package org.bouncycastle.jcajce.provider.asymmetric.x509;

import es.a01;
import es.b01;
import es.c01;
import es.e01;
import es.e21;
import es.jc1;
import es.v11;
import es.y11;
import java.io.BufferedOutputStream;
import java.io.IOException;
import java.math.BigInteger;
import java.net.InetAddress;
import java.net.UnknownHostException;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.Principal;
import java.security.Provider;
import java.security.PublicKey;
import java.security.Signature;
import java.security.SignatureException;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateExpiredException;
import java.security.cert.CertificateNotYetValidException;
import java.security.cert.CertificateParsingException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Collections;
import java.util.Date;
import java.util.Enumeration;
import java.util.HashSet;
import java.util.List;
import java.util.Set;
import javax.security.auth.x500.X500Principal;
import org.bouncycastle.asn1.j;
import org.bouncycastle.asn1.n;
import org.bouncycastle.asn1.n0;
import org.bouncycastle.asn1.o;
import org.bouncycastle.asn1.r;
import org.bouncycastle.asn1.s;
import org.bouncycastle.asn1.t0;
import org.bouncycastle.asn1.u0;
import org.bouncycastle.asn1.x;
import org.bouncycastle.asn1.x509.a0;
import org.bouncycastle.asn1.x509.h;
import org.bouncycastle.asn1.x509.l;
import org.bouncycastle.asn1.x509.l0;
import org.bouncycastle.asn1.x509.t;
import org.bouncycastle.asn1.x509.u;
import org.bouncycastle.jcajce.interfaces.a;
import org.bouncycastle.jcajce.util.c;
import org.bouncycastle.jce.e;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.util.Strings;
import org.bouncycastle.util.encoders.d;
import org.bouncycastle.util.f;

/* loaded from: classes4.dex */
abstract class X509CertificateImpl extends X509Certificate implements a {
    protected h basicConstraints;
    protected c bcHelper;
    protected l c;
    protected boolean[] keyUsage;

    /* JADX INFO: Access modifiers changed from: package-private */
    public X509CertificateImpl(c cVar, l lVar, h hVar, boolean[] zArr) {
        this.bcHelper = cVar;
        this.c = lVar;
        this.basicConstraints = hVar;
        this.keyUsage = zArr;
    }

    private void checkSignature(PublicKey publicKey, Signature signature) throws CertificateException, NoSuchAlgorithmException, SignatureException, InvalidKeyException {
        if (!isAlgIdEqual(this.c.o(), this.c.s().o())) {
            throw new CertificateException("signature algorithm in TBS cert not same as outer cert");
        }
        X509SignatureUtil.setSignatureParameters(signature, this.c.o().l());
        signature.initVerify(publicKey);
        try {
            BufferedOutputStream bufferedOutputStream = new BufferedOutputStream(jc1.a(signature), 512);
            this.c.s().f(bufferedOutputStream, "DER");
            bufferedOutputStream.close();
            signature.verify(getSignature());
            if (1 == 0) {
                throw new SignatureException("certificate does not verify with supplied key");
            }
        } catch (IOException e) {
            throw new CertificateEncodingException(e.toString());
        }
    }

    /* JADX WARN: Failed to find 'out' block for switch in B:10:0x0037. Please report as an issue. */
    private static Collection getAlternativeNames(l lVar, String str) throws CertificateParsingException {
        String e;
        byte[] extensionOctets = getExtensionOctets(lVar, str);
        if (extensionOctets == null) {
            return null;
        }
        try {
            ArrayList arrayList = new ArrayList();
            Enumeration u = s.r(extensionOctets).u();
            while (u.hasMoreElements()) {
                u j = u.j(u.nextElement());
                ArrayList arrayList2 = new ArrayList();
                arrayList2.add(f.c(j.m()));
                switch (j.m()) {
                    case 0:
                    case 3:
                    case 5:
                        arrayList2.add(j.g());
                        arrayList.add(Collections.unmodifiableList(arrayList2));
                    case 1:
                    case 2:
                    case 6:
                        e = ((x) j.l()).e();
                        arrayList2.add(e);
                        arrayList.add(Collections.unmodifiableList(arrayList2));
                    case 4:
                        e = y11.k(e21.V, j.l()).toString();
                        arrayList2.add(e);
                        arrayList.add(Collections.unmodifiableList(arrayList2));
                    case 7:
                        try {
                            e = InetAddress.getByAddress(o.r(j.l()).t()).getHostAddress();
                            arrayList2.add(e);
                            arrayList.add(Collections.unmodifiableList(arrayList2));
                        } catch (UnknownHostException unused) {
                        }
                    case 8:
                        e = n.w(j.l()).v();
                        arrayList2.add(e);
                        arrayList.add(Collections.unmodifiableList(arrayList2));
                    default:
                        throw new IOException("Bad tag number: " + j.m());
                }
            }
            if (arrayList.size() == 0) {
                return null;
            }
            return Collections.unmodifiableCollection(arrayList);
        } catch (Exception e2) {
            throw new CertificateParsingException(e2.getMessage());
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static byte[] getExtensionOctets(l lVar, String str) {
        o extensionValue = getExtensionValue(lVar, str);
        if (extensionValue != null) {
            return extensionValue.t();
        }
        return null;
    }

    protected static o getExtensionValue(l lVar, String str) {
        org.bouncycastle.asn1.x509.s i;
        t j = lVar.s().j();
        if (j == null || (i = j.i(new n(str))) == null) {
            return null;
        }
        return i.k();
    }

    private boolean isAlgIdEqual(org.bouncycastle.asn1.x509.a aVar, org.bouncycastle.asn1.x509.a aVar2) {
        if (aVar.i().m(aVar2.i())) {
            return aVar.l() == null ? aVar2.l() == null || aVar2.l().equals(u0.f11947a) : aVar2.l() == null ? aVar.l() == null || aVar.l().equals(u0.f11947a) : aVar.l().equals(aVar2.l());
        }
        return false;
    }

    @Override // java.security.cert.X509Certificate
    public void checkValidity() throws CertificateExpiredException, CertificateNotYetValidException {
        checkValidity(new Date());
    }

    @Override // java.security.cert.X509Certificate
    public void checkValidity(Date date) throws CertificateExpiredException, CertificateNotYetValidException {
        if (date.getTime() > getNotAfter().getTime()) {
            throw new CertificateExpiredException("certificate expired on " + this.c.i().k());
        }
        if (date.getTime() >= getNotBefore().getTime()) {
            return;
        }
        throw new CertificateNotYetValidException("certificate not valid till " + this.c.p().k());
    }

    @Override // java.security.cert.X509Certificate
    public int getBasicConstraints() {
        h hVar = this.basicConstraints;
        if (hVar == null || !hVar.k()) {
            return -1;
        }
        if (this.basicConstraints.j() == null) {
            return Integer.MAX_VALUE;
        }
        return this.basicConstraints.j().intValue();
    }

    @Override // java.security.cert.X509Extension
    public Set getCriticalExtensionOIDs() {
        if (getVersion() != 3) {
            return null;
        }
        HashSet hashSet = new HashSet();
        t j = this.c.s().j();
        if (j == null) {
            return null;
        }
        Enumeration k = j.k();
        while (k.hasMoreElements()) {
            n nVar = (n) k.nextElement();
            if (j.i(nVar).n()) {
                hashSet.add(nVar.v());
            }
        }
        return hashSet;
    }

    @Override // java.security.cert.Certificate
    public byte[] getEncoded() throws CertificateEncodingException {
        try {
            return this.c.h("DER");
        } catch (IOException e) {
            throw new CertificateEncodingException(e.toString());
        }
    }

    @Override // java.security.cert.X509Certificate
    public List getExtendedKeyUsage() throws CertificateParsingException {
        byte[] extensionOctets = getExtensionOctets(this.c, "2.5.29.37");
        if (extensionOctets == null) {
            return null;
        }
        try {
            s r = s.r(r.n(extensionOctets));
            ArrayList arrayList = new ArrayList();
            for (int i = 0; i != r.size(); i++) {
                arrayList.add(((n) r.t(i)).v());
            }
            return Collections.unmodifiableList(arrayList);
        } catch (Exception unused) {
            throw new CertificateParsingException("error processing extended key usage extension");
        }
    }

    @Override // java.security.cert.X509Extension
    public byte[] getExtensionValue(String str) {
        o extensionValue = getExtensionValue(this.c, str);
        if (extensionValue == null) {
            return null;
        }
        try {
            return extensionValue.g();
        } catch (Exception e) {
            throw new IllegalStateException("error parsing " + e.toString());
        }
    }

    @Override // java.security.cert.X509Certificate
    public Collection getIssuerAlternativeNames() throws CertificateParsingException {
        return getAlternativeNames(this.c, org.bouncycastle.asn1.x509.s.f.v());
    }

    @Override // java.security.cert.X509Certificate
    public Principal getIssuerDN() {
        return new e(this.c.l());
    }

    @Override // java.security.cert.X509Certificate
    public boolean[] getIssuerUniqueID() {
        n0 m = this.c.s().m();
        if (m == null) {
            return null;
        }
        byte[] t = m.t();
        int length = (t.length * 8) - m.v();
        boolean[] zArr = new boolean[length];
        for (int i = 0; i != length; i++) {
            zArr[i] = (t[i / 8] & (128 >>> (i % 8))) != 0;
        }
        return zArr;
    }

    @Override // org.bouncycastle.jcajce.interfaces.a
    public y11 getIssuerX500Name() {
        return this.c.l();
    }

    @Override // java.security.cert.X509Certificate
    public X500Principal getIssuerX500Principal() {
        try {
            return new X500Principal(this.c.l().h("DER"));
        } catch (IOException unused) {
            throw new IllegalStateException("can't encode issuer DN");
        }
    }

    @Override // java.security.cert.X509Certificate
    public boolean[] getKeyUsage() {
        return org.bouncycastle.util.a.n(this.keyUsage);
    }

    @Override // java.security.cert.X509Extension
    public Set getNonCriticalExtensionOIDs() {
        if (getVersion() != 3) {
            return null;
        }
        HashSet hashSet = new HashSet();
        t j = this.c.s().j();
        if (j == null) {
            return null;
        }
        Enumeration k = j.k();
        while (k.hasMoreElements()) {
            n nVar = (n) k.nextElement();
            if (!j.i(nVar).n()) {
                hashSet.add(nVar.v());
            }
        }
        return hashSet;
    }

    @Override // java.security.cert.X509Certificate
    public Date getNotAfter() {
        return this.c.i().i();
    }

    @Override // java.security.cert.X509Certificate
    public Date getNotBefore() {
        return this.c.p().i();
    }

    @Override // java.security.cert.Certificate
    public PublicKey getPublicKey() {
        try {
            return BouncyCastleProvider.getPublicKey(this.c.r());
        } catch (IOException unused) {
            return null;
        }
    }

    @Override // java.security.cert.X509Certificate
    public BigInteger getSerialNumber() {
        return this.c.m().u();
    }

    @Override // java.security.cert.X509Certificate
    public String getSigAlgName() {
        return X509SignatureUtil.getSignatureName(this.c.o());
    }

    @Override // java.security.cert.X509Certificate
    public String getSigAlgOID() {
        return this.c.o().i().v();
    }

    @Override // java.security.cert.X509Certificate
    public byte[] getSigAlgParams() {
        if (this.c.o().l() != null) {
            try {
                return this.c.o().l().d().h("DER");
            } catch (IOException unused) {
            }
        }
        return null;
    }

    @Override // java.security.cert.X509Certificate
    public byte[] getSignature() {
        return this.c.n().u();
    }

    @Override // java.security.cert.X509Certificate
    public Collection getSubjectAlternativeNames() throws CertificateParsingException {
        return getAlternativeNames(this.c, org.bouncycastle.asn1.x509.s.e.v());
    }

    @Override // java.security.cert.X509Certificate
    public Principal getSubjectDN() {
        return new e(this.c.q());
    }

    @Override // java.security.cert.X509Certificate
    public boolean[] getSubjectUniqueID() {
        n0 s = this.c.s().s();
        if (s == null) {
            return null;
        }
        byte[] t = s.t();
        int length = (t.length * 8) - s.v();
        boolean[] zArr = new boolean[length];
        for (int i = 0; i != length; i++) {
            zArr[i] = (t[i / 8] & (128 >>> (i % 8))) != 0;
        }
        return zArr;
    }

    @Override // org.bouncycastle.jcajce.interfaces.a
    public y11 getSubjectX500Name() {
        return this.c.q();
    }

    @Override // java.security.cert.X509Certificate
    public X500Principal getSubjectX500Principal() {
        try {
            return new X500Principal(this.c.q().h("DER"));
        } catch (IOException unused) {
            throw new IllegalStateException("can't encode subject DN");
        }
    }

    @Override // java.security.cert.X509Certificate
    public byte[] getTBSCertificate() throws CertificateEncodingException {
        try {
            return this.c.s().h("DER");
        } catch (IOException e) {
            throw new CertificateEncodingException(e.toString());
        }
    }

    @Override // org.bouncycastle.jcajce.interfaces.a
    public l0 getTBSCertificateNative() {
        return this.c.s();
    }

    @Override // java.security.cert.X509Certificate
    public int getVersion() {
        return this.c.t();
    }

    @Override // java.security.cert.X509Extension
    public boolean hasUnsupportedCriticalExtension() {
        t j;
        if (getVersion() != 3 || (j = this.c.s().j()) == null) {
            return false;
        }
        Enumeration k = j.k();
        while (k.hasMoreElements()) {
            n nVar = (n) k.nextElement();
            if (!nVar.m(org.bouncycastle.asn1.x509.s.d) && !nVar.m(org.bouncycastle.asn1.x509.s.o) && !nVar.m(org.bouncycastle.asn1.x509.s.p) && !nVar.m(org.bouncycastle.asn1.x509.s.u) && !nVar.m(org.bouncycastle.asn1.x509.s.n) && !nVar.m(org.bouncycastle.asn1.x509.s.k) && !nVar.m(org.bouncycastle.asn1.x509.s.j) && !nVar.m(org.bouncycastle.asn1.x509.s.r) && !nVar.m(org.bouncycastle.asn1.x509.s.g) && !nVar.m(org.bouncycastle.asn1.x509.s.e) && !nVar.m(org.bouncycastle.asn1.x509.s.m) && j.i(nVar).n()) {
                return true;
            }
        }
        return false;
    }

    @Override // java.security.cert.Certificate
    public String toString() {
        Object e01Var;
        StringBuffer stringBuffer = new StringBuffer();
        String d = Strings.d();
        stringBuffer.append("  [0]         Version: ");
        stringBuffer.append(getVersion());
        stringBuffer.append(d);
        stringBuffer.append("         SerialNumber: ");
        stringBuffer.append(getSerialNumber());
        stringBuffer.append(d);
        stringBuffer.append("             IssuerDN: ");
        stringBuffer.append(getIssuerDN());
        stringBuffer.append(d);
        stringBuffer.append("           Start Date: ");
        stringBuffer.append(getNotBefore());
        stringBuffer.append(d);
        stringBuffer.append("           Final Date: ");
        stringBuffer.append(getNotAfter());
        stringBuffer.append(d);
        stringBuffer.append("            SubjectDN: ");
        stringBuffer.append(getSubjectDN());
        stringBuffer.append(d);
        stringBuffer.append("           Public Key: ");
        stringBuffer.append(getPublicKey());
        stringBuffer.append(d);
        stringBuffer.append("  Signature Algorithm: ");
        stringBuffer.append(getSigAlgName());
        stringBuffer.append(d);
        byte[] signature = getSignature();
        stringBuffer.append("            Signature: ");
        stringBuffer.append(new String(d.e(signature, 0, 20)));
        stringBuffer.append(d);
        int i = 20;
        while (i < signature.length) {
            int length = signature.length - 20;
            stringBuffer.append("                       ");
            stringBuffer.append(i < length ? new String(d.e(signature, i, 20)) : new String(d.e(signature, i, signature.length - i)));
            stringBuffer.append(d);
            i += 20;
        }
        t j = this.c.s().j();
        if (j != null) {
            Enumeration k = j.k();
            if (k.hasMoreElements()) {
                stringBuffer.append("       Extensions: \n");
            }
            while (k.hasMoreElements()) {
                n nVar = (n) k.nextElement();
                org.bouncycastle.asn1.x509.s i2 = j.i(nVar);
                if (i2.k() != null) {
                    j jVar = new j(i2.k().t());
                    stringBuffer.append("                       critical(");
                    stringBuffer.append(i2.n());
                    stringBuffer.append(") ");
                    try {
                    } catch (Exception unused) {
                        stringBuffer.append(nVar.v());
                        stringBuffer.append(" value = ");
                        stringBuffer.append("*****");
                    }
                    if (nVar.m(org.bouncycastle.asn1.x509.s.g)) {
                        e01Var = h.i(jVar.k());
                    } else if (nVar.m(org.bouncycastle.asn1.x509.s.d)) {
                        e01Var = a0.i(jVar.k());
                    } else if (nVar.m(a01.b)) {
                        e01Var = new b01(n0.y(jVar.k()));
                    } else if (nVar.m(a01.c)) {
                        e01Var = new c01(t0.r(jVar.k()));
                    } else if (nVar.m(a01.e)) {
                        e01Var = new e01(t0.r(jVar.k()));
                    } else {
                        stringBuffer.append(nVar.v());
                        stringBuffer.append(" value = ");
                        stringBuffer.append(v11.c(jVar.k()));
                        stringBuffer.append(d);
                    }
                    stringBuffer.append(e01Var);
                    stringBuffer.append(d);
                }
                stringBuffer.append(d);
            }
        }
        return stringBuffer.toString();
    }

    @Override // java.security.cert.Certificate
    public final void verify(PublicKey publicKey) throws CertificateException, NoSuchAlgorithmException, InvalidKeyException, NoSuchProviderException, SignatureException {
        Signature signature;
        String signatureName = X509SignatureUtil.getSignatureName(this.c.o());
        try {
            signature = this.bcHelper.d(signatureName);
        } catch (Exception unused) {
            signature = Signature.getInstance(signatureName);
        }
        checkSignature(publicKey, signature);
    }

    @Override // java.security.cert.Certificate
    public final void verify(PublicKey publicKey, String str) throws CertificateException, NoSuchAlgorithmException, InvalidKeyException, NoSuchProviderException, SignatureException {
        String signatureName = X509SignatureUtil.getSignatureName(this.c.o());
        checkSignature(publicKey, str != null ? Signature.getInstance(signatureName, str) : Signature.getInstance(signatureName));
    }

    @Override // java.security.cert.X509Certificate, java.security.cert.Certificate
    public final void verify(PublicKey publicKey, Provider provider) throws CertificateException, NoSuchAlgorithmException, InvalidKeyException, SignatureException {
        String signatureName = X509SignatureUtil.getSignatureName(this.c.o());
        checkSignature(publicKey, provider != null ? Signature.getInstance(signatureName, provider) : Signature.getInstance(signatureName));
    }
}
