package org.eclipse.californium.scandium.dtls.x509;

import java.security.PublicKey;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
import org.eclipse.californium.elements.util.Asn1DerDecoder;
import org.eclipse.californium.elements.util.CertPathUtil;
import org.eclipse.californium.elements.util.JceProviderUtil;
import org.eclipse.californium.scandium.dtls.SignatureAndHashAlgorithm;
import org.eclipse.californium.scandium.dtls.cipher.XECDHECryptography;
import org.eclipse.californium.scandium.util.ListUtils;

/* loaded from: classes24.dex */
public class CertificateConfigurationHelper {
    private boolean clientUsage;
    private boolean serverUsage;
    private final List<PublicKey> keys = new ArrayList();
    private final List<List<X509Certificate>> chains = new ArrayList();
    private final List<X509Certificate> trusts = new ArrayList();
    private final List<SignatureAndHashAlgorithm> defaultSignatureAndHashAlgorithms = new ArrayList();
    private final List<XECDHECryptography.SupportedGroup> defaultSupportedGroups = new ArrayList();

    public void addConfigurationDefaultsFor(PublicKey publicKey) {
        String algorithm = publicKey.getAlgorithm();
        if (!JceProviderUtil.isSupported(algorithm)) {
            throw new IllegalArgumentException("Public key algorithm " + algorithm + " is not supported!");
        }
        if (Asn1DerDecoder.isEcBased(algorithm)) {
            XECDHECryptography.SupportedGroup fromPublicKey = XECDHECryptography.SupportedGroup.fromPublicKey(publicKey);
            if (fromPublicKey == null) {
                throw new IllegalArgumentException("Public key's ec-group must be supported!");
            }
            ListUtils.addIfAbsent(this.defaultSupportedGroups, fromPublicKey);
        }
        SignatureAndHashAlgorithm.ensureSignatureAlgorithm(this.defaultSignatureAndHashAlgorithms, publicKey);
        ListUtils.addIfAbsent(this.keys, publicKey);
    }

    public void addConfigurationDefaultsFor(List<X509Certificate> list) {
        if (list.isEmpty()) {
            return;
        }
        X509Certificate x509Certificate = list.get(0);
        addConfigurationDefaultsFor(x509Certificate.getPublicKey());
        if (CertPathUtil.canBeUsedForAuthentication(x509Certificate, false)) {
            this.serverUsage = true;
        }
        if (CertPathUtil.canBeUsedForAuthentication(x509Certificate, true)) {
            this.clientUsage = true;
        }
        ListUtils.addIfAbsent((List) this.defaultSignatureAndHashAlgorithms, (List) SignatureAndHashAlgorithm.getSignatureAlgorithms(list));
        for (int i = 1; i < list.size(); i++) {
            PublicKey publicKey = list.get(i).getPublicKey();
            if (Asn1DerDecoder.isEcBased(publicKey.getAlgorithm())) {
                XECDHECryptography.SupportedGroup fromPublicKey = XECDHECryptography.SupportedGroup.fromPublicKey(publicKey);
                if (fromPublicKey == null) {
                    throw new IllegalArgumentException("CA's public key ec-group must be supported!");
                }
                ListUtils.addIfAbsent(this.defaultSupportedGroups, fromPublicKey);
            }
        }
        this.chains.add(list);
    }

    public void addConfigurationDefaultsForTrusts(PublicKey publicKey) {
        if (publicKey != null) {
            SignatureAndHashAlgorithm.ensureSignatureAlgorithm(this.defaultSignatureAndHashAlgorithms, publicKey);
            if (Asn1DerDecoder.isEcBased(publicKey.getAlgorithm())) {
                XECDHECryptography.SupportedGroup fromPublicKey = XECDHECryptography.SupportedGroup.fromPublicKey(publicKey);
                if (fromPublicKey == null) {
                    throw new IllegalArgumentException("CA's public key ec-group must be supported!");
                }
                ListUtils.addIfAbsent(this.defaultSupportedGroups, fromPublicKey);
            }
        }
    }

    public void addConfigurationDefaultsForTrusts(X509Certificate[] x509CertificateArr) {
        if (x509CertificateArr != null) {
            for (X509Certificate x509Certificate : x509CertificateArr) {
                addConfigurationDefaultsForTrusts(x509Certificate.getPublicKey());
                this.trusts.add(x509Certificate);
            }
        }
    }

    public boolean canBeUsedForAuthentication(boolean z) {
        return this.chains.isEmpty() || (!z ? !this.serverUsage : !this.clientUsage);
    }

    public List<SignatureAndHashAlgorithm> getDefaultSignatureAndHashAlgorithms() {
        return this.defaultSignatureAndHashAlgorithms;
    }

    public List<XECDHECryptography.SupportedGroup> getDefaultSupportedGroups() {
        return this.defaultSupportedGroups;
    }

    /* JADX WARN: Code restructure failed: missing block: B:24:0x0049, code lost:
    
        r1 = r6.getThreadLocalSignature().current();
        r2 = "Just a signature test".getBytes();
     */
    /* JADX WARN: Code restructure failed: missing block: B:26:0x0059, code lost:
    
        r1.initSign(r13);
        r1.update(r2);
        r13 = r1.sign();
        r1.initVerify(r14);
        r1.update(r2);
     */
    /* JADX WARN: Code restructure failed: missing block: B:27:0x006d, code lost:
    
        if (r1.verify(r13) == false) goto L24;
     */
    /* JADX WARN: Code restructure failed: missing block: B:28:0x006f, code lost:
    
        return;
     */
    /* JADX WARN: Code restructure failed: missing block: B:31:0x008a, code lost:
    
        throw new java.lang.IllegalArgumentException(r14.getAlgorithm() + " key pair is not valid!");
     */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public void verifyKeyPair(java.security.PrivateKey r13, java.security.PublicKey r14) {
        /*
            r12 = this;
            java.lang.String r0 = r14.getAlgorithm()
            org.eclipse.californium.scandium.dtls.SignatureAndHashAlgorithm$SignatureAlgorithm[] r1 = org.eclipse.californium.scandium.dtls.SignatureAndHashAlgorithm.SignatureAlgorithm.values()
            int r2 = r1.length
            r3 = 0
            r4 = r3
        Lb:
            if (r4 >= r2) goto L8f
            r5 = r1[r4]
            boolean r6 = r5.isSupported(r0)
            if (r6 == 0) goto L8b
            org.eclipse.californium.scandium.dtls.SignatureAndHashAlgorithm r6 = new org.eclipse.californium.scandium.dtls.SignatureAndHashAlgorithm
            org.eclipse.californium.scandium.dtls.SignatureAndHashAlgorithm$HashAlgorithm r7 = org.eclipse.californium.scandium.dtls.SignatureAndHashAlgorithm.HashAlgorithm.INTRINSIC
            r6.<init>(r7, r5)
            boolean r7 = r5.isIntrinsic()
            if (r7 != 0) goto L43
            org.eclipse.californium.scandium.dtls.SignatureAndHashAlgorithm$HashAlgorithm[] r7 = org.eclipse.californium.scandium.dtls.SignatureAndHashAlgorithm.HashAlgorithm.values()
            int r8 = r7.length
            r9 = r3
        L28:
            if (r9 >= r8) goto L43
            r10 = r7[r9]
            org.eclipse.californium.scandium.dtls.SignatureAndHashAlgorithm$HashAlgorithm r11 = org.eclipse.californium.scandium.dtls.SignatureAndHashAlgorithm.HashAlgorithm.INTRINSIC
            if (r11 == r10) goto L40
            org.eclipse.californium.scandium.dtls.SignatureAndHashAlgorithm$HashAlgorithm r11 = org.eclipse.californium.scandium.dtls.SignatureAndHashAlgorithm.HashAlgorithm.NONE
            if (r11 == r10) goto L40
            org.eclipse.californium.scandium.dtls.SignatureAndHashAlgorithm r6 = new org.eclipse.californium.scandium.dtls.SignatureAndHashAlgorithm
            r6.<init>(r10, r5)
            boolean r10 = r6.isSupported()
            if (r10 == 0) goto L40
            goto L43
        L40:
            int r9 = r9 + 1
            goto L28
        L43:
            boolean r5 = r6.isSupported(r14)
            if (r5 == 0) goto L8b
            org.eclipse.californium.scandium.dtls.cipher.ThreadLocalSignature r1 = r6.getThreadLocalSignature()
            java.lang.Object r1 = r1.current()
            java.security.Signature r1 = (java.security.Signature) r1
            java.lang.String r2 = "Just a signature test"
            byte[] r2 = r2.getBytes()
            r1.initSign(r13)     // Catch: java.security.GeneralSecurityException -> L8f
            r1.update(r2)     // Catch: java.security.GeneralSecurityException -> L8f
            byte[] r13 = r1.sign()     // Catch: java.security.GeneralSecurityException -> L8f
            r1.initVerify(r14)     // Catch: java.security.GeneralSecurityException -> L8f
            r1.update(r2)     // Catch: java.security.GeneralSecurityException -> L8f
            boolean r13 = r1.verify(r13)     // Catch: java.security.GeneralSecurityException -> L8f
            if (r13 == 0) goto L70
            return
        L70:
            java.lang.IllegalArgumentException r13 = new java.lang.IllegalArgumentException     // Catch: java.security.GeneralSecurityException -> L8f
            java.lang.StringBuilder r1 = new java.lang.StringBuilder     // Catch: java.security.GeneralSecurityException -> L8f
            r1.<init>()     // Catch: java.security.GeneralSecurityException -> L8f
            java.lang.String r14 = r14.getAlgorithm()     // Catch: java.security.GeneralSecurityException -> L8f
            r1.append(r14)     // Catch: java.security.GeneralSecurityException -> L8f
            java.lang.String r14 = " key pair is not valid!"
            r1.append(r14)     // Catch: java.security.GeneralSecurityException -> L8f
            java.lang.String r14 = r1.toString()     // Catch: java.security.GeneralSecurityException -> L8f
            r13.<init>(r14)     // Catch: java.security.GeneralSecurityException -> L8f
            throw r13     // Catch: java.security.GeneralSecurityException -> L8f
        L8b:
            int r4 = r4 + 1
            goto Lb
        L8f:
            java.lang.IllegalArgumentException r13 = new java.lang.IllegalArgumentException
            java.lang.StringBuilder r14 = new java.lang.StringBuilder
            r14.<init>()
            r14.append(r0)
            java.lang.String r0 = " is not supported by the JCE!"
            r14.append(r0)
            java.lang.String r14 = r14.toString()
            r13.<init>(r14)
            throw r13
        */
        throw new UnsupportedOperationException("Method not decompiled: org.eclipse.californium.scandium.dtls.x509.CertificateConfigurationHelper.verifyKeyPair(java.security.PrivateKey, java.security.PublicKey):void");
    }

    public void verifySignatureAndHashAlgorithmsConfiguration(List<SignatureAndHashAlgorithm> list) {
        for (PublicKey publicKey : this.keys) {
            if (SignatureAndHashAlgorithm.getSupportedSignatureAlgorithm(list, publicKey) == null) {
                throw new IllegalStateException("supported signature and hash algorithms " + list + " doesn't match the public " + publicKey.getAlgorithm() + " key!");
            }
        }
        Iterator<List<X509Certificate>> it = this.chains.iterator();
        while (it.hasNext()) {
            if (!SignatureAndHashAlgorithm.isSignedWithSupportedAlgorithms(list, it.next())) {
                throw new IllegalStateException("supported signature and hash algorithms " + list + " doesn't match the certificate chain!");
            }
        }
        Iterator<X509Certificate> it2 = this.trusts.iterator();
        while (it2.hasNext()) {
            PublicKey publicKey2 = it2.next().getPublicKey();
            if (SignatureAndHashAlgorithm.getSupportedSignatureAlgorithm(list, publicKey2) == null) {
                throw new IllegalStateException("supported signature and hash algorithms " + list + " doesn't match the trust's public key " + publicKey2.getAlgorithm() + "!");
            }
        }
    }

    public void verifySupportedGroupsConfiguration(List<XECDHECryptography.SupportedGroup> list) {
        for (XECDHECryptography.SupportedGroup supportedGroup : this.defaultSupportedGroups) {
            if (!supportedGroup.isUsable()) {
                throw new IllegalStateException("public key used with unsupported group (curve) " + supportedGroup.name() + "!");
            }
            if (!list.contains(supportedGroup)) {
                throw new IllegalStateException("public key used with not configured group (curve) " + supportedGroup.name() + "!");
            }
        }
    }
}
