package org.eclipse.californium.scandium.dtls.x509;

import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collections;
import java.util.List;
import javax.security.auth.x500.X500Principal;
import org.eclipse.californium.elements.util.SslContextUtil;
import org.eclipse.californium.scandium.dtls.CertificateIdentityResult;
import org.eclipse.californium.scandium.dtls.CertificateType;
import org.eclipse.californium.scandium.dtls.ConnectionId;
import org.eclipse.californium.scandium.dtls.HandshakeResultHandler;
import org.eclipse.californium.scandium.dtls.SignatureAndHashAlgorithm;
import org.eclipse.californium.scandium.dtls.cipher.CipherSuite;
import org.eclipse.californium.scandium.dtls.cipher.XECDHECryptography;
import org.eclipse.californium.scandium.util.ServerNames;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/eclipse/californium/scandium/dtls/x509/SingleCertificateProvider.class */
public class SingleCertificateProvider implements CertificateProvider, ConfigurationHelperSetup {
    private static final Logger LOGGER = LoggerFactory.getLogger(SingleCertificateProvider.class);
    private final PrivateKey privateKey;
    private final PublicKey publicKey;
    private final List<X509Certificate> certificateChain;
    private final List<CertificateType> supportedCertificateTypes;
    private final List<CipherSuite.CertificateKeyAlgorithm> supportedCertificateKeyAlgorithms;
    private boolean verifyKeyPair;

    public SingleCertificateProvider(PrivateKey privateKey, Certificate[] certificateArr, CertificateType... certificateTypeArr) {
        this(privateKey, certificateArr, asList(certificateTypeArr));
    }

    public SingleCertificateProvider(PrivateKey privateKey, Certificate[] certificateArr, List<CertificateType> list) {
        this.verifyKeyPair = true;
        if (privateKey == null) {
            throw new NullPointerException("Private key must not be null!");
        }
        if (certificateArr == null) {
            throw new NullPointerException("Certificate chain must not be null!");
        }
        if (certificateArr.length == 0) {
            throw new IllegalArgumentException("Certificate chain must not be empty!");
        }
        if (list != null) {
            if (list.isEmpty()) {
                throw new IllegalArgumentException("Certificate types must not be empty!");
            }
            for (CertificateType certificateType : list) {
                if (!certificateType.isSupported()) {
                    throw new IllegalArgumentException("Certificate type " + certificateType + " is not supported!");
                }
            }
        }
        this.privateKey = privateKey;
        this.publicKey = certificateArr[0].getPublicKey();
        if (list == null) {
            list = new ArrayList(1);
            list.add(CertificateType.X_509);
        }
        if (list.contains(CertificateType.X_509)) {
            this.certificateChain = Arrays.asList(SslContextUtil.asX509Certificates(certificateArr));
        } else {
            this.certificateChain = null;
        }
        this.supportedCertificateTypes = Collections.unmodifiableList(list);
        this.supportedCertificateKeyAlgorithms = Collections.unmodifiableList(Arrays.asList(CipherSuite.CertificateKeyAlgorithm.getAlgorithm(this.publicKey)));
    }

    public SingleCertificateProvider(PrivateKey privateKey, PublicKey publicKey) {
        this.verifyKeyPair = true;
        if (privateKey == null) {
            throw new NullPointerException("Private key must not be null!");
        }
        if (publicKey == null) {
            throw new NullPointerException("Public key must not be null!");
        }
        this.privateKey = privateKey;
        this.publicKey = publicKey;
        this.certificateChain = null;
        this.supportedCertificateTypes = Collections.unmodifiableList(Arrays.asList(CertificateType.RAW_PUBLIC_KEY));
        this.supportedCertificateKeyAlgorithms = Collections.unmodifiableList(Arrays.asList(CipherSuite.CertificateKeyAlgorithm.getAlgorithm(publicKey)));
    }

    public SingleCertificateProvider setVerifyKeyPair(boolean z) {
        this.verifyKeyPair = z;
        return this;
    }

    @Override // org.eclipse.californium.scandium.dtls.x509.ConfigurationHelperSetup
    public void setupConfigurationHelper(CertificateConfigurationHelper certificateConfigurationHelper) {
        if (certificateConfigurationHelper == null) {
            throw new NullPointerException("Certificate configuration helper must not be null!");
        }
        try {
            certificateConfigurationHelper.verifyKeyPair(this.privateKey, this.publicKey);
        } catch (IllegalArgumentException e) {
            if (this.verifyKeyPair) {
                throw new IllegalStateException(e.getMessage());
            }
            LOGGER.warn("Mismatching key-pair, causing failure when used!", e);
        }
        if (this.certificateChain != null) {
            certificateConfigurationHelper.addConfigurationDefaultsFor(this.certificateChain);
        } else {
            certificateConfigurationHelper.addConfigurationDefaultsFor(this.publicKey);
        }
    }

    @Override // org.eclipse.californium.scandium.dtls.x509.CertificateProvider
    public List<CipherSuite.CertificateKeyAlgorithm> getSupportedCertificateKeyAlgorithms() {
        return this.supportedCertificateKeyAlgorithms;
    }

    @Override // org.eclipse.californium.scandium.dtls.x509.CertificateProvider
    public List<CertificateType> getSupportedCertificateTypes() {
        return this.supportedCertificateTypes;
    }

    @Override // org.eclipse.californium.scandium.dtls.x509.CertificateProvider
    public CertificateIdentityResult requestCertificateIdentity(ConnectionId connectionId, boolean z, List<X500Principal> list, ServerNames serverNames, List<CipherSuite.CertificateKeyAlgorithm> list2, List<SignatureAndHashAlgorithm> list3, List<XECDHECryptography.SupportedGroup> list4) {
        return this.certificateChain != null ? new CertificateIdentityResult(connectionId, this.privateKey, this.certificateChain, (Object) null) : new CertificateIdentityResult(connectionId, this.privateKey, this.publicKey, (Object) null);
    }

    @Override // org.eclipse.californium.scandium.dtls.x509.CertificateProvider
    public void setResultHandler(HandshakeResultHandler handshakeResultHandler) {
    }

    private static List<CertificateType> asList(CertificateType[] certificateTypeArr) {
        if (certificateTypeArr == null || certificateTypeArr.length == 0) {
            return null;
        }
        return Arrays.asList(certificateTypeArr);
    }
}
