package de.authada.mobile.org.spongycastle.tls.crypto.impl.jcajce;

import de.authada.mobile.org.spongycastle.asn1.ASN1ObjectIdentifier;
import de.authada.mobile.org.spongycastle.asn1.ASN1OctetString;
import de.authada.mobile.org.spongycastle.asn1.ASN1Primitive;
import de.authada.mobile.org.spongycastle.asn1.x509.Certificate;
import de.authada.mobile.org.spongycastle.asn1.x509.Extensions;
import de.authada.mobile.org.spongycastle.asn1.x509.KeyUsage;
import de.authada.mobile.org.spongycastle.asn1.x509.TBSCertificate;
import de.authada.mobile.org.spongycastle.jcajce.util.JcaJceHelper;
import de.authada.mobile.org.spongycastle.tls.TlsFatalAlert;
import de.authada.mobile.org.spongycastle.tls.crypto.TlsCertificate;
import de.authada.mobile.org.spongycastle.tls.crypto.TlsCryptoException;
import de.authada.mobile.org.spongycastle.tls.crypto.TlsVerifier;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.math.BigInteger;
import java.security.GeneralSecurityException;
import java.security.PublicKey;
import java.security.cert.CertificateEncodingException;
import java.security.cert.X509Certificate;
import java.security.interfaces.DSAPublicKey;
import java.security.interfaces.ECPublicKey;
import java.security.interfaces.RSAPublicKey;
import javax.crypto.interfaces.DHPublicKey;

/* loaded from: classes4.dex */
public class JcaTlsCertificate implements TlsCertificate {
    protected final X509Certificate certificate;
    protected final JcaTlsCrypto crypto;
    protected DHPublicKey pubKeyDH;
    protected ECPublicKey pubKeyEC;
    protected RSAPublicKey pubKeyRSA;

    public JcaTlsCertificate(JcaTlsCrypto jcaTlsCrypto, X509Certificate x509Certificate) {
        this.pubKeyDH = null;
        this.pubKeyEC = null;
        this.pubKeyRSA = null;
        this.crypto = jcaTlsCrypto;
        this.certificate = x509Certificate;
    }

    public JcaTlsCertificate(JcaTlsCrypto jcaTlsCrypto, byte[] bArr) throws IOException {
        this(jcaTlsCrypto, parseCertificate(jcaTlsCrypto.getHelper(), bArr));
    }

    public static JcaTlsCertificate convert(JcaTlsCrypto jcaTlsCrypto, TlsCertificate tlsCertificate) throws IOException {
        return tlsCertificate instanceof JcaTlsCertificate ? (JcaTlsCertificate) tlsCertificate : new JcaTlsCertificate(jcaTlsCrypto, tlsCertificate.getEncoded());
    }

    public static X509Certificate parseCertificate(JcaJceHelper jcaJceHelper, byte[] bArr) throws IOException {
        try {
            ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(Certificate.getInstance(bArr).getEncoded("DER"));
            X509Certificate x509Certificate = (X509Certificate) jcaJceHelper.createCertificateFactory("X.509").generateCertificate(byteArrayInputStream);
            if (byteArrayInputStream.available() == 0) {
                return x509Certificate;
            }
            throw new IOException("Extra data detected in stream");
        } catch (GeneralSecurityException e) {
            throw new TlsCryptoException("unable to decode certificate", e);
        }
    }

    @Override // de.authada.mobile.org.spongycastle.tls.crypto.TlsCertificate
    public TlsVerifier createVerifier(short s) throws IOException {
        validateKeyUsage(128);
        if (s == 1) {
            return new JcaTlsRSAVerifier(getPubKeyRSA(), this.crypto.getHelper());
        }
        if (s == 2) {
            return new JcaTlsDSAVerifier(getPubKeyDSS(), this.crypto.getHelper());
        }
        if (s == 3) {
            return new JcaTlsECDSAVerifier(getPubKeyEC(), this.crypto.getHelper());
        }
        throw new TlsFatalAlert((short) 46);
    }

    @Override // de.authada.mobile.org.spongycastle.tls.crypto.TlsCertificate
    public short getClientCertificateType() throws IOException {
        PublicKey publicKey = getPublicKey();
        try {
            if (publicKey instanceof RSAPublicKey) {
                validateKeyUsage(128);
                return (short) 1;
            }
            if (publicKey instanceof DSAPublicKey) {
                validateKeyUsage(128);
                return (short) 2;
            }
            if (!(publicKey instanceof ECPublicKey)) {
                throw new TlsFatalAlert((short) 43);
            }
            validateKeyUsage(128);
            return (short) 64;
        } catch (IOException e) {
            throw e;
        } catch (Exception e2) {
            throw new TlsFatalAlert((short) 43, e2);
        }
    }

    @Override // de.authada.mobile.org.spongycastle.tls.crypto.TlsCertificate
    public byte[] getEncoded() throws IOException {
        try {
            return this.certificate.getEncoded();
        } catch (CertificateEncodingException e) {
            throw new TlsCryptoException("unable to encode certificate: " + e.getMessage(), e);
        }
    }

    @Override // de.authada.mobile.org.spongycastle.tls.crypto.TlsCertificate
    public byte[] getExtension(ASN1ObjectIdentifier aSN1ObjectIdentifier) throws IOException {
        byte[] extensionValue = this.certificate.getExtensionValue(aSN1ObjectIdentifier.getId());
        if (extensionValue == null) {
            return null;
        }
        return ((ASN1OctetString) ASN1Primitive.fromByteArray(extensionValue)).getOctets();
    }

    DHPublicKey getPubKeyDH() throws IOException {
        try {
            return validatePubKeyDH((DHPublicKey) getPublicKey());
        } catch (ClassCastException e) {
            throw new TlsFatalAlert((short) 46, e);
        }
    }

    DSAPublicKey getPubKeyDSS() throws IOException {
        try {
            return validatePubKeyDSS((DSAPublicKey) getPublicKey());
        } catch (ClassCastException e) {
            throw new TlsFatalAlert((short) 46, e);
        }
    }

    ECPublicKey getPubKeyEC() throws IOException {
        try {
            return validatePubKeyEC((ECPublicKey) getPublicKey());
        } catch (ClassCastException e) {
            throw new TlsFatalAlert((short) 46, e);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public RSAPublicKey getPubKeyRSA() throws IOException {
        try {
            return validatePubKeyRSA((RSAPublicKey) getPublicKey());
        } catch (ClassCastException e) {
            throw new TlsFatalAlert((short) 46, e);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public PublicKey getPublicKey() throws IOException {
        try {
            return this.certificate.getPublicKey();
        } catch (RuntimeException e) {
            throw new TlsFatalAlert((short) 43, e);
        }
    }

    @Override // de.authada.mobile.org.spongycastle.tls.crypto.TlsCertificate
    public BigInteger getSerialNumber() {
        return this.certificate.getSerialNumber();
    }

    public X509Certificate getX509Certificate() {
        return this.certificate;
    }

    @Override // de.authada.mobile.org.spongycastle.tls.crypto.TlsCertificate
    public TlsCertificate useInRole(int i, int i2) throws IOException {
        if (i2 == 7 || i2 == 9) {
            validateKeyUsage(8);
            this.pubKeyDH = getPubKeyDH();
            return this;
        }
        if (i2 == 16 || i2 == 18) {
            validateKeyUsage(8);
            this.pubKeyEC = getPubKeyEC();
            return this;
        }
        if (i != 0 || (i2 != 1 && i2 != 15)) {
            throw new TlsFatalAlert((short) 46);
        }
        validateKeyUsage(32);
        this.pubKeyRSA = getPubKeyRSA();
        return this;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void validateKeyUsage(int i) throws IOException {
        KeyUsage fromExtensions;
        try {
            Extensions extensions = TBSCertificate.getInstance(this.certificate.getTBSCertificate()).getExtensions();
            if (extensions != null && (fromExtensions = KeyUsage.fromExtensions(extensions)) != null && (fromExtensions.getBytes()[0] & 255 & i) != i) {
                throw new TlsFatalAlert((short) 46);
            }
        } catch (CertificateEncodingException e) {
            throw new TlsCryptoException("unable to parse certificate extensions: " + e.getMessage(), e);
        }
    }

    protected DHPublicKey validatePubKeyDH(DHPublicKey dHPublicKey) throws IOException {
        return dHPublicKey;
    }

    protected DSAPublicKey validatePubKeyDSS(DSAPublicKey dSAPublicKey) throws IOException {
        return dSAPublicKey;
    }

    protected ECPublicKey validatePubKeyEC(ECPublicKey eCPublicKey) throws IOException {
        return eCPublicKey;
    }

    protected RSAPublicKey validatePubKeyRSA(RSAPublicKey rSAPublicKey) throws IOException {
        return rSAPublicKey;
    }
}
