package org.bouncycastle.jcajce.provider.asymmetric.x509;

import defpackage.arh;
import defpackage.brh;
import defpackage.bug;
import defpackage.c1;
import defpackage.d0;
import defpackage.dqv;
import defpackage.dt1;
import defpackage.f0;
import defpackage.f4l;
import defpackage.ft0;
import defpackage.g5a;
import defpackage.gtk;
import defpackage.j56;
import defpackage.kib;
import defpackage.l0;
import defpackage.m0;
import defpackage.m47;
import defpackage.m5a;
import defpackage.m6q;
import defpackage.oae;
import defpackage.opv;
import defpackage.qk3;
import defpackage.r4p;
import defpackage.rrf;
import defpackage.rtd;
import defpackage.s0;
import defpackage.s47;
import defpackage.t0;
import defpackage.vf1;
import defpackage.vx;
import defpackage.w0;
import defpackage.wpu;
import defpackage.xrq;
import defpackage.z;
import defpackage.z0;
import java.io.BufferedOutputStream;
import java.io.IOException;
import java.math.BigInteger;
import java.net.InetAddress;
import java.net.UnknownHostException;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.Principal;
import java.security.Provider;
import java.security.PublicKey;
import java.security.Signature;
import java.security.SignatureException;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateExpiredException;
import java.security.cert.CertificateNotYetValidException;
import java.security.cert.CertificateParsingException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Collections;
import java.util.Date;
import java.util.Enumeration;
import java.util.HashSet;
import java.util.List;
import java.util.Set;
import javax.security.auth.x500.X500Principal;
import org.bouncycastle.jce.provider.BouncyCastleProvider;

/* loaded from: classes8.dex */
abstract class X509CertificateImpl extends X509Certificate implements vf1 {
    protected dt1 basicConstraints;
    protected rtd bcHelper;
    protected qk3 c;
    protected boolean[] keyUsage;
    protected String sigAlgName;
    protected byte[] sigAlgParams;

    public X509CertificateImpl(rtd rtdVar, qk3 qk3Var, dt1 dt1Var, boolean[] zArr, String str, byte[] bArr) {
        this.bcHelper = rtdVar;
        this.c = qk3Var;
        this.basicConstraints = dt1Var;
        this.keyUsage = zArr;
        this.sigAlgName = str;
        this.sigAlgParams = bArr;
    }

    private void checkSignature(PublicKey publicKey, Signature signature, d0 d0Var, byte[] bArr) throws CertificateException, NoSuchAlgorithmException, SignatureException, InvalidKeyException {
        qk3 qk3Var = this.c;
        if (!isAlgIdEqual(qk3Var.q, qk3Var.d.x)) {
            throw new CertificateException("signature algorithm in TBS cert not same as outer cert");
        }
        X509SignatureUtil.setSignatureParameters(signature, d0Var);
        signature.initVerify(publicKey);
        try {
            BufferedOutputStream bufferedOutputStream = new BufferedOutputStream(new r4p(signature), 512);
            this.c.d.g().o(bufferedOutputStream, "DER");
            bufferedOutputStream.close();
            if (!signature.verify(bArr)) {
                throw new SignatureException("certificate does not verify with supplied key");
            }
        } catch (IOException e) {
            throw new CertificateEncodingException(e.toString());
        }
    }

    private void doVerify(PublicKey publicKey, SignatureCreator signatureCreator) throws CertificateException, NoSuchAlgorithmException, InvalidKeyException, SignatureException, NoSuchProviderException {
        boolean z = publicKey instanceof j56;
        int i = 0;
        if (z && X509SignatureUtil.isCompositeAlgorithm(this.c.q)) {
            List<PublicKey> list = ((j56) publicKey).c;
            z0 z2 = z0.z(this.c.q.d);
            z0 z3 = z0.z(m47.C(this.c.x).x());
            boolean z4 = false;
            while (i != list.size()) {
                if (list.get(i) != null) {
                    vx m = vx.m(z2.A(i));
                    try {
                        checkSignature(list.get(i), signatureCreator.createSignature(X509SignatureUtil.getSignatureName(m)), m.d, m47.C(z3.A(i)).x());
                        e = null;
                        z4 = true;
                    } catch (SignatureException e) {
                        e = e;
                    }
                    if (e != null) {
                        throw e;
                    }
                }
                i++;
            }
            if (!z4) {
                throw new InvalidKeyException("no matching key found");
            }
            return;
        }
        if (!X509SignatureUtil.isCompositeAlgorithm(this.c.q)) {
            Signature createSignature = signatureCreator.createSignature(X509SignatureUtil.getSignatureName(this.c.q));
            if (!z) {
                checkSignature(publicKey, createSignature, this.c.q.d, getSignature());
                return;
            }
            List<PublicKey> list2 = ((j56) publicKey).c;
            while (i != list2.size()) {
                try {
                    checkSignature(list2.get(i), createSignature, this.c.q.d, getSignature());
                    return;
                } catch (InvalidKeyException unused) {
                    i++;
                }
            }
            throw new InvalidKeyException("no matching signature found");
        }
        z0 z5 = z0.z(this.c.q.d);
        z0 z6 = z0.z(m47.C(this.c.x).x());
        boolean z7 = false;
        while (i != z6.size()) {
            vx m2 = vx.m(z5.A(i));
            try {
                checkSignature(publicKey, signatureCreator.createSignature(X509SignatureUtil.getSignatureName(m2)), m2.d, m47.C(z6.A(i)).x());
                e = null;
                z7 = true;
            } catch (InvalidKeyException | NoSuchAlgorithmException unused2) {
                e = null;
            } catch (SignatureException e2) {
                e = e2;
            }
            if (e != null) {
                throw e;
            }
            i++;
        }
        if (!z7) {
            throw new InvalidKeyException("no matching key found");
        }
    }

    /* JADX WARN: Failed to find 'out' block for switch in B:11:0x0035. Please report as an issue. */
    private static Collection getAlternativeNames(qk3 qk3Var, String str) throws CertificateParsingException {
        String h;
        byte[] extensionOctets = getExtensionOctets(qk3Var, str);
        if (extensionOctets == null) {
            return null;
        }
        try {
            ArrayList arrayList = new ArrayList();
            Enumeration B = z0.z(extensionOctets).B();
            while (B.hasMoreElements()) {
                kib l = kib.l(B.nextElement());
                ArrayList arrayList2 = new ArrayList();
                arrayList2.add(Integer.valueOf(l.d));
                int i = l.d;
                d0 d0Var = l.c;
                switch (i) {
                    case 0:
                    case 3:
                    case 5:
                        arrayList2.add(l.getEncoded());
                        arrayList.add(Collections.unmodifiableList(arrayList2));
                    case 1:
                    case 2:
                    case 6:
                        h = ((c1) d0Var).h();
                        arrayList2.add(h);
                        arrayList.add(Collections.unmodifiableList(arrayList2));
                    case 4:
                        h = opv.l(f4l.Z, d0Var).toString();
                        arrayList2.add(h);
                        arrayList.add(Collections.unmodifiableList(arrayList2));
                    case 7:
                        try {
                            h = InetAddress.getByAddress(t0.w(d0Var).c).getHostAddress();
                            arrayList2.add(h);
                            arrayList.add(Collections.unmodifiableList(arrayList2));
                        } catch (UnknownHostException unused) {
                        }
                    case 8:
                        h = s0.A(d0Var).c;
                        arrayList2.add(h);
                        arrayList.add(Collections.unmodifiableList(arrayList2));
                    default:
                        throw new IOException("Bad tag number: " + i);
                }
            }
            if (arrayList.size() == 0) {
                return null;
            }
            return Collections.unmodifiableCollection(arrayList);
        } catch (Exception e) {
            throw new CertificateParsingException(e.getMessage());
        }
    }

    public static byte[] getExtensionOctets(qk3 qk3Var, String str) {
        t0 extensionValue = getExtensionValue(qk3Var, str);
        if (extensionValue != null) {
            return extensionValue.c;
        }
        return null;
    }

    public static t0 getExtensionValue(qk3 qk3Var, String str) {
        g5a l;
        m5a m5aVar = qk3Var.d.N2;
        if (m5aVar == null || (l = m5aVar.l(new s0(str))) == null) {
            return null;
        }
        return l.q;
    }

    private boolean isAlgIdEqual(vx vxVar, vx vxVar2) {
        if (!vxVar.c.r(vxVar2.c)) {
            return false;
        }
        boolean b = gtk.b("org.bouncycastle.x509.allow_absent_equiv_NULL");
        d0 d0Var = vxVar.d;
        d0 d0Var2 = vxVar2.d;
        if (b) {
            if (d0Var == null) {
                return d0Var2 == null || d0Var2.equals(s47.d);
            }
            if (d0Var2 == null) {
                return d0Var == null || d0Var.equals(s47.d);
            }
        }
        if (d0Var != null) {
            return d0Var.equals(d0Var2);
        }
        if (d0Var2 != null) {
            return d0Var2.equals(d0Var);
        }
        return true;
    }

    @Override // java.security.cert.X509Certificate
    public void checkValidity() throws CertificateExpiredException, CertificateNotYetValidException {
        checkValidity(new Date());
    }

    @Override // java.security.cert.X509Certificate
    public void checkValidity(Date date) throws CertificateExpiredException, CertificateNotYetValidException {
        if (date.getTime() > getNotAfter().getTime()) {
            throw new CertificateExpiredException("certificate expired on " + this.c.d.Y.n());
        }
        if (date.getTime() >= getNotBefore().getTime()) {
            return;
        }
        throw new CertificateNotYetValidException("certificate not valid till " + this.c.d.f3560X.n());
    }

    @Override // java.security.cert.X509Certificate
    public int getBasicConstraints() {
        dt1 dt1Var = this.basicConstraints;
        if (dt1Var == null || !dt1Var.n()) {
            return -1;
        }
        if (this.basicConstraints.m() == null) {
            return Integer.MAX_VALUE;
        }
        return this.basicConstraints.m().intValue();
    }

    @Override // java.security.cert.X509Extension
    public Set getCriticalExtensionOIDs() {
        if (getVersion() != 3) {
            return null;
        }
        HashSet hashSet = new HashSet();
        m5a m5aVar = this.c.d.N2;
        if (m5aVar == null) {
            return null;
        }
        Enumeration o = m5aVar.o();
        while (o.hasMoreElements()) {
            s0 s0Var = (s0) o.nextElement();
            if (m5aVar.l(s0Var).d) {
                hashSet.add(s0Var.c);
            }
        }
        return hashSet;
    }

    @Override // java.security.cert.X509Certificate
    public List getExtendedKeyUsage() throws CertificateParsingException {
        byte[] extensionOctets = getExtensionOctets(this.c, "2.5.29.37");
        if (extensionOctets == null) {
            return null;
        }
        try {
            z0 z = z0.z(w0.s(extensionOctets));
            ArrayList arrayList = new ArrayList();
            for (int i = 0; i != z.size(); i++) {
                arrayList.add(((s0) z.A(i)).c);
            }
            return Collections.unmodifiableList(arrayList);
        } catch (Exception unused) {
            throw new CertificateParsingException("error processing extended key usage extension");
        }
    }

    @Override // java.security.cert.X509Extension
    public byte[] getExtensionValue(String str) {
        t0 extensionValue = getExtensionValue(this.c, str);
        if (extensionValue == null) {
            return null;
        }
        try {
            return extensionValue.getEncoded();
        } catch (Exception e) {
            throw new IllegalStateException(f0.A(e, new StringBuilder("error parsing ")));
        }
    }

    @Override // java.security.cert.X509Certificate
    public Collection getIssuerAlternativeNames() throws CertificateParsingException {
        return getAlternativeNames(this.c, g5a.f1821X.c);
    }

    @Override // java.security.cert.X509Certificate
    public Principal getIssuerDN() {
        return new dqv(this.c.d.y);
    }

    @Override // java.security.cert.X509Certificate
    public boolean[] getIssuerUniqueID() {
        m47 m47Var = this.c.d.L2;
        if (m47Var == null) {
            return null;
        }
        byte[] x = m47Var.x();
        int length = (x.length * 8) - m47Var.d();
        boolean[] zArr = new boolean[length];
        for (int i = 0; i != length; i++) {
            zArr[i] = (x[i / 8] & (128 >>> (i % 8))) != 0;
        }
        return zArr;
    }

    @Override // defpackage.vf1
    public opv getIssuerX500Name() {
        return this.c.d.y;
    }

    @Override // java.security.cert.X509Certificate
    public X500Principal getIssuerX500Principal() {
        try {
            return new X500Principal(this.c.d.y.k("DER"));
        } catch (IOException unused) {
            throw new IllegalStateException("can't encode issuer DN");
        }
    }

    @Override // java.security.cert.X509Certificate
    public boolean[] getKeyUsage() {
        boolean[] zArr = this.keyUsage;
        if (zArr == null) {
            return null;
        }
        return (boolean[]) zArr.clone();
    }

    @Override // java.security.cert.X509Extension
    public Set getNonCriticalExtensionOIDs() {
        if (getVersion() != 3) {
            return null;
        }
        HashSet hashSet = new HashSet();
        m5a m5aVar = this.c.d.N2;
        if (m5aVar == null) {
            return null;
        }
        Enumeration o = m5aVar.o();
        while (o.hasMoreElements()) {
            s0 s0Var = (s0) o.nextElement();
            if (!m5aVar.l(s0Var).d) {
                hashSet.add(s0Var.c);
            }
        }
        return hashSet;
    }

    @Override // java.security.cert.X509Certificate
    public Date getNotAfter() {
        return this.c.d.Y.l();
    }

    @Override // java.security.cert.X509Certificate
    public Date getNotBefore() {
        return this.c.d.f3560X.l();
    }

    @Override // java.security.cert.Certificate
    public PublicKey getPublicKey() {
        try {
            return BouncyCastleProvider.getPublicKey(this.c.d.K2);
        } catch (IOException unused) {
            return null;
        }
    }

    @Override // java.security.cert.X509Certificate
    public BigInteger getSerialNumber() {
        return this.c.d.q.y();
    }

    @Override // java.security.cert.X509Certificate
    public String getSigAlgName() {
        return this.sigAlgName;
    }

    @Override // java.security.cert.X509Certificate
    public String getSigAlgOID() {
        return this.c.q.c.c;
    }

    @Override // java.security.cert.X509Certificate
    public byte[] getSigAlgParams() {
        return ft0.b(this.sigAlgParams);
    }

    @Override // java.security.cert.X509Certificate
    public byte[] getSignature() {
        return this.c.x.z();
    }

    @Override // java.security.cert.X509Certificate
    public Collection getSubjectAlternativeNames() throws CertificateParsingException {
        return getAlternativeNames(this.c, g5a.y.c);
    }

    @Override // java.security.cert.X509Certificate
    public Principal getSubjectDN() {
        return new dqv(this.c.d.Z);
    }

    @Override // java.security.cert.X509Certificate
    public boolean[] getSubjectUniqueID() {
        m47 m47Var = this.c.d.M2;
        if (m47Var == null) {
            return null;
        }
        byte[] x = m47Var.x();
        int length = (x.length * 8) - m47Var.d();
        boolean[] zArr = new boolean[length];
        for (int i = 0; i != length; i++) {
            zArr[i] = (x[i / 8] & (128 >>> (i % 8))) != 0;
        }
        return zArr;
    }

    @Override // defpackage.vf1
    public opv getSubjectX500Name() {
        return this.c.d.Z;
    }

    @Override // java.security.cert.X509Certificate
    public X500Principal getSubjectX500Principal() {
        try {
            return new X500Principal(this.c.d.Z.k("DER"));
        } catch (IOException unused) {
            throw new IllegalStateException("can't encode subject DN");
        }
    }

    @Override // java.security.cert.X509Certificate
    public byte[] getTBSCertificate() throws CertificateEncodingException {
        try {
            return this.c.d.k("DER");
        } catch (IOException e) {
            throw new CertificateEncodingException(e.toString());
        }
    }

    @Override // defpackage.vf1
    public xrq getTBSCertificateNative() {
        return this.c.d;
    }

    @Override // java.security.cert.X509Certificate
    public int getVersion() {
        return this.c.d.d.D() + 1;
    }

    @Override // java.security.cert.X509Extension
    public boolean hasUnsupportedCriticalExtension() {
        m5a m5aVar;
        if (getVersion() != 3 || (m5aVar = this.c.d.N2) == null) {
            return false;
        }
        Enumeration o = m5aVar.o();
        while (o.hasMoreElements()) {
            s0 s0Var = (s0) o.nextElement();
            if (!s0Var.r(g5a.x) && !s0Var.r(g5a.Q2) && !s0Var.r(g5a.R2) && !s0Var.r(g5a.W2) && !s0Var.r(g5a.P2) && !s0Var.r(g5a.M2) && !s0Var.r(g5a.L2) && !s0Var.r(g5a.T2) && !s0Var.r(g5a.Y) && !s0Var.r(g5a.y) && !s0Var.r(g5a.O2) && m5aVar.l(s0Var).d) {
                return true;
            }
        }
        return false;
    }

    @Override // java.security.cert.Certificate
    public String toString() {
        Object wpuVar;
        StringBuffer stringBuffer = new StringBuffer();
        String str = m6q.a;
        stringBuffer.append("  [0]         Version: ");
        stringBuffer.append(getVersion());
        stringBuffer.append(str);
        stringBuffer.append("         SerialNumber: ");
        stringBuffer.append(getSerialNumber());
        stringBuffer.append(str);
        stringBuffer.append("             IssuerDN: ");
        stringBuffer.append(getIssuerDN());
        stringBuffer.append(str);
        stringBuffer.append("           Start Date: ");
        stringBuffer.append(getNotBefore());
        stringBuffer.append(str);
        stringBuffer.append("           Final Date: ");
        stringBuffer.append(getNotAfter());
        stringBuffer.append(str);
        stringBuffer.append("            SubjectDN: ");
        stringBuffer.append(getSubjectDN());
        stringBuffer.append(str);
        stringBuffer.append("           Public Key: ");
        stringBuffer.append(getPublicKey());
        stringBuffer.append(str);
        stringBuffer.append("  Signature Algorithm: ");
        stringBuffer.append(getSigAlgName());
        stringBuffer.append(str);
        X509SignatureUtil.prettyPrintSignature(getSignature(), stringBuffer, str);
        m5a m5aVar = this.c.d.N2;
        if (m5aVar != null) {
            Enumeration o = m5aVar.o();
            if (o.hasMoreElements()) {
                stringBuffer.append("       Extensions: \n");
            }
            while (o.hasMoreElements()) {
                s0 s0Var = (s0) o.nextElement();
                g5a l = m5aVar.l(s0Var);
                t0 t0Var = l.q;
                if (t0Var != null) {
                    m0 m0Var = new m0(t0Var.c);
                    stringBuffer.append("                       critical(");
                    stringBuffer.append(l.d);
                    stringBuffer.append(") ");
                    try {
                    } catch (Exception unused) {
                        stringBuffer.append(s0Var.c);
                        stringBuffer.append(" value = ");
                        stringBuffer.append("*****");
                    }
                    if (s0Var.r(g5a.Y)) {
                        wpuVar = dt1.l(m0Var.f());
                    } else if (s0Var.r(g5a.x)) {
                        d0 f = m0Var.f();
                        wpuVar = f instanceof oae ? (oae) f : f != null ? new oae(z.y(f)) : null;
                    } else if (s0Var.r(bug.a)) {
                        wpuVar = new arh(m47.C(m0Var.f()));
                    } else if (s0Var.r(bug.b)) {
                        wpuVar = new brh(l0.w(m0Var.f()));
                    } else if (s0Var.r(bug.c)) {
                        wpuVar = new wpu(l0.w(m0Var.f()));
                    } else {
                        stringBuffer.append(s0Var.c);
                        stringBuffer.append(" value = ");
                        stringBuffer.append(rrf.n(m0Var.f()));
                        stringBuffer.append(str);
                    }
                    stringBuffer.append(wpuVar);
                    stringBuffer.append(str);
                }
                stringBuffer.append(str);
            }
        }
        return stringBuffer.toString();
    }

    @Override // java.security.cert.Certificate
    public final void verify(PublicKey publicKey) throws CertificateException, NoSuchAlgorithmException, InvalidKeyException, NoSuchProviderException, SignatureException {
        doVerify(publicKey, new SignatureCreator() { // from class: org.bouncycastle.jcajce.provider.asymmetric.x509.X509CertificateImpl.1
            @Override // org.bouncycastle.jcajce.provider.asymmetric.x509.SignatureCreator
            public Signature createSignature(String str) throws NoSuchAlgorithmException {
                try {
                    return X509CertificateImpl.this.bcHelper.createSignature(str);
                } catch (Exception unused) {
                    return Signature.getInstance(str);
                }
            }
        });
    }

    @Override // java.security.cert.Certificate
    public final void verify(PublicKey publicKey, final String str) throws CertificateException, NoSuchAlgorithmException, InvalidKeyException, NoSuchProviderException, SignatureException {
        doVerify(publicKey, new SignatureCreator() { // from class: org.bouncycastle.jcajce.provider.asymmetric.x509.X509CertificateImpl.2
            @Override // org.bouncycastle.jcajce.provider.asymmetric.x509.SignatureCreator
            public Signature createSignature(String str2) throws NoSuchAlgorithmException, NoSuchProviderException {
                String str3 = str;
                return str3 != null ? Signature.getInstance(str2, str3) : Signature.getInstance(str2);
            }
        });
    }

    @Override // java.security.cert.X509Certificate, java.security.cert.Certificate
    public final void verify(PublicKey publicKey, final Provider provider) throws CertificateException, NoSuchAlgorithmException, InvalidKeyException, SignatureException {
        try {
            doVerify(publicKey, new SignatureCreator() { // from class: org.bouncycastle.jcajce.provider.asymmetric.x509.X509CertificateImpl.3
                @Override // org.bouncycastle.jcajce.provider.asymmetric.x509.SignatureCreator
                public Signature createSignature(String str) throws NoSuchAlgorithmException {
                    Provider provider2 = provider;
                    return provider2 != null ? Signature.getInstance(str, provider2) : Signature.getInstance(str);
                }
            });
        } catch (NoSuchProviderException e) {
            throw new NoSuchAlgorithmException("provider issue: " + e.getMessage());
        }
    }
}
