package org.bouncycastle.jcajce.provider.asymmetric.x509;

import com.huawei.hms.framework.common.NetworkUtil;
import com.tencent.mm.opensdk.modelmsg.WXMediaMessage;
import defpackage.al3;
import defpackage.bd3;
import defpackage.bl3;
import defpackage.cg4;
import defpackage.dk3;
import defpackage.e24;
import defpackage.gk3;
import defpackage.hd3;
import defpackage.ig4;
import defpackage.il3;
import defpackage.j24;
import defpackage.j34;
import defpackage.jh3;
import defpackage.kh3;
import defpackage.ld3;
import defpackage.lh3;
import defpackage.md3;
import defpackage.ng4;
import defpackage.nh3;
import defpackage.ok3;
import defpackage.p14;
import defpackage.pe3;
import defpackage.q34;
import defpackage.qd3;
import defpackage.rg4;
import defpackage.sd3;
import defpackage.sk3;
import defpackage.tj3;
import defpackage.ul3;
import defpackage.ve3;
import defpackage.we3;
import defpackage.wj3;
import defpackage.xd3;
import defpackage.zk3;
import java.io.BufferedOutputStream;
import java.io.IOException;
import java.math.BigInteger;
import java.net.InetAddress;
import java.net.UnknownHostException;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.Principal;
import java.security.Provider;
import java.security.PublicKey;
import java.security.Signature;
import java.security.SignatureException;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateExpiredException;
import java.security.cert.CertificateNotYetValidException;
import java.security.cert.CertificateParsingException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Collections;
import java.util.Date;
import java.util.Enumeration;
import java.util.HashSet;
import java.util.List;
import java.util.Set;
import javax.security.auth.x500.X500Principal;
import org.bouncycastle.jce.provider.BouncyCastleProvider;

/* loaded from: classes3.dex */
abstract class X509CertificateImpl extends X509Certificate implements e24 {
    protected ok3 basicConstraints;
    protected j34 bcHelper;
    protected sk3 c;
    protected boolean[] keyUsage;
    protected String sigAlgName;
    protected byte[] sigAlgParams;

    /* JADX INFO: Access modifiers changed from: package-private */
    public X509CertificateImpl(j34 j34Var, sk3 sk3Var, ok3 ok3Var, boolean[] zArr, String str, byte[] bArr) {
        this.bcHelper = j34Var;
        this.c = sk3Var;
        this.basicConstraints = ok3Var;
        this.keyUsage = zArr;
        this.sigAlgName = str;
        this.sigAlgParams = bArr;
    }

    private void checkSignature(PublicKey publicKey, Signature signature, bd3 bd3Var, byte[] bArr) throws CertificateException, NoSuchAlgorithmException, SignatureException, InvalidKeyException {
        if (!isAlgIdEqual(this.c.n(), this.c.r().n())) {
            throw new CertificateException("signature algorithm in TBS cert not same as outer cert");
        }
        X509SignatureUtil.setSignatureParameters(signature, bd3Var);
        signature.initVerify(publicKey);
        try {
            BufferedOutputStream bufferedOutputStream = new BufferedOutputStream(j24.a(signature), WXMediaMessage.TITLE_LENGTH_LIMIT);
            this.c.r().f(bufferedOutputStream, "DER");
            bufferedOutputStream.close();
            if (!signature.verify(bArr)) {
                throw new SignatureException("certificate does not verify with supplied key");
            }
        } catch (IOException e) {
            throw new CertificateEncodingException(e.toString());
        }
    }

    private void doVerify(PublicKey publicKey, SignatureCreator signatureCreator) throws CertificateException, NoSuchAlgorithmException, InvalidKeyException, SignatureException, NoSuchProviderException {
        boolean z = publicKey instanceof p14;
        int i = 0;
        if (z && X509SignatureUtil.isCompositeAlgorithm(this.c.n())) {
            List<PublicKey> a = ((p14) publicKey).a();
            sd3 q = sd3.q(this.c.n().k());
            sd3 q2 = sd3.q(pe3.F(this.c.m()).r());
            boolean z2 = false;
            while (i != a.size()) {
                if (a.get(i) != null) {
                    gk3 i2 = gk3.i(q.x(i));
                    try {
                        checkSignature(a.get(i), signatureCreator.createSignature(X509SignatureUtil.getSignatureName(i2)), i2.k(), pe3.F(q2.x(i)).r());
                        e = null;
                        z2 = true;
                    } catch (SignatureException e) {
                        e = e;
                    }
                    if (e != null) {
                        throw e;
                    }
                }
                i++;
            }
            if (!z2) {
                throw new InvalidKeyException("no matching key found");
            }
            return;
        }
        if (!X509SignatureUtil.isCompositeAlgorithm(this.c.n())) {
            Signature createSignature = signatureCreator.createSignature(X509SignatureUtil.getSignatureName(this.c.n()));
            if (!z) {
                checkSignature(publicKey, createSignature, this.c.n().k(), getSignature());
                return;
            }
            List<PublicKey> a2 = ((p14) publicKey).a();
            while (i != a2.size()) {
                try {
                    checkSignature(a2.get(i), createSignature, this.c.n().k(), getSignature());
                    return;
                } catch (InvalidKeyException unused) {
                    i++;
                }
            }
            throw new InvalidKeyException("no matching signature found");
        }
        sd3 q3 = sd3.q(this.c.n().k());
        sd3 q4 = sd3.q(pe3.F(this.c.m()).r());
        boolean z3 = false;
        while (i != q4.size()) {
            gk3 i3 = gk3.i(q3.x(i));
            try {
                checkSignature(publicKey, signatureCreator.createSignature(X509SignatureUtil.getSignatureName(i3)), i3.k(), pe3.F(q4.x(i)).r());
                e = null;
                z3 = true;
            } catch (InvalidKeyException | NoSuchAlgorithmException unused2) {
                e = null;
            } catch (SignatureException e2) {
                e = e2;
            }
            if (e != null) {
                throw e;
            }
            i++;
        }
        if (!z3) {
            throw new InvalidKeyException("no matching key found");
        }
    }

    /* JADX WARN: Failed to find 'out' block for switch in B:10:0x0037. Please report as an issue. */
    private static Collection getAlternativeNames(sk3 sk3Var, String str) throws CertificateParsingException {
        String c;
        byte[] extensionOctets = getExtensionOctets(sk3Var, str);
        if (extensionOctets == null) {
            return null;
        }
        try {
            ArrayList arrayList = new ArrayList();
            Enumeration A = sd3.q(extensionOctets).A();
            while (A.hasMoreElements()) {
                bl3 i = bl3.i(A.nextElement());
                ArrayList arrayList2 = new ArrayList();
                arrayList2.add(ig4.d(i.l()));
                switch (i.l()) {
                    case 0:
                    case 3:
                    case 5:
                        arrayList2.add(i.getEncoded());
                        arrayList.add(Collections.unmodifiableList(arrayList2));
                    case 1:
                    case 2:
                    case 6:
                        c = ((xd3) i.k()).c();
                        arrayList2.add(c);
                        arrayList.add(Collections.unmodifiableList(arrayList2));
                    case 4:
                        c = wj3.j(dk3.V, i.k()).toString();
                        arrayList2.add(c);
                        arrayList.add(Collections.unmodifiableList(arrayList2));
                    case 7:
                        try {
                            c = InetAddress.getByAddress(md3.q(i.k()).x()).getHostAddress();
                            arrayList2.add(c);
                            arrayList.add(Collections.unmodifiableList(arrayList2));
                        } catch (UnknownHostException unused) {
                        }
                    case 8:
                        c = ld3.E(i.k()).C();
                        arrayList2.add(c);
                        arrayList.add(Collections.unmodifiableList(arrayList2));
                    default:
                        throw new IOException("Bad tag number: " + i.l());
                }
            }
            if (arrayList.size() == 0) {
                return null;
            }
            return Collections.unmodifiableCollection(arrayList);
        } catch (Exception e) {
            throw new CertificateParsingException(e.getMessage());
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static byte[] getExtensionOctets(sk3 sk3Var, String str) {
        md3 extensionValue = getExtensionValue(sk3Var, str);
        if (extensionValue != null) {
            return extensionValue.x();
        }
        return null;
    }

    protected static md3 getExtensionValue(sk3 sk3Var, String str) {
        zk3 h;
        al3 i = sk3Var.r().i();
        if (i == null || (h = i.h(new ld3(str))) == null) {
            return null;
        }
        return h.j();
    }

    private boolean isAlgIdEqual(gk3 gk3Var, gk3 gk3Var2) {
        if (!gk3Var.h().l(gk3Var2.h())) {
            return false;
        }
        if (ng4.c("org.bouncycastle.x509.allow_absent_equiv_NULL")) {
            if (gk3Var.k() == null) {
                return gk3Var2.k() == null || gk3Var2.k().equals(we3.a);
            }
            if (gk3Var2.k() == null) {
                return gk3Var.k() == null || gk3Var.k().equals(we3.a);
            }
        }
        if (gk3Var.k() != null) {
            return gk3Var.k().equals(gk3Var2.k());
        }
        if (gk3Var2.k() != null) {
            return gk3Var2.k().equals(gk3Var.k());
        }
        return true;
    }

    @Override // java.security.cert.X509Certificate
    public void checkValidity() throws CertificateExpiredException, CertificateNotYetValidException {
        checkValidity(new Date());
    }

    @Override // java.security.cert.X509Certificate
    public void checkValidity(Date date) throws CertificateExpiredException, CertificateNotYetValidException {
        if (date.getTime() > getNotAfter().getTime()) {
            throw new CertificateExpiredException("certificate expired on " + this.c.h().j());
        }
        if (date.getTime() >= getNotBefore().getTime()) {
            return;
        }
        throw new CertificateNotYetValidException("certificate not valid till " + this.c.o().j());
    }

    @Override // java.security.cert.X509Certificate
    public int getBasicConstraints() {
        ok3 ok3Var = this.basicConstraints;
        if (ok3Var == null || !ok3Var.j()) {
            return -1;
        }
        return this.basicConstraints.i() == null ? NetworkUtil.UNAVAILABLE : this.basicConstraints.i().intValue();
    }

    @Override // java.security.cert.X509Extension
    public Set getCriticalExtensionOIDs() {
        if (getVersion() != 3) {
            return null;
        }
        HashSet hashSet = new HashSet();
        al3 i = this.c.r().i();
        if (i == null) {
            return null;
        }
        Enumeration k = i.k();
        while (k.hasMoreElements()) {
            ld3 ld3Var = (ld3) k.nextElement();
            if (i.h(ld3Var).m()) {
                hashSet.add(ld3Var.C());
            }
        }
        return hashSet;
    }

    @Override // java.security.cert.X509Certificate
    public List getExtendedKeyUsage() throws CertificateParsingException {
        byte[] extensionOctets = getExtensionOctets(this.c, "2.5.29.37");
        if (extensionOctets == null) {
            return null;
        }
        try {
            sd3 q = sd3.q(qd3.m(extensionOctets));
            ArrayList arrayList = new ArrayList();
            for (int i = 0; i != q.size(); i++) {
                arrayList.add(((ld3) q.x(i)).C());
            }
            return Collections.unmodifiableList(arrayList);
        } catch (Exception unused) {
            throw new CertificateParsingException("error processing extended key usage extension");
        }
    }

    @Override // java.security.cert.X509Extension
    public byte[] getExtensionValue(String str) {
        md3 extensionValue = getExtensionValue(this.c, str);
        if (extensionValue == null) {
            return null;
        }
        try {
            return extensionValue.getEncoded();
        } catch (Exception e) {
            throw new IllegalStateException("error parsing " + e.toString());
        }
    }

    @Override // java.security.cert.X509Certificate
    public Collection getIssuerAlternativeNames() throws CertificateParsingException {
        return getAlternativeNames(this.c, zk3.f.C());
    }

    @Override // java.security.cert.X509Certificate
    public Principal getIssuerDN() {
        return new q34(this.c.k());
    }

    @Override // java.security.cert.X509Certificate
    public boolean[] getIssuerUniqueID() {
        pe3 l = this.c.r().l();
        if (l == null) {
            return null;
        }
        byte[] r = l.r();
        int length = (r.length * 8) - l.A();
        boolean[] zArr = new boolean[length];
        for (int i = 0; i != length; i++) {
            zArr[i] = (r[i / 8] & (128 >>> (i % 8))) != 0;
        }
        return zArr;
    }

    @Override // defpackage.e24
    public wj3 getIssuerX500Name() {
        return this.c.k();
    }

    @Override // java.security.cert.X509Certificate
    public X500Principal getIssuerX500Principal() {
        try {
            return new X500Principal(this.c.k().g("DER"));
        } catch (IOException unused) {
            throw new IllegalStateException("can't encode issuer DN");
        }
    }

    @Override // java.security.cert.X509Certificate
    public boolean[] getKeyUsage() {
        return cg4.o(this.keyUsage);
    }

    @Override // java.security.cert.X509Extension
    public Set getNonCriticalExtensionOIDs() {
        if (getVersion() != 3) {
            return null;
        }
        HashSet hashSet = new HashSet();
        al3 i = this.c.r().i();
        if (i == null) {
            return null;
        }
        Enumeration k = i.k();
        while (k.hasMoreElements()) {
            ld3 ld3Var = (ld3) k.nextElement();
            if (!i.h(ld3Var).m()) {
                hashSet.add(ld3Var.C());
            }
        }
        return hashSet;
    }

    @Override // java.security.cert.X509Certificate
    public Date getNotAfter() {
        return this.c.h().h();
    }

    @Override // java.security.cert.X509Certificate
    public Date getNotBefore() {
        return this.c.o().h();
    }

    @Override // java.security.cert.Certificate
    public PublicKey getPublicKey() {
        try {
            return BouncyCastleProvider.getPublicKey(this.c.q());
        } catch (IOException unused) {
            return null;
        }
    }

    @Override // java.security.cert.X509Certificate
    public BigInteger getSerialNumber() {
        return this.c.l().A();
    }

    @Override // java.security.cert.X509Certificate
    public String getSigAlgName() {
        return this.sigAlgName;
    }

    @Override // java.security.cert.X509Certificate
    public String getSigAlgOID() {
        return this.c.n().h().C();
    }

    @Override // java.security.cert.X509Certificate
    public byte[] getSigAlgParams() {
        return cg4.h(this.sigAlgParams);
    }

    @Override // java.security.cert.X509Certificate
    public byte[] getSignature() {
        return this.c.m().x();
    }

    @Override // java.security.cert.X509Certificate
    public Collection getSubjectAlternativeNames() throws CertificateParsingException {
        return getAlternativeNames(this.c, zk3.e.C());
    }

    @Override // java.security.cert.X509Certificate
    public Principal getSubjectDN() {
        return new q34(this.c.p());
    }

    @Override // java.security.cert.X509Certificate
    public boolean[] getSubjectUniqueID() {
        pe3 r = this.c.r().r();
        if (r == null) {
            return null;
        }
        byte[] r2 = r.r();
        int length = (r2.length * 8) - r.A();
        boolean[] zArr = new boolean[length];
        for (int i = 0; i != length; i++) {
            zArr[i] = (r2[i / 8] & (128 >>> (i % 8))) != 0;
        }
        return zArr;
    }

    @Override // defpackage.e24
    public wj3 getSubjectX500Name() {
        return this.c.p();
    }

    @Override // java.security.cert.X509Certificate
    public X500Principal getSubjectX500Principal() {
        try {
            return new X500Principal(this.c.p().g("DER"));
        } catch (IOException unused) {
            throw new IllegalStateException("can't encode subject DN");
        }
    }

    @Override // java.security.cert.X509Certificate
    public byte[] getTBSCertificate() throws CertificateEncodingException {
        try {
            return this.c.r().g("DER");
        } catch (IOException e) {
            throw new CertificateEncodingException(e.toString());
        }
    }

    @Override // defpackage.e24
    public ul3 getTBSCertificateNative() {
        return this.c.r();
    }

    @Override // java.security.cert.X509Certificate
    public int getVersion() {
        return this.c.x();
    }

    @Override // java.security.cert.X509Extension
    public boolean hasUnsupportedCriticalExtension() {
        al3 i;
        if (getVersion() != 3 || (i = this.c.r().i()) == null) {
            return false;
        }
        Enumeration k = i.k();
        while (k.hasMoreElements()) {
            ld3 ld3Var = (ld3) k.nextElement();
            if (!ld3Var.l(zk3.d) && !ld3Var.l(zk3.o) && !ld3Var.l(zk3.p) && !ld3Var.l(zk3.u) && !ld3Var.l(zk3.n) && !ld3Var.l(zk3.k) && !ld3Var.l(zk3.j) && !ld3Var.l(zk3.r) && !ld3Var.l(zk3.g) && !ld3Var.l(zk3.e) && !ld3Var.l(zk3.m) && i.h(ld3Var).m()) {
                return true;
            }
        }
        return false;
    }

    @Override // java.security.cert.Certificate
    public String toString() {
        Object nh3Var;
        StringBuffer stringBuffer = new StringBuffer();
        String d = rg4.d();
        stringBuffer.append("  [0]         Version: ");
        stringBuffer.append(getVersion());
        stringBuffer.append(d);
        stringBuffer.append("         SerialNumber: ");
        stringBuffer.append(getSerialNumber());
        stringBuffer.append(d);
        stringBuffer.append("             IssuerDN: ");
        stringBuffer.append(getIssuerDN());
        stringBuffer.append(d);
        stringBuffer.append("           Start Date: ");
        stringBuffer.append(getNotBefore());
        stringBuffer.append(d);
        stringBuffer.append("           Final Date: ");
        stringBuffer.append(getNotAfter());
        stringBuffer.append(d);
        stringBuffer.append("            SubjectDN: ");
        stringBuffer.append(getSubjectDN());
        stringBuffer.append(d);
        stringBuffer.append("           Public Key: ");
        stringBuffer.append(getPublicKey());
        stringBuffer.append(d);
        stringBuffer.append("  Signature Algorithm: ");
        stringBuffer.append(getSigAlgName());
        stringBuffer.append(d);
        X509SignatureUtil.prettyPrintSignature(getSignature(), stringBuffer, d);
        al3 i = this.c.r().i();
        if (i != null) {
            Enumeration k = i.k();
            if (k.hasMoreElements()) {
                stringBuffer.append("       Extensions: \n");
            }
            while (k.hasMoreElements()) {
                ld3 ld3Var = (ld3) k.nextElement();
                zk3 h = i.h(ld3Var);
                if (h.j() != null) {
                    hd3 hd3Var = new hd3(h.j().x());
                    stringBuffer.append("                       critical(");
                    stringBuffer.append(h.m());
                    stringBuffer.append(") ");
                    try {
                    } catch (Exception unused) {
                        stringBuffer.append(ld3Var.C());
                        stringBuffer.append(" value = ");
                        stringBuffer.append("*****");
                    }
                    if (ld3Var.l(zk3.g)) {
                        nh3Var = ok3.h(hd3Var.v());
                    } else if (ld3Var.l(zk3.d)) {
                        nh3Var = il3.h(hd3Var.v());
                    } else if (ld3Var.l(jh3.b)) {
                        nh3Var = new kh3(pe3.F(hd3Var.v()));
                    } else if (ld3Var.l(jh3.c)) {
                        nh3Var = new lh3(ve3.q(hd3Var.v()));
                    } else if (ld3Var.l(jh3.e)) {
                        nh3Var = new nh3(ve3.q(hd3Var.v()));
                    } else {
                        stringBuffer.append(ld3Var.C());
                        stringBuffer.append(" value = ");
                        stringBuffer.append(tj3.c(hd3Var.v()));
                        stringBuffer.append(d);
                    }
                    stringBuffer.append(nh3Var);
                    stringBuffer.append(d);
                }
                stringBuffer.append(d);
            }
        }
        return stringBuffer.toString();
    }

    @Override // java.security.cert.Certificate
    public final void verify(PublicKey publicKey) throws CertificateException, NoSuchAlgorithmException, InvalidKeyException, NoSuchProviderException, SignatureException {
        doVerify(publicKey, new SignatureCreator() { // from class: org.bouncycastle.jcajce.provider.asymmetric.x509.X509CertificateImpl.1
            @Override // org.bouncycastle.jcajce.provider.asymmetric.x509.SignatureCreator
            public Signature createSignature(String str) throws NoSuchAlgorithmException {
                try {
                    return X509CertificateImpl.this.bcHelper.createSignature(str);
                } catch (Exception unused) {
                    return Signature.getInstance(str);
                }
            }
        });
    }

    @Override // java.security.cert.Certificate
    public final void verify(PublicKey publicKey, final String str) throws CertificateException, NoSuchAlgorithmException, InvalidKeyException, NoSuchProviderException, SignatureException {
        doVerify(publicKey, new SignatureCreator() { // from class: org.bouncycastle.jcajce.provider.asymmetric.x509.X509CertificateImpl.2
            @Override // org.bouncycastle.jcajce.provider.asymmetric.x509.SignatureCreator
            public Signature createSignature(String str2) throws NoSuchAlgorithmException, NoSuchProviderException {
                String str3 = str;
                return str3 != null ? Signature.getInstance(str2, str3) : Signature.getInstance(str2);
            }
        });
    }

    @Override // java.security.cert.X509Certificate, java.security.cert.Certificate
    public final void verify(PublicKey publicKey, final Provider provider) throws CertificateException, NoSuchAlgorithmException, InvalidKeyException, SignatureException {
        try {
            doVerify(publicKey, new SignatureCreator() { // from class: org.bouncycastle.jcajce.provider.asymmetric.x509.X509CertificateImpl.3
                @Override // org.bouncycastle.jcajce.provider.asymmetric.x509.SignatureCreator
                public Signature createSignature(String str) throws NoSuchAlgorithmException {
                    Provider provider2 = provider;
                    return provider2 != null ? Signature.getInstance(str, provider2) : Signature.getInstance(str);
                }
            });
        } catch (NoSuchProviderException e) {
            throw new NoSuchAlgorithmException("provider issue: " + e.getMessage());
        }
    }
}
