package net.jradius.tls;

import java.io.IOException;
import java.util.Hashtable;
import java.util.List;
import org.opennms.shaded.org.bouncycastle.asn1.x509.X509CertificateStructure;
import org.opennms.shaded.org.bouncycastle.crypto.BlockCipher;
import org.opennms.shaded.org.bouncycastle.crypto.CryptoException;
import org.opennms.shaded.org.bouncycastle.crypto.digests.SHA1Digest;
import org.opennms.shaded.org.bouncycastle.crypto.engines.AESFastEngine;
import org.opennms.shaded.org.bouncycastle.crypto.engines.DESedeEngine;
import org.opennms.shaded.org.bouncycastle.crypto.modes.CBCBlockCipher;
import org.opennms.shaded.org.bouncycastle.crypto.params.AsymmetricKeyParameter;
import org.opennms.shaded.org.bouncycastle.crypto.params.DSAPrivateKeyParameters;
import org.opennms.shaded.org.bouncycastle.crypto.params.RSAKeyParameters;

/* loaded from: input_file:net/jradius/tls/DefaultTlsClient.class */
public class DefaultTlsClient implements TlsClient {
    private static final int TLS_RSA_WITH_3DES_EDE_CBC_SHA = 10;
    private static final int TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA = 13;
    private static final int TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA = 16;
    private static final int TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA = 19;
    private static final int TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA = 22;
    private static final int TLS_RSA_WITH_AES_128_CBC_SHA = 47;
    private static final int TLS_DH_DSS_WITH_AES_128_CBC_SHA = 48;
    private static final int TLS_DH_RSA_WITH_AES_128_CBC_SHA = 49;
    private static final int TLS_DHE_DSS_WITH_AES_128_CBC_SHA = 50;
    private static final int TLS_DHE_RSA_WITH_AES_128_CBC_SHA = 51;
    private static final int TLS_RSA_WITH_AES_256_CBC_SHA = 53;
    private static final int TLS_DH_DSS_WITH_AES_256_CBC_SHA = 54;
    private static final int TLS_DH_RSA_WITH_AES_256_CBC_SHA = 55;
    private static final int TLS_DHE_DSS_WITH_AES_256_CBC_SHA = 56;
    private static final int TLS_DHE_RSA_WITH_AES_256_CBC_SHA = 57;
    private static final int TLS_SRP_SHA_WITH_3DES_EDE_CBC_SHA = 49178;
    private static final int TLS_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA = 49179;
    private static final int TLS_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA = 49180;
    private static final int TLS_SRP_SHA_WITH_AES_128_CBC_SHA = 49181;
    private static final int TLS_SRP_SHA_RSA_WITH_AES_128_CBC_SHA = 49182;
    private static final int TLS_SRP_SHA_DSS_WITH_AES_128_CBC_SHA = 49183;
    private static final int TLS_SRP_SHA_WITH_AES_256_CBC_SHA = 49184;
    private static final int TLS_SRP_SHA_RSA_WITH_AES_256_CBC_SHA = 49185;
    private static final int TLS_SRP_SHA_DSS_WITH_AES_256_CBC_SHA = 49186;
    private CertificateVerifyer verifyer;
    private TlsProtocolHandler handler;
    private Certificate clientCert = new Certificate(new X509CertificateStructure[0]);
    private AsymmetricKeyParameter clientPrivateKey = null;
    private TlsSigner clientSigner = null;
    private int selectedCipherSuite;

    public DefaultTlsClient(CertificateVerifyer certificateVerifyer) {
        this.verifyer = certificateVerifyer;
    }

    public void enableClientAuthentication(Certificate certificate, AsymmetricKeyParameter asymmetricKeyParameter) {
        if (certificate == null) {
            throw new IllegalArgumentException("'clientCertificate' cannot be null");
        }
        if (certificate.certs.length == 0) {
            throw new IllegalArgumentException("'clientCertificate' cannot be empty");
        }
        if (asymmetricKeyParameter == null) {
            throw new IllegalArgumentException("'clientPrivateKey' cannot be null");
        }
        if (!asymmetricKeyParameter.isPrivate()) {
            throw new IllegalArgumentException("'clientPrivateKey' must be private");
        }
        if (asymmetricKeyParameter instanceof RSAKeyParameters) {
            this.clientSigner = new TlsRSASigner();
        } else {
            if (!(asymmetricKeyParameter instanceof DSAPrivateKeyParameters)) {
                throw new IllegalArgumentException("'clientPrivateKey' type not supported: " + asymmetricKeyParameter.getClass().getName());
            }
            this.clientSigner = new TlsDSSSigner();
        }
        this.clientCert = certificate;
        this.clientPrivateKey = asymmetricKeyParameter;
    }

    @Override // net.jradius.tls.TlsClient
    public void init(TlsProtocolHandler tlsProtocolHandler) {
        this.handler = tlsProtocolHandler;
    }

    @Override // net.jradius.tls.TlsClient
    public int[] getCipherSuites() {
        return new int[]{TLS_DHE_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_DSS_WITH_AES_256_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, 22, 19, TLS_RSA_WITH_AES_256_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, 10};
    }

    @Override // net.jradius.tls.TlsClient
    public Hashtable generateClientExtensions() {
        return null;
    }

    @Override // net.jradius.tls.TlsClient
    public void notifySessionID(byte[] bArr) {
    }

    @Override // net.jradius.tls.TlsClient
    public void notifySelectedCipherSuite(int i) {
        this.selectedCipherSuite = i;
    }

    @Override // net.jradius.tls.TlsClient
    public void processServerExtensions(Hashtable hashtable) {
    }

    @Override // net.jradius.tls.TlsClient
    public TlsKeyExchange createKeyExchange() throws IOException {
        switch (this.selectedCipherSuite) {
            case 10:
            case TLS_RSA_WITH_AES_128_CBC_SHA /* 47 */:
            case TLS_RSA_WITH_AES_256_CBC_SHA /* 53 */:
                return createRSAKeyExchange();
            case TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA /* 13 */:
            case TLS_DH_DSS_WITH_AES_128_CBC_SHA /* 48 */:
            case TLS_DH_DSS_WITH_AES_256_CBC_SHA /* 54 */:
                return createDHKeyExchange((short) 7);
            case 16:
            case TLS_DH_RSA_WITH_AES_128_CBC_SHA /* 49 */:
            case TLS_DH_RSA_WITH_AES_256_CBC_SHA /* 55 */:
                return createDHKeyExchange((short) 8);
            case 19:
            case TLS_DHE_DSS_WITH_AES_128_CBC_SHA /* 50 */:
            case TLS_DHE_DSS_WITH_AES_256_CBC_SHA /* 56 */:
                return createDHKeyExchange((short) 3);
            case 22:
            case TLS_DHE_RSA_WITH_AES_128_CBC_SHA /* 51 */:
            case TLS_DHE_RSA_WITH_AES_256_CBC_SHA /* 57 */:
                return createDHKeyExchange((short) 5);
            case TLS_SRP_SHA_WITH_3DES_EDE_CBC_SHA /* 49178 */:
            case TLS_SRP_SHA_WITH_AES_128_CBC_SHA /* 49181 */:
            case TLS_SRP_SHA_WITH_AES_256_CBC_SHA /* 49184 */:
                return createSRPExchange((short) 10);
            case TLS_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA /* 49179 */:
            case TLS_SRP_SHA_RSA_WITH_AES_128_CBC_SHA /* 49182 */:
            case TLS_SRP_SHA_RSA_WITH_AES_256_CBC_SHA /* 49185 */:
                return createSRPExchange((short) 12);
            case TLS_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA /* 49180 */:
            case TLS_SRP_SHA_DSS_WITH_AES_128_CBC_SHA /* 49183 */:
            case TLS_SRP_SHA_DSS_WITH_AES_256_CBC_SHA /* 49186 */:
                return createSRPExchange((short) 11);
            default:
                this.handler.failWithError((short) 2, (short) 80);
                return null;
        }
    }

    @Override // net.jradius.tls.TlsClient
    public void processServerCertificateRequest(byte[] bArr, List list) {
    }

    @Override // net.jradius.tls.TlsClient
    public byte[] generateCertificateSignature(byte[] bArr) throws IOException {
        if (this.clientSigner == null) {
            return null;
        }
        try {
            return this.clientSigner.calculateRawSignature(this.clientPrivateKey, bArr);
        } catch (CryptoException e) {
            this.handler.failWithError((short) 2, (short) 80);
            return null;
        }
    }

    @Override // net.jradius.tls.TlsClient
    public Certificate getCertificate() {
        return this.clientCert;
    }

    @Override // net.jradius.tls.TlsClient
    public TlsCipher createCipher(SecurityParameters securityParameters) throws IOException {
        switch (this.selectedCipherSuite) {
            case 10:
            case TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA /* 13 */:
            case 16:
            case 19:
            case 22:
            case TLS_SRP_SHA_WITH_3DES_EDE_CBC_SHA /* 49178 */:
            case TLS_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA /* 49179 */:
            case TLS_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA /* 49180 */:
                return createDESedeCipher(24, securityParameters);
            case TLS_RSA_WITH_AES_128_CBC_SHA /* 47 */:
            case TLS_DH_DSS_WITH_AES_128_CBC_SHA /* 48 */:
            case TLS_DH_RSA_WITH_AES_128_CBC_SHA /* 49 */:
            case TLS_DHE_DSS_WITH_AES_128_CBC_SHA /* 50 */:
            case TLS_DHE_RSA_WITH_AES_128_CBC_SHA /* 51 */:
            case TLS_SRP_SHA_WITH_AES_128_CBC_SHA /* 49181 */:
            case TLS_SRP_SHA_RSA_WITH_AES_128_CBC_SHA /* 49182 */:
            case TLS_SRP_SHA_DSS_WITH_AES_128_CBC_SHA /* 49183 */:
                return createAESCipher(16, securityParameters);
            case TLS_RSA_WITH_AES_256_CBC_SHA /* 53 */:
            case TLS_DH_DSS_WITH_AES_256_CBC_SHA /* 54 */:
            case TLS_DH_RSA_WITH_AES_256_CBC_SHA /* 55 */:
            case TLS_DHE_DSS_WITH_AES_256_CBC_SHA /* 56 */:
            case TLS_DHE_RSA_WITH_AES_256_CBC_SHA /* 57 */:
            case TLS_SRP_SHA_WITH_AES_256_CBC_SHA /* 49184 */:
            case TLS_SRP_SHA_RSA_WITH_AES_256_CBC_SHA /* 49185 */:
            case TLS_SRP_SHA_DSS_WITH_AES_256_CBC_SHA /* 49186 */:
                return createAESCipher(32, securityParameters);
            default:
                this.handler.failWithError((short) 2, (short) 80);
                return null;
        }
    }

    private TlsKeyExchange createDHKeyExchange(short s) {
        return new TlsDHKeyExchange(this.handler, this.verifyer, s);
    }

    private TlsKeyExchange createRSAKeyExchange() {
        return new TlsRSAKeyExchange(this.handler, this.verifyer);
    }

    private TlsKeyExchange createSRPExchange(short s) {
        return new TlsSRPKeyExchange(this.handler, this.verifyer, s);
    }

    private TlsCipher createAESCipher(int i, SecurityParameters securityParameters) {
        return new TlsBlockCipher(this.handler, createAESBlockCipher(), createAESBlockCipher(), new SHA1Digest(), new SHA1Digest(), i, securityParameters);
    }

    private TlsCipher createDESedeCipher(int i, SecurityParameters securityParameters) {
        return new TlsBlockCipher(this.handler, createDESedeBlockCipher(), createDESedeBlockCipher(), new SHA1Digest(), new SHA1Digest(), i, securityParameters);
    }

    private static BlockCipher createAESBlockCipher() {
        return new CBCBlockCipher(new AESFastEngine());
    }

    private static BlockCipher createDESedeBlockCipher() {
        return new CBCBlockCipher(new DESedeEngine());
    }
}
