package com.appmattus.certificatetransparency.internal.verifier;

import com.appmattus.certificatetransparency.SctVerificationResult;
import com.appmattus.certificatetransparency.internal.serialization.OutputStreamExtKt;
import com.appmattus.certificatetransparency.internal.verifier.model.SignedCertificateTimestamp;
import com.appmattus.certificatetransparency.internal.verifier.model.Version;
import com.appmattus.certificatetransparency.loglist.LogServer;
import java.io.ByteArrayOutputStream;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.PublicKey;
import java.security.Signature;
import java.security.SignatureException;
import java.security.cert.X509Certificate;
import kotlin.Metadata;
import kotlin.io.CloseableKt;
import kotlin.jvm.internal.DefaultConstructorMarker;
import kotlin.jvm.internal.Intrinsics;
import kotlin.jvm.internal.SourceDebugExtension;
import okhttp3.internal.http2.Settings;

@Metadata(d1 = {"\u0000\f\n\u0002\u0018\u0002\n\u0002\u0018\u0002\n\u0002\b\u0002\b\u0000\u0018\u00002\u00020\u0001:\u0001\u0002¨\u0006\u0003"}, d2 = {"Lcom/appmattus/certificatetransparency/internal/verifier/LogSignatureVerifier;", "Lcom/appmattus/certificatetransparency/internal/verifier/SignatureVerifier;", "Companion", "certificatetransparency"}, k = 1, mv = {1, 8, 0})
@SourceDebugExtension
/* loaded from: classes3.dex */
public final class LogSignatureVerifier implements SignatureVerifier {
    public final LogServer logServer;

    @Metadata(d1 = {"\u0000\u001a\n\u0002\u0018\u0002\n\u0002\u0010\u0000\n\u0002\b\u0002\n\u0002\u0010\t\n\u0000\n\u0002\u0010\u000e\n\u0002\b\u0002\b\u0086\u0003\u0018\u00002\u00020\u0001B\u0007\b\u0002¢\u0006\u0002\u0010\u0002R\u000e\u0010\u0003\u001a\u00020\u0004X\u0082T¢\u0006\u0002\n\u0000R\u000e\u0010\u0005\u001a\u00020\u0006X\u0082T¢\u0006\u0002\n\u0000R\u000e\u0010\u0007\u001a\u00020\u0004X\u0082T¢\u0006\u0002\n\u0000¨\u0006\b"}, d2 = {"Lcom/appmattus/certificatetransparency/internal/verifier/LogSignatureVerifier$Companion;", "", "()V", "PRECERT_ENTRY", "", "X509_AUTHORITY_KEY_IDENTIFIER", "", "X509_ENTRY", "certificatetransparency"}, k = 1, mv = {1, 8, 0}, xi = 48)
    /* loaded from: classes3.dex */
    public static final class Companion {
        private Companion() {
        }

        public /* synthetic */ Companion(DefaultConstructorMarker defaultConstructorMarker) {
            this();
        }
    }

    static {
        new Companion(null);
    }

    public LogSignatureVerifier(LogServer logServer) {
        Intrinsics.checkNotNullParameter(logServer, "logServer");
        this.logServer = logServer;
    }

    /* JADX WARN: Code restructure failed: missing block: B:31:0x00b9, code lost:
    
        if (r7.equals("1.3.6.1.4.1.11129.2.4.3") == false) goto L43;
     */
    /* JADX WARN: Code restructure failed: missing block: B:32:0x00c5, code lost:
    
        r6 = null;
     */
    /* JADX WARN: Code restructure failed: missing block: B:34:0x00c2, code lost:
    
        if (r7.equals("1.3.6.1.4.1.11129.2.4.2") == false) goto L43;
     */
    /* JADX WARN: Failed to find 'out' block for switch in B:29:0x00af. Please report as an issue. */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public static com.appmattus.certificatetransparency.internal.utils.asn1.x509.TbsCertificate createTbsForVerification(java.security.cert.X509Certificate r9, com.appmattus.certificatetransparency.internal.verifier.model.IssuerInformation r10) {
        /*
            Method dump skipped, instructions count: 484
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: com.appmattus.certificatetransparency.internal.verifier.LogSignatureVerifier.createTbsForVerification(java.security.cert.X509Certificate, com.appmattus.certificatetransparency.internal.verifier.model.IssuerInformation):com.appmattus.certificatetransparency.internal.utils.asn1.x509.TbsCertificate");
    }

    public static void serializeCommonSctFields(ByteArrayOutputStream byteArrayOutputStream, SignedCertificateTimestamp signedCertificateTimestamp) {
        if (signedCertificateTimestamp.sctVersion != Version.V1) {
            throw new IllegalArgumentException("Can only serialize SCT v1 for now.".toString());
        }
        OutputStreamExtKt.writeUint(byteArrayOutputStream, r0.getNumber(), 1);
        OutputStreamExtKt.writeUint(byteArrayOutputStream, 0L, 1);
        OutputStreamExtKt.writeUint(byteArrayOutputStream, signedCertificateTimestamp.timestamp.toEpochMilli(), 8);
    }

    public static byte[] serializeSignedSctData(X509Certificate x509Certificate, SignedCertificateTimestamp signedCertificateTimestamp) {
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        try {
            serializeCommonSctFields(byteArrayOutputStream, signedCertificateTimestamp);
            OutputStreamExtKt.writeUint(byteArrayOutputStream, 0L, 2);
            byte[] encoded = x509Certificate.getEncoded();
            Intrinsics.checkNotNullExpressionValue(encoded, "certificate.encoded");
            OutputStreamExtKt.writeVariableLength(byteArrayOutputStream, encoded, 16777215);
            OutputStreamExtKt.writeVariableLength(byteArrayOutputStream, signedCertificateTimestamp.extensions, Settings.DEFAULT_INITIAL_WINDOW_SIZE);
            byte[] byteArray = byteArrayOutputStream.toByteArray();
            CloseableKt.closeFinally(byteArrayOutputStream, null);
            Intrinsics.checkNotNullExpressionValue(byteArray, "ByteArrayOutputStream().…t.toByteArray()\n        }");
            return byteArray;
        } finally {
        }
    }

    public static byte[] serializeSignedSctDataForPreCertificate(byte[] bArr, byte[] bArr2, SignedCertificateTimestamp signedCertificateTimestamp) {
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        try {
            serializeCommonSctFields(byteArrayOutputStream, signedCertificateTimestamp);
            OutputStreamExtKt.writeUint(byteArrayOutputStream, 1L, 2);
            byteArrayOutputStream.write(bArr2);
            OutputStreamExtKt.writeVariableLength(byteArrayOutputStream, bArr, 16777215);
            OutputStreamExtKt.writeVariableLength(byteArrayOutputStream, signedCertificateTimestamp.extensions, Settings.DEFAULT_INITIAL_WINDOW_SIZE);
            byte[] byteArray = byteArrayOutputStream.toByteArray();
            CloseableKt.closeFinally(byteArrayOutputStream, null);
            Intrinsics.checkNotNullExpressionValue(byteArray, "ByteArrayOutputStream().…t.toByteArray()\n        }");
            return byteArray;
        } finally {
        }
    }

    public final SctVerificationResult verifySctSignatureOverBytes(SignedCertificateTimestamp signedCertificateTimestamp, byte[] bArr) {
        String str;
        LogServer logServer = this.logServer;
        String algorithm = logServer.key.getAlgorithm();
        boolean areEqual = Intrinsics.areEqual(algorithm, "EC");
        PublicKey publicKey = logServer.key;
        if (areEqual) {
            str = "SHA256withECDSA";
        } else {
            if (!Intrinsics.areEqual(algorithm, "RSA")) {
                String algorithm2 = publicKey.getAlgorithm();
                Intrinsics.checkNotNullExpressionValue(algorithm2, "logServer.key.algorithm");
                return new UnsupportedSignatureAlgorithm(algorithm2, null);
            }
            str = "SHA256withRSA";
        }
        try {
            Signature signature = Signature.getInstance(str);
            signature.initVerify(publicKey);
            signature.update(bArr);
            return signature.verify(signedCertificateTimestamp.signature.signature) ? new SctVerificationResult.Valid(signedCertificateTimestamp, logServer.operatorAt(signedCertificateTimestamp.timestamp)) : SctVerificationResult.Invalid.FailedVerification.INSTANCE;
        } catch (InvalidKeyException e) {
            return new LogPublicKeyNotValid(e);
        } catch (NoSuchAlgorithmException e2) {
            return new UnsupportedSignatureAlgorithm(str, e2);
        } catch (SignatureException e3) {
            return new SignatureNotValid(e3);
        }
    }

    /* JADX WARN: Code restructure failed: missing block: B:29:0x00a8, code lost:
    
        if (r2.contains("1.3.6.1.4.1.11129.2.4.4") == true) goto L44;
     */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public final com.appmattus.certificatetransparency.SctVerificationResult verifySignature(com.appmattus.certificatetransparency.internal.verifier.model.SignedCertificateTimestamp r8, java.util.List r9) {
        /*
            Method dump skipped, instructions count: 318
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: com.appmattus.certificatetransparency.internal.verifier.LogSignatureVerifier.verifySignature(com.appmattus.certificatetransparency.internal.verifier.model.SignedCertificateTimestamp, java.util.List):com.appmattus.certificatetransparency.SctVerificationResult");
    }
}
