package org.bouncycastle.jcajce.provider.asymmetric.x509;

import java.io.BufferedOutputStream;
import java.io.IOException;
import java.math.BigInteger;
import java.net.InetAddress;
import java.net.UnknownHostException;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.Principal;
import java.security.Provider;
import java.security.PublicKey;
import java.security.Signature;
import java.security.SignatureException;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateExpiredException;
import java.security.cert.CertificateNotYetValidException;
import java.security.cert.CertificateParsingException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Collections;
import java.util.Date;
import java.util.Enumeration;
import java.util.HashSet;
import java.util.List;
import java.util.Set;
import javax.security.auth.x500.X500Principal;
import org.bouncycastle.asn1.b2;
import org.bouncycastle.asn1.c;
import org.bouncycastle.asn1.d0;
import org.bouncycastle.asn1.g;
import org.bouncycastle.asn1.g0;
import org.bouncycastle.asn1.i;
import org.bouncycastle.asn1.l0;
import org.bouncycastle.asn1.s;
import org.bouncycastle.asn1.t;
import org.bouncycastle.asn1.x500.d;
import org.bouncycastle.asn1.x509.b;
import org.bouncycastle.asn1.x509.b0;
import org.bouncycastle.asn1.x509.c0;
import org.bouncycastle.asn1.x509.e0;
import org.bouncycastle.asn1.x509.j1;
import org.bouncycastle.asn1.x509.l;
import org.bouncycastle.asn1.x509.n0;
import org.bouncycastle.asn1.x509.q;
import org.bouncycastle.asn1.y;
import org.bouncycastle.asn1.z;
import org.bouncycastle.jcajce.e;
import org.bouncycastle.jcajce.util.f;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.util.h;
import org.bouncycastle.util.k;
import org.bouncycastle.util.r;
import r6.a;

/* loaded from: classes3.dex */
abstract class X509CertificateImpl extends X509Certificate implements a {
    protected l basicConstraints;
    protected f bcHelper;

    /* renamed from: c, reason: collision with root package name */
    protected q f46480c;
    protected boolean[] keyUsage;
    protected String sigAlgName;
    protected byte[] sigAlgParams;

    /* JADX INFO: Access modifiers changed from: package-private */
    public X509CertificateImpl(f fVar, q qVar, l lVar, boolean[] zArr, String str, byte[] bArr) {
        this.bcHelper = fVar;
        this.f46480c = qVar;
        this.basicConstraints = lVar;
        this.keyUsage = zArr;
        this.sigAlgName = str;
        this.sigAlgParams = bArr;
    }

    private void checkSignature(PublicKey publicKey, Signature signature, g gVar, byte[] bArr) throws CertificateException, NoSuchAlgorithmException, SignatureException, InvalidKeyException {
        if (!isAlgIdEqual(this.f46480c.D0(), this.f46480c.H0().E0())) {
            throw new CertificateException("signature algorithm in TBS cert not same as outer cert");
        }
        X509SignatureUtil.setSignatureParameters(signature, gVar);
        signature.initVerify(publicKey);
        try {
            BufferedOutputStream bufferedOutputStream = new BufferedOutputStream(org.bouncycastle.jcajce.io.f.b(signature), 512);
            this.f46480c.H0().p0(bufferedOutputStream, i.f40849a);
            bufferedOutputStream.close();
            if (!signature.verify(bArr)) {
                throw new SignatureException("certificate does not verify with supplied key");
            }
        } catch (IOException e9) {
            throw new CertificateEncodingException(e9.toString());
        }
    }

    private void doVerify(PublicKey publicKey, SignatureCreator signatureCreator) throws CertificateException, NoSuchAlgorithmException, InvalidKeyException, SignatureException, NoSuchProviderException {
        boolean z8 = publicKey instanceof e;
        int i9 = 0;
        if (z8 && X509SignatureUtil.isCompositeAlgorithm(this.f46480c.D0())) {
            List<PublicKey> a9 = ((e) publicKey).a();
            g0 I0 = g0.I0(this.f46480c.D0().A0());
            g0 I02 = g0.I0(c.J0(this.f46480c.C0()).H0());
            boolean z9 = false;
            while (i9 != a9.size()) {
                if (a9.get(i9) != null) {
                    b y02 = b.y0(I0.K0(i9));
                    try {
                        checkSignature(a9.get(i9), signatureCreator.createSignature(X509SignatureUtil.getSignatureName(y02)), y02.A0(), c.J0(I02.K0(i9)).H0());
                        e = null;
                        z9 = true;
                    } catch (SignatureException e9) {
                        e = e9;
                    }
                    if (e != null) {
                        throw e;
                    }
                }
                i9++;
            }
            if (!z9) {
                throw new InvalidKeyException("no matching key found");
            }
            return;
        }
        if (!X509SignatureUtil.isCompositeAlgorithm(this.f46480c.D0())) {
            Signature createSignature = signatureCreator.createSignature(X509SignatureUtil.getSignatureName(this.f46480c.D0()));
            if (!z8) {
                checkSignature(publicKey, createSignature, this.f46480c.D0().A0(), getSignature());
                return;
            }
            List<PublicKey> a10 = ((e) publicKey).a();
            while (i9 != a10.size()) {
                try {
                    checkSignature(a10.get(i9), createSignature, this.f46480c.D0().A0(), getSignature());
                    return;
                } catch (InvalidKeyException unused) {
                    i9++;
                }
            }
            throw new InvalidKeyException("no matching signature found");
        }
        g0 I03 = g0.I0(this.f46480c.D0().A0());
        g0 I04 = g0.I0(c.J0(this.f46480c.C0()).H0());
        boolean z10 = false;
        while (i9 != I04.size()) {
            b y03 = b.y0(I03.K0(i9));
            try {
                checkSignature(publicKey, signatureCreator.createSignature(X509SignatureUtil.getSignatureName(y03)), y03.A0(), c.J0(I04.K0(i9)).H0());
                e = null;
                z10 = true;
            } catch (InvalidKeyException | NoSuchAlgorithmException unused2) {
                e = null;
            } catch (SignatureException e10) {
                e = e10;
            }
            if (e != null) {
                throw e;
            }
            i9++;
        }
        if (!z10) {
            throw new InvalidKeyException("no matching key found");
        }
    }

    /* JADX WARN: Failed to find 'out' block for switch in B:10:0x0037. Please report as an issue. */
    private static Collection getAlternativeNames(q qVar, String str) throws CertificateParsingException {
        String j9;
        byte[] extensionOctets = getExtensionOctets(qVar, str);
        if (extensionOctets == null) {
            return null;
        }
        try {
            ArrayList arrayList = new ArrayList();
            Enumeration L0 = g0.I0(extensionOctets).L0();
            while (L0.hasMoreElements()) {
                e0 y02 = e0.y0(L0.nextElement());
                ArrayList arrayList2 = new ArrayList();
                arrayList2.add(k.j(y02.R()));
                switch (y02.R()) {
                    case 0:
                    case 3:
                    case 5:
                        arrayList2.add(y02.getEncoded());
                        arrayList.add(Collections.unmodifiableList(arrayList2));
                    case 1:
                    case 2:
                    case 6:
                        j9 = ((l0) y02.A0()).j();
                        arrayList2.add(j9);
                        arrayList.add(Collections.unmodifiableList(arrayList2));
                    case 4:
                        j9 = d.B0(org.bouncycastle.asn1.x500.style.e.V, y02.A0()).toString();
                        arrayList2.add(j9);
                        arrayList.add(Collections.unmodifiableList(arrayList2));
                    case 7:
                        try {
                            j9 = InetAddress.getByAddress(z.H0(y02.A0()).J0()).getHostAddress();
                            arrayList2.add(j9);
                            arrayList.add(Collections.unmodifiableList(arrayList2));
                        } catch (UnknownHostException unused) {
                        }
                    case 8:
                        j9 = y.M0(y02.A0()).L0();
                        arrayList2.add(j9);
                        arrayList.add(Collections.unmodifiableList(arrayList2));
                    default:
                        throw new IOException("Bad tag number: " + y02.R());
                }
            }
            if (arrayList.size() == 0) {
                return null;
            }
            return Collections.unmodifiableCollection(arrayList);
        } catch (Exception e9) {
            throw new CertificateParsingException(e9.getMessage());
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static byte[] getExtensionOctets(q qVar, String str) {
        z extensionValue = getExtensionValue(qVar, str);
        if (extensionValue != null) {
            return extensionValue.J0();
        }
        return null;
    }

    protected static z getExtensionValue(q qVar, String str) {
        b0 z02;
        c0 y02 = qVar.H0().y0();
        if (y02 == null || (z02 = y02.z0(new y(str))) == null) {
            return null;
        }
        return z02.A0();
    }

    private boolean isAlgIdEqual(b bVar, b bVar2) {
        if (!bVar.x0().C0(bVar2.x0())) {
            return false;
        }
        if (r.f("org.bouncycastle.x509.allow_absent_equiv_NULL")) {
            if (bVar.A0() == null) {
                return bVar2.A0() == null || bVar2.A0().equals(b2.f39861b);
            }
            if (bVar2.A0() == null) {
                return bVar.A0() == null || bVar.A0().equals(b2.f39861b);
            }
        }
        if (bVar.A0() != null) {
            return bVar.A0().equals(bVar2.A0());
        }
        if (bVar2.A0() != null) {
            return bVar2.A0().equals(bVar.A0());
        }
        return true;
    }

    @Override // java.security.cert.X509Certificate
    public void checkValidity() throws CertificateExpiredException, CertificateNotYetValidException {
        checkValidity(new Date());
    }

    @Override // java.security.cert.X509Certificate
    public void checkValidity(Date date) throws CertificateExpiredException, CertificateNotYetValidException {
        if (date.getTime() > getNotAfter().getTime()) {
            throw new CertificateExpiredException("certificate expired on " + this.f46480c.x0().A0());
        }
        if (date.getTime() >= getNotBefore().getTime()) {
            return;
        }
        throw new CertificateNotYetValidException("certificate not valid till " + this.f46480c.E0().A0());
    }

    @Override // java.security.cert.X509Certificate
    public int getBasicConstraints() {
        l lVar = this.basicConstraints;
        if (lVar == null || !lVar.C0()) {
            return -1;
        }
        t B0 = this.basicConstraints.B0();
        if (B0 == null) {
            return Integer.MAX_VALUE;
        }
        return B0.O0();
    }

    @Override // java.security.cert.X509Extension
    public Set getCriticalExtensionOIDs() {
        if (getVersion() != 3) {
            return null;
        }
        HashSet hashSet = new HashSet();
        c0 y02 = this.f46480c.H0().y0();
        if (y02 == null) {
            return null;
        }
        Enumeration I0 = y02.I0();
        while (I0.hasMoreElements()) {
            y yVar = (y) I0.nextElement();
            if (y02.z0(yVar).D0()) {
                hashSet.add(yVar.L0());
            }
        }
        return hashSet;
    }

    @Override // java.security.cert.X509Certificate
    public List getExtendedKeyUsage() throws CertificateParsingException {
        byte[] extensionOctets = getExtensionOctets(this.f46480c, "2.5.29.37");
        if (extensionOctets == null) {
            return null;
        }
        try {
            g0 I0 = g0.I0(d0.D0(extensionOctets));
            ArrayList arrayList = new ArrayList();
            for (int i9 = 0; i9 != I0.size(); i9++) {
                arrayList.add(((y) I0.K0(i9)).L0());
            }
            return Collections.unmodifiableList(arrayList);
        } catch (Exception unused) {
            throw new CertificateParsingException("error processing extended key usage extension");
        }
    }

    @Override // java.security.cert.X509Extension
    public byte[] getExtensionValue(String str) {
        z extensionValue = getExtensionValue(this.f46480c, str);
        if (extensionValue == null) {
            return null;
        }
        try {
            return extensionValue.getEncoded();
        } catch (Exception e9) {
            throw h.b("error parsing " + e9.getMessage(), e9);
        }
    }

    @Override // java.security.cert.X509Certificate
    public Collection getIssuerAlternativeNames() throws CertificateParsingException {
        return getAlternativeNames(this.f46480c, b0.f41667i.L0());
    }

    @Override // java.security.cert.X509Certificate
    public Principal getIssuerDN() {
        return new org.bouncycastle.jce.k(this.f46480c.A0());
    }

    @Override // java.security.cert.X509Certificate
    public boolean[] getIssuerUniqueID() {
        c C0 = this.f46480c.H0().C0();
        if (C0 == null) {
            return null;
        }
        byte[] H0 = C0.H0();
        int length = (H0.length * 8) - C0.L();
        boolean[] zArr = new boolean[length];
        for (int i9 = 0; i9 != length; i9++) {
            zArr[i9] = (H0[i9 / 8] & (128 >>> (i9 % 8))) != 0;
        }
        return zArr;
    }

    @Override // r6.a
    public d getIssuerX500Name() {
        return this.f46480c.A0();
    }

    @Override // java.security.cert.X509Certificate
    public X500Principal getIssuerX500Principal() {
        try {
            return new X500Principal(this.f46480c.A0().q0(i.f40849a));
        } catch (IOException unused) {
            throw new IllegalStateException("can't encode issuer DN");
        }
    }

    @Override // java.security.cert.X509Certificate
    public boolean[] getKeyUsage() {
        return org.bouncycastle.util.a.x(this.keyUsage);
    }

    @Override // java.security.cert.X509Extension
    public Set getNonCriticalExtensionOIDs() {
        if (getVersion() != 3) {
            return null;
        }
        HashSet hashSet = new HashSet();
        c0 y02 = this.f46480c.H0().y0();
        if (y02 == null) {
            return null;
        }
        Enumeration I0 = y02.I0();
        while (I0.hasMoreElements()) {
            y yVar = (y) I0.nextElement();
            if (!y02.z0(yVar).D0()) {
                hashSet.add(yVar.L0());
            }
        }
        return hashSet;
    }

    @Override // java.security.cert.X509Certificate
    public Date getNotAfter() {
        return this.f46480c.x0().x0();
    }

    @Override // java.security.cert.X509Certificate
    public Date getNotBefore() {
        return this.f46480c.E0().x0();
    }

    @Override // java.security.cert.Certificate
    public PublicKey getPublicKey() {
        try {
            return BouncyCastleProvider.getPublicKey(this.f46480c.G0());
        } catch (IOException e9) {
            throw h.b("failed to recover public key: " + e9.getMessage(), e9);
        }
    }

    @Override // java.security.cert.X509Certificate
    public BigInteger getSerialNumber() {
        return this.f46480c.B0().K0();
    }

    @Override // java.security.cert.X509Certificate
    public String getSigAlgName() {
        return this.sigAlgName;
    }

    @Override // java.security.cert.X509Certificate
    public String getSigAlgOID() {
        return this.f46480c.D0().x0().L0();
    }

    @Override // java.security.cert.X509Certificate
    public byte[] getSigAlgParams() {
        return org.bouncycastle.util.a.p(this.sigAlgParams);
    }

    @Override // java.security.cert.X509Certificate
    public byte[] getSignature() {
        return this.f46480c.C0().L0();
    }

    @Override // java.security.cert.X509Certificate
    public Collection getSubjectAlternativeNames() throws CertificateParsingException {
        return getAlternativeNames(this.f46480c, b0.f41666h.L0());
    }

    @Override // java.security.cert.X509Certificate
    public Principal getSubjectDN() {
        return new org.bouncycastle.jce.k(this.f46480c.F0());
    }

    @Override // java.security.cert.X509Certificate
    public boolean[] getSubjectUniqueID() {
        c I0 = this.f46480c.H0().I0();
        if (I0 == null) {
            return null;
        }
        byte[] H0 = I0.H0();
        int length = (H0.length * 8) - I0.L();
        boolean[] zArr = new boolean[length];
        for (int i9 = 0; i9 != length; i9++) {
            zArr[i9] = (H0[i9 / 8] & (128 >>> (i9 % 8))) != 0;
        }
        return zArr;
    }

    @Override // r6.a
    public d getSubjectX500Name() {
        return this.f46480c.F0();
    }

    @Override // java.security.cert.X509Certificate
    public X500Principal getSubjectX500Principal() {
        try {
            return new X500Principal(this.f46480c.F0().q0(i.f40849a));
        } catch (IOException unused) {
            throw new IllegalStateException("can't encode subject DN");
        }
    }

    @Override // java.security.cert.X509Certificate
    public byte[] getTBSCertificate() throws CertificateEncodingException {
        try {
            return this.f46480c.H0().q0(i.f40849a);
        } catch (IOException e9) {
            throw new CertificateEncodingException(e9.toString());
        }
    }

    @Override // r6.a
    public j1 getTBSCertificateNative() {
        return this.f46480c.H0();
    }

    @Override // java.security.cert.X509Certificate
    public int getVersion() {
        return this.f46480c.J0();
    }

    @Override // java.security.cert.X509Extension
    public boolean hasUnsupportedCriticalExtension() {
        c0 y02;
        if (getVersion() != 3 || (y02 = this.f46480c.H0().y0()) == null) {
            return false;
        }
        Enumeration I0 = y02.I0();
        while (I0.hasMoreElements()) {
            y yVar = (y) I0.nextElement();
            if (!yVar.C0(b0.f41664f) && !yVar.C0(b0.f41678t) && !yVar.C0(b0.f41679u) && !yVar.C0(b0.f41684z) && !yVar.C0(b0.f41677s) && !yVar.C0(b0.f41674p) && !yVar.C0(b0.f41673o) && !yVar.C0(b0.f41681w) && !yVar.C0(b0.f41668j) && !yVar.C0(b0.f41666h) && !yVar.C0(b0.f41676r) && y02.z0(yVar).D0()) {
                return true;
            }
        }
        return false;
    }

    @Override // java.security.cert.Certificate
    public String toString() {
        Object gVar;
        StringBuffer stringBuffer = new StringBuffer();
        String f9 = org.bouncycastle.util.z.f();
        stringBuffer.append("  [0]         Version: ");
        stringBuffer.append(getVersion());
        stringBuffer.append(f9);
        stringBuffer.append("         SerialNumber: ");
        stringBuffer.append(getSerialNumber());
        stringBuffer.append(f9);
        stringBuffer.append("             IssuerDN: ");
        stringBuffer.append(getIssuerDN());
        stringBuffer.append(f9);
        stringBuffer.append("           Start Date: ");
        stringBuffer.append(getNotBefore());
        stringBuffer.append(f9);
        stringBuffer.append("           Final Date: ");
        stringBuffer.append(getNotAfter());
        stringBuffer.append(f9);
        stringBuffer.append("            SubjectDN: ");
        stringBuffer.append(getSubjectDN());
        stringBuffer.append(f9);
        stringBuffer.append("           Public Key: ");
        stringBuffer.append(getPublicKey());
        stringBuffer.append(f9);
        stringBuffer.append("  Signature Algorithm: ");
        stringBuffer.append(getSigAlgName());
        stringBuffer.append(f9);
        X509SignatureUtil.prettyPrintSignature(getSignature(), stringBuffer, f9);
        c0 y02 = this.f46480c.H0().y0();
        if (y02 != null) {
            Enumeration I0 = y02.I0();
            if (I0.hasMoreElements()) {
                stringBuffer.append("       Extensions: \n");
            }
            while (I0.hasMoreElements()) {
                y yVar = (y) I0.nextElement();
                b0 z02 = y02.z0(yVar);
                if (z02.A0() != null) {
                    s sVar = new s(z02.A0().J0());
                    stringBuffer.append("                       critical(");
                    stringBuffer.append(z02.D0());
                    stringBuffer.append(") ");
                    try {
                    } catch (Exception unused) {
                        stringBuffer.append(yVar.L0());
                        stringBuffer.append(" value = ");
                        stringBuffer.append("*****");
                    }
                    if (yVar.C0(b0.f41668j)) {
                        gVar = l.y0(sVar.q());
                    } else if (yVar.C0(b0.f41664f)) {
                        gVar = n0.z0(sVar.q());
                    } else if (yVar.C0(org.bouncycastle.asn1.misc.c.f40955b)) {
                        gVar = new org.bouncycastle.asn1.misc.d(c.J0(sVar.q()));
                    } else if (yVar.C0(org.bouncycastle.asn1.misc.c.f40957d)) {
                        gVar = new org.bouncycastle.asn1.misc.e(org.bouncycastle.asn1.r.H0(sVar.q()));
                    } else if (yVar.C0(org.bouncycastle.asn1.misc.c.f40964k)) {
                        gVar = new org.bouncycastle.asn1.misc.g(org.bouncycastle.asn1.r.H0(sVar.q()));
                    } else {
                        stringBuffer.append(yVar.L0());
                        stringBuffer.append(" value = ");
                        stringBuffer.append(org.bouncycastle.asn1.util.a.c(sVar.q()));
                        stringBuffer.append(f9);
                    }
                    stringBuffer.append(gVar);
                    stringBuffer.append(f9);
                }
                stringBuffer.append(f9);
            }
        }
        return stringBuffer.toString();
    }

    @Override // java.security.cert.Certificate
    public final void verify(PublicKey publicKey) throws CertificateException, NoSuchAlgorithmException, InvalidKeyException, NoSuchProviderException, SignatureException {
        doVerify(publicKey, new SignatureCreator() { // from class: org.bouncycastle.jcajce.provider.asymmetric.x509.X509CertificateImpl.1
            @Override // org.bouncycastle.jcajce.provider.asymmetric.x509.SignatureCreator
            public Signature createSignature(String str) throws NoSuchAlgorithmException {
                try {
                    return X509CertificateImpl.this.bcHelper.createSignature(str);
                } catch (Exception unused) {
                    return Signature.getInstance(str);
                }
            }
        });
    }

    @Override // java.security.cert.Certificate
    public final void verify(PublicKey publicKey, final String str) throws CertificateException, NoSuchAlgorithmException, InvalidKeyException, NoSuchProviderException, SignatureException {
        doVerify(publicKey, new SignatureCreator() { // from class: org.bouncycastle.jcajce.provider.asymmetric.x509.X509CertificateImpl.2
            @Override // org.bouncycastle.jcajce.provider.asymmetric.x509.SignatureCreator
            public Signature createSignature(String str2) throws NoSuchAlgorithmException, NoSuchProviderException {
                String str3 = str;
                return str3 != null ? Signature.getInstance(str2, str3) : Signature.getInstance(str2);
            }
        });
    }

    @Override // java.security.cert.X509Certificate, java.security.cert.Certificate
    public final void verify(PublicKey publicKey, final Provider provider) throws CertificateException, NoSuchAlgorithmException, InvalidKeyException, SignatureException {
        try {
            doVerify(publicKey, new SignatureCreator() { // from class: org.bouncycastle.jcajce.provider.asymmetric.x509.X509CertificateImpl.3
                @Override // org.bouncycastle.jcajce.provider.asymmetric.x509.SignatureCreator
                public Signature createSignature(String str) throws NoSuchAlgorithmException {
                    Provider provider2 = provider;
                    return provider2 != null ? Signature.getInstance(str, provider2) : Signature.getInstance(str);
                }
            });
        } catch (NoSuchProviderException e9) {
            throw new NoSuchAlgorithmException("provider issue: " + e9.getMessage());
        }
    }
}
