package org.apache.tomcat.util.net.puretls;

import COM.claymoresystems.cert.X509Cert;
import COM.claymoresystems.ptls.SSLSocket;
import COM.claymoresystems.sslg.SSLPolicyInt;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.Vector;
import org.apache.tomcat.util.buf.HexUtils;
import org.apache.tomcat.util.net.SSLSupport;

/* loaded from: input_file:org/apache/tomcat/util/net/puretls/PureTLSSupport.class */
class PureTLSSupport implements SSLSupport {
    private SSLSocket ssl;

    /* JADX INFO: Access modifiers changed from: package-private */
    public PureTLSSupport(SSLSocket sSLSocket) {
        this.ssl = sSLSocket;
    }

    @Override // org.apache.tomcat.util.net.SSLSupport
    public String getCipherSuite() throws IOException {
        return SSLPolicyInt.getCipherSuiteName(this.ssl.getCipherSuite());
    }

    @Override // org.apache.tomcat.util.net.SSLSupport
    public Object[] getPeerCertificateChain() throws IOException {
        return getPeerCertificateChain(false);
    }

    @Override // org.apache.tomcat.util.net.SSLSupport
    public Object[] getPeerCertificateChain(boolean z) throws IOException {
        Vector certificateChain = this.ssl.getCertificateChain();
        if (certificateChain == null && z) {
            SSLPolicyInt sSLPolicyInt = new SSLPolicyInt();
            sSLPolicyInt.requireClientAuth(true);
            sSLPolicyInt.handshakeOnConnect(false);
            sSLPolicyInt.waitOnClose(false);
            this.ssl.renegotiate(sSLPolicyInt);
            certificateChain = this.ssl.getCertificateChain();
        }
        if (certificateChain == null) {
            return null;
        }
        X509Certificate[] x509CertificateArr = new X509Certificate[certificateChain.size()];
        for (int i = 1; i <= certificateChain.size(); i++) {
            try {
                x509CertificateArr[i] = (X509Certificate) CertificateFactory.getInstance("X.509").generateCertificate(new ByteArrayInputStream(((X509Cert) certificateChain.elementAt(certificateChain.size() - i)).getDER()));
            } catch (CertificateException e) {
                throw new IOException("JDK's broken cert handling can't parse this certificate (which PureTLS likes");
            }
        }
        return x509CertificateArr;
    }

    @Override // org.apache.tomcat.util.net.SSLSupport
    public Integer getKeySize() throws IOException {
        String cipherSuiteName = SSLPolicyInt.getCipherSuiteName(this.ssl.getCipherSuite());
        int i = 0;
        int i2 = 0;
        while (true) {
            if (i2 >= SSLSupport.ciphers.length) {
                break;
            }
            if (cipherSuiteName.indexOf(SSLSupport.ciphers[i2].phrase) >= 0) {
                i = SSLSupport.ciphers[i2].keySize;
                break;
            }
            i2++;
        }
        return new Integer(i);
    }

    @Override // org.apache.tomcat.util.net.SSLSupport
    public String getSessionId() throws IOException {
        byte[] sessionID = this.ssl.getSessionID();
        if (sessionID == null) {
            return null;
        }
        return HexUtils.convert(sessionID);
    }
}
