package org.bouncycastle.tls.test;

import java.io.IOException;
import java.security.SecureRandom;
import java.util.Hashtable;
import java.util.Vector;
import org.bouncycastle.asn1.ASN1EncodableVector;
import org.bouncycastle.asn1.DERBitString;
import org.bouncycastle.asn1.DERSequence;
import org.bouncycastle.tls.Certificate;
import org.bouncycastle.tls.CertificateRequest;
import org.bouncycastle.tls.DefaultTlsClient;
import org.bouncycastle.tls.ProtocolVersion;
import org.bouncycastle.tls.SignatureAndHashAlgorithm;
import org.bouncycastle.tls.TlsAuthentication;
import org.bouncycastle.tls.TlsCredentialedSigner;
import org.bouncycastle.tls.TlsCredentials;
import org.bouncycastle.tls.TlsExtensionsUtils;
import org.bouncycastle.tls.TlsFatalAlert;
import org.bouncycastle.tls.TlsServerCertificate;
import org.bouncycastle.tls.TlsUtils;
import org.bouncycastle.tls.crypto.TlsCertificate;
import org.bouncycastle.tls.crypto.TlsCrypto;
import org.bouncycastle.tls.crypto.TlsStreamSigner;
import org.bouncycastle.tls.crypto.impl.bc.BcTlsCrypto;
import org.bouncycastle.util.Arrays;
import org.bouncycastle.util.encoders.Hex;

/* loaded from: input_file:org/bouncycastle/tls/test/TlsTestClientImpl.class */
class TlsTestClientImpl extends DefaultTlsClient {
    protected final TlsTestConfig config;
    protected int firstFatalAlertConnectionEnd;
    protected short firstFatalAlertDescription;
    byte[] tlsServerEndPoint;
    byte[] tlsUnique;

    /* renamed from: org.bouncycastle.tls.test.TlsTestClientImpl$1, reason: invalid class name */
    /* loaded from: input_file:org/bouncycastle/tls/test/TlsTestClientImpl$1.class */
    class AnonymousClass1 implements TlsAuthentication {
        private final TlsTestClientImpl this$0;

        AnonymousClass1(TlsTestClientImpl tlsTestClientImpl) throws IOException {
            this.this$0 = tlsTestClientImpl;
        }

        public void notifyServerCertificate(TlsServerCertificate tlsServerCertificate) throws IOException {
            TlsCertificate[] certificateList = tlsServerCertificate.getCertificate().getCertificateList();
            if (tlsServerCertificate == null || tlsServerCertificate.getCertificate() == null || tlsServerCertificate.getCertificate().isEmpty()) {
                throw new TlsFatalAlert((short) 42);
            }
            TlsCertificate[] trustedCertPath = TlsTestUtils.getTrustedCertPath(this.this$0.context.getCrypto(), certificateList[0], new String[]{"x509-server-dsa.pem", "x509-server-ecdh.pem", "x509-server-ecdsa.pem", "x509-server-ed25519.pem", "x509-server-ed448.pem", "x509-server-rsa_pss_256.pem", "x509-server-rsa_pss_384.pem", "x509-server-rsa_pss_512.pem", "x509-server-rsa-enc.pem", "x509-server-rsa-sign.pem"});
            if (null == trustedCertPath) {
                throw new TlsFatalAlert((short) 42);
            }
            if (this.this$0.config.clientCheckSigAlgOfServerCerts) {
                TlsUtils.checkPeerSigAlgs(this.this$0.context, trustedCertPath);
            }
        }

        public TlsCredentials getClientCredentials(CertificateRequest certificateRequest) throws IOException {
            short[] certificateTypes;
            if (this.this$0.config.serverCertReq == 0) {
                throw new IllegalStateException();
            }
            if (this.this$0.config.clientAuth == 0 || (certificateTypes = certificateRequest.getCertificateTypes()) == null || !Arrays.contains(certificateTypes, (short) 1)) {
                return null;
            }
            Vector supportedSignatureAlgorithms = certificateRequest.getSupportedSignatureAlgorithms();
            if (supportedSignatureAlgorithms != null && this.this$0.config.clientAuthSigAlg != null) {
                supportedSignatureAlgorithms = new Vector(1);
                supportedSignatureAlgorithms.addElement(this.this$0.config.clientAuthSigAlg);
            }
            TlsCredentialedSigner loadSignerCredentials = TlsTestUtils.loadSignerCredentials(this.this$0.context, supportedSignatureAlgorithms, (short) 1, "x509-client-rsa.pem", "x509-client-key-rsa.pem");
            return this.this$0.config.clientAuth == 1 ? loadSignerCredentials : new TlsCredentialedSigner(this, loadSignerCredentials) { // from class: org.bouncycastle.tls.test.TlsTestClientImpl.2
                private final TlsCredentialedSigner val$signerCredentials;
                private final AnonymousClass1 this$1;

                {
                    this.this$1 = this;
                    this.val$signerCredentials = loadSignerCredentials;
                }

                public byte[] generateRawSignature(byte[] bArr) throws IOException {
                    byte[] generateRawSignature = this.val$signerCredentials.generateRawSignature(bArr);
                    if (this.this$1.this$0.config.clientAuth == 3) {
                        generateRawSignature = this.this$1.this$0.corruptBit(generateRawSignature);
                    }
                    return generateRawSignature;
                }

                public Certificate getCertificate() {
                    Certificate certificate = this.val$signerCredentials.getCertificate();
                    if (this.this$1.this$0.config.clientAuth == 2) {
                        certificate = this.this$1.this$0.corruptCertificate(this.this$1.this$0.context.getCrypto(), certificate);
                    }
                    return certificate;
                }

                public SignatureAndHashAlgorithm getSignatureAndHashAlgorithm() {
                    return this.val$signerCredentials.getSignatureAndHashAlgorithm();
                }

                public TlsStreamSigner getStreamSigner() throws IOException {
                    return null;
                }
            };
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public TlsTestClientImpl(TlsTestConfig tlsTestConfig) {
        super(new BcTlsCrypto(new SecureRandom()));
        this.firstFatalAlertConnectionEnd = -1;
        this.firstFatalAlertDescription = (short) -1;
        this.tlsServerEndPoint = null;
        this.tlsUnique = null;
        this.config = tlsTestConfig;
    }

    int getFirstFatalAlertConnectionEnd() {
        return this.firstFatalAlertConnectionEnd;
    }

    short getFirstFatalAlertDescription() {
        return this.firstFatalAlertDescription;
    }

    public TlsCrypto getCrypto() {
        switch (this.config.clientCrypto) {
            case 1:
                return TlsTestSuite.JCA_CRYPTO;
            default:
                return TlsTestSuite.BC_CRYPTO;
        }
    }

    public Hashtable getClientExtensions() throws IOException {
        Hashtable clientExtensions = super.getClientExtensions();
        if (clientExtensions != null) {
            if (!this.config.clientSendSignatureAlgorithms) {
                clientExtensions.remove(TlsExtensionsUtils.EXT_signature_algorithms);
                this.supportedSignatureAlgorithms = null;
            }
            if (!this.config.clientSendSignatureAlgorithmsCert) {
                clientExtensions.remove(TlsExtensionsUtils.EXT_signature_algorithms_cert);
                this.supportedSignatureAlgorithmsCert = null;
            }
        }
        return clientExtensions;
    }

    public boolean isFallback() {
        return this.config.clientFallback;
    }

    public void notifyAlertRaised(short s, short s2, String str, Throwable th) {
        if (s == 2 && this.firstFatalAlertConnectionEnd == -1) {
            this.firstFatalAlertConnectionEnd = 1;
            this.firstFatalAlertDescription = s2;
        }
    }

    public void notifyAlertReceived(short s, short s2) {
        if (s == 2 && this.firstFatalAlertConnectionEnd == -1) {
            this.firstFatalAlertConnectionEnd = 0;
            this.firstFatalAlertDescription = s2;
        }
    }

    public void notifyHandshakeComplete() throws IOException {
        super.notifyHandshakeComplete();
        this.tlsServerEndPoint = this.context.exportChannelBinding(0);
        this.tlsUnique = this.context.exportChannelBinding(1);
    }

    public void notifyServerVersion(ProtocolVersion protocolVersion) throws IOException {
        super.notifyServerVersion(protocolVersion);
    }

    public TlsAuthentication getAuthentication() throws IOException {
        return new AnonymousClass1(this);
    }

    protected Certificate corruptCertificate(TlsCrypto tlsCrypto, Certificate certificate) {
        TlsCertificate[] certificateList = certificate.getCertificateList();
        try {
            certificateList[0] = corruptCertificateSignature(tlsCrypto, certificateList[0]);
            return new Certificate(certificateList);
        } catch (IOException e) {
            throw new RuntimeException(e);
        }
    }

    protected TlsCertificate corruptCertificateSignature(TlsCrypto tlsCrypto, TlsCertificate tlsCertificate) throws IOException {
        org.bouncycastle.asn1.x509.Certificate certificate = org.bouncycastle.asn1.x509.Certificate.getInstance(tlsCertificate.getEncoded());
        ASN1EncodableVector aSN1EncodableVector = new ASN1EncodableVector();
        aSN1EncodableVector.add(certificate.getTBSCertificate());
        aSN1EncodableVector.add(certificate.getSignatureAlgorithm());
        aSN1EncodableVector.add(corruptSignature(certificate.getSignature()));
        return tlsCrypto.createCertificate(org.bouncycastle.asn1.x509.Certificate.getInstance(new DERSequence(aSN1EncodableVector)).getEncoded("DER"));
    }

    protected DERBitString corruptSignature(DERBitString dERBitString) {
        return new DERBitString(corruptBit(dERBitString.getOctets()));
    }

    protected byte[] corruptBit(byte[] bArr) {
        byte[] clone = Arrays.clone(bArr);
        int nextInt = this.context.getCrypto().getSecureRandom().nextInt(clone.length << 3);
        int i = nextInt >>> 3;
        clone[i] = (byte) (clone[i] ^ (1 << (nextInt & 7)));
        return clone;
    }

    protected ProtocolVersion[] getSupportedVersions() {
        return null != this.config.clientSupportedVersions ? this.config.clientSupportedVersions : super.getSupportedVersions();
    }

    protected String hex(byte[] bArr) {
        return bArr == null ? "(null)" : Hex.toHexString(bArr);
    }
}
