package crysec.SSL;

import crysec.PublicKey;
import crysec.Utils;
import crysec.X509;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.Serializable;
import java.util.Enumeration;
import java.util.Vector;

/* loaded from: input_file:crysec/SSL/SSLCertificate.class */
public final class SSLCertificate implements Serializable {
    public Vector certificateList;
    transient SSLState state;
    boolean client;

    public SSLCertificate() {
        this(null, false);
    }

    SSLCertificate(SSLState sSLState) {
        this(sSLState, false);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public SSLCertificate(SSLState sSLState, boolean z) {
        this.state = sSLState;
        this.client = z;
        this.certificateList = new Vector();
    }

    public SSLCertificate(boolean z) {
        this(null, z);
    }

    public X509 getBottomCert() {
        return (X509) this.certificateList.elementAt(0);
    }

    public PublicKey getPublicKey() {
        return getBottomCert().getPublicKey();
    }

    public void input(InputStream inputStream) throws IOException {
        Utils.input24bit(inputStream);
        byte[] bArr = new byte[Utils.input24bit(inputStream)];
        Utils.inputByteArray(bArr, inputStream);
        ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(bArr);
        while (byteArrayInputStream.available() > 0) {
            Utils.input24bit(byteArrayInputStream);
            try {
                this.certificateList.addElement(new X509(byteArrayInputStream));
            } catch (IOException e) {
                this.state.socket.sendAlert(2, 42);
                this.state.socket.abort();
                throw new SSLException(e.toString());
            }
        }
        verify();
    }

    public X509 rootCA() {
        return (X509) this.certificateList.elementAt(this.certificateList.size() - 1);
    }

    public boolean rootCAvalid() {
        return rootCAvalid(this.state.params.getRootCAFingerprints());
    }

    public boolean rootCAvalid(byte[][] bArr) {
        if (bArr == null) {
            return false;
        }
        for (byte[] bArr2 : bArr) {
            if (Utils.areEqual(rootCA().getFingerprint(), bArr2)) {
                return true;
            }
        }
        return false;
    }

    public String toString() {
        StringBuffer stringBuffer = new StringBuffer(new StringBuffer(String.valueOf(this.certificateList.size())).append(" certificate(s)").append(this.certificateList.size() > 0 ? ":\n" : "").toString());
        Enumeration elements = this.certificateList.elements();
        while (elements.hasMoreElements()) {
            X509 x509 = (X509) elements.nextElement();
            stringBuffer.append(new StringBuffer(String.valueOf(Utils.toHexString(x509.toBytes()))).append("\n").toString());
            stringBuffer.append(new StringBuffer("  ").append(x509).append("\n").toString());
        }
        return stringBuffer.toString();
    }

    public void verify() throws IOException {
        switch (this.state.params.certVerifier.verifyCertificate(true, this, this.state.socket)) {
            case 0:
                return;
            case 1:
                this.state.socket.sendAlert(2, 42);
                this.state.socket.abort();
                throw new SSLException("Certificate is invalid");
            case 2:
                this.state.socket.sendAlert(2, 43);
                this.state.socket.abort();
                throw new SSLException("Certificate is unsupported");
            case 3:
                this.state.socket.sendAlert(2, 44);
                this.state.socket.abort();
                throw new SSLException("Certificate has been revoked");
            case 4:
                this.state.socket.sendAlert(2, 45);
                this.state.socket.abort();
                throw new SSLException("Certificate has expired");
            case 5:
            default:
                this.state.socket.sendAlert(2, 46);
                this.state.socket.abort();
                throw new SSLException("Unknown error processing certificate");
        }
    }
}
