package sun.security.ssl;

import java.io.IOException;
import java.nio.ByteBuffer;
import java.security.cert.X509Certificate;
import java.text.MessageFormat;
import java.util.ArrayList;
import java.util.Collections;
import java.util.Iterator;
import java.util.LinkedList;
import java.util.List;
import java.util.Locale;
import javax.net.ssl.SSLProtocolException;
import javax.security.auth.x500.X500Principal;
import sun.security.ssl.SSLExtension;
import sun.security.ssl.SSLHandshake;

/* JADX WARN: Classes with same name are omitted:
  input_file:WEB-INF/lib/java.base-2024-05-10.jar:META-INF/modules/java.base/classes/sun/security/ssl/CertificateAuthoritiesExtension.class
 */
/* loaded from: input_file:META-INF/modules/java.base/classes/sun/security/ssl/CertificateAuthoritiesExtension.class */
final class CertificateAuthoritiesExtension {
    static final HandshakeProducer chNetworkProducer = new CHCertificateAuthoritiesProducer();
    static final SSLExtension.ExtensionConsumer chOnLoadConsumer = new CHCertificateAuthoritiesConsumer();
    static final HandshakeProducer crNetworkProducer = new CRCertificateAuthoritiesProducer();
    static final SSLExtension.ExtensionConsumer crOnLoadConsumer = new CRCertificateAuthoritiesConsumer();
    static final SSLStringizer ssStringizer = new CertificateAuthoritiesStringizer();

    /* JADX WARN: Classes with same name are omitted:
      input_file:WEB-INF/lib/java.base-2024-05-10.jar:META-INF/modules/java.base/classes/sun/security/ssl/CertificateAuthoritiesExtension$CHCertificateAuthoritiesConsumer.class
     */
    /* loaded from: input_file:META-INF/modules/java.base/classes/sun/security/ssl/CertificateAuthoritiesExtension$CHCertificateAuthoritiesConsumer.class */
    private static final class CHCertificateAuthoritiesConsumer implements SSLExtension.ExtensionConsumer {
        private CHCertificateAuthoritiesConsumer() {
        }

        @Override // sun.security.ssl.SSLExtension.ExtensionConsumer
        public void consume(ConnectionContext connectionContext, SSLHandshake.HandshakeMessage handshakeMessage, ByteBuffer byteBuffer) throws IOException {
            ServerHandshakeContext serverHandshakeContext = (ServerHandshakeContext) connectionContext;
            if (serverHandshakeContext.sslConfig.isAvailable(SSLExtension.CH_CERTIFICATE_AUTHORITIES)) {
                CertificateAuthoritiesSpec certificateAuthoritiesSpec = new CertificateAuthoritiesSpec(serverHandshakeContext, byteBuffer);
                serverHandshakeContext.peerSupportedAuthorities = certificateAuthoritiesSpec.getAuthorities();
                serverHandshakeContext.handshakeExtensions.put(SSLExtension.CH_CERTIFICATE_AUTHORITIES, certificateAuthoritiesSpec);
            } else if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
                SSLLogger.fine("Ignore unavailable certificate_authorities extension", new Object[0]);
            }
        }
    }

    /* JADX WARN: Classes with same name are omitted:
      input_file:WEB-INF/lib/java.base-2024-05-10.jar:META-INF/modules/java.base/classes/sun/security/ssl/CertificateAuthoritiesExtension$CHCertificateAuthoritiesProducer.class
     */
    /* loaded from: input_file:META-INF/modules/java.base/classes/sun/security/ssl/CertificateAuthoritiesExtension$CHCertificateAuthoritiesProducer.class */
    private static final class CHCertificateAuthoritiesProducer implements HandshakeProducer {
        private CHCertificateAuthoritiesProducer() {
        }

        @Override // sun.security.ssl.HandshakeProducer
        public byte[] produce(ConnectionContext connectionContext, SSLHandshake.HandshakeMessage handshakeMessage) throws IOException {
            ClientHandshakeContext clientHandshakeContext = (ClientHandshakeContext) connectionContext;
            if (!clientHandshakeContext.sslConfig.isAvailable(SSLExtension.CH_CERTIFICATE_AUTHORITIES)) {
                if (!SSLLogger.isOn || !SSLLogger.isOn("ssl,handshake")) {
                    return null;
                }
                SSLLogger.fine("Ignore unavailable certificate_authorities extension", new Object[0]);
                return null;
            }
            X509Certificate[] acceptedIssuers = clientHandshakeContext.sslContext.getX509TrustManager().getAcceptedIssuers();
            if (acceptedIssuers.length == 0) {
                if (!SSLLogger.isOn || !SSLLogger.isOn("ssl,handshake")) {
                    return null;
                }
                SSLLogger.fine("No available certificate authorities", new Object[0]);
                return null;
            }
            List<byte[]> encodedAuthorities = CertificateAuthoritiesSpec.getEncodedAuthorities(acceptedIssuers);
            if (encodedAuthorities.isEmpty()) {
                if (!SSLLogger.isOn || !SSLLogger.isOn("ssl,handshake")) {
                    return null;
                }
                SSLLogger.warning("The number of CAs exceeds the maximum size of the certificate_authorities extension", new Object[0]);
                return null;
            }
            CertificateAuthoritiesSpec certificateAuthoritiesSpec = new CertificateAuthoritiesSpec(encodedAuthorities);
            int i = 0;
            Iterator<byte[]> iterator2 = certificateAuthoritiesSpec.authorities.iterator2();
            while (iterator2.hasNext()) {
                i += iterator2.next().length + 2;
            }
            byte[] bArr = new byte[i + 2];
            ByteBuffer wrap = ByteBuffer.wrap(bArr);
            Record.putInt16(wrap, i);
            Iterator<byte[]> iterator22 = certificateAuthoritiesSpec.authorities.iterator2();
            while (iterator22.hasNext()) {
                Record.putBytes16(wrap, iterator22.next());
            }
            clientHandshakeContext.handshakeExtensions.put(SSLExtension.CH_CERTIFICATE_AUTHORITIES, certificateAuthoritiesSpec);
            return bArr;
        }
    }

    /* JADX WARN: Classes with same name are omitted:
      input_file:WEB-INF/lib/java.base-2024-05-10.jar:META-INF/modules/java.base/classes/sun/security/ssl/CertificateAuthoritiesExtension$CRCertificateAuthoritiesConsumer.class
     */
    /* loaded from: input_file:META-INF/modules/java.base/classes/sun/security/ssl/CertificateAuthoritiesExtension$CRCertificateAuthoritiesConsumer.class */
    private static final class CRCertificateAuthoritiesConsumer implements SSLExtension.ExtensionConsumer {
        private CRCertificateAuthoritiesConsumer() {
        }

        @Override // sun.security.ssl.SSLExtension.ExtensionConsumer
        public void consume(ConnectionContext connectionContext, SSLHandshake.HandshakeMessage handshakeMessage, ByteBuffer byteBuffer) throws IOException {
            ClientHandshakeContext clientHandshakeContext = (ClientHandshakeContext) connectionContext;
            if (clientHandshakeContext.sslConfig.isAvailable(SSLExtension.CR_CERTIFICATE_AUTHORITIES)) {
                CertificateAuthoritiesSpec certificateAuthoritiesSpec = new CertificateAuthoritiesSpec(clientHandshakeContext, byteBuffer);
                clientHandshakeContext.peerSupportedAuthorities = certificateAuthoritiesSpec.getAuthorities();
                clientHandshakeContext.handshakeExtensions.put(SSLExtension.CR_CERTIFICATE_AUTHORITIES, certificateAuthoritiesSpec);
            } else if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
                SSLLogger.fine("Ignore unavailable certificate_authorities extension", new Object[0]);
            }
        }
    }

    /* JADX WARN: Classes with same name are omitted:
      input_file:WEB-INF/lib/java.base-2024-05-10.jar:META-INF/modules/java.base/classes/sun/security/ssl/CertificateAuthoritiesExtension$CRCertificateAuthoritiesProducer.class
     */
    /* loaded from: input_file:META-INF/modules/java.base/classes/sun/security/ssl/CertificateAuthoritiesExtension$CRCertificateAuthoritiesProducer.class */
    private static final class CRCertificateAuthoritiesProducer implements HandshakeProducer {
        private CRCertificateAuthoritiesProducer() {
        }

        @Override // sun.security.ssl.HandshakeProducer
        public byte[] produce(ConnectionContext connectionContext, SSLHandshake.HandshakeMessage handshakeMessage) throws IOException {
            ServerHandshakeContext serverHandshakeContext = (ServerHandshakeContext) connectionContext;
            if (!serverHandshakeContext.sslConfig.isAvailable(SSLExtension.CR_CERTIFICATE_AUTHORITIES)) {
                if (!SSLLogger.isOn || !SSLLogger.isOn("ssl,handshake")) {
                    return null;
                }
                SSLLogger.fine("Ignore unavailable certificate_authorities extension", new Object[0]);
                return null;
            }
            X509Certificate[] acceptedIssuers = serverHandshakeContext.sslContext.getX509TrustManager().getAcceptedIssuers();
            if (acceptedIssuers.length == 0) {
                if (!SSLLogger.isOn || !SSLLogger.isOn("ssl,handshake")) {
                    return null;
                }
                SSLLogger.fine("No available certificate authorities", new Object[0]);
                return null;
            }
            List<byte[]> encodedAuthorities = CertificateAuthoritiesSpec.getEncodedAuthorities(acceptedIssuers);
            if (encodedAuthorities.isEmpty()) {
                if (!SSLLogger.isOn || !SSLLogger.isOn("ssl,handshake")) {
                    return null;
                }
                SSLLogger.warning("Too many certificate authorities to use the certificate_authorities extension", new Object[0]);
                return null;
            }
            CertificateAuthoritiesSpec certificateAuthoritiesSpec = new CertificateAuthoritiesSpec(encodedAuthorities);
            int i = 0;
            Iterator<byte[]> iterator2 = certificateAuthoritiesSpec.authorities.iterator2();
            while (iterator2.hasNext()) {
                i += iterator2.next().length + 2;
            }
            byte[] bArr = new byte[i + 2];
            ByteBuffer wrap = ByteBuffer.wrap(bArr);
            Record.putInt16(wrap, i);
            Iterator<byte[]> iterator22 = certificateAuthoritiesSpec.authorities.iterator2();
            while (iterator22.hasNext()) {
                Record.putBytes16(wrap, iterator22.next());
            }
            serverHandshakeContext.handshakeExtensions.put(SSLExtension.CR_CERTIFICATE_AUTHORITIES, certificateAuthoritiesSpec);
            return bArr;
        }
    }

    /* JADX WARN: Classes with same name are omitted:
      input_file:WEB-INF/lib/java.base-2024-05-10.jar:META-INF/modules/java.base/classes/sun/security/ssl/CertificateAuthoritiesExtension$CertificateAuthoritiesSpec.class
     */
    /* loaded from: input_file:META-INF/modules/java.base/classes/sun/security/ssl/CertificateAuthoritiesExtension$CertificateAuthoritiesSpec.class */
    static final class CertificateAuthoritiesSpec implements SSLExtension.SSLExtensionSpec {
        final List<byte[]> authorities;

        private CertificateAuthoritiesSpec(List<byte[]> list) {
            this.authorities = list;
        }

        private CertificateAuthoritiesSpec(HandshakeContext handshakeContext, ByteBuffer byteBuffer) throws IOException {
            if (byteBuffer.remaining() < 3) {
                throw handshakeContext.conContext.fatal(Alert.DECODE_ERROR, new SSLProtocolException("Invalid certificate_authorities extension: insufficient data"));
            }
            int int16 = Record.getInt16(byteBuffer);
            if (int16 == 0) {
                throw handshakeContext.conContext.fatal(Alert.DECODE_ERROR, "Invalid certificate_authorities extension: no certificate authorities");
            }
            if (int16 > byteBuffer.remaining()) {
                throw handshakeContext.conContext.fatal(Alert.DECODE_ERROR, "Invalid certificate_authorities extension: insufficient data");
            }
            this.authorities = new LinkedList();
            while (int16 > 0) {
                byte[] bytes16 = Record.getBytes16(byteBuffer);
                int16 -= 2 + bytes16.length;
                this.authorities.add(bytes16);
            }
        }

        private static List<byte[]> getEncodedAuthorities(X509Certificate[] x509CertificateArr) {
            ArrayList arrayList = new ArrayList(x509CertificateArr.length);
            int i = 0;
            for (X509Certificate x509Certificate : x509CertificateArr) {
                byte[] encoded = x509Certificate.getSubjectX500Principal().getEncoded();
                i += encoded.length;
                if (i > 65535) {
                    return Collections.emptyList();
                }
                if (encoded.length != 0) {
                    arrayList.add(encoded);
                }
            }
            return arrayList;
        }

        X500Principal[] getAuthorities() {
            X500Principal[] x500PrincipalArr = new X500Principal[this.authorities.size()];
            int i = 0;
            Iterator<byte[]> iterator2 = this.authorities.iterator2();
            while (iterator2.hasNext()) {
                int i2 = i;
                i++;
                x500PrincipalArr[i2] = new X500Principal(iterator2.next());
            }
            return x500PrincipalArr;
        }

        public String toString() {
            MessageFormat messageFormat = new MessageFormat("\"certificate authorities\": '['\n{0}']'", Locale.ENGLISH);
            StringBuilder sb = new StringBuilder(512);
            Iterator<byte[]> iterator2 = this.authorities.iterator2();
            while (iterator2.hasNext()) {
                sb.append(new X500Principal(iterator2.next()).toString());
                sb.append("\n");
            }
            return messageFormat.format(new Object[]{Utilities.indent(sb.toString())});
        }
    }

    /* JADX WARN: Classes with same name are omitted:
      input_file:WEB-INF/lib/java.base-2024-05-10.jar:META-INF/modules/java.base/classes/sun/security/ssl/CertificateAuthoritiesExtension$CertificateAuthoritiesStringizer.class
     */
    /* loaded from: input_file:META-INF/modules/java.base/classes/sun/security/ssl/CertificateAuthoritiesExtension$CertificateAuthoritiesStringizer.class */
    private static final class CertificateAuthoritiesStringizer implements SSLStringizer {
        private CertificateAuthoritiesStringizer() {
        }

        @Override // sun.security.ssl.SSLStringizer
        public String toString(HandshakeContext handshakeContext, ByteBuffer byteBuffer) {
            try {
                return new CertificateAuthoritiesSpec(handshakeContext, byteBuffer).toString();
            } catch (IOException e) {
                return e.getMessage();
            }
        }
    }

    CertificateAuthoritiesExtension() {
    }
}
