package defpackage;

import iaik.pkcs.pkcs8.EncryptedPrivateKeyInfo;
import iaik.security.ssl.ClientTrustDecider;
import iaik.security.ssl.SSLCertificate;
import iaik.utils.KeyAndCertificate;
import java.security.Principal;
import java.security.PrivateKey;
import java.security.cert.X509Certificate;

/* loaded from: input_file:DemoClientTrustDecider.class */
public class DemoClientTrustDecider implements ClientTrustDecider {

    /* renamed from: Û, reason: contains not printable characters */
    private X509Certificate[] f22;

    /* renamed from: Ü, reason: contains not printable characters */
    private PrivateKey f23;

    /* renamed from: ß, reason: contains not printable characters */
    private X509Certificate[] f24;

    /* renamed from: à, reason: contains not printable characters */
    private PrivateKey f25;

    /* renamed from: á, reason: contains not printable characters */
    private X509Certificate[] f26;

    /* renamed from: â, reason: contains not printable characters */
    private PrivateKey f27;

    /* renamed from: Ý, reason: contains not printable characters */
    private PrivateKey f28;

    public DemoClientTrustDecider() {
        try {
            KeyAndCertificate keyAndCertificate = new KeyAndCertificate("certs/clientRSA1024.pem");
            EncryptedPrivateKeyInfo privateKey = keyAndCertificate.getPrivateKey();
            privateKey.decrypt("This is the passphrase!");
            this.f22 = keyAndCertificate.getCertificateChain();
            this.f23 = privateKey.getPrivateKeyInfo();
        } catch (Exception unused) {
            System.out.println("Unable to set RSA client certificate.");
            System.out.println("RSA client certificate can not be used.");
        }
        try {
            KeyAndCertificate keyAndCertificate2 = new KeyAndCertificate("certs/clientDSA1024.pem");
            EncryptedPrivateKeyInfo privateKey2 = keyAndCertificate2.getPrivateKey();
            privateKey2.decrypt("This is the passphrase!");
            this.f24 = keyAndCertificate2.getCertificateChain();
            this.f25 = privateKey2.getPrivateKeyInfo();
        } catch (Exception unused2) {
            System.out.println("Unable to set DSA client certificate.");
            System.out.println("DSA client certificate can not be used.");
        }
        try {
            KeyAndCertificate keyAndCertificate3 = new KeyAndCertificate("certs/clientDH1024.pem");
            EncryptedPrivateKeyInfo privateKey3 = keyAndCertificate3.getPrivateKey();
            privateKey3.decrypt("This is the passphrase!");
            this.f26 = keyAndCertificate3.getCertificateChain();
            this.f27 = privateKey3.getPrivateKeyInfo();
        } catch (Exception unused3) {
            System.out.println("Unable to set Diffie-Hellman client certificate.");
            System.out.println("Diffie-Hellman client certificate can not be used.");
        }
    }

    public boolean verifyCertificateChain(X509Certificate[] x509CertificateArr) {
        int length = x509CertificateArr.length;
        try {
            x509CertificateArr[length - 1].verify(x509CertificateArr[length - 1].getPublicKey());
            for (int i = length - 1; i > 0; i--) {
                x509CertificateArr[i - 1].verify(x509CertificateArr[i].getPublicKey());
            }
            return true;
        } catch (Exception unused) {
            return false;
        }
    }

    @Override // iaik.security.ssl.TrustDecider
    public boolean isTrustedPeer(SSLCertificate sSLCertificate) {
        if (sSLCertificate == null) {
            return true;
        }
        X509Certificate[] certificateChain = sSLCertificate.getCertificateChain();
        debug("Server certificate chain");
        for (X509Certificate x509Certificate : certificateChain) {
            debug(x509Certificate.getSubjectDN().toString());
        }
        return true;
    }

    @Override // iaik.security.ssl.ClientTrustDecider
    public SSLCertificate getCertificate(byte[] bArr, Principal[] principalArr, String str) {
        debug(new StringBuffer("Key exchange algorithm: ").append(str).toString());
        debug("Server accepts the following CAs:");
        for (Principal principal : principalArr) {
            debug(principal.toString());
        }
        debug("Server requests the following certificate types:");
        for (byte b : bArr) {
            switch (b) {
                case 1:
                    debug("rsa_sign");
                    break;
                case 2:
                    debug("dss_sign");
                    break;
                case ClientTrustDecider.rsa_fixed_dh /* 3 */:
                    debug("rsa_fixed_dh");
                    break;
                case ClientTrustDecider.dss_fixed_dh /* 4 */:
                    debug("dss_fixed_dh");
                    break;
                case ClientTrustDecider.rsa_ephemeral_dh /* 5 */:
                    debug("rsa_ephemeral_dh");
                    break;
                case ClientTrustDecider.dss_ephemeral_dh /* 6 */:
                    debug("dss_ephemeral_dh");
                    break;
                case ClientTrustDecider.fortezza_dms /* 20 */:
                    debug("fortezza_dms");
                    break;
            }
        }
        if (str.startsWith("RSA") || str.startsWith("DHE_RSA")) {
            debug("return RSA certificate...");
            this.f28 = this.f23;
            return new SSLCertificate(this.f22);
        }
        if (str.startsWith("DHE_DSS")) {
            debug("return DSA certificate...");
            this.f28 = this.f25;
            return new SSLCertificate(this.f24);
        }
        if (!str.startsWith("DH_")) {
            return null;
        }
        debug("return DH certificate...");
        this.f28 = this.f27;
        return new SSLCertificate(this.f26);
    }

    @Override // iaik.security.ssl.ClientTrustDecider
    public PrivateKey getPrivateKey() {
        return this.f28;
    }

    private void debug(String str) {
    }
}
