package com.adguard.filter.proxy.ssl;

import com.adguard.filter.proxy.ssl.cipher.FastTlsCipherFactory;
import java.io.ByteArrayInputStream;
import java.io.InputStream;
import java.util.Hashtable;
import java.util.Vector;
import org.apache.commons.lang.ArrayUtils;
import org.bouncycastle.crypto.params.AsymmetricKeyParameter;
import org.bouncycastle.crypto.tls.AlertDescription;
import org.bouncycastle.crypto.tls.AlertLevel;
import org.bouncycastle.crypto.tls.Certificate;
import org.bouncycastle.crypto.tls.CipherSuite;
import org.bouncycastle.crypto.tls.DefaultTlsEncryptionCredentials;
import org.bouncycastle.crypto.tls.DefaultTlsServer;
import org.bouncycastle.crypto.tls.DefaultTlsSignerCredentials;
import org.bouncycastle.crypto.tls.MaxFragmentLength;
import org.bouncycastle.crypto.tls.ProtocolVersion;
import org.bouncycastle.crypto.tls.SignatureAndHashAlgorithm;
import org.bouncycastle.crypto.tls.TlsECCUtils;
import org.bouncycastle.crypto.tls.TlsEncryptionCredentials;
import org.bouncycastle.crypto.tls.TlsExtensionsUtils;
import org.bouncycastle.crypto.tls.TlsFatalAlert;
import org.bouncycastle.crypto.tls.TlsSignerCredentials;
import org.bouncycastle.crypto.tls.TlsUtils;
import org.bouncycastle.util.Arrays;

/* loaded from: classes.dex */
class s extends DefaultTlsServer {

    /* renamed from: a, reason: collision with root package name */
    private static final org.slf4j.c f822a = org.slf4j.d.a((Class<?>) s.class);
    private static final int[] g = {CipherSuite.TLS_RSA_WITH_AES_128_GCM_SHA256, 60, 47, CipherSuite.TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, CipherSuite.TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, CipherSuite.TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, CipherSuite.TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, 103, 51, CipherSuite.TLS_RSA_WITH_AES_256_GCM_SHA384, 61, 53, CipherSuite.TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, CipherSuite.TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, CipherSuite.TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, CipherSuite.TLS_DHE_RSA_WITH_AES_256_GCM_SHA384, 107, 57};
    private final long b;
    private final ProtocolVersion c;
    private final int[] d;
    private final Certificate e;
    private final AsymmetricKeyParameter f;

    /* JADX INFO: Access modifiers changed from: package-private */
    public s(long j, ProtocolVersion protocolVersion, int i, short[] sArr, a aVar) {
        this.cipherFactory = FastTlsCipherFactory.getInstance();
        this.b = j;
        this.c = protocolVersion;
        int[] iArr = g;
        switch (TlsUtils.getKeyExchangeAlgorithm(i)) {
            case 1:
            case 5:
            case 19:
                if (!ArrayUtils.contains(iArr, i)) {
                    f822a.debug("TCP id={} Adding cipher suite 0x{}", Long.valueOf(j), Integer.toHexString(i));
                    this.d = Arrays.prepend(iArr, i);
                    break;
                } else {
                    this.d = iArr;
                    break;
                }
            default:
                this.d = iArr;
                break;
        }
        this.e = new Certificate(new org.bouncycastle.asn1.x509.Certificate[]{aVar.a().toASN1Structure()});
        this.f = aVar.b().getPrivate();
        this.serverECPointFormats = sArr;
    }

    /* JADX WARN: Unreachable blocks removed: 2, instructions: 2 */
    private static Vector a(InputStream inputStream) {
        int readUint16 = TlsUtils.readUint16(inputStream);
        if (readUint16 < 2 || (readUint16 & 1) != 0) {
            throw new TlsFatalAlert((short) 50);
        }
        int i = readUint16 / 2;
        Vector vector = new Vector(i);
        for (int i2 = 0; i2 < i; i2++) {
            short readUint8 = TlsUtils.readUint8(inputStream);
            short readUint82 = TlsUtils.readUint8(inputStream);
            if (readUint82 != 0) {
                vector.addElement(new SignatureAndHashAlgorithm(readUint8, readUint82));
            }
        }
        return vector;
    }

    /* JADX WARN: Unreachable blocks removed: 3, instructions: 3 */
    private SignatureAndHashAlgorithm a() {
        if (this.supportedSignatureAlgorithms == null) {
            return null;
        }
        for (int i = 0; i < this.supportedSignatureAlgorithms.size(); i++) {
            SignatureAndHashAlgorithm signatureAndHashAlgorithm = (SignatureAndHashAlgorithm) this.supportedSignatureAlgorithms.elementAt(i);
            if (signatureAndHashAlgorithm.getSignature() == 1) {
                return signatureAndHashAlgorithm;
            }
        }
        f822a.error("TCP id={} Could not find a supported SignatureAndHashAlgorithm", Long.valueOf(this.b));
        return null;
    }

    /* JADX WARN: Unreachable blocks removed: 1, instructions: 1 */
    @Override // org.bouncycastle.crypto.tls.DefaultTlsServer, org.bouncycastle.crypto.tls.AbstractTlsServer
    public int[] getCipherSuites() {
        return this.d;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    /* JADX WARN: Unreachable blocks removed: 1, instructions: 1 */
    @Override // org.bouncycastle.crypto.tls.DefaultTlsServer
    public TlsSignerCredentials getECDSASignerCredentials() {
        return super.getECDSASignerCredentials();
    }

    /* JADX WARN: Unreachable blocks removed: 1, instructions: 1 */
    @Override // org.bouncycastle.crypto.tls.AbstractTlsServer
    protected ProtocolVersion getMaximumVersion() {
        return ProtocolVersion.TLSv12;
    }

    /* JADX WARN: Unreachable blocks removed: 1, instructions: 1 */
    @Override // org.bouncycastle.crypto.tls.AbstractTlsServer
    protected ProtocolVersion getMinimumVersion() {
        return this.c;
    }

    /* JADX WARN: Unreachable blocks removed: 1, instructions: 1 */
    @Override // org.bouncycastle.crypto.tls.DefaultTlsServer
    protected TlsEncryptionCredentials getRSAEncryptionCredentials() {
        return new DefaultTlsEncryptionCredentials(this.context, this.e, this.f);
    }

    /* JADX WARN: Unreachable blocks removed: 1, instructions: 1 */
    @Override // org.bouncycastle.crypto.tls.DefaultTlsServer
    protected TlsSignerCredentials getRSASignerCredentials() {
        return new DefaultTlsSignerCredentials(this.context, this.e, this.f, a());
    }

    /* JADX WARN: Unreachable blocks removed: 1, instructions: 1 */
    @Override // org.bouncycastle.crypto.tls.AbstractTlsPeer, org.bouncycastle.crypto.tls.TlsPeer
    public void notifyAlertRaised(short s, short s2, String str, Throwable th) {
        f822a.debug("TCP id={} Server alert raised. Level: {}, Description: {} {}", Long.valueOf(this.b), AlertLevel.getName(s), AlertDescription.getName(s2), AlertDescription.getText(s2));
        if (46 == s2) {
            f822a.debug("TCP id={} Selected cipher suite: 0x{}", Long.valueOf(this.b), Integer.toHexString(this.selectedCipherSuite));
        }
        super.notifyAlertRaised(s, s2, str, th);
    }

    /* JADX WARN: Unreachable blocks removed: 1, instructions: 1 */
    @Override // org.bouncycastle.crypto.tls.AbstractTlsPeer, org.bouncycastle.crypto.tls.TlsPeer
    public void notifyAlertReceived(short s, short s2) {
        f822a.debug("TCP id={} Server alert received. Level: {}, Description: {} {}", Long.valueOf(this.b), AlertLevel.getName(s), AlertDescription.getName(s2), AlertDescription.getText(s2));
        super.notifyAlertReceived(s, s2);
    }

    /* JADX WARN: Unreachable blocks removed: 1, instructions: 1 */
    @Override // org.bouncycastle.crypto.tls.AbstractTlsPeer, org.bouncycastle.crypto.tls.TlsPeer
    public void notifySecureRenegotiation(boolean z) {
        f822a.debug("TCP id={} Notify secure renegotiation {}", Long.valueOf(this.b), Boolean.valueOf(z));
    }

    /* JADX WARN: Unreachable blocks removed: 1, instructions: 1 */
    @Override // org.bouncycastle.crypto.tls.AbstractTlsServer, org.bouncycastle.crypto.tls.TlsServer
    public void processClientExtensions(Hashtable hashtable) {
        Vector a2;
        this.clientExtensions = hashtable;
        if (hashtable != null) {
            this.encryptThenMACOffered = TlsExtensionsUtils.hasEncryptThenMACExtension(hashtable);
            this.maxFragmentLengthOffered = TlsExtensionsUtils.getMaxFragmentLengthExtension(hashtable);
            if (this.maxFragmentLengthOffered >= 0 && !MaxFragmentLength.isValid(this.maxFragmentLengthOffered)) {
                throw new TlsFatalAlert((short) 47);
            }
            this.truncatedHMacOffered = TlsExtensionsUtils.hasTruncatedHMacExtension(hashtable);
            byte[] extensionData = TlsUtils.getExtensionData(hashtable, TlsUtils.EXT_signature_algorithms);
            if (extensionData == null) {
                a2 = null;
            } else {
                ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(extensionData);
                a2 = a(byteArrayInputStream);
                if (byteArrayInputStream.available() > 0) {
                    throw new TlsFatalAlert((short) 50);
                }
            }
            this.supportedSignatureAlgorithms = a2;
            if (this.supportedSignatureAlgorithms != null && !TlsUtils.isSignatureAlgorithmsExtensionAllowed(this.clientVersion)) {
                throw new TlsFatalAlert((short) 47);
            }
            this.namedCurves = TlsECCUtils.getSupportedEllipticCurvesExtension(hashtable);
            this.clientECPointFormats = TlsECCUtils.getSupportedPointFormatsExtension(hashtable);
        }
    }
}
