package org.conscrypt.ct;

import com.bx.soraka.trace.core.AppMethodBeat;
import java.io.OutputStream;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import org.apache.commons.codec.digest.MessageDigestAlgorithms;
import org.conscrypt.OpenSSLX509Certificate;

/* loaded from: classes9.dex */
public class CertificateEntry {
    private final byte[] certificate;
    private final LogEntryType entryType;
    private final byte[] issuerKeyHash;

    /* loaded from: classes9.dex */
    public enum LogEntryType {
        X509_ENTRY,
        PRECERT_ENTRY;

        static {
            AppMethodBeat.i(12926);
            AppMethodBeat.o(12926);
        }

        public static LogEntryType valueOf(String str) {
            AppMethodBeat.i(12924);
            LogEntryType logEntryType = (LogEntryType) Enum.valueOf(LogEntryType.class, str);
            AppMethodBeat.o(12924);
            return logEntryType;
        }

        /* renamed from: values, reason: to resolve conflict with enum method */
        public static LogEntryType[] valuesCustom() {
            AppMethodBeat.i(12923);
            LogEntryType[] logEntryTypeArr = (LogEntryType[]) values().clone();
            AppMethodBeat.o(12923);
            return logEntryTypeArr;
        }
    }

    private CertificateEntry(LogEntryType logEntryType, byte[] bArr, byte[] bArr2) {
        AppMethodBeat.i(12929);
        if (logEntryType == LogEntryType.PRECERT_ENTRY && bArr2 == null) {
            IllegalArgumentException illegalArgumentException = new IllegalArgumentException("issuerKeyHash missing for precert entry.");
            AppMethodBeat.o(12929);
            throw illegalArgumentException;
        }
        if (logEntryType == LogEntryType.X509_ENTRY && bArr2 != null) {
            IllegalArgumentException illegalArgumentException2 = new IllegalArgumentException("unexpected issuerKeyHash for X509 entry.");
            AppMethodBeat.o(12929);
            throw illegalArgumentException2;
        }
        if (bArr2 != null && bArr2.length != 32) {
            IllegalArgumentException illegalArgumentException3 = new IllegalArgumentException("issuerKeyHash must be 32 bytes long");
            AppMethodBeat.o(12929);
            throw illegalArgumentException3;
        }
        this.entryType = logEntryType;
        this.issuerKeyHash = bArr2;
        this.certificate = bArr;
        AppMethodBeat.o(12929);
    }

    public static CertificateEntry createForPrecertificate(OpenSSLX509Certificate openSSLX509Certificate, OpenSSLX509Certificate openSSLX509Certificate2) throws CertificateException {
        AppMethodBeat.i(12933);
        try {
            if (!openSSLX509Certificate.getNonCriticalExtensionOIDs().contains(CTConstants.X509_SCT_LIST_OID)) {
                CertificateException certificateException = new CertificateException("Certificate does not contain embedded signed timestamps");
                AppMethodBeat.o(12933);
                throw certificateException;
            }
            byte[] tBSCertificate = openSSLX509Certificate.withDeletedExtension(CTConstants.X509_SCT_LIST_OID).getTBSCertificate();
            byte[] encoded = openSSLX509Certificate2.getPublicKey().getEncoded();
            MessageDigest messageDigest = MessageDigest.getInstance(MessageDigestAlgorithms.d);
            messageDigest.update(encoded);
            CertificateEntry createForPrecertificate = createForPrecertificate(tBSCertificate, messageDigest.digest());
            AppMethodBeat.o(12933);
            return createForPrecertificate;
        } catch (NoSuchAlgorithmException e) {
            RuntimeException runtimeException = new RuntimeException(e);
            AppMethodBeat.o(12933);
            throw runtimeException;
        }
    }

    public static CertificateEntry createForPrecertificate(byte[] bArr, byte[] bArr2) {
        AppMethodBeat.i(12931);
        CertificateEntry certificateEntry = new CertificateEntry(LogEntryType.PRECERT_ENTRY, bArr, bArr2);
        AppMethodBeat.o(12931);
        return certificateEntry;
    }

    public static CertificateEntry createForX509Certificate(X509Certificate x509Certificate) throws CertificateEncodingException {
        AppMethodBeat.i(12936);
        CertificateEntry createForX509Certificate = createForX509Certificate(x509Certificate.getEncoded());
        AppMethodBeat.o(12936);
        return createForX509Certificate;
    }

    public static CertificateEntry createForX509Certificate(byte[] bArr) {
        AppMethodBeat.i(12934);
        CertificateEntry certificateEntry = new CertificateEntry(LogEntryType.X509_ENTRY, bArr, null);
        AppMethodBeat.o(12934);
        return certificateEntry;
    }

    public void encode(OutputStream outputStream) throws SerializationException {
        AppMethodBeat.i(12938);
        Serialization.writeNumber(outputStream, this.entryType.ordinal(), 2);
        if (this.entryType == LogEntryType.PRECERT_ENTRY) {
            Serialization.writeFixedBytes(outputStream, this.issuerKeyHash);
        }
        Serialization.writeVariableBytes(outputStream, this.certificate, 3);
        AppMethodBeat.o(12938);
    }

    public byte[] getCertificate() {
        return this.certificate;
    }

    public LogEntryType getEntryType() {
        return this.entryType;
    }

    public byte[] getIssuerKeyHash() {
        return this.issuerKeyHash;
    }
}
