package org.bouncycastle.tls.test;

import java.io.IOException;
import java.io.InputStreamReader;
import java.io.PipedInputStream;
import java.security.GeneralSecurityException;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.Security;
import java.security.spec.PKCS8EncodedKeySpec;
import java.security.spec.RSAPrivateCrtKeySpec;
import java.util.Hashtable;
import java.util.Vector;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.TrustManagerFactory;
import org.bouncycastle.asn1.ASN1ObjectIdentifier;
import org.bouncycastle.asn1.edec.EdECObjectIdentifiers;
import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
import org.bouncycastle.asn1.pkcs.PrivateKeyInfo;
import org.bouncycastle.asn1.pkcs.RSAPrivateKey;
import org.bouncycastle.asn1.sec.ECPrivateKey;
import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
import org.bouncycastle.asn1.x509.Certificate;
import org.bouncycastle.asn1.x9.X9ObjectIdentifiers;
import org.bouncycastle.crypto.digests.SHA256Digest;
import org.bouncycastle.crypto.params.AsymmetricKeyParameter;
import org.bouncycastle.crypto.params.RSAPrivateCrtKeyParameters;
import org.bouncycastle.crypto.util.PrivateKeyFactory;
import org.bouncycastle.tls.CertificateEntry;
import org.bouncycastle.tls.ProtocolVersion;
import org.bouncycastle.tls.SignatureAndHashAlgorithm;
import org.bouncycastle.tls.TlsContext;
import org.bouncycastle.tls.TlsCredentialedAgreement;
import org.bouncycastle.tls.TlsCredentialedDecryptor;
import org.bouncycastle.tls.TlsCredentialedSigner;
import org.bouncycastle.tls.TlsFatalAlert;
import org.bouncycastle.tls.TlsUtils;
import org.bouncycastle.tls.crypto.TlsCertificate;
import org.bouncycastle.tls.crypto.TlsCrypto;
import org.bouncycastle.tls.crypto.TlsCryptoParameters;
import org.bouncycastle.tls.crypto.impl.bc.BcDefaultTlsCredentialedAgreement;
import org.bouncycastle.tls.crypto.impl.bc.BcDefaultTlsCredentialedDecryptor;
import org.bouncycastle.tls.crypto.impl.bc.BcDefaultTlsCredentialedSigner;
import org.bouncycastle.tls.crypto.impl.bc.BcTlsCrypto;
import org.bouncycastle.tls.crypto.impl.jcajce.JcaDefaultTlsCredentialedSigner;
import org.bouncycastle.tls.crypto.impl.jcajce.JcaTlsCrypto;
import org.bouncycastle.tls.crypto.impl.jcajce.JceDefaultTlsCredentialedAgreement;
import org.bouncycastle.tls.crypto.impl.jcajce.JceDefaultTlsCredentialedDecryptor;
import org.bouncycastle.util.Arrays;
import org.bouncycastle.util.encoders.Base64;
import org.bouncycastle.util.encoders.Hex;
import org.bouncycastle.util.io.pem.PemObject;
import org.bouncycastle.util.io.pem.PemReader;

/* loaded from: input_file:org/bouncycastle/tls/test/TlsTestUtils.class */
public class TlsTestUtils {
    static final byte[] rsaCertData = Base64.decode("MIICUzCCAf2gAwIBAgIBATANBgkqhkiG9w0BAQQFADCBjzELMAkGA1UEBhMCQVUxKDAmBgNVBAoMH1RoZSBMZWdpb24gb2YgdGhlIEJvdW5jeSBDYXN0bGUxEjAQBgNVBAcMCU1lbGJvdXJuZTERMA8GA1UECAwIVmljdG9yaWExLzAtBgkqhkiG9w0BCQEWIGZlZWRiYWNrLWNyeXB0b0Bib3VuY3ljYXN0bGUub3JnMB4XDTEzMDIyNTA2MDIwNVoXDTEzMDIyNTA2MDM0NVowgY8xCzAJBgNVBAYTAkFVMSgwJgYDVQQKDB9UaGUgTGVnaW9uIG9mIHRoZSBCb3VuY3kgQ2FzdGxlMRIwEAYDVQQHDAlNZWxib3VybmUxETAPBgNVBAgMCFZpY3RvcmlhMS8wLQYJKoZIhvcNAQkBFiBmZWVkYmFjay1jcnlwdG9AYm91bmN5Y2FzdGxlLm9yZzBaMA0GCSqGSIb3DQEBAQUAA0kAMEYCQQC0p+RhcFdPFqlwgrIr5YtqKmKXmEGb4ShypL26Ymz66ZAPdqv7EhOdzl3lZWT6srZUMWWgQMYGiHQg4z2R7X7XAgERo0QwQjAOBgNVHQ8BAf8EBAMCBSAwEgYDVR0lAQH/BAgwBgYEVR0lADAcBgNVHREBAf8EEjAQgQ50ZXN0QHRlc3QudGVzdDANBgkqhkiG9w0BAQQFAANBAHU55NczeglREcTg54YLUlGWu2WOYWhit/iM1eeq8Kivro7q98eW52jTuMI3CI5ulqd0hYzshQKQaZ5GDzErMyM=");
    static final byte[] dudRsaCertData = Base64.decode("MIICUzCCAf2gAwIBAgIBATANBgkqhkiG9w0BAQQFADCBjzELMAkGA1UEBhMCQVUxKDAmBgNVBAoMH1RoZSBMZWdpb24gb2YgdGhlIEJvdW5jeSBDYXN0bGUxEjAQBgNVBAcMCU1lbGJvdXJuZTERMA8GA1UECAwIVmljdG9yaWExLzAtBgkqhkiG9w0BCQEWIGZlZWRiYWNrLWNyeXB0b0Bib3VuY3ljYXN0bGUub3JnMB4XDTEzMDIyNTA1NDcyOFoXDTEzMDIyNTA1NDkwOFowgY8xCzAJBgNVBAYTAkFVMSgwJgYDVQQKDB9UaGUgTGVnaW9uIG9mIHRoZSBCb3VuY3kgQ2FzdGxlMRIwEAYDVQQHDAlNZWxib3VybmUxETAPBgNVBAgMCFZpY3RvcmlhMS8wLQYJKoZIhvcNAQkBFiBmZWVkYmFjay1jcnlwdG9AYm91bmN5Y2FzdGxlLm9yZzBaMA0GCSqGSIb3DQEBAQUAA0kAMEYCQQC0p+RhcFdPFqlwgrIr5YtqKmKXmEGb4ShypL26Ymz66ZAPdqv7EhOdzl3lZWT6srZUMWWgQMYGiHQg4z2R7X7XAgERo0QwQjAOBgNVHQ8BAf8EBAMCAAEwEgYDVR0lAQH/BAgwBgYEVR0lADAcBgNVHREBAf8EEjAQgQ50ZXN0QHRlc3QudGVzdDANBgkqhkiG9w0BAQQFAANBAJg55PBSweg6obRUKF4FF6fCrWFi6oCYSQ99LWcAeupc5BofW5MstFMhCOaEucuGVqunwT5G7/DweazzCIrSzB0=");
    static Class class$org$bouncycastle$tls$test$TlsTestUtils;

    /* loaded from: input_file:org/bouncycastle/tls/test/TlsTestUtils$BigPipedInputStream.class */
    private static class BigPipedInputStream extends PipedInputStream {
        BigPipedInputStream(int i) {
            this.buffer = new byte[i];
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static String fingerprint(Certificate certificate) throws IOException {
        String upperCase = new String(Hex.encode(sha256DigestOf(certificate.getEncoded())), "ASCII").toUpperCase();
        StringBuffer stringBuffer = new StringBuffer();
        int i = 0;
        stringBuffer.append(upperCase.substring(0, 0 + 2));
        while (true) {
            i += 2;
            if (i >= upperCase.length()) {
                return stringBuffer.toString();
            }
            stringBuffer.append(':');
            stringBuffer.append(upperCase.substring(i, i + 2));
        }
    }

    static byte[] sha256DigestOf(byte[] bArr) {
        SHA256Digest sHA256Digest = new SHA256Digest();
        sHA256Digest.update(bArr, 0, bArr.length);
        byte[] bArr2 = new byte[sHA256Digest.getDigestSize()];
        sHA256Digest.doFinal(bArr2, 0);
        return bArr2;
    }

    static String getCACertResource(short s) throws IOException {
        return new StringBuffer().append("x509-ca-").append(getResourceName(s)).append(".pem").toString();
    }

    static String getCACertResource(String str) throws IOException {
        if (str.startsWith("x509-client-")) {
            str = str.substring("x509-client-".length());
        }
        if (str.startsWith("x509-server-")) {
            str = str.substring("x509-server-".length());
        }
        if (str.endsWith(".pem")) {
            str = str.substring(0, str.length() - ".pem".length());
        }
        if ("dsa".equalsIgnoreCase(str)) {
            return getCACertResource((short) 2);
        }
        if ("ecdh".equalsIgnoreCase(str) || "ecdsa".equalsIgnoreCase(str)) {
            return getCACertResource((short) 3);
        }
        if ("ed25519".equalsIgnoreCase(str)) {
            return getCACertResource((short) 7);
        }
        if ("ed448".equalsIgnoreCase(str)) {
            return getCACertResource((short) 8);
        }
        if ("rsa".equalsIgnoreCase(str) || "rsa-enc".equalsIgnoreCase(str) || "rsa-sign".equalsIgnoreCase(str)) {
            return getCACertResource((short) 1);
        }
        if ("rsa_pss_256".equalsIgnoreCase(str)) {
            return getCACertResource((short) 9);
        }
        if ("rsa_pss_384".equalsIgnoreCase(str)) {
            return getCACertResource((short) 10);
        }
        if ("rsa_pss_512".equalsIgnoreCase(str)) {
            return getCACertResource((short) 11);
        }
        throw new TlsFatalAlert((short) 80);
    }

    static String getResourceName(short s) throws IOException {
        switch (s) {
            case 1:
            case 4:
            case 5:
            case 6:
                return "rsa";
            case 2:
                return "dsa";
            case TlsTestConfig.CLIENT_AUTH_INVALID_VERIFY /* 3 */:
                return "ecdsa";
            case 7:
                return "ed25519";
            case 8:
                return "ed448";
            case 9:
                return "rsa_pss_256";
            case 10:
                return "rsa_pss_384";
            case 11:
                return "rsa_pss_512";
            default:
                throw new TlsFatalAlert((short) 80);
        }
    }

    static TlsCredentialedAgreement loadAgreementCredentials(TlsContext tlsContext, String[] strArr, String str) throws IOException {
        BcTlsCrypto crypto = tlsContext.getCrypto();
        org.bouncycastle.tls.Certificate loadCertificateChain = loadCertificateChain(tlsContext, strArr);
        if (crypto instanceof BcTlsCrypto) {
            return new BcDefaultTlsCredentialedAgreement(crypto, loadCertificateChain, loadBcPrivateKeyResource(str));
        }
        JcaTlsCrypto jcaTlsCrypto = (JcaTlsCrypto) crypto;
        return new JceDefaultTlsCredentialedAgreement(jcaTlsCrypto, loadCertificateChain, loadJcaPrivateKeyResource(jcaTlsCrypto, str));
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static TlsCredentialedDecryptor loadEncryptionCredentials(TlsContext tlsContext, String[] strArr, String str) throws IOException {
        BcTlsCrypto crypto = tlsContext.getCrypto();
        org.bouncycastle.tls.Certificate loadCertificateChain = loadCertificateChain(tlsContext, strArr);
        if (crypto instanceof BcTlsCrypto) {
            return new BcDefaultTlsCredentialedDecryptor(crypto, loadCertificateChain, loadBcPrivateKeyResource(str));
        }
        JcaTlsCrypto jcaTlsCrypto = (JcaTlsCrypto) crypto;
        return new JceDefaultTlsCredentialedDecryptor(jcaTlsCrypto, loadCertificateChain, loadJcaPrivateKeyResource(jcaTlsCrypto, str));
    }

    public static TlsCredentialedSigner loadSignerCredentials(TlsCryptoParameters tlsCryptoParameters, TlsCrypto tlsCrypto, String[] strArr, String str, SignatureAndHashAlgorithm signatureAndHashAlgorithm) throws IOException {
        org.bouncycastle.tls.Certificate loadCertificateChain = loadCertificateChain(tlsCryptoParameters.getServerVersion(), tlsCrypto, strArr);
        if (tlsCrypto instanceof BcTlsCrypto) {
            return new BcDefaultTlsCredentialedSigner(tlsCryptoParameters, (BcTlsCrypto) tlsCrypto, loadBcPrivateKeyResource(str), loadCertificateChain, signatureAndHashAlgorithm);
        }
        JcaTlsCrypto jcaTlsCrypto = (JcaTlsCrypto) tlsCrypto;
        return new JcaDefaultTlsCredentialedSigner(tlsCryptoParameters, jcaTlsCrypto, loadJcaPrivateKeyResource(jcaTlsCrypto, str), loadCertificateChain, signatureAndHashAlgorithm);
    }

    static TlsCredentialedSigner loadSignerCredentials(TlsContext tlsContext, String[] strArr, String str, SignatureAndHashAlgorithm signatureAndHashAlgorithm) throws IOException {
        return loadSignerCredentials(new TlsCryptoParameters(tlsContext), tlsContext.getCrypto(), strArr, str, signatureAndHashAlgorithm);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static TlsCredentialedSigner loadSignerCredentials(TlsContext tlsContext, Vector vector, short s, String str, String str2) throws IOException {
        SignatureAndHashAlgorithm signatureAndHashAlgorithm = null;
        if (vector == null) {
            vector = TlsUtils.getDefaultSignatureAlgorithms(s);
        }
        int i = 0;
        while (true) {
            if (i >= vector.size()) {
                break;
            }
            SignatureAndHashAlgorithm signatureAndHashAlgorithm2 = (SignatureAndHashAlgorithm) vector.elementAt(i);
            if (signatureAndHashAlgorithm2.getSignature() == s) {
                signatureAndHashAlgorithm = signatureAndHashAlgorithm2;
                break;
            }
            i++;
        }
        if (signatureAndHashAlgorithm == null) {
            return null;
        }
        return loadSignerCredentials(tlsContext, new String[]{str}, str2, signatureAndHashAlgorithm);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static TlsCredentialedSigner loadSignerCredentialsServer(TlsContext tlsContext, Vector vector, short s) throws IOException {
        String resourceName = getResourceName(s);
        switch (s) {
            case 1:
            case 4:
            case 5:
            case 6:
                resourceName = new StringBuffer().append(resourceName).append("-sign").toString();
                break;
        }
        return loadSignerCredentials(tlsContext, vector, s, new StringBuffer().append("x509-server-").append(resourceName).append(".pem").toString(), new StringBuffer().append("x509-server-key-").append(resourceName).append(".pem").toString());
    }

    static org.bouncycastle.tls.Certificate loadCertificateChain(ProtocolVersion protocolVersion, TlsCrypto tlsCrypto, String[] strArr) throws IOException {
        if (!TlsUtils.isTLSv13(protocolVersion)) {
            TlsCertificate[] tlsCertificateArr = new TlsCertificate[strArr.length];
            for (int i = 0; i < strArr.length; i++) {
                tlsCertificateArr[i] = loadCertificateResource(tlsCrypto, strArr[i]);
            }
            return new org.bouncycastle.tls.Certificate(tlsCertificateArr);
        }
        CertificateEntry[] certificateEntryArr = new CertificateEntry[strArr.length];
        for (int i2 = 0; i2 < strArr.length; i2++) {
            certificateEntryArr[i2] = new CertificateEntry(loadCertificateResource(tlsCrypto, strArr[i2]), (Hashtable) null);
        }
        return new org.bouncycastle.tls.Certificate(TlsUtils.EMPTY_BYTES, certificateEntryArr);
    }

    static org.bouncycastle.tls.Certificate loadCertificateChain(TlsContext tlsContext, String[] strArr) throws IOException {
        return loadCertificateChain(tlsContext.getServerVersion(), tlsContext.getCrypto(), strArr);
    }

    static Certificate loadBcCertificateResource(String str) throws IOException {
        PemObject loadPemResource = loadPemResource(str);
        if (loadPemResource.getType().endsWith("CERTIFICATE")) {
            return Certificate.getInstance(loadPemResource.getContent());
        }
        throw new IllegalArgumentException("'resource' doesn't specify a valid certificate");
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static TlsCertificate loadCertificateResource(TlsCrypto tlsCrypto, String str) throws IOException {
        PemObject loadPemResource = loadPemResource(str);
        if (loadPemResource.getType().endsWith("CERTIFICATE")) {
            return tlsCrypto.createCertificate(loadPemResource.getContent());
        }
        throw new IllegalArgumentException("'resource' doesn't specify a valid certificate");
    }

    static AsymmetricKeyParameter loadBcPrivateKeyResource(String str) throws IOException {
        PemObject loadPemResource = loadPemResource(str);
        if (loadPemResource.getType().equals("PRIVATE KEY")) {
            return PrivateKeyFactory.createKey(loadPemResource.getContent());
        }
        if (loadPemResource.getType().equals("ENCRYPTED PRIVATE KEY")) {
            throw new UnsupportedOperationException("Encrypted PKCS#8 keys not supported");
        }
        if (loadPemResource.getType().equals("RSA PRIVATE KEY")) {
            RSAPrivateKey rSAPrivateKey = RSAPrivateKey.getInstance(loadPemResource.getContent());
            return new RSAPrivateCrtKeyParameters(rSAPrivateKey.getModulus(), rSAPrivateKey.getPublicExponent(), rSAPrivateKey.getPrivateExponent(), rSAPrivateKey.getPrime1(), rSAPrivateKey.getPrime2(), rSAPrivateKey.getExponent1(), rSAPrivateKey.getExponent2(), rSAPrivateKey.getCoefficient());
        }
        if (!loadPemResource.getType().equals("EC PRIVATE KEY")) {
            throw new IllegalArgumentException("'resource' doesn't specify a valid private key");
        }
        ECPrivateKey eCPrivateKey = ECPrivateKey.getInstance(loadPemResource.getContent());
        return PrivateKeyFactory.createKey(new PrivateKeyInfo(new AlgorithmIdentifier(X9ObjectIdentifiers.id_ecPublicKey, eCPrivateKey.getParameters()), eCPrivateKey));
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static PrivateKey loadJcaPrivateKeyResource(JcaTlsCrypto jcaTlsCrypto, String str) throws IOException {
        PemObject loadPemResource;
        GeneralSecurityException generalSecurityException = null;
        try {
            loadPemResource = loadPemResource(str);
        } catch (GeneralSecurityException e) {
            generalSecurityException = e;
        }
        if (loadPemResource.getType().equals("PRIVATE KEY")) {
            return loadJcaPkcs8PrivateKey(jcaTlsCrypto, loadPemResource.getContent());
        }
        if (loadPemResource.getType().equals("ENCRYPTED PRIVATE KEY")) {
            throw new UnsupportedOperationException("Encrypted PKCS#8 keys not supported");
        }
        if (loadPemResource.getType().equals("RSA PRIVATE KEY")) {
            RSAPrivateKey rSAPrivateKey = RSAPrivateKey.getInstance(loadPemResource.getContent());
            return jcaTlsCrypto.getHelper().createKeyFactory("RSA").generatePrivate(new RSAPrivateCrtKeySpec(rSAPrivateKey.getModulus(), rSAPrivateKey.getPublicExponent(), rSAPrivateKey.getPrivateExponent(), rSAPrivateKey.getPrime1(), rSAPrivateKey.getPrime2(), rSAPrivateKey.getExponent1(), rSAPrivateKey.getExponent2(), rSAPrivateKey.getCoefficient()));
        }
        throw new IllegalArgumentException(new StringBuffer().append("'resource' doesn't specify a valid private key: ").append(generalSecurityException).toString());
    }

    static PrivateKey loadJcaPkcs8PrivateKey(JcaTlsCrypto jcaTlsCrypto, byte[] bArr) throws GeneralSecurityException {
        ASN1ObjectIdentifier algorithm = PrivateKeyInfo.getInstance(bArr).getPrivateKeyAlgorithm().getAlgorithm();
        return jcaTlsCrypto.getHelper().createKeyFactory(X9ObjectIdentifiers.id_dsa.equals(algorithm) ? "DSA" : X9ObjectIdentifiers.id_ecPublicKey.equals(algorithm) ? "EC" : (PKCSObjectIdentifiers.rsaEncryption.equals(algorithm) || PKCSObjectIdentifiers.id_RSASSA_PSS.equals(algorithm)) ? "RSA" : EdECObjectIdentifiers.id_Ed25519.equals(algorithm) ? "Ed25519" : EdECObjectIdentifiers.id_Ed448.equals(algorithm) ? "Ed448" : algorithm.getId()).generatePrivate(new PKCS8EncodedKeySpec(bArr));
    }

    static PemObject loadPemResource(String str) throws IOException {
        Class cls;
        if (class$org$bouncycastle$tls$test$TlsTestUtils == null) {
            cls = class$("org.bouncycastle.tls.test.TlsTestUtils");
            class$org$bouncycastle$tls$test$TlsTestUtils = cls;
        } else {
            cls = class$org$bouncycastle$tls$test$TlsTestUtils;
        }
        PemReader pemReader = new PemReader(new InputStreamReader(cls.getResourceAsStream(str)));
        PemObject readPemObject = pemReader.readPemObject();
        pemReader.close();
        return readPemObject;
    }

    static boolean areSameCertificate(TlsCrypto tlsCrypto, TlsCertificate tlsCertificate, String str) throws IOException {
        return areSameCertificate(tlsCertificate, loadCertificateResource(tlsCrypto, str));
    }

    static boolean areSameCertificate(TlsCertificate tlsCertificate, TlsCertificate tlsCertificate2) throws IOException {
        return Arrays.areEqual(tlsCertificate.getEncoded(), tlsCertificate2.getEncoded());
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static TlsCertificate[] getTrustedCertPath(TlsCrypto tlsCrypto, TlsCertificate tlsCertificate, String[] strArr) throws IOException {
        TlsCertificate loadCertificateResource;
        for (String str : strArr) {
            TlsCertificate loadCertificateResource2 = loadCertificateResource(tlsCrypto, str);
            if (areSameCertificate(tlsCertificate, loadCertificateResource2) && null != (loadCertificateResource = loadCertificateResource(tlsCrypto, getCACertResource(str)))) {
                return new TlsCertificate[]{loadCertificateResource2, loadCertificateResource};
            }
        }
        return null;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static TrustManagerFactory getSunX509TrustManagerFactory() throws NoSuchAlgorithmException {
        return Security.getProvider("IBMJSSE2") != null ? TrustManagerFactory.getInstance("IBMX509") : TrustManagerFactory.getInstance("SunX509");
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static KeyManagerFactory getSunX509KeyManagerFactory() throws NoSuchAlgorithmException {
        return Security.getProvider("IBMJSSE2") != null ? KeyManagerFactory.getInstance("IBMX509") : KeyManagerFactory.getInstance("SunX509");
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static PipedInputStream createPipedInputStream() {
        return new BigPipedInputStream(16384);
    }

    static Class class$(String str) {
        try {
            return Class.forName(str);
        } catch (ClassNotFoundException e) {
            throw new NoClassDefFoundError().initCause(e);
        }
    }
}
