package net.luminis.tls.engine.impl;

import java.nio.ByteBuffer;
import java.security.PrivateKey;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.HashSet;
import java.util.List;
import java.util.Set;
import java.util.function.Function;
import net.luminis.tls.ProtectionKeysType;
import net.luminis.tls.TlsConstants;
import net.luminis.tls.TlsProtocolException;
import net.luminis.tls.alert.DecryptErrorAlert;
import net.luminis.tls.alert.UnexpectedMessageAlert;
import net.luminis.tls.engine.ServerMessageProcessor;
import net.luminis.tls.engine.ServerMessageSender;
import net.luminis.tls.engine.TlsServerEngine;
import net.luminis.tls.engine.TlsSessionRegistry;
import net.luminis.tls.engine.TlsStatusEventHandler;
import net.luminis.tls.extension.ClientHelloPreSharedKeyExtension;
import net.luminis.tls.extension.Extension;
import net.luminis.tls.handshake.CertificateMessage;
import net.luminis.tls.handshake.CertificateRequestMessage;
import net.luminis.tls.handshake.CertificateVerifyMessage;
import net.luminis.tls.handshake.ClientHello;
import net.luminis.tls.handshake.EncryptedExtensions;
import net.luminis.tls.handshake.FinishedMessage;
import net.luminis.tls.handshake.NewSessionTicketMessage;
import net.luminis.tls.handshake.ServerHello;

/* loaded from: classes.dex */
public class TlsServerEngineImpl extends TlsEngineImpl implements TlsServerEngine, ServerMessageProcessor {
    private byte[] additionalSessionData;
    private PrivateKey certificatePrivateKey;
    private List<TlsConstants.PskKeyExchangeMode> clientSupportedKeyExchangeModes;
    private final ArrayList<Extension> extensions;
    private String selectedApplicationLayerProtocol;
    private TlsConstants.CipherSuite selectedCipher;
    private List<X509Certificate> serverCertificateChain;
    private List<Extension> serverExtensions;
    private ServerMessageSender serverMessageSender;
    private Function<ByteBuffer, Boolean> sessionDataVerificationCallback;
    private TlsSessionRegistry sessionRegistry;
    public TlsStatusEventHandler statusHandler;
    private final Set<TlsConstants.CipherSuite> supportedCiphers;
    private TranscriptHash transcriptHash;
    private Status status = Status.Start;
    private byte currentTicketNumber = 0;
    private Long maxEarlyDataSize = 4294967295L;

    /* loaded from: classes.dex */
    public enum Status {
        Start,
        ReceivedClientHello,
        Negotiated,
        WaitFinished,
        Connected
    }

    public TlsServerEngineImpl(X509Certificate x509Certificate, PrivateKey privateKey, ServerMessageSender serverMessageSender, TlsStatusEventHandler tlsStatusEventHandler, TlsSessionRegistry tlsSessionRegistry) {
        this.serverCertificateChain = single(x509Certificate);
        this.certificatePrivateKey = privateKey;
        this.serverMessageSender = serverMessageSender;
        this.statusHandler = tlsStatusEventHandler;
        HashSet hashSet = new HashSet();
        this.supportedCiphers = hashSet;
        hashSet.add(TlsConstants.CipherSuite.TLS_AES_128_GCM_SHA256);
        this.extensions = new ArrayList<>();
        this.serverExtensions = new ArrayList();
        this.clientSupportedKeyExchangeModes = new ArrayList();
        this.sessionRegistry = tlsSessionRegistry;
    }

    public TlsServerEngineImpl(List<X509Certificate> list, PrivateKey privateKey, ServerMessageSender serverMessageSender, TlsStatusEventHandler tlsStatusEventHandler, TlsSessionRegistry tlsSessionRegistry) {
        this.serverCertificateChain = list;
        this.certificatePrivateKey = privateKey;
        this.serverMessageSender = serverMessageSender;
        this.statusHandler = tlsStatusEventHandler;
        HashSet hashSet = new HashSet();
        this.supportedCiphers = hashSet;
        hashSet.add(TlsConstants.CipherSuite.TLS_AES_128_GCM_SHA256);
        this.extensions = new ArrayList<>();
        this.serverExtensions = new ArrayList();
        this.clientSupportedKeyExchangeModes = new ArrayList();
        this.sessionRegistry = tlsSessionRegistry;
    }

    public static TlsConstants.SignatureScheme determineSignatureScheme(X509Certificate x509Certificate) {
        String sigAlgName = x509Certificate.getSigAlgName();
        sigAlgName.hashCode();
        sigAlgName.hashCode();
        char c = 65535;
        switch (sigAlgName.hashCode()) {
            case -840266709:
                if (sigAlgName.equals("SHA384WITHECDSA")) {
                    c = 0;
                    break;
                }
                break;
            case -794853417:
                if (sigAlgName.equals("SHA384withRSA")) {
                    c = 1;
                    break;
                }
                break;
            case -611254448:
                if (sigAlgName.equals("SHA512withRSA")) {
                    c = 2;
                    break;
                }
                break;
            case -495316636:
                if (sigAlgName.equals("SHA512WITHECDSA")) {
                    c = 3;
                    break;
                }
                break;
            case -280290445:
                if (sigAlgName.equals("SHA256withRSA")) {
                    c = 4;
                    break;
                }
                break;
            case -266489657:
                if (sigAlgName.equals("SHA256WITHECDSA")) {
                    c = 5;
                    break;
                }
                break;
            case -76838953:
                if (sigAlgName.equals("SHA384WITHRSA")) {
                    c = 6;
                    break;
                }
                break;
            case 106760016:
                if (sigAlgName.equals("SHA512WITHRSA")) {
                    c = 7;
                    break;
                }
                break;
            case 437724019:
                if (sigAlgName.equals("SHA256WITHRSA")) {
                    c = '\b';
                    break;
                }
                break;
            case 637568043:
                if (sigAlgName.equals("SHA384withECDSA")) {
                    c = '\t';
                    break;
                }
                break;
            case 982518116:
                if (sigAlgName.equals("SHA512withECDSA")) {
                    c = '\n';
                    break;
                }
                break;
            case 1211345095:
                if (sigAlgName.equals("SHA256withECDSA")) {
                    c = 11;
                    break;
                }
                break;
        }
        switch (c) {
            case 0:
            case '\t':
                return TlsConstants.SignatureScheme.ecdsa_secp384r1_sha384;
            case 1:
            case 6:
                return TlsConstants.SignatureScheme.rsa_pss_rsae_sha384;
            case 2:
            case 7:
                return TlsConstants.SignatureScheme.rsa_pss_rsae_sha512;
            case 3:
            case '\n':
                return TlsConstants.SignatureScheme.ecdsa_secp521r1_sha512;
            case 4:
            case '\b':
                return TlsConstants.SignatureScheme.rsa_pss_rsae_sha256;
            case 5:
            case 11:
                return TlsConstants.SignatureScheme.ecdsa_secp256r1_sha256;
            default:
                StringBuilder OO00OO00000000000000 = com.android.tools.r8.O0000000000000000000.OO00OO00000000000000("Unknown or unsupported certificate type ");
                OO00OO00000000000000.append(x509Certificate.getSigAlgName());
                throw new TlsProtocolException(OO00OO00000000000000.toString());
        }
    }

    private boolean isAcceptable(byte[] bArr) {
        Function<ByteBuffer, Boolean> function = this.sessionDataVerificationCallback;
        if (function == null || bArr == null) {
            return true;
        }
        return function.apply(ByteBuffer.wrap(bArr)).booleanValue();
    }

    private List<X509Certificate> single(X509Certificate x509Certificate) {
        ArrayList arrayList = new ArrayList(1);
        arrayList.add(x509Certificate);
        return arrayList;
    }

    @Override // net.luminis.tls.engine.TlsServerEngine
    public void addServerExtensions(Extension extension) {
        this.serverExtensions.add(extension);
    }

    @Override // net.luminis.tls.engine.TlsServerEngine
    public void addSupportedCiphers(List<TlsConstants.CipherSuite> list) {
        this.supportedCiphers.addAll(list);
    }

    @Override // net.luminis.tls.engine.impl.TlsEngineImpl, net.luminis.tls.engine.TlsClientEngine
    public TlsConstants.CipherSuite getSelectedCipher() {
        return this.selectedCipher;
    }

    @Override // net.luminis.tls.engine.TlsServerEngine
    public List<Extension> getServerExtensions() {
        return this.serverExtensions;
    }

    @Override // net.luminis.tls.engine.MessageProcessor
    public void received(CertificateMessage certificateMessage, ProtectionKeysType protectionKeysType) {
    }

    @Override // net.luminis.tls.engine.MessageProcessor
    public void received(CertificateRequestMessage certificateRequestMessage, ProtectionKeysType protectionKeysType) {
    }

    @Override // net.luminis.tls.engine.MessageProcessor
    public void received(CertificateVerifyMessage certificateVerifyMessage, ProtectionKeysType protectionKeysType) {
    }

    /* JADX WARN: Removed duplicated region for block: B:102:0x0213  */
    /* JADX WARN: Removed duplicated region for block: B:105:0x0273  */
    /* JADX WARN: Removed duplicated region for block: B:108:0x02aa  */
    /* JADX WARN: Removed duplicated region for block: B:111:0x02c7  */
    /* JADX WARN: Removed duplicated region for block: B:114:0x0236  */
    @Override // net.luminis.tls.engine.MessageProcessor
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public void received(net.luminis.tls.handshake.ClientHello r13, net.luminis.tls.ProtectionKeysType r14) {
        /*
            Method dump skipped, instructions count: 889
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: net.luminis.tls.engine.impl.TlsServerEngineImpl.received(net.luminis.tls.handshake.ClientHello, net.luminis.tls.ProtectionKeysType):void");
    }

    @Override // net.luminis.tls.engine.MessageProcessor
    public void received(EncryptedExtensions encryptedExtensions, ProtectionKeysType protectionKeysType) {
    }

    @Override // net.luminis.tls.engine.MessageProcessor
    public void received(FinishedMessage finishedMessage, ProtectionKeysType protectionKeysType) {
        if (this.status != Status.WaitFinished) {
            return;
        }
        if (protectionKeysType != ProtectionKeysType.Handshake) {
            throw new UnexpectedMessageAlert("incorrect protection level");
        }
        this.transcriptHash.recordClient(finishedMessage);
        if (!Arrays.equals(finishedMessage.getVerifyData(), computeFinishedVerifyData(this.transcriptHash.getServerHash(TlsConstants.HandshakeType.finished), this.state.getClientHandshakeTrafficSecret()))) {
            throw new DecryptErrorAlert("incorrect finished message");
        }
        this.state.computeResumptionMasterSecret();
        this.statusHandler.handshakeFinished();
        this.status = Status.Connected;
        if (this.sessionRegistry == null || !this.clientSupportedKeyExchangeModes.contains(TlsConstants.PskKeyExchangeMode.psk_dhe_ke)) {
            return;
        }
        TlsSessionRegistry tlsSessionRegistry = this.sessionRegistry;
        byte b = this.currentTicketNumber;
        this.currentTicketNumber = (byte) (b + 1);
        this.serverMessageSender.send(tlsSessionRegistry.createNewSessionTicketMessage(b, this.selectedCipher, this.state, this.selectedApplicationLayerProtocol, this.maxEarlyDataSize, this.additionalSessionData));
    }

    @Override // net.luminis.tls.engine.MessageProcessor
    public void received(NewSessionTicketMessage newSessionTicketMessage, ProtectionKeysType protectionKeysType) {
    }

    @Override // net.luminis.tls.engine.MessageProcessor
    public void received(ServerHello serverHello, ProtectionKeysType protectionKeysType) {
    }

    @Override // net.luminis.tls.engine.TlsServerEngine
    public void setSelectedApplicationLayerProtocol(String str) {
        if (str == null) {
            throw new IllegalArgumentException();
        }
        this.selectedApplicationLayerProtocol = str;
    }

    @Override // net.luminis.tls.engine.TlsServerEngine
    public void setServerMessageSender(ServerMessageSender serverMessageSender) {
        this.serverMessageSender = serverMessageSender;
    }

    @Override // net.luminis.tls.engine.TlsServerEngine
    public void setSessionData(byte[] bArr) {
        this.additionalSessionData = bArr;
    }

    @Override // net.luminis.tls.engine.TlsServerEngine
    public void setSessionDataVerificationCallback(Function<ByteBuffer, Boolean> function) {
        this.sessionDataVerificationCallback = function;
    }

    @Override // net.luminis.tls.engine.TlsServerEngine
    public void setStatusHandler(TlsStatusEventHandler tlsStatusEventHandler) {
        this.statusHandler = tlsStatusEventHandler;
    }

    public boolean validateBinder(ClientHelloPreSharedKeyExtension.PskBinderEntry pskBinderEntry, int i, ClientHello clientHello) {
        return Arrays.equals(pskBinderEntry.getHmac(), this.state.computePskBinder(Arrays.copyOfRange(clientHello.getBytes(), 0, clientHello.getPskExtensionStartPosition() + i)));
    }
}
