package com.ibm.jsse;

import com.ibm.net.ssl.X509KeyManager;
import com.ibm.net.ssl.X509TrustManager;
import com.ibm.sslite.a;
import com.ibm.sslite.w;
import java.io.ByteArrayInputStream;
import java.security.PrivateKey;
import java.security.SecureRandom;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;

/* loaded from: input_file:runtime/ibmjsse.jar:com/ibm/jsse/JSSEToken.class */
final class JSSEToken extends a {
    private SecureRandom sr;
    private X509TrustManager tm;
    private X509KeyManager km;

    @Override // com.ibm.sslite.a
    public boolean verify(w wVar, boolean z) {
        if (this.tm == null) {
            return false;
        }
        X509Certificate[] chain = getChain(wVar);
        return z ? this.tm.isServerTrusted(chain) : this.tm.isClientTrusted(chain);
    }

    @Override // com.ibm.sslite.a
    public byte[] random(int i) {
        if (this.sr == null) {
            return null;
        }
        byte[] bArr = new byte[i];
        this.sr.nextBytes(bArr);
        return bArr;
    }

    @Override // com.ibm.sslite.a
    public w[] getPrivateCertificates(byte[] bArr, int i, int i2, int i3, boolean z) {
        if (this.km == null) {
            return null;
        }
        String str = i3 == 1 ? "RSA" : "DSA";
        String[] serverAliases = z ? this.km.getServerAliases(str, null) : this.km.getClientAliases(str, null);
        w[] wVarArr = new w[serverAliases.length];
        int i4 = 0;
        int i5 = 0;
        while (i5 < serverAliases.length) {
            w cert = getCert(serverAliases[i5]);
            wVarArr[i4] = cert;
            if (cert != null) {
                i4++;
            }
            i5++;
        }
        if (i4 == 0) {
            return null;
        }
        if (i4 != i5) {
            w[] wVarArr2 = new w[i4];
            wVarArr = wVarArr2;
            System.arraycopy(wVarArr, 0, wVarArr2, 0, i4);
        }
        return wVarArr;
    }

    @Override // com.ibm.sslite.a
    public w getPrivateCertificate(int i, boolean z, boolean z2) {
        if (this.km == null) {
            return null;
        }
        String str = i == 1 ? "RSA" : "DSA";
        return getCert(z2 ? this.km.chooseServerAlias(str, null) : this.km.chooseClientAlias(str, null));
    }

    X509Certificate[] getChain(w wVar) {
        if (wVar == null) {
            return null;
        }
        int i = 1;
        w wVar2 = wVar;
        while (true) {
            w p = wVar2.p();
            if (p == null || wVar2 == p) {
                break;
            }
            wVar2 = p;
            i++;
        }
        X509Certificate[] x509CertificateArr = new X509Certificate[i];
        try {
            CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
            for (int i2 = 0; i2 < i; i2++) {
                x509CertificateArr[i2] = (X509Certificate) certificateFactory.generateCertificate(new ByteArrayInputStream(wVar.d()));
                wVar = wVar.p();
            }
            return x509CertificateArr;
        } catch (Exception unused) {
            return null;
        }
    }

    w getCert(String str) {
        w wVar = null;
        X509Certificate[] certificateChain = this.km.getCertificateChain(str);
        PrivateKey privateKey = this.km.getPrivateKey(str);
        if (certificateChain == null || privateKey == null) {
            return null;
        }
        try {
            if (!privateKey.getFormat().equals("PKCS#8")) {
                return null;
            }
            for (int i = 0; i < certificateChain.length; i++) {
                if (i == 0) {
                    wVar = new w(certificateChain[0].getEncoded(), privateKey.getEncoded(), (String) null);
                } else if (!new w(certificateChain[i].getEncoded(), null).a(wVar, false)) {
                    return null;
                }
            }
            return wVar;
        } catch (Exception unused) {
            return null;
        }
    }

    @Override // com.ibm.sslite.a
    public byte[] getAcceptedIssuers() {
        if (this.tm == null) {
            return null;
        }
        X509Certificate[] acceptedIssuers = this.tm.getAcceptedIssuers();
        a aVar = new a();
        for (X509Certificate x509Certificate : acceptedIssuers) {
            try {
                w wVar = new w(x509Certificate.getEncoded(), null);
                aVar.c(wVar, null);
                aVar.a(wVar, 1);
            } catch (Exception unused) {
            }
        }
        return aVar.getAcceptedIssuers();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public JSSEToken(X509KeyManager x509KeyManager, X509TrustManager x509TrustManager, SecureRandom secureRandom) {
        this.km = x509KeyManager;
        this.tm = x509TrustManager;
        this.sr = secureRandom;
    }
}
