package c6;

import java.io.IOException;
import java.security.AlgorithmParameters;
import java.security.GeneralSecurityException;
import java.security.PublicKey;
import java.security.cert.CertPathValidatorException;
import java.security.cert.Certificate;
import java.security.cert.CertificateParsingException;
import java.security.cert.PKIXCertPathChecker;
import java.security.cert.X509Certificate;
import java.util.Collection;
import java.util.Collections;
import java.util.HashMap;
import java.util.HashSet;
import java.util.List;
import java.util.Map;
import java.util.Objects;
import java.util.Set;

/* loaded from: classes.dex */
class i0 extends PKIXCertPathChecker {

    /* renamed from: b0, reason: collision with root package name */
    private static final Map<String, String> f3685b0 = i();

    /* renamed from: c0, reason: collision with root package name */
    private static final Set<String> f3686c0 = j();

    /* renamed from: d0, reason: collision with root package name */
    private static final byte[] f3687d0 = {5, 0};

    /* renamed from: e0, reason: collision with root package name */
    private static final String f3688e0 = a0.v("SHA256withRSAandMGF1", "RSASSA-PSS");

    /* renamed from: f0, reason: collision with root package name */
    private static final String f3689f0 = a0.v("SHA384withRSAandMGF1", "RSASSA-PSS");

    /* renamed from: g0, reason: collision with root package name */
    private static final String f3690g0 = a0.v("SHA512withRSAandMGF1", "RSASSA-PSS");

    /* renamed from: h0, reason: collision with root package name */
    private static final String f3691h0 = a0.v("SHA256withRSAandMGF1", "RSA");

    /* renamed from: i0, reason: collision with root package name */
    private static final String f3692i0 = a0.v("SHA384withRSAandMGF1", "RSA");

    /* renamed from: j0, reason: collision with root package name */
    private static final String f3693j0 = a0.v("SHA512withRSAandMGF1", "RSA");
    private final boolean X;
    private final y5.b Y;
    private final b6.a Z;

    /* renamed from: a0, reason: collision with root package name */
    private X509Certificate f3694a0;

    /* JADX INFO: Access modifiers changed from: package-private */
    public i0(boolean z6, y5.b bVar, b6.a aVar) {
        Objects.requireNonNull(bVar, "'helper' cannot be null");
        Objects.requireNonNull(aVar, "'algorithmConstraints' cannot be null");
        this.X = z6;
        this.Y = bVar;
        this.Z = aVar;
        this.f3694a0 = null;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static void c(y5.b bVar, b6.a aVar, X509Certificate[] x509CertificateArr, n5.f fVar, int i7) {
        X509Certificate x509Certificate = x509CertificateArr[x509CertificateArr.length - 1];
        if (x509CertificateArr.length > 1) {
            h(bVar, aVar, x509CertificateArr[x509CertificateArr.length - 2], x509Certificate);
        }
        e(bVar, aVar, x509CertificateArr[0], fVar, i7);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static void d(boolean z6, y5.b bVar, b6.a aVar, Set<X509Certificate> set, X509Certificate[] x509CertificateArr, n5.f fVar, int i7) {
        int length = x509CertificateArr.length;
        while (length > 0 && set.contains(x509CertificateArr[length - 1])) {
            length--;
        }
        if (length < x509CertificateArr.length) {
            X509Certificate x509Certificate = x509CertificateArr[length];
            if (length > 0) {
                h(bVar, aVar, x509CertificateArr[length - 1], x509Certificate);
            }
        } else {
            f(bVar, aVar, x509CertificateArr[length - 1]);
        }
        i0 i0Var = new i0(z6, bVar, aVar);
        i0Var.init(false);
        for (int i8 = length - 1; i8 >= 0; i8--) {
            i0Var.check(x509CertificateArr[i8], Collections.emptySet());
        }
        e(bVar, aVar, x509CertificateArr[0], fVar, i7);
    }

    private static void e(y5.b bVar, b6.a aVar, X509Certificate x509Certificate, n5.f fVar, int i7) {
        if (fVar != null && !s(x509Certificate, fVar)) {
            throw new CertPathValidatorException("Certificate doesn't support '" + l(fVar) + "' ExtendedKeyUsage");
        }
        if (i7 >= 0) {
            if (!u(x509Certificate, i7)) {
                throw new CertPathValidatorException("Certificate doesn't support '" + m(i7) + "' KeyUsage");
            }
            if (aVar.permits(n(i7), x509Certificate.getPublicKey())) {
                return;
            }
            throw new CertPathValidatorException("Public key not permitted for '" + m(i7) + "' KeyUsage");
        }
    }

    private static void f(y5.b bVar, b6.a aVar, X509Certificate x509Certificate) {
        String o7 = o(x509Certificate, null);
        if (!a0.P(o7)) {
            throw new CertPathValidatorException();
        }
        if (!aVar.permits(a0.f3537i, o7, p(bVar, x509Certificate))) {
            throw new CertPathValidatorException();
        }
    }

    private static void h(y5.b bVar, b6.a aVar, X509Certificate x509Certificate, X509Certificate x509Certificate2) {
        String o7 = o(x509Certificate, x509Certificate2);
        if (!a0.P(o7)) {
            throw new CertPathValidatorException();
        }
        if (!aVar.permits(a0.f3537i, o7, x509Certificate2.getPublicKey(), p(bVar, x509Certificate))) {
            throw new CertPathValidatorException();
        }
    }

    private static Map<String, String> i() {
        HashMap hashMap = new HashMap(4);
        hashMap.put(c5.a.f3526d.B(), "Ed25519");
        hashMap.put(c5.a.f3527e.B(), "Ed448");
        hashMap.put(g5.a.f5905b.B(), "SHA1withDSA");
        hashMap.put(o5.j.R.B(), "SHA1withDSA");
        return Collections.unmodifiableMap(hashMap);
    }

    private static Set<String> j() {
        HashSet hashSet = new HashSet();
        hashSet.add(g5.a.f5905b.B());
        hashSet.add(o5.j.R.B());
        hashSet.add(h5.a.f6274e.B());
        return Collections.unmodifiableSet(hashSet);
    }

    static String l(n5.f fVar) {
        if (n5.f.f7472b0.equals(fVar)) {
            return "clientAuth";
        }
        if (n5.f.f7471a0.equals(fVar)) {
            return "serverAuth";
        }
        return "(" + fVar + ")";
    }

    static String m(int i7) {
        if (i7 == 0) {
            return "digitalSignature";
        }
        if (i7 == 2) {
            return "keyEncipherment";
        }
        if (i7 == 4) {
            return "keyAgreement";
        }
        return "(" + i7 + ")";
    }

    static Set<b6.b> n(int i7) {
        return i7 != 2 ? i7 != 4 ? a0.f3537i : a0.f3535g : a0.f3536h;
    }

    static String o(X509Certificate x509Certificate, X509Certificate x509Certificate2) {
        v4.o p6;
        String sigAlgOID = x509Certificate.getSigAlgOID();
        String str = f3685b0.get(sigAlgOID);
        if (str != null) {
            return str;
        }
        if (!h5.a.f6274e.B().equals(sigAlgOID)) {
            return x509Certificate.getSigAlgName();
        }
        h5.c q6 = h5.c.q(x509Certificate.getSigAlgParams());
        if (q6 != null && (p6 = q6.p().p()) != null) {
            if (x509Certificate2 != null) {
                x509Certificate = x509Certificate2;
            }
            try {
                j6.g gVar = new j6.g((j6.h) null, x509Certificate);
                if (e5.b.f5493c.s(p6)) {
                    if (gVar.y((short) 9)) {
                        return f3688e0;
                    }
                    if (gVar.y((short) 4)) {
                        return f3691h0;
                    }
                } else if (e5.b.f5494d.s(p6)) {
                    if (gVar.y((short) 10)) {
                        return f3689f0;
                    }
                    if (gVar.y((short) 5)) {
                        return f3692i0;
                    }
                } else if (e5.b.f5495e.s(p6)) {
                    if (gVar.y((short) 11)) {
                        return f3690g0;
                    }
                    if (gVar.y((short) 6)) {
                        return f3693j0;
                    }
                }
            } catch (IOException unused) {
            }
        }
        return null;
    }

    static AlgorithmParameters p(y5.b bVar, X509Certificate x509Certificate) {
        byte[] sigAlgParams = x509Certificate.getSigAlgParams();
        if (sigAlgParams == null) {
            return null;
        }
        String sigAlgOID = x509Certificate.getSigAlgOID();
        if (f3686c0.contains(sigAlgOID) && l6.a.d(f3687d0, sigAlgParams)) {
            return null;
        }
        try {
            AlgorithmParameters e7 = bVar.e(sigAlgOID);
            try {
                e7.init(sigAlgParams);
                return e7;
            } catch (Exception e8) {
                throw new CertPathValidatorException(e8);
            }
        } catch (GeneralSecurityException unused) {
            return null;
        }
    }

    static boolean q(PublicKey publicKey) {
        try {
            n5.a p6 = n5.g.q(publicKey.getEncoded()).p();
            if (!o5.j.f7865l.s(p6.p())) {
                return true;
            }
            v4.e s6 = p6.s();
            if (s6 != null) {
                return s6.c() instanceof v4.o;
            }
            return false;
        } catch (Exception unused) {
            return false;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static boolean r(PublicKey publicKey, boolean[] zArr, int i7, b6.a aVar) {
        return v(zArr, i7) && aVar.permits(n(i7), publicKey);
    }

    static boolean s(X509Certificate x509Certificate, n5.f fVar) {
        try {
            return t(x509Certificate.getExtendedKeyUsage(), fVar);
        } catch (CertificateParsingException unused) {
            return false;
        }
    }

    static boolean t(List<String> list, n5.f fVar) {
        return list == null || list.contains(fVar.p()) || list.contains(n5.f.Z.p());
    }

    static boolean u(X509Certificate x509Certificate, int i7) {
        return v(x509Certificate.getKeyUsage(), i7);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static boolean v(boolean[] zArr, int i7) {
        return zArr == null || (zArr.length > i7 && zArr[i7]);
    }

    @Override // java.security.cert.PKIXCertPathChecker
    public void check(Certificate certificate, Collection<String> collection) {
        if (!(certificate instanceof X509Certificate)) {
            throw new CertPathValidatorException("checker can only be used for X.509 certificates");
        }
        X509Certificate x509Certificate = (X509Certificate) certificate;
        if (this.X && !q(x509Certificate.getPublicKey())) {
            throw new CertPathValidatorException("non-FIPS public key found");
        }
        X509Certificate x509Certificate2 = this.f3694a0;
        if (x509Certificate2 != null) {
            h(this.Y, this.Z, x509Certificate, x509Certificate2);
        }
        this.f3694a0 = x509Certificate;
    }

    @Override // java.security.cert.PKIXCertPathChecker
    public Set<String> getSupportedExtensions() {
        return null;
    }

    @Override // java.security.cert.PKIXCertPathChecker, java.security.cert.CertPathChecker
    public void init(boolean z6) {
        if (z6) {
            throw new CertPathValidatorException("forward checking not supported");
        }
        this.f3694a0 = null;
    }

    @Override // java.security.cert.PKIXCertPathChecker, java.security.cert.CertPathChecker
    public boolean isForwardCheckingSupported() {
        return false;
    }
}
