package org.conscrypt.ct;

import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Collections;
import java.util.Iterator;
import java.util.List;
import org.conscrypt.NativeCrypto;
import org.conscrypt.OpenSSLX509Certificate;
import org.conscrypt.ct.SignedCertificateTimestamp;
import org.conscrypt.ct.VerifiedSCT;

/* loaded from: classes6.dex */
public class CTVerifier {
    public final CTLogStore a;

    public CTVerifier(CTLogStore cTLogStore) {
        this.a = cTLogStore;
    }

    public final List<SignedCertificateTimestamp> a(OpenSSLX509Certificate openSSLX509Certificate) {
        byte[] extensionValue = openSSLX509Certificate.getExtensionValue("1.3.6.1.4.1.11129.2.4.2");
        if (extensionValue == null) {
            return Collections.emptyList();
        }
        try {
            return a(Serialization.a(Serialization.a(extensionValue)), SignedCertificateTimestamp.Origin.EMBEDDED);
        } catch (SerializationException unused) {
            return Collections.emptyList();
        }
    }

    public final List<SignedCertificateTimestamp> a(byte[] bArr) {
        return a(bArr, SignedCertificateTimestamp.Origin.TLS_EXTENSION);
    }

    public final List<SignedCertificateTimestamp> a(byte[] bArr, SignedCertificateTimestamp.Origin origin) {
        if (bArr == null) {
            return Collections.emptyList();
        }
        try {
            byte[][] a = Serialization.a(bArr, 2, 2);
            ArrayList arrayList = new ArrayList();
            for (byte[] bArr2 : a) {
                try {
                    arrayList.add(SignedCertificateTimestamp.a(bArr2, origin));
                } catch (SerializationException unused) {
                }
            }
            return arrayList;
        } catch (SerializationException unused2) {
            return Collections.emptyList();
        }
    }

    public final List<SignedCertificateTimestamp> a(byte[] bArr, OpenSSLX509Certificate[] openSSLX509CertificateArr) {
        if (bArr == null || openSSLX509CertificateArr.length < 2) {
            return Collections.emptyList();
        }
        byte[] bArr2 = NativeCrypto.get_ocsp_single_extension(bArr, "1.3.6.1.4.1.11129.2.4.5", openSSLX509CertificateArr[0].getContext(), openSSLX509CertificateArr[0], openSSLX509CertificateArr[1].getContext(), openSSLX509CertificateArr[1]);
        if (bArr2 == null) {
            return Collections.emptyList();
        }
        try {
            return a(Serialization.a(Serialization.a(bArr2)), SignedCertificateTimestamp.Origin.OCSP_RESPONSE);
        } catch (SerializationException unused) {
            return Collections.emptyList();
        }
    }

    public CTVerificationResult a(List<X509Certificate> list, byte[] bArr, byte[] bArr2) throws CertificateEncodingException {
        OpenSSLX509Certificate[] openSSLX509CertificateArr = new OpenSSLX509Certificate[list.size()];
        Iterator<X509Certificate> it = list.iterator();
        int i = 0;
        while (it.hasNext()) {
            openSSLX509CertificateArr[i] = OpenSSLX509Certificate.a(it.next());
            i++;
        }
        return a(openSSLX509CertificateArr, bArr, bArr2);
    }

    public CTVerificationResult a(OpenSSLX509Certificate[] openSSLX509CertificateArr, byte[] bArr, byte[] bArr2) throws CertificateEncodingException {
        if (openSSLX509CertificateArr.length == 0) {
            throw new IllegalArgumentException("Chain of certificates mustn't be empty.");
        }
        OpenSSLX509Certificate openSSLX509Certificate = openSSLX509CertificateArr[0];
        CTVerificationResult cTVerificationResult = new CTVerificationResult();
        a(a(bArr), openSSLX509Certificate, cTVerificationResult);
        a(a(bArr2, openSSLX509CertificateArr), openSSLX509Certificate, cTVerificationResult);
        a(a(openSSLX509CertificateArr[0]), openSSLX509CertificateArr, cTVerificationResult);
        return cTVerificationResult;
    }

    public final VerifiedSCT.Status a(SignedCertificateTimestamp signedCertificateTimestamp, CertificateEntry certificateEntry) {
        CTLogInfo a = this.a.a(signedCertificateTimestamp.a());
        return a == null ? VerifiedSCT.Status.UNKNOWN_LOG : a.a(signedCertificateTimestamp, certificateEntry);
    }

    public final void a(List<SignedCertificateTimestamp> list, OpenSSLX509Certificate openSSLX509Certificate, CTVerificationResult cTVerificationResult) {
        if (list.isEmpty()) {
            return;
        }
        try {
            CertificateEntry a = CertificateEntry.a(openSSLX509Certificate);
            for (SignedCertificateTimestamp signedCertificateTimestamp : list) {
                cTVerificationResult.a(new VerifiedSCT(signedCertificateTimestamp, a(signedCertificateTimestamp, a)));
            }
        } catch (CertificateException unused) {
            a(list, cTVerificationResult);
        }
    }

    public final void a(List<SignedCertificateTimestamp> list, CTVerificationResult cTVerificationResult) {
        Iterator<SignedCertificateTimestamp> it = list.iterator();
        while (it.hasNext()) {
            cTVerificationResult.a(new VerifiedSCT(it.next(), VerifiedSCT.Status.INVALID_SCT));
        }
    }

    public final void a(List<SignedCertificateTimestamp> list, OpenSSLX509Certificate[] openSSLX509CertificateArr, CTVerificationResult cTVerificationResult) {
        if (list.isEmpty()) {
            return;
        }
        CertificateEntry certificateEntry = null;
        if (openSSLX509CertificateArr.length >= 2) {
            try {
                certificateEntry = CertificateEntry.a(openSSLX509CertificateArr[0], openSSLX509CertificateArr[1]);
            } catch (CertificateException unused) {
            }
        }
        if (certificateEntry == null) {
            a(list, cTVerificationResult);
            return;
        }
        for (SignedCertificateTimestamp signedCertificateTimestamp : list) {
            cTVerificationResult.a(new VerifiedSCT(signedCertificateTimestamp, a(signedCertificateTimestamp, certificateEntry)));
        }
    }
}
