package com.enterprisedt.net.puretls.cert;

import a0.g1;
import a1.h;
import com.enterprisedt.bouncycastle.asn1.ASN1Encoding;
import com.enterprisedt.cryptix.asn1.encoding.BaseCoder;
import com.enterprisedt.cryptix.asn1.encoding.CoderOperations;
import com.enterprisedt.cryptix.asn1.lang.ASNObject;
import com.enterprisedt.cryptix.provider.Cryptix;
import com.enterprisedt.cryptix.util.core.ArrayUtil;
import com.enterprisedt.net.puretls.SSLDebug;
import com.enterprisedt.net.puretls.sslg.CertVerifyPolicyInt;
import com.enterprisedt.net.puretls.sslg.Certificate;
import com.enterprisedt.net.puretls.sslg.DistinguishedName;
import com.enterprisedt.util.debug.Logger;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.math.BigInteger;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PublicKey;
import java.security.Signature;
import java.security.SignatureException;
import java.security.interfaces.DSAPublicKey;
import java.util.Date;
import java.util.Hashtable;
import java.util.Vector;
import xjava.security.interfaces.CryptixRSAPublicKey;

/* loaded from: classes.dex */
public class X509Cert implements Certificate {

    /* renamed from: t, reason: collision with root package name */
    private static Logger f14072t = Logger.getLogger("X509Cert");

    /* renamed from: u, reason: collision with root package name */
    private static Hashtable f14073u;

    /* renamed from: a, reason: collision with root package name */
    public ASNObject f14074a;

    /* renamed from: b, reason: collision with root package name */
    public ASNObject f14075b;

    /* renamed from: c, reason: collision with root package name */
    public ASNObject f14076c;

    /* renamed from: d, reason: collision with root package name */
    public ASNObject f14077d;

    /* renamed from: e, reason: collision with root package name */
    public ASNObject f14078e;

    /* renamed from: f, reason: collision with root package name */
    public ASNObject f14079f;

    /* renamed from: g, reason: collision with root package name */
    public byte[] f14080g;

    /* renamed from: h, reason: collision with root package name */
    public byte[] f14081h;

    /* renamed from: i, reason: collision with root package name */
    public byte[] f14082i;

    /* renamed from: j, reason: collision with root package name */
    public byte[] f14083j;

    /* renamed from: k, reason: collision with root package name */
    public byte[] f14084k;

    /* renamed from: l, reason: collision with root package name */
    public String f14085l;

    /* renamed from: m, reason: collision with root package name */
    public PublicKey f14086m;

    /* renamed from: n, reason: collision with root package name */
    public X509Name f14087n;

    /* renamed from: o, reason: collision with root package name */
    public X509Name f14088o;

    /* renamed from: p, reason: collision with root package name */
    public BigInteger f14089p;

    /* renamed from: q, reason: collision with root package name */
    public Date f14090q;

    /* renamed from: r, reason: collision with root package name */
    public Date f14091r;

    /* renamed from: s, reason: collision with root package name */
    public Vector f14092s;

    static {
        Hashtable hashtable = new Hashtable();
        f14073u = hashtable;
        hashtable.put("1.2.840.10040.4.3", "DSA");
        f14073u.put("1.2.840.113549.1.1.2", "MD2/RSA");
        f14073u.put("1.2.840.113549.1.1.3", "MD4/RSA");
        f14073u.put("1.2.840.113549.1.1.4", "MD5/RSA");
        f14073u.put("1.2.840.113549.1.1.5", "SHA-1/RSA/PKCS#1");
        f14073u.put("1.2.840.113549.1.1.11", "SHA-256/RSA/PKCS#1");
        f14073u.put("1.2.840.113549.1.1.12", "SHA-384/RSA/PKCS#1");
        f14073u.put("1.2.840.113549.1.1.13", "SHA-512/RSA/PKCS#1");
    }

    public X509Cert(byte[] bArr) throws CertificateException {
        this.f14092s = null;
        this.f14080g = bArr;
        synchronized (CertContext.getSpec()) {
            ASNObject component = CertContext.getSpec().getComponent("UsefulCertificate");
            CoderOperations baseCoder = BaseCoder.getInstance(ASN1Encoding.DER);
            baseCoder.init(new ByteArrayInputStream(bArr));
            try {
                component.accept(baseCoder, null);
                this.f14074a = component;
                this.f14081h = (byte[]) component.getComponent("UsefulCertificate.tbsCertificate").getValue();
                ASNObject component2 = component.getComponent("UsefulCertificate.signatureAlgorithm");
                this.f14078e = component2;
                this.f14085l = (String) ((Vector) ((Vector) component2.getValue()).elementAt(0)).elementAt(0);
                SSLDebug.debug(32, "Signed by " + this.f14085l);
                ASNObject component3 = component.getComponent("UsefulCertificate.signature");
                this.f14079f = component3;
                byte[] bArr2 = (byte[]) component3.getValue();
                if (bArr2[0] != 0) {
                    throw new IOException();
                }
                byte[] bArr3 = new byte[bArr2.length - 1];
                this.f14084k = bArr3;
                System.arraycopy(bArr2, 1, bArr3, 0, bArr3.length);
                SSLDebug.debug(32, "Signature ", this.f14084k);
                ASNObject component4 = CertContext.getSpec().getComponent("UsefulTBSCertificate");
                this.f14075b = component4;
                ASNObject component5 = component4.getComponent("UsefulTBSCertificate.extensions");
                component5.setValue(component5.getDefaultValue());
                ASNObject component6 = this.f14075b.getComponent("UsefulTBSCertificate.version");
                component6.setValue(component6.getDefaultValue());
                ASNObject component7 = this.f14075b.getComponent("UsefulTBSCertificate.issuerUniqueID");
                component7.setValue(component7.getDefaultValue());
                ASNObject component8 = this.f14075b.getComponent("UsefulTBSCertificate.subjectUniqueID");
                component8.setValue(component8.getDefaultValue());
                SSLDebug.debug(32, "Unsigned cert DER", this.f14081h);
                baseCoder.init(new ByteArrayInputStream(this.f14081h));
                this.f14075b.accept(baseCoder, null);
                ASNObject component9 = this.f14075b.getComponent("UsefulTBSCertificate.issuer");
                this.f14076c = component9;
                byte[] bArr4 = (byte[]) component9.getValue();
                this.f14083j = bArr4;
                SSLDebug.debug(32, "Issuer DER", bArr4);
                X509Name x509Name = new X509Name(this.f14083j);
                this.f14088o = x509Name;
                SSLDebug.debug(32, "Issuer Name = ", x509Name.getNameString());
                ASNObject component10 = this.f14075b.getComponent("UsefulTBSCertificate.subject");
                this.f14077d = component10;
                byte[] bArr5 = (byte[]) component10.getValue();
                this.f14082i = bArr5;
                SSLDebug.debug(32, "Subject DER", bArr5);
                X509Name x509Name2 = new X509Name(this.f14082i);
                this.f14087n = x509Name2;
                SSLDebug.debug(32, "Subject Name = ", x509Name2.getNameString());
                this.f14086m = X509SubjectPublicKeyInfo.createPublicKey((byte[]) this.f14075b.getComponent("UsefulTBSCertificate.subjectPublicKeyInfo").getValue());
                BigInteger bigInteger = (BigInteger) this.f14075b.getComponent("UsefulTBSCertificate.serialNumber").getValue();
                this.f14089p = bigInteger;
                SSLDebug.debug(32, "Serial Number = ", bigInteger.toString());
                ASNObject component11 = this.f14075b.getComponent("UsefulTBSCertificate.validity");
                Date date = (Date) component11.getComponent("Validity.notBefore").getValue();
                this.f14090q = date;
                SSLDebug.debug(32, "Not valid before ", date);
                ASNObject component12 = component11.getComponent("Validity.notAfter");
                SSLDebug.debug(32, "Not valid after ", this.f14091r);
                this.f14091r = (Date) component12.getValue();
                Vector vector = (Vector) this.f14075b.getComponent("UsefulTBSCertificate.extensions").getValue();
                if (vector != null) {
                    SSLDebug.debug(32, "Number of extensions = ", vector.size());
                    for (int i10 = 0; i10 < vector.size(); i10++) {
                        if (i10 == 0) {
                            this.f14092s = new Vector();
                        }
                        byte[] bArr6 = (byte[]) ((Vector) vector.elementAt(i10)).elementAt(0);
                        SSLDebug.debug(32, "Extension " + i10, bArr6);
                        this.f14092s.addElement(new X509Ext(bArr6));
                    }
                } else {
                    SSLDebug.debug(32, "No extensions");
                }
            } catch (IOException e9) {
                throw new CertificateDecodeException(e9.toString());
            }
        }
    }

    private int a(boolean z8, boolean z10, boolean z11) throws CertificateVerifyException {
        try {
            X509Ext a9 = X509Ext.a(this, b.f14102a);
            b bVar = a9 != null ? new b(a9) : null;
            if (bVar == null) {
                if (z8) {
                    throw new CertificateVerifyException("Basic Constraints not present", this);
                }
                return 255;
            }
            if (!bVar.b()) {
                if (z11) {
                    return bVar.c();
                }
                throw new CertificateVerifyException("Basic Constraints present in signing cert but not a CA", this);
            }
            if (!z10 || bVar.a()) {
                return bVar.c();
            }
            throw new CertificateVerifyException("Basic constraints for a CA must be critical", this);
        } catch (IOException e9) {
            StringBuilder x10 = h.x("Problem parsing Basic Constraints");
            x10.append(e9.toString());
            throw new CertificateVerifyException(x10.toString(), this);
        }
    }

    public static void a(Certificate certificate, Date date) throws CertificateVerifyException {
        Date validityNotBefore = certificate.getValidityNotBefore();
        if (date.before(validityNotBefore)) {
            throw new CertificateVerifyException("Certificate '" + certificate.getSubjectName().getNameString() + "' not yet valid. Not before date " + validityNotBefore, certificate);
        }
        Date validityNotAfter = certificate.getValidityNotAfter();
        if (date.after(validityNotAfter)) {
            throw new CertificateVerifyException("Certificate '" + certificate.getSubjectName().getNameString() + "' expired. Not after date " + validityNotAfter, certificate);
        }
    }

    private void a(boolean z8) throws CertificateVerifyException {
        try {
            X509Ext a9 = X509Ext.a(this, c.f14106a);
            c cVar = a9 != null ? new c(a9) : null;
            if (cVar == null) {
                if (z8) {
                    throw new CertificateVerifyException("Key Usage required for CAs", this);
                }
            } else if (!cVar.a(c.f14112g)) {
                throw new CertificateVerifyException("Key Usage present but keyCertSign not asserted", this);
            }
        } catch (IOException e9) {
            StringBuilder x10 = h.x("Problem parsing Key Usage");
            x10.append(e9.toString());
            throw new CertificateVerifyException(x10.toString(), this);
        }
    }

    public static Vector verifyCertChain(CertContext certContext, Vector vector, CertVerifyPolicyInt certVerifyPolicyInt) throws IOException {
        int size = vector.size();
        Vector vector2 = new Vector();
        int i10 = 255;
        X509Cert x509Cert = null;
        boolean z8 = false;
        for (int i11 = 0; i11 < size; i11++) {
            X509Cert x509Cert2 = (X509Cert) vector.elementAt(i11);
            SSLDebug.debug(32, "Trying to verify", x509Cert2.getDER());
            if (!z8) {
                if (certContext.isRoot(x509Cert2.getDER())) {
                    SSLDebug.debug(32, "Is root");
                    vector2.addElement(x509Cert2);
                    x509Cert = x509Cert2;
                    z8 = true;
                } else {
                    SSLDebug.debug(32, "Trying to find root with DN", x509Cert2.getIssuerDER());
                    x509Cert = certContext.signedByRoot(x509Cert2.getIssuerDER());
                    if (x509Cert == null) {
                        SSLDebug.debug(32, "Nope");
                    } else {
                        SSLDebug.debug(32, "Found one");
                        vector2.addElement(x509Cert);
                        z8 = true;
                    }
                }
            }
            if (!ArrayUtil.areEqual(x509Cert.getSubjectDER(), x509Cert2.getIssuerDER())) {
                throw new CertificateVerifyException(g1.r("Invalid certificate chain at '", x509Cert2.getSubjectName().getNameString(), "' certificate. Subject and issuer names do not match"), vector);
            }
            if (!x509Cert2.verify(x509Cert.getPublicKey())) {
                throw new CertificateVerifyException(g1.r("The signature of '", x509Cert2.getSubjectName().getNameString(), "' certificate does not match its issuer"), vector);
            }
            if (certVerifyPolicyInt.checkDatesP()) {
                a(x509Cert2, new Date());
            }
            if (vector2.size() == 1) {
                int a9 = x509Cert.a(false, certVerifyPolicyInt.requireBasicConstraintsCriticalP(), certVerifyPolicyInt.allowBasicConstraintsInNonCAP()) + 1;
                if (a9 != -1) {
                    i10 = a9;
                }
                x509Cert.a(false);
            } else {
                int a10 = x509Cert.a(certVerifyPolicyInt.requireBasicConstraintsP(), certVerifyPolicyInt.requireBasicConstraintsCriticalP(), certVerifyPolicyInt.allowBasicConstraintsInNonCAP()) + 1;
                if (a10 < i10) {
                    i10 = a10;
                }
                x509Cert.a(certVerifyPolicyInt.requireKeyUsageP());
            }
            if (i10 < 1) {
                throw new CertificateVerifyException("No more certificates allowed. Ran out of pathLen", vector);
            }
            i10--;
            vector2.addElement(x509Cert2);
            x509Cert = x509Cert2;
        }
        if (x509Cert != null) {
            return vector2;
        }
        return null;
    }

    public void a(PublicKey publicKey, String str) throws CertificateVerifyException {
        if (str.equals("MD2/RSA") || str.equals("MD4/RSA") || str.equals("MD5/RSA") || str.equals("SHA-1/RSA/PKCS#1") || str.equals("SHA-256/RSA/PKCS#1") || str.equals("SHA-384/RSA/PKCS#1") || str.equals("SHA-512/RSA/PKCS#1")) {
            if (!(publicKey instanceof CryptixRSAPublicKey)) {
                throw new CertificateVerifyException(g1.q("Public key doesn't match algorithm ", str), this);
            }
        } else {
            if (!str.equals("DSA")) {
                throw new CertificateVerifyException(g1.q("Unknown algorithm ", str), this);
            }
            if (!(publicKey instanceof DSAPublicKey)) {
                throw new CertificateVerifyException(g1.q("Public key doesn't match algorithm ", str), this);
            }
        }
    }

    @Override // com.enterprisedt.net.puretls.sslg.Certificate
    public byte[] getDER() {
        return this.f14080g;
    }

    @Override // com.enterprisedt.net.puretls.sslg.Certificate
    public Vector getExtensions() {
        return this.f14092s;
    }

    @Override // com.enterprisedt.net.puretls.sslg.Certificate
    public byte[] getIssuerDER() {
        return this.f14083j;
    }

    @Override // com.enterprisedt.net.puretls.sslg.Certificate
    public DistinguishedName getIssuerName() {
        return this.f14088o;
    }

    public PublicKey getPublicKey() {
        return this.f14086m;
    }

    @Override // com.enterprisedt.net.puretls.sslg.Certificate
    public BigInteger getSerial() {
        return this.f14089p;
    }

    @Override // com.enterprisedt.net.puretls.sslg.Certificate
    public byte[] getSubjectDER() {
        return this.f14082i;
    }

    @Override // com.enterprisedt.net.puretls.sslg.Certificate
    public DistinguishedName getSubjectName() {
        return this.f14087n;
    }

    @Override // com.enterprisedt.net.puretls.sslg.Certificate
    public Date getValidityNotAfter() {
        return this.f14091r;
    }

    @Override // com.enterprisedt.net.puretls.sslg.Certificate
    public Date getValidityNotBefore() {
        return this.f14090q;
    }

    public boolean verify(PublicKey publicKey) throws CertificateException {
        try {
            String str = (String) f14073u.get(this.f14085l);
            if (str == null) {
                String str2 = "unknown signature algorithm: " + this.f14085l;
                f14072t.error(str2);
                throw new CertificateVerifyException(str2, this);
            }
            SSLDebug.debug(32, "OID " + this.f14085l + "mapped to " + str);
            a(publicKey, str);
            Signature signature = Signature.getInstance(str, Cryptix.PROVIDER_NAME);
            f14072t.debug("verify: alg=" + str + ",provider=" + signature.getProvider().getName());
            signature.initVerify(publicKey);
            signature.update(this.f14081h);
            return signature.verify(this.f14084k);
        } catch (InvalidKeyException e9) {
            f14072t.error("verify", e9);
            throw new CertificateVerifyException(e9.toString(), this);
        } catch (NoSuchAlgorithmException e10) {
            f14072t.error("verify", e10);
            throw new CertificateVerifyException(e10.toString(), this);
        } catch (NoSuchProviderException e11) {
            f14072t.error("verify", e11);
            throw new CertificateVerifyException(e11.toString(), this);
        } catch (SignatureException e12) {
            f14072t.error("verify", e12);
            throw new CertificateVerifyException(e12.toString(), this);
        }
    }
}
