package org.bouncycastle.jcajce.provider.asymmetric.x509;

import gi.d;
import hi.g;
import hi.h;
import hi.l;
import hi.m;
import hi.n;
import hi.s;
import hi.x;
import java.io.BufferedOutputStream;
import java.io.IOException;
import java.math.BigInteger;
import java.net.InetAddress;
import java.net.UnknownHostException;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.Principal;
import java.security.Provider;
import java.security.PublicKey;
import java.security.Signature;
import java.security.SignatureException;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateExpiredException;
import java.security.cert.CertificateNotYetValidException;
import java.security.cert.CertificateParsingException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Collections;
import java.util.Date;
import java.util.Enumeration;
import java.util.HashSet;
import java.util.List;
import java.util.Set;
import javax.security.auth.x500.X500Principal;
import org.bouncycastle.asn1.b0;
import org.bouncycastle.asn1.e0;
import org.bouncycastle.asn1.i1;
import org.bouncycastle.asn1.o;
import org.bouncycastle.asn1.p1;
import org.bouncycastle.asn1.u;
import org.bouncycastle.asn1.v;
import org.bouncycastle.asn1.y;
import org.bouncycastle.jcajce.CompositePublicKey;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.util.Strings;
import org.bouncycastle.util.e;
import org.bouncycastle.util.i;
import org.spongycastle.asn1.ASN1Encoding;

/* loaded from: classes3.dex */
abstract class X509CertificateImpl extends X509Certificate {
    protected g basicConstraints;
    protected org.bouncycastle.jcajce.util.b bcHelper;

    /* renamed from: c, reason: collision with root package name */
    protected h f18687c;
    protected boolean[] keyUsage;
    protected String sigAlgName;
    protected byte[] sigAlgParams;

    /* loaded from: classes3.dex */
    class a implements org.bouncycastle.jcajce.provider.asymmetric.x509.a {
        a() {
        }

        @Override // org.bouncycastle.jcajce.provider.asymmetric.x509.a
        public Signature createSignature(String str) {
            try {
                return X509CertificateImpl.this.bcHelper.createSignature(str);
            } catch (Exception unused) {
                return Signature.getInstance(str);
            }
        }
    }

    /* loaded from: classes3.dex */
    class b implements org.bouncycastle.jcajce.provider.asymmetric.x509.a {

        /* renamed from: a, reason: collision with root package name */
        final /* synthetic */ String f18689a;

        b(String str) {
            this.f18689a = str;
        }

        @Override // org.bouncycastle.jcajce.provider.asymmetric.x509.a
        public Signature createSignature(String str) {
            String str2 = this.f18689a;
            return str2 != null ? Signature.getInstance(str, str2) : Signature.getInstance(str);
        }
    }

    /* loaded from: classes3.dex */
    class c implements org.bouncycastle.jcajce.provider.asymmetric.x509.a {

        /* renamed from: a, reason: collision with root package name */
        final /* synthetic */ Provider f18691a;

        c(Provider provider) {
            this.f18691a = provider;
        }

        @Override // org.bouncycastle.jcajce.provider.asymmetric.x509.a
        public Signature createSignature(String str) {
            Provider provider = this.f18691a;
            return provider != null ? Signature.getInstance(str, provider) : Signature.getInstance(str);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public X509CertificateImpl(org.bouncycastle.jcajce.util.b bVar, h hVar, g gVar, boolean[] zArr, String str, byte[] bArr) {
        this.bcHelper = bVar;
        this.f18687c = hVar;
        this.basicConstraints = gVar;
        this.keyUsage = zArr;
        this.sigAlgName = str;
        this.sigAlgParams = bArr;
    }

    private void checkSignature(PublicKey publicKey, Signature signature, org.bouncycastle.asn1.g gVar, byte[] bArr) {
        if (!isAlgIdEqual(this.f18687c.j(), this.f18687c.n().k())) {
            throw new CertificateException("signature algorithm in TBS cert not same as outer cert");
        }
        org.bouncycastle.jcajce.provider.asymmetric.x509.b.g(signature, gVar);
        signature.initVerify(publicKey);
        try {
            BufferedOutputStream bufferedOutputStream = new BufferedOutputStream(pi.a.a(signature), 512);
            this.f18687c.n().c(bufferedOutputStream, ASN1Encoding.DER);
            bufferedOutputStream.close();
            if (!signature.verify(bArr)) {
                throw new SignatureException("certificate does not verify with supplied key");
            }
        } catch (IOException e10) {
            throw new CertificateEncodingException(e10.toString());
        }
    }

    private void doVerify(PublicKey publicKey, org.bouncycastle.jcajce.provider.asymmetric.x509.a aVar) {
        boolean z10 = publicKey instanceof CompositePublicKey;
        int i10 = 0;
        if (z10 && org.bouncycastle.jcajce.provider.asymmetric.x509.b.d(this.f18687c.j())) {
            List<PublicKey> publicKeys = ((CompositePublicKey) publicKey).getPublicKeys();
            b0 q10 = b0.q(this.f18687c.j().h());
            b0 q11 = b0.q(i1.w(this.f18687c.i()).p());
            boolean z11 = false;
            while (i10 != publicKeys.size()) {
                if (publicKeys.get(i10) != null) {
                    hi.a f10 = hi.a.f(q10.s(i10));
                    try {
                        checkSignature(publicKeys.get(i10), aVar.createSignature(org.bouncycastle.jcajce.provider.asymmetric.x509.b.c(f10)), f10.h(), i1.w(q11.s(i10)).p());
                        e = null;
                        z11 = true;
                    } catch (SignatureException e10) {
                        e = e10;
                    }
                    if (e != null) {
                        throw e;
                    }
                }
                i10++;
            }
            if (!z11) {
                throw new InvalidKeyException("no matching key found");
            }
            return;
        }
        if (!org.bouncycastle.jcajce.provider.asymmetric.x509.b.d(this.f18687c.j())) {
            Signature createSignature = aVar.createSignature(org.bouncycastle.jcajce.provider.asymmetric.x509.b.c(this.f18687c.j()));
            if (!z10) {
                checkSignature(publicKey, createSignature, this.f18687c.j().h(), getSignature());
                return;
            }
            List<PublicKey> publicKeys2 = ((CompositePublicKey) publicKey).getPublicKeys();
            while (i10 != publicKeys2.size()) {
                try {
                    checkSignature(publicKeys2.get(i10), createSignature, this.f18687c.j().h(), getSignature());
                    return;
                } catch (InvalidKeyException unused) {
                    i10++;
                }
            }
            throw new InvalidKeyException("no matching signature found");
        }
        b0 q12 = b0.q(this.f18687c.j().h());
        b0 q13 = b0.q(i1.w(this.f18687c.i()).p());
        boolean z12 = false;
        while (i10 != q13.size()) {
            hi.a f11 = hi.a.f(q12.s(i10));
            try {
                checkSignature(publicKey, aVar.createSignature(org.bouncycastle.jcajce.provider.asymmetric.x509.b.c(f11)), f11.h(), i1.w(q13.s(i10)).p());
                e = null;
                z12 = true;
            } catch (InvalidKeyException | NoSuchAlgorithmException unused2) {
                e = null;
            } catch (SignatureException e11) {
                e = e11;
            }
            if (e != null) {
                throw e;
            }
            i10++;
        }
        if (!z12) {
            throw new InvalidKeyException("no matching key found");
        }
    }

    /* JADX WARN: Failed to find 'out' block for switch in B:10:0x0037. Please report as an issue. */
    private static Collection getAlternativeNames(h hVar, String str) {
        String string;
        byte[] extensionOctets = getExtensionOctets(hVar, str);
        if (extensionOctets == null) {
            return null;
        }
        try {
            ArrayList arrayList = new ArrayList();
            Enumeration t10 = b0.q(extensionOctets).t();
            while (t10.hasMoreElements()) {
                n e10 = n.e(t10.nextElement());
                ArrayList arrayList2 = new ArrayList();
                arrayList2.add(e.d(e10.g()));
                switch (e10.g()) {
                    case 0:
                    case 3:
                    case 5:
                        arrayList2.add(e10.getEncoded());
                        arrayList.add(Collections.unmodifiableList(arrayList2));
                    case 1:
                    case 2:
                    case 6:
                        string = ((e0) e10.f()).getString();
                        arrayList2.add(string);
                        arrayList.add(Collections.unmodifiableList(arrayList2));
                    case 4:
                        string = fi.c.e(d.V, e10.f()).toString();
                        arrayList2.add(string);
                        arrayList.add(Collections.unmodifiableList(arrayList2));
                    case 7:
                        try {
                            string = InetAddress.getByAddress(v.p(e10.f()).r()).getHostAddress();
                            arrayList2.add(string);
                            arrayList.add(Collections.unmodifiableList(arrayList2));
                        } catch (UnknownHostException unused) {
                        }
                    case 8:
                        string = u.u(e10.f()).t();
                        arrayList2.add(string);
                        arrayList.add(Collections.unmodifiableList(arrayList2));
                    default:
                        throw new IOException("Bad tag number: " + e10.g());
                }
            }
            if (arrayList.size() == 0) {
                return null;
            }
            return Collections.unmodifiableCollection(arrayList);
        } catch (Exception e11) {
            throw new CertificateParsingException(e11.getMessage());
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static byte[] getExtensionOctets(h hVar, String str) {
        v extensionValue = getExtensionValue(hVar, str);
        if (extensionValue != null) {
            return extensionValue.r();
        }
        return null;
    }

    protected static v getExtensionValue(h hVar, String str) {
        l f10;
        m f11 = hVar.n().f();
        if (f11 == null || (f10 = f11.f(new u(str))) == null) {
            return null;
        }
        return f10.g();
    }

    private boolean isAlgIdEqual(hi.a aVar, hi.a aVar2) {
        if (!aVar.e().k(aVar2.e())) {
            return false;
        }
        if (i.b("org.bouncycastle.x509.allow_absent_equiv_NULL")) {
            if (aVar.h() == null) {
                return aVar2.h() == null || aVar2.h().equals(p1.f18570b);
            }
            if (aVar2.h() == null) {
                return aVar.h() == null || aVar.h().equals(p1.f18570b);
            }
        }
        if (aVar.h() != null) {
            return aVar.h().equals(aVar2.h());
        }
        if (aVar2.h() != null) {
            return aVar2.h().equals(aVar.h());
        }
        return true;
    }

    @Override // java.security.cert.X509Certificate
    public void checkValidity() {
        checkValidity(new Date());
    }

    @Override // java.security.cert.X509Certificate
    public void checkValidity(Date date) {
        if (date.getTime() > getNotAfter().getTime()) {
            throw new CertificateExpiredException("certificate expired on " + this.f18687c.e().g());
        }
        if (date.getTime() >= getNotBefore().getTime()) {
            return;
        }
        throw new CertificateNotYetValidException("certificate not valid till " + this.f18687c.k().g());
    }

    @Override // java.security.cert.X509Certificate
    public int getBasicConstraints() {
        g gVar = this.basicConstraints;
        if (gVar == null || !gVar.g()) {
            return -1;
        }
        if (this.basicConstraints.f() == null) {
            return Integer.MAX_VALUE;
        }
        return this.basicConstraints.f().intValue();
    }

    @Override // java.security.cert.X509Extension
    public Set getCriticalExtensionOIDs() {
        if (getVersion() != 3) {
            return null;
        }
        HashSet hashSet = new HashSet();
        m f10 = this.f18687c.n().f();
        if (f10 == null) {
            return null;
        }
        Enumeration k10 = f10.k();
        while (k10.hasMoreElements()) {
            u uVar = (u) k10.nextElement();
            if (f10.f(uVar).j()) {
                hashSet.add(uVar.t());
            }
        }
        return hashSet;
    }

    @Override // java.security.cert.X509Certificate
    public List getExtendedKeyUsage() {
        byte[] extensionOctets = getExtensionOctets(this.f18687c, "2.5.29.37");
        if (extensionOctets == null) {
            return null;
        }
        try {
            b0 q10 = b0.q(y.l(extensionOctets));
            ArrayList arrayList = new ArrayList();
            for (int i10 = 0; i10 != q10.size(); i10++) {
                arrayList.add(((u) q10.s(i10)).t());
            }
            return Collections.unmodifiableList(arrayList);
        } catch (Exception unused) {
            throw new CertificateParsingException("error processing extended key usage extension");
        }
    }

    @Override // java.security.cert.X509Extension
    public byte[] getExtensionValue(String str) {
        v extensionValue = getExtensionValue(this.f18687c, str);
        if (extensionValue == null) {
            return null;
        }
        try {
            return extensionValue.getEncoded();
        } catch (Exception e10) {
            throw new IllegalStateException("error parsing " + e10.toString());
        }
    }

    @Override // java.security.cert.X509Certificate
    public Collection getIssuerAlternativeNames() {
        return getAlternativeNames(this.f18687c, l.f12710j.t());
    }

    @Override // java.security.cert.X509Certificate
    public Principal getIssuerDN() {
        return new org.bouncycastle.jce.b(this.f18687c.g());
    }

    @Override // java.security.cert.X509Certificate
    public boolean[] getIssuerUniqueID() {
        org.bouncycastle.asn1.c i10 = this.f18687c.n().i();
        if (i10 == null) {
            return null;
        }
        byte[] p10 = i10.p();
        int length = (p10.length * 8) - i10.b();
        boolean[] zArr = new boolean[length];
        for (int i11 = 0; i11 != length; i11++) {
            zArr[i11] = (p10[i11 / 8] & (128 >>> (i11 % 8))) != 0;
        }
        return zArr;
    }

    public fi.c getIssuerX500Name() {
        return this.f18687c.g();
    }

    @Override // java.security.cert.X509Certificate
    public X500Principal getIssuerX500Principal() {
        try {
            return new X500Principal(this.f18687c.g().d(ASN1Encoding.DER));
        } catch (IOException unused) {
            throw new IllegalStateException("can't encode issuer DN");
        }
    }

    @Override // java.security.cert.X509Certificate
    public boolean[] getKeyUsage() {
        return org.bouncycastle.util.a.j(this.keyUsage);
    }

    @Override // java.security.cert.X509Extension
    public Set getNonCriticalExtensionOIDs() {
        if (getVersion() != 3) {
            return null;
        }
        HashSet hashSet = new HashSet();
        m f10 = this.f18687c.n().f();
        if (f10 == null) {
            return null;
        }
        Enumeration k10 = f10.k();
        while (k10.hasMoreElements()) {
            u uVar = (u) k10.nextElement();
            if (!f10.f(uVar).j()) {
                hashSet.add(uVar.t());
            }
        }
        return hashSet;
    }

    @Override // java.security.cert.X509Certificate
    public Date getNotAfter() {
        return this.f18687c.e().e();
    }

    @Override // java.security.cert.X509Certificate
    public Date getNotBefore() {
        return this.f18687c.k().e();
    }

    @Override // java.security.cert.Certificate
    public PublicKey getPublicKey() {
        try {
            return BouncyCastleProvider.getPublicKey(this.f18687c.m());
        } catch (IOException unused) {
            return null;
        }
    }

    @Override // java.security.cert.X509Certificate
    public BigInteger getSerialNumber() {
        return this.f18687c.h().s();
    }

    @Override // java.security.cert.X509Certificate
    public String getSigAlgName() {
        return this.sigAlgName;
    }

    @Override // java.security.cert.X509Certificate
    public String getSigAlgOID() {
        return this.f18687c.j().e().t();
    }

    @Override // java.security.cert.X509Certificate
    public byte[] getSigAlgParams() {
        return org.bouncycastle.util.a.e(this.sigAlgParams);
    }

    @Override // java.security.cert.X509Certificate
    public byte[] getSignature() {
        return this.f18687c.i().s();
    }

    @Override // java.security.cert.X509Certificate
    public Collection getSubjectAlternativeNames() {
        return getAlternativeNames(this.f18687c, l.f12709h.t());
    }

    @Override // java.security.cert.X509Certificate
    public Principal getSubjectDN() {
        return new org.bouncycastle.jce.b(this.f18687c.l());
    }

    @Override // java.security.cert.X509Certificate
    public boolean[] getSubjectUniqueID() {
        org.bouncycastle.asn1.c o10 = this.f18687c.n().o();
        if (o10 == null) {
            return null;
        }
        byte[] p10 = o10.p();
        int length = (p10.length * 8) - o10.b();
        boolean[] zArr = new boolean[length];
        for (int i10 = 0; i10 != length; i10++) {
            zArr[i10] = (p10[i10 / 8] & (128 >>> (i10 % 8))) != 0;
        }
        return zArr;
    }

    public fi.c getSubjectX500Name() {
        return this.f18687c.l();
    }

    @Override // java.security.cert.X509Certificate
    public X500Principal getSubjectX500Principal() {
        try {
            return new X500Principal(this.f18687c.l().d(ASN1Encoding.DER));
        } catch (IOException unused) {
            throw new IllegalStateException("can't encode subject DN");
        }
    }

    @Override // java.security.cert.X509Certificate
    public byte[] getTBSCertificate() {
        try {
            return this.f18687c.n().d(ASN1Encoding.DER);
        } catch (IOException e10) {
            throw new CertificateEncodingException(e10.toString());
        }
    }

    public x getTBSCertificateNative() {
        return this.f18687c.n();
    }

    @Override // java.security.cert.X509Certificate
    public int getVersion() {
        return this.f18687c.o();
    }

    @Override // java.security.cert.X509Extension
    public boolean hasUnsupportedCriticalExtension() {
        m f10;
        if (getVersion() != 3 || (f10 = this.f18687c.n().f()) == null) {
            return false;
        }
        Enumeration k10 = f10.k();
        while (k10.hasMoreElements()) {
            u uVar = (u) k10.nextElement();
            if (!uVar.k(l.f12707f) && !uVar.k(l.f12721y) && !uVar.k(l.f12722z) && !uVar.k(l.F) && !uVar.k(l.f12720x) && !uVar.k(l.f12717t) && !uVar.k(l.f12716q) && !uVar.k(l.B) && !uVar.k(l.f12711k) && !uVar.k(l.f12709h) && !uVar.k(l.f12719w) && f10.f(uVar).j()) {
                return true;
            }
        }
        return false;
    }

    @Override // java.security.cert.Certificate
    public String toString() {
        Object dVar;
        StringBuffer stringBuffer = new StringBuffer();
        String d10 = Strings.d();
        stringBuffer.append("  [0]         Version: ");
        stringBuffer.append(getVersion());
        stringBuffer.append(d10);
        stringBuffer.append("         SerialNumber: ");
        stringBuffer.append(getSerialNumber());
        stringBuffer.append(d10);
        stringBuffer.append("             IssuerDN: ");
        stringBuffer.append(getIssuerDN());
        stringBuffer.append(d10);
        stringBuffer.append("           Start Date: ");
        stringBuffer.append(getNotBefore());
        stringBuffer.append(d10);
        stringBuffer.append("           Final Date: ");
        stringBuffer.append(getNotAfter());
        stringBuffer.append(d10);
        stringBuffer.append("            SubjectDN: ");
        stringBuffer.append(getSubjectDN());
        stringBuffer.append(d10);
        stringBuffer.append("           Public Key: ");
        stringBuffer.append(getPublicKey());
        stringBuffer.append(d10);
        stringBuffer.append("  Signature Algorithm: ");
        stringBuffer.append(getSigAlgName());
        stringBuffer.append(d10);
        org.bouncycastle.jcajce.provider.asymmetric.x509.b.f(getSignature(), stringBuffer, d10);
        m f10 = this.f18687c.n().f();
        if (f10 != null) {
            Enumeration k10 = f10.k();
            if (k10.hasMoreElements()) {
                stringBuffer.append("       Extensions: \n");
            }
            while (k10.hasMoreElements()) {
                u uVar = (u) k10.nextElement();
                l f11 = f10.f(uVar);
                if (f11.g() != null) {
                    o oVar = new o(f11.g().r());
                    stringBuffer.append("                       critical(");
                    stringBuffer.append(f11.j());
                    stringBuffer.append(") ");
                    try {
                    } catch (Exception unused) {
                        stringBuffer.append(uVar.t());
                        stringBuffer.append(" value = ");
                        stringBuffer.append("*****");
                    }
                    if (uVar.k(l.f12711k)) {
                        dVar = g.e(oVar.m());
                    } else if (uVar.k(l.f12707f)) {
                        dVar = s.e(oVar.m());
                    } else if (uVar.k(wh.a.f23035b)) {
                        dVar = new wh.b(i1.w(oVar.m()));
                    } else if (uVar.k(wh.a.f23037d)) {
                        dVar = new wh.c(org.bouncycastle.asn1.n.p(oVar.m()));
                    } else if (uVar.k(wh.a.f23044k)) {
                        dVar = new wh.d(org.bouncycastle.asn1.n.p(oVar.m()));
                    } else {
                        stringBuffer.append(uVar.t());
                        stringBuffer.append(" value = ");
                        stringBuffer.append(ei.a.c(oVar.m()));
                        stringBuffer.append(d10);
                    }
                    stringBuffer.append(dVar);
                    stringBuffer.append(d10);
                }
                stringBuffer.append(d10);
            }
        }
        return stringBuffer.toString();
    }

    @Override // java.security.cert.Certificate
    public final void verify(PublicKey publicKey) {
        doVerify(publicKey, new a());
    }

    @Override // java.security.cert.Certificate
    public final void verify(PublicKey publicKey, String str) {
        doVerify(publicKey, new b(str));
    }

    @Override // java.security.cert.X509Certificate, java.security.cert.Certificate
    public final void verify(PublicKey publicKey, Provider provider) {
        try {
            doVerify(publicKey, new c(provider));
        } catch (NoSuchProviderException e10) {
            throw new NoSuchAlgorithmException("provider issue: " + e10.getMessage());
        }
    }
}
