package com.appmattus.certificatetransparency.internal.verifier;

import com.appmattus.certificatetransparency.SctVerificationResult;
import com.appmattus.certificatetransparency.internal.serialization.OutputStreamExtKt;
import com.appmattus.certificatetransparency.internal.verifier.model.IssuerInformation;
import com.appmattus.certificatetransparency.internal.verifier.model.SignedCertificateTimestamp;
import com.appmattus.certificatetransparency.internal.verifier.model.Version;
import com.appmattus.certificatetransparency.loglist.LogServer;
import java.io.ByteArrayOutputStream;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.PublicKey;
import java.security.Signature;
import java.security.SignatureException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.Vector;
import kotlin.Metadata;
import kotlin.collections.CollectionsKt;
import kotlin.io.CloseableKt;
import kotlin.jvm.internal.Intrinsics;
import okhttp3.internal.http2.Settings;
import org.bouncycastle.asn1.ASN1InputStream;
import org.bouncycastle.asn1.ASN1ObjectIdentifier;
import org.bouncycastle.asn1.x500.X500Name;
import org.bouncycastle.asn1.x509.Certificate;
import org.bouncycastle.asn1.x509.Extension;
import org.bouncycastle.asn1.x509.Extensions;
import org.bouncycastle.asn1.x509.TBSCertificate;
import org.bouncycastle.asn1.x509.V3TBSCertificateGenerator;

/* compiled from: LogSignatureVerifier.kt */
@Metadata(d1 = {"\u0000\f\n\u0002\u0018\u0002\n\u0002\u0010\u0000\n\u0002\b\u0002\b\u0000\u0018\u00002\u00020\u0001:\u0001\u0002¨\u0006\u0003"}, d2 = {"Lcom/appmattus/certificatetransparency/internal/verifier/LogSignatureVerifier;", "", "Companion", "certificatetransparency"}, k = 1, mv = {1, 6, 0})
/* loaded from: classes.dex */
public final class LogSignatureVerifier {
    public final LogServer a;

    /* compiled from: LogSignatureVerifier.kt */
    @Metadata(d1 = {"\u0000\u001a\n\u0002\u0018\u0002\n\u0002\u0010\u0000\n\u0002\b\u0002\n\u0002\u0010\t\n\u0000\n\u0002\u0010\u000e\n\u0002\b\u0002\b\u0086\u0003\u0018\u00002\u00020\u0001B\u0007\b\u0002¢\u0006\u0002\u0010\u0002R\u000e\u0010\u0003\u001a\u00020\u0004X\u0082T¢\u0006\u0002\n\u0000R\u000e\u0010\u0005\u001a\u00020\u0006X\u0082T¢\u0006\u0002\n\u0000R\u000e\u0010\u0007\u001a\u00020\u0004X\u0082T¢\u0006\u0002\n\u0000¨\u0006\b"}, d2 = {"Lcom/appmattus/certificatetransparency/internal/verifier/LogSignatureVerifier$Companion;", "", "()V", "PRECERT_ENTRY", "", "X509_AUTHORITY_KEY_IDENTIFIER", "", "X509_ENTRY", "certificatetransparency"}, k = 1, mv = {1, 6, 0}, xi = 48)
    /* loaded from: classes.dex */
    public static final class Companion {
        private Companion() {
        }

        public /* synthetic */ Companion(int i) {
            this();
        }
    }

    static {
        new Companion(0);
    }

    public LogSignatureVerifier(LogServer logServer) {
        Intrinsics.f(logServer, "logServer");
        this.a = logServer;
    }

    public static TBSCertificate a(X509Certificate x509Certificate, IssuerInformation issuerInformation) {
        if (!(x509Certificate.getVersion() >= 3)) {
            throw new IllegalArgumentException("Failed requirement.".toString());
        }
        ASN1InputStream aSN1InputStream = new ASN1InputStream(x509Certificate.getEncoded());
        try {
            Certificate parsedPreCertificate = Certificate.q(aSN1InputStream.h());
            Intrinsics.e(parsedPreCertificate, "parsedPreCertificate");
            TBSCertificate tBSCertificate = parsedPreCertificate.c;
            boolean z = ((Extension) tBSCertificate.m.b.get(new ASN1ObjectIdentifier("2.5.29.35"))) != null;
            Extension extension = issuerInformation.c;
            if (z && issuerInformation.d) {
                if (!(extension != null)) {
                    throw new IllegalArgumentException("Failed requirement.".toString());
                }
            }
            Extensions extensions = tBSCertificate.m;
            Intrinsics.e(extensions, "parsedPreCertificate.tbsCertificate.extensions");
            ArrayList b = b(extensions, extension);
            V3TBSCertificateGenerator v3TBSCertificateGenerator = new V3TBSCertificateGenerator();
            v3TBSCertificateGenerator.b = tBSCertificate.d;
            v3TBSCertificateGenerator.c = tBSCertificate.e;
            X500Name x500Name = issuerInformation.a;
            if (x500Name == null) {
                x500Name = tBSCertificate.f;
            }
            v3TBSCertificateGenerator.d = x500Name;
            v3TBSCertificateGenerator.e = tBSCertificate.g;
            v3TBSCertificateGenerator.f = tBSCertificate.h;
            v3TBSCertificateGenerator.g = tBSCertificate.i;
            v3TBSCertificateGenerator.h = tBSCertificate.j;
            v3TBSCertificateGenerator.k = tBSCertificate.k;
            v3TBSCertificateGenerator.l = tBSCertificate.l;
            Object[] array = b.toArray(new Extension[0]);
            if (array == null) {
                throw new NullPointerException("null cannot be cast to non-null type kotlin.Array<T of kotlin.collections.ArraysKt__ArraysJVMKt.toTypedArray>");
            }
            Extensions extensions2 = new Extensions((Extension[]) array);
            v3TBSCertificateGenerator.i = extensions2;
            Extension extension2 = (Extension) extensions2.b.get(Extension.e);
            if (extension2 != null && extension2.c) {
                v3TBSCertificateGenerator.j = true;
            }
            TBSCertificate a = v3TBSCertificateGenerator.a();
            CloseableKt.a(aSN1InputStream, null);
            return a;
        } finally {
        }
    }

    public static ArrayList b(Extensions extensions, Extension extension) {
        Vector vector = extensions.c;
        int size = vector.size();
        ASN1ObjectIdentifier[] aSN1ObjectIdentifierArr = new ASN1ObjectIdentifier[size];
        for (int i = 0; i != size; i++) {
            aSN1ObjectIdentifierArr[i] = (ASN1ObjectIdentifier) vector.elementAt(i);
        }
        ArrayList arrayList = new ArrayList();
        for (int i2 = 0; i2 < size; i2++) {
            ASN1ObjectIdentifier aSN1ObjectIdentifier = aSN1ObjectIdentifierArr[i2];
            if (!Intrinsics.a(aSN1ObjectIdentifier.b, "1.3.6.1.4.1.11129.2.4.3")) {
                arrayList.add(aSN1ObjectIdentifier);
            }
        }
        ArrayList arrayList2 = new ArrayList();
        Iterator it = arrayList.iterator();
        while (it.hasNext()) {
            Object next = it.next();
            if (!Intrinsics.a(((ASN1ObjectIdentifier) next).b, "1.3.6.1.4.1.11129.2.4.2")) {
                arrayList2.add(next);
            }
        }
        ArrayList arrayList3 = new ArrayList(CollectionsKt.t(arrayList2, 10));
        Iterator it2 = arrayList2.iterator();
        while (it2.hasNext()) {
            ASN1ObjectIdentifier aSN1ObjectIdentifier2 = (ASN1ObjectIdentifier) it2.next();
            arrayList3.add((!Intrinsics.a(aSN1ObjectIdentifier2.b, "2.5.29.35") || extension == null) ? (Extension) extensions.b.get(aSN1ObjectIdentifier2) : extension);
        }
        return arrayList3;
    }

    public static void c(ByteArrayOutputStream byteArrayOutputStream, SignedCertificateTimestamp signedCertificateTimestamp) {
        if (!(signedCertificateTimestamp.a == Version.V1)) {
            throw new IllegalArgumentException("Can only serialize SCT v1 for now.".toString());
        }
        OutputStreamExtKt.a(byteArrayOutputStream, r0.getNumber(), 1);
        OutputStreamExtKt.a(byteArrayOutputStream, 0L, 1);
        OutputStreamExtKt.a(byteArrayOutputStream, signedCertificateTimestamp.c, 8);
    }

    public static byte[] d(java.security.cert.Certificate certificate, SignedCertificateTimestamp signedCertificateTimestamp) {
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        try {
            c(byteArrayOutputStream, signedCertificateTimestamp);
            OutputStreamExtKt.a(byteArrayOutputStream, 0L, 2);
            byte[] encoded = certificate.getEncoded();
            Intrinsics.e(encoded, "certificate.encoded");
            OutputStreamExtKt.b(byteArrayOutputStream, encoded, 16777215);
            OutputStreamExtKt.b(byteArrayOutputStream, signedCertificateTimestamp.e, Settings.DEFAULT_INITIAL_WINDOW_SIZE);
            byte[] byteArray = byteArrayOutputStream.toByteArray();
            CloseableKt.a(byteArrayOutputStream, null);
            Intrinsics.e(byteArray, "ByteArrayOutputStream().…t.toByteArray()\n        }");
            return byteArray;
        } finally {
        }
    }

    public static byte[] e(byte[] bArr, byte[] bArr2, SignedCertificateTimestamp signedCertificateTimestamp) {
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        try {
            c(byteArrayOutputStream, signedCertificateTimestamp);
            OutputStreamExtKt.a(byteArrayOutputStream, 1L, 2);
            byteArrayOutputStream.write(bArr2);
            OutputStreamExtKt.b(byteArrayOutputStream, bArr, 16777215);
            OutputStreamExtKt.b(byteArrayOutputStream, signedCertificateTimestamp.e, Settings.DEFAULT_INITIAL_WINDOW_SIZE);
            byte[] byteArray = byteArrayOutputStream.toByteArray();
            CloseableKt.a(byteArrayOutputStream, null);
            Intrinsics.e(byteArray, "ByteArrayOutputStream().…t.toByteArray()\n        }");
            return byteArray;
        } finally {
        }
    }

    public final SctVerificationResult f(SignedCertificateTimestamp signedCertificateTimestamp, byte[] bArr) {
        String str;
        SctVerificationResult signatureNotValid;
        LogServer logServer = this.a;
        boolean a = Intrinsics.a(logServer.a.getAlgorithm(), "EC");
        PublicKey publicKey = logServer.a;
        if (a) {
            str = "SHA256withECDSA";
        } else {
            if (!Intrinsics.a(publicKey.getAlgorithm(), "RSA")) {
                String algorithm = publicKey.getAlgorithm();
                Intrinsics.e(algorithm, "logServer.key.algorithm");
                return new UnsupportedSignatureAlgorithm(algorithm, null);
            }
            str = "SHA256withRSA";
        }
        try {
            Signature signature = Signature.getInstance(str);
            signature.initVerify(publicKey);
            signature.update(bArr);
            return signature.verify(signedCertificateTimestamp.d.c) ? SctVerificationResult.Valid.a : SctVerificationResult.Invalid.FailedVerification.a;
        } catch (InvalidKeyException e) {
            signatureNotValid = new LogPublicKeyNotValid(e);
            return signatureNotValid;
        } catch (NoSuchAlgorithmException e2) {
            signatureNotValid = new UnsupportedSignatureAlgorithm(str, e2);
            return signatureNotValid;
        } catch (SignatureException e3) {
            signatureNotValid = new SignatureNotValid(e3);
            return signatureNotValid;
        }
    }

    /* JADX WARN: Code restructure failed: missing block: B:51:0x00c0, code lost:
    
        if (r2 == false) goto L53;
     */
    /* JADX WARN: Removed duplicated region for block: B:40:0x009c  */
    /* JADX WARN: Removed duplicated region for block: B:42:0x009f  */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public final com.appmattus.certificatetransparency.SctVerificationResult g(com.appmattus.certificatetransparency.internal.verifier.model.SignedCertificateTimestamp r8, java.util.List<? extends java.security.cert.Certificate> r9) {
        /*
            Method dump skipped, instructions count: 330
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: com.appmattus.certificatetransparency.internal.verifier.LogSignatureVerifier.g(com.appmattus.certificatetransparency.internal.verifier.model.SignedCertificateTimestamp, java.util.List):com.appmattus.certificatetransparency.SctVerificationResult");
    }
}
