package org.bouncycastle.jsse.provider;

import android.support.v4.media.a;
import java.io.IOException;
import java.security.AlgorithmParameters;
import java.security.GeneralSecurityException;
import java.security.cert.CertPathValidatorException;
import java.security.cert.Certificate;
import java.security.cert.PKIXCertPathChecker;
import java.security.cert.X509Certificate;
import java.util.Arrays;
import java.util.Collection;
import java.util.Collections;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Map;
import java.util.Set;
import org.bouncycastle.asn1.ASN1ObjectIdentifier;
import org.bouncycastle.asn1.ASN1Sequence;
import org.bouncycastle.asn1.edec.EdECObjectIdentifiers;
import org.bouncycastle.asn1.nist.NISTObjectIdentifiers;
import org.bouncycastle.asn1.oiw.OIWObjectIdentifiers;
import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
import org.bouncycastle.asn1.pkcs.RSASSAPSSparams;
import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
import org.bouncycastle.asn1.x509.KeyPurposeId;
import org.bouncycastle.asn1.x9.X9ObjectIdentifiers;
import org.bouncycastle.jcajce.util.DefaultJcaJceHelper;
import org.bouncycastle.jcajce.util.JcaJceHelper;
import org.bouncycastle.jsse.java.security.BCAlgorithmConstraints;
import org.bouncycastle.tls.crypto.impl.jcajce.JcaTlsCertificate;
import org.bouncycastle.tls.crypto.impl.jcajce.JcaTlsCrypto;

/* loaded from: classes3.dex */
class ProvAlgorithmChecker extends PKIXCertPathChecker {
    public static final Map<String, String> d;
    public static final Set<String> e;
    public static final byte[] f;
    public static final String g;
    public static final String h;
    public static final String i;
    public static final String j;
    public static final String k;
    public static final String l;
    public final JcaJceHelper a;
    public final BCAlgorithmConstraints b;
    public X509Certificate c;

    static {
        HashMap hashMap = new HashMap(4);
        hashMap.put(EdECObjectIdentifiers.c.a, "Ed25519");
        hashMap.put(EdECObjectIdentifiers.d.a, "Ed448");
        ASN1ObjectIdentifier aSN1ObjectIdentifier = OIWObjectIdentifiers.b;
        hashMap.put(aSN1ObjectIdentifier.a, "SHA1withDSA");
        ASN1ObjectIdentifier aSN1ObjectIdentifier2 = X9ObjectIdentifiers.g;
        hashMap.put(aSN1ObjectIdentifier2.a, "SHA1withDSA");
        d = Collections.unmodifiableMap(hashMap);
        HashSet hashSet = new HashSet();
        hashSet.add(aSN1ObjectIdentifier.a);
        hashSet.add(aSN1ObjectIdentifier2.a);
        hashSet.add(PKCSObjectIdentifiers.d.a);
        e = Collections.unmodifiableSet(hashSet);
        f = new byte[]{5, 0};
        g = JsseUtils.i("SHA256withRSAandMGF1", "RSASSA-PSS");
        h = JsseUtils.i("SHA384withRSAandMGF1", "RSASSA-PSS");
        i = JsseUtils.i("SHA512withRSAandMGF1", "RSASSA-PSS");
        j = JsseUtils.i("SHA256withRSAandMGF1", "RSA");
        k = JsseUtils.i("SHA384withRSAandMGF1", "RSA");
        l = JsseUtils.i("SHA512withRSAandMGF1", "RSA");
    }

    public ProvAlgorithmChecker(JcaJceHelper jcaJceHelper, BCAlgorithmConstraints bCAlgorithmConstraints) {
        if (jcaJceHelper == null) {
            throw new NullPointerException("'helper' cannot be null");
        }
        if (bCAlgorithmConstraints == null) {
            throw new NullPointerException("'algorithmConstraints' cannot be null");
        }
        this.a = jcaJceHelper;
        this.b = bCAlgorithmConstraints;
        this.c = null;
    }

    public static void a(JcaJceHelper jcaJceHelper, BCAlgorithmConstraints bCAlgorithmConstraints, Set<X509Certificate> set, X509Certificate[] x509CertificateArr, KeyPurposeId keyPurposeId, int i2) throws CertPathValidatorException {
        int length = x509CertificateArr.length;
        while (length > 0) {
            int i3 = length - 1;
            if (!set.contains(x509CertificateArr[i3])) {
                break;
            } else {
                length = i3;
            }
        }
        if (length < x509CertificateArr.length) {
            X509Certificate x509Certificate = x509CertificateArr[length];
            if (length > 0) {
                c(jcaJceHelper, bCAlgorithmConstraints, x509CertificateArr[length - 1], x509Certificate);
            }
        } else {
            X509Certificate x509Certificate2 = x509CertificateArr[length - 1];
            String e2 = e(x509Certificate2, null);
            if (!(e2 != null && e2.length() > 0)) {
                throw new CertPathValidatorException();
            }
            if (!((ProvAlgorithmConstraints) bCAlgorithmConstraints).permits(JsseUtils.f, e2, f(jcaJceHelper, x509Certificate2))) {
                throw new CertPathValidatorException();
            }
        }
        ProvAlgorithmChecker provAlgorithmChecker = new ProvAlgorithmChecker(jcaJceHelper, bCAlgorithmConstraints);
        provAlgorithmChecker.init(false);
        while (true) {
            length--;
            if (length < 0) {
                b(bCAlgorithmConstraints, x509CertificateArr[0], keyPurposeId, i2);
                return;
            }
            provAlgorithmChecker.check(x509CertificateArr[length], Collections.emptySet());
        }
    }

    /* JADX WARN: Code restructure failed: missing block: B:35:0x0020, code lost:
    
        if (r3.contains(org.bouncycastle.asn1.x509.KeyPurposeId.b.a.a) != false) goto L10;
     */
    /* JADX WARN: Removed duplicated region for block: B:28:0x00b9 A[ORIG_RETURN, RETURN] */
    /* JADX WARN: Removed duplicated region for block: B:38:0x0027  */
    /* JADX WARN: Removed duplicated region for block: B:4:0x0065  */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public static void b(org.bouncycastle.jsse.java.security.BCAlgorithmConstraints r5, java.security.cert.X509Certificate r6, org.bouncycastle.asn1.x509.KeyPurposeId r7, int r8) throws java.security.cert.CertPathValidatorException {
        /*
            r0 = 1
            r1 = 0
            java.lang.String r2 = "Certificate doesn't support '"
            if (r7 == 0) goto L63
            java.util.List r3 = r6.getExtendedKeyUsage()     // Catch: java.security.cert.CertificateParsingException -> L24
            if (r3 == 0) goto L22
            org.bouncycastle.asn1.ASN1ObjectIdentifier r4 = r7.a     // Catch: java.security.cert.CertificateParsingException -> L24
            java.lang.String r4 = r4.a     // Catch: java.security.cert.CertificateParsingException -> L24
            boolean r4 = r3.contains(r4)     // Catch: java.security.cert.CertificateParsingException -> L24
            if (r4 != 0) goto L22
            org.bouncycastle.asn1.x509.KeyPurposeId r4 = org.bouncycastle.asn1.x509.KeyPurposeId.b     // Catch: java.security.cert.CertificateParsingException -> L24
            org.bouncycastle.asn1.ASN1ObjectIdentifier r4 = r4.a     // Catch: java.security.cert.CertificateParsingException -> L24
            java.lang.String r4 = r4.a     // Catch: java.security.cert.CertificateParsingException -> L24
            boolean r3 = r3.contains(r4)     // Catch: java.security.cert.CertificateParsingException -> L24
            if (r3 == 0) goto L24
        L22:
            r3 = r0
            goto L25
        L24:
            r3 = r1
        L25:
            if (r3 != 0) goto L63
            java.security.cert.CertPathValidatorException r5 = new java.security.cert.CertPathValidatorException
            java.lang.StringBuilder r6 = android.support.v4.media.a.y(r2)
            org.bouncycastle.asn1.x509.KeyPurposeId r8 = org.bouncycastle.asn1.x509.KeyPurposeId.d
            boolean r8 = r8.equals(r7)
            if (r8 != 0) goto L57
            org.bouncycastle.asn1.x509.KeyPurposeId r8 = org.bouncycastle.asn1.x509.KeyPurposeId.c
            boolean r8 = r8.equals(r7)
            if (r8 == 0) goto L40
            java.lang.String r7 = "serverAuth"
            goto L59
        L40:
            java.lang.StringBuilder r8 = new java.lang.StringBuilder
            r8.<init>()
            java.lang.String r0 = "("
            r8.append(r0)
            r8.append(r7)
            java.lang.String r7 = ")"
            r8.append(r7)
            java.lang.String r7 = r8.toString()
            goto L59
        L57:
            java.lang.String r7 = "clientAuth"
        L59:
            java.lang.String r8 = "' ExtendedKeyUsage"
            java.lang.String r6 = android.support.v4.media.a.r(r6, r7, r8)
            r5.<init>(r6)
            throw r5
        L63:
            if (r8 < 0) goto Lb9
            boolean[] r7 = r6.getKeyUsage()
            if (r7 == 0) goto L74
            int r3 = r7.length
            if (r3 <= r8) goto L73
            boolean r7 = r7[r8]
            if (r7 == 0) goto L73
            goto L74
        L73:
            r0 = r1
        L74:
            java.lang.String r7 = "' KeyUsage"
            if (r0 == 0) goto La7
            r0 = 2
            if (r8 == r0) goto L84
            r0 = 4
            if (r8 == r0) goto L81
            java.util.Set<org.bouncycastle.jsse.java.security.BCCryptoPrimitive> r0 = org.bouncycastle.jsse.provider.JsseUtils.f
            goto L86
        L81:
            java.util.Set<org.bouncycastle.jsse.java.security.BCCryptoPrimitive> r0 = org.bouncycastle.jsse.provider.JsseUtils.d
            goto L86
        L84:
            java.util.Set<org.bouncycastle.jsse.java.security.BCCryptoPrimitive> r0 = org.bouncycastle.jsse.provider.JsseUtils.e
        L86:
            java.security.PublicKey r6 = r6.getPublicKey()
            org.bouncycastle.jsse.provider.ProvAlgorithmConstraints r5 = (org.bouncycastle.jsse.provider.ProvAlgorithmConstraints) r5
            boolean r5 = r5.permits(r0, r6)
            if (r5 == 0) goto L93
            goto Lb9
        L93:
            java.security.cert.CertPathValidatorException r5 = new java.security.cert.CertPathValidatorException
            java.lang.String r6 = "Public key not permitted for '"
            java.lang.StringBuilder r6 = android.support.v4.media.a.y(r6)
            java.lang.String r8 = d(r8)
            java.lang.String r6 = android.support.v4.media.a.r(r6, r8, r7)
            r5.<init>(r6)
            throw r5
        La7:
            java.security.cert.CertPathValidatorException r5 = new java.security.cert.CertPathValidatorException
            java.lang.StringBuilder r6 = android.support.v4.media.a.y(r2)
            java.lang.String r8 = d(r8)
            java.lang.String r6 = android.support.v4.media.a.r(r6, r8, r7)
            r5.<init>(r6)
            throw r5
        Lb9:
            return
        */
        throw new UnsupportedOperationException("Method not decompiled: org.bouncycastle.jsse.provider.ProvAlgorithmChecker.b(org.bouncycastle.jsse.java.security.BCAlgorithmConstraints, java.security.cert.X509Certificate, org.bouncycastle.asn1.x509.KeyPurposeId, int):void");
    }

    public static void c(JcaJceHelper jcaJceHelper, BCAlgorithmConstraints bCAlgorithmConstraints, X509Certificate x509Certificate, X509Certificate x509Certificate2) throws CertPathValidatorException {
        String e2 = e(x509Certificate, x509Certificate2);
        if (!(e2 != null && e2.length() > 0)) {
            throw new CertPathValidatorException();
        }
        if (!bCAlgorithmConstraints.permits(JsseUtils.f, e2, x509Certificate2.getPublicKey(), f(jcaJceHelper, x509Certificate))) {
            throw new CertPathValidatorException();
        }
    }

    public static String d(int i2) {
        return i2 != 0 ? i2 != 2 ? i2 != 4 ? a.g("(", i2, ")") : "keyAgreement" : "keyEncipherment" : "digitalSignature";
    }

    /* JADX WARN: Multi-variable type inference failed */
    public static String e(X509Certificate x509Certificate, X509Certificate x509Certificate2) {
        ASN1ObjectIdentifier aSN1ObjectIdentifier;
        String sigAlgOID = x509Certificate.getSigAlgOID();
        String str = d.get(sigAlgOID);
        if (str != null) {
            return str;
        }
        if (!PKCSObjectIdentifiers.d.a.equals(sigAlgOID)) {
            return x509Certificate.getSigAlgName();
        }
        byte[] sigAlgParams = x509Certificate.getSigAlgParams();
        AlgorithmIdentifier algorithmIdentifier = RSASSAPSSparams.e;
        RSASSAPSSparams rSASSAPSSparams = sigAlgParams instanceof RSASSAPSSparams ? (RSASSAPSSparams) sigAlgParams : sigAlgParams != 0 ? new RSASSAPSSparams(ASN1Sequence.D(sigAlgParams)) : null;
        if (rSASSAPSSparams != null && (aSN1ObjectIdentifier = rSASSAPSSparams.a.a) != null) {
            if (x509Certificate2 != null) {
                x509Certificate = x509Certificate2;
            }
            try {
                JcaTlsCertificate jcaTlsCertificate = new JcaTlsCertificate((JcaTlsCrypto) null, x509Certificate);
                if (NISTObjectIdentifiers.a.u(aSN1ObjectIdentifier)) {
                    if (jcaTlsCertificate.f((short) 9)) {
                        return g;
                    }
                    if (jcaTlsCertificate.f((short) 4)) {
                        return j;
                    }
                } else if (NISTObjectIdentifiers.b.u(aSN1ObjectIdentifier)) {
                    if (jcaTlsCertificate.f((short) 10)) {
                        return h;
                    }
                    if (jcaTlsCertificate.f((short) 5)) {
                        return k;
                    }
                } else if (NISTObjectIdentifiers.c.u(aSN1ObjectIdentifier)) {
                    if (jcaTlsCertificate.f((short) 11)) {
                        return i;
                    }
                    if (jcaTlsCertificate.f((short) 6)) {
                        return l;
                    }
                }
            } catch (IOException unused) {
            }
        }
        return null;
    }

    public static AlgorithmParameters f(JcaJceHelper jcaJceHelper, X509Certificate x509Certificate) throws CertPathValidatorException {
        byte[] sigAlgParams = x509Certificate.getSigAlgParams();
        if (sigAlgParams == null) {
            return null;
        }
        String sigAlgOID = x509Certificate.getSigAlgOID();
        if (e.contains(sigAlgOID) && Arrays.equals(f, sigAlgParams)) {
            return null;
        }
        try {
            ((DefaultJcaJceHelper) jcaJceHelper).getClass();
            AlgorithmParameters algorithmParameters = AlgorithmParameters.getInstance(sigAlgOID);
            try {
                algorithmParameters.init(sigAlgParams);
                return algorithmParameters;
            } catch (Exception e2) {
                throw new CertPathValidatorException(e2);
            }
        } catch (GeneralSecurityException unused) {
            return null;
        }
    }

    @Override // java.security.cert.PKIXCertPathChecker
    public final void check(Certificate certificate, Collection<String> collection) throws CertPathValidatorException {
        if (!(certificate instanceof X509Certificate)) {
            throw new CertPathValidatorException("checker can only be used for X.509 certificates");
        }
        X509Certificate x509Certificate = (X509Certificate) certificate;
        X509Certificate x509Certificate2 = this.c;
        if (x509Certificate2 != null) {
            c(this.a, this.b, x509Certificate, x509Certificate2);
        }
        this.c = x509Certificate;
    }

    @Override // java.security.cert.PKIXCertPathChecker
    public final Set<String> getSupportedExtensions() {
        return null;
    }

    @Override // java.security.cert.PKIXCertPathChecker, java.security.cert.CertPathChecker
    public final void init(boolean z) throws CertPathValidatorException {
        if (z) {
            throw new CertPathValidatorException("forward checking not supported");
        }
        this.c = null;
    }

    @Override // java.security.cert.PKIXCertPathChecker, java.security.cert.CertPathChecker
    public final boolean isForwardCheckingSupported() {
        return false;
    }
}
