package ln;

import java.io.IOException;
import java.security.AlgorithmParameters;
import java.security.GeneralSecurityException;
import java.security.PublicKey;
import java.security.cert.CertPathValidatorException;
import java.security.cert.Certificate;
import java.security.cert.CertificateParsingException;
import java.security.cert.PKIXCertPathChecker;
import java.security.cert.X509Certificate;
import java.util.Collection;
import java.util.Collections;
import java.util.HashMap;
import java.util.HashSet;
import java.util.List;
import java.util.Map;
import java.util.Objects;
import java.util.Set;

/* loaded from: classes2.dex */
public class i0 extends PKIXCertPathChecker {

    /* renamed from: p0, reason: collision with root package name */
    public final boolean f19881p0;

    /* renamed from: q0, reason: collision with root package name */
    public final gn.b f19882q0;

    /* renamed from: r0, reason: collision with root package name */
    public final kn.a f19883r0;

    /* renamed from: s0, reason: collision with root package name */
    public X509Certificate f19884s0;

    /* renamed from: t0, reason: collision with root package name */
    public static final Map<String, String> f19874t0 = i();

    /* renamed from: u0, reason: collision with root package name */
    public static final Set<String> f19875u0 = k();

    /* renamed from: v0, reason: collision with root package name */
    public static final byte[] f19876v0 = {5, 0};

    /* renamed from: w0, reason: collision with root package name */
    public static final String f19877w0 = a0.v("SHA256withRSAandMGF1", "RSASSA-PSS");

    /* renamed from: x0, reason: collision with root package name */
    public static final String f19878x0 = a0.v("SHA384withRSAandMGF1", "RSASSA-PSS");

    /* renamed from: y0, reason: collision with root package name */
    public static final String f19879y0 = a0.v("SHA512withRSAandMGF1", "RSASSA-PSS");

    /* renamed from: z0, reason: collision with root package name */
    public static final String f19880z0 = a0.v("SHA256withRSAandMGF1", "RSA");
    public static final String A0 = a0.v("SHA384withRSAandMGF1", "RSA");
    public static final String B0 = a0.v("SHA512withRSAandMGF1", "RSA");

    public i0(boolean z10, gn.b bVar, kn.a aVar) {
        Objects.requireNonNull(bVar, "'helper' cannot be null");
        Objects.requireNonNull(aVar, "'algorithmConstraints' cannot be null");
        this.f19881p0 = z10;
        this.f19882q0 = bVar;
        this.f19883r0 = aVar;
        this.f19884s0 = null;
    }

    public static void a(gn.b bVar, kn.a aVar, X509Certificate[] x509CertificateArr, rm.f fVar, int i10) throws CertPathValidatorException {
        X509Certificate x509Certificate = x509CertificateArr[x509CertificateArr.length - 1];
        if (x509CertificateArr.length > 1) {
            h(bVar, aVar, x509CertificateArr[x509CertificateArr.length - 2], x509Certificate);
        }
        e(bVar, aVar, x509CertificateArr[0], fVar, i10);
    }

    public static void d(boolean z10, gn.b bVar, kn.a aVar, Set<X509Certificate> set, X509Certificate[] x509CertificateArr, rm.f fVar, int i10) throws CertPathValidatorException {
        int length = x509CertificateArr.length;
        while (length > 0 && set.contains(x509CertificateArr[length - 1])) {
            length--;
        }
        if (length < x509CertificateArr.length) {
            X509Certificate x509Certificate = x509CertificateArr[length];
            if (length > 0) {
                h(bVar, aVar, x509CertificateArr[length - 1], x509Certificate);
            }
        } else {
            f(bVar, aVar, x509CertificateArr[length - 1]);
        }
        i0 i0Var = new i0(z10, bVar, aVar);
        i0Var.init(false);
        for (int i11 = length - 1; i11 >= 0; i11--) {
            i0Var.check(x509CertificateArr[i11], Collections.emptySet());
        }
        e(bVar, aVar, x509CertificateArr[0], fVar, i10);
    }

    public static void e(gn.b bVar, kn.a aVar, X509Certificate x509Certificate, rm.f fVar, int i10) throws CertPathValidatorException {
        if (fVar != null && !t(x509Certificate, fVar)) {
            throw new CertPathValidatorException("Certificate doesn't support '" + m(fVar) + "' ExtendedKeyUsage");
        }
        if (i10 >= 0) {
            if (!w(x509Certificate, i10)) {
                throw new CertPathValidatorException("Certificate doesn't support '" + n(i10) + "' KeyUsage");
            }
            if (aVar.permits(o(i10), x509Certificate.getPublicKey())) {
                return;
            }
            throw new CertPathValidatorException("Public key not permitted for '" + n(i10) + "' KeyUsage");
        }
    }

    public static void f(gn.b bVar, kn.a aVar, X509Certificate x509Certificate) throws CertPathValidatorException {
        String p10 = p(x509Certificate, null);
        if (!a0.Q(p10)) {
            throw new CertPathValidatorException("Signature algorithm could not be determined");
        }
        if (aVar.permits(a0.f19731i, p10, q(bVar, x509Certificate))) {
            return;
        }
        throw new CertPathValidatorException("Signature algorithm '" + p10 + "' not permitted with given parameters");
    }

    public static void h(gn.b bVar, kn.a aVar, X509Certificate x509Certificate, X509Certificate x509Certificate2) throws CertPathValidatorException {
        String p10 = p(x509Certificate, x509Certificate2);
        if (!a0.Q(p10)) {
            throw new CertPathValidatorException("Signature algorithm could not be determined");
        }
        if (aVar.permits(a0.f19731i, p10, x509Certificate2.getPublicKey(), q(bVar, x509Certificate))) {
            return;
        }
        throw new CertPathValidatorException("Signature algorithm '" + p10 + "' not permitted with given parameters and issuer public key");
    }

    public static Map<String, String> i() {
        HashMap hashMap = new HashMap(4);
        hashMap.put(fm.a.f12541d.Q(), "Ed25519");
        hashMap.put(fm.a.f12542e.Q(), "Ed448");
        hashMap.put(km.a.f18954b.Q(), "SHA1withDSA");
        hashMap.put(sm.j.f27872h0.Q(), "SHA1withDSA");
        return Collections.unmodifiableMap(hashMap);
    }

    public static Set<String> k() {
        HashSet hashSet = new HashSet();
        hashSet.add(km.a.f18954b.Q());
        hashSet.add(sm.j.f27872h0.Q());
        hashSet.add(lm.a.f19687e.Q());
        return Collections.unmodifiableSet(hashSet);
    }

    public static String m(rm.f fVar) {
        if (rm.f.f26880t0.equals(fVar)) {
            return "clientAuth";
        }
        if (rm.f.f26879s0.equals(fVar)) {
            return "serverAuth";
        }
        return "(" + fVar + ")";
    }

    public static String n(int i10) {
        if (i10 == 0) {
            return "digitalSignature";
        }
        if (i10 == 2) {
            return "keyEncipherment";
        }
        if (i10 == 4) {
            return "keyAgreement";
        }
        return "(" + i10 + ")";
    }

    public static Set<kn.b> o(int i10) {
        return i10 != 2 ? i10 != 4 ? a0.f19731i : a0.f19729g : a0.f19730h;
    }

    public static String p(X509Certificate x509Certificate, X509Certificate x509Certificate2) {
        org.bouncycastle.asn1.r y5;
        String sigAlgOID = x509Certificate.getSigAlgOID();
        String str = f19874t0.get(sigAlgOID);
        if (str != null) {
            return str;
        }
        if (!lm.a.f19687e.Q().equals(sigAlgOID)) {
            return x509Certificate.getSigAlgName();
        }
        lm.c z10 = lm.c.z(x509Certificate.getSigAlgParams());
        if (z10 != null && (y5 = z10.y().y()) != null) {
            if (x509Certificate2 != null) {
                x509Certificate = x509Certificate2;
            }
            try {
                no.g gVar = new no.g((no.h) null, x509Certificate);
                if (im.b.f16468c.I(y5)) {
                    if (gVar.z((short) 9)) {
                        return f19877w0;
                    }
                    if (gVar.z((short) 4)) {
                        return f19880z0;
                    }
                } else if (im.b.f16469d.I(y5)) {
                    if (gVar.z((short) 10)) {
                        return f19878x0;
                    }
                    if (gVar.z((short) 5)) {
                        return A0;
                    }
                } else if (im.b.f16470e.I(y5)) {
                    if (gVar.z((short) 11)) {
                        return f19879y0;
                    }
                    if (gVar.z((short) 6)) {
                        return B0;
                    }
                }
            } catch (IOException unused) {
            }
        }
        return null;
    }

    public static AlgorithmParameters q(gn.b bVar, X509Certificate x509Certificate) throws CertPathValidatorException {
        byte[] sigAlgParams = x509Certificate.getSigAlgParams();
        if (sigAlgParams == null) {
            return null;
        }
        String sigAlgOID = x509Certificate.getSigAlgOID();
        if (f19875u0.contains(sigAlgOID) && org.bouncycastle.util.a.d(f19876v0, sigAlgParams)) {
            return null;
        }
        try {
            AlgorithmParameters g10 = bVar.g(sigAlgOID);
            try {
                g10.init(sigAlgParams);
                return g10;
            } catch (Exception e10) {
                throw new CertPathValidatorException(e10);
            }
        } catch (GeneralSecurityException unused) {
            return null;
        }
    }

    public static boolean r(PublicKey publicKey) {
        try {
            rm.a y5 = org.bouncycastle.asn1.x509.a.z(publicKey.getEncoded()).y();
            if (!sm.j.B.I(y5.y())) {
                return true;
            }
            xl.b B = y5.B();
            if (B != null) {
                return B.f() instanceof org.bouncycastle.asn1.r;
            }
            return false;
        } catch (Exception unused) {
            return false;
        }
    }

    public static boolean s(PublicKey publicKey, boolean[] zArr, int i10, kn.a aVar) {
        return x(zArr, i10) && aVar.permits(o(i10), publicKey);
    }

    public static boolean t(X509Certificate x509Certificate, rm.f fVar) {
        try {
            return v(x509Certificate.getExtendedKeyUsage(), fVar);
        } catch (CertificateParsingException unused) {
            return false;
        }
    }

    public static boolean v(List<String> list, rm.f fVar) {
        return list == null || list.contains(fVar.y()) || list.contains(rm.f.f26878r0.y());
    }

    public static boolean w(X509Certificate x509Certificate, int i10) {
        return x(x509Certificate.getKeyUsage(), i10);
    }

    public static boolean x(boolean[] zArr, int i10) {
        return zArr == null || (zArr.length > i10 && zArr[i10]);
    }

    @Override // java.security.cert.PKIXCertPathChecker
    public void check(Certificate certificate, Collection<String> collection) throws CertPathValidatorException {
        if (!(certificate instanceof X509Certificate)) {
            throw new CertPathValidatorException("checker can only be used for X.509 certificates");
        }
        X509Certificate x509Certificate = (X509Certificate) certificate;
        if (this.f19881p0 && !r(x509Certificate.getPublicKey())) {
            throw new CertPathValidatorException("non-FIPS public key found");
        }
        X509Certificate x509Certificate2 = this.f19884s0;
        if (x509Certificate2 != null) {
            h(this.f19882q0, this.f19883r0, x509Certificate, x509Certificate2);
        }
        this.f19884s0 = x509Certificate;
    }

    @Override // java.security.cert.PKIXCertPathChecker
    public Set<String> getSupportedExtensions() {
        return null;
    }

    @Override // java.security.cert.PKIXCertPathChecker, java.security.cert.CertPathChecker
    public void init(boolean z10) throws CertPathValidatorException {
        if (z10) {
            throw new CertPathValidatorException("forward checking not supported");
        }
        this.f19884s0 = null;
    }

    @Override // java.security.cert.PKIXCertPathChecker, java.security.cert.CertPathChecker
    public boolean isForwardCheckingSupported() {
        return false;
    }
}
