package org.bouncycastle.tls;

import java.io.IOException;
import java.util.Hashtable;
import java.util.Vector;
import org.bouncycastle.tls.crypto.TlsCrypto;
import org.bouncycastle.tls.crypto.TlsDHConfig;
import org.bouncycastle.tls.crypto.TlsECConfig;

/* loaded from: classes2.dex */
public abstract class AbstractTlsServer extends AbstractTlsPeer implements TlsServer {
    public CertificateStatusRequest certificateStatusRequest;
    public int[] cipherSuites;
    public Hashtable clientExtensions;
    public Vector clientProtocolNames;
    public boolean clientSentECPointFormats;
    public TlsServerContext context;
    public boolean encryptThenMACOffered;
    public short maxFragmentLengthOffered;
    public int[] offeredCipherSuites;
    public ProtocolVersion[] protocolVersions;
    public int selectedCipherSuite;
    public ProtocolName selectedProtocolName;
    public Hashtable serverExtensions;
    public boolean truncatedHMacOffered;

    public AbstractTlsServer(TlsCrypto tlsCrypto) {
        super(tlsCrypto);
    }

    public abstract boolean allowCertificateStatus();

    public boolean allowEncryptThenMAC() {
        return true;
    }

    public boolean allowTruncatedHMac() {
        return false;
    }

    public Hashtable checkServerExtensions() {
        Hashtable ensureExtensionsInitialised = TlsExtensionsUtils.ensureExtensionsInitialised(this.serverExtensions);
        this.serverExtensions = ensureExtensionsInitialised;
        return ensureExtensionsInitialised;
    }

    @Override // org.bouncycastle.tls.TlsPeer
    public int[] getCipherSuites() {
        return this.cipherSuites;
    }

    @Override // org.bouncycastle.tls.TlsServer
    public TlsDHConfig getDHConfig() throws IOException {
        return TlsDHUtils.createNamedDHConfig(this.context, selectDH(TlsDHUtils.getMinimumFiniteFieldBits(this.selectedCipherSuite)));
    }

    @Override // org.bouncycastle.tls.TlsServer
    public TlsECConfig getECDHConfig() throws IOException {
        return TlsECCUtils.createNamedECConfig(this.context, selectECDH(TlsECCUtils.getMinimumCurveBits(this.selectedCipherSuite)));
    }

    public abstract int getMaximumNegotiableCurveBits();

    public abstract int getMaximumNegotiableFiniteFieldBits();

    @Override // org.bouncycastle.tls.TlsServer
    public NewSessionTicket getNewSessionTicket() throws IOException {
        return new NewSessionTicket(0L, TlsUtils.EMPTY_BYTES);
    }

    @Override // org.bouncycastle.tls.TlsServer
    public TlsPSKIdentityManager getPSKIdentityManager() throws IOException {
        return null;
    }

    public abstract Vector getProtocolNames();

    @Override // org.bouncycastle.tls.TlsPeer
    public ProtocolVersion[] getProtocolVersions() {
        return this.protocolVersions;
    }

    @Override // org.bouncycastle.tls.TlsServer
    public TlsSRPLoginParameters getSRPLoginParameters() throws IOException {
        return null;
    }

    public int getSelectedCipherSuite() throws IOException {
        Vector usableSignatureAlgorithms = TlsUtils.getUsableSignatureAlgorithms(this.context.getSecurityParametersHandshake().getClientSigAlgs());
        int maximumNegotiableCurveBits = getMaximumNegotiableCurveBits();
        int maximumNegotiableFiniteFieldBits = getMaximumNegotiableFiniteFieldBits();
        for (int i2 : TlsUtils.getCommonCipherSuites(this.offeredCipherSuites, getCipherSuites(), preferLocalCipherSuites())) {
            if (isSelectableCipherSuite(i2, maximumNegotiableCurveBits, maximumNegotiableFiniteFieldBits, usableSignatureAlgorithms) && selectCipherSuite(i2)) {
                return i2;
            }
        }
        throw new TlsFatalAlert((short) 40);
    }

    public Hashtable getServerExtensions() throws IOException {
        Vector vector;
        if (!shouldSelectProtocolNameEarly() && (vector = this.clientProtocolNames) != null && !vector.isEmpty()) {
            this.selectedProtocolName = selectProtocolName();
        }
        if (this.selectedProtocolName != null) {
            TlsExtensionsUtils.addALPNExtensionServer(checkServerExtensions(), this.selectedProtocolName);
        }
        if (this.encryptThenMACOffered && allowEncryptThenMAC() && TlsUtils.isBlockCipherSuite(this.selectedCipherSuite)) {
            TlsExtensionsUtils.addEncryptThenMACExtension(checkServerExtensions());
        }
        short s2 = this.maxFragmentLengthOffered;
        if (s2 >= 0 && MaxFragmentLength.isValid(s2)) {
            TlsExtensionsUtils.addMaxFragmentLengthExtension(checkServerExtensions(), this.maxFragmentLengthOffered);
        }
        if (this.truncatedHMacOffered && allowTruncatedHMac()) {
            TlsExtensionsUtils.addTruncatedHMacExtension(checkServerExtensions());
        }
        if (this.clientSentECPointFormats && TlsECCUtils.isECCCipherSuite(this.selectedCipherSuite)) {
            TlsExtensionsUtils.addSupportedPointFormatsExtension(checkServerExtensions(), new short[]{0});
        }
        if (this.certificateStatusRequest != null && allowCertificateStatus()) {
            checkServerExtensions().put(TlsExtensionsUtils.EXT_status_request, TlsExtensionsUtils.createEmptyExtensionData());
        }
        return this.serverExtensions;
    }

    @Override // org.bouncycastle.tls.TlsServer
    public Vector getServerSupplementalData() throws IOException {
        return null;
    }

    public ProtocolVersion getServerVersion() throws IOException {
        ProtocolVersion[] protocolVersions = getProtocolVersions();
        for (ProtocolVersion protocolVersion : this.context.getClientSupportedVersions()) {
            if (ProtocolVersion.contains(protocolVersions, protocolVersion)) {
                return protocolVersion;
            }
        }
        throw new TlsFatalAlert((short) 70);
    }

    @Override // org.bouncycastle.tls.TlsServer
    public void init(TlsServerContext tlsServerContext) {
        this.context = tlsServerContext;
        this.protocolVersions = getSupportedVersions();
        this.cipherSuites = getSupportedCipherSuites();
    }

    public boolean isSelectableCipherSuite(int i2, int i3, int i4, Vector vector) {
        return TlsUtils.isValidCipherSuiteForVersion(i2, this.context.getServerVersion()) && i3 >= TlsECCUtils.getMinimumCurveBits(i2) && i4 >= TlsDHUtils.getMinimumFiniteFieldBits(i2) && TlsUtils.isValidCipherSuiteForSignatureAlgorithms(i2, vector);
    }

    @Override // org.bouncycastle.tls.TlsServer
    public void notifyClientVersion(ProtocolVersion protocolVersion) throws IOException {
    }

    @Override // org.bouncycastle.tls.TlsServer
    public void notifyFallback(boolean z2) throws IOException {
        ProtocolVersion latestDTLS;
        if (z2) {
            ProtocolVersion[] protocolVersions = getProtocolVersions();
            ProtocolVersion clientVersion = this.context.getClientVersion();
            if (clientVersion.isTLS()) {
                latestDTLS = ProtocolVersion.getLatestTLS(protocolVersions);
            } else {
                if (!clientVersion.isDTLS()) {
                    throw new TlsFatalAlert((short) 80);
                }
                latestDTLS = ProtocolVersion.getLatestDTLS(protocolVersions);
            }
            if (latestDTLS != null && latestDTLS.isLaterVersionOf(clientVersion)) {
                throw new TlsFatalAlert((short) 86);
            }
        }
    }

    @Override // org.bouncycastle.tls.AbstractTlsPeer, org.bouncycastle.tls.TlsPeer
    public void notifyHandshakeBeginning() throws IOException {
        super.notifyHandshakeBeginning();
        this.offeredCipherSuites = null;
        this.clientExtensions = null;
        this.encryptThenMACOffered = false;
        this.maxFragmentLengthOffered = (short) 0;
        this.truncatedHMacOffered = false;
        this.clientSentECPointFormats = false;
        this.certificateStatusRequest = null;
        this.selectedCipherSuite = -1;
        this.selectedProtocolName = null;
        this.serverExtensions = null;
    }

    @Override // org.bouncycastle.tls.TlsServer
    public void notifyOfferedCipherSuites(int[] iArr) throws IOException {
        this.offeredCipherSuites = iArr;
    }

    public abstract boolean preferLocalCipherSuites();

    public void processClientExtensions(Hashtable hashtable) throws IOException {
        Vector vector;
        this.clientExtensions = hashtable;
        if (hashtable != null) {
            this.clientProtocolNames = TlsExtensionsUtils.getALPNExtensionClient(hashtable);
            if (shouldSelectProtocolNameEarly() && (vector = this.clientProtocolNames) != null && !vector.isEmpty()) {
                this.selectedProtocolName = selectProtocolName();
            }
            this.encryptThenMACOffered = TlsExtensionsUtils.hasEncryptThenMACExtension(hashtable);
            short maxFragmentLengthExtension = TlsExtensionsUtils.getMaxFragmentLengthExtension(hashtable);
            this.maxFragmentLengthOffered = maxFragmentLengthExtension;
            if (maxFragmentLengthExtension >= 0 && !MaxFragmentLength.isValid(maxFragmentLengthExtension)) {
                throw new TlsFatalAlert((short) 47);
            }
            this.truncatedHMacOffered = TlsExtensionsUtils.hasTruncatedHMacExtension(hashtable);
            this.clientSentECPointFormats = TlsExtensionsUtils.getSupportedPointFormatsExtension(hashtable) != null;
            this.certificateStatusRequest = TlsExtensionsUtils.getStatusRequestExtension(hashtable);
        }
    }

    @Override // org.bouncycastle.tls.TlsServer
    public void processClientSupplementalData(Vector vector) throws IOException {
        if (vector != null) {
            throw new TlsFatalAlert((short) 10);
        }
    }

    public boolean selectCipherSuite(int i2) throws IOException {
        this.selectedCipherSuite = i2;
        return true;
    }

    public abstract int selectDH(int i2);

    public abstract int selectECDH(int i2);

    public ProtocolName selectProtocolName() throws IOException {
        Vector protocolNames = getProtocolNames();
        if (protocolNames == null || protocolNames.isEmpty()) {
            return null;
        }
        ProtocolName selectProtocolName = selectProtocolName(this.clientProtocolNames, protocolNames);
        if (selectProtocolName != null) {
            return selectProtocolName;
        }
        throw new TlsFatalAlert((short) 120);
    }

    public ProtocolName selectProtocolName(Vector vector, Vector vector2) {
        for (int i2 = 0; i2 < vector2.size(); i2++) {
            ProtocolName protocolName = (ProtocolName) vector2.elementAt(i2);
            if (vector.contains(protocolName)) {
                return protocolName;
            }
        }
        return null;
    }

    public abstract boolean shouldSelectProtocolNameEarly();
}
