package z2;

import bn.q;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.io.OutputStream;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.Signature;
import java.security.SignatureException;
import java.security.cert.Certificate;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateParsingException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.List;
import pm.s;
import q2.d;
import vo.j1;
import vo.p;
import vo.v;

/* compiled from: LogSignatureVerifier.kt */
/* loaded from: classes.dex */
public final class i {

    /* renamed from: b, reason: collision with root package name */
    public static final a f23778b = new a(null);

    /* renamed from: a, reason: collision with root package name */
    private final b3.d f23779a;

    /* compiled from: LogSignatureVerifier.kt */
    /* loaded from: classes.dex */
    public static final class a {
        private a() {
        }

        public /* synthetic */ a(bn.j jVar) {
            this();
        }
    }

    public i(b3.d dVar) {
        q.g(dVar, "logServer");
        this.f23779a = dVar;
    }

    private final pp.h a(X509Certificate x509Certificate, a3.c cVar) {
        boolean z10 = true;
        if (!(x509Certificate.getVersion() >= 3)) {
            throw new IllegalArgumentException("Failed requirement.".toString());
        }
        p pVar = new p(x509Certificate.getEncoded());
        try {
            pp.b n10 = pp.b.n(pVar.p());
            q.f(n10, "parsedPreCertificate");
            if (c(n10) && cVar.a()) {
                if (cVar.d() == null) {
                    z10 = false;
                }
                if (!z10) {
                    throw new IllegalArgumentException("Failed requirement.".toString());
                }
            }
            pp.e r10 = n10.s().r();
            q.f(r10, "parsedPreCertificate.tbsCertificate.extensions");
            List<pp.d> b10 = b(r10, cVar.d());
            pp.j jVar = new pp.j();
            pp.h s10 = n10.s();
            jVar.f(s10.x());
            jVar.g(s10.z());
            np.c c10 = cVar.c();
            if (c10 == null) {
                c10 = s10.u();
            }
            jVar.d(c10);
            jVar.h(s10.A());
            jVar.b(s10.n());
            jVar.i(s10.B());
            jVar.j(s10.C());
            jVar.e((j1) s10.w());
            jVar.k((j1) s10.D());
            Object[] array = b10.toArray(new pp.d[0]);
            if (array == null) {
                throw new NullPointerException("null cannot be cast to non-null type kotlin.Array<T of kotlin.collections.ArraysKt__ArraysJVMKt.toTypedArray>");
            }
            jVar.c(new pp.e((pp.d[]) array));
            pp.h a10 = jVar.a();
            ym.c.a(pVar, null);
            q.f(a10, "ASN1InputStream(preCerti…BSCertificate()\n        }");
            return a10;
        } finally {
        }
    }

    private final List<pp.d> b(pp.e eVar, pp.d dVar) {
        int s10;
        v[] r10 = eVar.r();
        q.f(r10, "extensions.extensionOIDs");
        ArrayList arrayList = new ArrayList();
        for (v vVar : r10) {
            if (!q.c(vVar.H(), "1.3.6.1.4.1.11129.2.4.3")) {
                arrayList.add(vVar);
            }
        }
        ArrayList<v> arrayList2 = new ArrayList();
        for (Object obj : arrayList) {
            if (!q.c(((v) obj).H(), "1.3.6.1.4.1.11129.2.4.2")) {
                arrayList2.add(obj);
            }
        }
        s10 = s.s(arrayList2, 10);
        ArrayList arrayList3 = new ArrayList(s10);
        for (v vVar2 : arrayList2) {
            arrayList3.add((!q.c(vVar2.H(), "2.5.29.35") || dVar == null) ? eVar.n(vVar2) : dVar);
        }
        return arrayList3;
    }

    private final boolean c(pp.b bVar) {
        return bVar.s().r().n(new v("2.5.29.35")) != null;
    }

    private final void d(OutputStream outputStream, a3.e eVar) {
        if (!(eVar.c() == a3.f.V1)) {
            throw new IllegalArgumentException("Can only serialize SCT v1 for now.".toString());
        }
        x2.c.a(outputStream, eVar.c().h(), 1);
        x2.c.a(outputStream, 0L, 1);
        x2.c.a(outputStream, eVar.e(), 8);
    }

    private final byte[] e(Certificate certificate, a3.e eVar) {
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        try {
            d(byteArrayOutputStream, eVar);
            x2.c.a(byteArrayOutputStream, 0L, 2);
            byte[] encoded = certificate.getEncoded();
            q.f(encoded, "certificate.encoded");
            x2.c.b(byteArrayOutputStream, encoded, 16777215);
            x2.c.b(byteArrayOutputStream, eVar.a(), 65535);
            byte[] byteArray = byteArrayOutputStream.toByteArray();
            ym.c.a(byteArrayOutputStream, null);
            q.f(byteArray, "ByteArrayOutputStream().…t.toByteArray()\n        }");
            return byteArray;
        } finally {
        }
    }

    private final byte[] f(byte[] bArr, byte[] bArr2, a3.e eVar) {
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        try {
            d(byteArrayOutputStream, eVar);
            x2.c.a(byteArrayOutputStream, 1L, 2);
            byteArrayOutputStream.write(bArr2);
            x2.c.b(byteArrayOutputStream, bArr, 16777215);
            x2.c.b(byteArrayOutputStream, eVar.a(), 65535);
            byte[] byteArray = byteArrayOutputStream.toByteArray();
            ym.c.a(byteArrayOutputStream, null);
            q.f(byteArray, "ByteArrayOutputStream().…t.toByteArray()\n        }");
            return byteArray;
        } finally {
        }
    }

    private final q2.d h(a3.e eVar, byte[] bArr) {
        String str;
        q2.d lVar;
        if (q.c(this.f23779a.b().getAlgorithm(), "EC")) {
            str = "SHA256withECDSA";
        } else {
            if (!q.c(this.f23779a.b().getAlgorithm(), "RSA")) {
                String algorithm = this.f23779a.b().getAlgorithm();
                q.f(algorithm, "logServer.key.algorithm");
                return new m(algorithm, null, 2, null);
            }
            str = "SHA256withRSA";
        }
        try {
            Signature signature = Signature.getInstance(str);
            signature.initVerify(this.f23779a.b());
            signature.update(bArr);
            return signature.verify(eVar.d().a()) ? d.b.f17865a : d.a.b.f17859a;
        } catch (InvalidKeyException e10) {
            lVar = new h(e10);
            return lVar;
        } catch (NoSuchAlgorithmException e11) {
            lVar = new m(str, e11);
            return lVar;
        } catch (SignatureException e12) {
            lVar = new l(e12);
            return lVar;
        }
    }

    public final q2.d g(a3.e eVar, X509Certificate x509Certificate, a3.c cVar) {
        b bVar;
        q.g(eVar, "sct");
        q.g(x509Certificate, "certificate");
        q.g(cVar, "issuerInfo");
        try {
            byte[] encoded = a(x509Certificate, cVar).getEncoded();
            q.f(encoded, "preCertificateTBS.encoded");
            return h(eVar, f(encoded, cVar.b(), eVar));
        } catch (IOException e10) {
            bVar = new b(e10);
            return bVar;
        } catch (CertificateException e11) {
            bVar = new b(e11);
            return bVar;
        }
    }

    public q2.d i(a3.e eVar, List<? extends Certificate> list) {
        a3.c d10;
        b bVar;
        q.g(eVar, "sct");
        q.g(list, "chain");
        long currentTimeMillis = System.currentTimeMillis();
        if (eVar.e() > currentTimeMillis) {
            return new d.a.C0429d(eVar.e(), currentTimeMillis);
        }
        if (this.f23779a.c() != null && eVar.e() > this.f23779a.c().longValue()) {
            return new d.a.e(eVar.e(), this.f23779a.c().longValue());
        }
        if (!Arrays.equals(this.f23779a.a(), eVar.b().a())) {
            String c10 = pr.a.c(eVar.b().a());
            q.f(c10, "toBase64String(sct.id.keyId)");
            String c11 = pr.a.c(this.f23779a.a());
            q.f(c11, "toBase64String(logServer.id)");
            return new g(c10, c11);
        }
        Certificate certificate = list.get(0);
        if (!y2.b.b(certificate) && !y2.b.a(certificate)) {
            try {
                return h(eVar, e(certificate, eVar));
            } catch (IOException e10) {
                bVar = new b(e10);
                return bVar;
            } catch (CertificateEncodingException e11) {
                bVar = new b(e11);
                return bVar;
            }
        }
        if (list.size() < 2) {
            return j.f23780a;
        }
        Certificate certificate2 = list.get(1);
        try {
            if (!y2.b.c(certificate2)) {
                try {
                    d10 = y2.b.d(certificate2);
                } catch (NoSuchAlgorithmException e12) {
                    return new m("SHA-256", e12);
                }
            } else {
                if (list.size() < 3) {
                    return k.f23781a;
                }
                try {
                    d10 = y2.b.e(certificate2, list.get(2));
                } catch (IOException e13) {
                    return new z2.a(e13);
                } catch (NoSuchAlgorithmException e14) {
                    return new m("SHA-256", e14);
                } catch (CertificateEncodingException e15) {
                    return new b(e15);
                }
            }
            return g(eVar, (X509Certificate) certificate, d10);
        } catch (CertificateParsingException e16) {
            return new c(e16);
        }
    }
}
