package ff;

import com.safelogic.cryptocomply.asn1.oiw.OIWObjectIdentifiers;
import com.safelogic.cryptocomply.asn1.x509.KeyPurposeId;
import com.safelogic.cryptocomply.asn1.x9.X9ObjectIdentifiers;
import com.safelogic.cryptocomply.jcajce.util.JcaJceHelper;
import com.safelogic.cryptocomply.util.Arrays;
import java.security.AlgorithmParameters;
import java.security.GeneralSecurityException;
import java.security.cert.CertPathValidatorException;
import java.security.cert.Certificate;
import java.security.cert.CertificateParsingException;
import java.security.cert.PKIXCertPathChecker;
import java.security.cert.X509Certificate;
import java.util.Collection;
import java.util.Collections;
import java.util.HashMap;
import java.util.HashSet;
import java.util.List;
import java.util.Map;
import java.util.Set;

/* loaded from: classes.dex */
public final class k0 extends PKIXCertPathChecker {

    /* renamed from: d, reason: collision with root package name */
    public static final Map<String, String> f7276d = e();

    /* renamed from: e, reason: collision with root package name */
    public static final Set<String> f7277e = f();

    /* renamed from: f, reason: collision with root package name */
    public static final byte[] f7278f = {5, 0};

    /* renamed from: a, reason: collision with root package name */
    public final JcaJceHelper f7279a;

    /* renamed from: b, reason: collision with root package name */
    public final ef.a f7280b;

    /* renamed from: c, reason: collision with root package name */
    public X509Certificate f7281c;

    public k0(JcaJceHelper jcaJceHelper, l0 l0Var) {
        if (jcaJceHelper == null) {
            throw new NullPointerException("'helper' cannot be null");
        }
        if (l0Var == null) {
            throw new NullPointerException("'algorithmConstraints' cannot be null");
        }
        this.f7279a = jcaJceHelper;
        this.f7280b = l0Var;
        this.f7281c = null;
    }

    public static void b(JcaJceHelper jcaJceHelper, l0 l0Var, Set set, X509Certificate[] x509CertificateArr, KeyPurposeId keyPurposeId, int i10) {
        int length = x509CertificateArr.length;
        while (length > 0) {
            int i11 = length - 1;
            if (!set.contains(x509CertificateArr[i11])) {
                break;
            } else {
                length = i11;
            }
        }
        if (length < x509CertificateArr.length) {
            X509Certificate x509Certificate = x509CertificateArr[length];
            if (length > 0) {
                d(jcaJceHelper, l0Var, x509CertificateArr[length - 1], x509Certificate);
            }
        } else {
            X509Certificate x509Certificate2 = x509CertificateArr[length - 1];
            String str = f7276d.get(x509Certificate2.getSigAlgOID());
            if (str == null) {
                str = x509Certificate2.getSigAlgName();
            }
            if (!l0Var.permits(f0.f7235f, str, j(jcaJceHelper, x509Certificate2))) {
                throw new CertPathValidatorException();
            }
        }
        k0 k0Var = new k0(jcaJceHelper, l0Var);
        k0Var.init(false);
        while (true) {
            length--;
            if (length < 0) {
                c(l0Var, x509CertificateArr[0], keyPurposeId, i10);
                return;
            }
            k0Var.check(x509CertificateArr[length]);
        }
    }

    public static void c(l0 l0Var, X509Certificate x509Certificate, KeyPurposeId keyPurposeId, int i10) {
        boolean z10;
        boolean z11 = false;
        if (keyPurposeId != null) {
            try {
                z10 = k(x509Certificate.getExtendedKeyUsage(), keyPurposeId);
            } catch (CertificateParsingException unused) {
                z10 = false;
            }
            if (!z10) {
                throw new CertPathValidatorException("Certificate doesn't support '" + g(keyPurposeId) + "' ExtendedKeyUsage");
            }
        }
        if (i10 >= 0) {
            boolean[] keyUsage = x509Certificate.getKeyUsage();
            if (keyUsage == null || (keyUsage.length > i10 && keyUsage[i10])) {
                z11 = true;
            }
            if (!z11) {
                throw new CertPathValidatorException("Certificate doesn't support '" + h(i10) + "' KeyUsage");
            }
            if (l0Var.permits(i10 != 2 ? i10 != 4 ? f0.f7235f : f0.f7233d : f0.f7234e, x509Certificate.getPublicKey())) {
                return;
            }
            throw new CertPathValidatorException("Public key not permitted for '" + h(i10) + "' KeyUsage");
        }
    }

    public static void d(JcaJceHelper jcaJceHelper, ef.a aVar, X509Certificate x509Certificate, X509Certificate x509Certificate2) {
        String str = f7276d.get(x509Certificate.getSigAlgOID());
        if (str == null) {
            str = x509Certificate.getSigAlgName();
        }
        if (!aVar.permits(f0.f7235f, str, x509Certificate2.getPublicKey(), j(jcaJceHelper, x509Certificate))) {
            throw new CertPathValidatorException();
        }
    }

    public static Map<String, String> e() {
        HashMap hashMap = new HashMap();
        hashMap.put(p.f7330a.getId(), "Ed25519");
        hashMap.put(p.f7331b.getId(), "Ed448");
        hashMap.put(OIWObjectIdentifiers.dsaWithSHA1.getId(), "SHA1withDSA");
        hashMap.put(X9ObjectIdentifiers.id_dsa_with_sha1.getId(), "SHA1withDSA");
        return Collections.unmodifiableMap(hashMap);
    }

    public static Set<String> f() {
        HashSet hashSet = new HashSet();
        hashSet.add(OIWObjectIdentifiers.dsaWithSHA1.getId());
        hashSet.add(X9ObjectIdentifiers.id_dsa_with_sha1.getId());
        return Collections.unmodifiableSet(hashSet);
    }

    public static String g(KeyPurposeId keyPurposeId) {
        if (KeyPurposeId.id_kp_clientAuth.equals(keyPurposeId)) {
            return "clientAuth";
        }
        if (KeyPurposeId.id_kp_serverAuth.equals(keyPurposeId)) {
            return "serverAuth";
        }
        return "(" + keyPurposeId + ")";
    }

    public static String h(int i10) {
        return i10 != 0 ? i10 != 2 ? i10 != 4 ? android.support.v4.media.a.g("(", i10, ")") : "keyAgreement" : "keyEncipherment" : "digitalSignature";
    }

    public static AlgorithmParameters j(JcaJceHelper jcaJceHelper, X509Certificate x509Certificate) {
        byte[] sigAlgParams = x509Certificate.getSigAlgParams();
        if (sigAlgParams == null) {
            return null;
        }
        String sigAlgOID = x509Certificate.getSigAlgOID();
        if (f7277e.contains(sigAlgOID) && Arrays.areEqual(f7278f, sigAlgParams)) {
            return null;
        }
        try {
            AlgorithmParameters createAlgorithmParameters = jcaJceHelper.createAlgorithmParameters(sigAlgOID);
            try {
                createAlgorithmParameters.init(sigAlgParams);
                return createAlgorithmParameters;
            } catch (Exception e10) {
                throw new CertPathValidatorException(e10);
            }
        } catch (GeneralSecurityException unused) {
            return null;
        }
    }

    public static boolean k(List<String> list, KeyPurposeId keyPurposeId) {
        return list == null || list.contains(keyPurposeId.getId()) || list.contains(KeyPurposeId.anyExtendedKeyUsage.getId());
    }

    @Override // java.security.cert.PKIXCertPathChecker
    public final void check(Certificate certificate, Collection<String> collection) {
        if (!(certificate instanceof X509Certificate)) {
            throw new CertPathValidatorException("checker can only be used for X.509 certificates");
        }
        X509Certificate x509Certificate = (X509Certificate) certificate;
        X509Certificate x509Certificate2 = this.f7281c;
        if (x509Certificate2 != null) {
            d(this.f7279a, this.f7280b, x509Certificate, x509Certificate2);
        }
        this.f7281c = x509Certificate;
    }

    @Override // java.security.cert.PKIXCertPathChecker
    public final Set<String> getSupportedExtensions() {
        return null;
    }

    @Override // java.security.cert.PKIXCertPathChecker, java.security.cert.CertPathChecker
    public final void init(boolean z10) {
        if (z10) {
            throw new CertPathValidatorException("forward checking not supported");
        }
        this.f7281c = null;
    }

    @Override // java.security.cert.PKIXCertPathChecker, java.security.cert.CertPathChecker
    public final boolean isForwardCheckingSupported() {
        return false;
    }
}
