package sun.security.ssl;

import java.security.Principal;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.cert.X509Certificate;
import java.security.interfaces.ECKey;
import java.security.interfaces.ECPublicKey;
import java.security.interfaces.XECKey;
import java.security.spec.AlgorithmParameterSpec;
import java.security.spec.ECParameterSpec;
import java.security.spec.NamedParameterSpec;
import java.util.AbstractMap;
import java.util.Arrays;
import java.util.Map;
import javax.net.ssl.X509ExtendedKeyManager;
import org.asynchttpclient.netty.channel.ChannelManager;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: input_file:BOOT-INF/lib/java.base-2023-06-15.jar:META-INF/modules/java.base/classes/sun/security/ssl/X509Authentication.class */
public enum X509Authentication implements SSLAuthentication {
    RSA("RSA", "RSA"),
    RSASSA_PSS("RSASSA-PSS", "RSASSA-PSS"),
    RSA_OR_PSS("RSA_OR_PSS", "RSA", "RSASSA-PSS"),
    DSA("DSA", "DSA"),
    EC("EC", "EC"),
    EDDSA("EdDSA", "EdDSA");

    final String keyAlgorithm;
    final String[] keyTypes;

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:BOOT-INF/lib/java.base-2023-06-15.jar:META-INF/modules/java.base/classes/sun/security/ssl/X509Authentication$X509Credentials.class */
    public static final class X509Credentials implements SSLCredentials {
        final X509Certificate[] popCerts;
        final PublicKey popPublicKey;

        /* JADX INFO: Access modifiers changed from: package-private */
        public X509Credentials(PublicKey publicKey, X509Certificate[] x509CertificateArr) {
            this.popCerts = x509CertificateArr;
            this.popPublicKey = publicKey;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:BOOT-INF/lib/java.base-2023-06-15.jar:META-INF/modules/java.base/classes/sun/security/ssl/X509Authentication$X509Possession.class */
    public static final class X509Possession implements SSLPossession {
        final X509Certificate[] popCerts;
        final PrivateKey popPrivateKey;

        /* JADX INFO: Access modifiers changed from: package-private */
        public X509Possession(PrivateKey privateKey, X509Certificate[] x509CertificateArr) {
            this.popCerts = x509CertificateArr;
            this.popPrivateKey = privateKey;
        }

        /* JADX INFO: Access modifiers changed from: package-private */
        public ECParameterSpec getECParameterSpec() {
            if (this.popPrivateKey == null || !"EC".equals(this.popPrivateKey.getAlgorithm())) {
                return null;
            }
            if (this.popPrivateKey instanceof ECKey) {
                return ((ECKey) this.popPrivateKey).getParams();
            }
            if (this.popCerts == null || this.popCerts.length == 0) {
                return null;
            }
            PublicKey publicKey = this.popCerts[0].getPublicKey();
            if (publicKey instanceof ECKey) {
                return ((ECKey) publicKey).getParams();
            }
            return null;
        }

        /* JADX INFO: Access modifiers changed from: package-private */
        public NamedParameterSpec getXECParameterSpec() {
            if (this.popPrivateKey == null || !"XEC".equals(this.popPrivateKey.getAlgorithm())) {
                return null;
            }
            if (this.popPrivateKey instanceof XECKey) {
                AlgorithmParameterSpec params = ((XECKey) this.popPrivateKey).getParams();
                if (params instanceof NamedParameterSpec) {
                    return (NamedParameterSpec) params;
                }
                return null;
            }
            if (this.popCerts == null || this.popCerts.length == 0) {
                return null;
            }
            PublicKey publicKey = this.popCerts[0].getPublicKey();
            if (!(publicKey instanceof XECKey)) {
                return null;
            }
            AlgorithmParameterSpec params2 = ((XECKey) publicKey).getParams();
            if (params2 instanceof NamedParameterSpec) {
                return (NamedParameterSpec) params2;
            }
            return null;
        }
    }

    X509Authentication(String str, String... strArr) {
        this.keyAlgorithm = str;
        this.keyTypes = strArr;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static X509Authentication valueOfKeyAlgorithm(String str) {
        for (X509Authentication x509Authentication : values()) {
            if (x509Authentication.keyAlgorithm.equals(str)) {
                return x509Authentication;
            }
        }
        return null;
    }

    @Override // sun.security.ssl.SSLPossessionGenerator
    public SSLPossession createPossession(HandshakeContext handshakeContext) {
        return createPossession(handshakeContext, this.keyTypes);
    }

    @Override // sun.security.ssl.SSLHandshakeBinding
    public SSLHandshake[] getRelatedHandshakers(HandshakeContext handshakeContext) {
        return !handshakeContext.negotiatedProtocol.useTLS13PlusSpec() ? new SSLHandshake[]{SSLHandshake.CERTIFICATE, SSLHandshake.CERTIFICATE_REQUEST} : new SSLHandshake[0];
    }

    @Override // sun.security.ssl.SSLHandshakeBinding
    public Map.Entry<Byte, HandshakeProducer>[] getHandshakeProducers(HandshakeContext handshakeContext) {
        return !handshakeContext.negotiatedProtocol.useTLS13PlusSpec() ? new Map.Entry[]{new AbstractMap.SimpleImmutableEntry(Byte.valueOf(SSLHandshake.CERTIFICATE.id), SSLHandshake.CERTIFICATE)} : new Map.Entry[0];
    }

    public static SSLPossession createPossession(HandshakeContext handshakeContext, String[] strArr) {
        return handshakeContext.sslConfig.isClientMode ? createClientPossession((ClientHandshakeContext) handshakeContext, strArr) : createServerPossession((ServerHandshakeContext) handshakeContext, strArr);
    }

    private static SSLPossession createClientPossession(ClientHandshakeContext clientHandshakeContext, String[] strArr) {
        X509ExtendedKeyManager x509KeyManager = clientHandshakeContext.sslContext.getX509KeyManager();
        String str = null;
        SSLTransport sSLTransport = clientHandshakeContext.conContext.transport;
        if (sSLTransport instanceof SSLSocketImpl) {
            str = x509KeyManager.chooseClientAlias(strArr, clientHandshakeContext.peerSupportedAuthorities == null ? null : (Principal[]) clientHandshakeContext.peerSupportedAuthorities.clone(), (SSLSocketImpl) sSLTransport);
        } else {
            SSLTransport sSLTransport2 = clientHandshakeContext.conContext.transport;
            if (sSLTransport2 instanceof SSLEngineImpl) {
                str = x509KeyManager.chooseEngineClientAlias(strArr, clientHandshakeContext.peerSupportedAuthorities == null ? null : (Principal[]) clientHandshakeContext.peerSupportedAuthorities.clone(), (SSLEngineImpl) sSLTransport2);
            }
        }
        if (str == null) {
            if (!SSLLogger.isOn || !SSLLogger.isOn(ChannelManager.SSL_HANDLER)) {
                return null;
            }
            SSLLogger.finest("No X.509 cert selected for " + Arrays.toString(strArr), new Object[0]);
            return null;
        }
        PrivateKey privateKey = x509KeyManager.getPrivateKey(str);
        if (privateKey == null) {
            if (!SSLLogger.isOn || !SSLLogger.isOn(ChannelManager.SSL_HANDLER)) {
                return null;
            }
            SSLLogger.finest(str + " is not a private key entry", new Object[0]);
            return null;
        }
        X509Certificate[] certificateChain = x509KeyManager.getCertificateChain(str);
        if (certificateChain == null || certificateChain.length == 0) {
            if (!SSLLogger.isOn || !SSLLogger.isOn(ChannelManager.SSL_HANDLER)) {
                return null;
            }
            SSLLogger.finest(str + " is a private key entry with no cert chain stored", new Object[0]);
            return null;
        }
        String algorithm = privateKey.getAlgorithm();
        if (!Arrays.asList(strArr).contains(algorithm)) {
            if (!SSLLogger.isOn || !SSLLogger.isOn(ChannelManager.SSL_HANDLER)) {
                return null;
            }
            SSLLogger.fine(str + " private key algorithm " + algorithm + " not in request list", new Object[0]);
            return null;
        }
        String algorithm2 = certificateChain[0].getPublicKey().getAlgorithm();
        if (algorithm.equals(algorithm2)) {
            return new X509Possession(privateKey, certificateChain);
        }
        if (!SSLLogger.isOn || !SSLLogger.isOn(ChannelManager.SSL_HANDLER)) {
            return null;
        }
        SSLLogger.fine(str + " private or public key is not of same algorithm: " + algorithm + " vs " + algorithm2, new Object[0]);
        return null;
    }

    private static SSLPossession createServerPossession(ServerHandshakeContext serverHandshakeContext, String[] strArr) {
        X509ExtendedKeyManager x509KeyManager = serverHandshakeContext.sslContext.getX509KeyManager();
        String str = null;
        for (String str2 : strArr) {
            SSLTransport sSLTransport = serverHandshakeContext.conContext.transport;
            if (sSLTransport instanceof SSLSocketImpl) {
                str = x509KeyManager.chooseServerAlias(str2, serverHandshakeContext.peerSupportedAuthorities == null ? null : (Principal[]) serverHandshakeContext.peerSupportedAuthorities.clone(), (SSLSocketImpl) sSLTransport);
            } else {
                SSLTransport sSLTransport2 = serverHandshakeContext.conContext.transport;
                if (sSLTransport2 instanceof SSLEngineImpl) {
                    str = x509KeyManager.chooseEngineServerAlias(str2, serverHandshakeContext.peerSupportedAuthorities == null ? null : (Principal[]) serverHandshakeContext.peerSupportedAuthorities.clone(), (SSLEngineImpl) sSLTransport2);
                }
            }
            if (str != null) {
                PrivateKey privateKey = x509KeyManager.getPrivateKey(str);
                if (privateKey != null) {
                    X509Certificate[] certificateChain = x509KeyManager.getCertificateChain(str);
                    if (certificateChain != null && certificateChain.length != 0) {
                        PublicKey publicKey = certificateChain[0].getPublicKey();
                        if (privateKey.getAlgorithm().equals(str2) && publicKey.getAlgorithm().equals(str2)) {
                            if (!serverHandshakeContext.negotiatedProtocol.useTLS13PlusSpec() && str2.equals("EC")) {
                                if (publicKey instanceof ECPublicKey) {
                                    NamedGroup valueOf = NamedGroup.valueOf(((ECPublicKey) publicKey).getParams());
                                    if (valueOf == null || !NamedGroup.isEnabled(serverHandshakeContext.sslConfig, valueOf) || (serverHandshakeContext.clientRequestedNamedGroups != null && !serverHandshakeContext.clientRequestedNamedGroups.contains(valueOf))) {
                                        if (SSLLogger.isOn && SSLLogger.isOn(ChannelManager.SSL_HANDLER)) {
                                            SSLLogger.warning("Unsupported named group (" + ((Object) valueOf) + ") used in the " + str + " certificate", new Object[0]);
                                        }
                                    }
                                } else if (SSLLogger.isOn && SSLLogger.isOn(ChannelManager.SSL_HANDLER)) {
                                    SSLLogger.warning(str + " public key is not an instance of ECPublicKey", new Object[0]);
                                }
                            }
                            return new X509Possession(privateKey, certificateChain);
                        }
                        if (SSLLogger.isOn && SSLLogger.isOn(ChannelManager.SSL_HANDLER)) {
                            SSLLogger.fine(str + " private or public key is not of " + str2 + " algorithm", new Object[0]);
                        }
                    } else if (SSLLogger.isOn && SSLLogger.isOn(ChannelManager.SSL_HANDLER)) {
                        SSLLogger.finest(str + " is not a certificate entry", new Object[0]);
                    }
                } else if (SSLLogger.isOn && SSLLogger.isOn(ChannelManager.SSL_HANDLER)) {
                    SSLLogger.finest(str + " is not a private key entry", new Object[0]);
                }
            } else if (SSLLogger.isOn && SSLLogger.isOn(ChannelManager.SSL_HANDLER)) {
                SSLLogger.finest("No X.509 cert selected for " + str2, new Object[0]);
            }
        }
        return null;
    }
}
