package org.spongycastle.tls.crypto.impl.bc;

import com.xiaomi.mirror.message.ProtocolV1;
import java.io.IOException;
import java.math.BigInteger;
import org.spongycastle.asn1.ASN1Encoding;
import org.spongycastle.asn1.ASN1ObjectIdentifier;
import org.spongycastle.asn1.x509.Certificate;
import org.spongycastle.asn1.x509.Extension;
import org.spongycastle.asn1.x509.Extensions;
import org.spongycastle.asn1.x509.KeyUsage;
import org.spongycastle.crypto.params.AsymmetricKeyParameter;
import org.spongycastle.crypto.params.DHPublicKeyParameters;
import org.spongycastle.crypto.params.DSAPublicKeyParameters;
import org.spongycastle.crypto.params.ECPublicKeyParameters;
import org.spongycastle.crypto.params.RSAKeyParameters;
import org.spongycastle.crypto.util.PublicKeyFactory;
import org.spongycastle.tls.TlsFatalAlert;
import org.spongycastle.tls.crypto.TlsCertificate;
import org.spongycastle.tls.crypto.TlsCryptoException;
import org.spongycastle.tls.crypto.TlsVerifier;
import org.spongycastle.util.Arrays;

/* loaded from: classes3.dex */
public class BcTlsCertificate implements TlsCertificate {
    protected final Certificate certificate;
    protected final BcTlsCrypto crypto;
    protected DHPublicKeyParameters pubKeyDH;
    protected ECPublicKeyParameters pubKeyEC;
    protected RSAKeyParameters pubKeyRSA;

    public BcTlsCertificate(BcTlsCrypto bcTlsCrypto, Certificate certificate) {
        this.pubKeyDH = null;
        this.pubKeyEC = null;
        this.pubKeyRSA = null;
        this.crypto = bcTlsCrypto;
        this.certificate = certificate;
    }

    public BcTlsCertificate(BcTlsCrypto bcTlsCrypto, byte[] bArr) {
        this(bcTlsCrypto, parseCertificate(bArr));
    }

    public static BcTlsCertificate convert(BcTlsCrypto bcTlsCrypto, TlsCertificate tlsCertificate) {
        return tlsCertificate instanceof BcTlsCertificate ? (BcTlsCertificate) tlsCertificate : new BcTlsCertificate(bcTlsCrypto, tlsCertificate.getEncoded());
    }

    public static Certificate parseCertificate(byte[] bArr) {
        try {
            return Certificate.getInstance(bArr);
        } catch (IllegalArgumentException e) {
            throw new TlsCryptoException("unable to decode certificate: " + e.getMessage(), e);
        }
    }

    @Override // org.spongycastle.tls.crypto.TlsCertificate
    public TlsVerifier createVerifier(short s) {
        validateKeyUsage(128);
        if (s == 1) {
            return new BcTlsRSAVerifier(this.crypto, getPubKeyRSA());
        }
        if (s == 2) {
            return new BcTlsDSAVerifier(this.crypto, getPubKeyDSS());
        }
        if (s == 3) {
            return new BcTlsECDSAVerifier(this.crypto, getPubKeyEC());
        }
        throw new TlsFatalAlert((short) 46);
    }

    @Override // org.spongycastle.tls.crypto.TlsCertificate
    public short getClientCertificateType() {
        AsymmetricKeyParameter publicKey = getPublicKey();
        if (publicKey.isPrivate()) {
            throw new TlsFatalAlert((short) 80);
        }
        try {
            if (publicKey instanceof RSAKeyParameters) {
                validateKeyUsage(128);
                return (short) 1;
            }
            if (publicKey instanceof DSAPublicKeyParameters) {
                validateKeyUsage(128);
                return (short) 2;
            }
            if (!(publicKey instanceof ECPublicKeyParameters)) {
                throw new TlsFatalAlert((short) 43);
            }
            validateKeyUsage(128);
            return (short) 64;
        } catch (IOException e) {
            throw e;
        } catch (Exception e2) {
            throw new TlsFatalAlert((short) 43, e2);
        }
    }

    @Override // org.spongycastle.tls.crypto.TlsCertificate
    public byte[] getEncoded() {
        return this.certificate.getEncoded(ASN1Encoding.DER);
    }

    @Override // org.spongycastle.tls.crypto.TlsCertificate
    public byte[] getExtension(ASN1ObjectIdentifier aSN1ObjectIdentifier) {
        Extension extension;
        Extensions extensions = this.certificate.getTBSCertificate().getExtensions();
        if (extensions == null || (extension = extensions.getExtension(aSN1ObjectIdentifier)) == null) {
            return null;
        }
        return Arrays.clone(extension.getExtnValue().getOctets());
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public DHPublicKeyParameters getPubKeyDH() {
        try {
            return (DHPublicKeyParameters) getPublicKey();
        } catch (RuntimeException e) {
            throw new TlsFatalAlert((short) 46, e);
        }
    }

    public DSAPublicKeyParameters getPubKeyDSS() {
        try {
            return validatePubKeyDSS((DSAPublicKeyParameters) getPublicKey());
        } catch (ClassCastException e) {
            throw new TlsFatalAlert((short) 46, e);
        }
    }

    public ECPublicKeyParameters getPubKeyEC() {
        try {
            return validatePubKeyEC((ECPublicKeyParameters) getPublicKey());
        } catch (ClassCastException e) {
            throw new TlsFatalAlert((short) 46, e);
        }
    }

    public RSAKeyParameters getPubKeyRSA() {
        try {
            return validatePubKeyRSA((RSAKeyParameters) getPublicKey());
        } catch (ClassCastException e) {
            throw new TlsFatalAlert((short) 46, e);
        }
    }

    protected AsymmetricKeyParameter getPublicKey() {
        try {
            return PublicKeyFactory.createKey(this.certificate.getSubjectPublicKeyInfo());
        } catch (RuntimeException e) {
            throw new TlsFatalAlert((short) 43, e);
        }
    }

    @Override // org.spongycastle.tls.crypto.TlsCertificate
    public BigInteger getSerialNumber() {
        return this.certificate.getSerialNumber().getValue();
    }

    @Override // org.spongycastle.tls.crypto.TlsCertificate
    public TlsCertificate useInRole(int i, int i2) {
        if (i2 == 7 || i2 == 9) {
            validateKeyUsage(8);
            this.pubKeyDH = getPubKeyDH();
            return this;
        }
        if (i2 == 16 || i2 == 18) {
            validateKeyUsage(8);
            this.pubKeyEC = getPubKeyEC();
            return this;
        }
        if (i != 0 || (i2 != 1 && i2 != 15)) {
            throw new TlsFatalAlert((short) 46);
        }
        validateKeyUsage(32);
        this.pubKeyRSA = getPubKeyRSA();
        return this;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void validateKeyUsage(int i) {
        KeyUsage fromExtensions;
        Extensions extensions = this.certificate.getTBSCertificate().getExtensions();
        if (extensions != null && (fromExtensions = KeyUsage.fromExtensions(extensions)) != null && (fromExtensions.getBytes()[0] & ProtocolV1.TYPE_UNKNOWN & i) != i) {
            throw new TlsFatalAlert((short) 46);
        }
    }

    protected DSAPublicKeyParameters validatePubKeyDSS(DSAPublicKeyParameters dSAPublicKeyParameters) {
        return dSAPublicKeyParameters;
    }

    protected ECPublicKeyParameters validatePubKeyEC(ECPublicKeyParameters eCPublicKeyParameters) {
        return eCPublicKeyParameters;
    }

    protected RSAKeyParameters validatePubKeyRSA(RSAKeyParameters rSAKeyParameters) {
        return rSAKeyParameters;
    }
}
