package com.netflix.msl.entityauth;

import com.netflix.msl.MslCryptoException;
import com.netflix.msl.MslEncodingException;
import com.netflix.msl.MslEntityAuthException;
import com.netflix.msl.MslError;
import com.netflix.msl.MslInternalException;
import com.netflix.msl.crypto.ICryptoContext;
import com.netflix.msl.crypto.RsaCryptoContext;
import com.netflix.msl.io.MslObject;
import com.netflix.msl.util.AuthenticationUtils;
import com.netflix.msl.util.MslContext;
import java.security.PublicKey;
import java.security.cert.CertificateExpiredException;
import java.security.cert.CertificateNotYetValidException;
import java.security.cert.X509Certificate;

/* loaded from: input_file:WEB-INF/lib/msl-core-1.2225.0.jar:com/netflix/msl/entityauth/X509AuthenticationFactory.class */
public class X509AuthenticationFactory extends EntityAuthenticationFactory {
    private final X509Store caStore;
    private final AuthenticationUtils authutils;

    public X509AuthenticationFactory(X509Store x509Store, AuthenticationUtils authenticationUtils) {
        super(EntityAuthenticationScheme.X509);
        this.caStore = x509Store;
        this.authutils = authenticationUtils;
    }

    @Override // com.netflix.msl.entityauth.EntityAuthenticationFactory
    public EntityAuthenticationData createData(MslContext mslContext, MslObject mslObject) throws MslCryptoException, MslEncodingException {
        return new X509AuthenticationData(mslObject);
    }

    @Override // com.netflix.msl.entityauth.EntityAuthenticationFactory
    public ICryptoContext getCryptoContext(MslContext mslContext, EntityAuthenticationData entityAuthenticationData) throws MslCryptoException, MslEntityAuthException {
        if (!(entityAuthenticationData instanceof X509AuthenticationData)) {
            throw new MslInternalException("Incorrect authentication data type " + entityAuthenticationData.getClass().getName() + ".");
        }
        X509AuthenticationData x509AuthenticationData = (X509AuthenticationData) entityAuthenticationData;
        X509Certificate x509Cert = x509AuthenticationData.getX509Cert();
        String name = x509Cert.getSubjectX500Principal().getName();
        PublicKey publicKey = x509Cert.getPublicKey();
        if (this.authutils.isEntityRevoked(name)) {
            throw new MslEntityAuthException(MslError.ENTITY_REVOKED, x509Cert.toString()).setEntityAuthenticationData((EntityAuthenticationData) x509AuthenticationData);
        }
        if (!this.authutils.isSchemePermitted(name, getScheme())) {
            throw new MslEntityAuthException(MslError.INCORRECT_ENTITYAUTH_DATA, "Authentication Scheme for Device Type Not Supported " + name + ":" + getScheme()).setEntityAuthenticationData((EntityAuthenticationData) x509AuthenticationData);
        }
        try {
            if (this.caStore.isAccepted(x509Cert)) {
                return new RsaCryptoContext(mslContext, name, this.caStore.getPrivateKey(x509Cert), publicKey, RsaCryptoContext.Mode.SIGN_VERIFY);
            }
            throw new MslEntityAuthException(MslError.X509CERT_VERIFICATION_FAILED, x509Cert.toString()).setEntityAuthenticationData((EntityAuthenticationData) x509AuthenticationData);
        } catch (CertificateExpiredException e) {
            throw new MslEntityAuthException(MslError.X509CERT_EXPIRED, x509Cert.toString(), e).setEntityAuthenticationData((EntityAuthenticationData) x509AuthenticationData);
        } catch (CertificateNotYetValidException e2) {
            throw new MslEntityAuthException(MslError.X509CERT_NOT_YET_VALID, x509Cert.toString(), e2).setEntityAuthenticationData((EntityAuthenticationData) x509AuthenticationData);
        }
    }
}
