package org.spongycastle.crypto.tls;

import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.io.OutputStream;
import java.security.SecureRandom;
import java.util.Hashtable;
import java.util.Vector;
import org.spongycastle.crypto.params.AsymmetricKeyParameter;
import org.spongycastle.crypto.tls.g;
import org.spongycastle.crypto.util.PublicKeyFactory;
import org.spongycastle.util.Arrays;

/* loaded from: classes2.dex */
public class DTLSServerProtocol extends DTLSProtocol {
    protected boolean b;

    /* JADX INFO: Access modifiers changed from: protected */
    /* loaded from: classes2.dex */
    public static class ServerHandshakeState {
        TlsServer a = null;
        p b = null;
        int[] c = null;
        short[] d = null;
        Hashtable e = null;
        Hashtable f = null;
        boolean g = false;
        boolean h = false;
        boolean i = false;
        boolean j = false;
        TlsKeyExchange k = null;
        TlsCredentials l = null;
        CertificateRequest m = null;
        short n = -1;
        Certificate o = null;

        protected ServerHandshakeState() {
        }
    }

    public DTLSServerProtocol(SecureRandom secureRandom) {
        super(secureRandom);
        this.b = true;
    }

    protected DTLSTransport a(ServerHandshakeState serverHandshakeState, f fVar) {
        Certificate a;
        CertificateStatus p;
        SecurityParameters g = serverHandshakeState.b.g();
        g gVar = new g(serverHandshakeState.b, fVar);
        g.b e = gVar.e();
        if (e.c() != 1) {
            throw new TlsFatalAlert((short) 10);
        }
        b(serverHandshakeState, e.a());
        byte[] b = b(serverHandshakeState);
        DTLSProtocol.a(fVar, g.l);
        ProtocolVersion a2 = serverHandshakeState.b.a();
        fVar.a(a2);
        fVar.b(a2);
        gVar.a((short) 2, b);
        gVar.c();
        Vector q = serverHandshakeState.a.q();
        if (q != null) {
            gVar.a((short) 23, DTLSProtocol.a(q));
        }
        TlsKeyExchange c = serverHandshakeState.a.c();
        serverHandshakeState.k = c;
        c.a(serverHandshakeState.b);
        TlsCredentials o = serverHandshakeState.a.o();
        serverHandshakeState.l = o;
        if (o == null) {
            serverHandshakeState.k.f();
            a = null;
        } else {
            serverHandshakeState.k.b(o);
            a = serverHandshakeState.l.a();
            gVar.a((short) 11, DTLSProtocol.a(a));
        }
        if (a == null || a.d()) {
            serverHandshakeState.i = false;
        }
        if (serverHandshakeState.i && (p = serverHandshakeState.a.p()) != null) {
            gVar.a((short) 22, a(serverHandshakeState, p));
        }
        byte[] a3 = serverHandshakeState.k.a();
        if (a3 != null) {
            gVar.a((short) 12, a3);
        }
        if (serverHandshakeState.l != null) {
            CertificateRequest m = serverHandshakeState.a.m();
            serverHandshakeState.m = m;
            if (m != null) {
                if (TlsUtils.c(serverHandshakeState.b) != (serverHandshakeState.m.c() != null)) {
                    throw new TlsFatalAlert((short) 80);
                }
                serverHandshakeState.k.a(serverHandshakeState.m);
                gVar.a((short) 13, a(serverHandshakeState, serverHandshakeState.m));
                TlsUtils.a(gVar.b(), serverHandshakeState.m.c());
            }
        }
        gVar.a((short) 14, TlsUtils.a);
        gVar.b().g();
        g.b e2 = gVar.e();
        if (e2.c() == 23) {
            d(serverHandshakeState, e2.a());
            e2 = gVar.e();
        } else {
            serverHandshakeState.a.a((Vector) null);
        }
        if (serverHandshakeState.m == null) {
            serverHandshakeState.k.b();
        } else if (e2.c() == 11) {
            a(serverHandshakeState, e2.a());
            e2 = gVar.e();
        } else {
            if (TlsUtils.c(serverHandshakeState.b)) {
                throw new TlsFatalAlert((short) 10);
            }
            a(serverHandshakeState, Certificate.b);
        }
        if (e2.c() != 16) {
            throw new TlsFatalAlert((short) 10);
        }
        c(serverHandshakeState, e2.a());
        TlsHandshakeHash d = gVar.d();
        g.i = TlsProtocol.a(serverHandshakeState.b, d, (byte[]) null);
        TlsProtocol.a(serverHandshakeState.b, serverHandshakeState.k);
        fVar.a(serverHandshakeState.a.w());
        if (a(serverHandshakeState)) {
            a(serverHandshakeState, gVar.a((short) 15), d);
        }
        p pVar = serverHandshakeState.b;
        a(gVar.a((short) 20), TlsUtils.a(pVar, ExporterLabel.a, TlsProtocol.a(pVar, gVar.b(), (byte[]) null)));
        if (serverHandshakeState.j) {
            gVar.a((short) 4, a(serverHandshakeState, serverHandshakeState.a.n()));
        }
        p pVar2 = serverHandshakeState.b;
        gVar.a((short) 20, TlsUtils.a(pVar2, ExporterLabel.b, TlsProtocol.a(pVar2, gVar.b(), (byte[]) null)));
        gVar.a();
        serverHandshakeState.a.k();
        return new DTLSTransport(fVar);
    }

    public DTLSTransport a(TlsServer tlsServer, DatagramTransport datagramTransport) {
        if (tlsServer == null) {
            throw new IllegalArgumentException("'server' cannot be null");
        }
        if (datagramTransport == null) {
            throw new IllegalArgumentException("'transport' cannot be null");
        }
        SecurityParameters securityParameters = new SecurityParameters();
        securityParameters.a = 0;
        ServerHandshakeState serverHandshakeState = new ServerHandshakeState();
        serverHandshakeState.a = tlsServer;
        serverHandshakeState.b = new p(this.a, securityParameters);
        securityParameters.h = TlsProtocol.a(tlsServer.u(), serverHandshakeState.b.f());
        tlsServer.a(serverHandshakeState.b);
        f fVar = new f(datagramTransport, serverHandshakeState.b, tlsServer, (short) 22);
        try {
            return a(serverHandshakeState, fVar);
        } catch (IOException e) {
            fVar.a((short) 80);
            throw e;
        } catch (RuntimeException e2) {
            fVar.a((short) 80);
            throw new TlsFatalAlert((short) 80, e2);
        } catch (TlsFatalAlert e3) {
            fVar.a(e3.getAlertDescription());
            throw e3;
        }
    }

    protected void a(ServerHandshakeState serverHandshakeState, Certificate certificate) {
        if (serverHandshakeState.m == null) {
            throw new IllegalStateException();
        }
        if (serverHandshakeState.o != null) {
            throw new TlsFatalAlert((short) 10);
        }
        serverHandshakeState.o = certificate;
        if (certificate.d()) {
            serverHandshakeState.k.b();
        } else {
            serverHandshakeState.n = TlsUtils.a(certificate, serverHandshakeState.l.a());
            serverHandshakeState.k.a(certificate);
        }
        serverHandshakeState.a.a(certificate);
    }

    protected void a(ServerHandshakeState serverHandshakeState, byte[] bArr) {
        ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(bArr);
        Certificate a = Certificate.a(byteArrayInputStream);
        TlsProtocol.b(byteArrayInputStream);
        a(serverHandshakeState, a);
    }

    protected void a(ServerHandshakeState serverHandshakeState, byte[] bArr, TlsHandshakeHash tlsHandshakeHash) {
        byte[] l;
        if (serverHandshakeState.m == null) {
            throw new IllegalStateException();
        }
        ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(bArr);
        p pVar = serverHandshakeState.b;
        DigitallySigned a = DigitallySigned.a(pVar, byteArrayInputStream);
        TlsProtocol.b(byteArrayInputStream);
        try {
            SignatureAndHashAlgorithm a2 = a.a();
            if (TlsUtils.c(pVar)) {
                TlsUtils.a(serverHandshakeState.m.c(), a2);
                l = tlsHandshakeHash.b(a2.a());
            } else {
                l = pVar.g().l();
            }
            AsymmetricKeyParameter a3 = PublicKeyFactory.a(serverHandshakeState.o.a(0).o());
            TlsSigner c = TlsUtils.c(serverHandshakeState.n);
            c.a(pVar);
            if (c.a(a2, a.b(), a3, l)) {
            } else {
                throw new TlsFatalAlert((short) 51);
            }
        } catch (TlsFatalAlert e) {
            throw e;
        } catch (Exception e2) {
            throw new TlsFatalAlert((short) 51, e2);
        }
    }

    public void a(boolean z) {
        this.b = z;
    }

    public boolean a() {
        return this.b;
    }

    protected boolean a(ServerHandshakeState serverHandshakeState) {
        short s = serverHandshakeState.n;
        return s >= 0 && TlsUtils.e(s);
    }

    protected byte[] a(ServerHandshakeState serverHandshakeState, CertificateRequest certificateRequest) {
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        certificateRequest.a(byteArrayOutputStream);
        return byteArrayOutputStream.toByteArray();
    }

    protected byte[] a(ServerHandshakeState serverHandshakeState, CertificateStatus certificateStatus) {
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        certificateStatus.a(byteArrayOutputStream);
        return byteArrayOutputStream.toByteArray();
    }

    protected byte[] a(ServerHandshakeState serverHandshakeState, NewSessionTicket newSessionTicket) {
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        newSessionTicket.a(byteArrayOutputStream);
        return byteArrayOutputStream.toByteArray();
    }

    protected void b(ServerHandshakeState serverHandshakeState, byte[] bArr) {
        ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(bArr);
        ProtocolVersion i = TlsUtils.i(byteArrayInputStream);
        if (!i.e()) {
            throw new TlsFatalAlert((short) 47);
        }
        byte[] b = TlsUtils.b(32, byteArrayInputStream);
        if (TlsUtils.c(byteArrayInputStream).length > 32) {
            throw new TlsFatalAlert((short) 47);
        }
        TlsUtils.c(byteArrayInputStream);
        int d = TlsUtils.d(byteArrayInputStream);
        if (d < 2 || (d & 1) != 0) {
            throw new TlsFatalAlert((short) 50);
        }
        serverHandshakeState.c = TlsUtils.c(d / 2, byteArrayInputStream);
        short h = TlsUtils.h(byteArrayInputStream);
        if (h < 1) {
            throw new TlsFatalAlert((short) 47);
        }
        serverHandshakeState.d = TlsUtils.d(h, byteArrayInputStream);
        serverHandshakeState.e = TlsProtocol.c(byteArrayInputStream);
        p pVar = serverHandshakeState.b;
        SecurityParameters g = pVar.g();
        g.o = TlsExtensionsUtils.j(serverHandshakeState.e);
        pVar.a(i);
        serverHandshakeState.a.b(i);
        serverHandshakeState.a.a(Arrays.b(serverHandshakeState.c, CipherSuite.j4));
        g.g = b;
        serverHandshakeState.a.a(serverHandshakeState.c);
        serverHandshakeState.a.a(serverHandshakeState.d);
        if (Arrays.b(serverHandshakeState.c, 255)) {
            serverHandshakeState.h = true;
        }
        byte[] a = TlsUtils.a(serverHandshakeState.e, TlsProtocol.D);
        if (a != null) {
            serverHandshakeState.h = true;
            if (!Arrays.d(a, TlsProtocol.b(TlsUtils.a))) {
                throw new TlsFatalAlert((short) 40);
            }
        }
        serverHandshakeState.a.b(serverHandshakeState.h);
        Hashtable hashtable = serverHandshakeState.e;
        if (hashtable != null) {
            serverHandshakeState.a.b(hashtable);
        }
    }

    protected byte[] b(ServerHandshakeState serverHandshakeState) {
        SecurityParameters g = serverHandshakeState.b.g();
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        ProtocolVersion a = serverHandshakeState.a.a();
        if (!a.b(serverHandshakeState.b.b())) {
            throw new TlsFatalAlert((short) 80);
        }
        serverHandshakeState.b.b(a);
        TlsUtils.a(serverHandshakeState.b.a(), byteArrayOutputStream);
        byteArrayOutputStream.write(g.k());
        TlsUtils.c(TlsUtils.a, byteArrayOutputStream);
        int s = serverHandshakeState.a.s();
        if (!Arrays.b(serverHandshakeState.c, s) || s == 0 || CipherSuite.a(s) || !TlsUtils.a(s, serverHandshakeState.b.a())) {
            throw new TlsFatalAlert((short) 80);
        }
        DTLSProtocol.a(s, (short) 80);
        g.b = s;
        short g2 = serverHandshakeState.a.g();
        if (!Arrays.b(serverHandshakeState.d, g2)) {
            throw new TlsFatalAlert((short) 80);
        }
        g.c = g2;
        TlsUtils.a(s, (OutputStream) byteArrayOutputStream);
        TlsUtils.a(g2, (OutputStream) byteArrayOutputStream);
        Hashtable e = serverHandshakeState.a.e();
        serverHandshakeState.f = e;
        if (serverHandshakeState.h) {
            if (TlsUtils.a(e, TlsProtocol.D) == null) {
                Hashtable d = TlsExtensionsUtils.d(serverHandshakeState.f);
                serverHandshakeState.f = d;
                d.put(TlsProtocol.D, TlsProtocol.b(TlsUtils.a));
            }
        }
        if (g.o) {
            Hashtable d2 = TlsExtensionsUtils.d(serverHandshakeState.f);
            serverHandshakeState.f = d2;
            TlsExtensionsUtils.b(d2);
        }
        Hashtable hashtable = serverHandshakeState.f;
        if (hashtable != null) {
            g.n = TlsExtensionsUtils.i(hashtable);
            g.l = DTLSProtocol.a(serverHandshakeState.g, serverHandshakeState.e, serverHandshakeState.f, (short) 80);
            g.m = TlsExtensionsUtils.k(serverHandshakeState.f);
            serverHandshakeState.i = !serverHandshakeState.g && TlsUtils.a(serverHandshakeState.f, TlsExtensionsUtils.f, (short) 80);
            serverHandshakeState.j = !serverHandshakeState.g && TlsUtils.a(serverHandshakeState.f, TlsProtocol.E, (short) 80);
            TlsProtocol.a(byteArrayOutputStream, serverHandshakeState.f);
        }
        g.d = TlsProtocol.a(serverHandshakeState.b, g.b());
        g.e = 12;
        return byteArrayOutputStream.toByteArray();
    }

    protected void c(ServerHandshakeState serverHandshakeState, byte[] bArr) {
        ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(bArr);
        serverHandshakeState.k.b(byteArrayInputStream);
        TlsProtocol.b(byteArrayInputStream);
    }

    protected void d(ServerHandshakeState serverHandshakeState, byte[] bArr) {
        serverHandshakeState.a.a(TlsProtocol.d(new ByteArrayInputStream(bArr)));
    }
}
