package se.arkalix.security.identity;

import java.security.PublicKey;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
import java.util.Arrays;
import java.util.Objects;
import java.util.Optional;
import se.arkalix.internal.security.identity.X509Names;

/* loaded from: input_file:se/arkalix/security/identity/TrustedIdentity.class */
public class TrustedIdentity {
    protected final X509Certificate[] chain;
    protected final int chainOffset;
    private TrustedIdentity issuer = null;
    private String commonName = null;

    public TrustedIdentity(Certificate[] certificateArr) {
        Objects.requireNonNull(certificateArr, "Expected chain");
        int minimumChainLength = minimumChainLength();
        if (certificateArr.length < minimumChainLength) {
            throw new IllegalArgumentException("Expected chain.length >= " + minimumChainLength);
        }
        this.chain = new X509Certificate[certificateArr.length];
        for (int i = 0; i < certificateArr.length; i++) {
            Certificate certificate = certificateArr[i];
            if (!(certificate instanceof X509Certificate)) {
                throw new IllegalArgumentException("Only x.509 certificates are permitted in TrustedIdentity instances; the following certificate is of some other type: " + certificate);
            }
            this.chain[i] = (X509Certificate) certificateArr[i];
        }
        this.chainOffset = 0;
    }

    public TrustedIdentity(X509Certificate[] x509CertificateArr) {
        this.chain = (X509Certificate[]) Objects.requireNonNull(x509CertificateArr, "Expected chain");
        int minimumChainLength = minimumChainLength();
        if (x509CertificateArr.length < minimumChainLength) {
            throw new IllegalArgumentException("Expected chain.length >= " + minimumChainLength);
        }
        this.chainOffset = 0;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public TrustedIdentity(X509Certificate[] x509CertificateArr, int i) {
        this.chain = x509CertificateArr;
        this.chainOffset = i;
    }

    protected int minimumChainLength() {
        return 1;
    }

    public X509Certificate[] chain() {
        return (X509Certificate[]) Arrays.copyOfRange(this.chain, this.chainOffset, this.chain.length);
    }

    public Optional<TrustedIdentity> issuer() {
        if (this.issuer == null) {
            int i = this.chainOffset + 1;
            if (this.chain.length == i) {
                return Optional.empty();
            }
            this.issuer = new TrustedIdentity(this.chain, i);
        }
        return Optional.of(this.issuer);
    }

    public X509Certificate certificate() {
        return this.chain[this.chainOffset];
    }

    public String commonName() {
        if (this.commonName == null) {
            this.commonName = X509Names.commonNameOf(certificate().getSubjectX500Principal().getName()).orElseThrow(() -> {
                return new IllegalStateException("Certificate does not specify a subject common name");
            });
        }
        return this.commonName;
    }

    public PublicKey publicKey() {
        return certificate().getPublicKey();
    }

    public boolean equals(Object obj) {
        if (this == obj) {
            return true;
        }
        if (obj == null || getClass() != obj.getClass()) {
            return false;
        }
        TrustedIdentity trustedIdentity = (TrustedIdentity) obj;
        return this.chain[this.chainOffset].equals(trustedIdentity.chain[trustedIdentity.chainOffset]);
    }

    public int hashCode() {
        return Arrays.hashCode(this.chain);
    }
}
