package o;

import java.io.ByteArrayInputStream;
import java.net.InetSocketAddress;
import java.security.GeneralSecurityException;
import java.security.KeyFactory;
import java.security.PublicKey;
import java.security.cert.CertPath;
import java.security.cert.Certificate;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.security.spec.X509EncodedKeySpec;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Iterator;
import java.util.List;
import javax.security.auth.x500.X500Principal;
import o.flf;

/* loaded from: classes11.dex */
public final class fld extends fmc {
    private static final fpe a = fph.e(fld.class.getCanonicalName());
    private byte[] b;
    CertPath c;
    private List<byte[]> e;
    private int k;

    private fld(CertPath certPath, InetSocketAddress inetSocketAddress) {
        super(inetSocketAddress);
        this.k = 3;
        this.c = certPath;
        i();
    }

    public fld(byte[] bArr, InetSocketAddress inetSocketAddress) {
        super(inetSocketAddress);
        this.k = 3;
        if (bArr == null) {
            throw new NullPointerException("Raw public key byte array must not be null");
        }
        this.b = Arrays.copyOf(bArr, bArr.length);
        this.k += this.b.length;
    }

    public fld(X509Certificate[] x509CertificateArr, InetSocketAddress inetSocketAddress) {
        super(inetSocketAddress);
        this.k = 3;
        if (x509CertificateArr == null) {
            throw new NullPointerException("Certificate chain must not be null");
        }
        d(x509CertificateArr);
        i();
    }

    private static fld b(fku fkuVar, InetSocketAddress inetSocketAddress) throws fmf {
        a.e("Parsing X.509 CERTIFICATE message");
        int d = fkuVar.d(24);
        ArrayList arrayList = new ArrayList();
        try {
            CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
            while (d > 0) {
                int d2 = fkuVar.d(24);
                d -= d2 + 3;
                arrayList.add(certificateFactory.generateCertificate(new ByteArrayInputStream(fkuVar.a(d2))));
            }
            return new fld(certificateFactory.generateCertPath(arrayList), inetSocketAddress);
        } catch (CertificateException e) {
            throw new fmf("Cannot parse X.509 certificate chain provided by peer", new flf(flf.a.FATAL, flf.b.BAD_CERTIFICATE, inetSocketAddress), e);
        }
    }

    public static fld b(byte[] bArr, boolean z, InetSocketAddress inetSocketAddress) throws fmf {
        fku fkuVar = new fku(bArr);
        if (!z) {
            return b(fkuVar, inetSocketAddress);
        }
        a.e("Parsing RawPublicKey CERTIFICATE message");
        return new fld(fkuVar.a(fkuVar.d(24)), inetSocketAddress);
    }

    private void d(X509Certificate[] x509CertificateArr) {
        ArrayList arrayList = new ArrayList();
        X500Principal x500Principal = null;
        try {
            CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
            for (X509Certificate x509Certificate : x509CertificateArr) {
                a.d("Current Subject DN: {}", x509Certificate.getSubjectX500Principal().getName());
                if (x500Principal != null && !x500Principal.equals(x509Certificate.getSubjectX500Principal())) {
                    a.d("Actual Issuer DN: {}", x509Certificate.getSubjectX500Principal().getName());
                    throw new IllegalArgumentException("Given certificates do not form a chain");
                }
                if (!x509Certificate.getIssuerX500Principal().equals(x509Certificate.getSubjectX500Principal())) {
                    arrayList.add(x509Certificate);
                    x500Principal = x509Certificate.getIssuerX500Principal();
                    a.d("Expected Issuer DN: {}", x500Principal.getName());
                }
            }
            this.c = certificateFactory.generateCertPath(arrayList);
        } catch (CertificateException e) {
            a.c("could not create X.509 certificate factory", (Throwable) e);
        }
    }

    private void i() {
        if (this.c == null || this.e != null) {
            return;
        }
        this.e = new ArrayList(this.c.getCertificates().size());
        try {
            Iterator<? extends Certificate> it = this.c.getCertificates().iterator();
            while (it.hasNext()) {
                byte[] encoded = it.next().getEncoded();
                this.e.add(encoded);
                this.k += encoded.length + 3;
            }
        } catch (CertificateEncodingException e) {
            this.e = null;
            a.c("Could not encode certificate chain", (Throwable) e);
        }
    }

    @Override // o.fmc
    public final fmb a() {
        return fmb.CERTIFICATE;
    }

    @Override // o.fmc
    public final int d() {
        return this.k;
    }

    @Override // o.fmc
    public final byte[] g() {
        fkt fktVar = new fkt();
        if (this.b == null) {
            fktVar.a(this.k - 3, 24);
            for (byte[] bArr : this.e) {
                fktVar.a(bArr.length, 24);
                fktVar.d(bArr);
            }
        } else {
            fktVar.a(this.b.length, 24);
            fktVar.d(this.b);
        }
        return fktVar.b();
    }

    public final PublicKey k() {
        if (this.b == null) {
            if (this.c == null || this.c.getCertificates().isEmpty()) {
                return null;
            }
            return this.c.getCertificates().get(0).getPublicKey();
        }
        try {
            return KeyFactory.getInstance("EC").generatePublic(new X509EncodedKeySpec(this.b));
        } catch (GeneralSecurityException e) {
            a.c("Could not reconstruct the peer's public key", (Throwable) e);
            return null;
        }
    }

    @Override // o.fmc
    public final String toString() {
        StringBuilder sb = new StringBuilder();
        sb.append(super.toString());
        if (this.b == null && this.c != null) {
            sb.append("\t\tCertificate chain length: ").append(d() - 3).append(System.lineSeparator());
            int i = 0;
            for (Certificate certificate : this.c.getCertificates()) {
                sb.append("\t\t\tCertificate Length: ").append(this.e.get(i).length).append(System.lineSeparator());
                sb.append("\t\t\tCertificate: ").append(certificate).append(System.lineSeparator());
                i++;
            }
        } else if (this.b != null && this.c == null) {
            sb.append("\t\tRaw Public Key: ");
            sb.append(k().toString());
            sb.append(System.lineSeparator());
        }
        return sb.toString();
    }
}
