package org.eclipse.californium.scandium.dtls;

import java.net.InetSocketAddress;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.PublicKey;
import java.security.Signature;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Iterator;
import java.util.List;
import javax.security.auth.x500.X500Principal;
import org.eclipse.californium.scandium.dtls.SignatureAndHashAlgorithm;

/* loaded from: classes3.dex */
public final class CertificateRequest extends y {
    private static final org.slf4j.c LOGGER = org.slf4j.d.C(CertificateRequest.class.getName());
    private final List<ClientCertificateType> gjb;
    private final List<SignatureAndHashAlgorithm> gjc;
    private final List<X500Principal> gjd;
    private int gje;

    /* loaded from: classes3.dex */
    public enum ClientCertificateType {
        RSA_SIGN(1, "RSA", true),
        DSS_SIGN(2, "DSA", true),
        RSA_FIXED_DH(3, "DH", false),
        DSS_FIXED_DH(4, "DH", false),
        RSA_EPHEMERAL_DH_RESERVED(5, "DH", false),
        DSS_EPHEMERAL_DH_RESERVED(6, "DH", false),
        FORTEZZA_DMS_RESERVED(20, "UNKNOWN", false),
        ECDSA_SIGN(64, "EC", true),
        RSA_FIXED_ECDH(65, "DH", false),
        ECDSA_FIXED_ECDH(66, "DH", false);

        private final int code;
        private final String gjf;
        private final boolean gjg;

        ClientCertificateType(int i, String str, boolean z) {
            this.code = i;
            this.gjf = str;
            this.gjg = z;
        }

        public static ClientCertificateType getTypeByCode(int i) {
            for (ClientCertificateType clientCertificateType : values()) {
                if (clientCertificateType.code == i) {
                    return clientCertificateType;
                }
            }
            return null;
        }

        public int getCode() {
            return this.code;
        }

        public String getJcaAlgorithm() {
            return this.gjf;
        }

        public boolean isCompatibleWithKeyAlgorithm(String str) {
            return this.gjf.equals(str);
        }

        public boolean requiresSigningCapability() {
            return this.gjg;
        }
    }

    public CertificateRequest(InetSocketAddress inetSocketAddress) {
        super(inetSocketAddress);
        this.gjb = new ArrayList();
        this.gjc = new ArrayList();
        this.gjd = new ArrayList();
        this.gje = 0;
    }

    public CertificateRequest(List<ClientCertificateType> list, List<SignatureAndHashAlgorithm> list2, List<X500Principal> list3, InetSocketAddress inetSocketAddress) {
        super(inetSocketAddress);
        this.gjb = new ArrayList();
        this.gjc = new ArrayList();
        this.gjd = new ArrayList();
        this.gje = 0;
        if (list != null) {
            this.gjb.addAll(list);
        }
        if (list2 != null) {
            this.gjc.addAll(list2);
        }
        if (list3 != null) {
            aH(list3);
        }
    }

    private boolean aH(List<X500Principal> list) {
        Iterator<X500Principal> it = list.iterator();
        int i = 0;
        while (it.hasNext()) {
            if (!c(it.next())) {
                LOGGER.b("could add only {} of {} certificate authorities, max length exceeded", Integer.valueOf(i), Integer.valueOf(list.size()));
                return false;
            }
            i++;
        }
        return true;
    }

    public static y c(byte[] bArr, InetSocketAddress inetSocketAddress) {
        org.eclipse.californium.a.b.d dVar = new org.eclipse.californium.a.b.d(bArr);
        int lZ = dVar.lZ(8);
        ArrayList arrayList = new ArrayList();
        for (int i = 0; i < lZ; i++) {
            arrayList.add(ClientCertificateType.getTypeByCode(dVar.lZ(8)));
        }
        int lZ2 = dVar.lZ(16);
        ArrayList arrayList2 = new ArrayList();
        for (int i2 = 0; i2 < lZ2; i2 += 2) {
            arrayList2.add(new SignatureAndHashAlgorithm(SignatureAndHashAlgorithm.HashAlgorithm.getAlgorithmByCode(dVar.lZ(8)), SignatureAndHashAlgorithm.SignatureAlgorithm.getAlgorithmByCode(dVar.lZ(8))));
        }
        int lZ3 = dVar.lZ(16);
        ArrayList arrayList3 = new ArrayList();
        while (lZ3 > 0) {
            byte[] zi = dVar.zi(dVar.lZ(16));
            arrayList3.add(new X500Principal(zi));
            lZ3 -= zi.length + 2;
        }
        return new CertificateRequest(arrayList, arrayList2, arrayList3, inetSocketAddress);
    }

    public void a(ClientCertificateType clientCertificateType) {
        this.gjb.add(clientCertificateType);
    }

    public void a(SignatureAndHashAlgorithm signatureAndHashAlgorithm) {
        this.gjc.add(signatureAndHashAlgorithm);
    }

    boolean b(PublicKey publicKey) {
        Iterator<ClientCertificateType> it = this.gjb.iterator();
        while (it.hasNext()) {
            if (it.next().isCompatibleWithKeyAlgorithm(publicKey.getAlgorithm())) {
                return true;
            }
        }
        return false;
    }

    @Override // org.eclipse.californium.scandium.dtls.y
    public HandshakeType bJf() {
        return HandshakeType.CERTIFICATE_REQUEST;
    }

    @Override // org.eclipse.californium.scandium.dtls.y
    public int bJh() {
        return this.gjb.size() + 1 + 2 + (this.gjc.size() * 2) + 2 + this.gje;
    }

    @Override // org.eclipse.californium.scandium.dtls.y
    public byte[] bJj() {
        org.eclipse.californium.a.b.e eVar = new org.eclipse.californium.a.b.e();
        eVar.cp(this.gjb.size(), 8);
        Iterator<ClientCertificateType> it = this.gjb.iterator();
        while (it.hasNext()) {
            eVar.cp(it.next().getCode(), 8);
        }
        eVar.cp(this.gjc.size() * 2, 16);
        for (SignatureAndHashAlgorithm signatureAndHashAlgorithm : this.gjc) {
            eVar.cp(signatureAndHashAlgorithm.bLe().getCode(), 8);
            eVar.cp(signatureAndHashAlgorithm.bLd().getCode(), 8);
        }
        eVar.cp(this.gje, 16);
        Iterator<X500Principal> it2 = this.gjd.iterator();
        while (it2.hasNext()) {
            byte[] encoded = it2.next().getEncoded();
            eVar.cp(encoded.length, 16);
            eVar.writeBytes(encoded);
        }
        return eVar.toByteArray();
    }

    public SignatureAndHashAlgorithm c(PublicKey publicKey) {
        if (b(publicKey)) {
            return d(publicKey);
        }
        return null;
    }

    public boolean c(X500Principal x500Principal) {
        if (x500Principal == null) {
            throw new NullPointerException("authority must not be null");
        }
        int length = x500Principal.getEncoded().length + 2;
        if (this.gje + length > 65535) {
            return false;
        }
        this.gjd.add(x500Principal);
        this.gje += length;
        return true;
    }

    public boolean c(X509Certificate[] x509CertificateArr) {
        if (x509CertificateArr != null) {
            int i = 0;
            for (X509Certificate x509Certificate : x509CertificateArr) {
                if (!c(x509Certificate.getSubjectX500Principal())) {
                    LOGGER.b("could add only {} of {} certificate authorities, max length exceeded", Integer.valueOf(i), Integer.valueOf(x509CertificateArr.length));
                    return false;
                }
                i++;
            }
        }
        return true;
    }

    SignatureAndHashAlgorithm d(PublicKey publicKey) {
        for (SignatureAndHashAlgorithm signatureAndHashAlgorithm : this.gjc) {
            try {
                Signature.getInstance(signatureAndHashAlgorithm.bLf()).initVerify(publicKey);
                return signatureAndHashAlgorithm;
            } catch (InvalidKeyException | NoSuchAlgorithmException unused) {
            }
        }
        return null;
    }

    public SignatureAndHashAlgorithm d(X509Certificate[] x509CertificateArr) {
        if (e(x509CertificateArr) && d(x509CertificateArr[0])) {
            return d(x509CertificateArr[0].getPublicKey());
        }
        return null;
    }

    boolean d(X509Certificate x509Certificate) {
        for (ClientCertificateType clientCertificateType : this.gjb) {
            boolean isCompatibleWithKeyAlgorithm = clientCertificateType.isCompatibleWithKeyAlgorithm(x509Certificate.getPublicKey().getAlgorithm());
            boolean z = !clientCertificateType.requiresSigningCapability() || x509Certificate.getKeyUsage() == null || x509Certificate.getKeyUsage()[0];
            LOGGER.b("type: {}, isCompatibleWithKeyAlgorithm[{}]: {}, meetsSigningRequirements: {}", clientCertificateType, x509Certificate.getPublicKey().getAlgorithm(), Boolean.valueOf(isCompatibleWithKeyAlgorithm), Boolean.valueOf(z));
            if (isCompatibleWithKeyAlgorithm && z) {
                return true;
            }
        }
        LOGGER.b("certificate [{}] is not of any supported type", x509Certificate);
        return false;
    }

    boolean e(X509Certificate[] x509CertificateArr) {
        int i = 0;
        while (true) {
            boolean z = true;
            if (i >= x509CertificateArr.length) {
                LOGGER.debug("certificate chain is signed with supported algorithm(s)");
                return true;
            }
            X509Certificate x509Certificate = x509CertificateArr[i];
            Iterator<SignatureAndHashAlgorithm> it = this.gjc.iterator();
            while (true) {
                if (!it.hasNext()) {
                    z = false;
                    break;
                }
                if (it.next().bLf().equalsIgnoreCase(x509Certificate.getSigAlgName())) {
                    break;
                }
            }
            if (!z) {
                LOGGER.debug("certificate chain is NOT signed with supported algorithm(s)");
                return false;
            }
            i++;
        }
    }

    public X509Certificate[] f(X509Certificate[] x509CertificateArr) {
        if (x509CertificateArr == null) {
            throw new NullPointerException("certificate chain must not be null");
        }
        int i = 1;
        if (x509CertificateArr.length <= 1) {
            return (X509Certificate[]) Arrays.copyOf(x509CertificateArr, x509CertificateArr.length);
        }
        while (i < x509CertificateArr.length && !this.gjd.contains(x509CertificateArr[i].getSubjectX500Principal())) {
            i++;
        }
        return (X509Certificate[]) Arrays.copyOf(x509CertificateArr, i);
    }

    @Override // org.eclipse.californium.scandium.dtls.y
    public String toString() {
        StringBuilder sb = new StringBuilder(super.toString());
        if (!this.gjb.isEmpty()) {
            sb.append("\t\tClient certificate type:");
            sb.append(org.eclipse.californium.a.b.i.lineSeparator());
            for (ClientCertificateType clientCertificateType : this.gjb) {
                sb.append("\t\t\t");
                sb.append(clientCertificateType);
                sb.append(org.eclipse.californium.a.b.i.lineSeparator());
            }
        }
        if (!this.gjc.isEmpty()) {
            sb.append("\t\tSignature and hash algorithm:");
            sb.append(org.eclipse.californium.a.b.i.lineSeparator());
            for (SignatureAndHashAlgorithm signatureAndHashAlgorithm : this.gjc) {
                sb.append("\t\t\t");
                sb.append(signatureAndHashAlgorithm.bLf());
                sb.append(org.eclipse.californium.a.b.i.lineSeparator());
            }
        }
        if (!this.gjd.isEmpty()) {
            sb.append("\t\tCertificate authorities:");
            sb.append(org.eclipse.californium.a.b.i.lineSeparator());
            for (X500Principal x500Principal : this.gjd) {
                sb.append("\t\t\t");
                sb.append(x500Principal.getName());
                sb.append(org.eclipse.californium.a.b.i.lineSeparator());
            }
        }
        return sb.toString();
    }
}
