package org.bouncycastle.tls.test;

import java.io.IOException;
import java.security.SecureRandom;
import java.util.Hashtable;
import java.util.Vector;
import junit.framework.TestCase;
import org.bouncycastle.crypto.params.Ed25519PrivateKeyParameters;
import org.bouncycastle.crypto.util.SubjectPublicKeyInfoFactory;
import org.bouncycastle.tls.Certificate;
import org.bouncycastle.tls.CertificateEntry;
import org.bouncycastle.tls.CertificateRequest;
import org.bouncycastle.tls.CertificateStatusRequest;
import org.bouncycastle.tls.DefaultTlsClient;
import org.bouncycastle.tls.ProtocolVersion;
import org.bouncycastle.tls.SignatureAndHashAlgorithm;
import org.bouncycastle.tls.TlsAuthentication;
import org.bouncycastle.tls.TlsContext;
import org.bouncycastle.tls.TlsCredentialedSigner;
import org.bouncycastle.tls.TlsCredentials;
import org.bouncycastle.tls.TlsServerCertificate;
import org.bouncycastle.tls.TlsUtils;
import org.bouncycastle.tls.crypto.TlsCryptoParameters;
import org.bouncycastle.tls.crypto.impl.bc.BcDefaultTlsCredentialedSigner;
import org.bouncycastle.tls.crypto.impl.bc.BcTlsCrypto;
import org.bouncycastle.tls.crypto.impl.bc.BcTlsRawKeyCertificate;

/* loaded from: input_file:org/bouncycastle/tls/test/MockRawKeysTlsClient.class */
class MockRawKeysTlsClient extends DefaultTlsClient {
    private short serverCertType;
    private short clientCertType;
    private short[] offerServerCertTypes;
    private short[] offerClientCertTypes;
    private Ed25519PrivateKeyParameters privateKey;
    private ProtocolVersion tlsVersion;
    private TlsCredentialedSigner credentials;

    /* JADX INFO: Access modifiers changed from: package-private */
    public MockRawKeysTlsClient(short s, short s2, short[] sArr, short[] sArr2, Ed25519PrivateKeyParameters ed25519PrivateKeyParameters, ProtocolVersion protocolVersion) throws Exception {
        super(new BcTlsCrypto(new SecureRandom()));
        this.serverCertType = s;
        this.clientCertType = s2;
        this.offerServerCertTypes = sArr;
        this.offerClientCertTypes = sArr2;
        this.privateKey = ed25519PrivateKeyParameters;
        this.tlsVersion = protocolVersion;
    }

    protected ProtocolVersion[] getSupportedVersions() {
        return new ProtocolVersion[]{this.tlsVersion};
    }

    protected int[] getSupportedCipherSuites() {
        return TlsUtils.isTLSv13(this.tlsVersion) ? new int[]{4865} : new int[]{49195};
    }

    protected short[] getAllowedClientCertificateTypes() {
        return this.offerClientCertTypes;
    }

    protected short[] getAllowedServerCertificateTypes() {
        return this.offerServerCertTypes;
    }

    protected CertificateStatusRequest getCertificateStatusRequest() {
        if (this.serverCertType == 2) {
            return null;
        }
        return super.getCertificateStatusRequest();
    }

    protected Vector getMultiCertStatusRequest() {
        if (this.serverCertType == 2) {
            return null;
        }
        return super.getMultiCertStatusRequest();
    }

    public TlsAuthentication getAuthentication() throws IOException {
        return new TlsAuthentication() { // from class: org.bouncycastle.tls.test.MockRawKeysTlsClient.1
            public void notifyServerCertificate(TlsServerCertificate tlsServerCertificate) throws IOException {
                TestCase.assertEquals("wrong certificate type from server", MockRawKeysTlsClient.this.serverCertType, tlsServerCertificate.getCertificate().getCertificateType());
            }

            public TlsCredentials getClientCredentials(CertificateRequest certificateRequest) throws IOException {
                if (MockRawKeysTlsClient.this.clientCertType < 0) {
                    TestCase.fail("should not have received a certificate request");
                }
                TestCase.assertEquals("wrong certificate type in request", MockRawKeysTlsClient.this.clientCertType, MockRawKeysTlsClient.this.context.getSecurityParametersHandshake().getClientCertificateType());
                if (MockRawKeysTlsClient.this.credentials == null) {
                    switch (MockRawKeysTlsClient.this.clientCertType) {
                        case 0:
                            MockRawKeysTlsClient.this.credentials = TlsTestUtils.loadSignerCredentials((TlsContext) MockRawKeysTlsClient.this.context, certificateRequest.getSupportedSignatureAlgorithms(), (short) 7, "x509-client-ed25519.pem", "x509-client-key-ed25519.pem");
                            break;
                        case 2:
                            MockRawKeysTlsClient.this.credentials = new BcDefaultTlsCredentialedSigner(new TlsCryptoParameters(MockRawKeysTlsClient.this.context), MockRawKeysTlsClient.this.getCrypto(), MockRawKeysTlsClient.this.privateKey, new Certificate((short) 2, TlsUtils.isTLSv13(MockRawKeysTlsClient.this.context) ? TlsUtils.EMPTY_BYTES : null, new CertificateEntry[]{new CertificateEntry(new BcTlsRawKeyCertificate(MockRawKeysTlsClient.this.getCrypto(), SubjectPublicKeyInfoFactory.createSubjectPublicKeyInfo(MockRawKeysTlsClient.this.privateKey.generatePublicKey())), (Hashtable) null)}), SignatureAndHashAlgorithm.ed25519);
                            break;
                        default:
                            throw new IllegalArgumentException("Only supports X509 and raw keys");
                    }
                }
                return MockRawKeysTlsClient.this.credentials;
            }
        };
    }
}
