package eu.cec.digit.ecas.util.httpclient.protocol.bouncycastle;

import eu.cec.digit.ecas.org.bouncycastle.crypto.tls.AlertDescription;
import eu.cec.digit.ecas.org.bouncycastle.crypto.tls.AlertLevel;
import eu.cec.digit.ecas.org.bouncycastle.crypto.tls.DefaultTlsClient;
import eu.cec.digit.ecas.org.bouncycastle.crypto.tls.ProtocolVersion;
import eu.cec.digit.ecas.org.bouncycastle.crypto.tls.SignatureAndHashAlgorithm;
import eu.cec.digit.ecas.org.bouncycastle.crypto.tls.TlsAuthentication;
import eu.cec.digit.ecas.org.bouncycastle.crypto.tls.TlsECCUtils;
import eu.cec.digit.ecas.org.bouncycastle.crypto.tls.TlsExtensionsUtils;
import eu.cec.digit.ecas.org.bouncycastle.crypto.tls.TlsFatalAlert;
import eu.cec.digit.ecas.org.bouncycastle.crypto.tls.TlsKeyExchange;
import eu.cec.digit.ecas.org.bouncycastle.crypto.tls.TlsSession;
import eu.cec.digit.ecas.org.bouncycastle.crypto.tls.TlsUtils;
import eu.cec.digit.ecas.util.ArraysUtil;
import java.io.EOFException;
import java.io.IOException;
import java.io.PrintStream;
import java.net.SocketTimeoutException;
import java.security.cert.X509Certificate;
import java.util.Arrays;
import java.util.Hashtable;
import java.util.Iterator;
import java.util.Set;
import java.util.Vector;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: input_file:eu/cec/digit/ecas/util/httpclient/protocol/bouncycastle/StandardNamesTlsClient.class */
public final class StandardNamesTlsClient extends DefaultTlsClient {
    private final IdentityAndTrustTlsAuthentication identityAndTrustTlsAuthentication;
    private final Vector<SignatureAndHashAlgorithm> signatureAndHashAlgorithms;
    private final boolean acceptInsecureRenegotiation;
    private volatile boolean httpClientAvailableHackOnGoing;
    private int[] enabledCipherSuites;
    private ProtocolVersion[] enabledProtocolVersions;
    private ProtocolVersion selectedServerProtocolVersion;
    private byte[] sessionID;
    private int[] enabledNamedCurves;
    private TlsSession sessionToResume;

    /* JADX INFO: Access modifiers changed from: package-private */
    public StandardNamesTlsClient(ExposedTlsClientProtocol exposedTlsClientProtocol, IdentityAndTrust identityAndTrust, Set<JsseCipherSuite> set, Set<JsseProtocolVersion> set2, Set<JsseHashAlgorithm> set3, Set<JsseSignatureAlgorithm> set4, Set<JsseNamedCurve> set5, boolean z) {
        super(new StandardNamesTlsCipherFactory());
        this.identityAndTrustTlsAuthentication = new IdentityAndTrustTlsAuthentication(exposedTlsClientProtocol, identityAndTrust);
        this.enabledCipherSuites = JsseMapper.unbox((Integer[]) JsseMapper.toValues(set));
        this.enabledProtocolVersions = (ProtocolVersion[]) JsseMapper.toValues(set2);
        this.signatureAndHashAlgorithms = computeSupportedSignatureAlgorithms(set3, set4);
        this.enabledNamedCurves = JsseMapper.unbox((Integer[]) JsseMapper.toValues(set5));
        this.acceptInsecureRenegotiation = z;
    }

    private Vector<SignatureAndHashAlgorithm> computeSupportedSignatureAlgorithms(Set<JsseHashAlgorithm> set, Set<JsseSignatureAlgorithm> set2) {
        Vector<SignatureAndHashAlgorithm> vector = new Vector<>();
        for (JsseSignatureAlgorithm jsseSignatureAlgorithm : set2) {
            Iterator<JsseHashAlgorithm> it = set.iterator();
            while (it.hasNext()) {
                vector.addElement(new SignatureAndHashAlgorithm(it.next().getValue().shortValue(), jsseSignatureAlgorithm.getValue().shortValue()));
            }
        }
        return vector;
    }

    @Override // eu.cec.digit.ecas.org.bouncycastle.crypto.tls.TlsClient
    public final TlsAuthentication getAuthentication() {
        return this.identityAndTrustTlsAuthentication;
    }

    @Override // eu.cec.digit.ecas.org.bouncycastle.crypto.tls.DefaultTlsClient, eu.cec.digit.ecas.org.bouncycastle.crypto.tls.TlsClient
    public final int[] getCipherSuites() {
        return (int[]) this.enabledCipherSuites.clone();
    }

    @Override // eu.cec.digit.ecas.org.bouncycastle.crypto.tls.AbstractTlsClient, eu.cec.digit.ecas.org.bouncycastle.crypto.tls.TlsClient
    public final ProtocolVersion getClientVersion() {
        return (ProtocolVersion) ArraysUtil.max(this.enabledProtocolVersions, JsseProtocolVersion.PROTOCOL_VERSION_COMPARATOR);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public final String[] getEnabledCipherSuites() {
        return JsseCipherSuite.MAPPER.arrayMap(JsseMapper.box(this.enabledCipherSuites));
    }

    final String[] getEnabledNamedCurves() {
        return JsseNamedCurve.MAPPER.arrayMap(JsseMapper.box(this.enabledNamedCurves));
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public final String[] getEnabledProtocols() {
        return JsseProtocolVersion.MAPPER.arrayMap(this.enabledProtocolVersions);
    }

    X509Certificate getLocalCertificate() {
        return this.identityAndTrustTlsAuthentication.getLocalCertificate();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public X509Certificate[] getLocalCertificateChain() {
        return this.identityAndTrustTlsAuthentication.getLocalCertificateChain();
    }

    @Override // eu.cec.digit.ecas.org.bouncycastle.crypto.tls.AbstractTlsClient
    public final ProtocolVersion getMinimumVersion() {
        return (ProtocolVersion) ArraysUtil.min(this.enabledProtocolVersions, JsseProtocolVersion.PROTOCOL_VERSION_COMPARATOR);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public final int getSelectedCipherSuite() {
        return this.selectedCipherSuite;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public final JsseProtocolVersion getSelectedServerProtocolVersion() {
        if (null == this.selectedServerProtocolVersion) {
            return null;
        }
        return (JsseProtocolVersion) JsseProtocolVersion.MAPPER.fromValue(this.selectedServerProtocolVersion);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public final X509Certificate[] getServerCertificateChain() {
        return this.identityAndTrustTlsAuthentication.getServerCertificateChain();
    }

    final byte[] getSessionID() {
        return (byte[]) this.sessionID.clone();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public final String[] getSupportedCipherSuites() {
        return getEnabledCipherSuites();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public final String[] getSupportedProtocols() {
        return getEnabledProtocols();
    }

    @Override // eu.cec.digit.ecas.org.bouncycastle.crypto.tls.AbstractTlsClient
    protected Vector<SignatureAndHashAlgorithm> getSupportedSignatureAlgorithms() {
        return this.signatureAndHashAlgorithms;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public boolean isHttpClientAvailableHackOnGoing(Throwable th) {
        return (th instanceof SocketTimeoutException) && this.httpClientAvailableHackOnGoing;
    }

    @Override // eu.cec.digit.ecas.org.bouncycastle.crypto.tls.AbstractTlsPeer, eu.cec.digit.ecas.org.bouncycastle.crypto.tls.TlsPeer
    public final void notifyAlertRaised(short s, short s2, String str, Throwable th) {
        super.notifyAlertRaised(s, s2, str, th);
        if (!JsseUtil.isJsseDebugEnabled() || isHttpClientAvailableHackOnGoing(th)) {
            return;
        }
        PrintStream printStream = s == 2 ? System.err : System.out;
        if (th instanceof EOFException) {
            printStream.println("TLS client reached the end of the stream");
            return;
        }
        printStream.println("TLS client raised alert (AlertLevel." + ((int) s) + ", AlertDescription." + ((int) s2) + "): " + AlertLevel.getName(s) + " - " + AlertDescription.getName(s2));
        if (str != null) {
            printStream.println("> " + str);
        }
        if (th != null) {
            th.printStackTrace(printStream);
        }
    }

    @Override // eu.cec.digit.ecas.org.bouncycastle.crypto.tls.AbstractTlsPeer, eu.cec.digit.ecas.org.bouncycastle.crypto.tls.TlsPeer
    public final void notifyAlertReceived(short s, short s2) {
        super.notifyAlertReceived(s, s2);
        if (JsseUtil.isJsseDebugEnabled()) {
            (s == 2 ? System.err : System.out).println("TLS client received alert (AlertLevel." + ((int) s) + ", AlertDescription." + ((int) s2) + ")");
        }
    }

    @Override // eu.cec.digit.ecas.org.bouncycastle.crypto.tls.AbstractTlsClient, eu.cec.digit.ecas.org.bouncycastle.crypto.tls.TlsClient
    public void notifySelectedCipherSuite(int i) {
        super.notifySelectedCipherSuite(i);
        if (JsseUtil.isJsseDebugEnabled()) {
            System.out.println("TLS client negotiated cipher suite: " + JsseCipherSuite.MAPPER.fromValue(Integer.valueOf(i)));
        }
    }

    @Override // eu.cec.digit.ecas.org.bouncycastle.crypto.tls.AbstractTlsClient, eu.cec.digit.ecas.org.bouncycastle.crypto.tls.TlsClient
    public void notifySelectedCompressionMethod(short s) {
        super.notifySelectedCompressionMethod(s);
        if (JsseUtil.isJsseDebugEnabled()) {
            System.out.println("TLS client negotiated compression method: " + JsseCompressionMethod.MAPPER.fromValue(Short.valueOf(s)));
        }
    }

    @Override // eu.cec.digit.ecas.org.bouncycastle.crypto.tls.AbstractTlsClient, eu.cec.digit.ecas.org.bouncycastle.crypto.tls.TlsClient
    public final void notifyServerVersion(ProtocolVersion protocolVersion) throws IOException {
        super.notifyServerVersion(protocolVersion);
        this.selectedServerProtocolVersion = protocolVersion;
        if (JsseUtil.isJsseDebugEnabled()) {
            System.out.println("TLS client negotiated protocol version: " + protocolVersion);
        }
    }

    @Override // eu.cec.digit.ecas.org.bouncycastle.crypto.tls.AbstractTlsClient, eu.cec.digit.ecas.org.bouncycastle.crypto.tls.TlsClient
    public final void notifySessionID(byte[] bArr) {
        super.notifySessionID(bArr);
        this.sessionID = bArr;
        if (JsseUtil.isJsseDebugEnabled()) {
            System.out.println("TLS client obtained Session ID: " + Arrays.toString(bArr));
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void setEnabledCipherSuites(String[] strArr) {
        this.enabledCipherSuites = JsseMapper.unbox(JsseCipherSuite.MAPPER.arrayMap(strArr));
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void setEnabledProtocols(String[] strArr) {
        this.enabledProtocolVersions = JsseProtocolVersion.MAPPER.arrayMap(strArr);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void setHttpClientAvailableHackOnGoing(boolean z) {
        this.httpClientAvailableHackOnGoing = z;
    }

    @Override // eu.cec.digit.ecas.org.bouncycastle.crypto.tls.AbstractTlsClient, eu.cec.digit.ecas.org.bouncycastle.crypto.tls.TlsClient
    public void processServerExtensions(Hashtable hashtable) throws IOException {
        String str;
        super.processServerExtensions(hashtable);
        if (JsseUtil.isJsseDebugEnabled() && TlsECCUtils.isECCCipherSuite(this.selectedCipherSuite)) {
            System.out.println("TLS client is using an Elliptic-Curve-Cryptography cipher suite: " + JsseCipherSuite.MAPPER.fromValue(Integer.valueOf(this.selectedCipherSuite)));
            if (null == this.serverECPointFormats || this.serverECPointFormats.length == 0) {
                System.out.println("TLS client received no Elliptic-Curve Point-Format from server");
                return;
            }
            try {
                str = JsseEcPointFormat.MAPPER.fromValues(JsseMapper.box(this.serverECPointFormats)).toString();
            } catch (IllegalArgumentException e) {
                str = "Unknown: " + Arrays.toString(this.serverECPointFormats);
            }
            System.out.println("TLS client received server-accepted Elliptic Curve Point Formats: " + str);
        }
    }

    @Override // eu.cec.digit.ecas.org.bouncycastle.crypto.tls.AbstractTlsClient, eu.cec.digit.ecas.org.bouncycastle.crypto.tls.TlsClient
    public Hashtable getClientExtensions() throws IOException {
        Hashtable hashtable = null;
        if (TlsUtils.isSignatureAlgorithmsExtensionAllowed(this.context.getClientVersion())) {
            this.supportedSignatureAlgorithms = getSupportedSignatureAlgorithms();
            hashtable = TlsExtensionsUtils.ensureExtensionsInitialised(null);
            TlsUtils.addSignatureAlgorithmsExtension(hashtable, this.supportedSignatureAlgorithms);
        }
        if (TlsECCUtils.containsECCCipherSuites(getCipherSuites())) {
            this.namedCurves = this.enabledNamedCurves;
            this.clientECPointFormats = new short[]{0, 1, 2};
            hashtable = TlsExtensionsUtils.ensureExtensionsInitialised(hashtable);
            TlsECCUtils.addSupportedEllipticCurvesExtension(hashtable, this.namedCurves);
            TlsECCUtils.addSupportedPointFormatsExtension(hashtable, this.clientECPointFormats);
        }
        return hashtable;
    }

    @Override // eu.cec.digit.ecas.org.bouncycastle.crypto.tls.DefaultTlsClient
    protected TlsKeyExchange createECDHEKeyExchange(int i) {
        return new ExposedTlsECDHEKeyExchange(i, this.supportedSignatureAlgorithms, this.namedCurves, this.clientECPointFormats, this.serverECPointFormats);
    }

    @Override // eu.cec.digit.ecas.org.bouncycastle.crypto.tls.DefaultTlsClient
    protected String formatCipherSuite(int i) {
        JsseCipherSuite jsseCipherSuite = (JsseCipherSuite) JsseCipherSuite.MAPPER.fromValue(Integer.valueOf(i));
        return null == jsseCipherSuite ? "Unknown: " + i : jsseCipherSuite.getJsseName();
    }

    @Override // eu.cec.digit.ecas.org.bouncycastle.crypto.tls.AbstractTlsPeer, eu.cec.digit.ecas.org.bouncycastle.crypto.tls.TlsPeer
    public void notifySecureRenegotiation(boolean z) throws IOException {
        if (!z && !this.acceptInsecureRenegotiation) {
            throw new TlsFatalAlert((short) 40, new IOException("Refusing to accept insecure renegotiation from server"));
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void setSessionToResume(TlsSession tlsSession) {
        this.sessionToResume = tlsSession;
    }

    @Override // eu.cec.digit.ecas.org.bouncycastle.crypto.tls.AbstractTlsClient, eu.cec.digit.ecas.org.bouncycastle.crypto.tls.TlsClient
    public TlsSession getSessionToResume() {
        return this.sessionToResume;
    }
}
