package org.bouncycastle.jcajce.provider.asymmetric.x509;

import ak.e;
import bj.h;
import bj.i0;
import bj.l;
import bj.s;
import bj.t;
import bj.z;
import gl.d;
import java.io.BufferedOutputStream;
import java.io.IOException;
import java.math.BigInteger;
import java.net.InetAddress;
import java.net.UnknownHostException;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.Principal;
import java.security.Provider;
import java.security.PublicKey;
import java.security.Signature;
import java.security.SignatureException;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateExpiredException;
import java.security.cert.CertificateNotYetValidException;
import java.security.cert.CertificateParsingException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Collections;
import java.util.Date;
import java.util.Enumeration;
import java.util.HashSet;
import java.util.List;
import java.util.Set;
import javax.security.auth.x500.X500Principal;
import oi.g;
import org.bouncycastle.asn1.h0;
import org.bouncycastle.asn1.m;
import org.bouncycastle.asn1.n0;
import org.bouncycastle.asn1.o;
import org.bouncycastle.asn1.o0;
import org.bouncycastle.asn1.p;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import wj.a;
import zh.f;
import zj.c;

/* loaded from: classes4.dex */
abstract class X509CertificateImpl extends X509Certificate implements a {
    protected h basicConstraints;
    protected c bcHelper;

    /* renamed from: c, reason: collision with root package name */
    protected l f52503c;
    protected boolean[] keyUsage;

    /* JADX INFO: Access modifiers changed from: package-private */
    public X509CertificateImpl(c cVar, l lVar, h hVar, boolean[] zArr) {
        this.bcHelper = cVar;
        this.f52503c = lVar;
        this.basicConstraints = hVar;
        this.keyUsage = zArr;
    }

    private void checkSignature(PublicKey publicKey, Signature signature) throws CertificateException, NoSuchAlgorithmException, SignatureException, InvalidKeyException {
        if (!isAlgIdEqual(this.f52503c.y(), this.f52503c.C().y())) {
            throw new CertificateException("signature algorithm in TBS cert not same as outer cert");
        }
        X509SignatureUtil.setSignatureParameters(signature, this.f52503c.y().t());
        signature.initVerify(publicKey);
        try {
            BufferedOutputStream bufferedOutputStream = new BufferedOutputStream(xj.c.a(signature), 512);
            this.f52503c.C().b(bufferedOutputStream, "DER");
            bufferedOutputStream.close();
            if (!signature.verify(getSignature())) {
                throw new SignatureException("certificate does not verify with supplied key");
            }
        } catch (IOException e10) {
            throw new CertificateEncodingException(e10.toString());
        }
    }

    /* JADX WARN: Failed to find 'out' block for switch in B:10:0x0037. Please report as an issue. */
    private static Collection getAlternativeNames(l lVar, String str) throws CertificateParsingException {
        String j10;
        byte[] extensionOctets = getExtensionOctets(lVar, str);
        if (extensionOctets == null) {
            return null;
        }
        try {
            ArrayList arrayList = new ArrayList();
            Enumeration E = p.B(extensionOctets).E();
            while (E.hasMoreElements()) {
                t r10 = t.r(E.nextElement());
                ArrayList arrayList2 = new ArrayList();
                arrayList2.add(d.c(r10.u()));
                switch (r10.u()) {
                    case 0:
                    case 3:
                    case 5:
                        arrayList2.add(r10.n());
                        arrayList.add(Collections.unmodifiableList(arrayList2));
                    case 1:
                    case 2:
                    case 6:
                        j10 = ((f) r10.t()).j();
                        arrayList2.add(j10);
                        arrayList.add(Collections.unmodifiableList(arrayList2));
                    case 4:
                        j10 = zi.c.s(aj.d.V, r10.t()).toString();
                        arrayList2.add(j10);
                        arrayList.add(Collections.unmodifiableList(arrayList2));
                    case 7:
                        try {
                            j10 = InetAddress.getByAddress(m.B(r10.t()).D()).getHostAddress();
                            arrayList2.add(j10);
                            arrayList.add(Collections.unmodifiableList(arrayList2));
                        } catch (UnknownHostException unused) {
                        }
                    case 8:
                        j10 = org.bouncycastle.asn1.l.G(r10.t()).F();
                        arrayList2.add(j10);
                        arrayList.add(Collections.unmodifiableList(arrayList2));
                    default:
                        throw new IOException("Bad tag number: " + r10.u());
                }
            }
            if (arrayList.size() == 0) {
                return null;
            }
            return Collections.unmodifiableCollection(arrayList);
        } catch (Exception e10) {
            throw new CertificateParsingException(e10.getMessage());
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static byte[] getExtensionOctets(l lVar, String str) {
        m extensionValue = getExtensionValue(lVar, str);
        if (extensionValue != null) {
            return extensionValue.D();
        }
        return null;
    }

    protected static m getExtensionValue(l lVar, String str) {
        org.bouncycastle.asn1.x509.a q10;
        s r10 = lVar.C().r();
        if (r10 == null || (q10 = r10.q(new org.bouncycastle.asn1.l(str))) == null) {
            return null;
        }
        return q10.s();
    }

    private boolean isAlgIdEqual(bj.a aVar, bj.a aVar2) {
        if (aVar.q().t(aVar2.q())) {
            return aVar.t() == null ? aVar2.t() == null || aVar2.t().equals(o0.f52188b) : aVar2.t() == null ? aVar.t() == null || aVar.t().equals(o0.f52188b) : aVar.t().equals(aVar2.t());
        }
        return false;
    }

    @Override // java.security.cert.X509Certificate
    public void checkValidity() throws CertificateExpiredException, CertificateNotYetValidException {
        checkValidity(new Date());
    }

    @Override // java.security.cert.X509Certificate
    public void checkValidity(Date date) throws CertificateExpiredException, CertificateNotYetValidException {
        if (date.getTime() > getNotAfter().getTime()) {
            throw new CertificateExpiredException("certificate expired on " + this.f52503c.q().s());
        }
        if (date.getTime() >= getNotBefore().getTime()) {
            return;
        }
        throw new CertificateNotYetValidException("certificate not valid till " + this.f52503c.z().s());
    }

    @Override // java.security.cert.X509Certificate
    public int getBasicConstraints() {
        h hVar = this.basicConstraints;
        if (hVar == null || !hVar.s()) {
            return -1;
        }
        if (this.basicConstraints.r() == null) {
            return Integer.MAX_VALUE;
        }
        return this.basicConstraints.r().intValue();
    }

    @Override // java.security.cert.X509Extension
    public Set getCriticalExtensionOIDs() {
        if (getVersion() != 3) {
            return null;
        }
        HashSet hashSet = new HashSet();
        s r10 = this.f52503c.C().r();
        if (r10 == null) {
            return null;
        }
        Enumeration s10 = r10.s();
        while (s10.hasMoreElements()) {
            org.bouncycastle.asn1.l lVar = (org.bouncycastle.asn1.l) s10.nextElement();
            if (r10.q(lVar).w()) {
                hashSet.add(lVar.F());
            }
        }
        return hashSet;
    }

    @Override // java.security.cert.Certificate
    public byte[] getEncoded() throws CertificateEncodingException {
        try {
            return this.f52503c.o("DER");
        } catch (IOException e10) {
            throw new CertificateEncodingException(e10.toString());
        }
    }

    @Override // java.security.cert.X509Certificate
    public List getExtendedKeyUsage() throws CertificateParsingException {
        byte[] extensionOctets = getExtensionOctets(this.f52503c, "2.5.29.37");
        if (extensionOctets == null) {
            return null;
        }
        try {
            p B = p.B(o.w(extensionOctets));
            ArrayList arrayList = new ArrayList();
            for (int i10 = 0; i10 != B.size(); i10++) {
                arrayList.add(((org.bouncycastle.asn1.l) B.D(i10)).F());
            }
            return Collections.unmodifiableList(arrayList);
        } catch (Exception unused) {
            throw new CertificateParsingException("error processing extended key usage extension");
        }
    }

    @Override // java.security.cert.X509Extension
    public byte[] getExtensionValue(String str) {
        m extensionValue = getExtensionValue(this.f52503c, str);
        if (extensionValue == null) {
            return null;
        }
        try {
            return extensionValue.n();
        } catch (Exception e10) {
            throw new IllegalStateException("error parsing " + e10.toString());
        }
    }

    @Override // java.security.cert.X509Certificate
    public Collection getIssuerAlternativeNames() throws CertificateParsingException {
        return getAlternativeNames(this.f52503c, org.bouncycastle.asn1.x509.a.f52236g.F());
    }

    @Override // java.security.cert.X509Certificate
    public Principal getIssuerDN() {
        return new e(this.f52503c.t());
    }

    @Override // java.security.cert.X509Certificate
    public boolean[] getIssuerUniqueID() {
        h0 u10 = this.f52503c.C().u();
        if (u10 == null) {
            return null;
        }
        byte[] D = u10.D();
        int length = (D.length * 8) - u10.F();
        boolean[] zArr = new boolean[length];
        for (int i10 = 0; i10 != length; i10++) {
            zArr[i10] = (D[i10 / 8] & (128 >>> (i10 % 8))) != 0;
        }
        return zArr;
    }

    @Override // wj.a
    public zi.c getIssuerX500Name() {
        return this.f52503c.t();
    }

    @Override // java.security.cert.X509Certificate
    public X500Principal getIssuerX500Principal() {
        try {
            return new X500Principal(this.f52503c.t().o("DER"));
        } catch (IOException unused) {
            throw new IllegalStateException("can't encode issuer DN");
        }
    }

    @Override // java.security.cert.X509Certificate
    public boolean[] getKeyUsage() {
        return org.bouncycastle.util.a.n(this.keyUsage);
    }

    @Override // java.security.cert.X509Extension
    public Set getNonCriticalExtensionOIDs() {
        if (getVersion() != 3) {
            return null;
        }
        HashSet hashSet = new HashSet();
        s r10 = this.f52503c.C().r();
        if (r10 == null) {
            return null;
        }
        Enumeration s10 = r10.s();
        while (s10.hasMoreElements()) {
            org.bouncycastle.asn1.l lVar = (org.bouncycastle.asn1.l) s10.nextElement();
            if (!r10.q(lVar).w()) {
                hashSet.add(lVar.F());
            }
        }
        return hashSet;
    }

    @Override // java.security.cert.X509Certificate
    public Date getNotAfter() {
        return this.f52503c.q().q();
    }

    @Override // java.security.cert.X509Certificate
    public Date getNotBefore() {
        return this.f52503c.z().q();
    }

    @Override // java.security.cert.Certificate
    public PublicKey getPublicKey() {
        try {
            return BouncyCastleProvider.getPublicKey(this.f52503c.B());
        } catch (IOException unused) {
            return null;
        }
    }

    @Override // java.security.cert.X509Certificate
    public BigInteger getSerialNumber() {
        return this.f52503c.u().E();
    }

    @Override // java.security.cert.X509Certificate
    public String getSigAlgName() {
        return X509SignatureUtil.getSignatureName(this.f52503c.y());
    }

    @Override // java.security.cert.X509Certificate
    public String getSigAlgOID() {
        return this.f52503c.y().q().F();
    }

    @Override // java.security.cert.X509Certificate
    public byte[] getSigAlgParams() {
        if (this.f52503c.y().t() != null) {
            try {
                return this.f52503c.y().t().i().o("DER");
            } catch (IOException unused) {
            }
        }
        return null;
    }

    @Override // java.security.cert.X509Certificate
    public byte[] getSignature() {
        return this.f52503c.w().E();
    }

    @Override // java.security.cert.X509Certificate
    public Collection getSubjectAlternativeNames() throws CertificateParsingException {
        return getAlternativeNames(this.f52503c, org.bouncycastle.asn1.x509.a.f52235f.F());
    }

    @Override // java.security.cert.X509Certificate
    public Principal getSubjectDN() {
        return new e(this.f52503c.A());
    }

    @Override // java.security.cert.X509Certificate
    public boolean[] getSubjectUniqueID() {
        h0 C = this.f52503c.C().C();
        if (C == null) {
            return null;
        }
        byte[] D = C.D();
        int length = (D.length * 8) - C.F();
        boolean[] zArr = new boolean[length];
        for (int i10 = 0; i10 != length; i10++) {
            zArr[i10] = (D[i10 / 8] & (128 >>> (i10 % 8))) != 0;
        }
        return zArr;
    }

    @Override // wj.a
    public zi.c getSubjectX500Name() {
        return this.f52503c.A();
    }

    @Override // java.security.cert.X509Certificate
    public X500Principal getSubjectX500Principal() {
        try {
            return new X500Principal(this.f52503c.A().o("DER"));
        } catch (IOException unused) {
            throw new IllegalStateException("can't encode subject DN");
        }
    }

    @Override // java.security.cert.X509Certificate
    public byte[] getTBSCertificate() throws CertificateEncodingException {
        try {
            return this.f52503c.C().o("DER");
        } catch (IOException e10) {
            throw new CertificateEncodingException(e10.toString());
        }
    }

    @Override // wj.a
    public i0 getTBSCertificateNative() {
        return this.f52503c.C();
    }

    @Override // java.security.cert.X509Certificate
    public int getVersion() {
        return this.f52503c.D();
    }

    @Override // java.security.cert.X509Extension
    public boolean hasUnsupportedCriticalExtension() {
        s r10;
        if (getVersion() != 3 || (r10 = this.f52503c.C().r()) == null) {
            return false;
        }
        Enumeration s10 = r10.s();
        while (s10.hasMoreElements()) {
            org.bouncycastle.asn1.l lVar = (org.bouncycastle.asn1.l) s10.nextElement();
            if (!lVar.t(org.bouncycastle.asn1.x509.a.f52234e) && !lVar.t(org.bouncycastle.asn1.x509.a.f52245p) && !lVar.t(org.bouncycastle.asn1.x509.a.f52246q) && !lVar.t(org.bouncycastle.asn1.x509.a.f52251v) && !lVar.t(org.bouncycastle.asn1.x509.a.f52244o) && !lVar.t(org.bouncycastle.asn1.x509.a.f52241l) && !lVar.t(org.bouncycastle.asn1.x509.a.f52240k) && !lVar.t(org.bouncycastle.asn1.x509.a.f52248s) && !lVar.t(org.bouncycastle.asn1.x509.a.f52237h) && !lVar.t(org.bouncycastle.asn1.x509.a.f52235f) && !lVar.t(org.bouncycastle.asn1.x509.a.f52243n) && r10.q(lVar).w()) {
                return true;
            }
        }
        return false;
    }

    @Override // java.security.cert.Certificate
    public String toString() {
        Object gVar;
        StringBuffer stringBuffer = new StringBuffer();
        String d10 = org.bouncycastle.util.d.d();
        stringBuffer.append("  [0]         Version: ");
        stringBuffer.append(getVersion());
        stringBuffer.append(d10);
        stringBuffer.append("         SerialNumber: ");
        stringBuffer.append(getSerialNumber());
        stringBuffer.append(d10);
        stringBuffer.append("             IssuerDN: ");
        stringBuffer.append(getIssuerDN());
        stringBuffer.append(d10);
        stringBuffer.append("           Start Date: ");
        stringBuffer.append(getNotBefore());
        stringBuffer.append(d10);
        stringBuffer.append("           Final Date: ");
        stringBuffer.append(getNotAfter());
        stringBuffer.append(d10);
        stringBuffer.append("            SubjectDN: ");
        stringBuffer.append(getSubjectDN());
        stringBuffer.append(d10);
        stringBuffer.append("           Public Key: ");
        stringBuffer.append(getPublicKey());
        stringBuffer.append(d10);
        stringBuffer.append("  Signature Algorithm: ");
        stringBuffer.append(getSigAlgName());
        stringBuffer.append(d10);
        byte[] signature = getSignature();
        stringBuffer.append("            Signature: ");
        stringBuffer.append(new String(org.bouncycastle.util.encoders.d.e(signature, 0, 20)));
        stringBuffer.append(d10);
        int i10 = 20;
        while (i10 < signature.length) {
            int length = signature.length - 20;
            stringBuffer.append("                       ");
            stringBuffer.append(i10 < length ? new String(org.bouncycastle.util.encoders.d.e(signature, i10, 20)) : new String(org.bouncycastle.util.encoders.d.e(signature, i10, signature.length - i10)));
            stringBuffer.append(d10);
            i10 += 20;
        }
        s r10 = this.f52503c.C().r();
        if (r10 != null) {
            Enumeration s10 = r10.s();
            if (s10.hasMoreElements()) {
                stringBuffer.append("       Extensions: \n");
            }
            while (s10.hasMoreElements()) {
                org.bouncycastle.asn1.l lVar = (org.bouncycastle.asn1.l) s10.nextElement();
                org.bouncycastle.asn1.x509.a q10 = r10.q(lVar);
                if (q10.s() != null) {
                    org.bouncycastle.asn1.h hVar = new org.bouncycastle.asn1.h(q10.s().D());
                    stringBuffer.append("                       critical(");
                    stringBuffer.append(q10.w());
                    stringBuffer.append(") ");
                    try {
                    } catch (Exception unused) {
                        stringBuffer.append(lVar.F());
                        stringBuffer.append(" value = ");
                        stringBuffer.append("*****");
                    }
                    if (lVar.t(org.bouncycastle.asn1.x509.a.f52237h)) {
                        gVar = h.q(hVar.m());
                    } else if (lVar.t(org.bouncycastle.asn1.x509.a.f52234e)) {
                        gVar = z.q(hVar.m());
                    } else if (lVar.t(oi.c.f51669b)) {
                        gVar = new oi.d(h0.J(hVar.m()));
                    } else if (lVar.t(oi.c.f51670c)) {
                        gVar = new oi.e(n0.B(hVar.m()));
                    } else if (lVar.t(oi.c.f51672e)) {
                        gVar = new g(n0.B(hVar.m()));
                    } else {
                        stringBuffer.append(lVar.F());
                        stringBuffer.append(" value = ");
                        stringBuffer.append(yi.a.c(hVar.m()));
                        stringBuffer.append(d10);
                    }
                    stringBuffer.append(gVar);
                    stringBuffer.append(d10);
                }
                stringBuffer.append(d10);
            }
        }
        return stringBuffer.toString();
    }

    @Override // java.security.cert.Certificate
    public final void verify(PublicKey publicKey) throws CertificateException, NoSuchAlgorithmException, InvalidKeyException, NoSuchProviderException, SignatureException {
        Signature signature;
        String signatureName = X509SignatureUtil.getSignatureName(this.f52503c.y());
        try {
            signature = this.bcHelper.d(signatureName);
        } catch (Exception unused) {
            signature = Signature.getInstance(signatureName);
        }
        checkSignature(publicKey, signature);
    }

    @Override // java.security.cert.Certificate
    public final void verify(PublicKey publicKey, String str) throws CertificateException, NoSuchAlgorithmException, InvalidKeyException, NoSuchProviderException, SignatureException {
        String signatureName = X509SignatureUtil.getSignatureName(this.f52503c.y());
        checkSignature(publicKey, str != null ? Signature.getInstance(signatureName, str) : Signature.getInstance(signatureName));
    }

    @Override // java.security.cert.X509Certificate, java.security.cert.Certificate
    public final void verify(PublicKey publicKey, Provider provider) throws CertificateException, NoSuchAlgorithmException, InvalidKeyException, SignatureException {
        String signatureName = X509SignatureUtil.getSignatureName(this.f52503c.y());
        checkSignature(publicKey, provider != null ? Signature.getInstance(signatureName, provider) : Signature.getInstance(signatureName));
    }
}
