package fm.icelink;

import android.support.v4.view.MotionEventCompat;
import fm.ArrayExtensions;
import fm.BitAssistant;
import fm.ByteInputStream;
import fm.ByteOutputStream;
import fm.IntegerExtensions;
import fm.Log;
import fm.NetworkBuffer;
import java.util.ArrayList;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: classes.dex */
public class DTLSServerProtocol extends DTLSProtocol {
    private boolean _verifyRequests;

    public DTLSServerProtocol() {
        setVerifyRequests(true);
    }

    public static TLSSigner createTlsSigner(int i) {
        if (i != 1) {
            throw new Exception("Unsupported client certificate type.");
        }
        return new TLSRsaSigner();
    }

    private void notifyClientCertificateReceived(DTLSServerHandshakeState dTLSServerHandshakeState, TLSCertificate tLSCertificate) {
        if (dTLSServerHandshakeState.getCertificateRequest() == null) {
            throw new Exception("Certificate request cannot be null.");
        }
        if (dTLSServerHandshakeState.getClientCertificate() != null) {
            throw new TLSFatalAlert(10);
        }
        dTLSServerHandshakeState.setClientCertificate(tLSCertificate);
        if (ArrayExtensions.getLength(tLSCertificate.getCertificates()) == 0) {
            dTLSServerHandshakeState.getKeyExchange().skipClientCredentials();
        } else {
            dTLSServerHandshakeState.setClientCertificateType(TLSProtocol.getClientCertificateType(tLSCertificate, dTLSServerHandshakeState.getServerCredentials().getCertificate()));
            dTLSServerHandshakeState.getKeyExchange().processClientCertificate(tLSCertificate);
        }
        dTLSServerHandshakeState.getServer().notifyClientCertificateReceived(tLSCertificate);
    }

    public DTLSTransport accept(DTLSServer dTLSServer, DTLSDatagramTransport dTLSDatagramTransport) {
        if (dTLSServer == null) {
            throw new Exception("Server cannot be null.");
        }
        if (dTLSDatagramTransport == null) {
            throw new Exception("Transport cannot be null.");
        }
        DTLSServerHandshakeState dTLSServerHandshakeState = new DTLSServerHandshakeState();
        dTLSServerHandshakeState.setServer(dTLSServer);
        dTLSServerHandshakeState.setServerContext(dTLSServer.getContext());
        DTLSRecordLayer dTLSRecordLayer = new DTLSRecordLayer(dTLSDatagramTransport, dTLSServerHandshakeState.getServerContext(), dTLSServer, 22);
        try {
            return serverHandshake(dTLSServerHandshakeState, dTLSRecordLayer);
        } catch (TLSFatalAlert e) {
            dTLSRecordLayer.fail(e.getAlertDescription());
            throw e;
        } catch (Exception e2) {
            dTLSRecordLayer.fail(80);
            throw e2;
        }
    }

    protected boolean expectCertificateVerifyMessage(DTLSServerHandshakeState dTLSServerHandshakeState) {
        return dTLSServerHandshakeState.getClientCertificateType() >= 0 && TLSProtocol.hasSigningCapability(dTLSServerHandshakeState.getClientCertificateType());
    }

    protected byte[] generateCertificateRequest(DTLSServerHandshakeState dTLSServerHandshakeState, TLSCertificateRequest tLSCertificateRequest) {
        ByteOutputStream byteOutputStream = new ByteOutputStream();
        tLSCertificateRequest.writeTo(byteOutputStream);
        return byteOutputStream.toArray();
    }

    protected byte[] generateNewSessionTicket(DTLSServerHandshakeState dTLSServerHandshakeState, TLSNewSessionTicket tLSNewSessionTicket) {
        ByteOutputStream byteOutputStream = new ByteOutputStream();
        tLSNewSessionTicket.writeTo(byteOutputStream);
        return byteOutputStream.toArray();
    }

    protected byte[] generateServerHello(DTLSServerHandshakeState dTLSServerHandshakeState) {
        ByteOutputStream byteOutputStream = new ByteOutputStream();
        TLSProtocolVersion serverVersion = dTLSServerHandshakeState.getServer().getServerVersion();
        if (!serverVersion.isEqualOrEarlierVersionOf(dTLSServerHandshakeState.getServerContext().getClientVersion())) {
            throw new TLSFatalAlert(80);
        }
        dTLSServerHandshakeState.getServerContext().setServerVersion(serverVersion);
        TLSNetworkBuffer.writeVersion(dTLSServerHandshakeState.getServerContext().getServerVersion(), byteOutputStream);
        byteOutputStream.writeBuffer(dTLSServerHandshakeState.getServerContext().getSecurityParameters().getServerRandom());
        NetworkBuffer.writeStreamOpaque8(new byte[0], byteOutputStream);
        dTLSServerHandshakeState.setSelectedCipherSuite(dTLSServerHandshakeState.getServer().getSelectedCipherSuite());
        if (!TLSProtocol.arrayContains(dTLSServerHandshakeState.getOfferedCipherSuites(), dTLSServerHandshakeState.getSelectedCipherSuite()) || dTLSServerHandshakeState.getSelectedCipherSuite() == 0 || dTLSServerHandshakeState.getSelectedCipherSuite() == 255) {
            throw new TLSFatalAlert(80);
        }
        DTLSProtocol.validateSelectedCipherSuite(dTLSServerHandshakeState.getSelectedCipherSuite(), 80);
        dTLSServerHandshakeState.setSelectedCompressionMethod(dTLSServerHandshakeState.getServer().getSelectedCompressionMethod());
        if (!TLSProtocol.arrayContains(dTLSServerHandshakeState.getOfferedCompressionMethods(), dTLSServerHandshakeState.getSelectedCompressionMethod())) {
            throw new TLSFatalAlert(80);
        }
        NetworkBuffer.writeStream16(dTLSServerHandshakeState.getSelectedCipherSuite(), byteOutputStream);
        NetworkBuffer.writeStream8(dTLSServerHandshakeState.getSelectedCompressionMethod(), byteOutputStream);
        dTLSServerHandshakeState.setServerExtensions(dTLSServerHandshakeState.getServer().getServerExtensions());
        if (dTLSServerHandshakeState.getSecureRenegotiation() && (dTLSServerHandshakeState.getServerExtensions() == null || !dTLSServerHandshakeState.getServerExtensions().containsKey(IntegerExtensions.toString(65281)))) {
            if (dTLSServerHandshakeState.getServerExtensions() == null) {
                dTLSServerHandshakeState.setServerExtensions(new TLSDictionary());
            }
            dTLSServerHandshakeState.getServerExtensions().set(IntegerExtensions.toString(65281), TLSProtocol.createRenegotiationInfo(new byte[0]));
        }
        if (dTLSServerHandshakeState.getServerExtensions() != null) {
            dTLSServerHandshakeState.setExpectSessionTicket(dTLSServerHandshakeState.getServerExtensions().containsKey(IntegerExtensions.toString(35)));
            TLSProtocol.writeExtensions(byteOutputStream, dTLSServerHandshakeState.getServerExtensions());
        }
        return byteOutputStream.toArray();
    }

    public boolean getVerifyRequests() {
        return this._verifyRequests;
    }

    protected void processCertificateVerify(DTLSServerHandshakeState dTLSServerHandshakeState, byte[] bArr, byte[] bArr2) {
        ByteInputStream byteInputStream = new ByteInputStream(bArr);
        byte[] readStreamOpaque16 = NetworkBuffer.readStreamOpaque16(byteInputStream);
        TLSProtocol.assertEmpty(byteInputStream);
        try {
            if (createTlsSigner(dTLSServerHandshakeState.getClientCertificateType()).verifyRawSignature(readStreamOpaque16, Certificate.fromX509(dTLSServerHandshakeState.getClientCertificate().getCertificates()[0]).getKey(), bArr2)) {
            } else {
                throw new Exception("Invalid certificate verify signature.");
            }
        } catch (Exception e) {
            throw new TLSFatalAlert(51);
        }
    }

    protected void processClientCertificate(DTLSServerHandshakeState dTLSServerHandshakeState, byte[] bArr) {
        ByteInputStream byteInputStream = new ByteInputStream(bArr);
        TLSCertificate readFrom = TLSCertificate.readFrom(byteInputStream);
        TLSProtocol.assertEmpty(byteInputStream);
        notifyClientCertificateReceived(dTLSServerHandshakeState, readFrom);
    }

    protected void processClientHello(DTLSServerHandshakeState dTLSServerHandshakeState, byte[] bArr) {
        byte[] bArr2;
        ByteInputStream byteInputStream = new ByteInputStream(bArr);
        TLSProtocolVersion readVersion = TLSNetworkBuffer.readVersion(byteInputStream);
        if (!readVersion.isDtls()) {
            throw new TLSFatalAlert(47);
        }
        byte[] readStream = NetworkBuffer.readStream(32, byteInputStream);
        if (ArrayExtensions.getLength(NetworkBuffer.readStreamOpaque8(byteInputStream)) > 32) {
            throw new TLSFatalAlert(47);
        }
        NetworkBuffer.readStreamOpaque8(byteInputStream);
        int readStream16 = NetworkBuffer.readStream16(byteInputStream);
        if (readStream16 < 2 || (readStream16 & 1) != 0) {
            throw new TLSFatalAlert(50);
        }
        int[] iArr = new int[readStream16 / 2];
        for (int i = 0; i < ArrayExtensions.getLength(iArr); i++) {
            iArr[i] = NetworkBuffer.readStream16(byteInputStream);
        }
        dTLSServerHandshakeState.setOfferedCipherSuites(iArr);
        int readStream8 = NetworkBuffer.readStream8(byteInputStream);
        if (readStream8 < 1) {
            throw new TLSFatalAlert(47);
        }
        int[] iArr2 = new int[readStream8];
        for (int i2 = 0; i2 < ArrayExtensions.getLength(iArr2); i2++) {
            iArr2[i2] = NetworkBuffer.readStream8(byteInputStream);
        }
        dTLSServerHandshakeState.setOfferedCompressionMethods(iArr2);
        dTLSServerHandshakeState.setClientExtensions(TLSProtocol.readExtensions(byteInputStream));
        dTLSServerHandshakeState.getServerContext().setClientVersion(readVersion);
        dTLSServerHandshakeState.getServer().notifyClientVersionReceived(readVersion);
        dTLSServerHandshakeState.getServerContext().getSecurityParameters().setClientRandom(readStream);
        dTLSServerHandshakeState.getServer().notifyCipherSuitesReceived(dTLSServerHandshakeState.getOfferedCipherSuites());
        dTLSServerHandshakeState.getServer().notifyCompressionMethodsReceived(dTLSServerHandshakeState.getOfferedCompressionMethods());
        if (TLSProtocol.arrayContains(dTLSServerHandshakeState.getOfferedCipherSuites(), MotionEventCompat.ACTION_MASK)) {
            dTLSServerHandshakeState.setSecureRenegotiation(true);
        }
        if (dTLSServerHandshakeState.getClientExtensions() != null && (bArr2 = (byte[]) dTLSServerHandshakeState.getClientExtensions().get(IntegerExtensions.toString(65281))) != null) {
            dTLSServerHandshakeState.setSecureRenegotiation(true);
            if (!BitAssistant.sequencesAreEqualConstantTime(bArr2, TLSProtocol.createRenegotiationInfo(new byte[0]))) {
                throw new TLSFatalAlert(40);
            }
        }
        dTLSServerHandshakeState.getServer().notifySecureRenegotiationReceived(dTLSServerHandshakeState.getSecureRenegotiation());
        if (dTLSServerHandshakeState.getClientExtensions() != null) {
            dTLSServerHandshakeState.getServer().processClientExtensions(dTLSServerHandshakeState.getClientExtensions());
        }
    }

    protected void processClientKeyExchange(DTLSServerHandshakeState dTLSServerHandshakeState, byte[] bArr) {
        ByteInputStream byteInputStream = new ByteInputStream(bArr);
        dTLSServerHandshakeState.getKeyExchange().processClientKeyExchange(byteInputStream);
        TLSProtocol.assertEmpty(byteInputStream);
        TLSProtocol.establishMasterSecret(dTLSServerHandshakeState.getServerContext(), dTLSServerHandshakeState.getKeyExchange());
    }

    protected void processClientSupplementalData(DTLSServerHandshakeState dTLSServerHandshakeState, byte[] bArr) {
        dTLSServerHandshakeState.getServer().processClientSupplementalData(TLSProtocol.readSupplementalDataMessage(new ByteInputStream(bArr)));
    }

    public DTLSTransport serverHandshake(DTLSServerHandshakeState dTLSServerHandshakeState, DTLSRecordLayer dTLSRecordLayer) {
        TLSSecurityParameters securityParameters = dTLSServerHandshakeState.getServerContext().getSecurityParameters();
        DTLSReliableHandshake dTLSReliableHandshake = new DTLSReliableHandshake(dTLSServerHandshakeState.getServerContext(), dTLSRecordLayer);
        Log.debug("Receiving DTLS client message (expecting client hello)...");
        DTLSReliableHandshakeMessage receiveMessage = dTLSReliableHandshake.receiveMessage();
        dTLSServerHandshakeState.getServerContext().setClientVersion(dTLSRecordLayer.getDiscoveredPeerVersion());
        if (receiveMessage.getMessageType() != 1) {
            throw new TLSFatalAlert(10);
        }
        Log.debug("Received DTLS client hello.");
        processClientHello(dTLSServerHandshakeState, receiveMessage.getBody());
        byte[] generateServerHello = generateServerHello(dTLSServerHandshakeState);
        Log.debug("Sending DTLS server hello...");
        dTLSReliableHandshake.sendMessage(2, generateServerHello);
        securityParameters.setPrfAlgorithm(TLSProtocol.getPrfAlgorithm(dTLSServerHandshakeState.getSelectedCipherSuite()));
        securityParameters.setCompressionAlgorithm(dTLSServerHandshakeState.getSelectedCompressionMethod());
        securityParameters.setVerifyDataLength(12);
        dTLSReliableHandshake.notifyHelloComplete();
        ArrayList serverSupplementalData = dTLSServerHandshakeState.getServer().getServerSupplementalData();
        if (serverSupplementalData != null) {
            byte[] generateSupplementalData = DTLSProtocol.generateSupplementalData(serverSupplementalData);
            Log.debug("Sending DTLS supplemental data...");
            dTLSReliableHandshake.sendMessage(23, generateSupplementalData);
        }
        dTLSServerHandshakeState.setKeyExchange(dTLSServerHandshakeState.getServer().getKeyExchange());
        dTLSServerHandshakeState.setServerCredentials(dTLSServerHandshakeState.getServer().getCredentials());
        if (dTLSServerHandshakeState.getServerCredentials() == null) {
            dTLSServerHandshakeState.getKeyExchange().skipServerCredentials();
        } else {
            dTLSServerHandshakeState.getKeyExchange().processServerCredentials(dTLSServerHandshakeState.getServerCredentials());
            byte[] generateCertificate = DTLSProtocol.generateCertificate(dTLSServerHandshakeState.getServerCredentials().getCertificate());
            Log.debug("Sending DTLS certificate...");
            dTLSReliableHandshake.sendMessage(11, generateCertificate);
        }
        byte[] generateServerKeyExchange = dTLSServerHandshakeState.getKeyExchange().generateServerKeyExchange();
        if (generateServerKeyExchange != null) {
            Log.debug("Sending DTLS server key exchange...");
            dTLSReliableHandshake.sendMessage(12, generateServerKeyExchange);
        }
        if (dTLSServerHandshakeState.getServerCredentials() != null) {
            dTLSServerHandshakeState.setCertificateRequest(dTLSServerHandshakeState.getServer().getCertificateRequest());
            if (dTLSServerHandshakeState.getCertificateRequest() != null) {
                dTLSServerHandshakeState.getKeyExchange().validateCertificateRequest(dTLSServerHandshakeState.getCertificateRequest());
                byte[] generateCertificateRequest = generateCertificateRequest(dTLSServerHandshakeState, dTLSServerHandshakeState.getCertificateRequest());
                Log.debug("Sending DTLS certificate request...");
                dTLSReliableHandshake.sendMessage(13, generateCertificateRequest);
            }
        }
        Log.debug("Sending DTLS server hello done...");
        dTLSReliableHandshake.sendMessage(14, new byte[0]);
        if (dTLSServerHandshakeState.getCertificateRequest() == null) {
            Log.debug("Receiving DTLS client message (expecting supplemental data or client key exchange)...");
        } else {
            Log.debug("Receiving DTLS client message (expecting supplemental data, certificate, or client key exchange)...");
        }
        DTLSReliableHandshakeMessage receiveMessage2 = dTLSReliableHandshake.receiveMessage();
        if (receiveMessage2.getMessageType() == 23) {
            Log.debug("Received DTLS supplemental data.");
            processClientSupplementalData(dTLSServerHandshakeState, receiveMessage2.getBody());
            if (dTLSServerHandshakeState.getCertificateRequest() == null) {
                Log.debug("Receiving DTLS client message (expecting client key exchange)...");
            } else {
                Log.debug("Receiving DTLS client message (expecting certificate or client key exchange)...");
            }
            receiveMessage2 = dTLSReliableHandshake.receiveMessage();
        } else {
            dTLSServerHandshakeState.getServer().processClientSupplementalData(null);
        }
        if (dTLSServerHandshakeState.getCertificateRequest() == null) {
            dTLSServerHandshakeState.getKeyExchange().skipClientCredentials();
        } else if (receiveMessage2.getMessageType() == 11) {
            Log.debug("Received DTLS certificate.");
            processClientCertificate(dTLSServerHandshakeState, receiveMessage2.getBody());
            Log.debug("Receiving DTLS client message (expecting client key exchange)...");
            receiveMessage2 = dTLSReliableHandshake.receiveMessage();
        } else {
            if (TLSProtocolVersion.getTls12().isEqualOrEarlierVersionOf(dTLSServerHandshakeState.getServerContext().getServerVersion().getEquivalentTlsVersion())) {
                throw new TLSFatalAlert(10);
            }
            notifyClientCertificateReceived(dTLSServerHandshakeState, TLSCertificate.getEmptyChain());
        }
        if (receiveMessage2.getMessageType() != 16) {
            throw new TLSFatalAlert(10);
        }
        Log.debug("Received DTLS client key exchange.");
        processClientKeyExchange(dTLSServerHandshakeState, receiveMessage2.getBody());
        dTLSRecordLayer.initPendingEpoch(dTLSServerHandshakeState.getServer().getCipher());
        if (expectCertificateVerifyMessage(dTLSServerHandshakeState)) {
            byte[] currentHash = dTLSReliableHandshake.getCurrentHash();
            Log.debug("Receiving DTLS client message (expecting certificate verify)...");
            DTLSReliableHandshakeMessage receiveMessage3 = dTLSReliableHandshake.receiveMessage();
            if (receiveMessage3.getMessageType() != 15) {
                throw new TLSFatalAlert(10);
            }
            Log.debug("Received DTLS certificate verify.");
            processCertificateVerify(dTLSServerHandshakeState, receiveMessage3.getBody(), currentHash);
        }
        byte[] currentHash2 = dTLSReliableHandshake.getCurrentHash();
        Log.debug("Receiving DTLS client message (expecting finished)...");
        DTLSReliableHandshakeMessage receiveMessage4 = dTLSReliableHandshake.receiveMessage();
        if (receiveMessage4.getMessageType() != 20) {
            throw new TLSFatalAlert(10);
        }
        Log.debug("Received DTLS finished.");
        super.processFinished(receiveMessage4.getBody(), dTLSServerHandshakeState.getServerContext().calculateVerifyData("client finished", currentHash2));
        if (dTLSServerHandshakeState.getExpectSessionTicket()) {
            byte[] generateNewSessionTicket = generateNewSessionTicket(dTLSServerHandshakeState, dTLSServerHandshakeState.getServer().getNewSessionTicket());
            Log.debug("Sending DTLS session ticket...");
            dTLSReliableHandshake.sendMessage(4, generateNewSessionTicket);
        }
        byte[] calculateVerifyData = dTLSServerHandshakeState.getServerContext().calculateVerifyData("server finished", dTLSReliableHandshake.getCurrentHash());
        Log.debug("Sending DTLS finished...");
        dTLSReliableHandshake.sendMessage(20, calculateVerifyData);
        dTLSReliableHandshake.finish();
        dTLSServerHandshakeState.getServer().notifyHandshakeCompleted();
        return new DTLSTransport(dTLSRecordLayer);
    }

    public void setVerifyRequests(boolean z) {
        this._verifyRequests = z;
    }
}
