package org.spongycastle.jsse.provider;

import java.io.UnsupportedEncodingException;
import java.security.Principal;
import java.security.PrivateKey;
import java.util.Hashtable;
import java.util.List;
import java.util.Set;
import java.util.Vector;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.net.ssl.X509KeyManager;
import javax.security.auth.x500.X500Principal;
import org.spongycastle.asn1.x500.X500Name;
import org.spongycastle.jsse.BCSNIServerName;
import org.spongycastle.tls.Certificate;
import org.spongycastle.tls.CertificateRequest;
import org.spongycastle.tls.CertificateStatusRequest;
import org.spongycastle.tls.DefaultTlsClient;
import org.spongycastle.tls.DefaultTlsKeyExchangeFactory;
import org.spongycastle.tls.ProtocolVersion;
import org.spongycastle.tls.ServerName;
import org.spongycastle.tls.ServerNameList;
import org.spongycastle.tls.TlsAuthentication;
import org.spongycastle.tls.TlsCredentials;
import org.spongycastle.tls.TlsExtensionsUtils;
import org.spongycastle.tls.TlsFatalAlert;
import org.spongycastle.tls.TlsServerCertificate;
import org.spongycastle.tls.TlsSession;
import org.spongycastle.tls.TlsUtils;
import org.spongycastle.tls.crypto.TlsCrypto;
import org.spongycastle.tls.crypto.TlsCryptoParameters;
import org.spongycastle.tls.crypto.impl.jcajce.JcaDefaultTlsCredentialedSigner;
import org.spongycastle.tls.crypto.impl.jcajce.JcaTlsCrypto;
import org.spongycastle.tls.crypto.impl.jcajce.JceDefaultTlsCredentialedAgreement;
import org.spongycastle.util.IPAddress;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: classes2.dex */
public class ProvTlsClient extends DefaultTlsClient implements ProvTlsPeer {
    private static Logger LOG = Logger.getLogger(ProvTlsClient.class.getName());
    private static final boolean provEnableSNIExtension = PropertyUtils.getBooleanSystemProperty("jsse.enableSNIExtension", true);
    protected boolean handshakeComplete;
    protected final ProvTlsManager manager;
    protected final ProvSSLParameters sslParameters;

    /* JADX INFO: Access modifiers changed from: package-private */
    public ProvTlsClient(ProvTlsManager provTlsManager) {
        super(provTlsManager.getContextData().getCrypto(), new DefaultTlsKeyExchangeFactory(), new ProvDHConfigVerifier());
        this.handshakeComplete = false;
        this.manager = provTlsManager;
        this.sslParameters = provTlsManager.getProvSSLParameters();
    }

    @Override // org.spongycastle.tls.TlsClient
    public TlsAuthentication getAuthentication() {
        return new TlsAuthentication() { // from class: org.spongycastle.jsse.provider.ProvTlsClient.1
            @Override // org.spongycastle.tls.TlsAuthentication
            public TlsCredentials getClientCredentials(CertificateRequest certificateRequest) {
                short[] certificateTypes;
                Principal[] principalArr;
                int keyExchangeAlgorithm = TlsUtils.getKeyExchangeAlgorithm(ProvTlsClient.this.selectedCipherSuite);
                switch (keyExchangeAlgorithm) {
                    case 1:
                    case 3:
                    case 5:
                    case 17:
                    case 19:
                        X509KeyManager keyManager = ProvTlsClient.this.manager.getContextData().getKeyManager();
                        if (keyManager == null || (certificateTypes = certificateRequest.getCertificateTypes()) == null || certificateTypes.length == 0) {
                            return null;
                        }
                        String[] strArr = new String[certificateTypes.length];
                        for (int i = 0; i < certificateTypes.length; i++) {
                            strArr[i] = JsseUtils.getAuthTypeClient(certificateTypes[i]);
                        }
                        Vector certificateAuthorities = certificateRequest.getCertificateAuthorities();
                        if (certificateAuthorities == null || certificateAuthorities.size() <= 0) {
                            principalArr = null;
                        } else {
                            Set<X500Principal> x500Principals = JsseUtils.toX500Principals((X500Name[]) certificateAuthorities.toArray(new X500Name[certificateAuthorities.size()]));
                            principalArr = (Principal[]) x500Principals.toArray(new Principal[x500Principals.size()]);
                        }
                        String chooseClientAlias = keyManager.chooseClientAlias(strArr, principalArr, null);
                        if (chooseClientAlias == null) {
                            return null;
                        }
                        TlsCrypto crypto = ProvTlsClient.this.getCrypto();
                        if (!(crypto instanceof JcaTlsCrypto)) {
                            throw new UnsupportedOperationException();
                        }
                        PrivateKey privateKey = keyManager.getPrivateKey(chooseClientAlias);
                        Certificate certificateMessage = JsseUtils.getCertificateMessage(crypto, keyManager.getCertificateChain(chooseClientAlias));
                        if (privateKey == null || certificateMessage.isEmpty()) {
                            return null;
                        }
                        switch (keyExchangeAlgorithm) {
                            case 1:
                            case 3:
                            case 5:
                            case 17:
                            case 19:
                                return new JcaDefaultTlsCredentialedSigner(new TlsCryptoParameters(ProvTlsClient.this.context), (JcaTlsCrypto) crypto, privateKey, certificateMessage, TlsUtils.chooseSignatureAndHashAlgorithm(ProvTlsClient.this.context, ProvTlsClient.this.supportedSignatureAlgorithms, TlsUtils.getSignatureAlgorithmClient(certificateMessage.getCertificateAt(0).getClientCertificateType())));
                            case 2:
                            case 4:
                            case 6:
                            case 8:
                            case 10:
                            case 11:
                            case 12:
                            case 13:
                            case 14:
                            case 15:
                            default:
                                throw new TlsFatalAlert((short) 80);
                            case 7:
                            case 9:
                            case 16:
                            case 18:
                                return new JceDefaultTlsCredentialedAgreement((JcaTlsCrypto) crypto, certificateMessage, privateKey);
                        }
                    case 2:
                    case 4:
                    case 6:
                    case 8:
                    case 10:
                    case 11:
                    case 12:
                    case 13:
                    case 14:
                    case 15:
                    default:
                        throw new TlsFatalAlert((short) 80);
                    case 7:
                    case 9:
                    case 16:
                    case 18:
                        return null;
                }
            }

            @Override // org.spongycastle.tls.TlsAuthentication
            public void notifyServerCertificate(TlsServerCertificate tlsServerCertificate) {
                if (tlsServerCertificate == null || tlsServerCertificate.getCertificate() == null || tlsServerCertificate.getCertificate().isEmpty()) {
                    throw new TlsFatalAlert((short) 40);
                }
                if (!ProvTlsClient.this.manager.isServerTrusted(JsseUtils.getX509CertificateChain(ProvTlsClient.this.manager.getContextData().getCrypto(), tlsServerCertificate.getCertificate()), JsseUtils.getAuthTypeServer(TlsUtils.getKeyExchangeAlgorithm(ProvTlsClient.this.selectedCipherSuite)))) {
                    throw new TlsFatalAlert((short) 42);
                }
            }
        };
    }

    @Override // org.spongycastle.tls.AbstractTlsClient
    protected CertificateStatusRequest getCertificateStatusRequest() {
        return null;
    }

    @Override // org.spongycastle.tls.DefaultTlsClient, org.spongycastle.tls.TlsClient
    public int[] getCipherSuites() {
        return TlsUtils.getSupportedCipherSuites(this.manager.getContextData().getCrypto(), this.manager.getContext().convertCipherSuites(this.sslParameters.getCipherSuites()));
    }

    @Override // org.spongycastle.tls.AbstractTlsClient, org.spongycastle.tls.TlsClient
    public Hashtable getClientExtensions() {
        Hashtable ensureExtensionsInitialised = TlsExtensionsUtils.ensureExtensionsInitialised(super.getClientExtensions());
        if (provEnableSNIExtension) {
            List<BCSNIServerName> serverNames = this.manager.getProvSSLParameters().getServerNames();
            if (serverNames == null) {
                String peerHost = this.manager.getPeerHost();
                if (peerHost != null && peerHost.indexOf(46) > 0 && !IPAddress.isValid(peerHost)) {
                    Vector vector = new Vector(1);
                    vector.addElement(new ServerName((short) 0, peerHost));
                    TlsExtensionsUtils.addServerNameExtension(ensureExtensionsInitialised, new ServerNameList(vector));
                }
            } else if (!serverNames.isEmpty()) {
                Vector vector2 = new Vector(serverNames.size());
                for (BCSNIServerName bCSNIServerName : serverNames) {
                    if (bCSNIServerName.getType() == 0) {
                        vector2.addElement(new ServerName((short) bCSNIServerName.getType(), new String(bCSNIServerName.getEncoded(), "ASCII")));
                    }
                }
                TlsExtensionsUtils.addServerNameExtension(ensureExtensionsInitialised, new ServerNameList(vector2));
            }
        }
        return ensureExtensionsInitialised;
    }

    @Override // org.spongycastle.tls.AbstractTlsClient, org.spongycastle.tls.TlsClient
    public ProtocolVersion getClientVersion() {
        return this.manager.getContext().getMaximumVersion(this.sslParameters.getProtocols());
    }

    @Override // org.spongycastle.tls.AbstractTlsClient, org.spongycastle.tls.TlsClient
    public short[] getCompressionMethods() {
        return this.manager.getContext().isFips() ? new short[]{0} : super.getCompressionMethods();
    }

    @Override // org.spongycastle.tls.AbstractTlsClient
    public ProtocolVersion getMinimumVersion() {
        return this.manager.getContext().getMinimumVersion(this.sslParameters.getProtocols());
    }

    @Override // org.spongycastle.tls.AbstractTlsClient
    protected Vector getSNIServerNames() {
        if (provEnableSNIExtension) {
            List<BCSNIServerName> serverNames = this.manager.getProvSSLParameters().getServerNames();
            if (serverNames == null) {
                String peerHost = this.manager.getPeerHost();
                if (peerHost != null && peerHost.indexOf(46) > 0 && !IPAddress.isValid(peerHost)) {
                    Vector vector = new Vector(1);
                    vector.addElement(new ServerName((short) 0, peerHost));
                    return vector;
                }
            } else {
                Vector vector2 = new Vector(serverNames.size());
                for (BCSNIServerName bCSNIServerName : serverNames) {
                    if (bCSNIServerName.getType() == 0) {
                        try {
                            vector2.addElement(new ServerName((short) bCSNIServerName.getType(), new String(bCSNIServerName.getEncoded(), "ASCII")));
                        } catch (UnsupportedEncodingException e) {
                            LOG.log(Level.WARNING, "Unable to include SNI server name", (Throwable) e);
                        }
                    }
                }
                if (!vector2.isEmpty()) {
                    return vector2;
                }
            }
        }
        return null;
    }

    @Override // org.spongycastle.tls.AbstractTlsClient, org.spongycastle.tls.TlsClient
    public TlsSession getSessionToResume() {
        return null;
    }

    @Override // org.spongycastle.tls.AbstractTlsClient
    protected Vector getSupportedSignatureAlgorithms() {
        return JsseUtils.getSupportedSignatureAlgorithms(getCrypto());
    }

    @Override // org.spongycastle.jsse.provider.ProvTlsPeer
    public synchronized boolean isHandshakeComplete() {
        return this.handshakeComplete;
    }

    @Override // org.spongycastle.tls.AbstractTlsPeer, org.spongycastle.tls.TlsPeer
    public void notifyAlertRaised(short s, short s2, String str, Throwable th) {
        super.notifyAlertRaised(s, s2, str, th);
        Level level = s == 1 ? Level.FINE : s2 == 80 ? Level.WARNING : Level.INFO;
        if (LOG.isLoggable(level)) {
            String alertLogMessage = JsseUtils.getAlertLogMessage("Client raised", s, s2);
            if (str != null) {
                alertLogMessage = alertLogMessage + ": " + str;
            }
            LOG.log(level, alertLogMessage, th);
        }
    }

    @Override // org.spongycastle.tls.AbstractTlsPeer, org.spongycastle.tls.TlsPeer
    public void notifyAlertReceived(short s, short s2) {
        super.notifyAlertReceived(s, s2);
        Level level = s == 1 ? Level.FINE : Level.INFO;
        if (LOG.isLoggable(level)) {
            LOG.log(level, JsseUtils.getAlertLogMessage("Client received", s, s2));
        }
    }

    @Override // org.spongycastle.tls.AbstractTlsPeer, org.spongycastle.tls.TlsPeer
    public synchronized void notifyHandshakeComplete() {
        this.handshakeComplete = true;
        this.manager.notifyHandshakeComplete(new ProvSSLConnection(this.context, this.manager.getContextData().getClientSessionContext().reportSession(this.context.getSession())));
    }

    @Override // org.spongycastle.tls.AbstractTlsClient, org.spongycastle.tls.TlsClient
    public void notifySelectedCipherSuite(int i) {
        this.manager.getContext().validateNegotiatedCipherSuite(i);
        super.notifySelectedCipherSuite(i);
        LOG.fine("Client notified of selected cipher suite: " + this.manager.getContext().getCipherSuiteString(i));
    }

    @Override // org.spongycastle.tls.AbstractTlsClient, org.spongycastle.tls.TlsClient
    public void notifyServerVersion(ProtocolVersion protocolVersion) {
        String protocolString = this.manager.getContext().getProtocolString(protocolVersion);
        if (protocolString != null) {
            for (String str : this.sslParameters.getProtocols()) {
                if (protocolString.equals(str)) {
                    LOG.fine("Client notified of selected protocol version: " + protocolString);
                    return;
                }
            }
        }
        throw new TlsFatalAlert((short) 70);
    }
}
