package org.eclipse.californium.scandium.dtls;

import java.net.InetSocketAddress;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.PublicKey;
import java.security.Signature;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Collections;
import java.util.Iterator;
import java.util.List;
import javax.security.auth.x500.X500Principal;
import org.eclipse.californium.elements.util.DatagramReader;
import org.eclipse.californium.elements.util.DatagramWriter;
import org.eclipse.californium.elements.util.StringUtil;
import org.eclipse.californium.scandium.dtls.SignatureAndHashAlgorithm;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: classes2.dex */
public final class CertificateRequest extends HandshakeMessage {
    private static final Logger LOGGER = LoggerFactory.getLogger(CertificateRequest.class.getName());
    private final List<X500Principal> certificateAuthorities;
    private int certificateAuthoritiesEncodedLength;
    private final List<ClientCertificateType> certificateTypes;
    private final List<SignatureAndHashAlgorithm> supportedSignatureAlgorithms;

    /* loaded from: classes2.dex */
    public enum ClientCertificateType {
        RSA_SIGN(1, "RSA", true),
        DSS_SIGN(2, "DSA", true),
        RSA_FIXED_DH(3, "DH", false),
        DSS_FIXED_DH(4, "DH", false),
        RSA_EPHEMERAL_DH_RESERVED(5, "DH", false),
        DSS_EPHEMERAL_DH_RESERVED(6, "DH", false),
        FORTEZZA_DMS_RESERVED(20, "UNKNOWN", false),
        ECDSA_SIGN(64, "EC", true),
        RSA_FIXED_ECDH(65, "DH", false),
        ECDSA_FIXED_ECDH(66, "DH", false);

        private final int code;
        private final String jcaAlgorithm;
        private final boolean requiresSigningCapability;

        ClientCertificateType(int i, String str, boolean z) {
            this.code = i;
            this.jcaAlgorithm = str;
            this.requiresSigningCapability = z;
        }

        public static ClientCertificateType getTypeByCode(int i) {
            for (ClientCertificateType clientCertificateType : values()) {
                if (clientCertificateType.code == i) {
                    return clientCertificateType;
                }
            }
            return null;
        }

        public int getCode() {
            return this.code;
        }

        public boolean isCompatibleWithKeyAlgorithm(String str) {
            return this.jcaAlgorithm.equals(str);
        }

        public boolean requiresSigningCapability() {
            return this.requiresSigningCapability;
        }
    }

    public CertificateRequest(InetSocketAddress inetSocketAddress) {
        super(inetSocketAddress);
        this.certificateTypes = new ArrayList();
        this.supportedSignatureAlgorithms = new ArrayList();
        this.certificateAuthorities = new ArrayList();
        this.certificateAuthoritiesEncodedLength = 0;
    }

    public CertificateRequest(List<ClientCertificateType> list, List<SignatureAndHashAlgorithm> list2, List<X500Principal> list3, InetSocketAddress inetSocketAddress) {
        super(inetSocketAddress);
        this.certificateTypes = new ArrayList();
        this.supportedSignatureAlgorithms = new ArrayList();
        this.certificateAuthorities = new ArrayList();
        this.certificateAuthoritiesEncodedLength = 0;
        if (list != null) {
            this.certificateTypes.addAll(list);
        }
        if (list2 != null) {
            this.supportedSignatureAlgorithms.addAll(list2);
        }
        if (list3 != null) {
            addCerticiateAuthorities(list3);
        }
    }

    private boolean addCerticiateAuthorities(List<X500Principal> list) {
        Iterator<X500Principal> it = list.iterator();
        int i = 0;
        while (it.hasNext()) {
            if (!addCertificateAuthority(it.next())) {
                LOGGER.debug("could add only {} of {} certificate authorities, max length exceeded", Integer.valueOf(i), Integer.valueOf(list.size()));
                return false;
            }
            i++;
        }
        return true;
    }

    public static HandshakeMessage fromReader(DatagramReader datagramReader, InetSocketAddress inetSocketAddress) {
        ArrayList arrayList = new ArrayList();
        DatagramReader createRangeReader = datagramReader.createRangeReader(datagramReader.read(8));
        while (createRangeReader.bytesAvailable()) {
            arrayList.add(ClientCertificateType.getTypeByCode(createRangeReader.read(8)));
        }
        ArrayList arrayList2 = new ArrayList();
        DatagramReader createRangeReader2 = datagramReader.createRangeReader(datagramReader.read(16));
        while (createRangeReader2.bytesAvailable()) {
            arrayList2.add(new SignatureAndHashAlgorithm(SignatureAndHashAlgorithm.HashAlgorithm.getAlgorithmByCode(createRangeReader2.read(8)), SignatureAndHashAlgorithm.SignatureAlgorithm.getAlgorithmByCode(createRangeReader2.read(8))));
        }
        ArrayList arrayList3 = new ArrayList();
        DatagramReader createRangeReader3 = datagramReader.createRangeReader(datagramReader.read(16));
        while (createRangeReader3.bytesAvailable()) {
            arrayList3.add(new X500Principal(createRangeReader3.readBytes(createRangeReader3.read(16))));
        }
        return new CertificateRequest(arrayList, arrayList2, arrayList3, inetSocketAddress);
    }

    public boolean addCertificateAuthorities(X509Certificate[] x509CertificateArr) {
        if (x509CertificateArr != null) {
            int i = 0;
            for (X509Certificate x509Certificate : x509CertificateArr) {
                if (!addCertificateAuthority(x509Certificate.getSubjectX500Principal())) {
                    LOGGER.debug("could add only {} of {} certificate authorities, max length exceeded", Integer.valueOf(i), Integer.valueOf(x509CertificateArr.length));
                    return false;
                }
                i++;
            }
        }
        return true;
    }

    public boolean addCertificateAuthority(X500Principal x500Principal) {
        if (x500Principal == null) {
            throw new NullPointerException("authority must not be null");
        }
        int length = x500Principal.getEncoded().length + 2;
        if (this.certificateAuthoritiesEncodedLength + length > 65535) {
            return false;
        }
        this.certificateAuthorities.add(x500Principal);
        this.certificateAuthoritiesEncodedLength += length;
        return true;
    }

    public void addCertificateType(ClientCertificateType clientCertificateType) {
        this.certificateTypes.add(clientCertificateType);
    }

    public void addSignatureAlgorithm(SignatureAndHashAlgorithm signatureAndHashAlgorithm) {
        this.supportedSignatureAlgorithms.add(signatureAndHashAlgorithm);
    }

    @Override // org.eclipse.californium.scandium.dtls.HandshakeMessage
    public byte[] fragmentToByteArray() {
        DatagramWriter datagramWriter = new DatagramWriter();
        datagramWriter.write(this.certificateTypes.size(), 8);
        Iterator<ClientCertificateType> it = this.certificateTypes.iterator();
        while (it.hasNext()) {
            datagramWriter.write(it.next().getCode(), 8);
        }
        datagramWriter.write(this.supportedSignatureAlgorithms.size() * 2, 16);
        for (SignatureAndHashAlgorithm signatureAndHashAlgorithm : this.supportedSignatureAlgorithms) {
            datagramWriter.write(signatureAndHashAlgorithm.getHash().getCode(), 8);
            datagramWriter.write(signatureAndHashAlgorithm.getSignature().getCode(), 8);
        }
        datagramWriter.write(this.certificateAuthoritiesEncodedLength, 16);
        Iterator<X500Principal> it2 = this.certificateAuthorities.iterator();
        while (it2.hasNext()) {
            byte[] encoded = it2.next().getEncoded();
            datagramWriter.write(encoded.length, 16);
            datagramWriter.writeBytes(encoded);
        }
        return datagramWriter.toByteArray();
    }

    @Override // org.eclipse.californium.scandium.dtls.HandshakeMessage
    public int getMessageLength() {
        return this.certificateTypes.size() + 1 + 2 + (this.supportedSignatureAlgorithms.size() * 2) + 2 + this.certificateAuthoritiesEncodedLength;
    }

    @Override // org.eclipse.californium.scandium.dtls.HandshakeMessage
    public HandshakeType getMessageType() {
        return HandshakeType.CERTIFICATE_REQUEST;
    }

    public SignatureAndHashAlgorithm getSignatureAndHashAlgorithm(PublicKey publicKey) {
        if (isSupportedKeyType(publicKey)) {
            return getSupportedSignatureAlgorithm(publicKey);
        }
        return null;
    }

    public SignatureAndHashAlgorithm getSignatureAndHashAlgorithm(List<X509Certificate> list) {
        if (!isSignedWithSupportedAlgorithm(list)) {
            return null;
        }
        X509Certificate x509Certificate = list.get(0);
        if (isSupportedKeyType(x509Certificate)) {
            return getSupportedSignatureAlgorithm(x509Certificate.getPublicKey());
        }
        return null;
    }

    SignatureAndHashAlgorithm getSupportedSignatureAlgorithm(PublicKey publicKey) {
        for (SignatureAndHashAlgorithm signatureAndHashAlgorithm : this.supportedSignatureAlgorithms) {
            try {
                Signature.getInstance(signatureAndHashAlgorithm.jcaName()).initVerify(publicKey);
                return signatureAndHashAlgorithm;
            } catch (InvalidKeyException | NoSuchAlgorithmException unused) {
            }
        }
        return null;
    }

    boolean isSignedWithSupportedAlgorithm(X509Certificate x509Certificate) {
        String sigAlgName = x509Certificate.getSigAlgName();
        Iterator<SignatureAndHashAlgorithm> it = this.supportedSignatureAlgorithms.iterator();
        while (it.hasNext()) {
            if (it.next().jcaName().equalsIgnoreCase(sigAlgName)) {
                return true;
            }
        }
        LOGGER.debug("certificate is NOT signed with supported algorithm(s)");
        return false;
    }

    boolean isSignedWithSupportedAlgorithm(List<X509Certificate> list) {
        Iterator<X509Certificate> it = list.iterator();
        while (it.hasNext()) {
            if (!isSignedWithSupportedAlgorithm(it.next())) {
                LOGGER.debug("certificate chain is NOT signed with supported algorithm(s)");
                return false;
            }
        }
        LOGGER.debug("certificate chain is signed with supported algorithm(s)");
        return true;
    }

    boolean isSupportedKeyType(PublicKey publicKey) {
        Iterator<ClientCertificateType> it = this.certificateTypes.iterator();
        while (it.hasNext()) {
            if (it.next().isCompatibleWithKeyAlgorithm(publicKey.getAlgorithm())) {
                return true;
            }
        }
        return false;
    }

    boolean isSupportedKeyType(X509Certificate x509Certificate) {
        for (ClientCertificateType clientCertificateType : this.certificateTypes) {
            boolean isCompatibleWithKeyAlgorithm = clientCertificateType.isCompatibleWithKeyAlgorithm(x509Certificate.getPublicKey().getAlgorithm());
            boolean z = !clientCertificateType.requiresSigningCapability() || x509Certificate.getKeyUsage() == null || x509Certificate.getKeyUsage()[0];
            LOGGER.debug("type: {}, isCompatibleWithKeyAlgorithm[{}]: {}, meetsSigningRequirements: {}", clientCertificateType, x509Certificate.getPublicKey().getAlgorithm(), Boolean.valueOf(isCompatibleWithKeyAlgorithm), Boolean.valueOf(z));
            if (isCompatibleWithKeyAlgorithm && z) {
                return true;
            }
        }
        LOGGER.debug("certificate [{}] is not of any supported type", x509Certificate);
        return false;
    }

    public List<X509Certificate> removeTrustedCertificates(List<X509Certificate> list) {
        if (list == null) {
            throw new NullPointerException("certificate chain must not be null");
        }
        if (list.size() <= 1) {
            return list;
        }
        ArrayList arrayList = new ArrayList();
        arrayList.add(list.get(0));
        for (int i = 1; i < list.size(); i++) {
            X509Certificate x509Certificate = list.get(i);
            arrayList.add(x509Certificate);
            if (this.certificateAuthorities.contains(x509Certificate.getSubjectX500Principal())) {
                break;
            }
        }
        return Collections.unmodifiableList(arrayList);
    }

    @Override // org.eclipse.californium.scandium.dtls.HandshakeMessage
    public String toString() {
        StringBuilder sb = new StringBuilder(super.toString());
        if (!this.certificateTypes.isEmpty()) {
            sb.append("\t\tClient certificate type:");
            sb.append(StringUtil.lineSeparator());
            for (ClientCertificateType clientCertificateType : this.certificateTypes) {
                sb.append("\t\t\t");
                sb.append(clientCertificateType);
                sb.append(StringUtil.lineSeparator());
            }
        }
        if (!this.supportedSignatureAlgorithms.isEmpty()) {
            sb.append("\t\tSignature and hash algorithm:");
            sb.append(StringUtil.lineSeparator());
            for (SignatureAndHashAlgorithm signatureAndHashAlgorithm : this.supportedSignatureAlgorithms) {
                sb.append("\t\t\t");
                sb.append(signatureAndHashAlgorithm.jcaName());
                sb.append(StringUtil.lineSeparator());
            }
        }
        if (!this.certificateAuthorities.isEmpty()) {
            sb.append("\t\tCertificate authorities:");
            sb.append(StringUtil.lineSeparator());
            for (X500Principal x500Principal : this.certificateAuthorities) {
                sb.append("\t\t\t");
                sb.append(x500Principal.getName());
                sb.append(StringUtil.lineSeparator());
            }
        }
        return sb.toString();
    }
}
