package com.aspose.pdf.internal.imaging.internal.bouncycastle.crypto.tls;

import com.aspose.pdf.internal.imaging.internal.bouncycastle.crypto.params.AsymmetricKeyParameter;
import com.aspose.pdf.internal.imaging.internal.bouncycastle.crypto.tls.z17;
import com.aspose.pdf.internal.imaging.internal.bouncycastle.crypto.util.PublicKeyFactory;
import com.aspose.pdf.internal.imaging.internal.bouncycastle.util.Arrays;
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.io.OutputStream;
import java.security.SecureRandom;
import java.util.Hashtable;
import java.util.Vector;

/* loaded from: input_file:com/aspose/pdf/internal/imaging/internal/bouncycastle/crypto/tls/DTLSServerProtocol.class */
public class DTLSServerProtocol extends DTLSProtocol {
    private boolean m12407;

    /* loaded from: input_file:com/aspose/pdf/internal/imaging/internal/bouncycastle/crypto/tls/DTLSServerProtocol$ServerHandshakeState.class */
    public static class ServerHandshakeState {
        TlsServer m12408 = null;
        z10 m12409 = null;
        TlsSession m12395 = null;
        SessionParameters m12396 = null;
        int[] m12373 = null;
        short[] m12374 = null;
        Hashtable m12397 = null;
        Hashtable m12379 = null;
        boolean m12399 = false;
        boolean m12400 = false;
        boolean m12401 = false;
        boolean m12402 = false;
        TlsKeyExchange m12403 = null;
        TlsCredentials m12410 = null;
        CertificateRequest m12405 = null;
        short m12411 = -1;
        Certificate m12412 = null;

        protected ServerHandshakeState() {
        }
    }

    public DTLSServerProtocol(SecureRandom secureRandom) {
        super(secureRandom);
        this.m12407 = true;
    }

    public boolean getVerifyRequests() {
        return this.m12407;
    }

    public void setVerifyRequests(boolean z) {
        this.m12407 = z;
    }

    public DTLSTransport accept(TlsServer tlsServer, DatagramTransport datagramTransport) throws IOException {
        CertificateStatus certificateStatus;
        if (tlsServer == null) {
            throw new IllegalArgumentException("'server' cannot be null");
        }
        if (datagramTransport == null) {
            throw new IllegalArgumentException("'transport' cannot be null");
        }
        SecurityParameters securityParameters = new SecurityParameters();
        securityParameters.m12436 = 0;
        ServerHandshakeState serverHandshakeState = new ServerHandshakeState();
        serverHandshakeState.m12408 = tlsServer;
        serverHandshakeState.m12409 = new z10(this.secureRandom, securityParameters);
        securityParameters.m12443 = TlsProtocol.m1(tlsServer.shouldUseGMTUnixTime(), serverHandshakeState.m12409.getNonceRandomGenerator());
        tlsServer.init(serverHandshakeState.m12409);
        z16 z16Var = new z16(datagramTransport, serverHandshakeState.m12409, tlsServer);
        try {
            try {
                try {
                    SecurityParameters securityParameters2 = serverHandshakeState.m12409.getSecurityParameters();
                    z17 z17Var = new z17(serverHandshakeState.m12409, z16Var);
                    z17.z1 m3205 = z17Var.m3205();
                    if (m3205.m2() != 1) {
                        throw new TlsFatalAlert((short) 10);
                    }
                    ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(m3205.m3());
                    ProtocolVersion readVersion = TlsUtils.readVersion(byteArrayInputStream);
                    if (!readVersion.isDTLS()) {
                        throw new TlsFatalAlert((short) 47);
                    }
                    byte[] readFully = TlsUtils.readFully(32, byteArrayInputStream);
                    if (TlsUtils.readOpaque8(byteArrayInputStream).length > 32) {
                        throw new TlsFatalAlert((short) 47);
                    }
                    TlsUtils.readOpaque8(byteArrayInputStream);
                    int readUint16 = TlsUtils.readUint16(byteArrayInputStream);
                    if (readUint16 < 2 || (readUint16 & 1) != 0) {
                        throw new TlsFatalAlert((short) 50);
                    }
                    serverHandshakeState.m12373 = TlsUtils.readUint16Array(readUint16 / 2, byteArrayInputStream);
                    short readUint8 = TlsUtils.readUint8(byteArrayInputStream);
                    if (readUint8 <= 0) {
                        throw new TlsFatalAlert((short) 47);
                    }
                    serverHandshakeState.m12374 = TlsUtils.readUint8Array(readUint8, byteArrayInputStream);
                    serverHandshakeState.m12397 = TlsProtocol.m3(byteArrayInputStream);
                    z10 z10Var = serverHandshakeState.m12409;
                    SecurityParameters securityParameters3 = z10Var.getSecurityParameters();
                    securityParameters3.m12448 = TlsExtensionsUtils.hasExtendedMasterSecretExtension(serverHandshakeState.m12397);
                    z10Var.m1(readVersion);
                    serverHandshakeState.m12408.notifyClientVersion(readVersion);
                    serverHandshakeState.m12408.notifyFallback(Arrays.contains(serverHandshakeState.m12373, CipherSuite.TLS_FALLBACK_SCSV));
                    securityParameters3.m12442 = readFully;
                    serverHandshakeState.m12408.notifyOfferedCipherSuites(serverHandshakeState.m12373);
                    serverHandshakeState.m12408.notifyOfferedCompressionMethods(serverHandshakeState.m12374);
                    if (Arrays.contains(serverHandshakeState.m12373, 255)) {
                        serverHandshakeState.m12400 = true;
                    }
                    byte[] extensionData = TlsUtils.getExtensionData(serverHandshakeState.m12397, TlsProtocol.m12496);
                    if (extensionData != null) {
                        serverHandshakeState.m12400 = true;
                        if (!Arrays.constantTimeAreEqual(extensionData, TlsProtocol.m162(TlsUtils.EMPTY_BYTES))) {
                            throw new TlsFatalAlert((short) 40);
                        }
                    }
                    serverHandshakeState.m12408.notifySecureRenegotiation(serverHandshakeState.m12400);
                    if (serverHandshakeState.m12397 != null) {
                        TlsExtensionsUtils.getPaddingExtension(serverHandshakeState.m12397);
                        serverHandshakeState.m12408.processClientExtensions(serverHandshakeState.m12397);
                    }
                    SecurityParameters securityParameters4 = serverHandshakeState.m12409.getSecurityParameters();
                    ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
                    ProtocolVersion serverVersion = serverHandshakeState.m12408.getServerVersion();
                    if (!serverVersion.isEqualOrEarlierVersionOf(serverHandshakeState.m12409.getClientVersion())) {
                        throw new TlsFatalAlert((short) 80);
                    }
                    serverHandshakeState.m12409.m2(serverVersion);
                    TlsUtils.writeVersion(serverHandshakeState.m12409.getServerVersion(), byteArrayOutputStream);
                    byteArrayOutputStream.write(securityParameters4.getServerRandom());
                    TlsUtils.writeOpaque8(TlsUtils.EMPTY_BYTES, byteArrayOutputStream);
                    int selectedCipherSuite = serverHandshakeState.m12408.getSelectedCipherSuite();
                    if (!Arrays.contains(serverHandshakeState.m12373, selectedCipherSuite) || selectedCipherSuite == 0 || CipherSuite.isSCSV(selectedCipherSuite) || !TlsUtils.isValidCipherSuiteForVersion(selectedCipherSuite, serverHandshakeState.m12409.getServerVersion())) {
                        throw new TlsFatalAlert((short) 80);
                    }
                    m8(selectedCipherSuite, (short) 80);
                    securityParameters4.m12437 = selectedCipherSuite;
                    short selectedCompressionMethod = serverHandshakeState.m12408.getSelectedCompressionMethod();
                    if (!Arrays.contains(serverHandshakeState.m12374, selectedCompressionMethod)) {
                        throw new TlsFatalAlert((short) 80);
                    }
                    securityParameters4.m12438 = selectedCompressionMethod;
                    TlsUtils.writeUint16(selectedCipherSuite, byteArrayOutputStream);
                    TlsUtils.writeUint8(selectedCompressionMethod, (OutputStream) byteArrayOutputStream);
                    serverHandshakeState.m12379 = serverHandshakeState.m12408.getServerExtensions();
                    if (serverHandshakeState.m12400) {
                        if (TlsUtils.getExtensionData(serverHandshakeState.m12379, TlsProtocol.m12496) == null) {
                            serverHandshakeState.m12379 = TlsExtensionsUtils.ensureExtensionsInitialised(serverHandshakeState.m12379);
                            serverHandshakeState.m12379.put(TlsProtocol.m12496, TlsProtocol.m162(TlsUtils.EMPTY_BYTES));
                        }
                    }
                    if (securityParameters4.m12448) {
                        serverHandshakeState.m12379 = TlsExtensionsUtils.ensureExtensionsInitialised(serverHandshakeState.m12379);
                        TlsExtensionsUtils.addExtendedMasterSecretExtension(serverHandshakeState.m12379);
                    }
                    if (serverHandshakeState.m12379 != null) {
                        securityParameters4.m12447 = TlsExtensionsUtils.hasEncryptThenMACExtension(serverHandshakeState.m12379);
                        securityParameters4.m12445 = m1(false, serverHandshakeState.m12397, serverHandshakeState.m12379, (short) 80);
                        securityParameters4.m12446 = TlsExtensionsUtils.hasTruncatedHMacExtension(serverHandshakeState.m12379);
                        serverHandshakeState.m12401 = TlsUtils.hasExpectedEmptyExtensionData(serverHandshakeState.m12379, TlsExtensionsUtils.EXT_status_request, (short) 80);
                        serverHandshakeState.m12402 = TlsUtils.hasExpectedEmptyExtensionData(serverHandshakeState.m12379, TlsProtocol.m12497, (short) 80);
                        TlsProtocol.m1(byteArrayOutputStream, serverHandshakeState.m12379);
                    }
                    securityParameters4.m12439 = TlsProtocol.m1(serverHandshakeState.m12409, securityParameters4.getCipherSuite());
                    securityParameters4.m12440 = 12;
                    byte[] byteArray = byteArrayOutputStream.toByteArray();
                    m1(z16Var, securityParameters2.m12445);
                    ProtocolVersion serverVersion2 = serverHandshakeState.m12409.getServerVersion();
                    z16Var.m1(serverVersion2);
                    z16Var.m2(serverVersion2);
                    z17Var.m1((short) 2, byteArray);
                    z17Var.m1();
                    Vector serverSupplementalData = serverHandshakeState.m12408.getServerSupplementalData();
                    if (serverSupplementalData != null) {
                        z17Var.m1((short) 23, m6(serverSupplementalData));
                    }
                    serverHandshakeState.m12403 = serverHandshakeState.m12408.getKeyExchange();
                    serverHandshakeState.m12403.init(serverHandshakeState.m12409);
                    serverHandshakeState.m12410 = serverHandshakeState.m12408.getCredentials();
                    Certificate certificate = null;
                    if (serverHandshakeState.m12410 == null) {
                        serverHandshakeState.m12403.skipServerCredentials();
                    } else {
                        serverHandshakeState.m12403.processServerCredentials(serverHandshakeState.m12410);
                        Certificate certificate2 = serverHandshakeState.m12410.getCertificate();
                        certificate = certificate2;
                        z17Var.m1((short) 11, m1(certificate2));
                    }
                    if (certificate == null || certificate.isEmpty()) {
                        serverHandshakeState.m12401 = false;
                    }
                    if (serverHandshakeState.m12401 && (certificateStatus = serverHandshakeState.m12408.getCertificateStatus()) != null) {
                        ByteArrayOutputStream byteArrayOutputStream2 = new ByteArrayOutputStream();
                        certificateStatus.encode(byteArrayOutputStream2);
                        z17Var.m1((short) 22, byteArrayOutputStream2.toByteArray());
                    }
                    byte[] generateServerKeyExchange = serverHandshakeState.m12403.generateServerKeyExchange();
                    if (generateServerKeyExchange != null) {
                        z17Var.m1((short) 12, generateServerKeyExchange);
                    }
                    if (serverHandshakeState.m12410 != null) {
                        serverHandshakeState.m12405 = serverHandshakeState.m12408.getCertificateRequest();
                        if (serverHandshakeState.m12405 != null) {
                            if (TlsUtils.isTLSv12(serverHandshakeState.m12409) != (serverHandshakeState.m12405.getSupportedSignatureAlgorithms() != null)) {
                                throw new TlsFatalAlert((short) 80);
                            }
                            serverHandshakeState.m12403.validateCertificateRequest(serverHandshakeState.m12405);
                            CertificateRequest certificateRequest = serverHandshakeState.m12405;
                            ByteArrayOutputStream byteArrayOutputStream3 = new ByteArrayOutputStream();
                            certificateRequest.encode(byteArrayOutputStream3);
                            z17Var.m1((short) 13, byteArrayOutputStream3.toByteArray());
                            TlsUtils.m1(z17Var.m3203(), serverHandshakeState.m12405.getSupportedSignatureAlgorithms());
                        }
                    }
                    z17Var.m1((short) 14, TlsUtils.EMPTY_BYTES);
                    z17Var.m3203().sealHashAlgorithms();
                    z17.z1 m32052 = z17Var.m3205();
                    z17.z1 z1Var = m32052;
                    if (m32052.m2() == 23) {
                        serverHandshakeState.m12408.processClientSupplementalData(TlsProtocol.m4(new ByteArrayInputStream(z1Var.m3())));
                        z1Var = z17Var.m3205();
                    } else {
                        serverHandshakeState.m12408.processClientSupplementalData(null);
                    }
                    if (serverHandshakeState.m12405 == null) {
                        serverHandshakeState.m12403.skipClientCredentials();
                    } else if (z1Var.m2() == 11) {
                        ByteArrayInputStream byteArrayInputStream2 = new ByteArrayInputStream(z1Var.m3());
                        Certificate parse = Certificate.parse(byteArrayInputStream2);
                        TlsProtocol.m2(byteArrayInputStream2);
                        m1(serverHandshakeState, parse);
                        z1Var = z17Var.m3205();
                    } else {
                        if (TlsUtils.isTLSv12(serverHandshakeState.m12409)) {
                            throw new TlsFatalAlert((short) 10);
                        }
                        m1(serverHandshakeState, Certificate.EMPTY_CHAIN);
                    }
                    if (z1Var.m2() != 16) {
                        throw new TlsFatalAlert((short) 10);
                    }
                    ByteArrayInputStream byteArrayInputStream3 = new ByteArrayInputStream(z1Var.m3());
                    serverHandshakeState.m12403.processClientKeyExchange(byteArrayInputStream3);
                    TlsProtocol.m2(byteArrayInputStream3);
                    TlsHandshakeHash m3204 = z17Var.m3204();
                    securityParameters2.m12444 = TlsProtocol.m1(serverHandshakeState.m12409, m3204, (byte[]) null);
                    TlsProtocol.m1(serverHandshakeState.m12409, serverHandshakeState.m12403);
                    z16Var.m1(serverHandshakeState.m12408.getCipher());
                    if (serverHandshakeState.m12411 >= 0 && TlsUtils.hasSigningCapability(serverHandshakeState.m12411)) {
                        m1(serverHandshakeState, z17Var.m1((short) 15), m3204);
                    }
                    m20(z17Var.m1((short) 20), TlsUtils.m1(serverHandshakeState.m12409, ExporterLabel.client_finished, TlsProtocol.m1(serverHandshakeState.m12409, z17Var.m3203(), (byte[]) null)));
                    if (serverHandshakeState.m12402) {
                        NewSessionTicket newSessionTicket = serverHandshakeState.m12408.getNewSessionTicket();
                        ByteArrayOutputStream byteArrayOutputStream4 = new ByteArrayOutputStream();
                        newSessionTicket.encode(byteArrayOutputStream4);
                        z17Var.m1((short) 4, byteArrayOutputStream4.toByteArray());
                    }
                    z17Var.m1((short) 20, TlsUtils.m1(serverHandshakeState.m12409, ExporterLabel.server_finished, TlsProtocol.m1(serverHandshakeState.m12409, z17Var.m3203(), (byte[]) null)));
                    z17Var.m5();
                    serverHandshakeState.m12408.notifyHandshakeComplete();
                    DTLSTransport dTLSTransport = new DTLSTransport(z16Var);
                    securityParameters.clear();
                    return dTLSTransport;
                } catch (IOException e) {
                    m1(serverHandshakeState, z16Var, (short) 80);
                    throw e;
                }
            } catch (TlsFatalAlert e2) {
                m1(serverHandshakeState, z16Var, e2.getAlertDescription());
                throw e2;
            } catch (RuntimeException e3) {
                m1(serverHandshakeState, z16Var, (short) 80);
                throw new TlsFatalAlert((short) 80, e3);
            }
        } catch (Throwable th) {
            securityParameters.clear();
            throw th;
        }
    }

    private void m1(ServerHandshakeState serverHandshakeState, z16 z16Var, short s) {
        z16Var.m1(s);
    }

    private static void m1(ServerHandshakeState serverHandshakeState, Certificate certificate) throws IOException {
        if (serverHandshakeState.m12405 == null) {
            throw new IllegalStateException();
        }
        if (serverHandshakeState.m12412 != null) {
            throw new TlsFatalAlert((short) 10);
        }
        serverHandshakeState.m12412 = certificate;
        if (certificate.isEmpty()) {
            serverHandshakeState.m12403.skipClientCredentials();
        } else {
            serverHandshakeState.m12410.getCertificate();
            serverHandshakeState.m12411 = TlsUtils.m3(certificate);
            serverHandshakeState.m12403.processClientCertificate(certificate);
        }
        serverHandshakeState.m12408.notifyClientCertificate(certificate);
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r0v26, types: [java.lang.Throwable, com.aspose.pdf.internal.imaging.internal.bouncycastle.crypto.tls.TlsFatalAlert] */
    /* JADX WARN: Type inference failed for: r0v6, types: [java.io.ByteArrayInputStream] */
    /* JADX WARN: Type inference failed for: r0v8, types: [java.lang.Throwable] */
    private static void m1(ServerHandshakeState serverHandshakeState, byte[] bArr, TlsHandshakeHash tlsHandshakeHash) throws IOException {
        byte[] sessionHash;
        if (serverHandshakeState.m12405 == null) {
            throw new IllegalStateException();
        }
        ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(bArr);
        z10 z10Var = serverHandshakeState.m12409;
        DigitallySigned parse = DigitallySigned.parse(z10Var, byteArrayInputStream);
        ?? r0 = byteArrayInputStream;
        TlsProtocol.m2((ByteArrayInputStream) r0);
        try {
            SignatureAndHashAlgorithm algorithm = parse.getAlgorithm();
            if (TlsUtils.isTLSv12(z10Var)) {
                TlsUtils.verifySupportedSignatureAlgorithm(serverHandshakeState.m12405.getSupportedSignatureAlgorithms(), algorithm);
                sessionHash = tlsHandshakeHash.getFinalHash(algorithm.getHash());
            } else {
                sessionHash = z10Var.getSecurityParameters().getSessionHash();
            }
            AsymmetricKeyParameter createKey = PublicKeyFactory.createKey(serverHandshakeState.m12412.getCertificateAt(0).getSubjectPublicKeyInfo());
            TlsSigner createTlsSigner = TlsUtils.createTlsSigner(serverHandshakeState.m12411);
            createTlsSigner.init(z10Var);
            if (createTlsSigner.verifyRawSignature(algorithm, parse.getSignature(), createKey, sessionHash)) {
                return;
            }
            r0 = new TlsFatalAlert((short) 51);
            throw r0;
        } catch (TlsFatalAlert e) {
            throw r0;
        } catch (Exception e2) {
            throw new TlsFatalAlert((short) 51, e2);
        }
    }
}
