package com.enjoysign.bc.crypto.tls.test;

import com.enjoysign.bc.asn1.ASN1EncodableVector;
import com.enjoysign.bc.asn1.DERBitString;
import com.enjoysign.bc.asn1.DERSequence;
import com.enjoysign.bc.crypto.tls.Certificate;
import com.enjoysign.bc.crypto.tls.CertificateRequest;
import com.enjoysign.bc.crypto.tls.DefaultTlsClient;
import com.enjoysign.bc.crypto.tls.ProtocolVersion;
import com.enjoysign.bc.crypto.tls.SignatureAndHashAlgorithm;
import com.enjoysign.bc.crypto.tls.TlsAuthentication;
import com.enjoysign.bc.crypto.tls.TlsCredentials;
import com.enjoysign.bc.crypto.tls.TlsFatalAlert;
import com.enjoysign.bc.crypto.tls.TlsSignerCredentials;
import com.enjoysign.bc.crypto.tls.TlsUtils;
import com.enjoysign.bc.util.Arrays;
import java.io.IOException;
import java.util.Hashtable;
import java.util.Vector;

/* loaded from: input_file:com/enjoysign/bc/crypto/tls/test/TlsTestClientImpl.class */
class TlsTestClientImpl extends DefaultTlsClient {
    protected final TlsTestConfig config;
    protected int firstFatalAlertConnectionEnd = -1;
    protected short firstFatalAlertDescription = -1;

    /* JADX INFO: Access modifiers changed from: package-private */
    public TlsTestClientImpl(TlsTestConfig tlsTestConfig) {
        this.config = tlsTestConfig;
    }

    int getFirstFatalAlertConnectionEnd() {
        return this.firstFatalAlertConnectionEnd;
    }

    short getFirstFatalAlertDescription() {
        return this.firstFatalAlertDescription;
    }

    @Override // com.enjoysign.bc.crypto.tls.AbstractTlsClient, com.enjoysign.bc.crypto.tls.TlsClient
    public ProtocolVersion getClientVersion() {
        return this.config.clientOfferVersion != null ? this.config.clientOfferVersion : super.getClientVersion();
    }

    @Override // com.enjoysign.bc.crypto.tls.AbstractTlsClient
    public ProtocolVersion getMinimumVersion() {
        return this.config.clientMinimumVersion != null ? this.config.clientMinimumVersion : super.getMinimumVersion();
    }

    @Override // com.enjoysign.bc.crypto.tls.AbstractTlsClient, com.enjoysign.bc.crypto.tls.TlsClient
    public Hashtable getClientExtensions() throws IOException {
        Hashtable clientExtensions = super.getClientExtensions();
        if (clientExtensions != null && !this.config.clientSendSignatureAlgorithms) {
            clientExtensions.remove(TlsUtils.EXT_signature_algorithms);
            this.supportedSignatureAlgorithms = null;
        }
        return clientExtensions;
    }

    @Override // com.enjoysign.bc.crypto.tls.AbstractTlsClient, com.enjoysign.bc.crypto.tls.TlsClient
    public boolean isFallback() {
        return this.config.clientFallback;
    }

    @Override // com.enjoysign.bc.crypto.tls.AbstractTlsPeer, com.enjoysign.bc.crypto.tls.TlsPeer
    public void notifyAlertRaised(short s, short s2, String str, Throwable th) {
        if (s == 2 && this.firstFatalAlertConnectionEnd == -1) {
            this.firstFatalAlertConnectionEnd = 1;
            this.firstFatalAlertDescription = s2;
        }
    }

    @Override // com.enjoysign.bc.crypto.tls.AbstractTlsPeer, com.enjoysign.bc.crypto.tls.TlsPeer
    public void notifyAlertReceived(short s, short s2) {
        if (s == 2 && this.firstFatalAlertConnectionEnd == -1) {
            this.firstFatalAlertConnectionEnd = 0;
            this.firstFatalAlertDescription = s2;
        }
    }

    @Override // com.enjoysign.bc.crypto.tls.AbstractTlsClient, com.enjoysign.bc.crypto.tls.TlsClient
    public void notifyServerVersion(ProtocolVersion protocolVersion) throws IOException {
        super.notifyServerVersion(protocolVersion);
    }

    @Override // com.enjoysign.bc.crypto.tls.TlsClient
    public TlsAuthentication getAuthentication() throws IOException {
        return new TlsAuthentication() { // from class: com.enjoysign.bc.crypto.tls.test.TlsTestClientImpl.1
            @Override // com.enjoysign.bc.crypto.tls.TlsAuthentication
            public void notifyServerCertificate(Certificate certificate) throws IOException {
                boolean z = certificate == null || certificate.isEmpty();
                com.enjoysign.bc.asn1.x509.Certificate[] certificateList = certificate.getCertificateList();
                if (z || !(certificateList[0].equals(TlsTestUtils.loadCertificateResource("x509-server.pem")) || certificateList[0].equals(TlsTestUtils.loadCertificateResource("x509-server-dsa.pem")) || certificateList[0].equals(TlsTestUtils.loadCertificateResource("x509-server-ecdsa.pem")))) {
                    throw new TlsFatalAlert((short) 42);
                }
            }

            @Override // com.enjoysign.bc.crypto.tls.TlsAuthentication
            public TlsCredentials getClientCredentials(CertificateRequest certificateRequest) throws IOException {
                short[] certificateTypes;
                if (TlsTestClientImpl.this.config.serverCertReq == 0) {
                    throw new IllegalStateException();
                }
                if (TlsTestClientImpl.this.config.clientAuth == 0 || (certificateTypes = certificateRequest.getCertificateTypes()) == null || !Arrays.contains(certificateTypes, (short) 1)) {
                    return null;
                }
                Vector supportedSignatureAlgorithms = certificateRequest.getSupportedSignatureAlgorithms();
                if (supportedSignatureAlgorithms != null && TlsTestClientImpl.this.config.clientAuthSigAlg != null) {
                    supportedSignatureAlgorithms = new Vector(1);
                    supportedSignatureAlgorithms.addElement(TlsTestClientImpl.this.config.clientAuthSigAlg);
                }
                final TlsSignerCredentials loadSignerCredentials = TlsTestUtils.loadSignerCredentials(TlsTestClientImpl.this.context, supportedSignatureAlgorithms, (short) 1, "x509-client.pem", "x509-client-key.pem");
                return TlsTestClientImpl.this.config.clientAuth == 1 ? loadSignerCredentials : new TlsSignerCredentials() { // from class: com.enjoysign.bc.crypto.tls.test.TlsTestClientImpl.1.1
                    @Override // com.enjoysign.bc.crypto.tls.TlsSignerCredentials
                    public byte[] generateCertificateSignature(byte[] bArr) throws IOException {
                        byte[] generateCertificateSignature = loadSignerCredentials.generateCertificateSignature(bArr);
                        if (TlsTestClientImpl.this.config.clientAuth == 3) {
                            generateCertificateSignature = TlsTestClientImpl.this.corruptBit(generateCertificateSignature);
                        }
                        return generateCertificateSignature;
                    }

                    @Override // com.enjoysign.bc.crypto.tls.TlsCredentials
                    public Certificate getCertificate() {
                        Certificate certificate = loadSignerCredentials.getCertificate();
                        if (TlsTestClientImpl.this.config.clientAuth == 2) {
                            certificate = TlsTestClientImpl.this.corruptCertificate(certificate);
                        }
                        return certificate;
                    }

                    @Override // com.enjoysign.bc.crypto.tls.TlsSignerCredentials
                    public SignatureAndHashAlgorithm getSignatureAndHashAlgorithm() {
                        return loadSignerCredentials.getSignatureAndHashAlgorithm();
                    }
                };
            }
        };
    }

    protected Certificate corruptCertificate(Certificate certificate) {
        com.enjoysign.bc.asn1.x509.Certificate[] certificateList = certificate.getCertificateList();
        certificateList[0] = corruptCertificateSignature(certificateList[0]);
        return new Certificate(certificateList);
    }

    protected com.enjoysign.bc.asn1.x509.Certificate corruptCertificateSignature(com.enjoysign.bc.asn1.x509.Certificate certificate) {
        ASN1EncodableVector aSN1EncodableVector = new ASN1EncodableVector();
        aSN1EncodableVector.add(certificate.getTBSCertificate());
        aSN1EncodableVector.add(certificate.getSignatureAlgorithm());
        aSN1EncodableVector.add(corruptSignature(certificate.getSignature()));
        return com.enjoysign.bc.asn1.x509.Certificate.getInstance(new DERSequence(aSN1EncodableVector));
    }

    protected DERBitString corruptSignature(DERBitString dERBitString) {
        return new DERBitString(corruptBit(dERBitString.getOctets()));
    }

    protected byte[] corruptBit(byte[] bArr) {
        byte[] clone = Arrays.clone(bArr);
        int nextInt = this.context.getSecureRandom().nextInt(clone.length << 3);
        int i = nextInt >>> 3;
        clone[i] = (byte) (clone[i] ^ (1 << (nextInt & 7)));
        return clone;
    }
}
