package org.spongycastle.crypto.tls;

import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.security.SecureRandom;
import java.util.Hashtable;
import java.util.Vector;
import org.spongycastle.crypto.params.AsymmetricKeyParameter;
import org.spongycastle.crypto.tls.DTLSReliableHandshake;
import org.spongycastle.crypto.util.PublicKeyFactory;
import org.spongycastle.util.Arrays;

/* loaded from: classes2.dex */
public class DTLSServerProtocol extends DTLSProtocol {

    /* renamed from: a, reason: collision with root package name */
    public boolean f18935a;

    /* loaded from: classes2.dex */
    public static class ServerHandshakeState {

        /* renamed from: f, reason: collision with root package name */
        public TlsServer f18941f = null;

        /* renamed from: g, reason: collision with root package name */
        public TlsServerContextImpl f18942g = null;

        /* renamed from: j, reason: collision with root package name */
        public int[] f18945j = null;
        public short[] k = null;

        /* renamed from: a, reason: collision with root package name */
        public Hashtable f18936a = null;
        public Hashtable l = null;

        /* renamed from: i, reason: collision with root package name */
        public boolean f18944i = false;
        public boolean m = false;
        public boolean n = false;
        public boolean o = false;

        /* renamed from: e, reason: collision with root package name */
        public TlsKeyExchange f18940e = null;

        /* renamed from: d, reason: collision with root package name */
        public TlsCredentials f18939d = null;

        /* renamed from: c, reason: collision with root package name */
        public CertificateRequest f18938c = null;

        /* renamed from: h, reason: collision with root package name */
        public short f18943h = -1;

        /* renamed from: b, reason: collision with root package name */
        public Certificate f18937b = null;
    }

    public DTLSServerProtocol(SecureRandom secureRandom) {
        super(secureRandom);
        this.f18935a = true;
    }

    public DTLSTransport b(ServerHandshakeState serverHandshakeState, DTLSRecordLayer dTLSRecordLayer) {
        Certificate e2;
        CertificateStatus y;
        SecurityParameters n = serverHandshakeState.f18942g.n();
        DTLSReliableHandshake dTLSReliableHandshake = new DTLSReliableHandshake(serverHandshakeState.f18942g, dTLSRecordLayer);
        DTLSReliableHandshake.Message q = dTLSReliableHandshake.q();
        if (q.e() != 1) {
            throw new TlsFatalAlert((short) 10);
        }
        n(serverHandshakeState, q.f());
        byte[] j2 = j(serverHandshakeState);
        DTLSProtocol.t(dTLSRecordLayer, n.f19103f);
        ProtocolVersion t = serverHandshakeState.f18942g.t();
        dTLSRecordLayer.ac(t);
        dTLSRecordLayer.ai(t);
        dTLSReliableHandshake.t((short) 2, j2);
        dTLSReliableHandshake.w();
        Vector w = serverHandshakeState.f18941f.w();
        if (w != null) {
            dTLSReliableHandshake.t((short) 23, DTLSProtocol.u(w));
        }
        serverHandshakeState.f18940e = serverHandshakeState.f18941f.ba();
        serverHandshakeState.f18940e.g(serverHandshakeState.f18942g);
        serverHandshakeState.f18939d = serverHandshakeState.f18941f.ay();
        TlsCredentials tlsCredentials = serverHandshakeState.f18939d;
        if (tlsCredentials == null) {
            serverHandshakeState.f18940e.y();
            e2 = null;
        } else {
            serverHandshakeState.f18940e.h(tlsCredentials);
            e2 = serverHandshakeState.f18939d.e();
            dTLSReliableHandshake.t((short) 11, DTLSProtocol.v(e2));
        }
        if (e2 == null || e2.g()) {
            serverHandshakeState.n = false;
        }
        if (serverHandshakeState.n && (y = serverHandshakeState.f18941f.y()) != null) {
            dTLSReliableHandshake.t((short) 22, l(serverHandshakeState, y));
        }
        byte[] m = serverHandshakeState.f18940e.m();
        if (m != null) {
            dTLSReliableHandshake.t((short) 12, m);
        }
        if (serverHandshakeState.f18939d != null) {
            serverHandshakeState.f18938c = serverHandshakeState.f18941f.x();
            if (serverHandshakeState.f18938c != null) {
                if (TlsUtils.du(serverHandshakeState.f18942g) != (serverHandshakeState.f18938c.h() != null)) {
                    throw new TlsFatalAlert((short) 80);
                }
                serverHandshakeState.f18940e.aa(serverHandshakeState.f18938c);
                dTLSReliableHandshake.t((short) 13, k(serverHandshakeState, serverHandshakeState.f18938c));
                TlsUtils.aw(dTLSReliableHandshake.r(), serverHandshakeState.f18938c.h());
            }
        }
        dTLSReliableHandshake.t((short) 14, TlsUtils.f19223b);
        dTLSReliableHandshake.r().q();
        DTLSReliableHandshake.Message q2 = dTLSReliableHandshake.q();
        if (q2.e() == 23) {
            p(serverHandshakeState, q2.f());
            q2 = dTLSReliableHandshake.q();
        } else {
            serverHandshakeState.f18941f.aq(null);
        }
        if (serverHandshakeState.f18938c == null) {
            serverHandshakeState.f18940e.j();
        } else if (q2.e() == 11) {
            e(serverHandshakeState, q2.f());
            q2 = dTLSReliableHandshake.q();
        } else {
            if (TlsUtils.du(serverHandshakeState.f18942g)) {
                throw new TlsFatalAlert((short) 10);
            }
            d(serverHandshakeState, Certificate.f18834a);
        }
        if (q2.e() != 16) {
            throw new TlsFatalAlert((short) 10);
        }
        o(serverHandshakeState, q2.f());
        TlsHandshakeHash v = dTLSReliableHandshake.v();
        n.m = TlsProtocol.bw(serverHandshakeState.f18942g, v, null);
        TlsProtocol.bv(serverHandshakeState.f18942g, serverHandshakeState.f18940e);
        dTLSRecordLayer.ad(serverHandshakeState.f18941f.j());
        if (i(serverHandshakeState)) {
            f(serverHandshakeState, dTLSReliableHandshake.u((short) 15), v);
        }
        TlsServerContextImpl tlsServerContextImpl = serverHandshakeState.f18942g;
        w(dTLSReliableHandshake.u((short) 20), TlsUtils.bt(tlsServerContextImpl, ExporterLabel.f18984a, TlsProtocol.bw(tlsServerContextImpl, dTLSReliableHandshake.r(), null)));
        if (serverHandshakeState.o) {
            dTLSReliableHandshake.t((short) 4, m(serverHandshakeState, serverHandshakeState.f18941f.z()));
        }
        TlsServerContextImpl tlsServerContextImpl2 = serverHandshakeState.f18942g;
        dTLSReliableHandshake.t((short) 20, TlsUtils.bt(tlsServerContextImpl2, ExporterLabel.f18985b, TlsProtocol.bw(tlsServerContextImpl2, dTLSReliableHandshake.r(), null)));
        dTLSReliableHandshake.s();
        serverHandshakeState.f18941f.ac();
        return new DTLSTransport(dTLSRecordLayer);
    }

    public DTLSTransport c(TlsServer tlsServer, DatagramTransport datagramTransport) {
        if (tlsServer == null) {
            throw new IllegalArgumentException("'server' cannot be null");
        }
        if (datagramTransport == null) {
            throw new IllegalArgumentException("'transport' cannot be null");
        }
        SecurityParameters securityParameters = new SecurityParameters();
        securityParameters.f19098a = 0;
        ServerHandshakeState serverHandshakeState = new ServerHandshakeState();
        serverHandshakeState.f18941f = tlsServer;
        serverHandshakeState.f18942g = new TlsServerContextImpl(this.q, securityParameters);
        securityParameters.k = TlsProtocol.bx(tlsServer.ag(), serverHandshakeState.f18942g.l());
        tlsServer.ai(serverHandshakeState.f18942g);
        DTLSRecordLayer dTLSRecordLayer = new DTLSRecordLayer(datagramTransport, serverHandshakeState.f18942g, tlsServer, (short) 22);
        try {
            return b(serverHandshakeState, dTLSRecordLayer);
        } catch (IOException e2) {
            dTLSRecordLayer.ae((short) 80);
            throw e2;
        } catch (RuntimeException e3) {
            dTLSRecordLayer.ae((short) 80);
            throw new TlsFatalAlert((short) 80, e3);
        } catch (TlsFatalAlert e4) {
            dTLSRecordLayer.ae(e4.d());
            throw e4;
        }
    }

    public void d(ServerHandshakeState serverHandshakeState, Certificate certificate) {
        if (serverHandshakeState.f18938c == null) {
            throw new IllegalStateException();
        }
        if (serverHandshakeState.f18937b != null) {
            throw new TlsFatalAlert((short) 10);
        }
        serverHandshakeState.f18937b = certificate;
        if (certificate.g()) {
            serverHandshakeState.f18940e.j();
        } else {
            serverHandshakeState.f18943h = TlsUtils.ah(certificate, serverHandshakeState.f18939d.e());
            serverHandshakeState.f18940e.l(certificate);
        }
        serverHandshakeState.f18941f.ab(certificate);
    }

    public void e(ServerHandshakeState serverHandshakeState, byte[] bArr) {
        ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(bArr);
        Certificate c2 = Certificate.c(byteArrayInputStream);
        TlsProtocol.bz(byteArrayInputStream);
        d(serverHandshakeState, c2);
    }

    public void f(ServerHandshakeState serverHandshakeState, byte[] bArr, TlsHandshakeHash tlsHandshakeHash) {
        byte[] ab;
        if (serverHandshakeState.f18938c == null) {
            throw new IllegalStateException();
        }
        ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(bArr);
        TlsServerContextImpl tlsServerContextImpl = serverHandshakeState.f18942g;
        DigitallySigned c2 = DigitallySigned.c(tlsServerContextImpl, byteArrayInputStream);
        TlsProtocol.bz(byteArrayInputStream);
        try {
            SignatureAndHashAlgorithm d2 = c2.d();
            if (TlsUtils.du(tlsServerContextImpl)) {
                TlsUtils.aq(serverHandshakeState.f18938c.h(), d2);
                ab = tlsHandshakeHash.o(d2.d());
            } else {
                ab = tlsServerContextImpl.n().ab();
            }
            AsymmetricKeyParameter b2 = PublicKeyFactory.b(serverHandshakeState.f18937b.e(0).k());
            TlsSigner ae = TlsUtils.ae(serverHandshakeState.f18943h);
            ae.c(tlsServerContextImpl);
            if (ae.l(d2, c2.f(), b2, ab)) {
            } else {
                throw new TlsFatalAlert((short) 51);
            }
        } catch (TlsFatalAlert e2) {
            throw e2;
        } catch (Exception e3) {
            throw new TlsFatalAlert((short) 51, e3);
        }
    }

    public void g(boolean z) {
        this.f18935a = z;
    }

    public boolean h() {
        return this.f18935a;
    }

    public boolean i(ServerHandshakeState serverHandshakeState) {
        short s = serverHandshakeState.f18943h;
        return s >= 0 && TlsUtils.bn(s);
    }

    public byte[] j(ServerHandshakeState serverHandshakeState) {
        SecurityParameters n = serverHandshakeState.f18942g.n();
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        ProtocolVersion ao = serverHandshakeState.f18941f.ao();
        if (!ao.q(serverHandshakeState.f18942g.m())) {
            throw new TlsFatalAlert((short) 80);
        }
        serverHandshakeState.f18942g.u(ao);
        TlsUtils.au(serverHandshakeState.f18942g.t(), byteArrayOutputStream);
        byteArrayOutputStream.write(n.aa());
        TlsUtils.dq(TlsUtils.f19223b, byteArrayOutputStream);
        int u = serverHandshakeState.f18941f.u();
        if (!Arrays.u(serverHandshakeState.f18945j, u) || u == 0 || CipherSuite.jk(u) || !TlsUtils.bi(u, serverHandshakeState.f18942g.t())) {
            throw new TlsFatalAlert((short) 80);
        }
        DTLSProtocol.s(u, (short) 80);
        n.f19102e = u;
        short aa = serverHandshakeState.f18941f.aa();
        if (!Arrays.y(serverHandshakeState.k, aa)) {
            throw new TlsFatalAlert((short) 80);
        }
        n.f19099b = aa;
        TlsUtils.ak(u, byteArrayOutputStream);
        TlsUtils.ay(aa, byteArrayOutputStream);
        serverHandshakeState.l = serverHandshakeState.f18941f.v();
        if (serverHandshakeState.m) {
            if (TlsUtils.bq(serverHandshakeState.l, TlsProtocol.t) == null) {
                serverHandshakeState.l = TlsExtensionsUtils.h(serverHandshakeState.l);
                serverHandshakeState.l.put(TlsProtocol.t, TlsProtocol.by(TlsUtils.f19223b));
            }
        }
        if (n.f19107j) {
            serverHandshakeState.l = TlsExtensionsUtils.h(serverHandshakeState.l);
            TlsExtensionsUtils.ac(serverHandshakeState.l);
        }
        Hashtable hashtable = serverHandshakeState.l;
        if (hashtable != null) {
            n.f19104g = TlsExtensionsUtils.v(hashtable);
            n.f19103f = DTLSProtocol.r(serverHandshakeState.f18944i, serverHandshakeState.f18936a, serverHandshakeState.l, (short) 80);
            n.f19100c = TlsExtensionsUtils.ah(serverHandshakeState.l);
            serverHandshakeState.n = !serverHandshakeState.f18944i && TlsUtils.bk(serverHandshakeState.l, TlsExtensionsUtils.f19183f, (short) 80);
            serverHandshakeState.o = !serverHandshakeState.f18944i && TlsUtils.bk(serverHandshakeState.l, TlsProtocol.v, (short) 80);
            TlsProtocol.bt(byteArrayOutputStream, serverHandshakeState.l);
        }
        n.f19106i = TlsProtocol.bq(serverHandshakeState.f18942g, n.p());
        n.l = 12;
        return byteArrayOutputStream.toByteArray();
    }

    public byte[] k(ServerHandshakeState serverHandshakeState, CertificateRequest certificateRequest) {
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        certificateRequest.f(byteArrayOutputStream);
        return byteArrayOutputStream.toByteArray();
    }

    public byte[] l(ServerHandshakeState serverHandshakeState, CertificateStatus certificateStatus) {
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        certificateStatus.h(byteArrayOutputStream);
        return byteArrayOutputStream.toByteArray();
    }

    public byte[] m(ServerHandshakeState serverHandshakeState, NewSessionTicket newSessionTicket) {
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        newSessionTicket.e(byteArrayOutputStream);
        return byteArrayOutputStream.toByteArray();
    }

    public void n(ServerHandshakeState serverHandshakeState, byte[] bArr) {
        ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(bArr);
        ProtocolVersion aa = TlsUtils.aa(byteArrayInputStream);
        if (!aa.m()) {
            throw new TlsFatalAlert((short) 47);
        }
        byte[] dd = TlsUtils.dd(32, byteArrayInputStream);
        if (TlsUtils.dv(byteArrayInputStream).length > 32) {
            throw new TlsFatalAlert((short) 47);
        }
        TlsUtils.dv(byteArrayInputStream);
        int j2 = TlsUtils.j(byteArrayInputStream);
        if (j2 < 2 || (j2 & 1) != 0) {
            throw new TlsFatalAlert((short) 50);
        }
        serverHandshakeState.f18945j = TlsUtils.cd(j2 / 2, byteArrayInputStream);
        short ag = TlsUtils.ag(byteArrayInputStream);
        if (ag < 1) {
            throw new TlsFatalAlert((short) 47);
        }
        serverHandshakeState.k = TlsUtils.ce(ag, byteArrayInputStream);
        serverHandshakeState.f18936a = TlsProtocol.br(byteArrayInputStream);
        TlsServerContextImpl tlsServerContextImpl = serverHandshakeState.f18942g;
        SecurityParameters n = tlsServerContextImpl.n();
        n.f19107j = TlsExtensionsUtils.ad(serverHandshakeState.f18936a);
        tlsServerContextImpl.q(aa);
        serverHandshakeState.f18941f.ah(aa);
        serverHandshakeState.f18941f.ar(Arrays.u(serverHandshakeState.f18945j, CipherSuite.jj));
        n.f19105h = dd;
        serverHandshakeState.f18941f.aj(serverHandshakeState.f18945j);
        serverHandshakeState.f18941f.ak(serverHandshakeState.k);
        if (Arrays.u(serverHandshakeState.f18945j, 255)) {
            serverHandshakeState.m = true;
        }
        byte[] bq = TlsUtils.bq(serverHandshakeState.f18936a, TlsProtocol.t);
        if (bq != null) {
            serverHandshakeState.m = true;
            if (!Arrays.ay(bq, TlsProtocol.by(TlsUtils.f19223b))) {
                throw new TlsFatalAlert((short) 40);
            }
        }
        serverHandshakeState.f18941f.af(serverHandshakeState.m);
        Hashtable hashtable = serverHandshakeState.f18936a;
        if (hashtable != null) {
            serverHandshakeState.f18941f.ap(hashtable);
        }
    }

    public void o(ServerHandshakeState serverHandshakeState, byte[] bArr) {
        ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(bArr);
        serverHandshakeState.f18940e.k(byteArrayInputStream);
        TlsProtocol.bz(byteArrayInputStream);
    }

    public void p(ServerHandshakeState serverHandshakeState, byte[] bArr) {
        serverHandshakeState.f18941f.aq(TlsProtocol.bs(new ByteArrayInputStream(bArr)));
    }
}
