package defpackage;

import com.adjust.sdk.Constants;
import com.appmattus.certificatetransparency.internal.verifier.model.Version;
import com.yandex.metrica.push.common.CoreConstants;
import defpackage.zbo;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.io.OutputStream;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.Signature;
import java.security.SignatureException;
import java.security.cert.Certificate;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateParsingException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.List;
import kotlin.Metadata;

@Metadata(bv = {}, d1 = {"\u0000f\n\u0002\u0018\u0002\n\u0002\u0010\u0000\n\u0002\u0018\u0002\n\u0000\n\u0002\u0010 \n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0002\b\u0005\n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0002\b\u0002\n\u0002\u0010\u0012\n\u0002\b\u0002\n\u0002\u0018\u0002\n\u0002\u0010\u000b\n\u0002\b\u0005\n\u0002\u0018\u0002\n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0002\b\u0005\b\u0000\u0018\u0000 \u00172\u00020\u0001:\u0001\u0012B\u000f\u0012\u0006\u0010'\u001a\u00020%¢\u0006\u0004\b(\u0010)J\u001e\u0010\b\u001a\u00020\u00072\u0006\u0010\u0003\u001a\u00020\u00022\f\u0010\u0006\u001a\b\u0012\u0004\u0012\u00020\u00050\u0004H\u0016J'\u0010\r\u001a\u00020\u00072\u0006\u0010\u0003\u001a\u00020\u00022\u0006\u0010\n\u001a\u00020\t2\u0006\u0010\f\u001a\u00020\u000bH\u0000¢\u0006\u0004\b\r\u0010\u000eJ\u0018\u0010\u0012\u001a\u00020\u00112\u0006\u0010\u000f\u001a\u00020\t2\u0006\u0010\u0010\u001a\u00020\u000bH\u0002J \u0010\u0017\u001a\b\u0012\u0004\u0012\u00020\u00150\u00042\u0006\u0010\u0014\u001a\u00020\u00132\b\u0010\u0016\u001a\u0004\u0018\u00010\u0015H\u0002J\u0018\u0010\u001a\u001a\u00020\u00072\u0006\u0010\u0003\u001a\u00020\u00022\u0006\u0010\u0019\u001a\u00020\u0018H\u0002J\f\u0010\u001d\u001a\u00020\u001c*\u00020\u001bH\u0002J\u0018\u0010\u001e\u001a\u00020\u00182\u0006\u0010\n\u001a\u00020\u00052\u0006\u0010\u0003\u001a\u00020\u0002H\u0002J \u0010!\u001a\u00020\u00182\u0006\u0010\u001f\u001a\u00020\u00182\u0006\u0010 \u001a\u00020\u00182\u0006\u0010\u0003\u001a\u00020\u0002H\u0002J\u0014\u0010$\u001a\u00020#*\u00020\"2\u0006\u0010\u0003\u001a\u00020\u0002H\u0002R\u0014\u0010'\u001a\u00020%8\u0002X\u0082\u0004¢\u0006\u0006\n\u0004\b\u0012\u0010&¨\u0006*"}, d2 = {"Lf3f;", "", "Lj2p;", "sct", "", "Ljava/security/cert/Certificate;", "chain", "Lzbo;", CoreConstants.PushMessage.SERVICE_TYPE, "Ljava/security/cert/X509Certificate;", "certificate", "Lled;", "issuerInfo", "g", "(Lj2p;Ljava/security/cert/X509Certificate;Lled;)Lzbo;", "preCertificate", "issuerInformation", "Lciq;", "a", "Lrha;", "extensions", "Lmha;", "replacementX509authorityKeyIdentifier", "b", "", "toVerify", "h", "Lev3;", "", "c", "e", "preCertBytes", "issuerKeyHash", "f", "Ljava/io/OutputStream;", "La7s;", "d", "Lc3f;", "Lc3f;", "logServer", "<init>", "(Lc3f;)V", "domesticroots-certificatetransparency_release"}, k = 1, mv = {1, 6, 0})
/* loaded from: classes.dex */
public final class f3f {

    /* renamed from: a, reason: from kotlin metadata */
    public final LogServer logServer;

    public f3f(LogServer logServer) {
        ubd.j(logServer, "logServer");
        this.logServer = logServer;
    }

    public final ciq a(X509Certificate preCertificate, IssuerInformation issuerInformation) {
        boolean z = true;
        if (!(preCertificate.getVersion() >= 3)) {
            throw new IllegalArgumentException("Failed requirement.".toString());
        }
        d1 d1Var = new d1(preCertificate.getEncoded());
        try {
            ev3 k = ev3.k(d1Var.o());
            ubd.i(k, "parsedPreCertificate");
            if (c(k) && issuerInformation.getIssuedByPreCertificateSigningCert()) {
                if (issuerInformation.getX509authorityKeyIdentifier() == null) {
                    z = false;
                }
                if (!z) {
                    throw new IllegalArgumentException("Failed requirement.".toString());
                }
            }
            rha l = k.n().l();
            ubd.i(l, "parsedPreCertificate.tbsCertificate.extensions");
            List<mha> b = b(l, issuerInformation.getX509authorityKeyIdentifier());
            vns vnsVar = new vns();
            ciq n = k.n();
            vnsVar.f(n.t());
            vnsVar.g(n.u());
            qqt name = issuerInformation.getName();
            if (name == null) {
                name = n.o();
            }
            vnsVar.d(name);
            vnsVar.h(n.v());
            vnsVar.b(n.k());
            vnsVar.i(n.w());
            vnsVar.j(n.x());
            vnsVar.e((oz5) n.p());
            vnsVar.k((oz5) n.y());
            Object[] array = b.toArray(new mha[0]);
            if (array == null) {
                throw new NullPointerException("null cannot be cast to non-null type kotlin.Array<T of kotlin.collections.ArraysKt__ArraysJVMKt.toTypedArray>");
            }
            vnsVar.c(new rha((mha[]) array));
            ciq a = vnsVar.a();
            dv4.a(d1Var, null);
            ubd.i(a, "ASN1InputStream(preCerti…BSCertificate()\n        }");
            return a;
        } finally {
        }
    }

    public final List<mha> b(rha extensions, mha replacementX509authorityKeyIdentifier) {
        j1[] l = extensions.l();
        ubd.i(l, "extensions.extensionOIDs");
        ArrayList arrayList = new ArrayList();
        for (j1 j1Var : l) {
            if (!ubd.e(j1Var.C(), "1.3.6.1.4.1.11129.2.4.3")) {
                arrayList.add(j1Var);
            }
        }
        ArrayList<j1> arrayList2 = new ArrayList();
        for (Object obj : arrayList) {
            if (!ubd.e(((j1) obj).C(), "1.3.6.1.4.1.11129.2.4.2")) {
                arrayList2.add(obj);
            }
        }
        ArrayList arrayList3 = new ArrayList(b05.v(arrayList2, 10));
        for (j1 j1Var2 : arrayList2) {
            arrayList3.add((!ubd.e(j1Var2.C(), "2.5.29.35") || replacementX509authorityKeyIdentifier == null) ? extensions.k(j1Var2) : replacementX509authorityKeyIdentifier);
        }
        return arrayList3;
    }

    public final boolean c(ev3 ev3Var) {
        return ev3Var.n().l().k(new j1("2.5.29.35")) != null;
    }

    public final void d(OutputStream outputStream, SignedCertificateTimestamp signedCertificateTimestamp) {
        if (!(signedCertificateTimestamp.getSctVersion() == Version.V1)) {
            throw new IllegalArgumentException("Can only serialize SCT v1 for now.".toString());
        }
        hei.a(outputStream, signedCertificateTimestamp.getSctVersion().getNumber(), 1);
        hei.a(outputStream, 0L, 1);
        hei.a(outputStream, signedCertificateTimestamp.getTimestamp(), 8);
    }

    public final byte[] e(Certificate certificate, SignedCertificateTimestamp sct) {
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        try {
            d(byteArrayOutputStream, sct);
            hei.a(byteArrayOutputStream, 0L, 2);
            byte[] encoded = certificate.getEncoded();
            ubd.i(encoded, "certificate.encoded");
            hei.b(byteArrayOutputStream, encoded, 16777215);
            hei.b(byteArrayOutputStream, sct.getExtensions(), 65535);
            byte[] byteArray = byteArrayOutputStream.toByteArray();
            dv4.a(byteArrayOutputStream, null);
            ubd.i(byteArray, "ByteArrayOutputStream().…t.toByteArray()\n        }");
            return byteArray;
        } finally {
        }
    }

    public final byte[] f(byte[] preCertBytes, byte[] issuerKeyHash, SignedCertificateTimestamp sct) {
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        try {
            d(byteArrayOutputStream, sct);
            hei.a(byteArrayOutputStream, 1L, 2);
            byteArrayOutputStream.write(issuerKeyHash);
            hei.b(byteArrayOutputStream, preCertBytes, 16777215);
            hei.b(byteArrayOutputStream, sct.getExtensions(), 65535);
            byte[] byteArray = byteArrayOutputStream.toByteArray();
            dv4.a(byteArrayOutputStream, null);
            ubd.i(byteArray, "ByteArrayOutputStream().…t.toByteArray()\n        }");
            return byteArray;
        } finally {
        }
    }

    public final zbo g(SignedCertificateTimestamp sct, X509Certificate certificate, IssuerInformation issuerInfo) {
        hv3 hv3Var;
        ubd.j(sct, "sct");
        ubd.j(certificate, "certificate");
        ubd.j(issuerInfo, "issuerInfo");
        try {
            byte[] g = a(certificate, issuerInfo).g();
            ubd.i(g, "preCertificateTBS.encoded");
            return h(sct, f(g, issuerInfo.getKeyHash(), sct));
        } catch (IOException e) {
            hv3Var = new hv3(e);
            return hv3Var;
        } catch (CertificateException e2) {
            hv3Var = new hv3(e2);
            return hv3Var;
        }
    }

    public final zbo h(SignedCertificateTimestamp sct, byte[] toVerify) {
        String str;
        zbo h2pVar;
        if (ubd.e(this.logServer.getKey().getAlgorithm(), "EC")) {
            str = "SHA256withECDSA";
        } else {
            if (!ubd.e(this.logServer.getKey().getAlgorithm(), "RSA")) {
                String algorithm = this.logServer.getKey().getAlgorithm();
                ubd.i(algorithm, "logServer.key.algorithm");
                return new k9s(algorithm, null, 2, null);
            }
            str = "SHA256withRSA";
        }
        try {
            Signature signature = Signature.getInstance(str);
            signature.initVerify(this.logServer.getKey());
            signature.update(toVerify);
            return signature.verify(sct.getSignature().getSignature()) ? zbo.b.a : zbo.a.b.a;
        } catch (InvalidKeyException e) {
            h2pVar = new z2f(e);
            return h2pVar;
        } catch (NoSuchAlgorithmException e2) {
            h2pVar = new k9s(str, e2);
            return h2pVar;
        } catch (SignatureException e3) {
            h2pVar = new h2p(e3);
            return h2pVar;
        }
    }

    public zbo i(SignedCertificateTimestamp sct, List<? extends Certificate> chain) {
        IssuerInformation d;
        hv3 hv3Var;
        ubd.j(sct, "sct");
        ubd.j(chain, "chain");
        long currentTimeMillis = System.currentTimeMillis();
        if (sct.getTimestamp() > currentTimeMillis) {
            return new zbo.a.d(sct.getTimestamp(), currentTimeMillis);
        }
        if (this.logServer.getValidUntil() != null && sct.getTimestamp() > this.logServer.getValidUntil().longValue()) {
            return new zbo.a.e(sct.getTimestamp(), this.logServer.getValidUntil().longValue());
        }
        if (!Arrays.equals(this.logServer.getRu.yandex.video.ott.data.local.db.DatabaseHelper.OttTrackingTable.COLUMN_ID java.lang.String(), sct.getId().getKeyId())) {
            yt1 yt1Var = yt1.a;
            return new m2f(yt1Var.b(sct.getId().getKeyId()), yt1Var.b(this.logServer.getRu.yandex.video.ott.data.local.db.DatabaseHelper.OttTrackingTable.COLUMN_ID java.lang.String()));
        }
        Certificate certificate = chain.get(0);
        if (!iv3.b(certificate) && !iv3.a(certificate)) {
            try {
                return h(sct, e(certificate, sct));
            } catch (IOException e) {
                hv3Var = new hv3(e);
                return hv3Var;
            } catch (CertificateEncodingException e2) {
                hv3Var = new hv3(e2);
                return hv3Var;
            }
        }
        if (chain.size() < 2) {
            return nah.a;
        }
        Certificate certificate2 = chain.get(1);
        try {
            if (!iv3.c(certificate2)) {
                try {
                    d = iv3.d(certificate2);
                } catch (NoSuchAlgorithmException e3) {
                    return new k9s(Constants.SHA256, e3);
                }
            } else {
                if (chain.size() < 3) {
                    return oah.a;
                }
                try {
                    d = iv3.e(certificate2, chain.get(2));
                } catch (IOException e4) {
                    return new n1(e4);
                } catch (NoSuchAlgorithmException e5) {
                    return new k9s(Constants.SHA256, e5);
                } catch (CertificateEncodingException e6) {
                    return new hv3(e6);
                }
            }
            return g(sct, (X509Certificate) certificate, d);
        } catch (CertificateParsingException e7) {
            return new jv3(e7);
        }
    }
}
