package org.bouncycastle.jcajce.provider.asymmetric.x509;

import java.io.BufferedOutputStream;
import java.io.IOException;
import java.math.BigInteger;
import java.net.InetAddress;
import java.net.UnknownHostException;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.Principal;
import java.security.Provider;
import java.security.PublicKey;
import java.security.Signature;
import java.security.SignatureException;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateExpiredException;
import java.security.cert.CertificateNotYetValidException;
import java.security.cert.CertificateParsingException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Collections;
import java.util.Date;
import java.util.Enumeration;
import java.util.HashSet;
import java.util.List;
import java.util.Set;
import javax.security.auth.x500.X500Principal;
import org.bouncycastle.asn1.ASN1InputStream;
import org.bouncycastle.asn1.ASN1ObjectIdentifier;
import org.bouncycastle.asn1.ASN1OctetString;
import org.bouncycastle.asn1.ASN1Primitive;
import org.bouncycastle.asn1.ASN1Sequence;
import org.bouncycastle.asn1.ASN1String;
import org.bouncycastle.asn1.DERBitString;
import org.bouncycastle.asn1.DERIA5String;
import org.bouncycastle.asn1.DERNull;
import org.bouncycastle.asn1.misc.MiscObjectIdentifiers;
import org.bouncycastle.asn1.misc.NetscapeCertType;
import org.bouncycastle.asn1.misc.NetscapeRevocationURL;
import org.bouncycastle.asn1.misc.VerisignCzagExtension;
import org.bouncycastle.asn1.util.ASN1Dump;
import org.bouncycastle.asn1.x500.X500Name;
import org.bouncycastle.asn1.x500.style.RFC4519Style;
import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
import org.bouncycastle.asn1.x509.BasicConstraints;
import org.bouncycastle.asn1.x509.Certificate;
import org.bouncycastle.asn1.x509.Extension;
import org.bouncycastle.asn1.x509.Extensions;
import org.bouncycastle.asn1.x509.GeneralName;
import org.bouncycastle.asn1.x509.KeyUsage;
import org.bouncycastle.asn1.x509.TBSCertificate;
import org.bouncycastle.jcajce.interfaces.BCX509Certificate;
import org.bouncycastle.jcajce.io.OutputStreamFactory;
import org.bouncycastle.jcajce.util.JcaJceHelper;
import org.bouncycastle.jce.X509Principal;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.util.Arrays;
import org.bouncycastle.util.Integers;
import org.bouncycastle.util.Strings;
import org.bouncycastle.util.encoders.Hex;
import org.spongycastle.asn1.ASN1Encoding;

/* loaded from: classes4.dex */
public abstract class X509CertificateImpl extends X509Certificate implements BCX509Certificate {
    public BasicConstraints basicConstraints;
    public JcaJceHelper bcHelper;
    public Certificate c;
    public boolean[] keyUsage;
    public String sigAlgName;
    public byte[] sigAlgParams;

    public X509CertificateImpl(JcaJceHelper jcaJceHelper, Certificate certificate, BasicConstraints basicConstraints, boolean[] zArr, String str, byte[] bArr) {
        this.bcHelper = jcaJceHelper;
        this.c = certificate;
        this.basicConstraints = basicConstraints;
        this.keyUsage = zArr;
        this.sigAlgName = str;
        this.sigAlgParams = bArr;
    }

    /* JADX WARN: Failed to find 'out' block for switch in B:10:0x0037. Please report as an issue. */
    public static Collection g(Certificate certificate, String str) throws CertificateParsingException {
        String string;
        byte[] h2 = h(certificate, str);
        if (h2 == null) {
            return null;
        }
        try {
            ArrayList arrayList = new ArrayList();
            Enumeration y = ASN1Sequence.s(h2).y();
            while (y.hasMoreElements()) {
                GeneralName i2 = GeneralName.i(y.nextElement());
                ArrayList arrayList2 = new ArrayList();
                arrayList2.add(Integers.c(i2.l()));
                switch (i2.l()) {
                    case 0:
                    case 3:
                    case 5:
                        arrayList2.add(i2.getEncoded());
                        arrayList.add(Collections.unmodifiableList(arrayList2));
                    case 1:
                    case 2:
                    case 6:
                        string = ((ASN1String) i2.k()).getString();
                        arrayList2.add(string);
                        arrayList.add(Collections.unmodifiableList(arrayList2));
                    case 4:
                        string = X500Name.j(RFC4519Style.V, i2.k()).toString();
                        arrayList2.add(string);
                        arrayList.add(Collections.unmodifiableList(arrayList2));
                    case 7:
                        try {
                            string = InetAddress.getByAddress(ASN1OctetString.s(i2.k()).u()).getHostAddress();
                            arrayList2.add(string);
                            arrayList.add(Collections.unmodifiableList(arrayList2));
                        } catch (UnknownHostException unused) {
                        }
                    case 8:
                        string = ASN1ObjectIdentifier.A(i2.k()).z();
                        arrayList2.add(string);
                        arrayList.add(Collections.unmodifiableList(arrayList2));
                    default:
                        throw new IOException("Bad tag number: " + i2.l());
                }
            }
            if (arrayList.size() == 0) {
                return null;
            }
            return Collections.unmodifiableCollection(arrayList);
        } catch (Exception e) {
            throw new CertificateParsingException(e.getMessage());
        }
    }

    public static byte[] h(Certificate certificate, String str) {
        ASN1OctetString i2 = i(certificate, str);
        if (i2 != null) {
            return i2.u();
        }
        return null;
    }

    public static ASN1OctetString i(Certificate certificate, String str) {
        Extension h2;
        Extensions i2 = certificate.t().i();
        if (i2 == null || (h2 = i2.h(new ASN1ObjectIdentifier(str))) == null) {
            return null;
        }
        return h2.j();
    }

    @Override // org.bouncycastle.jcajce.interfaces.BCX509Certificate
    public X500Name a() {
        return this.c.k();
    }

    @Override // org.bouncycastle.jcajce.interfaces.BCX509Certificate
    public X500Name b() {
        return this.c.r();
    }

    @Override // java.security.cert.X509Certificate
    public void checkValidity() throws CertificateExpiredException, CertificateNotYetValidException {
        checkValidity(new Date());
    }

    @Override // java.security.cert.X509Certificate
    public void checkValidity(Date date) throws CertificateExpiredException, CertificateNotYetValidException {
        if (date.getTime() > getNotAfter().getTime()) {
            throw new CertificateExpiredException("certificate expired on " + this.c.h().j());
        }
        if (date.getTime() >= getNotBefore().getTime()) {
            return;
        }
        throw new CertificateNotYetValidException("certificate not valid till " + this.c.o().j());
    }

    @Override // org.bouncycastle.jcajce.interfaces.BCX509Certificate
    public TBSCertificate e() {
        return this.c.t();
    }

    public final void f(PublicKey publicKey, Signature signature) throws CertificateException, NoSuchAlgorithmException, SignatureException, InvalidKeyException {
        if (!j(this.c.n(), this.c.t().n())) {
            throw new CertificateException("signature algorithm in TBS cert not same as outer cert");
        }
        X509SignatureUtil.e(signature, this.c.n().k());
        signature.initVerify(publicKey);
        try {
            BufferedOutputStream bufferedOutputStream = new BufferedOutputStream(OutputStreamFactory.a(signature), 512);
            this.c.t().d(bufferedOutputStream, ASN1Encoding.DER);
            bufferedOutputStream.close();
            if (!signature.verify(getSignature())) {
                throw new SignatureException("certificate does not verify with supplied key");
            }
        } catch (IOException e) {
            throw new CertificateEncodingException(e.toString());
        }
    }

    @Override // java.security.cert.X509Certificate
    public int getBasicConstraints() {
        BasicConstraints basicConstraints = this.basicConstraints;
        if (basicConstraints == null || !basicConstraints.j()) {
            return -1;
        }
        if (this.basicConstraints.i() == null) {
            return Integer.MAX_VALUE;
        }
        return this.basicConstraints.i().intValue();
    }

    @Override // java.security.cert.X509Extension
    public Set getCriticalExtensionOIDs() {
        if (getVersion() != 3) {
            return null;
        }
        HashSet hashSet = new HashSet();
        Extensions i2 = this.c.t().i();
        if (i2 == null) {
            return null;
        }
        Enumeration l2 = i2.l();
        while (l2.hasMoreElements()) {
            ASN1ObjectIdentifier aSN1ObjectIdentifier = (ASN1ObjectIdentifier) l2.nextElement();
            if (i2.h(aSN1ObjectIdentifier).m()) {
                hashSet.add(aSN1ObjectIdentifier.z());
            }
        }
        return hashSet;
    }

    @Override // java.security.cert.Certificate
    public byte[] getEncoded() throws CertificateEncodingException {
        try {
            return this.c.f(ASN1Encoding.DER);
        } catch (IOException e) {
            throw new CertificateEncodingException(e.toString());
        }
    }

    @Override // java.security.cert.X509Certificate
    public List getExtendedKeyUsage() throws CertificateParsingException {
        byte[] h2 = h(this.c, "2.5.29.37");
        if (h2 == null) {
            return null;
        }
        try {
            ASN1Sequence s2 = ASN1Sequence.s(ASN1Primitive.m(h2));
            ArrayList arrayList = new ArrayList();
            for (int i2 = 0; i2 != s2.size(); i2++) {
                arrayList.add(((ASN1ObjectIdentifier) s2.u(i2)).z());
            }
            return Collections.unmodifiableList(arrayList);
        } catch (Exception unused) {
            throw new CertificateParsingException("error processing extended key usage extension");
        }
    }

    @Override // java.security.cert.X509Extension
    public byte[] getExtensionValue(String str) {
        ASN1OctetString i2 = i(this.c, str);
        if (i2 == null) {
            return null;
        }
        try {
            return i2.getEncoded();
        } catch (Exception e) {
            throw new IllegalStateException("error parsing " + e.toString());
        }
    }

    @Override // java.security.cert.X509Certificate
    public Collection getIssuerAlternativeNames() throws CertificateParsingException {
        return g(this.c, Extension.f6293h.z());
    }

    @Override // java.security.cert.X509Certificate
    public Principal getIssuerDN() {
        return new X509Principal(this.c.k());
    }

    @Override // java.security.cert.X509Certificate
    public boolean[] getIssuerUniqueID() {
        DERBitString l2 = this.c.t().l();
        if (l2 == null) {
            return null;
        }
        byte[] u2 = l2.u();
        int length = (u2.length * 8) - l2.A();
        boolean[] zArr = new boolean[length];
        for (int i2 = 0; i2 != length; i2++) {
            zArr[i2] = (u2[i2 / 8] & (128 >>> (i2 % 8))) != 0;
        }
        return zArr;
    }

    @Override // java.security.cert.X509Certificate
    public X500Principal getIssuerX500Principal() {
        try {
            return new X500Principal(this.c.k().f(ASN1Encoding.DER));
        } catch (IOException unused) {
            throw new IllegalStateException("can't encode issuer DN");
        }
    }

    @Override // java.security.cert.X509Certificate
    public boolean[] getKeyUsage() {
        return Arrays.o(this.keyUsage);
    }

    @Override // java.security.cert.X509Extension
    public Set getNonCriticalExtensionOIDs() {
        if (getVersion() != 3) {
            return null;
        }
        HashSet hashSet = new HashSet();
        Extensions i2 = this.c.t().i();
        if (i2 == null) {
            return null;
        }
        Enumeration l2 = i2.l();
        while (l2.hasMoreElements()) {
            ASN1ObjectIdentifier aSN1ObjectIdentifier = (ASN1ObjectIdentifier) l2.nextElement();
            if (!i2.h(aSN1ObjectIdentifier).m()) {
                hashSet.add(aSN1ObjectIdentifier.z());
            }
        }
        return hashSet;
    }

    @Override // java.security.cert.X509Certificate
    public Date getNotAfter() {
        return this.c.h().h();
    }

    @Override // java.security.cert.X509Certificate
    public Date getNotBefore() {
        return this.c.o().h();
    }

    @Override // java.security.cert.Certificate
    public PublicKey getPublicKey() {
        try {
            return BouncyCastleProvider.h(this.c.s());
        } catch (IOException unused) {
            return null;
        }
    }

    @Override // java.security.cert.X509Certificate
    public BigInteger getSerialNumber() {
        return this.c.l().y();
    }

    @Override // java.security.cert.X509Certificate
    public String getSigAlgName() {
        return this.sigAlgName;
    }

    @Override // java.security.cert.X509Certificate
    public String getSigAlgOID() {
        return this.c.n().h().z();
    }

    @Override // java.security.cert.X509Certificate
    public byte[] getSigAlgParams() {
        return Arrays.h(this.sigAlgParams);
    }

    @Override // java.security.cert.X509Certificate
    public byte[] getSignature() {
        return this.c.m().z();
    }

    @Override // java.security.cert.X509Certificate
    public Collection getSubjectAlternativeNames() throws CertificateParsingException {
        return g(this.c, Extension.f6292g.z());
    }

    @Override // java.security.cert.X509Certificate
    public Principal getSubjectDN() {
        return new X509Principal(this.c.r());
    }

    @Override // java.security.cert.X509Certificate
    public boolean[] getSubjectUniqueID() {
        DERBitString t2 = this.c.t().t();
        if (t2 == null) {
            return null;
        }
        byte[] u2 = t2.u();
        int length = (u2.length * 8) - t2.A();
        boolean[] zArr = new boolean[length];
        for (int i2 = 0; i2 != length; i2++) {
            zArr[i2] = (u2[i2 / 8] & (128 >>> (i2 % 8))) != 0;
        }
        return zArr;
    }

    @Override // java.security.cert.X509Certificate
    public X500Principal getSubjectX500Principal() {
        try {
            return new X500Principal(this.c.r().f(ASN1Encoding.DER));
        } catch (IOException unused) {
            throw new IllegalStateException("can't encode subject DN");
        }
    }

    @Override // java.security.cert.X509Certificate
    public byte[] getTBSCertificate() throws CertificateEncodingException {
        try {
            return this.c.t().f(ASN1Encoding.DER);
        } catch (IOException e) {
            throw new CertificateEncodingException(e.toString());
        }
    }

    @Override // java.security.cert.X509Certificate
    public int getVersion() {
        return this.c.u();
    }

    @Override // java.security.cert.X509Extension
    public boolean hasUnsupportedCriticalExtension() {
        Extensions i2;
        if (getVersion() != 3 || (i2 = this.c.t().i()) == null) {
            return false;
        }
        Enumeration l2 = i2.l();
        while (l2.hasMoreElements()) {
            ASN1ObjectIdentifier aSN1ObjectIdentifier = (ASN1ObjectIdentifier) l2.nextElement();
            if (!aSN1ObjectIdentifier.l(Extension.f6291f) && !aSN1ObjectIdentifier.l(Extension.A) && !aSN1ObjectIdentifier.l(Extension.B) && !aSN1ObjectIdentifier.l(Extension.L) && !aSN1ObjectIdentifier.l(Extension.y) && !aSN1ObjectIdentifier.l(Extension.f6298p) && !aSN1ObjectIdentifier.l(Extension.f6297n) && !aSN1ObjectIdentifier.l(Extension.E) && !aSN1ObjectIdentifier.l(Extension.f6294i) && !aSN1ObjectIdentifier.l(Extension.f6292g) && !aSN1ObjectIdentifier.l(Extension.x) && i2.h(aSN1ObjectIdentifier).m()) {
                return true;
            }
        }
        return false;
    }

    public final boolean j(AlgorithmIdentifier algorithmIdentifier, AlgorithmIdentifier algorithmIdentifier2) {
        if (algorithmIdentifier.h().l(algorithmIdentifier2.h())) {
            return algorithmIdentifier.k() == null ? algorithmIdentifier2.k() == null || algorithmIdentifier2.k().equals(DERNull.a) : algorithmIdentifier2.k() == null ? algorithmIdentifier.k() == null || algorithmIdentifier.k().equals(DERNull.a) : algorithmIdentifier.k().equals(algorithmIdentifier2.k());
        }
        return false;
    }

    @Override // java.security.cert.Certificate
    public String toString() {
        Object verisignCzagExtension;
        StringBuffer stringBuffer = new StringBuffer();
        String d = Strings.d();
        stringBuffer.append("  [0]         Version: ");
        stringBuffer.append(getVersion());
        stringBuffer.append(d);
        stringBuffer.append("         SerialNumber: ");
        stringBuffer.append(getSerialNumber());
        stringBuffer.append(d);
        stringBuffer.append("             IssuerDN: ");
        stringBuffer.append(getIssuerDN());
        stringBuffer.append(d);
        stringBuffer.append("           Start Date: ");
        stringBuffer.append(getNotBefore());
        stringBuffer.append(d);
        stringBuffer.append("           Final Date: ");
        stringBuffer.append(getNotAfter());
        stringBuffer.append(d);
        stringBuffer.append("            SubjectDN: ");
        stringBuffer.append(getSubjectDN());
        stringBuffer.append(d);
        stringBuffer.append("           Public Key: ");
        stringBuffer.append(getPublicKey());
        stringBuffer.append(d);
        stringBuffer.append("  Signature Algorithm: ");
        stringBuffer.append(getSigAlgName());
        stringBuffer.append(d);
        byte[] signature = getSignature();
        stringBuffer.append("            Signature: ");
        stringBuffer.append(new String(Hex.e(signature, 0, 20)));
        stringBuffer.append(d);
        int i2 = 20;
        while (i2 < signature.length) {
            int length = signature.length - 20;
            stringBuffer.append("                       ");
            stringBuffer.append(i2 < length ? new String(Hex.e(signature, i2, 20)) : new String(Hex.e(signature, i2, signature.length - i2)));
            stringBuffer.append(d);
            i2 += 20;
        }
        Extensions i3 = this.c.t().i();
        if (i3 != null) {
            Enumeration l2 = i3.l();
            if (l2.hasMoreElements()) {
                stringBuffer.append("       Extensions: \n");
            }
            while (l2.hasMoreElements()) {
                ASN1ObjectIdentifier aSN1ObjectIdentifier = (ASN1ObjectIdentifier) l2.nextElement();
                Extension h2 = i3.h(aSN1ObjectIdentifier);
                if (h2.j() != null) {
                    ASN1InputStream aSN1InputStream = new ASN1InputStream(h2.j().u());
                    stringBuffer.append("                       critical(");
                    stringBuffer.append(h2.m());
                    stringBuffer.append(") ");
                    try {
                    } catch (Exception unused) {
                        stringBuffer.append(aSN1ObjectIdentifier.z());
                        stringBuffer.append(" value = ");
                        stringBuffer.append("*****");
                    }
                    if (aSN1ObjectIdentifier.l(Extension.f6294i)) {
                        verisignCzagExtension = BasicConstraints.h(aSN1InputStream.o());
                    } else if (aSN1ObjectIdentifier.l(Extension.f6291f)) {
                        verisignCzagExtension = KeyUsage.i(aSN1InputStream.o());
                    } else if (aSN1ObjectIdentifier.l(MiscObjectIdentifiers.b)) {
                        verisignCzagExtension = new NetscapeCertType(DERBitString.E(aSN1InputStream.o()));
                    } else if (aSN1ObjectIdentifier.l(MiscObjectIdentifiers.c)) {
                        verisignCzagExtension = new NetscapeRevocationURL(DERIA5String.s(aSN1InputStream.o()));
                    } else if (aSN1ObjectIdentifier.l(MiscObjectIdentifiers.e)) {
                        verisignCzagExtension = new VerisignCzagExtension(DERIA5String.s(aSN1InputStream.o()));
                    } else {
                        stringBuffer.append(aSN1ObjectIdentifier.z());
                        stringBuffer.append(" value = ");
                        stringBuffer.append(ASN1Dump.c(aSN1InputStream.o()));
                        stringBuffer.append(d);
                    }
                    stringBuffer.append(verisignCzagExtension);
                    stringBuffer.append(d);
                }
                stringBuffer.append(d);
            }
        }
        return stringBuffer.toString();
    }

    @Override // java.security.cert.Certificate
    public final void verify(PublicKey publicKey) throws CertificateException, NoSuchAlgorithmException, InvalidKeyException, NoSuchProviderException, SignatureException {
        Signature signature;
        String c = X509SignatureUtil.c(this.c.n());
        try {
            signature = this.bcHelper.createSignature(c);
        } catch (Exception unused) {
            signature = Signature.getInstance(c);
        }
        f(publicKey, signature);
    }

    @Override // java.security.cert.Certificate
    public final void verify(PublicKey publicKey, String str) throws CertificateException, NoSuchAlgorithmException, InvalidKeyException, NoSuchProviderException, SignatureException {
        String c = X509SignatureUtil.c(this.c.n());
        f(publicKey, str != null ? Signature.getInstance(c, str) : Signature.getInstance(c));
    }

    @Override // java.security.cert.X509Certificate, java.security.cert.Certificate
    public final void verify(PublicKey publicKey, Provider provider) throws CertificateException, NoSuchAlgorithmException, InvalidKeyException, SignatureException {
        String c = X509SignatureUtil.c(this.c.n());
        f(publicKey, provider != null ? Signature.getInstance(c, provider) : Signature.getInstance(c));
    }
}
