package org.bouncycastle.tls.crypto.impl.jcajce;

import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.security.GeneralSecurityException;
import java.security.PublicKey;
import java.security.cert.CertificateEncodingException;
import java.security.cert.X509Certificate;
import java.security.interfaces.DSAPublicKey;
import java.security.interfaces.ECPublicKey;
import java.security.interfaces.RSAPublicKey;
import javax.crypto.interfaces.DHPublicKey;
import org.bouncycastle.tls.TlsFatalAlert;
import org.bouncycastle.tls.a3;
import org.bouncycastle.tls.crypto.TlsCryptoException;

/* loaded from: classes2.dex */
public class g implements org.bouncycastle.tls.crypto.f {
    protected final h a;

    /* renamed from: b, reason: collision with root package name */
    protected final X509Certificate f13522b;

    /* renamed from: c, reason: collision with root package name */
    protected DHPublicKey f13523c;

    /* renamed from: d, reason: collision with root package name */
    protected PublicKey f13524d;

    public g(h hVar, X509Certificate x509Certificate) {
        this.a = hVar;
        this.f13522b = x509Certificate;
    }

    public g(h hVar, byte[] bArr) throws IOException {
        this(hVar, s(hVar.c0(), bArr));
    }

    public static g h(h hVar, org.bouncycastle.tls.crypto.f fVar) throws IOException {
        return fVar instanceof g ? (g) fVar : new g(hVar, fVar.getEncoded());
    }

    public static X509Certificate s(org.bouncycastle.jcajce.util.c cVar, byte[] bArr) throws IOException {
        try {
            ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(org.bouncycastle.asn1.x509.h.s(bArr).q("DER"));
            X509Certificate x509Certificate = (X509Certificate) cVar.f("X.509").generateCertificate(byteArrayInputStream);
            if (byteArrayInputStream.available() != 0) {
                throw new IOException("Extra data detected in stream");
            }
            if (3 == x509Certificate.getVersion()) {
                return x509Certificate;
            }
            throw new TlsFatalAlert((short) 42);
        } catch (GeneralSecurityException e2) {
            throw new TlsCryptoException("unable to decode certificate", e2);
        }
    }

    protected void A(short s) throws IOException {
        if (!v(s)) {
            throw new TlsFatalAlert((short) 46);
        }
    }

    protected void B() throws IOException {
        if (!w()) {
            throw new TlsFatalAlert((short) 46);
        }
    }

    @Override // org.bouncycastle.tls.crypto.f
    public boolean a(short s) throws IOException {
        if (t(0)) {
            return r(s);
        }
        return false;
    }

    @Override // org.bouncycastle.tls.crypto.f
    public org.bouncycastle.tls.crypto.f b(int i, int i2) throws IOException {
        if (i2 == 7 || i2 == 9) {
            y(4);
            this.f13523c = i();
            return this;
        }
        if (i2 == 16 || i2 == 18) {
            y(4);
            k();
            return this;
        }
        if (i != 0 || (i2 != 1 && i2 != 15)) {
            throw new TlsFatalAlert((short) 46);
        }
        y(2);
        this.f13524d = n();
        return this;
    }

    @Override // org.bouncycastle.tls.crypto.f
    public String c() {
        return this.f13522b.getSigAlgOID();
    }

    @Override // org.bouncycastle.tls.crypto.f
    public short d() throws IOException {
        PublicKey o = o();
        if (!t(0)) {
            return (short) -1;
        }
        if (o instanceof RSAPublicKey) {
            return (short) 1;
        }
        if (o instanceof DSAPublicKey) {
            return (short) 2;
        }
        return o instanceof ECPublicKey ? (short) 3 : (short) -1;
    }

    @Override // org.bouncycastle.tls.crypto.f
    public org.bouncycastle.tls.crypto.c0 e(short s) throws IOException {
        y(0);
        switch (s) {
            case 1:
                z();
                return new y(this.a, n());
            case 2:
                return new j(this.a, j());
            case 3:
                return new n(this.a, k());
            case 4:
            case 5:
            case 6:
                B();
                return new w(this.a, n(), s);
            case 7:
                return new p(this.a, l());
            case 8:
                return new r(this.a, m());
            case 9:
            case 10:
            case 11:
                A(s);
                return new w(this.a, n(), s);
            default:
                throw new TlsFatalAlert((short) 46);
        }
    }

    @Override // org.bouncycastle.tls.crypto.f
    public byte[] f(org.bouncycastle.asn1.n nVar) throws IOException {
        byte[] extensionValue = this.f13522b.getExtensionValue(nVar.F());
        if (extensionValue == null) {
            return null;
        }
        return ((org.bouncycastle.asn1.o) org.bouncycastle.asn1.r.x(extensionValue)).D();
    }

    @Override // org.bouncycastle.tls.crypto.f
    public org.bouncycastle.asn1.e g() throws IOException {
        byte[] sigAlgParams = this.f13522b.getSigAlgParams();
        if (sigAlgParams == null) {
            return null;
        }
        return a3.v1(sigAlgParams);
    }

    @Override // org.bouncycastle.tls.crypto.f
    public byte[] getEncoded() throws IOException {
        try {
            return this.f13522b.getEncoded();
        } catch (CertificateEncodingException e2) {
            throw new TlsCryptoException("unable to encode certificate: " + e2.getMessage(), e2);
        }
    }

    DHPublicKey i() throws IOException {
        try {
            return (DHPublicKey) o();
        } catch (ClassCastException e2) {
            throw new TlsFatalAlert((short) 46, e2);
        }
    }

    DSAPublicKey j() throws IOException {
        try {
            return (DSAPublicKey) o();
        } catch (ClassCastException e2) {
            throw new TlsFatalAlert((short) 46, e2);
        }
    }

    ECPublicKey k() throws IOException {
        try {
            return (ECPublicKey) o();
        } catch (ClassCastException e2) {
            throw new TlsFatalAlert((short) 46, e2);
        }
    }

    PublicKey l() throws IOException {
        PublicKey o = o();
        if ("Ed25519".equals(o.getAlgorithm())) {
            return o;
        }
        throw new TlsFatalAlert((short) 46);
    }

    PublicKey m() throws IOException {
        PublicKey o = o();
        if ("Ed448".equals(o.getAlgorithm())) {
            return o;
        }
        throw new TlsFatalAlert((short) 46);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public PublicKey n() throws IOException {
        return o();
    }

    protected PublicKey o() throws IOException {
        try {
            return this.f13522b.getPublicKey();
        } catch (RuntimeException e2) {
            throw new TlsFatalAlert((short) 42, e2);
        }
    }

    protected org.bouncycastle.asn1.x509.x p() throws IOException {
        return org.bouncycastle.asn1.x509.x.t(o().getEncoded());
    }

    public X509Certificate q() {
        return this.f13522b;
    }

    protected boolean r(short s) throws IOException {
        String algorithm;
        String str;
        PublicKey o = o();
        switch (s) {
            case 1:
                return u() && (o instanceof RSAPublicKey);
            case 2:
                return o instanceof DSAPublicKey;
            case 3:
                return o instanceof ECPublicKey;
            case 4:
            case 5:
            case 6:
                return w() && (o instanceof RSAPublicKey);
            case 7:
                algorithm = o.getAlgorithm();
                str = "Ed25519";
                break;
            case 8:
                algorithm = o.getAlgorithm();
                str = "Ed448";
                break;
            case 9:
            case 10:
            case 11:
                return v(s) && (o instanceof RSAPublicKey);
            default:
                return false;
        }
        return str.equals(algorithm);
    }

    protected boolean t(int i) {
        boolean[] keyUsage = this.f13522b.getKeyUsage();
        return keyUsage == null || (keyUsage.length > i && keyUsage[i]);
    }

    protected boolean u() throws IOException {
        return org.bouncycastle.tls.crypto.d0.c.a(p().r());
    }

    protected boolean v(short s) throws IOException {
        return org.bouncycastle.tls.crypto.d0.c.b(s, p().r());
    }

    protected boolean w() throws IOException {
        return org.bouncycastle.tls.crypto.d0.c.c(p().r());
    }

    public boolean x(short s) throws IOException {
        return r(s);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void y(int i) throws IOException {
        if (!t(i)) {
            throw new TlsFatalAlert((short) 46);
        }
    }

    protected void z() throws IOException {
        if (!u()) {
            throw new TlsFatalAlert((short) 46);
        }
    }
}
