package org.bouncycastle.crypto.tls;

import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.security.SecureRandom;
import java.util.Hashtable;
import java.util.Vector;
import org.bouncycastle.crypto.tls.q0;

/* loaded from: classes6.dex */
public class s0 extends n0 {
    private p0 recordLayer;
    protected boolean verifyRequests;

    /* loaded from: classes6.dex */
    public static class a {

        /* renamed from: a, reason: collision with root package name */
        public o4 f80862a = null;

        /* renamed from: b, reason: collision with root package name */
        public q4 f80863b = null;

        /* renamed from: c, reason: collision with root package name */
        public int[] f80864c = null;

        /* renamed from: d, reason: collision with root package name */
        public short[] f80865d = null;

        /* renamed from: e, reason: collision with root package name */
        public Hashtable f80866e = null;

        /* renamed from: f, reason: collision with root package name */
        public Hashtable f80867f = null;

        /* renamed from: g, reason: collision with root package name */
        public boolean f80868g = false;

        /* renamed from: h, reason: collision with root package name */
        public boolean f80869h = false;

        /* renamed from: i, reason: collision with root package name */
        public boolean f80870i = false;

        /* renamed from: j, reason: collision with root package name */
        public boolean f80871j = false;

        /* renamed from: k, reason: collision with root package name */
        public v3 f80872k = null;

        /* renamed from: l, reason: collision with root package name */
        public h3 f80873l = null;

        /* renamed from: m, reason: collision with root package name */
        public u f80874m = null;

        /* renamed from: n, reason: collision with root package name */
        public short f80875n = -1;

        /* renamed from: o, reason: collision with root package name */
        public t f80876o = null;
    }

    public s0(SecureRandom secureRandom) {
        super(secureRandom);
        this.verifyRequests = true;
    }

    public t0 accept(o4 o4Var, u0 u0Var) throws IOException {
        if (o4Var == null) {
            throw new IllegalArgumentException("'server' cannot be null");
        }
        if (u0Var == null) {
            throw new IllegalArgumentException("'transport' cannot be null");
        }
        i2 i2Var = new i2();
        i2Var.f80576a = 0;
        a aVar = new a();
        aVar.f80862a = o4Var;
        aVar.f80863b = new q4(this.secureRandom, i2Var);
        i2Var.f80583h = e4.i(o4Var.shouldUseGMTUnixTime(), aVar.f80863b.f());
        o4Var.init(aVar.f80863b);
        p0 p0Var = new p0(u0Var, aVar.f80863b, o4Var, (short) 22);
        this.recordLayer = p0Var;
        try {
            return serverHandshake(aVar, p0Var);
        } catch (IOException e10) {
            this.recordLayer.b((short) 80);
            throw e10;
        } catch (RuntimeException e11) {
            this.recordLayer.b((short) 80);
            throw new TlsFatalAlert((short) 80, e11);
        } catch (TlsFatalAlert e12) {
            this.recordLayer.b(e12.a());
            throw e12;
        }
    }

    public void cancel() throws Exception {
        p0 p0Var = this.recordLayer;
        if (p0Var != null) {
            p0Var.close();
        }
    }

    public boolean expectCertificateVerifyMessage(a aVar) {
        short s10 = aVar.f80875n;
        return s10 >= 0 && x4.W(s10);
    }

    public byte[] generateCertificateRequest(a aVar, u uVar) throws IOException {
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        uVar.a(byteArrayOutputStream);
        return byteArrayOutputStream.toByteArray();
    }

    public byte[] generateCertificateStatus(a aVar, v vVar) throws IOException {
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        vVar.a(byteArrayOutputStream);
        return byteArrayOutputStream.toByteArray();
    }

    public byte[] generateNewSessionTicket(a aVar, x1 x1Var) throws IOException {
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        x1Var.a(byteArrayOutputStream);
        return byteArrayOutputStream.toByteArray();
    }

    public byte[] generateServerHello(a aVar) throws IOException {
        i2 g10 = aVar.f80863b.g();
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        c2 serverVersion = aVar.f80862a.getServerVersion();
        if (!serverVersion.i(aVar.f80863b.getClientVersion())) {
            throw new TlsFatalAlert((short) 80, null);
        }
        aVar.f80863b.l(serverVersion);
        x4.x1(aVar.f80863b.getServerVersion(), byteArrayOutputStream);
        byteArrayOutputStream.write(g10.k());
        byte[] bArr = x4.f81003a;
        x4.a1(bArr, byteArrayOutputStream);
        int selectedCipherSuite = aVar.f80862a.getSelectedCipherSuite();
        if (!org.bouncycastle.util.a.A(aVar.f80864c, selectedCipherSuite) || selectedCipherSuite == 0 || c0.a(selectedCipherSuite) || !x4.i0(selectedCipherSuite, aVar.f80863b.getServerVersion())) {
            throw new TlsFatalAlert((short) 80, null);
        }
        n0.validateSelectedCipherSuite(selectedCipherSuite, (short) 80);
        g10.f80577b = selectedCipherSuite;
        short selectedCompressionMethod = aVar.f80862a.getSelectedCompressionMethod();
        if (!org.bouncycastle.util.a.B(aVar.f80865d, selectedCompressionMethod)) {
            throw new TlsFatalAlert((short) 80, null);
        }
        g10.f80578c = selectedCompressionMethod;
        x4.b1(selectedCipherSuite, byteArrayOutputStream);
        byteArrayOutputStream.write(selectedCompressionMethod);
        Hashtable serverExtensions = aVar.f80862a.getServerExtensions();
        aVar.f80867f = serverExtensions;
        if (aVar.f80869h) {
            Integer num = e4.E;
            if (x4.N(serverExtensions, num) == null) {
                Hashtable r10 = s3.r(aVar.f80867f);
                aVar.f80867f = r10;
                r10.put(num, x4.B(bArr));
            }
        }
        if (g10.f80590o) {
            Hashtable r11 = s3.r(aVar.f80867f);
            aVar.f80867f = r11;
            s3.b(r11);
        }
        Hashtable hashtable = aVar.f80867f;
        if (hashtable != null) {
            g10.f80589n = s3.x(hashtable);
            g10.f80587l = n0.evaluateMaxFragmentLengthExtension(aVar.f80868g, aVar.f80866e, aVar.f80867f, (short) 80);
            g10.f80588m = s3.z(aVar.f80867f);
            aVar.f80870i = !aVar.f80868g && x4.V(aVar.f80867f, s3.f80913g, (short) 80);
            aVar.f80871j = !aVar.f80868g && x4.V(aVar.f80867f, e4.F, (short) 80);
            e4.c0(byteArrayOutputStream, aVar.f80867f);
        }
        g10.f80579d = e4.v(aVar.f80863b, g10.b());
        g10.f80580e = 12;
        return byteArrayOutputStream.toByteArray();
    }

    public boolean getVerifyRequests() {
        return this.verifyRequests;
    }

    public void notifyClientCertificate(a aVar, t tVar) throws IOException {
        if (aVar.f80874m == null) {
            throw new IllegalStateException();
        }
        if (aVar.f80876o != null) {
            throw new TlsFatalAlert((short) 10, null);
        }
        aVar.f80876o = tVar;
        if (tVar.f()) {
            aVar.f80872k.g();
        } else {
            aVar.f80875n = x4.H(tVar, aVar.f80873l.e());
            aVar.f80872k.f(tVar);
        }
        aVar.f80862a.notifyClientCertificate(tVar);
    }

    public void processCertificateVerify(a aVar, byte[] bArr, t3 t3Var) throws IOException {
        byte[] l10;
        if (aVar.f80874m == null) {
            throw new IllegalStateException();
        }
        ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(bArr);
        q4 q4Var = aVar.f80863b;
        e1 d10 = e1.d(q4Var, byteArrayInputStream);
        e4.c(byteArrayInputStream);
        try {
            q2 b10 = d10.b();
            if (x4.h0(q4Var)) {
                x4.W0(aVar.f80874m.d(), b10);
                l10 = t3Var.n(b10.b());
            } else {
                l10 = q4Var.g().l();
            }
            wr.b a10 = org.bouncycastle.crypto.util.e.a(aVar.f80876o.c(0).Y());
            u4 A = x4.A(aVar.f80875n);
            A.b(q4Var);
            if (A.f(b10, d10.c(), a10, l10)) {
            } else {
                throw new TlsFatalAlert((short) 51, null);
            }
        } catch (TlsFatalAlert e10) {
            throw e10;
        } catch (Exception e11) {
            throw new TlsFatalAlert((short) 51, e11);
        }
    }

    public void processClientCertificate(a aVar, byte[] bArr) throws IOException {
        ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(bArr);
        t g10 = t.g(byteArrayInputStream);
        e4.c(byteArrayInputStream);
        notifyClientCertificate(aVar, g10);
    }

    public void processClientHello(a aVar, byte[] bArr) throws IOException {
        ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(bArr);
        c2 P0 = x4.P0(byteArrayInputStream);
        if (!P0.h()) {
            throw new TlsFatalAlert((short) 47, null);
        }
        byte[] y02 = x4.y0(32, byteArrayInputStream);
        if (x4.B0(byteArrayInputStream).length > 32) {
            throw new TlsFatalAlert((short) 47, null);
        }
        x4.B0(byteArrayInputStream);
        int D0 = x4.D0(byteArrayInputStream);
        if (D0 < 2 || (D0 & 1) != 0) {
            throw new TlsFatalAlert((short) 50, null);
        }
        aVar.f80864c = x4.F0(D0 / 2, byteArrayInputStream);
        short M0 = x4.M0(byteArrayInputStream);
        if (M0 < 1) {
            throw new TlsFatalAlert((short) 47, null);
        }
        aVar.f80865d = x4.O0(M0, byteArrayInputStream);
        aVar.f80866e = e4.P(byteArrayInputStream);
        q4 q4Var = aVar.f80863b;
        i2 g10 = q4Var.g();
        g10.f80590o = s3.y(aVar.f80866e);
        q4Var.j(P0);
        aVar.f80862a.notifyClientVersion(P0);
        aVar.f80862a.notifyFallback(org.bouncycastle.util.a.A(aVar.f80864c, c0.Q3));
        g10.f80582g = y02;
        aVar.f80862a.notifyOfferedCipherSuites(aVar.f80864c);
        aVar.f80862a.notifyOfferedCompressionMethods(aVar.f80865d);
        if (org.bouncycastle.util.a.A(aVar.f80864c, 255)) {
            aVar.f80869h = true;
        }
        byte[] N = x4.N(aVar.f80866e, e4.E);
        if (N != null) {
            aVar.f80869h = true;
            if (!org.bouncycastle.util.a.z(N, x4.B(x4.f81003a))) {
                throw new TlsFatalAlert((short) 40, null);
            }
        }
        aVar.f80862a.notifySecureRenegotiation(aVar.f80869h);
        Hashtable hashtable = aVar.f80866e;
        if (hashtable != null) {
            s3.u(hashtable);
            aVar.f80862a.processClientExtensions(aVar.f80866e);
        }
    }

    public void processClientKeyExchange(a aVar, byte[] bArr) throws IOException {
        ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(bArr);
        aVar.f80872k.d(byteArrayInputStream);
        e4.c(byteArrayInputStream);
    }

    public void processClientSupplementalData(a aVar, byte[] bArr) throws IOException {
        aVar.f80862a.processClientSupplementalData(e4.S(new ByteArrayInputStream(bArr)));
    }

    public t0 serverHandshake(a aVar, p0 p0Var) throws IOException {
        t e10;
        v certificateStatus;
        i2 g10 = aVar.f80863b.g();
        q0 q0Var = new q0(aVar.f80863b, p0Var);
        q0.b m10 = q0Var.m();
        if (m10.c() != 1) {
            throw new TlsFatalAlert((short) 10, null);
        }
        processClientHello(aVar, m10.a());
        byte[] generateServerHello = generateServerHello(aVar);
        n0.applyMaxFragmentLengthExtension(p0Var, g10.f80587l);
        c2 serverVersion = aVar.f80863b.getServerVersion();
        p0Var.m(serverVersion);
        p0Var.n(serverVersion);
        q0Var.r((short) 2, generateServerHello);
        q0Var.j();
        Vector serverSupplementalData = aVar.f80862a.getServerSupplementalData();
        if (serverSupplementalData != null) {
            q0Var.r((short) 23, n0.generateSupplementalData(serverSupplementalData));
        }
        v3 keyExchange = aVar.f80862a.getKeyExchange();
        aVar.f80872k = keyExchange;
        keyExchange.b(aVar.f80863b);
        h3 credentials = aVar.f80862a.getCredentials();
        aVar.f80873l = credentials;
        if (credentials == null) {
            aVar.f80872k.o();
            e10 = null;
        } else {
            aVar.f80872k.j(credentials);
            e10 = aVar.f80873l.e();
            q0Var.r((short) 11, n0.generateCertificate(e10));
        }
        if (e10 == null || e10.f()) {
            aVar.f80870i = false;
        }
        if (aVar.f80870i && (certificateStatus = aVar.f80862a.getCertificateStatus()) != null) {
            q0Var.r((short) 22, generateCertificateStatus(aVar, certificateStatus));
        }
        byte[] a10 = aVar.f80872k.a();
        if (a10 != null) {
            q0Var.r((short) 12, a10);
        }
        if (aVar.f80873l != null) {
            u certificateRequest = aVar.f80862a.getCertificateRequest();
            aVar.f80874m = certificateRequest;
            if (certificateRequest != null) {
                if (x4.h0(aVar.f80863b) != (aVar.f80874m.d() != null)) {
                    throw new TlsFatalAlert((short) 80, null);
                }
                aVar.f80872k.e(aVar.f80874m);
                q0Var.r((short) 13, generateCertificateRequest(aVar, aVar.f80874m));
                x4.T0(q0Var.f80831b, aVar.f80874m.d());
            }
        }
        q0Var.r((short) 14, x4.f81003a);
        q0Var.f80831b.q();
        q0.b m11 = q0Var.m();
        if (m11.c() == 23) {
            processClientSupplementalData(aVar, m11.a());
            m11 = q0Var.m();
        } else {
            aVar.f80862a.processClientSupplementalData(null);
        }
        if (aVar.f80874m == null) {
            aVar.f80872k.g();
        } else if (m11.c() == 11) {
            processClientCertificate(aVar, m11.a());
            m11 = q0Var.m();
        } else {
            if (x4.h0(aVar.f80863b)) {
                throw new TlsFatalAlert((short) 10, null);
            }
            notifyClientCertificate(aVar, t.f80915b);
        }
        if (m11.c() != 16) {
            throw new TlsFatalAlert((short) 10, null);
        }
        processClientKeyExchange(aVar, m11.a());
        t3 l10 = q0Var.l();
        g10.f80584i = e4.s(aVar.f80863b, l10, null);
        e4.l(aVar.f80863b, aVar.f80872k);
        p0Var.g(aVar.f80862a.getCipher());
        if (expectCertificateVerifyMessage(aVar)) {
            processCertificateVerify(aVar, q0Var.n((short) 15), l10);
        }
        q4 q4Var = aVar.f80863b;
        processFinished(q0Var.n((short) 20), x4.i(q4Var, j1.f80598a, e4.s(q4Var, q0Var.f80831b, null)));
        if (aVar.f80871j) {
            q0Var.r((short) 4, generateNewSessionTicket(aVar, aVar.f80862a.getNewSessionTicket()));
        }
        q4 q4Var2 = aVar.f80863b;
        q0Var.r((short) 20, x4.i(q4Var2, j1.f80599b, e4.s(q4Var2, q0Var.f80831b, null)));
        q0Var.h();
        aVar.f80862a.notifyHandshakeComplete();
        return new t0(p0Var);
    }

    public void setVerifyRequests(boolean z10) {
        this.verifyRequests = z10;
    }
}
