package cn.com.bouncycastle.tls.test;

import cn.com.bouncycastle.tls.SignatureAndHashAlgorithm;
import cn.com.bouncycastle.tls.TlsContext;
import cn.com.bouncycastle.tls.TlsCredentialedAgreement;
import cn.com.bouncycastle.tls.TlsCredentialedDecryptor;
import cn.com.bouncycastle.tls.TlsCredentialedSigner;
import cn.com.bouncycastle.tls.TlsFatalAlert;
import cn.com.bouncycastle.tls.TlsUtils1;
import cn.com.bouncycastle.tls.crypto.TlsCertificate;
import cn.com.bouncycastle.tls.crypto.TlsCrypto;
import cn.com.bouncycastle.tls.crypto.TlsCryptoParameters;
import cn.com.bouncycastle.tls.crypto.impl.bc.BcDefaultTlsCredentialedAgreement;
import cn.com.bouncycastle.tls.crypto.impl.bc.BcDefaultTlsCredentialedDecryptor;
import cn.com.bouncycastle.tls.crypto.impl.bc.BcDefaultTlsCredentialedSigner;
import cn.com.bouncycastle.tls.crypto.impl.bc.BcTlsCrypto;
import cn.com.bouncycastle.tls.crypto.impl.jcajce.JcaDefaultTlsCredentialedSigner;
import cn.com.bouncycastle.tls.crypto.impl.jcajce.JcaTlsCrypto;
import cn.com.bouncycastle.tls.crypto.impl.jcajce.JceDefaultTlsCredentialedAgreement;
import cn.com.bouncycastle.tls.crypto.impl.jcajce.JceDefaultTlsCredentialedDecryptor;
import d.c.n.s;
import java.io.IOException;
import java.io.InputStreamReader;
import java.security.GeneralSecurityException;
import java.security.KeyFactory;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.Security;
import java.security.spec.PKCS8EncodedKeySpec;
import java.security.spec.RSAPrivateCrtKeySpec;
import java.util.Vector;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.TrustManagerFactory;
import org.bouncycastle.asn1.ASN1ObjectIdentifier;
import org.bouncycastle.asn1.ASN1Primitive;
import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
import org.bouncycastle.asn1.pkcs.PrivateKeyInfo;
import org.bouncycastle.asn1.pkcs.RSAPrivateKey;
import org.bouncycastle.asn1.sec.ECPrivateKey;
import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
import org.bouncycastle.asn1.x509.Certificate;
import org.bouncycastle.asn1.x9.X9ObjectIdentifiers;
import org.bouncycastle.crypto.digests.SHA256Digest;
import org.bouncycastle.crypto.params.AsymmetricKeyParameter;
import org.bouncycastle.crypto.params.RSAPrivateCrtKeyParameters;
import org.bouncycastle.crypto.util.PrivateKeyFactory;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.util.Arrays;
import org.bouncycastle.util.encoders.Base64;
import org.bouncycastle.util.encoders.Hex;
import org.bouncycastle.util.io.pem.PemObject;
import org.bouncycastle.util.io.pem.PemReader;

/* loaded from: classes.dex */
public class TlsTestUtils {
    public static final byte[] rsaCertData = Base64.decode("MIICUzCCAf2gAwIBAgIBATANBgkqhkiG9w0BAQQFADCBjzELMAkGA1UEBhMCQVUxKDAmBgNVBAoMH1RoZSBMZWdpb24gb2YgdGhlIEJvdW5jeSBDYXN0bGUxEjAQBgNVBAcMCU1lbGJvdXJuZTERMA8GA1UECAwIVmljdG9yaWExLzAtBgkqhkiG9w0BCQEWIGZlZWRiYWNrLWNyeXB0b0Bib3VuY3ljYXN0bGUub3JnMB4XDTEzMDIyNTA2MDIwNVoXDTEzMDIyNTA2MDM0NVowgY8xCzAJBgNVBAYTAkFVMSgwJgYDVQQKDB9UaGUgTGVnaW9uIG9mIHRoZSBCb3VuY3kgQ2FzdGxlMRIwEAYDVQQHDAlNZWxib3VybmUxETAPBgNVBAgMCFZpY3RvcmlhMS8wLQYJKoZIhvcNAQkBFiBmZWVkYmFjay1jcnlwdG9AYm91bmN5Y2FzdGxlLm9yZzBaMA0GCSqGSIb3DQEBAQUAA0kAMEYCQQC0p+RhcFdPFqlwgrIr5YtqKmKXmEGb4ShypL26Ymz66ZAPdqv7EhOdzl3lZWT6srZUMWWgQMYGiHQg4z2R7X7XAgERo0QwQjAOBgNVHQ8BAf8EBAMCBSAwEgYDVR0lAQH/BAgwBgYEVR0lADAcBgNVHREBAf8EEjAQgQ50ZXN0QHRlc3QudGVzdDANBgkqhkiG9w0BAQQFAANBAHU55NczeglREcTg54YLUlGWu2WOYWhit/iM1eeq8Kivro7q98eW52jTuMI3CI5ulqd0hYzshQKQaZ5GDzErMyM=");
    public static final byte[] dudRsaCertData = Base64.decode("MIICUzCCAf2gAwIBAgIBATANBgkqhkiG9w0BAQQFADCBjzELMAkGA1UEBhMCQVUxKDAmBgNVBAoMH1RoZSBMZWdpb24gb2YgdGhlIEJvdW5jeSBDYXN0bGUxEjAQBgNVBAcMCU1lbGJvdXJuZTERMA8GA1UECAwIVmljdG9yaWExLzAtBgkqhkiG9w0BCQEWIGZlZWRiYWNrLWNyeXB0b0Bib3VuY3ljYXN0bGUub3JnMB4XDTEzMDIyNTA1NDcyOFoXDTEzMDIyNTA1NDkwOFowgY8xCzAJBgNVBAYTAkFVMSgwJgYDVQQKDB9UaGUgTGVnaW9uIG9mIHRoZSBCb3VuY3kgQ2FzdGxlMRIwEAYDVQQHDAlNZWxib3VybmUxETAPBgNVBAgMCFZpY3RvcmlhMS8wLQYJKoZIhvcNAQkBFiBmZWVkYmFjay1jcnlwdG9AYm91bmN5Y2FzdGxlLm9yZzBaMA0GCSqGSIb3DQEBAQUAA0kAMEYCQQC0p+RhcFdPFqlwgrIr5YtqKmKXmEGb4ShypL26Ymz66ZAPdqv7EhOdzl3lZWT6srZUMWWgQMYGiHQg4z2R7X7XAgERo0QwQjAOBgNVHQ8BAf8EBAMCAAEwEgYDVR0lAQH/BAgwBgYEVR0lADAcBgNVHREBAf8EEjAQgQ50ZXN0QHRlc3QudGVzdDANBgkqhkiG9w0BAQQFAANBAJg55PBSweg6obRUKF4FF6fCrWFi6oCYSQ99LWcAeupc5BofW5MstFMhCOaEucuGVqunwT5G7/DweazzCIrSzB0=");

    public static boolean areSameCertificate(TlsCertificate tlsCertificate, TlsCertificate tlsCertificate2) throws IOException {
        return Arrays.areEqual(tlsCertificate.getEncoded(), tlsCertificate2.getEncoded());
    }

    public static boolean areSameCertificate(TlsCrypto tlsCrypto, TlsCertificate tlsCertificate, String str) throws IOException {
        return areSameCertificate(tlsCertificate, loadCertificateResource(tlsCrypto, str));
    }

    public static String fingerprint(Certificate certificate) throws IOException {
        String upperCase = new String(Hex.encode(sha256DigestOf(certificate.getEncoded())), "ASCII").toUpperCase();
        StringBuffer stringBuffer = new StringBuffer();
        int i2 = 0;
        stringBuffer.append(upperCase.substring(0, 2));
        while (true) {
            i2 += 2;
            if (i2 >= upperCase.length()) {
                return stringBuffer.toString();
            }
            stringBuffer.append(':');
            stringBuffer.append(upperCase.substring(i2, i2 + 2));
        }
    }

    public static String getCACertResource(short s) throws IOException {
        if (s == 1) {
            return "x509-ca-rsa.pem";
        }
        if (s == 2) {
            return "x509-ca-dsa.pem";
        }
        if (s == 3) {
            return "x509-ca-ecdsa.pem";
        }
        throw new TlsFatalAlert((short) 80);
    }

    public static KeyManagerFactory getSunX509KeyManagerFactory() throws NoSuchAlgorithmException {
        return Security.getProvider("IBMJSSE2") != null ? KeyManagerFactory.getInstance("IBMX509") : KeyManagerFactory.getInstance("SunX509");
    }

    public static TrustManagerFactory getSunX509TrustManagerFactory() throws NoSuchAlgorithmException {
        return Security.getProvider("IBMJSSE2") != null ? TrustManagerFactory.getInstance("IBMX509") : TrustManagerFactory.getInstance("SunX509");
    }

    public static boolean isCertificateOneOf(TlsCrypto tlsCrypto, TlsCertificate tlsCertificate, String[] strArr) throws IOException {
        for (String str : strArr) {
            if (areSameCertificate(tlsCrypto, tlsCertificate, str)) {
                return true;
            }
        }
        return false;
    }

    public static TlsCredentialedAgreement loadAgreementCredentials(TlsContext tlsContext, String[] strArr, String str) throws IOException {
        TlsCrypto crypto = tlsContext.getCrypto();
        cn.com.bouncycastle.tls.Certificate loadCertificateChain = loadCertificateChain(crypto, strArr);
        if (crypto instanceof BcTlsCrypto) {
            return new BcDefaultTlsCredentialedAgreement((BcTlsCrypto) tlsContext.getCrypto(), loadCertificateChain, loadBcPrivateKeyResource(str));
        }
        return new JceDefaultTlsCredentialedAgreement((JcaTlsCrypto) tlsContext.getCrypto(), loadCertificateChain, loadJcaPrivateKeyResource(str));
    }

    public static Certificate loadBcCertificateResource(String str) throws IOException {
        PemObject loadPemResource = loadPemResource(str);
        if (loadPemResource.getType().endsWith("CERTIFICATE")) {
            return Certificate.getInstance(loadPemResource.getContent());
        }
        throw new IllegalArgumentException("'resource' doesn't specify a valid certificate");
    }

    public static AsymmetricKeyParameter loadBcPrivateKeyResource(String str) throws IOException {
        PemObject loadPemResource = loadPemResource(str);
        if (loadPemResource.getType().equals("PRIVATE KEY")) {
            return PrivateKeyFactory.createKey(loadPemResource.getContent());
        }
        if (loadPemResource.getType().equals("ENCRYPTED PRIVATE KEY")) {
            throw new UnsupportedOperationException("Encrypted PKCS#8 keys not supported");
        }
        if (loadPemResource.getType().equals("RSA PRIVATE KEY")) {
            RSAPrivateKey rSAPrivateKey = RSAPrivateKey.getInstance(loadPemResource.getContent());
            return new RSAPrivateCrtKeyParameters(rSAPrivateKey.getModulus(), rSAPrivateKey.getPublicExponent(), rSAPrivateKey.getPrivateExponent(), rSAPrivateKey.getPrime1(), rSAPrivateKey.getPrime2(), rSAPrivateKey.getExponent1(), rSAPrivateKey.getExponent2(), rSAPrivateKey.getCoefficient());
        }
        if (!loadPemResource.getType().equals("EC PRIVATE KEY")) {
            throw new IllegalArgumentException("'resource' doesn't specify a valid private key");
        }
        ECPrivateKey eCPrivateKey = ECPrivateKey.getInstance(loadPemResource.getContent());
        return PrivateKeyFactory.createKey(new PrivateKeyInfo(new AlgorithmIdentifier(X9ObjectIdentifiers.id_ecPublicKey, eCPrivateKey.getParameters()), eCPrivateKey));
    }

    public static cn.com.bouncycastle.tls.Certificate loadCertificateChain(TlsCrypto tlsCrypto, String[] strArr) throws IOException {
        TlsCertificate[] tlsCertificateArr = new TlsCertificate[strArr.length];
        for (int i2 = 0; i2 < strArr.length; i2++) {
            tlsCertificateArr[i2] = loadCertificateResource(tlsCrypto, strArr[i2]);
        }
        return new cn.com.bouncycastle.tls.Certificate(tlsCertificateArr);
    }

    public static TlsCertificate loadCertificateResource(TlsCrypto tlsCrypto, String str) throws IOException {
        PemObject loadPemResource = loadPemResource(str);
        if (loadPemResource.getType().endsWith("CERTIFICATE")) {
            return tlsCrypto.createCertificate(loadPemResource.getContent());
        }
        throw new IllegalArgumentException("'resource' doesn't specify a valid certificate");
    }

    public static TlsCredentialedDecryptor loadEncryptionCredentials(TlsContext tlsContext, String[] strArr, String str) throws IOException {
        TlsCrypto crypto = tlsContext.getCrypto();
        cn.com.bouncycastle.tls.Certificate loadCertificateChain = loadCertificateChain(crypto, strArr);
        if (crypto instanceof BcTlsCrypto) {
            return new BcDefaultTlsCredentialedDecryptor((BcTlsCrypto) crypto, loadCertificateChain, loadBcPrivateKeyResource(str));
        }
        return new JceDefaultTlsCredentialedDecryptor((JcaTlsCrypto) crypto, loadCertificateChain, loadJcaPrivateKeyResource(str));
    }

    public static PrivateKey loadJcaPkcs8PrivateKey(byte[] bArr) throws GeneralSecurityException {
        ASN1ObjectIdentifier algorithm = PrivateKeyInfo.getInstance(bArr).getPrivateKeyAlgorithm().getAlgorithm();
        return KeyFactory.getInstance(X9ObjectIdentifiers.id_dsa.equals((ASN1Primitive) algorithm) ? s.f4926c : X9ObjectIdentifiers.id_ecPublicKey.equals((ASN1Primitive) algorithm) ? "EC" : PKCSObjectIdentifiers.rsaEncryption.equals((ASN1Primitive) algorithm) ? s.f4925b : algorithm.getId(), BouncyCastleProvider.PROVIDER_NAME).generatePrivate(new PKCS8EncodedKeySpec(bArr));
    }

    public static PrivateKey loadJcaPrivateKeyResource(String str) throws IOException {
        PemObject loadPemResource;
        try {
            loadPemResource = loadPemResource(str);
        } catch (GeneralSecurityException e2) {
            e = e2;
        }
        if (loadPemResource.getType().equals("PRIVATE KEY")) {
            return loadJcaPkcs8PrivateKey(loadPemResource.getContent());
        }
        if (loadPemResource.getType().equals("ENCRYPTED PRIVATE KEY")) {
            throw new UnsupportedOperationException("Encrypted PKCS#8 keys not supported");
        }
        if (loadPemResource.getType().equals("RSA PRIVATE KEY")) {
            RSAPrivateKey rSAPrivateKey = RSAPrivateKey.getInstance(loadPemResource.getContent());
            return KeyFactory.getInstance(s.f4925b, BouncyCastleProvider.PROVIDER_NAME).generatePrivate(new RSAPrivateCrtKeySpec(rSAPrivateKey.getModulus(), rSAPrivateKey.getPublicExponent(), rSAPrivateKey.getPrivateExponent(), rSAPrivateKey.getPrime1(), rSAPrivateKey.getPrime2(), rSAPrivateKey.getExponent1(), rSAPrivateKey.getExponent2(), rSAPrivateKey.getCoefficient()));
        }
        e = null;
        throw new IllegalArgumentException("'resource' doesn't specify a valid private key", e);
    }

    public static PemObject loadPemResource(String str) throws IOException {
        PemReader pemReader = new PemReader(new InputStreamReader(TlsTestUtils.class.getResourceAsStream(str)));
        PemObject readPemObject = pemReader.readPemObject();
        pemReader.close();
        return readPemObject;
    }

    public static TlsCredentialedSigner loadSignerCredentials(TlsContext tlsContext, Vector vector, short s, String str, String str2) throws IOException {
        SignatureAndHashAlgorithm signatureAndHashAlgorithm;
        if (vector == null) {
            vector = TlsUtils1.getDefaultSignatureAlgorithms(s);
        }
        int i2 = 0;
        while (true) {
            if (i2 >= vector.size()) {
                signatureAndHashAlgorithm = null;
                break;
            }
            signatureAndHashAlgorithm = (SignatureAndHashAlgorithm) vector.elementAt(i2);
            if (signatureAndHashAlgorithm.getSignature() == s) {
                break;
            }
            i2++;
        }
        if (signatureAndHashAlgorithm == null) {
            return null;
        }
        return loadSignerCredentials(tlsContext, new String[]{str, getCACertResource(s)}, str2, signatureAndHashAlgorithm);
    }

    public static TlsCredentialedSigner loadSignerCredentials(TlsContext tlsContext, String[] strArr, String str, SignatureAndHashAlgorithm signatureAndHashAlgorithm) throws IOException {
        TlsCrypto crypto = tlsContext.getCrypto();
        cn.com.bouncycastle.tls.Certificate loadCertificateChain = loadCertificateChain(crypto, strArr);
        if (crypto instanceof BcTlsCrypto) {
            return new BcDefaultTlsCredentialedSigner(new TlsCryptoParameters(tlsContext), (BcTlsCrypto) crypto, loadBcPrivateKeyResource(str), loadCertificateChain, signatureAndHashAlgorithm);
        }
        return new JcaDefaultTlsCredentialedSigner(new TlsCryptoParameters(tlsContext), (JcaTlsCrypto) crypto, loadJcaPrivateKeyResource(str), loadCertificateChain, signatureAndHashAlgorithm);
    }

    public static byte[] sha256DigestOf(byte[] bArr) {
        SHA256Digest sHA256Digest = new SHA256Digest();
        sHA256Digest.update(bArr, 0, bArr.length);
        byte[] bArr2 = new byte[sHA256Digest.getDigestSize()];
        sHA256Digest.doFinal(bArr2, 0);
        return bArr2;
    }
}
