package org.openjsse.sun.security.ssl;

import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.cert.X509Certificate;
import java.security.interfaces.ECKey;
import java.security.interfaces.ECPublicKey;
import java.security.spec.ECParameterSpec;
import java.util.AbstractMap;
import java.util.Map;
import javax.net.ssl.SSLSocket;
import javax.net.ssl.X509ExtendedKeyManager;
import org.openjsse.javax.net.ssl.SSLEngine;
import org.openjsse.sun.security.ssl.SSLHandshakeBinding;
import org.openjsse.sun.security.ssl.SSLPossession;
import org.openjsse.sun.security.ssl.SupportedGroupsExtension;

/* JADX INFO: Access modifiers changed from: package-private */
/* JADX WARN: Enum visitor error
jadx.core.utils.exceptions.JadxRuntimeException: Init of enum field 'RSA' uses external variables
	at jadx.core.dex.visitors.EnumVisitor.createEnumFieldByConstructor(EnumVisitor.java:451)
	at jadx.core.dex.visitors.EnumVisitor.processEnumFieldByRegister(EnumVisitor.java:395)
	at jadx.core.dex.visitors.EnumVisitor.extractEnumFieldsFromFilledArray(EnumVisitor.java:324)
	at jadx.core.dex.visitors.EnumVisitor.extractEnumFieldsFromInsn(EnumVisitor.java:262)
	at jadx.core.dex.visitors.EnumVisitor.convertToEnum(EnumVisitor.java:151)
	at jadx.core.dex.visitors.EnumVisitor.visit(EnumVisitor.java:100)
 */
/* JADX WARN: Failed to restore enum class, 'enum' modifier and super class removed */
/* loaded from: classes3.dex */
public final class X509Authentication implements SSLAuthentication {
    private static final /* synthetic */ X509Authentication[] $VALUES;
    public static final X509Authentication DSA;
    public static final X509Authentication EC;
    public static final X509Authentication RSA;
    public static final X509Authentication RSASSA_PSS;
    public static final X509Authentication RSA_OR_PSS;
    final String keyType;
    final SSLPossessionGenerator possessionGenerator;

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: classes3.dex */
    public static final class X509Credentials implements SSLCredentials {
        final X509Certificate[] popCerts;
        final PublicKey popPublicKey;

        /* JADX INFO: Access modifiers changed from: package-private */
        public X509Credentials(PublicKey publicKey, X509Certificate[] x509CertificateArr) {
            this.popCerts = x509CertificateArr;
            this.popPublicKey = publicKey;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: classes3.dex */
    public static final class X509Possession implements SSLPossession {
        final X509Certificate[] popCerts;
        final PrivateKey popPrivateKey;

        /* JADX INFO: Access modifiers changed from: package-private */
        public X509Possession(PrivateKey privateKey, X509Certificate[] x509CertificateArr) {
            this.popCerts = x509CertificateArr;
            this.popPrivateKey = privateKey;
        }

        @Override // org.openjsse.sun.security.ssl.SSLPossession
        public /* synthetic */ byte[] encode() {
            return SSLPossession.CC.$default$encode(this);
        }

        /* JADX INFO: Access modifiers changed from: package-private */
        public ECParameterSpec getECParameterSpec() {
            PrivateKey privateKey = this.popPrivateKey;
            if (privateKey != null && "EC".equals(privateKey.getAlgorithm())) {
                PrivateKey privateKey2 = this.popPrivateKey;
                if (privateKey2 instanceof ECKey) {
                    return ((ECKey) privateKey2).getParams();
                }
                X509Certificate[] x509CertificateArr = this.popCerts;
                if (x509CertificateArr != null && x509CertificateArr.length != 0) {
                    PublicKey publicKey = x509CertificateArr[0].getPublicKey();
                    if (publicKey instanceof ECKey) {
                        return ((ECKey) publicKey).getParams();
                    }
                }
            }
            return null;
        }
    }

    /* loaded from: classes3.dex */
    private static final class X509PossessionGenerator implements SSLPossessionGenerator {
        private final String[] keyTypes;

        private X509PossessionGenerator(String[] strArr) {
            this.keyTypes = strArr;
        }

        private SSLPossession createClientPossession(ClientHandshakeContext clientHandshakeContext, String str) {
            X509ExtendedKeyManager x509KeyManager = clientHandshakeContext.sslContext.getX509KeyManager();
            String chooseClientAlias = clientHandshakeContext.conContext.transport instanceof SSLSocketImpl ? x509KeyManager.chooseClientAlias(new String[]{str}, clientHandshakeContext.peerSupportedAuthorities, (SSLSocket) clientHandshakeContext.conContext.transport) : clientHandshakeContext.conContext.transport instanceof SSLEngineImpl ? x509KeyManager.chooseEngineClientAlias(new String[]{str}, clientHandshakeContext.peerSupportedAuthorities, (SSLEngine) clientHandshakeContext.conContext.transport) : null;
            if (chooseClientAlias == null) {
                if (SSLLogger.isOn && SSLLogger.isOn("ssl")) {
                    SSLLogger.finest("No X.509 cert selected for " + str, new Object[0]);
                }
                return null;
            }
            PrivateKey privateKey = x509KeyManager.getPrivateKey(chooseClientAlias);
            if (privateKey == null) {
                if (SSLLogger.isOn && SSLLogger.isOn("ssl")) {
                    SSLLogger.finest(chooseClientAlias + " is not a private key entry", new Object[0]);
                }
                return null;
            }
            X509Certificate[] certificateChain = x509KeyManager.getCertificateChain(chooseClientAlias);
            if (certificateChain == null || certificateChain.length == 0) {
                if (SSLLogger.isOn && SSLLogger.isOn("ssl")) {
                    SSLLogger.finest(chooseClientAlias + " is a private key entry with no cert chain stored", new Object[0]);
                }
                return null;
            }
            PublicKey publicKey = certificateChain[0].getPublicKey();
            if (privateKey.getAlgorithm().equals(str) && publicKey.getAlgorithm().equals(str)) {
                return new X509Possession(privateKey, certificateChain);
            }
            if (SSLLogger.isOn && SSLLogger.isOn("ssl")) {
                SSLLogger.fine(chooseClientAlias + " private or public key is not of " + str + " algorithm", new Object[0]);
            }
            return null;
        }

        private SSLPossession createServerPossession(ServerHandshakeContext serverHandshakeContext, String str) {
            X509ExtendedKeyManager x509KeyManager = serverHandshakeContext.sslContext.getX509KeyManager();
            String chooseServerAlias = serverHandshakeContext.conContext.transport instanceof SSLSocketImpl ? x509KeyManager.chooseServerAlias(str, null, (SSLSocket) serverHandshakeContext.conContext.transport) : serverHandshakeContext.conContext.transport instanceof SSLEngineImpl ? x509KeyManager.chooseEngineServerAlias(str, null, (SSLEngine) serverHandshakeContext.conContext.transport) : null;
            if (chooseServerAlias == null) {
                if (SSLLogger.isOn && SSLLogger.isOn("ssl")) {
                    SSLLogger.finest("No X.509 cert selected for " + str, new Object[0]);
                }
                return null;
            }
            PrivateKey privateKey = x509KeyManager.getPrivateKey(chooseServerAlias);
            if (privateKey == null) {
                if (SSLLogger.isOn && SSLLogger.isOn("ssl")) {
                    SSLLogger.finest(chooseServerAlias + " is not a private key entry", new Object[0]);
                }
                return null;
            }
            X509Certificate[] certificateChain = x509KeyManager.getCertificateChain(chooseServerAlias);
            if (certificateChain == null || certificateChain.length == 0) {
                if (SSLLogger.isOn && SSLLogger.isOn("ssl")) {
                    SSLLogger.finest(chooseServerAlias + " is not a certificate entry", new Object[0]);
                }
                return null;
            }
            PublicKey publicKey = certificateChain[0].getPublicKey();
            if (!privateKey.getAlgorithm().equals(str) || !publicKey.getAlgorithm().equals(str)) {
                if (SSLLogger.isOn && SSLLogger.isOn("ssl")) {
                    SSLLogger.fine(chooseServerAlias + " private or public key is not of " + str + " algorithm", new Object[0]);
                }
                return null;
            }
            if (str.equals("EC")) {
                if (!(publicKey instanceof ECPublicKey)) {
                    if (SSLLogger.isOn && SSLLogger.isOn("ssl")) {
                        SSLLogger.warning(chooseServerAlias + " public key is not an instance of ECPublicKey", new Object[0]);
                    }
                    return null;
                }
                SupportedGroupsExtension.NamedGroup valueOf = SupportedGroupsExtension.NamedGroup.valueOf(((ECPublicKey) publicKey).getParams());
                if (valueOf == null || !SupportedGroupsExtension.SupportedGroups.isSupported(valueOf) || (serverHandshakeContext.clientRequestedNamedGroups != null && !serverHandshakeContext.clientRequestedNamedGroups.contains(valueOf))) {
                    if (SSLLogger.isOn && SSLLogger.isOn("ssl")) {
                        SSLLogger.warning("Unsupported named group (" + valueOf + ") used in the " + chooseServerAlias + " certificate", new Object[0]);
                    }
                    return null;
                }
            }
            return new X509Possession(privateKey, certificateChain);
        }

        @Override // org.openjsse.sun.security.ssl.SSLPossessionGenerator
        public SSLPossession createPossession(HandshakeContext handshakeContext) {
            int i = 0;
            if (handshakeContext.sslConfig.isClientMode) {
                String[] strArr = this.keyTypes;
                int length = strArr.length;
                while (i < length) {
                    SSLPossession createClientPossession = createClientPossession((ClientHandshakeContext) handshakeContext, strArr[i]);
                    if (createClientPossession != null) {
                        return createClientPossession;
                    }
                    i++;
                }
                return null;
            }
            String[] strArr2 = this.keyTypes;
            int length2 = strArr2.length;
            while (i < length2) {
                SSLPossession createServerPossession = createServerPossession((ServerHandshakeContext) handshakeContext, strArr2[i]);
                if (createServerPossession != null) {
                    return createServerPossession;
                }
                i++;
            }
            return null;
        }
    }

    static {
        X509Authentication x509Authentication = new X509Authentication("RSA", 0, "RSA", new X509PossessionGenerator(new String[]{"RSA"}));
        RSA = x509Authentication;
        X509Authentication x509Authentication2 = new X509Authentication("RSASSA_PSS", 1, "RSASSA-PSS", new X509PossessionGenerator(new String[]{"RSASSA-PSS"}));
        RSASSA_PSS = x509Authentication2;
        X509Authentication x509Authentication3 = new X509Authentication("RSA_OR_PSS", 2, "RSA_OR_PSS", new X509PossessionGenerator(new String[]{"RSA", "RSASSA-PSS"}));
        RSA_OR_PSS = x509Authentication3;
        X509Authentication x509Authentication4 = new X509Authentication("DSA", 3, "DSA", new X509PossessionGenerator(new String[]{"DSA"}));
        DSA = x509Authentication4;
        X509Authentication x509Authentication5 = new X509Authentication("EC", 4, "EC", new X509PossessionGenerator(new String[]{"EC"}));
        EC = x509Authentication5;
        $VALUES = new X509Authentication[]{x509Authentication, x509Authentication2, x509Authentication3, x509Authentication4, x509Authentication5};
    }

    private X509Authentication(String str, int i, String str2, SSLPossessionGenerator sSLPossessionGenerator) {
        this.keyType = str2;
        this.possessionGenerator = sSLPossessionGenerator;
    }

    public static X509Authentication valueOf(String str) {
        return (X509Authentication) Enum.valueOf(X509Authentication.class, str);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static X509Authentication valueOf(SignatureScheme signatureScheme) {
        for (X509Authentication x509Authentication : values()) {
            if (x509Authentication.keyType.equals(signatureScheme.keyAlgorithm)) {
                return x509Authentication;
            }
        }
        return null;
    }

    public static X509Authentication[] values() {
        return (X509Authentication[]) $VALUES.clone();
    }

    @Override // org.openjsse.sun.security.ssl.SSLPossessionGenerator
    public SSLPossession createPossession(HandshakeContext handshakeContext) {
        return this.possessionGenerator.createPossession(handshakeContext);
    }

    @Override // org.openjsse.sun.security.ssl.SSLHandshakeBinding
    public /* synthetic */ Map.Entry[] getHandshakeConsumers(HandshakeContext handshakeContext) {
        return SSLHandshakeBinding.CC.$default$getHandshakeConsumers(this, handshakeContext);
    }

    @Override // org.openjsse.sun.security.ssl.SSLHandshakeBinding
    public Map.Entry<Byte, HandshakeProducer>[] getHandshakeProducers(HandshakeContext handshakeContext) {
        return !handshakeContext.negotiatedProtocol.useTLS13PlusSpec() ? new Map.Entry[]{new AbstractMap.SimpleImmutableEntry(Byte.valueOf(SSLHandshake.CERTIFICATE.id), SSLHandshake.CERTIFICATE)} : new Map.Entry[0];
    }

    @Override // org.openjsse.sun.security.ssl.SSLHandshakeBinding
    public SSLHandshake[] getRelatedHandshakers(HandshakeContext handshakeContext) {
        return !handshakeContext.negotiatedProtocol.useTLS13PlusSpec() ? new SSLHandshake[]{SSLHandshake.CERTIFICATE, SSLHandshake.CERTIFICATE_REQUEST} : new SSLHandshake[0];
    }
}
