package cn.com.suresec.jsse.provider;

import cn.com.suresec.asn1.x500.X500Name;
import cn.com.suresec.jsse.BCSNIMatcher;
import cn.com.suresec.jsse.BCSNIServerName;
import cn.com.suresec.tls.Certificate;
import cn.com.suresec.tls.CertificateRequest;
import cn.com.suresec.tls.DefaultTlsServer;
import cn.com.suresec.tls.ProtocolVersion;
import cn.com.suresec.tls.SecurityParameters;
import cn.com.suresec.tls.TlsCredentials;
import cn.com.suresec.tls.TlsExtensionsUtils;
import cn.com.suresec.tls.TlsFatalAlert;
import cn.com.suresec.tls.TlsSession;
import cn.com.suresec.tls.TlsUtils;
import cn.com.suresec.tls.crypto.TlsCrypto;
import cn.com.suresec.tls.crypto.TlsCryptoParameters;
import cn.com.suresec.tls.crypto.impl.jcajce.JcaDefaultTlsCredentialedSigner;
import cn.com.suresec.tls.crypto.impl.jcajce.JcaTlsCrypto;
import cn.com.suresec.tls.crypto.impl.jcajce.JceDefaultTlsCredentialedDecryptor;
import java.io.IOException;
import java.security.Principal;
import java.security.PrivateKey;
import java.security.cert.X509Certificate;
import java.util.Collection;
import java.util.HashSet;
import java.util.Hashtable;
import java.util.Set;
import java.util.Vector;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.net.ssl.SSLException;
import javax.net.ssl.X509ExtendedKeyManager;

/* JADX INFO: Access modifiers changed from: package-private */
/* compiled from: ProvTlsServer.java */
/* loaded from: classes.dex */
public class at extends DefaultTlsServer implements as {
    private static final Logger h = Logger.getLogger(at.class.getName());
    private static final int i = x.a("jdk.tls.ephemeralDHKeySize", 2048, 1024, 8192);

    /* renamed from: a, reason: collision with root package name */
    protected final ar f1130a;

    /* renamed from: b, reason: collision with root package name */
    protected final ad f1131b;

    /* renamed from: c, reason: collision with root package name */
    protected ag f1132c;
    protected BCSNIServerName d;
    protected Set<String> e;
    protected TlsCredentials f;
    protected boolean g;

    /* JADX INFO: Access modifiers changed from: package-private */
    public at(ar arVar, ad adVar) throws SSLException {
        super(arVar.b().a());
        this.f1132c = null;
        this.d = null;
        this.e = null;
        this.f = null;
        this.g = false;
        this.f1130a = arVar;
        this.f1131b = adVar;
        if (!arVar.getEnableSessionCreation()) {
            throw new SSLException("Session resumption not implemented yet and session creation is disabled");
        }
    }

    @Override // cn.com.suresec.jsse.provider.as
    public synchronized boolean a() {
        return this.g;
    }

    protected boolean a(int i2) throws IOException {
        this.f = null;
        int keyExchangeAlgorithm = TlsUtils.getKeyExchangeAlgorithm(i2);
        if (keyExchangeAlgorithm != 1 && keyExchangeAlgorithm != 3 && keyExchangeAlgorithm != 5) {
            if (keyExchangeAlgorithm != 11) {
                if (keyExchangeAlgorithm != 17) {
                    switch (keyExchangeAlgorithm) {
                        case 19:
                            break;
                        case 20:
                            break;
                        default:
                            return false;
                    }
                }
            }
            return true;
        }
        String a2 = t.a(keyExchangeAlgorithm);
        if (this.e.contains(a2)) {
            return false;
        }
        String a3 = this.f1130a.a(a2, (Principal[]) null);
        if (a3 == null) {
            this.e.add(a2);
            return false;
        }
        TlsCrypto crypto = getCrypto();
        if (!(crypto instanceof JcaTlsCrypto)) {
            throw new UnsupportedOperationException();
        }
        X509ExtendedKeyManager d = this.f1130a.b().d();
        PrivateKey privateKey = d.getPrivateKey(a3);
        Certificate a4 = t.a(crypto, d.getCertificateChain(a3));
        if (privateKey == null || !t.a(keyExchangeAlgorithm, privateKey) || a4.isEmpty()) {
            this.e.add(a2);
            return false;
        }
        if (keyExchangeAlgorithm == 1) {
            this.f = new JceDefaultTlsCredentialedDecryptor((JcaTlsCrypto) crypto, a4, privateKey);
            return true;
        }
        if (keyExchangeAlgorithm != 3 && keyExchangeAlgorithm != 5 && keyExchangeAlgorithm != 17 && keyExchangeAlgorithm != 19) {
            return false;
        }
        this.f = new JcaDefaultTlsCredentialedSigner(new TlsCryptoParameters(this.context), (JcaTlsCrypto) crypto, privateKey, a4, TlsUtils.chooseSignatureAndHashAlgorithm(this.context, this.context.getSecurityParametersHandshake().getClientSigAlgs(), TlsUtils.getLegacySignatureAlgorithmServer(keyExchangeAlgorithm)));
        return true;
    }

    protected boolean a(ag agVar) {
        return false;
    }

    @Override // cn.com.suresec.tls.AbstractTlsServer
    protected boolean allowCertificateStatus() {
        return false;
    }

    @Override // cn.com.suresec.tls.AbstractTlsServer, cn.com.suresec.tls.TlsServer
    public CertificateRequest getCertificateRequest() throws IOException {
        if (!(this.f1131b.e() || this.f1131b.f())) {
            return null;
        }
        short[] sArr = {1, 2, 64};
        Vector a2 = TlsUtils.isSignatureAlgorithmsExtensionAllowed(this.context.getServerVersion()) ? t.a(getCrypto()) : null;
        Vector vector = new Vector();
        for (X509Certificate x509Certificate : this.f1130a.b().e().getAcceptedIssuers()) {
            vector.addElement(X500Name.getInstance(x509Certificate.getSubjectX500Principal().getEncoded()));
        }
        return new CertificateRequest(sArr, a2, vector);
    }

    @Override // cn.com.suresec.tls.DefaultTlsServer, cn.com.suresec.tls.TlsServer
    public TlsCredentials getCredentials() throws IOException {
        return this.f;
    }

    @Override // cn.com.suresec.tls.AbstractTlsServer
    protected int getMaximumNegotiableCurveBits() {
        return bf.a(this.f1130a.a().j(), this.context.getSecurityParametersHandshake().getClientSupportedGroups());
    }

    @Override // cn.com.suresec.tls.AbstractTlsServer
    protected int getMaximumNegotiableFiniteFieldBits() {
        int b2 = bf.b(this.f1130a.a().j(), this.context.getSecurityParametersHandshake().getClientSupportedGroups());
        if (b2 >= i) {
            return b2;
        }
        return 0;
    }

    @Override // cn.com.suresec.tls.AbstractTlsServer
    protected Vector getProtocolNames() {
        return t.a(this.f1131b.l());
    }

    @Override // cn.com.suresec.tls.AbstractTlsServer, cn.com.suresec.tls.TlsServer
    public int getSelectedCipherSuite() throws IOException {
        ai c2 = this.f1130a.b().c();
        String peerHost = this.f1130a.getPeerHost();
        int peerPort = this.f1130a.getPeerPort();
        SecurityParameters securityParametersHandshake = this.context.getSecurityParametersHandshake();
        this.f1130a.a(this.f1132c == null ? new aj(c2, peerHost, peerPort, securityParametersHandshake) : new ak(c2, peerHost, peerPort, securityParametersHandshake, this.f1132c.g(), this.f1132c.c()));
        this.e = new HashSet();
        int selectedCipherSuite = super.getSelectedCipherSuite();
        h.fine("Server selected cipher suite: " + this.f1130a.a().a(selectedCipherSuite));
        this.e = null;
        return selectedCipherSuite;
    }

    @Override // cn.com.suresec.tls.AbstractTlsServer, cn.com.suresec.tls.TlsServer
    public Hashtable getServerExtensions() throws IOException {
        super.getServerExtensions();
        if (this.d != null) {
            TlsExtensionsUtils.addServerNameExtensionServer(checkServerExtensions());
        }
        return this.serverExtensions;
    }

    @Override // cn.com.suresec.tls.AbstractTlsServer, cn.com.suresec.tls.TlsServer
    public ProtocolVersion getServerVersion() throws IOException {
        ProtocolVersion serverVersion = super.getServerVersion();
        String a2 = this.f1130a.a().a(serverVersion);
        h.fine("Server selected protocol version: " + a2);
        return serverVersion;
    }

    @Override // cn.com.suresec.tls.AbstractTlsServer, cn.com.suresec.tls.TlsServer
    public TlsSession getSessionToResume(byte[] bArr) {
        TlsSession g;
        ag a2 = this.f1130a.b().c().a(bArr);
        if (a2 != null && (g = a2.g()) != null && a(a2)) {
            this.f1132c = a2;
            return g;
        }
        if (this.f1130a.getEnableSessionCreation()) {
            return null;
        }
        throw new IllegalStateException("No resumable sessions and session creation is disabled");
    }

    @Override // cn.com.suresec.tls.DefaultTlsServer, cn.com.suresec.tls.AbstractTlsServer
    protected int[] getSupportedCipherSuites() {
        return TlsUtils.getSupportedCipherSuites(this.f1130a.b().a(), this.f1130a.a().a(this.f1131b.b()));
    }

    @Override // cn.com.suresec.tls.AbstractTlsPeer, cn.com.suresec.tls.TlsPeer
    public ProtocolVersion[] getSupportedVersions() {
        return this.f1130a.a().b(this.f1131b.c());
    }

    @Override // cn.com.suresec.tls.AbstractTlsPeer, cn.com.suresec.tls.TlsPeer
    public void notifyAlertRaised(short s, short s2, String str, Throwable th) {
        Level level = s == 1 ? Level.FINE : s2 == 80 ? Level.WARNING : Level.INFO;
        if (h.isLoggable(level)) {
            String a2 = t.a("Server raised", s, s2);
            if (str != null) {
                a2 = String.valueOf(a2) + ": " + str;
            }
            h.log(level, a2, th);
        }
    }

    @Override // cn.com.suresec.tls.AbstractTlsPeer, cn.com.suresec.tls.TlsPeer
    public void notifyAlertReceived(short s, short s2) {
        super.notifyAlertReceived(s, s2);
        Level level = s == 1 ? Level.FINE : Level.INFO;
        if (h.isLoggable(level)) {
            h.log(level, t.a("Server received", s, s2));
        }
    }

    @Override // cn.com.suresec.tls.AbstractTlsServer, cn.com.suresec.tls.TlsServer
    public void notifyClientCertificate(Certificate certificate) throws IOException {
        if (!this.f1131b.e() && !this.f1131b.f()) {
            throw new TlsFatalAlert((short) 80);
        }
        if (certificate == null || certificate.isEmpty()) {
            if (this.f1131b.e()) {
                throw new TlsFatalAlert((short) 40);
            }
        } else {
            this.f1130a.a(t.a(this.f1130a.b().a(), certificate), t.a(certificate.getCertificateAt(0).getLegacySignatureAlgorithm()));
        }
    }

    @Override // cn.com.suresec.tls.AbstractTlsPeer, cn.com.suresec.tls.TlsPeer
    public synchronized void notifyHandshakeComplete() throws IOException {
        super.notifyHandshakeComplete();
        this.g = true;
        TlsSession session = this.context.getSession();
        if (this.f1132c == null || this.f1132c.g() != session) {
            this.f1132c = this.f1130a.b().c().a(this.f1130a.getPeerHost(), this.f1130a.getPeerPort(), session, new s(this.f1131b.h()));
        }
        this.f1130a.a(new aa(this.context, this.f1132c));
    }

    @Override // cn.com.suresec.tls.AbstractTlsPeer, cn.com.suresec.tls.TlsPeer
    public void notifySecureRenegotiation(boolean z) throws IOException {
        if (!z && !x.a("sun.security.ssl.allowLegacyHelloMessages", true)) {
            throw new TlsFatalAlert((short) 40);
        }
    }

    @Override // cn.com.suresec.tls.AbstractTlsServer
    protected boolean preferLocalCipherSuites() {
        return this.f1131b.i();
    }

    @Override // cn.com.suresec.tls.AbstractTlsServer, cn.com.suresec.tls.TlsServer
    public void processClientExtensions(Hashtable hashtable) throws IOException {
        super.processClientExtensions(hashtable);
        Vector clientServerNames = this.context.getSecurityParametersHandshake().getClientServerNames();
        if (clientServerNames != null) {
            Collection<BCSNIMatcher> k = this.f1131b.k();
            if (k == null || k.isEmpty()) {
                h.fine("Server ignored SNI (no matchers specified)");
                return;
            }
            this.d = t.a(clientServerNames, k);
            if (this.d == null) {
                throw new TlsFatalAlert((short) 112);
            }
            h.fine("Server accepted SNI: " + this.d);
        }
    }

    @Override // cn.com.suresec.tls.AbstractTlsServer
    protected boolean selectCipherSuite(int i2) throws IOException {
        if (a(i2)) {
            this.f1130a.a().b(i2);
            return super.selectCipherSuite(i2);
        }
        h.finer("Server found no credentials for cipher suite: " + this.f1130a.a().a(i2));
        return false;
    }

    @Override // cn.com.suresec.tls.AbstractTlsServer
    protected int selectDH(int i2) {
        int max = Math.max(i2, i);
        int[] clientSupportedGroups = this.context.getSecurityParametersHandshake().getClientSupportedGroups();
        return clientSupportedGroups == null ? selectDHDefault(max) : bf.b(getCrypto(), this.f1130a.a().j(), max, clientSupportedGroups);
    }

    @Override // cn.com.suresec.tls.AbstractTlsServer
    protected int selectDHDefault(int i2) {
        return bf.a(this.f1130a.a().j(), i2);
    }

    @Override // cn.com.suresec.tls.AbstractTlsServer
    protected int selectECDH(int i2) {
        int[] clientSupportedGroups = this.context.getSecurityParametersHandshake().getClientSupportedGroups();
        return clientSupportedGroups == null ? selectECDHDefault(i2) : bf.a(getCrypto(), this.f1130a.a().j(), i2, clientSupportedGroups);
    }

    @Override // cn.com.suresec.tls.AbstractTlsServer
    protected int selectECDHDefault(int i2) {
        return bf.b(this.f1130a.a().j(), i2);
    }
}
