package org.eclipse.californium.scandium.dtls;

import java.io.ByteArrayInputStream;
import java.net.InetSocketAddress;
import java.security.GeneralSecurityException;
import java.security.KeyFactory;
import java.security.PublicKey;
import java.security.cert.CertPath;
import java.security.cert.Certificate;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.security.spec.X509EncodedKeySpec;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Iterator;
import java.util.List;
import javax.security.auth.x500.X500Principal;
import org.eclipse.californium.scandium.dtls.AlertMessage;

/* compiled from: CertificateMessage.java */
/* loaded from: classes4.dex */
public final class c extends r {
    private static final org.slf4j.b k = org.slf4j.c.i(c.class.getCanonicalName());

    /* renamed from: g, reason: collision with root package name */
    private CertPath f26937g;

    /* renamed from: h, reason: collision with root package name */
    private List<byte[]> f26938h;

    /* renamed from: i, reason: collision with root package name */
    private byte[] f26939i;
    private int j;

    private c(CertPath certPath, InetSocketAddress inetSocketAddress) {
        super(inetSocketAddress);
        this.j = 3;
        this.f26937g = certPath;
        o();
    }

    public c(byte[] bArr, InetSocketAddress inetSocketAddress) {
        super(inetSocketAddress);
        this.j = 3;
        if (bArr == null) {
            throw new NullPointerException("Raw public key byte array must not be null");
        }
        byte[] copyOf = Arrays.copyOf(bArr, bArr.length);
        this.f26939i = copyOf;
        this.j += copyOf.length;
    }

    public c(X509Certificate[] x509CertificateArr, InetSocketAddress inetSocketAddress) {
        super(inetSocketAddress);
        this.j = 3;
        if (x509CertificateArr == null) {
            throw new NullPointerException("Certificate chain must not be null");
        }
        t(x509CertificateArr);
        o();
    }

    private void o() {
        if (this.f26937g == null || this.f26938h != null) {
            return;
        }
        this.f26938h = new ArrayList(this.f26937g.getCertificates().size());
        try {
            Iterator<? extends Certificate> it = this.f26937g.getCertificates().iterator();
            while (it.hasNext()) {
                byte[] encoded = it.next().getEncoded();
                this.f26938h.add(encoded);
                this.j += encoded.length + 3;
            }
        } catch (CertificateEncodingException e2) {
            this.f26938h = null;
            k.error("Could not encode certificate chain", (Throwable) e2);
        }
    }

    public static c p(byte[] bArr, boolean z, InetSocketAddress inetSocketAddress) throws HandshakeException {
        org.eclipse.californium.elements.s.b bVar = new org.eclipse.californium.elements.s.b(bArr);
        if (!z) {
            return s(bVar, inetSocketAddress);
        }
        k.debug("Parsing RawPublicKey CERTIFICATE message");
        return new c(bVar.e(bVar.d(24)), inetSocketAddress);
    }

    private static c s(org.eclipse.californium.elements.s.b bVar, InetSocketAddress inetSocketAddress) throws HandshakeException {
        k.debug("Parsing X.509 CERTIFICATE message");
        int d2 = bVar.d(24);
        ArrayList arrayList = new ArrayList();
        try {
            CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
            while (d2 > 0) {
                int d3 = bVar.d(24);
                d2 -= d3 + 3;
                arrayList.add(certificateFactory.generateCertificate(new ByteArrayInputStream(bVar.e(d3))));
            }
            return new c(certificateFactory.generateCertPath(arrayList), inetSocketAddress);
        } catch (CertificateException e2) {
            throw new HandshakeException("Cannot parse X.509 certificate chain provided by peer", new AlertMessage(AlertMessage.AlertLevel.FATAL, AlertMessage.AlertDescription.BAD_CERTIFICATE, inetSocketAddress), e2);
        }
    }

    private void t(X509Certificate[] x509CertificateArr) {
        ArrayList arrayList = new ArrayList();
        try {
            CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
            X500Principal x500Principal = null;
            for (X509Certificate x509Certificate : x509CertificateArr) {
                k.debug("Current Subject DN: {}", x509Certificate.getSubjectX500Principal().getName());
                if (x500Principal != null && !x500Principal.equals(x509Certificate.getSubjectX500Principal())) {
                    k.debug("Actual Issuer DN: {}", x509Certificate.getSubjectX500Principal().getName());
                    throw new IllegalArgumentException("Given certificates do not form a chain");
                }
                if (!x509Certificate.getIssuerX500Principal().equals(x509Certificate.getSubjectX500Principal())) {
                    arrayList.add(x509Certificate);
                    x500Principal = x509Certificate.getIssuerX500Principal();
                    k.debug("Expected Issuer DN: {}", x500Principal.getName());
                }
            }
            this.f26937g = certificateFactory.generateCertPath(arrayList);
        } catch (CertificateException e2) {
            k.error("could not create X.509 certificate factory", (Throwable) e2);
        }
    }

    @Override // org.eclipse.californium.scandium.dtls.r
    public byte[] b() {
        org.eclipse.californium.elements.s.c cVar = new org.eclipse.californium.elements.s.c();
        byte[] bArr = this.f26939i;
        if (bArr == null) {
            cVar.b(f() - 3, 24);
            for (byte[] bArr2 : this.f26938h) {
                cVar.b(bArr2.length, 24);
                cVar.d(bArr2);
            }
        } else {
            cVar.b(bArr.length, 24);
            cVar.d(this.f26939i);
        }
        return cVar.a();
    }

    @Override // org.eclipse.californium.scandium.dtls.r
    public int f() {
        return this.j;
    }

    @Override // org.eclipse.californium.scandium.dtls.r
    public HandshakeType h() {
        return HandshakeType.CERTIFICATE;
    }

    public CertPath q() {
        return this.f26937g;
    }

    public PublicKey r() {
        if (this.f26939i == null) {
            CertPath certPath = this.f26937g;
            if (certPath != null && !certPath.getCertificates().isEmpty()) {
                return this.f26937g.getCertificates().get(0).getPublicKey();
            }
        } else {
            try {
                return KeyFactory.getInstance("EC").generatePublic(new X509EncodedKeySpec(this.f26939i));
            } catch (GeneralSecurityException e2) {
                k.error("Could not reconstruct the peer's public key", (Throwable) e2);
            }
        }
        return null;
    }

    @Override // org.eclipse.californium.scandium.dtls.r
    public String toString() {
        StringBuilder sb = new StringBuilder();
        sb.append(super.toString());
        if (this.f26939i == null && this.f26937g != null) {
            sb.append("\t\tCertificate chain length: ");
            sb.append(f() - 3);
            sb.append(System.lineSeparator());
            int i2 = 0;
            for (Certificate certificate : this.f26937g.getCertificates()) {
                sb.append("\t\t\tCertificate Length: ");
                sb.append(this.f26938h.get(i2).length);
                sb.append(System.lineSeparator());
                sb.append("\t\t\tCertificate: ");
                sb.append(certificate);
                sb.append(System.lineSeparator());
                i2++;
            }
        } else if (this.f26939i != null && this.f26937g == null) {
            sb.append("\t\tRaw Public Key: ");
            sb.append(r().toString());
            sb.append(System.lineSeparator());
        }
        return sb.toString();
    }
}
