package com.appmattus.certificatetransparency.internal.verifier;

import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.io.OutputStream;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.Signature;
import java.security.SignatureException;
import java.security.cert.Certificate;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateParsingException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.List;
import kotlin.collections.u;
import kotlin.jvm.internal.t;

/* loaded from: classes.dex */
public final class m {
    public static final l Companion = new l(null);
    public final com.appmattus.certificatetransparency.loglist.j a;

    public m(com.appmattus.certificatetransparency.loglist.j logServer) {
        t.e(logServer, "logServer");
        this.a = logServer;
    }

    public final org.bouncycastle.asn1.x509.h a(X509Certificate x509Certificate, com.appmattus.certificatetransparency.internal.verifier.model.h hVar) {
        boolean z = true;
        if (!(x509Certificate.getVersion() >= 3)) {
            throw new IllegalArgumentException("Failed requirement.".toString());
        }
        org.bouncycastle.asn1.j jVar = new org.bouncycastle.asn1.j(x509Certificate.getEncoded());
        try {
            org.bouncycastle.asn1.x509.b parsedPreCertificate = org.bouncycastle.asn1.x509.b.k(jVar.x());
            t.d(parsedPreCertificate, "parsedPreCertificate");
            if (c(parsedPreCertificate) && hVar.a()) {
                if (hVar.d() == null) {
                    z = false;
                }
                if (!z) {
                    throw new IllegalArgumentException("Failed requirement.".toString());
                }
            }
            org.bouncycastle.asn1.x509.e l = parsedPreCertificate.m().l();
            t.d(l, "parsedPreCertificate.tbsCertificate.extensions");
            List b = b(l, hVar.d());
            org.bouncycastle.asn1.x509.j jVar2 = new org.bouncycastle.asn1.x509.j();
            org.bouncycastle.asn1.x509.h m = parsedPreCertificate.m();
            jVar2.f(m.p());
            jVar2.g(m.q());
            org.bouncycastle.asn1.x500.c c = hVar.c();
            if (c == null) {
                c = m.n();
            }
            jVar2.d(c);
            jVar2.h(m.r());
            jVar2.b(m.k());
            jVar2.i(m.s());
            jVar2.j(m.t());
            jVar2.e(m.o());
            jVar2.k(m.u());
            Object[] array = b.toArray(new org.bouncycastle.asn1.x509.d[0]);
            if (array == null) {
                throw new NullPointerException("null cannot be cast to non-null type kotlin.Array<T>");
            }
            jVar2.c(new org.bouncycastle.asn1.x509.e((org.bouncycastle.asn1.x509.d[]) array));
            org.bouncycastle.asn1.x509.h a = jVar2.a();
            kotlin.io.b.a(jVar, null);
            t.d(a, "ASN1InputStream(preCerti…BSCertificate()\n        }");
            return a;
        } finally {
        }
    }

    public final List b(org.bouncycastle.asn1.x509.e eVar, org.bouncycastle.asn1.x509.d dVar) {
        org.bouncycastle.asn1.o[] l = eVar.l();
        t.d(l, "extensions.extensionOIDs");
        ArrayList arrayList = new ArrayList();
        for (org.bouncycastle.asn1.o oVar : l) {
            if (!t.a(oVar.w(), "1.3.6.1.4.1.11129.2.4.3")) {
                arrayList.add(oVar);
            }
        }
        ArrayList<org.bouncycastle.asn1.o> arrayList2 = new ArrayList();
        for (Object obj : arrayList) {
            if (!t.a(((org.bouncycastle.asn1.o) obj).w(), "1.3.6.1.4.1.11129.2.4.2")) {
                arrayList2.add(obj);
            }
        }
        ArrayList arrayList3 = new ArrayList(u.r(arrayList2, 10));
        for (org.bouncycastle.asn1.o oVar2 : arrayList2) {
            arrayList3.add((!t.a(oVar2.w(), "2.5.29.35") || dVar == null) ? eVar.k(oVar2) : dVar);
        }
        return arrayList3;
    }

    public final boolean c(org.bouncycastle.asn1.x509.b bVar) {
        return bVar.m().l().k(new org.bouncycastle.asn1.o("2.5.29.35")) != null;
    }

    public final void d(OutputStream outputStream, com.appmattus.certificatetransparency.internal.verifier.model.j jVar) {
        if (!(jVar.c() == com.appmattus.certificatetransparency.internal.verifier.model.l.V1)) {
            throw new IllegalArgumentException("Can only serialize SCT v1 for now.".toString());
        }
        com.appmattus.certificatetransparency.internal.serialization.c.a(outputStream, jVar.c().getNumber(), 1);
        com.appmattus.certificatetransparency.internal.serialization.c.a(outputStream, 0L, 1);
        com.appmattus.certificatetransparency.internal.serialization.c.a(outputStream, jVar.e(), 8);
    }

    public final byte[] e(Certificate certificate, com.appmattus.certificatetransparency.internal.verifier.model.j jVar) {
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        try {
            d(byteArrayOutputStream, jVar);
            com.appmattus.certificatetransparency.internal.serialization.c.a(byteArrayOutputStream, 0L, 2);
            byte[] encoded = certificate.getEncoded();
            t.d(encoded, "certificate.encoded");
            com.appmattus.certificatetransparency.internal.serialization.c.b(byteArrayOutputStream, encoded, 16777215);
            com.appmattus.certificatetransparency.internal.serialization.c.b(byteArrayOutputStream, jVar.a(), 65535);
            byte[] byteArray = byteArrayOutputStream.toByteArray();
            kotlin.io.b.a(byteArrayOutputStream, null);
            t.d(byteArray, "ByteArrayOutputStream().…t.toByteArray()\n        }");
            return byteArray;
        } finally {
        }
    }

    public final byte[] f(byte[] bArr, byte[] bArr2, com.appmattus.certificatetransparency.internal.verifier.model.j jVar) {
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        try {
            d(byteArrayOutputStream, jVar);
            com.appmattus.certificatetransparency.internal.serialization.c.a(byteArrayOutputStream, 1L, 2);
            byteArrayOutputStream.write(bArr2);
            com.appmattus.certificatetransparency.internal.serialization.c.b(byteArrayOutputStream, bArr, 16777215);
            com.appmattus.certificatetransparency.internal.serialization.c.b(byteArrayOutputStream, jVar.a(), 65535);
            byte[] byteArray = byteArrayOutputStream.toByteArray();
            kotlin.io.b.a(byteArrayOutputStream, null);
            t.d(byteArray, "ByteArrayOutputStream().…t.toByteArray()\n        }");
            return byteArray;
        } finally {
        }
    }

    public final com.appmattus.certificatetransparency.m g(com.appmattus.certificatetransparency.internal.verifier.model.j sct, X509Certificate certificate, com.appmattus.certificatetransparency.internal.verifier.model.h issuerInfo) {
        b bVar;
        t.e(sct, "sct");
        t.e(certificate, "certificate");
        t.e(issuerInfo, "issuerInfo");
        try {
            byte[] encoded = a(certificate, issuerInfo).getEncoded();
            t.d(encoded, "preCertificateTBS.encoded");
            return h(sct, f(encoded, issuerInfo.b(), sct));
        } catch (IOException e) {
            bVar = new b(e);
            return bVar;
        } catch (CertificateException e2) {
            bVar = new b(e2);
            return bVar;
        }
    }

    public final com.appmattus.certificatetransparency.m h(com.appmattus.certificatetransparency.internal.verifier.model.j jVar, byte[] bArr) {
        String str;
        com.appmattus.certificatetransparency.m pVar;
        if (t.a(this.a.b().getAlgorithm(), "EC")) {
            str = "SHA256withECDSA";
        } else {
            if (!t.a(this.a.b().getAlgorithm(), "RSA")) {
                String algorithm = this.a.b().getAlgorithm();
                t.d(algorithm, "logServer.key.algorithm");
                return new q(algorithm, null, 2, null);
            }
            str = "SHA256withRSA";
        }
        try {
            Signature signature = Signature.getInstance(str);
            signature.initVerify(this.a.b());
            signature.update(bArr);
            return signature.verify(jVar.d().a()) ? com.appmattus.certificatetransparency.l.a : com.appmattus.certificatetransparency.f.a;
        } catch (InvalidKeyException e) {
            pVar = new k(e);
            return pVar;
        } catch (NoSuchAlgorithmException e2) {
            pVar = new q(str, e2);
            return pVar;
        } catch (SignatureException e3) {
            pVar = new p(e3);
            return pVar;
        }
    }

    public com.appmattus.certificatetransparency.m i(com.appmattus.certificatetransparency.internal.verifier.model.j sct, List chain) {
        com.appmattus.certificatetransparency.internal.verifier.model.h d;
        b bVar;
        t.e(sct, "sct");
        t.e(chain, "chain");
        long currentTimeMillis = System.currentTimeMillis();
        if (sct.e() > currentTimeMillis) {
            return new com.appmattus.certificatetransparency.h(sct.e(), currentTimeMillis);
        }
        if (this.a.c() != null && sct.e() > this.a.c().longValue()) {
            return new com.appmattus.certificatetransparency.i(sct.e(), this.a.c().longValue());
        }
        if (!Arrays.equals(this.a.a(), sct.b().a())) {
            String c = org.bouncycastle.util.encoders.a.c(sct.b().a());
            t.d(c, "toBase64String(sct.id.keyId)");
            String c2 = org.bouncycastle.util.encoders.a.c(this.a.a());
            t.d(c2, "toBase64String(logServer.id)");
            return new j(c, c2);
        }
        Certificate certificate = (Certificate) chain.get(0);
        if (!com.appmattus.certificatetransparency.internal.utils.b.b(certificate) && !com.appmattus.certificatetransparency.internal.utils.b.a(certificate)) {
            try {
                return h(sct, e(certificate, sct));
            } catch (IOException e) {
                bVar = new b(e);
                return bVar;
            } catch (CertificateEncodingException e2) {
                bVar = new b(e2);
                return bVar;
            }
        }
        if (chain.size() < 2) {
            return n.a;
        }
        Certificate certificate2 = (Certificate) chain.get(1);
        try {
            if (!com.appmattus.certificatetransparency.internal.utils.b.c(certificate2)) {
                try {
                    d = com.appmattus.certificatetransparency.internal.utils.b.d(certificate2);
                } catch (NoSuchAlgorithmException e3) {
                    return new q("SHA-256", e3);
                }
            } else {
                if (chain.size() < 3) {
                    return o.a;
                }
                try {
                    d = com.appmattus.certificatetransparency.internal.utils.b.e(certificate2, (Certificate) chain.get(2));
                } catch (IOException e4) {
                    return new a(e4);
                } catch (NoSuchAlgorithmException e5) {
                    return new q("SHA-256", e5);
                } catch (CertificateEncodingException e6) {
                    return new b(e6);
                }
            }
            return g(sct, (X509Certificate) certificate, d);
        } catch (CertificateParsingException e7) {
            return new c(e7);
        }
    }
}
