package org.bouncycastle.jcajce.provider.asymmetric.x509;

import defpackage.bb;
import defpackage.bv;
import defpackage.e1;
import defpackage.ey8;
import defpackage.f1;
import defpackage.fx5;
import defpackage.g80;
import defpackage.hd4;
import defpackage.i1;
import defpackage.knc;
import defpackage.l0;
import defpackage.l1;
import defpackage.o1;
import defpackage.oy2;
import defpackage.p0;
import defpackage.pnc;
import defpackage.pp1;
import defpackage.q0;
import defpackage.rnc;
import defpackage.tha;
import defpackage.vy2;
import defpackage.w4b;
import defpackage.w56;
import defpackage.wc4;
import defpackage.wf7;
import defpackage.x0;
import defpackage.x0c;
import defpackage.y0;
import defpackage.y45;
import defpackage.ys7;
import defpackage.z16;
import defpackage.z19;
import defpackage.z78;
import defpackage.zs7;
import java.io.BufferedOutputStream;
import java.io.IOException;
import java.math.BigInteger;
import java.net.InetAddress;
import java.net.UnknownHostException;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.Principal;
import java.security.Provider;
import java.security.PublicKey;
import java.security.Signature;
import java.security.SignatureException;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateExpiredException;
import java.security.cert.CertificateNotYetValidException;
import java.security.cert.CertificateParsingException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Collections;
import java.util.Date;
import java.util.Enumeration;
import java.util.HashSet;
import java.util.List;
import java.util.Set;
import javax.security.auth.x500.X500Principal;
import org.bouncycastle.jcajce.CompositePublicKey;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.util.Strings;

/* loaded from: classes9.dex */
abstract class X509CertificateImpl extends X509Certificate {
    protected g80 basicConstraints;
    protected z16 bcHelper;
    protected pp1 c;
    protected boolean[] keyUsage;
    protected String sigAlgName;
    protected byte[] sigAlgParams;

    /* loaded from: classes9.dex */
    public class a implements tha {
        public a() {
        }

        @Override // defpackage.tha
        public Signature a(String str) {
            try {
                return X509CertificateImpl.this.bcHelper.a(str);
            } catch (Exception unused) {
                return Signature.getInstance(str);
            }
        }
    }

    /* loaded from: classes9.dex */
    public class b implements tha {
        public final /* synthetic */ String a;

        public b(String str) {
            this.a = str;
        }

        @Override // defpackage.tha
        public Signature a(String str) {
            String str2 = this.a;
            return str2 != null ? Signature.getInstance(str, str2) : Signature.getInstance(str);
        }
    }

    /* loaded from: classes9.dex */
    public class c implements tha {
        public final /* synthetic */ Provider a;

        public c(Provider provider) {
            this.a = provider;
        }

        @Override // defpackage.tha
        public Signature a(String str) {
            Provider provider = this.a;
            return provider != null ? Signature.getInstance(str, provider) : Signature.getInstance(str);
        }
    }

    public X509CertificateImpl(z16 z16Var, pp1 pp1Var, g80 g80Var, boolean[] zArr, String str, byte[] bArr) {
        this.bcHelper = z16Var;
        this.c = pp1Var;
        this.basicConstraints = g80Var;
        this.keyUsage = zArr;
        this.sigAlgName = str;
        this.sigAlgParams = bArr;
    }

    private void checkSignature(PublicKey publicKey, Signature signature, q0 q0Var, byte[] bArr) {
        if (!isAlgIdEqual(this.c.m(), this.c.q().n())) {
            throw new CertificateException("signature algorithm in TBS cert not same as outer cert");
        }
        rnc.g(signature, q0Var);
        signature.initVerify(publicKey);
        try {
            BufferedOutputStream bufferedOutputStream = new BufferedOutputStream(z78.a(signature), 512);
            this.c.q().f(bufferedOutputStream, "DER");
            bufferedOutputStream.close();
            if (!signature.verify(bArr)) {
                throw new SignatureException("certificate does not verify with supplied key");
            }
        } catch (IOException e) {
            throw new CertificateEncodingException(e.toString());
        }
    }

    private void doVerify(PublicKey publicKey, tha thaVar) {
        boolean z = publicKey instanceof CompositePublicKey;
        int i = 0;
        if (z && rnc.d(this.c.m())) {
            List<PublicKey> publicKeys = ((CompositePublicKey) publicKey).getPublicKeys();
            l1 u = l1.u(this.c.m().k());
            l1 u2 = l1.u(oy2.A(this.c.l()).s());
            boolean z2 = false;
            while (i != publicKeys.size()) {
                if (publicKeys.get(i) != null) {
                    bb j = bb.j(u.v(i));
                    try {
                        checkSignature(publicKeys.get(i), thaVar.a(rnc.c(j)), j.k(), oy2.A(u2.v(i)).s());
                        e = null;
                        z2 = true;
                    } catch (SignatureException e) {
                        e = e;
                    }
                    if (e != null) {
                        throw e;
                    }
                }
                i++;
            }
            if (!z2) {
                throw new InvalidKeyException("no matching key found");
            }
            return;
        }
        if (!rnc.d(this.c.m())) {
            Signature a2 = thaVar.a(rnc.c(this.c.m()));
            if (!z) {
                checkSignature(publicKey, a2, this.c.m().k(), getSignature());
                return;
            }
            List<PublicKey> publicKeys2 = ((CompositePublicKey) publicKey).getPublicKeys();
            while (i != publicKeys2.size()) {
                try {
                    checkSignature(publicKeys2.get(i), a2, this.c.m().k(), getSignature());
                    return;
                } catch (InvalidKeyException unused) {
                    i++;
                }
            }
            throw new InvalidKeyException("no matching signature found");
        }
        l1 u3 = l1.u(this.c.m().k());
        l1 u4 = l1.u(oy2.A(this.c.l()).s());
        boolean z3 = false;
        while (i != u4.size()) {
            bb j2 = bb.j(u3.v(i));
            try {
                checkSignature(publicKey, thaVar.a(rnc.c(j2)), j2.k(), oy2.A(u4.v(i)).s());
                e = null;
                z3 = true;
            } catch (InvalidKeyException | NoSuchAlgorithmException unused2) {
                e = null;
            } catch (SignatureException e2) {
                e = e2;
            }
            if (e != null) {
                throw e;
            }
            i++;
        }
        if (!z3) {
            throw new InvalidKeyException("no matching key found");
        }
    }

    /* JADX WARN: Failed to find 'out' block for switch in B:10:0x0037. Please report as an issue. */
    private static Collection getAlternativeNames(pp1 pp1Var, String str) {
        String string;
        byte[] extensionOctets = getExtensionOctets(pp1Var, str);
        if (extensionOctets == null) {
            return null;
        }
        try {
            ArrayList arrayList = new ArrayList();
            Enumeration w = l1.u(extensionOctets).w();
            while (w.hasMoreElements()) {
                y45 h = y45.h(w.nextElement());
                ArrayList arrayList2 = new ArrayList();
                arrayList2.add(fx5.d(h.j()));
                switch (h.j()) {
                    case 0:
                    case 3:
                    case 5:
                        arrayList2.add(h.getEncoded());
                        arrayList.add(Collections.unmodifiableList(arrayList2));
                    case 1:
                    case 2:
                    case 6:
                        string = ((o1) h.i()).getString();
                        arrayList2.add(string);
                        arrayList.add(Collections.unmodifiableList(arrayList2));
                    case 4:
                        string = knc.i(z19.V, h.i()).toString();
                        arrayList2.add(string);
                        arrayList.add(Collections.unmodifiableList(arrayList2));
                    case 7:
                        try {
                            string = InetAddress.getByAddress(f1.t(h.i()).u()).getHostAddress();
                            arrayList2.add(string);
                            arrayList.add(Collections.unmodifiableList(arrayList2));
                        } catch (UnknownHostException unused) {
                        }
                    case 8:
                        string = e1.y(h.i()).w();
                        arrayList2.add(string);
                        arrayList.add(Collections.unmodifiableList(arrayList2));
                    default:
                        throw new IOException("Bad tag number: " + h.j());
                }
            }
            if (arrayList.size() == 0) {
                return null;
            }
            return Collections.unmodifiableCollection(arrayList);
        } catch (Exception e) {
            throw new CertificateParsingException(e.getMessage());
        }
    }

    public static byte[] getExtensionOctets(pp1 pp1Var, String str) {
        f1 extensionValue = getExtensionValue(pp1Var, str);
        if (extensionValue != null) {
            return extensionValue.u();
        }
        return null;
    }

    public static f1 getExtensionValue(pp1 pp1Var, String str) {
        wc4 i;
        hd4 i2 = pp1Var.q().i();
        if (i2 == null || (i = i2.i(new e1(str))) == null) {
            return null;
        }
        return i.j();
    }

    private boolean isAlgIdEqual(bb bbVar, bb bbVar2) {
        if (!bbVar.h().n(bbVar2.h())) {
            return false;
        }
        if (ey8.c("org.bouncycastle.x509.allow_absent_equiv_NULL")) {
            if (bbVar.k() == null) {
                return bbVar2.k() == null || bbVar2.k().equals(vy2.b);
            }
            if (bbVar2.k() == null) {
                return bbVar.k() == null || bbVar.k().equals(vy2.b);
            }
        }
        if (bbVar.k() != null) {
            return bbVar.k().equals(bbVar2.k());
        }
        if (bbVar2.k() != null) {
            return bbVar2.k().equals(bbVar.k());
        }
        return true;
    }

    @Override // java.security.cert.X509Certificate
    public void checkValidity() {
        checkValidity(new Date());
    }

    @Override // java.security.cert.X509Certificate
    public void checkValidity(Date date) {
        if (date.getTime() > getNotAfter().getTime()) {
            throw new CertificateExpiredException("certificate expired on " + this.c.h().j());
        }
        if (date.getTime() >= getNotBefore().getTime()) {
            return;
        }
        throw new CertificateNotYetValidException("certificate not valid till " + this.c.n().j());
    }

    @Override // java.security.cert.X509Certificate
    public int getBasicConstraints() {
        g80 g80Var = this.basicConstraints;
        if (g80Var == null || !g80Var.j()) {
            return -1;
        }
        if (this.basicConstraints.i() == null) {
            return Integer.MAX_VALUE;
        }
        return this.basicConstraints.i().intValue();
    }

    @Override // java.security.cert.X509Extension
    public Set getCriticalExtensionOIDs() {
        if (getVersion() != 3) {
            return null;
        }
        HashSet hashSet = new HashSet();
        hd4 i = this.c.q().i();
        if (i == null) {
            return null;
        }
        Enumeration n = i.n();
        while (n.hasMoreElements()) {
            e1 e1Var = (e1) n.nextElement();
            if (i.i(e1Var).m()) {
                hashSet.add(e1Var.w());
            }
        }
        return hashSet;
    }

    @Override // java.security.cert.X509Certificate
    public List getExtendedKeyUsage() {
        byte[] extensionOctets = getExtensionOctets(this.c, "2.5.29.37");
        if (extensionOctets == null) {
            return null;
        }
        try {
            l1 u = l1.u(i1.o(extensionOctets));
            ArrayList arrayList = new ArrayList();
            for (int i = 0; i != u.size(); i++) {
                arrayList.add(((e1) u.v(i)).w());
            }
            return Collections.unmodifiableList(arrayList);
        } catch (Exception unused) {
            throw new CertificateParsingException("error processing extended key usage extension");
        }
    }

    @Override // java.security.cert.X509Extension
    public byte[] getExtensionValue(String str) {
        f1 extensionValue = getExtensionValue(this.c, str);
        if (extensionValue == null) {
            return null;
        }
        try {
            return extensionValue.getEncoded();
        } catch (Exception e) {
            throw new IllegalStateException("error parsing " + e.toString());
        }
    }

    @Override // java.security.cert.X509Certificate
    public Collection getIssuerAlternativeNames() {
        return getAlternativeNames(this.c, wc4.i.w());
    }

    @Override // java.security.cert.X509Certificate
    public Principal getIssuerDN() {
        return new pnc(this.c.j());
    }

    @Override // java.security.cert.X509Certificate
    public boolean[] getIssuerUniqueID() {
        l0 l = this.c.q().l();
        if (l == null) {
            return null;
        }
        byte[] s = l.s();
        int length = (s.length * 8) - l.b();
        boolean[] zArr = new boolean[length];
        for (int i = 0; i != length; i++) {
            zArr[i] = (s[i / 8] & (128 >>> (i % 8))) != 0;
        }
        return zArr;
    }

    public knc getIssuerX500Name() {
        return this.c.j();
    }

    @Override // java.security.cert.X509Certificate
    public X500Principal getIssuerX500Principal() {
        try {
            return new X500Principal(this.c.j().g("DER"));
        } catch (IOException unused) {
            throw new IllegalStateException("can't encode issuer DN");
        }
    }

    @Override // java.security.cert.X509Certificate
    public boolean[] getKeyUsage() {
        return bv.j(this.keyUsage);
    }

    @Override // java.security.cert.X509Extension
    public Set getNonCriticalExtensionOIDs() {
        if (getVersion() != 3) {
            return null;
        }
        HashSet hashSet = new HashSet();
        hd4 i = this.c.q().i();
        if (i == null) {
            return null;
        }
        Enumeration n = i.n();
        while (n.hasMoreElements()) {
            e1 e1Var = (e1) n.nextElement();
            if (!i.i(e1Var).m()) {
                hashSet.add(e1Var.w());
            }
        }
        return hashSet;
    }

    @Override // java.security.cert.X509Certificate
    public Date getNotAfter() {
        return this.c.h().h();
    }

    @Override // java.security.cert.X509Certificate
    public Date getNotBefore() {
        return this.c.n().h();
    }

    @Override // java.security.cert.Certificate
    public PublicKey getPublicKey() {
        try {
            return BouncyCastleProvider.getPublicKey(this.c.p());
        } catch (IOException unused) {
            return null;
        }
    }

    @Override // java.security.cert.X509Certificate
    public BigInteger getSerialNumber() {
        return this.c.k().v();
    }

    @Override // java.security.cert.X509Certificate
    public String getSigAlgName() {
        return this.sigAlgName;
    }

    @Override // java.security.cert.X509Certificate
    public String getSigAlgOID() {
        return this.c.m().h().w();
    }

    @Override // java.security.cert.X509Certificate
    public byte[] getSigAlgParams() {
        return bv.e(this.sigAlgParams);
    }

    @Override // java.security.cert.X509Certificate
    public byte[] getSignature() {
        return this.c.l().v();
    }

    @Override // java.security.cert.X509Certificate
    public Collection getSubjectAlternativeNames() {
        return getAlternativeNames(this.c, wc4.h.w());
    }

    @Override // java.security.cert.X509Certificate
    public Principal getSubjectDN() {
        return new pnc(this.c.o());
    }

    @Override // java.security.cert.X509Certificate
    public boolean[] getSubjectUniqueID() {
        l0 r = this.c.q().r();
        if (r == null) {
            return null;
        }
        byte[] s = r.s();
        int length = (s.length * 8) - r.b();
        boolean[] zArr = new boolean[length];
        for (int i = 0; i != length; i++) {
            zArr[i] = (s[i / 8] & (128 >>> (i % 8))) != 0;
        }
        return zArr;
    }

    public knc getSubjectX500Name() {
        return this.c.o();
    }

    @Override // java.security.cert.X509Certificate
    public X500Principal getSubjectX500Principal() {
        try {
            return new X500Principal(this.c.o().g("DER"));
        } catch (IOException unused) {
            throw new IllegalStateException("can't encode subject DN");
        }
    }

    @Override // java.security.cert.X509Certificate
    public byte[] getTBSCertificate() {
        try {
            return this.c.q().g("DER");
        } catch (IOException e) {
            throw new CertificateEncodingException(e.toString());
        }
    }

    public w4b getTBSCertificateNative() {
        return this.c.q();
    }

    @Override // java.security.cert.X509Certificate
    public int getVersion() {
        return this.c.r();
    }

    @Override // java.security.cert.X509Extension
    public boolean hasUnsupportedCriticalExtension() {
        hd4 i;
        if (getVersion() != 3 || (i = this.c.q().i()) == null) {
            return false;
        }
        Enumeration n = i.n();
        while (n.hasMoreElements()) {
            e1 e1Var = (e1) n.nextElement();
            if (!e1Var.n(wc4.f) && !e1Var.n(wc4.t) && !e1Var.n(wc4.u) && !e1Var.n(wc4.z) && !e1Var.n(wc4.s) && !e1Var.n(wc4.p) && !e1Var.n(wc4.o) && !e1Var.n(wc4.w) && !e1Var.n(wc4.j) && !e1Var.n(wc4.h) && !e1Var.n(wc4.r) && i.i(e1Var).m()) {
                return true;
            }
        }
        return false;
    }

    @Override // java.security.cert.Certificate
    public String toString() {
        Object x0cVar;
        StringBuffer stringBuffer = new StringBuffer();
        String d = Strings.d();
        stringBuffer.append("  [0]         Version: ");
        stringBuffer.append(getVersion());
        stringBuffer.append(d);
        stringBuffer.append("         SerialNumber: ");
        stringBuffer.append(getSerialNumber());
        stringBuffer.append(d);
        stringBuffer.append("             IssuerDN: ");
        stringBuffer.append(getIssuerDN());
        stringBuffer.append(d);
        stringBuffer.append("           Start Date: ");
        stringBuffer.append(getNotBefore());
        stringBuffer.append(d);
        stringBuffer.append("           Final Date: ");
        stringBuffer.append(getNotAfter());
        stringBuffer.append(d);
        stringBuffer.append("            SubjectDN: ");
        stringBuffer.append(getSubjectDN());
        stringBuffer.append(d);
        stringBuffer.append("           Public Key: ");
        stringBuffer.append(getPublicKey());
        stringBuffer.append(d);
        stringBuffer.append("  Signature Algorithm: ");
        stringBuffer.append(getSigAlgName());
        stringBuffer.append(d);
        rnc.f(getSignature(), stringBuffer, d);
        hd4 i = this.c.q().i();
        if (i != null) {
            Enumeration n = i.n();
            if (n.hasMoreElements()) {
                stringBuffer.append("       Extensions: \n");
            }
            while (n.hasMoreElements()) {
                e1 e1Var = (e1) n.nextElement();
                wc4 i2 = i.i(e1Var);
                if (i2.j() != null) {
                    y0 y0Var = new y0(i2.j().u());
                    stringBuffer.append("                       critical(");
                    stringBuffer.append(i2.m());
                    stringBuffer.append(") ");
                    try {
                    } catch (Exception unused) {
                        stringBuffer.append(e1Var.w());
                        stringBuffer.append(" value = ");
                        stringBuffer.append("*****");
                    }
                    if (e1Var.n(wc4.j)) {
                        x0cVar = g80.h(y0Var.S());
                    } else if (e1Var.n(wc4.f)) {
                        x0cVar = w56.h(y0Var.S());
                    } else if (e1Var.n(wf7.b)) {
                        x0cVar = new ys7(oy2.A(y0Var.S()));
                    } else if (e1Var.n(wf7.d)) {
                        x0cVar = new zs7(x0.t(y0Var.S()));
                    } else if (e1Var.n(wf7.k)) {
                        x0cVar = new x0c(x0.t(y0Var.S()));
                    } else {
                        stringBuffer.append(e1Var.w());
                        stringBuffer.append(" value = ");
                        stringBuffer.append(p0.c(y0Var.S()));
                        stringBuffer.append(d);
                    }
                    stringBuffer.append(x0cVar);
                    stringBuffer.append(d);
                }
                stringBuffer.append(d);
            }
        }
        return stringBuffer.toString();
    }

    @Override // java.security.cert.Certificate
    public final void verify(PublicKey publicKey) {
        doVerify(publicKey, new a());
    }

    @Override // java.security.cert.Certificate
    public final void verify(PublicKey publicKey, String str) {
        doVerify(publicKey, new b(str));
    }

    @Override // java.security.cert.X509Certificate, java.security.cert.Certificate
    public final void verify(PublicKey publicKey, Provider provider) {
        try {
            doVerify(publicKey, new c(provider));
        } catch (NoSuchProviderException e) {
            throw new NoSuchAlgorithmException("provider issue: " + e.getMessage());
        }
    }
}
