package org.spongycastle.crypto.tls;

import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.security.SecureRandom;
import java.util.Hashtable;
import java.util.Vector;
import org.spongycastle.crypto.params.AsymmetricKeyParameter;
import org.spongycastle.crypto.tls.DTLSReliableHandshake;
import org.spongycastle.crypto.util.PublicKeyFactory;
import org.spongycastle.util.Arrays;

/* loaded from: classes3.dex */
public class DTLSServerProtocol extends DTLSProtocol {

    /* renamed from: b, reason: collision with root package name */
    protected boolean f28811b;

    /* JADX INFO: Access modifiers changed from: protected */
    /* loaded from: classes3.dex */
    public static class ServerHandshakeState {

        /* renamed from: c, reason: collision with root package name */
        int[] f28814c;

        /* renamed from: d, reason: collision with root package name */
        short[] f28815d;

        /* renamed from: e, reason: collision with root package name */
        Hashtable f28816e;

        /* renamed from: a, reason: collision with root package name */
        TlsServer f28812a = null;

        /* renamed from: b, reason: collision with root package name */
        TlsServerContextImpl f28813b = null;

        /* renamed from: f, reason: collision with root package name */
        int f28817f = -1;

        /* renamed from: g, reason: collision with root package name */
        short f28818g = -1;

        /* renamed from: h, reason: collision with root package name */
        boolean f28819h = false;

        /* renamed from: i, reason: collision with root package name */
        short f28820i = -1;

        /* renamed from: j, reason: collision with root package name */
        boolean f28821j = false;

        /* renamed from: k, reason: collision with root package name */
        boolean f28822k = false;

        /* renamed from: l, reason: collision with root package name */
        Hashtable f28823l = null;

        /* renamed from: m, reason: collision with root package name */
        TlsKeyExchange f28824m = null;

        /* renamed from: n, reason: collision with root package name */
        TlsCredentials f28825n = null;

        /* renamed from: o, reason: collision with root package name */
        CertificateRequest f28826o = null;

        /* renamed from: p, reason: collision with root package name */
        short f28827p = -1;

        /* renamed from: q, reason: collision with root package name */
        Certificate f28828q = null;

        protected ServerHandshakeState() {
        }
    }

    public DTLSServerProtocol(SecureRandom secureRandom) {
        super(secureRandom);
        this.f28811b = true;
    }

    public DTLSTransport f(TlsServer tlsServer, DatagramTransport datagramTransport) throws IOException {
        if (tlsServer == null) {
            throw new IllegalArgumentException("'server' cannot be null");
        }
        if (datagramTransport == null) {
            throw new IllegalArgumentException("'transport' cannot be null");
        }
        SecurityParameters securityParameters = new SecurityParameters();
        securityParameters.f29058a = 0;
        ServerHandshakeState serverHandshakeState = new ServerHandshakeState();
        serverHandshakeState.f28812a = tlsServer;
        serverHandshakeState.f28813b = new TlsServerContextImpl(this.f28768a, securityParameters);
        securityParameters.f29065h = TlsProtocol.f(tlsServer.J(), serverHandshakeState.f28813b.i());
        tlsServer.n(serverHandshakeState.f28813b);
        DTLSRecordLayer dTLSRecordLayer = new DTLSRecordLayer(datagramTransport, serverHandshakeState.f28813b, tlsServer, (short) 22);
        try {
            return s(serverHandshakeState, dTLSRecordLayer);
        } catch (TlsFatalAlert e4) {
            dTLSRecordLayer.f(e4.a());
            throw e4;
        } catch (IOException e5) {
            dTLSRecordLayer.f((short) 80);
            throw e5;
        } catch (RuntimeException unused) {
            dTLSRecordLayer.f((short) 80);
            throw new TlsFatalAlert((short) 80);
        }
    }

    protected boolean g(ServerHandshakeState serverHandshakeState) {
        short s4 = serverHandshakeState.f28827p;
        return s4 >= 0 && TlsUtils.R(s4);
    }

    protected byte[] h(ServerHandshakeState serverHandshakeState, CertificateRequest certificateRequest) throws IOException {
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        certificateRequest.a(byteArrayOutputStream);
        return byteArrayOutputStream.toByteArray();
    }

    protected byte[] i(ServerHandshakeState serverHandshakeState, CertificateStatus certificateStatus) throws IOException {
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        certificateStatus.a(byteArrayOutputStream);
        return byteArrayOutputStream.toByteArray();
    }

    protected byte[] j(ServerHandshakeState serverHandshakeState, NewSessionTicket newSessionTicket) throws IOException {
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        newSessionTicket.a(byteArrayOutputStream);
        return byteArrayOutputStream.toByteArray();
    }

    protected byte[] k(ServerHandshakeState serverHandshakeState) throws IOException {
        int i4;
        SecurityParameters j4 = serverHandshakeState.f28813b.j();
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        ProtocolVersion b5 = serverHandshakeState.f28812a.b();
        if (!b5.i(serverHandshakeState.f28813b.c())) {
            throw new TlsFatalAlert((short) 80);
        }
        serverHandshakeState.f28813b.n(b5);
        TlsUtils.p1(serverHandshakeState.f28813b.b(), byteArrayOutputStream);
        byteArrayOutputStream.write(j4.i());
        byte[] bArr = TlsUtils.f29214a;
        TlsUtils.S0(bArr, byteArrayOutputStream);
        int H = serverHandshakeState.f28812a.H();
        serverHandshakeState.f28817f = H;
        if (!Arrays.x(serverHandshakeState.f28814c, H) || (i4 = serverHandshakeState.f28817f) == 0 || i4 == 255 || !TlsUtils.b0(i4, b5)) {
            throw new TlsFatalAlert((short) 80);
        }
        DTLSProtocol.e(serverHandshakeState.f28817f, (short) 80);
        short g4 = serverHandshakeState.f28812a.g();
        serverHandshakeState.f28818g = g4;
        if (!Arrays.y(serverHandshakeState.f28815d, g4)) {
            throw new TlsFatalAlert((short) 80);
        }
        TlsUtils.T0(serverHandshakeState.f28817f, byteArrayOutputStream);
        TlsUtils.j1(serverHandshakeState.f28818g, byteArrayOutputStream);
        Hashtable e4 = serverHandshakeState.f28812a.e();
        serverHandshakeState.f28823l = e4;
        if (serverHandshakeState.f28819h) {
            Integer num = TlsProtocol.A;
            if (TlsUtils.L(e4, num) == null) {
                Hashtable n4 = TlsExtensionsUtils.n(serverHandshakeState.f28823l);
                serverHandshakeState.f28823l = n4;
                n4.put(num, TlsProtocol.g(bArr));
            }
        }
        Hashtable hashtable = serverHandshakeState.f28823l;
        if (hashtable != null) {
            j4.f29068k = TlsExtensionsUtils.s(hashtable);
            serverHandshakeState.f28820i = DTLSProtocol.a(serverHandshakeState.f28816e, serverHandshakeState.f28823l, (short) 80);
            j4.f29067j = TlsExtensionsUtils.t(serverHandshakeState.f28823l);
            serverHandshakeState.f28821j = TlsUtils.Q(serverHandshakeState.f28823l, TlsExtensionsUtils.f29137e, (short) 80);
            serverHandshakeState.f28822k = TlsUtils.Q(serverHandshakeState.f28823l, TlsProtocol.B, (short) 80);
            TlsProtocol.P(byteArrayOutputStream, serverHandshakeState.f28823l);
        }
        return byteArrayOutputStream.toByteArray();
    }

    public boolean l() {
        return this.f28811b;
    }

    protected void m(ServerHandshakeState serverHandshakeState, Certificate certificate) throws IOException {
        if (serverHandshakeState.f28826o == null) {
            throw new IllegalStateException();
        }
        if (serverHandshakeState.f28828q != null) {
            throw new TlsFatalAlert((short) 10);
        }
        serverHandshakeState.f28828q = certificate;
        if (certificate.g()) {
            serverHandshakeState.f28824m.g();
        } else {
            serverHandshakeState.f28827p = TlsUtils.G(certificate, serverHandshakeState.f28825n.e());
            serverHandshakeState.f28824m.d(certificate);
        }
        serverHandshakeState.f28812a.M(certificate);
    }

    protected void n(ServerHandshakeState serverHandshakeState, byte[] bArr, TlsHandshakeHash tlsHandshakeHash) throws IOException {
        ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(bArr);
        DigitallySigned d4 = DigitallySigned.d(serverHandshakeState.f28813b, byteArrayInputStream);
        TlsProtocol.b(byteArrayInputStream);
        boolean z4 = false;
        try {
            byte[] l4 = TlsUtils.a0(serverHandshakeState.f28813b) ? tlsHandshakeHash.l(d4.b().b()) : TlsProtocol.m(serverHandshakeState.f28813b, tlsHandshakeHash, null);
            AsymmetricKeyParameter b5 = PublicKeyFactory.b(serverHandshakeState.f28828q.c(0).s());
            TlsSigner z5 = TlsUtils.z(serverHandshakeState.f28827p);
            z5.a(serverHandshakeState.f28813b);
            z4 = z5.c(d4.b(), d4.c(), b5, l4);
        } catch (Exception unused) {
        }
        if (!z4) {
            throw new TlsFatalAlert((short) 51);
        }
    }

    protected void o(ServerHandshakeState serverHandshakeState, byte[] bArr) throws IOException {
        ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(bArr);
        Certificate h4 = Certificate.h(byteArrayInputStream);
        TlsProtocol.b(byteArrayInputStream);
        m(serverHandshakeState, h4);
    }

    protected void p(ServerHandshakeState serverHandshakeState, byte[] bArr) throws IOException {
        ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(bArr);
        ProtocolVersion I0 = TlsUtils.I0(byteArrayInputStream);
        if (!I0.h()) {
            throw new TlsFatalAlert((short) 47);
        }
        byte[] r02 = TlsUtils.r0(32, byteArrayInputStream);
        if (TlsUtils.u0(byteArrayInputStream).length > 32) {
            throw new TlsFatalAlert((short) 47);
        }
        TlsUtils.u0(byteArrayInputStream);
        int w02 = TlsUtils.w0(byteArrayInputStream);
        if (w02 < 2 || (w02 & 1) != 0) {
            throw new TlsFatalAlert((short) 50);
        }
        serverHandshakeState.f28814c = TlsUtils.y0(w02 / 2, byteArrayInputStream);
        short F0 = TlsUtils.F0(byteArrayInputStream);
        if (F0 < 1) {
            throw new TlsFatalAlert((short) 47);
        }
        serverHandshakeState.f28815d = TlsUtils.H0(F0, byteArrayInputStream);
        serverHandshakeState.f28816e = TlsProtocol.G(byteArrayInputStream);
        serverHandshakeState.f28813b.l(I0);
        serverHandshakeState.f28812a.G(I0);
        serverHandshakeState.f28813b.j().f29064g = r02;
        serverHandshakeState.f28812a.t(serverHandshakeState.f28814c);
        serverHandshakeState.f28812a.I(serverHandshakeState.f28815d);
        if (Arrays.x(serverHandshakeState.f28814c, 255)) {
            serverHandshakeState.f28819h = true;
        }
        byte[] L = TlsUtils.L(serverHandshakeState.f28816e, TlsProtocol.A);
        if (L != null) {
            serverHandshakeState.f28819h = true;
            if (!Arrays.w(L, TlsProtocol.g(TlsUtils.f29214a))) {
                throw new TlsFatalAlert((short) 40);
            }
        }
        serverHandshakeState.f28812a.r(serverHandshakeState.f28819h);
        Hashtable hashtable = serverHandshakeState.f28816e;
        if (hashtable != null) {
            serverHandshakeState.f28812a.o(hashtable);
        }
    }

    protected void q(ServerHandshakeState serverHandshakeState, byte[] bArr) throws IOException {
        ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(bArr);
        serverHandshakeState.f28824m.e(byteArrayInputStream);
        TlsProtocol.b(byteArrayInputStream);
    }

    protected void r(ServerHandshakeState serverHandshakeState, byte[] bArr) throws IOException {
        serverHandshakeState.f28812a.u(TlsProtocol.H(new ByteArrayInputStream(bArr)));
    }

    protected DTLSTransport s(ServerHandshakeState serverHandshakeState, DTLSRecordLayer dTLSRecordLayer) throws IOException {
        Certificate e4;
        CertificateStatus E;
        SecurityParameters j4 = serverHandshakeState.f28813b.j();
        DTLSReliableHandshake dTLSReliableHandshake = new DTLSReliableHandshake(serverHandshakeState.f28813b, dTLSRecordLayer);
        DTLSReliableHandshake.Message m4 = dTLSReliableHandshake.m();
        serverHandshakeState.f28813b.l(dTLSRecordLayer.g());
        if (m4.c() != 1) {
            throw new TlsFatalAlert((short) 10);
        }
        p(serverHandshakeState, m4.a());
        byte[] k4 = k(serverHandshakeState);
        short s4 = serverHandshakeState.f28820i;
        if (s4 >= 0) {
            dTLSRecordLayer.p(1 << (s4 + 8));
        }
        int i4 = serverHandshakeState.f28817f;
        j4.f29059b = i4;
        j4.f29060c = serverHandshakeState.f28818g;
        j4.f29061d = TlsProtocol.p(serverHandshakeState.f28813b, i4);
        j4.f29062e = 12;
        dTLSReliableHandshake.r((short) 2, k4);
        dTLSReliableHandshake.j();
        Vector m5 = serverHandshakeState.f28812a.m();
        if (m5 != null) {
            dTLSReliableHandshake.r((short) 23, DTLSProtocol.c(m5));
        }
        TlsKeyExchange a5 = serverHandshakeState.f28812a.a();
        serverHandshakeState.f28824m = a5;
        a5.a(serverHandshakeState.f28813b);
        TlsCredentials l4 = serverHandshakeState.f28812a.l();
        serverHandshakeState.f28825n = l4;
        if (l4 == null) {
            serverHandshakeState.f28824m.o();
            e4 = null;
        } else {
            serverHandshakeState.f28824m.l(l4);
            e4 = serverHandshakeState.f28825n.e();
            dTLSReliableHandshake.r((short) 11, DTLSProtocol.b(e4));
        }
        if (e4 == null || e4.g()) {
            serverHandshakeState.f28821j = false;
        }
        if (serverHandshakeState.f28821j && (E = serverHandshakeState.f28812a.E()) != null) {
            dTLSReliableHandshake.r((short) 22, i(serverHandshakeState, E));
        }
        byte[] b5 = serverHandshakeState.f28824m.b();
        if (b5 != null) {
            dTLSReliableHandshake.r((short) 12, b5);
        }
        if (serverHandshakeState.f28825n != null) {
            CertificateRequest D = serverHandshakeState.f28812a.D();
            serverHandshakeState.f28826o = D;
            if (D != null) {
                serverHandshakeState.f28824m.i(D);
                dTLSReliableHandshake.r((short) 13, h(serverHandshakeState, serverHandshakeState.f28826o));
                TlsUtils.M0(dTLSReliableHandshake.i(), serverHandshakeState.f28826o.d());
            }
        }
        dTLSReliableHandshake.r((short) 14, TlsUtils.f29214a);
        dTLSReliableHandshake.i().n();
        DTLSReliableHandshake.Message m6 = dTLSReliableHandshake.m();
        if (m6.c() == 23) {
            r(serverHandshakeState, m6.a());
            m6 = dTLSReliableHandshake.m();
        } else {
            serverHandshakeState.f28812a.u(null);
        }
        if (serverHandshakeState.f28826o == null) {
            serverHandshakeState.f28824m.g();
        } else if (m6.c() == 11) {
            o(serverHandshakeState, m6.a());
            m6 = dTLSReliableHandshake.m();
        } else {
            if (TlsUtils.a0(serverHandshakeState.f28813b)) {
                throw new TlsFatalAlert((short) 10);
            }
            m(serverHandshakeState, Certificate.f28565b);
        }
        if (m6.c() != 16) {
            throw new TlsFatalAlert((short) 10);
        }
        q(serverHandshakeState, m6.a());
        TlsProtocol.i(serverHandshakeState.f28813b, serverHandshakeState.f28824m);
        dTLSRecordLayer.j(serverHandshakeState.f28812a.s());
        TlsHandshakeHash l5 = dTLSReliableHandshake.l();
        if (g(serverHandshakeState)) {
            n(serverHandshakeState, dTLSReliableHandshake.n((short) 15), l5);
        }
        TlsServerContextImpl tlsServerContextImpl = serverHandshakeState.f28813b;
        d(dTLSReliableHandshake.n((short) 20), TlsUtils.i(tlsServerContextImpl, ExporterLabel.f28887a, TlsProtocol.m(tlsServerContextImpl, dTLSReliableHandshake.i(), null)));
        if (serverHandshakeState.f28822k) {
            dTLSReliableHandshake.r((short) 4, j(serverHandshakeState, serverHandshakeState.f28812a.k()));
        }
        TlsServerContextImpl tlsServerContextImpl2 = serverHandshakeState.f28813b;
        dTLSReliableHandshake.r((short) 20, TlsUtils.i(tlsServerContextImpl2, ExporterLabel.f28888b, TlsProtocol.m(tlsServerContextImpl2, dTLSReliableHandshake.i(), null)));
        dTLSReliableHandshake.h();
        serverHandshakeState.f28812a.C();
        return new DTLSTransport(dTLSRecordLayer);
    }

    public void t(boolean z4) {
        this.f28811b = z4;
    }
}
