package com.unboundid.ldap.sdk.unboundidds.extensions;

import com.unboundid.asn1.ASN1Element;
import com.unboundid.asn1.ASN1OctetString;
import com.unboundid.asn1.ASN1Sequence;
import com.unboundid.asn1.ASN1StreamReader;
import com.unboundid.ldap.sdk.LDAPException;
import com.unboundid.ldap.sdk.ResultCode;
import com.unboundid.util.Debug;
import com.unboundid.util.NotMutable;
import com.unboundid.util.NotNull;
import com.unboundid.util.Nullable;
import com.unboundid.util.StaticUtils;
import com.unboundid.util.ThreadSafety;
import com.unboundid.util.ThreadSafetyLevel;
import com.unboundid.util.Validator;
import com.unboundid.util.ssl.cert.CertException;
import com.unboundid.util.ssl.cert.PKCS8PEMFileReader;
import com.unboundid.util.ssl.cert.PKCS8PrivateKey;
import com.unboundid.util.ssl.cert.X509Certificate;
import com.unboundid.util.ssl.cert.X509PEMFileReader;
import java.io.BufferedInputStream;
import java.io.File;
import java.io.FileInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collections;
import java.util.Iterator;
import java.util.List;

@ThreadSafety(level = ThreadSafetyLevel.COMPLETELY_THREADSAFE)
@NotMutable
/* loaded from: classes3.dex */
public final class CertificateDataReplaceCertificateKeyStoreContent extends ReplaceCertificateKeyStoreContent {
    private static final byte TYPE_CERTIFICATE_CHAIN = -82;
    static final byte TYPE_KEY_STORE_CONTENT = -94;
    private static final byte TYPE_PRIVATE_KEY = -81;
    private static final long serialVersionUID = 1771837307666073616L;

    @NotNull
    private final List<byte[]> certificateChainData;

    @Nullable
    private final byte[] privateKeyData;

    public CertificateDataReplaceCertificateKeyStoreContent(@NotNull List<File> list, @Nullable File file) throws LDAPException {
        this(readCertificateChain(list), file == null ? null : readPrivateKey(file));
    }

    public CertificateDataReplaceCertificateKeyStoreContent(@NotNull List<byte[]> list, @Nullable byte[] bArr) {
        Validator.ensureNotNullOrEmpty(list, "CertificateDataReplaceCertificateKeyStoreContent.certificateChainData must not be null or empty.");
        this.certificateChainData = Collections.unmodifiableList(new ArrayList(list));
        this.privateKeyData = bArr;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    @NotNull
    public static CertificateDataReplaceCertificateKeyStoreContent decodeInternal(@NotNull ASN1Element aSN1Element) throws LDAPException {
        try {
            ASN1Element[] elements = aSN1Element.decodeAsSequence().elements();
            ASN1Element[] elements2 = elements[0].decodeAsSequence().elements();
            ArrayList arrayList = new ArrayList();
            for (ASN1Element aSN1Element2 : elements2) {
                arrayList.add(aSN1Element2.decodeAsOctetString().getValue());
            }
            byte[] bArr = null;
            for (int i = 1; i < elements.length; i++) {
                if (elements[i].getType() == -81) {
                    bArr = elements[i].decodeAsOctetString().getValue();
                }
            }
            return new CertificateDataReplaceCertificateKeyStoreContent(arrayList, bArr);
        } catch (Exception e) {
            Debug.debugException(e);
            throw new LDAPException(ResultCode.DECODING_ERROR, ExtOpMessages.ERR_CD_KSC_DECODE_ERROR.get(StaticUtils.getExceptionMessage(e)), e);
        }
    }

    @NotNull
    public static List<byte[]> readCertificateChain(@NotNull List<File> list) throws LDAPException {
        Validator.ensureNotNullOrEmpty(list, "CertificateDataReplaceCertificateKeyStoreContent.readCertificateChain.files must not be null or empty.");
        ArrayList arrayList = new ArrayList();
        Iterator<File> it = list.iterator();
        while (it.hasNext()) {
            readCertificates(it.next(), arrayList);
        }
        return Collections.unmodifiableList(arrayList);
    }

    @NotNull
    public static List<byte[]> readCertificateChain(@NotNull File... fileArr) throws LDAPException {
        return readCertificateChain((List<File>) Arrays.asList(fileArr));
    }

    private static void readCertificates(@NotNull File file, @NotNull List<byte[]> list) throws LDAPException {
        try {
            FileInputStream fileInputStream = new FileInputStream(file);
            try {
                BufferedInputStream bufferedInputStream = new BufferedInputStream(fileInputStream);
                try {
                    bufferedInputStream.mark(1);
                    int read = bufferedInputStream.read();
                    bufferedInputStream.reset();
                    if (read < 0) {
                        throw new LDAPException(ResultCode.PARAM_ERROR, ExtOpMessages.ERR_CD_KSC_DECODE_ERR_EMPTY_CERT_FILE.get(file.getAbsolutePath()));
                    }
                    if (read == 48) {
                        readDERCertificates(file, bufferedInputStream, list);
                        bufferedInputStream.close();
                        fileInputStream.close();
                    } else {
                        readPEMCertificates(file, bufferedInputStream, list);
                        bufferedInputStream.close();
                        fileInputStream.close();
                    }
                } finally {
                }
            } finally {
            }
        } catch (IOException e) {
            Debug.debugException(e);
            throw new LDAPException(ResultCode.LOCAL_ERROR, ExtOpMessages.ERR_CD_KSC_DECODE_ERROR_READING_CERT_FILE.get(file.getAbsolutePath(), StaticUtils.getExceptionMessage(e)), e);
        }
    }

    private static void readDERCertificates(@NotNull File file, @NotNull InputStream inputStream, @NotNull List<byte[]> list) throws LDAPException {
        try {
            ASN1StreamReader aSN1StreamReader = new ASN1StreamReader(inputStream);
            while (true) {
                try {
                    ASN1Element readElement = aSN1StreamReader.readElement();
                    if (readElement == null) {
                        aSN1StreamReader.close();
                        return;
                    }
                    list.add(readElement.encode());
                } finally {
                }
            }
        } catch (IOException e) {
            Debug.debugException(e);
            throw new LDAPException(ResultCode.DECODING_ERROR, ExtOpMessages.ERR_CD_KSC_DECODE_DER_CERT_ERROR.get(file.getAbsolutePath(), StaticUtils.getExceptionMessage(e)), e);
        }
    }

    @NotNull
    private static byte[] readDERPrivateKey(@NotNull File file, @NotNull InputStream inputStream) throws LDAPException {
        try {
            ASN1StreamReader aSN1StreamReader = new ASN1StreamReader(inputStream);
            try {
                ASN1Element readElement = aSN1StreamReader.readElement();
                if (aSN1StreamReader.readElement() != null) {
                    throw new LDAPException(ResultCode.DECODING_ERROR, ExtOpMessages.ERR_CD_KSC_DECODE_MULTIPLE_DER_KEYS_IN_FILE.get(file.getAbsolutePath()));
                }
                byte[] encode = readElement.encode();
                aSN1StreamReader.close();
                return encode;
            } finally {
            }
        } catch (IOException e) {
            Debug.debugException(e);
            throw new LDAPException(ResultCode.DECODING_ERROR, ExtOpMessages.ERR_CD_KSC_DECODE_DER_PK_ERROR.get(file.getAbsolutePath(), StaticUtils.getExceptionMessage(e)), e);
        }
    }

    private static void readPEMCertificates(@NotNull File file, @NotNull InputStream inputStream, @NotNull List<byte[]> list) throws IOException, LDAPException {
        try {
            X509PEMFileReader x509PEMFileReader = new X509PEMFileReader(inputStream);
            while (true) {
                try {
                    X509Certificate readCertificate = x509PEMFileReader.readCertificate();
                    if (readCertificate == null) {
                        x509PEMFileReader.close();
                        return;
                    }
                    list.add(readCertificate.getX509CertificateBytes());
                } finally {
                }
            }
        } catch (CertException e) {
            Debug.debugException(e);
            throw new LDAPException(ResultCode.DECODING_ERROR, ExtOpMessages.ERR_CD_KSC_DECODE_PEM_CERT_ERROR.get(file.getAbsolutePath(), e.getMessage()), e);
        }
    }

    @NotNull
    private static byte[] readPEMPrivateKey(@NotNull File file, @NotNull InputStream inputStream) throws IOException, LDAPException {
        try {
            PKCS8PEMFileReader pKCS8PEMFileReader = new PKCS8PEMFileReader(inputStream);
            try {
                PKCS8PrivateKey readPrivateKey = pKCS8PEMFileReader.readPrivateKey();
                if (pKCS8PEMFileReader.readPrivateKey() != null) {
                    throw new LDAPException(ResultCode.DECODING_ERROR, ExtOpMessages.ERR_CD_KSC_DECODE_MULTIPLE_PEM_KEYS_IN_FILE.get(file.getAbsolutePath()));
                }
                byte[] pKCS8PrivateKeyBytes = readPrivateKey.getPKCS8PrivateKeyBytes();
                pKCS8PEMFileReader.close();
                return pKCS8PrivateKeyBytes;
            } finally {
            }
        } catch (CertException e) {
            Debug.debugException(e);
            throw new LDAPException(ResultCode.DECODING_ERROR, ExtOpMessages.ERR_CD_KSC_DECODE_PEM_PK_ERROR.get(file.getAbsolutePath(), e.getMessage()), e);
        }
    }

    @NotNull
    public static byte[] readPrivateKey(@NotNull File file) throws LDAPException {
        Validator.ensureNotNull(file, "CertificateDataReplaceCertificateKeyStoreContent.readPrivateKey.file must not be null.");
        try {
            FileInputStream fileInputStream = new FileInputStream(file);
            try {
                BufferedInputStream bufferedInputStream = new BufferedInputStream(fileInputStream);
                try {
                    bufferedInputStream.mark(1);
                    int read = bufferedInputStream.read();
                    bufferedInputStream.reset();
                    if (read < 0) {
                        throw new LDAPException(ResultCode.PARAM_ERROR, ExtOpMessages.ERR_CD_KSC_DECODE_ERROR_EMPTY_PK_FILE.get(file.getAbsolutePath()));
                    }
                    if (read == 48) {
                        byte[] readDERPrivateKey = readDERPrivateKey(file, bufferedInputStream);
                        bufferedInputStream.close();
                        fileInputStream.close();
                        return readDERPrivateKey;
                    }
                    byte[] readPEMPrivateKey = readPEMPrivateKey(file, bufferedInputStream);
                    bufferedInputStream.close();
                    fileInputStream.close();
                    return readPEMPrivateKey;
                } finally {
                }
            } finally {
            }
        } catch (IOException e) {
            Debug.debugException(e);
            throw new LDAPException(ResultCode.DECODING_ERROR, ExtOpMessages.ERR_CD_KSC_DECODE_ERROR_READING_PK_FILE.get(file.getAbsolutePath(), StaticUtils.getExceptionMessage(e)), e);
        }
    }

    @Override // com.unboundid.ldap.sdk.unboundidds.extensions.ReplaceCertificateKeyStoreContent
    @NotNull
    public ASN1Element encode() {
        ArrayList arrayList = new ArrayList(2);
        ArrayList arrayList2 = new ArrayList(this.certificateChainData.size());
        Iterator<byte[]> it = this.certificateChainData.iterator();
        while (it.hasNext()) {
            arrayList2.add(new ASN1OctetString(it.next()));
        }
        arrayList.add(new ASN1Sequence(TYPE_CERTIFICATE_CHAIN, arrayList2));
        if (this.privateKeyData != null) {
            arrayList.add(new ASN1OctetString(TYPE_PRIVATE_KEY, this.privateKeyData));
        }
        return new ASN1Sequence((byte) -94, arrayList);
    }

    @NotNull
    public List<byte[]> getCertificateChainData() {
        return this.certificateChainData;
    }

    @Nullable
    public byte[] getPrivateKeyData() {
        return this.privateKeyData;
    }

    @Override // com.unboundid.ldap.sdk.unboundidds.extensions.ReplaceCertificateKeyStoreContent
    public void toString(@NotNull StringBuilder sb) {
        sb.append("CertificateDataReplaceCertificateKeyStoreContent(certificateChainLength=");
        sb.append(this.certificateChainData.size());
        sb.append(", privateProvided=");
        sb.append(this.privateKeyData != null);
        sb.append(')');
    }
}
