package o;

import java.io.ByteArrayInputStream;
import java.net.InetSocketAddress;
import java.security.GeneralSecurityException;
import java.security.KeyFactory;
import java.security.PublicKey;
import java.security.cert.CertPath;
import java.security.cert.Certificate;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.security.spec.X509EncodedKeySpec;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Iterator;
import java.util.List;
import javax.security.auth.x500.X500Principal;
import o.flc;

/* loaded from: classes11.dex */
public final class flf extends fme {
    private static final fpd b = fpg.d(flf.class.getCanonicalName());
    private List<byte[]> c;
    private byte[] d;
    CertPath e;
    private int h;

    private flf(CertPath certPath, InetSocketAddress inetSocketAddress) {
        super(inetSocketAddress);
        this.h = 3;
        this.e = certPath;
        g();
    }

    public flf(byte[] bArr, InetSocketAddress inetSocketAddress) {
        super(inetSocketAddress);
        this.h = 3;
        if (bArr == null) {
            throw new NullPointerException("Raw public key byte array must not be null");
        }
        this.d = Arrays.copyOf(bArr, bArr.length);
        this.h += this.d.length;
    }

    public flf(X509Certificate[] x509CertificateArr, InetSocketAddress inetSocketAddress) {
        super(inetSocketAddress);
        this.h = 3;
        if (x509CertificateArr == null) {
            throw new NullPointerException("Certificate chain must not be null");
        }
        e(x509CertificateArr);
        g();
    }

    private static flf b(fku fkuVar, InetSocketAddress inetSocketAddress) throws fmc {
        b.e("Parsing X.509 CERTIFICATE message");
        int d = fkuVar.d(24);
        ArrayList arrayList = new ArrayList();
        try {
            CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
            while (d > 0) {
                int d2 = fkuVar.d(24);
                d -= d2 + 3;
                arrayList.add(certificateFactory.generateCertificate(new ByteArrayInputStream(fkuVar.e(d2))));
            }
            return new flf(certificateFactory.generateCertPath(arrayList), inetSocketAddress);
        } catch (CertificateException e) {
            throw new fmc("Cannot parse X.509 certificate chain provided by peer", new flc(flc.a.FATAL, flc.b.BAD_CERTIFICATE, inetSocketAddress), e);
        }
    }

    public static flf c(byte[] bArr, boolean z, InetSocketAddress inetSocketAddress) throws fmc {
        fku fkuVar = new fku(bArr);
        if (!z) {
            return b(fkuVar, inetSocketAddress);
        }
        b.e("Parsing RawPublicKey CERTIFICATE message");
        return new flf(fkuVar.e(fkuVar.d(24)), inetSocketAddress);
    }

    private void e(X509Certificate[] x509CertificateArr) {
        ArrayList arrayList = new ArrayList();
        X500Principal x500Principal = null;
        try {
            CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
            for (X509Certificate x509Certificate : x509CertificateArr) {
                b.b("Current Subject DN: {}", x509Certificate.getSubjectX500Principal().getName());
                if (x500Principal != null && !x500Principal.equals(x509Certificate.getSubjectX500Principal())) {
                    b.b("Actual Issuer DN: {}", x509Certificate.getSubjectX500Principal().getName());
                    throw new IllegalArgumentException("Given certificates do not form a chain");
                }
                if (!x509Certificate.getIssuerX500Principal().equals(x509Certificate.getSubjectX500Principal())) {
                    arrayList.add(x509Certificate);
                    x500Principal = x509Certificate.getIssuerX500Principal();
                    b.b("Expected Issuer DN: {}", x500Principal.getName());
                }
            }
            this.e = certificateFactory.generateCertPath(arrayList);
        } catch (CertificateException e) {
            b.e("could not create X.509 certificate factory", (Throwable) e);
        }
    }

    private void g() {
        if (this.e == null || this.c != null) {
            return;
        }
        this.c = new ArrayList(this.e.getCertificates().size());
        try {
            Iterator<? extends Certificate> it = this.e.getCertificates().iterator();
            while (it.hasNext()) {
                byte[] encoded = it.next().getEncoded();
                this.c.add(encoded);
                this.h += encoded.length + 3;
            }
        } catch (CertificateEncodingException e) {
            this.c = null;
            b.e("Could not encode certificate chain", (Throwable) e);
        }
    }

    @Override // o.fme
    public final fmb b() {
        return fmb.CERTIFICATE;
    }

    @Override // o.fme
    public final int c() {
        return this.h;
    }

    @Override // o.fme
    public final byte[] f() {
        fks fksVar = new fks();
        if (this.d == null) {
            fksVar.a(this.h - 3, 24);
            for (byte[] bArr : this.c) {
                fksVar.a(bArr.length, 24);
                fksVar.c(bArr);
            }
        } else {
            fksVar.a(this.d.length, 24);
            fksVar.c(this.d);
        }
        return fksVar.b();
    }

    public final PublicKey h() {
        if (this.d == null) {
            if (this.e == null || this.e.getCertificates().isEmpty()) {
                return null;
            }
            return this.e.getCertificates().get(0).getPublicKey();
        }
        try {
            return KeyFactory.getInstance("EC").generatePublic(new X509EncodedKeySpec(this.d));
        } catch (GeneralSecurityException e) {
            b.e("Could not reconstruct the peer's public key", (Throwable) e);
            return null;
        }
    }

    @Override // o.fme
    public final String toString() {
        StringBuilder sb = new StringBuilder();
        sb.append(super.toString());
        if (this.d == null && this.e != null) {
            sb.append("\t\tCertificate chain length: ").append(c() - 3).append(System.lineSeparator());
            int i = 0;
            for (Certificate certificate : this.e.getCertificates()) {
                sb.append("\t\t\tCertificate Length: ").append(this.c.get(i).length).append(System.lineSeparator());
                sb.append("\t\t\tCertificate: ").append(certificate).append(System.lineSeparator());
                i++;
            }
        } else if (this.d != null && this.e == null) {
            sb.append("\t\tRaw Public Key: ");
            sb.append(h().toString());
            sb.append(System.lineSeparator());
        }
        return sb.toString();
    }
}
