package com.babylon.certificatetransparency.internal.verifier;

import com.arlib.floatingsearchview.s;
import com.babylon.certificatetransparency.d;
import com.babylon.certificatetransparency.internal.logclient.model.Version;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.io.OutputStream;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.PublicKey;
import java.security.Signature;
import java.security.SignatureException;
import java.security.cert.Certificate;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateParsingException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Iterator;
import java.util.List;
import java.util.Set;
import java.util.Vector;
import kotlin.jvm.internal.Intrinsics;
import org.bouncycastle.asn1.n;

/* compiled from: LogSignatureVerifier.kt */
/* loaded from: classes.dex */
public final class h {
    public final com.babylon.certificatetransparency.loglist.b a;

    public h(com.babylon.certificatetransparency.loglist.b logServer) {
        Intrinsics.e(logServer, "logServer");
        this.a = logServer;
    }

    public final org.bouncycastle.asn1.x509.h a(X509Certificate x509Certificate, com.babylon.certificatetransparency.internal.verifier.model.b bVar) {
        if (!(x509Certificate.getVersion() >= 3)) {
            throw new IllegalArgumentException("Failed requirement.".toString());
        }
        org.bouncycastle.asn1.j jVar = new org.bouncycastle.asn1.j(x509Certificate.getEncoded());
        try {
            org.bouncycastle.asn1.x509.b parsedPreCertificate = org.bouncycastle.asn1.x509.b.p(jVar.f());
            Intrinsics.d(parsedPreCertificate, "parsedPreCertificate");
            org.bouncycastle.asn1.x509.h tbsCertificate = parsedPreCertificate.b;
            Intrinsics.d(tbsCertificate, "tbsCertificate");
            if ((((org.bouncycastle.asn1.x509.d) tbsCertificate.l.a.get(new n("2.5.29.35"))) != null) && bVar.d) {
                if (!(bVar.c != null)) {
                    throw new IllegalArgumentException("Failed requirement.".toString());
                }
            }
            org.bouncycastle.asn1.x509.h hVar = parsedPreCertificate.b;
            Intrinsics.d(hVar, "parsedPreCertificate.tbsCertificate");
            org.bouncycastle.asn1.x509.e eVar = hVar.l;
            Intrinsics.d(eVar, "parsedPreCertificate.tbsCertificate.extensions");
            List<org.bouncycastle.asn1.x509.d> b = b(eVar, bVar.c);
            org.bouncycastle.asn1.x509.j jVar2 = new org.bouncycastle.asn1.x509.j();
            org.bouncycastle.asn1.x509.h tbsPart = parsedPreCertificate.b;
            Intrinsics.d(tbsPart, "tbsPart");
            jVar2.b = tbsPart.c;
            jVar2.c = tbsPart.d;
            org.bouncycastle.asn1.x500.c cVar = bVar.a;
            if (cVar == null) {
                cVar = tbsPart.e;
            }
            jVar2.d = cVar;
            jVar2.e = tbsPart.f;
            jVar2.f = tbsPart.g;
            jVar2.g = tbsPart.h;
            jVar2.h = tbsPart.i;
            jVar2.k = tbsPart.j;
            jVar2.l = tbsPart.k;
            Object[] array = ((ArrayList) b).toArray(new org.bouncycastle.asn1.x509.d[0]);
            if (array == null) {
                throw new NullPointerException("null cannot be cast to non-null type kotlin.Array<T>");
            }
            org.bouncycastle.asn1.x509.e eVar2 = new org.bouncycastle.asn1.x509.e((org.bouncycastle.asn1.x509.d[]) array);
            jVar2.i = eVar2;
            org.bouncycastle.asn1.x509.d p = eVar2.p(org.bouncycastle.asn1.x509.d.d);
            if (p != null && p.b) {
                jVar2.j = true;
            }
            org.bouncycastle.asn1.x509.h a = jVar2.a();
            com.zendesk.sdk.a.G(jVar, null);
            Intrinsics.d(a, "ASN1InputStream(preCerti…BSCertificate()\n        }");
            return a;
        } finally {
        }
    }

    public final List<org.bouncycastle.asn1.x509.d> b(org.bouncycastle.asn1.x509.e eVar, org.bouncycastle.asn1.x509.d dVar) {
        Vector vector = eVar.b;
        int size = vector.size();
        n[] nVarArr = new n[size];
        for (int i = 0; i != size; i++) {
            nVarArr[i] = (n) vector.elementAt(i);
        }
        Intrinsics.d(nVarArr, "extensions.extensionOIDs");
        ArrayList arrayList = new ArrayList();
        for (int i2 = 0; i2 < size; i2++) {
            n it = nVarArr[i2];
            Intrinsics.d(it, "it");
            if (!Intrinsics.a(it.a, "1.3.6.1.4.1.11129.2.4.3")) {
                arrayList.add(it);
            }
        }
        ArrayList arrayList2 = new ArrayList();
        Iterator it2 = arrayList.iterator();
        while (it2.hasNext()) {
            Object next = it2.next();
            n it3 = (n) next;
            Intrinsics.d(it3, "it");
            if (!Intrinsics.a(it3.a, "1.3.6.1.4.1.11129.2.4.2")) {
                arrayList2.add(next);
            }
        }
        ArrayList arrayList3 = new ArrayList(com.zendesk.sdk.a.J(arrayList2, 10));
        Iterator it4 = arrayList2.iterator();
        while (it4.hasNext()) {
            n it5 = (n) it4.next();
            Intrinsics.d(it5, "it");
            arrayList3.add((!Intrinsics.a(it5.a, "2.5.29.35") || dVar == null) ? (org.bouncycastle.asn1.x509.d) eVar.a.get(it5) : dVar);
        }
        return arrayList3;
    }

    public final void c(OutputStream outputStream, com.babylon.certificatetransparency.internal.logclient.model.f fVar) {
        if (!(fVar.a == Version.V1)) {
            throw new IllegalArgumentException("Can only serialize SCT v1 for now.".toString());
        }
        s.x(outputStream, r0.getNumber(), 1);
        s.x(outputStream, 0L, 1);
        s.x(outputStream, fVar.c, 8);
    }

    public final byte[] d(Certificate certificate, com.babylon.certificatetransparency.internal.logclient.model.f fVar) {
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        try {
            c(byteArrayOutputStream, fVar);
            s.x(byteArrayOutputStream, 0L, 2);
            byte[] encoded = certificate.getEncoded();
            Intrinsics.d(encoded, "certificate.encoded");
            s.y(byteArrayOutputStream, encoded, 16777215);
            s.y(byteArrayOutputStream, fVar.e, 65535);
            byte[] byteArray = byteArrayOutputStream.toByteArray();
            com.zendesk.sdk.a.G(byteArrayOutputStream, null);
            Intrinsics.d(byteArray, "ByteArrayOutputStream().…t.toByteArray()\n        }");
            return byteArray;
        } finally {
        }
    }

    public final byte[] e(byte[] bArr, byte[] bArr2, com.babylon.certificatetransparency.internal.logclient.model.f fVar) {
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        try {
            c(byteArrayOutputStream, fVar);
            s.x(byteArrayOutputStream, 1L, 2);
            byteArrayOutputStream.write(bArr2);
            s.y(byteArrayOutputStream, bArr, 16777215);
            s.y(byteArrayOutputStream, fVar.e, 65535);
            byte[] byteArray = byteArrayOutputStream.toByteArray();
            com.zendesk.sdk.a.G(byteArrayOutputStream, null);
            Intrinsics.d(byteArray, "ByteArrayOutputStream().…t.toByteArray()\n        }");
            return byteArray;
        } finally {
        }
    }

    public final com.babylon.certificatetransparency.d f(com.babylon.certificatetransparency.internal.logclient.model.f fVar, byte[] bArr) {
        String str;
        com.babylon.certificatetransparency.d kVar;
        if (Intrinsics.a(this.a.b.getAlgorithm(), "EC")) {
            str = "SHA256withECDSA";
        } else {
            if (!Intrinsics.a(this.a.b.getAlgorithm(), "RSA")) {
                String algorithm = this.a.b.getAlgorithm();
                Intrinsics.d(algorithm, "logServer.key.algorithm");
                return new l(algorithm, null);
            }
            str = "SHA256withRSA";
        }
        try {
            Signature signature = Signature.getInstance(str);
            signature.initVerify(this.a.b);
            signature.update(bArr);
            return signature.verify(fVar.d.c) ? d.b.a : d.a.b.a;
        } catch (InvalidKeyException e) {
            kVar = new g(e);
            return kVar;
        } catch (NoSuchAlgorithmException e2) {
            kVar = new l(str, e2);
            return kVar;
        } catch (SignatureException e3) {
            kVar = new k(e3);
            return kVar;
        }
    }

    public com.babylon.certificatetransparency.d g(com.babylon.certificatetransparency.internal.logclient.model.f sct, List<? extends Certificate> chain) {
        com.babylon.certificatetransparency.internal.verifier.model.b issuerInfo;
        b bVar;
        List<String> extendedKeyUsage;
        b bVar2;
        Set<String> criticalExtensionOIDs;
        Intrinsics.e(sct, "sct");
        Intrinsics.e(chain, "chain");
        long currentTimeMillis = System.currentTimeMillis();
        long j = sct.c;
        if (j > currentTimeMillis) {
            return new d.a.C0118d(j, currentTimeMillis);
        }
        Long l = this.a.c;
        if (l != null && j > l.longValue()) {
            return new d.a.e(sct.c, this.a.c.longValue());
        }
        if (!Arrays.equals(this.a.a, sct.b.a)) {
            String b = org.bouncycastle.util.encoders.a.b(sct.b.a);
            Intrinsics.d(b, "Base64.toBase64String(sct.id.keyId)");
            String b2 = org.bouncycastle.util.encoders.a.b(this.a.a);
            Intrinsics.d(b2, "Base64.toBase64String(logServer.id)");
            return new f(b, b2);
        }
        boolean z = false;
        Certificate isPreCertificate = chain.get(0);
        Intrinsics.e(isPreCertificate, "$this$isPreCertificate");
        if (!((isPreCertificate instanceof X509Certificate) && (criticalExtensionOIDs = ((X509Certificate) isPreCertificate).getCriticalExtensionOIDs()) != null && criticalExtensionOIDs.contains("1.3.6.1.4.1.11129.2.4.3")) && !s.h(isPreCertificate)) {
            try {
                return f(sct, d(isPreCertificate, sct));
            } catch (IOException e) {
                bVar2 = new b(e);
                return bVar2;
            } catch (CertificateEncodingException e2) {
                bVar2 = new b(e2);
                return bVar2;
            }
        }
        if (chain.size() < 2) {
            return i.a;
        }
        Certificate issuerInformation = chain.get(1);
        try {
            Intrinsics.e(issuerInformation, "$this$isPreCertificateSigningCert");
            if ((issuerInformation instanceof X509Certificate) && (extendedKeyUsage = ((X509Certificate) issuerInformation).getExtendedKeyUsage()) != null) {
                if (extendedKeyUsage.contains("1.3.6.1.4.1.11129.2.4.4")) {
                    z = true;
                }
            }
            if (!z) {
                try {
                    Intrinsics.e(issuerInformation, "$this$issuerInformation");
                    PublicKey publicKey = issuerInformation.getPublicKey();
                    Intrinsics.d(publicKey, "publicKey");
                    issuerInfo = new com.babylon.certificatetransparency.internal.verifier.model.b(null, s.r(publicKey), null, false, 5);
                } catch (NoSuchAlgorithmException e3) {
                    return new l("SHA-256", e3);
                }
            } else {
                if (chain.size() < 3) {
                    return j.a;
                }
                try {
                    issuerInfo = s.j(issuerInformation, chain.get(2));
                } catch (IOException e4) {
                    return new a(e4);
                } catch (NoSuchAlgorithmException e5) {
                    return new l("SHA-256", e5);
                } catch (CertificateEncodingException e6) {
                    return new b(e6);
                }
            }
            X509Certificate certificate = (X509Certificate) isPreCertificate;
            Intrinsics.e(sct, "sct");
            Intrinsics.e(certificate, "certificate");
            Intrinsics.e(issuerInfo, "issuerInfo");
            try {
                byte[] encoded = a(certificate, issuerInfo).getEncoded();
                Intrinsics.d(encoded, "preCertificateTBS.encoded");
                return f(sct, e(encoded, issuerInfo.b, sct));
            } catch (IOException e7) {
                bVar = new b(e7);
                return bVar;
            } catch (CertificateException e8) {
                bVar = new b(e8);
                return bVar;
            }
        } catch (CertificateParsingException e9) {
            return new c(e9);
        }
    }
}
