package org.bouncycastle.crypto.tls;

import java.io.IOException;
import java.util.Hashtable;
import java.util.Vector;

/* loaded from: classes2.dex */
public abstract class i extends h implements eo {
    protected da cipherFactory;
    protected short[] clientECPointFormats;
    protected Hashtable clientExtensions;
    protected cc clientVersion;
    protected ep context;
    protected boolean eccCipherSuitesOffered;
    protected boolean encryptThenMACOffered;
    protected short maxFragmentLengthOffered;
    protected int[] namedCurves;
    protected int[] offeredCipherSuites;
    protected short[] offeredCompressionMethods;
    protected int selectedCipherSuite;
    protected short selectedCompressionMethod;
    protected short[] serverECPointFormats;
    protected Hashtable serverExtensions;
    protected cc serverVersion;
    protected Vector supportedSignatureAlgorithms;
    protected boolean truncatedHMacOffered;

    public i() {
        this(new aw());
    }

    public i(da daVar) {
        this.cipherFactory = daVar;
    }

    protected boolean a() {
        return true;
    }

    protected boolean a(int[] iArr, short[] sArr) {
        if (iArr == null) {
            return dn.hasAnySupportedNamedCurves();
        }
        for (int i : iArr) {
            if (bw.isValid(i) && (!bw.refersToASpecificNamedCurve(i) || dn.isSupportedNamedCurve(i))) {
                return true;
            }
        }
        return false;
    }

    protected boolean b() {
        return false;
    }

    protected Hashtable c() {
        Hashtable ensureExtensionsInitialised = ds.ensureExtensionsInitialised(this.serverExtensions);
        this.serverExtensions = ensureExtensionsInitialised;
        return ensureExtensionsInitialised;
    }

    protected short[] d() {
        return new short[]{0};
    }

    protected cc e() {
        return cc.TLSv11;
    }

    protected cc f() {
        return cc.TLSv10;
    }

    @Override // org.bouncycastle.crypto.tls.eo
    public u getCertificateRequest() throws IOException {
        return null;
    }

    @Override // org.bouncycastle.crypto.tls.eo
    public v getCertificateStatus() throws IOException {
        return null;
    }

    @Override // org.bouncycastle.crypto.tls.ed
    public cz getCipher() throws IOException {
        return this.cipherFactory.createCipher(this.context, ex.getEncryptionAlgorithm(this.selectedCipherSuite), ex.getMACAlgorithm(this.selectedCipherSuite));
    }

    protected abstract int[] getCipherSuites();

    @Override // org.bouncycastle.crypto.tls.ed
    public df getCompression() throws IOException {
        switch (this.selectedCompressionMethod) {
            case 0:
                return new dy();
            default:
                throw new TlsFatalAlert((short) 80);
        }
    }

    @Override // org.bouncycastle.crypto.tls.eo
    public bx getNewSessionTicket() throws IOException {
        return new bx(0L, ex.EMPTY_BYTES);
    }

    public int getSelectedCipherSuite() throws IOException {
        boolean a = a(this.namedCurves, this.clientECPointFormats);
        for (int i : getCipherSuites()) {
            if (org.bouncycastle.util.a.contains(this.offeredCipherSuites, i) && ((a || !dn.isECCCipherSuite(i)) && ex.isValidCipherSuiteForVersion(i, this.serverVersion))) {
                this.selectedCipherSuite = i;
                return i;
            }
        }
        throw new TlsFatalAlert((short) 40);
    }

    @Override // org.bouncycastle.crypto.tls.eo
    public short getSelectedCompressionMethod() throws IOException {
        short[] d = d();
        for (int i = 0; i < d.length; i++) {
            if (org.bouncycastle.util.a.contains(this.offeredCompressionMethods, d[i])) {
                short s = d[i];
                this.selectedCompressionMethod = s;
                return s;
            }
        }
        throw new TlsFatalAlert((short) 40);
    }

    @Override // org.bouncycastle.crypto.tls.eo
    public Hashtable getServerExtensions() throws IOException {
        if (this.encryptThenMACOffered && a() && ex.isBlockCipherSuite(this.selectedCipherSuite)) {
            ds.addEncryptThenMACExtension(c());
        }
        if (this.maxFragmentLengthOffered >= 0 && bu.isValid(this.maxFragmentLengthOffered)) {
            ds.addMaxFragmentLengthExtension(c(), this.maxFragmentLengthOffered);
        }
        if (this.truncatedHMacOffered && b()) {
            ds.addTruncatedHMacExtension(c());
        }
        if (this.clientECPointFormats != null && dn.isECCCipherSuite(this.selectedCipherSuite)) {
            this.serverECPointFormats = new short[]{0, 1, 2};
            dn.addSupportedPointFormatsExtension(c(), this.serverECPointFormats);
        }
        return this.serverExtensions;
    }

    @Override // org.bouncycastle.crypto.tls.eo
    public Vector getServerSupplementalData() throws IOException {
        return null;
    }

    @Override // org.bouncycastle.crypto.tls.eo
    public cc getServerVersion() throws IOException {
        if (f().isEqualOrEarlierVersionOf(this.clientVersion)) {
            cc e = e();
            if (this.clientVersion.isEqualOrEarlierVersionOf(e)) {
                cc ccVar = this.clientVersion;
                this.serverVersion = ccVar;
                return ccVar;
            }
            if (this.clientVersion.isLaterVersionOf(e)) {
                this.serverVersion = e;
                return e;
            }
        }
        throw new TlsFatalAlert((short) 70);
    }

    @Override // org.bouncycastle.crypto.tls.eo
    public void init(ep epVar) {
        this.context = epVar;
    }

    @Override // org.bouncycastle.crypto.tls.eo
    public void notifyClientCertificate(t tVar) throws IOException {
        throw new TlsFatalAlert((short) 80);
    }

    @Override // org.bouncycastle.crypto.tls.eo
    public void notifyClientVersion(cc ccVar) throws IOException {
        this.clientVersion = ccVar;
    }

    @Override // org.bouncycastle.crypto.tls.eo
    public void notifyFallback(boolean z) throws IOException {
        if (z && e().isLaterVersionOf(this.clientVersion)) {
            throw new TlsFatalAlert((short) 86);
        }
    }

    @Override // org.bouncycastle.crypto.tls.eo
    public void notifyOfferedCipherSuites(int[] iArr) throws IOException {
        this.offeredCipherSuites = iArr;
        this.eccCipherSuitesOffered = dn.containsECCCipherSuites(this.offeredCipherSuites);
    }

    @Override // org.bouncycastle.crypto.tls.eo
    public void notifyOfferedCompressionMethods(short[] sArr) throws IOException {
        this.offeredCompressionMethods = sArr;
    }

    public void processClientExtensions(Hashtable hashtable) throws IOException {
        this.clientExtensions = hashtable;
        if (hashtable != null) {
            this.encryptThenMACOffered = ds.hasEncryptThenMACExtension(hashtable);
            this.maxFragmentLengthOffered = ds.getMaxFragmentLengthExtension(hashtable);
            if (this.maxFragmentLengthOffered >= 0 && !bu.isValid(this.maxFragmentLengthOffered)) {
                throw new TlsFatalAlert((short) 47);
            }
            this.truncatedHMacOffered = ds.hasTruncatedHMacExtension(hashtable);
            this.supportedSignatureAlgorithms = ex.getSignatureAlgorithmsExtension(hashtable);
            if (this.supportedSignatureAlgorithms != null && !ex.isSignatureAlgorithmsExtensionAllowed(this.clientVersion)) {
                throw new TlsFatalAlert((short) 47);
            }
            this.namedCurves = dn.getSupportedEllipticCurvesExtension(hashtable);
            this.clientECPointFormats = dn.getSupportedPointFormatsExtension(hashtable);
        }
    }

    @Override // org.bouncycastle.crypto.tls.eo
    public void processClientSupplementalData(Vector vector) throws IOException {
        if (vector != null) {
            throw new TlsFatalAlert((short) 10);
        }
    }
}
