package ez;

import java.io.IOException;
import java.security.AlgorithmParameters;
import java.security.GeneralSecurityException;
import java.security.cert.CertPathValidatorException;
import java.security.cert.Certificate;
import java.security.cert.PKIXCertPathChecker;
import java.security.cert.X509Certificate;
import java.util.Arrays;
import java.util.Collection;
import java.util.Collections;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Map;
import java.util.Objects;
import java.util.Set;

/* loaded from: classes2.dex */
public class c0 extends PKIXCertPathChecker {

    /* renamed from: d, reason: collision with root package name */
    public static final Map<String, String> f18745d;

    /* renamed from: e, reason: collision with root package name */
    public static final Set<String> f18746e;

    /* renamed from: f, reason: collision with root package name */
    public static final byte[] f18747f;

    /* renamed from: g, reason: collision with root package name */
    public static final String f18748g;

    /* renamed from: h, reason: collision with root package name */
    public static final String f18749h;

    /* renamed from: i, reason: collision with root package name */
    public static final String f18750i;

    /* renamed from: j, reason: collision with root package name */
    public static final String f18751j;

    /* renamed from: k, reason: collision with root package name */
    public static final String f18752k;

    /* renamed from: l, reason: collision with root package name */
    public static final String f18753l;

    /* renamed from: a, reason: collision with root package name */
    public final yy.c f18754a;

    /* renamed from: b, reason: collision with root package name */
    public final dz.a f18755b;

    /* renamed from: c, reason: collision with root package name */
    public X509Certificate f18756c;

    static {
        HashMap hashMap = new HashMap(4);
        hashMap.put(vw.a.f36730c.f33170a, "Ed25519");
        hashMap.put(vw.a.f36731d.f33170a, "Ed448");
        qw.n nVar = hx.b.f21662g;
        hashMap.put(nVar.f33170a, "SHA1withDSA");
        qw.n nVar2 = qx.n.f33282j2;
        hashMap.put(nVar2.f33170a, "SHA1withDSA");
        f18745d = Collections.unmodifiableMap(hashMap);
        HashSet hashSet = new HashSet();
        hashSet.add(nVar.f33170a);
        hashSet.add(nVar2.f33170a);
        hashSet.add(ix.o.f24395j0.f33170a);
        f18746e = Collections.unmodifiableSet(hashSet);
        f18747f = new byte[]{5, 0};
        f18748g = org.bouncycastle.jsse.provider.d.k("SHA256withRSAandMGF1", "RSASSA-PSS");
        f18749h = org.bouncycastle.jsse.provider.d.k("SHA384withRSAandMGF1", "RSASSA-PSS");
        f18750i = org.bouncycastle.jsse.provider.d.k("SHA512withRSAandMGF1", "RSASSA-PSS");
        f18751j = org.bouncycastle.jsse.provider.d.k("SHA256withRSAandMGF1", "RSA");
        f18752k = org.bouncycastle.jsse.provider.d.k("SHA384withRSAandMGF1", "RSA");
        f18753l = org.bouncycastle.jsse.provider.d.k("SHA512withRSAandMGF1", "RSA");
    }

    public c0(yy.c cVar, dz.a aVar) {
        Objects.requireNonNull(cVar, "'helper' cannot be null");
        Objects.requireNonNull(aVar, "'algorithmConstraints' cannot be null");
        this.f18754a = cVar;
        this.f18755b = aVar;
        this.f18756c = null;
    }

    public static void c(yy.c cVar, dz.a aVar, Set<X509Certificate> set, X509Certificate[] x509CertificateArr, px.c0 c0Var, int i11) {
        int length = x509CertificateArr.length;
        while (length > 0 && set.contains(x509CertificateArr[length - 1])) {
            length--;
        }
        if (length < x509CertificateArr.length) {
            X509Certificate x509Certificate = x509CertificateArr[length];
            if (length > 0) {
                e(cVar, aVar, x509CertificateArr[length - 1], x509Certificate);
            }
        } else {
            X509Certificate x509Certificate2 = x509CertificateArr[length - 1];
            String g11 = g(x509Certificate2, null);
            if (!org.bouncycastle.jsse.provider.d.t(g11)) {
                throw new CertPathValidatorException();
            }
            if (!aVar.permits(org.bouncycastle.jsse.provider.d.f30555f, g11, h(cVar, x509Certificate2))) {
                throw new CertPathValidatorException();
            }
        }
        c0 c0Var2 = new c0(cVar, aVar);
        c0Var2.init(false);
        for (int i12 = length - 1; i12 >= 0; i12--) {
            c0Var2.check(x509CertificateArr[i12], Collections.emptySet());
        }
        d(aVar, x509CertificateArr[0], c0Var, i11);
    }

    /* JADX WARN: Code restructure failed: missing block: B:35:0x001f, code lost:
    
        if (r2.contains(px.c0.f32160b.f32164a.f33170a) != false) goto L10;
     */
    /* JADX WARN: Removed duplicated region for block: B:28:0x00c1 A[ORIG_RETURN, RETURN] */
    /* JADX WARN: Removed duplicated region for block: B:38:0x0026  */
    /* JADX WARN: Removed duplicated region for block: B:4:0x0064  */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public static void d(dz.a r4, java.security.cert.X509Certificate r5, px.c0 r6, int r7) {
        /*
            r0 = 0
            java.lang.String r1 = "Certificate doesn't support '"
            if (r6 == 0) goto L62
            java.util.List r2 = r5.getExtendedKeyUsage()     // Catch: java.security.cert.CertificateParsingException -> L23
            if (r2 == 0) goto L21
            qw.n r3 = r6.f32164a     // Catch: java.security.cert.CertificateParsingException -> L23
            java.lang.String r3 = r3.f33170a     // Catch: java.security.cert.CertificateParsingException -> L23
            boolean r3 = r2.contains(r3)     // Catch: java.security.cert.CertificateParsingException -> L23
            if (r3 != 0) goto L21
            px.c0 r3 = px.c0.f32160b     // Catch: java.security.cert.CertificateParsingException -> L23
            qw.n r3 = r3.f32164a     // Catch: java.security.cert.CertificateParsingException -> L23
            java.lang.String r3 = r3.f33170a     // Catch: java.security.cert.CertificateParsingException -> L23
            boolean r2 = r2.contains(r3)     // Catch: java.security.cert.CertificateParsingException -> L23
            if (r2 == 0) goto L23
        L21:
            r2 = 1
            goto L24
        L23:
            r2 = 0
        L24:
            if (r2 != 0) goto L62
            java.security.cert.CertPathValidatorException r4 = new java.security.cert.CertPathValidatorException
            java.lang.StringBuilder r5 = c.d.a(r1)
            px.c0 r7 = px.c0.f32162d
            boolean r7 = r7.equals(r6)
            if (r7 != 0) goto L56
            px.c0 r7 = px.c0.f32161c
            boolean r7 = r7.equals(r6)
            if (r7 == 0) goto L3f
            java.lang.String r6 = "serverAuth"
            goto L58
        L3f:
            java.lang.StringBuilder r7 = new java.lang.StringBuilder
            r7.<init>()
            java.lang.String r0 = "("
            r7.append(r0)
            r7.append(r6)
            java.lang.String r6 = ")"
            r7.append(r6)
            java.lang.String r6 = r7.toString()
            goto L58
        L56:
            java.lang.String r6 = "clientAuth"
        L58:
            java.lang.String r7 = "' ExtendedKeyUsage"
            java.lang.String r5 = d.d.a(r5, r6, r7)
            r4.<init>(r5)
            throw r4
        L62:
            if (r7 < 0) goto Lc1
            boolean[] r6 = r5.getKeyUsage()
            if (r6 == 0) goto L71
            int r2 = r6.length
            if (r2 <= r7) goto L72
            boolean r6 = r6[r7]
            if (r6 == 0) goto L72
        L71:
            r0 = 1
        L72:
            java.lang.String r6 = "' KeyUsage"
            if (r0 == 0) goto La9
            r0 = 2
            if (r7 == r0) goto L82
            r0 = 4
            if (r7 == r0) goto L7f
            java.util.Set<org.bouncycastle.jsse.java.security.BCCryptoPrimitive> r0 = org.bouncycastle.jsse.provider.d.f30555f
            goto L84
        L7f:
            java.util.Set<org.bouncycastle.jsse.java.security.BCCryptoPrimitive> r0 = org.bouncycastle.jsse.provider.d.f30553d
            goto L84
        L82:
            java.util.Set<org.bouncycastle.jsse.java.security.BCCryptoPrimitive> r0 = org.bouncycastle.jsse.provider.d.f30554e
        L84:
            java.security.PublicKey r5 = r5.getPublicKey()
            boolean r4 = r4.permits(r0, r5)
            if (r4 == 0) goto L8f
            goto Lc1
        L8f:
            java.security.cert.CertPathValidatorException r4 = new java.security.cert.CertPathValidatorException
            java.lang.String r5 = "Public key not permitted for '"
            java.lang.StringBuilder r5 = c.d.a(r5)
            java.lang.String r7 = f(r7)
            r5.append(r7)
            r5.append(r6)
            java.lang.String r5 = r5.toString()
            r4.<init>(r5)
            throw r4
        La9:
            java.security.cert.CertPathValidatorException r4 = new java.security.cert.CertPathValidatorException
            java.lang.StringBuilder r5 = c.d.a(r1)
            java.lang.String r7 = f(r7)
            r5.append(r7)
            r5.append(r6)
            java.lang.String r5 = r5.toString()
            r4.<init>(r5)
            throw r4
        Lc1:
            return
        */
        throw new UnsupportedOperationException("Method not decompiled: ez.c0.d(dz.a, java.security.cert.X509Certificate, px.c0, int):void");
    }

    public static void e(yy.c cVar, dz.a aVar, X509Certificate x509Certificate, X509Certificate x509Certificate2) {
        String g11 = g(x509Certificate, x509Certificate2);
        if (!org.bouncycastle.jsse.provider.d.t(g11)) {
            throw new CertPathValidatorException();
        }
        if (!aVar.permits(org.bouncycastle.jsse.provider.d.f30555f, g11, x509Certificate2.getPublicKey(), h(cVar, x509Certificate))) {
            throw new CertPathValidatorException();
        }
    }

    public static String f(int i11) {
        return i11 != 0 ? i11 != 2 ? i11 != 4 ? i.e.a("(", i11, ")") : "keyAgreement" : "keyEncipherment" : "digitalSignature";
    }

    public static String g(X509Certificate x509Certificate, X509Certificate x509Certificate2) {
        qw.n nVar;
        String sigAlgOID = x509Certificate.getSigAlgOID();
        String str = f18745d.get(sigAlgOID);
        if (str != null) {
            return str;
        }
        if (!ix.o.f24395j0.f33170a.equals(sigAlgOID)) {
            return x509Certificate.getSigAlgName();
        }
        ix.v s11 = ix.v.s(x509Certificate.getSigAlgParams());
        if (s11 != null && (nVar = s11.f24450a.f32149a) != null) {
            if (x509Certificate2 != null) {
                x509Certificate = x509Certificate2;
            }
            try {
                k00.d dVar = new k00.d((k00.f) null, x509Certificate);
                if (dx.b.f17783a.y(nVar)) {
                    if (dVar.g((short) 9)) {
                        return f18748g;
                    }
                    if (dVar.g((short) 4)) {
                        return f18751j;
                    }
                } else if (dx.b.f17785b.y(nVar)) {
                    if (dVar.g((short) 10)) {
                        return f18749h;
                    }
                    if (dVar.g((short) 5)) {
                        return f18752k;
                    }
                } else if (dx.b.f17787c.y(nVar)) {
                    if (dVar.g((short) 11)) {
                        return f18750i;
                    }
                    if (dVar.g((short) 6)) {
                        return f18753l;
                    }
                }
            } catch (IOException unused) {
            }
        }
        return null;
    }

    public static AlgorithmParameters h(yy.c cVar, X509Certificate x509Certificate) {
        byte[] sigAlgParams = x509Certificate.getSigAlgParams();
        if (sigAlgParams == null) {
            return null;
        }
        String sigAlgOID = x509Certificate.getSigAlgOID();
        if (f18746e.contains(sigAlgOID) && Arrays.equals(f18747f, sigAlgParams)) {
            return null;
        }
        try {
            AlgorithmParameters k11 = cVar.k(sigAlgOID);
            try {
                k11.init(sigAlgParams);
                return k11;
            } catch (Exception e11) {
                throw new CertPathValidatorException(e11);
            }
        } catch (GeneralSecurityException unused) {
            return null;
        }
    }

    @Override // java.security.cert.PKIXCertPathChecker
    public void check(Certificate certificate, Collection<String> collection) {
        if (!(certificate instanceof X509Certificate)) {
            throw new CertPathValidatorException("checker can only be used for X.509 certificates");
        }
        X509Certificate x509Certificate = (X509Certificate) certificate;
        X509Certificate x509Certificate2 = this.f18756c;
        if (x509Certificate2 != null) {
            e(this.f18754a, this.f18755b, x509Certificate, x509Certificate2);
        }
        this.f18756c = x509Certificate;
    }

    @Override // java.security.cert.PKIXCertPathChecker
    public Set<String> getSupportedExtensions() {
        return null;
    }

    @Override // java.security.cert.PKIXCertPathChecker, java.security.cert.CertPathChecker
    public void init(boolean z11) {
        if (z11) {
            throw new CertPathValidatorException("forward checking not supported");
        }
        this.f18756c = null;
    }

    @Override // java.security.cert.PKIXCertPathChecker, java.security.cert.CertPathChecker
    public boolean isForwardCheckingSupported() {
        return false;
    }
}
