package org.bouncycastle.tls.test;

import java.io.IOException;
import java.util.Hashtable;
import java.util.Vector;
import junit.framework.TestCase;
import org.bouncycastle.crypto.params.Ed25519PrivateKeyParameters;
import org.bouncycastle.crypto.util.SubjectPublicKeyInfoFactory;
import org.bouncycastle.tls.Certificate;
import org.bouncycastle.tls.CertificateEntry;
import org.bouncycastle.tls.CertificateRequest;
import org.bouncycastle.tls.DefaultTlsServer;
import org.bouncycastle.tls.ProtocolVersion;
import org.bouncycastle.tls.SignatureAndHashAlgorithm;
import org.bouncycastle.tls.TlsContext;
import org.bouncycastle.tls.TlsCredentialedSigner;
import org.bouncycastle.tls.TlsCredentials;
import org.bouncycastle.tls.TlsUtils;
import org.bouncycastle.tls.crypto.TlsCryptoParameters;
import org.bouncycastle.tls.crypto.impl.bc.BcDefaultTlsCredentialedSigner;
import org.bouncycastle.tls.crypto.impl.bc.BcTlsCrypto;
import org.bouncycastle.tls.crypto.impl.bc.BcTlsRawKeyCertificate;

/* loaded from: input_file:org/bouncycastle/tls/test/MockRawKeysTlsServer.class */
class MockRawKeysTlsServer extends DefaultTlsServer {
    private short serverCertType;
    private short clientCertType;
    private short[] allowedClientCertTypes;
    private Ed25519PrivateKeyParameters privateKey;
    private ProtocolVersion tlsVersion;
    private TlsCredentialedSigner credentials;
    Hashtable receivedClientExtensions;

    /* JADX INFO: Access modifiers changed from: package-private */
    public MockRawKeysTlsServer(short s, short s2, short[] sArr, Ed25519PrivateKeyParameters ed25519PrivateKeyParameters, ProtocolVersion protocolVersion) throws Exception {
        super(new BcTlsCrypto());
        this.serverCertType = s;
        this.clientCertType = s2;
        this.allowedClientCertTypes = sArr;
        this.privateKey = ed25519PrivateKeyParameters;
        this.tlsVersion = protocolVersion;
    }

    public TlsCredentials getCredentials() throws IOException {
        return TlsUtils.isTLSv13(this.context) ? getECDSASignerCredentials() : super.getCredentials();
    }

    protected ProtocolVersion[] getSupportedVersions() {
        return new ProtocolVersion[]{this.tlsVersion};
    }

    protected int[] getSupportedCipherSuites() {
        return TlsUtils.isTLSv13(this.tlsVersion) ? new int[]{4865} : new int[]{49195};
    }

    public void processClientExtensions(Hashtable hashtable) throws IOException {
        this.receivedClientExtensions = hashtable;
        super.processClientExtensions(hashtable);
    }

    protected TlsCredentialedSigner getECDSASignerCredentials() throws IOException {
        if (this.credentials == null) {
            BcTlsCrypto crypto = getCrypto();
            switch (this.serverCertType) {
                case 0:
                    this.credentials = TlsTestUtils.loadSignerCredentials((TlsContext) this.context, this.context.getSecurityParametersHandshake().getClientSigAlgs(), (short) 7, "x509-client-ed25519.pem", "x509-client-key-ed25519.pem");
                    break;
                case 2:
                    this.credentials = new BcDefaultTlsCredentialedSigner(new TlsCryptoParameters(this.context), crypto, this.privateKey, new Certificate((short) 2, TlsUtils.isTLSv13(this.context) ? TlsUtils.EMPTY_BYTES : null, new CertificateEntry[]{new CertificateEntry(new BcTlsRawKeyCertificate(crypto, SubjectPublicKeyInfoFactory.createSubjectPublicKeyInfo(this.privateKey.generatePublicKey())), (Hashtable) null)}), SignatureAndHashAlgorithm.ed25519);
                    break;
                default:
                    throw new IllegalArgumentException("Only supports X509 and raw keys");
            }
        }
        return this.credentials;
    }

    protected short[] getAllowedClientCertificateTypes() {
        return this.allowedClientCertTypes;
    }

    protected boolean allowCertificateStatus() {
        if (this.serverCertType == 2) {
            return false;
        }
        return super.allowCertificateStatus();
    }

    protected boolean allowMultiCertStatus() {
        if (this.serverCertType == 2) {
            return false;
        }
        return super.allowMultiCertStatus();
    }

    public CertificateRequest getCertificateRequest() throws IOException {
        if (this.clientCertType < 0) {
            return null;
        }
        short[] sArr = {64};
        Vector vector = null;
        if (TlsUtils.isSignatureAlgorithmsExtensionAllowed(this.context.getServerVersion())) {
            vector = TlsUtils.getDefaultSupportedSignatureAlgorithms(this.context);
        }
        return TlsUtils.isTLSv13(this.tlsVersion) ? new CertificateRequest(TlsUtils.EMPTY_BYTES, vector, (Vector) null, (Vector) null) : new CertificateRequest(sArr, vector, (Vector) null);
    }

    public void notifyClientCertificate(Certificate certificate) throws IOException {
        TestCase.assertEquals("client certificate is the wrong type", this.clientCertType, certificate.getCertificateType());
    }
}
