package cfca.sadk.org.bouncycastle.crypto.tls.test;

import cfca.sadk.org.bouncycastle.asn1.ASN1EncodableVector;
import cfca.sadk.org.bouncycastle.asn1.DERBitString;
import cfca.sadk.org.bouncycastle.asn1.DERSequence;
import cfca.sadk.org.bouncycastle.crypto.tls.Certificate;
import cfca.sadk.org.bouncycastle.crypto.tls.CertificateRequest;
import cfca.sadk.org.bouncycastle.crypto.tls.DefaultTlsClient;
import cfca.sadk.org.bouncycastle.crypto.tls.ProtocolVersion;
import cfca.sadk.org.bouncycastle.crypto.tls.SignatureAndHashAlgorithm;
import cfca.sadk.org.bouncycastle.crypto.tls.TlsAuthentication;
import cfca.sadk.org.bouncycastle.crypto.tls.TlsCredentials;
import cfca.sadk.org.bouncycastle.crypto.tls.TlsFatalAlert;
import cfca.sadk.org.bouncycastle.crypto.tls.TlsSignerCredentials;
import cfca.sadk.org.bouncycastle.util.Arrays;
import java.io.IOException;
import java.util.Vector;

/* loaded from: input_file:BOOT-INF/lib/sadk-3.2.0.5.jar:cfca/sadk/org/bouncycastle/crypto/tls/test/TlsTestClientImpl.class */
class TlsTestClientImpl extends DefaultTlsClient {
    protected final TlsTestConfig config;
    protected int firstFatalAlertConnectionEnd = -1;
    protected short firstFatalAlertDescription = -1;

    /* renamed from: cfca.sadk.org.bouncycastle.crypto.tls.test.TlsTestClientImpl$1, reason: invalid class name */
    /* loaded from: input_file:BOOT-INF/lib/sadk-3.2.0.5.jar:cfca/sadk/org/bouncycastle/crypto/tls/test/TlsTestClientImpl$1.class */
    class AnonymousClass1 implements TlsAuthentication {
        private final TlsTestClientImpl this$0;

        AnonymousClass1(TlsTestClientImpl tlsTestClientImpl) {
            this.this$0 = tlsTestClientImpl;
        }

        @Override // cfca.sadk.org.bouncycastle.crypto.tls.TlsAuthentication
        public void notifyServerCertificate(Certificate certificate) throws IOException {
            boolean z = certificate == null || certificate.isEmpty();
            cfca.sadk.org.bouncycastle.asn1.x509.Certificate[] certificateList = certificate.getCertificateList();
            if (z || !certificateList[0].equals(TlsTestUtils.loadCertificateResource("x509-server.pem"))) {
                throw new TlsFatalAlert((short) 42);
            }
        }

        @Override // cfca.sadk.org.bouncycastle.crypto.tls.TlsAuthentication
        public TlsCredentials getClientCredentials(CertificateRequest certificateRequest) throws IOException {
            short[] certificateTypes;
            if (this.this$0.config.serverCertReq == 0) {
                throw new IllegalStateException();
            }
            if (this.this$0.config.clientAuth == 0 || (certificateTypes = certificateRequest.getCertificateTypes()) == null || !Arrays.contains(certificateTypes, (short) 1)) {
                return null;
            }
            SignatureAndHashAlgorithm signatureAndHashAlgorithm = null;
            Vector supportedSignatureAlgorithms = certificateRequest.getSupportedSignatureAlgorithms();
            if (supportedSignatureAlgorithms != null) {
                int i = 0;
                while (true) {
                    if (i >= supportedSignatureAlgorithms.size()) {
                        break;
                    }
                    SignatureAndHashAlgorithm signatureAndHashAlgorithm2 = (SignatureAndHashAlgorithm) supportedSignatureAlgorithms.elementAt(i);
                    if (signatureAndHashAlgorithm2.getSignature() == 1) {
                        signatureAndHashAlgorithm = signatureAndHashAlgorithm2;
                        break;
                    }
                    i++;
                }
                if (signatureAndHashAlgorithm == null) {
                    return null;
                }
            }
            TlsSignerCredentials loadSignerCredentials = TlsTestUtils.loadSignerCredentials(this.this$0.context, new String[]{"x509-client.pem", "x509-ca.pem"}, "x509-client-key.pem", signatureAndHashAlgorithm);
            return this.this$0.config.clientAuth == 1 ? loadSignerCredentials : new TlsSignerCredentials(this, loadSignerCredentials) { // from class: cfca.sadk.org.bouncycastle.crypto.tls.test.TlsTestClientImpl.1.1
                private final TlsSignerCredentials val$signerCredentials;
                private final AnonymousClass1 this$1;

                {
                    this.this$1 = this;
                    this.val$signerCredentials = loadSignerCredentials;
                }

                @Override // cfca.sadk.org.bouncycastle.crypto.tls.TlsSignerCredentials
                public byte[] generateCertificateSignature(byte[] bArr) throws IOException {
                    byte[] generateCertificateSignature = this.val$signerCredentials.generateCertificateSignature(bArr);
                    if (this.this$1.this$0.config.clientAuth == 3) {
                        generateCertificateSignature = this.this$1.this$0.corruptBit(generateCertificateSignature);
                    }
                    return generateCertificateSignature;
                }

                @Override // cfca.sadk.org.bouncycastle.crypto.tls.TlsCredentials
                public Certificate getCertificate() {
                    Certificate certificate = this.val$signerCredentials.getCertificate();
                    if (this.this$1.this$0.config.clientAuth == 2) {
                        certificate = this.this$1.this$0.corruptCertificate(certificate);
                    }
                    return certificate;
                }

                @Override // cfca.sadk.org.bouncycastle.crypto.tls.TlsSignerCredentials
                public SignatureAndHashAlgorithm getSignatureAndHashAlgorithm() {
                    return this.val$signerCredentials.getSignatureAndHashAlgorithm();
                }
            };
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public TlsTestClientImpl(TlsTestConfig tlsTestConfig) {
        this.config = tlsTestConfig;
    }

    int getFirstFatalAlertConnectionEnd() {
        return this.firstFatalAlertConnectionEnd;
    }

    short getFirstFatalAlertDescription() {
        return this.firstFatalAlertDescription;
    }

    @Override // cfca.sadk.org.bouncycastle.crypto.tls.AbstractTlsClient, cfca.sadk.org.bouncycastle.crypto.tls.TlsClient
    public ProtocolVersion getClientVersion() {
        return this.config.clientOfferVersion != null ? this.config.clientOfferVersion : super.getClientVersion();
    }

    @Override // cfca.sadk.org.bouncycastle.crypto.tls.AbstractTlsClient
    public ProtocolVersion getMinimumVersion() {
        return this.config.clientMinimumVersion != null ? this.config.clientMinimumVersion : super.getMinimumVersion();
    }

    @Override // cfca.sadk.org.bouncycastle.crypto.tls.AbstractTlsPeer, cfca.sadk.org.bouncycastle.crypto.tls.TlsPeer
    public void notifyAlertRaised(short s, short s2, String str, Exception exc) {
        if (s == 2 && this.firstFatalAlertConnectionEnd == -1) {
            this.firstFatalAlertConnectionEnd = 1;
            this.firstFatalAlertDescription = s2;
        }
    }

    @Override // cfca.sadk.org.bouncycastle.crypto.tls.AbstractTlsPeer, cfca.sadk.org.bouncycastle.crypto.tls.TlsPeer
    public void notifyAlertReceived(short s, short s2) {
        if (s == 2 && this.firstFatalAlertConnectionEnd == -1) {
            this.firstFatalAlertConnectionEnd = 0;
            this.firstFatalAlertDescription = s2;
        }
    }

    @Override // cfca.sadk.org.bouncycastle.crypto.tls.AbstractTlsClient, cfca.sadk.org.bouncycastle.crypto.tls.TlsClient
    public void notifyServerVersion(ProtocolVersion protocolVersion) throws IOException {
        super.notifyServerVersion(protocolVersion);
    }

    @Override // cfca.sadk.org.bouncycastle.crypto.tls.TlsClient
    public TlsAuthentication getAuthentication() throws IOException {
        return new AnonymousClass1(this);
    }

    protected Certificate corruptCertificate(Certificate certificate) {
        cfca.sadk.org.bouncycastle.asn1.x509.Certificate[] certificateList = certificate.getCertificateList();
        certificateList[0] = corruptCertificateSignature(certificateList[0]);
        return new Certificate(certificateList);
    }

    protected cfca.sadk.org.bouncycastle.asn1.x509.Certificate corruptCertificateSignature(cfca.sadk.org.bouncycastle.asn1.x509.Certificate certificate) {
        ASN1EncodableVector aSN1EncodableVector = new ASN1EncodableVector();
        aSN1EncodableVector.add(certificate.getTBSCertificate());
        aSN1EncodableVector.add(certificate.getSignatureAlgorithm());
        aSN1EncodableVector.add(corruptBitString(certificate.getSignature()));
        return cfca.sadk.org.bouncycastle.asn1.x509.Certificate.getInstance(new DERSequence(aSN1EncodableVector));
    }

    protected DERBitString corruptBitString(DERBitString dERBitString) {
        return new DERBitString(corruptBit(dERBitString.getBytes()));
    }

    protected byte[] corruptBit(byte[] bArr) {
        byte[] clone = Arrays.clone(bArr);
        int nextInt = this.context.getSecureRandom().nextInt(clone.length << 3);
        int i = nextInt >>> 3;
        clone[i] = (byte) (clone[i] ^ (1 << (nextInt & 7)));
        return clone;
    }
}
