package org.bouncycastle.jsse.provider;

import java.io.IOException;
import java.security.Principal;
import java.security.cert.X509Certificate;
import java.util.Collections;
import java.util.Hashtable;
import java.util.Iterator;
import java.util.LinkedHashMap;
import java.util.List;
import java.util.Map;
import java.util.Vector;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.security.auth.x500.X500Principal;
import org.bouncycastle.asn1.x500.X500Name;
import org.bouncycastle.jsse.BCSNIHostName;
import org.bouncycastle.jsse.BCSNIServerName;
import org.bouncycastle.jsse.BCX509Key;
import org.bouncycastle.tls.AbstractTlsClient;
import org.bouncycastle.tls.CertificateRequest;
import org.bouncycastle.tls.CertificateStatusRequest;
import org.bouncycastle.tls.CertificateStatusRequestItemV2;
import org.bouncycastle.tls.DefaultTlsClient;
import org.bouncycastle.tls.OCSPStatusRequest;
import org.bouncycastle.tls.ProtocolName;
import org.bouncycastle.tls.ProtocolVersion;
import org.bouncycastle.tls.SecurityParameters;
import org.bouncycastle.tls.ServerName;
import org.bouncycastle.tls.SessionParameters;
import org.bouncycastle.tls.SignatureAlgorithm;
import org.bouncycastle.tls.SignatureAndHashAlgorithm;
import org.bouncycastle.tls.TlsAuthentication;
import org.bouncycastle.tls.TlsCredentials;
import org.bouncycastle.tls.TlsDHGroupVerifier;
import org.bouncycastle.tls.TlsExtensionsUtils;
import org.bouncycastle.tls.TlsFatalAlert;
import org.bouncycastle.tls.TlsServerCertificate;
import org.bouncycastle.tls.TlsSession;
import org.bouncycastle.tls.TlsUtils;
import org.bouncycastle.tls.TrustedAuthority;
import org.bouncycastle.tls.crypto.impl.jcajce.JcaTlsCrypto;
import org.bouncycastle.util.Arrays;
import org.bouncycastle.util.IPAddress;
import org.bouncycastle.util.encoders.Hex;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: classes6.dex */
public class d1 extends DefaultTlsClient implements g1 {

    /* renamed from: i, reason: collision with root package name */
    private static final Logger f81834i = Logger.getLogger(d1.class.getName());

    /* renamed from: j, reason: collision with root package name */
    private static final boolean f81835j = f0.b("jdk.tls.client.enableCAExtension", false);

    /* renamed from: k, reason: collision with root package name */
    private static final boolean f81836k = f0.b("org.bouncycastle.jsse.client.enableSessionResumption", true);

    /* renamed from: l, reason: collision with root package name */
    private static final boolean f81837l = f0.b("jdk.tls.client.enableStatusRequestExtension", true);

    /* renamed from: m, reason: collision with root package name */
    private static final boolean f81838m = f0.b("org.bouncycastle.jsse.client.enableTrustedCAKeysExtension", false);

    /* renamed from: n, reason: collision with root package name */
    private static final boolean f81839n = f0.b("jsse.enableSNIExtension", true);

    /* renamed from: d, reason: collision with root package name */
    protected final f1 f81840d;

    /* renamed from: e, reason: collision with root package name */
    protected final p0 f81841e;

    /* renamed from: f, reason: collision with root package name */
    protected final w f81842f;

    /* renamed from: g, reason: collision with root package name */
    protected s0 f81843g;

    /* renamed from: h, reason: collision with root package name */
    protected boolean f81844h;

    /* loaded from: classes6.dex */
    class a implements TlsAuthentication {
        a() {
        }

        @Override // org.bouncycastle.tls.TlsAuthentication
        public TlsCredentials getClientCredentials(CertificateRequest certificateRequest) throws IOException {
            d c2 = d1.this.f81840d.c();
            SecurityParameters securityParametersHandshake = ((AbstractTlsClient) d1.this).context.getSecurityParametersHandshake();
            ProtocolVersion negotiatedVersion = securityParametersHandshake.getNegotiatedVersion();
            boolean isTLSv13 = TlsUtils.isTLSv13(negotiatedVersion);
            Vector serverSigAlgs = securityParametersHandshake.getServerSigAlgs();
            Vector serverSigAlgsCert = securityParametersHandshake.getServerSigAlgsCert();
            d1.this.f81842f.f82115d = c2.g(serverSigAlgs);
            w wVar = d1.this.f81842f;
            wVar.f82116e = serverSigAlgs == serverSigAlgsCert ? wVar.f82115d : c2.g(serverSigAlgsCert);
            if (d1.f81834i.isLoggable(Level.FINEST)) {
                d1.f81834i.finest(y.I("Peer signature_algorithms", d1.this.f81842f.f82115d));
                w wVar2 = d1.this.f81842f;
                if (wVar2.f82116e != wVar2.f82115d) {
                    d1.f81834i.finest(y.I("Peer signature_algorithms_cert", d1.this.f81842f.f82116e));
                }
            }
            if (g.f81866a == c2.h()) {
                return null;
            }
            X500Principal[] a02 = y.a0(certificateRequest.getCertificateAuthorities());
            byte[] certificateRequestContext = certificateRequest.getCertificateRequestContext();
            if (isTLSv13 != (certificateRequestContext != null)) {
                throw new TlsFatalAlert((short) 80);
            }
            short[] certificateTypes = certificateRequest.getCertificateTypes();
            if (isTLSv13 == (certificateTypes == null)) {
                return isTLSv13 ? d1.this.j(a02, certificateRequestContext) : TlsUtils.isSignatureAlgorithmsExtensionAllowed(negotiatedVersion) ? d1.this.i(a02, certificateTypes) : d1.this.k(a02, certificateTypes);
            }
            throw new TlsFatalAlert((short) 80);
        }

        @Override // org.bouncycastle.tls.TlsAuthentication
        public void notifyServerCertificate(TlsServerCertificate tlsServerCertificate) throws IOException {
            if (tlsServerCertificate == null || tlsServerCertificate.getCertificate() == null || tlsServerCertificate.getCertificate().isEmpty()) {
                throw new TlsFatalAlert((short) 40);
            }
            X509Certificate[] O = y.O(d1.this.getCrypto(), tlsServerCertificate.getCertificate());
            String r2 = y.r(((AbstractTlsClient) d1.this).context.getSecurityParametersHandshake().getKeyExchangeAlgorithm());
            d1.this.f81842f.f82117f = y.K(tlsServerCertificate.getCertificateStatus());
            d1.this.f81840d.checkServerTrusted(O, r2);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public d1(f1 f1Var, p0 p0Var) {
        super(f1Var.c().d());
        this.f81842f = new w();
        this.f81843g = null;
        this.f81844h = false;
        this.f81840d = f1Var;
        this.f81841e = p0Var.b();
    }

    private void h(LinkedHashMap<String, t1> linkedHashMap, String str) {
        for (Map.Entry<String, t1> entry : linkedHashMap.entrySet()) {
            String key = entry.getKey();
            if (key.equals(str)) {
                return;
            }
            Logger logger = f81834i;
            if (logger.isLoggable(Level.FINER)) {
                logger.finer("Client found no credentials for signature scheme '" + entry.getValue() + "' (keyType '" + key + "')");
            }
        }
    }

    @Override // org.bouncycastle.jsse.provider.g1
    public synchronized boolean a() {
        return this.f81844h;
    }

    @Override // org.bouncycastle.tls.AbstractTlsPeer, org.bouncycastle.tls.TlsPeer
    public boolean allowLegacyResumption() {
        return y.b();
    }

    @Override // org.bouncycastle.tls.AbstractTlsPeer, org.bouncycastle.tls.TlsPeer
    /* renamed from: e, reason: merged with bridge method [inline-methods] */
    public JcaTlsCrypto getCrypto() {
        return this.f81840d.c().d();
    }

    protected String[] f(short[] sArr) throws IOException {
        String[] strArr = new String[sArr.length];
        for (int i2 = 0; i2 < sArr.length; i2++) {
            strArr[i2] = y.y(sArr[i2]);
        }
        return strArr;
    }

    protected SessionParameters g(s0 s0Var, TlsSession tlsSession) {
        SessionParameters exportSessionParameters;
        if (tlsSession == null || !tlsSession.isResumable() || (exportSessionParameters = tlsSession.exportSessionParameters()) == null || !ProtocolVersion.contains(getProtocolVersions(), exportSessionParameters.getNegotiatedVersion()) || !Arrays.contains(getCipherSuites(), exportSessionParameters.getCipherSuite()) || TlsUtils.isTLSv13(exportSessionParameters.getNegotiatedVersion())) {
            return null;
        }
        String h2 = this.f81841e.h();
        if (h2 != null) {
            String a2 = s0Var.m().a();
            if (!h2.equalsIgnoreCase(a2)) {
                f81834i.finer("Session not resumable - endpoint ID algorithm mismatch; connection: " + h2 + ", session: " + a2);
                return null;
            }
        }
        return exportSessionParameters;
    }

    @Override // org.bouncycastle.tls.TlsClient
    public TlsAuthentication getAuthentication() throws IOException {
        return new a();
    }

    @Override // org.bouncycastle.tls.AbstractTlsClient
    protected Vector<X500Name> getCertificateAuthorities() {
        if (f81835j) {
            return y.s(this.f81840d.c().i());
        }
        return null;
    }

    @Override // org.bouncycastle.tls.AbstractTlsClient
    protected CertificateStatusRequest getCertificateStatusRequest() {
        if (f81837l) {
            return new CertificateStatusRequest((short) 1, new OCSPStatusRequest(null, null));
        }
        return null;
    }

    @Override // org.bouncycastle.tls.AbstractTlsClient, org.bouncycastle.tls.TlsClient
    public TlsDHGroupVerifier getDHGroupVerifier() {
        return new j0();
    }

    @Override // org.bouncycastle.tls.AbstractTlsPeer, org.bouncycastle.tls.TlsPeer
    public int getMaxCertificateChainLength() {
        return y.A();
    }

    @Override // org.bouncycastle.tls.AbstractTlsPeer, org.bouncycastle.tls.TlsPeer
    public int getMaxHandshakeMessageSize() {
        return y.B();
    }

    @Override // org.bouncycastle.tls.AbstractTlsClient
    protected Vector<CertificateStatusRequestItemV2> getMultiCertStatusRequest() {
        if (!f81837l) {
            return null;
        }
        OCSPStatusRequest oCSPStatusRequest = new OCSPStatusRequest(null, null);
        Vector<CertificateStatusRequestItemV2> vector = new Vector<>(2);
        vector.add(new CertificateStatusRequestItemV2((short) 2, oCSPStatusRequest));
        vector.add(new CertificateStatusRequestItemV2((short) 1, oCSPStatusRequest));
        return vector;
    }

    @Override // org.bouncycastle.tls.AbstractTlsClient
    protected Vector<ProtocolName> getProtocolNames() {
        return y.F(this.f81841e.e());
    }

    @Override // org.bouncycastle.tls.AbstractTlsClient
    protected Vector<ServerName> getSNIServerNames() {
        String g2;
        if (!f81839n) {
            return null;
        }
        List<BCSNIServerName> n2 = this.f81841e.n();
        if (n2 == null && (g2 = this.f81840d.g()) != null && g2.indexOf(46) > 0 && !IPAddress.isValid(g2)) {
            try {
                n2 = Collections.singletonList(new BCSNIHostName(g2));
            } catch (RuntimeException unused) {
                f81834i.fine("Failed to add peer host as default SNI host_name: " + g2);
            }
        }
        if (n2 == null || n2.isEmpty()) {
            return null;
        }
        Vector<ServerName> vector = new Vector<>(n2.size());
        for (BCSNIServerName bCSNIServerName : n2) {
            vector.add(new ServerName((short) bCSNIServerName.getType(), bCSNIServerName.getEncoded()));
        }
        return vector;
    }

    @Override // org.bouncycastle.tls.AbstractTlsClient, org.bouncycastle.tls.TlsClient
    public TlsSession getSessionToResume() {
        TlsSession n2;
        SessionParameters g2;
        if (f81836k) {
            s0 o2 = this.f81841e.o();
            if (o2 == null) {
                o2 = this.f81840d.c().b().g(this.f81840d.getPeerHost(), this.f81840d.getPeerPort());
            }
            if (o2 != null && (g2 = g(o2, (n2 = o2.n()))) != null) {
                this.f81843g = o2;
                if (!this.f81840d.getEnableSessionCreation()) {
                    this.cipherSuites = new int[]{g2.getCipherSuite()};
                }
                return n2;
            }
        }
        y.c(this.f81840d);
        return null;
    }

    @Override // org.bouncycastle.tls.DefaultTlsClient, org.bouncycastle.tls.AbstractTlsPeer
    protected int[] getSupportedCipherSuites() {
        return this.f81840d.c().c().j(getCrypto(), this.f81841e, getProtocolVersions());
    }

    @Override // org.bouncycastle.tls.AbstractTlsClient
    protected Vector<Integer> getSupportedGroups(Vector vector) {
        return d0.t(this.f81842f.f82112a);
    }

    @Override // org.bouncycastle.tls.AbstractTlsClient
    protected Vector<SignatureAndHashAlgorithm> getSupportedSignatureAlgorithms() {
        List<t1> a2 = this.f81840d.c().a(false, this.f81841e, getProtocolVersions(), this.f81842f.f82112a);
        w wVar = this.f81842f;
        wVar.f82113b = a2;
        wVar.f82114c = a2;
        return t1.p(a2);
    }

    @Override // org.bouncycastle.tls.AbstractTlsClient
    protected Vector<SignatureAndHashAlgorithm> getSupportedSignatureAlgorithmsCert() {
        return null;
    }

    @Override // org.bouncycastle.tls.AbstractTlsPeer
    protected ProtocolVersion[] getSupportedVersions() {
        return this.f81840d.c().c().k(this.f81841e);
    }

    @Override // org.bouncycastle.tls.AbstractTlsClient
    protected Vector<TrustedAuthority> getTrustedCAIndication() {
        Vector<X500Name> s2;
        if (!f81838m || (s2 = y.s(this.f81840d.c().i())) == null) {
            return null;
        }
        Vector<TrustedAuthority> vector = new Vector<>(s2.size());
        Iterator<X500Name> it = s2.iterator();
        while (it.hasNext()) {
            vector.add(new TrustedAuthority((short) 2, it.next()));
        }
        return vector;
    }

    protected TlsCredentials i(Principal[] principalArr, short[] sArr) throws IOException {
        Logger logger;
        String str;
        short clientCertificateType;
        LinkedHashMap<String, t1> linkedHashMap = new LinkedHashMap<>();
        for (t1 t1Var : this.f81842f.f82115d) {
            String k2 = t1Var.k();
            if (!linkedHashMap.containsKey(k2) && (clientCertificateType = SignatureAlgorithm.getClientCertificateType(t1Var.m())) >= 0 && Arrays.contains(sArr, clientCertificateType) && this.f81842f.f82113b.contains(t1Var)) {
                linkedHashMap.put(k2, t1Var);
            }
        }
        if (linkedHashMap.isEmpty()) {
            logger = f81834i;
            str = "Client (1.2) found no usable signature schemes";
        } else {
            BCX509Key d2 = this.f81840d.d((String[]) linkedHashMap.keySet().toArray(TlsUtils.EMPTY_STRINGS), principalArr);
            if (d2 != null) {
                String keyType = d2.getKeyType();
                h(linkedHashMap, keyType);
                t1 t1Var2 = linkedHashMap.get(keyType);
                if (t1Var2 == null) {
                    throw new TlsFatalAlert((short) 80, "Key manager returned invalid key type");
                }
                Logger logger2 = f81834i;
                if (logger2.isLoggable(Level.FINE)) {
                    logger2.fine("Client (1.2) selected credentials for signature scheme '" + t1Var2 + "' (keyType '" + keyType + "'), with private key algorithm '" + y.D(d2.getPrivateKey()) + "'");
                }
                return y.k(this.context, getCrypto(), d2, t1Var2.n());
            }
            h(linkedHashMap, null);
            logger = f81834i;
            str = "Client (1.2) did not select any credentials";
        }
        logger.fine(str);
        return null;
    }

    protected TlsCredentials j(Principal[] principalArr, byte[] bArr) throws IOException {
        Logger logger;
        String str;
        LinkedHashMap<String, t1> linkedHashMap = new LinkedHashMap<>();
        for (t1 t1Var : this.f81842f.f82115d) {
            if (t1Var.A() && this.f81842f.f82113b.contains(t1Var)) {
                String l2 = t1Var.l();
                if (!linkedHashMap.containsKey(l2)) {
                    linkedHashMap.put(l2, t1Var);
                }
            }
        }
        if (linkedHashMap.isEmpty()) {
            logger = f81834i;
            str = "Client (1.3) found no usable signature schemes";
        } else {
            BCX509Key d2 = this.f81840d.d((String[]) linkedHashMap.keySet().toArray(TlsUtils.EMPTY_STRINGS), principalArr);
            if (d2 != null) {
                String keyType = d2.getKeyType();
                h(linkedHashMap, keyType);
                t1 t1Var2 = linkedHashMap.get(keyType);
                if (t1Var2 == null) {
                    throw new TlsFatalAlert((short) 80, "Key manager returned invalid key type");
                }
                Logger logger2 = f81834i;
                if (logger2.isLoggable(Level.FINE)) {
                    logger2.fine("Client (1.3) selected credentials for signature scheme '" + t1Var2 + "' (keyType '" + keyType + "'), with private key algorithm '" + y.D(d2.getPrivateKey()) + "'");
                }
                return y.l(this.context, getCrypto(), d2, t1Var2.n(), bArr);
            }
            h(linkedHashMap, null);
            logger = f81834i;
            str = "Client (1.3) did not select any credentials";
        }
        logger.fine(str);
        return null;
    }

    protected TlsCredentials k(Principal[] principalArr, short[] sArr) throws IOException {
        BCX509Key d2;
        String[] f2 = f(sArr);
        if (f2.length >= 1 && (d2 = this.f81840d.d(f2, principalArr)) != null) {
            return y.k(this.context, getCrypto(), d2, null);
        }
        return null;
    }

    @Override // org.bouncycastle.tls.AbstractTlsPeer, org.bouncycastle.tls.TlsPeer
    public void notifyAlertRaised(short s2, short s3, String str, Throwable th) {
        super.notifyAlertRaised(s2, s3, str, th);
        Level level = s2 == 1 ? Level.FINE : s3 == 80 ? Level.WARNING : Level.INFO;
        Logger logger = f81834i;
        if (logger.isLoggable(level)) {
            String o2 = y.o("Client raised", s2, s3);
            if (str != null) {
                o2 = o2 + ": " + str;
            }
            logger.log(level, o2, th);
        }
    }

    @Override // org.bouncycastle.tls.AbstractTlsPeer, org.bouncycastle.tls.TlsPeer
    public void notifyAlertReceived(short s2, short s3) {
        super.notifyAlertReceived(s2, s3);
        Level level = s2 == 1 ? Level.FINE : Level.INFO;
        Logger logger = f81834i;
        if (logger.isLoggable(level)) {
            logger.log(level, y.o("Client received", s2, s3));
        }
    }

    @Override // org.bouncycastle.tls.AbstractTlsClient, org.bouncycastle.tls.AbstractTlsPeer, org.bouncycastle.tls.TlsPeer
    public void notifyHandshakeBeginning() throws IOException {
        super.notifyHandshakeBeginning();
        d c2 = this.f81840d.c();
        ProtocolVersion[] protocolVersions = getProtocolVersions();
        this.f81842f.f82112a = c2.e(this.f81841e, protocolVersions);
    }

    @Override // org.bouncycastle.tls.AbstractTlsPeer, org.bouncycastle.tls.TlsPeer
    public synchronized void notifyHandshakeComplete() throws IOException {
        super.notifyHandshakeComplete();
        boolean z2 = true;
        this.f81844h = true;
        TlsSession session = this.context.getSession();
        s0 s0Var = this.f81843g;
        if (s0Var == null || s0Var.n() != session) {
            u0 b2 = this.f81840d.c().b();
            String peerHost = this.f81840d.getPeerHost();
            int peerPort = this.f81840d.getPeerPort();
            x xVar = new x(this.f81841e.h(), null);
            if (!f81836k || TlsUtils.isTLSv13(this.context)) {
                z2 = false;
            }
            this.f81843g = b2.v(peerHost, peerPort, session, xVar, z2);
        }
        this.f81840d.a(new l0(this.context, this.f81843g));
    }

    @Override // org.bouncycastle.tls.AbstractTlsPeer, org.bouncycastle.tls.TlsPeer
    public void notifySecureRenegotiation(boolean z2) throws IOException {
        if (!z2 && !f0.b("sun.security.ssl.allowLegacyHelloMessages", true)) {
            throw new TlsFatalAlert((short) 40);
        }
    }

    @Override // org.bouncycastle.tls.AbstractTlsClient, org.bouncycastle.tls.TlsClient
    public void notifySelectedCipherSuite(int i2) {
        String P = this.f81840d.c().c().P(this.f81841e, i2);
        f81834i.fine("Client notified of selected cipher suite: " + P);
        super.notifySelectedCipherSuite(i2);
    }

    @Override // org.bouncycastle.tls.AbstractTlsClient, org.bouncycastle.tls.TlsClient
    public void notifyServerVersion(ProtocolVersion protocolVersion) throws IOException {
        String Q = this.f81840d.c().c().Q(this.f81841e, protocolVersion);
        f81834i.fine("Client notified of selected protocol version: " + Q);
        super.notifyServerVersion(protocolVersion);
    }

    @Override // org.bouncycastle.tls.AbstractTlsClient, org.bouncycastle.tls.TlsClient
    public void notifySessionID(byte[] bArr) {
        s0 s0Var;
        if ((TlsUtils.isNullOrEmpty(bArr) || (s0Var = this.f81843g) == null || !Arrays.areEqual(bArr, s0Var.getId())) ? false : true) {
            f81834i.fine("Server resumed session: " + Hex.toHexString(bArr));
        } else {
            this.f81843g = null;
            if (TlsUtils.isNullOrEmpty(bArr)) {
                f81834i.fine("Server did not specify a session ID");
            } else {
                f81834i.fine("Server specified new session: " + Hex.toHexString(bArr));
            }
            y.c(this.f81840d);
        }
        f1 f1Var = this.f81840d;
        f1Var.e(f1Var.c().b(), this.context.getSecurityParametersHandshake(), this.f81842f, this.f81843g);
    }

    @Override // org.bouncycastle.tls.AbstractTlsClient, org.bouncycastle.tls.TlsClient
    public void notifySessionToResume(TlsSession tlsSession) {
        if (tlsSession == null) {
            y.c(this.f81840d);
        }
        super.notifySessionToResume(tlsSession);
    }

    @Override // org.bouncycastle.tls.AbstractTlsClient, org.bouncycastle.tls.TlsClient
    public void processServerExtensions(Hashtable hashtable) throws IOException {
        super.processServerExtensions(hashtable);
        if (this.context.getSecurityParametersHandshake().getClientServerNames() != null) {
            boolean hasServerNameExtensionServer = TlsExtensionsUtils.hasServerNameExtensionServer(hashtable);
            f81834i.finer("Server accepted SNI?: " + hasServerNameExtensionServer);
        }
    }

    @Override // org.bouncycastle.tls.AbstractTlsPeer, org.bouncycastle.tls.TlsPeer
    public boolean requiresCloseNotify() {
        return y.U();
    }

    @Override // org.bouncycastle.tls.AbstractTlsPeer, org.bouncycastle.tls.TlsPeer
    public boolean requiresExtendedMasterSecret() {
        return !y.a();
    }

    @Override // org.bouncycastle.tls.AbstractTlsPeer, org.bouncycastle.tls.TlsPeer
    public boolean shouldUseExtendedMasterSecret() {
        return y.b0();
    }
}
