package org.eclipse.leshan.client.californium;

import java.security.GeneralSecurityException;
import java.security.cert.CertPath;
import java.security.cert.CertPathValidator;
import java.security.cert.Certificate;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateException;
import java.security.cert.PKIXCertPathValidatorResult;
import java.security.cert.PKIXParameters;
import java.security.cert.TrustAnchor;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.HashSet;
import java.util.List;
import org.eclipse.californium.elements.util.CertPathUtil;

/* loaded from: input_file:org/eclipse/leshan/client/californium/X509Util.class */
public class X509Util {
    public static CertPath applyPKIXValidation(CertPath certPath, X509Certificate[] x509CertificateArr) throws GeneralSecurityException {
        CertPath truncateToFirstTrustedCert = truncateToFirstTrustedCert(certPath, x509CertificateArr);
        if (truncateToFirstTrustedCert.getCertificates().isEmpty()) {
            throw new IllegalArgumentException("Invalid certificate path : certificate path is empty or end node certificate is directly trusted");
        }
        HashSet hashSet = new HashSet();
        for (X509Certificate x509Certificate : x509CertificateArr) {
            hashSet.add(new TrustAnchor(x509Certificate, null));
        }
        CertPathValidator certPathValidator = CertPathValidator.getInstance(CertPathValidator.getDefaultType());
        PKIXParameters pKIXParameters = new PKIXParameters(hashSet);
        pKIXParameters.setRevocationEnabled(false);
        return add(truncateToFirstTrustedCert, ((PKIXCertPathValidatorResult) certPathValidator.validate(truncateToFirstTrustedCert, pKIXParameters)).getTrustAnchor().getTrustedCert());
    }

    public static CertPath truncateToFirstTrustedCert(CertPath certPath, X509Certificate[] x509CertificateArr) throws CertificateEncodingException {
        List x509CertificatesList = CertPathUtil.toX509CertificatesList(certPath.getCertificates());
        for (int i = 0; i < x509CertificatesList.size(); i++) {
            if (contains((X509Certificate) x509CertificatesList.get(i), x509CertificateArr)) {
                return CertPathUtil.generateCertPath(x509CertificatesList, i);
            }
        }
        return certPath;
    }

    public static CertPath add(CertPath certPath, X509Certificate x509Certificate) {
        List x509CertificatesList = CertPathUtil.toX509CertificatesList(certPath.getCertificates());
        x509CertificatesList.add(x509Certificate);
        return CertPathUtil.generateCertPath(x509CertificatesList);
    }

    public static boolean contains(X509Certificate x509Certificate, X509Certificate[] x509CertificateArr) {
        for (X509Certificate x509Certificate2 : x509CertificateArr) {
            if (x509Certificate.equals(x509Certificate2)) {
                return true;
            }
        }
        return false;
    }

    public static X509Certificate[] asX509Certificates(Certificate[] certificateArr) throws CertificateException {
        ArrayList arrayList = new ArrayList();
        for (Certificate certificate : certificateArr) {
            if (!(certificate instanceof X509Certificate)) {
                throw new CertificateException(String.format("%s certificate format is not supported, Only X.509 certificate is supported", certificate.getType()));
            }
            arrayList.add((X509Certificate) certificate);
        }
        return (X509Certificate[]) arrayList.toArray(new X509Certificate[0]);
    }
}
