package f9;

import G8.C1136a;
import J9.C1375g;
import J9.C1376h;
import a9.InterfaceC1783b;
import e9.EnumC2355b;
import e9.InterfaceC2354a;
import java.io.IOException;
import java.security.AlgorithmParameters;
import java.security.GeneralSecurityException;
import java.security.PublicKey;
import java.security.cert.CertPathValidatorException;
import java.security.cert.Certificate;
import java.security.cert.CertificateParsingException;
import java.security.cert.PKIXCertPathChecker;
import java.security.cert.X509Certificate;
import java.util.Collection;
import java.util.Collections;
import java.util.HashMap;
import java.util.HashSet;
import java.util.List;
import java.util.Map;
import java.util.Set;
import org.bouncycastle.asn1.C3011q;
import u8.InterfaceC3492a;
import z8.InterfaceC3878a;

/* renamed from: f9.I, reason: case insensitive filesystem */
/* loaded from: classes4.dex */
class C2403I extends PKIXCertPathChecker {

    /* renamed from: f, reason: collision with root package name */
    private static final Map<String, String> f32027f = i();

    /* renamed from: g, reason: collision with root package name */
    private static final Set<String> f32028g = j();

    /* renamed from: i, reason: collision with root package name */
    private static final byte[] f32029i = {5, 0};

    /* renamed from: j, reason: collision with root package name */
    private static final String f32030j = AbstractC2395A.v("SHA256withRSAandMGF1", "RSASSA-PSS");

    /* renamed from: k, reason: collision with root package name */
    private static final String f32031k = AbstractC2395A.v("SHA384withRSAandMGF1", "RSASSA-PSS");

    /* renamed from: n, reason: collision with root package name */
    private static final String f32032n = AbstractC2395A.v("SHA512withRSAandMGF1", "RSASSA-PSS");

    /* renamed from: o, reason: collision with root package name */
    private static final String f32033o = AbstractC2395A.v("SHA256withRSAandMGF1", "RSA");

    /* renamed from: p, reason: collision with root package name */
    private static final String f32034p = AbstractC2395A.v("SHA384withRSAandMGF1", "RSA");

    /* renamed from: q, reason: collision with root package name */
    private static final String f32035q = AbstractC2395A.v("SHA512withRSAandMGF1", "RSA");

    /* renamed from: b, reason: collision with root package name */
    private final boolean f32036b;

    /* renamed from: c, reason: collision with root package name */
    private final InterfaceC1783b f32037c;

    /* renamed from: d, reason: collision with root package name */
    private final InterfaceC2354a f32038d;

    /* renamed from: e, reason: collision with root package name */
    private X509Certificate f32039e;

    /* JADX INFO: Access modifiers changed from: package-private */
    public C2403I(boolean z10, InterfaceC1783b interfaceC1783b, InterfaceC2354a interfaceC2354a) {
        if (interfaceC1783b == null) {
            throw new NullPointerException("'helper' cannot be null");
        }
        if (interfaceC2354a == null) {
            throw new NullPointerException("'algorithmConstraints' cannot be null");
        }
        this.f32036b = z10;
        this.f32037c = interfaceC1783b;
        this.f32038d = interfaceC2354a;
        this.f32039e = null;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static void a(InterfaceC1783b interfaceC1783b, InterfaceC2354a interfaceC2354a, X509Certificate[] x509CertificateArr, G8.s sVar, int i10) {
        X509Certificate x509Certificate = x509CertificateArr[x509CertificateArr.length - 1];
        if (x509CertificateArr.length > 1) {
            g(interfaceC1783b, interfaceC2354a, x509CertificateArr[x509CertificateArr.length - 2], x509Certificate);
        }
        e(interfaceC1783b, interfaceC2354a, x509CertificateArr[0], sVar, i10);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static void b(boolean z10, InterfaceC1783b interfaceC1783b, InterfaceC2354a interfaceC2354a, Set<X509Certificate> set, X509Certificate[] x509CertificateArr, G8.s sVar, int i10) {
        int length = x509CertificateArr.length;
        while (length > 0 && set.contains(x509CertificateArr[length - 1])) {
            length--;
        }
        if (length < x509CertificateArr.length) {
            X509Certificate x509Certificate = x509CertificateArr[length];
            if (length > 0) {
                g(interfaceC1783b, interfaceC2354a, x509CertificateArr[length - 1], x509Certificate);
            }
        } else {
            f(interfaceC1783b, interfaceC2354a, x509CertificateArr[length - 1]);
        }
        C2403I c2403i = new C2403I(z10, interfaceC1783b, interfaceC2354a);
        c2403i.init(false);
        for (int i11 = length - 1; i11 >= 0; i11--) {
            c2403i.check(x509CertificateArr[i11], Collections.emptySet());
        }
        e(interfaceC1783b, interfaceC2354a, x509CertificateArr[0], sVar, i10);
    }

    private static void e(InterfaceC1783b interfaceC1783b, InterfaceC2354a interfaceC2354a, X509Certificate x509Certificate, G8.s sVar, int i10) {
        if (sVar != null && !s(x509Certificate, sVar)) {
            throw new CertPathValidatorException("Certificate doesn't support '" + k(sVar) + "' ExtendedKeyUsage");
        }
        if (i10 >= 0) {
            if (!u(x509Certificate, i10)) {
                throw new CertPathValidatorException("Certificate doesn't support '" + l(i10) + "' KeyUsage");
            }
            if (interfaceC2354a.permits(m(i10), x509Certificate.getPublicKey())) {
                return;
            }
            throw new CertPathValidatorException("Public key not permitted for '" + l(i10) + "' KeyUsage");
        }
    }

    private static void f(InterfaceC1783b interfaceC1783b, InterfaceC2354a interfaceC2354a, X509Certificate x509Certificate) {
        String n10 = n(x509Certificate, null);
        if (!AbstractC2395A.Q(n10)) {
            throw new CertPathValidatorException("Signature algorithm could not be determined");
        }
        if (interfaceC2354a.permits(AbstractC2395A.f31945i, n10, o(interfaceC1783b, x509Certificate))) {
            return;
        }
        throw new CertPathValidatorException("Signature algorithm '" + n10 + "' not permitted with given parameters");
    }

    private static void g(InterfaceC1783b interfaceC1783b, InterfaceC2354a interfaceC2354a, X509Certificate x509Certificate, X509Certificate x509Certificate2) {
        String n10 = n(x509Certificate, x509Certificate2);
        if (!AbstractC2395A.Q(n10)) {
            throw new CertPathValidatorException("Signature algorithm could not be determined");
        }
        if (interfaceC2354a.permits(AbstractC2395A.f31945i, n10, x509Certificate2.getPublicKey(), o(interfaceC1783b, x509Certificate))) {
            return;
        }
        throw new CertPathValidatorException("Signature algorithm '" + n10 + "' not permitted with given parameters and issuer public key");
    }

    private static Map<String, String> i() {
        HashMap hashMap = new HashMap(4);
        hashMap.put(InterfaceC3492a.f40268d.E(), "Ed25519");
        hashMap.put(InterfaceC3492a.f40269e.E(), "Ed448");
        hashMap.put(InterfaceC3878a.f42982j.E(), "SHA1withDSA");
        hashMap.put(H8.j.f4942t0.E(), "SHA1withDSA");
        return Collections.unmodifiableMap(hashMap);
    }

    private static Set<String> j() {
        HashSet hashSet = new HashSet();
        hashSet.add(InterfaceC3878a.f42982j.E());
        hashSet.add(H8.j.f4942t0.E());
        hashSet.add(A8.e.f467k.E());
        return Collections.unmodifiableSet(hashSet);
    }

    static String k(G8.s sVar) {
        if (G8.s.f4135f.equals(sVar)) {
            return "clientAuth";
        }
        if (G8.s.f4134e.equals(sVar)) {
            return "serverAuth";
        }
        return "(" + sVar + ")";
    }

    static String l(int i10) {
        if (i10 == 0) {
            return "digitalSignature";
        }
        if (i10 == 2) {
            return "keyEncipherment";
        }
        if (i10 == 4) {
            return "keyAgreement";
        }
        return "(" + i10 + ")";
    }

    static Set<EnumC2355b> m(int i10) {
        return i10 != 2 ? i10 != 4 ? AbstractC2395A.f31945i : AbstractC2395A.f31943g : AbstractC2395A.f31944h;
    }

    static String n(X509Certificate x509Certificate, X509Certificate x509Certificate2) {
        C3011q l10;
        String sigAlgOID = x509Certificate.getSigAlgOID();
        String str = f32027f.get(sigAlgOID);
        if (str != null) {
            return str;
        }
        if (!A8.e.f467k.E().equals(sigAlgOID)) {
            return x509Certificate.getSigAlgName();
        }
        A8.i n10 = A8.i.n(x509Certificate.getSigAlgParams());
        if (n10 != null && (l10 = n10.l().l()) != null) {
            if (x509Certificate2 != null) {
                x509Certificate = x509Certificate2;
            }
            try {
                C1375g c1375g = new C1375g((C1376h) null, x509Certificate);
                if (x8.b.f42012c.s(l10)) {
                    if (c1375g.z((short) 9)) {
                        return f32030j;
                    }
                    if (c1375g.z((short) 4)) {
                        return f32033o;
                    }
                } else if (x8.b.f42014d.s(l10)) {
                    if (c1375g.z((short) 10)) {
                        return f32031k;
                    }
                    if (c1375g.z((short) 5)) {
                        return f32034p;
                    }
                } else if (x8.b.f42016e.s(l10)) {
                    if (c1375g.z((short) 11)) {
                        return f32032n;
                    }
                    if (c1375g.z((short) 6)) {
                        return f32035q;
                    }
                }
            } catch (IOException unused) {
            }
        }
        return null;
    }

    static AlgorithmParameters o(InterfaceC1783b interfaceC1783b, X509Certificate x509Certificate) {
        byte[] sigAlgParams = x509Certificate.getSigAlgParams();
        if (sigAlgParams == null) {
            return null;
        }
        String sigAlgOID = x509Certificate.getSigAlgOID();
        if (f32028g.contains(sigAlgOID) && L9.a.d(f32029i, sigAlgParams)) {
            return null;
        }
        try {
            AlgorithmParameters i10 = interfaceC1783b.i(sigAlgOID);
            try {
                i10.init(sigAlgParams);
                return i10;
            } catch (Exception e10) {
                throw new CertPathValidatorException(e10);
            }
        } catch (GeneralSecurityException unused) {
            return null;
        }
    }

    static boolean p(PublicKey publicKey) {
        try {
            C1136a l10 = G8.v.n(publicKey.getEncoded()).l();
            if (!H8.j.f4894E.s(l10.l())) {
                return true;
            }
            m8.c p10 = l10.p();
            if (p10 != null) {
                return p10.g() instanceof C3011q;
            }
            return false;
        } catch (Exception unused) {
            return false;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static boolean r(PublicKey publicKey, boolean[] zArr, int i10, InterfaceC2354a interfaceC2354a) {
        return v(zArr, i10) && interfaceC2354a.permits(m(i10), publicKey);
    }

    static boolean s(X509Certificate x509Certificate, G8.s sVar) {
        try {
            return t(x509Certificate.getExtendedKeyUsage(), sVar);
        } catch (CertificateParsingException unused) {
            return false;
        }
    }

    static boolean t(List<String> list, G8.s sVar) {
        return list == null || list.contains(sVar.l()) || list.contains(G8.s.f4132d.l());
    }

    static boolean u(X509Certificate x509Certificate, int i10) {
        return v(x509Certificate.getKeyUsage(), i10);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static boolean v(boolean[] zArr, int i10) {
        return zArr == null || (zArr.length > i10 && zArr[i10]);
    }

    @Override // java.security.cert.PKIXCertPathChecker
    public void check(Certificate certificate, Collection<String> collection) {
        if (!(certificate instanceof X509Certificate)) {
            throw new CertPathValidatorException("checker can only be used for X.509 certificates");
        }
        X509Certificate x509Certificate = (X509Certificate) certificate;
        if (this.f32036b && !p(x509Certificate.getPublicKey())) {
            throw new CertPathValidatorException("non-FIPS public key found");
        }
        X509Certificate x509Certificate2 = this.f32039e;
        if (x509Certificate2 != null) {
            g(this.f32037c, this.f32038d, x509Certificate, x509Certificate2);
        }
        this.f32039e = x509Certificate;
    }

    @Override // java.security.cert.PKIXCertPathChecker
    public Set<String> getSupportedExtensions() {
        return null;
    }

    @Override // java.security.cert.PKIXCertPathChecker, java.security.cert.CertPathChecker
    public void init(boolean z10) {
        if (z10) {
            throw new CertPathValidatorException("forward checking not supported");
        }
        this.f32039e = null;
    }

    @Override // java.security.cert.PKIXCertPathChecker, java.security.cert.CertPathChecker
    public boolean isForwardCheckingSupported() {
        return false;
    }
}
