package o;

import java.io.ByteArrayInputStream;
import java.net.InetSocketAddress;
import java.security.GeneralSecurityException;
import java.security.KeyFactory;
import java.security.PublicKey;
import java.security.cert.CertPath;
import java.security.cert.Certificate;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.security.spec.X509EncodedKeySpec;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Iterator;
import java.util.List;
import o.gok;

/* loaded from: classes15.dex */
public final class gom extends gpp {
    private static final gsr e = gso.c(gom.class.getCanonicalName());
    private int a;
    private CertPath b;
    private byte[] c;
    private List<byte[]> d;

    private gom(CertPath certPath, InetSocketAddress inetSocketAddress) {
        super(inetSocketAddress);
        this.a = 3;
        this.b = certPath;
        h();
    }

    public gom(List<X509Certificate> list, InetSocketAddress inetSocketAddress) {
        super(inetSocketAddress);
        this.a = 3;
        if (list == null) {
            throw new NullPointerException("Certificate chain must not be null");
        }
        c(list);
        h();
    }

    public gom(byte[] bArr, InetSocketAddress inetSocketAddress) {
        super(inetSocketAddress);
        this.a = 3;
        if (bArr == null) {
            throw new NullPointerException("Raw public key byte array must not be null");
        }
        this.c = Arrays.copyOf(bArr, bArr.length);
        this.a += this.c.length;
    }

    public static gom b(byte[] bArr, gor gorVar, InetSocketAddress inetSocketAddress) throws gpo {
        gnt gntVar = new gnt(bArr);
        if (gor.RAW_PUBLIC_KEY == gorVar) {
            e.a("Parsing RawPublicKey CERTIFICATE message");
            return new gom(gntVar.c(gntVar.a(24)), inetSocketAddress);
        }
        if (gor.X_509 == gorVar) {
            return d(gntVar, inetSocketAddress);
        }
        throw new IllegalArgumentException("Certificate type " + gorVar + " not supported!");
    }

    private void c(List<X509Certificate> list) {
        this.b = gns.e(false, list);
    }

    private static gom d(gnt gntVar, InetSocketAddress inetSocketAddress) throws gpo {
        e.a("Parsing X.509 CERTIFICATE message");
        int a = gntVar.a(24);
        ArrayList arrayList = new ArrayList();
        try {
            CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
            while (a > 0) {
                int a2 = gntVar.a(24);
                a -= a2 + 3;
                arrayList.add(certificateFactory.generateCertificate(new ByteArrayInputStream(gntVar.c(a2))));
            }
            return new gom(certificateFactory.generateCertPath(arrayList), inetSocketAddress);
        } catch (CertificateException e2) {
            throw new gpo("Cannot parse X.509 certificate chain provided by peer", new gok(gok.d.FATAL, gok.c.BAD_CERTIFICATE, inetSocketAddress), e2);
        }
    }

    private void h() {
        CertPath certPath = this.b;
        if (certPath == null || this.d != null) {
            return;
        }
        this.d = new ArrayList(certPath.getCertificates().size());
        try {
            Iterator<? extends Certificate> it = this.b.getCertificates().iterator();
            while (it.hasNext()) {
                byte[] encoded = it.next().getEncoded();
                this.d.add(encoded);
                this.a += encoded.length + 3;
            }
        } catch (CertificateEncodingException e2) {
            this.d = null;
            e.d("Could not encode certificate chain", (Throwable) e2);
        }
    }

    @Override // o.gpp
    public gpr d() {
        return gpr.CERTIFICATE;
    }

    @Override // o.gpp
    public int e() {
        return this.a;
    }

    public CertPath g() {
        return this.b;
    }

    @Override // o.gpp
    public byte[] i() {
        gnu gnuVar = new gnu();
        byte[] bArr = this.c;
        if (bArr == null) {
            gnuVar.b(e() - 3, 24);
            for (byte[] bArr2 : this.d) {
                gnuVar.b(bArr2.length, 24);
                gnuVar.d(bArr2);
            }
        } else {
            gnuVar.b(bArr.length, 24);
            gnuVar.d(this.c);
        }
        return gnuVar.b();
    }

    public PublicKey l_() {
        byte[] bArr = this.c;
        if (bArr == null) {
            CertPath certPath = this.b;
            if (certPath != null && !certPath.getCertificates().isEmpty()) {
                return this.b.getCertificates().get(0).getPublicKey();
            }
        } else {
            try {
                return KeyFactory.getInstance(gnq.b(this.c)).generatePublic(new X509EncodedKeySpec(bArr));
            } catch (GeneralSecurityException e2) {
                e.d("Could not reconstruct the peer's public key", (Throwable) e2);
            }
        }
        return null;
    }

    @Override // o.gpp
    public String toString() {
        StringBuilder sb = new StringBuilder();
        sb.append(super.toString());
        if (this.c == null && this.b != null) {
            sb.append("\t\tCertificate chain length: ");
            sb.append(e() - 3);
            sb.append(goa.c());
            int i = 0;
            for (Certificate certificate : this.b.getCertificates()) {
                sb.append("\t\t\tCertificate Length: ");
                sb.append(this.d.get(i).length);
                sb.append(goa.c());
                sb.append("\t\t\tCertificate: ");
                sb.append(certificate);
                sb.append(goa.c());
                i++;
            }
        } else if (this.c != null && this.b == null) {
            sb.append("\t\tRaw Public Key: ");
            sb.append(l_().toString());
            sb.append(goa.c());
        }
        return sb.toString();
    }
}
