package com.amazon.coral.internal.org.bouncycastle.cert.path.validations;

import com.amazon.coral.internal.org.bouncycastle.asn1.C$ASN1Encodable;
import com.amazon.coral.internal.org.bouncycastle.asn1.C$ASN1Null;
import com.amazon.coral.internal.org.bouncycastle.asn1.x500.C$X500Name;
import com.amazon.coral.internal.org.bouncycastle.asn1.x509.C$AlgorithmIdentifier;
import com.amazon.coral.internal.org.bouncycastle.asn1.x509.C$SubjectPublicKeyInfo;
import com.amazon.coral.internal.org.bouncycastle.cert.C$CertException;
import com.amazon.coral.internal.org.bouncycastle.cert.C$X509CertificateHolder;
import com.amazon.coral.internal.org.bouncycastle.cert.C$X509ContentVerifierProviderBuilder;
import com.amazon.coral.internal.org.bouncycastle.cert.path.C$CertPathValidation;
import com.amazon.coral.internal.org.bouncycastle.cert.path.C$CertPathValidationContext;
import com.amazon.coral.internal.org.bouncycastle.cert.path.C$CertPathValidationException;
import com.amazon.coral.internal.org.bouncycastle.operator.C$OperatorCreationException;
import com.amazon.coral.internal.org.bouncycastle.util.C$Memoable;
import java.io.IOException;

/* renamed from: com.amazon.coral.internal.org.bouncycastle.cert.path.validations.$ParentCertIssuedValidation, reason: invalid class name */
/* loaded from: classes2.dex */
public class C$ParentCertIssuedValidation implements C$CertPathValidation {
    private C$X509ContentVerifierProviderBuilder contentVerifierProvider;
    private C$AlgorithmIdentifier workingAlgId;
    private C$X500Name workingIssuerName;
    private C$SubjectPublicKeyInfo workingPublicKey;

    public C$ParentCertIssuedValidation(C$X509ContentVerifierProviderBuilder c$X509ContentVerifierProviderBuilder) {
        this.contentVerifierProvider = c$X509ContentVerifierProviderBuilder;
    }

    private boolean isNull(C$ASN1Encodable c$ASN1Encodable) {
        return c$ASN1Encodable == null || (c$ASN1Encodable instanceof C$ASN1Null);
    }

    @Override // com.amazon.coral.internal.org.bouncycastle.util.C$Memoable
    public C$Memoable copy() {
        C$ParentCertIssuedValidation c$ParentCertIssuedValidation = new C$ParentCertIssuedValidation(this.contentVerifierProvider);
        c$ParentCertIssuedValidation.workingAlgId = this.workingAlgId;
        c$ParentCertIssuedValidation.workingIssuerName = this.workingIssuerName;
        c$ParentCertIssuedValidation.workingPublicKey = this.workingPublicKey;
        return c$ParentCertIssuedValidation;
    }

    @Override // com.amazon.coral.internal.org.bouncycastle.util.C$Memoable
    public void reset(C$Memoable c$Memoable) {
        C$ParentCertIssuedValidation c$ParentCertIssuedValidation = (C$ParentCertIssuedValidation) c$Memoable;
        this.contentVerifierProvider = c$ParentCertIssuedValidation.contentVerifierProvider;
        this.workingAlgId = c$ParentCertIssuedValidation.workingAlgId;
        this.workingIssuerName = c$ParentCertIssuedValidation.workingIssuerName;
        this.workingPublicKey = c$ParentCertIssuedValidation.workingPublicKey;
    }

    @Override // com.amazon.coral.internal.org.bouncycastle.cert.path.C$CertPathValidation
    public void validate(C$CertPathValidationContext c$CertPathValidationContext, C$X509CertificateHolder c$X509CertificateHolder) throws C$CertPathValidationException {
        if (this.workingIssuerName != null && !this.workingIssuerName.equals(c$X509CertificateHolder.getIssuer())) {
            throw new C$CertPathValidationException("Certificate issue does not match parent");
        }
        if (this.workingPublicKey != null) {
            try {
                if (!c$X509CertificateHolder.isSignatureValid(this.contentVerifierProvider.build(this.workingPublicKey.getAlgorithm().equals(this.workingAlgId) ? this.workingPublicKey : new C$SubjectPublicKeyInfo(this.workingAlgId, this.workingPublicKey.parsePublicKey())))) {
                    throw new C$CertPathValidationException("Certificate signature not for public key in parent");
                }
            } catch (C$CertException e) {
                throw new C$CertPathValidationException("Unable to validate signature: " + e.getMessage(), e);
            } catch (C$OperatorCreationException e2) {
                throw new C$CertPathValidationException("Unable to create verifier: " + e2.getMessage(), e2);
            } catch (IOException e3) {
                throw new C$CertPathValidationException("Unable to build public key: " + e3.getMessage(), e3);
            }
        }
        this.workingIssuerName = c$X509CertificateHolder.getSubject();
        this.workingPublicKey = c$X509CertificateHolder.getSubjectPublicKeyInfo();
        if (this.workingAlgId == null) {
            this.workingAlgId = this.workingPublicKey.getAlgorithm();
        } else if (!this.workingPublicKey.getAlgorithm().getAlgorithm().equals(this.workingAlgId.getAlgorithm())) {
            this.workingAlgId = this.workingPublicKey.getAlgorithm();
        } else {
            if (isNull(this.workingPublicKey.getAlgorithm().getParameters())) {
                return;
            }
            this.workingAlgId = this.workingPublicKey.getAlgorithm();
        }
    }
}
