package net.luminis.tls.handshake;

import java.io.IOException;
import java.nio.ByteBuffer;
import java.security.PrivateKey;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.HashSet;
import java.util.List;
import java.util.Objects;
import java.util.Optional;
import java.util.Set;
import java.util.function.Function;
import java.util.stream.Collectors;
import java.util.stream.Stream;
import net.luminis.tls.ProtectionKeysType;
import net.luminis.tls.TlsConstants;
import net.luminis.tls.TlsProtocolException;
import net.luminis.tls.TlsState;
import net.luminis.tls.TranscriptHash;
import net.luminis.tls.alert.DecryptErrorAlert;
import net.luminis.tls.alert.HandshakeFailureAlert;
import net.luminis.tls.alert.IllegalParameterAlert;
import net.luminis.tls.alert.MissingExtensionAlert;
import net.luminis.tls.alert.UnexpectedMessageAlert;
import net.luminis.tls.extension.ClientHelloPreSharedKeyExtension;
import net.luminis.tls.extension.EarlyDataExtension;
import net.luminis.tls.extension.Extension;
import net.luminis.tls.extension.KeyShareExtension;
import net.luminis.tls.extension.PskKeyExchangeModesExtension;
import net.luminis.tls.extension.ServerPreSharedKeyExtension;
import net.luminis.tls.extension.SignatureAlgorithmsExtension;
import net.luminis.tls.extension.SupportedGroupsExtension;
import net.luminis.tls.extension.SupportedVersionsExtension;

/* loaded from: input_file:net/luminis/tls/handshake/TlsServerEngine.class */
public class TlsServerEngine extends TlsEngine implements ServerMessageProcessor {
    private final Set<TlsConstants.CipherSuite> supportedCiphers;
    private final ArrayList<Extension> extensions;
    private ServerMessageSender serverMessageSender;
    protected TlsStatusEventHandler statusHandler;
    private List<X509Certificate> serverCertificateChain;
    private PrivateKey certificatePrivateKey;
    private TranscriptHash transcriptHash;
    private TlsConstants.CipherSuite selectedCipher;
    private List<Extension> serverExtensions;
    private List<TlsConstants.PskKeyExchangeMode> clientSupportedKeyExchangeModes;
    private TlsSessionRegistry sessionRegistry;
    private byte currentTicketNumber;
    private String selectedApplicationLayerProtocol;
    private Long maxEarlyDataSize;
    private byte[] additionalSessionData;
    private Function<ByteBuffer, Boolean> sessionDataVerificationCallback;

    public TlsServerEngine(List<X509Certificate> list, PrivateKey privateKey, ServerMessageSender serverMessageSender, TlsStatusEventHandler tlsStatusEventHandler, TlsSessionRegistry tlsSessionRegistry) {
        this.currentTicketNumber = (byte) 0;
        this.maxEarlyDataSize = 4294967295L;
        this.serverCertificateChain = list;
        this.certificatePrivateKey = privateKey;
        this.serverMessageSender = serverMessageSender;
        this.statusHandler = tlsStatusEventHandler;
        this.supportedCiphers = new HashSet();
        this.supportedCiphers.add(TlsConstants.CipherSuite.TLS_AES_128_GCM_SHA256);
        this.extensions = new ArrayList<>();
        this.serverExtensions = new ArrayList();
        this.clientSupportedKeyExchangeModes = new ArrayList();
        this.sessionRegistry = tlsSessionRegistry;
    }

    public TlsServerEngine(X509Certificate x509Certificate, PrivateKey privateKey, ServerMessageSender serverMessageSender, TlsStatusEventHandler tlsStatusEventHandler, TlsSessionRegistry tlsSessionRegistry) {
        this((List<X509Certificate>) List.of(x509Certificate), privateKey, serverMessageSender, tlsStatusEventHandler, tlsSessionRegistry);
    }

    @Override // net.luminis.tls.handshake.MessageProcessor
    public void received(ClientHello clientHello, ProtectionKeysType protectionKeysType) throws TlsProtocolException, IOException {
        TlsSession useSession;
        this.selectedCipher = clientHello.getCipherSuites().stream().filter(cipherSuite -> {
            return this.supportedCiphers.contains(cipherSuite);
        }).findFirst().orElseThrow(() -> {
            return new HandshakeFailureAlert("Failed to negotiate a cipher (server only supports " + ((String) this.supportedCiphers.stream().map(cipherSuite2 -> {
                return cipherSuite2.toString();
            }).collect(Collectors.joining(", "))) + ")");
        });
        SupportedGroupsExtension supportedGroupsExtension = (SupportedGroupsExtension) clientHello.getExtensions().stream().filter(extension -> {
            return extension instanceof SupportedGroupsExtension;
        }).findFirst().orElseThrow(() -> {
            return new MissingExtensionAlert("supported groups extension is required in Client Hello");
        });
        List of = List.of(TlsConstants.NamedGroup.secp256r1, TlsConstants.NamedGroup.x25519);
        Stream<TlsConstants.NamedGroup> stream = supportedGroupsExtension.getNamedGroups().stream();
        Objects.requireNonNull(of);
        if (stream.filter((v1) -> {
            return r1.contains(v1);
        }).findFirst().isEmpty()) {
            throw new HandshakeFailureAlert(String.format("Failed to negotiate supported group (server only supports %s)", of));
        }
        KeyShareExtension.KeyShareEntry orElseThrow = ((KeyShareExtension) clientHello.getExtensions().stream().filter(extension2 -> {
            return extension2 instanceof KeyShareExtension;
        }).findFirst().orElseThrow(() -> {
            return new MissingExtensionAlert("key share extension is required in Client Hello");
        })).getKeyShareEntries().stream().filter(keyShareEntry -> {
            return of.contains(keyShareEntry.getNamedGroup());
        }).findFirst().orElseThrow(() -> {
            return new IllegalParameterAlert("key share named group not supported (and no HelloRetryRequest support)");
        });
        SignatureAlgorithmsExtension signatureAlgorithmsExtension = (SignatureAlgorithmsExtension) clientHello.getExtensions().stream().filter(extension3 -> {
            return extension3 instanceof SignatureAlgorithmsExtension;
        }).findFirst().orElseThrow(() -> {
            return new MissingExtensionAlert("signature algorithms extension is required in Client Hello");
        });
        clientHello.getExtensions().stream().filter(extension4 -> {
            return extension4 instanceof PskKeyExchangeModesExtension;
        }).findFirst().ifPresent(extension5 -> {
            this.clientSupportedKeyExchangeModes.addAll(((PskKeyExchangeModesExtension) extension5).getKeyExchangeModes());
        });
        if (!signatureAlgorithmsExtension.getSignatureAlgorithms().contains(TlsConstants.SignatureScheme.rsa_pss_rsae_sha256)) {
            throw new HandshakeFailureAlert("Failed to negotiate signature algorithm (server only supports rsa_pss_rsae_sha256");
        }
        Optional<Extension> findFirst = clientHello.getExtensions().stream().filter(extension6 -> {
            return extension6 instanceof ClientHelloPreSharedKeyExtension;
        }).findFirst();
        this.statusHandler.extensionsReceived(clientHello.getExtensions());
        boolean z = false;
        Integer num = null;
        if (findFirst.isPresent()) {
            if (this.clientSupportedKeyExchangeModes.isEmpty()) {
                throw new MissingExtensionAlert("psk_key_exchange_modes extension required with pre_shared_key");
            }
            if (this.clientSupportedKeyExchangeModes.contains(TlsConstants.PskKeyExchangeMode.psk_dhe_ke)) {
                ClientHelloPreSharedKeyExtension clientHelloPreSharedKeyExtension = (ClientHelloPreSharedKeyExtension) findFirst.get();
                num = this.sessionRegistry.selectIdentity(clientHelloPreSharedKeyExtension.getIdentities(), this.selectedCipher);
                if (num != null && isAcceptable(this.sessionRegistry.peekSessionData(clientHelloPreSharedKeyExtension.getIdentities().get(num.intValue()))) && (useSession = this.sessionRegistry.useSession(clientHelloPreSharedKeyExtension.getIdentities().get(num.intValue()))) != null) {
                    this.transcriptHash = new TranscriptHash(hashLength(this.selectedCipher));
                    this.state = new TlsState(this.transcriptHash, useSession.getPsk(), keyLength(this.selectedCipher), hashLength(this.selectedCipher));
                    if (!validateBinder(clientHelloPreSharedKeyExtension.getBinders().get(num.intValue()), clientHelloPreSharedKeyExtension.getBinderPosition(), clientHello)) {
                        this.state = null;
                        throw new DecryptErrorAlert("Invalid PSK binder");
                    }
                    if (clientHello.getExtensions().stream().filter(extension7 -> {
                        return extension7 instanceof EarlyDataExtension;
                    }).findAny().isPresent() && num.intValue() == 0 && this.selectedApplicationLayerProtocol != null && this.selectedApplicationLayerProtocol.equals(useSession.getApplicationLayerProtocol())) {
                        z = this.statusHandler.isEarlyDataAccepted();
                    }
                }
            }
        }
        if (this.state == null) {
            this.transcriptHash = new TranscriptHash(hashLength(this.selectedCipher));
            this.state = new TlsState(this.transcriptHash, keyLength(this.selectedCipher), hashLength(this.selectedCipher));
            num = null;
        }
        this.transcriptHash.record(clientHello);
        generateKeys(orElseThrow.getNamedGroup());
        this.state.setOwnKey(this.privateKey);
        this.state.computeEarlyTrafficSecret();
        this.statusHandler.earlySecretsKnown();
        List of2 = List.of(new SupportedVersionsExtension(TlsConstants.HandshakeType.server_hello), new KeyShareExtension(this.publicKey, orElseThrow.getNamedGroup(), TlsConstants.HandshakeType.server_hello));
        if (num != null) {
            of2 = new ArrayList(of2);
            of2.add(new ServerPreSharedKeyExtension(num.shortValue()));
        }
        ServerHello serverHello = new ServerHello(this.selectedCipher, of2);
        this.serverMessageSender.send(serverHello);
        this.transcriptHash.record(serverHello);
        this.state.setPeerKey(orElseThrow.getKey());
        this.state.computeSharedSecret();
        this.state.computeHandshakeSecrets();
        this.statusHandler.handshakeSecretsKnown();
        if (z) {
            this.serverExtensions.add(new EarlyDataExtension());
        }
        EncryptedExtensions encryptedExtensions = new EncryptedExtensions(this.serverExtensions);
        this.serverMessageSender.send(encryptedExtensions);
        this.transcriptHash.record(encryptedExtensions);
        if (num == null) {
            CertificateMessage certificateMessage = new CertificateMessage(this.serverCertificateChain);
            this.serverMessageSender.send(certificateMessage);
            this.transcriptHash.recordServer(certificateMessage);
            CertificateVerifyMessage certificateVerifyMessage = new CertificateVerifyMessage(TlsConstants.SignatureScheme.rsa_pss_rsae_sha256, computeSignature(this.transcriptHash.getServerHash(TlsConstants.HandshakeType.certificate), this.certificatePrivateKey, TlsConstants.SignatureScheme.rsa_pss_rsae_sha256, false));
            this.serverMessageSender.send(certificateVerifyMessage);
            this.transcriptHash.recordServer(certificateVerifyMessage);
        }
        FinishedMessage finishedMessage = new FinishedMessage(computeFinishedVerifyData(this.transcriptHash.getServerHash(TlsConstants.HandshakeType.certificate_verify), this.state.getServerHandshakeTrafficSecret()));
        this.serverMessageSender.send(finishedMessage);
        this.transcriptHash.recordServer(finishedMessage);
        this.state.computeApplicationSecrets();
    }

    private boolean isAcceptable(byte[] bArr) {
        if (this.sessionDataVerificationCallback == null || bArr == null) {
            return true;
        }
        return this.sessionDataVerificationCallback.apply(ByteBuffer.wrap(bArr)).booleanValue();
    }

    @Override // net.luminis.tls.handshake.MessageProcessor
    public void received(FinishedMessage finishedMessage, ProtectionKeysType protectionKeysType) throws TlsProtocolException, IOException {
        if (protectionKeysType != ProtectionKeysType.Handshake) {
            throw new UnexpectedMessageAlert("incorrect protection level");
        }
        this.transcriptHash.recordClient(finishedMessage);
        if (!Arrays.equals(finishedMessage.getVerifyData(), computeFinishedVerifyData(this.transcriptHash.getServerHash(TlsConstants.HandshakeType.finished), this.state.getClientHandshakeTrafficSecret()))) {
            throw new DecryptErrorAlert("incorrect finished message");
        }
        this.state.computeResumptionMasterSecret();
        this.statusHandler.handshakeFinished();
        if (this.sessionRegistry == null || !this.clientSupportedKeyExchangeModes.contains(TlsConstants.PskKeyExchangeMode.psk_dhe_ke)) {
            return;
        }
        TlsSessionRegistry tlsSessionRegistry = this.sessionRegistry;
        byte b = this.currentTicketNumber;
        this.currentTicketNumber = (byte) (b + 1);
        this.serverMessageSender.send(tlsSessionRegistry.createNewSessionTicketMessage(b, this.selectedCipher, this.state, this.selectedApplicationLayerProtocol, this.maxEarlyDataSize, this.additionalSessionData));
    }

    protected boolean validateBinder(ClientHelloPreSharedKeyExtension.PskBinderEntry pskBinderEntry, int i, ClientHello clientHello) {
        return Arrays.equals(pskBinderEntry.getHmac(), this.state.computePskBinder(Arrays.copyOfRange(clientHello.getBytes(), 0, clientHello.getPskExtensionStartPosition() + i)));
    }

    public void addSupportedCiphers(List<TlsConstants.CipherSuite> list) {
        this.supportedCiphers.addAll(list);
    }

    public void setServerMessageSender(ServerMessageSender serverMessageSender) {
        this.serverMessageSender = serverMessageSender;
    }

    public void setStatusHandler(TlsStatusEventHandler tlsStatusEventHandler) {
        this.statusHandler = tlsStatusEventHandler;
    }

    @Override // net.luminis.tls.handshake.TlsEngine
    public TlsConstants.CipherSuite getSelectedCipher() {
        return this.selectedCipher;
    }

    public List<Extension> getServerExtensions() {
        return this.serverExtensions;
    }

    public void addServerExtensions(Extension extension) {
        this.serverExtensions.add(extension);
    }

    public void setSelectedApplicationLayerProtocol(String str) {
        if (str == null) {
            throw new IllegalArgumentException();
        }
        this.selectedApplicationLayerProtocol = str;
    }

    public void setSessionData(byte[] bArr) {
        this.additionalSessionData = bArr;
    }

    public void setSessionDataVerificationCallback(Function<ByteBuffer, Boolean> function) {
        this.sessionDataVerificationCallback = function;
    }
}
