package org.bouncycastle.jcajce.provider.asymmetric.x509;

import defpackage.av;
import defpackage.e1;
import defpackage.esb;
import defpackage.f77;
import defpackage.fa3;
import defpackage.fv0;
import defpackage.hc0;
import defpackage.im1;
import defpackage.j1;
import defpackage.j9b;
import defpackage.la3;
import defpackage.m7b;
import defpackage.n1;
import defpackage.n26;
import defpackage.o1;
import defpackage.o6a;
import defpackage.oga;
import defpackage.p22;
import defpackage.pj;
import defpackage.r1;
import defpackage.s1;
import defpackage.sw9;
import defpackage.tl7;
import defpackage.u30;
import defpackage.ul7;
import defpackage.usb;
import defpackage.v22;
import defpackage.vp;
import defpackage.vr8;
import defpackage.w22;
import defpackage.xm4;
import defpackage.y1;
import defpackage.ye;
import defpackage.zn8;
import defpackage.zw5;
import java.io.BufferedOutputStream;
import java.io.IOException;
import java.math.BigInteger;
import java.net.InetAddress;
import java.net.UnknownHostException;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.Principal;
import java.security.Provider;
import java.security.PublicKey;
import java.security.Signature;
import java.security.SignatureException;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateExpiredException;
import java.security.cert.CertificateNotYetValidException;
import java.security.cert.CertificateParsingException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Collections;
import java.util.Date;
import java.util.Enumeration;
import java.util.HashSet;
import java.util.List;
import java.util.Set;
import javax.security.auth.x500.X500Principal;
import org.bouncycastle.jce.provider.BouncyCastleProvider;

/* loaded from: classes9.dex */
abstract class X509CertificateImpl extends X509Certificate implements u30 {
    public hc0 basicConstraints;
    public zw5 bcHelper;
    public fv0 c;
    public boolean[] keyUsage;
    public String sigAlgName;
    public byte[] sigAlgParams;

    public X509CertificateImpl(zw5 zw5Var, fv0 fv0Var, hc0 hc0Var, boolean[] zArr, String str, byte[] bArr) {
        this.bcHelper = zw5Var;
        this.c = fv0Var;
        this.basicConstraints = hc0Var;
        this.keyUsage = zArr;
        this.sigAlgName = str;
        this.sigAlgParams = bArr;
    }

    private void checkSignature(PublicKey publicKey, Signature signature, e1 e1Var, byte[] bArr) throws CertificateException, NoSuchAlgorithmException, SignatureException, InvalidKeyException {
        fv0 fv0Var = this.c;
        if (!isAlgIdEqual(fv0Var.f11063d, fv0Var.c.e)) {
            throw new CertificateException("signature algorithm in TBS cert not same as outer cert");
        }
        X509SignatureUtil.setSignatureParameters(signature, e1Var);
        signature.initVerify(publicKey);
        try {
            BufferedOutputStream bufferedOutputStream = new BufferedOutputStream(new sw9(signature), 512);
            this.c.c.b(bufferedOutputStream, "DER");
            bufferedOutputStream.close();
            if (!signature.verify(bArr)) {
                throw new SignatureException("certificate does not verify with supplied key");
            }
        } catch (IOException e) {
            throw new CertificateEncodingException(e.toString());
        }
    }

    private void doVerify(PublicKey publicKey, SignatureCreator signatureCreator) throws CertificateException, NoSuchAlgorithmException, InvalidKeyException, SignatureException, NoSuchProviderException {
        boolean z = publicKey instanceof im1;
        int i = 0;
        if (z && X509SignatureUtil.isCompositeAlgorithm(this.c.f11063d)) {
            List<PublicKey> list = ((im1) publicKey).b;
            s1 s = s1.s(this.c.f11063d.c);
            s1 s2 = s1.s(p22.u(this.c.e).r());
            boolean z2 = false;
            while (i != list.size()) {
                if (list.get(i) != null) {
                    pj d2 = pj.d(s.t(i));
                    try {
                        checkSignature(list.get(i), signatureCreator.createSignature(X509SignatureUtil.getSignatureName(d2)), d2.c, p22.u(s2.t(i)).r());
                        e = null;
                        z2 = true;
                    } catch (SignatureException e) {
                        e = e;
                    }
                    if (e != null) {
                        throw e;
                    }
                }
                i++;
            }
            if (!z2) {
                throw new InvalidKeyException("no matching key found");
            }
            return;
        }
        if (!X509SignatureUtil.isCompositeAlgorithm(this.c.f11063d)) {
            Signature createSignature = signatureCreator.createSignature(X509SignatureUtil.getSignatureName(this.c.f11063d));
            if (!z) {
                checkSignature(publicKey, createSignature, this.c.f11063d.c, getSignature());
                return;
            }
            List<PublicKey> list2 = ((im1) publicKey).b;
            while (i != list2.size()) {
                try {
                    checkSignature(list2.get(i), createSignature, this.c.f11063d.c, getSignature());
                    return;
                } catch (InvalidKeyException unused) {
                    i++;
                }
            }
            throw new InvalidKeyException("no matching signature found");
        }
        s1 s3 = s1.s(this.c.f11063d.c);
        s1 s4 = s1.s(p22.u(this.c.e).r());
        boolean z3 = false;
        while (i != s4.size()) {
            pj d3 = pj.d(s3.t(i));
            try {
                checkSignature(publicKey, signatureCreator.createSignature(X509SignatureUtil.getSignatureName(d3)), d3.c, p22.u(s4.t(i)).r());
                e = null;
                z3 = true;
            } catch (InvalidKeyException | NoSuchAlgorithmException unused2) {
                e = null;
            } catch (SignatureException e2) {
                e = e2;
            }
            if (e != null) {
                throw e;
            }
            i++;
        }
        if (!z3) {
            throw new InvalidKeyException("no matching key found");
        }
    }

    /* JADX WARN: Failed to find 'out' block for switch in B:10:0x0033. Please report as an issue. */
    private static Collection getAlternativeNames(fv0 fv0Var, String str) throws CertificateParsingException {
        String j;
        byte[] extensionOctets = getExtensionOctets(fv0Var, str);
        if (extensionOctets == null) {
            return null;
        }
        try {
            ArrayList arrayList = new ArrayList();
            Enumeration u = s1.s(extensionOctets).u();
            while (u.hasMoreElements()) {
                xm4 h = xm4.h(u.nextElement());
                ArrayList arrayList2 = new ArrayList();
                arrayList2.add(Integer.valueOf(h.c));
                switch (h.c) {
                    case 0:
                    case 3:
                    case 5:
                        arrayList2.add(h.getEncoded());
                        arrayList.add(Collections.unmodifiableList(arrayList2));
                    case 1:
                    case 2:
                    case 6:
                        j = ((y1) h.b).j();
                        arrayList2.add(j);
                        arrayList.add(Collections.unmodifiableList(arrayList2));
                    case 4:
                        j = esb.d(vr8.p, h.b).toString();
                        arrayList2.add(j);
                        arrayList.add(Collections.unmodifiableList(arrayList2));
                    case 7:
                        try {
                            j = InetAddress.getByAddress(o1.s(h.b).b).getHostAddress();
                            arrayList2.add(j);
                            arrayList.add(Collections.unmodifiableList(arrayList2));
                        } catch (UnknownHostException unused) {
                        }
                    case 8:
                        j = n1.u(h.b).b;
                        arrayList2.add(j);
                        arrayList.add(Collections.unmodifiableList(arrayList2));
                    default:
                        throw new IOException("Bad tag number: " + h.c);
                }
            }
            if (arrayList.size() == 0) {
                return null;
            }
            return Collections.unmodifiableCollection(arrayList);
        } catch (Exception e) {
            throw new CertificateParsingException(e.getMessage());
        }
    }

    public static byte[] getExtensionOctets(fv0 fv0Var, String str) {
        o1 extensionValue = getExtensionValue(fv0Var, str);
        if (extensionValue != null) {
            return extensionValue.b;
        }
        return null;
    }

    public static o1 getExtensionValue(fv0 fv0Var, String str) {
        la3 la3Var = fv0Var.c.m;
        if (la3Var == null) {
            return null;
        }
        fa3 fa3Var = (fa3) la3Var.b.get(new n1(str));
        if (fa3Var != null) {
            return fa3Var.f10832d;
        }
        return null;
    }

    private boolean isAlgIdEqual(pj pjVar, pj pjVar2) {
        if (!pjVar.b.m(pjVar2.b)) {
            return false;
        }
        if (zn8.b("org.bouncycastle.x509.allow_absent_equiv_NULL")) {
            e1 e1Var = pjVar.c;
            if (e1Var == null) {
                e1 e1Var2 = pjVar2.c;
                return e1Var2 == null || e1Var2.equals(w22.b);
            }
            if (pjVar2.c == null) {
                return e1Var == null || e1Var.equals(w22.b);
            }
        }
        e1 e1Var3 = pjVar.c;
        if (e1Var3 != null) {
            return e1Var3.equals(pjVar2.c);
        }
        e1 e1Var4 = pjVar2.c;
        if (e1Var4 != null) {
            return e1Var4.equals(e1Var3);
        }
        return true;
    }

    @Override // java.security.cert.X509Certificate
    public void checkValidity() throws CertificateExpiredException, CertificateNotYetValidException {
        checkValidity(new Date());
    }

    @Override // java.security.cert.X509Certificate
    public void checkValidity(Date date) throws CertificateExpiredException, CertificateNotYetValidException {
        if (date.getTime() > getNotAfter().getTime()) {
            StringBuilder d2 = ye.d("certificate expired on ");
            d2.append(this.c.c.h.m());
            throw new CertificateExpiredException(d2.toString());
        }
        if (date.getTime() >= getNotBefore().getTime()) {
            return;
        }
        StringBuilder d3 = ye.d("certificate not valid till ");
        d3.append(this.c.c.g.m());
        throw new CertificateNotYetValidException(d3.toString());
    }

    @Override // java.security.cert.X509Certificate
    public int getBasicConstraints() {
        hc0 hc0Var = this.basicConstraints;
        if (hc0Var == null || !hc0Var.l()) {
            return -1;
        }
        if (this.basicConstraints.k() == null) {
            return Integer.MAX_VALUE;
        }
        return this.basicConstraints.k().intValue();
    }

    @Override // java.security.cert.X509Extension
    public Set getCriticalExtensionOIDs() {
        if (getVersion() != 3) {
            return null;
        }
        HashSet hashSet = new HashSet();
        la3 la3Var = this.c.c.m;
        if (la3Var == null) {
            return null;
        }
        Enumeration k = la3Var.k();
        while (k.hasMoreElements()) {
            n1 n1Var = (n1) k.nextElement();
            if (la3Var.d(n1Var).c) {
                hashSet.add(n1Var.b);
            }
        }
        return hashSet;
    }

    @Override // java.security.cert.Certificate
    public byte[] getEncoded() throws CertificateEncodingException {
        try {
            return this.c.c("DER");
        } catch (IOException e) {
            throw new CertificateEncodingException(e.toString());
        }
    }

    @Override // java.security.cert.X509Certificate
    public List getExtendedKeyUsage() throws CertificateParsingException {
        byte[] extensionOctets = getExtensionOctets(this.c, "2.5.29.37");
        if (extensionOctets == null) {
            return null;
        }
        try {
            s1 s = s1.s(r1.n(extensionOctets));
            ArrayList arrayList = new ArrayList();
            for (int i = 0; i != s.size(); i++) {
                arrayList.add(((n1) s.t(i)).b);
            }
            return Collections.unmodifiableList(arrayList);
        } catch (Exception unused) {
            throw new CertificateParsingException("error processing extended key usage extension");
        }
    }

    @Override // java.security.cert.X509Extension
    public byte[] getExtensionValue(String str) {
        o1 extensionValue = getExtensionValue(this.c, str);
        if (extensionValue == null) {
            return null;
        }
        try {
            return extensionValue.getEncoded();
        } catch (Exception e) {
            throw new IllegalStateException(vp.e(e, ye.d("error parsing ")));
        }
    }

    @Override // java.security.cert.X509Certificate
    public Collection getIssuerAlternativeNames() throws CertificateParsingException {
        return getAlternativeNames(this.c, fa3.g.b);
    }

    @Override // java.security.cert.X509Certificate
    public Principal getIssuerDN() {
        return new usb(this.c.c.f);
    }

    @Override // java.security.cert.X509Certificate
    public boolean[] getIssuerUniqueID() {
        p22 p22Var = this.c.c.k;
        if (p22Var == null) {
            return null;
        }
        byte[] r = p22Var.r();
        int length = (r.length * 8) - p22Var.c;
        boolean[] zArr = new boolean[length];
        for (int i = 0; i != length; i++) {
            zArr[i] = (r[i / 8] & (128 >>> (i % 8))) != 0;
        }
        return zArr;
    }

    @Override // defpackage.u30
    public esb getIssuerX500Name() {
        return this.c.c.f;
    }

    @Override // java.security.cert.X509Certificate
    public X500Principal getIssuerX500Principal() {
        try {
            return new X500Principal(this.c.c.f.c("DER"));
        } catch (IOException unused) {
            throw new IllegalStateException("can't encode issuer DN");
        }
    }

    @Override // java.security.cert.X509Certificate
    public boolean[] getKeyUsage() {
        boolean[] zArr = this.keyUsage;
        if (zArr == null) {
            return null;
        }
        return (boolean[]) zArr.clone();
    }

    @Override // java.security.cert.X509Extension
    public Set getNonCriticalExtensionOIDs() {
        if (getVersion() != 3) {
            return null;
        }
        HashSet hashSet = new HashSet();
        la3 la3Var = this.c.c.m;
        if (la3Var == null) {
            return null;
        }
        Enumeration k = la3Var.k();
        while (k.hasMoreElements()) {
            n1 n1Var = (n1) k.nextElement();
            if (!la3Var.d(n1Var).c) {
                hashSet.add(n1Var.b);
            }
        }
        return hashSet;
    }

    @Override // java.security.cert.X509Certificate
    public Date getNotAfter() {
        return this.c.c.h.k();
    }

    @Override // java.security.cert.X509Certificate
    public Date getNotBefore() {
        return this.c.c.g.k();
    }

    @Override // java.security.cert.Certificate
    public PublicKey getPublicKey() {
        try {
            return BouncyCastleProvider.getPublicKey(this.c.c.j);
        } catch (IOException unused) {
            return null;
        }
    }

    @Override // java.security.cert.X509Certificate
    public BigInteger getSerialNumber() {
        return this.c.c.f14672d.u();
    }

    @Override // java.security.cert.X509Certificate
    public String getSigAlgName() {
        return this.sigAlgName;
    }

    @Override // java.security.cert.X509Certificate
    public String getSigAlgOID() {
        return this.c.f11063d.b.b;
    }

    @Override // java.security.cert.X509Certificate
    public byte[] getSigAlgParams() {
        return av.c(this.sigAlgParams);
    }

    @Override // java.security.cert.X509Certificate
    public byte[] getSignature() {
        return this.c.e.s();
    }

    @Override // java.security.cert.X509Certificate
    public Collection getSubjectAlternativeNames() throws CertificateParsingException {
        return getAlternativeNames(this.c, fa3.f.b);
    }

    @Override // java.security.cert.X509Certificate
    public Principal getSubjectDN() {
        return new usb(this.c.c.i);
    }

    @Override // java.security.cert.X509Certificate
    public boolean[] getSubjectUniqueID() {
        p22 p22Var = this.c.c.l;
        if (p22Var == null) {
            return null;
        }
        byte[] r = p22Var.r();
        int length = (r.length * 8) - p22Var.c;
        boolean[] zArr = new boolean[length];
        for (int i = 0; i != length; i++) {
            zArr[i] = (r[i / 8] & (128 >>> (i % 8))) != 0;
        }
        return zArr;
    }

    @Override // defpackage.u30
    public esb getSubjectX500Name() {
        return this.c.c.i;
    }

    @Override // java.security.cert.X509Certificate
    public X500Principal getSubjectX500Principal() {
        try {
            return new X500Principal(this.c.c.i.c("DER"));
        } catch (IOException unused) {
            throw new IllegalStateException("can't encode subject DN");
        }
    }

    @Override // java.security.cert.X509Certificate
    public byte[] getTBSCertificate() throws CertificateEncodingException {
        try {
            return this.c.c.c("DER");
        } catch (IOException e) {
            throw new CertificateEncodingException(e.toString());
        }
    }

    @Override // defpackage.u30
    public oga getTBSCertificateNative() {
        return this.c.c;
    }

    @Override // java.security.cert.X509Certificate
    public int getVersion() {
        return this.c.c.c.D() + 1;
    }

    @Override // java.security.cert.X509Extension
    public boolean hasUnsupportedCriticalExtension() {
        la3 la3Var;
        if (getVersion() != 3 || (la3Var = this.c.c.m) == null) {
            return false;
        }
        Enumeration k = la3Var.k();
        while (k.hasMoreElements()) {
            n1 n1Var = (n1) k.nextElement();
            if (!n1Var.m(fa3.e) && !n1Var.m(fa3.p) && !n1Var.m(fa3.q) && !n1Var.m(fa3.v) && !n1Var.m(fa3.o) && !n1Var.m(fa3.l) && !n1Var.m(fa3.k) && !n1Var.m(fa3.s) && !n1Var.m(fa3.h) && !n1Var.m(fa3.f) && !n1Var.m(fa3.n) && ((fa3) la3Var.b.get(n1Var)).c) {
                return true;
            }
        }
        return false;
    }

    @Override // java.security.cert.Certificate
    public String toString() {
        Object j9bVar;
        StringBuffer stringBuffer = new StringBuffer();
        String str = o6a.f14556a;
        stringBuffer.append("  [0]         Version: ");
        stringBuffer.append(getVersion());
        stringBuffer.append(str);
        stringBuffer.append("         SerialNumber: ");
        stringBuffer.append(getSerialNumber());
        stringBuffer.append(str);
        stringBuffer.append("             IssuerDN: ");
        stringBuffer.append(getIssuerDN());
        stringBuffer.append(str);
        stringBuffer.append("           Start Date: ");
        stringBuffer.append(getNotBefore());
        stringBuffer.append(str);
        stringBuffer.append("           Final Date: ");
        stringBuffer.append(getNotAfter());
        stringBuffer.append(str);
        stringBuffer.append("            SubjectDN: ");
        stringBuffer.append(getSubjectDN());
        stringBuffer.append(str);
        stringBuffer.append("           Public Key: ");
        stringBuffer.append(getPublicKey());
        stringBuffer.append(str);
        stringBuffer.append("  Signature Algorithm: ");
        stringBuffer.append(getSigAlgName());
        stringBuffer.append(str);
        X509SignatureUtil.prettyPrintSignature(getSignature(), stringBuffer, str);
        la3 la3Var = this.c.c.m;
        if (la3Var != null) {
            Enumeration k = la3Var.k();
            if (k.hasMoreElements()) {
                stringBuffer.append("       Extensions: \n");
            }
            while (k.hasMoreElements()) {
                n1 n1Var = (n1) k.nextElement();
                fa3 d2 = la3Var.d(n1Var);
                o1 o1Var = d2.f10832d;
                if (o1Var != null) {
                    j1 j1Var = new j1(o1Var.b);
                    stringBuffer.append("                       critical(");
                    stringBuffer.append(d2.c);
                    stringBuffer.append(") ");
                    try {
                    } catch (Exception unused) {
                        stringBuffer.append(n1Var.b);
                        stringBuffer.append(" value = ");
                        stringBuffer.append("*****");
                    }
                    if (n1Var.m(fa3.h)) {
                        j9bVar = hc0.d(j1Var.t());
                    } else if (n1Var.m(fa3.e)) {
                        j9bVar = n26.d(j1Var.t());
                    } else if (n1Var.m(f77.f10807a)) {
                        j9bVar = new tl7(p22.u(j1Var.t()));
                    } else if (n1Var.m(f77.b)) {
                        j9bVar = new ul7(v22.r(j1Var.t()));
                    } else if (n1Var.m(f77.c)) {
                        j9bVar = new j9b(v22.r(j1Var.t()));
                    } else {
                        stringBuffer.append(n1Var.b);
                        stringBuffer.append(" value = ");
                        stringBuffer.append(m7b.r(j1Var.t()));
                        stringBuffer.append(str);
                    }
                    stringBuffer.append(j9bVar);
                    stringBuffer.append(str);
                }
                stringBuffer.append(str);
            }
        }
        return stringBuffer.toString();
    }

    @Override // java.security.cert.Certificate
    public final void verify(PublicKey publicKey) throws CertificateException, NoSuchAlgorithmException, InvalidKeyException, NoSuchProviderException, SignatureException {
        doVerify(publicKey, new SignatureCreator() { // from class: org.bouncycastle.jcajce.provider.asymmetric.x509.X509CertificateImpl.1
            @Override // org.bouncycastle.jcajce.provider.asymmetric.x509.SignatureCreator
            public Signature createSignature(String str) throws NoSuchAlgorithmException {
                try {
                    return X509CertificateImpl.this.bcHelper.createSignature(str);
                } catch (Exception unused) {
                    return Signature.getInstance(str);
                }
            }
        });
    }

    @Override // java.security.cert.Certificate
    public final void verify(PublicKey publicKey, final String str) throws CertificateException, NoSuchAlgorithmException, InvalidKeyException, NoSuchProviderException, SignatureException {
        doVerify(publicKey, new SignatureCreator() { // from class: org.bouncycastle.jcajce.provider.asymmetric.x509.X509CertificateImpl.2
            @Override // org.bouncycastle.jcajce.provider.asymmetric.x509.SignatureCreator
            public Signature createSignature(String str2) throws NoSuchAlgorithmException, NoSuchProviderException {
                String str3 = str;
                return str3 != null ? Signature.getInstance(str2, str3) : Signature.getInstance(str2);
            }
        });
    }

    @Override // java.security.cert.X509Certificate, java.security.cert.Certificate
    public final void verify(PublicKey publicKey, final Provider provider) throws CertificateException, NoSuchAlgorithmException, InvalidKeyException, SignatureException {
        try {
            doVerify(publicKey, new SignatureCreator() { // from class: org.bouncycastle.jcajce.provider.asymmetric.x509.X509CertificateImpl.3
                @Override // org.bouncycastle.jcajce.provider.asymmetric.x509.SignatureCreator
                public Signature createSignature(String str) throws NoSuchAlgorithmException {
                    Provider provider2 = provider;
                    return provider2 != null ? Signature.getInstance(str, provider2) : Signature.getInstance(str);
                }
            });
        } catch (NoSuchProviderException e) {
            StringBuilder d2 = ye.d("provider issue: ");
            d2.append(e.getMessage());
            throw new NoSuchAlgorithmException(d2.toString());
        }
    }
}
