package com.netflix.msl.entityauth.x509;

import com.netflix.android.org.json.JSONException;
import com.netflix.android.org.json.JSONObject;
import com.netflix.msl.MslCryptoException;
import com.netflix.msl.MslEncodingException;
import com.netflix.msl.MslError;
import com.netflix.msl.MslInternalException;
import com.netflix.msl.entityauth.EntityAuthenticationData;
import com.netflix.msl.entityauth.EntityAuthenticationScheme;
import com.netflix.msl.util.Base64;
import java.io.BufferedInputStream;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.nio.charset.StandardCharsets;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Collections;
import java.util.Iterator;
import java.util.List;

/* loaded from: classes.dex */
public class NetflixX509AuthenticationData extends EntityAuthenticationData {
    public static final String KEY_X509_CERT = "x509certificate";
    public static final String KEY_X509_CHAIN = "x509chain";
    public static final String KEY_X509_CHAIN_IDENTITY = "identity";
    private CertificateProvided certType;
    private final List<X509Certificate> certs;
    private String identity;

    /* loaded from: classes.dex */
    public enum CertificateProvided {
        SINGLE,
        CHAIN
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public NetflixX509AuthenticationData(JSONObject jSONObject) {
        super(EntityAuthenticationScheme.X509);
        String str;
        try {
            CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
            try {
                if (jSONObject.has(KEY_X509_CERT)) {
                    String str2 = "-----BEGIN CERTIFICATE-----\n" + jSONObject.getString(KEY_X509_CERT) + "-----END CERTIFICATE-----";
                    this.certType = CertificateProvided.SINGLE;
                    str = str2;
                } else {
                    if (!jSONObject.has(KEY_X509_CHAIN)) {
                        throw new MslEncodingException(MslError.JSON_PARSE_ERROR, "No x509certificate and no x509chain key found in X.509 authdata JSON object " + jSONObject.toString(), null);
                    }
                    String replaceAll = jSONObject.getString(KEY_X509_CHAIN).replaceAll("-----BEGIN CERTIFICATE-----(?!\n)", "-----BEGIN CERTIFICATE-----\n").replaceAll("-----END CERTIFICATE-----(?!\n)", "-----END CERTIFICATE-----\n");
                    this.identity = jSONObject.getString(KEY_X509_CHAIN_IDENTITY);
                    this.certType = CertificateProvided.CHAIN;
                    str = replaceAll;
                }
                try {
                    this.certs = new ArrayList();
                    BufferedInputStream bufferedInputStream = new BufferedInputStream(new ByteArrayInputStream(str.getBytes(StandardCharsets.UTF_8)));
                    while (bufferedInputStream.available() > 0) {
                        try {
                            this.certs.add((X509Certificate) certificateFactory.generateCertificate(bufferedInputStream));
                        } catch (IOException e) {
                            throw new MslCryptoException(MslError.X509CERT_PARSE_ERROR, str, e);
                        }
                    }
                    if (this.certs.isEmpty()) {
                        throw new MslCryptoException(MslError.X509CERT_PARSE_ERROR, str, null);
                    }
                    if (this.identity == null) {
                        this.identity = getX509Cert().getSubjectX500Principal().getName();
                    }
                } catch (CertificateException e2) {
                    throw new MslCryptoException(MslError.X509CERT_PARSE_ERROR, str, e2);
                }
            } catch (JSONException e3) {
                throw new MslEncodingException(MslError.JSON_PARSE_ERROR, "X.509 authdata " + jSONObject.toString(), e3);
            }
        } catch (CertificateException e4) {
            throw new MslInternalException("No certificate X.509 certificate factory.", e4);
        }
    }

    NetflixX509AuthenticationData(X509Certificate x509Certificate) {
        super(EntityAuthenticationScheme.X509);
        this.certs = Collections.singletonList(x509Certificate);
        this.identity = x509Certificate.getSubjectX500Principal().getName();
        this.certType = CertificateProvided.SINGLE;
    }

    public NetflixX509AuthenticationData(Collection<X509Certificate> collection, String str) {
        super(EntityAuthenticationScheme.X509);
        ArrayList arrayList = new ArrayList();
        arrayList.addAll(collection);
        this.certs = arrayList;
        this.identity = str;
        this.certType = CertificateProvided.CHAIN;
    }

    public static void pemEncodeCert(boolean z, StringBuilder sb, byte[] bArr) {
        sb.append("-----BEGIN CERTIFICATE-----");
        if (z) {
            sb.append("\n");
        }
        String encode = Base64.encode(bArr);
        if (z) {
            sb.append(encode.replaceAll("(.{64})", "$1\n"));
            sb.append("\n");
        } else {
            sb.append(encode);
        }
        sb.append("-----END CERTIFICATE-----");
        if (z) {
            sb.append("\n");
        }
    }

    static String pemEncodeCerts(List<X509Certificate> list, boolean z) {
        StringBuilder sb = new StringBuilder();
        Iterator<X509Certificate> it = list.iterator();
        while (it.hasNext()) {
            pemEncodeCert(z, sb, it.next().getEncoded());
        }
        return sb.toString();
    }

    @Override // com.netflix.msl.entityauth.EntityAuthenticationData
    public boolean equals(Object obj) {
        if (obj == this) {
            return true;
        }
        if (obj instanceof NetflixX509AuthenticationData) {
            return super.equals(obj) && this.identity.equals(((NetflixX509AuthenticationData) obj).identity);
        }
        return false;
    }

    @Override // com.netflix.msl.entityauth.EntityAuthenticationData
    public JSONObject getAuthData() {
        JSONObject jSONObject = new JSONObject();
        try {
            if (this.certType == CertificateProvided.SINGLE) {
                jSONObject.put(KEY_X509_CERT, Base64.encode(getX509Cert().getEncoded()));
            } else {
                if (this.certType != CertificateProvided.CHAIN) {
                    throw new MslEncodingException(MslError.INTERNAL_EXCEPTION);
                }
                jSONObject.put(KEY_X509_CHAIN, pemEncodeCerts(this.certs, false));
                jSONObject.put(KEY_X509_CHAIN_IDENTITY, this.identity);
            }
            return jSONObject;
        } catch (JSONException e) {
            throw new MslEncodingException(MslError.JSON_ENCODE_ERROR, "X.509 authdata", e);
        } catch (CertificateEncodingException e2) {
            throw new MslEncodingException(MslError.X509CERT_ENCODE_ERROR, "X.509 authdata", e2);
        }
    }

    public String getCertType() {
        return this.certType.name();
    }

    @Override // com.netflix.msl.entityauth.EntityAuthenticationData
    public String getIdentity() {
        return this.identity;
    }

    public int getSize() {
        return this.certs.size();
    }

    public X509Certificate getX509Cert() {
        return this.certs.iterator().next();
    }

    public List<X509Certificate> getX509Certs() {
        return this.certs;
    }

    @Override // com.netflix.msl.entityauth.EntityAuthenticationData
    public int hashCode() {
        return super.hashCode() ^ this.identity.hashCode();
    }
}
