package org.bouncycastle.jsse.provider;

import java.security.AlgorithmParameters;
import java.util.ArrayList;
import java.util.Collections;
import java.util.Iterator;
import java.util.LinkedHashMap;
import java.util.List;
import java.util.Map;
import java.util.Set;
import java.util.TreeMap;
import java.util.Vector;
import java.util.concurrent.atomic.AtomicReference;
import java.util.logging.Logger;
import org.bouncycastle.jsse.java.security.BCAlgorithmConstraints;
import org.bouncycastle.jsse.java.security.BCCryptoPrimitive;
import org.bouncycastle.tls.NamedGroup;
import org.bouncycastle.tls.ProtocolVersion;
import org.bouncycastle.tls.TlsUtils;
import org.bouncycastle.tls.crypto.impl.jcajce.JcaTlsCrypto;
import org.bouncycastle.util.Arrays;
import org.bouncycastle.util.Integers;
import org.bouncycastle.util.Properties;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: classes3.dex */
public class NamedGroupInfo {
    private static final String PROPERTY_NAMED_GROUPS = "jdk.tls.namedGroups";
    private final AlgorithmParameters algorithmParameters;
    private final All all;
    private final boolean enabled;
    private static final Logger LOG = Logger.getLogger(NamedGroupInfo.class.getName());
    private static final int[] CANDIDATES_DEFAULT = {29, 30, 23, 24, 25, 31, 32, 33, 256, NamedGroup.ffdhe3072, NamedGroup.ffdhe4096};

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: classes3.dex */
    public enum All {
        sect163k1(1, "EC"),
        sect163r1(2, "EC"),
        sect163r2(3, "EC"),
        sect193r1(4, "EC"),
        sect193r2(5, "EC"),
        sect233k1(6, "EC"),
        sect233r1(7, "EC"),
        sect239k1(8, "EC"),
        sect283k1(9, "EC"),
        sect283r1(10, "EC"),
        sect409k1(11, "EC"),
        sect409r1(12, "EC"),
        sect571k1(13, "EC"),
        sect571r1(14, "EC"),
        secp160k1(15, "EC"),
        secp160r1(16, "EC"),
        secp160r2(17, "EC"),
        secp192k1(18, "EC"),
        secp192r1(19, "EC"),
        secp224k1(20, "EC"),
        secp224r1(21, "EC"),
        secp256k1(22, "EC"),
        secp256r1(23, "EC"),
        secp384r1(24, "EC"),
        secp521r1(25, "EC"),
        brainpoolP256r1(26, "EC"),
        brainpoolP384r1(27, "EC"),
        brainpoolP512r1(28, "EC"),
        x25519(29, "XDH"),
        x448(30, "XDH"),
        brainpoolP256r1tls13(31, "EC"),
        brainpoolP384r1tls13(32, "EC"),
        brainpoolP512r1tls13(33, "EC"),
        curveSM2(41, "EC"),
        ffdhe2048(256, "DiffieHellman"),
        ffdhe3072(NamedGroup.ffdhe3072, "DiffieHellman"),
        ffdhe4096(NamedGroup.ffdhe4096, "DiffieHellman"),
        ffdhe6144(NamedGroup.ffdhe6144, "DiffieHellman"),
        ffdhe8192(NamedGroup.ffdhe8192, "DiffieHellman"),
        OQS_mlkem512(NamedGroup.OQS_mlkem512, "ML-KEM"),
        OQS_mlkem768(NamedGroup.OQS_mlkem768, "ML-KEM"),
        OQS_mlkem1024(NamedGroup.OQS_mlkem1024, "ML-KEM"),
        DRAFT_mlkem768(NamedGroup.DRAFT_mlkem768, "ML-KEM"),
        DRAFT_mlkem1024(NamedGroup.DRAFT_mlkem1024, "ML-KEM");

        private final int bitsECDH;
        private final int bitsFFDHE;
        private final boolean char2;
        private final String jcaAlgorithm;
        private final String jcaGroup;
        private final String name;
        private final int namedGroup;
        private final boolean supportedPost13;
        private final boolean supportedPre13;
        private final String text;

        All(int i6, String str) {
            this.namedGroup = i6;
            this.name = NamedGroup.getName(i6);
            this.text = NamedGroup.getText(i6);
            this.jcaAlgorithm = str;
            this.jcaGroup = NamedGroup.getStandardName(i6);
            this.supportedPost13 = NamedGroup.canBeNegotiated(i6, ProtocolVersion.TLSv13);
            this.supportedPre13 = NamedGroup.canBeNegotiated(i6, ProtocolVersion.TLSv12);
            this.char2 = NamedGroup.isChar2Curve(i6);
            this.bitsECDH = NamedGroup.getCurveBits(i6);
            this.bitsFFDHE = NamedGroup.getFiniteFieldBits(i6);
        }
    }

    /* loaded from: classes3.dex */
    static class DefaultedResult {
        private final boolean defaulted;
        private final int result;

        DefaultedResult(int i6, boolean z5) {
            this.result = i6;
            this.defaulted = z5;
        }

        /* JADX INFO: Access modifiers changed from: package-private */
        public int getResult() {
            return this.result;
        }

        /* JADX INFO: Access modifiers changed from: package-private */
        public boolean isDefaulted() {
            return this.defaulted;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: classes3.dex */
    public static class PerConnection {
        private final LinkedHashMap<Integer, NamedGroupInfo> local;
        private final boolean localECDSA;
        private final AtomicReference<List<NamedGroupInfo>> peer;

        PerConnection(LinkedHashMap<Integer, NamedGroupInfo> linkedHashMap, boolean z5) {
            if (linkedHashMap == null) {
                throw new NullPointerException("local");
            }
            this.local = linkedHashMap;
            this.localECDSA = z5;
            this.peer = new AtomicReference<>();
        }

        List<NamedGroupInfo> getPeer() {
            return this.peer.get();
        }

        /* JADX INFO: Access modifiers changed from: package-private */
        public void notifyPeerData(int[] iArr) {
            this.peer.set(NamedGroupInfo.getNamedGroupInfos(this.local, iArr));
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: classes3.dex */
    public static class PerContext {
        private final int[] candidates;
        private final Map<Integer, NamedGroupInfo> index;

        PerContext(Map<Integer, NamedGroupInfo> map, int[] iArr) {
            this.index = map;
            this.candidates = iArr;
        }
    }

    NamedGroupInfo(All all, AlgorithmParameters algorithmParameters, boolean z5) {
        this.all = all;
        this.algorithmParameters = algorithmParameters;
        this.enabled = z5;
    }

    private static void addNamedGroup(boolean z5, JcaTlsCrypto jcaTlsCrypto, boolean z6, boolean z7, Map<Integer, NamedGroupInfo> map, All all) {
        int i6 = all.namedGroup;
        if (!z5 || FipsUtils.isFipsNamedGroup(i6)) {
            boolean z8 = false;
            boolean z9 = !(z6 && all.char2) && (!z7 || all.bitsFFDHE <= 0) && all.jcaGroup != null && jcaTlsCrypto.hasNamedGroup(i6);
            AlgorithmParameters algorithmParameters = null;
            if (z9) {
                try {
                    algorithmParameters = jcaTlsCrypto.getNamedGroupAlgorithmParameters(i6);
                } catch (Exception unused) {
                }
            }
            z8 = z9;
            if (map.put(Integer.valueOf(i6), new NamedGroupInfo(all, algorithmParameters, z8)) != null) {
                throw new IllegalStateException("Duplicate entries for NamedGroupInfo");
            }
        }
    }

    private static int[] createCandidates(Map<Integer, NamedGroupInfo> map, String[] strArr, String str) {
        Logger logger;
        StringBuilder sb;
        String str2;
        int length = strArr.length;
        int[] iArr = new int[length];
        int i6 = 0;
        for (String str3 : strArr) {
            int namedGroupByName = getNamedGroupByName(str3);
            if (namedGroupByName < 0) {
                logger = LOG;
                sb = new StringBuilder();
                sb.append("'");
                sb.append(str);
                str2 = "' contains unrecognised NamedGroup: ";
            } else {
                NamedGroupInfo namedGroupInfo = map.get(Integer.valueOf(namedGroupByName));
                if (namedGroupInfo == null) {
                    logger = LOG;
                    sb = new StringBuilder();
                    sb.append("'");
                    sb.append(str);
                    str2 = "' contains unsupported NamedGroup: ";
                } else if (namedGroupInfo.isEnabled()) {
                    iArr[i6] = namedGroupByName;
                    i6++;
                } else {
                    logger = LOG;
                    sb = new StringBuilder();
                    sb.append("'");
                    sb.append(str);
                    str2 = "' contains disabled NamedGroup: ";
                }
            }
            sb.append(str2);
            sb.append(str3);
            logger.warning(sb.toString());
        }
        if (i6 < length) {
            iArr = Arrays.copyOf(iArr, i6);
        }
        if (iArr.length < 1) {
            LOG.severe("'" + str + "' contained no usable NamedGroup values");
        }
        return iArr;
    }

    private static int[] createCandidatesFromProperty(Map<Integer, NamedGroupInfo> map, String str) {
        String[] stringArraySystemProperty = PropertyUtils.getStringArraySystemProperty(str);
        return stringArraySystemProperty == null ? CANDIDATES_DEFAULT : createCandidates(map, stringArraySystemProperty, str);
    }

    private static Map<Integer, NamedGroupInfo> createIndex(boolean z5, JcaTlsCrypto jcaTlsCrypto) {
        boolean z6;
        TreeMap treeMap = new TreeMap();
        boolean z7 = true;
        if (PropertyUtils.getBooleanSystemProperty("org.bouncycastle.jsse.ec.disableChar2", false) || Properties.isOverrideSet("org.bouncycastle.ec.disable_f2m")) {
            z6 = true;
        } else {
            z6 = true;
            z7 = false;
        }
        boolean booleanSystemProperty = PropertyUtils.getBooleanSystemProperty("jsse.enableFFDHE", z6) ^ z6;
        for (All all : All.values()) {
            addNamedGroup(z5, jcaTlsCrypto, z7, booleanSystemProperty, treeMap, all);
        }
        return treeMap;
    }

    private static PerConnection createPerConnection(PerContext perContext, ProvSSLParameters provSSLParameters, ProtocolVersion protocolVersion, ProtocolVersion protocolVersion2) {
        String[] namedGroups = provSSLParameters.getNamedGroups();
        int[] createCandidates = namedGroups == null ? perContext.candidates : createCandidates(perContext.index, namedGroups, "SSLParameters.namedGroups");
        BCAlgorithmConstraints algorithmConstraints = provSSLParameters.getAlgorithmConstraints();
        boolean isTLSv13 = TlsUtils.isTLSv13(protocolVersion2);
        boolean z5 = !TlsUtils.isTLSv13(protocolVersion);
        LinkedHashMap linkedHashMap = new LinkedHashMap(createCandidates.length);
        for (int i6 : createCandidates) {
            Integer valueOf = Integers.valueOf(i6);
            NamedGroupInfo namedGroupInfo = (NamedGroupInfo) perContext.index.get(valueOf);
            if (namedGroupInfo != null && namedGroupInfo.isActive(algorithmConstraints, isTLSv13, z5)) {
                linkedHashMap.put(valueOf, namedGroupInfo);
            }
        }
        return new PerConnection(linkedHashMap, hasAnyECDSA(linkedHashMap));
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static PerConnection createPerConnectionClient(PerContext perContext, ProvSSLParameters provSSLParameters, ProtocolVersion[] protocolVersionArr) {
        return createPerConnection(perContext, provSSLParameters, ProtocolVersion.getEarliestTLS(protocolVersionArr), ProtocolVersion.getLatestTLS(protocolVersionArr));
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static PerConnection createPerConnectionServer(PerContext perContext, ProvSSLParameters provSSLParameters, ProtocolVersion protocolVersion) {
        return createPerConnection(perContext, provSSLParameters, protocolVersion, protocolVersion);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static PerContext createPerContext(boolean z5, JcaTlsCrypto jcaTlsCrypto) {
        Map<Integer, NamedGroupInfo> createIndex = createIndex(z5, jcaTlsCrypto);
        return new PerContext(createIndex, createCandidatesFromProperty(createIndex, PROPERTY_NAMED_GROUPS));
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static DefaultedResult getMaximumBitsServerECDH(PerConnection perConnection) {
        int i6;
        List<NamedGroupInfo> peer = perConnection.getPeer();
        if (peer != null) {
            i6 = 0;
            for (NamedGroupInfo namedGroupInfo : peer) {
                int bitsECDH = namedGroupInfo.getBitsECDH();
                if (bitsECDH > i6 && perConnection.local.containsKey(Integer.valueOf(namedGroupInfo.getNamedGroup()))) {
                    i6 = bitsECDH;
                }
            }
        } else {
            Iterator it = perConnection.local.values().iterator();
            i6 = 0;
            while (it.hasNext()) {
                i6 = Math.max(i6, ((NamedGroupInfo) it.next()).getBitsECDH());
            }
        }
        return new DefaultedResult(i6, peer == null);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static DefaultedResult getMaximumBitsServerFFDHE(PerConnection perConnection) {
        int i6;
        List<NamedGroupInfo> peer = perConnection.getPeer();
        boolean z5 = false;
        if (peer != null) {
            i6 = 0;
            for (NamedGroupInfo namedGroupInfo : peer) {
                int namedGroup = namedGroupInfo.getNamedGroup();
                z5 |= NamedGroup.isFiniteField(namedGroup);
                int bitsFFDHE = namedGroupInfo.getBitsFFDHE();
                if (bitsFFDHE > i6 && perConnection.local.containsKey(Integer.valueOf(namedGroup))) {
                    i6 = bitsFFDHE;
                }
            }
        } else {
            i6 = 0;
        }
        if (!z5) {
            Iterator it = perConnection.local.values().iterator();
            while (it.hasNext()) {
                i6 = Math.max(i6, ((NamedGroupInfo) it.next()).getBitsFFDHE());
            }
        }
        return new DefaultedResult(i6, !z5);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static NamedGroupInfo getNamedGroup(PerContext perContext, int i6) {
        return (NamedGroupInfo) perContext.index.get(Integer.valueOf(i6));
    }

    private static int getNamedGroupByName(String str) {
        for (All all : All.values()) {
            if (all.name.equalsIgnoreCase(str)) {
                return all.namedGroup;
            }
        }
        return -1;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static List<NamedGroupInfo> getNamedGroupInfos(Map<Integer, NamedGroupInfo> map, int[] iArr) {
        if (iArr == null) {
            return null;
        }
        if (iArr.length < 1) {
            return Collections.EMPTY_LIST;
        }
        ArrayList arrayList = new ArrayList(iArr.length);
        for (int i6 : iArr) {
            NamedGroupInfo namedGroupInfo = map.get(Integer.valueOf(i6));
            if (namedGroupInfo != null) {
                arrayList.add(namedGroupInfo);
            }
        }
        if (arrayList.isEmpty()) {
            return Collections.EMPTY_LIST;
        }
        arrayList.trimToSize();
        return arrayList;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static Vector<Integer> getSupportedGroupsLocalClient(PerConnection perConnection) {
        return new Vector<>(perConnection.local.keySet());
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static int[] getSupportedGroupsLocalServer(PerConnection perConnection) {
        Set keySet = perConnection.local.keySet();
        int[] iArr = new int[keySet.size()];
        Iterator it = keySet.iterator();
        int i6 = 0;
        while (it.hasNext()) {
            iArr[i6] = ((Integer) it.next()).intValue();
            i6++;
        }
        return iArr;
    }

    private static boolean hasAnyECDSA(Map<Integer, NamedGroupInfo> map) {
        Iterator<NamedGroupInfo> it = map.values().iterator();
        while (it.hasNext()) {
            if (NamedGroup.refersToAnECDSACurve(it.next().getNamedGroup())) {
                return true;
            }
        }
        return false;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static boolean hasAnyECDSALocal(PerConnection perConnection) {
        return perConnection.localECDSA;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static boolean hasLocal(PerConnection perConnection, int i6) {
        return perConnection.local.containsKey(Integer.valueOf(i6));
    }

    private boolean isPermittedBy(BCAlgorithmConstraints bCAlgorithmConstraints) {
        Set<BCCryptoPrimitive> set = JsseUtils.KEY_AGREEMENT_CRYPTO_PRIMITIVES_BC;
        return bCAlgorithmConstraints.permits(set, getJcaGroup(), null) && bCAlgorithmConstraints.permits(set, getJcaAlgorithm(), this.algorithmParameters);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static DefaultedResult selectServerECDH(PerConnection perConnection, int i6) {
        List<NamedGroupInfo> peer = perConnection.getPeer();
        if (peer != null) {
            for (NamedGroupInfo namedGroupInfo : peer) {
                if (namedGroupInfo.getBitsECDH() >= i6) {
                    int namedGroup = namedGroupInfo.getNamedGroup();
                    if (perConnection.local.containsKey(Integer.valueOf(namedGroup))) {
                        return new DefaultedResult(namedGroup, false);
                    }
                }
            }
        } else {
            for (NamedGroupInfo namedGroupInfo2 : perConnection.local.values()) {
                if (namedGroupInfo2.getBitsECDH() >= i6) {
                    return new DefaultedResult(namedGroupInfo2.getNamedGroup(), true);
                }
            }
        }
        return new DefaultedResult(-1, peer == null);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static DefaultedResult selectServerFFDHE(PerConnection perConnection, int i6) {
        List<NamedGroupInfo> peer = perConnection.getPeer();
        boolean z5 = false;
        if (peer != null) {
            boolean z6 = false;
            for (NamedGroupInfo namedGroupInfo : peer) {
                int namedGroup = namedGroupInfo.getNamedGroup();
                z6 |= NamedGroup.isFiniteField(namedGroup);
                if (namedGroupInfo.getBitsFFDHE() >= i6 && perConnection.local.containsKey(Integer.valueOf(namedGroup))) {
                    return new DefaultedResult(namedGroup, false);
                }
            }
            z5 = z6;
        }
        if (!z5) {
            for (NamedGroupInfo namedGroupInfo2 : perConnection.local.values()) {
                if (namedGroupInfo2.getBitsFFDHE() >= i6) {
                    return new DefaultedResult(namedGroupInfo2.getNamedGroup(), true);
                }
            }
        }
        return new DefaultedResult(-1, !z5);
    }

    int getBitsECDH() {
        return this.all.bitsECDH;
    }

    int getBitsFFDHE() {
        return this.all.bitsFFDHE;
    }

    String getJcaAlgorithm() {
        return this.all.jcaAlgorithm;
    }

    String getJcaGroup() {
        return this.all.jcaGroup;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public int getNamedGroup() {
        return this.all.namedGroup;
    }

    boolean isActive(BCAlgorithmConstraints bCAlgorithmConstraints, boolean z5, boolean z6) {
        if (this.enabled) {
            return ((z5 && isSupportedPost13()) || (z6 && isSupportedPre13())) && isPermittedBy(bCAlgorithmConstraints);
        }
        return false;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public boolean isEnabled() {
        return this.enabled;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public boolean isSupportedPost13() {
        return this.all.supportedPost13;
    }

    boolean isSupportedPre13() {
        return this.all.supportedPre13;
    }

    public String toString() {
        return this.all.text;
    }
}
