package h2;

import G8.A;
import G8.x;
import X5.C1631u;
import com.google.android.flexbox.FlexItem;
import f2.C2365c;
import i2.IssuerInformation;
import i2.SignedCertificateTimestamp;
import j2.LogServer;
import j6.C2662t;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.io.OutputStream;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.Signature;
import java.security.SignatureException;
import java.security.cert.Certificate;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateParsingException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.List;
import kotlin.AbstractC1716e;
import kotlin.Metadata;
import org.apache.commons.codec.digest.MessageDigestAlgorithms;
import org.bouncycastle.asn1.C2985c0;
import org.bouncycastle.asn1.C3002l;
import org.bouncycastle.asn1.C3011q;

@Metadata(d1 = {"\u0000l\n\u0002\u0018\u0002\n\u0002\u0010\u0000\n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0002\b\u0002\n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0000\n\u0002\u0010 \n\u0002\b\u0002\n\u0002\u0018\u0002\n\u0000\n\u0002\u0010\u0012\n\u0000\n\u0002\u0018\u0002\n\u0002\b\u0002\n\u0002\u0018\u0002\n\u0002\u0010\u000b\n\u0002\b\u0002\n\u0002\u0018\u0002\n\u0002\b\u0007\n\u0002\u0018\u0002\n\u0002\u0018\u0002\n\u0002\b\b\n\u0002\u0018\u0002\n\u0002\b\u0005\b\u0000\u0018\u0000 \u000e2\u00020\u0001:\u0001\u0007B\u000f\u0012\u0006\u0010/\u001a\u00020-¢\u0006\u0004\b0\u00101J\u001f\u0010\u0007\u001a\u00020\u00062\u0006\u0010\u0003\u001a\u00020\u00022\u0006\u0010\u0005\u001a\u00020\u0004H\u0002¢\u0006\u0004\b\u0007\u0010\bJ'\u0010\u000e\u001a\b\u0012\u0004\u0012\u00020\u000b0\r2\u0006\u0010\n\u001a\u00020\t2\b\u0010\f\u001a\u0004\u0018\u00010\u000bH\u0002¢\u0006\u0004\b\u000e\u0010\u000fJ\u001f\u0010\u0015\u001a\u00020\u00142\u0006\u0010\u0011\u001a\u00020\u00102\u0006\u0010\u0013\u001a\u00020\u0012H\u0002¢\u0006\u0004\b\u0015\u0010\u0016J\u0013\u0010\u0019\u001a\u00020\u0018*\u00020\u0017H\u0002¢\u0006\u0004\b\u0019\u0010\u001aJ\u001f\u0010\u001d\u001a\u00020\u00122\u0006\u0010\u001c\u001a\u00020\u001b2\u0006\u0010\u0011\u001a\u00020\u0010H\u0002¢\u0006\u0004\b\u001d\u0010\u001eJ'\u0010!\u001a\u00020\u00122\u0006\u0010\u001f\u001a\u00020\u00122\u0006\u0010 \u001a\u00020\u00122\u0006\u0010\u0011\u001a\u00020\u0010H\u0002¢\u0006\u0004\b!\u0010\"J\u001b\u0010%\u001a\u00020$*\u00020#2\u0006\u0010\u0011\u001a\u00020\u0010H\u0002¢\u0006\u0004\b%\u0010&J%\u0010(\u001a\u00020\u00142\u0006\u0010\u0011\u001a\u00020\u00102\f\u0010'\u001a\b\u0012\u0004\u0012\u00020\u001b0\rH\u0016¢\u0006\u0004\b(\u0010)J'\u0010+\u001a\u00020\u00142\u0006\u0010\u0011\u001a\u00020\u00102\u0006\u0010\u001c\u001a\u00020\u00022\u0006\u0010*\u001a\u00020\u0004H\u0000¢\u0006\u0004\b+\u0010,R\u0014\u0010/\u001a\u00020-8\u0002X\u0082\u0004¢\u0006\u0006\n\u0004\b\u0007\u0010.¨\u00062"}, d2 = {"Lh2/i;", "", "Ljava/security/cert/X509Certificate;", "preCertificate", "Li2/c;", "issuerInformation", "LG8/x;", "a", "(Ljava/security/cert/X509Certificate;Li2/c;)LG8/x;", "LG8/m;", "extensions", "LG8/l;", "replacementX509authorityKeyIdentifier", "", "b", "(LG8/m;LG8/l;)Ljava/util/List;", "Li2/e;", "sct", "", "toVerify", "LZ1/e;", "h", "(Li2/e;[B)LZ1/e;", "LG8/g;", "", "c", "(LG8/g;)Z", "Ljava/security/cert/Certificate;", "certificate", "e", "(Ljava/security/cert/Certificate;Li2/e;)[B", "preCertBytes", "issuerKeyHash", "f", "([B[BLi2/e;)[B", "Ljava/io/OutputStream;", "LW5/A;", "d", "(Ljava/io/OutputStream;Li2/e;)V", "chain", "i", "(Li2/e;Ljava/util/List;)LZ1/e;", "issuerInfo", "g", "(Li2/e;Ljava/security/cert/X509Certificate;Li2/c;)LZ1/e;", "Lj2/d;", "Lj2/d;", "logServer", "<init>", "(Lj2/d;)V", "certificatetransparency"}, k = 1, mv = {1, 6, 0})
/* loaded from: classes.dex */
public final class i {

    /* renamed from: a, reason: collision with root package name and from kotlin metadata */
    private final LogServer logServer;

    public i(LogServer logServer) {
        C2662t.h(logServer, "logServer");
        this.logServer = logServer;
    }

    private final x a(X509Certificate preCertificate, IssuerInformation issuerInformation) {
        if (preCertificate.getVersion() < 3) {
            throw new IllegalArgumentException("Failed requirement.".toString());
        }
        C3002l c3002l = new C3002l(preCertificate.getEncoded());
        try {
            G8.g l10 = G8.g.l(c3002l.q());
            C2662t.g(l10, "parsedPreCertificate");
            if (c(l10) && issuerInformation.getIssuedByPreCertificateSigningCert() && issuerInformation.getX509authorityKeyIdentifier() == null) {
                throw new IllegalArgumentException("Failed requirement.".toString());
            }
            G8.m n10 = l10.p().n();
            C2662t.g(n10, "parsedPreCertificate.tbsCertificate.extensions");
            List<G8.l> b10 = b(n10, issuerInformation.getX509authorityKeyIdentifier());
            A a10 = new A();
            x p10 = l10.p();
            a10.f(p10.r());
            a10.g(p10.s());
            E8.c name = issuerInformation.getName();
            if (name == null) {
                name = p10.p();
            }
            a10.d(name);
            a10.h(p10.t());
            a10.b(p10.l());
            a10.i(p10.u());
            a10.j(p10.v());
            a10.e((C2985c0) p10.q());
            a10.k((C2985c0) p10.w());
            Object[] array = b10.toArray(new G8.l[0]);
            if (array == null) {
                throw new NullPointerException("null cannot be cast to non-null type kotlin.Array<T of kotlin.collections.ArraysKt__ArraysJVMKt.toTypedArray>");
            }
            a10.c(new G8.m((G8.l[]) array));
            x a11 = a10.a();
            g6.b.a(c3002l, null);
            C2662t.g(a11, "ASN1InputStream(preCerti…BSCertificate()\n        }");
            return a11;
        } finally {
        }
    }

    private final List<G8.l> b(G8.m extensions, G8.l replacementX509authorityKeyIdentifier) {
        int v10;
        C3011q[] n10 = extensions.n();
        C2662t.g(n10, "extensions.extensionOIDs");
        ArrayList arrayList = new ArrayList();
        for (C3011q c3011q : n10) {
            if (!C2662t.c(c3011q.E(), "1.3.6.1.4.1.11129.2.4.3")) {
                arrayList.add(c3011q);
            }
        }
        ArrayList<C3011q> arrayList2 = new ArrayList();
        for (Object obj : arrayList) {
            if (!C2662t.c(((C3011q) obj).E(), "1.3.6.1.4.1.11129.2.4.2")) {
                arrayList2.add(obj);
            }
        }
        v10 = C1631u.v(arrayList2, 10);
        ArrayList arrayList3 = new ArrayList(v10);
        for (C3011q c3011q2 : arrayList2) {
            arrayList3.add((!C2662t.c(c3011q2.E(), "2.5.29.35") || replacementX509authorityKeyIdentifier == null) ? extensions.l(c3011q2) : replacementX509authorityKeyIdentifier);
        }
        return arrayList3;
    }

    private final boolean c(G8.g gVar) {
        return gVar.p().n().l(new C3011q("2.5.29.35")) != null;
    }

    private final void d(OutputStream outputStream, SignedCertificateTimestamp signedCertificateTimestamp) {
        if (signedCertificateTimestamp.getSctVersion() != i2.f.V1) {
            throw new IllegalArgumentException("Can only serialize SCT v1 for now.".toString());
        }
        C2365c.a(outputStream, signedCertificateTimestamp.getSctVersion().getNumber(), 1);
        C2365c.a(outputStream, 0L, 1);
        C2365c.a(outputStream, signedCertificateTimestamp.getTimestamp(), 8);
    }

    private final byte[] e(Certificate certificate, SignedCertificateTimestamp sct) {
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        try {
            d(byteArrayOutputStream, sct);
            C2365c.a(byteArrayOutputStream, 0L, 2);
            byte[] encoded = certificate.getEncoded();
            C2662t.g(encoded, "certificate.encoded");
            C2365c.b(byteArrayOutputStream, encoded, FlexItem.MAX_SIZE);
            C2365c.b(byteArrayOutputStream, sct.getExtensions(), 65535);
            byte[] byteArray = byteArrayOutputStream.toByteArray();
            g6.b.a(byteArrayOutputStream, null);
            C2662t.g(byteArray, "ByteArrayOutputStream().…t.toByteArray()\n        }");
            return byteArray;
        } finally {
        }
    }

    private final byte[] f(byte[] preCertBytes, byte[] issuerKeyHash, SignedCertificateTimestamp sct) {
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        try {
            d(byteArrayOutputStream, sct);
            C2365c.a(byteArrayOutputStream, 1L, 2);
            byteArrayOutputStream.write(issuerKeyHash);
            C2365c.b(byteArrayOutputStream, preCertBytes, FlexItem.MAX_SIZE);
            C2365c.b(byteArrayOutputStream, sct.getExtensions(), 65535);
            byte[] byteArray = byteArrayOutputStream.toByteArray();
            g6.b.a(byteArrayOutputStream, null);
            C2662t.g(byteArray, "ByteArrayOutputStream().…t.toByteArray()\n        }");
            return byteArray;
        } finally {
        }
    }

    private final AbstractC1716e h(SignedCertificateTimestamp sct, byte[] toVerify) {
        String str;
        AbstractC1716e lVar;
        if (C2662t.c(this.logServer.getKey().getAlgorithm(), "EC")) {
            str = "SHA256withECDSA";
        } else {
            if (!C2662t.c(this.logServer.getKey().getAlgorithm(), "RSA")) {
                String algorithm = this.logServer.getKey().getAlgorithm();
                C2662t.g(algorithm, "logServer.key.algorithm");
                return new m(algorithm, null, 2, null);
            }
            str = "SHA256withRSA";
        }
        try {
            Signature signature = Signature.getInstance(str);
            signature.initVerify(this.logServer.getKey());
            signature.update(toVerify);
            return signature.verify(sct.getSignature().getSignature()) ? AbstractC1716e.b.f15575a : AbstractC1716e.a.b.f15569a;
        } catch (InvalidKeyException e10) {
            lVar = new h(e10);
            return lVar;
        } catch (NoSuchAlgorithmException e11) {
            lVar = new m(str, e11);
            return lVar;
        } catch (SignatureException e12) {
            lVar = new l(e12);
            return lVar;
        }
    }

    public final AbstractC1716e g(SignedCertificateTimestamp sct, X509Certificate certificate, IssuerInformation issuerInfo) {
        b bVar;
        C2662t.h(sct, "sct");
        C2662t.h(certificate, "certificate");
        C2662t.h(issuerInfo, "issuerInfo");
        try {
            byte[] encoded = a(certificate, issuerInfo).getEncoded();
            C2662t.g(encoded, "preCertificateTBS.encoded");
            return h(sct, f(encoded, issuerInfo.getKeyHash(), sct));
        } catch (IOException e10) {
            bVar = new b(e10);
            return bVar;
        } catch (CertificateException e11) {
            bVar = new b(e11);
            return bVar;
        }
    }

    public AbstractC1716e i(SignedCertificateTimestamp sct, List<? extends Certificate> chain) {
        IssuerInformation d10;
        b bVar;
        C2662t.h(sct, "sct");
        C2662t.h(chain, "chain");
        long currentTimeMillis = System.currentTimeMillis();
        if (sct.getTimestamp() > currentTimeMillis) {
            return new AbstractC1716e.a.d(sct.getTimestamp(), currentTimeMillis);
        }
        if (this.logServer.getValidUntil() != null && sct.getTimestamp() > this.logServer.getValidUntil().longValue()) {
            return new AbstractC1716e.a.C0327e(sct.getTimestamp(), this.logServer.getValidUntil().longValue());
        }
        if (!Arrays.equals(this.logServer.getId(), sct.getId().getKeyId())) {
            String c10 = org.bouncycastle.util.encoders.a.c(sct.getId().getKeyId());
            C2662t.g(c10, "toBase64String(sct.id.keyId)");
            String c11 = org.bouncycastle.util.encoders.a.c(this.logServer.getId());
            C2662t.g(c11, "toBase64String(logServer.id)");
            return new g(c10, c11);
        }
        Certificate certificate = chain.get(0);
        if (!g2.b.b(certificate) && !g2.b.a(certificate)) {
            try {
                return h(sct, e(certificate, sct));
            } catch (IOException e10) {
                bVar = new b(e10);
                return bVar;
            } catch (CertificateEncodingException e11) {
                bVar = new b(e11);
                return bVar;
            }
        }
        if (chain.size() < 2) {
            return j.f33409a;
        }
        Certificate certificate2 = chain.get(1);
        try {
            if (!g2.b.c(certificate2)) {
                try {
                    d10 = g2.b.d(certificate2);
                } catch (NoSuchAlgorithmException e12) {
                    return new m(MessageDigestAlgorithms.SHA_256, e12);
                }
            } else {
                if (chain.size() < 3) {
                    return k.f33410a;
                }
                try {
                    d10 = g2.b.e(certificate2, chain.get(2));
                } catch (IOException e13) {
                    return new C2489a(e13);
                } catch (NoSuchAlgorithmException e14) {
                    return new m(MessageDigestAlgorithms.SHA_256, e14);
                } catch (CertificateEncodingException e15) {
                    return new b(e15);
                }
            }
            return g(sct, (X509Certificate) certificate, d10);
        } catch (CertificateParsingException e16) {
            return new c(e16);
        }
    }
}
