package org.bouncycastle.jsse.provider;

import java.io.IOException;
import java.math.BigInteger;
import java.security.Principal;
import java.security.cert.X509Certificate;
import java.util.Collection;
import java.util.Collections;
import java.util.HashSet;
import java.util.Hashtable;
import java.util.LinkedHashMap;
import java.util.List;
import java.util.Map;
import java.util.Set;
import java.util.Vector;
import java.util.logging.Level;
import java.util.logging.Logger;
import org.bouncycastle.asn1.x500.X500Name;
import org.bouncycastle.jsse.BCSNIMatcher;
import org.bouncycastle.jsse.BCSNIServerName;
import org.bouncycastle.jsse.BCX509Key;
import org.bouncycastle.jsse.java.security.BCAlgorithmConstraints;
import org.bouncycastle.tls.AlertDescription;
import org.bouncycastle.tls.Certificate;
import org.bouncycastle.tls.CertificateRequest;
import org.bouncycastle.tls.CertificateStatus;
import org.bouncycastle.tls.DefaultTlsServer;
import org.bouncycastle.tls.ProtocolName;
import org.bouncycastle.tls.ProtocolVersion;
import org.bouncycastle.tls.SecurityParameters;
import org.bouncycastle.tls.SessionParameters;
import org.bouncycastle.tls.SignatureAndHashAlgorithm;
import org.bouncycastle.tls.TlsCredentials;
import org.bouncycastle.tls.TlsExtensionsUtils;
import org.bouncycastle.tls.TlsFatalAlert;
import org.bouncycastle.tls.TlsSession;
import org.bouncycastle.tls.TlsUtils;
import org.bouncycastle.tls.crypto.DHGroup;
import org.bouncycastle.tls.crypto.TlsCertificate;
import org.bouncycastle.tls.crypto.impl.jcajce.JcaTlsCrypto;
import org.bouncycastle.util.Arrays;
import org.bouncycastle.util.encoders.Hex;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: classes6.dex */
public class h1 extends DefaultTlsServer implements g1 {

    /* renamed from: l, reason: collision with root package name */
    private static final Logger f81889l = Logger.getLogger(h1.class.getName());

    /* renamed from: m, reason: collision with root package name */
    private static final int f81890m = f0.c("jdk.tls.ephemeralDHKeySize", 2048, 1024, 8192);

    /* renamed from: n, reason: collision with root package name */
    private static final DHGroup[] f81891n = c();

    /* renamed from: o, reason: collision with root package name */
    private static final boolean f81892o = f0.b("jdk.tls.server.enableCAExtension", true);

    /* renamed from: p, reason: collision with root package name */
    private static final boolean f81893p = f0.b("org.bouncycastle.jsse.server.enableSessionResumption", true);

    /* renamed from: q, reason: collision with root package name */
    private static final boolean f81894q = f0.b("org.bouncycastle.jsse.server.enableTrustedCAKeysExtension", false);

    /* renamed from: d, reason: collision with root package name */
    protected final f1 f81895d;

    /* renamed from: e, reason: collision with root package name */
    protected final p0 f81896e;

    /* renamed from: f, reason: collision with root package name */
    protected final w f81897f;

    /* renamed from: g, reason: collision with root package name */
    protected s0 f81898g;

    /* renamed from: h, reason: collision with root package name */
    protected BCSNIServerName f81899h;

    /* renamed from: i, reason: collision with root package name */
    protected Set<String> f81900i;

    /* renamed from: j, reason: collision with root package name */
    protected TlsCredentials f81901j;

    /* renamed from: k, reason: collision with root package name */
    protected boolean f81902k;

    /* JADX INFO: Access modifiers changed from: package-private */
    public h1(f1 f1Var, p0 p0Var) {
        super(f1Var.c().d());
        this.f81897f = new w();
        this.f81898g = null;
        this.f81899h = null;
        this.f81900i = null;
        this.f81901j = null;
        this.f81902k = false;
        this.f81895d = f1Var;
        this.f81896e = p0Var.b();
    }

    /* JADX WARN: Removed duplicated region for block: B:23:0x0094  */
    /* JADX WARN: Removed duplicated region for block: B:29:0x0087 A[SYNTHETIC] */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    private static org.bouncycastle.tls.crypto.DHGroup[] c() {
        /*
            java.lang.String r0 = "jdk.tls.server.defaultDHEParameters"
            java.lang.String r0 = org.bouncycastle.jsse.provider.f0.i(r0)
            r1 = 0
            if (r0 != 0) goto La
            return r1
        La:
            java.lang.String r0 = org.bouncycastle.jsse.provider.y.T(r0)
            java.lang.String r0 = org.bouncycastle.jsse.provider.y.W(r0)
            int r2 = r0.length()
            r3 = 1
            if (r2 >= r3) goto L1a
            return r1
        L1a:
            java.util.ArrayList r4 = new java.util.ArrayList
            r4.<init>()
            r5 = -1
        L20:
            int r5 = r5 + r3
            if (r5 >= r2) goto L9a
            r6 = 123(0x7b, float:1.72E-43)
            char r7 = r0.charAt(r5)
            if (r6 == r7) goto L2d
            goto L9a
        L2d:
            int r5 = r5 + 1
            r6 = 44
            int r7 = r0.indexOf(r6, r5)
            if (r7 > r5) goto L38
            goto L9a
        L38:
            int r8 = r7 + 1
            r9 = 125(0x7d, float:1.75E-43)
            int r9 = r0.indexOf(r9, r8)
            if (r9 > r8) goto L43
            goto L9a
        L43:
            java.math.BigInteger r5 = g(r0, r5, r7)     // Catch: java.lang.Exception -> L9a
            java.math.BigInteger r7 = g(r0, r8, r9)     // Catch: java.lang.Exception -> L9a
            org.bouncycastle.tls.crypto.DHGroup r8 = org.bouncycastle.tls.TlsDHUtils.getStandardGroupForDHParameters(r5, r7)     // Catch: java.lang.Exception -> L9a
            if (r8 == 0) goto L55
        L51:
            r4.add(r8)     // Catch: java.lang.Exception -> L9a
            goto L83
        L55:
            r8 = 120(0x78, float:1.68E-43)
            boolean r8 = r5.isProbablePrime(r8)     // Catch: java.lang.Exception -> L9a
            if (r8 != 0) goto L7c
            java.util.logging.Logger r7 = org.bouncycastle.jsse.provider.h1.f81889l     // Catch: java.lang.Exception -> L9a
            java.util.logging.Level r8 = java.util.logging.Level.WARNING     // Catch: java.lang.Exception -> L9a
            java.lang.StringBuilder r10 = new java.lang.StringBuilder     // Catch: java.lang.Exception -> L9a
            r10.<init>()     // Catch: java.lang.Exception -> L9a
            java.lang.String r11 = "Non-prime modulus ignored in security property [jdk.tls.server.defaultDHEParameters]: "
            r10.append(r11)     // Catch: java.lang.Exception -> L9a
            r11 = 16
            java.lang.String r5 = r5.toString(r11)     // Catch: java.lang.Exception -> L9a
            r10.append(r5)     // Catch: java.lang.Exception -> L9a
            java.lang.String r5 = r10.toString()     // Catch: java.lang.Exception -> L9a
            r7.log(r8, r5)     // Catch: java.lang.Exception -> L9a
            goto L83
        L7c:
            org.bouncycastle.tls.crypto.DHGroup r8 = new org.bouncycastle.tls.crypto.DHGroup     // Catch: java.lang.Exception -> L9a
            r10 = 0
            r8.<init>(r5, r1, r7, r10)     // Catch: java.lang.Exception -> L9a
            goto L51
        L83:
            int r5 = r9 + 1
            if (r5 < r2) goto L94
            int r0 = r4.size()
            org.bouncycastle.tls.crypto.DHGroup[] r0 = new org.bouncycastle.tls.crypto.DHGroup[r0]
            java.lang.Object[] r0 = r4.toArray(r0)
            org.bouncycastle.tls.crypto.DHGroup[] r0 = (org.bouncycastle.tls.crypto.DHGroup[]) r0
            return r0
        L94:
            char r7 = r0.charAt(r5)
            if (r6 == r7) goto L20
        L9a:
            java.util.logging.Logger r0 = org.bouncycastle.jsse.provider.h1.f81889l
            java.util.logging.Level r2 = java.util.logging.Level.WARNING
            java.lang.String r3 = "Invalid syntax for security property [jdk.tls.server.defaultDHEParameters]"
            r0.log(r2, r3)
            return r1
        */
        throw new UnsupportedOperationException("Method not decompiled: org.bouncycastle.jsse.provider.h1.c():org.bouncycastle.tls.crypto.DHGroup[]");
    }

    private void d(LinkedHashMap<String, t1> linkedHashMap, String str) {
        for (Map.Entry<String, t1> entry : linkedHashMap.entrySet()) {
            String key = entry.getKey();
            if (key.equals(str)) {
                return;
            }
            this.f81900i.add(key);
            Logger logger = f81889l;
            if (logger.isLoggable(Level.FINER)) {
                logger.finer("Server found no credentials for signature scheme '" + entry.getValue() + "' (keyType '" + key + "')");
            }
        }
    }

    private static BigInteger g(String str, int i2, int i3) {
        return new BigInteger(str.substring(i2, i3), 16);
    }

    @Override // org.bouncycastle.jsse.provider.g1
    public synchronized boolean a() {
        return this.f81902k;
    }

    @Override // org.bouncycastle.tls.AbstractTlsServer
    protected boolean allowCertificateStatus() {
        return false;
    }

    @Override // org.bouncycastle.tls.AbstractTlsPeer, org.bouncycastle.tls.TlsPeer
    public boolean allowLegacyResumption() {
        return y.b();
    }

    @Override // org.bouncycastle.tls.AbstractTlsServer
    protected boolean allowMultiCertStatus() {
        return false;
    }

    @Override // org.bouncycastle.tls.AbstractTlsServer
    protected boolean allowTrustedCAIndication() {
        return this.f81897f.f82118g != null;
    }

    @Override // org.bouncycastle.tls.AbstractTlsPeer, org.bouncycastle.tls.TlsPeer
    /* renamed from: b, reason: merged with bridge method [inline-methods] */
    public JcaTlsCrypto getCrypto() {
        return this.f81895d.c().d();
    }

    protected boolean e() {
        return this.f81896e.j() || this.f81896e.r();
    }

    protected boolean f(s0 s0Var, TlsSession tlsSession) {
        SessionParameters exportSessionParameters;
        if (tlsSession != null && tlsSession.isResumable()) {
            ProtocolVersion negotiatedVersion = this.context.getSecurityParametersHandshake().getNegotiatedVersion();
            if (TlsUtils.isTLSv13(negotiatedVersion) || (exportSessionParameters = tlsSession.exportSessionParameters()) == null || !negotiatedVersion.equals(exportSessionParameters.getNegotiatedVersion()) || !Arrays.contains(getCipherSuites(), exportSessionParameters.getCipherSuite()) || !Arrays.contains(this.offeredCipherSuites, exportSessionParameters.getCipherSuite()) || !exportSessionParameters.isExtendedMasterSecret()) {
                return false;
            }
            x m2 = s0Var.m();
            BCSNIServerName bCSNIServerName = this.f81899h;
            BCSNIServerName b2 = m2.b();
            if (y.m(bCSNIServerName, b2)) {
                return true;
            }
            f81889l.finest("Session not resumable - SNI mismatch; connection: " + bCSNIServerName + ", session: " + b2);
            return false;
        }
        return false;
    }

    @Override // org.bouncycastle.tls.AbstractTlsServer, org.bouncycastle.tls.TlsServer
    public CertificateRequest getCertificateRequest() throws IOException {
        if (!e()) {
            return null;
        }
        d c2 = this.f81895d.c();
        ProtocolVersion serverVersion = this.context.getServerVersion();
        List<t1> a2 = c2.a(true, this.f81896e, new ProtocolVersion[]{serverVersion}, this.f81897f.f82112a);
        w wVar = this.f81897f;
        wVar.f82113b = a2;
        wVar.f82114c = a2;
        Vector<SignatureAndHashAlgorithm> p2 = t1.p(a2);
        Vector<X500Name> s2 = f81892o ? y.s(c2.i()) : null;
        if (!TlsUtils.isTLSv13(serverVersion)) {
            return new CertificateRequest(new short[]{64, 1, 2}, p2, s2);
        }
        byte[] bArr = TlsUtils.EMPTY_BYTES;
        w wVar2 = this.f81897f;
        List<t1> list = wVar2.f82113b;
        List<t1> list2 = wVar2.f82114c;
        return new CertificateRequest(bArr, p2, list != list2 ? t1.p(list2) : null, s2);
    }

    @Override // org.bouncycastle.tls.AbstractTlsServer, org.bouncycastle.tls.TlsServer
    public CertificateStatus getCertificateStatus() throws IOException {
        return null;
    }

    @Override // org.bouncycastle.tls.DefaultTlsServer, org.bouncycastle.tls.TlsServer
    public TlsCredentials getCredentials() throws IOException {
        return this.f81901j;
    }

    @Override // org.bouncycastle.tls.AbstractTlsPeer, org.bouncycastle.tls.TlsPeer
    public int getMaxCertificateChainLength() {
        return y.A();
    }

    @Override // org.bouncycastle.tls.AbstractTlsPeer, org.bouncycastle.tls.TlsPeer
    public int getMaxHandshakeMessageSize() {
        return y.B();
    }

    @Override // org.bouncycastle.tls.AbstractTlsServer
    protected int getMaximumNegotiableCurveBits() {
        return d0.n(this.f81897f.f82112a);
    }

    @Override // org.bouncycastle.tls.AbstractTlsServer
    protected int getMaximumNegotiableFiniteFieldBits() {
        int o2 = d0.o(this.f81897f.f82112a);
        if (o2 >= f81890m) {
            return o2;
        }
        return 0;
    }

    @Override // org.bouncycastle.tls.AbstractTlsServer, org.bouncycastle.tls.TlsServer
    public byte[] getNewSessionID() {
        if (!f81893p || TlsUtils.isTLSv13(this.context)) {
            return null;
        }
        return this.context.getNonceGenerator().generateNonce(32);
    }

    @Override // org.bouncycastle.tls.AbstractTlsServer
    protected Vector<ProtocolName> getProtocolNames() {
        return y.F(this.f81896e.e());
    }

    @Override // org.bouncycastle.tls.AbstractTlsServer, org.bouncycastle.tls.TlsServer
    public int getSelectedCipherSuite() throws IOException {
        d c2 = this.f81895d.c();
        SecurityParameters securityParametersHandshake = this.context.getSecurityParametersHandshake();
        d0.C(this.f81897f.f82112a, securityParametersHandshake.getClientSupportedGroups());
        Vector clientSigAlgs = securityParametersHandshake.getClientSigAlgs();
        Vector clientSigAlgsCert = securityParametersHandshake.getClientSigAlgsCert();
        this.f81897f.f82115d = c2.g(clientSigAlgs);
        w wVar = this.f81897f;
        wVar.f82116e = clientSigAlgs == clientSigAlgsCert ? wVar.f82115d : c2.g(clientSigAlgsCert);
        Logger logger = f81889l;
        if (logger.isLoggable(Level.FINEST)) {
            logger.finest(y.I("Peer signature_algorithms", this.f81897f.f82115d));
            w wVar2 = this.f81897f;
            List<t1> list = wVar2.f82116e;
            if (list != wVar2.f82115d) {
                logger.finest(y.I("Peer signature_algorithms_cert", list));
            }
        }
        if (g.f81866a == c2.h()) {
            throw new TlsFatalAlert((short) 40);
        }
        this.f81900i = new HashSet();
        int selectedCipherSuite = super.getSelectedCipherSuite();
        this.f81900i = null;
        logger.fine("Server selected cipher suite: " + this.f81895d.c().c().P(this.f81896e, selectedCipherSuite));
        return selectedCipherSuite;
    }

    @Override // org.bouncycastle.tls.AbstractTlsServer, org.bouncycastle.tls.TlsServer
    public Hashtable<Integer, byte[]> getServerExtensions() throws IOException {
        super.getServerExtensions();
        if (this.f81899h != null) {
            TlsExtensionsUtils.addServerNameExtensionServer(this.serverExtensions);
        }
        return this.serverExtensions;
    }

    @Override // org.bouncycastle.tls.AbstractTlsServer, org.bouncycastle.tls.TlsServer
    public ProtocolVersion getServerVersion() throws IOException {
        ProtocolVersion serverVersion = super.getServerVersion();
        String Q = this.f81895d.c().c().Q(this.f81896e, serverVersion);
        f81889l.fine("Server selected protocol version: " + Q);
        return serverVersion;
    }

    @Override // org.bouncycastle.tls.AbstractTlsServer, org.bouncycastle.tls.TlsServer
    public TlsSession getSessionToResume(byte[] bArr) {
        s0 h2;
        u0 f2 = this.f81895d.c().f();
        if (f81893p && (h2 = f2.h(bArr)) != null) {
            TlsSession n2 = h2.n();
            if (f(h2, n2)) {
                this.f81898g = h2;
                return n2;
            }
        }
        y.c(this.f81895d);
        return null;
    }

    @Override // org.bouncycastle.tls.DefaultTlsServer, org.bouncycastle.tls.AbstractTlsPeer
    protected int[] getSupportedCipherSuites() {
        return this.f81895d.c().c().j(getCrypto(), this.f81896e, getProtocolVersions());
    }

    @Override // org.bouncycastle.tls.AbstractTlsServer, org.bouncycastle.tls.TlsServer
    public int[] getSupportedGroups() throws IOException {
        this.f81897f.f82112a = this.f81895d.c().e(this.f81896e, new ProtocolVersion[]{this.context.getServerVersion()});
        return d0.u(this.f81897f.f82112a);
    }

    @Override // org.bouncycastle.tls.AbstractTlsPeer
    protected ProtocolVersion[] getSupportedVersions() {
        return this.f81895d.c().c().k(this.f81896e);
    }

    protected TlsCredentials h(Principal[] principalArr, int i2) throws IOException {
        int keyExchangeAlgorithm = TlsUtils.getKeyExchangeAlgorithm(i2);
        if (keyExchangeAlgorithm == 0) {
            return j(principalArr, TlsUtils.EMPTY_BYTES);
        }
        if (keyExchangeAlgorithm == 1 || keyExchangeAlgorithm == 3 || keyExchangeAlgorithm == 5 || keyExchangeAlgorithm == 17 || keyExchangeAlgorithm == 19) {
            return (1 == keyExchangeAlgorithm || !TlsUtils.isSignatureAlgorithmsExtensionAllowed(this.context.getServerVersion())) ? k(principalArr, keyExchangeAlgorithm) : i(principalArr, keyExchangeAlgorithm);
        }
        return null;
    }

    protected TlsCredentials i(Principal[] principalArr, int i2) throws IOException {
        Logger logger;
        StringBuilder sb;
        String str;
        BCAlgorithmConstraints d2 = this.f81896e.d();
        short legacySignatureAlgorithmServer = TlsUtils.getLegacySignatureAlgorithmServer(i2);
        LinkedHashMap<String, t1> linkedHashMap = new LinkedHashMap<>();
        for (t1 t1Var : this.f81897f.f82115d) {
            if (TlsUtils.isValidSignatureSchemeForServerKeyExchange(t1Var.q(), i2)) {
                String z2 = legacySignatureAlgorithmServer == t1Var.m() ? y.z(i2) : t1Var.k();
                if (!this.f81900i.contains(z2) && !linkedHashMap.containsKey(z2) && t1Var.t(d2, false, true, this.f81897f.f82112a)) {
                    linkedHashMap.put(z2, t1Var);
                }
            }
        }
        if (linkedHashMap.isEmpty()) {
            logger = f81889l;
            sb = new StringBuilder();
            str = "Server (1.2) has no key types to try for KeyExchangeAlgorithm ";
        } else {
            BCX509Key b2 = this.f81895d.b((String[]) linkedHashMap.keySet().toArray(TlsUtils.EMPTY_STRINGS), principalArr);
            if (b2 != null) {
                String keyType = b2.getKeyType();
                d(linkedHashMap, keyType);
                t1 t1Var2 = linkedHashMap.get(keyType);
                if (t1Var2 == null) {
                    throw new TlsFatalAlert((short) 80, "Key manager returned invalid key type");
                }
                Logger logger2 = f81889l;
                if (logger2.isLoggable(Level.FINE)) {
                    logger2.fine("Server (1.2) selected credentials for signature scheme '" + t1Var2 + "' (keyType '" + keyType + "'), with private key algorithm '" + y.D(b2.getPrivateKey()) + "'");
                }
                return y.k(this.context, getCrypto(), b2, t1Var2.n());
            }
            d(linkedHashMap, null);
            logger = f81889l;
            sb = new StringBuilder();
            str = "Server (1.2) did not select any credentials for KeyExchangeAlgorithm ";
        }
        sb.append(str);
        sb.append(i2);
        logger.fine(sb.toString());
        return null;
    }

    protected TlsCredentials j(Principal[] principalArr, byte[] bArr) throws IOException {
        Logger logger;
        String str;
        BCAlgorithmConstraints d2 = this.f81896e.d();
        LinkedHashMap<String, t1> linkedHashMap = new LinkedHashMap<>();
        for (t1 t1Var : this.f81897f.f82115d) {
            String l2 = t1Var.l();
            if (!this.f81900i.contains(l2) && !linkedHashMap.containsKey(l2) && t1Var.t(d2, true, false, this.f81897f.f82112a)) {
                linkedHashMap.put(l2, t1Var);
            }
        }
        if (linkedHashMap.isEmpty()) {
            logger = f81889l;
            str = "Server (1.3) found no usable signature schemes";
        } else {
            BCX509Key b2 = this.f81895d.b((String[]) linkedHashMap.keySet().toArray(TlsUtils.EMPTY_STRINGS), principalArr);
            if (b2 != null) {
                String keyType = b2.getKeyType();
                d(linkedHashMap, keyType);
                t1 t1Var2 = linkedHashMap.get(keyType);
                if (t1Var2 == null) {
                    throw new TlsFatalAlert((short) 80, "Key manager returned invalid key type");
                }
                Logger logger2 = f81889l;
                if (logger2.isLoggable(Level.FINE)) {
                    logger2.fine("Server (1.3) selected credentials for signature scheme '" + t1Var2 + "' (keyType '" + keyType + "'), with private key algorithm '" + y.D(b2.getPrivateKey()) + "'");
                }
                return y.l(this.context, getCrypto(), b2, t1Var2.n(), bArr);
            }
            d(linkedHashMap, null);
            logger = f81889l;
            str = "Server (1.3) did not select any credentials";
        }
        logger.fine(str);
        return null;
    }

    protected TlsCredentials k(Principal[] principalArr, int i2) throws IOException {
        String z2 = y.z(i2);
        if (this.f81900i.contains(z2)) {
            return null;
        }
        BCX509Key b2 = this.f81895d.b(new String[]{z2}, principalArr);
        if (b2 != null) {
            return 1 == i2 ? y.j(getCrypto(), b2) : y.k(this.context, getCrypto(), b2, null);
        }
        this.f81900i.add(z2);
        return null;
    }

    @Override // org.bouncycastle.tls.AbstractTlsPeer, org.bouncycastle.tls.TlsPeer
    public void notifyAlertRaised(short s2, short s3, String str, Throwable th) {
        Level level = s2 == 1 ? Level.FINE : s3 == 80 ? Level.WARNING : Level.INFO;
        Logger logger = f81889l;
        if (logger.isLoggable(level)) {
            String o2 = y.o("Server raised", s2, s3);
            if (str != null) {
                o2 = o2 + ": " + str;
            }
            logger.log(level, o2, th);
        }
    }

    @Override // org.bouncycastle.tls.AbstractTlsPeer, org.bouncycastle.tls.TlsPeer
    public void notifyAlertReceived(short s2, short s3) {
        super.notifyAlertReceived(s2, s3);
        Level level = s2 == 1 ? Level.FINE : Level.INFO;
        Logger logger = f81889l;
        if (logger.isLoggable(level)) {
            logger.log(level, y.o("Server received", s2, s3));
        }
    }

    @Override // org.bouncycastle.tls.AbstractTlsServer, org.bouncycastle.tls.TlsServer
    public void notifyClientCertificate(Certificate certificate) throws IOException {
        if (!e()) {
            throw new TlsFatalAlert((short) 80);
        }
        if (certificate == null || certificate.isEmpty()) {
            if (this.f81896e.j()) {
                throw new TlsFatalAlert(TlsUtils.isTLSv13(this.context) ? AlertDescription.certificate_required : (short) 40);
            }
            return;
        }
        X509Certificate[] O = y.O(getCrypto(), certificate);
        TlsCertificate certificateAt = certificate.getCertificateAt(0);
        short s2 = 7;
        if (!certificateAt.supportsSignatureAlgorithm((short) 7)) {
            s2 = 8;
            if (!certificateAt.supportsSignatureAlgorithm((short) 8)) {
                s2 = certificateAt.getLegacySignatureAlgorithm();
            }
        }
        if (s2 < 0) {
            throw new TlsFatalAlert((short) 43);
        }
        this.f81895d.checkClientTrusted(O, y.q(s2));
    }

    @Override // org.bouncycastle.tls.AbstractTlsPeer, org.bouncycastle.tls.TlsPeer
    public synchronized void notifyHandshakeComplete() throws IOException {
        super.notifyHandshakeComplete();
        boolean z2 = true;
        this.f81902k = true;
        TlsSession session = this.context.getSession();
        s0 s0Var = this.f81898g;
        if (s0Var == null || s0Var.n() != session) {
            u0 f2 = this.f81895d.c().f();
            String peerHost = this.f81895d.getPeerHost();
            int peerPort = this.f81895d.getPeerPort();
            x xVar = new x(null, this.f81899h);
            if (!f81893p || TlsUtils.isTLSv13(this.context) || !this.context.getSecurityParametersConnection().isExtendedMasterSecret()) {
                z2 = false;
            }
            this.f81898g = f2.v(peerHost, peerPort, session, xVar, z2);
        }
        this.f81895d.a(new l0(this.context, this.f81898g));
    }

    @Override // org.bouncycastle.tls.AbstractTlsPeer, org.bouncycastle.tls.TlsPeer
    public void notifySecureRenegotiation(boolean z2) throws IOException {
        if (!z2 && !f0.b("sun.security.ssl.allowLegacyHelloMessages", true)) {
            throw new TlsFatalAlert((short) 40);
        }
    }

    @Override // org.bouncycastle.tls.AbstractTlsServer, org.bouncycastle.tls.TlsServer
    public void notifySession(TlsSession tlsSession) {
        Logger logger;
        String str;
        byte[] sessionID = tlsSession.getSessionID();
        s0 s0Var = this.f81898g;
        if (s0Var != null && s0Var.n() == tlsSession) {
            f81889l.fine("Server resumed session: " + Hex.toHexString(sessionID));
        } else {
            this.f81898g = null;
            if (TlsUtils.isNullOrEmpty(sessionID)) {
                logger = f81889l;
                str = "Server did not specify a session ID";
            } else {
                logger = f81889l;
                str = "Server specified new session: " + Hex.toHexString(sessionID);
            }
            logger.fine(str);
            y.c(this.f81895d);
        }
        f1 f1Var = this.f81895d;
        f1Var.e(f1Var.c().f(), this.context.getSecurityParametersHandshake(), this.f81897f, this.f81898g);
    }

    @Override // org.bouncycastle.tls.AbstractTlsServer
    protected boolean preferLocalCipherSuites() {
        return this.f81896e.q();
    }

    @Override // org.bouncycastle.tls.AbstractTlsServer, org.bouncycastle.tls.TlsServer
    public void processClientExtensions(Hashtable hashtable) throws IOException {
        Logger logger;
        String str;
        super.processClientExtensions(hashtable);
        Vector clientServerNames = this.context.getSecurityParametersHandshake().getClientServerNames();
        if (clientServerNames != null) {
            Collection<BCSNIMatcher> m2 = this.f81896e.m();
            if (m2 == null || m2.isEmpty()) {
                logger = f81889l;
                str = "Server ignored SNI (no matchers specified)";
            } else {
                BCSNIServerName n2 = y.n(clientServerNames, m2);
                this.f81899h = n2;
                if (n2 == null) {
                    throw new TlsFatalAlert((short) 112);
                }
                logger = f81889l;
                str = "Server accepted SNI: " + this.f81899h;
            }
            logger.fine(str);
        }
        if (TlsUtils.isTLSv13(this.context)) {
            this.f81897f.f82118g = y.a0(TlsExtensionsUtils.getCertificateAuthoritiesExtension(hashtable));
        } else if (f81894q) {
            this.f81897f.f82118g = y.M(this.trustedCAKeys);
        }
    }

    @Override // org.bouncycastle.tls.AbstractTlsPeer, org.bouncycastle.tls.TlsPeer
    public boolean requiresCloseNotify() {
        return y.U();
    }

    @Override // org.bouncycastle.tls.AbstractTlsPeer, org.bouncycastle.tls.TlsPeer
    public boolean requiresExtendedMasterSecret() {
        return !y.a();
    }

    @Override // org.bouncycastle.tls.AbstractTlsServer
    protected boolean selectCipherSuite(int i2) throws IOException {
        TlsCredentials h2 = h(this.f81897f.f82118g, i2);
        if (h2 != null) {
            boolean selectCipherSuite = super.selectCipherSuite(i2);
            if (selectCipherSuite) {
                this.f81901j = h2;
            }
            return selectCipherSuite;
        }
        String n2 = m0.n(i2);
        f81889l.finer("Server found no credentials for cipher suite: " + n2);
        return false;
    }

    @Override // org.bouncycastle.tls.AbstractTlsServer
    protected int selectDH(int i2) {
        return d0.E(this.f81897f.f82112a, Math.max(i2, f81890m));
    }

    @Override // org.bouncycastle.tls.AbstractTlsServer
    protected int selectDHDefault(int i2) {
        throw new UnsupportedOperationException();
    }

    @Override // org.bouncycastle.tls.AbstractTlsServer
    protected int selectECDH(int i2) {
        return d0.D(this.f81897f.f82112a, i2);
    }

    @Override // org.bouncycastle.tls.AbstractTlsServer
    protected int selectECDHDefault(int i2) {
        throw new UnsupportedOperationException();
    }

    @Override // org.bouncycastle.tls.AbstractTlsServer
    protected ProtocolName selectProtocolName() throws IOException {
        if (this.f81896e.i() == null && this.f81896e.p() == null) {
            return super.selectProtocolName();
        }
        List<String> E = y.E(this.clientProtocolNames);
        String f2 = this.f81895d.f(Collections.unmodifiableList(E));
        if (f2 == null) {
            throw new TlsFatalAlert(AlertDescription.no_application_protocol);
        }
        if (f2.length() < 1) {
            return null;
        }
        if (E.contains(f2)) {
            return ProtocolName.asUtf8Encoding(f2);
        }
        throw new TlsFatalAlert(AlertDescription.no_application_protocol);
    }

    @Override // org.bouncycastle.tls.AbstractTlsServer
    protected boolean shouldSelectProtocolNameEarly() {
        return this.f81896e.i() == null && this.f81896e.p() == null;
    }

    @Override // org.bouncycastle.tls.AbstractTlsPeer, org.bouncycastle.tls.TlsPeer
    public boolean shouldUseExtendedMasterSecret() {
        return y.b0();
    }
}
