package cfca.sadk.tls.sun.security.ssl.message;

import cfca.sadk.tls.sun.security.ssl.DistinguishedName;
import cfca.sadk.tls.sun.security.ssl.HandshakeInStream;
import cfca.sadk.tls.sun.security.ssl.HandshakeOutStream;
import cfca.sadk.tls.sun.security.ssl.ProtocolVersion;
import cfca.sadk.tls.sun.security.ssl.sec.KeyExchangeAlgorithm;
import cfca.sadk.tls.sun.security.ssl.sec.SignatureAndHashAlgorithm;
import java.io.IOException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Collection;
import javax.net.ssl.SSLProtocolException;
import javax.security.auth.x500.X500Principal;

/* loaded from: input_file:cfca/sadk/tls/sun/security/ssl/message/CertificateRequest.class */
public final class CertificateRequest extends HandshakeMessage {
    public static final int cct_rsa_sign = 1;
    public static final int cct_ecdsa_sign = 64;
    public static final int cct_ibc_params = 80;
    private static final byte[] TYPES_ECC = {1, 64};
    public byte[] types;
    DistinguishedName[] authorities;
    ProtocolVersion protocolVersion;
    private Collection<SignatureAndHashAlgorithm> algorithms;
    private int algorithmsLen;

    public CertificateRequest(X509Certificate[] x509CertificateArr, KeyExchangeAlgorithm keyExchangeAlgorithm, Collection<SignatureAndHashAlgorithm> collection, ProtocolVersion protocolVersion) throws IOException {
        this.protocolVersion = protocolVersion;
        this.authorities = new DistinguishedName[x509CertificateArr.length];
        for (int i = 0; i < x509CertificateArr.length; i++) {
            this.authorities[i] = new DistinguishedName(x509CertificateArr[i].getSubjectX500Principal());
        }
        this.types = TYPES_ECC;
        if (!protocolVersion.isStandardTLS12()) {
            this.algorithms = new ArrayList();
            this.algorithmsLen = 0;
        } else {
            if (collection == null || collection.isEmpty()) {
                throw new SSLProtocolException("No supported signature algorithms");
            }
            this.algorithms = new ArrayList(collection);
            this.algorithmsLen = SignatureAndHashAlgorithm.sizeInRecord() * this.algorithms.size();
        }
    }

    public CertificateRequest(HandshakeInStream handshakeInStream, ProtocolVersion protocolVersion) throws IOException {
        this.protocolVersion = protocolVersion;
        this.types = handshakeInStream.getBytes8();
        if (protocolVersion.isStandardTLS12()) {
            this.algorithmsLen = handshakeInStream.getInt16();
            if (this.algorithmsLen < 2) {
                throw new SSLProtocolException("Invalid supported_signature_algorithms field");
            }
            this.algorithms = new ArrayList();
            int i = this.algorithmsLen;
            int i2 = 0;
            while (i > 1) {
                i2++;
                this.algorithms.add(SignatureAndHashAlgorithm.valueOf(handshakeInStream.getInt8(), handshakeInStream.getInt8(), i2));
                i -= 2;
            }
            if (i != 0) {
                throw new SSLProtocolException("Invalid supported_signature_algorithms field");
            }
        } else {
            this.algorithms = new ArrayList();
            this.algorithmsLen = 0;
        }
        int int16 = handshakeInStream.getInt16();
        ArrayList arrayList = new ArrayList();
        while (int16 >= 3) {
            DistinguishedName distinguishedName = new DistinguishedName(handshakeInStream);
            arrayList.add(distinguishedName);
            int16 -= distinguishedName.length();
        }
        if (int16 != 0) {
            throw new SSLProtocolException("Bad CertificateRequest DN length");
        }
        this.authorities = (DistinguishedName[]) arrayList.toArray(new DistinguishedName[arrayList.size()]);
    }

    public X500Principal[] getAuthorities() throws IOException {
        X500Principal[] x500PrincipalArr = new X500Principal[this.authorities.length];
        for (int i = 0; i < this.authorities.length; i++) {
            x500PrincipalArr[i] = this.authorities[i].getX500Principal();
        }
        return x500PrincipalArr;
    }

    public Collection<SignatureAndHashAlgorithm> getSignAlgorithms() {
        return this.algorithms;
    }

    @Override // cfca.sadk.tls.sun.security.ssl.message.HandshakeMessage
    public int messageType() {
        return 13;
    }

    @Override // cfca.sadk.tls.sun.security.ssl.message.HandshakeMessage
    int messageLength() {
        int length = 1 + this.types.length + 2;
        if (this.protocolVersion.isStandardTLS12()) {
            length += this.algorithmsLen + 2;
        }
        for (int i = 0; i < this.authorities.length; i++) {
            length += this.authorities[i].length();
        }
        return length;
    }

    @Override // cfca.sadk.tls.sun.security.ssl.message.HandshakeMessage
    void send(HandshakeOutStream handshakeOutStream) throws IOException {
        handshakeOutStream.putBytes8(this.types);
        if (this.protocolVersion.isStandardTLS12()) {
            handshakeOutStream.putInt16(this.algorithmsLen);
            for (SignatureAndHashAlgorithm signatureAndHashAlgorithm : this.algorithms) {
                handshakeOutStream.putInt8(signatureAndHashAlgorithm.getHashValue());
                handshakeOutStream.putInt8(signatureAndHashAlgorithm.getSignatureValue());
            }
        }
        int i = 0;
        for (int i2 = 0; i2 < this.authorities.length; i2++) {
            i += this.authorities[i2].length();
        }
        handshakeOutStream.putInt16(i);
        for (int i3 = 0; i3 < this.authorities.length; i3++) {
            this.authorities[i3].write(handshakeOutStream);
        }
    }

    public String toString() {
        StringBuilder sb = new StringBuilder();
        sb.append('\n');
        sb.append("*** CertificateRequest");
        sb.append("Cert Types: ");
        for (int i = 0; i < this.types.length; i++) {
            switch (this.types[i]) {
                case 1:
                    sb.append("RSA");
                    break;
                case 64:
                    sb.append("ECDSA");
                    break;
                case cct_ibc_params /* 80 */:
                    sb.append("IBC Params");
                    break;
                default:
                    sb.append("Type-" + (this.types[i] & 255));
                    break;
            }
            if (i != this.types.length - 1) {
                sb.append(", ");
            }
        }
        sb.append('\n');
        if (this.protocolVersion.isStandardTLS12()) {
            sb.append('\n');
            sb.append("Supported Signature Algorithms: ");
            boolean z = false;
            for (SignatureAndHashAlgorithm signatureAndHashAlgorithm : this.algorithms) {
                if (signatureAndHashAlgorithm != null) {
                    if (z) {
                        sb.append(", ");
                    } else {
                        z = true;
                    }
                    sb.append(signatureAndHashAlgorithm.getAlgorithmName());
                }
            }
        }
        sb.append('\n');
        sb.append("Cert Authorities:");
        if (this.authorities.length == 0) {
            sb.append('\n');
            sb.append("<Empty>");
        } else {
            for (int i2 = 0; i2 < this.authorities.length; i2++) {
                sb.append(this.authorities[i2]);
            }
        }
        sb.append("\n***");
        return sb.toString();
    }
}
