package org.bouncycastle.jcajce.provider.asymmetric.x509;

import java.io.BufferedOutputStream;
import java.io.IOException;
import java.math.BigInteger;
import java.net.InetAddress;
import java.net.UnknownHostException;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.Principal;
import java.security.Provider;
import java.security.PublicKey;
import java.security.Signature;
import java.security.SignatureException;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateExpiredException;
import java.security.cert.CertificateNotYetValidException;
import java.security.cert.CertificateParsingException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Collections;
import java.util.Date;
import java.util.Enumeration;
import java.util.HashSet;
import java.util.List;
import java.util.Set;
import javax.security.auth.x500.X500Principal;
import org.bouncycastle.asn1.ASN1Primitive;
import org.bouncycastle.asn1.e1;
import org.bouncycastle.asn1.j;
import org.bouncycastle.asn1.k;
import org.bouncycastle.asn1.l;
import org.bouncycastle.asn1.p;
import org.bouncycastle.asn1.q;
import org.bouncycastle.asn1.u;
import org.bouncycastle.jcajce.CompositePublicKey;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.util.Strings;
import tt.ASN1Encodable;
import tt.a63;
import tt.ak6;
import tt.ax0;
import tt.bq7;
import tt.d00;
import tt.ggb;
import tt.h1;
import tt.h5a;
import tt.i08;
import tt.ip4;
import tt.jp;
import tt.lv3;
import tt.m07;
import tt.o13;
import tt.oib;
import tt.p53;
import tt.q2;
import tt.qu4;
import tt.s75;
import tt.u66;
import tt.uj6;
import tt.v50;
import tt.vf;
import tt.w1b;

/* loaded from: classes3.dex */
abstract class X509CertificateImpl extends X509Certificate implements d00 {
    protected v50 basicConstraints;
    protected qu4 bcHelper;
    protected ax0 c;
    protected boolean[] keyUsage;
    protected String sigAlgName;
    protected byte[] sigAlgParams;

    /* loaded from: classes3.dex */
    class a implements org.bouncycastle.jcajce.provider.asymmetric.x509.b {
        a() {
        }

        @Override // org.bouncycastle.jcajce.provider.asymmetric.x509.b
        public Signature createSignature(String str) {
            try {
                return X509CertificateImpl.this.bcHelper.createSignature(str);
            } catch (Exception unused) {
                return Signature.getInstance(str);
            }
        }
    }

    /* loaded from: classes3.dex */
    class b implements org.bouncycastle.jcajce.provider.asymmetric.x509.b {
        final /* synthetic */ String a;

        b(String str) {
            this.a = str;
        }

        @Override // org.bouncycastle.jcajce.provider.asymmetric.x509.b
        public Signature createSignature(String str) {
            String str2 = this.a;
            return str2 != null ? Signature.getInstance(str, str2) : Signature.getInstance(str);
        }
    }

    /* loaded from: classes3.dex */
    class c implements org.bouncycastle.jcajce.provider.asymmetric.x509.b {
        final /* synthetic */ Provider a;

        c(Provider provider) {
            this.a = provider;
        }

        @Override // org.bouncycastle.jcajce.provider.asymmetric.x509.b
        public Signature createSignature(String str) {
            Provider provider = this.a;
            return provider != null ? Signature.getInstance(str, provider) : Signature.getInstance(str);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public X509CertificateImpl(qu4 qu4Var, ax0 ax0Var, v50 v50Var, boolean[] zArr, String str, byte[] bArr) {
        this.bcHelper = qu4Var;
        this.c = ax0Var;
        this.basicConstraints = v50Var;
        this.keyUsage = zArr;
        this.sigAlgName = str;
        this.sigAlgParams = bArr;
    }

    /* JADX WARN: Unreachable blocks removed: 3, instructions: 3 */
    private void checkSignature(PublicKey publicKey, Signature signature, ASN1Encodable aSN1Encodable, byte[] bArr) {
        if (!isAlgIdEqual(this.c.q(), this.c.v().q())) {
            throw new CertificateException("signature algorithm in TBS cert not same as outer cert");
        }
        f.g(signature, aSN1Encodable);
        signature.initVerify(publicKey);
        try {
            BufferedOutputStream bufferedOutputStream = new BufferedOutputStream(m07.a(signature), 512);
            this.c.v().f(bufferedOutputStream, "DER");
            bufferedOutputStream.close();
            if (!signature.verify(bArr)) {
                throw new SignatureException("certificate does not verify with supplied key");
            }
        } catch (IOException e) {
            throw new CertificateEncodingException(e.toString());
        }
    }

    /* JADX WARN: Unreachable blocks removed: 2, instructions: 2 */
    private void doVerify(PublicKey publicKey, org.bouncycastle.jcajce.provider.asymmetric.x509.b bVar) {
        boolean z = publicKey instanceof CompositePublicKey;
        int i = 0;
        if (z && f.d(this.c.q())) {
            List<PublicKey> publicKeys = ((CompositePublicKey) publicKey).getPublicKeys();
            u x = u.x(this.c.q().m());
            u x2 = u.x(org.bouncycastle.asn1.c.y(this.c.p()).w());
            boolean z2 = false;
            while (i != publicKeys.size()) {
                if (publicKeys.get(i) != null) {
                    vf j = vf.j(x.z(i));
                    try {
                        checkSignature(publicKeys.get(i), bVar.createSignature(f.c(j)), j.m(), org.bouncycastle.asn1.c.y(x2.z(i)).w());
                        e = null;
                        z2 = true;
                    } catch (SignatureException e) {
                        e = e;
                    }
                    if (e != null) {
                        throw e;
                    }
                }
                i++;
            }
            if (!z2) {
                throw new InvalidKeyException("no matching key found");
            }
            return;
        }
        if (!f.d(this.c.q())) {
            Signature createSignature = bVar.createSignature(f.c(this.c.q()));
            if (!z) {
                checkSignature(publicKey, createSignature, this.c.q().m(), getSignature());
                return;
            }
            List<PublicKey> publicKeys2 = ((CompositePublicKey) publicKey).getPublicKeys();
            while (i != publicKeys2.size()) {
                try {
                    checkSignature(publicKeys2.get(i), createSignature, this.c.q().m(), getSignature());
                    return;
                } catch (InvalidKeyException unused) {
                    i++;
                }
            }
            throw new InvalidKeyException("no matching signature found");
        }
        u x3 = u.x(this.c.q().m());
        u x4 = u.x(org.bouncycastle.asn1.c.y(this.c.p()).w());
        boolean z3 = false;
        while (i != x4.size()) {
            vf j2 = vf.j(x3.z(i));
            try {
                checkSignature(publicKey, bVar.createSignature(f.c(j2)), j2.m(), org.bouncycastle.asn1.c.y(x4.z(i)).w());
                e = null;
                z3 = true;
            } catch (InvalidKeyException | NoSuchAlgorithmException unused2) {
                e = null;
            } catch (SignatureException e2) {
                e = e2;
            }
            if (e != null) {
                throw e;
            }
            i++;
        }
        if (!z3) {
            throw new InvalidKeyException("no matching key found");
        }
    }

    /* JADX WARN: Failed to find 'out' block for switch in B:10:0x0041. Please report as an issue. */
    /* JADX WARN: Unreachable blocks removed: 2, instructions: 2 */
    private static Collection getAlternativeNames(ax0 ax0Var, String str) {
        String b2;
        byte[] extensionOctets = getExtensionOctets(ax0Var, str);
        if (extensionOctets == null) {
            return null;
        }
        try {
            ArrayList arrayList = new ArrayList();
            Enumeration A = u.x(extensionOctets).A();
            while (A.hasMoreElements()) {
                lv3 j = lv3.j(A.nextElement());
                ArrayList arrayList2 = new ArrayList();
                arrayList2.add(ip4.f(j.n()));
                switch (j.n()) {
                    case 0:
                    case 3:
                    case 5:
                        arrayList2.add(j.getEncoded());
                        arrayList.add(Collections.unmodifiableList(arrayList2));
                    case 1:
                    case 2:
                    case 6:
                        b2 = ((q2) j.m()).b();
                        arrayList2.add(b2);
                        arrayList.add(Collections.unmodifiableList(arrayList2));
                    case 4:
                        b2 = ggb.l(i08.V, j.m()).toString();
                        arrayList2.add(b2);
                        arrayList.add(Collections.unmodifiableList(arrayList2));
                    case 7:
                        try {
                            b2 = InetAddress.getByAddress(q.w(j.m()).y()).getHostAddress();
                            arrayList2.add(b2);
                            arrayList.add(Collections.unmodifiableList(arrayList2));
                        } catch (UnknownHostException unused) {
                        }
                    case 8:
                        b2 = p.B(j.m()).A();
                        arrayList2.add(b2);
                        arrayList.add(Collections.unmodifiableList(arrayList2));
                    default:
                        throw new IOException("Bad tag number: " + j.n());
                }
            }
            if (arrayList.size() == 0) {
                return null;
            }
            return Collections.unmodifiableCollection(arrayList);
        } catch (Exception e) {
            throw new CertificateParsingException(e.getMessage());
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static byte[] getExtensionOctets(ax0 ax0Var, String str) {
        q extensionValue = getExtensionValue(ax0Var, str);
        if (extensionValue != null) {
            return extensionValue.y();
        }
        return null;
    }

    protected static q getExtensionValue(ax0 ax0Var, String str) {
        p53 j;
        a63 j2 = ax0Var.v().j();
        if (j2 == null || (j = j2.j(new p(str))) == null) {
            return null;
        }
        return j.l();
    }

    private boolean isAlgIdEqual(vf vfVar, vf vfVar2) {
        if (!vfVar.h().p(vfVar2.h())) {
            return false;
        }
        if (bq7.d("org.bouncycastle.x509.allow_absent_equiv_NULL")) {
            if (vfVar.m() == null) {
                return vfVar2.m() == null || vfVar2.m().equals(e1.b);
            }
            if (vfVar2.m() == null) {
                return vfVar.m() == null || vfVar.m().equals(e1.b);
            }
        }
        if (vfVar.m() != null) {
            return vfVar.m().equals(vfVar2.m());
        }
        if (vfVar2.m() != null) {
            return vfVar2.m().equals(vfVar.m());
        }
        return true;
    }

    @Override // java.security.cert.X509Certificate
    public void checkValidity() {
        checkValidity(new Date());
    }

    /* JADX WARN: Unreachable blocks removed: 2, instructions: 2 */
    @Override // java.security.cert.X509Certificate
    public void checkValidity(Date date) {
        if (date.getTime() > getNotAfter().getTime()) {
            throw new CertificateExpiredException("certificate expired on " + this.c.h().l());
        }
        if (date.getTime() >= getNotBefore().getTime()) {
            return;
        }
        throw new CertificateNotYetValidException("certificate not valid till " + this.c.r().l());
    }

    @Override // java.security.cert.X509Certificate
    public int getBasicConstraints() {
        v50 v50Var = this.basicConstraints;
        if (v50Var != null && v50Var.l()) {
            l j = this.basicConstraints.j();
            if (j == null) {
                return Integer.MAX_VALUE;
            }
            return j.C();
        }
        return -1;
    }

    @Override // java.security.cert.X509Extension
    public Set getCriticalExtensionOIDs() {
        if (getVersion() == 3) {
            HashSet hashSet = new HashSet();
            a63 j = this.c.v().j();
            if (j != null) {
                Enumeration t = j.t();
                while (t.hasMoreElements()) {
                    p pVar = (p) t.nextElement();
                    if (j.j(pVar).p()) {
                        hashSet.add(pVar.A());
                    }
                }
                return hashSet;
            }
        }
        return null;
    }

    @Override // java.security.cert.X509Certificate
    public List getExtendedKeyUsage() {
        byte[] extensionOctets = getExtensionOctets(this.c, "2.5.29.37");
        if (extensionOctets == null) {
            return null;
        }
        try {
            u x = u.x(ASN1Primitive.r(extensionOctets));
            ArrayList arrayList = new ArrayList();
            for (int i = 0; i != x.size(); i++) {
                arrayList.add(((p) x.z(i)).A());
            }
            return Collections.unmodifiableList(arrayList);
        } catch (Exception unused) {
            throw new CertificateParsingException("error processing extended key usage extension");
        }
    }

    @Override // java.security.cert.X509Extension
    public byte[] getExtensionValue(String str) {
        q extensionValue = getExtensionValue(this.c, str);
        if (extensionValue == null) {
            return null;
        }
        try {
            return extensionValue.getEncoded();
        } catch (Exception e) {
            throw o13.b("error parsing " + e.getMessage(), e);
        }
    }

    @Override // java.security.cert.X509Certificate
    public Collection getIssuerAlternativeNames() {
        return getAlternativeNames(this.c, p53.i.A());
    }

    @Override // java.security.cert.X509Certificate
    public Principal getIssuerDN() {
        return new oib(this.c.m());
    }

    @Override // java.security.cert.X509Certificate
    public boolean[] getIssuerUniqueID() {
        org.bouncycastle.asn1.c n = this.c.v().n();
        if (n == null) {
            return null;
        }
        byte[] w = n.w();
        int length = (w.length * 8) - n.e();
        boolean[] zArr = new boolean[length];
        for (int i = 0; i != length; i++) {
            zArr[i] = (w[i / 8] & (128 >>> (i % 8))) != 0;
        }
        return zArr;
    }

    @Override // tt.d00
    public ggb getIssuerX500Name() {
        return this.c.m();
    }

    /* JADX WARN: Unreachable blocks removed: 1, instructions: 1 */
    @Override // java.security.cert.X509Certificate
    public X500Principal getIssuerX500Principal() {
        try {
            return new X500Principal(this.c.m().g("DER"));
        } catch (IOException unused) {
            throw new IllegalStateException("can't encode issuer DN");
        }
    }

    @Override // java.security.cert.X509Certificate
    public boolean[] getKeyUsage() {
        return jp.o(this.keyUsage);
    }

    @Override // java.security.cert.X509Extension
    public Set getNonCriticalExtensionOIDs() {
        if (getVersion() == 3) {
            HashSet hashSet = new HashSet();
            a63 j = this.c.v().j();
            if (j != null) {
                Enumeration t = j.t();
                while (true) {
                    while (t.hasMoreElements()) {
                        p pVar = (p) t.nextElement();
                        if (!j.j(pVar).p()) {
                            hashSet.add(pVar.A());
                        }
                    }
                    return hashSet;
                }
            }
        }
        return null;
    }

    @Override // java.security.cert.X509Certificate
    public Date getNotAfter() {
        return this.c.h().h();
    }

    @Override // java.security.cert.X509Certificate
    public Date getNotBefore() {
        return this.c.r().h();
    }

    @Override // java.security.cert.Certificate
    public PublicKey getPublicKey() {
        try {
            return BouncyCastleProvider.getPublicKey(this.c.t());
        } catch (IOException e) {
            throw o13.b("failed to recover public key: " + e.getMessage(), e);
        }
    }

    @Override // java.security.cert.X509Certificate
    public BigInteger getSerialNumber() {
        return this.c.n().z();
    }

    @Override // java.security.cert.X509Certificate
    public String getSigAlgName() {
        return this.sigAlgName;
    }

    @Override // java.security.cert.X509Certificate
    public String getSigAlgOID() {
        return this.c.q().h().A();
    }

    @Override // java.security.cert.X509Certificate
    public byte[] getSigAlgParams() {
        return jp.h(this.sigAlgParams);
    }

    @Override // java.security.cert.X509Certificate
    public byte[] getSignature() {
        return this.c.p().A();
    }

    @Override // java.security.cert.X509Certificate
    public Collection getSubjectAlternativeNames() {
        return getAlternativeNames(this.c, p53.h.A());
    }

    @Override // java.security.cert.X509Certificate
    public Principal getSubjectDN() {
        return new oib(this.c.s());
    }

    @Override // java.security.cert.X509Certificate
    public boolean[] getSubjectUniqueID() {
        org.bouncycastle.asn1.c v = this.c.v().v();
        if (v == null) {
            return null;
        }
        byte[] w = v.w();
        int length = (w.length * 8) - v.e();
        boolean[] zArr = new boolean[length];
        for (int i = 0; i != length; i++) {
            zArr[i] = (w[i / 8] & (128 >>> (i % 8))) != 0;
        }
        return zArr;
    }

    @Override // tt.d00
    public ggb getSubjectX500Name() {
        return this.c.s();
    }

    /* JADX WARN: Unreachable blocks removed: 1, instructions: 1 */
    @Override // java.security.cert.X509Certificate
    public X500Principal getSubjectX500Principal() {
        try {
            return new X500Principal(this.c.s().g("DER"));
        } catch (IOException unused) {
            throw new IllegalStateException("can't encode subject DN");
        }
    }

    @Override // java.security.cert.X509Certificate
    public byte[] getTBSCertificate() {
        try {
            return this.c.v().g("DER");
        } catch (IOException e) {
            throw new CertificateEncodingException(e.toString());
        }
    }

    @Override // tt.d00
    public h5a getTBSCertificateNative() {
        return this.c.v();
    }

    @Override // java.security.cert.X509Certificate
    public int getVersion() {
        return this.c.w();
    }

    @Override // java.security.cert.X509Extension
    public boolean hasUnsupportedCriticalExtension() {
        a63 j;
        if (getVersion() == 3 && (j = this.c.v().j()) != null) {
            Enumeration t = j.t();
            while (t.hasMoreElements()) {
                p pVar = (p) t.nextElement();
                if (!pVar.p(p53.f) && !pVar.p(p53.w) && !pVar.p(p53.x) && !pVar.p(p53.C) && !pVar.p(p53.v) && !pVar.p(p53.q) && !pVar.p(p53.p) && !pVar.p(p53.z) && !pVar.p(p53.j) && !pVar.p(p53.h) && !pVar.p(p53.t) && j.j(pVar).p()) {
                    return true;
                }
            }
        }
        return false;
    }

    @Override // java.security.cert.Certificate
    public String toString() {
        Object w1bVar;
        StringBuffer stringBuffer = new StringBuffer();
        String d = Strings.d();
        stringBuffer.append("  [0]         Version: ");
        stringBuffer.append(getVersion());
        stringBuffer.append(d);
        stringBuffer.append("         SerialNumber: ");
        stringBuffer.append(getSerialNumber());
        stringBuffer.append(d);
        stringBuffer.append("             IssuerDN: ");
        stringBuffer.append(getIssuerDN());
        stringBuffer.append(d);
        stringBuffer.append("           Start Date: ");
        stringBuffer.append(getNotBefore());
        stringBuffer.append(d);
        stringBuffer.append("           Final Date: ");
        stringBuffer.append(getNotAfter());
        stringBuffer.append(d);
        stringBuffer.append("            SubjectDN: ");
        stringBuffer.append(getSubjectDN());
        stringBuffer.append(d);
        stringBuffer.append("           Public Key: ");
        stringBuffer.append(getPublicKey());
        stringBuffer.append(d);
        stringBuffer.append("  Signature Algorithm: ");
        stringBuffer.append(getSigAlgName());
        stringBuffer.append(d);
        f.f(getSignature(), stringBuffer, d);
        a63 j = this.c.v().j();
        if (j != null) {
            Enumeration t = j.t();
            if (t.hasMoreElements()) {
                stringBuffer.append("       Extensions: \n");
            }
            while (t.hasMoreElements()) {
                p pVar = (p) t.nextElement();
                p53 j2 = j.j(pVar);
                if (j2.l() != null) {
                    k kVar = new k(j2.l().y());
                    stringBuffer.append("                       critical(");
                    stringBuffer.append(j2.p());
                    stringBuffer.append(") ");
                    try {
                    } catch (Exception unused) {
                        stringBuffer.append(pVar.A());
                        stringBuffer.append(" value = ");
                        stringBuffer.append("*****");
                    }
                    if (pVar.p(p53.j)) {
                        w1bVar = v50.h(kVar.n());
                    } else if (pVar.p(p53.f)) {
                        w1bVar = s75.j(kVar.n());
                    } else if (pVar.p(u66.b)) {
                        w1bVar = new uj6(org.bouncycastle.asn1.c.y(kVar.n()));
                    } else if (pVar.p(u66.d)) {
                        w1bVar = new ak6(j.w(kVar.n()));
                    } else if (pVar.p(u66.k)) {
                        w1bVar = new w1b(j.w(kVar.n()));
                    } else {
                        stringBuffer.append(pVar.A());
                        stringBuffer.append(" value = ");
                        stringBuffer.append(h1.c(kVar.n()));
                        stringBuffer.append(d);
                    }
                    stringBuffer.append(w1bVar);
                    stringBuffer.append(d);
                }
                stringBuffer.append(d);
            }
        }
        return stringBuffer.toString();
    }

    @Override // java.security.cert.Certificate
    public final void verify(PublicKey publicKey) {
        doVerify(publicKey, new a());
    }

    @Override // java.security.cert.Certificate
    public final void verify(PublicKey publicKey, String str) {
        doVerify(publicKey, new b(str));
    }

    /* JADX WARN: Unreachable blocks removed: 1, instructions: 1 */
    @Override // java.security.cert.X509Certificate, java.security.cert.Certificate
    public final void verify(PublicKey publicKey, Provider provider) {
        try {
            doVerify(publicKey, new c(provider));
        } catch (NoSuchProviderException e) {
            throw new NoSuchAlgorithmException("provider issue: " + e.getMessage());
        }
    }
}
