package org.bouncycastle.tls.crypto.impl.bc;

import java.io.IOException;
import java.math.BigInteger;
import org.bouncycastle.asn1.ASN1Encodable;
import org.bouncycastle.asn1.ASN1Encoding;
import org.bouncycastle.asn1.ASN1ObjectIdentifier;
import org.bouncycastle.asn1.x509.Certificate;
import org.bouncycastle.asn1.x509.Extension;
import org.bouncycastle.asn1.x509.Extensions;
import org.bouncycastle.asn1.x509.KeyUsage;
import org.bouncycastle.crypto.params.AsymmetricKeyParameter;
import org.bouncycastle.crypto.params.DHPublicKeyParameters;
import org.bouncycastle.crypto.params.DSAPublicKeyParameters;
import org.bouncycastle.crypto.params.ECPublicKeyParameters;
import org.bouncycastle.crypto.params.Ed25519PublicKeyParameters;
import org.bouncycastle.crypto.params.Ed448PublicKeyParameters;
import org.bouncycastle.crypto.params.RSAKeyParameters;
import org.bouncycastle.crypto.util.PublicKeyFactory;
import org.bouncycastle.tls.TlsFatalAlert;
import org.bouncycastle.tls.crypto.TlsCertificate;
import org.bouncycastle.tls.crypto.TlsVerifier;
import org.bouncycastle.tls.crypto.impl.RSAUtil;
import org.bouncycastle.util.Arrays;

/* loaded from: classes3.dex */
public class BcTlsCertificate implements TlsCertificate {
    private static final BigInteger X509V3_VERSION = BigInteger.valueOf(2);
    protected final Certificate certificate;
    protected final BcTlsCrypto crypto;
    protected DHPublicKeyParameters pubKeyDH;
    protected ECPublicKeyParameters pubKeyEC;
    protected Ed25519PublicKeyParameters pubKeyEd25519;
    protected Ed448PublicKeyParameters pubKeyEd448;
    protected RSAKeyParameters pubKeyRSA;

    public BcTlsCertificate(BcTlsCrypto bcTlsCrypto, Certificate certificate) {
        this.pubKeyDH = null;
        this.pubKeyEC = null;
        this.pubKeyEd25519 = null;
        this.pubKeyEd448 = null;
        this.pubKeyRSA = null;
        this.crypto = bcTlsCrypto;
        this.certificate = certificate;
    }

    public BcTlsCertificate(BcTlsCrypto bcTlsCrypto, byte[] bArr) throws IOException {
        this(bcTlsCrypto, parseCertificate(bArr));
    }

    public static BcTlsCertificate convert(BcTlsCrypto bcTlsCrypto, TlsCertificate tlsCertificate) throws IOException {
        return tlsCertificate instanceof BcTlsCertificate ? (BcTlsCertificate) tlsCertificate : new BcTlsCertificate(bcTlsCrypto, tlsCertificate.getEncoded());
    }

    public static Certificate parseCertificate(byte[] bArr) throws IOException {
        try {
            Certificate certificate = Certificate.getInstance(bArr);
            if (X509V3_VERSION.equals(certificate.getTBSCertificate().getVersion().getValue())) {
                return certificate;
            }
            throw new TlsFatalAlert((short) 42);
        } catch (IllegalArgumentException e2) {
            throw new TlsFatalAlert((short) 42, e2);
        }
    }

    @Override // org.bouncycastle.tls.crypto.TlsCertificate
    public TlsVerifier createVerifier(short s) throws IOException {
        validateKeyUsage(128);
        switch (s) {
            case 1:
                validateRSA_PKCS1();
                return new BcTlsRSAVerifier(this.crypto, getPubKeyRSA());
            case 2:
                return new BcTlsDSAVerifier(this.crypto, getPubKeyDSS());
            case 3:
                return new BcTlsECDSAVerifier(this.crypto, getPubKeyEC());
            case 4:
            case 5:
            case 6:
                validateRSA_PSS_RSAE();
                return new BcTlsRSAPSSVerifier(this.crypto, getPubKeyRSA(), s);
            case 7:
                return new BcTlsEd25519Verifier(this.crypto, getPubKeyEd25519());
            case 8:
                return new BcTlsEd448Verifier(this.crypto, getPubKeyEd448());
            case 9:
            case 10:
            case 11:
                validateRSA_PSS_PSS(s);
                return new BcTlsRSAPSSVerifier(this.crypto, getPubKeyRSA(), s);
            default:
                throw new TlsFatalAlert((short) 46);
        }
    }

    @Override // org.bouncycastle.tls.crypto.TlsCertificate
    public byte[] getEncoded() throws IOException {
        return this.certificate.getEncoded(ASN1Encoding.DER);
    }

    @Override // org.bouncycastle.tls.crypto.TlsCertificate
    public byte[] getExtension(ASN1ObjectIdentifier aSN1ObjectIdentifier) throws IOException {
        Extension extension;
        Extensions extensions = this.certificate.getTBSCertificate().getExtensions();
        if (extensions == null || (extension = extensions.getExtension(aSN1ObjectIdentifier)) == null) {
            return null;
        }
        return Arrays.clone(extension.getExtnValue().getOctets());
    }

    @Override // org.bouncycastle.tls.crypto.TlsCertificate
    public short getLegacySignatureAlgorithm() throws IOException {
        AsymmetricKeyParameter publicKey = getPublicKey();
        if (publicKey.isPrivate()) {
            throw new TlsFatalAlert((short) 80);
        }
        if (!supportsKeyUsage(128)) {
            return (short) -1;
        }
        if (publicKey instanceof RSAKeyParameters) {
            return (short) 1;
        }
        if (publicKey instanceof DSAPublicKeyParameters) {
            return (short) 2;
        }
        return publicKey instanceof ECPublicKeyParameters ? (short) 3 : (short) -1;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public DHPublicKeyParameters getPubKeyDH() throws IOException {
        try {
            return (DHPublicKeyParameters) getPublicKey();
        } catch (RuntimeException e2) {
            throw new TlsFatalAlert((short) 46, e2);
        }
    }

    public DSAPublicKeyParameters getPubKeyDSS() throws IOException {
        try {
            return (DSAPublicKeyParameters) getPublicKey();
        } catch (ClassCastException e2) {
            throw new TlsFatalAlert((short) 46, e2);
        }
    }

    public ECPublicKeyParameters getPubKeyEC() throws IOException {
        try {
            return (ECPublicKeyParameters) getPublicKey();
        } catch (ClassCastException e2) {
            throw new TlsFatalAlert((short) 46, e2);
        }
    }

    public Ed25519PublicKeyParameters getPubKeyEd25519() throws IOException {
        try {
            return (Ed25519PublicKeyParameters) getPublicKey();
        } catch (ClassCastException e2) {
            throw new TlsFatalAlert((short) 46, e2);
        }
    }

    public Ed448PublicKeyParameters getPubKeyEd448() throws IOException {
        try {
            return (Ed448PublicKeyParameters) getPublicKey();
        } catch (ClassCastException e2) {
            throw new TlsFatalAlert((short) 46, e2);
        }
    }

    public RSAKeyParameters getPubKeyRSA() throws IOException {
        try {
            return (RSAKeyParameters) getPublicKey();
        } catch (ClassCastException e2) {
            throw new TlsFatalAlert((short) 46, e2);
        }
    }

    protected AsymmetricKeyParameter getPublicKey() throws IOException {
        try {
            return PublicKeyFactory.createKey(this.certificate.getSubjectPublicKeyInfo());
        } catch (RuntimeException e2) {
            throw new TlsFatalAlert((short) 43, e2);
        }
    }

    @Override // org.bouncycastle.tls.crypto.TlsCertificate
    public BigInteger getSerialNumber() {
        return this.certificate.getSerialNumber().getValue();
    }

    @Override // org.bouncycastle.tls.crypto.TlsCertificate
    public String getSigAlgOID() {
        return this.certificate.getSignatureAlgorithm().getAlgorithm().getId();
    }

    @Override // org.bouncycastle.tls.crypto.TlsCertificate
    public ASN1Encodable getSigAlgParams() {
        return this.certificate.getSignatureAlgorithm().getParameters();
    }

    protected boolean supportsKeyUsage(int i2) {
        KeyUsage fromExtensions;
        Extensions extensions = this.certificate.getTBSCertificate().getExtensions();
        return extensions == null || (fromExtensions = KeyUsage.fromExtensions(extensions)) == null || ((fromExtensions.getBytes()[0] & 255) & i2) == i2;
    }

    protected boolean supportsRSA_PKCS1() {
        return RSAUtil.supportsPKCS1(this.certificate.getSubjectPublicKeyInfo().getAlgorithm());
    }

    protected boolean supportsRSA_PSS_PSS(short s) {
        return RSAUtil.supportsPSS_PSS(s, this.certificate.getSubjectPublicKeyInfo().getAlgorithm());
    }

    protected boolean supportsRSA_PSS_RSAE() {
        return RSAUtil.supportsPSS_RSAE(this.certificate.getSubjectPublicKeyInfo().getAlgorithm());
    }

    @Override // org.bouncycastle.tls.crypto.TlsCertificate
    public boolean supportsSignatureAlgorithm(short s) throws IOException {
        return supportsSignatureAlgorithm(s, 128);
    }

    protected boolean supportsSignatureAlgorithm(short s, int i2) throws IOException {
        if (!supportsKeyUsage(i2)) {
            return false;
        }
        AsymmetricKeyParameter publicKey = getPublicKey();
        switch (s) {
            case 1:
                return supportsRSA_PKCS1() && (publicKey instanceof RSAKeyParameters);
            case 2:
                return publicKey instanceof DSAPublicKeyParameters;
            case 3:
                return publicKey instanceof ECPublicKeyParameters;
            case 4:
            case 5:
            case 6:
                return supportsRSA_PSS_RSAE() && (publicKey instanceof RSAKeyParameters);
            case 7:
                return publicKey instanceof Ed25519PublicKeyParameters;
            case 8:
                return publicKey instanceof Ed448PublicKeyParameters;
            case 9:
            case 10:
            case 11:
                return supportsRSA_PSS_PSS(s) && (publicKey instanceof RSAKeyParameters);
            default:
                return false;
        }
    }

    @Override // org.bouncycastle.tls.crypto.TlsCertificate
    public boolean supportsSignatureAlgorithmCA(short s) throws IOException {
        return supportsSignatureAlgorithm(s, 4);
    }

    @Override // org.bouncycastle.tls.crypto.TlsCertificate
    public TlsCertificate useInRole(int i2, int i3) throws IOException {
        if (i3 == 7 || i3 == 9) {
            validateKeyUsage(8);
            this.pubKeyDH = getPubKeyDH();
            return this;
        }
        if (i3 == 16 || i3 == 18) {
            validateKeyUsage(8);
            this.pubKeyEC = getPubKeyEC();
            return this;
        }
        if (i2 != 0 || (i3 != 1 && i3 != 15)) {
            throw new TlsFatalAlert((short) 46);
        }
        validateKeyUsage(32);
        this.pubKeyRSA = getPubKeyRSA();
        return this;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void validateKeyUsage(int i2) throws IOException {
        if (!supportsKeyUsage(i2)) {
            throw new TlsFatalAlert((short) 46);
        }
    }

    protected void validateRSA_PKCS1() throws IOException {
        if (!supportsRSA_PKCS1()) {
            throw new TlsFatalAlert((short) 46);
        }
    }

    protected void validateRSA_PSS_PSS(short s) throws IOException {
        if (!supportsRSA_PSS_PSS(s)) {
            throw new TlsFatalAlert((short) 46);
        }
    }

    protected void validateRSA_PSS_RSAE() throws IOException {
        if (!supportsRSA_PSS_RSAE()) {
            throw new TlsFatalAlert((short) 46);
        }
    }
}
