package org.bouncycastle.jcajce.provider.asymmetric.x509;

import java.io.BufferedOutputStream;
import java.io.IOException;
import java.math.BigInteger;
import java.net.InetAddress;
import java.net.UnknownHostException;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.Principal;
import java.security.Provider;
import java.security.PublicKey;
import java.security.Signature;
import java.security.SignatureException;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateExpiredException;
import java.security.cert.CertificateNotYetValidException;
import java.security.cert.CertificateParsingException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Collections;
import java.util.Date;
import java.util.Enumeration;
import java.util.HashSet;
import java.util.List;
import java.util.Set;
import javax.security.auth.x500.X500Principal;
import org.bouncycastle.asn1.ab;
import org.bouncycastle.asn1.ag;
import org.bouncycastle.asn1.br;
import org.bouncycastle.asn1.n;
import org.bouncycastle.asn1.o;
import org.bouncycastle.asn1.p;
import org.bouncycastle.asn1.u;
import org.bouncycastle.asn1.v;
import org.bouncycastle.asn1.x509.ad;
import org.bouncycastle.asn1.x509.i;
import org.bouncycastle.asn1.x509.m;
import org.bouncycastle.asn1.x509.r;
import org.bouncycastle.asn1.x509.s;
import org.bouncycastle.asn1.x509.t;
import org.bouncycastle.asn1.y;
import org.bouncycastle.jcajce.CompositePublicKey;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.util.Strings;

/* loaded from: classes4.dex */
abstract class X509CertificateImpl extends X509Certificate {
    protected i basicConstraints;
    protected org.bouncycastle.jcajce.util.b bcHelper;
    protected m c;
    protected boolean[] keyUsage;
    protected String sigAlgName;
    protected byte[] sigAlgParams;

    /* JADX INFO: Access modifiers changed from: package-private */
    public X509CertificateImpl(org.bouncycastle.jcajce.util.b bVar, m mVar, i iVar, boolean[] zArr, String str, byte[] bArr) {
        this.bcHelper = bVar;
        this.c = mVar;
        this.basicConstraints = iVar;
        this.keyUsage = zArr;
        this.sigAlgName = str;
        this.sigAlgParams = bArr;
    }

    private void checkSignature(PublicKey publicKey, Signature signature, org.bouncycastle.asn1.f fVar, byte[] bArr) {
        if (!f.a(this.c.i(), this.c.a().c())) {
            throw new CertificateException("signature algorithm in TBS cert not same as outer cert");
        }
        f.a(signature, fVar);
        signature.initVerify(publicKey);
        try {
            BufferedOutputStream bufferedOutputStream = new BufferedOutputStream(org.bouncycastle.jcajce.a.c.a(signature), 512);
            this.c.a().a(bufferedOutputStream, "DER");
            bufferedOutputStream.close();
            if (!signature.verify(bArr)) {
                throw new SignatureException("certificate does not verify with supplied key");
            }
        } catch (IOException e) {
            throw new CertificateEncodingException(e.toString());
        }
    }

    private void doVerify(PublicKey publicKey, b bVar) {
        boolean z = publicKey instanceof CompositePublicKey;
        int i = 0;
        if (z && f.a(this.c.i())) {
            List<PublicKey> publicKeys = ((CompositePublicKey) publicKey).getPublicKeys();
            ab a2 = ab.a((Object) this.c.i().b());
            ab a3 = ab.a(this.c.j().e());
            boolean z2 = false;
            while (i != publicKeys.size()) {
                if (publicKeys.get(i) != null) {
                    org.bouncycastle.asn1.x509.a a4 = org.bouncycastle.asn1.x509.a.a(a2.a(i));
                    try {
                        checkSignature(publicKeys.get(i), bVar.a(f.b(a4)), a4.b(), org.bouncycastle.asn1.b.a((Object) a3.a(i)).e());
                        e = null;
                        z2 = true;
                    } catch (SignatureException e) {
                        e = e;
                    }
                    if (e != null) {
                        throw e;
                    }
                }
                i++;
            }
            if (!z2) {
                throw new InvalidKeyException("no matching key found");
            }
            return;
        }
        if (!f.a(this.c.i())) {
            Signature a5 = bVar.a(getSigAlgName());
            if (z) {
                CompositePublicKey compositePublicKey = (CompositePublicKey) publicKey;
                if (org.bouncycastle.a.a.h.a.Q.b(compositePublicKey.getAlgorithmIdentifier())) {
                    List<PublicKey> publicKeys2 = compositePublicKey.getPublicKeys();
                    while (i != publicKeys2.size()) {
                        try {
                            checkSignature(publicKeys2.get(i), a5, this.c.i().b(), getSignature());
                            return;
                        } catch (InvalidKeyException unused) {
                            i++;
                        }
                    }
                    throw new InvalidKeyException("no matching signature found");
                }
            }
            checkSignature(publicKey, a5, this.c.i().b(), getSignature());
            return;
        }
        ab a6 = ab.a((Object) this.c.i().b());
        ab a7 = ab.a(this.c.j().e());
        boolean z3 = false;
        while (i != a7.d()) {
            org.bouncycastle.asn1.x509.a a8 = org.bouncycastle.asn1.x509.a.a(a6.a(i));
            try {
                checkSignature(publicKey, bVar.a(f.b(a8)), a8.b(), org.bouncycastle.asn1.b.a((Object) a7.a(i)).e());
                e = null;
                z3 = true;
            } catch (InvalidKeyException | NoSuchAlgorithmException unused2) {
                e = null;
            } catch (SignatureException e2) {
                e = e2;
            }
            if (e != null) {
                throw e;
            }
            i++;
        }
        if (!z3) {
            throw new InvalidKeyException("no matching key found");
        }
    }

    /* JADX WARN: Failed to find 'out' block for switch in B:10:0x0037. Please report as an issue. */
    private static Collection getAlternativeNames(m mVar, String str) {
        String a2;
        byte[] extensionOctets = getExtensionOctets(mVar, str);
        if (extensionOctets == null) {
            return null;
        }
        try {
            ArrayList arrayList = new ArrayList();
            Enumeration c = ab.a(extensionOctets).c();
            while (c.hasMoreElements()) {
                t a3 = t.a(c.nextElement());
                ArrayList arrayList2 = new ArrayList();
                arrayList2.add(org.bouncycastle.util.f.c(a3.a()));
                switch (a3.a()) {
                    case 0:
                    case 3:
                    case 5:
                        arrayList2.add(a3.getEncoded());
                        arrayList.add(Collections.unmodifiableList(arrayList2));
                    case 1:
                    case 2:
                    case 6:
                        a2 = ((ag) a3.b()).a();
                        arrayList2.add(a2);
                        arrayList.add(Collections.unmodifiableList(arrayList2));
                    case 4:
                        a2 = org.bouncycastle.asn1.s.c.a(org.bouncycastle.asn1.s.a.d.R, a3.b()).toString();
                        arrayList2.add(a2);
                        arrayList.add(Collections.unmodifiableList(arrayList2));
                    case 7:
                        try {
                            a2 = InetAddress.getByAddress(br.a((Object) a3.b()).c()).getHostAddress();
                            arrayList2.add(a2);
                            arrayList.add(Collections.unmodifiableList(arrayList2));
                        } catch (UnknownHostException unused) {
                        }
                    case 8:
                        a2 = u.a((Object) a3.b()).a();
                        arrayList2.add(a2);
                        arrayList.add(Collections.unmodifiableList(arrayList2));
                    default:
                        throw new IOException("Bad tag number: " + a3.a());
                }
            }
            if (arrayList.size() == 0) {
                return null;
            }
            return Collections.unmodifiableCollection(arrayList);
        } catch (Exception e) {
            throw new CertificateParsingException(e.getMessage());
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static byte[] getExtensionOctets(m mVar, String str) {
        v extensionValue = getExtensionValue(mVar, str);
        if (extensionValue != null) {
            return extensionValue.c();
        }
        return null;
    }

    protected static v getExtensionValue(m mVar, String str) {
        r a2;
        s l = mVar.a().l();
        if (l == null || (a2 = l.a(new u(str))) == null) {
            return null;
        }
        return a2.c();
    }

    @Override // java.security.cert.X509Certificate
    public void checkValidity() {
        checkValidity(new Date());
    }

    @Override // java.security.cert.X509Certificate
    public void checkValidity(Date date) {
        if (date.getTime() > getNotAfter().getTime()) {
            throw new CertificateExpiredException("certificate expired on " + this.c.f().a());
        }
        if (date.getTime() >= getNotBefore().getTime()) {
            return;
        }
        throw new CertificateNotYetValidException("certificate not valid till " + this.c.e().a());
    }

    @Override // java.security.cert.X509Certificate
    public int getBasicConstraints() {
        i iVar = this.basicConstraints;
        if (iVar == null || !iVar.a()) {
            return -1;
        }
        p b2 = this.basicConstraints.b();
        if (b2 == null) {
            return Integer.MAX_VALUE;
        }
        return b2.d();
    }

    @Override // java.security.cert.X509Extension
    public Set getCriticalExtensionOIDs() {
        if (getVersion() != 3) {
            return null;
        }
        HashSet hashSet = new HashSet();
        s l = this.c.a().l();
        if (l == null) {
            return null;
        }
        Enumeration a2 = l.a();
        while (a2.hasMoreElements()) {
            u uVar = (u) a2.nextElement();
            if (l.a(uVar).b()) {
                hashSet.add(uVar.a());
            }
        }
        return hashSet;
    }

    @Override // java.security.cert.X509Certificate
    public List getExtendedKeyUsage() {
        byte[] extensionOctets = getExtensionOctets(this.c, "2.5.29.37");
        if (extensionOctets == null) {
            return null;
        }
        try {
            ab a2 = ab.a((Object) y.d(extensionOctets));
            ArrayList arrayList = new ArrayList();
            for (int i = 0; i != a2.d(); i++) {
                arrayList.add(((u) a2.a(i)).a());
            }
            return Collections.unmodifiableList(arrayList);
        } catch (Exception unused) {
            throw new CertificateParsingException("error processing extended key usage extension");
        }
    }

    @Override // java.security.cert.X509Extension
    public byte[] getExtensionValue(String str) {
        v extensionValue = getExtensionValue(this.c, str);
        if (extensionValue == null) {
            return null;
        }
        try {
            return extensionValue.getEncoded();
        } catch (Exception e) {
            throw org.bouncycastle.util.d.a("error parsing " + e.getMessage(), e);
        }
    }

    @Override // java.security.cert.X509Certificate
    public Collection getIssuerAlternativeNames() {
        return getAlternativeNames(this.c, r.f.a());
    }

    @Override // java.security.cert.X509Certificate
    public Principal getIssuerDN() {
        return new org.bouncycastle.jce.b(this.c.d());
    }

    @Override // java.security.cert.X509Certificate
    public boolean[] getIssuerUniqueID() {
        org.bouncycastle.asn1.b i = this.c.a().i();
        if (i == null) {
            return null;
        }
        byte[] f = i.f();
        int length = (f.length * 8) - i.g();
        boolean[] zArr = new boolean[length];
        for (int i2 = 0; i2 != length; i2++) {
            zArr[i2] = (f[i2 / 8] & (128 >>> (i2 % 8))) != 0;
        }
        return zArr;
    }

    public org.bouncycastle.asn1.s.c getIssuerX500Name() {
        return this.c.d();
    }

    @Override // java.security.cert.X509Certificate
    public X500Principal getIssuerX500Principal() {
        try {
            return new X500Principal(this.c.d().b("DER"));
        } catch (IOException unused) {
            throw new IllegalStateException("can't encode issuer DN");
        }
    }

    @Override // java.security.cert.X509Certificate
    public boolean[] getKeyUsage() {
        return org.bouncycastle.util.a.a(this.keyUsage);
    }

    @Override // java.security.cert.X509Extension
    public Set getNonCriticalExtensionOIDs() {
        if (getVersion() != 3) {
            return null;
        }
        HashSet hashSet = new HashSet();
        s l = this.c.a().l();
        if (l == null) {
            return null;
        }
        Enumeration a2 = l.a();
        while (a2.hasMoreElements()) {
            u uVar = (u) a2.nextElement();
            if (!l.a(uVar).b()) {
                hashSet.add(uVar.a());
            }
        }
        return hashSet;
    }

    @Override // java.security.cert.X509Certificate
    public Date getNotAfter() {
        return this.c.f().b();
    }

    @Override // java.security.cert.X509Certificate
    public Date getNotBefore() {
        return this.c.e().b();
    }

    @Override // java.security.cert.Certificate
    public PublicKey getPublicKey() {
        try {
            return BouncyCastleProvider.getPublicKey(this.c.h());
        } catch (IOException e) {
            throw org.bouncycastle.util.d.a("failed to recover public key: " + e.getMessage(), e);
        }
    }

    @Override // java.security.cert.X509Certificate
    public BigInteger getSerialNumber() {
        return this.c.c().c();
    }

    @Override // java.security.cert.X509Certificate
    public String getSigAlgName() {
        return this.sigAlgName;
    }

    @Override // java.security.cert.X509Certificate
    public String getSigAlgOID() {
        return this.c.i().a().a();
    }

    @Override // java.security.cert.X509Certificate
    public byte[] getSigAlgParams() {
        return org.bouncycastle.util.a.b(this.sigAlgParams);
    }

    @Override // java.security.cert.X509Certificate
    public byte[] getSignature() {
        return this.c.j().e();
    }

    @Override // java.security.cert.X509Certificate
    public Collection getSubjectAlternativeNames() {
        return getAlternativeNames(this.c, r.e.a());
    }

    @Override // java.security.cert.X509Certificate
    public Principal getSubjectDN() {
        return new org.bouncycastle.jce.b(this.c.g());
    }

    @Override // java.security.cert.X509Certificate
    public boolean[] getSubjectUniqueID() {
        org.bouncycastle.asn1.b j = this.c.a().j();
        if (j == null) {
            return null;
        }
        byte[] f = j.f();
        int length = (f.length * 8) - j.g();
        boolean[] zArr = new boolean[length];
        for (int i = 0; i != length; i++) {
            zArr[i] = (f[i / 8] & (128 >>> (i % 8))) != 0;
        }
        return zArr;
    }

    public org.bouncycastle.asn1.s.c getSubjectX500Name() {
        return this.c.g();
    }

    @Override // java.security.cert.X509Certificate
    public X500Principal getSubjectX500Principal() {
        try {
            return new X500Principal(this.c.g().b("DER"));
        } catch (IOException unused) {
            throw new IllegalStateException("can't encode subject DN");
        }
    }

    @Override // java.security.cert.X509Certificate
    public byte[] getTBSCertificate() {
        try {
            return this.c.a().b("DER");
        } catch (IOException e) {
            throw new CertificateEncodingException(e.toString());
        }
    }

    public ad getTBSCertificateNative() {
        return this.c.a();
    }

    @Override // java.security.cert.X509Certificate
    public int getVersion() {
        return this.c.b();
    }

    @Override // java.security.cert.X509Extension
    public boolean hasUnsupportedCriticalExtension() {
        s l;
        if (getVersion() != 3 || (l = this.c.a().l()) == null) {
            return false;
        }
        Enumeration a2 = l.a();
        while (a2.hasMoreElements()) {
            u uVar = (u) a2.nextElement();
            if (!uVar.b(r.c) && !uVar.b(r.q) && !uVar.b(r.r) && !uVar.b(r.w) && !uVar.b(r.p) && !uVar.b(r.m) && !uVar.b(r.l) && !uVar.b(r.t) && !uVar.b(r.g) && !uVar.b(r.e) && !uVar.b(r.o) && l.a(uVar).b()) {
                return true;
            }
        }
        return false;
    }

    @Override // java.security.cert.Certificate
    public String toString() {
        Object eVar;
        StringBuffer stringBuffer = new StringBuffer();
        String a2 = Strings.a();
        stringBuffer.append("  [0]         Version: ");
        stringBuffer.append(getVersion());
        stringBuffer.append(a2);
        stringBuffer.append("         SerialNumber: ");
        stringBuffer.append(getSerialNumber());
        stringBuffer.append(a2);
        stringBuffer.append("             IssuerDN: ");
        stringBuffer.append(getIssuerDN());
        stringBuffer.append(a2);
        stringBuffer.append("           Start Date: ");
        stringBuffer.append(getNotBefore());
        stringBuffer.append(a2);
        stringBuffer.append("           Final Date: ");
        stringBuffer.append(getNotAfter());
        stringBuffer.append(a2);
        stringBuffer.append("            SubjectDN: ");
        stringBuffer.append(getSubjectDN());
        stringBuffer.append(a2);
        stringBuffer.append("           Public Key: ");
        stringBuffer.append(getPublicKey());
        stringBuffer.append(a2);
        stringBuffer.append("  Signature Algorithm: ");
        stringBuffer.append(getSigAlgName());
        stringBuffer.append(a2);
        f.a(getSignature(), stringBuffer, a2);
        s l = this.c.a().l();
        if (l != null) {
            Enumeration a3 = l.a();
            if (a3.hasMoreElements()) {
                stringBuffer.append("       Extensions: \n");
            }
            while (a3.hasMoreElements()) {
                u uVar = (u) a3.nextElement();
                r a4 = l.a(uVar);
                if (a4.c() != null) {
                    o oVar = new o(a4.c().c());
                    stringBuffer.append("                       critical(");
                    stringBuffer.append(a4.b());
                    stringBuffer.append(") ");
                    try {
                    } catch (Exception unused) {
                        stringBuffer.append(uVar.a());
                        stringBuffer.append(" value = ");
                        stringBuffer.append("*****");
                    }
                    if (uVar.b(r.g)) {
                        eVar = i.a(oVar.c());
                    } else if (uVar.b(r.c)) {
                        eVar = org.bouncycastle.asn1.x509.y.a(oVar.c());
                    } else if (uVar.b(org.bouncycastle.a.a.h.a.f12748b)) {
                        eVar = new org.bouncycastle.a.a.h.b(org.bouncycastle.asn1.b.a((Object) oVar.c()));
                    } else if (uVar.b(org.bouncycastle.a.a.h.a.d)) {
                        eVar = new org.bouncycastle.a.a.h.c(n.a((Object) oVar.c()));
                    } else if (uVar.b(org.bouncycastle.a.a.h.a.k)) {
                        eVar = new org.bouncycastle.a.a.h.e(n.a((Object) oVar.c()));
                    } else {
                        stringBuffer.append(uVar.a());
                        stringBuffer.append(" value = ");
                        stringBuffer.append(org.bouncycastle.asn1.r.a.a(oVar.c()));
                        stringBuffer.append(a2);
                    }
                    stringBuffer.append(eVar);
                    stringBuffer.append(a2);
                }
                stringBuffer.append(a2);
            }
        }
        return stringBuffer.toString();
    }

    @Override // java.security.cert.Certificate
    public final void verify(PublicKey publicKey) {
        doVerify(publicKey, new b() { // from class: org.bouncycastle.jcajce.provider.asymmetric.x509.X509CertificateImpl.1
            @Override // org.bouncycastle.jcajce.provider.asymmetric.x509.b
            public Signature a(String str) {
                try {
                    return X509CertificateImpl.this.bcHelper.f(str);
                } catch (Exception unused) {
                    return Signature.getInstance(str);
                }
            }
        });
    }

    @Override // java.security.cert.Certificate
    public final void verify(PublicKey publicKey, final String str) {
        doVerify(publicKey, new b() { // from class: org.bouncycastle.jcajce.provider.asymmetric.x509.X509CertificateImpl.2
            @Override // org.bouncycastle.jcajce.provider.asymmetric.x509.b
            public Signature a(String str2) {
                String str3 = str;
                return str3 != null ? Signature.getInstance(str2, str3) : Signature.getInstance(str2);
            }
        });
    }

    @Override // java.security.cert.X509Certificate, java.security.cert.Certificate
    public final void verify(PublicKey publicKey, final Provider provider) {
        try {
            doVerify(publicKey, new b() { // from class: org.bouncycastle.jcajce.provider.asymmetric.x509.X509CertificateImpl.3
                @Override // org.bouncycastle.jcajce.provider.asymmetric.x509.b
                public Signature a(String str) {
                    Provider provider2 = provider;
                    return provider2 != null ? Signature.getInstance(str, provider2) : Signature.getInstance(str);
                }
            });
        } catch (NoSuchProviderException e) {
            throw new NoSuchAlgorithmException("provider issue: " + e.getMessage());
        }
    }
}
