityParameters.getServerSigAlgs());
                sendCertificateRequestMessage(this.certificateRequest);
                this.connection_state = (short) 11;
            } else if (!this.keyExchange.requiresCertificateVerify()) {
                throw new TlsFatalAlert((short) 80);
            }
        }
        sendServerHelloDoneMessage();
        this.connection_state = (short) 12;
        TlsUtils.sealHandshakeHash(this.tlsServerContext, this.handshakeHash, false);
    }

    protected void notifyClientCertificate(Certificate certificate) throws IOException {
        if (this.certificateRequest == null) {
            throw new TlsFatalAlert((short) 80);
        }
        TlsUtils.processClientCertificate(this.tlsServerContext, certificate, this.keyExchange, this.tlsServer);
    }

    protected void receive13ClientCertificate(ByteArrayInputStream byteArrayInputStream) throws IOException {
        Certificate parse = Certificate.parse(new Certificate.ParseOptions().setMaxChainLength(this.tlsServer.getMaxCertificateChainLength()), this.tlsServerContext, byteArrayInputStream, null);
        TlsProtocol.assertEmpty(byteArrayInputStream);
        notifyClientCertificate(parse);
    }

    protected void receive13ClientCertificateVerify(ByteArrayInputStream byteArrayInputStream) throws IOException {
        Certificate peerCertificate = this.tlsServerContext.getSecurityParametersHandshake().getPeerCertificate();
        if (peerCertificate == null || peerCertificate.isEmpty()) {
            throw new TlsFatalAlert((short) 80);
        }
        DigitallySigned parse = DigitallySigned.parse(this.tlsServerContext, byteArrayInputStream);
        TlsProtocol.assertEmpty(byteArrayInputStream);
        TlsUtils.verify13CertificateVerifyClient(this.tlsServerContext, this.certificateRequest, parse, this.handshakeHash);
    }

    protected void receive13ClientFinished(ByteArrayInputStream byteArrayInputStream) throws IOException {
        process13FinishedMessage(byteArrayInputStream);
    }

    protected void receiveCertificateMessage(ByteArrayInputStream byteArrayInputStream) throws IOException {
        Certificate parse = Certificate.parse(new Certificate.ParseOptions().setMaxChainLength(this.tlsServer.getMaxCertificateChainLength()), this.tlsServerContext, byteArrayInputStream, null);
        TlsProtocol.assertEmpty(byteArrayInputStream);
        notifyClientCertificate(parse);
    }

    protected void receiveCertificateVerifyMessage(ByteArrayInputStream byteArrayInputStream) throws IOException {
        DigitallySigned parse = DigitallySigned.parse(this.tlsServerContext, byteArrayInputStream);
        TlsProtocol.assertEmpty(byteArrayInputStream);
        TlsUtils.verifyCertificateVerifyClient(this.tlsServerContext, this.certificateRequest, parse, this.handshakeHash);
        this.handshakeHash = this.handshakeHash.stopTracking();
    }

    protected ClientHello receiveClientHelloMessage(ByteArrayInputStream byteArrayInputStream) throws IOException {
        return ClientHello.parse(byteArrayInputStream, null);
    }

    protected void receiveClientKeyExchangeMessage(ByteArrayInputStream byteArrayInputStream) throws IOException {
        this.keyExchange.processClientKeyExchange(byteArrayInputStream);
        TlsProtocol.assertEmpty(byteArrayInputStream);
        boolean isSSL = TlsUtils.isSSL(this.tlsServerContext);
        if (isSSL) {
            TlsProtocol.establishMasterSecret(this.tlsServerContext, this.keyExchange);
        }
        this.tlsServerContext.getSecurityParametersHandshake().sessionHash = TlsUtils.getCurrentPRFHash(this.handshakeHash);
        if (!isSSL) {
            TlsProtocol.establishMasterSecret(this.tlsServerContext, this.keyExchange);
        }
        this.recordStream.setPendingCipher(TlsUtils.initCipher(this.tlsServerContext));
        if (expectCertificateVerifyMessage()) {
            return;
        }
        this.handshakeHash = this.handshakeHash.stopTracking();
    }

    protected void send13EncryptedExtensionsMessage(Hashtable hashtable) throws IOException {
        byte[] writeExtensionsData = TlsProtocol.writeExtensionsData(hashtable);
        HandshakeMessageOutput handshakeMessageOutput = new HandshakeMessageOutput((short) 8);
        TlsUtils.writeOpaque16(writeExtensionsData, handshakeMessageOutput);
        handshakeMessageOutput.send(this);
    }

    protected void send13ServerHelloCoda(ServerHello serverHello, boolean z) throws IOException {
        SecurityParameters securityParametersHandshake = this.tlsServerContext.getSecurityParametersHandshake();
        TlsUtils.establish13PhaseHandshake(this.tlsServerContext, TlsUtils.getCurrentPRFHash(this.handshakeHash), this.recordStream);
        this.recordStream.enablePendingCipherWrite();
        this.recordStream.enablePendingCipherRead(true);
        send13EncryptedExtensionsMessage(this.serverExtensions);
        this.connection_state = (short) 5;
        CertificateRequest certificateRequest = this.tlsServer.getCertificateRequest();
        this.certificateRequest = certificateRequest;
        if (certificateRequest != null) {
            if (!certificateRequest.hasCertificateRequestContext(TlsUtils.EMPTY_BYTES)) {
                throw new TlsFatalAlert((short) 80);
            }
            TlsUtils.establishServerSigAlgs(securityParametersHandshake, this.certificateRequest);
            sendCertificateRequestMessage(this.certificateRequest);
            this.connection_state = (short) 11;
        }
        TlsCredentialedSigner establish13ServerCredentials = TlsUtils.establish13ServerCredentials(this.tlsServer);
        if (establish13ServerCredentials == null) {
            throw new TlsFatalAlert((short) 80);
        }
        send13CertificateMessage(establish13ServerCredentials.getCertificate());
        securityParametersHandshake.tlsServerEndPoint = null;
        this.connection_state = (short) 7;
        send13CertificateVerifyMessage(TlsUtils.generate13CertificateVerify(this.tlsServerContext, establish13ServerCredentials, this.handshakeHash));
        this.connection_state = (short) 17;
        send13FinishedMessage();
        this.connection_state = (short) 20;
        TlsUtils.establish13PhaseApplication(this.tlsServerContext, TlsUtils.getCurrentPRFHash(this.handshakeHash), this.recordStream);
        this.recordStream.enablePendingCipherWrite();
    }

    protected void sendCertificateRequestMessage(CertificateRequest certificateRequest) throws IOException {
        HandshakeMessageOutput handshakeMessageOutput = new HandshakeMessageOutput((short) 13);
        certificateRequest.encode(this.tlsServerContext, handshakeMessageOutput);
        handshakeMessageOutput.send(this);
    }

    protected void sendCertificateStatusMessage(CertificateStatus certificateStatus) throws IOException {
        HandshakeMessageOutput handshakeMessageOutput = new HandshakeMessageOutput((short) 22);
        certificateStatus.encode(handshakeMessageOutput);
        handshakeMessageOutput.send(this);
    }

    protected void sendNewSessionTicketMessage(NewSessionTicket newSessionTicket) throws IOException {
        if (newSessionTicket == null) {
            throw new TlsFatalAlert((short) 80);
        }
        HandshakeMessageOutput handshakeMessageOutput = new HandshakeMessageOutput((short) 4);
        newSessionTicket.encode(handshakeMessageOutput);
        handshakeMessageOutput.send(this);
    }

    protected void sendServerHelloDoneMessage() throws IOException {
        HandshakeMessageOutput.send(this, (short) 14, TlsUtils.EMPTY_BYTES);
    }

    protected void sendServerHelloMessage(ServerHello serverHello) throws IOException {
        HandshakeMessageOutput handshakeMessageOutput = new HandshakeMessageOutput((short) 2);
        serverHello.encode(this.tlsServerContext, handshakeMessageOutput);
        handshakeMessageOutput.send(this);
    }

    protected void sendServerKeyExchangeMessage(byte[] bArr) throws IOException {
        HandshakeMessageOutput.send(this, (short) 12, bArr);
    }

    protected void skip13ClientCertificate() throws IOException {
        if (this.certificateRequest != null) {
            throw new TlsFatalAlert((short) 10);
        }
    }

    protected void skip13ClientCertificateVerify() throws IOException {
        if (expectCertificateVerifyMessage()) {
            throw new TlsFatalAlert((short) 10);
        }
    }
}
