package de.vwag.viwi.mib3.library.internal.network;

import de.vwag.viwi.mib3.library.internal.diagnostic.L;
import de.vwag.viwi.mib3.library.internal.utils.CertificateVerifier;
import java.io.IOException;
import org.spongycastle.cert.X509CertificateHolder;
import org.spongycastle.crypto.tls.Certificate;
import org.spongycastle.crypto.tls.CertificateRequest;
import org.spongycastle.crypto.tls.DefaultTlsSignerCredentials;
import org.spongycastle.crypto.tls.SignatureAndHashAlgorithm;
import org.spongycastle.crypto.tls.TlsAuthentication;
import org.spongycastle.crypto.tls.TlsCredentials;
import org.spongycastle.crypto.util.PrivateKeyFactory;

/* loaded from: classes3.dex */
class RegistrationTlsClient$1 implements TlsAuthentication {
    final /* synthetic */ RegistrationTlsClient this$0;

    RegistrationTlsClient$1(RegistrationTlsClient registrationTlsClient) {
        this.this$0 = registrationTlsClient;
    }

    public TlsCredentials getClientCredentials(CertificateRequest certificateRequest) throws IOException {
        DefaultTlsSignerCredentials defaultTlsSignerCredentials = null;
        try {
            defaultTlsSignerCredentials = new DefaultTlsSignerCredentials(RegistrationTlsClient.access$300(this.this$0), new Certificate(new org.spongycastle.asn1.x509.Certificate[]{RegistrationTlsClient.access$200(this.this$0).toASN1Structure()}), PrivateKeyFactory.createKey(RegistrationTlsClient.access$400(this.this$0).getEncoded()), new SignatureAndHashAlgorithm((short) 4, (short) 3));
            return defaultTlsSignerCredentials;
        } catch (Exception e) {
            L.e(e, "Could not return client certificate during TLS handshake.", new Object[0]);
            return defaultTlsSignerCredentials;
        }
    }

    public void notifyServerCertificate(Certificate certificate) throws IOException {
        org.spongycastle.asn1.x509.Certificate[] certificateList = certificate.getCertificateList();
        L.v("MIB server send %s certificates in certificate chain", Integer.valueOf(certificateList.length));
        if (certificateList.length != 3) {
            RegistrationTlsClient.access$102(this.this$0, true);
            return;
        }
        try {
            RegistrationTlsClient.access$000(this.this$0, new X509CertificateHolder(certificateList[1]));
            if (!CertificateVerifier.verifyCertificate(certificate)) {
                throw new InvalidServerCertificateException();
            }
        } catch (Exception e) {
            L.e(e, "Could not extract vin from server certificate.", new Object[0]);
            throw new IOException("Could not extract vin from server certificate. " + e.getMessage());
        }
    }
}
