package org.eclipse.californium.scandium.dtls;

import java.net.InetSocketAddress;
import java.security.GeneralSecurityException;
import java.security.KeyFactory;
import java.security.PublicKey;
import java.security.cert.CertPath;
import java.security.cert.Certificate;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.security.spec.X509EncodedKeySpec;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Iterator;
import java.util.List;
import java.util.Objects;
import org.eclipse.californium.elements.auth.X509CertPath;
import org.eclipse.californium.elements.util.Asn1DerDecoder;
import org.eclipse.californium.elements.util.DatagramReader;
import org.eclipse.californium.elements.util.DatagramWriter;
import org.eclipse.californium.elements.util.StringUtil;
import org.eclipse.californium.scandium.dtls.AlertMessage;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: classes3.dex */
public final class CertificateMessage extends HandshakeMessage {
    private static final int CERTIFICATE_LENGTH_BITS = 24;
    private static final int CERTIFICATE_LIST_LENGTH = 24;
    private static final String CERTIFICATE_TYPE_X509 = "X.509";
    private static final Logger LOGGER = LoggerFactory.getLogger(CertificateMessage.class.getCanonicalName());
    private CertPath certPath;
    private List<byte[]> encodedChain;
    private int length;
    private byte[] rawPublicKeyBytes;

    private CertificateMessage(CertPath certPath, InetSocketAddress inetSocketAddress) {
        super(inetSocketAddress);
        this.length = 3;
        this.certPath = certPath;
        calculateLength();
    }

    public CertificateMessage(List<X509Certificate> list, InetSocketAddress inetSocketAddress) {
        super(inetSocketAddress);
        this.length = 3;
        Objects.requireNonNull(list, "Certificate chain must not be null");
        setCertificateChain(list);
        calculateLength();
    }

    public CertificateMessage(byte[] bArr, InetSocketAddress inetSocketAddress) {
        super(inetSocketAddress);
        this.length = 3;
        Objects.requireNonNull(bArr, "Raw public key byte array must not be null");
        byte[] copyOf = Arrays.copyOf(bArr, bArr.length);
        this.rawPublicKeyBytes = copyOf;
        this.length += copyOf.length;
    }

    private void calculateLength() {
        if (this.certPath == null || this.encodedChain != null) {
            return;
        }
        this.encodedChain = new ArrayList(this.certPath.getCertificates().size());
        try {
            Iterator<? extends Certificate> it = this.certPath.getCertificates().iterator();
            while (it.hasNext()) {
                byte[] encoded = it.next().getEncoded();
                this.encodedChain.add(encoded);
                this.length += encoded.length + 3;
            }
        } catch (CertificateEncodingException e10) {
            this.encodedChain = null;
            LOGGER.error("Could not encode certificate chain", (Throwable) e10);
        }
    }

    public static CertificateMessage fromReader(DatagramReader datagramReader, CertificateType certificateType, InetSocketAddress inetSocketAddress) throws HandshakeException {
        if (CertificateType.RAW_PUBLIC_KEY == certificateType) {
            LOGGER.debug("Parsing RawPublicKey CERTIFICATE message");
            return new CertificateMessage(datagramReader.readBytes(datagramReader.read(24)), inetSocketAddress);
        }
        if (CertificateType.X_509 == certificateType) {
            return readX509CertificateMessage(datagramReader, inetSocketAddress);
        }
        throw new IllegalArgumentException("Certificate type " + certificateType + " not supported!");
    }

    private static CertificateMessage readX509CertificateMessage(DatagramReader datagramReader, InetSocketAddress inetSocketAddress) throws HandshakeException {
        LOGGER.debug("Parsing X.509 CERTIFICATE message");
        ArrayList arrayList = new ArrayList();
        DatagramReader createRangeReader = datagramReader.createRangeReader(datagramReader.read(24));
        try {
            CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
            while (createRangeReader.bytesAvailable()) {
                arrayList.add(certificateFactory.generateCertificate(createRangeReader.createRangeInputStream(createRangeReader.read(24))));
            }
            return new CertificateMessage(certificateFactory.generateCertPath(arrayList), inetSocketAddress);
        } catch (CertificateException e10) {
            throw new HandshakeException("Cannot parse X.509 certificate chain provided by peer", new AlertMessage(AlertMessage.AlertLevel.FATAL, AlertMessage.AlertDescription.BAD_CERTIFICATE, inetSocketAddress), e10);
        }
    }

    private void setCertificateChain(List<X509Certificate> list) {
        this.certPath = X509CertPath.generateCertPath(false, list);
    }

    @Override // org.eclipse.californium.scandium.dtls.HandshakeMessage
    public byte[] fragmentToByteArray() {
        DatagramWriter datagramWriter = new DatagramWriter();
        byte[] bArr = this.rawPublicKeyBytes;
        if (bArr == null) {
            datagramWriter.write(getMessageLength() - 3, 24);
            for (byte[] bArr2 : this.encodedChain) {
                datagramWriter.write(bArr2.length, 24);
                datagramWriter.writeBytes(bArr2);
            }
        } else {
            datagramWriter.write(bArr.length, 24);
            datagramWriter.writeBytes(this.rawPublicKeyBytes);
        }
        return datagramWriter.toByteArray();
    }

    public CertPath getCertificateChain() {
        return this.certPath;
    }

    @Override // org.eclipse.californium.scandium.dtls.HandshakeMessage
    public int getMessageLength() {
        return this.length;
    }

    @Override // org.eclipse.californium.scandium.dtls.HandshakeMessage
    public HandshakeType getMessageType() {
        return HandshakeType.CERTIFICATE;
    }

    public PublicKey getPublicKey() {
        if (this.rawPublicKeyBytes == null) {
            CertPath certPath = this.certPath;
            if (certPath != null && !certPath.getCertificates().isEmpty()) {
                return this.certPath.getCertificates().get(0).getPublicKey();
            }
        } else {
            try {
                return KeyFactory.getInstance(Asn1DerDecoder.readSubjectPublicKeyAlgorithm(this.rawPublicKeyBytes)).generatePublic(new X509EncodedKeySpec(this.rawPublicKeyBytes));
            } catch (GeneralSecurityException e10) {
                LOGGER.error("Could not reconstruct the peer's public key", (Throwable) e10);
            }
        }
        return null;
    }

    @Override // org.eclipse.californium.scandium.dtls.HandshakeMessage
    public String toString() {
        StringBuilder sb2 = new StringBuilder();
        sb2.append(super.toString());
        byte[] bArr = this.rawPublicKeyBytes;
        if (bArr == null && this.certPath != null) {
            sb2.append("\t\tCertificate chain length: ");
            sb2.append(getMessageLength() - 3);
            sb2.append(StringUtil.lineSeparator());
            int i10 = 0;
            for (Certificate certificate : this.certPath.getCertificates()) {
                sb2.append("\t\t\tCertificate Length: ");
                sb2.append(this.encodedChain.get(i10).length);
                sb2.append(StringUtil.lineSeparator());
                sb2.append("\t\t\tCertificate: ");
                sb2.append(certificate);
                sb2.append(StringUtil.lineSeparator());
                i10++;
            }
        } else if (bArr != null && this.certPath == null) {
            sb2.append("\t\tRaw Public Key: ");
            sb2.append(getPublicKey().toString());
            sb2.append(StringUtil.lineSeparator());
        }
        return sb2.toString();
    }
}
