package h7;

import c7.SignedCertificateTimestamp;
import com.nimbusds.jose.jwk.JWKParameterNames;
import i7.IssuerInformation;
import j7.LogServer;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.io.OutputStream;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.Signature;
import java.security.SignatureException;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateParsingException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.List;
import kotlin.AbstractC3209e;
import kotlin.Metadata;
import kotlin.io.CloseableKt;
import kotlin.jvm.internal.Intrinsics;
import org.bouncycastle.asn1.ASN1InputStream;
import org.bouncycastle.asn1.ASN1ObjectIdentifier;
import org.bouncycastle.asn1.x500.X500Name;
import org.bouncycastle.asn1.x509.Certificate;
import org.bouncycastle.asn1.x509.Extension;
import org.bouncycastle.asn1.x509.Extensions;
import org.bouncycastle.asn1.x509.TBSCertificate;
import org.bouncycastle.asn1.x509.V3TBSCertificateGenerator;
import org.bouncycastle.util.encoders.Base64;
import org.jetbrains.annotations.NotNull;

/* compiled from: LogSignatureVerifier.kt */
@Metadata(d1 = {"\u0000d\n\u0002\u0018\u0002\n\u0002\u0010\u0000\n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0000\n\u0002\u0010 \n\u0000\n\u0002\u0018\u0002\n\u0000\n\u0002\u0010\u0012\n\u0000\n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0002\u0010\u000b\n\u0000\n\u0002\u0018\u0002\n\u0002\b\u0005\n\u0002\u0018\u0002\n\u0002\u0018\u0002\n\u0002\b\u0006\n\u0002\u0018\u0002\n\u0002\b\u0005\b\u0000\u0018\u0000 \r2\u00020\u0001:\u0001\u0007B\u000f\u0012\u0006\u0010'\u001a\u00020%¢\u0006\u0004\b(\u0010)J\u0018\u0010\u0007\u001a\u00020\u00062\u0006\u0010\u0003\u001a\u00020\u00022\u0006\u0010\u0005\u001a\u00020\u0004H\u0002J \u0010\r\u001a\b\u0012\u0004\u0012\u00020\n0\f2\u0006\u0010\t\u001a\u00020\b2\b\u0010\u000b\u001a\u0004\u0018\u00010\nH\u0002J\u0018\u0010\u0013\u001a\u00020\u00122\u0006\u0010\u000f\u001a\u00020\u000e2\u0006\u0010\u0011\u001a\u00020\u0010H\u0002J\f\u0010\u0016\u001a\u00020\u0015*\u00020\u0014H\u0002J\u0018\u0010\u0019\u001a\u00020\u00102\u0006\u0010\u0018\u001a\u00020\u00172\u0006\u0010\u000f\u001a\u00020\u000eH\u0002J \u0010\u001c\u001a\u00020\u00102\u0006\u0010\u001a\u001a\u00020\u00102\u0006\u0010\u001b\u001a\u00020\u00102\u0006\u0010\u000f\u001a\u00020\u000eH\u0002J\u0014\u0010\u001f\u001a\u00020\u001e*\u00020\u001d2\u0006\u0010\u000f\u001a\u00020\u000eH\u0002J\u001e\u0010!\u001a\u00020\u00122\u0006\u0010\u000f\u001a\u00020\u000e2\f\u0010 \u001a\b\u0012\u0004\u0012\u00020\u00170\fH\u0016J'\u0010#\u001a\u00020\u00122\u0006\u0010\u000f\u001a\u00020\u000e2\u0006\u0010\u0018\u001a\u00020\u00022\u0006\u0010\"\u001a\u00020\u0004H\u0000¢\u0006\u0004\b#\u0010$R\u0014\u0010'\u001a\u00020%8\u0002X\u0082\u0004¢\u0006\u0006\n\u0004\b\u0007\u0010&¨\u0006*"}, d2 = {"Lh7/i;", "", "Ljava/security/cert/X509Certificate;", "preCertificate", "Li7/b;", "issuerInformation", "Lorg/bouncycastle/asn1/x509/TBSCertificate;", "a", "Lorg/bouncycastle/asn1/x509/Extensions;", "extensions", "Lorg/bouncycastle/asn1/x509/Extension;", "replacementX509authorityKeyIdentifier", "", "b", "Lc7/h;", "sct", "", "toVerify", "Lz6/e;", "h", "Lorg/bouncycastle/asn1/x509/Certificate;", "", "c", "Ljava/security/cert/Certificate;", "certificate", JWKParameterNames.RSA_EXPONENT, "preCertBytes", "issuerKeyHash", "f", "Ljava/io/OutputStream;", "Lil0/c0;", "d", "chain", "i", "issuerInfo", "g", "(Lc7/h;Ljava/security/cert/X509Certificate;Li7/b;)Lz6/e;", "Lj7/b;", "Lj7/b;", "logServer", "<init>", "(Lj7/b;)V", "certificatetransparency"}, k = 1, mv = {1, 4, 0})
/* loaded from: classes.dex */
public final class i {

    /* renamed from: a, reason: collision with root package name and from kotlin metadata */
    private final LogServer logServer;

    public i(@NotNull LogServer logServer) {
        Intrinsics.checkNotNullParameter(logServer, "logServer");
        this.logServer = logServer;
    }

    private final TBSCertificate a(X509Certificate preCertificate, IssuerInformation issuerInformation) {
        boolean z11 = true;
        if (!(preCertificate.getVersion() >= 3)) {
            throw new IllegalArgumentException("Failed requirement.".toString());
        }
        ASN1InputStream aSN1InputStream = new ASN1InputStream(preCertificate.getEncoded());
        try {
            Certificate parsedPreCertificate = Certificate.getInstance(aSN1InputStream.readObject());
            Intrinsics.checkNotNullExpressionValue(parsedPreCertificate, "parsedPreCertificate");
            if (c(parsedPreCertificate) && issuerInformation.getIssuedByPreCertificateSigningCert()) {
                if (issuerInformation.getX509authorityKeyIdentifier() == null) {
                    z11 = false;
                }
                if (!z11) {
                    throw new IllegalArgumentException("Failed requirement.".toString());
                }
            }
            TBSCertificate tBSCertificate = parsedPreCertificate.getTBSCertificate();
            Intrinsics.checkNotNullExpressionValue(tBSCertificate, "parsedPreCertificate.tbsCertificate");
            Extensions extensions = tBSCertificate.getExtensions();
            Intrinsics.checkNotNullExpressionValue(extensions, "parsedPreCertificate.tbsCertificate.extensions");
            List<Extension> b11 = b(extensions, issuerInformation.getX509authorityKeyIdentifier());
            V3TBSCertificateGenerator v3TBSCertificateGenerator = new V3TBSCertificateGenerator();
            TBSCertificate tbsPart = parsedPreCertificate.getTBSCertificate();
            Intrinsics.checkNotNullExpressionValue(tbsPart, "tbsPart");
            v3TBSCertificateGenerator.setSerialNumber(tbsPart.getSerialNumber());
            v3TBSCertificateGenerator.setSignature(tbsPart.getSignature());
            X500Name name = issuerInformation.getName();
            if (name == null) {
                name = tbsPart.getIssuer();
            }
            v3TBSCertificateGenerator.setIssuer(name);
            v3TBSCertificateGenerator.setStartDate(tbsPart.getStartDate());
            v3TBSCertificateGenerator.setEndDate(tbsPart.getEndDate());
            v3TBSCertificateGenerator.setSubject(tbsPart.getSubject());
            v3TBSCertificateGenerator.setSubjectPublicKeyInfo(tbsPart.getSubjectPublicKeyInfo());
            v3TBSCertificateGenerator.setIssuerUniqueID(tbsPart.getIssuerUniqueId());
            v3TBSCertificateGenerator.setSubjectUniqueID(tbsPart.getSubjectUniqueId());
            Object[] array = b11.toArray(new Extension[0]);
            if (array == null) {
                throw new NullPointerException("null cannot be cast to non-null type kotlin.Array<T>");
            }
            v3TBSCertificateGenerator.setExtensions(new Extensions((Extension[]) array));
            TBSCertificate generateTBSCertificate = v3TBSCertificateGenerator.generateTBSCertificate();
            CloseableKt.closeFinally(aSN1InputStream, null);
            Intrinsics.checkNotNullExpressionValue(generateTBSCertificate, "ASN1InputStream(preCerti…BSCertificate()\n        }");
            return generateTBSCertificate;
        } finally {
        }
    }

    private final List<Extension> b(Extensions extensions, Extension replacementX509authorityKeyIdentifier) {
        int collectionSizeOrDefault;
        ASN1ObjectIdentifier[] extensionOIDs = extensions.getExtensionOIDs();
        Intrinsics.checkNotNullExpressionValue(extensionOIDs, "extensions.extensionOIDs");
        ArrayList arrayList = new ArrayList();
        for (ASN1ObjectIdentifier it : extensionOIDs) {
            Intrinsics.checkNotNullExpressionValue(it, "it");
            if (!Intrinsics.areEqual(it.getId(), "1.3.6.1.4.1.11129.2.4.3")) {
                arrayList.add(it);
            }
        }
        ArrayList<ASN1ObjectIdentifier> arrayList2 = new ArrayList();
        for (Object obj : arrayList) {
            ASN1ObjectIdentifier it2 = (ASN1ObjectIdentifier) obj;
            Intrinsics.checkNotNullExpressionValue(it2, "it");
            if (!Intrinsics.areEqual(it2.getId(), "1.3.6.1.4.1.11129.2.4.2")) {
                arrayList2.add(obj);
            }
        }
        collectionSizeOrDefault = kotlin.collections.l.collectionSizeOrDefault(arrayList2, 10);
        ArrayList arrayList3 = new ArrayList(collectionSizeOrDefault);
        for (ASN1ObjectIdentifier it3 : arrayList2) {
            Intrinsics.checkNotNullExpressionValue(it3, "it");
            arrayList3.add((!Intrinsics.areEqual(it3.getId(), "2.5.29.35") || replacementX509authorityKeyIdentifier == null) ? extensions.getExtension(it3) : replacementX509authorityKeyIdentifier);
        }
        return arrayList3;
    }

    private final boolean c(Certificate certificate) {
        TBSCertificate tbsCertificate = certificate.getTBSCertificate();
        Intrinsics.checkNotNullExpressionValue(tbsCertificate, "tbsCertificate");
        return tbsCertificate.getExtensions().getExtension(new ASN1ObjectIdentifier("2.5.29.35")) != null;
    }

    private final void d(OutputStream outputStream, SignedCertificateTimestamp signedCertificateTimestamp) {
        if (!(signedCertificateTimestamp.getSctVersion() == c7.l.V1)) {
            throw new IllegalArgumentException("Can only serialize SCT v1 for now.".toString());
        }
        f7.d.a(outputStream, signedCertificateTimestamp.getSctVersion().getNumber(), 1);
        f7.d.a(outputStream, 0L, 1);
        f7.d.a(outputStream, signedCertificateTimestamp.getTimestamp(), 8);
    }

    private final byte[] e(java.security.cert.Certificate certificate, SignedCertificateTimestamp sct) {
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        try {
            d(byteArrayOutputStream, sct);
            f7.d.a(byteArrayOutputStream, 0L, 2);
            byte[] encoded = certificate.getEncoded();
            Intrinsics.checkNotNullExpressionValue(encoded, "certificate.encoded");
            f7.d.b(byteArrayOutputStream, encoded, 16777215);
            f7.d.b(byteArrayOutputStream, sct.getExtensions(), 65535);
            byte[] byteArray = byteArrayOutputStream.toByteArray();
            CloseableKt.closeFinally(byteArrayOutputStream, null);
            Intrinsics.checkNotNullExpressionValue(byteArray, "ByteArrayOutputStream().…t.toByteArray()\n        }");
            return byteArray;
        } finally {
        }
    }

    private final byte[] f(byte[] preCertBytes, byte[] issuerKeyHash, SignedCertificateTimestamp sct) {
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        try {
            d(byteArrayOutputStream, sct);
            f7.d.a(byteArrayOutputStream, 1L, 2);
            byteArrayOutputStream.write(issuerKeyHash);
            f7.d.b(byteArrayOutputStream, preCertBytes, 16777215);
            f7.d.b(byteArrayOutputStream, sct.getExtensions(), 65535);
            byte[] byteArray = byteArrayOutputStream.toByteArray();
            CloseableKt.closeFinally(byteArrayOutputStream, null);
            Intrinsics.checkNotNullExpressionValue(byteArray, "ByteArrayOutputStream().…t.toByteArray()\n        }");
            return byteArray;
        } finally {
        }
    }

    private final AbstractC3209e h(SignedCertificateTimestamp sct, byte[] toVerify) {
        String str;
        AbstractC3209e lVar;
        if (Intrinsics.areEqual(this.logServer.getKey().getAlgorithm(), "EC")) {
            str = "SHA256withECDSA";
        } else {
            if (!Intrinsics.areEqual(this.logServer.getKey().getAlgorithm(), "RSA")) {
                String algorithm = this.logServer.getKey().getAlgorithm();
                Intrinsics.checkNotNullExpressionValue(algorithm, "logServer.key.algorithm");
                return new m(algorithm, null, 2, null);
            }
            str = "SHA256withRSA";
        }
        try {
            Signature signature = Signature.getInstance(str);
            signature.initVerify(this.logServer.getKey());
            signature.update(toVerify);
            return signature.verify(sct.getSignature().getSignature()) ? AbstractC3209e.b.f81094a : AbstractC3209e.a.b.f81088a;
        } catch (InvalidKeyException e11) {
            lVar = new h(e11);
            return lVar;
        } catch (NoSuchAlgorithmException e12) {
            lVar = new m(str, e12);
            return lVar;
        } catch (SignatureException e13) {
            lVar = new l(e13);
            return lVar;
        }
    }

    @NotNull
    public final AbstractC3209e g(@NotNull SignedCertificateTimestamp sct, @NotNull X509Certificate certificate, @NotNull IssuerInformation issuerInfo) {
        b bVar;
        Intrinsics.checkNotNullParameter(sct, "sct");
        Intrinsics.checkNotNullParameter(certificate, "certificate");
        Intrinsics.checkNotNullParameter(issuerInfo, "issuerInfo");
        try {
            byte[] encoded = a(certificate, issuerInfo).getEncoded();
            Intrinsics.checkNotNullExpressionValue(encoded, "preCertificateTBS.encoded");
            return h(sct, f(encoded, issuerInfo.getKeyHash(), sct));
        } catch (IOException e11) {
            bVar = new b(e11);
            return bVar;
        } catch (CertificateException e12) {
            bVar = new b(e12);
            return bVar;
        }
    }

    @NotNull
    public AbstractC3209e i(@NotNull SignedCertificateTimestamp sct, @NotNull List<? extends java.security.cert.Certificate> chain) {
        IssuerInformation d11;
        b bVar;
        Intrinsics.checkNotNullParameter(sct, "sct");
        Intrinsics.checkNotNullParameter(chain, "chain");
        long currentTimeMillis = System.currentTimeMillis();
        if (sct.getTimestamp() > currentTimeMillis) {
            return new AbstractC3209e.a.d(sct.getTimestamp(), currentTimeMillis);
        }
        if (this.logServer.getValidUntil() != null && sct.getTimestamp() > this.logServer.getValidUntil().longValue()) {
            return new AbstractC3209e.a.C2392e(sct.getTimestamp(), this.logServer.getValidUntil().longValue());
        }
        if (!Arrays.equals(this.logServer.getId(), sct.getId().getKeyId())) {
            String base64String = Base64.toBase64String(sct.getId().getKeyId());
            Intrinsics.checkNotNullExpressionValue(base64String, "Base64.toBase64String(sct.id.keyId)");
            String base64String2 = Base64.toBase64String(this.logServer.getId());
            Intrinsics.checkNotNullExpressionValue(base64String2, "Base64.toBase64String(logServer.id)");
            return new g(base64String, base64String2);
        }
        java.security.cert.Certificate certificate = chain.get(0);
        if (!g7.c.b(certificate) && !g7.c.a(certificate)) {
            try {
                return h(sct, e(certificate, sct));
            } catch (IOException e11) {
                bVar = new b(e11);
                return bVar;
            } catch (CertificateEncodingException e12) {
                bVar = new b(e12);
                return bVar;
            }
        }
        if (chain.size() < 2) {
            return j.f44889a;
        }
        java.security.cert.Certificate certificate2 = chain.get(1);
        try {
            if (!g7.c.c(certificate2)) {
                try {
                    d11 = g7.c.d(certificate2);
                } catch (NoSuchAlgorithmException e13) {
                    return new m("SHA-256", e13);
                }
            } else {
                if (chain.size() < 3) {
                    return k.f44890a;
                }
                try {
                    d11 = g7.c.e(certificate2, chain.get(2));
                } catch (IOException e14) {
                    return new a(e14);
                } catch (NoSuchAlgorithmException e15) {
                    return new m("SHA-256", e15);
                } catch (CertificateEncodingException e16) {
                    return new b(e16);
                }
            }
            return g(sct, (X509Certificate) certificate, d11);
        } catch (CertificateParsingException e17) {
            return new c(e17);
        }
    }
}
