package net.luminis.tls.handshake;

import com.google.common.base.Ascii;
import com.unity3d.ads.core.data.datasource.AndroidStaticDeviceInfoDataSource;
import java.io.ByteArrayInputStream;
import java.nio.BufferUnderflowException;
import java.nio.ByteBuffer;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
import java.util.Objects;
import kotlin.UShort;
import net.luminis.tls.TlsConstants;
import net.luminis.tls.alert.BadCertificateAlert;
import net.luminis.tls.alert.DecodeErrorException;

/* loaded from: classes21.dex */
public class CertificateMessage extends HandshakeMessage {
    private static final int MINIMUM_MESSAGE_SIZE = 13;
    private List<X509Certificate> certificateChain;
    private X509Certificate endEntityCertificate;
    private byte[] raw;
    private byte[] requestContext;

    public CertificateMessage() {
        this.certificateChain = new ArrayList();
    }

    public CertificateMessage(X509Certificate x509Certificate) {
        this.certificateChain = new ArrayList();
        this.requestContext = new byte[0];
        this.endEntityCertificate = x509Certificate;
        if (x509Certificate != null) {
            this.certificateChain = new ArrayList(1);
            this.certificateChain.add(x509Certificate);
        } else {
            this.certificateChain = new ArrayList();
        }
        serialize();
    }

    public CertificateMessage(List<X509Certificate> list) {
        this.certificateChain = new ArrayList();
        Objects.requireNonNull(list);
        if (list.size() < 1) {
            throw new IllegalArgumentException();
        }
        this.requestContext = new byte[0];
        this.endEntityCertificate = list.get(0);
        this.certificateChain = list;
        serialize();
    }

    public CertificateMessage(byte[] bArr, X509Certificate x509Certificate) {
        this.certificateChain = new ArrayList();
        Objects.requireNonNull(x509Certificate);
        this.requestContext = bArr;
        this.endEntityCertificate = x509Certificate;
        this.certificateChain = new ArrayList(1);
        this.certificateChain.add(x509Certificate);
        serialize();
    }

    private int parseCertificateEntries(ByteBuffer byteBuffer) throws BadCertificateAlert {
        int i2 = ((byteBuffer.get() & 255) << 16) | ((byteBuffer.get() & 255) << 8) | (byteBuffer.get() & 255);
        int i3 = 0;
        while (i2 > 0) {
            int i4 = ((byteBuffer.get() & 255) << 16) | ((byteBuffer.get() & 255) << 8) | (byteBuffer.get() & 255);
            byte[] bArr = new byte[i4];
            byteBuffer.get(bArr);
            if (i4 > 0) {
                try {
                    X509Certificate x509Certificate = (X509Certificate) CertificateFactory.getInstance(AndroidStaticDeviceInfoDataSource.CERTIFICATE_TYPE_X509).generateCertificate(new ByteArrayInputStream(bArr));
                    if (i3 == 0) {
                        this.endEntityCertificate = x509Certificate;
                    }
                    this.certificateChain.add(x509Certificate);
                } catch (CertificateException e2) {
                    throw new BadCertificateAlert("could not parse certificate");
                }
            }
            i3++;
            int i5 = byteBuffer.getShort() & UShort.MAX_VALUE;
            byteBuffer.get(new byte[i5]);
            i2 = (i2 - (i4 + 3)) - (i5 + 2);
        }
        return i3;
    }

    private void serialize() {
        int size = this.certificateChain.size();
        ArrayList<byte[]> arrayList = new ArrayList(this.certificateChain.size());
        Iterator<X509Certificate> it = this.certificateChain.iterator();
        while (it.hasNext()) {
            arrayList.add(encode(it.next()));
        }
        int i2 = 0;
        Iterator it2 = arrayList.iterator();
        while (it2.hasNext()) {
            i2 += ((byte[]) it2.next()).length;
        }
        int i3 = (size * 5) + 8 + i2;
        ByteBuffer allocate = ByteBuffer.allocate(i3);
        allocate.putInt((TlsConstants.HandshakeType.certificate.value << Ascii.CAN) | (i3 - 4));
        allocate.put((byte) 0);
        allocate.put((byte) 0);
        allocate.putShort((short) (((i3 - 4) - 1) - 3));
        for (byte[] bArr : arrayList) {
            if (bArr.length > 65520) {
                throw new RuntimeException("Certificate size not supported");
            }
            allocate.put((byte) 0);
            allocate.putShort((short) bArr.length);
            allocate.put(bArr);
            allocate.putShort((short) 0);
        }
        this.raw = allocate.array();
    }

    byte[] encode(X509Certificate x509Certificate) {
        try {
            return x509Certificate.getEncoded();
        } catch (CertificateEncodingException e2) {
            throw new RuntimeException(e2);
        }
    }

    @Override // net.luminis.tls.handshake.HandshakeMessage
    public byte[] getBytes() {
        return this.raw;
    }

    public List<X509Certificate> getCertificateChain() {
        return this.certificateChain;
    }

    public X509Certificate getEndEntityCertificate() {
        return this.endEntityCertificate;
    }

    public byte[] getRequestContext() {
        return this.requestContext;
    }

    @Override // net.luminis.tls.handshake.HandshakeMessage
    public TlsConstants.HandshakeType getType() {
        return TlsConstants.HandshakeType.certificate;
    }

    public CertificateMessage parse(ByteBuffer byteBuffer) throws DecodeErrorException, BadCertificateAlert {
        int position = byteBuffer.position();
        int parseHandshakeHeader = parseHandshakeHeader(byteBuffer, TlsConstants.HandshakeType.certificate, 13);
        try {
            int i2 = byteBuffer.get() & 255;
            if (i2 > 0) {
                this.requestContext = new byte[i2];
                byteBuffer.get(this.requestContext);
            } else {
                this.requestContext = new byte[0];
            }
            parseCertificateEntries(byteBuffer);
            this.raw = new byte[parseHandshakeHeader + 4];
            byteBuffer.get(this.raw);
            return this;
        } catch (BufferUnderflowException e2) {
            throw new DecodeErrorException("message underflow");
        }
    }
}
