package com.enterprisedt.bouncycastle.tls.crypto.impl.bc;

import com.enterprisedt.bouncycastle.asn1.ASN1ObjectIdentifier;
import com.enterprisedt.bouncycastle.asn1.j;
import com.enterprisedt.bouncycastle.asn1.x509.Certificate;
import com.enterprisedt.bouncycastle.asn1.x509.Extension;
import com.enterprisedt.bouncycastle.asn1.x509.Extensions;
import com.enterprisedt.bouncycastle.asn1.x509.KeyUsage;
import com.enterprisedt.bouncycastle.crypto.params.AsymmetricKeyParameter;
import com.enterprisedt.bouncycastle.crypto.params.DHPublicKeyParameters;
import com.enterprisedt.bouncycastle.crypto.params.DSAPublicKeyParameters;
import com.enterprisedt.bouncycastle.crypto.params.ECPublicKeyParameters;
import com.enterprisedt.bouncycastle.crypto.params.RSAKeyParameters;
import com.enterprisedt.bouncycastle.crypto.util.PublicKeyFactory;
import com.enterprisedt.bouncycastle.tls.TlsFatalAlert;
import com.enterprisedt.bouncycastle.tls.crypto.TlsCertificate;
import com.enterprisedt.bouncycastle.tls.crypto.TlsCryptoException;
import com.enterprisedt.bouncycastle.tls.crypto.TlsVerifier;
import com.enterprisedt.bouncycastle.util.Arrays;
import com.jcraft.jzlib.GZIPHeader;
import java.io.IOException;
import java.math.BigInteger;

/* loaded from: classes.dex */
public class BcTlsCertificate implements TlsCertificate {
    protected final Certificate certificate;
    protected final BcTlsCrypto crypto;
    protected DHPublicKeyParameters pubKeyDH;
    protected ECPublicKeyParameters pubKeyEC;
    protected RSAKeyParameters pubKeyRSA;

    public BcTlsCertificate(BcTlsCrypto bcTlsCrypto, Certificate certificate) {
        this.pubKeyDH = null;
        this.pubKeyEC = null;
        this.pubKeyRSA = null;
        this.crypto = bcTlsCrypto;
        this.certificate = certificate;
    }

    public BcTlsCertificate(BcTlsCrypto bcTlsCrypto, byte[] bArr) throws IOException {
        this(bcTlsCrypto, parseCertificate(bArr));
    }

    public static BcTlsCertificate convert(BcTlsCrypto bcTlsCrypto, TlsCertificate tlsCertificate) throws IOException {
        return tlsCertificate instanceof BcTlsCertificate ? (BcTlsCertificate) tlsCertificate : new BcTlsCertificate(bcTlsCrypto, tlsCertificate.getEncoded());
    }

    public static Certificate parseCertificate(byte[] bArr) throws IOException {
        try {
            return Certificate.getInstance(bArr);
        } catch (IllegalArgumentException e10) {
            throw new TlsCryptoException(j.o(e10, new StringBuilder("unable to decode certificate: ")), e10);
        }
    }

    @Override // com.enterprisedt.bouncycastle.tls.crypto.TlsCertificate
    public TlsVerifier createVerifier(short s10) throws IOException {
        validateKeyUsage(128);
        if (s10 == 1) {
            return new BcTlsRSAVerifier(this.crypto, getPubKeyRSA());
        }
        if (s10 == 2) {
            return new BcTlsDSAVerifier(this.crypto, getPubKeyDSS());
        }
        if (s10 == 3) {
            return new BcTlsECDSAVerifier(this.crypto, getPubKeyEC());
        }
        throw new TlsFatalAlert((short) 46);
    }

    @Override // com.enterprisedt.bouncycastle.tls.crypto.TlsCertificate
    public short getClientCertificateType() throws IOException {
        AsymmetricKeyParameter publicKey = getPublicKey();
        if (publicKey.isPrivate()) {
            throw new TlsFatalAlert((short) 80);
        }
        try {
            if (publicKey instanceof RSAKeyParameters) {
                validateKeyUsage(128);
                return (short) 1;
            }
            if (publicKey instanceof DSAPublicKeyParameters) {
                validateKeyUsage(128);
                return (short) 2;
            }
            if (!(publicKey instanceof ECPublicKeyParameters)) {
                throw new TlsFatalAlert((short) 43);
            }
            validateKeyUsage(128);
            return (short) 64;
        } catch (IOException e10) {
            throw e10;
        } catch (Exception e11) {
            throw new TlsFatalAlert((short) 43, e11);
        }
    }

    @Override // com.enterprisedt.bouncycastle.tls.crypto.TlsCertificate
    public byte[] getEncoded() throws IOException {
        return this.certificate.getEncoded("DER");
    }

    @Override // com.enterprisedt.bouncycastle.tls.crypto.TlsCertificate
    public byte[] getExtension(ASN1ObjectIdentifier aSN1ObjectIdentifier) throws IOException {
        Extension extension;
        Extensions extensions = this.certificate.getTBSCertificate().getExtensions();
        if (extensions == null || (extension = extensions.getExtension(aSN1ObjectIdentifier)) == null) {
            return null;
        }
        return Arrays.clone(extension.getExtnValue().getOctets());
    }

    public DHPublicKeyParameters getPubKeyDH() throws IOException {
        try {
            return (DHPublicKeyParameters) getPublicKey();
        } catch (RuntimeException e10) {
            throw new TlsFatalAlert((short) 46, e10);
        }
    }

    public DSAPublicKeyParameters getPubKeyDSS() throws IOException {
        try {
            return validatePubKeyDSS((DSAPublicKeyParameters) getPublicKey());
        } catch (ClassCastException e10) {
            throw new TlsFatalAlert((short) 46, e10);
        }
    }

    public ECPublicKeyParameters getPubKeyEC() throws IOException {
        try {
            return validatePubKeyEC((ECPublicKeyParameters) getPublicKey());
        } catch (ClassCastException e10) {
            throw new TlsFatalAlert((short) 46, e10);
        }
    }

    public RSAKeyParameters getPubKeyRSA() throws IOException {
        try {
            return validatePubKeyRSA((RSAKeyParameters) getPublicKey());
        } catch (ClassCastException e10) {
            throw new TlsFatalAlert((short) 46, e10);
        }
    }

    public AsymmetricKeyParameter getPublicKey() throws IOException {
        try {
            return PublicKeyFactory.createKey(this.certificate.getSubjectPublicKeyInfo());
        } catch (RuntimeException e10) {
            throw new TlsFatalAlert((short) 43, e10);
        }
    }

    @Override // com.enterprisedt.bouncycastle.tls.crypto.TlsCertificate
    public BigInteger getSerialNumber() {
        return this.certificate.getSerialNumber().getValue();
    }

    @Override // com.enterprisedt.bouncycastle.tls.crypto.TlsCertificate
    public String getSigAlgOID() {
        return this.certificate.getSignatureAlgorithm().getAlgorithm().getId();
    }

    @Override // com.enterprisedt.bouncycastle.tls.crypto.TlsCertificate
    public TlsCertificate useInRole(int i10, int i11) throws IOException {
        if (i11 == 7 || i11 == 9) {
            validateKeyUsage(8);
            this.pubKeyDH = getPubKeyDH();
            return this;
        }
        if (i11 == 16 || i11 == 18) {
            validateKeyUsage(8);
            this.pubKeyEC = getPubKeyEC();
            return this;
        }
        if (i10 != 0 || (i11 != 1 && i11 != 15)) {
            throw new TlsFatalAlert((short) 46);
        }
        validateKeyUsage(32);
        this.pubKeyRSA = getPubKeyRSA();
        return this;
    }

    public void validateKeyUsage(int i10) throws IOException {
        KeyUsage fromExtensions;
        Extensions extensions = this.certificate.getTBSCertificate().getExtensions();
        if (extensions != null && (fromExtensions = KeyUsage.fromExtensions(extensions)) != null && (fromExtensions.getBytes()[0] & GZIPHeader.OS_UNKNOWN & i10) != i10) {
            throw new TlsFatalAlert((short) 46);
        }
    }

    public DSAPublicKeyParameters validatePubKeyDSS(DSAPublicKeyParameters dSAPublicKeyParameters) throws IOException {
        return dSAPublicKeyParameters;
    }

    public ECPublicKeyParameters validatePubKeyEC(ECPublicKeyParameters eCPublicKeyParameters) throws IOException {
        return eCPublicKeyParameters;
    }

    public RSAKeyParameters validatePubKeyRSA(RSAKeyParameters rSAKeyParameters) throws IOException {
        return rSAKeyParameters;
    }
}
