package com.aspose.pdf.internal.imaging.internal.bouncycastle.crypto.tls;

import com.aspose.pdf.internal.imaging.internal.bouncycastle.crypto.params.AsymmetricKeyParameter;
import com.aspose.pdf.internal.imaging.internal.bouncycastle.crypto.tls.TlsProtocol;
import com.aspose.pdf.internal.imaging.internal.bouncycastle.crypto.util.PublicKeyFactory;
import com.aspose.pdf.internal.imaging.internal.bouncycastle.util.Arrays;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.security.SecureRandom;
import java.util.Vector;

/* loaded from: classes4.dex */
public class TlsServerProtocol extends TlsProtocol {
    private TlsKeyExchange m12170;
    private CertificateRequest m12172;
    private TlsCredentials m12177;
    private short m12178;
    private TlsServer m12284;
    private z10 m12285;
    private TlsHandshakeHash m12286;

    public TlsServerProtocol(InputStream inputStream, OutputStream outputStream, SecureRandom secureRandom) {
        super(inputStream, outputStream, secureRandom);
        this.m12284 = null;
        this.m12285 = null;
        this.m12170 = null;
        this.m12177 = null;
        this.m12172 = null;
        this.m12178 = (short) -1;
        this.m12286 = null;
    }

    public TlsServerProtocol(SecureRandom secureRandom) {
        super(secureRandom);
        this.m12284 = null;
        this.m12285 = null;
        this.m12170 = null;
        this.m12177 = null;
        this.m12172 = null;
        this.m12178 = (short) -1;
        this.m12286 = null;
    }

    private boolean m3126() {
        short s = this.m12178;
        return s >= 0 && TlsUtils.hasSigningCapability(s);
    }

    private void notifyClientCertificate(Certificate certificate) throws IOException {
        if (this.m12172 == null) {
            throw new IllegalStateException();
        }
        if (this.m12271 != null) {
            throw new TlsFatalAlert((short) 10);
        }
        this.m12271 = certificate;
        if (certificate.isEmpty()) {
            this.m12170.skipClientCredentials();
        } else {
            this.m12177.getCertificate();
            this.m12178 = TlsUtils.m3(certificate);
            this.m12170.processClientCertificate(certificate);
        }
        this.m12284.notifyClientCertificate(certificate);
    }

    public void accept(TlsServer tlsServer) throws IOException {
        if (tlsServer == null) {
            throw new IllegalArgumentException("'tlsServer' cannot be null");
        }
        if (this.m12284 != null) {
            throw new IllegalStateException("'accept' can only be called once");
        }
        this.m12284 = tlsServer;
        this.m12270 = new SecurityParameters();
        this.m12270.m12203 = 0;
        this.m12285 = new z10(this.secureRandom, this.m12270);
        this.m12270.m12210 = m1(tlsServer.shouldUseGMTUnixTime(), this.m12285.getNonceRandomGenerator());
        this.m12284.init(this.m12285);
        this.m12267.m1(this.m12285);
        this.m12267.m1(false);
        m3118();
    }

    /* JADX WARN: Failed to find 'out' block for switch in B:12:0x0028. Please report as an issue. */
    @Override // com.aspose.pdf.internal.imaging.internal.bouncycastle.crypto.tls.TlsProtocol
    protected final void m1(short s, ByteArrayInputStream byteArrayInputStream) throws IOException {
        CertificateStatus certificateStatus;
        byte[] sessionHash;
        Certificate certificate = null;
        if (s == 1) {
            short s2 = this.m12272;
            if (s2 != 0) {
                if (s2 != 16) {
                    throw new TlsFatalAlert((short) 10);
                }
                m3125();
                return;
            }
            ProtocolVersion readVersion = TlsUtils.readVersion(byteArrayInputStream);
            this.m12267.m2(readVersion);
            if (readVersion.isDTLS()) {
                throw new TlsFatalAlert((short) 47);
            }
            byte[] readFully = TlsUtils.readFully(32, byteArrayInputStream);
            if (TlsUtils.readOpaque8(byteArrayInputStream).length > 32) {
                throw new TlsFatalAlert((short) 47);
            }
            int readUint16 = TlsUtils.readUint16(byteArrayInputStream);
            if (readUint16 < 2 || (readUint16 & 1) != 0) {
                throw new TlsFatalAlert((short) 50);
            }
            this.m12140 = TlsUtils.readUint16Array(readUint16 / 2, byteArrayInputStream);
            short readUint8 = TlsUtils.readUint8(byteArrayInputStream);
            if (readUint8 <= 0) {
                throw new TlsFatalAlert((short) 47);
            }
            this.m12141 = TlsUtils.readUint8Array(readUint8, byteArrayInputStream);
            this.m12164 = m3(byteArrayInputStream);
            this.m12270.m12215 = TlsExtensionsUtils.hasExtendedMasterSecretExtension(this.m12164);
            this.m12285.m1(readVersion);
            this.m12284.notifyClientVersion(readVersion);
            this.m12284.notifyFallback(Arrays.contains(this.m12140, CipherSuite.TLS_FALLBACK_SCSV));
            this.m12270.m12209 = readFully;
            this.m12284.notifyOfferedCipherSuites(this.m12140);
            this.m12284.notifyOfferedCompressionMethods(this.m12141);
            if (Arrays.contains(this.m12140, 255)) {
                this.m12167 = true;
            }
            byte[] extensionData = TlsUtils.getExtensionData(this.m12164, m12263);
            if (extensionData != null) {
                this.m12167 = true;
                if (!Arrays.constantTimeAreEqual(extensionData, TlsUtils.encodeOpaque8(TlsUtils.EMPTY_BYTES))) {
                    throw new TlsFatalAlert((short) 40);
                }
            }
            this.m12284.notifySecureRenegotiation(this.m12167);
            if (this.m12164 != null) {
                TlsExtensionsUtils.getPaddingExtension(this.m12164);
                this.m12284.processClientExtensions(this.m12164);
            }
            this.m12272 = (short) 1;
            TlsProtocol.z1 z1Var = new TlsProtocol.z1(this, (short) 2);
            ProtocolVersion serverVersion = this.m12284.getServerVersion();
            if (!serverVersion.isEqualOrEarlierVersionOf(this.m12285.getClientVersion())) {
                throw new TlsFatalAlert((short) 80);
            }
            this.m12267.m1(serverVersion);
            this.m12267.m2(serverVersion);
            this.m12267.m1(true);
            this.m12285.m2(serverVersion);
            TlsUtils.writeVersion(serverVersion, z1Var);
            z1Var.write(this.m12270.m12210);
            TlsUtils.writeOpaque8(TlsUtils.EMPTY_BYTES, z1Var);
            int selectedCipherSuite = this.m12284.getSelectedCipherSuite();
            if (!Arrays.contains(this.m12140, selectedCipherSuite) || selectedCipherSuite == 0 || CipherSuite.isSCSV(selectedCipherSuite) || !TlsUtils.isValidCipherSuiteForVersion(selectedCipherSuite, this.m12285.getServerVersion())) {
                throw new TlsFatalAlert((short) 80);
            }
            this.m12270.m12204 = selectedCipherSuite;
            short selectedCompressionMethod = this.m12284.getSelectedCompressionMethod();
            if (!Arrays.contains(this.m12141, selectedCompressionMethod)) {
                throw new TlsFatalAlert((short) 80);
            }
            this.m12270.m12205 = selectedCompressionMethod;
            TlsUtils.writeUint16(selectedCipherSuite, z1Var);
            TlsUtils.writeUint8(selectedCompressionMethod, (OutputStream) z1Var);
            this.m12146 = this.m12284.getServerExtensions();
            if (this.m12167) {
                if (TlsUtils.getExtensionData(this.m12146, m12263) == null) {
                    this.m12146 = TlsExtensionsUtils.ensureExtensionsInitialised(this.m12146);
                    this.m12146.put(m12263, TlsUtils.encodeOpaque8(TlsUtils.EMPTY_BYTES));
                }
            }
            if (this.m12270.m12215) {
                this.m12146 = TlsExtensionsUtils.ensureExtensionsInitialised(this.m12146);
                TlsExtensionsUtils.addExtendedMasterSecretExtension(this.m12146);
            }
            if (this.m12146 != null) {
                this.m12270.m12214 = TlsExtensionsUtils.hasEncryptThenMACExtension(this.m12146);
                this.m12270.m12212 = m1(this.m12164, this.m12146, (short) 80);
                this.m12270.m12213 = TlsExtensionsUtils.hasTruncatedHMacExtension(this.m12146);
                this.m12168 = !this.m12166 && TlsUtils.hasExpectedEmptyExtensionData(this.m12146, TlsExtensionsUtils.EXT_status_request, (short) 80);
                this.m12169 = !this.m12166 && TlsUtils.hasExpectedEmptyExtensionData(this.m12146, TlsProtocol.m12264, (short) 80);
                m1(z1Var, this.m12146);
            }
            this.m12270.m12206 = m1(this.m12285, this.m12270.getCipherSuite());
            this.m12270.m12207 = 12;
            m3117();
            z1Var.m1();
            this.m12272 = (short) 2;
            this.m12267.m7();
            Vector serverSupplementalData = this.m12284.getServerSupplementalData();
            if (serverSupplementalData != null) {
                m8(serverSupplementalData);
            }
            this.m12272 = (short) 3;
            this.m12170 = this.m12284.getKeyExchange();
            this.m12170.init(this.m12285);
            this.m12177 = this.m12284.getCredentials();
            TlsCredentials tlsCredentials = this.m12177;
            if (tlsCredentials == null) {
                this.m12170.skipServerCredentials();
            } else {
                this.m12170.processServerCredentials(tlsCredentials);
                certificate = this.m12177.getCertificate();
                m2(certificate);
            }
            this.m12272 = (short) 4;
            if (certificate == null || certificate.isEmpty()) {
                this.m12168 = false;
            }
            if (this.m12168 && (certificateStatus = this.m12284.getCertificateStatus()) != null) {
                TlsProtocol.z1 z1Var2 = new TlsProtocol.z1(this, (short) 22);
                certificateStatus.encode(z1Var2);
                z1Var2.m1();
            }
            this.m12272 = (short) 5;
            byte[] generateServerKeyExchange = this.m12170.generateServerKeyExchange();
            if (generateServerKeyExchange != null) {
                TlsProtocol.z1 z1Var3 = new TlsProtocol.z1((short) 12, generateServerKeyExchange.length);
                z1Var3.write(generateServerKeyExchange);
                z1Var3.m1();
            }
            this.m12272 = (short) 6;
            if (this.m12177 != null) {
                this.m12172 = this.m12284.getCertificateRequest();
                if (this.m12172 != null) {
                    if (TlsUtils.isTLSv12(this.m12285) != (this.m12172.getSupportedSignatureAlgorithms() != null)) {
                        throw new TlsFatalAlert((short) 80);
                    }
                    this.m12170.validateCertificateRequest(this.m12172);
                    CertificateRequest certificateRequest = this.m12172;
                    TlsProtocol.z1 z1Var4 = new TlsProtocol.z1(this, (short) 13);
                    certificateRequest.encode(z1Var4);
                    z1Var4.m1();
                    TlsUtils.m1(this.m12267.m3128(), this.m12172.getSupportedSignatureAlgorithms());
                }
            }
            this.m12272 = (short) 7;
            byte[] bArr = new byte[4];
            TlsUtils.writeUint8((short) 14, bArr, 0);
            TlsUtils.writeUint24(0, bArr, 1);
            m25(bArr, 0, 4);
            this.m12272 = (short) 8;
            this.m12267.m3128().sealHashAlgorithms();
            return;
        }
        if (s == 11) {
            short s3 = this.m12272;
            if (s3 == 8) {
                this.m12284.processClientSupplementalData(null);
            } else if (s3 != 9) {
                throw new TlsFatalAlert((short) 10);
            }
            if (this.m12172 == null) {
                throw new TlsFatalAlert((short) 10);
            }
            Certificate parse = Certificate.parse(byteArrayInputStream);
            m2(byteArrayInputStream);
            notifyClientCertificate(parse);
            this.m12272 = (short) 10;
            return;
        }
        if (s == 20) {
            short s4 = this.m12272;
            if (s4 != 11) {
                if (s4 != 12) {
                    throw new TlsFatalAlert((short) 10);
                }
            } else if (m3126()) {
                throw new TlsFatalAlert((short) 10);
            }
            m1(byteArrayInputStream);
            this.m12272 = (short) 13;
            if (this.m12169) {
                NewSessionTicket newSessionTicket = this.m12284.getNewSessionTicket();
                if (newSessionTicket == null) {
                    throw new TlsFatalAlert((short) 80);
                }
                TlsProtocol.z1 z1Var5 = new TlsProtocol.z1(this, (short) 4);
                newSessionTicket.encode(z1Var5);
                z1Var5.m1();
            }
            this.m12272 = (short) 14;
            m3123();
            m3124();
            this.m12272 = (short) 15;
            m3119();
            return;
        }
        if (s == 23) {
            if (this.m12272 != 8) {
                throw new TlsFatalAlert((short) 10);
            }
            this.m12284.processClientSupplementalData(m4(byteArrayInputStream));
            this.m12272 = (short) 9;
            return;
        }
        if (s == 15) {
            if (this.m12272 != 11) {
                throw new TlsFatalAlert((short) 10);
            }
            if (!m3126()) {
                throw new TlsFatalAlert((short) 10);
            }
            if (this.m12172 == null) {
                throw new IllegalStateException();
            }
            DigitallySigned parse2 = DigitallySigned.parse(this.m12285, byteArrayInputStream);
            m2(byteArrayInputStream);
            try {
                SignatureAndHashAlgorithm algorithm = parse2.getAlgorithm();
                if (TlsUtils.isTLSv12(this.m12285)) {
                    TlsUtils.verifySupportedSignatureAlgorithm(this.m12172.getSupportedSignatureAlgorithms(), algorithm);
                    sessionHash = this.m12286.getFinalHash(algorithm.getHash());
                } else {
                    sessionHash = this.m12270.getSessionHash();
                }
                AsymmetricKeyParameter createKey = PublicKeyFactory.createKey(this.m12271.getCertificateAt(0).getSubjectPublicKeyInfo());
                TlsSigner createTlsSigner = TlsUtils.createTlsSigner(this.m12178);
                createTlsSigner.init(this.m12285);
                if (!createTlsSigner.verifyRawSignature(algorithm, parse2.getSignature(), createKey, sessionHash)) {
                    throw new TlsFatalAlert((short) 51);
                }
                this.m12272 = (short) 12;
                return;
            } catch (TlsFatalAlert e) {
                throw e;
            } catch (Exception e2) {
                throw new TlsFatalAlert((short) 51, e2);
            }
        }
        if (s != 16) {
            throw new TlsFatalAlert((short) 10);
        }
        switch (this.m12272) {
            case 8:
                this.m12284.processClientSupplementalData(null);
            case 9:
                if (this.m12172 == null) {
                    this.m12170.skipClientCredentials();
                } else {
                    if (TlsUtils.isTLSv12(this.m12285)) {
                        throw new TlsFatalAlert((short) 10);
                    }
                    if (!TlsUtils.isSSL(this.m12285)) {
                        notifyClientCertificate(Certificate.EMPTY_CHAIN);
                    } else if (this.m12271 == null) {
                        throw new TlsFatalAlert((short) 10);
                    }
                }
            case 10:
                this.m12170.processClientKeyExchange(byteArrayInputStream);
                m2(byteArrayInputStream);
                if (TlsUtils.isSSL(this.m12285)) {
                    m1(this.m12285, this.m12170);
                }
                this.m12286 = this.m12267.m3130();
                this.m12270.m12211 = m1(this.m12285, this.m12286, (byte[]) null);
                if (!TlsUtils.isSSL(this.m12285)) {
                    m1(this.m12285, this.m12170);
                }
                this.m12267.m1(this.m12284.getCompression(), this.m12284.getCipher());
                this.m12272 = (short) 11;
                return;
            default:
                throw new TlsFatalAlert((short) 10);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    /* JADX WARN: Code restructure failed: missing block: B:12:0x001e, code lost:
    
        if (r3 == 9) goto L15;
     */
    @Override // com.aspose.pdf.internal.imaging.internal.bouncycastle.crypto.tls.TlsProtocol
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public final void m105(short r3) throws java.io.IOException {
        /*
            r2 = this;
            super.m105(r3)
            r0 = 41
            if (r3 == r0) goto L8
            return
        L8:
            com.aspose.pdf.internal.imaging.internal.bouncycastle.crypto.tls.z10 r3 = r2.m12285
            boolean r3 = com.aspose.pdf.internal.imaging.internal.bouncycastle.crypto.tls.TlsUtils.isSSL(r3)
            r0 = 10
            if (r3 == 0) goto L2f
            com.aspose.pdf.internal.imaging.internal.bouncycastle.crypto.tls.CertificateRequest r3 = r2.m12172
            if (r3 == 0) goto L2f
            short r3 = r2.m12272
            r1 = 8
            if (r3 == r1) goto L21
            r1 = 9
            if (r3 != r1) goto L2f
            goto L27
        L21:
            com.aspose.pdf.internal.imaging.internal.bouncycastle.crypto.tls.TlsServer r3 = r2.m12284
            r1 = 0
            r3.processClientSupplementalData(r1)
        L27:
            com.aspose.pdf.internal.imaging.internal.bouncycastle.crypto.tls.Certificate r3 = com.aspose.pdf.internal.imaging.internal.bouncycastle.crypto.tls.Certificate.EMPTY_CHAIN
            r2.notifyClientCertificate(r3)
            r2.m12272 = r0
            return
        L2f:
            com.aspose.pdf.internal.imaging.internal.bouncycastle.crypto.tls.TlsFatalAlert r3 = new com.aspose.pdf.internal.imaging.internal.bouncycastle.crypto.tls.TlsFatalAlert
            r3.<init>(r0)
            throw r3
        */
        throw new UnsupportedOperationException("Method not decompiled: com.aspose.pdf.internal.imaging.internal.bouncycastle.crypto.tls.TlsServerProtocol.m105(short):void");
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // com.aspose.pdf.internal.imaging.internal.bouncycastle.crypto.tls.TlsProtocol
    public final void m3111() {
        super.m3111();
        this.m12170 = null;
        this.m12177 = null;
        this.m12172 = null;
        this.m12286 = null;
    }

    @Override // com.aspose.pdf.internal.imaging.internal.bouncycastle.crypto.tls.TlsProtocol
    protected final TlsContext m3112() {
        return this.m12285;
    }

    @Override // com.aspose.pdf.internal.imaging.internal.bouncycastle.crypto.tls.TlsProtocol
    final z1 m3113() {
        return this.m12285;
    }

    @Override // com.aspose.pdf.internal.imaging.internal.bouncycastle.crypto.tls.TlsProtocol
    protected final TlsPeer m3114() {
        return this.m12284;
    }
}
