package de.vwag.viwi.mib3.library.internal.network;

import de.vwag.viwi.mib3.library.internal.diagnostic.L;
import de.vwag.viwi.mib3.library.internal.utils.CertificateVerifier;
import java.io.IOException;
import java.security.PrivateKey;
import org.apache.commons.b.c;
import org.spongycastle.asn1.x500.AttributeTypeAndValue;
import org.spongycastle.asn1.x500.RDN;
import org.spongycastle.asn1.x500.style.BCStyle;
import org.spongycastle.cert.X509CertificateHolder;
import org.spongycastle.crypto.tls.Certificate;
import org.spongycastle.crypto.tls.CertificateRequest;
import org.spongycastle.crypto.tls.CipherSuite;
import org.spongycastle.crypto.tls.DefaultTlsClient;
import org.spongycastle.crypto.tls.DefaultTlsSignerCredentials;
import org.spongycastle.crypto.tls.SignatureAndHashAlgorithm;
import org.spongycastle.crypto.tls.TlsAuthentication;
import org.spongycastle.crypto.tls.TlsCredentials;
import org.spongycastle.crypto.util.PrivateKeyFactory;

/* loaded from: classes.dex */
class RegistrationTlsClient extends DefaultTlsClient {
    private final X509CertificateHolder clientCertificate;
    private final PrivateKey clientKey;
    private boolean nonVkmsRegistration;
    private String vin;

    /* JADX INFO: Access modifiers changed from: package-private */
    public RegistrationTlsClient(X509CertificateHolder x509CertificateHolder, PrivateKey privateKey) {
        this.clientCertificate = x509CertificateHolder;
        this.clientKey = privateKey;
    }

    private boolean containsVin(AttributeTypeAndValue attributeTypeAndValue) {
        return c.b("VIN=", attributeTypeAndValue.getValue().toASN1Primitive().toString());
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void extractVin(X509CertificateHolder x509CertificateHolder) {
        for (RDN rdn : x509CertificateHolder.getSubject().getRDNs(BCStyle.CN)) {
            if (rdn.isMultiValued()) {
                for (AttributeTypeAndValue attributeTypeAndValue : rdn.getTypesAndValues()) {
                    if (containsVin(attributeTypeAndValue)) {
                        this.vin = getVin(rdn.getFirst());
                    }
                }
            } else {
                this.vin = getVin(rdn.getFirst());
            }
        }
    }

    private String getVin(AttributeTypeAndValue attributeTypeAndValue) {
        return c.a(attributeTypeAndValue.getValue().toASN1Primitive().toString(), "=");
    }

    @Override // org.spongycastle.crypto.tls.TlsClient
    public TlsAuthentication getAuthentication() {
        return new TlsAuthentication() { // from class: de.vwag.viwi.mib3.library.internal.network.RegistrationTlsClient.1
            @Override // org.spongycastle.crypto.tls.TlsAuthentication
            public TlsCredentials getClientCredentials(CertificateRequest certificateRequest) {
                try {
                    return new DefaultTlsSignerCredentials(RegistrationTlsClient.this.context, new Certificate(new org.spongycastle.asn1.x509.Certificate[]{RegistrationTlsClient.this.clientCertificate.toASN1Structure()}), PrivateKeyFactory.createKey(RegistrationTlsClient.this.clientKey.getEncoded()), new SignatureAndHashAlgorithm((short) 4, (short) 3));
                } catch (Exception e) {
                    L.e(e, "Could not return client certificate during TLS handshake.", new Object[0]);
                    return null;
                }
            }

            @Override // org.spongycastle.crypto.tls.TlsAuthentication
            public void notifyServerCertificate(Certificate certificate) {
                org.spongycastle.asn1.x509.Certificate[] certificateList = certificate.getCertificateList();
                L.v("MIB server send %s certificates in certificate chain", Integer.valueOf(certificateList.length));
                if (certificateList.length != 3) {
                    RegistrationTlsClient.this.nonVkmsRegistration = true;
                    return;
                }
                try {
                    RegistrationTlsClient.this.extractVin(new X509CertificateHolder(certificateList[1]));
                    if (!CertificateVerifier.verifyCertificate(certificate)) {
                        throw new InvalidServerCertificateException();
                    }
                } catch (Exception e) {
                    L.e(e, "Could not extract vin from server certificate.", new Object[0]);
                    throw new IOException("Could not extract vin from server certificate. " + e.getMessage());
                }
            }
        };
    }

    @Override // org.spongycastle.crypto.tls.DefaultTlsClient, org.spongycastle.crypto.tls.TlsClient
    public int[] getCipherSuites() {
        return new int[]{CipherSuite.TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256};
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public String getVin() {
        return this.vin;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public boolean isNonVkmsRegistration() {
        return this.nonVkmsRegistration;
    }

    @Override // org.spongycastle.crypto.tls.AbstractTlsPeer, org.spongycastle.crypto.tls.TlsPeer
    public void notifySecureRenegotiation(boolean z) {
    }
}
