package org.bouncycastle.tls;

import defpackage.c21;
import defpackage.h32;
import defpackage.u0;
import defpackage.zp2;
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.InputStream;
import java.io.OutputStream;
import java.util.Hashtable;
import java.util.Vector;
import org.bouncycastle.tls.Certificate;
import org.bouncycastle.tls.crypto.TlsAgreement;
import org.bouncycastle.tls.crypto.TlsCertificate;
import org.bouncycastle.tls.crypto.TlsCrypto;
import org.bouncycastle.tls.crypto.TlsDHConfig;
import org.bouncycastle.tls.crypto.TlsECConfig;
import org.bouncycastle.tls.crypto.TlsSecret;
import org.bouncycastle.util.Arrays;

/* loaded from: classes5.dex */
public class TlsServerProtocol extends TlsProtocol {
    protected CertificateRequest certificateRequest;
    protected TlsKeyExchange keyExchange;
    protected int[] offeredCipherSuites;
    public zp2 r;
    protected TlsServer tlsServer;

    public TlsServerProtocol() {
        this.tlsServer = null;
        this.r = null;
        this.offeredCipherSuites = null;
        this.keyExchange = null;
        this.certificateRequest = null;
    }

    public TlsServerProtocol(InputStream inputStream, OutputStream outputStream) {
        super(inputStream, outputStream);
        this.tlsServer = null;
        this.r = null;
        this.offeredCipherSuites = null;
        this.keyExchange = null;
        this.certificateRequest = null;
    }

    @Override // org.bouncycastle.tls.TlsProtocol
    public final u0 a() {
        return this.r;
    }

    public void accept(TlsServer tlsServer) {
        if (tlsServer == null) {
            throw new IllegalArgumentException("'tlsServer' cannot be null");
        }
        if (this.tlsServer != null) {
            throw new IllegalStateException("'accept' can only be called once");
        }
        this.tlsServer = tlsServer;
        zp2 zp2Var = new zp2(tlsServer.getCrypto());
        this.r = zp2Var;
        tlsServer.init(zp2Var);
        tlsServer.notifyCloseHandle(this);
        beginHandshake();
        if (this.blocking) {
            blockForHandshake();
        }
    }

    @Override // org.bouncycastle.tls.TlsProtocol
    public void cleanupHandshake() {
        super.cleanupHandshake();
        this.offeredCipherSuites = null;
        this.keyExchange = null;
        this.certificateRequest = null;
    }

    public boolean expectCertificateVerifyMessage() {
        Certificate peerCertificate;
        if (this.certificateRequest == null || (peerCertificate = this.r.getSecurityParametersHandshake().getPeerCertificate()) == null || peerCertificate.isEmpty()) {
            return false;
        }
        TlsKeyExchange tlsKeyExchange = this.keyExchange;
        return tlsKeyExchange == null || tlsKeyExchange.requiresCertificateVerify();
    }

    public ServerHello generate13HelloRetryRequest(ClientHello clientHello) {
        if (this.retryGroup < 0) {
            throw new TlsFatalAlert((short) 80);
        }
        SecurityParameters securityParametersHandshake = this.r.getSecurityParametersHandshake();
        ProtocolVersion negotiatedVersion = securityParametersHandshake.getNegotiatedVersion();
        Hashtable hashtable = new Hashtable();
        TlsExtensionsUtils.addSupportedVersionsExtensionServer(hashtable, negotiatedVersion);
        int i = this.retryGroup;
        if (i >= 0) {
            TlsExtensionsUtils.addKeyShareHelloRetryRequest(hashtable, i);
        }
        byte[] bArr = this.retryCookie;
        if (bArr != null) {
            TlsExtensionsUtils.addCookieExtension(hashtable, bArr);
        }
        TlsUtils.h(hashtable, 6, (short) 80);
        return new ServerHello(clientHello.getSessionID(), securityParametersHandshake.getCipherSuite(), hashtable);
    }

    public ServerHello generate13ServerHello(ClientHello clientHello, boolean z) {
        int i;
        TlsAgreement createDH;
        KeyShareEntry keyShareEntry;
        SecurityParameters securityParametersHandshake = this.r.getSecurityParametersHandshake();
        byte[] sessionID = clientHello.getSessionID();
        Hashtable extensions = clientHello.getExtensions();
        if (extensions == null) {
            throw new TlsFatalAlert(AlertDescription.missing_extension);
        }
        ProtocolVersion negotiatedVersion = securityParametersHandshake.getNegotiatedVersion();
        TlsCrypto tlsCrypto = this.r.a;
        Vector keyShareClientHello = TlsExtensionsUtils.getKeyShareClientHello(extensions);
        KeyShareEntry keyShareEntry2 = null;
        if (!z) {
            this.clientExtensions = extensions;
            securityParametersHandshake.b = false;
            TlsExtensionsUtils.getPaddingExtension(extensions);
            securityParametersHandshake.G = TlsExtensionsUtils.getServerNameExtensionClient(extensions);
            TlsUtils.m(securityParametersHandshake, extensions);
            if (securityParametersHandshake.getClientSigAlgs() == null) {
                throw new TlsFatalAlert(AlertDescription.missing_extension);
            }
            this.tlsServer.processClientExtensions(extensions);
            TlsSession importSession = TlsUtils.importSession(TlsUtils.EMPTY_BYTES, null);
            this.tlsSession = importSession;
            this.sessionParameters = null;
            this.sessionMasterSecret = null;
            securityParametersHandshake.u = importSession.getSessionID();
            this.tlsServer.notifySession(this.tlsSession);
            TlsUtils.E(this.r);
            securityParametersHandshake.s = TlsProtocol.createRandomBlock(false, this.r);
            if (!negotiatedVersion.equals(ProtocolVersion.getLatestTLS(this.tlsServer.getProtocolVersions()))) {
                TlsUtils.R(negotiatedVersion, securityParametersHandshake.getServerRandom());
            }
            int selectedCipherSuite = this.tlsServer.getSelectedCipherSuite();
            if (!TlsUtils.z(selectedCipherSuite, this.offeredCipherSuites) || !TlsUtils.isValidVersionForCipherSuite(selectedCipherSuite, negotiatedVersion)) {
                throw new TlsFatalAlert((short) 80);
            }
            TlsUtils.B(securityParametersHandshake, selectedCipherSuite);
            int[] clientSupportedGroups = securityParametersHandshake.getClientSupportedGroups();
            int[] serverSupportedGroups = securityParametersHandshake.getServerSupportedGroups();
            if (keyShareClientHello != null && !TlsUtils.isNullOrEmpty(clientSupportedGroups) && !TlsUtils.isNullOrEmpty(serverSupportedGroups)) {
                for (int i2 = 0; i2 < keyShareClientHello.size(); i2++) {
                    KeyShareEntry keyShareEntry3 = (KeyShareEntry) keyShareClientHello.elementAt(i2);
                    int namedGroup = keyShareEntry3.getNamedGroup();
                    if (NamedGroup.canBeNegotiated(namedGroup, negotiatedVersion) && Arrays.contains(serverSupportedGroups, namedGroup) && Arrays.contains(clientSupportedGroups, namedGroup) && tlsCrypto.hasNamedGroup(namedGroup) && ((!NamedGroup.refersToASpecificCurve(namedGroup) || tlsCrypto.hasECDHAgreement()) && (!NamedGroup.refersToASpecificFiniteField(namedGroup) || tlsCrypto.hasDHAgreement()))) {
                        keyShareEntry2 = keyShareEntry3;
                        break;
                    }
                }
            }
            if (keyShareEntry2 == null) {
                if (!TlsUtils.isNullOrEmpty(clientSupportedGroups) && !TlsUtils.isNullOrEmpty(serverSupportedGroups)) {
                    for (int i3 = 0; i3 < clientSupportedGroups.length; i3++) {
                        i = clientSupportedGroups[i3];
                        if (NamedGroup.canBeNegotiated(i, negotiatedVersion) && Arrays.contains(serverSupportedGroups, i) && tlsCrypto.hasNamedGroup(i) && ((!NamedGroup.refersToASpecificCurve(i) || tlsCrypto.hasECDHAgreement()) && (!NamedGroup.refersToASpecificFiniteField(i) || tlsCrypto.hasDHAgreement()))) {
                            break;
                        }
                    }
                }
                i = -1;
                this.retryGroup = i;
                if (i < 0) {
                    throw new TlsFatalAlert((short) 40);
                }
                this.retryCookie = this.r.c.generateNonce(16);
                return generate13HelloRetryRequest(clientHello);
            }
            keyShareEntry2.getNamedGroup();
            int i4 = serverSupportedGroups[0];
        } else {
            if (this.retryGroup < 0) {
                throw new TlsFatalAlert((short) 80);
            }
            if (!Arrays.areEqual(this.retryCookie, TlsExtensionsUtils.getCookieExtension(extensions))) {
                throw new TlsFatalAlert((short) 47);
            }
            this.retryCookie = null;
            int i5 = this.retryGroup;
            byte[] bArr = TlsUtils.a;
            if (keyShareClientHello != null && 1 == keyShareClientHello.size() && (keyShareEntry = (KeyShareEntry) keyShareClientHello.elementAt(0)) != null && keyShareEntry.getNamedGroup() == i5) {
                keyShareEntry2 = keyShareEntry;
            }
            if (keyShareEntry2 == null) {
                throw new TlsFatalAlert((short) 47);
            }
        }
        Hashtable hashtable = new Hashtable();
        Hashtable ensureExtensionsInitialised = TlsExtensionsUtils.ensureExtensionsInitialised(this.tlsServer.getServerExtensions());
        this.tlsServer.getServerExtensionsForConnection(ensureExtensionsInitialised);
        ProtocolVersion protocolVersion = ProtocolVersion.TLSv12;
        TlsExtensionsUtils.addSupportedVersionsExtensionServer(hashtable, negotiatedVersion);
        securityParametersHandshake.A = true;
        securityParametersHandshake.D = TlsExtensionsUtils.getALPNExtensionServer(ensureExtensionsInitialised);
        securityParametersHandshake.E = true;
        if (!ensureExtensionsInitialised.isEmpty()) {
            securityParametersHandshake.d = processMaxFragmentLengthExtension(extensions, ensureExtensionsInitialised, (short) 80);
        }
        securityParametersHandshake.z = false;
        securityParametersHandshake.C = false;
        securityParametersHandshake.R = extensions.containsKey(TlsExtensionsUtils.EXT_status_request) ? 1 : 0;
        this.expectSessionTicket = false;
        int namedGroup2 = keyShareEntry2.getNamedGroup();
        if (NamedGroup.refersToASpecificCurve(namedGroup2)) {
            createDH = tlsCrypto.createECDomain(new TlsECConfig(namedGroup2)).createECDH();
        } else {
            if (!NamedGroup.refersToASpecificFiniteField(namedGroup2)) {
                throw new TlsFatalAlert((short) 80);
            }
            createDH = tlsCrypto.createDHDomain(new TlsDHConfig(namedGroup2, true)).createDH();
        }
        TlsExtensionsUtils.addKeyShareServerHello(hashtable, new KeyShareEntry(namedGroup2, createDH.generateEphemeral()));
        createDH.receivePeerValue(keyShareEntry2.getKeyExchange());
        securityParametersHandshake.o = createDH.calculateSecret();
        TlsUtils.l(this.r);
        this.serverExtensions = ensureExtensionsInitialised;
        applyMaxFragmentLengthExtension(securityParametersHandshake.getMaxFragmentLength());
        TlsUtils.h(hashtable, 2, (short) 80);
        return new ServerHello(protocolVersion, securityParametersHandshake.getServerRandom(), sessionID, securityParametersHandshake.getCipherSuite(), hashtable);
    }

    /* JADX WARN: Removed duplicated region for block: B:69:0x022c  */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public org.bouncycastle.tls.ServerHello generateServerHello(org.bouncycastle.tls.ClientHello r12) {
        /*
            Method dump skipped, instructions count: 686
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: org.bouncycastle.tls.TlsServerProtocol.generateServerHello(org.bouncycastle.tls.ClientHello):org.bouncycastle.tls.ServerHello");
    }

    @Override // org.bouncycastle.tls.TlsProtocol
    public TlsContext getContext() {
        return this.r;
    }

    @Override // org.bouncycastle.tls.TlsProtocol
    public TlsPeer getPeer() {
        return this.tlsServer;
    }

    public void handle13HandshakeMessage(short s, HandshakeMessageInput handshakeMessageInput) {
        if (!isTLSv13ConnectionState()) {
            throw new TlsFatalAlert((short) 80);
        }
        if (this.resumedSession) {
            throw new TlsFatalAlert((short) 80);
        }
        if (s == 1) {
            short s2 = this.connection_state;
            if (s2 == 0) {
                throw new TlsFatalAlert((short) 80);
            }
            if (s2 != 2) {
                throw new TlsFatalAlert((short) 10);
            }
            ClientHello receiveClientHelloMessage = receiveClientHelloMessage(handshakeMessageInput);
            handshakeMessageInput.updateHash(this.g);
            this.connection_state = (short) 3;
            ServerHello generate13ServerHello = generate13ServerHello(receiveClientHelloMessage, true);
            sendServerHelloMessage(generate13ServerHello);
            this.connection_state = (short) 4;
            send13ServerHelloCoda(generate13ServerHello, true);
            return;
        }
        if (s == 11) {
            if (this.connection_state != 20) {
                throw new TlsFatalAlert((short) 10);
            }
            receive13ClientCertificate(handshakeMessageInput);
            this.connection_state = (short) 15;
            return;
        }
        if (s == 15) {
            if (this.connection_state != 15) {
                throw new TlsFatalAlert((short) 10);
            }
            receive13ClientCertificateVerify(handshakeMessageInput);
            handshakeMessageInput.updateHash(this.g);
            this.connection_state = (short) 17;
            return;
        }
        if (s != 20) {
            if (s != 24) {
                throw new TlsFatalAlert((short) 10);
            }
            receive13KeyUpdate(handshakeMessageInput);
            return;
        }
        short s3 = this.connection_state;
        if (s3 != 15) {
            if (s3 != 17) {
                if (s3 != 20) {
                    throw new TlsFatalAlert((short) 10);
                }
                skip13ClientCertificate();
            }
            receive13ClientFinished(handshakeMessageInput);
            this.connection_state = (short) 18;
            h32 h32Var = this.d;
            h32Var.n = false;
            h32Var.d(false);
            completeHandshake();
        }
        skip13ClientCertificateVerify();
        receive13ClientFinished(handshakeMessageInput);
        this.connection_state = (short) 18;
        h32 h32Var2 = this.d;
        h32Var2.n = false;
        h32Var2.d(false);
        completeHandshake();
    }

    /* JADX WARN: Code restructure failed: missing block: B:10:0x0018, code lost:
    
        if (r0 != 14) goto L16;
     */
    @Override // org.bouncycastle.tls.TlsProtocol
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public void handleAlertWarningMessage(short r3) {
        /*
            r2 = this;
            r0 = 41
            if (r0 != r3) goto L2b
            org.bouncycastle.tls.CertificateRequest r0 = r2.certificateRequest
            if (r0 == 0) goto L2b
            zp2 r0 = r2.r
            boolean r0 = org.bouncycastle.tls.TlsUtils.isSSL(r0)
            if (r0 == 0) goto L2b
            short r0 = r2.connection_state
            r1 = 12
            if (r0 == r1) goto L1b
            r1 = 14
            if (r0 == r1) goto L21
            goto L2b
        L1b:
            org.bouncycastle.tls.TlsServer r3 = r2.tlsServer
            r0 = 0
            r3.processClientSupplementalData(r0)
        L21:
            org.bouncycastle.tls.Certificate r3 = org.bouncycastle.tls.Certificate.EMPTY_CHAIN
            r2.notifyClientCertificate(r3)
            r3 = 15
            r2.connection_state = r3
            return
        L2b:
            super.handleAlertWarningMessage(r3)
            return
        */
        throw new UnsupportedOperationException("Method not decompiled: org.bouncycastle.tls.TlsServerProtocol.handleAlertWarningMessage(short):void");
    }

    @Override // org.bouncycastle.tls.TlsProtocol
    public void handleHandshakeMessage(short s, HandshakeMessageInput handshakeMessageInput) {
        CertificateStatus certificateStatus;
        SecurityParameters securityParameters = this.r.getSecurityParameters();
        if (this.connection_state > 1 && TlsUtils.isTLSv13(securityParameters.getNegotiatedVersion())) {
            handle13HandshakeMessage(s, handshakeMessageInput);
            return;
        }
        if (!isLegacyConnectionState()) {
            throw new TlsFatalAlert((short) 80);
        }
        if (this.resumedSession) {
            if (s != 20 || this.connection_state != 20) {
                throw new TlsFatalAlert((short) 10);
            }
            processFinishedMessage(handshakeMessageInput);
            this.connection_state = (short) 18;
            completeHandshake();
            return;
        }
        Certificate certificate = null;
        if (s != 1) {
            if (s == 11) {
                short s2 = this.connection_state;
                if (s2 == 12) {
                    this.tlsServer.processClientSupplementalData(null);
                } else if (s2 != 14) {
                    throw new TlsFatalAlert((short) 10);
                }
                if (this.certificateRequest == null) {
                    throw new TlsFatalAlert((short) 10);
                }
                receiveCertificateMessage(handshakeMessageInput);
                this.connection_state = (short) 15;
                return;
            }
            if (s == 20) {
                short s3 = this.connection_state;
                if (s3 != 16) {
                    if (s3 != 17) {
                        throw new TlsFatalAlert((short) 10);
                    }
                } else if (expectCertificateVerifyMessage()) {
                    throw new TlsFatalAlert((short) 10);
                }
                processFinishedMessage(handshakeMessageInput);
                handshakeMessageInput.updateHash(this.g);
                this.connection_state = (short) 18;
                if (this.expectSessionTicket) {
                    sendNewSessionTicketMessage(this.tlsServer.getNewSessionTicket());
                    this.connection_state = (short) 19;
                }
                sendChangeCipherSpec();
                sendFinishedMessage();
                this.connection_state = (short) 20;
                completeHandshake();
                return;
            }
            if (s == 23) {
                if (this.connection_state != 12) {
                    throw new TlsFatalAlert((short) 10);
                }
                this.tlsServer.processClientSupplementalData(TlsProtocol.readSupplementalDataMessage(handshakeMessageInput));
                this.connection_state = (short) 14;
                return;
            }
            if (s == 15) {
                if (this.connection_state != 16) {
                    throw new TlsFatalAlert((short) 10);
                }
                if (!expectCertificateVerifyMessage()) {
                    throw new TlsFatalAlert((short) 10);
                }
                receiveCertificateVerifyMessage(handshakeMessageInput);
                handshakeMessageInput.updateHash(this.g);
                this.connection_state = (short) 17;
                return;
            }
            if (s != 16) {
                throw new TlsFatalAlert((short) 10);
            }
            short s4 = this.connection_state;
            if (s4 == 12) {
                this.tlsServer.processClientSupplementalData(null);
            } else if (s4 != 14) {
                if (s4 != 15) {
                    throw new TlsFatalAlert((short) 10);
                }
                receiveClientKeyExchangeMessage(handshakeMessageInput);
                this.connection_state = (short) 16;
                return;
            }
            if (this.certificateRequest == null) {
                this.keyExchange.skipClientCredentials();
            } else {
                if (TlsUtils.isTLSv12(this.r)) {
                    throw new TlsFatalAlert((short) 10);
                }
                if (TlsUtils.isSSL(this.r)) {
                    throw new TlsFatalAlert((short) 10);
                }
                notifyClientCertificate(Certificate.EMPTY_CHAIN);
            }
            receiveClientKeyExchangeMessage(handshakeMessageInput);
            this.connection_state = (short) 16;
            return;
        }
        if (this.l) {
            refuseRenegotiation();
            return;
        }
        short s5 = this.connection_state;
        if (s5 != 0) {
            if (s5 == 21) {
                throw new TlsFatalAlert((short) 80);
            }
            throw new TlsFatalAlert((short) 10);
        }
        ClientHello receiveClientHelloMessage = receiveClientHelloMessage(handshakeMessageInput);
        handshakeMessageInput.updateHash(this.g);
        this.connection_state = (short) 1;
        ServerHello generateServerHello = generateServerHello(receiveClientHelloMessage);
        this.g.notifyPRFDetermined();
        if (TlsUtils.isTLSv13(securityParameters.getNegotiatedVersion())) {
            if (generateServerHello.isHelloRetryRequest()) {
                TlsUtils.c(this.g);
                sendServerHelloMessage(generateServerHello);
                this.connection_state = (short) 2;
                sendChangeCipherSpecMessage();
                return;
            }
            sendServerHelloMessage(generateServerHello);
            this.connection_state = (short) 4;
            sendChangeCipherSpecMessage();
            send13ServerHelloCoda(generateServerHello, false);
            return;
        }
        sendServerHelloMessage(generateServerHello);
        this.connection_state = (short) 4;
        if (this.resumedSession) {
            securityParameters.n = this.sessionMasterSecret;
            this.d.g = TlsUtils.v(this.r);
            sendChangeCipherSpec();
            sendFinishedMessage();
            this.connection_state = (short) 20;
            return;
        }
        Vector serverSupplementalData = this.tlsServer.getServerSupplementalData();
        if (serverSupplementalData != null) {
            sendSupplementalDataMessage(serverSupplementalData);
            this.connection_state = (short) 6;
        }
        this.keyExchange = TlsUtils.x(this.r, this.tlsServer);
        TlsCredentials credentials = this.tlsServer.getCredentials();
        if (credentials != null && (credentials instanceof TlsCredentialedAgreement ? 1 : 0) + 0 + (credentials instanceof TlsCredentialedDecryptor ? 1 : 0) + (credentials instanceof TlsCredentialedSigner ? 1 : 0) != 1) {
            throw new TlsFatalAlert((short) 80);
        }
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        TlsKeyExchange tlsKeyExchange = this.keyExchange;
        if (credentials == null) {
            tlsKeyExchange.skipServerCredentials();
        } else {
            tlsKeyExchange.processServerCredentials(credentials);
            certificate = credentials.getCertificate();
            sendCertificateMessage(certificate, byteArrayOutputStream);
            this.connection_state = (short) 7;
        }
        securityParameters.x = byteArrayOutputStream.toByteArray();
        if (certificate == null || certificate.isEmpty()) {
            securityParameters.R = 0;
        }
        if (securityParameters.getStatusRequestVersion() > 0 && (certificateStatus = this.tlsServer.getCertificateStatus()) != null) {
            sendCertificateStatusMessage(certificateStatus);
            this.connection_state = (short) 8;
        }
        byte[] generateServerKeyExchange = this.keyExchange.generateServerKeyExchange();
        if (generateServerKeyExchange != null) {
            sendServerKeyExchangeMessage(generateServerKeyExchange);
            this.connection_state = (short) 10;
        }
        if (credentials != null) {
            CertificateRequest certificateRequest = this.tlsServer.getCertificateRequest();
            this.certificateRequest = certificateRequest;
            if (certificateRequest != null) {
                if (TlsUtils.isTLSv12(this.r) != (this.certificateRequest.getSupportedSignatureAlgorithms() != null)) {
                    throw new TlsFatalAlert((short) 80);
                }
                CertificateRequest N = TlsUtils.N(this.certificateRequest, this.keyExchange);
                this.certificateRequest = N;
                TlsUtils.n(securityParameters, N);
                TlsUtils.L(this.g, securityParameters.getServerSigAlgs());
                sendCertificateRequestMessage(this.certificateRequest);
                this.connection_state = (short) 11;
            } else if (!this.keyExchange.requiresCertificateVerify()) {
                throw new TlsFatalAlert((short) 80);
            }
        }
        sendServerHelloDoneMessage();
        this.connection_state = (short) 12;
        TlsUtils.K(this.r, this.g, false);
    }

    public void notifyClientCertificate(Certificate certificate) {
        if (this.certificateRequest == null) {
            throw new TlsFatalAlert((short) 80);
        }
        TlsUtils.F(this.r, certificate, this.keyExchange, this.tlsServer);
    }

    public void receive13ClientCertificate(ByteArrayInputStream byteArrayInputStream) {
        Certificate parse = Certificate.parse(new Certificate.ParseOptions().setMaxChainLength(this.tlsServer.getMaxCertificateChainLength()), this.r, byteArrayInputStream, null);
        TlsProtocol.assertEmpty(byteArrayInputStream);
        notifyClientCertificate(parse);
    }

    public void receive13ClientCertificateVerify(ByteArrayInputStream byteArrayInputStream) {
        Certificate peerCertificate = this.r.getSecurityParametersHandshake().getPeerCertificate();
        if (peerCertificate == null || peerCertificate.isEmpty()) {
            throw new TlsFatalAlert((short) 80);
        }
        DigitallySigned parse = DigitallySigned.parse(this.r, byteArrayInputStream);
        TlsProtocol.assertEmpty(byteArrayInputStream);
        zp2 zp2Var = this.r;
        TlsHandshakeHash tlsHandshakeHash = this.g;
        byte[] bArr = TlsUtils.a;
        SecurityParameters securityParametersHandshake = zp2Var.getSecurityParametersHandshake();
        TlsCertificate certificateAt = securityParametersHandshake.getPeerCertificate().getCertificateAt(0);
        SignatureAndHashAlgorithm algorithm = parse.getAlgorithm();
        TlsUtils.verifySupportedSignatureAlgorithm(securityParametersHandshake.getServerSigAlgs(), algorithm);
        try {
            if (!TlsUtils.O(zp2Var.getCrypto(), parse, certificateAt.createVerifier(SignatureScheme.from(algorithm)), "TLS 1.3, client CertificateVerify", tlsHandshakeHash)) {
                throw new TlsFatalAlert((short) 51);
            }
        } catch (TlsFatalAlert e) {
            throw e;
        } catch (Exception e2) {
            throw new TlsFatalAlert((short) 51, (Throwable) e2);
        }
    }

    public void receive13ClientFinished(ByteArrayInputStream byteArrayInputStream) {
        process13FinishedMessage(byteArrayInputStream);
    }

    public void receiveCertificateMessage(ByteArrayInputStream byteArrayInputStream) {
        Certificate parse = Certificate.parse(new Certificate.ParseOptions().setMaxChainLength(this.tlsServer.getMaxCertificateChainLength()), this.r, byteArrayInputStream, null);
        TlsProtocol.assertEmpty(byteArrayInputStream);
        notifyClientCertificate(parse);
    }

    public void receiveCertificateVerifyMessage(ByteArrayInputStream byteArrayInputStream) {
        DigitallySigned parse = DigitallySigned.parse(this.r, byteArrayInputStream);
        TlsProtocol.assertEmpty(byteArrayInputStream);
        TlsUtils.P(this.r, this.certificateRequest, parse, this.g);
        this.g = this.g.stopTracking();
    }

    public ClientHello receiveClientHelloMessage(ByteArrayInputStream byteArrayInputStream) {
        return ClientHello.parse(byteArrayInputStream, null);
    }

    public void receiveClientKeyExchangeMessage(ByteArrayInputStream byteArrayInputStream) {
        this.keyExchange.processClientKeyExchange(byteArrayInputStream);
        TlsProtocol.assertEmpty(byteArrayInputStream);
        boolean isSSL = TlsUtils.isSSL(this.r);
        if (isSSL) {
            TlsProtocol.establishMasterSecret(this.r, this.keyExchange);
        }
        this.r.getSecurityParametersHandshake().t = TlsUtils.t(this.g);
        if (!isSSL) {
            TlsProtocol.establishMasterSecret(this.r, this.keyExchange);
        }
        this.d.g = TlsUtils.v(this.r);
        if (expectCertificateVerifyMessage()) {
            return;
        }
        this.g = this.g.stopTracking();
    }

    public void send13EncryptedExtensionsMessage(Hashtable hashtable) {
        byte[] writeExtensionsData = TlsProtocol.writeExtensionsData(hashtable);
        c21 c21Var = new c21((short) 8);
        TlsUtils.writeOpaque16(writeExtensionsData, c21Var);
        c21Var.a(this);
    }

    public void send13ServerHelloCoda(ServerHello serverHello, boolean z) {
        TlsCredentialedSigner tlsCredentialedSigner;
        SecurityParameters securityParametersHandshake = this.r.getSecurityParametersHandshake();
        byte[] t = TlsUtils.t(this.g);
        zp2 zp2Var = this.r;
        h32 h32Var = this.d;
        TlsUtils.k(zp2Var, t, h32Var);
        h32Var.e();
        h32Var.d(true);
        send13EncryptedExtensionsMessage(this.serverExtensions);
        this.connection_state = (short) 5;
        CertificateRequest certificateRequest = this.tlsServer.getCertificateRequest();
        this.certificateRequest = certificateRequest;
        if (certificateRequest != null) {
            if (!certificateRequest.hasCertificateRequestContext(TlsUtils.EMPTY_BYTES)) {
                throw new TlsFatalAlert((short) 80);
            }
            TlsUtils.n(securityParametersHandshake, this.certificateRequest);
            sendCertificateRequestMessage(this.certificateRequest);
            this.connection_state = (short) 11;
        }
        TlsCredentials credentials = this.tlsServer.getCredentials();
        if (credentials == null) {
            tlsCredentialedSigner = null;
        } else {
            if (!(credentials instanceof TlsCredentialedSigner)) {
                throw new TlsFatalAlert((short) 80);
            }
            tlsCredentialedSigner = (TlsCredentialedSigner) credentials;
        }
        if (tlsCredentialedSigner == null) {
            throw new TlsFatalAlert((short) 80);
        }
        send13CertificateMessage(tlsCredentialedSigner.getCertificate());
        securityParametersHandshake.x = null;
        this.connection_state = (short) 7;
        send13CertificateVerifyMessage(TlsUtils.o(this.r, tlsCredentialedSigner, this.g));
        this.connection_state = (short) 17;
        send13FinishedMessage();
        this.connection_state = (short) 20;
        byte[] t2 = TlsUtils.t(this.g);
        zp2 zp2Var2 = this.r;
        SecurityParameters securityParametersHandshake2 = zp2Var2.getSecurityParametersHandshake();
        TlsSecret masterSecret = securityParametersHandshake2.getMasterSecret();
        SecurityParameters securityParametersHandshake3 = zp2Var2.getSecurityParametersHandshake();
        securityParametersHandshake3.p = TlsUtils.j(securityParametersHandshake3, masterSecret, "c ap traffic", t2);
        securityParametersHandshake3.q = TlsUtils.j(securityParametersHandshake3, masterSecret, "s ap traffic", t2);
        h32Var.g = TlsUtils.v(zp2Var2);
        securityParametersHandshake2.l = TlsUtils.j(securityParametersHandshake2, masterSecret, "exp master", t2);
        h32Var.e();
    }

    public void sendCertificateRequestMessage(CertificateRequest certificateRequest) {
        c21 c21Var = new c21((short) 13);
        certificateRequest.encode(this.r, c21Var);
        c21Var.a(this);
    }

    public void sendCertificateStatusMessage(CertificateStatus certificateStatus) {
        c21 c21Var = new c21((short) 22);
        certificateStatus.encode(c21Var);
        c21Var.a(this);
    }

    public void sendHelloRequestMessage() {
        c21.b(this, (short) 0, TlsUtils.EMPTY_BYTES);
    }

    public void sendNewSessionTicketMessage(NewSessionTicket newSessionTicket) {
        if (newSessionTicket == null) {
            throw new TlsFatalAlert((short) 80);
        }
        c21 c21Var = new c21((short) 4);
        newSessionTicket.encode(c21Var);
        c21Var.a(this);
    }

    public void sendServerHelloDoneMessage() {
        c21.b(this, (short) 14, TlsUtils.EMPTY_BYTES);
    }

    public void sendServerHelloMessage(ServerHello serverHello) {
        c21 c21Var = new c21((short) 2);
        serverHello.encode(this.r, c21Var);
        c21Var.a(this);
    }

    public void sendServerKeyExchangeMessage(byte[] bArr) {
        c21.b(this, (short) 12, bArr);
    }

    public void skip13ClientCertificate() {
        if (this.certificateRequest != null) {
            throw new TlsFatalAlert((short) 10);
        }
    }

    public void skip13ClientCertificateVerify() {
        if (expectCertificateVerifyMessage()) {
            throw new TlsFatalAlert((short) 10);
        }
    }
}
