package com.appmattus.certificatetransparency.internal.verifier;

import af0.a0;
import af0.n;
import af0.x;
import com.appmattus.certificatetransparency.internal.verifier.model.Version;
import e7.g;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.io.OutputStream;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.Signature;
import java.security.SignatureException;
import java.security.cert.Certificate;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateParsingException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.List;
import kotlin.collections.q;
import kotlin.jvm.internal.p;
import org.jose4j.jwk.EllipticCurveJsonWebKey;
import org.jose4j.jwk.RsaJsonWebKey;

/* loaded from: classes.dex */
public final class i {
    public static final a Companion = new a(null);

    /* renamed from: a, reason: collision with root package name */
    public final com.appmattus.certificatetransparency.loglist.c f14323a;

    /* loaded from: classes.dex */
    public static final class a {
        public a() {
        }

        public /* synthetic */ a(kotlin.jvm.internal.i iVar) {
            this();
        }
    }

    public i(com.appmattus.certificatetransparency.loglist.c logServer) {
        p.h(logServer, "logServer");
        this.f14323a = logServer;
    }

    public final x a(X509Certificate x509Certificate, k7.b bVar) {
        boolean z11 = true;
        if (!(x509Certificate.getVersion() >= 3)) {
            throw new IllegalArgumentException("Failed requirement.".toString());
        }
        xd0.j jVar = new xd0.j(x509Certificate.getEncoded());
        try {
            af0.g parsedPreCertificate = af0.g.u(jVar.w());
            p.g(parsedPreCertificate, "parsedPreCertificate");
            if (c(parsedPreCertificate) && bVar.a()) {
                if (bVar.d() == null) {
                    z11 = false;
                }
                if (!z11) {
                    throw new IllegalArgumentException("Failed requirement.".toString());
                }
            }
            n u11 = parsedPreCertificate.C().u();
            p.g(u11, "parsedPreCertificate.tbsCertificate.extensions");
            List b11 = b(u11, bVar.d());
            a0 a0Var = new a0();
            x C = parsedPreCertificate.C();
            a0Var.f(C.y());
            a0Var.g(C.z());
            ye0.c c11 = bVar.c();
            if (c11 == null) {
                c11 = C.w();
            }
            a0Var.d(c11);
            a0Var.h(C.A());
            a0Var.b(C.t());
            a0Var.i(C.B());
            a0Var.j(C.C());
            a0Var.e(C.x());
            a0Var.k(C.D());
            Object[] array = b11.toArray(new af0.m[0]);
            if (array == null) {
                throw new NullPointerException("null cannot be cast to non-null type kotlin.Array<T>");
            }
            a0Var.c(new n((af0.m[]) array));
            x a11 = a0Var.a();
            xa0.b.a(jVar, null);
            p.g(a11, "ASN1InputStream(preCerti…BSCertificate()\n        }");
            return a11;
        } finally {
        }
    }

    public final List b(n nVar, af0.m mVar) {
        xd0.n[] v11 = nVar.v();
        p.g(v11, "extensions.extensionOIDs");
        ArrayList arrayList = new ArrayList();
        for (xd0.n nVar2 : v11) {
            if (!p.c(nVar2.G(), "1.3.6.1.4.1.11129.2.4.3")) {
                arrayList.add(nVar2);
            }
        }
        ArrayList<xd0.n> arrayList2 = new ArrayList();
        for (Object obj : arrayList) {
            if (!p.c(((xd0.n) obj).G(), "1.3.6.1.4.1.11129.2.4.2")) {
                arrayList2.add(obj);
            }
        }
        ArrayList arrayList3 = new ArrayList(q.x(arrayList2, 10));
        for (xd0.n nVar3 : arrayList2) {
            arrayList3.add((!p.c(nVar3.G(), "2.5.29.35") || mVar == null) ? nVar.u(nVar3) : mVar);
        }
        return arrayList3;
    }

    public final boolean c(af0.g gVar) {
        return gVar.C().u().u(new xd0.n("2.5.29.35")) != null;
    }

    public final void d(OutputStream outputStream, k7.d dVar) {
        if (!(dVar.c() == Version.V1)) {
            throw new IllegalArgumentException("Can only serialize SCT v1 for now.".toString());
        }
        i7.c.a(outputStream, dVar.c().getNumber(), 1);
        i7.c.a(outputStream, 0L, 1);
        i7.c.a(outputStream, dVar.e(), 8);
    }

    public final byte[] e(Certificate certificate, k7.d dVar) {
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        try {
            d(byteArrayOutputStream, dVar);
            i7.c.a(byteArrayOutputStream, 0L, 2);
            byte[] encoded = certificate.getEncoded();
            p.g(encoded, "certificate.encoded");
            i7.c.b(byteArrayOutputStream, encoded, 16777215);
            i7.c.b(byteArrayOutputStream, dVar.a(), 65535);
            byte[] byteArray = byteArrayOutputStream.toByteArray();
            xa0.b.a(byteArrayOutputStream, null);
            p.g(byteArray, "ByteArrayOutputStream().…t.toByteArray()\n        }");
            return byteArray;
        } finally {
        }
    }

    public final byte[] f(byte[] bArr, byte[] bArr2, k7.d dVar) {
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        try {
            d(byteArrayOutputStream, dVar);
            i7.c.a(byteArrayOutputStream, 1L, 2);
            byteArrayOutputStream.write(bArr2);
            i7.c.b(byteArrayOutputStream, bArr, 16777215);
            i7.c.b(byteArrayOutputStream, dVar.a(), 65535);
            byte[] byteArray = byteArrayOutputStream.toByteArray();
            xa0.b.a(byteArrayOutputStream, null);
            p.g(byteArray, "ByteArrayOutputStream().…t.toByteArray()\n        }");
            return byteArray;
        } finally {
        }
    }

    public final e7.g g(k7.d sct, X509Certificate certificate, k7.b issuerInfo) {
        b bVar;
        p.h(sct, "sct");
        p.h(certificate, "certificate");
        p.h(issuerInfo, "issuerInfo");
        try {
            byte[] encoded = a(certificate, issuerInfo).getEncoded();
            p.g(encoded, "preCertificateTBS.encoded");
            return h(sct, f(encoded, issuerInfo.b(), sct));
        } catch (IOException e11) {
            bVar = new b(e11);
            return bVar;
        } catch (CertificateException e12) {
            bVar = new b(e12);
            return bVar;
        }
    }

    public final e7.g h(k7.d dVar, byte[] bArr) {
        String str;
        e7.g lVar;
        if (p.c(this.f14323a.b().getAlgorithm(), EllipticCurveJsonWebKey.KEY_TYPE)) {
            str = "SHA256withECDSA";
        } else {
            if (!p.c(this.f14323a.b().getAlgorithm(), RsaJsonWebKey.KEY_TYPE)) {
                String algorithm = this.f14323a.b().getAlgorithm();
                p.g(algorithm, "logServer.key.algorithm");
                return new m(algorithm, null, 2, null);
            }
            str = "SHA256withRSA";
        }
        try {
            Signature signature = Signature.getInstance(str);
            signature.initVerify(this.f14323a.b());
            signature.update(bArr);
            return signature.verify(dVar.d().a()) ? g.b.f33494a : g.a.b.f33488a;
        } catch (InvalidKeyException e11) {
            lVar = new h(e11);
            return lVar;
        } catch (NoSuchAlgorithmException e12) {
            lVar = new m(str, e12);
            return lVar;
        } catch (SignatureException e13) {
            lVar = new l(e13);
            return lVar;
        }
    }

    public e7.g i(k7.d sct, List chain) {
        k7.b d11;
        b bVar;
        p.h(sct, "sct");
        p.h(chain, "chain");
        long currentTimeMillis = System.currentTimeMillis();
        if (sct.e() > currentTimeMillis) {
            return new g.a.d(sct.e(), currentTimeMillis);
        }
        if (this.f14323a.c() != null && sct.e() > this.f14323a.c().longValue()) {
            return new g.a.e(sct.e(), this.f14323a.c().longValue());
        }
        if (!Arrays.equals(this.f14323a.a(), sct.b().a())) {
            String d12 = zh0.a.d(sct.b().a());
            p.g(d12, "toBase64String(sct.id.keyId)");
            String d13 = zh0.a.d(this.f14323a.a());
            p.g(d13, "toBase64String(logServer.id)");
            return new g(d12, d13);
        }
        Certificate certificate = (Certificate) chain.get(0);
        if (!j7.b.b(certificate) && !j7.b.a(certificate)) {
            try {
                return h(sct, e(certificate, sct));
            } catch (IOException e11) {
                bVar = new b(e11);
                return bVar;
            } catch (CertificateEncodingException e12) {
                bVar = new b(e12);
                return bVar;
            }
        }
        if (chain.size() < 2) {
            return j.f14324a;
        }
        Certificate certificate2 = (Certificate) chain.get(1);
        try {
            if (!j7.b.c(certificate2)) {
                try {
                    d11 = j7.b.d(certificate2);
                } catch (NoSuchAlgorithmException e13) {
                    return new m("SHA-256", e13);
                }
            } else {
                if (chain.size() < 3) {
                    return k.f14325a;
                }
                try {
                    d11 = j7.b.e(certificate2, (Certificate) chain.get(2));
                } catch (IOException e14) {
                    return new com.appmattus.certificatetransparency.internal.verifier.a(e14);
                } catch (NoSuchAlgorithmException e15) {
                    return new m("SHA-256", e15);
                } catch (CertificateEncodingException e16) {
                    return new b(e16);
                }
            }
            return g(sct, (X509Certificate) certificate, d11);
        } catch (CertificateParsingException e17) {
            return new c(e17);
        }
    }
}
