package org.bouncycastle.jcajce.provider.asymmetric.x509;

import java.io.BufferedOutputStream;
import java.io.IOException;
import java.math.BigInteger;
import java.net.InetAddress;
import java.net.UnknownHostException;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.Principal;
import java.security.Provider;
import java.security.PublicKey;
import java.security.Signature;
import java.security.SignatureException;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateExpiredException;
import java.security.cert.CertificateNotYetValidException;
import java.security.cert.CertificateParsingException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Collections;
import java.util.Date;
import java.util.Enumeration;
import java.util.HashSet;
import java.util.List;
import java.util.Set;
import javax.security.auth.x500.X500Principal;
import org.bouncycastle.asn1.ASN1Encodable;
import org.bouncycastle.asn1.ASN1InputStream;
import org.bouncycastle.asn1.ASN1ObjectIdentifier;
import org.bouncycastle.asn1.ASN1OctetString;
import org.bouncycastle.asn1.ASN1Primitive;
import org.bouncycastle.asn1.ASN1Sequence;
import org.bouncycastle.asn1.ASN1String;
import org.bouncycastle.asn1.DERBitString;
import org.bouncycastle.asn1.DERIA5String;
import org.bouncycastle.asn1.DERNull;
import org.bouncycastle.asn1.misc.MiscObjectIdentifiers;
import org.bouncycastle.asn1.misc.NetscapeCertType;
import org.bouncycastle.asn1.misc.NetscapeRevocationURL;
import org.bouncycastle.asn1.misc.VerisignCzagExtension;
import org.bouncycastle.asn1.util.ASN1Dump;
import org.bouncycastle.asn1.x500.X500Name;
import org.bouncycastle.asn1.x500.style.RFC4519Style;
import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
import org.bouncycastle.asn1.x509.BasicConstraints;
import org.bouncycastle.asn1.x509.Certificate;
import org.bouncycastle.asn1.x509.Extension;
import org.bouncycastle.asn1.x509.Extensions;
import org.bouncycastle.asn1.x509.GeneralName;
import org.bouncycastle.asn1.x509.KeyUsage;
import org.bouncycastle.asn1.x509.TBSCertificate;
import org.bouncycastle.jcajce.CompositePublicKey;
import org.bouncycastle.jcajce.interfaces.BCX509Certificate;
import org.bouncycastle.jcajce.io.OutputStreamFactory;
import org.bouncycastle.jcajce.util.JcaJceHelper;
import org.bouncycastle.jce.X509Principal;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.util.Arrays;
import org.bouncycastle.util.Integers;
import org.bouncycastle.util.Properties;
import org.bouncycastle.util.Strings;
import z0.q;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: classes.dex */
public abstract class X509CertificateImpl extends X509Certificate implements BCX509Certificate {
    protected JcaJceHelper X;
    protected Certificate Y;
    protected boolean[] Y3;
    protected BasicConstraints Z;
    protected String Z3;

    /* renamed from: a4, reason: collision with root package name */
    protected byte[] f17727a4;

    /* JADX INFO: Access modifiers changed from: package-private */
    public X509CertificateImpl(JcaJceHelper jcaJceHelper, Certificate certificate, BasicConstraints basicConstraints, boolean[] zArr, String str, byte[] bArr) {
        this.X = jcaJceHelper;
        this.Y = certificate;
        this.Z = basicConstraints;
        this.Y3 = zArr;
        this.Z3 = str;
        this.f17727a4 = bArr;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static byte[] A(Certificate certificate, String str) {
        ASN1OctetString D = D(certificate, str);
        if (D != null) {
            return D.z();
        }
        return null;
    }

    protected static ASN1OctetString D(Certificate certificate, String str) {
        Extension n6;
        Extensions o6 = certificate.y().o();
        if (o6 == null || (n6 = o6.n(new ASN1ObjectIdentifier(str))) == null) {
            return null;
        }
        return n6.q();
    }

    private boolean I(AlgorithmIdentifier algorithmIdentifier, AlgorithmIdentifier algorithmIdentifier2) {
        if (!algorithmIdentifier.n().s(algorithmIdentifier2.n())) {
            return false;
        }
        if (Properties.c("org.bouncycastle.x509.allow_absent_equiv_NULL")) {
            if (algorithmIdentifier.r() == null) {
                return algorithmIdentifier2.r() == null || algorithmIdentifier2.r().equals(DERNull.X);
            }
            if (algorithmIdentifier2.r() == null) {
                return algorithmIdentifier.r() == null || algorithmIdentifier.r().equals(DERNull.X);
            }
        }
        if (algorithmIdentifier.r() != null) {
            return algorithmIdentifier.r().equals(algorithmIdentifier2.r());
        }
        if (algorithmIdentifier2.r() != null) {
            return algorithmIdentifier2.r().equals(algorithmIdentifier.r());
        }
        return true;
    }

    private void w(PublicKey publicKey, Signature signature, ASN1Encodable aSN1Encodable, byte[] bArr) {
        if (!I(this.Y.u(), this.Y.y().u())) {
            throw new CertificateException("signature algorithm in TBS cert not same as outer cert");
        }
        X509SignatureUtil.g(signature, aSN1Encodable);
        signature.initVerify(publicKey);
        try {
            BufferedOutputStream bufferedOutputStream = new BufferedOutputStream(OutputStreamFactory.a(signature), 512);
            this.Y.y().l(bufferedOutputStream, "DER");
            bufferedOutputStream.close();
            if (!signature.verify(bArr)) {
                throw new SignatureException("certificate does not verify with supplied key");
            }
        } catch (IOException e6) {
            throw new CertificateEncodingException(e6.toString());
        }
    }

    private void y(PublicKey publicKey, SignatureCreator signatureCreator) {
        boolean z5 = publicKey instanceof CompositePublicKey;
        int i6 = 0;
        if (z5 && X509SignatureUtil.d(this.Y.u())) {
            List<PublicKey> a6 = ((CompositePublicKey) publicKey).a();
            ASN1Sequence x5 = ASN1Sequence.x(this.Y.u().r());
            ASN1Sequence x6 = ASN1Sequence.x(DERBitString.H(this.Y.t()).y());
            boolean z6 = false;
            while (i6 != a6.size()) {
                if (a6.get(i6) != null) {
                    AlgorithmIdentifier o6 = AlgorithmIdentifier.o(x5.z(i6));
                    try {
                        w(a6.get(i6), signatureCreator.a(X509SignatureUtil.c(o6)), o6.r(), DERBitString.H(x6.z(i6)).y());
                        e = null;
                        z6 = true;
                    } catch (SignatureException e6) {
                        e = e6;
                    }
                    if (e != null) {
                        throw e;
                    }
                }
                i6++;
            }
            if (!z6) {
                throw new InvalidKeyException("no matching key found");
            }
            return;
        }
        if (!X509SignatureUtil.d(this.Y.u())) {
            Signature a7 = signatureCreator.a(X509SignatureUtil.c(this.Y.u()));
            if (!z5) {
                w(publicKey, a7, this.Y.u().r(), getSignature());
                return;
            }
            List<PublicKey> a8 = ((CompositePublicKey) publicKey).a();
            while (i6 != a8.size()) {
                try {
                    w(a8.get(i6), a7, this.Y.u().r(), getSignature());
                    return;
                } catch (InvalidKeyException unused) {
                    i6++;
                }
            }
            throw new InvalidKeyException("no matching signature found");
        }
        ASN1Sequence x7 = ASN1Sequence.x(this.Y.u().r());
        ASN1Sequence x8 = ASN1Sequence.x(DERBitString.H(this.Y.t()).y());
        boolean z7 = false;
        while (i6 != x8.size()) {
            AlgorithmIdentifier o7 = AlgorithmIdentifier.o(x7.z(i6));
            try {
                w(publicKey, signatureCreator.a(X509SignatureUtil.c(o7)), o7.r(), DERBitString.H(x8.z(i6)).y());
                e = null;
                z7 = true;
            } catch (InvalidKeyException | NoSuchAlgorithmException unused2) {
                e = null;
            } catch (SignatureException e7) {
                e = e7;
            }
            if (e != null) {
                throw e;
            }
            i6++;
        }
        if (!z7) {
            throw new InvalidKeyException("no matching key found");
        }
    }

    /* JADX WARN: Failed to find 'out' block for switch in B:10:0x0037. Please report as an issue. */
    private static Collection z(Certificate certificate, String str) {
        String h6;
        byte[] A = A(certificate, str);
        if (A == null) {
            return null;
        }
        try {
            ArrayList arrayList = new ArrayList();
            Enumeration B = ASN1Sequence.x(A).B();
            while (B.hasMoreElements()) {
                GeneralName o6 = GeneralName.o(B.nextElement());
                ArrayList arrayList2 = new ArrayList();
                arrayList2.add(Integers.d(o6.s()));
                switch (o6.s()) {
                    case q.f20986b /* 0 */:
                    case 3:
                    case 5:
                        arrayList2.add(o6.getEncoded());
                        arrayList.add(Collections.unmodifiableList(arrayList2));
                    case q.f20987c /* 1 */:
                    case q.f20988d /* 2 */:
                    case 6:
                        h6 = ((ASN1String) o6.r()).h();
                        arrayList2.add(h6);
                        arrayList.add(Collections.unmodifiableList(arrayList2));
                    case 4:
                        h6 = X500Name.q(RFC4519Style.V, o6.r()).toString();
                        arrayList2.add(h6);
                        arrayList.add(Collections.unmodifiableList(arrayList2));
                    case 7:
                        try {
                            h6 = InetAddress.getByAddress(ASN1OctetString.x(o6.r()).z()).getHostAddress();
                            arrayList2.add(h6);
                            arrayList.add(Collections.unmodifiableList(arrayList2));
                        } catch (UnknownHostException unused) {
                        }
                    case 8:
                        h6 = ASN1ObjectIdentifier.E(o6.r()).C();
                        arrayList2.add(h6);
                        arrayList.add(Collections.unmodifiableList(arrayList2));
                    default:
                        throw new IOException("Bad tag number: " + o6.s());
                }
            }
            if (arrayList.size() == 0) {
                return null;
            }
            return Collections.unmodifiableCollection(arrayList);
        } catch (Exception e6) {
            throw new CertificateParsingException(e6.getMessage());
        }
    }

    @Override // org.bouncycastle.jcajce.interfaces.BCX509Certificate
    public X500Name a() {
        return this.Y.r();
    }

    @Override // org.bouncycastle.jcajce.interfaces.BCX509Certificate
    public X500Name b() {
        return this.Y.w();
    }

    @Override // java.security.cert.X509Certificate
    public void checkValidity() {
        checkValidity(new Date());
    }

    @Override // java.security.cert.X509Certificate
    public void checkValidity(Date date) {
        if (date.getTime() > getNotAfter().getTime()) {
            throw new CertificateExpiredException("certificate expired on " + this.Y.n().q());
        }
        if (date.getTime() >= getNotBefore().getTime()) {
            return;
        }
        throw new CertificateNotYetValidException("certificate not valid till " + this.Y.v().q());
    }

    @Override // java.security.cert.X509Certificate
    public int getBasicConstraints() {
        BasicConstraints basicConstraints = this.Z;
        if (basicConstraints == null || !basicConstraints.q()) {
            return -1;
        }
        if (this.Z.o() == null) {
            return Integer.MAX_VALUE;
        }
        return this.Z.o().intValue();
    }

    @Override // java.security.cert.X509Extension
    public Set getCriticalExtensionOIDs() {
        if (getVersion() != 3) {
            return null;
        }
        HashSet hashSet = new HashSet();
        Extensions o6 = this.Y.y().o();
        if (o6 == null) {
            return null;
        }
        Enumeration t6 = o6.t();
        while (t6.hasMoreElements()) {
            ASN1ObjectIdentifier aSN1ObjectIdentifier = (ASN1ObjectIdentifier) t6.nextElement();
            if (o6.n(aSN1ObjectIdentifier).t()) {
                hashSet.add(aSN1ObjectIdentifier.C());
            }
        }
        return hashSet;
    }

    @Override // java.security.cert.Certificate
    public byte[] getEncoded() {
        try {
            return this.Y.m("DER");
        } catch (IOException e6) {
            throw new CertificateEncodingException(e6.toString());
        }
    }

    @Override // java.security.cert.X509Certificate
    public List getExtendedKeyUsage() {
        byte[] A = A(this.Y, "2.5.29.37");
        if (A == null) {
            return null;
        }
        try {
            ASN1Sequence x5 = ASN1Sequence.x(ASN1Primitive.t(A));
            ArrayList arrayList = new ArrayList();
            for (int i6 = 0; i6 != x5.size(); i6++) {
                arrayList.add(((ASN1ObjectIdentifier) x5.z(i6)).C());
            }
            return Collections.unmodifiableList(arrayList);
        } catch (Exception unused) {
            throw new CertificateParsingException("error processing extended key usage extension");
        }
    }

    @Override // java.security.cert.X509Extension
    public byte[] getExtensionValue(String str) {
        ASN1OctetString D = D(this.Y, str);
        if (D == null) {
            return null;
        }
        try {
            return D.getEncoded();
        } catch (Exception e6) {
            throw new IllegalStateException("error parsing " + e6.toString());
        }
    }

    @Override // java.security.cert.X509Certificate
    public Collection getIssuerAlternativeNames() {
        return z(this.Y, Extension.f15162d4.C());
    }

    @Override // java.security.cert.X509Certificate
    public Principal getIssuerDN() {
        return new X509Principal(this.Y.r());
    }

    @Override // java.security.cert.X509Certificate
    public boolean[] getIssuerUniqueID() {
        DERBitString s6 = this.Y.y().s();
        if (s6 == null) {
            return null;
        }
        byte[] y5 = s6.y();
        int length = (y5.length * 8) - s6.C();
        boolean[] zArr = new boolean[length];
        for (int i6 = 0; i6 != length; i6++) {
            zArr[i6] = (y5[i6 / 8] & (128 >>> (i6 % 8))) != 0;
        }
        return zArr;
    }

    @Override // java.security.cert.X509Certificate
    public X500Principal getIssuerX500Principal() {
        try {
            return new X500Principal(this.Y.r().m("DER"));
        } catch (IOException unused) {
            throw new IllegalStateException("can't encode issuer DN");
        }
    }

    @Override // java.security.cert.X509Certificate
    public boolean[] getKeyUsage() {
        return Arrays.o(this.Y3);
    }

    @Override // java.security.cert.X509Extension
    public Set getNonCriticalExtensionOIDs() {
        if (getVersion() != 3) {
            return null;
        }
        HashSet hashSet = new HashSet();
        Extensions o6 = this.Y.y().o();
        if (o6 == null) {
            return null;
        }
        Enumeration t6 = o6.t();
        while (t6.hasMoreElements()) {
            ASN1ObjectIdentifier aSN1ObjectIdentifier = (ASN1ObjectIdentifier) t6.nextElement();
            if (!o6.n(aSN1ObjectIdentifier).t()) {
                hashSet.add(aSN1ObjectIdentifier.C());
            }
        }
        return hashSet;
    }

    @Override // java.security.cert.X509Certificate
    public Date getNotAfter() {
        return this.Y.n().n();
    }

    @Override // java.security.cert.X509Certificate
    public Date getNotBefore() {
        return this.Y.v().n();
    }

    @Override // java.security.cert.Certificate
    public PublicKey getPublicKey() {
        try {
            return BouncyCastleProvider.A(this.Y.x());
        } catch (IOException unused) {
            return null;
        }
    }

    @Override // java.security.cert.X509Certificate
    public BigInteger getSerialNumber() {
        return this.Y.s().B();
    }

    @Override // java.security.cert.X509Certificate
    public String getSigAlgName() {
        return this.Z3;
    }

    @Override // java.security.cert.X509Certificate
    public String getSigAlgOID() {
        return this.Y.u().n().C();
    }

    @Override // java.security.cert.X509Certificate
    public byte[] getSigAlgParams() {
        return Arrays.h(this.f17727a4);
    }

    @Override // java.security.cert.X509Certificate
    public byte[] getSignature() {
        return this.Y.t().B();
    }

    @Override // java.security.cert.X509Certificate
    public Collection getSubjectAlternativeNames() {
        return z(this.Y, Extension.f15161c4.C());
    }

    @Override // java.security.cert.X509Certificate
    public Principal getSubjectDN() {
        return new X509Principal(this.Y.w());
    }

    @Override // java.security.cert.X509Certificate
    public boolean[] getSubjectUniqueID() {
        DERBitString y5 = this.Y.y().y();
        if (y5 == null) {
            return null;
        }
        byte[] y6 = y5.y();
        int length = (y6.length * 8) - y5.C();
        boolean[] zArr = new boolean[length];
        for (int i6 = 0; i6 != length; i6++) {
            zArr[i6] = (y6[i6 / 8] & (128 >>> (i6 % 8))) != 0;
        }
        return zArr;
    }

    @Override // java.security.cert.X509Certificate
    public X500Principal getSubjectX500Principal() {
        try {
            return new X500Principal(this.Y.w().m("DER"));
        } catch (IOException unused) {
            throw new IllegalStateException("can't encode subject DN");
        }
    }

    @Override // java.security.cert.X509Certificate
    public byte[] getTBSCertificate() {
        try {
            return this.Y.y().m("DER");
        } catch (IOException e6) {
            throw new CertificateEncodingException(e6.toString());
        }
    }

    @Override // java.security.cert.X509Certificate
    public int getVersion() {
        return this.Y.z();
    }

    @Override // java.security.cert.X509Extension
    public boolean hasUnsupportedCriticalExtension() {
        Extensions o6;
        if (getVersion() != 3 || (o6 = this.Y.y().o()) == null) {
            return false;
        }
        Enumeration t6 = o6.t();
        while (t6.hasMoreElements()) {
            ASN1ObjectIdentifier aSN1ObjectIdentifier = (ASN1ObjectIdentifier) t6.nextElement();
            if (!aSN1ObjectIdentifier.s(Extension.f15159a4) && !aSN1ObjectIdentifier.s(Extension.f15173o4) && !aSN1ObjectIdentifier.s(Extension.f15174p4) && !aSN1ObjectIdentifier.s(Extension.f15179u4) && !aSN1ObjectIdentifier.s(Extension.f15172n4) && !aSN1ObjectIdentifier.s(Extension.f15169k4) && !aSN1ObjectIdentifier.s(Extension.f15168j4) && !aSN1ObjectIdentifier.s(Extension.f15176r4) && !aSN1ObjectIdentifier.s(Extension.f15163e4) && !aSN1ObjectIdentifier.s(Extension.f15161c4) && !aSN1ObjectIdentifier.s(Extension.f15171m4) && o6.n(aSN1ObjectIdentifier).t()) {
                return true;
            }
        }
        return false;
    }

    @Override // org.bouncycastle.jcajce.interfaces.BCX509Certificate
    public TBSCertificate p() {
        return this.Y.y();
    }

    @Override // java.security.cert.Certificate
    public String toString() {
        Object verisignCzagExtension;
        StringBuffer stringBuffer = new StringBuffer();
        String d6 = Strings.d();
        stringBuffer.append("  [0]         Version: ");
        stringBuffer.append(getVersion());
        stringBuffer.append(d6);
        stringBuffer.append("         SerialNumber: ");
        stringBuffer.append(getSerialNumber());
        stringBuffer.append(d6);
        stringBuffer.append("             IssuerDN: ");
        stringBuffer.append(getIssuerDN());
        stringBuffer.append(d6);
        stringBuffer.append("           Start Date: ");
        stringBuffer.append(getNotBefore());
        stringBuffer.append(d6);
        stringBuffer.append("           Final Date: ");
        stringBuffer.append(getNotAfter());
        stringBuffer.append(d6);
        stringBuffer.append("            SubjectDN: ");
        stringBuffer.append(getSubjectDN());
        stringBuffer.append(d6);
        stringBuffer.append("           Public Key: ");
        stringBuffer.append(getPublicKey());
        stringBuffer.append(d6);
        stringBuffer.append("  Signature Algorithm: ");
        stringBuffer.append(getSigAlgName());
        stringBuffer.append(d6);
        X509SignatureUtil.f(getSignature(), stringBuffer, d6);
        Extensions o6 = this.Y.y().o();
        if (o6 != null) {
            Enumeration t6 = o6.t();
            if (t6.hasMoreElements()) {
                stringBuffer.append("       Extensions: \n");
            }
            while (t6.hasMoreElements()) {
                ASN1ObjectIdentifier aSN1ObjectIdentifier = (ASN1ObjectIdentifier) t6.nextElement();
                Extension n6 = o6.n(aSN1ObjectIdentifier);
                if (n6.q() != null) {
                    ASN1InputStream aSN1InputStream = new ASN1InputStream(n6.q().z());
                    stringBuffer.append("                       critical(");
                    stringBuffer.append(n6.t());
                    stringBuffer.append(") ");
                    try {
                    } catch (Exception unused) {
                        stringBuffer.append(aSN1ObjectIdentifier.C());
                        stringBuffer.append(" value = ");
                        stringBuffer.append("*****");
                    }
                    if (aSN1ObjectIdentifier.s(Extension.f15163e4)) {
                        verisignCzagExtension = BasicConstraints.n(aSN1InputStream.x());
                    } else if (aSN1ObjectIdentifier.s(Extension.f15159a4)) {
                        verisignCzagExtension = KeyUsage.o(aSN1InputStream.x());
                    } else if (aSN1ObjectIdentifier.s(MiscObjectIdentifiers.f14714b)) {
                        verisignCzagExtension = new NetscapeCertType(DERBitString.H(aSN1InputStream.x()));
                    } else if (aSN1ObjectIdentifier.s(MiscObjectIdentifiers.f14716d)) {
                        verisignCzagExtension = new NetscapeRevocationURL(DERIA5String.x(aSN1InputStream.x()));
                    } else if (aSN1ObjectIdentifier.s(MiscObjectIdentifiers.f14723k)) {
                        verisignCzagExtension = new VerisignCzagExtension(DERIA5String.x(aSN1InputStream.x()));
                    } else {
                        stringBuffer.append(aSN1ObjectIdentifier.C());
                        stringBuffer.append(" value = ");
                        stringBuffer.append(ASN1Dump.c(aSN1InputStream.x()));
                        stringBuffer.append(d6);
                    }
                    stringBuffer.append(verisignCzagExtension);
                    stringBuffer.append(d6);
                }
                stringBuffer.append(d6);
            }
        }
        return stringBuffer.toString();
    }

    @Override // java.security.cert.Certificate
    public final void verify(PublicKey publicKey) {
        y(publicKey, new SignatureCreator() { // from class: org.bouncycastle.jcajce.provider.asymmetric.x509.X509CertificateImpl.1
            @Override // org.bouncycastle.jcajce.provider.asymmetric.x509.SignatureCreator
            public Signature a(String str) {
                try {
                    return X509CertificateImpl.this.X.a(str);
                } catch (Exception unused) {
                    return Signature.getInstance(str);
                }
            }
        });
    }

    @Override // java.security.cert.Certificate
    public final void verify(PublicKey publicKey, final String str) {
        y(publicKey, new SignatureCreator() { // from class: org.bouncycastle.jcajce.provider.asymmetric.x509.X509CertificateImpl.2
            @Override // org.bouncycastle.jcajce.provider.asymmetric.x509.SignatureCreator
            public Signature a(String str2) {
                String str3 = str;
                return str3 != null ? Signature.getInstance(str2, str3) : Signature.getInstance(str2);
            }
        });
    }

    @Override // java.security.cert.X509Certificate, java.security.cert.Certificate
    public final void verify(PublicKey publicKey, final Provider provider) {
        try {
            y(publicKey, new SignatureCreator() { // from class: org.bouncycastle.jcajce.provider.asymmetric.x509.X509CertificateImpl.3
                @Override // org.bouncycastle.jcajce.provider.asymmetric.x509.SignatureCreator
                public Signature a(String str) {
                    Provider provider2 = provider;
                    return provider2 != null ? Signature.getInstance(str, provider2) : Signature.getInstance(str);
                }
            });
        } catch (NoSuchProviderException e6) {
            throw new NoSuchAlgorithmException("provider issue: " + e6.getMessage());
        }
    }
}
