package j.a.a.c.i;

import java.net.InetSocketAddress;
import java.security.GeneralSecurityException;
import java.security.KeyFactory;
import java.security.PublicKey;
import java.security.cert.CertPath;
import java.security.cert.Certificate;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.security.spec.X509EncodedKeySpec;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.List;
import javax.security.auth.x500.X500Principal;
import org.eclipse.californium.scandium.dtls.AlertMessage;
import org.eclipse.californium.scandium.dtls.CertificateType;
import org.eclipse.californium.scandium.dtls.HandshakeException;
import org.eclipse.californium.scandium.dtls.HandshakeType;

/* loaded from: classes3.dex */
public final class d extends e0 {
    public static final String q = "X.509";
    public static final j.c.c r = j.c.d.a((Class<?>) d.class);
    public static final int s = 24;
    public static final int t = 24;
    public final CertPath l;
    public final List<byte[]> m;
    public final byte[] n;
    public final PublicKey o;
    public final int p;

    public d(CertPath certPath, InetSocketAddress inetSocketAddress) {
        super(inetSocketAddress);
        if (certPath == null) {
            throw new NullPointerException("Certificate chain must not be null");
        }
        PublicKey publicKey = null;
        this.n = null;
        this.l = certPath;
        List<? extends Certificate> certificates = certPath.getCertificates();
        ArrayList arrayList = new ArrayList(certificates.size());
        int i2 = 3;
        if (!certificates.isEmpty()) {
            try {
                PublicKey publicKey2 = null;
                int i3 = 3;
                for (Certificate certificate : certificates) {
                    publicKey2 = publicKey2 == null ? certificate.getPublicKey() : publicKey2;
                    byte[] encoded = certificate.getEncoded();
                    arrayList.add(encoded);
                    i3 += encoded.length + 3;
                }
                publicKey = publicKey2;
                i2 = i3;
            } catch (CertificateEncodingException e2) {
                r.warn("Could not encode certificate chain", (Throwable) e2);
                arrayList = null;
            }
        }
        this.o = publicKey;
        this.m = arrayList;
        this.p = i2;
    }

    public d(List<X509Certificate> list, InetSocketAddress inetSocketAddress) {
        this(list, null, inetSocketAddress);
    }

    public d(List<X509Certificate> list, List<X500Principal> list2, InetSocketAddress inetSocketAddress) {
        this(j.a.a.b.z.d.a(list, list2), inetSocketAddress);
        j.c.c cVar;
        Integer valueOf;
        String str;
        if (r.isDebugEnabled()) {
            int size = this.l.getCertificates().size();
            if (size < list.size()) {
                cVar = r;
                valueOf = Integer.valueOf(this.l.getCertificates().size());
                str = "created CERTIFICATE message with truncated certificate chain [length: {}]";
            } else {
                cVar = r;
                valueOf = Integer.valueOf(size);
                str = "created CERTIFICATE message with certificate chain [length: {}]";
            }
            cVar.debug(str, valueOf);
        }
    }

    public d(byte[] bArr, InetSocketAddress inetSocketAddress) {
        super(inetSocketAddress);
        if (bArr == null) {
            throw new NullPointerException("Raw public key byte array must not be null");
        }
        PublicKey publicKey = null;
        this.l = null;
        this.m = null;
        this.n = Arrays.copyOf(bArr, bArr.length);
        this.p = bArr.length + 3;
        try {
            publicKey = KeyFactory.getInstance(j.a.a.b.z.a.e(bArr)).generatePublic(new X509EncodedKeySpec(bArr));
        } catch (IllegalArgumentException | GeneralSecurityException e2) {
            r.warn("Could not reconstruct the peer's public key", e2);
        }
        this.o = publicKey;
    }

    public static d a(j.a.a.b.z.h hVar, InetSocketAddress inetSocketAddress) {
        r.debug("Parsing X.509 CERTIFICATE message");
        ArrayList arrayList = new ArrayList();
        j.a.a.b.z.h c2 = hVar.c(hVar.d(24));
        try {
            CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
            while (c2.b()) {
                arrayList.add(certificateFactory.generateCertificate(c2.b(c2.d(24))));
            }
            return new d(certificateFactory.generateCertPath(arrayList), inetSocketAddress);
        } catch (CertificateException e2) {
            throw new HandshakeException("Cannot parse X.509 certificate chain provided by peer", new AlertMessage(AlertMessage.AlertLevel.FATAL, AlertMessage.AlertDescription.BAD_CERTIFICATE, inetSocketAddress), e2);
        }
    }

    public static d a(j.a.a.b.z.h hVar, CertificateType certificateType, InetSocketAddress inetSocketAddress) {
        if (CertificateType.RAW_PUBLIC_KEY == certificateType) {
            r.debug("Parsing RawPublicKey CERTIFICATE message");
            return new d(hVar.e(hVar.d(24)), inetSocketAddress);
        }
        if (CertificateType.X_509 == certificateType) {
            return a(hVar, inetSocketAddress);
        }
        throw new IllegalArgumentException("Certificate type " + certificateType + " not supported!");
    }

    @Override // j.a.a.c.i.e0
    public byte[] b() {
        j.a.a.b.z.i iVar = new j.a.a.b.z.i();
        byte[] bArr = this.n;
        if (bArr == null) {
            iVar.a(e() - 3, 24);
            for (byte[] bArr2 : this.m) {
                iVar.a(bArr2.length, 24);
                iVar.a(bArr2);
            }
        } else {
            iVar.a(bArr.length, 24);
            iVar.a(this.n);
        }
        return iVar.d();
    }

    @Override // j.a.a.c.i.e0
    public int e() {
        return this.p;
    }

    @Override // j.a.a.c.i.e0
    public HandshakeType g() {
        return HandshakeType.CERTIFICATE;
    }

    public CertPath i() {
        return this.l;
    }

    public PublicKey j() {
        return this.o;
    }

    @Override // j.a.a.c.i.e0
    public String toString() {
        StringBuilder sb = new StringBuilder();
        sb.append(super.toString());
        if (this.n == null && this.l != null) {
            sb.append("\t\tCertificate chain length: ");
            sb.append(e() - 3);
            sb.append(j.a.a.b.z.v.a());
            int i2 = 0;
            for (Certificate certificate : this.l.getCertificates()) {
                sb.append("\t\t\tCertificate Length: ");
                sb.append(this.m.get(i2).length);
                sb.append(j.a.a.b.z.v.a());
                sb.append("\t\t\tCertificate: ");
                sb.append(certificate);
                sb.append(j.a.a.b.z.v.a());
                i2++;
            }
        } else if (this.n != null && this.l == null) {
            sb.append("\t\tRaw Public Key: ");
            sb.append(j().toString());
            sb.append(j.a.a.b.z.v.a());
        }
        return sb.toString();
    }
}
