package de.flyingsnail.ipv6droid.transport.dtls;

import de.flyingsnail.ipv6droid.android.AndroidLoggingHandler;
import java.io.IOException;
import java.util.Vector;
import java.util.logging.Logger;
import org.bouncycastle.tls.CertificateRequest;
import org.bouncycastle.tls.SignatureAndHashAlgorithm;
import org.bouncycastle.tls.TlsAuthentication;
import org.bouncycastle.tls.TlsCredentialedSigner;
import org.bouncycastle.tls.TlsCredentials;
import org.bouncycastle.tls.TlsServerCertificate;
import org.bouncycastle.tls.crypto.TlsCertificate;
import org.bouncycastle.util.Arrays;

/* loaded from: classes.dex */
class IPv6TlsAuthentication implements TlsAuthentication {
    private final ChainChecker chainChecker;
    private final Vector<SignatureAndHashAlgorithm> clientSigAlgs;
    private final Logger logger = AndroidLoggingHandler.getLogger(IPv6TlsAuthentication.class);
    private final TlsCredentialedSigner tlsCredentialedSigner;

    /* JADX INFO: Access modifiers changed from: package-private */
    public IPv6TlsAuthentication(TlsCertificate tlsCertificate, Vector<SignatureAndHashAlgorithm> vector, TlsCredentialedSigner tlsCredentialedSigner) {
        this.clientSigAlgs = vector;
        this.tlsCredentialedSigner = tlsCredentialedSigner;
        this.chainChecker = new ChainChecker(tlsCertificate);
    }

    @Override // org.bouncycastle.tls.TlsAuthentication
    public TlsCredentials getClientCredentials(CertificateRequest certificateRequest) {
        this.logger.info("Client credentials requested");
        short[] certificateTypes = certificateRequest.getCertificateTypes();
        if (certificateTypes == null || !Arrays.contains(certificateTypes, (short) 1)) {
            this.logger.warning("Client certificate type rsa_sign not supported");
            return null;
        }
        if (this.clientSigAlgs.contains(this.tlsCredentialedSigner.getSignatureAndHashAlgorithm())) {
            return this.tlsCredentialedSigner;
        }
        this.logger.warning("Signature algorithm SHA256withRSA not supported");
        return null;
    }

    @Override // org.bouncycastle.tls.TlsAuthentication
    public void notifyServerCertificate(TlsServerCertificate tlsServerCertificate) throws IOException {
        TlsCertificate[] certificateList = tlsServerCertificate.getCertificate().getCertificateList();
        this.logger.info("Cert chain received of " + certificateList.length);
        if (certificateList.length < 2) {
            throw new VerboseTlsFatalAlert((short) 41, null);
        }
        this.chainChecker.checkChain(certificateList);
    }
}
