package org.eclipse.californium.elements.auth;

import java.io.ByteArrayInputStream;
import java.security.cert.CertPath;
import java.security.cert.Certificate;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.List;
import javax.security.auth.x500.X500Principal;
import org.eclipse.californium.elements.util.Bytes;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/eclipse/californium/elements/auth/X509CertPath.class */
public class X509CertPath extends AbstractExtensiblePrincipal<X509CertPath> {
    private static final Logger LOGGER = LoggerFactory.getLogger(X509CertPath.class.getCanonicalName());
    private static final String TYPE_X509 = "X.509";
    private static final String ENCODING = "PkiPath";
    private final CertPath path;
    private final X509Certificate target;

    public X509CertPath(CertPath certPath) {
        this(certPath, null);
    }

    private X509CertPath(CertPath certPath, AdditionalInfo additionalInfo) {
        super(additionalInfo);
        if (!TYPE_X509.equals(certPath.getType())) {
            throw new IllegalArgumentException("Cert path must contain X.509 certificates only");
        }
        if (certPath.getCertificates().isEmpty()) {
            throw new IllegalArgumentException("Cert path must not be empty");
        }
        this.path = certPath;
        this.target = (X509Certificate) certPath.getCertificates().get(0);
    }

    @Override // org.eclipse.californium.elements.auth.ExtensiblePrincipal
    public X509CertPath amend(AdditionalInfo additionalInfo) {
        return new X509CertPath(this.path, additionalInfo);
    }

    public static X509CertPath fromBytes(byte[] bArr) {
        try {
            return new X509CertPath(CertificateFactory.getInstance(TYPE_X509).generateCertPath(new ByteArrayInputStream(bArr), ENCODING));
        } catch (CertificateException e) {
            throw new IllegalArgumentException("byte array does not contain X.509 certificate path");
        }
    }

    public static X509CertPath fromCertificatesChain(Certificate... certificateArr) {
        if (certificateArr != null && certificateArr.length == 0) {
            throw new IllegalArgumentException("Certificate chain must not be empty!");
        }
        ArrayList arrayList = new ArrayList();
        for (Certificate certificate : certificateArr) {
            if (!(certificate instanceof X509Certificate)) {
                throw new IllegalArgumentException("Given certificate is not X.509! " + certificate);
            }
            arrayList.add((X509Certificate) certificate);
        }
        return new X509CertPath(generateCertPath(true, arrayList));
    }

    public static X509CertPath fromCertificatesChain(List<X509Certificate> list) {
        if (list == null || !list.isEmpty()) {
            return new X509CertPath(generateCertPath(true, list));
        }
        throw new IllegalArgumentException("Certificate chain must not be empty!");
    }

    public static CertPath generateCertPath(boolean z, List<X509Certificate> list) {
        if (list == null) {
            throw new NullPointerException("Certificate chain must not be null!");
        }
        ArrayList arrayList = new ArrayList();
        X500Principal x500Principal = null;
        try {
            int i = 0;
            CertificateFactory certificateFactory = CertificateFactory.getInstance(TYPE_X509);
            for (X509Certificate x509Certificate : list) {
                if (!(x509Certificate instanceof X509Certificate)) {
                    throw new IllegalArgumentException("Given certificate is not X.509! " + x509Certificate);
                }
                X509Certificate x509Certificate2 = x509Certificate;
                LOGGER.debug("Current Subject DN: {}", x509Certificate2.getSubjectX500Principal().getName());
                if (x500Principal != null && !x500Principal.equals(x509Certificate2.getSubjectX500Principal())) {
                    LOGGER.debug("Actual Issuer DN: {}", x509Certificate2.getSubjectX500Principal().getName());
                    throw new IllegalArgumentException("Given certificates do not form a chain");
                }
                i++;
                if (!x509Certificate2.getIssuerX500Principal().equals(x509Certificate2.getSubjectX500Principal())) {
                    arrayList.add(x509Certificate2);
                    x500Principal = x509Certificate2.getIssuerX500Principal();
                    LOGGER.debug("Expected Issuer DN: {}", x500Principal.getName());
                } else {
                    if (i != list.size()) {
                        throw new IllegalArgumentException("Given certificates do not form a chain, root is not the last!");
                    }
                    if (z || list.size() == 1) {
                        arrayList.add(x509Certificate2);
                    }
                }
            }
            return certificateFactory.generateCertPath(arrayList);
        } catch (CertificateException e) {
            throw new IllegalArgumentException("could not create X.509 certificate factory", e);
        }
    }

    public byte[] toByteArray() {
        try {
            return this.path.getEncoded(ENCODING);
        } catch (CertificateEncodingException e) {
            return Bytes.EMPTY;
        }
    }

    @Override // java.security.Principal
    public String getName() {
        return this.target.getSubjectX500Principal().getName();
    }

    public CertPath getPath() {
        return this.path;
    }

    public X509Certificate getTarget() {
        return this.target;
    }

    @Override // java.security.Principal
    public boolean equals(Object obj) {
        if (this == obj) {
            return true;
        }
        if (obj != null && getClass() == obj.getClass()) {
            return this.target.equals(((X509CertPath) obj).target);
        }
        return false;
    }

    @Override // java.security.Principal
    public int hashCode() {
        return this.target.hashCode();
    }
}
