package cn.com.bouncycastle.tls.test;

import cn.com.bouncycastle.tls.Certificate;
import cn.com.bouncycastle.tls.CertificateRequest;
import cn.com.bouncycastle.tls.DefaultTlsClient;
import cn.com.bouncycastle.tls.ProtocolVersion;
import cn.com.bouncycastle.tls.SignatureAndHashAlgorithm;
import cn.com.bouncycastle.tls.TlsAuthentication;
import cn.com.bouncycastle.tls.TlsCredentialedSigner;
import cn.com.bouncycastle.tls.TlsCredentials;
import cn.com.bouncycastle.tls.TlsFatalAlert;
import cn.com.bouncycastle.tls.TlsServerCertificate;
import cn.com.bouncycastle.tls.TlsUtils1;
import cn.com.bouncycastle.tls.crypto.TlsCertificate;
import cn.com.bouncycastle.tls.crypto.TlsCrypto;
import cn.com.bouncycastle.tls.crypto.TlsStreamSigner;
import cn.com.bouncycastle.tls.crypto.impl.bc.BcTlsCrypto;
import cn.com.bouncycastle.tls.crypto.impl.jcajce.JcaTlsCryptoProvider;
import java.io.IOException;
import java.security.SecureRandom;
import java.util.Hashtable;
import java.util.Vector;
import org.bouncycastle.asn1.ASN1EncodableVector;
import org.bouncycastle.asn1.ASN1Encoding;
import org.bouncycastle.asn1.DERBitString;
import org.bouncycastle.asn1.DERSequence;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.util.Arrays;

/* loaded from: classes.dex */
public class TlsTestClientImpl extends DefaultTlsClient {
    public final TlsTestConfig config;
    public int firstFatalAlertConnectionEnd;
    public short firstFatalAlertDescription;
    public byte[] tlsUnique;

    public TlsTestClientImpl(TlsTestConfig tlsTestConfig) {
        super(new BcTlsCrypto(new SecureRandom()));
        this.firstFatalAlertConnectionEnd = -1;
        this.firstFatalAlertDescription = (short) -1;
        this.tlsUnique = null;
        this.config = tlsTestConfig;
    }

    public byte[] corruptBit(byte[] bArr) {
        byte[] clone = Arrays.clone(bArr);
        int nextInt = this.context.getCrypto().getSecureRandom().nextInt(clone.length << 3);
        int i2 = nextInt >>> 3;
        clone[i2] = (byte) ((1 << (nextInt & 7)) ^ clone[i2]);
        return clone;
    }

    public Certificate corruptCertificate(TlsCrypto tlsCrypto, Certificate certificate) {
        TlsCertificate[] certificateList = certificate.getCertificateList();
        try {
            certificateList[0] = corruptCertificateSignature(tlsCrypto, certificateList[0]);
            return new Certificate(certificateList);
        } catch (IOException e2) {
            throw new RuntimeException(e2);
        }
    }

    public TlsCertificate corruptCertificateSignature(TlsCrypto tlsCrypto, TlsCertificate tlsCertificate) throws IOException {
        org.bouncycastle.asn1.x509.Certificate certificate = org.bouncycastle.asn1.x509.Certificate.getInstance(tlsCertificate.getEncoded());
        ASN1EncodableVector aSN1EncodableVector = new ASN1EncodableVector();
        aSN1EncodableVector.add(certificate.getTBSCertificate());
        aSN1EncodableVector.add(certificate.getSignatureAlgorithm());
        aSN1EncodableVector.add(corruptSignature((DERBitString) certificate.getSignature()));
        return tlsCrypto.createCertificate(org.bouncycastle.asn1.x509.Certificate.getInstance(new DERSequence(aSN1EncodableVector)).getEncoded(ASN1Encoding.DER));
    }

    public DERBitString corruptSignature(DERBitString dERBitString) {
        return new DERBitString(corruptBit(dERBitString.getOctets()));
    }

    @Override // cn.com.bouncycastle.tls.TlsClient
    public TlsAuthentication getAuthentication() throws IOException {
        return new TlsAuthentication() { // from class: cn.com.bouncycastle.tls.test.TlsTestClientImpl.1
            @Override // cn.com.bouncycastle.tls.TlsAuthentication
            public TlsCredentials getClientCredentials(CertificateRequest certificateRequest) throws IOException {
                short[] certificateTypes;
                TlsTestConfig tlsTestConfig = TlsTestClientImpl.this.config;
                if (tlsTestConfig.serverCertReq == 0) {
                    throw new IllegalStateException();
                }
                if (tlsTestConfig.clientAuth == 0 || (certificateTypes = certificateRequest.getCertificateTypes()) == null || !Arrays.contains(certificateTypes, (short) 1)) {
                    return null;
                }
                Vector supportedSignatureAlgorithms = certificateRequest.getSupportedSignatureAlgorithms();
                if (supportedSignatureAlgorithms != null && TlsTestClientImpl.this.config.clientAuthSigAlg != null) {
                    supportedSignatureAlgorithms = new Vector(1);
                    supportedSignatureAlgorithms.addElement(TlsTestClientImpl.this.config.clientAuthSigAlg);
                }
                final TlsCredentialedSigner loadSignerCredentials = TlsTestUtils.loadSignerCredentials(TlsTestClientImpl.this.context, supportedSignatureAlgorithms, (short) 1, "x509-client-rsa.pem", "x509-client-key-rsa.pem");
                return TlsTestClientImpl.this.config.clientAuth == 1 ? loadSignerCredentials : new TlsCredentialedSigner() { // from class: cn.com.bouncycastle.tls.test.TlsTestClientImpl.1.1
                    @Override // cn.com.bouncycastle.tls.TlsCredentialedSigner
                    public byte[] generateRawSignature(byte[] bArr) throws IOException {
                        byte[] generateRawSignature = loadSignerCredentials.generateRawSignature(bArr);
                        TlsTestClientImpl tlsTestClientImpl = TlsTestClientImpl.this;
                        return tlsTestClientImpl.config.clientAuth == 3 ? tlsTestClientImpl.corruptBit(generateRawSignature) : generateRawSignature;
                    }

                    @Override // cn.com.bouncycastle.tls.TlsCredentials
                    public Certificate getCertificate() {
                        Certificate certificate = loadSignerCredentials.getCertificate();
                        TlsTestClientImpl tlsTestClientImpl = TlsTestClientImpl.this;
                        return tlsTestClientImpl.config.clientAuth == 2 ? tlsTestClientImpl.corruptCertificate(tlsTestClientImpl.context.getCrypto(), certificate) : certificate;
                    }

                    @Override // cn.com.bouncycastle.tls.TlsCredentialedSigner
                    public SignatureAndHashAlgorithm getSignatureAndHashAlgorithm() {
                        return loadSignerCredentials.getSignatureAndHashAlgorithm();
                    }

                    @Override // cn.com.bouncycastle.tls.TlsCredentialedSigner
                    public TlsStreamSigner getStreamSigner() throws IOException {
                        return null;
                    }
                };
            }

            @Override // cn.com.bouncycastle.tls.TlsAuthentication
            public void notifyServerCertificate(TlsServerCertificate tlsServerCertificate) throws IOException {
                TlsCertificate[] certificateList = tlsServerCertificate.getCertificate().getCertificateList();
                if ((tlsServerCertificate == null || tlsServerCertificate.getCertificate() == null || tlsServerCertificate.getCertificate().isEmpty()) || !TlsTestUtils.isCertificateOneOf(TlsTestClientImpl.this.context.getCrypto(), certificateList[0], new String[]{"x509-server-dsa.pem", "x509-server-ecdsa.pem", "x509-server-rsa-enc.pem", "x509-server-rsa-sign.pem"})) {
                    throw new TlsFatalAlert((short) 42);
                }
            }
        };
    }

    @Override // cn.com.bouncycastle.tls.AbstractTlsClient, cn.com.bouncycastle.tls.TlsClient
    public Hashtable getClientExtensions() throws IOException {
        Hashtable clientExtensions = super.getClientExtensions();
        if (clientExtensions != null && !this.config.clientSendSignatureAlgorithms) {
            clientExtensions.remove(TlsUtils1.EXT_signature_algorithms);
            this.supportedSignatureAlgorithms = null;
        }
        return clientExtensions;
    }

    @Override // cn.com.bouncycastle.tls.AbstractTlsClient, cn.com.bouncycastle.tls.TlsClient
    public ProtocolVersion getClientVersion() {
        ProtocolVersion protocolVersion = this.config.clientOfferVersion;
        return protocolVersion != null ? protocolVersion : super.getClientVersion();
    }

    @Override // cn.com.bouncycastle.tls.AbstractTlsPeer, cn.com.bouncycastle.tls.TlsPeer
    public TlsCrypto getCrypto() {
        return this.config.clientCrypto != 1 ? new BcTlsCrypto(new SecureRandom()) : new JcaTlsCryptoProvider().setProvider(new BouncyCastleProvider()).create(new SecureRandom(), new SecureRandom());
    }

    public int getFirstFatalAlertConnectionEnd() {
        return this.firstFatalAlertConnectionEnd;
    }

    public short getFirstFatalAlertDescription() {
        return this.firstFatalAlertDescription;
    }

    @Override // cn.com.bouncycastle.tls.AbstractTlsClient
    public ProtocolVersion getMinimumVersion() {
        ProtocolVersion protocolVersion = this.config.clientMinimumVersion;
        return protocolVersion != null ? protocolVersion : super.getMinimumVersion();
    }

    @Override // cn.com.bouncycastle.tls.AbstractTlsClient, cn.com.bouncycastle.tls.TlsClient
    public boolean isFallback() {
        return this.config.clientFallback;
    }

    @Override // cn.com.bouncycastle.tls.AbstractTlsPeer, cn.com.bouncycastle.tls.TlsPeer
    public void notifyAlertRaised(short s, short s2, String str, Throwable th) {
        if (s == 2 && this.firstFatalAlertConnectionEnd == -1) {
            this.firstFatalAlertConnectionEnd = 1;
            this.firstFatalAlertDescription = s2;
        }
    }

    @Override // cn.com.bouncycastle.tls.AbstractTlsPeer, cn.com.bouncycastle.tls.TlsPeer
    public void notifyAlertReceived(short s, short s2) {
        if (s == 2 && this.firstFatalAlertConnectionEnd == -1) {
            this.firstFatalAlertConnectionEnd = 0;
            this.firstFatalAlertDescription = s2;
        }
    }

    @Override // cn.com.bouncycastle.tls.AbstractTlsPeer, cn.com.bouncycastle.tls.TlsPeer
    public void notifyHandshakeComplete() throws IOException {
        super.notifyHandshakeComplete();
        this.tlsUnique = this.context.exportChannelBinding(1);
    }

    @Override // cn.com.bouncycastle.tls.AbstractTlsClient, cn.com.bouncycastle.tls.TlsClient
    public void notifyServerVersion(ProtocolVersion protocolVersion) throws IOException {
        super.notifyServerVersion(protocolVersion);
    }
}
