package iaik.security.ssl;

import java.math.BigInteger;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.Principal;
import java.security.PrivateKey;
import java.security.SecureRandom;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import javax.crypto.interfaces.DHPublicKey;
import javax.crypto.spec.DHParameterSpec;
import securecomputing.swec.EasspMessage;

/* loaded from: input_file:119465-02/SUNWamsci/reloc/SUNWam/lib/iaik_ssl.jar:iaik/security/ssl/SSLServerContext.class */
public class SSLServerContext extends SSLClientContext implements Cloneable {
    Principal[] f;
    byte[] e;
    private int[] g;
    private boolean c;
    private static Object[] a;
    private Object[] b;
    private KeyAndCert[] d;
    private static final int l = 4;
    private static final int k = 0;
    static final int m = 4;
    static final int o = 3;
    static final int n = 2;
    static final int i = 1;
    static final int h = 0;
    private static final int s = 4;
    private static final int r = 0;
    private static final int v = 4;
    private static final int u = 3;
    private static final int t = 2;
    private static final int q = 1;
    private static final int p = 0;
    private static final String ab = "ea9zl437khcwgmicelj0fwhslq3peca6wvdektn0yc25cspjuqzn9qo5psa2s6c3jgzarrel15wwodtpwqos2dqjs2ndyil06iufnousb6gjflwk5zw6hlzk63b7x8xawhannq1r6gstizkft5agiu8svsxl0tei74idyv16hw3st5di2vcdy525nc2s2useigytm2";
    private static final String y = "vjyxwyawcutef13zkgcsts7hkolgnmn5861w1cd9scjej51zqe3lfswg3n6qqe821lkx27pvoa8tkoglb928hex0s3jvepqx1q1bw4dubjagqtwpga0g2gmitt8f6r5h8tr1j62vavnyyaw2q2ow2gu9mmeuat2mcq9kryffc1em5xjn316z1yoaki3lj6kcfex2ah";
    private static final String z = "agapx2dmn89tcarxtghfhmpjwx7stcgv2iy0vgb8r8byqmxiw1w3u5ut72mh98vrxj1alw8l2lgnjsgfjrf552nemony9kblzjo";
    private static final String x = "kzyd2bb8x0kwy2z5hrvbn8joniex7clevyp14mijp8ne5uf9y9p5p2mstfl2nzy1rdaq88b1hnmz86uyyjsshxdnp3g6og5fxo7";
    private static final int w = 36;
    private static final String[] j = {"512 bit RSA keypair", "1024 bit RSA keypair", "512 bit export DH parameters", "1024 bit export DH parameters", "domestic DH parameters"};
    public static final CipherSuite[] rsa = CipherSuite.CS_RSA;
    public static final CipherSuite[] rsa_export = CipherSuite.CS_RSA_EXPORT;
    public static final CipherSuite[] dhe_rsa = CipherSuite.CS_DHE_RSA;
    public static final CipherSuite[] dhe_dss = CipherSuite.CS_DHE_DSS;
    public static final CipherSuite[] dh_rsa = CipherSuite.CS_DH_RSA;
    public static final CipherSuite[] dh_dss = CipherSuite.CS_DH_DSS;
    public static final CipherSuite[] anon = CipherSuite.CS_DH_ANON;

    @Override // iaik.security.ssl.SSLContext
    public void updateCipherSuites() {
        CipherSuiteList enabledCipherSuiteList = getEnabledCipherSuiteList();
        if (this.d[0] == null) {
            enabledCipherSuiteList.remove(CipherSuite.CS_RSA_EXPORT);
            enabledCipherSuiteList.remove(CipherSuite.CS_RSA_EXPORT1024);
            enabledCipherSuiteList.remove(CipherSuite.CS_DHE_RSA);
            enabledCipherSuiteList.remove(CipherSuite.CS_DHE_RSA_EXPORT);
            if (this.d[1] == null) {
                enabledCipherSuiteList.remove(CipherSuite.CS_RSA);
                enabledCipherSuiteList.remove(CipherSuite.CS_RSA_WITH_NULL);
            }
        }
        if (this.d[2] == null) {
            enabledCipherSuiteList.remove(CipherSuite.CS_DHE_DSS);
            enabledCipherSuiteList.remove(CipherSuite.CS_DHE_DSS_EXPORT);
            enabledCipherSuiteList.remove(CipherSuite.CS_DHE_DSS_EXPORT1024);
        }
        if (this.d[3] == null) {
            enabledCipherSuiteList.remove(CipherSuite.CS_DH_RSA);
            enabledCipherSuiteList.remove(CipherSuite.CS_DH_RSA_EXPORT);
        }
        if (this.d[4] == null) {
            enabledCipherSuiteList.remove(CipherSuite.CS_DH_DSS);
            enabledCipherSuiteList.remove(CipherSuite.CS_DH_DSS_EXPORT);
        }
        super.updateCipherSuites();
    }

    @Override // iaik.security.ssl.SSLClientContext, iaik.security.ssl.SSLContext
    public String toString() {
        StringBuffer stringBuffer = new StringBuffer();
        stringBuffer.append(super.toString());
        stringBuffer.append("\nAvailable certificates:\n");
        boolean z2 = false;
        for (int i2 = 0; i2 <= 4; i2++) {
            if (this.d[i2] != null) {
                z2 = true;
                stringBuffer.append(this.d[i2]).toString();
            }
        }
        if (!z2) {
            stringBuffer.append("None\n");
        }
        stringBuffer.append("\nTemporary Parameters:\n");
        for (int i3 = 0; i3 <= 4; i3++) {
            a(stringBuffer, i3);
        }
        stringBuffer.append("\nRequest client certificate: ");
        stringBuffer.append(this.c ? "yes" : "no");
        stringBuffer.append("\n");
        return stringBuffer.toString();
    }

    private static int e(int i2) {
        switch (i2) {
            case 1:
                return 0;
            case 2:
                return 2;
            case 3:
                return 3;
            case 4:
                return 4;
            case SSLContext.CERTTYPE_RSA_ENCRYPT /* 257 */:
                return 1;
            default:
                return -1;
        }
    }

    private void a(StringBuffer stringBuffer, int i2) {
        stringBuffer.append("  ");
        stringBuffer.append(j[i2]);
        stringBuffer.append(": ");
        stringBuffer.append(this.b[i2] != null ? "available" : "not set");
        stringBuffer.append("\n");
    }

    public void setRequireClientCertificate(byte[] bArr, Principal[] principalArr) {
        if (bArr == null && principalArr == null) {
            this.c = false;
            return;
        }
        this.c = true;
        this.e = bArr;
        this.f = principalArr;
    }

    public void setRequestClientCertificate(boolean z2) {
        this.c = z2;
    }

    public void setRSATempKeyPair(KeyPair keyPair) {
        addTemporaryParameter(keyPair);
    }

    public void setRSACertificate(Certificate[] certificateArr, PrivateKey privateKey) throws CertificateException {
        addServerCredentials(SSLContext.convertCertificateChain(certificateArr), privateKey);
    }

    public void setDSACertificate(Certificate[] certificateArr, PrivateKey privateKey) throws CertificateException {
        addServerCredentials(SSLContext.convertCertificateChain(certificateArr), privateKey);
    }

    public void setDHParameter(DHParameterSpec dHParameterSpec) {
        addTemporaryParameter(dHParameterSpec);
    }

    public void setDHCertificate(Certificate[] certificateArr, PrivateKey privateKey) throws CertificateException {
        addServerCredentials(SSLContext.convertCertificateChain(certificateArr), privateKey);
    }

    @Override // iaik.security.ssl.SSLContext
    public void setAllowedProtocolVersions(int i2, int i3) {
        if (i2 == 2) {
            throw new IllegalArgumentException("SSL 2.0 not supported on the server side!");
        }
        super.setAllowedProtocolVersions(i2, i3);
    }

    public void setAllowedCertificateTypes(int[] iArr) {
        for (int i2 = 0; i2 < iArr.length; i2++) {
            if (!SSLContext.b(iArr[i2])) {
                throw new IllegalArgumentException(new StringBuffer("Invalid certificate type: ").append(iArr[i2]).toString());
            }
        }
        this.g = iArr;
    }

    private static void c() {
        if (a != null) {
            return;
        }
        a = new Object[5];
        BigInteger bigInteger = new BigInteger(x, 36);
        BigInteger bigInteger2 = new BigInteger(z, 36);
        BigInteger bigInteger3 = new BigInteger(y, 36);
        BigInteger bigInteger4 = new BigInteger(ab, 36);
        DHParameterSpec dHParameterSpec = new DHParameterSpec(bigInteger, bigInteger2);
        DHParameterSpec dHParameterSpec2 = new DHParameterSpec(bigInteger3, bigInteger4);
        a[2] = dHParameterSpec;
        a[3] = dHParameterSpec2;
        a[4] = dHParameterSpec2;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* JADX WARN: Multi-variable type inference failed */
    public synchronized Object a(SSLTransport sSLTransport, int i2) {
        if (this.b[i2] == null) {
            a(this.d[3]);
            a(this.d[4]);
            if (this.b[i2] != null) {
                sSLTransport.a(new StringBuffer("Temporary ").append(j[i2]).append(" not set, using defaults from certificates.").toString());
            } else {
                synchronized (j[i2]) {
                    sSLTransport.a(new StringBuffer("Temporary ").append(j[i2]).append(" not set, using defaults.").toString());
                    c();
                    if (a[i2] == null) {
                        a[i2] = a(sSLTransport, i2 == 0 ? 512 : EasspMessage.ATTR_ECHO_ON, this);
                    }
                    this.b[i2] = a[i2];
                }
            }
        }
        return this.b[i2];
    }

    public KeyAndCert getServerCredentials(int i2) {
        int e = e(i2);
        if (e < 0) {
            throw new IllegalArgumentException(new StringBuffer("Unknown certificate type: ").append(i2).toString());
        }
        KeyAndCert keyAndCert = this.d[e];
        if (keyAndCert == null) {
            throw new NullPointerException(new StringBuffer("Required ").append(Utils.certTypeToString(i2)).append(" credentials not available!").toString());
        }
        return keyAndCert;
    }

    public boolean getRequireClientCertificate() {
        return getRequestClientCertificate();
    }

    public boolean getRequestClientCertificate() {
        return this.c;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public PrivateKey d(int i2) {
        return getServerCredentials(i2).getPrivateKey();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static DHParameterSpec b() {
        c();
        return (DHParameterSpec) a[2];
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public X509Certificate[] c(int i2) {
        return getServerCredentials(i2).getCertificateChain();
    }

    public int[] getAllowedCertificateTypes() {
        return this.g;
    }

    private static KeyPair a(SSLTransport sSLTransport, int i2, SSLContext sSLContext) {
        if (sSLTransport != null) {
            try {
                sSLTransport.a(new StringBuffer("Generating ").append(i2).append(" bit temporary RSA keypair...").toString());
            } catch (Exception e) {
                throw new NullPointerException(new StringBuffer("Error generating temporary RSA keypair: ").append(e.toString()).toString());
            }
        }
        SecureRandom randomGenerator = sSLContext.getRandomGenerator();
        KeyPairGenerator keyPairGenerator = SecurityProvider.getSecurityProvider().getKeyPairGenerator("RSA");
        keyPairGenerator.initialize(i2, randomGenerator);
        return Utils.generateKeyPair(keyPairGenerator);
    }

    void a(SSLServerContext sSLServerContext) {
        super.a((SSLClientContext) sSLServerContext);
        this.d = (KeyAndCert[]) sSLServerContext.d.clone();
        this.b = (Object[]) sSLServerContext.b.clone();
        this.c = sSLServerContext.c;
        this.g = sSLServerContext.g;
        this.e = sSLServerContext.e;
        this.f = sSLServerContext.f;
    }

    @Override // iaik.security.ssl.SSLClientContext, iaik.security.ssl.SSLContext
    public Object clone() {
        return new SSLServerContext(this);
    }

    public void clearServerCredentials() {
        for (int i2 = 0; i2 <= 4; i2++) {
            this.d[i2] = null;
        }
    }

    public void addTemporaryParameter(DHParameterSpec dHParameterSpec, int i2) {
        if (i2 <= 512) {
            this.b[2] = dHParameterSpec;
            return;
        }
        if (i2 > 1024) {
            this.b[4] = dHParameterSpec;
            return;
        }
        this.b[3] = dHParameterSpec;
        if (this.b[4] == null) {
            this.b[4] = dHParameterSpec;
        }
    }

    public void addTemporaryParameter(DHParameterSpec dHParameterSpec) {
        addTemporaryParameter(dHParameterSpec, dHParameterSpec.getP().bitLength());
    }

    public void addTemporaryParameter(KeyPair keyPair) {
        int a2 = Utils.a(keyPair.getPublic());
        if (a2 <= 512) {
            this.b[0] = keyPair;
        } else {
            if (a2 > 1024) {
                throw new IllegalArgumentException("Temporary RSA keys should be 512 or 1024 bits long!");
            }
            this.b[1] = keyPair;
        }
    }

    public void addServerCredentials(X509Certificate[] x509CertificateArr, PrivateKey privateKey) {
        addServerCredentials(new KeyAndCert(x509CertificateArr, privateKey));
    }

    public void addServerCredentials(KeyAndCert keyAndCert, int i2) {
        int e = e(i2);
        if (e < 0) {
            throw new IllegalArgumentException("Unknown certificate type!");
        }
        this.d[e] = keyAndCert;
    }

    public void addServerCredentials(KeyAndCert keyAndCert) {
        int certificateType = keyAndCert.getCertificateType();
        if (certificateType == 1) {
            addServerCredentials(keyAndCert, SSLContext.CERTTYPE_RSA_ENCRYPT);
        }
        addServerCredentials(keyAndCert, certificateType);
    }

    private void a(KeyAndCert keyAndCert) {
        if (keyAndCert == null) {
            return;
        }
        addTemporaryParameter(((DHPublicKey) keyAndCert.getCertificateChain()[0].getPublicKey()).getParams());
    }

    public SSLServerContext(SecureRandom secureRandom) {
        super(secureRandom);
        this.d = new KeyAndCert[5];
        this.b = new Object[5];
        this.g = new int[]{1, 2, 3, 4};
    }

    public SSLServerContext(SSLServerContext sSLServerContext) {
        this(0);
        a(sSLServerContext);
    }

    SSLServerContext(int i2) {
        super(i2);
    }

    public SSLServerContext() {
        this((SecureRandom) null);
    }
}
