package cn.com.suresec.jsse.provider;

import cn.com.suresec.asn1.x500.X500Name;
import cn.com.suresec.jsse.BCSNIHostName;
import cn.com.suresec.jsse.BCSNIServerName;
import cn.com.suresec.tls.Certificate;
import cn.com.suresec.tls.CertificateRequest;
import cn.com.suresec.tls.CertificateStatusRequest;
import cn.com.suresec.tls.DefaultTlsClient;
import cn.com.suresec.tls.ProtocolVersion;
import cn.com.suresec.tls.SecurityParameters;
import cn.com.suresec.tls.ServerName;
import cn.com.suresec.tls.TlsAuthentication;
import cn.com.suresec.tls.TlsCredentials;
import cn.com.suresec.tls.TlsDHGroupVerifier;
import cn.com.suresec.tls.TlsFatalAlert;
import cn.com.suresec.tls.TlsServerCertificate;
import cn.com.suresec.tls.TlsSession;
import cn.com.suresec.tls.TlsUtils;
import cn.com.suresec.tls.crypto.TlsCrypto;
import cn.com.suresec.tls.crypto.TlsCryptoParameters;
import cn.com.suresec.tls.crypto.impl.jcajce.JcaDefaultTlsCredentialedSigner;
import cn.com.suresec.tls.crypto.impl.jcajce.JcaTlsCrypto;
import cn.com.suresec.util.Arrays;
import cn.com.suresec.util.IPAddress;
import cn.com.suresec.util.encoders.Hex;
import java.io.IOException;
import java.security.Principal;
import java.security.PrivateKey;
import java.util.Collections;
import java.util.List;
import java.util.Set;
import java.util.Vector;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.net.ssl.X509ExtendedKeyManager;
import javax.security.auth.x500.X500Principal;

/* JADX INFO: Access modifiers changed from: package-private */
/* compiled from: ProvTlsClient.java */
/* loaded from: classes.dex */
public class ap extends DefaultTlsClient implements as {
    private static final Logger e = Logger.getLogger(ap.class.getName());
    private static final boolean f = x.a("jsse.enableSNIExtension", true);

    /* renamed from: a, reason: collision with root package name */
    protected final ar f1125a;

    /* renamed from: b, reason: collision with root package name */
    protected final ad f1126b;

    /* renamed from: c, reason: collision with root package name */
    protected ag f1127c;
    protected boolean d;

    /* JADX INFO: Access modifiers changed from: package-private */
    public ap(ar arVar, ad adVar) {
        super(arVar.b().a());
        this.f1127c = null;
        this.d = false;
        this.f1125a = arVar;
        this.f1126b = adVar;
    }

    @Override // cn.com.suresec.jsse.provider.as
    public synchronized boolean a() {
        return this.d;
    }

    protected boolean a(ag agVar) {
        s c2 = agVar.c();
        String h = this.f1126b.h();
        if (h == null) {
            return true;
        }
        String a2 = c2.a();
        if (h.equalsIgnoreCase(a2)) {
            return true;
        }
        e.finest("Session not resumed - endpoint ID algorithm mismatch; requested: " + h + ", session: " + a2);
        return false;
    }

    @Override // cn.com.suresec.tls.TlsClient
    public TlsAuthentication getAuthentication() throws IOException {
        return new TlsAuthentication() { // from class: cn.com.suresec.jsse.provider.ap.1
            @Override // cn.com.suresec.tls.TlsAuthentication
            public TlsCredentials getClientCredentials(CertificateRequest certificateRequest) throws IOException {
                Principal[] principalArr;
                int keyExchangeAlgorithm = TlsUtils.getKeyExchangeAlgorithm(ap.this.context.getSecurityParametersHandshake().getCipherSuite());
                if (keyExchangeAlgorithm != 1 && keyExchangeAlgorithm != 3 && keyExchangeAlgorithm != 5 && keyExchangeAlgorithm != 17 && keyExchangeAlgorithm != 19) {
                    throw new TlsFatalAlert((short) 80);
                }
                short[] certificateTypes = certificateRequest.getCertificateTypes();
                if (certificateTypes == null || certificateTypes.length == 0) {
                    return null;
                }
                String[] strArr = new String[certificateTypes.length];
                for (int i = 0; i < certificateTypes.length; i++) {
                    strArr[i] = t.b(certificateTypes[i]);
                }
                Vector certificateAuthorities = certificateRequest.getCertificateAuthorities();
                if (certificateAuthorities == null || certificateAuthorities.size() <= 0) {
                    principalArr = null;
                } else {
                    Set<X500Principal> a2 = t.a((X500Name[]) certificateAuthorities.toArray(new X500Name[certificateAuthorities.size()]));
                    principalArr = (Principal[]) a2.toArray(new Principal[a2.size()]);
                }
                String a3 = ap.this.f1125a.a(strArr, principalArr);
                if (a3 == null) {
                    return null;
                }
                TlsCrypto crypto = ap.this.getCrypto();
                if (!(crypto instanceof JcaTlsCrypto)) {
                    throw new UnsupportedOperationException();
                }
                X509ExtendedKeyManager d = ap.this.f1125a.b().d();
                PrivateKey privateKey = d.getPrivateKey(a3);
                Certificate a4 = t.a(crypto, d.getCertificateChain(a3));
                if (privateKey == null || a4.isEmpty()) {
                    return null;
                }
                if (keyExchangeAlgorithm != 1 && keyExchangeAlgorithm != 3 && keyExchangeAlgorithm != 5 && keyExchangeAlgorithm != 17 && keyExchangeAlgorithm != 19) {
                    throw new TlsFatalAlert((short) 80);
                }
                return new JcaDefaultTlsCredentialedSigner(new TlsCryptoParameters(ap.this.context), (JcaTlsCrypto) crypto, privateKey, a4, TlsUtils.chooseSignatureAndHashAlgorithm(ap.this.context, ap.this.context.getSecurityParametersHandshake().getClientSigAlgs(), a4.getCertificateAt(0).getLegacySignatureAlgorithm()));
            }

            @Override // cn.com.suresec.tls.TlsAuthentication
            public void notifyServerCertificate(TlsServerCertificate tlsServerCertificate) throws IOException {
                if (tlsServerCertificate == null || tlsServerCertificate.getCertificate() == null || tlsServerCertificate.getCertificate().isEmpty()) {
                    throw new TlsFatalAlert((short) 40);
                }
                ap.this.f1125a.b(t.a(ap.this.f1125a.b().a(), tlsServerCertificate.getCertificate()), t.a(TlsUtils.getKeyExchangeAlgorithm(ap.this.context.getSecurityParametersHandshake().getCipherSuite())));
            }
        };
    }

    @Override // cn.com.suresec.tls.AbstractTlsClient
    protected CertificateStatusRequest getCertificateStatusRequest() {
        return null;
    }

    @Override // cn.com.suresec.tls.AbstractTlsClient, cn.com.suresec.tls.TlsClient
    public TlsDHGroupVerifier getDHGroupVerifier() {
        return new y();
    }

    @Override // cn.com.suresec.tls.AbstractTlsClient
    protected Vector getProtocolNames() {
        return t.a(this.f1126b.l());
    }

    @Override // cn.com.suresec.tls.AbstractTlsClient
    protected Vector getSNIServerNames() {
        String c2;
        if (!f) {
            return null;
        }
        List<BCSNIServerName> j = this.f1126b.j();
        if (j == null && (c2 = this.f1125a.c()) != null && c2.indexOf(46) > 0 && !IPAddress.isValid(c2)) {
            try {
                j = Collections.singletonList(new BCSNIHostName(c2));
            } catch (RuntimeException unused) {
                e.fine("Failed to add peer host as default SNI host_name: " + c2);
            }
        }
        if (j == null || j.isEmpty()) {
            return null;
        }
        Vector vector = new Vector(j.size());
        for (BCSNIServerName bCSNIServerName : j) {
            vector.addElement(new ServerName((short) bCSNIServerName.getType(), bCSNIServerName.getEncoded()));
        }
        return vector;
    }

    @Override // cn.com.suresec.tls.AbstractTlsClient, cn.com.suresec.tls.TlsClient
    public TlsSession getSessionToResume() {
        TlsSession g;
        ag a2 = this.f1125a.b().b().a(this.f1125a.getPeerHost(), this.f1125a.getPeerPort());
        if (a2 != null && (g = a2.g()) != null && a(a2)) {
            this.f1127c = a2;
            return g;
        }
        if (this.f1125a.getEnableSessionCreation()) {
            return null;
        }
        throw new IllegalStateException("No resumable sessions and session creation is disabled");
    }

    @Override // cn.com.suresec.tls.DefaultTlsClient, cn.com.suresec.tls.AbstractTlsClient
    protected int[] getSupportedCipherSuites() {
        return TlsUtils.getSupportedCipherSuites(this.f1125a.b().a(), this.f1125a.a().a(this.f1126b.b()));
    }

    @Override // cn.com.suresec.tls.AbstractTlsClient
    protected Vector getSupportedGroups(Vector vector) {
        return bf.a(getCrypto(), this.f1125a.a().j(), vector);
    }

    @Override // cn.com.suresec.tls.AbstractTlsClient
    protected Vector getSupportedSignatureAlgorithms() {
        return t.a(getCrypto());
    }

    @Override // cn.com.suresec.tls.AbstractTlsPeer, cn.com.suresec.tls.TlsPeer
    public ProtocolVersion[] getSupportedVersions() {
        return this.f1125a.a().b(this.f1126b.c());
    }

    @Override // cn.com.suresec.tls.AbstractTlsPeer, cn.com.suresec.tls.TlsPeer
    public void notifyAlertRaised(short s, short s2, String str, Throwable th) {
        super.notifyAlertRaised(s, s2, str, th);
        Level level = s == 1 ? Level.FINE : s2 == 80 ? Level.WARNING : Level.INFO;
        if (e.isLoggable(level)) {
            String a2 = t.a("Client raised", s, s2);
            if (str != null) {
                a2 = String.valueOf(a2) + ": " + str;
            }
            e.log(level, a2, th);
        }
    }

    @Override // cn.com.suresec.tls.AbstractTlsPeer, cn.com.suresec.tls.TlsPeer
    public void notifyAlertReceived(short s, short s2) {
        super.notifyAlertReceived(s, s2);
        Level level = s == 1 ? Level.FINE : Level.INFO;
        if (e.isLoggable(level)) {
            e.log(level, t.a("Client received", s, s2));
        }
    }

    @Override // cn.com.suresec.tls.AbstractTlsPeer, cn.com.suresec.tls.TlsPeer
    public synchronized void notifyHandshakeComplete() throws IOException {
        super.notifyHandshakeComplete();
        this.d = true;
        TlsSession session = this.context.getSession();
        if (this.f1127c == null || this.f1127c.g() != session) {
            this.f1127c = this.f1125a.b().b().a(this.f1125a.getPeerHost(), this.f1125a.getPeerPort(), session, new s(this.f1126b.h()));
        }
        this.f1125a.a(new aa(this.context, this.f1127c));
    }

    @Override // cn.com.suresec.tls.AbstractTlsPeer, cn.com.suresec.tls.TlsPeer
    public void notifySecureRenegotiation(boolean z) throws IOException {
        if (!z && !x.a("sun.security.ssl.allowLegacyHelloMessages", true)) {
            throw new TlsFatalAlert((short) 40);
        }
    }

    @Override // cn.com.suresec.tls.AbstractTlsClient, cn.com.suresec.tls.TlsClient
    public void notifySelectedCipherSuite(int i) {
        this.f1125a.a().b(i);
        e.fine("Client notified of selected cipher suite: " + this.f1125a.a().a(i));
        super.notifySelectedCipherSuite(i);
    }

    @Override // cn.com.suresec.tls.AbstractTlsClient, cn.com.suresec.tls.TlsClient
    public void notifyServerVersion(ProtocolVersion protocolVersion) throws IOException {
        String a2 = this.f1125a.a().a(protocolVersion);
        e.fine("Client notified of selected protocol version: " + a2);
        super.notifyServerVersion(protocolVersion);
    }

    @Override // cn.com.suresec.tls.AbstractTlsClient, cn.com.suresec.tls.TlsClient
    public void notifySessionID(byte[] bArr) {
        boolean z = bArr != null && bArr.length > 0 && this.f1127c != null && Arrays.areEqual(bArr, this.f1127c.getId());
        if (z) {
            e.fine("Server resumed session: " + Hex.toHexString(bArr));
        } else {
            if (bArr == null || bArr.length < 1) {
                e.fine("Server did not specify a session ID");
            } else {
                e.fine("Server specified new session: " + Hex.toHexString(bArr));
            }
            if (!this.f1125a.getEnableSessionCreation()) {
                throw new IllegalStateException("Server did not resume session and session creation is disabled");
            }
        }
        ai b2 = this.f1125a.b().b();
        String peerHost = this.f1125a.getPeerHost();
        int peerPort = this.f1125a.getPeerPort();
        SecurityParameters securityParametersHandshake = this.context.getSecurityParametersHandshake();
        this.f1125a.a(!z ? new aj(b2, peerHost, peerPort, securityParametersHandshake) : new ak(b2, peerHost, peerPort, securityParametersHandshake, this.f1127c.g(), this.f1127c.c()));
    }
}
