package com.babylon.ssl.internal.verifier;

import com.amap.api.col.p0003l.k5;
import com.babylon.ssl.internal.utils.c;
import com.babylon.ssl.j;
import d1.SignedCertificateTimestamp;
import d1.n;
import f1.a;
import f1.e;
import g1.IssuerInformation;
import h1.LogServer;
import j9.d;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.io.OutputStream;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.Signature;
import java.security.SignatureException;
import java.security.cert.Certificate;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateParsingException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.List;
import kotlin.Metadata;
import kotlin.io.b;
import kotlin.jvm.internal.l0;
import org.bouncycastle.asn1.m;
import org.bouncycastle.asn1.q;
import org.bouncycastle.asn1.x509.e1;
import org.bouncycastle.asn1.x509.o;
import org.bouncycastle.asn1.x509.p1;
import org.bouncycastle.asn1.x509.y;
import org.bouncycastle.asn1.x509.z;

/* compiled from: LogSignatureVerifier.kt */
@Metadata(bv = {1, 0, 3}, d1 = {"\u0000d\n\u0002\u0018\u0002\n\u0002\u0018\u0002\n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0000\n\u0002\u0010 \n\u0000\n\u0002\u0018\u0002\n\u0000\n\u0002\u0010\u0012\n\u0000\n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0002\u0010\u000b\n\u0000\n\u0002\u0018\u0002\n\u0002\b\u0005\n\u0002\u0018\u0002\n\u0002\u0018\u0002\n\u0002\b\u0006\n\u0002\u0018\u0002\n\u0002\b\u0004\b\u0000\u0018\u0000 \u001f2\u00020\u0001:\u0001!B\u000f\u0012\u0006\u0010&\u001a\u00020%¢\u0006\u0004\b'\u0010(J\u0018\u0010\u0007\u001a\u00020\u00062\u0006\u0010\u0003\u001a\u00020\u00022\u0006\u0010\u0005\u001a\u00020\u0004H\u0002J \u0010\r\u001a\b\u0012\u0004\u0012\u00020\n0\f2\u0006\u0010\t\u001a\u00020\b2\b\u0010\u000b\u001a\u0004\u0018\u00010\nH\u0002J\u0018\u0010\u0013\u001a\u00020\u00122\u0006\u0010\u000f\u001a\u00020\u000e2\u0006\u0010\u0011\u001a\u00020\u0010H\u0002J\f\u0010\u0016\u001a\u00020\u0015*\u00020\u0014H\u0002J\u0018\u0010\u0019\u001a\u00020\u00102\u0006\u0010\u0018\u001a\u00020\u00172\u0006\u0010\u000f\u001a\u00020\u000eH\u0002J \u0010\u001c\u001a\u00020\u00102\u0006\u0010\u001a\u001a\u00020\u00102\u0006\u0010\u001b\u001a\u00020\u00102\u0006\u0010\u000f\u001a\u00020\u000eH\u0002J\u0014\u0010\u001f\u001a\u00020\u001e*\u00020\u001d2\u0006\u0010\u000f\u001a\u00020\u000eH\u0002J\u001e\u0010!\u001a\u00020\u00122\u0006\u0010\u000f\u001a\u00020\u000e2\f\u0010 \u001a\b\u0012\u0004\u0012\u00020\u00170\fH\u0016J'\u0010#\u001a\u00020\u00122\u0006\u0010\u000f\u001a\u00020\u000e2\u0006\u0010\u0018\u001a\u00020\u00022\u0006\u0010\"\u001a\u00020\u0004H\u0000¢\u0006\u0004\b#\u0010$¨\u0006)"}, d2 = {"Lcom/babylon/certificatetransparency/internal/verifier/j;", "Lcom/babylon/certificatetransparency/internal/verifier/n;", "Ljava/security/cert/X509Certificate;", "preCertificate", "Lg1/b;", "issuerInformation", "Lorg/bouncycastle/asn1/x509/e1;", k5.f15634b, "Lorg/bouncycastle/asn1/x509/z;", "extensions", "Lorg/bouncycastle/asn1/x509/y;", "replacementX509authorityKeyIdentifier", "", "c", "Ld1/j;", "sct", "", "toVerify", "Lcom/babylon/certificatetransparency/j;", "i", "Lorg/bouncycastle/asn1/x509/o;", "", k5.f15636d, "Ljava/security/cert/Certificate;", "certificate", k5.f15641i, "preCertBytes", "issuerKeyHash", k5.f15638f, "Ljava/io/OutputStream;", "Lkotlin/f2;", "e", "chain", "a", "issuerInfo", k5.f15639g, "(Ld1/j;Ljava/security/cert/X509Certificate;Lg1/b;)Lcom/babylon/certificatetransparency/j;", "Lh1/b;", "logServer", "<init>", "(Lh1/b;)V", "certificatetransparency"}, k = 1, mv = {1, 4, 0})
/* loaded from: classes3.dex */
public final class j implements n {

    /* renamed from: b, reason: collision with root package name */
    private static final String f17711b = "2.5.29.35";

    /* renamed from: c, reason: collision with root package name */
    private static final long f17712c = 0;

    /* renamed from: d, reason: collision with root package name */
    private static final long f17713d = 1;

    /* renamed from: a, reason: collision with root package name */
    private final LogServer f17715a;

    public j(@d LogServer logServer) {
        this.f17715a = logServer;
    }

    private final e1 b(X509Certificate preCertificate, IssuerInformation issuerInformation) {
        boolean z10 = true;
        if (!(preCertificate.getVersion() >= 3)) {
            throw new IllegalArgumentException("Failed requirement.".toString());
        }
        m mVar = new m(preCertificate.getEncoded());
        try {
            o n10 = o.n(mVar.j());
            if (d(n10) && issuerInformation.g()) {
                if (issuerInformation.j() == null) {
                    z10 = false;
                }
                if (!z10) {
                    throw new IllegalArgumentException("Failed requirement.".toString());
                }
            }
            List<y> c10 = c(n10.y().n(), issuerInformation.j());
            p1 p1Var = new p1();
            e1 y10 = n10.y();
            p1Var.i(y10.t());
            p1Var.j(y10.v());
            y6.d i10 = issuerInformation.i();
            if (i10 == null) {
                i10 = y10.q();
            }
            p1Var.g(i10);
            p1Var.l(y10.w());
            p1Var.c(y10.m());
            p1Var.n(y10.x());
            p1Var.o(y10.y());
            p1Var.h(y10.s());
            p1Var.p(y10.z());
            Object[] array = c10.toArray(new y[0]);
            if (array == null) {
                throw new NullPointerException("null cannot be cast to non-null type kotlin.Array<T>");
            }
            p1Var.d(new z((y[]) array));
            e1 a10 = p1Var.a();
            b.a(mVar, null);
            return a10;
        } finally {
        }
    }

    private final List<y> c(z extensions, y replacementX509authorityKeyIdentifier) {
        int Z;
        q[] q10 = extensions.q();
        ArrayList arrayList = new ArrayList();
        for (q qVar : q10) {
            if (!l0.g(qVar.C(), a.f44182i)) {
                arrayList.add(qVar);
            }
        }
        ArrayList<q> arrayList2 = new ArrayList();
        for (Object obj : arrayList) {
            if (!l0.g(((q) obj).C(), a.f44183j)) {
                arrayList2.add(obj);
            }
        }
        Z = kotlin.collections.z.Z(arrayList2, 10);
        ArrayList arrayList3 = new ArrayList(Z);
        for (q qVar2 : arrayList2) {
            arrayList3.add((!l0.g(qVar2.C(), f17711b) || replacementX509authorityKeyIdentifier == null) ? extensions.o(qVar2) : replacementX509authorityKeyIdentifier);
        }
        return arrayList3;
    }

    private final boolean d(o oVar) {
        return oVar.y().n().o(new q(f17711b)) != null;
    }

    private final void e(OutputStream outputStream, SignedCertificateTimestamp signedCertificateTimestamp) {
        if (!(signedCertificateTimestamp.j() == n.V1)) {
            throw new IllegalArgumentException("Can only serialize SCT v1 for now.".toString());
        }
        e.a(outputStream, signedCertificateTimestamp.j().getF43897a(), 1);
        e.a(outputStream, 0L, 1);
        e.a(outputStream, signedCertificateTimestamp.l(), 8);
    }

    private final byte[] f(Certificate certificate, SignedCertificateTimestamp sct) {
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        try {
            e(byteArrayOutputStream, sct);
            e.a(byteArrayOutputStream, 0L, 2);
            e.b(byteArrayOutputStream, certificate.getEncoded(), 16777215);
            e.b(byteArrayOutputStream, sct.h(), 65535);
            byte[] byteArray = byteArrayOutputStream.toByteArray();
            b.a(byteArrayOutputStream, null);
            return byteArray;
        } finally {
        }
    }

    private final byte[] g(byte[] preCertBytes, byte[] issuerKeyHash, SignedCertificateTimestamp sct) {
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        try {
            e(byteArrayOutputStream, sct);
            e.a(byteArrayOutputStream, 1L, 2);
            byteArrayOutputStream.write(issuerKeyHash);
            e.b(byteArrayOutputStream, preCertBytes, 16777215);
            e.b(byteArrayOutputStream, sct.h(), 65535);
            byte[] byteArray = byteArrayOutputStream.toByteArray();
            b.a(byteArrayOutputStream, null);
            return byteArray;
        } finally {
        }
    }

    private final com.babylon.ssl.j i(SignedCertificateTimestamp sct, byte[] toVerify) {
        String str;
        com.babylon.ssl.j mVar;
        if (l0.g(this.f17715a.f().getAlgorithm(), "EC")) {
            str = "SHA256withECDSA";
        } else {
            if (!l0.g(this.f17715a.f().getAlgorithm(), com.alipay.sdk.m.j.d.f14284a)) {
                return new o(this.f17715a.f().getAlgorithm(), null, 2, null);
            }
            str = "SHA256withRSA";
        }
        try {
            Signature signature = Signature.getInstance(str);
            signature.initVerify(this.f17715a.f());
            signature.update(toVerify);
            return signature.verify(sct.k().g()) ? j.b.f17727a : j.a.b.f17721a;
        } catch (InvalidKeyException e10) {
            mVar = new i(e10);
            return mVar;
        } catch (NoSuchAlgorithmException e11) {
            mVar = new o(str, e11);
            return mVar;
        } catch (SignatureException e12) {
            mVar = new m(e12);
            return mVar;
        }
    }

    @Override // com.babylon.ssl.internal.verifier.n
    @d
    public com.babylon.ssl.j a(@d SignedCertificateTimestamp sct, @d List<? extends Certificate> chain) {
        IssuerInformation d10;
        b bVar;
        long currentTimeMillis = System.currentTimeMillis();
        if (sct.l() > currentTimeMillis) {
            return new j.a.d(sct.l(), currentTimeMillis);
        }
        if (this.f17715a.g() != null && sct.l() > this.f17715a.g().longValue()) {
            return new j.a.e(sct.l(), this.f17715a.g().longValue());
        }
        if (!Arrays.equals(this.f17715a.getF44588a(), sct.i().d())) {
            return new h(org.bouncycastle.util.encoders.a.i(sct.i().d()), org.bouncycastle.util.encoders.a.i(this.f17715a.getF44588a()));
        }
        Certificate certificate = chain.get(0);
        if (!c.b(certificate) && !c.a(certificate)) {
            try {
                return i(sct, f(certificate, sct));
            } catch (IOException e10) {
                bVar = new b(e10);
                return bVar;
            } catch (CertificateEncodingException e11) {
                bVar = new b(e11);
                return bVar;
            }
        }
        if (chain.size() < 2) {
            return k.f17716a;
        }
        Certificate certificate2 = chain.get(1);
        try {
            if (!c.c(certificate2)) {
                try {
                    d10 = c.d(certificate2);
                } catch (NoSuchAlgorithmException e12) {
                    return new o("SHA-256", e12);
                }
            } else {
                if (chain.size() < 3) {
                    return l.f17717a;
                }
                try {
                    d10 = c.e(certificate2, chain.get(2));
                } catch (IOException e13) {
                    return new a(e13);
                } catch (NoSuchAlgorithmException e14) {
                    return new o("SHA-256", e14);
                } catch (CertificateEncodingException e15) {
                    return new b(e15);
                }
            }
            return h(sct, (X509Certificate) certificate, d10);
        } catch (CertificateParsingException e16) {
            return new c(e16);
        }
    }

    @d
    public final com.babylon.ssl.j h(@d SignedCertificateTimestamp sct, @d X509Certificate certificate, @d IssuerInformation issuerInfo) {
        b bVar;
        try {
            return i(sct, g(b(certificate, issuerInfo).getEncoded(), issuerInfo.h(), sct));
        } catch (IOException e10) {
            bVar = new b(e10);
            return bVar;
        } catch (CertificateException e11) {
            bVar = new b(e11);
            return bVar;
        }
    }
}
