package org.bouncycastle.jcajce.provider.asymmetric.x509;

import com.google.firebase.perf.util.Constants;
import java.io.BufferedOutputStream;
import java.io.IOException;
import java.math.BigInteger;
import java.net.InetAddress;
import java.net.UnknownHostException;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.Principal;
import java.security.Provider;
import java.security.PublicKey;
import java.security.Signature;
import java.security.SignatureException;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateExpiredException;
import java.security.cert.CertificateNotYetValidException;
import java.security.cert.CertificateParsingException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Collections;
import java.util.Date;
import java.util.Enumeration;
import java.util.HashSet;
import java.util.List;
import java.util.Set;
import javax.security.auth.x500.X500Principal;
import org.bouncycastle.asn1.f;
import org.bouncycastle.asn1.k;
import org.bouncycastle.asn1.o;
import org.bouncycastle.asn1.p;
import org.bouncycastle.asn1.p0;
import org.bouncycastle.asn1.s;
import org.bouncycastle.asn1.s2.d;
import org.bouncycastle.asn1.t;
import org.bouncycastle.asn1.v0;
import org.bouncycastle.asn1.w0;
import org.bouncycastle.asn1.x509.b;
import org.bouncycastle.asn1.x509.d0;
import org.bouncycastle.asn1.x509.j;
import org.bouncycastle.asn1.x509.n;
import org.bouncycastle.asn1.x509.o0;
import org.bouncycastle.asn1.x509.u;
import org.bouncycastle.asn1.x509.v;
import org.bouncycastle.asn1.x509.w;
import org.bouncycastle.asn1.y;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.util.g;
import org.bouncycastle.util.l;
import p.c.a.e;
import p.c.a.u.a;
import p.c.a.x.c;

/* loaded from: classes2.dex */
abstract class X509CertificateImpl extends X509Certificate implements a {
    protected j basicConstraints;
    protected c bcHelper;
    protected n c;
    protected boolean[] keyUsage;
    protected String sigAlgName;
    protected byte[] sigAlgParams;

    /* JADX INFO: Access modifiers changed from: package-private */
    public X509CertificateImpl(c cVar, n nVar, j jVar, boolean[] zArr, String str, byte[] bArr) {
        this.bcHelper = cVar;
        this.c = nVar;
        this.basicConstraints = jVar;
        this.keyUsage = zArr;
        this.sigAlgName = str;
        this.sigAlgParams = bArr;
    }

    /* JADX WARN: Unreachable blocks removed: 3, instructions: 3 */
    private void checkSignature(PublicKey publicKey, Signature signature, f fVar, byte[] bArr) throws CertificateException, NoSuchAlgorithmException, SignatureException, InvalidKeyException {
        if (!isAlgIdEqual(this.c.i(), this.c.n().k())) {
            throw new CertificateException("signature algorithm in TBS cert not same as outer cert");
        }
        X509SignatureUtil.setSignatureParameters(signature, fVar);
        signature.initVerify(publicKey);
        try {
            BufferedOutputStream bufferedOutputStream = new BufferedOutputStream(p.c.a.v.c.a(signature), 512);
            this.c.n().a(bufferedOutputStream, "DER");
            bufferedOutputStream.close();
            if (!signature.verify(bArr)) {
                throw new SignatureException("certificate does not verify with supplied key");
            }
        } catch (IOException e2) {
            throw new CertificateEncodingException(e2.toString());
        }
    }

    /* JADX WARN: Unreachable blocks removed: 5, instructions: 5 */
    private void doVerify(PublicKey publicKey, SignatureCreator signatureCreator) throws CertificateException, NoSuchAlgorithmException, InvalidKeyException, SignatureException, NoSuchProviderException {
        boolean z = publicKey instanceof e;
        int i2 = 0;
        if (z && X509SignatureUtil.isCompositeAlgorithm(this.c.i())) {
            List<PublicKey> a = ((e) publicKey).a();
            t a2 = t.a((Object) this.c.i().f());
            t a3 = t.a((Object) p0.a((Object) this.c.h()).i());
            boolean z2 = false;
            while (i2 != a.size()) {
                if (a.get(i2) != null) {
                    b a4 = b.a(a2.c(i2));
                    try {
                        checkSignature(a.get(i2), signatureCreator.createSignature(X509SignatureUtil.getSignatureName(a4)), a4.f(), p0.a((Object) a3.c(i2)).i());
                        e = null;
                        z2 = true;
                    } catch (SignatureException e2) {
                        e = e2;
                    }
                    if (e != null) {
                        throw e;
                    }
                }
                i2++;
            }
            if (!z2) {
                throw new InvalidKeyException("no matching key found");
            }
            return;
        }
        if (!X509SignatureUtil.isCompositeAlgorithm(this.c.i())) {
            Signature createSignature = signatureCreator.createSignature(X509SignatureUtil.getSignatureName(this.c.i()));
            if (!z) {
                checkSignature(publicKey, createSignature, this.c.i().f(), getSignature());
                return;
            }
            List<PublicKey> a5 = ((e) publicKey).a();
            while (i2 != a5.size()) {
                try {
                    checkSignature(a5.get(i2), createSignature, this.c.i().f(), getSignature());
                    return;
                } catch (InvalidKeyException unused) {
                    i2++;
                }
            }
            throw new InvalidKeyException("no matching signature found");
        }
        t a6 = t.a((Object) this.c.i().f());
        t a7 = t.a((Object) p0.a((Object) this.c.h()).i());
        boolean z3 = false;
        while (i2 != a7.size()) {
            b a8 = b.a(a6.c(i2));
            try {
                checkSignature(publicKey, signatureCreator.createSignature(X509SignatureUtil.getSignatureName(a8)), a8.f(), p0.a((Object) a7.c(i2)).i());
                e = null;
                z3 = true;
            } catch (InvalidKeyException | NoSuchAlgorithmException unused2) {
                e = null;
            } catch (SignatureException e3) {
                e = e3;
            }
            if (e != null) {
                throw e;
            }
            i2++;
        }
        if (!z3) {
            throw new InvalidKeyException("no matching key found");
        }
    }

    /* JADX WARN: Failed to find 'out' block for switch in B:12:0x004a. Please report as an issue. */
    /* JADX WARN: Unreachable blocks removed: 2, instructions: 3 */
    private static Collection getAlternativeNames(n nVar, String str) throws CertificateParsingException {
        String c;
        byte[] extensionOctets = getExtensionOctets(nVar, str);
        if (extensionOctets == null) {
            return null;
        }
        try {
            ArrayList arrayList = new ArrayList();
            Enumeration i2 = t.a((Object) extensionOctets).i();
            while (i2.hasMoreElements()) {
                w a = w.a(i2.nextElement());
                ArrayList arrayList2 = new ArrayList();
                arrayList2.add(g.c(a.e()));
                switch (a.e()) {
                    case 0:
                    case 3:
                    case 5:
                        arrayList2.add(a.getEncoded());
                        arrayList.add(Collections.unmodifiableList(arrayList2));
                    case 1:
                    case 2:
                    case 6:
                        c = ((y) a.getName()).c();
                        arrayList2.add(c);
                        arrayList.add(Collections.unmodifiableList(arrayList2));
                    case 4:
                        c = org.bouncycastle.asn1.e3.c.a(org.bouncycastle.asn1.e3.f.e.V, a.getName()).toString();
                        arrayList2.add(c);
                        arrayList.add(Collections.unmodifiableList(arrayList2));
                    case 7:
                        try {
                            c = InetAddress.getByAddress(p.a((Object) a.getName()).i()).getHostAddress();
                            arrayList2.add(c);
                            arrayList.add(Collections.unmodifiableList(arrayList2));
                        } catch (UnknownHostException unused) {
                        }
                    case 8:
                        c = o.a((Object) a.getName()).i();
                        arrayList2.add(c);
                        arrayList.add(Collections.unmodifiableList(arrayList2));
                    default:
                        throw new IOException("Bad tag number: " + a.e());
                }
            }
            if (arrayList.size() == 0) {
                return null;
            }
            return Collections.unmodifiableCollection(arrayList);
        } catch (Exception e2) {
            throw new CertificateParsingException(e2.getMessage());
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static byte[] getExtensionOctets(n nVar, String str) {
        p extensionValue = getExtensionValue(nVar, str);
        if (extensionValue != null) {
            return extensionValue.i();
        }
        return null;
    }

    protected static p getExtensionValue(n nVar, String str) {
        u a;
        v f2 = nVar.n().f();
        if (f2 == null || (a = f2.a(new o(str))) == null) {
            return null;
        }
        return a.f();
    }

    private boolean isAlgIdEqual(b bVar, b bVar2) {
        if (!bVar.e().b(bVar2.e())) {
            return false;
        }
        if (l.c("org.bouncycastle.x509.allow_absent_equiv_NULL")) {
            if (bVar.f() == null) {
                return bVar2.f() == null || bVar2.f().equals(w0.a);
            }
            if (bVar2.f() == null) {
                return bVar.f() == null || bVar.f().equals(w0.a);
            }
        }
        if (bVar.f() != null) {
            return bVar.f().equals(bVar2.f());
        }
        if (bVar2.f() != null) {
            return bVar2.f().equals(bVar.f());
        }
        return true;
    }

    @Override // java.security.cert.X509Certificate
    public void checkValidity() throws CertificateExpiredException, CertificateNotYetValidException {
        checkValidity(new Date());
    }

    /* JADX WARN: Unreachable blocks removed: 2, instructions: 2 */
    @Override // java.security.cert.X509Certificate
    public void checkValidity(Date date) throws CertificateExpiredException, CertificateNotYetValidException {
        if (date.getTime() > getNotAfter().getTime()) {
            throw new CertificateExpiredException("certificate expired on " + this.c.e().f());
        }
        if (date.getTime() >= getNotBefore().getTime()) {
            return;
        }
        throw new CertificateNotYetValidException("certificate not valid till " + this.c.k().f());
    }

    @Override // java.security.cert.X509Certificate
    public int getBasicConstraints() {
        j jVar = this.basicConstraints;
        if (jVar == null || !jVar.f()) {
            return -1;
        }
        if (this.basicConstraints.e() == null) {
            return Integer.MAX_VALUE;
        }
        return this.basicConstraints.e().intValue();
    }

    @Override // java.security.cert.X509Extension
    public Set getCriticalExtensionOIDs() {
        if (getVersion() == 3) {
            HashSet hashSet = new HashSet();
            v f2 = this.c.n().f();
            if (f2 != null) {
                Enumeration e2 = f2.e();
                while (true) {
                    while (e2.hasMoreElements()) {
                        o oVar = (o) e2.nextElement();
                        if (f2.a(oVar).h()) {
                            hashSet.add(oVar.i());
                        }
                    }
                    return hashSet;
                }
            }
        }
        return null;
    }

    /* JADX WARN: Unreachable blocks removed: 1, instructions: 1 */
    @Override // java.security.cert.Certificate
    public byte[] getEncoded() throws CertificateEncodingException {
        try {
            return this.c.a("DER");
        } catch (IOException e2) {
            throw new CertificateEncodingException(e2.toString());
        }
    }

    /* JADX WARN: Unreachable blocks removed: 1, instructions: 1 */
    @Override // java.security.cert.X509Certificate
    public List getExtendedKeyUsage() throws CertificateParsingException {
        byte[] extensionOctets = getExtensionOctets(this.c, "2.5.29.37");
        if (extensionOctets == null) {
            return null;
        }
        try {
            t a = t.a((Object) s.a(extensionOctets));
            ArrayList arrayList = new ArrayList();
            for (int i2 = 0; i2 != a.size(); i2++) {
                arrayList.add(((o) a.c(i2)).i());
            }
            return Collections.unmodifiableList(arrayList);
        } catch (Exception unused) {
            throw new CertificateParsingException("error processing extended key usage extension");
        }
    }

    /* JADX WARN: Unreachable blocks removed: 1, instructions: 1 */
    @Override // java.security.cert.X509Extension
    public byte[] getExtensionValue(String str) {
        p extensionValue = getExtensionValue(this.c, str);
        if (extensionValue == null) {
            return null;
        }
        try {
            return extensionValue.getEncoded();
        } catch (Exception e2) {
            throw new IllegalStateException("error parsing " + e2.toString());
        }
    }

    @Override // java.security.cert.X509Certificate
    public Collection getIssuerAlternativeNames() throws CertificateParsingException {
        return getAlternativeNames(this.c, u.f7317f.i());
    }

    @Override // java.security.cert.X509Certificate
    public Principal getIssuerDN() {
        return new p.c.b.e(this.c.f());
    }

    @Override // java.security.cert.X509Certificate
    public boolean[] getIssuerUniqueID() {
        p0 h2 = this.c.n().h();
        if (h2 == null) {
            return null;
        }
        byte[] i2 = h2.i();
        int length = (i2.length * 8) - h2.l();
        boolean[] zArr = new boolean[length];
        for (int i3 = 0; i3 != length; i3++) {
            zArr[i3] = (i2[i3 / 8] & (Constants.MAX_CONTENT_TYPE_LENGTH >>> (i3 % 8))) != 0;
        }
        return zArr;
    }

    @Override // p.c.a.u.a
    public org.bouncycastle.asn1.e3.c getIssuerX500Name() {
        return this.c.f();
    }

    /* JADX WARN: Unreachable blocks removed: 1, instructions: 1 */
    @Override // java.security.cert.X509Certificate
    public X500Principal getIssuerX500Principal() {
        try {
            return new X500Principal(this.c.f().a("DER"));
        } catch (IOException unused) {
            throw new IllegalStateException("can't encode issuer DN");
        }
    }

    @Override // java.security.cert.X509Certificate
    public boolean[] getKeyUsage() {
        return org.bouncycastle.util.a.a(this.keyUsage);
    }

    @Override // java.security.cert.X509Extension
    public Set getNonCriticalExtensionOIDs() {
        if (getVersion() == 3) {
            HashSet hashSet = new HashSet();
            v f2 = this.c.n().f();
            if (f2 != null) {
                Enumeration e2 = f2.e();
                while (true) {
                    while (e2.hasMoreElements()) {
                        o oVar = (o) e2.nextElement();
                        if (!f2.a(oVar).h()) {
                            hashSet.add(oVar.i());
                        }
                    }
                    return hashSet;
                }
            }
        }
        return null;
    }

    @Override // java.security.cert.X509Certificate
    public Date getNotAfter() {
        return this.c.e().e();
    }

    @Override // java.security.cert.X509Certificate
    public Date getNotBefore() {
        return this.c.k().e();
    }

    @Override // java.security.cert.Certificate
    public PublicKey getPublicKey() {
        try {
            return BouncyCastleProvider.getPublicKey(this.c.m());
        } catch (IOException unused) {
            return null;
        }
    }

    @Override // java.security.cert.X509Certificate
    public BigInteger getSerialNumber() {
        return this.c.g().k();
    }

    @Override // java.security.cert.X509Certificate
    public String getSigAlgName() {
        return this.sigAlgName;
    }

    @Override // java.security.cert.X509Certificate
    public String getSigAlgOID() {
        return this.c.i().e().i();
    }

    @Override // java.security.cert.X509Certificate
    public byte[] getSigAlgParams() {
        return org.bouncycastle.util.a.b(this.sigAlgParams);
    }

    @Override // java.security.cert.X509Certificate
    public byte[] getSignature() {
        return this.c.h().k();
    }

    @Override // java.security.cert.X509Certificate
    public Collection getSubjectAlternativeNames() throws CertificateParsingException {
        return getAlternativeNames(this.c, u.f7316e.i());
    }

    @Override // java.security.cert.X509Certificate
    public Principal getSubjectDN() {
        return new p.c.b.e(this.c.l());
    }

    @Override // java.security.cert.X509Certificate
    public boolean[] getSubjectUniqueID() {
        p0 o2 = this.c.n().o();
        if (o2 == null) {
            return null;
        }
        byte[] i2 = o2.i();
        int length = (i2.length * 8) - o2.l();
        boolean[] zArr = new boolean[length];
        for (int i3 = 0; i3 != length; i3++) {
            zArr[i3] = (i2[i3 / 8] & (Constants.MAX_CONTENT_TYPE_LENGTH >>> (i3 % 8))) != 0;
        }
        return zArr;
    }

    @Override // p.c.a.u.a
    public org.bouncycastle.asn1.e3.c getSubjectX500Name() {
        return this.c.l();
    }

    /* JADX WARN: Unreachable blocks removed: 1, instructions: 1 */
    @Override // java.security.cert.X509Certificate
    public X500Principal getSubjectX500Principal() {
        try {
            return new X500Principal(this.c.l().a("DER"));
        } catch (IOException unused) {
            throw new IllegalStateException("can't encode subject DN");
        }
    }

    /* JADX WARN: Unreachable blocks removed: 1, instructions: 1 */
    @Override // java.security.cert.X509Certificate
    public byte[] getTBSCertificate() throws CertificateEncodingException {
        try {
            return this.c.n().a("DER");
        } catch (IOException e2) {
            throw new CertificateEncodingException(e2.toString());
        }
    }

    @Override // p.c.a.u.a
    public o0 getTBSCertificateNative() {
        return this.c.n();
    }

    @Override // java.security.cert.X509Certificate
    public int getVersion() {
        return this.c.o();
    }

    @Override // java.security.cert.X509Extension
    public boolean hasUnsupportedCriticalExtension() {
        v f2;
        if (getVersion() == 3 && (f2 = this.c.n().f()) != null) {
            Enumeration e2 = f2.e();
            loop0: while (true) {
                while (e2.hasMoreElements()) {
                    o oVar = (o) e2.nextElement();
                    if (!oVar.b(u.d) && !oVar.b(u.f7326o) && !oVar.b(u.f7327p) && !oVar.b(u.u) && !oVar.b(u.f7325n) && !oVar.b(u.f7322k) && !oVar.b(u.f7321j) && !oVar.b(u.r) && !oVar.b(u.f7318g) && !oVar.b(u.f7316e)) {
                        if (!oVar.b(u.f7324m)) {
                            if (f2.a(oVar).h()) {
                                return true;
                            }
                        }
                    }
                }
                break loop0;
            }
        }
        return false;
    }

    @Override // java.security.cert.Certificate
    public String toString() {
        Object gVar;
        StringBuffer stringBuffer = new StringBuffer();
        String a = org.bouncycastle.util.o.a();
        stringBuffer.append("  [0]         Version: ");
        stringBuffer.append(getVersion());
        stringBuffer.append(a);
        stringBuffer.append("         SerialNumber: ");
        stringBuffer.append(getSerialNumber());
        stringBuffer.append(a);
        stringBuffer.append("             IssuerDN: ");
        stringBuffer.append(getIssuerDN());
        stringBuffer.append(a);
        stringBuffer.append("           Start Date: ");
        stringBuffer.append(getNotBefore());
        stringBuffer.append(a);
        stringBuffer.append("           Final Date: ");
        stringBuffer.append(getNotAfter());
        stringBuffer.append(a);
        stringBuffer.append("            SubjectDN: ");
        stringBuffer.append(getSubjectDN());
        stringBuffer.append(a);
        stringBuffer.append("           Public Key: ");
        stringBuffer.append(getPublicKey());
        stringBuffer.append(a);
        stringBuffer.append("  Signature Algorithm: ");
        stringBuffer.append(getSigAlgName());
        stringBuffer.append(a);
        X509SignatureUtil.prettyPrintSignature(getSignature(), stringBuffer, a);
        v f2 = this.c.n().f();
        if (f2 != null) {
            Enumeration e2 = f2.e();
            if (e2.hasMoreElements()) {
                stringBuffer.append("       Extensions: \n");
            }
            while (e2.hasMoreElements()) {
                o oVar = (o) e2.nextElement();
                u a2 = f2.a(oVar);
                if (a2.f() != null) {
                    k kVar = new k(a2.f().i());
                    stringBuffer.append("                       critical(");
                    stringBuffer.append(a2.h());
                    stringBuffer.append(") ");
                    try {
                    } catch (Exception unused) {
                        stringBuffer.append(oVar.i());
                        stringBuffer.append(" value = ");
                        stringBuffer.append("*****");
                    }
                    if (oVar.b(u.f7318g)) {
                        gVar = j.a(kVar.readObject());
                    } else if (oVar.b(u.d)) {
                        gVar = d0.a(kVar.readObject());
                    } else if (oVar.b(org.bouncycastle.asn1.s2.c.b)) {
                        gVar = new d(p0.a((Object) kVar.readObject()));
                    } else if (oVar.b(org.bouncycastle.asn1.s2.c.c)) {
                        gVar = new org.bouncycastle.asn1.s2.e(v0.a((Object) kVar.readObject()));
                    } else if (oVar.b(org.bouncycastle.asn1.s2.c.f7232e)) {
                        gVar = new org.bouncycastle.asn1.s2.g(v0.a((Object) kVar.readObject()));
                    } else {
                        stringBuffer.append(oVar.i());
                        stringBuffer.append(" value = ");
                        stringBuffer.append(org.bouncycastle.asn1.d3.a.a(kVar.readObject()));
                        stringBuffer.append(a);
                    }
                    stringBuffer.append(gVar);
                    stringBuffer.append(a);
                }
                stringBuffer.append(a);
            }
        }
        return stringBuffer.toString();
    }

    @Override // java.security.cert.Certificate
    public final void verify(PublicKey publicKey) throws CertificateException, NoSuchAlgorithmException, InvalidKeyException, NoSuchProviderException, SignatureException {
        doVerify(publicKey, new SignatureCreator() { // from class: org.bouncycastle.jcajce.provider.asymmetric.x509.X509CertificateImpl.1
            @Override // org.bouncycastle.jcajce.provider.asymmetric.x509.SignatureCreator
            public Signature createSignature(String str) throws NoSuchAlgorithmException {
                try {
                    return X509CertificateImpl.this.bcHelper.createSignature(str);
                } catch (Exception unused) {
                    return Signature.getInstance(str);
                }
            }
        });
    }

    @Override // java.security.cert.Certificate
    public final void verify(PublicKey publicKey, final String str) throws CertificateException, NoSuchAlgorithmException, InvalidKeyException, NoSuchProviderException, SignatureException {
        doVerify(publicKey, new SignatureCreator() { // from class: org.bouncycastle.jcajce.provider.asymmetric.x509.X509CertificateImpl.2
            @Override // org.bouncycastle.jcajce.provider.asymmetric.x509.SignatureCreator
            public Signature createSignature(String str2) throws NoSuchAlgorithmException, NoSuchProviderException {
                String str3 = str;
                return str3 != null ? Signature.getInstance(str2, str3) : Signature.getInstance(str2);
            }
        });
    }

    /* JADX WARN: Unreachable blocks removed: 1, instructions: 1 */
    @Override // java.security.cert.X509Certificate, java.security.cert.Certificate
    public final void verify(PublicKey publicKey, final Provider provider) throws CertificateException, NoSuchAlgorithmException, InvalidKeyException, SignatureException {
        try {
            doVerify(publicKey, new SignatureCreator() { // from class: org.bouncycastle.jcajce.provider.asymmetric.x509.X509CertificateImpl.3
                @Override // org.bouncycastle.jcajce.provider.asymmetric.x509.SignatureCreator
                public Signature createSignature(String str) throws NoSuchAlgorithmException {
                    Provider provider2 = provider;
                    return provider2 != null ? Signature.getInstance(str, provider2) : Signature.getInstance(str);
                }
            });
        } catch (NoSuchProviderException e2) {
            throw new NoSuchAlgorithmException("provider issue: " + e2.getMessage());
        }
    }
}
