package org.bouncycastle.tls.test;

import java.io.IOException;
import java.security.SecureRandom;
import java.util.Vector;
import org.bouncycastle.asn1.x500.X500Name;
import org.bouncycastle.tls.Certificate;
import org.bouncycastle.tls.CertificateRequest;
import org.bouncycastle.tls.DefaultTlsServer;
import org.bouncycastle.tls.ProtocolVersion;
import org.bouncycastle.tls.TlsCredentialedDecryptor;
import org.bouncycastle.tls.TlsCredentialedSigner;
import org.bouncycastle.tls.TlsFatalAlert;
import org.bouncycastle.tls.TlsUtils;
import org.bouncycastle.tls.crypto.TlsCertificate;
import org.bouncycastle.tls.crypto.TlsCrypto;
import org.bouncycastle.tls.crypto.impl.bc.BcTlsCrypto;
import org.bouncycastle.util.encoders.Hex;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: input_file:org/bouncycastle/tls/test/TlsTestServerImpl.class */
public class TlsTestServerImpl extends DefaultTlsServer {
    protected final TlsTestConfig config;
    protected int firstFatalAlertConnectionEnd;
    protected short firstFatalAlertDescription;
    byte[] tlsServerEndPoint;
    byte[] tlsUnique;

    /* JADX INFO: Access modifiers changed from: package-private */
    public TlsTestServerImpl(TlsTestConfig tlsTestConfig) {
        super(new BcTlsCrypto(new SecureRandom()));
        this.firstFatalAlertConnectionEnd = -1;
        this.firstFatalAlertDescription = (short) -1;
        this.tlsServerEndPoint = null;
        this.tlsUnique = null;
        this.config = tlsTestConfig;
    }

    int getFirstFatalAlertConnectionEnd() {
        return this.firstFatalAlertConnectionEnd;
    }

    short getFirstFatalAlertDescription() {
        return this.firstFatalAlertDescription;
    }

    public TlsCrypto getCrypto() {
        switch (this.config.serverCrypto) {
            case 1:
                return TlsTestSuite.JCA_CRYPTO;
            default:
                return TlsTestSuite.BC_CRYPTO;
        }
    }

    public void notifyAlertRaised(short s, short s2, String str, Throwable th) {
        if (s == 2 && this.firstFatalAlertConnectionEnd == -1) {
            this.firstFatalAlertConnectionEnd = 0;
            this.firstFatalAlertDescription = s2;
        }
    }

    public void notifyAlertReceived(short s, short s2) {
        if (s == 2 && this.firstFatalAlertConnectionEnd == -1) {
            this.firstFatalAlertConnectionEnd = 1;
            this.firstFatalAlertDescription = s2;
        }
    }

    public void notifyHandshakeComplete() throws IOException {
        super.notifyHandshakeComplete();
        this.tlsServerEndPoint = this.context.exportChannelBinding(0);
        this.tlsUnique = this.context.exportChannelBinding(1);
    }

    public ProtocolVersion getServerVersion() throws IOException {
        return null != this.config.serverNegotiateVersion ? this.config.serverNegotiateVersion : super.getServerVersion();
    }

    public CertificateRequest getCertificateRequest() throws IOException {
        if (this.config.serverCertReq == 0) {
            return null;
        }
        short[] sArr = {1, 2, 64};
        Vector vector = null;
        if (TlsUtils.isSignatureAlgorithmsExtensionAllowed(this.context.getServerVersion())) {
            vector = this.config.serverCertReqSigAlgs;
            if (vector == null) {
                vector = TlsUtils.getDefaultSupportedSignatureAlgorithms(this.context);
            }
        }
        Vector vector2 = new Vector();
        vector2.addElement(new X500Name("CN=BouncyCastle TLS Test CA"));
        return new CertificateRequest(sArr, vector, vector2);
    }

    public void notifyClientCertificate(Certificate certificate) throws IOException {
        boolean z = certificate == null || certificate.isEmpty();
        if (z != (this.config.clientAuth == 0)) {
            throw new IllegalStateException();
        }
        if (z && this.config.serverCertReq == 2) {
            throw new TlsFatalAlert(TlsUtils.isTLSv13(this.context) ? (short) 116 : (short) 40);
        }
        TlsCertificate[] certificateList = certificate.getCertificateList();
        if (z) {
            return;
        }
        TlsCertificate[] trustedCertPath = TlsTestUtils.getTrustedCertPath(this.context.getCrypto(), certificateList[0], new String[]{"x509-client-dsa.pem", "x509-client-ecdh.pem", "x509-client-ecdsa.pem", "x509-client-ed25519.pem", "x509-client-ed448.pem", "x509-client-rsa_pss_256.pem", "x509-client-rsa_pss_384.pem", "x509-client-rsa_pss_512.pem", "x509-client-rsa.pem"});
        if (null == trustedCertPath) {
            throw new TlsFatalAlert((short) 42);
        }
        if (this.config.serverCheckSigAlgOfClientCerts) {
            TlsUtils.checkPeerSigAlgs(this.context, trustedCertPath);
        }
    }

    protected Vector getSupportedSignatureAlgorithms() {
        if (!TlsUtils.isTLSv12(this.context) || this.config.serverAuthSigAlg == null) {
            return this.context.getSecurityParametersHandshake().getClientSigAlgs();
        }
        Vector vector = new Vector(1);
        vector.addElement(this.config.serverAuthSigAlg);
        return vector;
    }

    protected TlsCredentialedSigner getDSASignerCredentials() throws IOException {
        return loadSignerCredentials((short) 2);
    }

    protected TlsCredentialedSigner getECDSASignerCredentials() throws IOException {
        return loadSignerCredentials((short) 3);
    }

    protected TlsCredentialedDecryptor getRSAEncryptionCredentials() throws IOException {
        return TlsTestUtils.loadEncryptionCredentials(this.context, new String[]{"x509-server-rsa-enc.pem", "x509-ca-rsa.pem"}, "x509-server-key-rsa-enc.pem");
    }

    protected TlsCredentialedSigner getRSASignerCredentials() throws IOException {
        return loadSignerCredentials((short) 1);
    }

    protected ProtocolVersion[] getSupportedVersions() {
        return this.config.serverSupportedVersions != null ? this.config.serverSupportedVersions : super.getSupportedVersions();
    }

    protected String hex(byte[] bArr) {
        return bArr == null ? "(null)" : Hex.toHexString(bArr);
    }

    private TlsCredentialedSigner loadSignerCredentials(short s) throws IOException {
        return TlsTestUtils.loadSignerCredentialsServer(this.context, getSupportedSignatureAlgorithms(), s);
    }
}
