package s.b.f.k;

import com.microsoft.identity.common.internal.platform.DevicePopManager;
import java.io.IOException;
import java.security.AlgorithmParameters;
import java.security.GeneralSecurityException;
import java.security.cert.CertPathValidatorException;
import java.security.cert.Certificate;
import java.security.cert.PKIXCertPathChecker;
import java.security.cert.X509Certificate;
import java.util.Arrays;
import java.util.Collection;
import java.util.Collections;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Map;
import java.util.Objects;
import java.util.Set;

/* loaded from: classes2.dex */
public class j0 extends PKIXCertPathChecker {
    public static final String M;
    public static final String N;
    public static final String O;
    public static final String P;

    /* renamed from: n, reason: collision with root package name */
    public static final Map<String, String> f6717n;

    /* renamed from: p, reason: collision with root package name */
    public static final Set<String> f6718p;

    /* renamed from: q, reason: collision with root package name */
    public static final byte[] f6719q;
    public static final String x;
    public static final String y;
    public final s.b.d.d.a d;
    public final s.b.f.j.a.a e;

    /* renamed from: k, reason: collision with root package name */
    public X509Certificate f6720k;

    static {
        HashMap hashMap = new HashMap(4);
        hashMap.put(s.b.a.e2.a.d.d, "Ed25519");
        hashMap.put(s.b.a.e2.a.e.d, "Ed448");
        s.b.a.n nVar = s.b.a.i2.a.b;
        hashMap.put(nVar.d, "SHA1withDSA");
        s.b.a.n nVar2 = s.b.a.n2.e.G;
        hashMap.put(nVar2.d, "SHA1withDSA");
        f6717n = Collections.unmodifiableMap(hashMap);
        HashSet hashSet = new HashSet();
        hashSet.add(nVar.d);
        hashSet.add(nVar2.d);
        hashSet.add(s.b.a.j2.e.e.d);
        f6718p = Collections.unmodifiableSet(hashSet);
        f6719q = new byte[]{5, 0};
        x = d0.k("SHA256withRSAandMGF1", "RSASSA-PSS");
        y = d0.k("SHA384withRSAandMGF1", "RSASSA-PSS");
        M = d0.k("SHA512withRSAandMGF1", "RSASSA-PSS");
        N = d0.k("SHA256withRSAandMGF1", DevicePopManager.KeyPairGeneratorAlgorithms.RSA);
        O = d0.k("SHA384withRSAandMGF1", DevicePopManager.KeyPairGeneratorAlgorithms.RSA);
        P = d0.k("SHA512withRSAandMGF1", DevicePopManager.KeyPairGeneratorAlgorithms.RSA);
    }

    public j0(s.b.d.d.a aVar, s.b.f.j.a.a aVar2) {
        Objects.requireNonNull(aVar, "'helper' cannot be null");
        Objects.requireNonNull(aVar2, "'algorithmConstraints' cannot be null");
        this.d = aVar;
        this.e = aVar2;
        this.f6720k = null;
    }

    public static void b(s.b.d.d.a aVar, s.b.f.j.a.a aVar2, Set<X509Certificate> set, X509Certificate[] x509CertificateArr, s.b.a.m2.r rVar, int i2) throws CertPathValidatorException {
        int length = x509CertificateArr.length;
        while (length > 0 && set.contains(x509CertificateArr[length - 1])) {
            length--;
        }
        if (length < x509CertificateArr.length) {
            X509Certificate x509Certificate = x509CertificateArr[length];
            if (length > 0) {
                d(aVar, aVar2, x509CertificateArr[length - 1], x509Certificate);
            }
        } else {
            X509Certificate x509Certificate2 = x509CertificateArr[length - 1];
            String f = f(x509Certificate2, null);
            if (!d0.t(f)) {
                throw new CertPathValidatorException();
            }
            if (!aVar2.permits(d0.f, f, g(aVar, x509Certificate2))) {
                throw new CertPathValidatorException();
            }
        }
        j0 j0Var = new j0(aVar, aVar2);
        j0Var.init(false);
        for (int i3 = length - 1; i3 >= 0; i3--) {
            j0Var.check(x509CertificateArr[i3], Collections.emptySet());
        }
        c(aVar2, x509CertificateArr[0], rVar, i2);
    }

    /* JADX WARN: Code restructure failed: missing block: B:35:0x0020, code lost:
    
        if (r3.contains(s.b.a.m2.r.f6570k.d.d) != false) goto L10;
     */
    /* JADX WARN: Removed duplicated region for block: B:28:0x00c3 A[ORIG_RETURN, RETURN] */
    /* JADX WARN: Removed duplicated region for block: B:38:0x0027  */
    /* JADX WARN: Removed duplicated region for block: B:4:0x0065  */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public static void c(s.b.f.j.a.a r5, java.security.cert.X509Certificate r6, s.b.a.m2.r r7, int r8) throws java.security.cert.CertPathValidatorException {
        /*
            java.lang.String r0 = "Certificate doesn't support '"
            r1 = 1
            r2 = 0
            if (r7 == 0) goto L63
            java.util.List r3 = r6.getExtendedKeyUsage()     // Catch: java.security.cert.CertificateParsingException -> L24
            if (r3 == 0) goto L22
            s.b.a.n r4 = r7.d     // Catch: java.security.cert.CertificateParsingException -> L24
            java.lang.String r4 = r4.d     // Catch: java.security.cert.CertificateParsingException -> L24
            boolean r4 = r3.contains(r4)     // Catch: java.security.cert.CertificateParsingException -> L24
            if (r4 != 0) goto L22
            s.b.a.m2.r r4 = s.b.a.m2.r.f6570k     // Catch: java.security.cert.CertificateParsingException -> L24
            s.b.a.n r4 = r4.d     // Catch: java.security.cert.CertificateParsingException -> L24
            java.lang.String r4 = r4.d     // Catch: java.security.cert.CertificateParsingException -> L24
            boolean r3 = r3.contains(r4)     // Catch: java.security.cert.CertificateParsingException -> L24
            if (r3 == 0) goto L24
        L22:
            r3 = r1
            goto L25
        L24:
            r3 = r2
        L25:
            if (r3 != 0) goto L63
            java.security.cert.CertPathValidatorException r5 = new java.security.cert.CertPathValidatorException
            java.lang.StringBuilder r6 = c.b.a.a.a.F(r0)
            s.b.a.m2.r r8 = s.b.a.m2.r.f6572p
            boolean r8 = r8.equals(r7)
            if (r8 != 0) goto L57
            s.b.a.m2.r r8 = s.b.a.m2.r.f6571n
            boolean r8 = r8.equals(r7)
            if (r8 == 0) goto L40
            java.lang.String r7 = "serverAuth"
            goto L59
        L40:
            java.lang.StringBuilder r8 = new java.lang.StringBuilder
            r8.<init>()
            java.lang.String r0 = "("
            r8.append(r0)
            r8.append(r7)
            java.lang.String r7 = ")"
            r8.append(r7)
            java.lang.String r7 = r8.toString()
            goto L59
        L57:
            java.lang.String r7 = "clientAuth"
        L59:
            java.lang.String r8 = "' ExtendedKeyUsage"
            java.lang.String r6 = c.b.a.a.a.A(r6, r7, r8)
            r5.<init>(r6)
            throw r5
        L63:
            if (r8 < 0) goto Lc3
            boolean[] r7 = r6.getKeyUsage()
            if (r7 == 0) goto L74
            int r3 = r7.length
            if (r3 <= r8) goto L73
            boolean r7 = r7[r8]
            if (r7 == 0) goto L73
            goto L74
        L73:
            r1 = r2
        L74:
            java.lang.String r7 = "' KeyUsage"
            if (r1 == 0) goto Lab
            r0 = 2
            if (r8 == r0) goto L84
            r0 = 4
            if (r8 == r0) goto L81
            java.util.Set<org.bouncycastle.jsse.java.security.BCCryptoPrimitive> r0 = s.b.f.k.d0.f
            goto L86
        L81:
            java.util.Set<org.bouncycastle.jsse.java.security.BCCryptoPrimitive> r0 = s.b.f.k.d0.d
            goto L86
        L84:
            java.util.Set<org.bouncycastle.jsse.java.security.BCCryptoPrimitive> r0 = s.b.f.k.d0.e
        L86:
            java.security.PublicKey r6 = r6.getPublicKey()
            boolean r5 = r5.permits(r0, r6)
            if (r5 == 0) goto L91
            goto Lc3
        L91:
            java.security.cert.CertPathValidatorException r5 = new java.security.cert.CertPathValidatorException
            java.lang.String r6 = "Public key not permitted for '"
            java.lang.StringBuilder r6 = c.b.a.a.a.F(r6)
            java.lang.String r8 = e(r8)
            r6.append(r8)
            r6.append(r7)
            java.lang.String r6 = r6.toString()
            r5.<init>(r6)
            throw r5
        Lab:
            java.security.cert.CertPathValidatorException r5 = new java.security.cert.CertPathValidatorException
            java.lang.StringBuilder r6 = c.b.a.a.a.F(r0)
            java.lang.String r8 = e(r8)
            r6.append(r8)
            r6.append(r7)
            java.lang.String r6 = r6.toString()
            r5.<init>(r6)
            throw r5
        Lc3:
            return
        */
        throw new UnsupportedOperationException("Method not decompiled: s.b.f.k.j0.c(s.b.f.j.a.a, java.security.cert.X509Certificate, s.b.a.m2.r, int):void");
    }

    public static void d(s.b.d.d.a aVar, s.b.f.j.a.a aVar2, X509Certificate x509Certificate, X509Certificate x509Certificate2) throws CertPathValidatorException {
        String f = f(x509Certificate, x509Certificate2);
        if (!d0.t(f)) {
            throw new CertPathValidatorException();
        }
        if (!aVar2.permits(d0.f, f, x509Certificate2.getPublicKey(), g(aVar, x509Certificate))) {
            throw new CertPathValidatorException();
        }
    }

    public static String e(int i2) {
        return i2 != 0 ? i2 != 2 ? i2 != 4 ? c.b.a.a.a.p("(", i2, ")") : "keyAgreement" : "keyEncipherment" : "digitalSignature";
    }

    public static String f(X509Certificate x509Certificate, X509Certificate x509Certificate2) {
        s.b.a.n nVar;
        String sigAlgOID = x509Certificate.getSigAlgOID();
        String str = f6717n.get(sigAlgOID);
        if (str != null) {
            return str;
        }
        if (!s.b.a.j2.e.e.d.equals(sigAlgOID)) {
            return x509Certificate.getSigAlgName();
        }
        s.b.a.j2.i u2 = s.b.a.j2.i.u(x509Certificate.getSigAlgParams());
        if (u2 != null && (nVar = u2.d.d) != null) {
            if (x509Certificate2 != null) {
                x509Certificate = x509Certificate2;
            }
            try {
                s.b.k.b2.v.j.d dVar = new s.b.k.b2.v.j.d((s.b.k.b2.v.j.f) null, x509Certificate);
                if (s.b.a.g2.a.f6477c.x(nVar)) {
                    if (dVar.g((short) 9)) {
                        return x;
                    }
                    if (dVar.g((short) 4)) {
                        return N;
                    }
                } else if (s.b.a.g2.a.d.x(nVar)) {
                    if (dVar.g((short) 10)) {
                        return y;
                    }
                    if (dVar.g((short) 5)) {
                        return O;
                    }
                } else if (s.b.a.g2.a.e.x(nVar)) {
                    if (dVar.g((short) 11)) {
                        return M;
                    }
                    if (dVar.g((short) 6)) {
                        return P;
                    }
                }
            } catch (IOException unused) {
            }
        }
        return null;
    }

    public static AlgorithmParameters g(s.b.d.d.a aVar, X509Certificate x509Certificate) throws CertPathValidatorException {
        byte[] sigAlgParams = x509Certificate.getSigAlgParams();
        if (sigAlgParams == null) {
            return null;
        }
        String sigAlgOID = x509Certificate.getSigAlgOID();
        if (f6718p.contains(sigAlgOID) && Arrays.equals(f6719q, sigAlgParams)) {
            return null;
        }
        try {
            Objects.requireNonNull(aVar);
            AlgorithmParameters algorithmParameters = AlgorithmParameters.getInstance(sigAlgOID);
            try {
                algorithmParameters.init(sigAlgParams);
                return algorithmParameters;
            } catch (Exception e) {
                throw new CertPathValidatorException(e);
            }
        } catch (GeneralSecurityException unused) {
            return null;
        }
    }

    @Override // java.security.cert.PKIXCertPathChecker
    public void check(Certificate certificate, Collection<String> collection) throws CertPathValidatorException {
        if (!(certificate instanceof X509Certificate)) {
            throw new CertPathValidatorException("checker can only be used for X.509 certificates");
        }
        X509Certificate x509Certificate = (X509Certificate) certificate;
        X509Certificate x509Certificate2 = this.f6720k;
        if (x509Certificate2 != null) {
            d(this.d, this.e, x509Certificate, x509Certificate2);
        }
        this.f6720k = x509Certificate;
    }

    @Override // java.security.cert.PKIXCertPathChecker
    public Set<String> getSupportedExtensions() {
        return null;
    }

    @Override // java.security.cert.PKIXCertPathChecker, java.security.cert.CertPathChecker
    public void init(boolean z) throws CertPathValidatorException {
        if (z) {
            throw new CertPathValidatorException("forward checking not supported");
        }
        this.f6720k = null;
    }

    @Override // java.security.cert.PKIXCertPathChecker, java.security.cert.CertPathChecker
    public boolean isForwardCheckingSupported() {
        return false;
    }
}
