package ru.graphics;

import com.appsflyer.share.Constants;
import com.yandex.metrica.push.common.CoreConstants;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.io.OutputStream;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.Signature;
import java.security.SignatureException;
import java.security.cert.Certificate;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateParsingException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.List;
import kotlin.Metadata;
import org.xbill.DNS.Message;
import ru.domesticroots.bouncycastle.asn1.a1;
import ru.domesticroots.bouncycastle.asn1.l;
import ru.domesticroots.bouncycastle.asn1.q;
import ru.domesticroots.certificatetransparency.internal.verifier.model.Version;
import ru.graphics.xpj;

@Metadata(d1 = {"\u0000d\n\u0002\u0018\u0002\n\u0002\u0010\u0000\n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0000\n\u0002\u0010 \n\u0000\n\u0002\u0018\u0002\n\u0000\n\u0002\u0010\u0012\n\u0000\n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0002\u0010\u000b\n\u0000\n\u0002\u0018\u0002\n\u0002\b\u0005\n\u0002\u0018\u0002\n\u0002\u0018\u0002\n\u0002\b\u0006\n\u0002\u0018\u0002\n\u0002\b\u0005\b\u0000\u0018\u0000 \r2\u00020\u0001:\u0001\u0007B\u000f\u0012\u0006\u0010'\u001a\u00020%¢\u0006\u0004\b(\u0010)J\u0018\u0010\u0007\u001a\u00020\u00062\u0006\u0010\u0003\u001a\u00020\u00022\u0006\u0010\u0005\u001a\u00020\u0004H\u0002J \u0010\r\u001a\b\u0012\u0004\u0012\u00020\n0\f2\u0006\u0010\t\u001a\u00020\b2\b\u0010\u000b\u001a\u0004\u0018\u00010\nH\u0002J\u0018\u0010\u0013\u001a\u00020\u00122\u0006\u0010\u000f\u001a\u00020\u000e2\u0006\u0010\u0011\u001a\u00020\u0010H\u0002J\f\u0010\u0016\u001a\u00020\u0015*\u00020\u0014H\u0002J\u0018\u0010\u0019\u001a\u00020\u00102\u0006\u0010\u0018\u001a\u00020\u00172\u0006\u0010\u000f\u001a\u00020\u000eH\u0002J \u0010\u001c\u001a\u00020\u00102\u0006\u0010\u001a\u001a\u00020\u00102\u0006\u0010\u001b\u001a\u00020\u00102\u0006\u0010\u000f\u001a\u00020\u000eH\u0002J\u0014\u0010\u001f\u001a\u00020\u001e*\u00020\u001d2\u0006\u0010\u000f\u001a\u00020\u000eH\u0002J\u001e\u0010!\u001a\u00020\u00122\u0006\u0010\u000f\u001a\u00020\u000e2\f\u0010 \u001a\b\u0012\u0004\u0012\u00020\u00170\fH\u0016J'\u0010#\u001a\u00020\u00122\u0006\u0010\u000f\u001a\u00020\u000e2\u0006\u0010\u0018\u001a\u00020\u00022\u0006\u0010\"\u001a\u00020\u0004H\u0000¢\u0006\u0004\b#\u0010$R\u0014\u0010'\u001a\u00020%8\u0002X\u0082\u0004¢\u0006\u0006\n\u0004\b\u0007\u0010&¨\u0006*"}, d2 = {"Lru/kinopoisk/tfb;", "", "Ljava/security/cert/X509Certificate;", "preCertificate", "Lru/kinopoisk/mja;", "issuerInformation", "Lru/kinopoisk/nqm;", "a", "Lru/kinopoisk/ra8;", "extensions", "Lru/kinopoisk/oa8;", "replacementX509authorityKeyIdentifier", "", "b", "Lru/kinopoisk/s4l;", "sct", "", "toVerify", "Lru/kinopoisk/xpj;", "h", "Lru/kinopoisk/wt1;", "", Constants.URL_CAMPAIGN, "Ljava/security/cert/Certificate;", "certificate", "e", "preCertBytes", "issuerKeyHash", "f", "Ljava/io/OutputStream;", "Lru/kinopoisk/s2o;", "d", "chain", CoreConstants.PushMessage.SERVICE_TYPE, "issuerInfo", "g", "(Lru/kinopoisk/s4l;Ljava/security/cert/X509Certificate;Lru/kinopoisk/mja;)Lru/kinopoisk/xpj;", "Lru/kinopoisk/ofb;", "Lru/kinopoisk/ofb;", "logServer", "<init>", "(Lru/kinopoisk/ofb;)V", "domesticroots-certificatetransparency_release"}, k = 1, mv = {1, 6, 0})
/* loaded from: classes3.dex */
public final class tfb {

    /* renamed from: a, reason: from kotlin metadata */
    private final LogServer logServer;

    public tfb(LogServer logServer) {
        mha.j(logServer, "logServer");
        this.logServer = logServer;
    }

    private final nqm a(X509Certificate preCertificate, IssuerInformation issuerInformation) {
        boolean z = true;
        if (!(preCertificate.getVersion() >= 3)) {
            throw new IllegalArgumentException("Failed requirement.".toString());
        }
        l lVar = new l(preCertificate.getEncoded());
        try {
            wt1 s = wt1.s(lVar.j());
            mha.i(s, "parsedPreCertificate");
            if (c(s) && issuerInformation.getIssuedByPreCertificateSigningCert()) {
                if (issuerInformation.getX509authorityKeyIdentifier() == null) {
                    z = false;
                }
                if (!z) {
                    throw new IllegalArgumentException("Failed requirement.".toString());
                }
            }
            ra8 t = s.w().t();
            mha.i(t, "parsedPreCertificate.tbsCertificate.extensions");
            List<oa8> b = b(t, issuerInformation.getX509authorityKeyIdentifier());
            kpo kpoVar = new kpo();
            nqm w = s.w();
            kpoVar.f(w.z());
            kpoVar.g(w.B());
            bhp name = issuerInformation.getName();
            if (name == null) {
                name = w.x();
            }
            kpoVar.d(name);
            kpoVar.h(w.C());
            kpoVar.b(w.s());
            kpoVar.i(w.D());
            kpoVar.j(w.E());
            kpoVar.e((a1) w.y());
            kpoVar.k((a1) w.F());
            Object[] array = b.toArray(new oa8[0]);
            if (array == null) {
                throw new NullPointerException("null cannot be cast to non-null type kotlin.Array<T of kotlin.collections.ArraysKt__ArraysJVMKt.toTypedArray>");
            }
            kpoVar.c(new ra8((oa8[]) array));
            nqm a = kpoVar.a();
            yp2.a(lVar, null);
            mha.i(a, "ASN1InputStream(preCerti…BSCertificate()\n        }");
            return a;
        } finally {
        }
    }

    private final List<oa8> b(ra8 extensions, oa8 replacementX509authorityKeyIdentifier) {
        int x;
        q[] t = extensions.t();
        mha.i(t, "extensions.extensionOIDs");
        ArrayList arrayList = new ArrayList();
        for (q qVar : t) {
            if (!mha.e(qVar.J(), "1.3.6.1.4.1.11129.2.4.3")) {
                arrayList.add(qVar);
            }
        }
        ArrayList<q> arrayList2 = new ArrayList();
        for (Object obj : arrayList) {
            if (!mha.e(((q) obj).J(), "1.3.6.1.4.1.11129.2.4.2")) {
                arrayList2.add(obj);
            }
        }
        x = kotlin.collections.l.x(arrayList2, 10);
        ArrayList arrayList3 = new ArrayList(x);
        for (q qVar2 : arrayList2) {
            arrayList3.add((!mha.e(qVar2.J(), "2.5.29.35") || replacementX509authorityKeyIdentifier == null) ? extensions.s(qVar2) : replacementX509authorityKeyIdentifier);
        }
        return arrayList3;
    }

    private final boolean c(wt1 wt1Var) {
        return wt1Var.w().t().s(new q("2.5.29.35")) != null;
    }

    private final void d(OutputStream outputStream, SignedCertificateTimestamp signedCertificateTimestamp) {
        if (!(signedCertificateTimestamp.getSctVersion() == Version.V1)) {
            throw new IllegalArgumentException("Can only serialize SCT v1 for now.".toString());
        }
        wye.a(outputStream, signedCertificateTimestamp.getSctVersion().getNumber(), 1);
        wye.a(outputStream, 0L, 1);
        wye.a(outputStream, signedCertificateTimestamp.getTimestamp(), 8);
    }

    private final byte[] e(Certificate certificate, SignedCertificateTimestamp sct) {
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        try {
            d(byteArrayOutputStream, sct);
            wye.a(byteArrayOutputStream, 0L, 2);
            byte[] encoded = certificate.getEncoded();
            mha.i(encoded, "certificate.encoded");
            wye.b(byteArrayOutputStream, encoded, 16777215);
            wye.b(byteArrayOutputStream, sct.getExtensions(), Message.MAXLENGTH);
            byte[] byteArray = byteArrayOutputStream.toByteArray();
            yp2.a(byteArrayOutputStream, null);
            mha.i(byteArray, "ByteArrayOutputStream().…t.toByteArray()\n        }");
            return byteArray;
        } finally {
        }
    }

    private final byte[] f(byte[] preCertBytes, byte[] issuerKeyHash, SignedCertificateTimestamp sct) {
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        try {
            d(byteArrayOutputStream, sct);
            wye.a(byteArrayOutputStream, 1L, 2);
            byteArrayOutputStream.write(issuerKeyHash);
            wye.b(byteArrayOutputStream, preCertBytes, 16777215);
            wye.b(byteArrayOutputStream, sct.getExtensions(), Message.MAXLENGTH);
            byte[] byteArray = byteArrayOutputStream.toByteArray();
            yp2.a(byteArrayOutputStream, null);
            mha.i(byteArray, "ByteArrayOutputStream().…t.toByteArray()\n        }");
            return byteArray;
        } finally {
        }
    }

    private final xpj h(SignedCertificateTimestamp sct, byte[] toVerify) {
        String str;
        xpj q4lVar;
        if (mha.e(this.logServer.getKey().getAlgorithm(), "EC")) {
            str = "SHA256withECDSA";
        } else {
            if (!mha.e(this.logServer.getKey().getAlgorithm(), "RSA")) {
                String algorithm = this.logServer.getKey().getAlgorithm();
                mha.i(algorithm, "logServer.key.algorithm");
                return new b4o(algorithm, null, 2, null);
            }
            str = "SHA256withRSA";
        }
        try {
            Signature signature = Signature.getInstance(str);
            signature.initVerify(this.logServer.getKey());
            signature.update(toVerify);
            return signature.verify(sct.getSignature().getSignature()) ? xpj.b.a : xpj.a.b.a;
        } catch (InvalidKeyException e) {
            q4lVar = new lfb(e);
            return q4lVar;
        } catch (NoSuchAlgorithmException e2) {
            q4lVar = new b4o(str, e2);
            return q4lVar;
        } catch (SignatureException e3) {
            q4lVar = new q4l(e3);
            return q4lVar;
        }
    }

    public final xpj g(SignedCertificateTimestamp sct, X509Certificate certificate, IssuerInformation issuerInfo) {
        cu1 cu1Var;
        mha.j(sct, "sct");
        mha.j(certificate, "certificate");
        mha.j(issuerInfo, "issuerInfo");
        try {
            byte[] q = a(certificate, issuerInfo).q();
            mha.i(q, "preCertificateTBS.encoded");
            return h(sct, f(q, issuerInfo.getKeyHash(), sct));
        } catch (IOException e) {
            cu1Var = new cu1(e);
            return cu1Var;
        } catch (CertificateException e2) {
            cu1Var = new cu1(e2);
            return cu1Var;
        }
    }

    public xpj i(SignedCertificateTimestamp sct, List<? extends Certificate> chain) {
        IssuerInformation d;
        cu1 cu1Var;
        mha.j(sct, "sct");
        mha.j(chain, "chain");
        long currentTimeMillis = System.currentTimeMillis();
        if (sct.getTimestamp() > currentTimeMillis) {
            return new xpj.a.d(sct.getTimestamp(), currentTimeMillis);
        }
        if (this.logServer.getValidUntil() != null && sct.getTimestamp() > this.logServer.getValidUntil().longValue()) {
            return new xpj.a.e(sct.getTimestamp(), this.logServer.getValidUntil().longValue());
        }
        if (!Arrays.equals(this.logServer.getId(), sct.getId().getKeyId())) {
            po0 po0Var = po0.a;
            return new yeb(po0Var.b(sct.getId().getKeyId()), po0Var.b(this.logServer.getId()));
        }
        Certificate certificate = chain.get(0);
        if (!du1.b(certificate) && !du1.a(certificate)) {
            try {
                return h(sct, e(certificate, sct));
            } catch (IOException e) {
                cu1Var = new cu1(e);
                return cu1Var;
            } catch (CertificateEncodingException e2) {
                cu1Var = new cu1(e2);
                return cu1Var;
            }
        }
        if (chain.size() < 2) {
            return p3e.a;
        }
        Certificate certificate2 = chain.get(1);
        try {
            if (!du1.c(certificate2)) {
                try {
                    d = du1.d(certificate2);
                } catch (NoSuchAlgorithmException e3) {
                    return new b4o("SHA-256", e3);
                }
            } else {
                if (chain.size() < 3) {
                    return q3e.a;
                }
                try {
                    d = du1.e(certificate2, chain.get(2));
                } catch (IOException e4) {
                    return new z0(e4);
                } catch (NoSuchAlgorithmException e5) {
                    return new b4o("SHA-256", e5);
                } catch (CertificateEncodingException e6) {
                    return new cu1(e6);
                }
            }
            return g(sct, (X509Certificate) certificate, d);
        } catch (CertificateParsingException e7) {
            return new eu1(e7);
        }
    }
}
