package com.aspose.pdf.internal.imaging.internal.bouncycastle.crypto.tls;

import com.aspose.pdf.internal.imaging.internal.bouncycastle.crypto.params.AsymmetricKeyParameter;
import com.aspose.pdf.internal.imaging.internal.bouncycastle.crypto.tls.TlsProtocol;
import com.aspose.pdf.internal.imaging.internal.bouncycastle.crypto.util.PublicKeyFactory;
import com.aspose.pdf.internal.imaging.internal.bouncycastle.util.Arrays;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.security.SecureRandom;
import java.util.Vector;

/* loaded from: input_file:com/aspose/pdf/internal/imaging/internal/bouncycastle/crypto/tls/TlsServerProtocol.class */
public class TlsServerProtocol extends TlsProtocol {
    private TlsServer m12517;
    private z10 m12518;
    private TlsKeyExchange m12403;
    private TlsCredentials m12410;
    private CertificateRequest m12405;
    private short m12411;
    private TlsHandshakeHash m12519;

    public TlsServerProtocol(InputStream inputStream, OutputStream outputStream, SecureRandom secureRandom) {
        super(inputStream, outputStream, secureRandom);
        this.m12517 = null;
        this.m12518 = null;
        this.m12403 = null;
        this.m12410 = null;
        this.m12405 = null;
        this.m12411 = (short) -1;
        this.m12519 = null;
    }

    public TlsServerProtocol(SecureRandom secureRandom) {
        super(secureRandom);
        this.m12517 = null;
        this.m12518 = null;
        this.m12403 = null;
        this.m12410 = null;
        this.m12405 = null;
        this.m12411 = (short) -1;
        this.m12519 = null;
    }

    public void accept(TlsServer tlsServer) throws IOException {
        if (tlsServer == null) {
            throw new IllegalArgumentException("'tlsServer' cannot be null");
        }
        if (this.m12517 != null) {
            throw new IllegalStateException("'accept' can only be called once");
        }
        this.m12517 = tlsServer;
        this.m12503 = new SecurityParameters();
        this.m12503.m12436 = 0;
        this.m12518 = new z10(this.secureRandom, this.m12503);
        this.m12503.m12443 = m1(tlsServer.shouldUseGMTUnixTime(), this.m12518.getNonceRandomGenerator());
        this.m12517.init(this.m12518);
        this.m12500.m1(this.m12518);
        this.m12500.m1(false);
        m3188();
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // com.aspose.pdf.internal.imaging.internal.bouncycastle.crypto.tls.TlsProtocol
    public final void m3181() {
        super.m3181();
        this.m12403 = null;
        this.m12410 = null;
        this.m12405 = null;
        this.m12519 = null;
    }

    @Override // com.aspose.pdf.internal.imaging.internal.bouncycastle.crypto.tls.TlsProtocol
    protected final TlsContext m3182() {
        return this.m12518;
    }

    @Override // com.aspose.pdf.internal.imaging.internal.bouncycastle.crypto.tls.TlsProtocol
    final z1 m3183() {
        return this.m12518;
    }

    @Override // com.aspose.pdf.internal.imaging.internal.bouncycastle.crypto.tls.TlsProtocol
    protected final TlsPeer m3184() {
        return this.m12517;
    }

    /* JADX WARN: Failed to find 'out' block for switch in B:137:0x061e. Please report as an issue. */
    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r0v33, types: [java.io.ByteArrayInputStream] */
    /* JADX WARN: Type inference failed for: r0v35, types: [java.lang.Throwable] */
    /* JADX WARN: Type inference failed for: r0v55, types: [java.lang.Throwable, com.aspose.pdf.internal.imaging.internal.bouncycastle.crypto.tls.TlsFatalAlert] */
    @Override // com.aspose.pdf.internal.imaging.internal.bouncycastle.crypto.tls.TlsProtocol
    protected final void m1(short s, ByteArrayInputStream byteArrayInputStream) throws IOException {
        byte[] sessionHash;
        CertificateStatus certificateStatus;
        switch (s) {
            case 1:
                switch (this.m12505) {
                    case 0:
                        ProtocolVersion readVersion = TlsUtils.readVersion(byteArrayInputStream);
                        this.m12500.m2(readVersion);
                        if (readVersion.isDTLS()) {
                            throw new TlsFatalAlert((short) 47);
                        }
                        byte[] readFully = TlsUtils.readFully(32, byteArrayInputStream);
                        if (TlsUtils.readOpaque8(byteArrayInputStream).length > 32) {
                            throw new TlsFatalAlert((short) 47);
                        }
                        int readUint16 = TlsUtils.readUint16(byteArrayInputStream);
                        if (readUint16 < 2 || (readUint16 & 1) != 0) {
                            throw new TlsFatalAlert((short) 50);
                        }
                        this.m12373 = TlsUtils.readUint16Array(readUint16 / 2, byteArrayInputStream);
                        short readUint8 = TlsUtils.readUint8(byteArrayInputStream);
                        if (readUint8 <= 0) {
                            throw new TlsFatalAlert((short) 47);
                        }
                        this.m12374 = TlsUtils.readUint8Array(readUint8, byteArrayInputStream);
                        this.m12397 = m3(byteArrayInputStream);
                        this.m12503.m12448 = TlsExtensionsUtils.hasExtendedMasterSecretExtension(this.m12397);
                        this.m12518.m1(readVersion);
                        this.m12517.notifyClientVersion(readVersion);
                        this.m12517.notifyFallback(Arrays.contains(this.m12373, CipherSuite.TLS_FALLBACK_SCSV));
                        this.m12503.m12442 = readFully;
                        this.m12517.notifyOfferedCipherSuites(this.m12373);
                        this.m12517.notifyOfferedCompressionMethods(this.m12374);
                        if (Arrays.contains(this.m12373, 255)) {
                            this.m12400 = true;
                        }
                        byte[] extensionData = TlsUtils.getExtensionData(this.m12397, m12496);
                        if (extensionData != null) {
                            this.m12400 = true;
                            if (!Arrays.constantTimeAreEqual(extensionData, TlsUtils.encodeOpaque8(TlsUtils.EMPTY_BYTES))) {
                                throw new TlsFatalAlert((short) 40);
                            }
                        }
                        this.m12517.notifySecureRenegotiation(this.m12400);
                        if (this.m12397 != null) {
                            TlsExtensionsUtils.getPaddingExtension(this.m12397);
                            this.m12517.processClientExtensions(this.m12397);
                        }
                        this.m12505 = (short) 1;
                        TlsProtocol.z1 z1Var = new TlsProtocol.z1(this, (short) 2);
                        ProtocolVersion serverVersion = this.m12517.getServerVersion();
                        if (!serverVersion.isEqualOrEarlierVersionOf(this.m12518.getClientVersion())) {
                            throw new TlsFatalAlert((short) 80);
                        }
                        this.m12500.m1(serverVersion);
                        this.m12500.m2(serverVersion);
                        this.m12500.m1(true);
                        this.m12518.m2(serverVersion);
                        TlsUtils.writeVersion(serverVersion, z1Var);
                        z1Var.write(this.m12503.m12443);
                        TlsUtils.writeOpaque8(TlsUtils.EMPTY_BYTES, z1Var);
                        int selectedCipherSuite = this.m12517.getSelectedCipherSuite();
                        if (!Arrays.contains(this.m12373, selectedCipherSuite) || selectedCipherSuite == 0 || CipherSuite.isSCSV(selectedCipherSuite) || !TlsUtils.isValidCipherSuiteForVersion(selectedCipherSuite, this.m12518.getServerVersion())) {
                            throw new TlsFatalAlert((short) 80);
                        }
                        this.m12503.m12437 = selectedCipherSuite;
                        short selectedCompressionMethod = this.m12517.getSelectedCompressionMethod();
                        if (!Arrays.contains(this.m12374, selectedCompressionMethod)) {
                            throw new TlsFatalAlert((short) 80);
                        }
                        this.m12503.m12438 = selectedCompressionMethod;
                        TlsUtils.writeUint16(selectedCipherSuite, z1Var);
                        TlsUtils.writeUint8(selectedCompressionMethod, (OutputStream) z1Var);
                        this.m12379 = this.m12517.getServerExtensions();
                        if (this.m12400) {
                            if (TlsUtils.getExtensionData(this.m12379, m12496) == null) {
                                this.m12379 = TlsExtensionsUtils.ensureExtensionsInitialised(this.m12379);
                                this.m12379.put(m12496, TlsUtils.encodeOpaque8(TlsUtils.EMPTY_BYTES));
                            }
                        }
                        if (this.m12503.m12448) {
                            this.m12379 = TlsExtensionsUtils.ensureExtensionsInitialised(this.m12379);
                            TlsExtensionsUtils.addExtendedMasterSecretExtension(this.m12379);
                        }
                        if (this.m12379 != null) {
                            this.m12503.m12447 = TlsExtensionsUtils.hasEncryptThenMACExtension(this.m12379);
                            this.m12503.m12445 = m1(this.m12397, this.m12379, (short) 80);
                            this.m12503.m12446 = TlsExtensionsUtils.hasTruncatedHMacExtension(this.m12379);
                            this.m12401 = !this.m12399 && TlsUtils.hasExpectedEmptyExtensionData(this.m12379, TlsExtensionsUtils.EXT_status_request, (short) 80);
                            this.m12402 = !this.m12399 && TlsUtils.hasExpectedEmptyExtensionData(this.m12379, TlsProtocol.m12497, (short) 80);
                            m1(z1Var, this.m12379);
                        }
                        this.m12503.m12439 = m1(this.m12518, this.m12503.getCipherSuite());
                        this.m12503.m12440 = 12;
                        m3187();
                        z1Var.m1();
                        this.m12505 = (short) 2;
                        this.m12500.m7();
                        Vector serverSupplementalData = this.m12517.getServerSupplementalData();
                        if (serverSupplementalData != null) {
                            m8(serverSupplementalData);
                        }
                        this.m12505 = (short) 3;
                        this.m12403 = this.m12517.getKeyExchange();
                        this.m12403.init(this.m12518);
                        this.m12410 = this.m12517.getCredentials();
                        Certificate certificate = null;
                        if (this.m12410 == null) {
                            this.m12403.skipServerCredentials();
                        } else {
                            this.m12403.processServerCredentials(this.m12410);
                            certificate = this.m12410.getCertificate();
                            m2(certificate);
                        }
                        this.m12505 = (short) 4;
                        if (certificate == null || certificate.isEmpty()) {
                            this.m12401 = false;
                        }
                        if (this.m12401 && (certificateStatus = this.m12517.getCertificateStatus()) != null) {
                            TlsProtocol.z1 z1Var2 = new TlsProtocol.z1(this, (short) 22);
                            certificateStatus.encode(z1Var2);
                            z1Var2.m1();
                        }
                        this.m12505 = (short) 5;
                        byte[] generateServerKeyExchange = this.m12403.generateServerKeyExchange();
                        if (generateServerKeyExchange != null) {
                            TlsProtocol.z1 z1Var3 = new TlsProtocol.z1((short) 12, generateServerKeyExchange.length);
                            z1Var3.write(generateServerKeyExchange);
                            z1Var3.m1();
                        }
                        this.m12505 = (short) 6;
                        if (this.m12410 != null) {
                            this.m12405 = this.m12517.getCertificateRequest();
                            if (this.m12405 != null) {
                                if (TlsUtils.isTLSv12(this.m12518) != (this.m12405.getSupportedSignatureAlgorithms() != null)) {
                                    throw new TlsFatalAlert((short) 80);
                                }
                                this.m12403.validateCertificateRequest(this.m12405);
                                CertificateRequest certificateRequest = this.m12405;
                                TlsProtocol.z1 z1Var4 = new TlsProtocol.z1(this, (short) 13);
                                certificateRequest.encode(z1Var4);
                                z1Var4.m1();
                                TlsUtils.m1(this.m12500.m3198(), this.m12405.getSupportedSignatureAlgorithms());
                            }
                        }
                        this.m12505 = (short) 7;
                        byte[] bArr = new byte[4];
                        TlsUtils.writeUint8((short) 14, bArr, 0);
                        TlsUtils.writeUint24(0, bArr, 1);
                        m25(bArr, 0, 4);
                        this.m12505 = (short) 8;
                        this.m12500.m3198().sealHashAlgorithms();
                        return;
                    case 16:
                        m3195();
                        return;
                    default:
                        throw new TlsFatalAlert((short) 10);
                }
            case 2:
            case 3:
            case 4:
            case 5:
            case 6:
            case 7:
            case 8:
            case 9:
            case 10:
            case 12:
            case 13:
            case 14:
            case 17:
            case 18:
            case 19:
            case 21:
            case 22:
            default:
                throw new TlsFatalAlert((short) 10);
            case 11:
                switch (this.m12505) {
                    case 8:
                        this.m12517.processClientSupplementalData(null);
                        break;
                    case 9:
                        break;
                    default:
                        throw new TlsFatalAlert((short) 10);
                }
                if (this.m12405 == null) {
                    throw new TlsFatalAlert((short) 10);
                }
                Certificate parse = Certificate.parse(byteArrayInputStream);
                m2(byteArrayInputStream);
                notifyClientCertificate(parse);
                this.m12505 = (short) 10;
                return;
            case 15:
                switch (this.m12505) {
                    case 11:
                        if (!m3196()) {
                            throw new TlsFatalAlert((short) 10);
                        }
                        if (this.m12405 == null) {
                            throw new IllegalStateException();
                        }
                        DigitallySigned parse2 = DigitallySigned.parse(this.m12518, byteArrayInputStream);
                        ?? r0 = byteArrayInputStream;
                        m2((ByteArrayInputStream) r0);
                        try {
                            SignatureAndHashAlgorithm algorithm = parse2.getAlgorithm();
                            if (TlsUtils.isTLSv12(this.m12518)) {
                                TlsUtils.verifySupportedSignatureAlgorithm(this.m12405.getSupportedSignatureAlgorithms(), algorithm);
                                sessionHash = this.m12519.getFinalHash(algorithm.getHash());
                            } else {
                                sessionHash = this.m12503.getSessionHash();
                            }
                            AsymmetricKeyParameter createKey = PublicKeyFactory.createKey(this.m12504.getCertificateAt(0).getSubjectPublicKeyInfo());
                            TlsSigner createTlsSigner = TlsUtils.createTlsSigner(this.m12411);
                            createTlsSigner.init(this.m12518);
                            if (createTlsSigner.verifyRawSignature(algorithm, parse2.getSignature(), createKey, sessionHash)) {
                                this.m12505 = (short) 12;
                                return;
                            } else {
                                r0 = new TlsFatalAlert((short) 51);
                                throw r0;
                            }
                        } catch (TlsFatalAlert e) {
                            throw r0;
                        } catch (Exception e2) {
                            throw new TlsFatalAlert((short) 51, e2);
                        }
                    default:
                        throw new TlsFatalAlert((short) 10);
                }
            case 16:
                switch (this.m12505) {
                    case 8:
                        this.m12517.processClientSupplementalData(null);
                    case 9:
                        if (this.m12405 == null) {
                            this.m12403.skipClientCredentials();
                        } else {
                            if (TlsUtils.isTLSv12(this.m12518)) {
                                throw new TlsFatalAlert((short) 10);
                            }
                            if (!TlsUtils.isSSL(this.m12518)) {
                                notifyClientCertificate(Certificate.EMPTY_CHAIN);
                            } else if (this.m12504 == null) {
                                throw new TlsFatalAlert((short) 10);
                            }
                        }
                    case 10:
                        this.m12403.processClientKeyExchange(byteArrayInputStream);
                        m2(byteArrayInputStream);
                        if (TlsUtils.isSSL(this.m12518)) {
                            m1(this.m12518, this.m12403);
                        }
                        this.m12519 = this.m12500.m3200();
                        this.m12503.m12444 = m1(this.m12518, this.m12519, (byte[]) null);
                        if (!TlsUtils.isSSL(this.m12518)) {
                            m1(this.m12518, this.m12403);
                        }
                        this.m12500.m1(this.m12517.getCompression(), this.m12517.getCipher());
                        this.m12505 = (short) 11;
                        return;
                    default:
                        throw new TlsFatalAlert((short) 10);
                }
            case 20:
                switch (this.m12505) {
                    case 11:
                        if (m3196()) {
                            throw new TlsFatalAlert((short) 10);
                        }
                        break;
                    case 12:
                        break;
                    default:
                        throw new TlsFatalAlert((short) 10);
                }
                m1(byteArrayInputStream);
                this.m12505 = (short) 13;
                if (this.m12402) {
                    NewSessionTicket newSessionTicket = this.m12517.getNewSessionTicket();
                    if (newSessionTicket == null) {
                        throw new TlsFatalAlert((short) 80);
                    }
                    TlsProtocol.z1 z1Var5 = new TlsProtocol.z1(this, (short) 4);
                    newSessionTicket.encode(z1Var5);
                    z1Var5.m1();
                }
                this.m12505 = (short) 14;
                m3193();
                m3194();
                this.m12505 = (short) 15;
                m3189();
                return;
            case 23:
                switch (this.m12505) {
                    case 8:
                        this.m12517.processClientSupplementalData(m4(byteArrayInputStream));
                        this.m12505 = (short) 9;
                        return;
                    default:
                        throw new TlsFatalAlert((short) 10);
                }
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    /* JADX WARN: Failed to find 'out' block for switch in B:8:0x002f. Please report as an issue. */
    @Override // com.aspose.pdf.internal.imaging.internal.bouncycastle.crypto.tls.TlsProtocol
    public final void m105(short s) throws IOException {
        super.m105(s);
        switch (s) {
            case 41:
                if (TlsUtils.isSSL(this.m12518) && this.m12405 != null) {
                    switch (this.m12505) {
                        case 8:
                            this.m12517.processClientSupplementalData(null);
                        case 9:
                            notifyClientCertificate(Certificate.EMPTY_CHAIN);
                            this.m12505 = (short) 10;
                            return;
                    }
                }
                throw new TlsFatalAlert((short) 10);
            default:
                return;
        }
    }

    private void notifyClientCertificate(Certificate certificate) throws IOException {
        if (this.m12405 == null) {
            throw new IllegalStateException();
        }
        if (this.m12504 != null) {
            throw new TlsFatalAlert((short) 10);
        }
        this.m12504 = certificate;
        if (certificate.isEmpty()) {
            this.m12403.skipClientCredentials();
        } else {
            this.m12410.getCertificate();
            this.m12411 = TlsUtils.m3(certificate);
            this.m12403.processClientCertificate(certificate);
        }
        this.m12517.notifyClientCertificate(certificate);
    }

    private boolean m3196() {
        return this.m12411 >= 0 && TlsUtils.hasSigningCapability(this.m12411);
    }
}
