package com.amazon.coral.internal.org.bouncycastle.crypto.tls;

import com.amazon.coral.internal.org.bouncycastle.util.C$Arrays;
import java.io.IOException;
import java.util.Hashtable;
import java.util.Vector;

/* renamed from: com.amazon.coral.internal.org.bouncycastle.crypto.tls.$AbstractTlsServer, reason: invalid class name */
/* loaded from: classes2.dex */
public abstract class C$AbstractTlsServer extends C$AbstractTlsPeer implements C$TlsServer {
    protected C$TlsCipherFactory cipherFactory;
    protected short[] clientECPointFormats;
    protected Hashtable clientExtensions;
    protected C$ProtocolVersion clientVersion;
    protected C$TlsServerContext context;
    protected boolean eccCipherSuitesOffered;
    protected boolean encryptThenMACOffered;
    protected short maxFragmentLengthOffered;
    protected int[] namedCurves;
    protected int[] offeredCipherSuites;
    protected short[] offeredCompressionMethods;
    protected int selectedCipherSuite;
    protected short selectedCompressionMethod;
    protected short[] serverECPointFormats;
    protected Hashtable serverExtensions;
    protected C$ProtocolVersion serverVersion;
    protected Vector supportedSignatureAlgorithms;
    protected boolean truncatedHMacOffered;

    public C$AbstractTlsServer() {
        this(new C$DefaultTlsCipherFactory());
    }

    public C$AbstractTlsServer(C$TlsCipherFactory c$TlsCipherFactory) {
        this.cipherFactory = c$TlsCipherFactory;
    }

    protected boolean allowEncryptThenMAC() {
        return true;
    }

    protected boolean allowTruncatedHMac() {
        return false;
    }

    protected Hashtable checkServerExtensions() {
        Hashtable ensureExtensionsInitialised = C$TlsExtensionsUtils.ensureExtensionsInitialised(this.serverExtensions);
        this.serverExtensions = ensureExtensionsInitialised;
        return ensureExtensionsInitialised;
    }

    @Override // com.amazon.coral.internal.org.bouncycastle.crypto.tls.C$TlsServer
    public C$CertificateRequest getCertificateRequest() throws IOException {
        return null;
    }

    @Override // com.amazon.coral.internal.org.bouncycastle.crypto.tls.C$TlsServer
    public C$CertificateStatus getCertificateStatus() throws IOException {
        return null;
    }

    @Override // com.amazon.coral.internal.org.bouncycastle.crypto.tls.C$TlsPeer
    public C$TlsCipher getCipher() throws IOException {
        return this.cipherFactory.createCipher(this.context, C$TlsUtils.getEncryptionAlgorithm(this.selectedCipherSuite), C$TlsUtils.getMACAlgorithm(this.selectedCipherSuite));
    }

    protected abstract int[] getCipherSuites();

    @Override // com.amazon.coral.internal.org.bouncycastle.crypto.tls.C$TlsPeer
    public C$TlsCompression getCompression() throws IOException {
        switch (this.selectedCompressionMethod) {
            case 0:
                return new C$TlsNullCompression();
            default:
                throw new C$TlsFatalAlert((short) 80);
        }
    }

    protected short[] getCompressionMethods() {
        return new short[]{0};
    }

    protected C$ProtocolVersion getMaximumVersion() {
        return C$ProtocolVersion.TLSv11;
    }

    protected C$ProtocolVersion getMinimumVersion() {
        return C$ProtocolVersion.TLSv10;
    }

    @Override // com.amazon.coral.internal.org.bouncycastle.crypto.tls.C$TlsServer
    public C$NewSessionTicket getNewSessionTicket() throws IOException {
        return new C$NewSessionTicket(0L, C$TlsUtils.EMPTY_BYTES);
    }

    @Override // com.amazon.coral.internal.org.bouncycastle.crypto.tls.C$TlsServer
    public int getSelectedCipherSuite() throws IOException {
        boolean supportsClientECCCapabilities = supportsClientECCCapabilities(this.namedCurves, this.clientECPointFormats);
        for (int i : getCipherSuites()) {
            if (C$Arrays.contains(this.offeredCipherSuites, i) && ((supportsClientECCCapabilities || !C$TlsECCUtils.isECCCipherSuite(i)) && C$TlsUtils.isValidCipherSuiteForVersion(i, this.serverVersion))) {
                this.selectedCipherSuite = i;
                return i;
            }
        }
        throw new C$TlsFatalAlert((short) 40);
    }

    @Override // com.amazon.coral.internal.org.bouncycastle.crypto.tls.C$TlsServer
    public short getSelectedCompressionMethod() throws IOException {
        short[] compressionMethods = getCompressionMethods();
        for (int i = 0; i < compressionMethods.length; i++) {
            if (C$Arrays.contains(this.offeredCompressionMethods, compressionMethods[i])) {
                short s = compressionMethods[i];
                this.selectedCompressionMethod = s;
                return s;
            }
        }
        throw new C$TlsFatalAlert((short) 40);
    }

    @Override // com.amazon.coral.internal.org.bouncycastle.crypto.tls.C$TlsServer
    public Hashtable getServerExtensions() throws IOException {
        if (this.encryptThenMACOffered && allowEncryptThenMAC() && C$TlsUtils.isBlockCipherSuite(this.selectedCipherSuite)) {
            C$TlsExtensionsUtils.addEncryptThenMACExtension(checkServerExtensions());
        }
        if (this.maxFragmentLengthOffered >= 0 && C$MaxFragmentLength.isValid(this.maxFragmentLengthOffered)) {
            C$TlsExtensionsUtils.addMaxFragmentLengthExtension(checkServerExtensions(), this.maxFragmentLengthOffered);
        }
        if (this.truncatedHMacOffered && allowTruncatedHMac()) {
            C$TlsExtensionsUtils.addTruncatedHMacExtension(checkServerExtensions());
        }
        if (this.clientECPointFormats != null && C$TlsECCUtils.isECCCipherSuite(this.selectedCipherSuite)) {
            this.serverECPointFormats = new short[]{0, 1, 2};
            C$TlsECCUtils.addSupportedPointFormatsExtension(checkServerExtensions(), this.serverECPointFormats);
        }
        return this.serverExtensions;
    }

    @Override // com.amazon.coral.internal.org.bouncycastle.crypto.tls.C$TlsServer
    public Vector getServerSupplementalData() throws IOException {
        return null;
    }

    @Override // com.amazon.coral.internal.org.bouncycastle.crypto.tls.C$TlsServer
    public C$ProtocolVersion getServerVersion() throws IOException {
        if (getMinimumVersion().isEqualOrEarlierVersionOf(this.clientVersion)) {
            C$ProtocolVersion maximumVersion = getMaximumVersion();
            if (this.clientVersion.isEqualOrEarlierVersionOf(maximumVersion)) {
                C$ProtocolVersion c$ProtocolVersion = this.clientVersion;
                this.serverVersion = c$ProtocolVersion;
                return c$ProtocolVersion;
            }
            if (this.clientVersion.isLaterVersionOf(maximumVersion)) {
                this.serverVersion = maximumVersion;
                return maximumVersion;
            }
        }
        throw new C$TlsFatalAlert((short) 70);
    }

    @Override // com.amazon.coral.internal.org.bouncycastle.crypto.tls.C$TlsServer
    public void init(C$TlsServerContext c$TlsServerContext) {
        this.context = c$TlsServerContext;
    }

    @Override // com.amazon.coral.internal.org.bouncycastle.crypto.tls.C$TlsServer
    public void notifyClientCertificate(C$Certificate c$Certificate) throws IOException {
        throw new C$TlsFatalAlert((short) 80);
    }

    @Override // com.amazon.coral.internal.org.bouncycastle.crypto.tls.C$TlsServer
    public void notifyClientVersion(C$ProtocolVersion c$ProtocolVersion) throws IOException {
        this.clientVersion = c$ProtocolVersion;
    }

    @Override // com.amazon.coral.internal.org.bouncycastle.crypto.tls.C$TlsServer
    public void notifyFallback(boolean z) throws IOException {
        if (z && getMaximumVersion().isLaterVersionOf(this.clientVersion)) {
            throw new C$TlsFatalAlert((short) 86);
        }
    }

    @Override // com.amazon.coral.internal.org.bouncycastle.crypto.tls.C$TlsServer
    public void notifyOfferedCipherSuites(int[] iArr) throws IOException {
        this.offeredCipherSuites = iArr;
        this.eccCipherSuitesOffered = C$TlsECCUtils.containsECCCipherSuites(this.offeredCipherSuites);
    }

    @Override // com.amazon.coral.internal.org.bouncycastle.crypto.tls.C$TlsServer
    public void notifyOfferedCompressionMethods(short[] sArr) throws IOException {
        this.offeredCompressionMethods = sArr;
    }

    @Override // com.amazon.coral.internal.org.bouncycastle.crypto.tls.C$TlsServer
    public void processClientExtensions(Hashtable hashtable) throws IOException {
        this.clientExtensions = hashtable;
        if (hashtable != null) {
            this.encryptThenMACOffered = C$TlsExtensionsUtils.hasEncryptThenMACExtension(hashtable);
            this.maxFragmentLengthOffered = C$TlsExtensionsUtils.getMaxFragmentLengthExtension(hashtable);
            if (this.maxFragmentLengthOffered >= 0 && !C$MaxFragmentLength.isValid(this.maxFragmentLengthOffered)) {
                throw new C$TlsFatalAlert((short) 47);
            }
            this.truncatedHMacOffered = C$TlsExtensionsUtils.hasTruncatedHMacExtension(hashtable);
            this.supportedSignatureAlgorithms = C$TlsUtils.getSignatureAlgorithmsExtension(hashtable);
            if (this.supportedSignatureAlgorithms != null && !C$TlsUtils.isSignatureAlgorithmsExtensionAllowed(this.clientVersion)) {
                throw new C$TlsFatalAlert((short) 47);
            }
            this.namedCurves = C$TlsECCUtils.getSupportedEllipticCurvesExtension(hashtable);
            this.clientECPointFormats = C$TlsECCUtils.getSupportedPointFormatsExtension(hashtable);
        }
    }

    @Override // com.amazon.coral.internal.org.bouncycastle.crypto.tls.C$TlsServer
    public void processClientSupplementalData(Vector vector) throws IOException {
        if (vector != null) {
            throw new C$TlsFatalAlert((short) 10);
        }
    }

    protected boolean supportsClientECCCapabilities(int[] iArr, short[] sArr) {
        if (iArr == null) {
            return C$TlsECCUtils.hasAnySupportedNamedCurves();
        }
        for (int i : iArr) {
            if (C$NamedCurve.isValid(i) && (!C$NamedCurve.refersToASpecificNamedCurve(i) || C$TlsECCUtils.isSupportedNamedCurve(i))) {
                return true;
            }
        }
        return false;
    }
}
