package pt.unl.fct.di.novasys.babel.crypto;

import io.netty.buffer.ByteBuf;
import io.netty.buffer.ByteBufInputStream;
import java.io.IOException;
import java.net.InetAddress;
import java.net.UnknownHostException;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PublicKey;
import java.security.SignatureException;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;
import pt.unl.fct.di.novasys.babel.crypto.CryptoFunctions;
import pt.unl.fct.di.novasys.network.ISerializer;
import pt.unl.fct.di.novasys.network.data.Host;

/* loaded from: input_file:pt/unl/fct/di/novasys/babel/crypto/Certificate.class */
public class Certificate {
    private static final Logger logger;
    public static final ISerializer<Certificate> serializer;
    private final Peer peer;
    private final X509Certificate x509Certificate;
    static final /* synthetic */ boolean $assertionsDisabled;

    public Certificate(X509Certificate x509Certificate, Host host) throws UnknownHostException {
        this.x509Certificate = x509Certificate;
        this.peer = extractPeer(x509Certificate, host);
    }

    public static Peer extractPeer(X509Certificate x509Certificate, Host host) throws UnknownHostException {
        for (String str : x509Certificate.getSubjectX500Principal().getName().split(",")) {
            if (str.startsWith("L=")) {
                InetAddress byName = InetAddress.getByName(str.substring(2));
                if ($assertionsDisabled || byName.equals(host.getAddress())) {
                    return new Peer(host, x509Certificate.getPublicKey());
                }
                throw new AssertionError();
            }
        }
        throw new IllegalArgumentException("Certificate does not contain a CN field with the peer's address.");
    }

    public Peer getPeer() {
        return this.peer;
    }

    public boolean checkSignature(PublicKey publicKey) throws CertificateException, NoSuchAlgorithmException, SignatureException, InvalidKeyException, NoSuchProviderException {
        this.x509Certificate.verify(publicKey);
        return true;
    }

    static {
        $assertionsDisabled = !Certificate.class.desiredAssertionStatus();
        logger = LogManager.getLogger(Certificate.class);
        serializer = new ISerializer<Certificate>() { // from class: pt.unl.fct.di.novasys.babel.crypto.Certificate.1
            public void serialize(Certificate certificate, ByteBuf byteBuf) {
                try {
                    Host.serializer.serialize(certificate.peer, byteBuf);
                    byteBuf.writeBytes(certificate.x509Certificate.getEncoded());
                } catch (IOException | CertificateEncodingException e) {
                    throw new RuntimeException(e);
                }
            }

            /* renamed from: deserialize, reason: merged with bridge method [inline-methods] */
            public Certificate m2deserialize(ByteBuf byteBuf) throws IOException {
                try {
                    return CryptoFunctions.IO.readCertificate(new ByteBufInputStream(byteBuf), (Host) Host.serializer.deserialize(byteBuf));
                } catch (CertificateException e) {
                    Certificate.logger.warn("Failed to deserialize certificate", e);
                    throw new IOException(e);
                }
            }
        };
    }
}
