package org.bouncycastle.jsse.provider;

import java.io.IOException;
import java.security.AlgorithmParameters;
import java.security.GeneralSecurityException;
import java.security.PublicKey;
import java.security.cert.CertPathValidatorException;
import java.security.cert.Certificate;
import java.security.cert.CertificateParsingException;
import java.security.cert.PKIXCertPathChecker;
import java.security.cert.X509Certificate;
import java.util.Collection;
import java.util.Collections;
import java.util.HashMap;
import java.util.HashSet;
import java.util.List;
import java.util.Map;
import java.util.Objects;
import java.util.Set;

/* loaded from: classes5.dex */
class m0 extends PKIXCertPathChecker {

    /* renamed from: d, reason: collision with root package name */
    public static final int f55149d = 0;

    /* renamed from: e, reason: collision with root package name */
    public static final int f55150e = 2;

    /* renamed from: f, reason: collision with root package name */
    public static final int f55151f = 4;

    /* renamed from: g, reason: collision with root package name */
    private static final Map<String, String> f55152g = g();

    /* renamed from: h, reason: collision with root package name */
    private static final Set<String> f55153h = h();

    /* renamed from: i, reason: collision with root package name */
    private static final byte[] f55154i = {5, 0};

    /* renamed from: j, reason: collision with root package name */
    private static final String f55155j = f0.u("SHA256withRSAandMGF1", "RSASSA-PSS");

    /* renamed from: k, reason: collision with root package name */
    private static final String f55156k = f0.u("SHA384withRSAandMGF1", "RSASSA-PSS");

    /* renamed from: l, reason: collision with root package name */
    private static final String f55157l = f0.u("SHA512withRSAandMGF1", "RSASSA-PSS");

    /* renamed from: m, reason: collision with root package name */
    private static final String f55158m = f0.u("SHA256withRSAandMGF1", com.alipay.sdk.m.j.d.f14284a);

    /* renamed from: n, reason: collision with root package name */
    private static final String f55159n = f0.u("SHA384withRSAandMGF1", com.alipay.sdk.m.j.d.f14284a);

    /* renamed from: o, reason: collision with root package name */
    private static final String f55160o = f0.u("SHA512withRSAandMGF1", com.alipay.sdk.m.j.d.f14284a);

    /* renamed from: a, reason: collision with root package name */
    private final org.bouncycastle.jcajce.util.f f55161a;

    /* renamed from: b, reason: collision with root package name */
    private final g8.a f55162b;

    /* renamed from: c, reason: collision with root package name */
    private X509Certificate f55163c;

    public m0(org.bouncycastle.jcajce.util.f fVar, g8.a aVar) {
        Objects.requireNonNull(fVar, "'helper' cannot be null");
        Objects.requireNonNull(aVar, "'algorithmConstraints' cannot be null");
        this.f55161a = fVar;
        this.f55162b = aVar;
        this.f55163c = null;
    }

    public static void a(org.bouncycastle.jcajce.util.f fVar, g8.a aVar, X509Certificate[] x509CertificateArr, org.bouncycastle.asn1.x509.j0 j0Var, int i10) throws CertPathValidatorException {
        X509Certificate x509Certificate = x509CertificateArr[x509CertificateArr.length - 1];
        if (x509CertificateArr.length > 1) {
            f(fVar, aVar, x509CertificateArr[x509CertificateArr.length - 2], x509Certificate);
        }
        d(fVar, aVar, x509CertificateArr[0], j0Var, i10);
    }

    public static void b(org.bouncycastle.jcajce.util.f fVar, g8.a aVar, Set<X509Certificate> set, X509Certificate[] x509CertificateArr, org.bouncycastle.asn1.x509.j0 j0Var, int i10) throws CertPathValidatorException {
        int length = x509CertificateArr.length;
        while (length > 0 && set.contains(x509CertificateArr[length - 1])) {
            length--;
        }
        if (length < x509CertificateArr.length) {
            X509Certificate x509Certificate = x509CertificateArr[length];
            if (length > 0) {
                f(fVar, aVar, x509CertificateArr[length - 1], x509Certificate);
            }
        } else {
            e(fVar, aVar, x509CertificateArr[length - 1]);
        }
        m0 m0Var = new m0(fVar, aVar);
        m0Var.init(false);
        for (int i11 = length - 1; i11 >= 0; i11--) {
            m0Var.check(x509CertificateArr[i11], Collections.emptySet());
        }
        d(fVar, aVar, x509CertificateArr[0], j0Var, i10);
    }

    private static void d(org.bouncycastle.jcajce.util.f fVar, g8.a aVar, X509Certificate x509Certificate, org.bouncycastle.asn1.x509.j0 j0Var, int i10) throws CertPathValidatorException {
        if (j0Var != null && !o(x509Certificate, j0Var)) {
            throw new CertPathValidatorException("Certificate doesn't support '" + i(j0Var) + "' ExtendedKeyUsage");
        }
        if (i10 >= 0) {
            if (!q(x509Certificate, i10)) {
                throw new CertPathValidatorException("Certificate doesn't support '" + j(i10) + "' KeyUsage");
            }
            if (aVar.permits(k(i10), x509Certificate.getPublicKey())) {
                return;
            }
            throw new CertPathValidatorException("Public key not permitted for '" + j(i10) + "' KeyUsage");
        }
    }

    private static void e(org.bouncycastle.jcajce.util.f fVar, g8.a aVar, X509Certificate x509Certificate) throws CertPathValidatorException {
        String l10 = l(x509Certificate, null);
        if (!f0.L(l10)) {
            throw new CertPathValidatorException();
        }
        if (!aVar.permits(f0.f55036f, l10, m(fVar, x509Certificate))) {
            throw new CertPathValidatorException();
        }
    }

    private static void f(org.bouncycastle.jcajce.util.f fVar, g8.a aVar, X509Certificate x509Certificate, X509Certificate x509Certificate2) throws CertPathValidatorException {
        String l10 = l(x509Certificate, x509Certificate2);
        if (!f0.L(l10)) {
            throw new CertPathValidatorException();
        }
        if (!aVar.permits(f0.f55036f, l10, x509Certificate2.getPublicKey(), m(fVar, x509Certificate))) {
            throw new CertPathValidatorException();
        }
    }

    private static Map<String, String> g() {
        HashMap hashMap = new HashMap(4);
        hashMap.put(z5.a.f62480d.C(), org.bouncycastle.jcajce.spec.g.f54538b);
        hashMap.put(z5.a.f62481e.C(), org.bouncycastle.jcajce.spec.g.f54539c);
        hashMap.put(s6.b.f61185j.C(), "SHA1withDSA");
        hashMap.put(org.bouncycastle.asn1.x9.r.f50416m6.C(), "SHA1withDSA");
        return Collections.unmodifiableMap(hashMap);
    }

    private static Set<String> h() {
        HashSet hashSet = new HashSet();
        hashSet.add(s6.b.f61185j.C());
        hashSet.add(org.bouncycastle.asn1.x9.r.f50416m6.C());
        hashSet.add(org.bouncycastle.asn1.pkcs.s.f49634i2.C());
        return Collections.unmodifiableSet(hashSet);
    }

    public static String i(org.bouncycastle.asn1.x509.j0 j0Var) {
        if (org.bouncycastle.asn1.x509.j0.f49998e.equals(j0Var)) {
            return "clientAuth";
        }
        if (org.bouncycastle.asn1.x509.j0.f49997d.equals(j0Var)) {
            return "serverAuth";
        }
        return "(" + j0Var + ")";
    }

    public static String j(int i10) {
        if (i10 == 0) {
            return "digitalSignature";
        }
        if (i10 == 2) {
            return "keyEncipherment";
        }
        if (i10 == 4) {
            return "keyAgreement";
        }
        return "(" + i10 + ")";
    }

    public static Set<g8.b> k(int i10) {
        return i10 != 2 ? i10 != 4 ? f0.f55036f : f0.f55034d : f0.f55035e;
    }

    public static String l(X509Certificate x509Certificate, X509Certificate x509Certificate2) {
        org.bouncycastle.asn1.q m10;
        String sigAlgOID = x509Certificate.getSigAlgOID();
        String str = f55152g.get(sigAlgOID);
        if (str != null) {
            return str;
        }
        if (!org.bouncycastle.asn1.pkcs.s.f49634i2.C().equals(sigAlgOID)) {
            return x509Certificate.getSigAlgName();
        }
        org.bouncycastle.asn1.pkcs.a0 n10 = org.bouncycastle.asn1.pkcs.a0.n(x509Certificate.getSigAlgParams());
        if (n10 != null && (m10 = n10.m().m()) != null) {
            if (x509Certificate2 != null) {
                x509Certificate = x509Certificate2;
            }
            try {
                org.bouncycastle.tls.crypto.impl.jcajce.g gVar = new org.bouncycastle.tls.crypto.impl.jcajce.g((org.bouncycastle.tls.crypto.impl.jcajce.h) null, x509Certificate);
                if (o6.d.f48899c.q(m10)) {
                    if (gVar.b((short) 9)) {
                        return f55155j;
                    }
                    if (gVar.b((short) 4)) {
                        return f55158m;
                    }
                } else if (o6.d.f48901d.q(m10)) {
                    if (gVar.b((short) 10)) {
                        return f55156k;
                    }
                    if (gVar.b((short) 5)) {
                        return f55159n;
                    }
                } else if (o6.d.f48903e.q(m10)) {
                    if (gVar.b((short) 11)) {
                        return f55157l;
                    }
                    if (gVar.b((short) 6)) {
                        return f55160o;
                    }
                }
            } catch (IOException unused) {
            }
        }
        return null;
    }

    public static AlgorithmParameters m(org.bouncycastle.jcajce.util.f fVar, X509Certificate x509Certificate) throws CertPathValidatorException {
        byte[] sigAlgParams = x509Certificate.getSigAlgParams();
        if (sigAlgParams == null) {
            return null;
        }
        String sigAlgOID = x509Certificate.getSigAlgOID();
        if (f55153h.contains(sigAlgOID) && org.bouncycastle.util.a.g(f55154i, sigAlgParams)) {
            return null;
        }
        try {
            AlgorithmParameters v10 = fVar.v(sigAlgOID);
            try {
                v10.init(sigAlgParams);
                return v10;
            } catch (Exception e10) {
                throw new CertPathValidatorException(e10);
            }
        } catch (GeneralSecurityException unused) {
            return null;
        }
    }

    public static boolean n(PublicKey publicKey, boolean[] zArr, int i10, g8.a aVar) {
        return r(zArr, i10) && aVar.permits(k(i10), publicKey);
    }

    public static boolean o(X509Certificate x509Certificate, org.bouncycastle.asn1.x509.j0 j0Var) {
        try {
            return p(x509Certificate.getExtendedKeyUsage(), j0Var);
        } catch (CertificateParsingException unused) {
            return false;
        }
    }

    public static boolean p(List<String> list, org.bouncycastle.asn1.x509.j0 j0Var) {
        return list == null || list.contains(j0Var.m()) || list.contains(org.bouncycastle.asn1.x509.j0.f49996c.m());
    }

    public static boolean q(X509Certificate x509Certificate, int i10) {
        return r(x509Certificate.getKeyUsage(), i10);
    }

    public static boolean r(boolean[] zArr, int i10) {
        return zArr == null || (zArr.length > i10 && zArr[i10]);
    }

    @Override // java.security.cert.PKIXCertPathChecker
    public void check(Certificate certificate, Collection<String> collection) throws CertPathValidatorException {
        if (!(certificate instanceof X509Certificate)) {
            throw new CertPathValidatorException("checker can only be used for X.509 certificates");
        }
        X509Certificate x509Certificate = (X509Certificate) certificate;
        X509Certificate x509Certificate2 = this.f55163c;
        if (x509Certificate2 != null) {
            f(this.f55161a, this.f55162b, x509Certificate, x509Certificate2);
        }
        this.f55163c = x509Certificate;
    }

    @Override // java.security.cert.PKIXCertPathChecker
    public Set<String> getSupportedExtensions() {
        return null;
    }

    @Override // java.security.cert.PKIXCertPathChecker, java.security.cert.CertPathChecker
    public void init(boolean z10) throws CertPathValidatorException {
        if (z10) {
            throw new CertPathValidatorException("forward checking not supported");
        }
        this.f55163c = null;
    }

    @Override // java.security.cert.PKIXCertPathChecker, java.security.cert.CertPathChecker
    public boolean isForwardCheckingSupported() {
        return false;
    }
}
