package org.eclipse.californium.scandium.dtls.cipher;

import java.util.Iterator;
import org.eclipse.californium.scandium.dtls.CertificateType;
import org.eclipse.californium.scandium.dtls.SignatureAndHashAlgorithm;
import org.eclipse.californium.scandium.dtls.cipher.CipherSuite;
import org.eclipse.californium.scandium.dtls.cipher.CipherSuiteParameters;
import org.eclipse.californium.scandium.dtls.cipher.XECDHECryptography;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: classes17.dex */
public class DefaultCipherSuiteSelector implements CipherSuiteSelector {
    protected static final Logger LOGGER = LoggerFactory.getLogger((Class<?>) DefaultCipherSuiteSelector.class);

    protected boolean select(CipherSuite cipherSuite, CipherSuiteParameters cipherSuiteParameters) {
        if (cipherSuite.isEccBased()) {
            if (cipherSuiteParameters.getSupportedGroups().isEmpty()) {
                cipherSuiteParameters.setGeneralMismatch(CipherSuiteParameters.GeneralMismatch.EC_GROUPS);
                return false;
            }
            if (cipherSuiteParameters.getFormat() == null) {
                cipherSuiteParameters.setGeneralMismatch(CipherSuiteParameters.GeneralMismatch.EC_FORMAT);
                return false;
            }
        }
        if (cipherSuite.requiresServerCertificateMessage()) {
            if (cipherSuiteParameters.getCertificateMismatch() == null) {
                return selectForCertificate(cipherSuiteParameters, cipherSuite);
            }
            return false;
        }
        if (cipherSuite.isEccBased()) {
            cipherSuiteParameters.selectSupportedGroup(cipherSuiteParameters.getSupportedGroups().get(0));
        }
        cipherSuiteParameters.select(cipherSuite);
        return true;
    }

    @Override // org.eclipse.californium.scandium.dtls.cipher.CipherSuiteSelector
    public boolean select(CipherSuiteParameters cipherSuiteParameters) {
        if (cipherSuiteParameters.getCipherSuites().isEmpty()) {
            cipherSuiteParameters.setGeneralMismatch(CipherSuiteParameters.GeneralMismatch.CIPHER_SUITE);
            return false;
        }
        Iterator<CipherSuite> it = cipherSuiteParameters.getCipherSuites().iterator();
        while (it.hasNext()) {
            if (select(it.next(), cipherSuiteParameters)) {
                return true;
            }
        }
        return false;
    }

    protected boolean selectForCertificate(CipherSuiteParameters cipherSuiteParameters, CipherSuite cipherSuite) {
        if (cipherSuiteParameters.getServerCertTypes().isEmpty()) {
            cipherSuiteParameters.setCertificateMismatch(CipherSuiteParameters.CertificateBasedMismatch.SERVER_CERT_TYPE);
            return false;
        }
        boolean z = cipherSuiteParameters.isClientAuthenticationRequired() || cipherSuiteParameters.isClientAuthenticationWanted();
        if (z && cipherSuiteParameters.getClientCertTypes().isEmpty()) {
            cipherSuiteParameters.setCertificateMismatch(CipherSuiteParameters.CertificateBasedMismatch.CLIENT_CERT_TYPE);
            return false;
        }
        if (cipherSuiteParameters.getSignatures().isEmpty()) {
            cipherSuiteParameters.setCertificateMismatch(CipherSuiteParameters.CertificateBasedMismatch.SIGNATURE_ALGORITHMS);
            return false;
        }
        if (cipherSuite.getCertificateKeyAlgorithm() != CipherSuite.CertificateKeyAlgorithm.EC) {
            throw new IllegalArgumentException("Only ECDSA certificate based cipher suites are supported!");
        }
        XECDHECryptography.SupportedGroup fromPublicKey = XECDHECryptography.SupportedGroup.fromPublicKey(cipherSuiteParameters.getPublicKey());
        if (fromPublicKey == null || !cipherSuiteParameters.getSupportedGroups().contains(fromPublicKey)) {
            cipherSuiteParameters.setCertificateMismatch(CipherSuiteParameters.CertificateBasedMismatch.CERTIFICATE_EC_GROUPS);
            return false;
        }
        SignatureAndHashAlgorithm supportedSignatureAlgorithm = SignatureAndHashAlgorithm.getSupportedSignatureAlgorithm(cipherSuiteParameters.getSignatures(), cipherSuiteParameters.getPublicKey());
        if (supportedSignatureAlgorithm == null) {
            cipherSuiteParameters.setCertificateMismatch(CipherSuiteParameters.CertificateBasedMismatch.CERTIFICATE_SIGNATURE_ALGORITHMS);
            return false;
        }
        CertificateType certificateType = cipherSuiteParameters.getServerCertTypes().get(0);
        if (CertificateType.X_509.equals(certificateType)) {
            if (cipherSuiteParameters.getCertificateChain() == null) {
                throw new IllegalArgumentException("Certificate type x509 requires a certificate chain!");
            }
            boolean isSignedWithSupportedAlgorithms = SignatureAndHashAlgorithm.isSignedWithSupportedAlgorithms(cipherSuiteParameters.getSignatures(), cipherSuiteParameters.getCertificateChain());
            if (isSignedWithSupportedAlgorithms) {
                isSignedWithSupportedAlgorithms = XECDHECryptography.SupportedGroup.isSupported(cipherSuiteParameters.getSupportedGroups(), cipherSuiteParameters.getCertificateChain());
            }
            if (!isSignedWithSupportedAlgorithms) {
                if (!cipherSuiteParameters.getServerCertTypes().contains(CertificateType.RAW_PUBLIC_KEY)) {
                    cipherSuiteParameters.setCertificateMismatch(CipherSuiteParameters.CertificateBasedMismatch.CERTIFICATE_PATH_SIGNATURE_ALGORITHMS);
                    return false;
                }
                certificateType = CertificateType.RAW_PUBLIC_KEY;
            }
        }
        cipherSuiteParameters.select(cipherSuite);
        cipherSuiteParameters.selectServerCertificateType(certificateType);
        cipherSuiteParameters.selectSignatureAndHashAlgorithm(supportedSignatureAlgorithm);
        cipherSuiteParameters.selectSupportedGroup(cipherSuiteParameters.getSupportedGroups().get(0));
        cipherSuiteParameters.selectClientCertificateType(z ? cipherSuiteParameters.getClientCertTypes().get(0) : null);
        return true;
    }
}
