package org.bouncycastle.jcajce.provider.asymmetric.x509;

import com.google.android.material.datepicker.f;
import hh.g;
import hh.h;
import hh.l;
import hh.m;
import hh.n;
import java.io.BufferedOutputStream;
import java.io.IOException;
import java.io.OutputStream;
import java.math.BigInteger;
import java.net.InetAddress;
import java.net.UnknownHostException;
import java.security.AlgorithmParameters;
import java.security.GeneralSecurityException;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.Principal;
import java.security.Provider;
import java.security.PublicKey;
import java.security.Signature;
import java.security.SignatureException;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateExpiredException;
import java.security.cert.CertificateNotYetValidException;
import java.security.cert.CertificateParsingException;
import java.security.cert.X509Certificate;
import java.security.spec.PSSParameterSpec;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Collections;
import java.util.Date;
import java.util.Enumeration;
import java.util.HashMap;
import java.util.HashSet;
import java.util.List;
import java.util.Set;
import javax.security.auth.x500.X500Principal;
import ng.a1;
import ng.b0;
import ng.b1;
import ng.r;
import ng.s;
import ng.u;
import ng.u0;
import ng.y;
import org.bouncycastle.jcajce.CompositePublicKey;
import org.bouncycastle.jce.provider.BouncyCastleProvider;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: classes3.dex */
public abstract class X509CertificateImpl extends X509Certificate {
    protected g basicConstraints;
    protected org.bouncycastle.jcajce.util.b bcHelper;
    protected h c;
    protected boolean[] keyUsage;
    protected String sigAlgName;
    protected byte[] sigAlgParams;

    public X509CertificateImpl(org.bouncycastle.jcajce.util.b bVar, h hVar, g gVar, boolean[] zArr, String str, byte[] bArr) {
        this.bcHelper = bVar;
        this.c = hVar;
        this.basicConstraints = gVar;
        this.keyUsage = zArr;
        this.sigAlgName = str;
        this.sigAlgParams = bArr;
    }

    /* JADX WARN: Type inference failed for: r5v2, types: [java.io.OutputStream, qh.a] */
    private void checkSignature(PublicKey publicKey, Signature signature, ng.g gVar, byte[] bArr) {
        h hVar = this.c;
        if (!isAlgIdEqual(hVar.c, hVar.b.f6557d)) {
            throw new CertificateException("signature algorithm in TBS cert not same as outer cert");
        }
        if (gVar == null) {
            HashMap hashMap = e.f9871a;
        } else if (!e.b.i(gVar)) {
            AlgorithmParameters algorithmParameters = AlgorithmParameters.getInstance(signature.getAlgorithm(), signature.getProvider());
            try {
                algorithmParameters.init(gVar.toASN1Primitive().getEncoded());
                if (signature.getAlgorithm().endsWith("MGF1")) {
                    try {
                        signature.setParameter(algorithmParameters.getParameterSpec(PSSParameterSpec.class));
                    } catch (GeneralSecurityException e10) {
                        throw new SignatureException(kotlin.collections.a.n(e10, new StringBuilder("Exception extracting parameters: ")));
                    }
                }
            } catch (IOException e11) {
                throw new SignatureException(f.f(e11, new StringBuilder("IOException decoding parameters: ")));
            }
        }
        signature.initVerify(publicKey);
        try {
            ?? outputStream = new OutputStream();
            outputStream.f10900a = signature;
            BufferedOutputStream bufferedOutputStream = new BufferedOutputStream(outputStream, 512);
            this.c.b.toASN1Primitive().g(bufferedOutputStream);
            bufferedOutputStream.close();
            if (!signature.verify(bArr)) {
                throw new SignatureException("certificate does not verify with supplied key");
            }
        } catch (IOException e12) {
            throw new CertificateEncodingException(e12.toString());
        }
    }

    private void doVerify(PublicKey publicKey, b bVar) {
        boolean z10 = publicKey instanceof CompositePublicKey;
        int i10 = 0;
        if (z10) {
            hh.a aVar = this.c.c;
            HashMap hashMap = e.f9871a;
            if (xg.a.f12287d.j(aVar.f6489a)) {
                List<PublicKey> publicKeys = ((CompositePublicKey) publicKey).getPublicKeys();
                y p10 = y.p(this.c.c.b);
                y p11 = y.p(u0.r(this.c.f6512d).o());
                boolean z11 = false;
                while (i10 != publicKeys.size()) {
                    if (publicKeys.get(i10) != null) {
                        hh.a d10 = hh.a.d(p10.q(i10));
                        try {
                            checkSignature(publicKeys.get(i10), bVar.createSignature(e.b(d10)), d10.b, u0.r(p11.q(i10)).o());
                            e = null;
                            z11 = true;
                        } catch (SignatureException e10) {
                            e = e10;
                        }
                        if (e != null) {
                            throw e;
                        }
                    }
                    i10++;
                }
                if (!z11) {
                    throw new InvalidKeyException("no matching key found");
                }
                return;
            }
        }
        hh.a aVar2 = this.c.c;
        HashMap hashMap2 = e.f9871a;
        if (!xg.a.f12287d.j(aVar2.f6489a)) {
            Signature createSignature = bVar.createSignature(e.b(this.c.c));
            if (!z10) {
                checkSignature(publicKey, createSignature, this.c.c.b, getSignature());
                return;
            }
            List<PublicKey> publicKeys2 = ((CompositePublicKey) publicKey).getPublicKeys();
            while (i10 != publicKeys2.size()) {
                try {
                    checkSignature(publicKeys2.get(i10), createSignature, this.c.c.b, getSignature());
                    return;
                } catch (InvalidKeyException unused) {
                    i10++;
                }
            }
            throw new InvalidKeyException("no matching signature found");
        }
        y p12 = y.p(this.c.c.b);
        y p13 = y.p(u0.r(this.c.f6512d).o());
        boolean z12 = false;
        while (i10 != p13.size()) {
            hh.a d11 = hh.a.d(p12.q(i10));
            try {
                checkSignature(publicKey, bVar.createSignature(e.b(d11)), d11.b, u0.r(p13.q(i10)).o());
                e = null;
                z12 = true;
            } catch (InvalidKeyException | NoSuchAlgorithmException unused2) {
                e = null;
            } catch (SignatureException e11) {
                e = e11;
            }
            if (e != null) {
                throw e;
            }
            i10++;
        }
        if (!z12) {
            throw new InvalidKeyException("no matching key found");
        }
    }

    /* JADX WARN: Failed to find 'out' block for switch in B:11:0x0035. Please report as an issue. */
    private static Collection getAlternativeNames(h hVar, String str) {
        String string;
        byte[] extensionOctets = getExtensionOctets(hVar, str);
        if (extensionOctets == null) {
            return null;
        }
        try {
            ArrayList arrayList = new ArrayList();
            Enumeration r10 = y.p(extensionOctets).r();
            while (r10.hasMoreElements()) {
                n d10 = n.d(r10.nextElement());
                ArrayList arrayList2 = new ArrayList();
                arrayList2.add(Integer.valueOf(d10.b));
                int i10 = d10.b;
                ng.g gVar = d10.f6536a;
                switch (i10) {
                    case 0:
                    case 3:
                    case 5:
                        arrayList2.add(d10.getEncoded());
                        arrayList.add(Collections.unmodifiableList(arrayList2));
                    case 1:
                    case 2:
                    case 6:
                        string = ((b0) gVar).getString();
                        arrayList2.add(string);
                        arrayList.add(Collections.unmodifiableList(arrayList2));
                    case 4:
                        fh.c d11 = fh.c.d(gh.b.f6299j, gVar);
                        string = d11.c.y(d11);
                        arrayList2.add(string);
                        arrayList.add(Collections.unmodifiableList(arrayList2));
                    case 7:
                        try {
                            string = InetAddress.getByAddress(s.n(gVar).f9195a).getHostAddress();
                            arrayList2.add(string);
                            arrayList.add(Collections.unmodifiableList(arrayList2));
                        } catch (UnknownHostException unused) {
                        }
                    case 8:
                        string = r.q(gVar).f9189a;
                        arrayList2.add(string);
                        arrayList.add(Collections.unmodifiableList(arrayList2));
                    default:
                        throw new IOException("Bad tag number: " + i10);
                }
            }
            if (arrayList.size() == 0) {
                return null;
            }
            return Collections.unmodifiableCollection(arrayList);
        } catch (Exception e10) {
            throw new CertificateParsingException(e10.getMessage());
        }
    }

    public static byte[] getExtensionOctets(h hVar, String str) {
        s extensionValue = getExtensionValue(hVar, str);
        if (extensionValue != null) {
            return extensionValue.f9195a;
        }
        return null;
    }

    public static s getExtensionValue(h hVar, String str) {
        l d10;
        m mVar = hVar.b.f6565m;
        if (mVar == null || (d10 = mVar.d(new r(str))) == null) {
            return null;
        }
        return d10.c;
    }

    private boolean isAlgIdEqual(hh.a aVar, hh.a aVar2) {
        if (!aVar.f6489a.j(aVar2.f6489a)) {
            return false;
        }
        boolean b = org.bouncycastle.util.f.b("org.bouncycastle.x509.allow_absent_equiv_NULL");
        ng.g gVar = aVar.b;
        ng.g gVar2 = aVar2.b;
        if (b) {
            if (gVar == null) {
                return gVar2 == null || gVar2.equals(b1.b);
            }
            if (gVar2 == null) {
                return gVar == null || gVar.equals(b1.b);
            }
        }
        if (gVar != null) {
            return gVar.equals(gVar2);
        }
        if (gVar2 != null) {
            return gVar2.equals(gVar);
        }
        return true;
    }

    @Override // java.security.cert.X509Certificate
    public void checkValidity() {
        checkValidity(new Date());
    }

    @Override // java.security.cert.X509Certificate
    public void checkValidity(Date date) {
        if (date.getTime() > getNotAfter().getTime()) {
            throw new CertificateExpiredException("certificate expired on " + this.c.b.f6560g.f());
        }
        if (date.getTime() >= getNotBefore().getTime()) {
            return;
        }
        throw new CertificateNotYetValidException("certificate not valid till " + this.c.b.f6559f.f());
    }

    @Override // java.security.cert.X509Certificate
    public int getBasicConstraints() {
        g gVar = this.basicConstraints;
        if (gVar == null || !gVar.e()) {
            return -1;
        }
        ng.m mVar = this.basicConstraints.b;
        if ((mVar != null ? mVar.p() : null) == null) {
            return Integer.MAX_VALUE;
        }
        ng.m mVar2 = this.basicConstraints.b;
        return (mVar2 != null ? mVar2.p() : null).intValue();
    }

    @Override // java.security.cert.X509Extension
    public Set getCriticalExtensionOIDs() {
        if (getVersion() != 3) {
            return null;
        }
        HashSet hashSet = new HashSet();
        m mVar = this.c.b.f6565m;
        if (mVar == null) {
            return null;
        }
        Enumeration elements = mVar.b.elements();
        while (elements.hasMoreElements()) {
            r rVar = (r) elements.nextElement();
            if (mVar.d(rVar).b) {
                hashSet.add(rVar.f9189a);
            }
        }
        return hashSet;
    }

    @Override // java.security.cert.X509Certificate
    public List getExtendedKeyUsage() {
        byte[] extensionOctets = getExtensionOctets(this.c, "2.5.29.37");
        if (extensionOctets == null) {
            return null;
        }
        try {
            y p10 = y.p(u.k(extensionOctets));
            ArrayList arrayList = new ArrayList();
            for (int i10 = 0; i10 != p10.size(); i10++) {
                arrayList.add(((r) p10.q(i10)).f9189a);
            }
            return Collections.unmodifiableList(arrayList);
        } catch (Exception unused) {
            throw new CertificateParsingException("error processing extended key usage extension");
        }
    }

    @Override // java.security.cert.X509Extension
    public byte[] getExtensionValue(String str) {
        s extensionValue = getExtensionValue(this.c, str);
        if (extensionValue == null) {
            return null;
        }
        try {
            return extensionValue.getEncoded();
        } catch (Exception e10) {
            throw new IllegalStateException(kotlin.collections.a.i(e10, new StringBuilder("error parsing ")));
        }
    }

    @Override // java.security.cert.X509Certificate
    public Collection getIssuerAlternativeNames() {
        return getAlternativeNames(this.c, l.f6520f.f9189a);
    }

    @Override // java.security.cert.X509Certificate
    public Principal getIssuerDN() {
        return new org.bouncycastle.jce.a(this.c.b.f6558e);
    }

    @Override // java.security.cert.X509Certificate
    public boolean[] getIssuerUniqueID() {
        u0 u0Var = this.c.b.f6563k;
        if (u0Var == null) {
            return null;
        }
        byte[] o10 = u0Var.o();
        int length = (o10.length * 8) - u0Var.b();
        boolean[] zArr = new boolean[length];
        for (int i10 = 0; i10 != length; i10++) {
            zArr[i10] = (o10[i10 / 8] & (128 >>> (i10 % 8))) != 0;
        }
        return zArr;
    }

    public fh.c getIssuerX500Name() {
        return this.c.b.f6558e;
    }

    @Override // java.security.cert.X509Certificate
    public X500Principal getIssuerX500Principal() {
        try {
            return new X500Principal(this.c.b.f6558e.c());
        } catch (IOException unused) {
            throw new IllegalStateException("can't encode issuer DN");
        }
    }

    @Override // java.security.cert.X509Certificate
    public boolean[] getKeyUsage() {
        boolean[] zArr = this.keyUsage;
        if (zArr == null) {
            return null;
        }
        return (boolean[]) zArr.clone();
    }

    @Override // java.security.cert.X509Extension
    public Set getNonCriticalExtensionOIDs() {
        if (getVersion() != 3) {
            return null;
        }
        HashSet hashSet = new HashSet();
        m mVar = this.c.b.f6565m;
        if (mVar == null) {
            return null;
        }
        Enumeration elements = mVar.b.elements();
        while (elements.hasMoreElements()) {
            r rVar = (r) elements.nextElement();
            if (!mVar.d(rVar).b) {
                hashSet.add(rVar.f9189a);
            }
        }
        return hashSet;
    }

    @Override // java.security.cert.X509Certificate
    public Date getNotAfter() {
        return this.c.b.f6560g.d();
    }

    @Override // java.security.cert.X509Certificate
    public Date getNotBefore() {
        return this.c.b.f6559f.d();
    }

    @Override // java.security.cert.Certificate
    public PublicKey getPublicKey() {
        try {
            return BouncyCastleProvider.getPublicKey(this.c.b.f6562j);
        } catch (IOException unused) {
            return null;
        }
    }

    @Override // java.security.cert.X509Certificate
    public BigInteger getSerialNumber() {
        return this.c.b.c.p();
    }

    @Override // java.security.cert.X509Certificate
    public String getSigAlgName() {
        return this.sigAlgName;
    }

    @Override // java.security.cert.X509Certificate
    public String getSigAlgOID() {
        return this.c.c.f6489a.f9189a;
    }

    @Override // java.security.cert.X509Certificate
    public byte[] getSigAlgParams() {
        return oe.a.k(this.sigAlgParams);
    }

    @Override // java.security.cert.X509Certificate
    public byte[] getSignature() {
        return this.c.f6512d.q();
    }

    @Override // java.security.cert.X509Certificate
    public Collection getSubjectAlternativeNames() {
        return getAlternativeNames(this.c, l.f6519e.f9189a);
    }

    @Override // java.security.cert.X509Certificate
    public Principal getSubjectDN() {
        return new org.bouncycastle.jce.a(this.c.b.f6561h);
    }

    @Override // java.security.cert.X509Certificate
    public boolean[] getSubjectUniqueID() {
        u0 u0Var = this.c.b.f6564l;
        if (u0Var == null) {
            return null;
        }
        byte[] o10 = u0Var.o();
        int length = (o10.length * 8) - u0Var.b();
        boolean[] zArr = new boolean[length];
        for (int i10 = 0; i10 != length; i10++) {
            zArr[i10] = (o10[i10 / 8] & (128 >>> (i10 % 8))) != 0;
        }
        return zArr;
    }

    public fh.c getSubjectX500Name() {
        return this.c.b.f6561h;
    }

    @Override // java.security.cert.X509Certificate
    public X500Principal getSubjectX500Principal() {
        try {
            return new X500Principal(this.c.b.f6561h.c());
        } catch (IOException unused) {
            throw new IllegalStateException("can't encode subject DN");
        }
    }

    @Override // java.security.cert.X509Certificate
    public byte[] getTBSCertificate() {
        try {
            return this.c.b.c();
        } catch (IOException e10) {
            throw new CertificateEncodingException(e10.toString());
        }
    }

    public hh.y getTBSCertificateNative() {
        return this.c.b;
    }

    @Override // java.security.cert.X509Certificate
    public int getVersion() {
        return this.c.b.b.t() + 1;
    }

    @Override // java.security.cert.X509Extension
    public boolean hasUnsupportedCriticalExtension() {
        m mVar;
        if (getVersion() != 3 || (mVar = this.c.b.f6565m) == null) {
            return false;
        }
        Enumeration elements = mVar.b.elements();
        while (elements.hasMoreElements()) {
            r rVar = (r) elements.nextElement();
            if (!rVar.j(l.f6518d) && !rVar.j(l.f6528o) && !rVar.j(l.f6529p) && !rVar.j(l.f6533v) && !rVar.j(l.f6527n) && !rVar.j(l.f6524k) && !rVar.j(l.f6523j) && !rVar.j(l.f6531t) && !rVar.j(l.f6521g) && !rVar.j(l.f6519e) && !rVar.j(l.f6526m) && mVar.d(rVar).b) {
                return true;
            }
        }
        return false;
    }

    /* JADX WARN: Type inference failed for: r7v10, types: [hh.s, java.lang.Object] */
    @Override // java.security.cert.Certificate
    public String toString() {
        Object cVar;
        StringBuffer stringBuffer = new StringBuffer("  [0]         Version: ");
        String str = org.bouncycastle.util.h.f10023a;
        stringBuffer.append(getVersion());
        stringBuffer.append(str);
        stringBuffer.append("         SerialNumber: ");
        stringBuffer.append(getSerialNumber());
        stringBuffer.append(str);
        stringBuffer.append("             IssuerDN: ");
        stringBuffer.append(getIssuerDN());
        stringBuffer.append(str);
        stringBuffer.append("           Start Date: ");
        stringBuffer.append(getNotBefore());
        stringBuffer.append(str);
        stringBuffer.append("           Final Date: ");
        stringBuffer.append(getNotAfter());
        stringBuffer.append(str);
        stringBuffer.append("            SubjectDN: ");
        stringBuffer.append(getSubjectDN());
        stringBuffer.append(str);
        stringBuffer.append("           Public Key: ");
        stringBuffer.append(getPublicKey());
        stringBuffer.append(str);
        stringBuffer.append("  Signature Algorithm: ");
        stringBuffer.append(getSigAlgName());
        stringBuffer.append(str);
        byte[] signature = getSignature();
        HashMap hashMap = e.f9871a;
        int length = signature.length;
        stringBuffer.append("            Signature: ");
        if (length > 20) {
            stringBuffer.append(ri.b.e(signature, 0, 20));
            stringBuffer.append(str);
            int i10 = 20;
            while (i10 < signature.length) {
                int length2 = signature.length - 20;
                stringBuffer.append("                       ");
                stringBuffer.append(i10 < length2 ? ri.b.e(signature, i10, 20) : ri.b.e(signature, i10, signature.length - i10));
                stringBuffer.append(str);
                i10 += 20;
            }
        } else {
            stringBuffer.append(ri.b.e(signature, 0, signature.length));
            stringBuffer.append(str);
        }
        m mVar = this.c.b.f6565m;
        if (mVar != null) {
            Enumeration elements = mVar.b.elements();
            if (elements.hasMoreElements()) {
                stringBuffer.append("       Extensions: \n");
            }
            while (elements.hasMoreElements()) {
                r rVar = (r) elements.nextElement();
                l d10 = mVar.d(rVar);
                s sVar = d10.c;
                if (sVar != null) {
                    ng.l lVar = new ng.l(sVar.f9195a);
                    stringBuffer.append("                       critical(");
                    stringBuffer.append(d10.b);
                    stringBuffer.append(") ");
                    try {
                    } catch (Exception unused) {
                        stringBuffer.append(rVar.f9189a);
                        stringBuffer.append(" value = *****");
                    }
                    if (rVar.j(l.f6521g)) {
                        cVar = g.d(lVar.e());
                    } else if (rVar.j(l.f6518d)) {
                        ng.g e10 = lVar.e();
                        if (e10 instanceof hh.s) {
                            cVar = (hh.s) e10;
                        } else if (e10 != null) {
                            ng.c p10 = ng.c.p(e10);
                            ?? obj = new Object();
                            obj.f6546a = p10;
                            cVar = obj;
                        } else {
                            cVar = null;
                        }
                    } else if (rVar.j(xg.a.f12286a)) {
                        cVar = new xg.b(u0.r(lVar.e()), 0);
                    } else if (rVar.j(xg.a.b)) {
                        cVar = new xg.c(a1.n(lVar.e()), 0);
                    } else if (rVar.j(xg.a.c)) {
                        cVar = new xg.c(a1.n(lVar.e()), 1);
                    } else {
                        stringBuffer.append(rVar.f9189a);
                        stringBuffer.append(" value = ");
                        stringBuffer.append(ui.b.t(lVar.e()));
                        stringBuffer.append(str);
                    }
                    stringBuffer.append(cVar);
                    stringBuffer.append(str);
                }
                stringBuffer.append(str);
            }
        }
        return stringBuffer.toString();
    }

    @Override // java.security.cert.Certificate
    public final void verify(PublicKey publicKey) {
        doVerify(publicKey, new c(this));
    }

    @Override // java.security.cert.Certificate
    public final void verify(PublicKey publicKey, String str) {
        doVerify(publicKey, new d(str, 0));
    }

    @Override // java.security.cert.X509Certificate, java.security.cert.Certificate
    public final void verify(PublicKey publicKey, Provider provider) {
        try {
            doVerify(publicKey, new d(provider, 1));
        } catch (NoSuchProviderException e10) {
            throw new NoSuchAlgorithmException("provider issue: " + e10.getMessage());
        }
    }
}
