package de.onyxbits.raccoon.net;

import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.security.KeyStore;
import java.security.cert.CertificateException;
import java.security.cert.CertificateExpiredException;
import java.security.cert.CertificateFactory;
import java.security.cert.CertificateNotYetValidException;
import java.security.cert.X509Certificate;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;
import org.bouncycastle.tls.Certificate;
import org.bouncycastle.tls.ServerOnlyTlsAuthentication;
import org.bouncycastle.tls.TlsFatalAlert;
import org.bouncycastle.tls.TlsUtils;
import org.bouncycastle.tls.crypto.TlsCertificate;

/* loaded from: input_file:de/onyxbits/raccoon/net/DefaultTlsAuthentication.class */
public class DefaultTlsAuthentication extends ServerOnlyTlsAuthentication {
    private TrustManager[] trustManagers;
    private CertificateFactory certificateFactory;
    private String authType;

    public DefaultTlsAuthentication(int i) {
        try {
            TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
            trustManagerFactory.init((KeyStore) null);
            this.trustManagers = trustManagerFactory.getTrustManagers();
            this.certificateFactory = CertificateFactory.getInstance("X.509");
            this.authType = getAuthTypeServer(TlsUtils.getKeyExchangeAlgorithm(i));
        } catch (Exception e) {
        }
    }

    @Override // org.bouncycastle.tls.TlsAuthentication
    public void notifyServerCertificate(Certificate certificate) throws IOException {
        if (certificate == null || certificate.isEmpty()) {
            throw new TlsFatalAlert((short) 40);
        }
        if (this.trustManagers == null || this.certificateFactory == null) {
            throw new TlsFatalAlert((short) 48);
        }
        if (this.authType == null) {
            throw new TlsFatalAlert((short) 80);
        }
        TlsCertificate[] certificateList = certificate.getCertificateList();
        X509Certificate[] x509CertificateArr = new X509Certificate[certificateList.length];
        for (int i = 0; i < x509CertificateArr.length; i++) {
            try {
                x509CertificateArr[i] = (X509Certificate) this.certificateFactory.generateCertificate(new ByteArrayInputStream(certificateList[i].getEncoded()));
                x509CertificateArr[i].checkValidity();
            } catch (CertificateExpiredException e) {
                throw new TlsFatalAlert((short) 45);
            } catch (CertificateNotYetValidException e2) {
                throw new TlsFatalAlert((short) 45);
            } catch (CertificateException e3) {
                throw new TlsFatalAlert((short) 50, e3);
            }
        }
        for (TrustManager trustManager : this.trustManagers) {
            if (trustManager instanceof X509TrustManager) {
                try {
                    ((X509TrustManager) trustManager).checkServerTrusted(x509CertificateArr, this.authType);
                } catch (Exception e4) {
                    throw new IOException(e4.getCause());
                }
            }
        }
    }

    private String getAuthTypeServer(int i) {
        switch (i) {
            case 1:
                return "RSA";
            case 2:
            case 4:
            case 6:
            case 8:
            case 10:
            case 12:
            case 13:
            default:
                return null;
            case 3:
                return "DHE_DSS";
            case 5:
                return "DHE_RSA";
            case 7:
                return "DH_DSS";
            case 9:
                return "DH_RSA";
            case 11:
                return "DH_anon";
            case 14:
                return "DHE_PSK";
            case 15:
                return "RSA_PSK";
            case 16:
                return "ECDH_ECDSA";
            case 17:
                return "ECDHE_ECDSA";
            case 18:
                return "ECDH_RSA";
            case 19:
                return "ECDHE_RSA";
            case 20:
                return "ECDH_anon";
            case 21:
                return "SRP";
            case 22:
                return "SRP_DSS";
            case 23:
                return "SRP_RSA";
            case 24:
                return "ECDHE_PSK";
        }
    }
}
