package org.bouncycastle.jsse.provider;

import java.io.IOException;
import java.security.AlgorithmParameters;
import java.security.GeneralSecurityException;
import java.security.cert.CertPathValidatorException;
import java.security.cert.Certificate;
import java.security.cert.PKIXCertPathChecker;
import java.security.cert.X509Certificate;
import java.util.Arrays;
import java.util.Collection;
import java.util.Collections;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Map;
import java.util.Objects;
import java.util.Set;

/* loaded from: classes2.dex */
public class k0 extends PKIXCertPathChecker {
    public static final Map<String, String> d;
    public static final Set<String> e;
    public static final byte[] f;
    public static final String g;
    public static final String h;
    public static final String i;
    public static final String j;
    public static final String k;
    public static final String l;
    public final org.bouncycastle.jcajce.util.a a;
    public final org.bouncycastle.jsse.java.security.a b;
    public X509Certificate c;

    static {
        HashMap hashMap = new HashMap(4);
        hashMap.put(org.bouncycastle.asn1.edec.a.d.a, "Ed25519");
        hashMap.put(org.bouncycastle.asn1.edec.a.e.a, "Ed448");
        org.bouncycastle.asn1.n nVar = org.bouncycastle.asn1.oiw.a.b;
        hashMap.put(nVar.a, "SHA1withDSA");
        org.bouncycastle.asn1.n nVar2 = org.bouncycastle.asn1.x9.a.q;
        hashMap.put(nVar2.a, "SHA1withDSA");
        d = Collections.unmodifiableMap(hashMap);
        HashSet hashSet = new HashSet();
        hashSet.add(nVar.a);
        hashSet.add(nVar2.a);
        hashSet.add(org.bouncycastle.asn1.pkcs.a.e.a);
        e = Collections.unmodifiableSet(hashSet);
        f = new byte[]{5, 0};
        g = d0.k("SHA256withRSAandMGF1", "RSASSA-PSS");
        h = d0.k("SHA384withRSAandMGF1", "RSASSA-PSS");
        i = d0.k("SHA512withRSAandMGF1", "RSASSA-PSS");
        j = d0.k("SHA256withRSAandMGF1", "RSA");
        k = d0.k("SHA384withRSAandMGF1", "RSA");
        l = d0.k("SHA512withRSAandMGF1", "RSA");
    }

    public k0(org.bouncycastle.jcajce.util.a aVar, org.bouncycastle.jsse.java.security.a aVar2) {
        Objects.requireNonNull(aVar, "'helper' cannot be null");
        Objects.requireNonNull(aVar2, "'algorithmConstraints' cannot be null");
        this.a = aVar;
        this.b = aVar2;
        this.c = null;
    }

    public static void a(org.bouncycastle.jcajce.util.a aVar, org.bouncycastle.jsse.java.security.a aVar2, Set<X509Certificate> set, X509Certificate[] x509CertificateArr, org.bouncycastle.asn1.x509.f fVar, int i2) throws CertPathValidatorException {
        int length = x509CertificateArr.length;
        while (length > 0 && set.contains(x509CertificateArr[length - 1])) {
            length--;
        }
        if (length < x509CertificateArr.length) {
            X509Certificate x509Certificate = x509CertificateArr[length];
            if (length > 0) {
                e(aVar, aVar2, x509CertificateArr[length - 1], x509Certificate);
            }
        } else {
            X509Certificate x509Certificate2 = x509CertificateArr[length - 1];
            String h2 = h(x509Certificate2, null);
            if (!d0.t(h2)) {
                throw new CertPathValidatorException();
            }
            if (!aVar2.permits(d0.f, h2, i(aVar, x509Certificate2))) {
                throw new CertPathValidatorException();
            }
        }
        k0 k0Var = new k0(aVar, aVar2);
        k0Var.init(false);
        for (int i3 = length - 1; i3 >= 0; i3--) {
            k0Var.check(x509CertificateArr[i3], Collections.emptySet());
        }
        c(aVar2, x509CertificateArr[0], fVar, i2);
    }

    /* JADX WARN: Code restructure failed: missing block: B:35:0x0020, code lost:
    
        if (r3.contains(org.bouncycastle.asn1.x509.f.c.a.a) != false) goto L10;
     */
    /* JADX WARN: Removed duplicated region for block: B:28:0x00c3 A[ORIG_RETURN, RETURN] */
    /* JADX WARN: Removed duplicated region for block: B:38:0x0027  */
    /* JADX WARN: Removed duplicated region for block: B:4:0x0065  */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public static void c(org.bouncycastle.jsse.java.security.a r5, java.security.cert.X509Certificate r6, org.bouncycastle.asn1.x509.f r7, int r8) throws java.security.cert.CertPathValidatorException {
        /*
            java.lang.String r0 = "Certificate doesn't support '"
            r1 = 1
            r2 = 0
            if (r7 == 0) goto L63
            java.util.List r3 = r6.getExtendedKeyUsage()     // Catch: java.security.cert.CertificateParsingException -> L24
            if (r3 == 0) goto L22
            org.bouncycastle.asn1.n r4 = r7.a     // Catch: java.security.cert.CertificateParsingException -> L24
            java.lang.String r4 = r4.a     // Catch: java.security.cert.CertificateParsingException -> L24
            boolean r4 = r3.contains(r4)     // Catch: java.security.cert.CertificateParsingException -> L24
            if (r4 != 0) goto L22
            org.bouncycastle.asn1.x509.f r4 = org.bouncycastle.asn1.x509.f.c     // Catch: java.security.cert.CertificateParsingException -> L24
            org.bouncycastle.asn1.n r4 = r4.a     // Catch: java.security.cert.CertificateParsingException -> L24
            java.lang.String r4 = r4.a     // Catch: java.security.cert.CertificateParsingException -> L24
            boolean r3 = r3.contains(r4)     // Catch: java.security.cert.CertificateParsingException -> L24
            if (r3 == 0) goto L24
        L22:
            r3 = r1
            goto L25
        L24:
            r3 = r2
        L25:
            if (r3 != 0) goto L63
            java.security.cert.CertPathValidatorException r5 = new java.security.cert.CertPathValidatorException
            java.lang.StringBuilder r6 = com.android.tools.r8.a.V(r0)
            org.bouncycastle.asn1.x509.f r8 = org.bouncycastle.asn1.x509.f.e
            boolean r8 = r8.equals(r7)
            if (r8 != 0) goto L57
            org.bouncycastle.asn1.x509.f r8 = org.bouncycastle.asn1.x509.f.d
            boolean r8 = r8.equals(r7)
            if (r8 == 0) goto L40
            java.lang.String r7 = "serverAuth"
            goto L59
        L40:
            java.lang.StringBuilder r8 = new java.lang.StringBuilder
            r8.<init>()
            java.lang.String r0 = "("
            r8.append(r0)
            r8.append(r7)
            java.lang.String r7 = ")"
            r8.append(r7)
            java.lang.String r7 = r8.toString()
            goto L59
        L57:
            java.lang.String r7 = "clientAuth"
        L59:
            java.lang.String r8 = "' ExtendedKeyUsage"
            java.lang.String r6 = com.android.tools.r8.a.K(r6, r7, r8)
            r5.<init>(r6)
            throw r5
        L63:
            if (r8 < 0) goto Lc3
            boolean[] r7 = r6.getKeyUsage()
            if (r7 == 0) goto L74
            int r3 = r7.length
            if (r3 <= r8) goto L73
            boolean r7 = r7[r8]
            if (r7 == 0) goto L73
            goto L74
        L73:
            r1 = r2
        L74:
            java.lang.String r7 = "' KeyUsage"
            if (r1 == 0) goto Lab
            r0 = 2
            if (r8 == r0) goto L84
            r0 = 4
            if (r8 == r0) goto L81
            java.util.Set<org.bouncycastle.jsse.java.security.BCCryptoPrimitive> r0 = org.bouncycastle.jsse.provider.d0.f
            goto L86
        L81:
            java.util.Set<org.bouncycastle.jsse.java.security.BCCryptoPrimitive> r0 = org.bouncycastle.jsse.provider.d0.d
            goto L86
        L84:
            java.util.Set<org.bouncycastle.jsse.java.security.BCCryptoPrimitive> r0 = org.bouncycastle.jsse.provider.d0.e
        L86:
            java.security.PublicKey r6 = r6.getPublicKey()
            boolean r5 = r5.permits(r0, r6)
            if (r5 == 0) goto L91
            goto Lc3
        L91:
            java.security.cert.CertPathValidatorException r5 = new java.security.cert.CertPathValidatorException
            java.lang.String r6 = "Public key not permitted for '"
            java.lang.StringBuilder r6 = com.android.tools.r8.a.V(r6)
            java.lang.String r8 = g(r8)
            r6.append(r8)
            r6.append(r7)
            java.lang.String r6 = r6.toString()
            r5.<init>(r6)
            throw r5
        Lab:
            java.security.cert.CertPathValidatorException r5 = new java.security.cert.CertPathValidatorException
            java.lang.StringBuilder r6 = com.android.tools.r8.a.V(r0)
            java.lang.String r8 = g(r8)
            r6.append(r8)
            r6.append(r7)
            java.lang.String r6 = r6.toString()
            r5.<init>(r6)
            throw r5
        Lc3:
            return
        */
        throw new UnsupportedOperationException("Method not decompiled: org.bouncycastle.jsse.provider.k0.c(org.bouncycastle.jsse.java.security.a, java.security.cert.X509Certificate, org.bouncycastle.asn1.x509.f, int):void");
    }

    public static void e(org.bouncycastle.jcajce.util.a aVar, org.bouncycastle.jsse.java.security.a aVar2, X509Certificate x509Certificate, X509Certificate x509Certificate2) throws CertPathValidatorException {
        String h2 = h(x509Certificate, x509Certificate2);
        if (!d0.t(h2)) {
            throw new CertPathValidatorException();
        }
        if (!aVar2.permits(d0.f, h2, x509Certificate2.getPublicKey(), i(aVar, x509Certificate))) {
            throw new CertPathValidatorException();
        }
    }

    public static String g(int i2) {
        return i2 != 0 ? i2 != 2 ? i2 != 4 ? com.android.tools.r8.a.l("(", i2, ")") : "keyAgreement" : "keyEncipherment" : "digitalSignature";
    }

    public static String h(X509Certificate x509Certificate, X509Certificate x509Certificate2) {
        org.bouncycastle.asn1.n nVar;
        String sigAlgOID = x509Certificate.getSigAlgOID();
        String str = d.get(sigAlgOID);
        if (str != null) {
            return str;
        }
        if (!org.bouncycastle.asn1.pkcs.a.e.a.equals(sigAlgOID)) {
            return x509Certificate.getSigAlgName();
        }
        org.bouncycastle.asn1.pkcs.c p = org.bouncycastle.asn1.pkcs.c.p(x509Certificate.getSigAlgParams());
        if (p != null && (nVar = p.a.a) != null) {
            if (x509Certificate2 != null) {
                x509Certificate = x509Certificate2;
            }
            try {
                org.bouncycastle.tls.crypto.impl.jcajce.d dVar = new org.bouncycastle.tls.crypto.impl.jcajce.d((org.bouncycastle.tls.crypto.impl.jcajce.g) null, x509Certificate);
                if (org.bouncycastle.asn1.nist.a.c.w(nVar)) {
                    if (dVar.g((short) 9)) {
                        return g;
                    }
                    if (dVar.g((short) 4)) {
                        return j;
                    }
                } else if (org.bouncycastle.asn1.nist.a.d.w(nVar)) {
                    if (dVar.g((short) 10)) {
                        return h;
                    }
                    if (dVar.g((short) 5)) {
                        return k;
                    }
                } else if (org.bouncycastle.asn1.nist.a.e.w(nVar)) {
                    if (dVar.g((short) 11)) {
                        return i;
                    }
                    if (dVar.g((short) 6)) {
                        return l;
                    }
                }
            } catch (IOException unused) {
            }
        }
        return null;
    }

    public static AlgorithmParameters i(org.bouncycastle.jcajce.util.a aVar, X509Certificate x509Certificate) throws CertPathValidatorException {
        byte[] sigAlgParams = x509Certificate.getSigAlgParams();
        if (sigAlgParams == null) {
            return null;
        }
        String sigAlgOID = x509Certificate.getSigAlgOID();
        if (e.contains(sigAlgOID) && Arrays.equals(f, sigAlgParams)) {
            return null;
        }
        try {
            Objects.requireNonNull(aVar);
            AlgorithmParameters algorithmParameters = AlgorithmParameters.getInstance(sigAlgOID);
            try {
                algorithmParameters.init(sigAlgParams);
                return algorithmParameters;
            } catch (Exception e2) {
                throw new CertPathValidatorException(e2);
            }
        } catch (GeneralSecurityException unused) {
            return null;
        }
    }

    @Override // java.security.cert.PKIXCertPathChecker
    public void check(Certificate certificate, Collection<String> collection) throws CertPathValidatorException {
        if (!(certificate instanceof X509Certificate)) {
            throw new CertPathValidatorException("checker can only be used for X.509 certificates");
        }
        X509Certificate x509Certificate = (X509Certificate) certificate;
        X509Certificate x509Certificate2 = this.c;
        if (x509Certificate2 != null) {
            e(this.a, this.b, x509Certificate, x509Certificate2);
        }
        this.c = x509Certificate;
    }

    @Override // java.security.cert.PKIXCertPathChecker
    public Set<String> getSupportedExtensions() {
        return null;
    }

    @Override // java.security.cert.PKIXCertPathChecker, java.security.cert.CertPathChecker
    public void init(boolean z) throws CertPathValidatorException {
        if (z) {
            throw new CertPathValidatorException("forward checking not supported");
        }
        this.c = null;
    }

    @Override // java.security.cert.PKIXCertPathChecker, java.security.cert.CertPathChecker
    public boolean isForwardCheckingSupported() {
        return false;
    }
}
