package defpackage;

import defpackage.io1;
import defpackage.q02;
import defpackage.zd2;
import java.security.Principal;
import java.util.ArrayList;
import java.util.Collections;
import java.util.HashSet;
import java.util.Hashtable;
import java.util.Iterator;
import java.util.LinkedHashMap;
import java.util.List;
import java.util.Map;
import java.util.Set;
import java.util.Vector;
import java.util.logging.Level;
import java.util.logging.Logger;
import org.bouncycastle.asn1.x500.X500Name;
import org.bouncycastle.jsse.BCSNIServerName;
import org.bouncycastle.jsse.BCX509Key;
import org.bouncycastle.jsse.java.security.BCAlgorithmConstraints;
import org.bouncycastle.tls.AlertDescription;
import org.bouncycastle.tls.CertificateRequest;
import org.bouncycastle.tls.CertificateStatus;
import org.bouncycastle.tls.DefaultTlsServer;
import org.bouncycastle.tls.ProtocolName;
import org.bouncycastle.tls.ProtocolVersion;
import org.bouncycastle.tls.SecurityParameters;
import org.bouncycastle.tls.SessionID;
import org.bouncycastle.tls.SessionParameters;
import org.bouncycastle.tls.SignatureAndHashAlgorithm;
import org.bouncycastle.tls.SignatureScheme;
import org.bouncycastle.tls.TlsCredentials;
import org.bouncycastle.tls.TlsExtensionsUtils;
import org.bouncycastle.tls.TlsFatalAlert;
import org.bouncycastle.tls.TlsSession;
import org.bouncycastle.tls.TlsUtils;
import org.bouncycastle.tls.crypto.impl.jcajce.JcaDefaultTlsCredentialedSigner;
import org.bouncycastle.tls.crypto.impl.jcajce.JcaTlsCrypto;
import org.bouncycastle.tls.crypto.impl.jcajce.JceDefaultTlsCredentialedDecryptor;
import org.bouncycastle.util.Arrays;
import org.bouncycastle.util.encoders.Hex;

/* loaded from: classes5.dex */
public final class c12 extends DefaultTlsServer implements b12 {
    public static final Logger j = Logger.getLogger(c12.class.getName());
    public static final int k = zz1.b(2048, 1024, 8192, "jdk.tls.ephemeralDHKeySize");
    public static final boolean l;
    public static final boolean m;
    public static final boolean n;
    public final a12 b;
    public final m02 c;
    public final s91 d;
    public o02 e;
    public BCSNIServerName f;
    public HashSet g;
    public TlsCredentials h;
    public boolean i;

    /* JADX WARN: Removed duplicated region for block: B:49:0x011b  */
    /* JADX WARN: Removed duplicated region for block: B:54:0x010e A[SYNTHETIC] */
    static {
        /*
            Method dump skipped, instructions count: 321
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: defpackage.c12.<clinit>():void");
    }

    public c12(a12 a12Var, m02 m02Var) {
        super(a12Var.d().b);
        this.d = new s91();
        this.e = null;
        this.f = null;
        this.g = null;
        this.h = null;
        this.i = false;
        this.b = a12Var;
        m02 a = m02Var.a();
        if (b02.g != a.f) {
            a.f = new b02(a.f, true);
        }
        this.c = a;
    }

    @Override // defpackage.b12
    public final synchronized boolean a() {
        return this.i;
    }

    @Override // org.bouncycastle.tls.AbstractTlsServer
    public final boolean allowCertificateStatus() {
        return false;
    }

    @Override // org.bouncycastle.tls.AbstractTlsPeer, org.bouncycastle.tls.TlsPeer
    public final boolean allowLegacyResumption() {
        return u91.b;
    }

    @Override // org.bouncycastle.tls.AbstractTlsServer
    public final boolean allowMultiCertStatus() {
        return false;
    }

    @Override // org.bouncycastle.tls.AbstractTlsServer
    public final boolean allowTrustedCAIndication() {
        return this.d.g != null;
    }

    @Override // org.bouncycastle.tls.AbstractTlsPeer, org.bouncycastle.tls.TlsPeer
    /* renamed from: b, reason: merged with bridge method [inline-methods] */
    public final JcaTlsCrypto getCrypto() {
        return this.b.d().b;
    }

    public final void c(LinkedHashMap<String, zd2> linkedHashMap, String str) {
        for (Map.Entry<String, zd2> entry : linkedHashMap.entrySet()) {
            String key = entry.getKey();
            if (key.equals(str)) {
                return;
            }
            this.g.add(key);
            Level level = Level.FINER;
            Logger logger2 = j;
            if (logger2.isLoggable(level)) {
                logger2.finer("Server found no credentials for signature scheme '" + entry.getValue() + "' (keyType '" + key + "')");
            }
        }
    }

    @Override // org.bouncycastle.tls.AbstractTlsServer, org.bouncycastle.tls.TlsServer
    public final CertificateRequest getCertificateRequest() {
        m02 m02Var = this.c;
        if (!(m02Var.d || m02Var.e)) {
            return null;
        }
        d50 d = this.b.d();
        ProtocolVersion serverVersion = this.context.getServerVersion();
        s91 s91Var = this.d;
        List<zd2> a = d.a(true, m02Var, new ProtocolVersion[]{serverVersion}, s91Var.a);
        s91Var.b = a;
        s91Var.c = a;
        Vector<SignatureAndHashAlgorithm> e = zd2.e(a);
        Vector<X500Name> h = l ? u91.h(d.d) : null;
        if (!TlsUtils.isTLSv13(serverVersion)) {
            return new CertificateRequest(new short[]{64, 1, 2}, e, h);
        }
        byte[] bArr = TlsUtils.EMPTY_BYTES;
        List<zd2> list = s91Var.b;
        List<zd2> list2 = s91Var.c;
        return new CertificateRequest(bArr, e, list != list2 ? zd2.e(list2) : null, h);
    }

    @Override // org.bouncycastle.tls.AbstractTlsServer, org.bouncycastle.tls.TlsServer
    public final CertificateStatus getCertificateStatus() {
        return null;
    }

    @Override // org.bouncycastle.tls.DefaultTlsServer, org.bouncycastle.tls.TlsServer
    public final TlsCredentials getCredentials() {
        return this.h;
    }

    @Override // org.bouncycastle.tls.AbstractTlsPeer, org.bouncycastle.tls.TlsPeer
    public final int getMaxCertificateChainLength() {
        return u91.c;
    }

    @Override // org.bouncycastle.tls.AbstractTlsPeer, org.bouncycastle.tls.TlsPeer
    public final int getMaxHandshakeMessageSize() {
        return u91.d;
    }

    @Override // org.bouncycastle.tls.AbstractTlsServer
    public final int getMaximumNegotiableCurveBits() {
        Iterator<io1> it = io1.a(this.d.a).iterator();
        int i = 0;
        while (it.hasNext()) {
            i = Math.max(i, it.next().a.i);
        }
        return i;
    }

    @Override // org.bouncycastle.tls.AbstractTlsServer
    public final int getMaximumNegotiableFiniteFieldBits() {
        Iterator<io1> it = io1.a(this.d.a).iterator();
        int i = 0;
        while (it.hasNext()) {
            i = Math.max(i, it.next().a.j);
        }
        if (i >= k) {
            return i;
        }
        return 0;
    }

    @Override // org.bouncycastle.tls.AbstractTlsServer, org.bouncycastle.tls.TlsServer
    public final byte[] getNewSessionID() {
        if (!m || TlsUtils.isTLSv13(this.context)) {
            return null;
        }
        return this.context.getNonceGenerator().generateNonce(32);
    }

    @Override // org.bouncycastle.tls.AbstractTlsServer
    public final Vector<ProtocolName> getProtocolNames() {
        return u91.n((String[]) this.c.k.clone());
    }

    /* JADX WARN: Removed duplicated region for block: B:16:0x004b A[EXC_TOP_SPLITTER, SYNTHETIC] */
    @Override // org.bouncycastle.tls.AbstractTlsServer, org.bouncycastle.tls.TlsServer
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public final int getSelectedCipherSuite() {
        /*
            r9 = this;
            a12 r0 = r9.b
            d50 r0 = r0.d()
            org.bouncycastle.tls.TlsServerContext r1 = r9.context
            org.bouncycastle.tls.SecurityParameters r1 = r1.getSecurityParametersHandshake()
            int[] r2 = r1.getClientSupportedGroups()
            s91 r3 = r9.d
            io1$b r3 = r3.a
            java.util.logging.Logger r4 = defpackage.io1.d
            java.util.Map<java.lang.Integer, io1> r4 = r3.a
            boolean r5 = org.bouncycastle.tls.TlsUtils.isNullOrEmpty(r2)
            if (r5 == 0) goto L1f
            goto L42
        L1f:
            int r5 = r2.length
            java.util.ArrayList r6 = new java.util.ArrayList
            r6.<init>(r5)
            r7 = 0
        L26:
            if (r7 >= r5) goto L3c
            r8 = r2[r7]
            java.lang.Integer r8 = java.lang.Integer.valueOf(r8)
            java.lang.Object r8 = r4.get(r8)
            io1 r8 = (defpackage.io1) r8
            if (r8 == 0) goto L39
            r6.add(r8)
        L39:
            int r7 = r7 + 1
            goto L26
        L3c:
            boolean r2 = r6.isEmpty()
            if (r2 == 0) goto L47
        L42:
            java.util.List r6 = java.util.Collections.emptyList()
            goto L4a
        L47:
            r6.trimToSize()
        L4a:
            monitor-enter(r3)
            r3.c = r6     // Catch: java.lang.Throwable -> La1
            monitor-exit(r3)
            java.util.Vector r2 = r1.getClientSigAlgs()
            java.util.Vector r1 = r1.getClientSigAlgsCert()
            s91 r3 = r9.d
            java.util.List r4 = r0.c(r2)
            r3.d = r4
            s91 r3 = r9.d
            if (r2 != r1) goto L65
            java.util.List<zd2> r1 = r3.d
            goto L69
        L65:
            java.util.List r1 = r0.c(r1)
        L69:
            r3.e = r1
            hi0 r1 = defpackage.hi0.a
            org.bouncycastle.jsse.BCX509ExtendedKeyManager r0 = r0.c
            if (r1 == r0) goto L99
            java.util.HashSet r0 = new java.util.HashSet
            r0.<init>()
            r9.g = r0
            int r0 = super.getSelectedCipherSuite()
            r1 = 0
            r9.g = r1
            a12 r1 = r9.b
            d50 r1 = r1.d()
            j02 r1 = r1.a
            m02 r2 = r9.c
            java.lang.String r1 = r1.n(r2, r0)
            java.util.logging.Logger r2 = defpackage.c12.j
            java.lang.String r3 = "Server selected cipher suite: "
            java.lang.String r1 = r3.concat(r1)
            r2.fine(r1)
            return r0
        L99:
            org.bouncycastle.tls.TlsFatalAlert r0 = new org.bouncycastle.tls.TlsFatalAlert
            r1 = 40
            r0.<init>(r1)
            throw r0
        La1:
            r0 = move-exception
            monitor-exit(r3)
            throw r0
        */
        throw new UnsupportedOperationException("Method not decompiled: defpackage.c12.getSelectedCipherSuite():int");
    }

    @Override // org.bouncycastle.tls.AbstractTlsServer, org.bouncycastle.tls.TlsServer
    public final Hashtable<Integer, byte[]> getServerExtensions() {
        super.getServerExtensions();
        if (this.f != null) {
            TlsExtensionsUtils.addServerNameExtensionServer(this.serverExtensions);
        }
        return this.serverExtensions;
    }

    @Override // org.bouncycastle.tls.AbstractTlsServer, org.bouncycastle.tls.TlsServer
    public final ProtocolVersion getServerVersion() {
        ProtocolVersion serverVersion = super.getServerVersion();
        j.fine("Server selected protocol version: " + this.b.d().a.o(this.c, serverVersion));
        return serverVersion;
    }

    @Override // org.bouncycastle.tls.AbstractTlsServer, org.bouncycastle.tls.TlsServer
    public final TlsSession getSessionToResume(byte[] bArr) {
        o02 a;
        a12 a12Var = this.b;
        q02 q02Var = a12Var.d().f;
        if (m) {
            synchronized (q02Var) {
                q02Var.d();
                q02.a aVar = q02Var.a;
                SessionID sessionID = TlsUtils.isNullOrEmpty(bArr) ? null : new SessionID(bArr);
                aVar.getClass();
                a = q02Var.a(sessionID == null ? null : aVar.get(sessionID));
            }
            if (a != null) {
                TlsSession tlsSession = a.j;
                boolean z = false;
                if (tlsSession != null && tlsSession.isResumable()) {
                    SecurityParameters securityParametersHandshake = this.context.getSecurityParametersHandshake();
                    SessionParameters exportSessionParameters = tlsSession.exportSessionParameters();
                    if (exportSessionParameters != null && securityParametersHandshake.getNegotiatedVersion().equals(exportSessionParameters.getNegotiatedVersion()) && Arrays.contains(getCipherSuites(), exportSessionParameters.getCipherSuite()) && Arrays.contains(this.offeredCipherSuites, exportSessionParameters.getCipherSuite()) && exportSessionParameters.isExtendedMasterSecret() && !TlsUtils.isTLSv13(exportSessionParameters.getNegotiatedVersion())) {
                        BCSNIServerName bCSNIServerName = this.f;
                        BCSNIServerName bCSNIServerName2 = a.l.b;
                        boolean z2 = u91.a;
                        if (bCSNIServerName == bCSNIServerName2 || !(bCSNIServerName == null || bCSNIServerName2 == null || !bCSNIServerName.equals(bCSNIServerName2))) {
                            z = true;
                        } else {
                            j.finest("Session not resumable - SNI mismatch; connection: " + bCSNIServerName + ", session: " + bCSNIServerName2);
                        }
                    }
                }
                if (z) {
                    this.e = a;
                    return tlsSession;
                }
            }
        }
        u91.a(a12Var);
        return null;
    }

    @Override // org.bouncycastle.tls.DefaultTlsServer, org.bouncycastle.tls.AbstractTlsPeer
    public final int[] getSupportedCipherSuites() {
        return this.b.d().a.b(getCrypto(), this.c, getProtocolVersions());
    }

    @Override // org.bouncycastle.tls.AbstractTlsServer, org.bouncycastle.tls.TlsServer
    public final int[] getSupportedGroups() {
        int i = 0;
        io1.b b = this.b.d().b(this.c, new ProtocolVersion[]{this.context.getServerVersion()});
        s91 s91Var = this.d;
        s91Var.a = b;
        io1.b bVar = s91Var.a;
        Logger logger2 = io1.d;
        Set<Integer> keySet = bVar.a.keySet();
        int[] iArr = new int[keySet.size()];
        Iterator<Integer> it = keySet.iterator();
        while (it.hasNext()) {
            iArr[i] = it.next().intValue();
            i++;
        }
        return iArr;
    }

    @Override // org.bouncycastle.tls.AbstractTlsPeer
    public final ProtocolVersion[] getSupportedVersions() {
        return this.b.d().a.c(this.c);
    }

    @Override // org.bouncycastle.tls.AbstractTlsPeer, org.bouncycastle.tls.TlsPeer
    public final void notifyAlertRaised(short s, short s2, String str, Throwable th) {
        Level level = s == 1 ? Level.FINE : s2 == 80 ? Level.WARNING : Level.INFO;
        Logger logger2 = j;
        if (logger2.isLoggable(level)) {
            String f = u91.f("Server raised", s, s2);
            if (str != null) {
                f = w0.d(f, ": ", str);
            }
            logger2.log(level, f, th);
        }
    }

    @Override // org.bouncycastle.tls.AbstractTlsPeer, org.bouncycastle.tls.TlsPeer
    public final void notifyAlertReceived(short s, short s2) {
        super.notifyAlertReceived(s, s2);
        Level level = s == 1 ? Level.FINE : Level.INFO;
        Logger logger2 = j;
        if (logger2.isLoggable(level)) {
            logger2.log(level, u91.f("Server received", s, s2));
        }
    }

    /* JADX WARN: Can't fix incorrect switch cases order, some code will duplicate */
    /* JADX WARN: Failed to find 'out' block for switch in B:16:0x003d. Please report as an issue. */
    /* JADX WARN: Removed duplicated region for block: B:28:0x0058  */
    @Override // org.bouncycastle.tls.AbstractTlsServer, org.bouncycastle.tls.TlsServer
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public final void notifyClientCertificate(org.bouncycastle.tls.Certificate r4) {
        /*
            r3 = this;
            m02 r0 = r3.c
            boolean r1 = r0.d
            r2 = 0
            if (r1 != 0) goto Le
            boolean r1 = r0.e
            if (r1 == 0) goto Lc
            goto Le
        Lc:
            r1 = 0
            goto Lf
        Le:
            r1 = 1
        Lf:
            if (r1 == 0) goto L80
            if (r4 == 0) goto L68
            boolean r1 = r4.isEmpty()
            if (r1 == 0) goto L1a
            goto L68
        L1a:
            org.bouncycastle.tls.crypto.impl.jcajce.JcaTlsCrypto r0 = r3.getCrypto()
            java.security.cert.X509Certificate[] r0 = defpackage.u91.r(r0, r4)
            org.bouncycastle.tls.crypto.TlsCertificate r4 = r4.getCertificateAt(r2)
            r1 = 7
            boolean r2 = r4.supportsSignatureAlgorithm(r1)
            if (r2 == 0) goto L2e
            goto L3b
        L2e:
            r1 = 8
            boolean r2 = r4.supportsSignatureAlgorithm(r1)
            if (r2 == 0) goto L37
            goto L3b
        L37:
            short r1 = r4.getLegacySignatureAlgorithm()
        L3b:
            if (r1 < 0) goto L60
            switch(r1) {
                case 1: goto L55;
                case 2: goto L52;
                case 3: goto L58;
                case 4: goto L55;
                case 5: goto L55;
                case 6: goto L55;
                case 7: goto L4f;
                case 8: goto L4c;
                case 9: goto L49;
                case 10: goto L49;
                case 11: goto L49;
                default: goto L40;
            }
        L40:
            switch(r1) {
                case 26: goto L58;
                case 27: goto L58;
                case 28: goto L58;
                default: goto L43;
            }
        L43:
            java.lang.IllegalArgumentException r4 = new java.lang.IllegalArgumentException
            r4.<init>()
            throw r4
        L49:
            java.lang.String r4 = "RSASSA-PSS"
            goto L5a
        L4c:
            java.lang.String r4 = "Ed448"
            goto L5a
        L4f:
            java.lang.String r4 = "Ed25519"
            goto L5a
        L52:
            java.lang.String r4 = "DSA"
            goto L5a
        L55:
            java.lang.String r4 = "RSA"
            goto L5a
        L58:
            java.lang.String r4 = "EC"
        L5a:
            a12 r1 = r3.b
            r1.checkClientTrusted(r0, r4)
            goto L7f
        L60:
            org.bouncycastle.tls.TlsFatalAlert r4 = new org.bouncycastle.tls.TlsFatalAlert
            r0 = 43
            r4.<init>(r0)
            throw r4
        L68:
            boolean r4 = r0.d
            if (r4 == 0) goto L7f
            org.bouncycastle.tls.TlsServerContext r4 = r3.context
            boolean r4 = org.bouncycastle.tls.TlsUtils.isTLSv13(r4)
            if (r4 == 0) goto L77
            r4 = 116(0x74, float:1.63E-43)
            goto L79
        L77:
            r4 = 40
        L79:
            org.bouncycastle.tls.TlsFatalAlert r0 = new org.bouncycastle.tls.TlsFatalAlert
            r0.<init>(r4)
            throw r0
        L7f:
            return
        L80:
            org.bouncycastle.tls.TlsFatalAlert r4 = new org.bouncycastle.tls.TlsFatalAlert
            r0 = 80
            r4.<init>(r0)
            throw r4
        */
        throw new UnsupportedOperationException("Method not decompiled: defpackage.c12.notifyClientCertificate(org.bouncycastle.tls.Certificate):void");
    }

    @Override // org.bouncycastle.tls.AbstractTlsPeer, org.bouncycastle.tls.TlsPeer
    public final synchronized void notifyHandshakeComplete() {
        super.notifyHandshakeComplete();
        this.i = true;
        TlsSession session = this.context.getSession();
        o02 o02Var = this.e;
        if (o02Var == null || o02Var.j != session) {
            this.e = this.b.d().f.g(this.b.getPeerHost(), this.b.getPeerPort(), session, new t91(null, this.f), m && !TlsUtils.isTLSv13(this.context) && this.context.getSecurityParametersHandshake().isExtendedMasterSecret());
        }
        this.b.c(new i02(this.context, this.e));
    }

    @Override // org.bouncycastle.tls.AbstractTlsPeer, org.bouncycastle.tls.TlsPeer
    public final void notifySecureRenegotiation(boolean z) {
        if (!z && !zz1.a("sun.security.ssl.allowLegacyHelloMessages", true)) {
            throw new TlsFatalAlert((short) 40);
        }
    }

    @Override // org.bouncycastle.tls.AbstractTlsServer, org.bouncycastle.tls.TlsServer
    public final void notifySession(TlsSession tlsSession) {
        String str;
        byte[] sessionID = tlsSession.getSessionID();
        o02 o02Var = this.e;
        boolean z = o02Var != null && o02Var.j == tlsSession;
        a12 a12Var = this.b;
        Logger logger2 = j;
        if (z) {
            logger2.fine("Server resumed session: " + Hex.toHexString(sessionID));
        } else {
            this.e = null;
            if (TlsUtils.isNullOrEmpty(sessionID)) {
                str = "Server did not specify a session ID";
            } else {
                str = "Server specified new session: " + Hex.toHexString(sessionID);
            }
            logger2.fine(str);
            u91.a(a12Var);
        }
        a12Var.b(a12Var.d().f, this.context.getSecurityParametersHandshake(), this.d, this.e);
    }

    @Override // org.bouncycastle.tls.AbstractTlsServer
    public final boolean preferLocalCipherSuites() {
        return this.c.h;
    }

    /* JADX WARN: Code restructure failed: missing block: B:39:0x0031, code lost:
    
        continue;
     */
    @Override // org.bouncycastle.tls.AbstractTlsServer, org.bouncycastle.tls.TlsServer
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public final void processClientExtensions(java.util.Hashtable r9) {
        /*
            r8 = this;
            super.processClientExtensions(r9)
            org.bouncycastle.tls.TlsServerContext r0 = r8.context
            org.bouncycastle.tls.SecurityParameters r0 = r0.getSecurityParametersHandshake()
            java.util.Vector r0 = r0.getClientServerNames()
            r1 = 0
            if (r0 == 0) goto L88
            m02 r2 = r8.c
            java.util.List<org.bouncycastle.jsse.BCSNIMatcher> r2 = r2.i
            java.util.List r2 = defpackage.m02.b(r2)
            if (r2 == 0) goto L81
            boolean r3 = r2.isEmpty()
            if (r3 == 0) goto L21
            goto L81
        L21:
            boolean r3 = defpackage.u91.a
            boolean r3 = r0.isEmpty()
            if (r3 != 0) goto L63
            java.util.List r0 = defpackage.u91.c(r0)
            java.util.Iterator r2 = r2.iterator()
        L31:
            boolean r3 = r2.hasNext()
            if (r3 == 0) goto L63
            java.lang.Object r3 = r2.next()
            org.bouncycastle.jsse.BCSNIMatcher r3 = (org.bouncycastle.jsse.BCSNIMatcher) r3
            if (r3 == 0) goto L31
            int r4 = r3.getType()
            java.util.Iterator r5 = r0.iterator()
        L47:
            boolean r6 = r5.hasNext()
            if (r6 == 0) goto L31
            java.lang.Object r6 = r5.next()
            org.bouncycastle.jsse.BCSNIServerName r6 = (org.bouncycastle.jsse.BCSNIServerName) r6
            if (r6 == 0) goto L47
            int r7 = r6.getType()
            if (r7 == r4) goto L5c
            goto L47
        L5c:
            boolean r3 = r3.matches(r6)
            if (r3 == 0) goto L31
            goto L64
        L63:
            r6 = r1
        L64:
            r8.f = r6
            if (r6 == 0) goto L79
            java.lang.StringBuilder r0 = new java.lang.StringBuilder
            java.lang.String r2 = "Server accepted SNI: "
            r0.<init>(r2)
            org.bouncycastle.jsse.BCSNIServerName r2 = r8.f
            r0.append(r2)
            java.lang.String r0 = r0.toString()
            goto L83
        L79:
            org.bouncycastle.tls.TlsFatalAlert r9 = new org.bouncycastle.tls.TlsFatalAlert
            r0 = 112(0x70, float:1.57E-43)
            r9.<init>(r0)
            throw r9
        L81:
            java.lang.String r0 = "Server ignored SNI (no matchers specified)"
        L83:
            java.util.logging.Logger r2 = defpackage.c12.j
            r2.fine(r0)
        L88:
            org.bouncycastle.tls.TlsServerContext r0 = r8.context
            boolean r0 = org.bouncycastle.tls.TlsUtils.isTLSv13(r0)
            s91 r2 = r8.d
            if (r0 == 0) goto L9d
            java.util.Vector r9 = org.bouncycastle.tls.TlsExtensionsUtils.getCertificateAuthoritiesExtension(r9)
            javax.security.auth.x500.X500Principal[] r9 = defpackage.u91.u(r9)
            r2.g = r9
            goto Le0
        L9d:
            boolean r9 = defpackage.c12.n
            if (r9 == 0) goto Le0
            java.util.Vector r9 = r8.trustedCAKeys
            boolean r0 = defpackage.u91.a
            if (r9 == 0) goto Lde
            boolean r0 = r9.isEmpty()
            if (r0 == 0) goto Lae
            goto Lde
        Lae:
            int r0 = r9.size()
            javax.security.auth.x500.X500Principal[] r3 = new javax.security.auth.x500.X500Principal[r0]
            r4 = 0
        Lb5:
            if (r4 >= r0) goto Ldd
            java.lang.Object r5 = r9.get(r4)
            org.bouncycastle.tls.TrustedAuthority r5 = (org.bouncycastle.tls.TrustedAuthority) r5
            short r6 = r5.getIdentifierType()
            r7 = 2
            if (r7 == r6) goto Lc5
            goto Lde
        Lc5:
            org.bouncycastle.asn1.x500.X500Name r5 = r5.getX509Name()
            if (r5 != 0) goto Lcd
            r6 = r1
            goto Ld8
        Lcd:
            javax.security.auth.x500.X500Principal r6 = new javax.security.auth.x500.X500Principal
            java.lang.String r7 = "DER"
            byte[] r5 = r5.getEncoded(r7)
            r6.<init>(r5)
        Ld8:
            r3[r4] = r6
            int r4 = r4 + 1
            goto Lb5
        Ldd:
            r1 = r3
        Lde:
            r2.g = r1
        Le0:
            return
        */
        throw new UnsupportedOperationException("Method not decompiled: defpackage.c12.processClientExtensions(java.util.Hashtable):void");
    }

    @Override // org.bouncycastle.tls.AbstractTlsPeer, org.bouncycastle.tls.TlsPeer
    public final boolean requiresCloseNotify() {
        return u91.e;
    }

    @Override // org.bouncycastle.tls.AbstractTlsPeer, org.bouncycastle.tls.TlsPeer
    public final boolean requiresExtendedMasterSecret() {
        return !u91.a;
    }

    @Override // org.bouncycastle.tls.AbstractTlsServer
    public final boolean selectCipherSuite(int i) {
        JcaDefaultTlsCredentialedSigner e;
        TlsCredentials tlsCredentials;
        String str;
        TlsCredentials tlsCredentials2;
        StringBuilder sb;
        Iterator<zd2> it;
        s91 s91Var;
        short s;
        s91 s91Var2 = this.d;
        Principal[] principalArr = s91Var2.g;
        int keyExchangeAlgorithm = TlsUtils.getKeyExchangeAlgorithm(i);
        Logger logger2 = j;
        m02 m02Var = this.c;
        a12 a12Var = this.b;
        if (keyExchangeAlgorithm != 0) {
            if (keyExchangeAlgorithm == 1 || keyExchangeAlgorithm == 3 || keyExchangeAlgorithm == 5 || keyExchangeAlgorithm == 17 || keyExchangeAlgorithm == 19) {
                if (1 == keyExchangeAlgorithm || !TlsUtils.isSignatureAlgorithmsExtensionAllowed(this.context.getServerVersion())) {
                    String g = u91.g(keyExchangeAlgorithm);
                    if (!this.g.contains(g)) {
                        BCX509Key a = a12Var.a(new String[]{g}, principalArr);
                        if (a == null) {
                            this.g.add(g);
                        } else if (1 == keyExchangeAlgorithm) {
                            JcaTlsCrypto crypto = getCrypto();
                            tlsCredentials2 = new JceDefaultTlsCredentialedDecryptor(crypto, u91.i(crypto, a.getCertificateChain()), a.getPrivateKey());
                        } else {
                            e = u91.d(this.context, getCrypto(), a, null);
                            tlsCredentials2 = e;
                        }
                    }
                } else {
                    BCAlgorithmConstraints bCAlgorithmConstraints = m02Var.f;
                    short legacySignatureAlgorithmServer = TlsUtils.getLegacySignatureAlgorithmServer(keyExchangeAlgorithm);
                    LinkedHashMap<String, zd2> linkedHashMap = new LinkedHashMap<>();
                    Iterator<zd2> it2 = s91Var2.d.iterator();
                    while (it2.hasNext()) {
                        zd2 next = it2.next();
                        if (TlsUtils.isValidSignatureSchemeForServerKeyExchange(next.a.a, keyExchangeAlgorithm)) {
                            zd2.a aVar = next.a;
                            it = it2;
                            String g2 = legacySignatureAlgorithmServer == SignatureScheme.getSignatureAlgorithm(aVar.a) ? u91.g(keyExchangeAlgorithm) : aVar.f;
                            if (!this.g.contains(g2) && !linkedHashMap.containsKey(g2)) {
                                s91Var = s91Var2;
                                s = legacySignatureAlgorithmServer;
                                if (next.f(bCAlgorithmConstraints, false, true, s91Var2.a)) {
                                    linkedHashMap.put(g2, next);
                                }
                                it2 = it;
                                legacySignatureAlgorithmServer = s;
                                s91Var2 = s91Var;
                            }
                        } else {
                            it = it2;
                        }
                        s91Var = s91Var2;
                        s = legacySignatureAlgorithmServer;
                        it2 = it;
                        legacySignatureAlgorithmServer = s;
                        s91Var2 = s91Var;
                    }
                    if (linkedHashMap.isEmpty()) {
                        sb = new StringBuilder("Server (1.2) has no key types to try for KeyExchangeAlgorithm ");
                    } else {
                        BCX509Key a2 = a12Var.a((String[]) linkedHashMap.keySet().toArray(TlsUtils.EMPTY_STRINGS), principalArr);
                        if (a2 == null) {
                            c(linkedHashMap, null);
                            sb = new StringBuilder("Server (1.2) did not select any credentials for KeyExchangeAlgorithm ");
                        } else {
                            String keyType = a2.getKeyType();
                            c(linkedHashMap, keyType);
                            zd2 zd2Var = linkedHashMap.get(keyType);
                            if (zd2Var == null) {
                                throw new TlsFatalAlert((short) 80, "Key manager returned invalid key type");
                            }
                            if (logger2.isLoggable(Level.FINE)) {
                                logger2.fine("Server (1.2) selected credentials for signature scheme '" + zd2Var + "' (keyType '" + keyType + "'), with private key algorithm '" + u91.m(a2.getPrivateKey()) + "'");
                            }
                            e = u91.d(this.context, getCrypto(), a2, zd2Var.d());
                            tlsCredentials2 = e;
                        }
                    }
                    sb.append(keyExchangeAlgorithm);
                    logger2.fine(sb.toString());
                }
            }
            tlsCredentials2 = null;
        } else {
            byte[] bArr = TlsUtils.EMPTY_BYTES;
            BCAlgorithmConstraints bCAlgorithmConstraints2 = m02Var.f;
            LinkedHashMap<String, zd2> linkedHashMap2 = new LinkedHashMap<>();
            s91 s91Var3 = s91Var2;
            Iterator<zd2> it3 = s91Var3.d.iterator();
            while (it3.hasNext()) {
                zd2 next2 = it3.next();
                String str2 = next2.a.g;
                if (!this.g.contains(str2) && !linkedHashMap2.containsKey(str2)) {
                    s91 s91Var4 = s91Var3;
                    Iterator<zd2> it4 = it3;
                    if (next2.f(bCAlgorithmConstraints2, true, false, s91Var3.a)) {
                        linkedHashMap2.put(str2, next2);
                    }
                    it3 = it4;
                    s91Var3 = s91Var4;
                }
            }
            if (linkedHashMap2.isEmpty()) {
                str = "Server (1.3) found no usable signature schemes";
                tlsCredentials = null;
            } else {
                BCX509Key a3 = a12Var.a((String[]) linkedHashMap2.keySet().toArray(TlsUtils.EMPTY_STRINGS), principalArr);
                if (a3 == null) {
                    tlsCredentials = null;
                    c(linkedHashMap2, null);
                    str = "Server (1.3) did not select any credentials";
                } else {
                    String keyType2 = a3.getKeyType();
                    c(linkedHashMap2, keyType2);
                    zd2 zd2Var2 = linkedHashMap2.get(keyType2);
                    if (zd2Var2 == null) {
                        throw new TlsFatalAlert((short) 80, "Key manager returned invalid key type");
                    }
                    if (logger2.isLoggable(Level.FINE)) {
                        logger2.fine("Server (1.3) selected credentials for signature scheme '" + zd2Var2 + "' (keyType '" + keyType2 + "'), with private key algorithm '" + u91.m(a3.getPrivateKey()) + "'");
                    }
                    e = u91.e(this.context, getCrypto(), a3, zd2Var2.d(), bArr);
                    tlsCredentials2 = e;
                }
            }
            logger2.fine(str);
            tlsCredentials2 = tlsCredentials;
        }
        if (tlsCredentials2 != null) {
            boolean selectCipherSuite = super.selectCipherSuite(i);
            if (selectCipherSuite) {
                this.h = tlsCredentials2;
            }
            return selectCipherSuite;
        }
        logger2.finer("Server found no credentials for cipher suite: " + j02.d(i));
        return false;
    }

    @Override // org.bouncycastle.tls.AbstractTlsServer
    public final int selectDH(int i) {
        int max = Math.max(i, k);
        Iterator<io1> it = io1.a(this.d.a).iterator();
        while (it.hasNext()) {
            io1.a aVar = it.next().a;
            if (aVar.j >= max) {
                return aVar.a;
            }
        }
        return -1;
    }

    @Override // org.bouncycastle.tls.AbstractTlsServer
    public final int selectDHDefault(int i) {
        throw new UnsupportedOperationException();
    }

    @Override // org.bouncycastle.tls.AbstractTlsServer
    public final int selectECDH(int i) {
        Iterator<io1> it = io1.a(this.d.a).iterator();
        while (it.hasNext()) {
            io1.a aVar = it.next().a;
            if (aVar.i >= i) {
                return aVar.a;
            }
        }
        return -1;
    }

    @Override // org.bouncycastle.tls.AbstractTlsServer
    public final int selectECDHDefault(int i) {
        throw new UnsupportedOperationException();
    }

    @Override // org.bouncycastle.tls.AbstractTlsServer
    public final ProtocolName selectProtocolName() {
        ArrayList arrayList;
        m02 m02Var = this.c;
        if (m02Var.l == null && m02Var.m == null) {
            return super.selectProtocolName();
        }
        Vector vector = this.clientProtocolNames;
        boolean z = u91.a;
        if (vector == null || vector.isEmpty()) {
            arrayList = null;
        } else {
            arrayList = new ArrayList(vector.size());
            Iterator it = vector.iterator();
            while (it.hasNext()) {
                arrayList.add(((ProtocolName) it.next()).getUtf8Decoding());
            }
        }
        String f = this.b.f(Collections.unmodifiableList(arrayList));
        if (f == null) {
            throw new TlsFatalAlert(AlertDescription.no_application_protocol);
        }
        if (f.length() < 1) {
            return null;
        }
        if (arrayList.contains(f)) {
            return ProtocolName.asUtf8Encoding(f);
        }
        throw new TlsFatalAlert(AlertDescription.no_application_protocol);
    }

    @Override // org.bouncycastle.tls.AbstractTlsServer
    public final boolean shouldSelectProtocolNameEarly() {
        m02 m02Var = this.c;
        return m02Var.l == null && m02Var.m == null;
    }

    @Override // org.bouncycastle.tls.AbstractTlsPeer, org.bouncycastle.tls.TlsPeer
    public final boolean shouldUseExtendedMasterSecret() {
        return u91.f;
    }
}
