package org.eclipse.californium.scandium.dtls;

import j.a.a.b.z.a;
import j.a.a.b.z.h;
import j.a.a.b.z.i;
import j.a.a.b.z.n;
import j.a.a.b.z.v;
import j.a.a.c.i.e0;
import j.c.c;
import j.c.d;
import java.net.InetSocketAddress;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.PublicKey;
import java.security.Signature;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Collections;
import java.util.Iterator;
import java.util.List;
import javax.security.auth.x500.X500Principal;

@n
/* loaded from: classes3.dex */
public final class CertificateRequest extends e0 {
    public static final c p = d.a((Class<?>) CertificateRequest.class);
    public static final String q = "\t\t\t";
    public static final int r = 8;
    public static final int s = 8;
    public static final int t = 16;
    public static final int u = 16;
    public static final int v = 16;
    public static final int w = 8;
    public static final int x = 65535;
    public final List<ClientCertificateType> l;
    public final List<SignatureAndHashAlgorithm> m;
    public final List<X500Principal> n;
    public int o;

    /* loaded from: classes3.dex */
    public enum ClientCertificateType {
        RSA_SIGN(1, "RSA", true),
        DSS_SIGN(2, a.f19214c, true),
        RSA_FIXED_DH(3, a.f19215d, false),
        DSS_FIXED_DH(4, a.f19215d, false),
        RSA_EPHEMERAL_DH_RESERVED(5, a.f19215d, false),
        DSS_EPHEMERAL_DH_RESERVED(6, a.f19215d, false),
        FORTEZZA_DMS_RESERVED(20, "UNKNOWN", false),
        ECDSA_SIGN(64, "EC", true),
        RSA_FIXED_ECDH(65, a.f19215d, false),
        ECDSA_FIXED_ECDH(66, a.f19215d, false);

        public final int code;
        public final String jcaAlgorithm;
        public final boolean requiresSigningCapability;

        ClientCertificateType(int i2, String str, boolean z) {
            this.code = i2;
            this.jcaAlgorithm = str;
            this.requiresSigningCapability = z;
        }

        public static ClientCertificateType getTypeByCode(int i2) {
            for (ClientCertificateType clientCertificateType : values()) {
                if (clientCertificateType.code == i2) {
                    return clientCertificateType;
                }
            }
            return null;
        }

        public int getCode() {
            return this.code;
        }

        public String getJcaAlgorithm() {
            return this.jcaAlgorithm;
        }

        public boolean isCompatibleWithKeyAlgorithm(String str) {
            return this.jcaAlgorithm.equals(str);
        }

        public boolean requiresSigningCapability() {
            return this.requiresSigningCapability;
        }
    }

    public CertificateRequest(InetSocketAddress inetSocketAddress) {
        super(inetSocketAddress);
        this.l = new ArrayList();
        this.m = new ArrayList();
        this.n = new ArrayList();
        this.o = 0;
    }

    public CertificateRequest(List<ClientCertificateType> list, List<SignatureAndHashAlgorithm> list2, List<X500Principal> list3, InetSocketAddress inetSocketAddress) {
        super(inetSocketAddress);
        this.l = new ArrayList();
        this.m = new ArrayList();
        this.n = new ArrayList();
        this.o = 0;
        if (list != null) {
            this.l.addAll(list);
        }
        if (list2 != null) {
            this.m.addAll(list2);
        }
        if (list3 != null) {
            a(list3);
        }
    }

    public static e0 a(h hVar, InetSocketAddress inetSocketAddress) {
        ArrayList arrayList = new ArrayList();
        h c2 = hVar.c(hVar.d(8));
        while (c2.b()) {
            arrayList.add(ClientCertificateType.getTypeByCode(c2.d(8)));
        }
        ArrayList arrayList2 = new ArrayList();
        h c3 = hVar.c(hVar.d(16));
        while (c3.b()) {
            arrayList2.add(new SignatureAndHashAlgorithm(c3.d(8), c3.d(8)));
        }
        ArrayList arrayList3 = new ArrayList();
        h c4 = hVar.c(hVar.d(16));
        while (c4.b()) {
            arrayList3.add(new X500Principal(c4.e(c4.d(16))));
        }
        return new CertificateRequest(arrayList, arrayList2, arrayList3, inetSocketAddress);
    }

    public SignatureAndHashAlgorithm a(PublicKey publicKey) {
        if (c(publicKey)) {
            return b(publicKey);
        }
        return null;
    }

    public void a(ClientCertificateType clientCertificateType) {
        this.l.add(clientCertificateType);
    }

    public void a(SignatureAndHashAlgorithm signatureAndHashAlgorithm) {
        this.m.add(signatureAndHashAlgorithm);
    }

    public boolean a(X509Certificate x509Certificate) {
        String sigAlgName = x509Certificate.getSigAlgName();
        Iterator<SignatureAndHashAlgorithm> it = this.m.iterator();
        while (it.hasNext()) {
            if (it.next().c().equalsIgnoreCase(sigAlgName)) {
                return true;
            }
        }
        p.debug("certificate is NOT signed with supported algorithm(s)");
        return false;
    }

    public boolean a(List<X500Principal> list) {
        Iterator<X500Principal> it = list.iterator();
        int i2 = 0;
        while (it.hasNext()) {
            if (!a(it.next())) {
                p.debug("could add only {} of {} certificate authorities, max length exceeded", Integer.valueOf(i2), Integer.valueOf(list.size()));
                return false;
            }
            i2++;
        }
        return true;
    }

    public boolean a(X500Principal x500Principal) {
        if (x500Principal == null) {
            throw new NullPointerException("authority must not be null");
        }
        int length = x500Principal.getEncoded().length + 2;
        if (this.o + length > 65535) {
            return false;
        }
        this.n.add(x500Principal);
        this.o += length;
        return true;
    }

    public SignatureAndHashAlgorithm b(PublicKey publicKey) {
        for (SignatureAndHashAlgorithm signatureAndHashAlgorithm : this.m) {
            try {
                Signature.getInstance(signatureAndHashAlgorithm.c()).initVerify(publicKey);
                return signatureAndHashAlgorithm;
            } catch (InvalidKeyException | NoSuchAlgorithmException unused) {
            }
        }
        return null;
    }

    public SignatureAndHashAlgorithm b(List<X509Certificate> list) {
        if (!c(list)) {
            return null;
        }
        X509Certificate x509Certificate = list.get(0);
        if (b(x509Certificate)) {
            return b(x509Certificate.getPublicKey());
        }
        return null;
    }

    public boolean b(X509Certificate x509Certificate) {
        Boolean bool = null;
        for (ClientCertificateType clientCertificateType : this.l) {
            if (clientCertificateType.isCompatibleWithKeyAlgorithm(x509Certificate.getPublicKey().getAlgorithm())) {
                if (clientCertificateType.requiresSigningCapability()) {
                    if (bool == null) {
                        bool = Boolean.valueOf(j.a.a.b.z.d.a(x509Certificate, true));
                    }
                    if (!bool.booleanValue()) {
                        p.error("type: {}, requires missing signing capability!", clientCertificateType);
                    }
                }
                p.debug("type: {}, is compatible with KeyAlgorithm[{}] and meets signing requirements", clientCertificateType, x509Certificate.getPublicKey().getAlgorithm());
                return true;
            }
            p.error("type: {}, is not compatible with KeyAlgorithm[{}]: {}", clientCertificateType, x509Certificate.getPublicKey().getAlgorithm());
        }
        p.debug("certificate [{}] is not of any supported type", x509Certificate);
        return false;
    }

    @Override // j.a.a.c.i.e0
    public byte[] b() {
        i iVar = new i();
        iVar.a(this.l.size(), 8);
        Iterator<ClientCertificateType> it = this.l.iterator();
        while (it.hasNext()) {
            iVar.a(it.next().getCode(), 8);
        }
        iVar.a(this.m.size() * 2, 16);
        for (SignatureAndHashAlgorithm signatureAndHashAlgorithm : this.m) {
            iVar.a(signatureAndHashAlgorithm.a().getCode(), 8);
            iVar.a(signatureAndHashAlgorithm.b().getCode(), 8);
        }
        iVar.a(this.o, 16);
        Iterator<X500Principal> it2 = this.n.iterator();
        while (it2.hasNext()) {
            byte[] encoded = it2.next().getEncoded();
            iVar.a(encoded.length, 16);
            iVar.a(encoded);
        }
        return iVar.d();
    }

    public boolean c(PublicKey publicKey) {
        Iterator<ClientCertificateType> it = this.l.iterator();
        while (it.hasNext()) {
            if (it.next().isCompatibleWithKeyAlgorithm(publicKey.getAlgorithm())) {
                return true;
            }
        }
        return false;
    }

    public boolean c(List<X509Certificate> list) {
        Iterator<X509Certificate> it = list.iterator();
        while (it.hasNext()) {
            if (!a(it.next())) {
                p.debug("certificate chain is NOT signed with supported algorithm(s)");
                return false;
            }
        }
        p.debug("certificate chain is signed with supported algorithm(s)");
        return true;
    }

    @Override // j.a.a.c.i.e0
    public int e() {
        return (this.m.size() * 2) + this.l.size() + 1 + 2 + 2 + this.o;
    }

    @Override // j.a.a.c.i.e0
    public HandshakeType g() {
        return HandshakeType.CERTIFICATE_REQUEST;
    }

    public List<X500Principal> i() {
        return Collections.unmodifiableList(this.n);
    }

    public List<ClientCertificateType> j() {
        return Collections.unmodifiableList(this.l);
    }

    public List<SignatureAndHashAlgorithm> k() {
        return Collections.unmodifiableList(this.m);
    }

    @Override // j.a.a.c.i.e0
    public String toString() {
        StringBuilder sb = new StringBuilder(super.toString());
        if (!this.l.isEmpty()) {
            sb.append("\t\tClient certificate type:");
            sb.append(v.a());
            for (ClientCertificateType clientCertificateType : this.l) {
                sb.append(q);
                sb.append(clientCertificateType);
                sb.append(v.a());
            }
        }
        if (!this.m.isEmpty()) {
            sb.append("\t\tSignature and hash algorithm:");
            sb.append(v.a());
            for (SignatureAndHashAlgorithm signatureAndHashAlgorithm : this.m) {
                sb.append(q);
                sb.append(signatureAndHashAlgorithm.c());
                sb.append(v.a());
            }
        }
        if (!this.n.isEmpty()) {
            sb.append("\t\tCertificate authorities:");
            sb.append(v.a());
            for (X500Principal x500Principal : this.n) {
                sb.append(q);
                sb.append(x500Principal.getName());
                sb.append(v.a());
            }
        }
        return sb.toString();
    }
}
