package net.luminis.tls.handshake;

import j$.util.Collection;
import j$.util.stream.Collectors;
import java.io.IOException;
import java.security.PrivateKey;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.List;
import net.luminis.tls.ProtectionKeysType;
import net.luminis.tls.TlsConstants;
import net.luminis.tls.TlsProtocolException;
import net.luminis.tls.TranscriptHash;
import net.luminis.tls.alert.DecryptErrorAlert;
import net.luminis.tls.alert.HandshakeFailureAlert;
import net.luminis.tls.alert.IllegalParameterAlert;
import net.luminis.tls.alert.MissingExtensionAlert;
import net.luminis.tls.alert.UnexpectedMessageAlert;
import net.luminis.tls.extension.ClientHelloPreSharedKeyExtension;
import net.luminis.tls.extension.EarlyDataExtension;
import net.luminis.tls.extension.Extension;
import net.luminis.tls.extension.KeyShareExtension;
import net.luminis.tls.extension.PskKeyExchangeModesExtension;
import net.luminis.tls.extension.SignatureAlgorithmsExtension;
import net.luminis.tls.extension.SupportedGroupsExtension;

/* loaded from: classes2.dex */
public class TlsServerEngine extends TlsEngine implements ServerMessageProcessor {
    private PrivateKey certificatePrivateKey;
    private List<TlsConstants.PskKeyExchangeMode> clientSupportedKeyExchangeModes;
    private byte currentTicketNumber;
    private final ArrayList<Extension> extensions;
    private Long maxEarlyDataSize;
    private String selectedApplicationLayerProtocol;
    private TlsConstants.CipherSuite selectedCipher;
    private List<X509Certificate> serverCertificateChain;
    private List<Extension> serverExtensions;
    private ServerMessageSender serverMessageSender;
    private TlsSessionRegistry sessionRegistry;
    protected TlsStatusEventHandler statusHandler;
    private final ArrayList<TlsConstants.CipherSuite> supportedCiphers;
    private TranscriptHash transcriptHash;

    /* JADX WARN: Illegal instructions before constructor call */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public TlsServerEngine(java.security.cert.X509Certificate r8, java.security.PrivateKey r9, net.luminis.tls.handshake.ServerMessageSender r10, net.luminis.tls.handshake.TlsStatusEventHandler r11, net.luminis.tls.handshake.TlsSessionRegistry r12) {
        /*
            r7 = this;
            r0 = 1
            java.lang.Object[] r1 = new java.lang.Object[r0]
            r2 = 0
            r1[r2] = r8
            java.util.ArrayList r8 = new java.util.ArrayList
            r8.<init>(r0)
            r0 = r1[r2]
            j$.util.Objects.requireNonNull(r0)
            r8.add(r0)
            java.util.List r2 = java.util.Collections.unmodifiableList(r8)
            r1 = r7
            r3 = r9
            r4 = r10
            r5 = r11
            r6 = r12
            r1.<init>(r2, r3, r4, r5, r6)
            return
        */
        throw new UnsupportedOperationException("Method not decompiled: net.luminis.tls.handshake.TlsServerEngine.<init>(java.security.cert.X509Certificate, java.security.PrivateKey, net.luminis.tls.handshake.ServerMessageSender, net.luminis.tls.handshake.TlsStatusEventHandler, net.luminis.tls.handshake.TlsSessionRegistry):void");
    }

    public TlsServerEngine(List<X509Certificate> list, PrivateKey privateKey, ServerMessageSender serverMessageSender, TlsStatusEventHandler tlsStatusEventHandler, TlsSessionRegistry tlsSessionRegistry) {
        this.currentTicketNumber = (byte) 0;
        this.maxEarlyDataSize = 4294967295L;
        this.serverCertificateChain = list;
        this.certificatePrivateKey = privateKey;
        this.serverMessageSender = serverMessageSender;
        this.statusHandler = tlsStatusEventHandler;
        ArrayList<TlsConstants.CipherSuite> arrayList = new ArrayList<>();
        this.supportedCiphers = arrayList;
        arrayList.add(TlsConstants.CipherSuite.TLS_AES_128_GCM_SHA256);
        this.extensions = new ArrayList<>();
        this.serverExtensions = new ArrayList();
        this.transcriptHash = new TranscriptHash(32);
        this.clientSupportedKeyExchangeModes = new ArrayList();
        this.sessionRegistry = tlsSessionRegistry;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public /* synthetic */ boolean lambda$received$0(TlsConstants.CipherSuite cipherSuite) {
        return this.supportedCiphers.contains(cipherSuite);
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static /* synthetic */ MissingExtensionAlert lambda$received$10() {
        return new MissingExtensionAlert("signature algorithms extension is required in Client Hello");
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static /* synthetic */ boolean lambda$received$11(Extension extension) {
        return extension instanceof PskKeyExchangeModesExtension;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public /* synthetic */ void lambda$received$12(Extension extension) {
        this.clientSupportedKeyExchangeModes.addAll(((PskKeyExchangeModesExtension) extension).getKeyExchangeModes());
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static /* synthetic */ boolean lambda$received$13(Extension extension) {
        return extension instanceof ClientHelloPreSharedKeyExtension;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static /* synthetic */ boolean lambda$received$14(Extension extension) {
        return extension instanceof EarlyDataExtension;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public /* synthetic */ HandshakeFailureAlert lambda$received$2() {
        return new HandshakeFailureAlert(android.support.v4.media.OooO0o.OooO00o("Failed to negotiate a cipher (server only supports ", (String) Collection.EL.stream(this.supportedCiphers).map(new Object()).collect(Collectors.joining(", ")), ")"));
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static /* synthetic */ boolean lambda$received$3(Extension extension) {
        return extension instanceof SupportedGroupsExtension;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static /* synthetic */ MissingExtensionAlert lambda$received$4() {
        return new MissingExtensionAlert("supported groups extension is required in Client Hello");
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static /* synthetic */ boolean lambda$received$5(Extension extension) {
        return extension instanceof KeyShareExtension;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static /* synthetic */ MissingExtensionAlert lambda$received$6() {
        return new MissingExtensionAlert("key share extension is required in Client Hello");
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static /* synthetic */ boolean lambda$received$7(List list, KeyShareExtension.KeyShareEntry keyShareEntry) {
        return list.contains(keyShareEntry.getNamedGroup());
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static /* synthetic */ IllegalParameterAlert lambda$received$8() {
        return new IllegalParameterAlert("key share named group not supported (and no HelloRetryRequest support)");
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static /* synthetic */ boolean lambda$received$9(Extension extension) {
        return extension instanceof SignatureAlgorithmsExtension;
    }

    public void addServerExtensions(Extension extension) {
        this.serverExtensions.add(extension);
    }

    public void addSupportedCiphers(List<TlsConstants.CipherSuite> list) {
        this.supportedCiphers.addAll(list);
    }

    @Override // net.luminis.tls.handshake.TlsEngine
    public TlsConstants.CipherSuite getSelectedCipher() {
        return this.selectedCipher;
    }

    public List<Extension> getServerExtensions() {
        return this.serverExtensions;
    }

    @Override // net.luminis.tls.handshake.MessageProcessor
    public final /* synthetic */ void received(CertificateMessage certificateMessage, ProtectionKeysType protectionKeysType) {
        o00Oo0.OooO00o(this, certificateMessage, protectionKeysType);
    }

    @Override // net.luminis.tls.handshake.MessageProcessor
    public final /* synthetic */ void received(CertificateRequestMessage certificateRequestMessage, ProtectionKeysType protectionKeysType) {
        o00Oo0.OooO0O0(this, certificateRequestMessage, protectionKeysType);
    }

    @Override // net.luminis.tls.handshake.MessageProcessor
    public final /* synthetic */ void received(CertificateVerifyMessage certificateVerifyMessage, ProtectionKeysType protectionKeysType) {
        o00Oo0.OooO0OO(this, certificateVerifyMessage, protectionKeysType);
    }

    /* JADX WARN: Removed duplicated region for block: B:32:0x01e3  */
    /* JADX WARN: Removed duplicated region for block: B:35:0x0229 A[LOOP:1: B:34:0x0227->B:35:0x0229, LOOP_END] */
    /* JADX WARN: Removed duplicated region for block: B:39:0x023a  */
    /* JADX WARN: Removed duplicated region for block: B:42:0x0277  */
    /* JADX WARN: Removed duplicated region for block: B:45:0x0294  */
    @Override // net.luminis.tls.handshake.MessageProcessor
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public void received(net.luminis.tls.handshake.ClientHello r11, net.luminis.tls.ProtectionKeysType r12) throws net.luminis.tls.TlsProtocolException, java.io.IOException {
        /*
            Method dump skipped, instructions count: 771
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: net.luminis.tls.handshake.TlsServerEngine.received(net.luminis.tls.handshake.ClientHello, net.luminis.tls.ProtectionKeysType):void");
    }

    @Override // net.luminis.tls.handshake.MessageProcessor
    public final /* synthetic */ void received(EncryptedExtensions encryptedExtensions, ProtectionKeysType protectionKeysType) {
        o00Oo0.OooO0Oo(this, encryptedExtensions, protectionKeysType);
    }

    @Override // net.luminis.tls.handshake.MessageProcessor
    public void received(FinishedMessage finishedMessage, ProtectionKeysType protectionKeysType) throws TlsProtocolException, IOException {
        if (protectionKeysType != ProtectionKeysType.Handshake) {
            throw new UnexpectedMessageAlert("incorrect protection level");
        }
        this.transcriptHash.recordClient(finishedMessage);
        if (!Arrays.equals(finishedMessage.getVerifyData(), computeFinishedVerifyData(this.transcriptHash.getServerHash(TlsConstants.HandshakeType.finished), this.state.getClientHandshakeTrafficSecret()))) {
            throw new DecryptErrorAlert("incorrect finished message");
        }
        this.state.computeResumptionMasterSecret();
        this.statusHandler.handshakeFinished();
        if (this.sessionRegistry == null || !this.clientSupportedKeyExchangeModes.contains(TlsConstants.PskKeyExchangeMode.psk_dhe_ke)) {
            return;
        }
        TlsSessionRegistry tlsSessionRegistry = this.sessionRegistry;
        byte b = this.currentTicketNumber;
        this.currentTicketNumber = (byte) (b + 1);
        this.serverMessageSender.send(tlsSessionRegistry.createNewSessionTicketMessage(b, this.selectedCipher, this.state, this.selectedApplicationLayerProtocol, this.maxEarlyDataSize));
    }

    @Override // net.luminis.tls.handshake.MessageProcessor
    public final /* synthetic */ void received(NewSessionTicketMessage newSessionTicketMessage, ProtectionKeysType protectionKeysType) {
        o00Oo0.OooO0o0(this, newSessionTicketMessage, protectionKeysType);
    }

    @Override // net.luminis.tls.handshake.MessageProcessor
    public final /* synthetic */ void received(ServerHello serverHello, ProtectionKeysType protectionKeysType) {
        o00Oo0.OooO0o(this, serverHello, protectionKeysType);
    }

    public void setSelectedApplicationLayerProtocol(String str) {
        if (str == null) {
            throw new IllegalArgumentException();
        }
        this.selectedApplicationLayerProtocol = str;
    }

    public void setServerMessageSender(ServerMessageSender serverMessageSender) {
        this.serverMessageSender = serverMessageSender;
    }

    public void setStatusHandler(TlsStatusEventHandler tlsStatusEventHandler) {
        this.statusHandler = tlsStatusEventHandler;
    }

    public boolean validateBinder(ClientHelloPreSharedKeyExtension.PskBinderEntry pskBinderEntry, int i, ClientHello clientHello) {
        return Arrays.equals(pskBinderEntry.getHmac(), this.state.computePskBinder(Arrays.copyOfRange(clientHello.getBytes(), 0, clientHello.getPskExtensionStartPosition() + i)));
    }
}
