package org.bouncycastle.tls.crypto.impl.jcajce;

import com.android.tools.r8.GeneratedOutlineSupport;
import com.visualon.OSMPUtils.voOSType;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.security.GeneralSecurityException;
import java.security.PublicKey;
import java.security.cert.CertificateEncodingException;
import java.security.cert.X509Certificate;
import java.security.interfaces.DSAPublicKey;
import java.security.interfaces.ECPublicKey;
import java.security.interfaces.RSAPublicKey;
import javax.crypto.interfaces.DHPublicKey;
import org.bouncycastle.asn1.ASN1Encodable;
import org.bouncycastle.asn1.ASN1ObjectIdentifier;
import org.bouncycastle.asn1.ASN1OctetString;
import org.bouncycastle.asn1.ASN1Primitive;
import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
import org.bouncycastle.asn1.x509.Certificate;
import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo;
import org.bouncycastle.asn1.x509.X509ObjectIdentifiers;
import org.bouncycastle.jcajce.util.JcaJceHelper;
import org.bouncycastle.tls.TlsFatalAlert;
import org.bouncycastle.tls.TlsUtils;
import org.bouncycastle.tls.crypto.TlsCryptoException;
import org.bouncycastle.tls.crypto.TlsEncryptor;
import org.bouncycastle.tls.crypto.TlsVerifier;

/* loaded from: classes4.dex */
public class JcaTlsCertificate {
    protected final X509Certificate certificate;
    protected final JcaTlsCrypto crypto;
    protected DHPublicKey pubKeyDH;
    protected PublicKey pubKeyRSA;

    public JcaTlsCertificate(JcaTlsCrypto jcaTlsCrypto, X509Certificate x509Certificate) {
        this.pubKeyRSA = null;
        this.crypto = jcaTlsCrypto;
        this.certificate = x509Certificate;
    }

    public JcaTlsCertificate(JcaTlsCrypto jcaTlsCrypto, byte[] bArr) throws IOException {
        JcaJceHelper helper = jcaTlsCrypto.getHelper();
        try {
            ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(Certificate.getInstance(TlsUtils.readASN1Object(bArr)).getEncoded("DER"));
            X509Certificate x509Certificate = (X509Certificate) helper.createCertificateFactory("X.509").generateCertificate(byteArrayInputStream);
            if (byteArrayInputStream.available() != 0) {
                throw new IOException("Extra data detected in stream");
            }
            this.pubKeyRSA = null;
            this.crypto = jcaTlsCrypto;
            this.certificate = x509Certificate;
        } catch (GeneralSecurityException e2) {
            throw new TlsCryptoException("unable to decode certificate", e2);
        }
    }

    public static JcaTlsCertificate convert(JcaTlsCrypto jcaTlsCrypto, JcaTlsCertificate jcaTlsCertificate) throws IOException {
        return jcaTlsCertificate instanceof JcaTlsCertificate ? jcaTlsCertificate : new JcaTlsCertificate(jcaTlsCrypto, jcaTlsCertificate.getEncoded());
    }

    public JcaTlsCertificate checkUsageInRole(int i2) throws IOException {
        if (i2 != 1) {
            if (i2 != 2) {
                throw new TlsFatalAlert((short) 46);
            }
            validateKeyUsageBit(4);
            getPubKeyEC();
            return this;
        }
        validateKeyUsageBit(4);
        try {
            this.pubKeyDH = (DHPublicKey) getPublicKey();
            return this;
        } catch (ClassCastException e2) {
            throw new TlsFatalAlert((short) 46, (Throwable) e2);
        }
    }

    public TlsEncryptor createEncryptor(int i2) throws IOException {
        validateKeyUsageBit(2);
        if (i2 != 3) {
            throw new TlsFatalAlert((short) 46);
        }
        PublicKey publicKey = getPublicKey();
        this.pubKeyRSA = publicKey;
        return new JcaTlsRSAEncryptor(this.crypto, publicKey);
    }

    public TlsVerifier createVerifier(int i2) throws IOException {
        validateKeyUsageBit(0);
        if (i2 != 513) {
            if (i2 != 515) {
                if (i2 != 1025) {
                    if (i2 != 1027) {
                        if (i2 != 1281) {
                            if (i2 != 1283) {
                                if (i2 != 1537) {
                                    if (i2 != 1539) {
                                        switch (i2) {
                                            case 2052:
                                            case 2053:
                                            case 2054:
                                                if (supportsRSA_PSS_RSAE()) {
                                                    return new JcaTlsRSAPSSVerifier(this.crypto, getPublicKey(), i2);
                                                }
                                                throw new TlsFatalAlert((short) 46);
                                            case 2055:
                                                JcaTlsCrypto jcaTlsCrypto = this.crypto;
                                                PublicKey publicKey = getPublicKey();
                                                if ("Ed25519".equals(publicKey.getAlgorithm())) {
                                                    return new JcaTlsEd25519Verifier(jcaTlsCrypto, publicKey);
                                                }
                                                throw new TlsFatalAlert((short) 46);
                                            case 2056:
                                                JcaTlsCrypto jcaTlsCrypto2 = this.crypto;
                                                PublicKey publicKey2 = getPublicKey();
                                                if ("Ed448".equals(publicKey2.getAlgorithm())) {
                                                    return new JcaTlsEd448Verifier(jcaTlsCrypto2, publicKey2);
                                                }
                                                throw new TlsFatalAlert((short) 46);
                                            case 2057:
                                            case 2058:
                                            case 2059:
                                                if (org.bouncycastle.tls.crypto.impl.RSAUtil.supportsPSS_PSS((short) (i2 & voOSType.VOOSMP_SRC_CHUNK_UNKNOWN), getSubjectPublicKeyInfo().getAlgorithm())) {
                                                    return new JcaTlsRSAPSSVerifier(this.crypto, getPublicKey(), i2);
                                                }
                                                throw new TlsFatalAlert((short) 46);
                                            default:
                                                switch (i2) {
                                                    case 2074:
                                                    case 2075:
                                                    case 2076:
                                                        break;
                                                    default:
                                                        throw new TlsFatalAlert((short) 46);
                                                }
                                        }
                                    }
                                }
                            }
                        }
                    }
                }
            }
            return new JcaTlsECDSA13Verifier(this.crypto, getPubKeyEC(), i2);
        }
        if (supportsRSA_PKCS1()) {
            return new JcaTlsRSAVerifier(this.crypto, getPublicKey());
        }
        throw new TlsFatalAlert((short) 46);
    }

    public TlsVerifier createVerifier(short s2) throws IOException {
        switch (s2) {
            case 4:
            case 5:
            case 6:
            case 7:
            case 8:
            case 9:
            case 10:
            case 11:
                return createVerifier((s2 & 255) | 2048);
            default:
                validateKeyUsageBit(0);
                if (s2 == 1) {
                    if (supportsRSA_PKCS1()) {
                        return new JcaTlsRSAVerifier(this.crypto, getPublicKey());
                    }
                    throw new TlsFatalAlert((short) 46);
                }
                if (s2 != 2) {
                    if (s2 == 3) {
                        return new JcaTlsECDSAVerifier(this.crypto, getPubKeyEC());
                    }
                    throw new TlsFatalAlert((short) 46);
                }
                try {
                    return new JcaTlsDSAVerifier(this.crypto, (DSAPublicKey) getPublicKey());
                } catch (ClassCastException e2) {
                    throw new TlsFatalAlert((short) 46, (Throwable) e2);
                }
        }
    }

    public byte[] getEncoded() throws IOException {
        try {
            return this.certificate.getEncoded();
        } catch (CertificateEncodingException e2) {
            StringBuilder outline65 = GeneratedOutlineSupport.outline65("unable to encode certificate: ");
            outline65.append(e2.getMessage());
            throw new TlsCryptoException(outline65.toString(), e2);
        }
    }

    public byte[] getExtension(ASN1ObjectIdentifier aSN1ObjectIdentifier) throws IOException {
        byte[] extensionValue = this.certificate.getExtensionValue(aSN1ObjectIdentifier.getId());
        if (extensionValue == null) {
            return null;
        }
        return ((ASN1OctetString) ASN1Primitive.fromByteArray(extensionValue)).getOctets();
    }

    public short getLegacySignatureAlgorithm() throws IOException {
        PublicKey publicKey = getPublicKey();
        if (!supportsKeyUsageBit(0)) {
            return (short) -1;
        }
        if (publicKey instanceof RSAPublicKey) {
            return (short) 1;
        }
        if (publicKey instanceof DSAPublicKey) {
            return (short) 2;
        }
        return publicKey instanceof ECPublicKey ? (short) 3 : (short) -1;
    }

    ECPublicKey getPubKeyEC() throws IOException {
        try {
            return (ECPublicKey) getPublicKey();
        } catch (ClassCastException e2) {
            throw new TlsFatalAlert((short) 46, (Throwable) e2);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public PublicKey getPublicKey() throws IOException {
        try {
            return this.certificate.getPublicKey();
        } catch (RuntimeException e2) {
            throw new TlsFatalAlert((short) 42, (Throwable) e2);
        }
    }

    public String getSigAlgOID() {
        return this.certificate.getSigAlgOID();
    }

    public ASN1Encodable getSigAlgParams() throws IOException {
        byte[] sigAlgParams = this.certificate.getSigAlgParams();
        if (sigAlgParams == null) {
            return null;
        }
        ASN1Primitive readASN1Object = TlsUtils.readASN1Object(sigAlgParams);
        TlsUtils.requireDEREncoding(readASN1Object, sigAlgParams);
        return readASN1Object;
    }

    protected SubjectPublicKeyInfo getSubjectPublicKeyInfo() throws IOException {
        return SubjectPublicKeyInfo.getInstance(getPublicKey().getEncoded());
    }

    public X509Certificate getX509Certificate() {
        return this.certificate;
    }

    /* JADX WARN: Can't fix incorrect switch cases order, some code will duplicate */
    /* JADX WARN: Failed to find 'out' block for switch in B:2:0x0006. Please report as an issue. */
    /* JADX WARN: Removed duplicated region for block: B:33:0x004e  */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    protected boolean implSupportsSignatureAlgorithm(short r5) throws java.io.IOException {
        /*
            r4 = this;
            java.security.PublicKey r0 = r4.getPublicKey()
            r1 = 0
            r2 = 1
            switch(r5) {
                case 1: goto L42;
                case 2: goto L3f;
                case 3: goto L4e;
                case 4: goto L33;
                case 5: goto L33;
                case 6: goto L33;
                case 7: goto L28;
                case 8: goto L21;
                case 9: goto Ld;
                case 10: goto Ld;
                case 11: goto Ld;
                default: goto L9;
            }
        L9:
            switch(r5) {
                case 26: goto L4e;
                case 27: goto L4e;
                case 28: goto L4e;
                default: goto Lc;
            }
        Lc:
            return r1
        Ld:
            org.bouncycastle.asn1.x509.SubjectPublicKeyInfo r3 = r4.getSubjectPublicKeyInfo()
            org.bouncycastle.asn1.x509.AlgorithmIdentifier r3 = r3.getAlgorithm()
            boolean r5 = org.bouncycastle.tls.crypto.impl.RSAUtil.supportsPSS_PSS(r5, r3)
            if (r5 == 0) goto L20
            boolean r5 = r0 instanceof java.security.interfaces.RSAPublicKey
            if (r5 == 0) goto L20
            r1 = 1
        L20:
            return r1
        L21:
            java.lang.String r5 = r0.getAlgorithm()
            java.lang.String r0 = "Ed448"
            goto L2e
        L28:
            java.lang.String r5 = r0.getAlgorithm()
            java.lang.String r0 = "Ed25519"
        L2e:
            boolean r5 = r0.equals(r5)
            return r5
        L33:
            boolean r5 = r4.supportsRSA_PSS_RSAE()
            if (r5 == 0) goto L3e
            boolean r5 = r0 instanceof java.security.interfaces.RSAPublicKey
            if (r5 == 0) goto L3e
            r1 = 1
        L3e:
            return r1
        L3f:
            boolean r5 = r0 instanceof java.security.interfaces.DSAPublicKey
            return r5
        L42:
            boolean r5 = r4.supportsRSA_PKCS1()
            if (r5 == 0) goto L4d
            boolean r5 = r0 instanceof java.security.interfaces.RSAPublicKey
            if (r5 == 0) goto L4d
            r1 = 1
        L4d:
            return r1
        L4e:
            boolean r5 = r0 instanceof java.security.interfaces.ECPublicKey
            return r5
        */
        throw new UnsupportedOperationException("Method not decompiled: org.bouncycastle.tls.crypto.impl.jcajce.JcaTlsCertificate.implSupportsSignatureAlgorithm(short):boolean");
    }

    protected boolean supportsKeyUsageBit(int i2) {
        boolean[] keyUsage = this.certificate.getKeyUsage();
        return keyUsage == null || (keyUsage.length > i2 && keyUsage[i2]);
    }

    protected boolean supportsRSA_PKCS1() throws IOException {
        AlgorithmIdentifier algorithm = getSubjectPublicKeyInfo().getAlgorithm();
        int i2 = org.bouncycastle.tls.crypto.impl.RSAUtil.$r8$clinit;
        ASN1ObjectIdentifier algorithm2 = algorithm.getAlgorithm();
        return PKCSObjectIdentifiers.rsaEncryption.equals((ASN1Primitive) algorithm2) || X509ObjectIdentifiers.id_ea_rsa.equals((ASN1Primitive) algorithm2);
    }

    protected boolean supportsRSA_PSS_RSAE() throws IOException {
        AlgorithmIdentifier algorithm = getSubjectPublicKeyInfo().getAlgorithm();
        int i2 = org.bouncycastle.tls.crypto.impl.RSAUtil.$r8$clinit;
        return PKCSObjectIdentifiers.rsaEncryption.equals((ASN1Primitive) algorithm.getAlgorithm());
    }

    public boolean supportsSignatureAlgorithm(short s2) throws IOException {
        if (supportsKeyUsageBit(0)) {
            return implSupportsSignatureAlgorithm(s2);
        }
        return false;
    }

    public boolean supportsSignatureAlgorithmCA(short s2) throws IOException {
        return implSupportsSignatureAlgorithm(s2);
    }

    protected void validateKeyUsageBit(int i2) throws IOException {
        if (!supportsKeyUsageBit(i2)) {
            throw new TlsFatalAlert((short) 46);
        }
    }
}
