package org.bouncycastle.jsse.provider;

import java.io.IOException;
import java.security.AlgorithmParameters;
import java.security.GeneralSecurityException;
import java.security.PublicKey;
import java.security.cert.CertPathValidatorException;
import java.security.cert.Certificate;
import java.security.cert.CertificateParsingException;
import java.security.cert.PKIXCertPathChecker;
import java.security.cert.X509Certificate;
import java.util.Collection;
import java.util.Collections;
import java.util.HashMap;
import java.util.HashSet;
import java.util.List;
import java.util.Map;
import java.util.Set;
import org.jose4j.jwk.OctetKeyPairJsonWebKey;
import org.jose4j.jwk.RsaJsonWebKey;

/* loaded from: classes4.dex */
public class f0 extends PKIXCertPathChecker {

    /* renamed from: c, reason: collision with root package name */
    public final boolean f48699c;

    /* renamed from: d, reason: collision with root package name */
    public final gg0.d f48700d;

    /* renamed from: e, reason: collision with root package name */
    public final mg0.a f48701e;

    /* renamed from: k, reason: collision with root package name */
    public X509Certificate f48702k;

    /* renamed from: s, reason: collision with root package name */
    public static final Map f48696s = j();

    /* renamed from: x, reason: collision with root package name */
    public static final Set f48697x = k();

    /* renamed from: y, reason: collision with root package name */
    public static final byte[] f48698y = {5, 0};
    public static final String A = y.v("SHA256withRSAandMGF1", "RSASSA-PSS");
    public static final String D = y.v("SHA384withRSAandMGF1", "RSASSA-PSS");
    public static final String F = y.v("SHA512withRSAandMGF1", "RSASSA-PSS");
    public static final String H = y.v("SHA256withRSAandMGF1", RsaJsonWebKey.KEY_TYPE);
    public static final String I = y.v("SHA384withRSAandMGF1", RsaJsonWebKey.KEY_TYPE);
    public static final String L = y.v("SHA512withRSAandMGF1", RsaJsonWebKey.KEY_TYPE);

    public f0(boolean z11, gg0.d dVar, mg0.a aVar) {
        if (dVar == null) {
            throw new NullPointerException("'helper' cannot be null");
        }
        if (aVar == null) {
            throw new NullPointerException("'algorithmConstraints' cannot be null");
        }
        this.f48699c = z11;
        this.f48700d = dVar;
        this.f48701e = aVar;
        this.f48702k = null;
    }

    public static void b(gg0.d dVar, mg0.a aVar, X509Certificate[] x509CertificateArr, af0.r rVar, int i11) {
        X509Certificate x509Certificate = x509CertificateArr[x509CertificateArr.length - 1];
        if (x509CertificateArr.length > 1) {
            i(dVar, aVar, x509CertificateArr[x509CertificateArr.length - 2], x509Certificate);
        }
        e(dVar, aVar, x509CertificateArr[0], rVar, i11);
    }

    public static void d(boolean z11, gg0.d dVar, mg0.a aVar, Set set, X509Certificate[] x509CertificateArr, af0.r rVar, int i11) {
        int length = x509CertificateArr.length;
        while (length > 0 && set.contains(x509CertificateArr[length - 1])) {
            length--;
        }
        if (length < x509CertificateArr.length) {
            X509Certificate x509Certificate = x509CertificateArr[length];
            if (length > 0) {
                i(dVar, aVar, x509CertificateArr[length - 1], x509Certificate);
            }
        } else {
            h(dVar, aVar, x509CertificateArr[length - 1]);
        }
        f0 f0Var = new f0(z11, dVar, aVar);
        f0Var.init(false);
        for (int i12 = length - 1; i12 >= 0; i12--) {
            f0Var.check(x509CertificateArr[i12], Collections.emptySet());
        }
        e(dVar, aVar, x509CertificateArr[0], rVar, i11);
    }

    public static void e(gg0.d dVar, mg0.a aVar, X509Certificate x509Certificate, af0.r rVar, int i11) {
        if (rVar != null && !u(x509Certificate, rVar)) {
            throw new CertPathValidatorException("Certificate doesn't support '" + l(rVar) + "' ExtendedKeyUsage");
        }
        if (i11 >= 0) {
            if (!w(x509Certificate, i11)) {
                throw new CertPathValidatorException("Certificate doesn't support '" + m(i11) + "' KeyUsage");
            }
            if (aVar.permits(n(i11), x509Certificate.getPublicKey())) {
                return;
            }
            throw new CertPathValidatorException("Public key not permitted for '" + m(i11) + "' KeyUsage");
        }
    }

    public static void h(gg0.d dVar, mg0.a aVar, X509Certificate x509Certificate) {
        String o11 = o(x509Certificate, null);
        if (!y.P(o11)) {
            throw new CertPathValidatorException();
        }
        if (!aVar.permits(y.f48901i, o11, p(dVar, x509Certificate))) {
            throw new CertPathValidatorException();
        }
    }

    public static void i(gg0.d dVar, mg0.a aVar, X509Certificate x509Certificate, X509Certificate x509Certificate2) {
        String o11 = o(x509Certificate, x509Certificate2);
        if (!y.P(o11)) {
            throw new CertPathValidatorException();
        }
        if (!aVar.permits(y.f48901i, o11, x509Certificate2.getPublicKey(), p(dVar, x509Certificate))) {
            throw new CertPathValidatorException();
        }
    }

    public static Map j() {
        HashMap hashMap = new HashMap(4);
        hashMap.put(fe0.a.f34732d.G(), OctetKeyPairJsonWebKey.SUBTYPE_ED25519);
        hashMap.put(fe0.a.f34733e.G(), OctetKeyPairJsonWebKey.SUBTYPE_ED448);
        hashMap.put(re0.b.f52046j.G(), "SHA1withDSA");
        hashMap.put(bf0.m.f12936p1.G(), "SHA1withDSA");
        return Collections.unmodifiableMap(hashMap);
    }

    public static Set k() {
        HashSet hashSet = new HashSet();
        hashSet.add(re0.b.f52046j.G());
        hashSet.add(bf0.m.f12936p1.G());
        hashSet.add(se0.n.f53739h2.G());
        return Collections.unmodifiableSet(hashSet);
    }

    public static String l(af0.r rVar) {
        if (af0.r.f989s.equals(rVar)) {
            return "clientAuth";
        }
        if (af0.r.f988k.equals(rVar)) {
            return "serverAuth";
        }
        return "(" + rVar + ")";
    }

    public static String m(int i11) {
        if (i11 == 0) {
            return "digitalSignature";
        }
        if (i11 == 2) {
            return "keyEncipherment";
        }
        if (i11 == 4) {
            return "keyAgreement";
        }
        return "(" + i11 + ")";
    }

    public static Set n(int i11) {
        return i11 != 2 ? i11 != 4 ? y.f48901i : y.f48899g : y.f48900h;
    }

    public static String o(X509Certificate x509Certificate, X509Certificate x509Certificate2) {
        xd0.n t11;
        String sigAlgOID = x509Certificate.getSigAlgOID();
        String str = (String) f48696s.get(sigAlgOID);
        if (str != null) {
            return str;
        }
        if (!se0.n.f53739h2.G().equals(sigAlgOID)) {
            return x509Certificate.getSigAlgName();
        }
        se0.u u11 = se0.u.u(x509Certificate.getSigAlgParams());
        if (u11 != null && (t11 = u11.t().t()) != null) {
            if (x509Certificate2 != null) {
                x509Certificate = x509Certificate2;
            }
            try {
                wh0.g gVar = new wh0.g((wh0.h) null, x509Certificate);
                if (ne0.b.f46386c.x(t11)) {
                    if (gVar.y((short) 9)) {
                        return A;
                    }
                    if (gVar.y((short) 4)) {
                        return H;
                    }
                } else if (ne0.b.f46388d.x(t11)) {
                    if (gVar.y((short) 10)) {
                        return D;
                    }
                    if (gVar.y((short) 5)) {
                        return I;
                    }
                } else if (ne0.b.f46390e.x(t11)) {
                    if (gVar.y((short) 11)) {
                        return F;
                    }
                    if (gVar.y((short) 6)) {
                        return L;
                    }
                }
            } catch (IOException unused) {
            }
        }
        return null;
    }

    public static AlgorithmParameters p(gg0.d dVar, X509Certificate x509Certificate) {
        byte[] sigAlgParams = x509Certificate.getSigAlgParams();
        if (sigAlgParams == null) {
            return null;
        }
        String sigAlgOID = x509Certificate.getSigAlgOID();
        if (f48697x.contains(sigAlgOID) && yh0.a.e(f48698y, sigAlgParams)) {
            return null;
        }
        try {
            AlgorithmParameters m11 = dVar.m(sigAlgOID);
            try {
                m11.init(sigAlgParams);
                return m11;
            } catch (Exception e11) {
                throw new CertPathValidatorException(e11);
            }
        } catch (GeneralSecurityException unused) {
            return null;
        }
    }

    public static boolean q(PublicKey publicKey) {
        try {
            af0.a t11 = af0.v.u(publicKey.getEncoded()).t();
            if (!bf0.m.C0.x(t11.t())) {
                return true;
            }
            xd0.e w11 = t11.w();
            if (w11 != null) {
                return w11.m() instanceof xd0.n;
            }
            return false;
        } catch (Exception unused) {
            return false;
        }
    }

    public static boolean t(PublicKey publicKey, boolean[] zArr, int i11, mg0.a aVar) {
        return x(zArr, i11) && aVar.permits(n(i11), publicKey);
    }

    public static boolean u(X509Certificate x509Certificate, af0.r rVar) {
        try {
            return v(x509Certificate.getExtendedKeyUsage(), rVar);
        } catch (CertificateParsingException unused) {
            return false;
        }
    }

    public static boolean v(List list, af0.r rVar) {
        return list == null || list.contains(rVar.t()) || list.contains(af0.r.f987e.t());
    }

    public static boolean w(X509Certificate x509Certificate, int i11) {
        return x(x509Certificate.getKeyUsage(), i11);
    }

    public static boolean x(boolean[] zArr, int i11) {
        return zArr == null || (zArr.length > i11 && zArr[i11]);
    }

    @Override // java.security.cert.PKIXCertPathChecker
    public void check(Certificate certificate, Collection collection) {
        if (!(certificate instanceof X509Certificate)) {
            throw new CertPathValidatorException("checker can only be used for X.509 certificates");
        }
        X509Certificate x509Certificate = (X509Certificate) certificate;
        if (this.f48699c && !q(x509Certificate.getPublicKey())) {
            throw new CertPathValidatorException("non-FIPS public key found");
        }
        X509Certificate x509Certificate2 = this.f48702k;
        if (x509Certificate2 != null) {
            i(this.f48700d, this.f48701e, x509Certificate, x509Certificate2);
        }
        this.f48702k = x509Certificate;
    }

    @Override // java.security.cert.PKIXCertPathChecker
    public Set getSupportedExtensions() {
        return null;
    }

    @Override // java.security.cert.PKIXCertPathChecker, java.security.cert.CertPathChecker
    public void init(boolean z11) {
        if (z11) {
            throw new CertPathValidatorException("forward checking not supported");
        }
        this.f48702k = null;
    }

    @Override // java.security.cert.PKIXCertPathChecker, java.security.cert.CertPathChecker
    public boolean isForwardCheckingSupported() {
        return false;
    }
}
