package k.a.c.l;

import java.security.AlgorithmParameters;
import java.security.GeneralSecurityException;
import java.security.PublicKey;
import java.security.cert.CertPathValidatorException;
import java.security.cert.Certificate;
import java.security.cert.CertificateParsingException;
import java.security.cert.PKIXCertPathChecker;
import java.security.cert.X509Certificate;
import java.util.Collection;
import java.util.Collections;
import java.util.HashMap;
import java.util.HashSet;
import java.util.List;
import java.util.Map;
import java.util.Objects;
import java.util.Set;

/* loaded from: classes3.dex */
class f0 extends PKIXCertPathChecker {
    private static final Map<String, String> d = g();

    /* renamed from: e, reason: collision with root package name */
    private static final Set<String> f4046e = h();

    /* renamed from: f, reason: collision with root package name */
    private static final byte[] f4047f = {5, 0};
    private final k.a.a.d.c a;
    private final k.a.c.k.a.a b;
    private X509Certificate c;

    /* JADX INFO: Access modifiers changed from: package-private */
    public f0(k.a.a.d.c cVar, k.a.c.k.a.a aVar) {
        Objects.requireNonNull(cVar, "'helper' cannot be null");
        Objects.requireNonNull(aVar, "'algorithmConstraints' cannot be null");
        this.a = cVar;
        this.b = aVar;
        this.c = null;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static void a(k.a.a.d.c cVar, k.a.c.k.a.a aVar, X509Certificate[] x509CertificateArr, org.bouncycastle.asn1.x509.p pVar, int i2) throws CertPathValidatorException {
        X509Certificate x509Certificate = x509CertificateArr[x509CertificateArr.length - 1];
        if (x509CertificateArr.length > 1) {
            e(cVar, aVar, x509CertificateArr[x509CertificateArr.length - 2], x509Certificate);
        }
        c(cVar, aVar, x509CertificateArr[0], pVar, i2);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static void b(k.a.a.d.c cVar, k.a.c.k.a.a aVar, Set<X509Certificate> set, X509Certificate[] x509CertificateArr, org.bouncycastle.asn1.x509.p pVar, int i2) throws CertPathValidatorException {
        int length = x509CertificateArr.length;
        while (length > 0 && set.contains(x509CertificateArr[length - 1])) {
            length--;
        }
        if (length < x509CertificateArr.length) {
            X509Certificate x509Certificate = x509CertificateArr[length];
            if (length > 0) {
                e(cVar, aVar, x509CertificateArr[length - 1], x509Certificate);
            }
        } else {
            d(cVar, aVar, x509CertificateArr[length - 1]);
        }
        f0 f0Var = new f0(cVar, aVar);
        f0Var.init(false);
        for (int i3 = length - 1; i3 >= 0; i3--) {
            f0Var.check(x509CertificateArr[i3]);
        }
        c(cVar, aVar, x509CertificateArr[0], pVar, i2);
    }

    private static void c(k.a.a.d.c cVar, k.a.c.k.a.a aVar, X509Certificate x509Certificate, org.bouncycastle.asn1.x509.p pVar, int i2) throws CertPathValidatorException {
        if (pVar != null && !o(x509Certificate, pVar)) {
            throw new CertPathValidatorException("Certificate doesn't support '" + i(pVar) + "' ExtendedKeyUsage");
        }
        if (i2 >= 0) {
            if (!q(x509Certificate, i2)) {
                throw new CertPathValidatorException("Certificate doesn't support '" + j(i2) + "' KeyUsage");
            }
            if (aVar.permits(k(i2), x509Certificate.getPublicKey())) {
                return;
            }
            throw new CertPathValidatorException("Public key not permitted for '" + j(i2) + "' KeyUsage");
        }
    }

    private static void d(k.a.a.d.c cVar, k.a.c.k.a.a aVar, X509Certificate x509Certificate) throws CertPathValidatorException {
        if (!aVar.permits(z.f4124f, l(x509Certificate), m(cVar, x509Certificate))) {
            throw new CertPathValidatorException();
        }
    }

    private static void e(k.a.a.d.c cVar, k.a.c.k.a.a aVar, X509Certificate x509Certificate, X509Certificate x509Certificate2) throws CertPathValidatorException {
        if (!aVar.permits(z.f4124f, l(x509Certificate), x509Certificate2.getPublicKey(), m(cVar, x509Certificate))) {
            throw new CertPathValidatorException();
        }
    }

    private static Map<String, String> g() {
        HashMap hashMap = new HashMap();
        hashMap.put(org.bouncycastle.asn1.j2.a.d.u(), "Ed25519");
        hashMap.put(org.bouncycastle.asn1.j2.a.f4417e.u(), "Ed448");
        hashMap.put(org.bouncycastle.asn1.r2.a.b.u(), "SHA1withDSA");
        hashMap.put(org.bouncycastle.asn1.w2.a.o.u(), "SHA1withDSA");
        return Collections.unmodifiableMap(hashMap);
    }

    private static Set<String> h() {
        HashSet hashSet = new HashSet();
        hashSet.add(org.bouncycastle.asn1.r2.a.b.u());
        hashSet.add(org.bouncycastle.asn1.w2.a.o.u());
        return Collections.unmodifiableSet(hashSet);
    }

    static String i(org.bouncycastle.asn1.x509.p pVar) {
        if (org.bouncycastle.asn1.x509.p.f4498e.equals(pVar)) {
            return "clientAuth";
        }
        if (org.bouncycastle.asn1.x509.p.d.equals(pVar)) {
            return "serverAuth";
        }
        return "(" + pVar + ")";
    }

    static String j(int i2) {
        if (i2 == 0) {
            return "digitalSignature";
        }
        if (i2 == 2) {
            return "keyEncipherment";
        }
        if (i2 == 4) {
            return "keyAgreement";
        }
        return "(" + i2 + ")";
    }

    static Set<k.a.c.k.a.b> k(int i2) {
        return i2 != 2 ? i2 != 4 ? z.f4124f : z.d : z.f4123e;
    }

    static String l(X509Certificate x509Certificate) {
        String str = d.get(x509Certificate.getSigAlgOID());
        return str != null ? str : x509Certificate.getSigAlgName();
    }

    static AlgorithmParameters m(k.a.a.d.c cVar, X509Certificate x509Certificate) throws CertPathValidatorException {
        byte[] sigAlgParams = x509Certificate.getSigAlgParams();
        if (sigAlgParams == null) {
            return null;
        }
        String sigAlgOID = x509Certificate.getSigAlgOID();
        if (f4046e.contains(sigAlgOID) && org.bouncycastle.util.a.d(f4047f, sigAlgParams)) {
            return null;
        }
        try {
            AlgorithmParameters g2 = cVar.g(sigAlgOID);
            try {
                g2.init(sigAlgParams);
                return g2;
            } catch (Exception e2) {
                throw new CertPathValidatorException(e2);
            }
        } catch (GeneralSecurityException unused) {
            return null;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static boolean n(PublicKey publicKey, boolean[] zArr, int i2, k.a.c.k.a.a aVar) {
        return r(zArr, i2) && aVar.permits(k(i2), publicKey);
    }

    static boolean o(X509Certificate x509Certificate, org.bouncycastle.asn1.x509.p pVar) {
        try {
            return p(x509Certificate.getExtendedKeyUsage(), pVar);
        } catch (CertificateParsingException unused) {
            return false;
        }
    }

    static boolean p(List<String> list, org.bouncycastle.asn1.x509.p pVar) {
        return list == null || list.contains(pVar.h()) || list.contains(org.bouncycastle.asn1.x509.p.c.h());
    }

    static boolean q(X509Certificate x509Certificate, int i2) {
        return r(x509Certificate.getKeyUsage(), i2);
    }

    static boolean r(boolean[] zArr, int i2) {
        return zArr == null || (zArr.length > i2 && zArr[i2]);
    }

    @Override // java.security.cert.PKIXCertPathChecker
    public void check(Certificate certificate, Collection<String> collection) throws CertPathValidatorException {
        if (!(certificate instanceof X509Certificate)) {
            throw new CertPathValidatorException("checker can only be used for X.509 certificates");
        }
        X509Certificate x509Certificate = (X509Certificate) certificate;
        X509Certificate x509Certificate2 = this.c;
        if (x509Certificate2 != null) {
            e(this.a, this.b, x509Certificate, x509Certificate2);
        }
        this.c = x509Certificate;
    }

    @Override // java.security.cert.PKIXCertPathChecker
    public Set<String> getSupportedExtensions() {
        return null;
    }

    @Override // java.security.cert.PKIXCertPathChecker, java.security.cert.CertPathChecker
    public void init(boolean z) throws CertPathValidatorException {
        if (z) {
            throw new CertPathValidatorException("forward checking not supported");
        }
        this.c = null;
    }

    @Override // java.security.cert.PKIXCertPathChecker, java.security.cert.CertPathChecker
    public boolean isForwardCheckingSupported() {
        return false;
    }
}
