package v4;

import com.couchbase.lite.URLEndpointListenerConfiguration;
import com.microsoft.identity.common.java.crypto.key.KeyUtil;
import fp.a0;
import fp.x;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.io.OutputStream;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.Signature;
import java.security.SignatureException;
import java.security.cert.Certificate;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateParsingException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.List;
import kotlin.AbstractC0781e;
import kotlin.Metadata;
import kotlin.jvm.internal.DefaultConstructorMarker;
import lj.u;
import lo.k1;
import lo.p;
import lo.v;
import w4.IssuerInformation;
import w4.SignedCertificateTimestamp;
import x4.LogServer;
import xj.r;

/* compiled from: LogSignatureVerifier.kt */
@Metadata(bv = {}, d1 = {"\u0000d\n\u0002\u0018\u0002\n\u0002\u0010\u0000\n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0000\n\u0002\u0010 \n\u0000\n\u0002\u0018\u0002\n\u0000\n\u0002\u0010\u0012\n\u0000\n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0002\u0010\u000b\n\u0000\n\u0002\u0018\u0002\n\u0002\b\u0005\n\u0002\u0018\u0002\n\u0002\u0018\u0002\n\u0002\b\u0006\n\u0002\u0018\u0002\n\u0002\b\u0004\b\u0000\u0018\u00002\u00020\u0001:\u0001\u0007B\u000f\u0012\u0006\u0010&\u001a\u00020%¢\u0006\u0004\b'\u0010(J\u0018\u0010\u0007\u001a\u00020\u00062\u0006\u0010\u0003\u001a\u00020\u00022\u0006\u0010\u0005\u001a\u00020\u0004H\u0002J \u0010\r\u001a\b\u0012\u0004\u0012\u00020\n0\f2\u0006\u0010\t\u001a\u00020\b2\b\u0010\u000b\u001a\u0004\u0018\u00010\nH\u0002J\u0018\u0010\u0013\u001a\u00020\u00122\u0006\u0010\u000f\u001a\u00020\u000e2\u0006\u0010\u0011\u001a\u00020\u0010H\u0002J\f\u0010\u0016\u001a\u00020\u0015*\u00020\u0014H\u0002J\u0018\u0010\u0019\u001a\u00020\u00102\u0006\u0010\u0018\u001a\u00020\u00172\u0006\u0010\u000f\u001a\u00020\u000eH\u0002J \u0010\u001c\u001a\u00020\u00102\u0006\u0010\u001a\u001a\u00020\u00102\u0006\u0010\u001b\u001a\u00020\u00102\u0006\u0010\u000f\u001a\u00020\u000eH\u0002J\u0014\u0010\u001f\u001a\u00020\u001e*\u00020\u001d2\u0006\u0010\u000f\u001a\u00020\u000eH\u0002J\u001e\u0010!\u001a\u00020\u00122\u0006\u0010\u000f\u001a\u00020\u000e2\f\u0010 \u001a\b\u0012\u0004\u0012\u00020\u00170\fH\u0016J'\u0010#\u001a\u00020\u00122\u0006\u0010\u000f\u001a\u00020\u000e2\u0006\u0010\u0018\u001a\u00020\u00022\u0006\u0010\"\u001a\u00020\u0004H\u0000¢\u0006\u0004\b#\u0010$¨\u0006)"}, d2 = {"Lv4/i;", "", "Ljava/security/cert/X509Certificate;", "preCertificate", "Lw4/c;", "issuerInformation", "Lfp/x;", "a", "Lfp/m;", "extensions", "Lfp/l;", "replacementX509authorityKeyIdentifier", "", "b", "Lw4/e;", "sct", "", "toVerify", "Lm4/e;", "h", "Lfp/g;", "", "c", "Ljava/security/cert/Certificate;", "certificate", "e", "preCertBytes", "issuerKeyHash", "f", "Ljava/io/OutputStream;", "Lkj/g0;", "d", "chain", "i", "issuerInfo", "g", "(Lw4/e;Ljava/security/cert/X509Certificate;Lw4/c;)Lm4/e;", "Lx4/d;", "logServer", "<init>", "(Lx4/d;)V", "certificatetransparency"}, k = 1, mv = {1, 6, 0})
/* loaded from: classes.dex */
public final class i {

    /* renamed from: b, reason: collision with root package name */
    public static final a f32983b = new a(null);

    /* renamed from: a, reason: collision with root package name */
    private final LogServer f32984a;

    /* compiled from: LogSignatureVerifier.kt */
    @Metadata(bv = {}, d1 = {"\u0000\u0018\n\u0002\u0018\u0002\n\u0002\u0010\u0000\n\u0002\u0010\t\n\u0002\b\u0002\n\u0002\u0010\u000e\n\u0002\b\u0006\b\u0086\u0003\u0018\u00002\u00020\u0001B\t\b\u0002¢\u0006\u0004\b\t\u0010\nR\u0014\u0010\u0003\u001a\u00020\u00028\u0002X\u0082T¢\u0006\u0006\n\u0004\b\u0003\u0010\u0004R\u0014\u0010\u0006\u001a\u00020\u00058\u0002X\u0082T¢\u0006\u0006\n\u0004\b\u0006\u0010\u0007R\u0014\u0010\b\u001a\u00020\u00028\u0002X\u0082T¢\u0006\u0006\n\u0004\b\b\u0010\u0004¨\u0006\u000b"}, d2 = {"Lv4/i$a;", "", "", "PRECERT_ENTRY", "J", "", "X509_AUTHORITY_KEY_IDENTIFIER", "Ljava/lang/String;", "X509_ENTRY", "<init>", "()V", "certificatetransparency"}, k = 1, mv = {1, 6, 0})
    /* loaded from: classes.dex */
    public static final class a {
        private a() {
        }

        public /* synthetic */ a(DefaultConstructorMarker defaultConstructorMarker) {
            this();
        }
    }

    public i(LogServer logServer) {
        r.f(logServer, "logServer");
        this.f32984a = logServer;
    }

    private final x a(X509Certificate preCertificate, IssuerInformation issuerInformation) {
        boolean z10 = true;
        if (!(preCertificate.getVersion() >= 3)) {
            throw new IllegalArgumentException("Failed requirement.".toString());
        }
        p pVar = new p(preCertificate.getEncoded());
        try {
            fp.g n10 = fp.g.n(pVar.r());
            r.e(n10, "parsedPreCertificate");
            if (c(n10) && issuerInformation.getIssuedByPreCertificateSigningCert()) {
                if (issuerInformation.getX509authorityKeyIdentifier() == null) {
                    z10 = false;
                }
                if (!z10) {
                    throw new IllegalArgumentException("Failed requirement.".toString());
                }
            }
            fp.m p10 = n10.s().p();
            r.e(p10, "parsedPreCertificate.tbsCertificate.extensions");
            List<fp.l> b10 = b(p10, issuerInformation.getX509authorityKeyIdentifier());
            a0 a0Var = new a0();
            x s10 = n10.s();
            a0Var.f(s10.u());
            a0Var.g(s10.v());
            dp.c name = issuerInformation.getName();
            if (name == null) {
                name = s10.s();
            }
            a0Var.d(name);
            a0Var.h(s10.x());
            a0Var.b(s10.n());
            a0Var.i(s10.y());
            a0Var.j(s10.z());
            a0Var.e((k1) s10.t());
            a0Var.k((k1) s10.A());
            Object[] array = b10.toArray(new fp.l[0]);
            if (array == null) {
                throw new NullPointerException("null cannot be cast to non-null type kotlin.Array<T of kotlin.collections.ArraysKt__ArraysJVMKt.toTypedArray>");
            }
            a0Var.c(new fp.m((fp.l[]) array));
            x a10 = a0Var.a();
            uj.c.a(pVar, null);
            r.e(a10, "ASN1InputStream(preCerti…BSCertificate()\n        }");
            return a10;
        } finally {
        }
    }

    private final List<fp.l> b(fp.m extensions, fp.l replacementX509authorityKeyIdentifier) {
        int u10;
        v[] p10 = extensions.p();
        r.e(p10, "extensions.extensionOIDs");
        ArrayList arrayList = new ArrayList();
        int length = p10.length;
        int i10 = 0;
        while (i10 < length) {
            v vVar = p10[i10];
            i10++;
            if (!r.a(vVar.G(), "1.3.6.1.4.1.11129.2.4.3")) {
                arrayList.add(vVar);
            }
        }
        ArrayList<v> arrayList2 = new ArrayList();
        for (Object obj : arrayList) {
            if (!r.a(((v) obj).G(), "1.3.6.1.4.1.11129.2.4.2")) {
                arrayList2.add(obj);
            }
        }
        u10 = u.u(arrayList2, 10);
        ArrayList arrayList3 = new ArrayList(u10);
        for (v vVar2 : arrayList2) {
            arrayList3.add((!r.a(vVar2.G(), "2.5.29.35") || replacementX509authorityKeyIdentifier == null) ? extensions.n(vVar2) : replacementX509authorityKeyIdentifier);
        }
        return arrayList3;
    }

    private final boolean c(fp.g gVar) {
        return gVar.s().p().n(new v("2.5.29.35")) != null;
    }

    private final void d(OutputStream outputStream, SignedCertificateTimestamp signedCertificateTimestamp) {
        if (!(signedCertificateTimestamp.getSctVersion() == w4.f.V1)) {
            throw new IllegalArgumentException("Can only serialize SCT v1 for now.".toString());
        }
        t4.c.a(outputStream, signedCertificateTimestamp.getSctVersion().getF33662d(), 1);
        t4.c.a(outputStream, 0L, 1);
        t4.c.a(outputStream, signedCertificateTimestamp.getTimestamp(), 8);
    }

    private final byte[] e(Certificate certificate, SignedCertificateTimestamp sct) {
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        try {
            d(byteArrayOutputStream, sct);
            t4.c.a(byteArrayOutputStream, 0L, 2);
            byte[] encoded = certificate.getEncoded();
            r.e(encoded, "certificate.encoded");
            t4.c.b(byteArrayOutputStream, encoded, 16777215);
            t4.c.b(byteArrayOutputStream, sct.getExtensions(), URLEndpointListenerConfiguration.MAX_PORT);
            byte[] byteArray = byteArrayOutputStream.toByteArray();
            uj.c.a(byteArrayOutputStream, null);
            r.e(byteArray, "ByteArrayOutputStream().…t.toByteArray()\n        }");
            return byteArray;
        } finally {
        }
    }

    private final byte[] f(byte[] preCertBytes, byte[] issuerKeyHash, SignedCertificateTimestamp sct) {
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        try {
            d(byteArrayOutputStream, sct);
            t4.c.a(byteArrayOutputStream, 1L, 2);
            byteArrayOutputStream.write(issuerKeyHash);
            t4.c.b(byteArrayOutputStream, preCertBytes, 16777215);
            t4.c.b(byteArrayOutputStream, sct.getExtensions(), URLEndpointListenerConfiguration.MAX_PORT);
            byte[] byteArray = byteArrayOutputStream.toByteArray();
            uj.c.a(byteArrayOutputStream, null);
            r.e(byteArray, "ByteArrayOutputStream().…t.toByteArray()\n        }");
            return byteArray;
        } finally {
        }
    }

    private final AbstractC0781e h(SignedCertificateTimestamp sct, byte[] toVerify) {
        String str;
        AbstractC0781e lVar;
        if (r.a(this.f32984a.getKey().getAlgorithm(), "EC")) {
            str = "SHA256withECDSA";
        } else {
            if (!r.a(this.f32984a.getKey().getAlgorithm(), "RSA")) {
                String algorithm = this.f32984a.getKey().getAlgorithm();
                r.e(algorithm, "logServer.key.algorithm");
                return new m(algorithm, null, 2, null);
            }
            str = "SHA256withRSA";
        }
        try {
            Signature signature = Signature.getInstance(str);
            signature.initVerify(this.f32984a.getKey());
            signature.update(toVerify);
            return signature.verify(sct.getSignature().getSignature()) ? AbstractC0781e.b.f24788a : AbstractC0781e.a.b.f24782a;
        } catch (InvalidKeyException e10) {
            lVar = new h(e10);
            return lVar;
        } catch (NoSuchAlgorithmException e11) {
            lVar = new m(str, e11);
            return lVar;
        } catch (SignatureException e12) {
            lVar = new l(e12);
            return lVar;
        }
    }

    public final AbstractC0781e g(SignedCertificateTimestamp sct, X509Certificate certificate, IssuerInformation issuerInfo) {
        b bVar;
        r.f(sct, "sct");
        r.f(certificate, "certificate");
        r.f(issuerInfo, "issuerInfo");
        try {
            byte[] encoded = a(certificate, issuerInfo).getEncoded();
            r.e(encoded, "preCertificateTBS.encoded");
            return h(sct, f(encoded, issuerInfo.getKeyHash(), sct));
        } catch (IOException e10) {
            bVar = new b(e10);
            return bVar;
        } catch (CertificateException e11) {
            bVar = new b(e11);
            return bVar;
        }
    }

    public AbstractC0781e i(SignedCertificateTimestamp sct, List<? extends Certificate> chain) {
        IssuerInformation d10;
        b bVar;
        r.f(sct, "sct");
        r.f(chain, "chain");
        long currentTimeMillis = System.currentTimeMillis();
        if (sct.getTimestamp() > currentTimeMillis) {
            return new AbstractC0781e.a.d(sct.getTimestamp(), currentTimeMillis);
        }
        if (this.f32984a.getValidUntil() != null && sct.getTimestamp() > this.f32984a.getValidUntil().longValue()) {
            return new AbstractC0781e.a.C0437e(sct.getTimestamp(), this.f32984a.getValidUntil().longValue());
        }
        if (!Arrays.equals(this.f32984a.getF34638c(), sct.getId().getKeyId())) {
            String c10 = nr.a.c(sct.getId().getKeyId());
            r.e(c10, "toBase64String(sct.id.keyId)");
            String c11 = nr.a.c(this.f32984a.getF34638c());
            r.e(c11, "toBase64String(logServer.id)");
            return new g(c10, c11);
        }
        Certificate certificate = chain.get(0);
        if (!u4.b.b(certificate) && !u4.b.a(certificate)) {
            try {
                return h(sct, e(certificate, sct));
            } catch (IOException e10) {
                bVar = new b(e10);
                return bVar;
            } catch (CertificateEncodingException e11) {
                bVar = new b(e11);
                return bVar;
            }
        }
        if (chain.size() < 2) {
            return j.f32985a;
        }
        Certificate certificate2 = chain.get(1);
        try {
            if (!u4.b.c(certificate2)) {
                try {
                    d10 = u4.b.d(certificate2);
                } catch (NoSuchAlgorithmException e12) {
                    return new m(KeyUtil.HMAC_KEY_HASH_ALGORITHM, e12);
                }
            } else {
                if (chain.size() < 3) {
                    return k.f32986a;
                }
                try {
                    d10 = u4.b.e(certificate2, chain.get(2));
                } catch (IOException e13) {
                    return new v4.a(e13);
                } catch (NoSuchAlgorithmException e14) {
                    return new m(KeyUtil.HMAC_KEY_HASH_ALGORITHM, e14);
                } catch (CertificateEncodingException e15) {
                    return new b(e15);
                }
            }
            return g(sct, (X509Certificate) certificate, d10);
        } catch (CertificateParsingException e16) {
            return new c(e16);
        }
    }
}
