package com.sun.jini.discovery.internal;

import com.sun.jini.discovery.DatagramBufferFactory;
import com.sun.jini.discovery.DelayedMulticastAnnouncementDecoder;
import com.sun.jini.discovery.DiscoveryProtocolException;
import com.sun.jini.discovery.MulticastAnnouncement;
import com.sun.jini.discovery.MulticastRequest;
import com.sun.jini.discovery.MulticastRequestEncoder;
import com.sun.jini.discovery.internal.X500Provider;
import java.io.IOException;
import java.nio.ByteBuffer;
import java.security.cert.Certificate;
import java.util.logging.Level;
import javax.security.auth.x500.X500Principal;
import javax.security.auth.x500.X500PrivateCredential;
import net.jini.core.constraint.InvocationConstraints;
import net.jini.io.UnsupportedConstraintException;

/* loaded from: input_file:com/sun/jini/discovery/internal/X500Client.class */
public class X500Client extends X500Provider implements MulticastRequestEncoder, DelayedMulticastAnnouncementDecoder {

    /* JADX INFO: Access modifiers changed from: package-private */
    /* renamed from: com.sun.jini.discovery.internal.X500Client$1, reason: invalid class name */
    /* loaded from: input_file:com/sun/jini/discovery/internal/X500Client$1.class */
    public static class AnonymousClass1 {
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:com/sun/jini/discovery/internal/X500Client$X500MulticastAnnouncement.class */
    public class X500MulticastAnnouncement extends MulticastAnnouncement {
        private final InvocationConstraints constraints;
        private final X500Principal p;
        private final ByteBuffer signature;
        private final ByteBuffer signed;
        private final X500Client this$0;

        /* JADX WARN: 'super' call moved to the top of the method (can break code semantics) */
        private X500MulticastAnnouncement(X500Client x500Client, MulticastAnnouncement multicastAnnouncement, InvocationConstraints invocationConstraints, X500Principal x500Principal, ByteBuffer byteBuffer, ByteBuffer byteBuffer2) {
            super(multicastAnnouncement.getSequenceNumber(), multicastAnnouncement.getHost(), multicastAnnouncement.getPort(), multicastAnnouncement.getGroups(), multicastAnnouncement.getServiceID());
            this.this$0 = x500Client;
            this.constraints = invocationConstraints;
            this.p = x500Principal;
            this.signature = byteBuffer;
            this.signed = byteBuffer2;
        }

        @Override // com.sun.jini.discovery.MulticastAnnouncement
        public void checkConstraints() throws IOException {
            try {
                if (X500Constraints.process(this.constraints, false).checkServerPrincipal(this.p) < 0) {
                    throw new UnsupportedConstraintException(new StringBuffer().append("principal not allowed: ").append(this.p).toString());
                }
                Certificate certificate = this.this$0.getCertificate(this.p);
                if (certificate == null) {
                    throw new DiscoveryProtocolException(new StringBuffer().append("unknown principal: ").append(this.p).toString());
                }
                if (X500Provider.logger.isLoggable(Level.FINEST)) {
                    X500Provider.logger.log(Level.FINEST, "mapped principal {0} to {1}", new Object[]{this.p, certificate});
                }
                if (!this.this$0.verify(this.signed.duplicate(), this.signature.duplicate(), certificate.getPublicKey())) {
                    throw new DiscoveryProtocolException(new StringBuffer().append("signature verification failed: ").append(this.p).toString());
                }
            } catch (IOException e) {
                throw e;
            } catch (SecurityException e2) {
                throw e2;
            } catch (Exception e3) {
                throw new DiscoveryProtocolException(null, e3);
            }
        }

        X500MulticastAnnouncement(X500Client x500Client, MulticastAnnouncement multicastAnnouncement, InvocationConstraints invocationConstraints, X500Principal x500Principal, ByteBuffer byteBuffer, ByteBuffer byteBuffer2, AnonymousClass1 anonymousClass1) {
            this(x500Client, multicastAnnouncement, invocationConstraints, x500Principal, byteBuffer, byteBuffer2);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public X500Client(String str, String str2, int i, String str3, String str4) {
        super(str, str2, i, str3, str4);
    }

    @Override // com.sun.jini.discovery.MulticastRequestEncoder
    public void encodeMulticastRequest(MulticastRequest multicastRequest, DatagramBufferFactory datagramBufferFactory, InvocationConstraints invocationConstraints) throws IOException {
        if (multicastRequest == null || datagramBufferFactory == null) {
            throw new NullPointerException();
        }
        try {
            X500Constraints process = X500Constraints.process(invocationConstraints, true);
            X500PrivateCredential x500PrivateCredential = null;
            int i = -1;
            SecurityException securityException = null;
            for (X500PrivateCredential x500PrivateCredential2 : getPrivateCredentials()) {
                X500Principal subjectX500Principal = x500PrivateCredential2.getCertificate().getSubjectX500Principal();
                int checkClientPrincipal = process.checkClientPrincipal(subjectX500Principal);
                if (checkClientPrincipal >= 0) {
                    try {
                        checkAuthenticationPermission(subjectX500Principal, "connect");
                        if (checkClientPrincipal > i) {
                            x500PrivateCredential = x500PrivateCredential2;
                            i = checkClientPrincipal;
                        }
                    } catch (SecurityException e) {
                        securityException = e;
                        if (logger.isLoggable(Level.FINE)) {
                            logger.log(Level.FINE, "not authorized to use principal {0}", new Object[]{subjectX500Principal});
                        }
                    }
                } else if (logger.isLoggable(Level.FINEST)) {
                    logger.log(Level.FINEST, "skipping disallowed principal {0}", new Object[]{subjectX500Principal});
                }
            }
            if (x500PrivateCredential == null) {
                UnsupportedConstraintException unsupportedConstraintException = new UnsupportedConstraintException(new StringBuffer().append("unsupported constraints: ").append(invocationConstraints).toString());
                if (securityException != null) {
                    secureThrow(securityException, unsupportedConstraintException);
                }
                throw unsupportedConstraintException;
            }
            if (logger.isLoggable(Level.FINEST)) {
                logger.log(Level.FINEST, "using principal {0}", new Object[]{x500PrivateCredential});
            }
            X500Provider.SigningBufferFactory signingBufferFactory = new X500Provider.SigningBufferFactory(this, datagramBufferFactory, x500PrivateCredential);
            Plaintext.encodeMulticastRequest(multicastRequest, signingBufferFactory);
            signingBufferFactory.sign();
        } catch (IOException e2) {
            throw e2;
        } catch (SecurityException e3) {
            throw e3;
        } catch (Exception e4) {
            throw new DiscoveryProtocolException(null, e4);
        }
    }

    @Override // com.sun.jini.discovery.DelayedMulticastAnnouncementDecoder
    public MulticastAnnouncement decodeMulticastAnnouncement(ByteBuffer byteBuffer, InvocationConstraints invocationConstraints, boolean z) throws IOException {
        try {
            int i = byteBuffer.getInt();
            ByteBuffer duplicate = byteBuffer.duplicate();
            duplicate.limit(duplicate.position() + i);
            byteBuffer.position(duplicate.limit());
            X500MulticastAnnouncement x500MulticastAnnouncement = new X500MulticastAnnouncement(this, Plaintext.decodeMulticastAnnouncement(duplicate), invocationConstraints, new X500Principal(Plaintext.getUtf(byteBuffer)), byteBuffer.duplicate(), (ByteBuffer) duplicate.duplicate().position(0), null);
            if (!z) {
                x500MulticastAnnouncement.checkConstraints();
            }
            return x500MulticastAnnouncement;
        } catch (IOException e) {
            throw e;
        } catch (SecurityException e2) {
            throw e2;
        } catch (Exception e3) {
            throw new DiscoveryProtocolException(null, e3);
        }
    }

    @Override // com.sun.jini.discovery.MulticastAnnouncementDecoder
    public MulticastAnnouncement decodeMulticastAnnouncement(ByteBuffer byteBuffer, InvocationConstraints invocationConstraints) throws IOException {
        return decodeMulticastAnnouncement(byteBuffer, invocationConstraints, false);
    }
}
