package sdk.pendo.io.k;

import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.io.OutputStream;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.Signature;
import java.security.SignatureException;
import java.security.cert.Certificate;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateParsingException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.List;
import kotlin.Metadata;
import kotlin.collections.r;
import kotlin.jvm.internal.C2758s;
import sdk.pendo.io.b.d;
import sdk.pendo.io.l.IssuerInformation;
import sdk.pendo.io.l.SignedCertificateTimestamp;
import sdk.pendo.io.m.LogServer;
import sdk.pendo.io.m3.j1;
import sdk.pendo.io.m3.p;
import sdk.pendo.io.m3.v;

@Metadata(d1 = {"\u0000f\n\u0002\u0018\u0002\n\u0002\u0010\u0000\n\u0002\u0018\u0002\n\u0002\b\u0003\n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0002\b\u0002\n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0000\n\u0002\u0010 \n\u0000\n\u0002\u0018\u0002\n\u0000\n\u0002\u0010\u0012\n\u0000\n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0002\u0010\u000b\n\u0000\n\u0002\u0018\u0002\n\u0002\b\u0005\n\u0002\u0018\u0002\n\u0002\u0018\u0002\n\u0002\b\b\b\u0000\u0018\u0000 *2\u00020\u0001:\u0001\u000bB\u000f\u0012\u0006\u0010\u0003\u001a\u00020\u0002¢\u0006\u0004\b\u0004\u0010\u0005J\u001f\u0010\u000b\u001a\u00020\n2\u0006\u0010\u0007\u001a\u00020\u00062\u0006\u0010\t\u001a\u00020\bH\u0002¢\u0006\u0004\b\u000b\u0010\fJ'\u0010\u000b\u001a\b\u0012\u0004\u0012\u00020\u000f0\u00112\u0006\u0010\u000e\u001a\u00020\r2\b\u0010\u0010\u001a\u0004\u0018\u00010\u000fH\u0002¢\u0006\u0004\b\u000b\u0010\u0012J\u001f\u0010\u000b\u001a\u00020\u00172\u0006\u0010\u0014\u001a\u00020\u00132\u0006\u0010\u0016\u001a\u00020\u0015H\u0002¢\u0006\u0004\b\u000b\u0010\u0018J\u0013\u0010\u000b\u001a\u00020\u001a*\u00020\u0019H\u0002¢\u0006\u0004\b\u000b\u0010\u001bJ\u001f\u0010\u000b\u001a\u00020\u00152\u0006\u0010\u001d\u001a\u00020\u001c2\u0006\u0010\u0014\u001a\u00020\u0013H\u0002¢\u0006\u0004\b\u000b\u0010\u001eJ'\u0010\u000b\u001a\u00020\u00152\u0006\u0010\u001f\u001a\u00020\u00152\u0006\u0010 \u001a\u00020\u00152\u0006\u0010\u0014\u001a\u00020\u0013H\u0002¢\u0006\u0004\b\u000b\u0010!J\u001b\u0010\u000b\u001a\u00020#*\u00020\"2\u0006\u0010\u0014\u001a\u00020\u0013H\u0002¢\u0006\u0004\b\u000b\u0010$J%\u0010\u000b\u001a\u00020\u00172\u0006\u0010\u0014\u001a\u00020\u00132\f\u0010%\u001a\b\u0012\u0004\u0012\u00020\u001c0\u0011H\u0016¢\u0006\u0004\b\u000b\u0010&J'\u0010\u000b\u001a\u00020\u00172\u0006\u0010\u0014\u001a\u00020\u00132\u0006\u0010\u001d\u001a\u00020\u00062\u0006\u0010'\u001a\u00020\bH\u0000¢\u0006\u0004\b\u000b\u0010(R\u0014\u0010\u0003\u001a\u00020\u00028\u0002X\u0082\u0004¢\u0006\u0006\n\u0004\b\u000b\u0010)¨\u0006+"}, d2 = {"Lsdk/pendo/io/k/i;", "", "Lsdk/pendo/io/m/d;", "logServer", "<init>", "(Lcom/appmattus/certificatetransparency/loglist/LogServer;)V", "Ljava/security/cert/X509Certificate;", "preCertificate", "Lsdk/pendo/io/l/c;", "issuerInformation", "Lsdk/pendo/io/e4/h;", "a", "(Ljava/security/cert/X509Certificate;Lsdk/pendo/io/l/c;)Lsdk/pendo/io/e4/h;", "Lsdk/pendo/io/e4/e;", "extensions", "Lsdk/pendo/io/e4/d;", "replacementX509authorityKeyIdentifier", "", "(Lsdk/pendo/io/e4/e;Lsdk/pendo/io/e4/d;)Ljava/util/List;", "Lsdk/pendo/io/l/e;", "sct", "", "toVerify", "Lsdk/pendo/io/b/d;", "(Lsdk/pendo/io/l/e;[B)Lsdk/pendo/io/b/d;", "Lsdk/pendo/io/e4/b;", "", "(Lsdk/pendo/io/e4/b;)Z", "Ljava/security/cert/Certificate;", "certificate", "(Ljava/security/cert/Certificate;Lsdk/pendo/io/l/e;)[B", "preCertBytes", "issuerKeyHash", "([B[BLsdk/pendo/io/l/e;)[B", "Ljava/io/OutputStream;", "Lq7/L;", "(Ljava/io/OutputStream;Lsdk/pendo/io/l/e;)V", "chain", "(Lsdk/pendo/io/l/e;Ljava/util/List;)Lsdk/pendo/io/b/d;", "issuerInfo", "(Lsdk/pendo/io/l/e;Ljava/security/cert/X509Certificate;Lsdk/pendo/io/l/c;)Lsdk/pendo/io/b/d;", "Lsdk/pendo/io/m/d;", "b", "certificatetransparency"}, k = 1, mv = {1, 6, 0})
/* loaded from: classes3.dex */
public final class i {

    /* renamed from: a, reason: collision with root package name and from kotlin metadata */
    private final LogServer logServer;

    public i(LogServer logServer) {
        C2758s.i(logServer, "logServer");
        this.logServer = logServer;
    }

    private final List<sdk.pendo.io.e4.d> a(sdk.pendo.io.e4.e extensions, sdk.pendo.io.e4.d replacementX509authorityKeyIdentifier) {
        v[] h10 = extensions.h();
        C2758s.h(h10, "extensions.extensionOIDs");
        ArrayList arrayList = new ArrayList();
        for (v vVar : h10) {
            if (!C2758s.d(vVar.l(), "1.3.6.1.4.1.11129.2.4.3")) {
                arrayList.add(vVar);
            }
        }
        ArrayList<v> arrayList2 = new ArrayList();
        for (Object obj : arrayList) {
            if (!C2758s.d(((v) obj).l(), "1.3.6.1.4.1.11129.2.4.2")) {
                arrayList2.add(obj);
            }
        }
        ArrayList arrayList3 = new ArrayList(r.v(arrayList2, 10));
        for (v vVar2 : arrayList2) {
            arrayList3.add((!C2758s.d(vVar2.l(), "2.5.29.35") || replacementX509authorityKeyIdentifier == null) ? extensions.a(vVar2) : replacementX509authorityKeyIdentifier);
        }
        return arrayList3;
    }

    private final sdk.pendo.io.b.d a(SignedCertificateTimestamp sct, byte[] toVerify) {
        String str;
        sdk.pendo.io.b.d lVar;
        if (C2758s.d(this.logServer.getKey().getAlgorithm(), "EC")) {
            str = "SHA256withECDSA";
        } else {
            if (!C2758s.d(this.logServer.getKey().getAlgorithm(), "RSA")) {
                String algorithm = this.logServer.getKey().getAlgorithm();
                C2758s.h(algorithm, "logServer.key.algorithm");
                return new m(algorithm, null, 2, null);
            }
            str = "SHA256withRSA";
        }
        try {
            Signature signature = Signature.getInstance(str);
            signature.initVerify(this.logServer.getKey());
            signature.update(toVerify);
            return signature.verify(sct.getSignature().getSignature()) ? d.b.f41095a : d.a.b.f41089a;
        } catch (InvalidKeyException e10) {
            lVar = new h(e10);
            return lVar;
        } catch (NoSuchAlgorithmException e11) {
            lVar = new m(str, e11);
            return lVar;
        } catch (SignatureException e12) {
            lVar = new l(e12);
            return lVar;
        }
    }

    private final sdk.pendo.io.e4.h a(X509Certificate preCertificate, IssuerInformation issuerInformation) {
        if (preCertificate.getVersion() < 3) {
            throw new IllegalArgumentException("Failed requirement.");
        }
        p pVar = new p(preCertificate.getEncoded());
        try {
            sdk.pendo.io.e4.b parsedPreCertificate = sdk.pendo.io.e4.b.a(pVar.b());
            C2758s.h(parsedPreCertificate, "parsedPreCertificate");
            if (a(parsedPreCertificate) && issuerInformation.getIssuedByPreCertificateSigningCert() && issuerInformation.getX509authorityKeyIdentifier() == null) {
                throw new IllegalArgumentException("Failed requirement.");
            }
            sdk.pendo.io.e4.e i10 = parsedPreCertificate.i().i();
            C2758s.h(i10, "parsedPreCertificate.tbsCertificate.extensions");
            List<sdk.pendo.io.e4.d> a10 = a(i10, issuerInformation.getX509authorityKeyIdentifier());
            sdk.pendo.io.e4.j jVar = new sdk.pendo.io.e4.j();
            sdk.pendo.io.e4.h i11 = parsedPreCertificate.i();
            jVar.a(i11.l());
            jVar.a(i11.m());
            sdk.pendo.io.c4.c name = issuerInformation.getName();
            if (name == null) {
                name = i11.j();
            }
            jVar.a(name);
            jVar.b(i11.n());
            jVar.a(i11.h());
            jVar.b(i11.o());
            jVar.a(i11.p());
            jVar.a((j1) i11.k());
            jVar.b((j1) i11.q());
            Object[] array = a10.toArray(new sdk.pendo.io.e4.d[0]);
            if (array == null) {
                throw new NullPointerException("null cannot be cast to non-null type kotlin.Array<T of kotlin.collections.ArraysKt__ArraysJVMKt.toTypedArray>");
            }
            jVar.a(new sdk.pendo.io.e4.e((sdk.pendo.io.e4.d[]) array));
            sdk.pendo.io.e4.h a11 = jVar.a();
            A7.b.a(pVar, null);
            C2758s.h(a11, "ASN1InputStream(preCerti…BSCertificate()\n        }");
            return a11;
        } finally {
        }
    }

    private final void a(OutputStream outputStream, SignedCertificateTimestamp signedCertificateTimestamp) {
        if (signedCertificateTimestamp.getSctVersion() != sdk.pendo.io.l.f.V1) {
            throw new IllegalArgumentException("Can only serialize SCT v1 for now.");
        }
        sdk.pendo.io.i.c.a(outputStream, signedCertificateTimestamp.getSctVersion().getNumber(), 1);
        sdk.pendo.io.i.c.a(outputStream, 0L, 1);
        sdk.pendo.io.i.c.a(outputStream, signedCertificateTimestamp.getTimestamp(), 8);
    }

    private final boolean a(sdk.pendo.io.e4.b bVar) {
        return bVar.i().i().a(new v("2.5.29.35")) != null;
    }

    private final byte[] a(Certificate certificate, SignedCertificateTimestamp sct) {
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        try {
            a(byteArrayOutputStream, sct);
            sdk.pendo.io.i.c.a(byteArrayOutputStream, 0L, 2);
            byte[] encoded = certificate.getEncoded();
            C2758s.h(encoded, "certificate.encoded");
            sdk.pendo.io.i.c.a(byteArrayOutputStream, encoded, 16777215);
            sdk.pendo.io.i.c.a(byteArrayOutputStream, sct.getExtensions(), 65535);
            byte[] byteArray = byteArrayOutputStream.toByteArray();
            A7.b.a(byteArrayOutputStream, null);
            C2758s.h(byteArray, "ByteArrayOutputStream().…t.toByteArray()\n        }");
            return byteArray;
        } finally {
        }
    }

    private final byte[] a(byte[] preCertBytes, byte[] issuerKeyHash, SignedCertificateTimestamp sct) {
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        try {
            a(byteArrayOutputStream, sct);
            sdk.pendo.io.i.c.a(byteArrayOutputStream, 1L, 2);
            byteArrayOutputStream.write(issuerKeyHash);
            sdk.pendo.io.i.c.a(byteArrayOutputStream, preCertBytes, 16777215);
            sdk.pendo.io.i.c.a(byteArrayOutputStream, sct.getExtensions(), 65535);
            byte[] byteArray = byteArrayOutputStream.toByteArray();
            A7.b.a(byteArrayOutputStream, null);
            C2758s.h(byteArray, "ByteArrayOutputStream().…t.toByteArray()\n        }");
            return byteArray;
        } finally {
        }
    }

    public final sdk.pendo.io.b.d a(SignedCertificateTimestamp sct, X509Certificate certificate, IssuerInformation issuerInfo) {
        b bVar;
        C2758s.i(sct, "sct");
        C2758s.i(certificate, "certificate");
        C2758s.i(issuerInfo, "issuerInfo");
        try {
            byte[] g10 = a(certificate, issuerInfo).g();
            C2758s.h(g10, "preCertificateTBS.encoded");
            return a(sct, a(g10, issuerInfo.getKeyHash(), sct));
        } catch (IOException e10) {
            bVar = new b(e10);
            return bVar;
        } catch (CertificateException e11) {
            bVar = new b(e11);
            return bVar;
        }
    }

    public sdk.pendo.io.b.d a(SignedCertificateTimestamp sct, List<? extends Certificate> chain) {
        IssuerInformation d10;
        b bVar;
        C2758s.i(sct, "sct");
        C2758s.i(chain, "chain");
        long currentTimeMillis = System.currentTimeMillis();
        if (sct.getTimestamp() > currentTimeMillis) {
            return new d.a.C0638d(sct.getTimestamp(), currentTimeMillis);
        }
        if (this.logServer.getValidUntil() != null && sct.getTimestamp() > this.logServer.getValidUntil().longValue()) {
            return new d.a.e(sct.getTimestamp(), this.logServer.getValidUntil().longValue());
        }
        if (!Arrays.equals(this.logServer.getId(), sct.getId().getKeyId())) {
            String a10 = sdk.pendo.io.e5.a.a(sct.getId().getKeyId());
            C2758s.h(a10, "toBase64String(sct.id.keyId)");
            String a11 = sdk.pendo.io.e5.a.a(this.logServer.getId());
            C2758s.h(a11, "toBase64String(logServer.id)");
            return new g(a10, a11);
        }
        Certificate certificate = chain.get(0);
        if (!sdk.pendo.io.j.b.b(certificate) && !sdk.pendo.io.j.b.a(certificate)) {
            try {
                return a(sct, a(certificate, sct));
            } catch (IOException e10) {
                bVar = new b(e10);
                return bVar;
            } catch (CertificateEncodingException e11) {
                bVar = new b(e11);
                return bVar;
            }
        }
        if (chain.size() < 2) {
            return j.f43601a;
        }
        Certificate certificate2 = chain.get(1);
        try {
            if (!sdk.pendo.io.j.b.c(certificate2)) {
                try {
                    d10 = sdk.pendo.io.j.b.d(certificate2);
                } catch (NoSuchAlgorithmException e12) {
                    return new m("SHA-256", e12);
                }
            } else {
                if (chain.size() < 3) {
                    return k.f43602a;
                }
                try {
                    d10 = sdk.pendo.io.j.b.a(certificate2, chain.get(2));
                } catch (IOException e13) {
                    return new a(e13);
                } catch (NoSuchAlgorithmException e14) {
                    return new m("SHA-256", e14);
                } catch (CertificateEncodingException e15) {
                    return new b(e15);
                }
            }
            return a(sct, (X509Certificate) certificate, d10);
        } catch (CertificateParsingException e16) {
            return new c(e16);
        }
    }
}
