package org.openeuler.sun.security.ssl;

import java.io.IOException;
import java.nio.ByteBuffer;
import java.security.cert.X509Certificate;
import java.text.MessageFormat;
import java.util.ArrayList;
import java.util.List;
import java.util.Locale;
import javax.net.ssl.SSLHandshakeException;
import org.openeuler.sun.security.ssl.CertStatusExtension;
import org.openeuler.sun.security.ssl.CertificateMessage;
import org.openeuler.sun.security.ssl.SSLHandshake;
import org.openeuler.sun.security.ssl.StatusResponseManager;
import sun.security.provider.certpath.OCSPResponse;

/* loaded from: classes6.dex */
final class CertificateStatus {
    static final HandshakeAbsence handshakeAbsence;
    static final SSLConsumer handshakeConsumer;
    static final HandshakeProducer handshakeProducer;

    /* loaded from: classes6.dex */
    private static final class CertificateStatusAbsence implements HandshakeAbsence {
        private CertificateStatusAbsence() {
        }

        @Override // org.openeuler.sun.security.ssl.HandshakeAbsence
        public void absent(ConnectionContext connectionContext, SSLHandshake.HandshakeMessage handshakeMessage) throws IOException {
            ClientHandshakeContext clientHandshakeContext = (ClientHandshakeContext) connectionContext;
            if (clientHandshakeContext.staplingActive) {
                if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
                    SSLLogger.fine("Server did not send CertificateStatus, checking cert chain without status info.", new Object[0]);
                }
                CertificateMessage.T12CertificateConsumer.checkServerCerts(clientHandshakeContext, clientHandshakeContext.deferredCerts);
            }
        }
    }

    /* loaded from: classes6.dex */
    private static final class CertificateStatusConsumer implements SSLConsumer {
        private CertificateStatusConsumer() {
        }

        @Override // org.openeuler.sun.security.ssl.SSLConsumer
        public void consume(ConnectionContext connectionContext, ByteBuffer byteBuffer) throws IOException {
            ClientHandshakeContext clientHandshakeContext = (ClientHandshakeContext) connectionContext;
            CertificateStatusMessage certificateStatusMessage = new CertificateStatusMessage(clientHandshakeContext, byteBuffer);
            if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
                SSLLogger.fine("Consuming server CertificateStatus handshake message", certificateStatusMessage);
            }
            clientHandshakeContext.handshakeSession.setStatusResponses(certificateStatusMessage.encodedResponses);
            CertificateMessage.T12CertificateConsumer.checkServerCerts(clientHandshakeContext, clientHandshakeContext.deferredCerts);
            clientHandshakeContext.handshakeConsumers.remove(Byte.valueOf(SSLHandshake.CERTIFICATE_STATUS.id));
        }
    }

    /* loaded from: classes6.dex */
    static final class CertificateStatusMessage extends SSLHandshake.HandshakeMessage {
        final List<byte[]> encodedResponses;
        int encodedResponsesLen;
        int messageLength;
        final CertStatusExtension.CertStatusRequestType statusType;

        CertificateStatusMessage(HandshakeContext handshakeContext) {
            super(handshakeContext);
            this.encodedResponsesLen = 0;
            this.messageLength = -1;
            ArrayList arrayList = new ArrayList();
            this.encodedResponses = arrayList;
            ServerHandshakeContext serverHandshakeContext = (ServerHandshakeContext) handshakeContext;
            StatusResponseManager.StaplingParameters staplingParameters = serverHandshakeContext.stapleParams;
            if (staplingParameters == null) {
                throw new IllegalArgumentException("Unexpected null stapling parameters");
            }
            X509Certificate[] x509CertificateArr = (X509Certificate[]) serverHandshakeContext.handshakeSession.getLocalCertificates();
            if (x509CertificateArr == null) {
                throw new IllegalArgumentException("Unexpected null certificate chain");
            }
            CertStatusExtension.CertStatusRequestType certStatusRequestType = staplingParameters.statReqType;
            this.statusType = certStatusRequestType;
            if (certStatusRequestType == CertStatusExtension.CertStatusRequestType.OCSP) {
                byte[] bArr = staplingParameters.responseMap.get(x509CertificateArr[0]);
                bArr = bArr == null ? new byte[0] : bArr;
                arrayList.add(bArr);
                this.encodedResponsesLen += bArr.length + 3;
            } else {
                if (certStatusRequestType != CertStatusExtension.CertStatusRequestType.OCSP_MULTI) {
                    throw new IllegalArgumentException("Unsupported StatusResponseType: " + certStatusRequestType);
                }
                for (X509Certificate x509Certificate : x509CertificateArr) {
                    byte[] bArr2 = staplingParameters.responseMap.get(x509Certificate);
                    if (bArr2 == null) {
                        bArr2 = new byte[0];
                    }
                    this.encodedResponses.add(bArr2);
                    this.encodedResponsesLen += bArr2.length + 3;
                }
            }
            this.messageLength = messageLength();
        }

        CertificateStatusMessage(HandshakeContext handshakeContext, ByteBuffer byteBuffer) throws IOException {
            super(handshakeContext);
            this.encodedResponsesLen = 0;
            this.messageLength = -1;
            ArrayList arrayList = new ArrayList();
            this.encodedResponses = arrayList;
            CertStatusExtension.CertStatusRequestType valueOf = CertStatusExtension.CertStatusRequestType.valueOf((byte) C10343.m80848(byteBuffer));
            this.statusType = valueOf;
            if (valueOf == CertStatusExtension.CertStatusRequestType.OCSP) {
                byte[] m80847 = C10343.m80847(byteBuffer);
                if (m80847.length <= 0) {
                    throw handshakeContext.conContext.fatal(Alert.HANDSHAKE_FAILURE, "Zero-length OCSP Response");
                }
                arrayList.add(m80847);
                this.encodedResponsesLen = m80847.length + 3;
            } else {
                if (valueOf != CertStatusExtension.CertStatusRequestType.OCSP_MULTI) {
                    throw handshakeContext.conContext.fatal(Alert.HANDSHAKE_FAILURE, "Unsupported StatusResponseType: " + valueOf);
                }
                int m80845 = C10343.m80845(byteBuffer);
                this.encodedResponsesLen = m80845;
                while (m80845 > 0) {
                    byte[] m808472 = C10343.m80847(byteBuffer);
                    this.encodedResponses.add(m808472);
                    m80845 -= m808472.length + 3;
                }
                if (m80845 != 0) {
                    throw handshakeContext.conContext.fatal(Alert.INTERNAL_ERROR, "Bad OCSP response list length");
                }
            }
            this.messageLength = messageLength();
        }

        @Override // org.openeuler.sun.security.ssl.SSLHandshake.HandshakeMessage
        public SSLHandshake handshakeType() {
            return SSLHandshake.CERTIFICATE_STATUS;
        }

        @Override // org.openeuler.sun.security.ssl.SSLHandshake.HandshakeMessage
        public int messageLength() {
            int i;
            if (this.messageLength == -1) {
                CertStatusExtension.CertStatusRequestType certStatusRequestType = this.statusType;
                int i2 = 1;
                if (certStatusRequestType == CertStatusExtension.CertStatusRequestType.OCSP) {
                    i = this.encodedResponsesLen;
                } else {
                    if (certStatusRequestType == CertStatusExtension.CertStatusRequestType.OCSP_MULTI) {
                        i = this.encodedResponsesLen + 3;
                    }
                    this.messageLength = i2;
                }
                i2 = 1 + i;
                this.messageLength = i2;
            }
            return this.messageLength;
        }

        @Override // org.openeuler.sun.security.ssl.SSLHandshake.HandshakeMessage
        public void send(HandshakeOutStream handshakeOutStream) throws IOException {
            handshakeOutStream.putInt8(this.statusType.id);
            CertStatusExtension.CertStatusRequestType certStatusRequestType = this.statusType;
            if (certStatusRequestType == CertStatusExtension.CertStatusRequestType.OCSP) {
                handshakeOutStream.putBytes24(this.encodedResponses.get(0));
                return;
            }
            if (certStatusRequestType != CertStatusExtension.CertStatusRequestType.OCSP_MULTI) {
                throw new SSLHandshakeException("Unsupported status_type: " + ((int) this.statusType.id));
            }
            handshakeOutStream.putInt24(this.encodedResponsesLen);
            for (byte[] bArr : this.encodedResponses) {
                if (bArr != null) {
                    handshakeOutStream.putBytes24(bArr);
                } else {
                    handshakeOutStream.putBytes24(null);
                }
            }
        }

        public String toString() {
            StringBuilder sb = new StringBuilder();
            for (byte[] bArr : this.encodedResponses) {
                if (bArr.length > 0) {
                    try {
                        sb.append(new OCSPResponse(bArr).toString());
                        sb.append("\n");
                    } catch (IOException e) {
                        sb.append("OCSP Response Exception: ");
                        sb.append(e);
                        sb.append("\n");
                    }
                } else {
                    sb.append("<Zero-length entry>\n");
                }
            }
            return new MessageFormat("\"CertificateStatus\": '{'\n  \"type\"                : \"{0}\",\n  \"responses \"          : [\n{1}\n  ]\n'}'", Locale.ENGLISH).format(new Object[]{this.statusType.name, Utilities.indent(Utilities.indent(sb.toString()))});
        }
    }

    /* loaded from: classes6.dex */
    private static final class CertificateStatusProducer implements HandshakeProducer {
        private CertificateStatusProducer() {
        }

        @Override // org.openeuler.sun.security.ssl.HandshakeProducer
        public byte[] produce(ConnectionContext connectionContext, SSLHandshake.HandshakeMessage handshakeMessage) throws IOException {
            ServerHandshakeContext serverHandshakeContext = (ServerHandshakeContext) connectionContext;
            if (!serverHandshakeContext.staplingActive) {
                return null;
            }
            CertificateStatusMessage certificateStatusMessage = new CertificateStatusMessage(serverHandshakeContext);
            if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
                SSLLogger.fine("Produced server CertificateStatus handshake message", certificateStatusMessage);
            }
            certificateStatusMessage.write(serverHandshakeContext.handshakeOutput);
            serverHandshakeContext.handshakeOutput.flush();
            return null;
        }
    }

    static {
        handshakeConsumer = new CertificateStatusConsumer();
        handshakeProducer = new CertificateStatusProducer();
        handshakeAbsence = new CertificateStatusAbsence();
    }

    CertificateStatus() {
    }
}
