package org.bouncycastle.jcajce.provider.asymmetric.x509;

import java.io.BufferedOutputStream;
import java.io.IOException;
import java.math.BigInteger;
import java.net.InetAddress;
import java.net.UnknownHostException;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.Principal;
import java.security.Provider;
import java.security.PublicKey;
import java.security.Signature;
import java.security.SignatureException;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateExpiredException;
import java.security.cert.CertificateNotYetValidException;
import java.security.cert.CertificateParsingException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Collections;
import java.util.Date;
import java.util.Enumeration;
import java.util.HashSet;
import java.util.List;
import java.util.Set;
import javax.security.auth.x500.X500Principal;
import nd.e;
import od.b;
import od.c0;
import od.f1;
import od.j;
import od.l0;
import od.o;
import od.y;
import od.z;
import org.bouncycastle.jcajce.CompositePublicKey;
import org.bouncycastle.jcajce.util.d;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.util.Strings;
import org.bouncycastle.util.q;
import wb.a0;
import wb.b0;
import wb.e0;
import wb.f;
import wb.f2;
import wb.h0;
import wb.l;
import wb.m0;
import wb.t;
import wb.u;
import wb.w1;
import xc.c;
import yf.a;
import zf.g;

/* loaded from: classes6.dex */
abstract class X509CertificateImpl extends X509Certificate implements a {
    protected j basicConstraints;
    protected d bcHelper;

    /* renamed from: c, reason: collision with root package name */
    protected o f34740c;
    protected boolean[] keyUsage;
    protected String sigAlgName;
    protected byte[] sigAlgParams;

    public X509CertificateImpl(d dVar, o oVar, j jVar, boolean[] zArr, String str, byte[] bArr) {
        this.bcHelper = dVar;
        this.f34740c = oVar;
        this.basicConstraints = jVar;
        this.keyUsage = zArr;
        this.sigAlgName = str;
        this.sigAlgParams = bArr;
    }

    private void checkSignature(PublicKey publicKey, Signature signature, wb.j jVar, byte[] bArr) throws CertificateException, NoSuchAlgorithmException, SignatureException, InvalidKeyException {
        if (!isAlgIdEqual(this.f34740c.A(), this.f34740c.F().B())) {
            throw new CertificateException("signature algorithm in TBS cert not same as outer cert");
        }
        X509SignatureUtil.setSignatureParameters(signature, jVar);
        signature.initVerify(publicKey);
        try {
            BufferedOutputStream bufferedOutputStream = new BufferedOutputStream(new g(signature), 512);
            this.f34740c.F().q(bufferedOutputStream, l.f39610a);
            bufferedOutputStream.close();
            if (!signature.verify(bArr)) {
                throw new SignatureException("certificate does not verify with supplied key");
            }
        } catch (IOException e10) {
            throw new CertificateEncodingException(e10.toString());
        }
    }

    private void doVerify(PublicKey publicKey, SignatureCreator signatureCreator) throws CertificateException, NoSuchAlgorithmException, InvalidKeyException, SignatureException, NoSuchProviderException {
        boolean z10 = publicKey instanceof CompositePublicKey;
        int i10 = 0;
        if (z10 && X509SignatureUtil.isCompositeAlgorithm(this.f34740c.A())) {
            List<PublicKey> b10 = ((CompositePublicKey) publicKey).b();
            h0 G = h0.G(this.f34740c.A().x());
            h0 G2 = h0.G(w1.P(this.f34740c.z()).F());
            boolean z11 = false;
            while (i10 != b10.size()) {
                if (b10.get(i10) != null) {
                    b v10 = b.v(G.I(i10));
                    try {
                        checkSignature(b10.get(i10), signatureCreator.createSignature(X509SignatureUtil.getSignatureName(v10)), v10.x(), w1.P(G2.I(i10)).F());
                        e = null;
                        z11 = true;
                    } catch (SignatureException e10) {
                        e = e10;
                    }
                    if (e != null) {
                        throw e;
                    }
                }
                i10++;
            }
            if (!z11) {
                throw new InvalidKeyException("no matching key found");
            }
            return;
        }
        if (!X509SignatureUtil.isCompositeAlgorithm(this.f34740c.A())) {
            Signature createSignature = signatureCreator.createSignature(X509SignatureUtil.getSignatureName(this.f34740c.A()));
            if (!z10) {
                checkSignature(publicKey, createSignature, this.f34740c.A().x(), getSignature());
                return;
            }
            List<PublicKey> b11 = ((CompositePublicKey) publicKey).b();
            while (i10 != b11.size()) {
                try {
                    checkSignature(b11.get(i10), createSignature, this.f34740c.A().x(), getSignature());
                    return;
                } catch (InvalidKeyException unused) {
                    i10++;
                }
            }
            throw new InvalidKeyException("no matching signature found");
        }
        h0 G3 = h0.G(this.f34740c.A().x());
        h0 G4 = h0.G(w1.P(this.f34740c.z()).F());
        boolean z12 = false;
        while (i10 != G4.size()) {
            b v11 = b.v(G3.I(i10));
            try {
                checkSignature(publicKey, signatureCreator.createSignature(X509SignatureUtil.getSignatureName(v11)), v11.x(), w1.P(G4.I(i10)).F());
                e = null;
                z12 = true;
            } catch (InvalidKeyException | NoSuchAlgorithmException unused2) {
                e = null;
            } catch (SignatureException e11) {
                e = e11;
            }
            if (e != null) {
                throw e;
            }
            i10++;
        }
        if (!z12) {
            throw new InvalidKeyException("no matching key found");
        }
    }

    /* JADX WARN: Failed to find 'out' block for switch in B:10:0x0037. Please report as an issue. */
    private static Collection getAlternativeNames(o oVar, String str) throws CertificateParsingException {
        String string;
        byte[] extensionOctets = getExtensionOctets(oVar, str);
        if (extensionOctets == null) {
            return null;
        }
        try {
            ArrayList arrayList = new ArrayList();
            Enumeration J = h0.G(extensionOctets).J();
            while (J.hasMoreElements()) {
                c0 v10 = c0.v(J.nextElement());
                ArrayList arrayList2 = new ArrayList();
                arrayList2.add(Integer.valueOf(v10.h()));
                switch (v10.h()) {
                    case 0:
                    case 3:
                    case 5:
                        arrayList2.add(v10.getEncoded());
                        arrayList.add(Collections.unmodifiableList(arrayList2));
                    case 1:
                    case 2:
                    case 6:
                        string = ((m0) v10.x()).getString();
                        arrayList2.add(string);
                        arrayList.add(Collections.unmodifiableList(arrayList2));
                    case 4:
                        string = md.d.x(e.V, v10.x()).toString();
                        arrayList2.add(string);
                        arrayList.add(Collections.unmodifiableList(arrayList2));
                    case 7:
                        try {
                            string = InetAddress.getByAddress(b0.F(v10.x()).H()).getHostAddress();
                            arrayList2.add(string);
                            arrayList.add(Collections.unmodifiableList(arrayList2));
                        } catch (UnknownHostException unused) {
                        }
                    case 8:
                        string = a0.K(v10.x()).J();
                        arrayList2.add(string);
                        arrayList.add(Collections.unmodifiableList(arrayList2));
                    default:
                        throw new IOException("Bad tag number: " + v10.h());
                }
            }
            if (arrayList.size() == 0) {
                return null;
            }
            return Collections.unmodifiableCollection(arrayList);
        } catch (Exception e10) {
            throw new CertificateParsingException(e10.getMessage());
        }
    }

    public static byte[] getExtensionOctets(o oVar, String str) {
        b0 extensionValue = getExtensionValue(oVar, str);
        if (extensionValue != null) {
            return extensionValue.H();
        }
        return null;
    }

    public static b0 getExtensionValue(o oVar, String str) {
        y x10;
        z v10 = oVar.F().v();
        if (v10 == null || (x10 = v10.x(new a0(str))) == null) {
            return null;
        }
        return x10.x();
    }

    private boolean isAlgIdEqual(b bVar, b bVar2) {
        if (!bVar.u().z(bVar2.u())) {
            return false;
        }
        if (q.e("org.bouncycastle.x509.allow_absent_equiv_NULL")) {
            if (bVar.x() == null) {
                return bVar2.x() == null || bVar2.x().equals(f2.f39555d);
            }
            if (bVar2.x() == null) {
                return bVar.x() == null || bVar.x().equals(f2.f39555d);
            }
        }
        if (bVar.x() != null) {
            return bVar.x().equals(bVar2.x());
        }
        if (bVar2.x() != null) {
            return bVar2.x().equals(bVar.x());
        }
        return true;
    }

    @Override // java.security.cert.X509Certificate
    public void checkValidity() throws CertificateExpiredException, CertificateNotYetValidException {
        checkValidity(new Date());
    }

    @Override // java.security.cert.X509Certificate
    public void checkValidity(Date date) throws CertificateExpiredException, CertificateNotYetValidException {
        if (date.getTime() > getNotAfter().getTime()) {
            throw new CertificateExpiredException("certificate expired on " + this.f34740c.u().x());
        }
        if (date.getTime() >= getNotBefore().getTime()) {
            return;
        }
        throw new CertificateNotYetValidException("certificate not valid till " + this.f34740c.B().x());
    }

    @Override // java.security.cert.X509Certificate
    public int getBasicConstraints() {
        j jVar = this.basicConstraints;
        if (jVar == null || !jVar.y()) {
            return -1;
        }
        if (this.basicConstraints.x() == null) {
            return Integer.MAX_VALUE;
        }
        return this.basicConstraints.x().intValue();
    }

    @Override // java.security.cert.X509Extension
    public Set getCriticalExtensionOIDs() {
        if (getVersion() != 3) {
            return null;
        }
        HashSet hashSet = new HashSet();
        z v10 = this.f34740c.F().v();
        if (v10 == null) {
            return null;
        }
        Enumeration G = v10.G();
        while (G.hasMoreElements()) {
            a0 a0Var = (a0) G.nextElement();
            if (v10.x(a0Var).A()) {
                hashSet.add(a0Var.J());
            }
        }
        return hashSet;
    }

    @Override // java.security.cert.X509Certificate
    public List getExtendedKeyUsage() throws CertificateParsingException {
        byte[] extensionOctets = getExtensionOctets(this.f34740c, "2.5.29.37");
        if (extensionOctets == null) {
            return null;
        }
        try {
            h0 G = h0.G(e0.A(extensionOctets));
            ArrayList arrayList = new ArrayList();
            for (int i10 = 0; i10 != G.size(); i10++) {
                arrayList.add(((a0) G.I(i10)).J());
            }
            return Collections.unmodifiableList(arrayList);
        } catch (Exception unused) {
            throw new CertificateParsingException("error processing extended key usage extension");
        }
    }

    @Override // java.security.cert.X509Extension
    public byte[] getExtensionValue(String str) {
        b0 extensionValue = getExtensionValue(this.f34740c, str);
        if (extensionValue == null) {
            return null;
        }
        try {
            return extensionValue.getEncoded();
        } catch (Exception e10) {
            throw new IllegalStateException(wb.d.a(e10, new StringBuilder("error parsing ")));
        }
    }

    @Override // java.security.cert.X509Certificate
    public Collection getIssuerAlternativeNames() throws CertificateParsingException {
        return getAlternativeNames(this.f34740c, y.f32235n.J());
    }

    @Override // java.security.cert.X509Certificate
    public Principal getIssuerDN() {
        return new org.bouncycastle.jce.j(this.f34740c.x());
    }

    @Override // java.security.cert.X509Certificate
    public boolean[] getIssuerUniqueID() {
        f z10 = this.f34740c.F().z();
        if (z10 == null) {
            return null;
        }
        byte[] F = z10.F();
        int length = (F.length * 8) - z10.e();
        boolean[] zArr = new boolean[length];
        for (int i10 = 0; i10 != length; i10++) {
            zArr[i10] = (F[i10 / 8] & (128 >>> (i10 % 8))) != 0;
        }
        return zArr;
    }

    @Override // yf.a
    public md.d getIssuerX500Name() {
        return this.f34740c.x();
    }

    @Override // java.security.cert.X509Certificate
    public X500Principal getIssuerX500Principal() {
        try {
            return new X500Principal(this.f34740c.x().r(l.f39610a));
        } catch (IOException unused) {
            throw new IllegalStateException("can't encode issuer DN");
        }
    }

    @Override // java.security.cert.X509Certificate
    public boolean[] getKeyUsage() {
        return org.bouncycastle.util.a.x(this.keyUsage);
    }

    @Override // java.security.cert.X509Extension
    public Set getNonCriticalExtensionOIDs() {
        if (getVersion() != 3) {
            return null;
        }
        HashSet hashSet = new HashSet();
        z v10 = this.f34740c.F().v();
        if (v10 == null) {
            return null;
        }
        Enumeration G = v10.G();
        while (G.hasMoreElements()) {
            a0 a0Var = (a0) G.nextElement();
            if (!v10.x(a0Var).A()) {
                hashSet.add(a0Var.J());
            }
        }
        return hashSet;
    }

    @Override // java.security.cert.X509Certificate
    public Date getNotAfter() {
        return this.f34740c.u().u();
    }

    @Override // java.security.cert.X509Certificate
    public Date getNotBefore() {
        return this.f34740c.B().u();
    }

    @Override // java.security.cert.Certificate
    public PublicKey getPublicKey() {
        try {
            return BouncyCastleProvider.getPublicKey(this.f34740c.D());
        } catch (IOException unused) {
            return null;
        }
    }

    @Override // java.security.cert.X509Certificate
    public BigInteger getSerialNumber() {
        return this.f34740c.y().I();
    }

    @Override // java.security.cert.X509Certificate
    public String getSigAlgName() {
        return this.sigAlgName;
    }

    @Override // java.security.cert.X509Certificate
    public String getSigAlgOID() {
        return this.f34740c.A().u().J();
    }

    @Override // java.security.cert.X509Certificate
    public byte[] getSigAlgParams() {
        return org.bouncycastle.util.a.p(this.sigAlgParams);
    }

    @Override // java.security.cert.X509Certificate
    public byte[] getSignature() {
        return this.f34740c.z().J();
    }

    @Override // java.security.cert.X509Certificate
    public Collection getSubjectAlternativeNames() throws CertificateParsingException {
        return getAlternativeNames(this.f34740c, y.f32233k.J());
    }

    @Override // java.security.cert.X509Certificate
    public Principal getSubjectDN() {
        return new org.bouncycastle.jce.j(this.f34740c.C());
    }

    @Override // java.security.cert.X509Certificate
    public boolean[] getSubjectUniqueID() {
        f G = this.f34740c.F().G();
        if (G == null) {
            return null;
        }
        byte[] F = G.F();
        int length = (F.length * 8) - G.e();
        boolean[] zArr = new boolean[length];
        for (int i10 = 0; i10 != length; i10++) {
            zArr[i10] = (F[i10 / 8] & (128 >>> (i10 % 8))) != 0;
        }
        return zArr;
    }

    @Override // yf.a
    public md.d getSubjectX500Name() {
        return this.f34740c.C();
    }

    @Override // java.security.cert.X509Certificate
    public X500Principal getSubjectX500Principal() {
        try {
            return new X500Principal(this.f34740c.C().r(l.f39610a));
        } catch (IOException unused) {
            throw new IllegalStateException("can't encode subject DN");
        }
    }

    @Override // java.security.cert.X509Certificate
    public byte[] getTBSCertificate() throws CertificateEncodingException {
        try {
            return this.f34740c.F().r(l.f39610a);
        } catch (IOException e10) {
            throw new CertificateEncodingException(e10.toString());
        }
    }

    @Override // yf.a
    public f1 getTBSCertificateNative() {
        return this.f34740c.F();
    }

    @Override // java.security.cert.X509Certificate
    public int getVersion() {
        return this.f34740c.H();
    }

    @Override // java.security.cert.X509Extension
    public boolean hasUnsupportedCriticalExtension() {
        z v10;
        if (getVersion() != 3 || (v10 = this.f34740c.F().v()) == null) {
            return false;
        }
        Enumeration G = v10.G();
        while (G.hasMoreElements()) {
            a0 a0Var = (a0) G.nextElement();
            if (!a0Var.z(y.f32231i) && !a0Var.z(y.A) && !a0Var.z(y.B) && !a0Var.z(y.O) && !a0Var.z(y.f32245z) && !a0Var.z(y.f32242w) && !a0Var.z(y.f32241v) && !a0Var.z(y.I) && !a0Var.z(y.f32236o) && !a0Var.z(y.f32233k) && !a0Var.z(y.f32244y) && v10.x(a0Var).A()) {
                return true;
            }
        }
        return false;
    }

    @Override // java.security.cert.Certificate
    public String toString() {
        Object v10;
        StringBuffer stringBuffer = new StringBuffer();
        String f10 = Strings.f();
        stringBuffer.append("  [0]         Version: ");
        stringBuffer.append(getVersion());
        stringBuffer.append(f10);
        stringBuffer.append("         SerialNumber: ");
        stringBuffer.append(getSerialNumber());
        stringBuffer.append(f10);
        stringBuffer.append("             IssuerDN: ");
        stringBuffer.append(getIssuerDN());
        stringBuffer.append(f10);
        stringBuffer.append("           Start Date: ");
        stringBuffer.append(getNotBefore());
        stringBuffer.append(f10);
        stringBuffer.append("           Final Date: ");
        stringBuffer.append(getNotAfter());
        stringBuffer.append(f10);
        stringBuffer.append("            SubjectDN: ");
        stringBuffer.append(getSubjectDN());
        stringBuffer.append(f10);
        stringBuffer.append("           Public Key: ");
        stringBuffer.append(getPublicKey());
        stringBuffer.append(f10);
        stringBuffer.append("  Signature Algorithm: ");
        stringBuffer.append(getSigAlgName());
        stringBuffer.append(f10);
        X509SignatureUtil.prettyPrintSignature(getSignature(), stringBuffer, f10);
        z v11 = this.f34740c.F().v();
        if (v11 != null) {
            Enumeration G = v11.G();
            if (G.hasMoreElements()) {
                stringBuffer.append("       Extensions: \n");
            }
            while (G.hasMoreElements()) {
                a0 a0Var = (a0) G.nextElement();
                y x10 = v11.x(a0Var);
                if (x10.x() != null) {
                    u uVar = new u(x10.x().H());
                    stringBuffer.append("                       critical(");
                    stringBuffer.append(x10.A());
                    stringBuffer.append(") ");
                    try {
                    } catch (Exception unused) {
                        stringBuffer.append(a0Var.J());
                        stringBuffer.append(" value = ");
                        stringBuffer.append("*****");
                    }
                    if (a0Var.z(y.f32236o)) {
                        v10 = j.v(uVar.s());
                    } else if (a0Var.z(y.f32231i)) {
                        v10 = l0.w(uVar.s());
                    } else if (a0Var.z(c.f40465b)) {
                        v10 = new xc.d(w1.P(uVar.s()));
                    } else if (a0Var.z(c.f40467d)) {
                        v10 = new xc.e(t.F(uVar.s()));
                    } else if (a0Var.z(c.f40474k)) {
                        v10 = new xc.g(t.F(uVar.s()));
                    } else {
                        stringBuffer.append(a0Var.J());
                        stringBuffer.append(" value = ");
                        stringBuffer.append(ld.a.d(uVar.s(), false));
                        stringBuffer.append(f10);
                    }
                    stringBuffer.append(v10);
                    stringBuffer.append(f10);
                }
                stringBuffer.append(f10);
            }
        }
        return stringBuffer.toString();
    }

    @Override // java.security.cert.Certificate
    public final void verify(PublicKey publicKey) throws CertificateException, NoSuchAlgorithmException, InvalidKeyException, NoSuchProviderException, SignatureException {
        doVerify(publicKey, new SignatureCreator() { // from class: org.bouncycastle.jcajce.provider.asymmetric.x509.X509CertificateImpl.1
            @Override // org.bouncycastle.jcajce.provider.asymmetric.x509.SignatureCreator
            public Signature createSignature(String str) throws NoSuchAlgorithmException {
                try {
                    return X509CertificateImpl.this.bcHelper.createSignature(str);
                } catch (Exception unused) {
                    return Signature.getInstance(str);
                }
            }
        });
    }

    @Override // java.security.cert.Certificate
    public final void verify(PublicKey publicKey, final String str) throws CertificateException, NoSuchAlgorithmException, InvalidKeyException, NoSuchProviderException, SignatureException {
        doVerify(publicKey, new SignatureCreator() { // from class: org.bouncycastle.jcajce.provider.asymmetric.x509.X509CertificateImpl.2
            @Override // org.bouncycastle.jcajce.provider.asymmetric.x509.SignatureCreator
            public Signature createSignature(String str2) throws NoSuchAlgorithmException, NoSuchProviderException {
                String str3 = str;
                return str3 != null ? Signature.getInstance(str2, str3) : Signature.getInstance(str2);
            }
        });
    }

    @Override // java.security.cert.X509Certificate, java.security.cert.Certificate
    public final void verify(PublicKey publicKey, final Provider provider) throws CertificateException, NoSuchAlgorithmException, InvalidKeyException, SignatureException {
        try {
            doVerify(publicKey, new SignatureCreator() { // from class: org.bouncycastle.jcajce.provider.asymmetric.x509.X509CertificateImpl.3
                @Override // org.bouncycastle.jcajce.provider.asymmetric.x509.SignatureCreator
                public Signature createSignature(String str) throws NoSuchAlgorithmException {
                    Provider provider2 = provider;
                    return provider2 != null ? Signature.getInstance(str, provider2) : Signature.getInstance(str);
                }
            });
        } catch (NoSuchProviderException e10) {
            throw new NoSuchAlgorithmException("provider issue: " + e10.getMessage());
        }
    }
}
