package org.bouncycastle.jsse.provider;

import com.salesforce.marketingcloud.b;
import com.salesforce.marketingcloud.messages.iam.n;
import java.io.IOException;
import java.security.Principal;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Collections;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Hashtable;
import java.util.Iterator;
import java.util.LinkedHashMap;
import java.util.List;
import java.util.Map;
import java.util.Set;
import java.util.Vector;
import java.util.logging.Level;
import java.util.logging.Logger;
import org.bouncycastle.asn1.x500.X500Name;
import org.bouncycastle.jsse.BCSNIServerName;
import org.bouncycastle.jsse.BCX509Key;
import org.bouncycastle.jsse.java.security.BCAlgorithmConstraints;
import org.bouncycastle.jsse.provider.NamedGroupInfo;
import org.bouncycastle.jsse.provider.ProvSSLSessionContext;
import org.bouncycastle.jsse.provider.SignatureSchemeInfo;
import org.bouncycastle.tls.CertificateRequest;
import org.bouncycastle.tls.DefaultTlsServer;
import org.bouncycastle.tls.ProtocolName;
import org.bouncycastle.tls.ProtocolVersion;
import org.bouncycastle.tls.SessionID;
import org.bouncycastle.tls.SessionParameters;
import org.bouncycastle.tls.SignatureAndHashAlgorithm;
import org.bouncycastle.tls.TlsCredentials;
import org.bouncycastle.tls.TlsECCUtils;
import org.bouncycastle.tls.TlsExtensionsUtils;
import org.bouncycastle.tls.TlsFatalAlert;
import org.bouncycastle.tls.TlsSession;
import org.bouncycastle.tls.TlsUtils;
import org.bouncycastle.tls.crypto.impl.jcajce.JcaDefaultTlsCredentialedSigner;
import org.bouncycastle.tls.crypto.impl.jcajce.JcaTlsCrypto;
import org.bouncycastle.tls.crypto.impl.jcajce.JceDefaultTlsCredentialedDecryptor;
import org.bouncycastle.util.Arrays;
import org.bouncycastle.util.Strings;
import org.bouncycastle.util.encoders.Hex;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: classes4.dex */
public class ProvTlsServer extends DefaultTlsServer implements ProvTlsPeer {

    /* renamed from: u, reason: collision with root package name */
    public static final Logger f23050u = Logger.getLogger(ProvTlsServer.class.getName());
    public static final int v = PropertyUtils.b("jdk.tls.ephemeralDHKeySize", 2048, b.f6074t, 8192);
    public static final boolean w;

    /* renamed from: x, reason: collision with root package name */
    public static final boolean f23051x;

    /* renamed from: y, reason: collision with root package name */
    public static final boolean f23052y;

    /* renamed from: m, reason: collision with root package name */
    public final ProvTlsManager f23053m;
    public final ProvSSLParameters n;

    /* renamed from: o, reason: collision with root package name */
    public final JsseSecurityParameters f23054o;
    public ProvSSLSession p;

    /* renamed from: q, reason: collision with root package name */
    public BCSNIServerName f23055q;
    public HashSet r;

    /* renamed from: s, reason: collision with root package name */
    public TlsCredentials f23056s;

    /* renamed from: t, reason: collision with root package name */
    public boolean f23057t;

    /* JADX WARN: Removed duplicated region for block: B:49:0x011b  */
    /* JADX WARN: Removed duplicated region for block: B:54:0x010e A[SYNTHETIC] */
    static {
        /*
            Method dump skipped, instructions count: 321
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: org.bouncycastle.jsse.provider.ProvTlsServer.<clinit>():void");
    }

    public ProvTlsServer(ProvTlsManager provTlsManager, ProvSSLParameters provSSLParameters) {
        JcaTlsCrypto jcaTlsCrypto = provTlsManager.e().b;
        this.f23054o = new JsseSecurityParameters();
        this.p = null;
        this.f23055q = null;
        this.r = null;
        this.f23056s = null;
        this.f23057t = false;
        this.f23053m = provTlsManager;
        ProvSSLParameters a9 = provSSLParameters.a();
        if (ProvAlgorithmConstraints.f22958h != a9.f) {
            a9.f = new ProvAlgorithmConstraints(a9.f, true);
        }
        this.n = a9;
    }

    @Override // org.bouncycastle.tls.TlsServer
    public final int[] B() throws IOException {
        int i7 = 0;
        NamedGroupInfo.PerConnection b = this.f23053m.e().b(this.n, new ProtocolVersion[]{this.f23387a.a()});
        JsseSecurityParameters jsseSecurityParameters = this.f23054o;
        jsseSecurityParameters.f22919a = b;
        NamedGroupInfo.PerConnection perConnection = jsseSecurityParameters.f22919a;
        Logger logger = NamedGroupInfo.f22940d;
        Set<Integer> keySet = perConnection.f22943a.keySet();
        int[] iArr = new int[keySet.size()];
        Iterator<Integer> it = keySet.iterator();
        while (it.hasNext()) {
            iArr[i7] = it.next().intValue();
            i7++;
        }
        return iArr;
    }

    @Override // org.bouncycastle.tls.TlsServer
    public final void C(TlsSession tlsSession) {
        byte[] a9 = tlsSession.a();
        ProvSSLSession provSSLSession = this.p;
        boolean z8 = provSSLSession != null && provSSLSession.j == tlsSession;
        ProvTlsManager provTlsManager = this.f23053m;
        Logger logger = f23050u;
        if (z8) {
            logger.fine("Server resumed session: ".concat(Hex.c(a9)));
        } else {
            this.p = null;
            logger.fine(TlsUtils.K(a9) ? "Server did not specify a session ID" : "Server specified new session: ".concat(Hex.c(a9)));
            JsseUtils.a(provTlsManager);
        }
        provTlsManager.k(provTlsManager.e().f, this.f23387a.c(), this.f23054o, this.p);
    }

    @Override // org.bouncycastle.tls.TlsPeer
    public final boolean D() {
        return JsseUtils.b;
    }

    /* JADX WARN: Can't fix incorrect switch cases order, some code will duplicate */
    /* JADX WARN: Failed to find 'out' block for switch in B:21:0x004f. Please report as an issue. */
    /* JADX WARN: Removed duplicated region for block: B:33:0x006a  */
    @Override // org.bouncycastle.tls.TlsServer
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public final void F(org.bouncycastle.tls.Certificate r6) throws java.io.IOException {
        /*
            r5 = this;
            org.bouncycastle.jsse.provider.ProvSSLParameters r0 = r5.n
            boolean r1 = r0.f22990d
            r2 = 0
            if (r1 != 0) goto Le
            boolean r1 = r0.e
            if (r1 == 0) goto Lc
            goto Le
        Lc:
            r1 = r2
            goto Lf
        Le:
            r1 = 1
        Lf:
            r3 = 0
            if (r1 == 0) goto L92
            if (r6 == 0) goto L7a
            boolean r1 = r6.d()
            if (r1 == 0) goto L1b
            goto L7a
        L1b:
            org.bouncycastle.tls.crypto.impl.jcajce.JcaTlsCrypto r0 = r5.j()
            java.security.cert.X509Certificate[] r0 = org.bouncycastle.jsse.provider.JsseUtils.s(r0, r6)
            org.bouncycastle.tls.crypto.TlsCertificate r6 = r6.c(r2)
            org.bouncycastle.tls.crypto.impl.jcajce.JcaTlsCertificate r6 = (org.bouncycastle.tls.crypto.impl.jcajce.JcaTlsCertificate) r6
            boolean r1 = r6.k(r2)
            r4 = 7
            if (r1 != 0) goto L32
            r1 = r2
            goto L36
        L32:
            boolean r1 = r6.j(r4)
        L36:
            if (r1 == 0) goto L39
            goto L4d
        L39:
            boolean r1 = r6.k(r2)
            r4 = 8
            if (r1 != 0) goto L42
            goto L46
        L42:
            boolean r2 = r6.j(r4)
        L46:
            if (r2 == 0) goto L49
            goto L4d
        L49:
            short r4 = r6.g()
        L4d:
            if (r4 < 0) goto L72
            switch(r4) {
                case 1: goto L67;
                case 2: goto L64;
                case 3: goto L6a;
                case 4: goto L67;
                case 5: goto L67;
                case 6: goto L67;
                case 7: goto L61;
                case 8: goto L5e;
                case 9: goto L5b;
                case 10: goto L5b;
                case 11: goto L5b;
                default: goto L52;
            }
        L52:
            switch(r4) {
                case 26: goto L6a;
                case 27: goto L6a;
                case 28: goto L6a;
                default: goto L55;
            }
        L55:
            java.lang.IllegalArgumentException r6 = new java.lang.IllegalArgumentException
            r6.<init>()
            throw r6
        L5b:
            java.lang.String r6 = "RSASSA-PSS"
            goto L6c
        L5e:
            java.lang.String r6 = "Ed448"
            goto L6c
        L61:
            java.lang.String r6 = "Ed25519"
            goto L6c
        L64:
            java.lang.String r6 = "DSA"
            goto L6c
        L67:
            java.lang.String r6 = "RSA"
            goto L6c
        L6a:
            java.lang.String r6 = "EC"
        L6c:
            org.bouncycastle.jsse.provider.ProvTlsManager r1 = r5.f23053m
            r1.checkClientTrusted(r0, r6)
            goto L91
        L72:
            org.bouncycastle.tls.TlsFatalAlert r6 = new org.bouncycastle.tls.TlsFatalAlert
            r0 = 43
            r6.<init>(r0, r3, r3)
            throw r6
        L7a:
            boolean r6 = r0.f22990d
            if (r6 == 0) goto L91
            org.bouncycastle.tls.TlsServerContext r6 = r5.f23387a
            boolean r6 = org.bouncycastle.tls.TlsUtils.S(r6)
            if (r6 == 0) goto L89
            r6 = 116(0x74, float:1.63E-43)
            goto L8b
        L89:
            r6 = 40
        L8b:
            org.bouncycastle.tls.TlsFatalAlert r0 = new org.bouncycastle.tls.TlsFatalAlert
            r0.<init>(r6, r3, r3)
            throw r0
        L91:
            return
        L92:
            org.bouncycastle.tls.TlsFatalAlert r6 = new org.bouncycastle.tls.TlsFatalAlert
            r0 = 80
            r6.<init>(r0, r3, r3)
            throw r6
        */
        throw new UnsupportedOperationException("Method not decompiled: org.bouncycastle.jsse.provider.ProvTlsServer.F(org.bouncycastle.tls.Certificate):void");
    }

    @Override // org.bouncycastle.tls.AbstractTlsPeer
    public final int[] G() {
        return this.f23053m.e().f22892a.b(j(), this.n, this.b);
    }

    @Override // org.bouncycastle.tls.AbstractTlsPeer
    public final ProtocolVersion[] H() {
        return this.f23053m.e().f22892a.c(this.n);
    }

    @Override // org.bouncycastle.tls.AbstractTlsServer
    public final int K() {
        int i7;
        Iterator<NamedGroupInfo> it = NamedGroupInfo.a(this.f23054o.f22919a).iterator();
        int i9 = 0;
        while (it.hasNext()) {
            i7 = it.next().f22941a.bitsECDH;
            i9 = Math.max(i9, i7);
        }
        return i9;
    }

    @Override // org.bouncycastle.tls.AbstractTlsServer
    public final int L() {
        int i7;
        Iterator<NamedGroupInfo> it = NamedGroupInfo.a(this.f23054o.f22919a).iterator();
        int i9 = 0;
        while (it.hasNext()) {
            i7 = it.next().f22941a.bitsFFDHE;
            i9 = Math.max(i9, i7);
        }
        if (i9 >= v) {
            return i9;
        }
        return 0;
    }

    @Override // org.bouncycastle.tls.AbstractTlsServer
    public final boolean N() {
        return this.n.f22992h;
    }

    @Override // org.bouncycastle.tls.AbstractTlsServer
    public final boolean O(int i7) throws IOException {
        JcaDefaultTlsCredentialedSigner e;
        String str;
        String str2;
        TlsCredentials tlsCredentials;
        StringBuilder sb;
        Iterator<SignatureSchemeInfo> it;
        JsseSecurityParameters jsseSecurityParameters;
        short s4;
        JsseSecurityParameters jsseSecurityParameters2 = this.f23054o;
        Principal[] principalArr = jsseSecurityParameters2.f22922g;
        int D = TlsUtils.D(i7);
        Logger logger = f23050u;
        ProvSSLParameters provSSLParameters = this.n;
        ProvTlsManager provTlsManager = this.f23053m;
        if (D != 0) {
            if (D == 1 || D == 3 || D == 5 || D == 17 || D == 19) {
                if (1 == D || !TlsUtils.P(this.f23387a.a())) {
                    String g9 = JsseUtils.g(D);
                    if (!this.r.contains(g9)) {
                        BCX509Key c9 = provTlsManager.c(new String[]{g9}, principalArr);
                        if (c9 == null) {
                            this.r.add(g9);
                        } else if (1 == D) {
                            JcaTlsCrypto j = j();
                            ProvX509Key provX509Key = (ProvX509Key) c9;
                            tlsCredentials = new JceDefaultTlsCredentialedDecryptor(j, JsseUtils.i(j, (X509Certificate[]) provX509Key.f23062c.clone()), provX509Key.b);
                        } else {
                            e = JsseUtils.d(this.f23387a, j(), c9, null);
                            tlsCredentials = e;
                        }
                    }
                } else {
                    BCAlgorithmConstraints bCAlgorithmConstraints = provSSLParameters.f;
                    short E = TlsUtils.E(D);
                    LinkedHashMap<String, SignatureSchemeInfo> linkedHashMap = new LinkedHashMap<>();
                    Iterator<SignatureSchemeInfo> it2 = jsseSecurityParameters2.f22921d.iterator();
                    while (it2.hasNext()) {
                        SignatureSchemeInfo next = it2.next();
                        if (TlsUtils.U((short) (next.f23118a.signatureScheme & 255), D)) {
                            SignatureSchemeInfo.All all = next.f23118a;
                            it = it2;
                            String g10 = E == ((short) (all.signatureScheme & 255)) ? JsseUtils.g(D) : all.keyAlgorithm;
                            if (!this.r.contains(g10) && !linkedHashMap.containsKey(g10)) {
                                jsseSecurityParameters = jsseSecurityParameters2;
                                s4 = E;
                                if (next.f(bCAlgorithmConstraints, false, true, jsseSecurityParameters2.f22919a)) {
                                    linkedHashMap.put(g10, next);
                                }
                                it2 = it;
                                E = s4;
                                jsseSecurityParameters2 = jsseSecurityParameters;
                            }
                        } else {
                            it = it2;
                        }
                        jsseSecurityParameters = jsseSecurityParameters2;
                        s4 = E;
                        it2 = it;
                        E = s4;
                        jsseSecurityParameters2 = jsseSecurityParameters;
                    }
                    if (linkedHashMap.isEmpty()) {
                        sb = new StringBuilder("Server (1.2) has no key types to try for KeyExchangeAlgorithm ");
                    } else {
                        BCX509Key c10 = provTlsManager.c((String[]) linkedHashMap.keySet().toArray(TlsUtils.f), principalArr);
                        if (c10 == null) {
                            W(linkedHashMap, null);
                            sb = new StringBuilder("Server (1.2) did not select any credentials for KeyExchangeAlgorithm ");
                        } else {
                            ProvX509Key provX509Key2 = (ProvX509Key) c10;
                            String str3 = provX509Key2.f23061a;
                            W(linkedHashMap, str3);
                            SignatureSchemeInfo signatureSchemeInfo = linkedHashMap.get(str3);
                            if (signatureSchemeInfo == null) {
                                throw new TlsFatalAlert((short) 80, "Key manager returned invalid key type", null);
                            }
                            if (logger.isLoggable(Level.FINE)) {
                                logger.fine("Server (1.2) selected credentials for signature scheme '" + signatureSchemeInfo + "' (keyType '" + str3 + "'), with private key algorithm '" + JsseUtils.m(provX509Key2.b) + "'");
                            }
                            e = JsseUtils.d(this.f23387a, j(), c10, signatureSchemeInfo.d());
                            tlsCredentials = e;
                        }
                    }
                    sb.append(D);
                    logger.fine(sb.toString());
                }
            }
            tlsCredentials = null;
        } else {
            byte[] bArr = TlsUtils.f23561d;
            BCAlgorithmConstraints bCAlgorithmConstraints2 = provSSLParameters.f;
            LinkedHashMap<String, SignatureSchemeInfo> linkedHashMap2 = new LinkedHashMap<>();
            JsseSecurityParameters jsseSecurityParameters3 = jsseSecurityParameters2;
            Iterator<SignatureSchemeInfo> it3 = jsseSecurityParameters3.f22921d.iterator();
            while (it3.hasNext()) {
                SignatureSchemeInfo next2 = it3.next();
                str2 = next2.f23118a.keyType13;
                if (!this.r.contains(str2) && !linkedHashMap2.containsKey(str2)) {
                    JsseSecurityParameters jsseSecurityParameters4 = jsseSecurityParameters3;
                    Iterator<SignatureSchemeInfo> it4 = it3;
                    if (next2.f(bCAlgorithmConstraints2, true, false, jsseSecurityParameters3.f22919a)) {
                        linkedHashMap2.put(str2, next2);
                    }
                    it3 = it4;
                    jsseSecurityParameters3 = jsseSecurityParameters4;
                }
            }
            if (linkedHashMap2.isEmpty()) {
                str = "Server (1.3) found no usable signature schemes";
            } else {
                BCX509Key c11 = provTlsManager.c((String[]) linkedHashMap2.keySet().toArray(TlsUtils.f), principalArr);
                if (c11 == null) {
                    W(linkedHashMap2, null);
                    str = "Server (1.3) did not select any credentials";
                } else {
                    ProvX509Key provX509Key3 = (ProvX509Key) c11;
                    String str4 = provX509Key3.f23061a;
                    W(linkedHashMap2, str4);
                    SignatureSchemeInfo signatureSchemeInfo2 = linkedHashMap2.get(str4);
                    if (signatureSchemeInfo2 == null) {
                        throw new TlsFatalAlert((short) 80, "Key manager returned invalid key type", null);
                    }
                    if (logger.isLoggable(Level.FINE)) {
                        logger.fine("Server (1.3) selected credentials for signature scheme '" + signatureSchemeInfo2 + "' (keyType '" + str4 + "'), with private key algorithm '" + JsseUtils.m(provX509Key3.b) + "'");
                    }
                    e = JsseUtils.e(this.f23387a, j(), c11, signatureSchemeInfo2.d(), bArr);
                    tlsCredentials = e;
                }
            }
            logger.fine(str);
            tlsCredentials = null;
        }
        if (tlsCredentials != null) {
            this.f23392i = i7;
            this.f23056s = tlsCredentials;
            return true;
        }
        logger.finer("Server found no credentials for cipher suite: " + ProvSSLContextSpi.d(i7));
        return false;
    }

    @Override // org.bouncycastle.tls.AbstractTlsServer
    public final int P(int i7) {
        int i9;
        int i10;
        int max = Math.max(i7, v);
        for (NamedGroupInfo namedGroupInfo : NamedGroupInfo.a(this.f23054o.f22919a)) {
            i9 = namedGroupInfo.f22941a.bitsFFDHE;
            if (i9 >= max) {
                i10 = namedGroupInfo.f22941a.namedGroup;
                return i10;
            }
        }
        return -1;
    }

    @Override // org.bouncycastle.tls.AbstractTlsServer
    public final int Q(int i7) {
        int i9;
        int i10;
        for (NamedGroupInfo namedGroupInfo : NamedGroupInfo.a(this.f23054o.f22919a)) {
            i9 = namedGroupInfo.f22941a.bitsECDH;
            if (i9 >= i7) {
                i10 = namedGroupInfo.f22941a.namedGroup;
                return i10;
            }
        }
        return -1;
    }

    @Override // org.bouncycastle.tls.AbstractTlsServer
    public final ProtocolName R() throws IOException {
        ArrayList arrayList;
        ProtocolName protocolName;
        ProvSSLParameters provSSLParameters = this.n;
        if (provSSLParameters.l == null && provSSLParameters.f22995m == null) {
            Vector<ProtocolName> V = V();
            if (V == null || V.isEmpty()) {
                return null;
            }
            Vector vector = this.j;
            int i7 = 0;
            while (true) {
                if (i7 >= V.size()) {
                    protocolName = null;
                    break;
                }
                protocolName = V.elementAt(i7);
                if (vector.contains(protocolName)) {
                    break;
                }
                i7++;
            }
            if (protocolName != null) {
                return protocolName;
            }
            throw new TlsFatalAlert((short) 120, null, null);
        }
        Vector vector2 = this.j;
        boolean z8 = JsseUtils.f22924a;
        if (vector2 == null || vector2.isEmpty()) {
            arrayList = null;
        } else {
            arrayList = new ArrayList(vector2.size());
            Iterator it = vector2.iterator();
            while (it.hasNext()) {
                arrayList.add(Strings.b(((ProtocolName) it.next()).f23434a));
            }
        }
        String l = this.f23053m.l(Collections.unmodifiableList(arrayList));
        if (l == null) {
            throw new TlsFatalAlert((short) 120, null, null);
        }
        if (l.length() < 1) {
            return null;
        }
        if (arrayList.contains(l)) {
            return ProtocolName.a(l);
        }
        throw new TlsFatalAlert((short) 120, null, null);
    }

    @Override // org.bouncycastle.tls.AbstractTlsServer
    public final boolean S() {
        ProvSSLParameters provSSLParameters = this.n;
        return provSSLParameters.l == null && provSSLParameters.f22995m == null;
    }

    public final boolean T() {
        return this.f23054o.f22922g != null;
    }

    @Override // org.bouncycastle.tls.TlsPeer
    /* renamed from: U, reason: merged with bridge method [inline-methods] */
    public final JcaTlsCrypto j() {
        return this.f23053m.e().b;
    }

    public final Vector<ProtocolName> V() {
        return JsseUtils.n((String[]) this.n.f22994k.clone());
    }

    public final void W(LinkedHashMap<String, SignatureSchemeInfo> linkedHashMap, String str) {
        for (Map.Entry<String, SignatureSchemeInfo> entry : linkedHashMap.entrySet()) {
            String key = entry.getKey();
            if (key.equals(str)) {
                return;
            }
            this.r.add(key);
            Level level = Level.FINER;
            Logger logger = f23050u;
            if (logger.isLoggable(level)) {
                logger.finer("Server found no credentials for signature scheme '" + entry.getValue() + "' (keyType '" + key + "')");
            }
        }
    }

    @Override // org.bouncycastle.tls.AbstractTlsServer, org.bouncycastle.tls.TlsServer
    public final ProtocolVersion a() throws IOException {
        ProtocolVersion a9 = super.a();
        f23050u.fine("Server selected protocol version: ".concat(this.f23053m.e().f22892a.o(this.n, a9)));
        return a9;
    }

    @Override // org.bouncycastle.tls.TlsPeer
    public final boolean b() {
        return JsseUtils.e;
    }

    @Override // org.bouncycastle.tls.TlsServer
    public final Hashtable<Integer, byte[]> c() throws IOException {
        boolean S = TlsUtils.S(this.f23387a);
        Hashtable<Integer, byte[]> hashtable = this.l;
        if (!S) {
            if (this.e) {
                if (1 == TlsUtils.B(TlsUtils.A(this.f23392i))) {
                    Integer num = TlsExtensionsUtils.f23515a;
                    hashtable.put(TlsExtensionsUtils.f, TlsUtils.f23561d);
                }
            }
            if (this.f23390g && TlsECCUtils.b(this.f23392i)) {
                TlsExtensionsUtils.d(hashtable, new short[]{0});
            }
            if (this.f23391h != null && T()) {
                Integer num2 = TlsExtensionsUtils.f23515a;
                hashtable.put(TlsExtensionsUtils.f23527u, TlsUtils.f23561d);
            }
        }
        short s4 = this.f;
        if (s4 >= 0) {
            if (s4 >= 1 && s4 <= 4) {
                Integer num3 = TlsExtensionsUtils.f23515a;
                if (!((s4 & 255) == s4)) {
                    throw new TlsFatalAlert((short) 80, null, null);
                }
                hashtable.put(TlsExtensionsUtils.f23520i, new byte[]{(byte) s4});
            }
        }
        if (this.f23055q != null) {
            Integer num4 = TlsExtensionsUtils.f23515a;
            hashtable.put(TlsExtensionsUtils.f23522m, TlsUtils.f23561d);
        }
        return hashtable;
    }

    @Override // org.bouncycastle.jsse.provider.ProvTlsPeer
    public final synchronized boolean d() {
        return this.f23057t;
    }

    @Override // org.bouncycastle.tls.TlsServer
    public final TlsSession e(byte[] bArr) {
        ProvSSLSession a9;
        SessionParameters c9;
        ProvTlsManager provTlsManager = this.f23053m;
        ProvSSLSessionContext provSSLSessionContext = provTlsManager.e().f;
        if (f23051x) {
            synchronized (provSSLSessionContext) {
                provSSLSessionContext.d();
                Map<SessionID, ProvSSLSessionContext.SessionEntry> map = provSSLSessionContext.f23010a;
                SessionID sessionID = TlsUtils.K(bArr) ? null : new SessionID(bArr);
                HashMap hashMap = (HashMap) map;
                hashMap.getClass();
                a9 = provSSLSessionContext.a((ProvSSLSessionContext.SessionEntry) (sessionID == null ? null : hashMap.get(sessionID)));
            }
            if (a9 != null) {
                TlsSession tlsSession = a9.j;
                boolean z8 = false;
                if (tlsSession != null && tlsSession.b()) {
                    ProtocolVersion protocolVersion = this.f23387a.c().M;
                    if (!TlsUtils.R(protocolVersion) && (c9 = tlsSession.c()) != null && protocolVersion.b(c9.e)) {
                        int[] iArr = this.f23388c;
                        int i7 = c9.f23482a;
                        if (Arrays.e(iArr, i7) && Arrays.e(this.f23389d, i7) && c9.j) {
                            BCSNIServerName bCSNIServerName = this.f23055q;
                            BCSNIServerName bCSNIServerName2 = a9.l.b;
                            boolean z9 = JsseUtils.f22924a;
                            if (bCSNIServerName == bCSNIServerName2 || !(bCSNIServerName == null || bCSNIServerName2 == null || !bCSNIServerName.equals(bCSNIServerName2))) {
                                z8 = true;
                            } else {
                                f23050u.finest("Session not resumable - SNI mismatch; connection: " + bCSNIServerName + ", session: " + bCSNIServerName2);
                            }
                        }
                    }
                }
                if (z8) {
                    this.p = a9;
                    return tlsSession;
                }
            }
        }
        JsseUtils.a(provTlsManager);
        return null;
    }

    @Override // org.bouncycastle.tls.TlsPeer
    public final int f() {
        return JsseUtils.f22925c;
    }

    @Override // org.bouncycastle.tls.TlsServer
    public final TlsCredentials h() throws IOException {
        return this.f23056s;
    }

    @Override // org.bouncycastle.tls.TlsPeer
    public final boolean i() {
        return JsseUtils.f;
    }

    /* JADX WARN: Code restructure failed: missing block: B:138:0x019c, code lost:
    
        continue;
     */
    /* JADX WARN: Code restructure failed: missing block: B:169:0x0253, code lost:
    
        throw new java.lang.IllegalStateException("TrustedAuthority is not of type ".concat("x509_name"));
     */
    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r10v0 */
    /* JADX WARN: Type inference failed for: r10v2, types: [byte[]] */
    /* JADX WARN: Type inference failed for: r10v4, types: [org.bouncycastle.asn1.x500.X500Name, org.bouncycastle.asn1.ASN1Object] */
    @Override // org.bouncycastle.tls.TlsServer
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public final void k(java.util.Hashtable r12) throws java.io.IOException {
        /*
            Method dump skipped, instructions count: 600
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: org.bouncycastle.jsse.provider.ProvTlsServer.k(java.util.Hashtable):void");
    }

    @Override // org.bouncycastle.tls.TlsPeer
    public final void m(boolean z8) throws IOException {
        if (!z8 && !PropertyUtils.a("sun.security.ssl.allowLegacyHelloMessages", true)) {
            throw new TlsFatalAlert((short) 40, null, null);
        }
    }

    @Override // org.bouncycastle.tls.TlsPeer
    public final int n() {
        return JsseUtils.f22926d;
    }

    @Override // org.bouncycastle.tls.TlsServer
    public final byte[] o() {
        if (!f23051x || TlsUtils.S(this.f23387a)) {
            return null;
        }
        return this.f23387a.f().a(32);
    }

    @Override // org.bouncycastle.tls.TlsPeer
    public final void p(short s4, short s8, String str, Exception exc) {
        Level level = s4 == 1 ? Level.FINE : s8 == 80 ? Level.WARNING : Level.INFO;
        Logger logger = f23050u;
        if (logger.isLoggable(level)) {
            logger.log(level, n.m(JsseUtils.f("Server raised", s4, s8), ": ", str), (Throwable) exc);
        }
    }

    @Override // org.bouncycastle.tls.TlsPeer
    public final void q(short s4, short s8) {
        Level level = s4 == 1 ? Level.FINE : Level.INFO;
        Logger logger = f23050u;
        if (logger.isLoggable(level)) {
            logger.log(level, JsseUtils.f("Server received", s4, s8));
        }
    }

    @Override // org.bouncycastle.tls.TlsPeer
    public final synchronized void u() throws IOException {
        boolean z8 = true;
        this.f23057t = true;
        TlsSession e = this.f23387a.e();
        ProvSSLSession provSSLSession = this.p;
        if (provSSLSession == null || provSSLSession.j != e) {
            ProvSSLSessionContext provSSLSessionContext = this.f23053m.e().f;
            String peerHost = this.f23053m.getPeerHost();
            int peerPort = this.f23053m.getPeerPort();
            JsseSessionParameters jsseSessionParameters = new JsseSessionParameters(null, this.f23055q);
            if (!f23051x || TlsUtils.S(this.f23387a) || !this.f23387a.b().f23473y) {
                z8 = false;
            }
            this.p = provSSLSessionContext.f(peerHost, peerPort, e, jsseSessionParameters, z8);
        }
        this.f23053m.b(new ProvSSLConnection(this.f23387a, this.p));
    }

    @Override // org.bouncycastle.tls.TlsServer
    public final CertificateRequest w() throws IOException {
        ProvSSLParameters provSSLParameters = this.n;
        if (!(provSSLParameters.f22990d || provSSLParameters.e)) {
            return null;
        }
        ContextData e = this.f23053m.e();
        ProtocolVersion a9 = this.f23387a.a();
        JsseSecurityParameters jsseSecurityParameters = this.f23054o;
        List<SignatureSchemeInfo> a10 = e.a(true, provSSLParameters, new ProtocolVersion[]{a9}, jsseSecurityParameters.f22919a);
        jsseSecurityParameters.b = a10;
        jsseSecurityParameters.f22920c = a10;
        Vector<SignatureAndHashAlgorithm> e9 = SignatureSchemeInfo.e(a10);
        Vector<X500Name> h9 = w ? JsseUtils.h(e.f22894d) : null;
        if (!TlsUtils.R(a9)) {
            return new CertificateRequest(new short[]{64, 1, 2}, e9, h9);
        }
        byte[] bArr = TlsUtils.f23561d;
        List<SignatureSchemeInfo> list = jsseSecurityParameters.b;
        List<SignatureSchemeInfo> list2 = jsseSecurityParameters.f22920c;
        return new CertificateRequest(bArr, e9, list != list2 ? SignatureSchemeInfo.e(list2) : null, h9);
    }

    @Override // org.bouncycastle.tls.TlsPeer
    public final boolean y() {
        return !JsseUtils.f22924a;
    }

    /* JADX WARN: Removed duplicated region for block: B:16:0x0049 A[EXC_TOP_SPLITTER, SYNTHETIC] */
    @Override // org.bouncycastle.tls.AbstractTlsServer, org.bouncycastle.tls.TlsServer
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public final int z() throws java.io.IOException {
        /*
            r9 = this;
            org.bouncycastle.jsse.provider.ProvTlsManager r0 = r9.f23053m
            org.bouncycastle.jsse.provider.ContextData r0 = r0.e()
            org.bouncycastle.tls.TlsServerContext r1 = r9.f23387a
            org.bouncycastle.tls.SecurityParameters r1 = r1.c()
            int[] r2 = r1.F
            org.bouncycastle.jsse.provider.JsseSecurityParameters r3 = r9.f23054o
            org.bouncycastle.jsse.provider.NamedGroupInfo$PerConnection r3 = r3.f22919a
            java.util.logging.Logger r4 = org.bouncycastle.jsse.provider.NamedGroupInfo.f22940d
            java.util.Map<java.lang.Integer, org.bouncycastle.jsse.provider.NamedGroupInfo> r4 = r3.f22943a
            boolean r5 = org.bouncycastle.tls.TlsUtils.L(r2)
            if (r5 == 0) goto L1d
            goto L40
        L1d:
            int r5 = r2.length
            java.util.ArrayList r6 = new java.util.ArrayList
            r6.<init>(r5)
            r7 = 0
        L24:
            if (r7 >= r5) goto L3a
            r8 = r2[r7]
            java.lang.Integer r8 = java.lang.Integer.valueOf(r8)
            java.lang.Object r8 = r4.get(r8)
            org.bouncycastle.jsse.provider.NamedGroupInfo r8 = (org.bouncycastle.jsse.provider.NamedGroupInfo) r8
            if (r8 == 0) goto L37
            r6.add(r8)
        L37:
            int r7 = r7 + 1
            goto L24
        L3a:
            boolean r2 = r6.isEmpty()
            if (r2 == 0) goto L45
        L40:
            java.util.List r6 = java.util.Collections.emptyList()
            goto L48
        L45:
            r6.trimToSize()
        L48:
            monitor-enter(r3)
            r3.f22944c = r6     // Catch: java.lang.Throwable -> Lc1
            monitor-exit(r3)
            java.util.Vector r2 = r1.D
            java.util.Vector r1 = r1.E
            org.bouncycastle.jsse.provider.JsseSecurityParameters r3 = r9.f23054o
            java.util.List r4 = r0.c(r2)
            r3.f22921d = r4
            org.bouncycastle.jsse.provider.JsseSecurityParameters r3 = r9.f23054o
            if (r2 != r1) goto L5f
            java.util.List<org.bouncycastle.jsse.provider.SignatureSchemeInfo> r1 = r3.f22921d
            goto L63
        L5f:
            java.util.List r1 = r0.c(r1)
        L63:
            r3.e = r1
            java.util.logging.Logger r1 = org.bouncycastle.jsse.provider.ProvTlsServer.f23050u
            java.util.logging.Level r2 = java.util.logging.Level.FINEST
            boolean r2 = r1.isLoggable(r2)
            if (r2 == 0) goto L8d
            java.lang.String r2 = "Peer signature_algorithms"
            org.bouncycastle.jsse.provider.JsseSecurityParameters r3 = r9.f23054o
            java.util.List<org.bouncycastle.jsse.provider.SignatureSchemeInfo> r3 = r3.f22921d
            java.lang.String r2 = org.bouncycastle.jsse.provider.JsseUtils.q(r2, r3)
            r1.finest(r2)
            org.bouncycastle.jsse.provider.JsseSecurityParameters r2 = r9.f23054o
            java.util.List<org.bouncycastle.jsse.provider.SignatureSchemeInfo> r3 = r2.e
            java.util.List<org.bouncycastle.jsse.provider.SignatureSchemeInfo> r2 = r2.f22921d
            if (r3 == r2) goto L8d
            java.lang.String r2 = "Peer signature_algorithms_cert"
            java.lang.String r2 = org.bouncycastle.jsse.provider.JsseUtils.q(r2, r3)
            r1.finest(r2)
        L8d:
            org.bouncycastle.jsse.BCX509ExtendedKeyManager r2 = org.bouncycastle.jsse.provider.DummyX509KeyManager.f22906a
            org.bouncycastle.jsse.BCX509ExtendedKeyManager r0 = r0.f22893c
            r3 = 0
            if (r2 == r0) goto Lb9
            java.util.HashSet r0 = new java.util.HashSet
            r0.<init>()
            r9.r = r0
            int r0 = super.z()
            r9.r = r3
            org.bouncycastle.jsse.provider.ProvTlsManager r2 = r9.f23053m
            org.bouncycastle.jsse.provider.ContextData r2 = r2.e()
            org.bouncycastle.jsse.provider.ProvSSLContextSpi r2 = r2.f22892a
            org.bouncycastle.jsse.provider.ProvSSLParameters r3 = r9.n
            java.lang.String r2 = r2.n(r3, r0)
            java.lang.String r3 = "Server selected cipher suite: "
            java.lang.String r2 = r3.concat(r2)
            r1.fine(r2)
            return r0
        Lb9:
            org.bouncycastle.tls.TlsFatalAlert r0 = new org.bouncycastle.tls.TlsFatalAlert
            r1 = 40
            r0.<init>(r1, r3, r3)
            throw r0
        Lc1:
            r0 = move-exception
            monitor-exit(r3)
            throw r0
        */
        throw new UnsupportedOperationException("Method not decompiled: org.bouncycastle.jsse.provider.ProvTlsServer.z():int");
    }
}
