package b.t.a.k.d;

import b.t.a.f;
import com.pp.certificatetransparency.internal.logclient.model.Version;
import io.reactivex.plugins.RxJavaPlugins;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.io.OutputStream;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.PublicKey;
import java.security.Signature;
import java.security.SignatureException;
import java.security.cert.Certificate;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateParsingException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Iterator;
import java.util.List;
import java.util.Set;
import java.util.Vector;
import kotlin.TypeCastException;
import org.apache.commons.compress.archivers.zip.ZipConstants;
import y.a.a.n;

/* compiled from: LogSignatureVerifier.kt */
/* loaded from: classes5.dex */
public final class h {
    public final b.t.a.l.b a;

    public h(b.t.a.l.b bVar) {
        t.o.b.i.f(bVar, "logServer");
        this.a = bVar;
    }

    public final y.a.a.h2.f a(X509Certificate x509Certificate, b.t.a.k.d.m.b bVar) {
        if (!(x509Certificate.getVersion() >= 3)) {
            throw new IllegalArgumentException("Failed requirement.".toString());
        }
        y.a.a.j jVar = new y.a.a.j(x509Certificate.getEncoded());
        try {
            y.a.a.h2.b m2 = y.a.a.h2.b.m(jVar.n());
            t.o.b.i.b(m2, "parsedPreCertificate");
            y.a.a.h2.f fVar = m2.f40323b;
            t.o.b.i.b(fVar, "tbsCertificate");
            if ((((y.a.a.h2.c) fVar.f40331l.a.get(new n("2.5.29.35"))) != null) && bVar.d) {
                if (!(bVar.c != null)) {
                    throw new IllegalArgumentException("Failed requirement.".toString());
                }
            }
            y.a.a.h2.f fVar2 = m2.f40323b;
            t.o.b.i.b(fVar2, "parsedPreCertificate.tbsCertificate");
            y.a.a.h2.d dVar = fVar2.f40331l;
            t.o.b.i.b(dVar, "parsedPreCertificate.tbsCertificate.extensions");
            List<y.a.a.h2.c> b2 = b(dVar, bVar.c);
            y.a.a.h2.h hVar = new y.a.a.h2.h();
            y.a.a.h2.f fVar3 = m2.f40323b;
            t.o.b.i.b(fVar3, "tbsPart");
            hVar.f40332b = fVar3.c;
            hVar.c = fVar3.d;
            y.a.a.g2.c cVar = bVar.a;
            if (cVar == null) {
                cVar = fVar3.e;
            }
            hVar.d = cVar;
            hVar.e = fVar3.f;
            hVar.f = fVar3.g;
            hVar.g = fVar3.h;
            hVar.h = fVar3.f40328i;
            hVar.f40335k = fVar3.f40329j;
            hVar.f40336l = fVar3.f40330k;
            Object[] array = ((ArrayList) b2).toArray(new y.a.a.h2.c[0]);
            if (array == null) {
                throw new TypeCastException("null cannot be cast to non-null type kotlin.Array<T>");
            }
            y.a.a.h2.d dVar2 = new y.a.a.h2.d((y.a.a.h2.c[]) array);
            hVar.f40333i = dVar2;
            y.a.a.h2.c m3 = dVar2.m(y.a.a.h2.c.a);
            if (m3 != null && m3.c) {
                hVar.f40334j = true;
            }
            y.a.a.h2.f a = hVar.a();
            t.o.b.i.b(a, "V3TBSCertificateGenerato….generateTBSCertificate()");
            RxJavaPlugins.I(jVar, null);
            t.o.b.i.b(a, "ASN1InputStream(preCerti…BSCertificate()\n        }");
            return a;
        } finally {
        }
    }

    public final List<y.a.a.h2.c> b(y.a.a.h2.d dVar, y.a.a.h2.c cVar) {
        Vector vector = dVar.f40325b;
        int size = vector.size();
        n[] nVarArr = new n[size];
        for (int i2 = 0; i2 != size; i2++) {
            nVarArr[i2] = (n) vector.elementAt(i2);
        }
        t.o.b.i.b(nVarArr, "extensions.extensionOIDs");
        ArrayList arrayList = new ArrayList();
        for (int i3 = 0; i3 < size; i3++) {
            n nVar = nVarArr[i3];
            t.o.b.i.b(nVar, "it");
            if (!t.o.b.i.a(nVar.f40362b, "1.3.6.1.4.1.11129.2.4.3")) {
                arrayList.add(nVar);
            }
        }
        ArrayList arrayList2 = new ArrayList();
        Iterator it2 = arrayList.iterator();
        while (it2.hasNext()) {
            Object next = it2.next();
            n nVar2 = (n) next;
            t.o.b.i.b(nVar2, "it");
            if (!t.o.b.i.a(nVar2.f40362b, "1.3.6.1.4.1.11129.2.4.2")) {
                arrayList2.add(next);
            }
        }
        ArrayList arrayList3 = new ArrayList(RxJavaPlugins.L(arrayList2, 10));
        Iterator it3 = arrayList2.iterator();
        while (it3.hasNext()) {
            n nVar3 = (n) it3.next();
            t.o.b.i.b(nVar3, "it");
            arrayList3.add((!t.o.b.i.a(nVar3.f40362b, "2.5.29.35") || cVar == null) ? (y.a.a.h2.c) dVar.a.get(nVar3) : cVar);
        }
        return arrayList3;
    }

    public final void c(OutputStream outputStream, b.t.a.k.a.a.b bVar) {
        if (!(bVar.a == Version.V1)) {
            throw new IllegalArgumentException("Can only serialize SCT v1 for now.".toString());
        }
        b.a.f2.a.A(outputStream, r0.getNumber(), 1);
        b.a.f2.a.A(outputStream, 0L, 1);
        b.a.f2.a.A(outputStream, bVar.c, 8);
    }

    public final byte[] d(Certificate certificate, b.t.a.k.a.a.b bVar) {
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        try {
            c(byteArrayOutputStream, bVar);
            b.a.f2.a.A(byteArrayOutputStream, 0L, 2);
            byte[] encoded = certificate.getEncoded();
            t.o.b.i.b(encoded, "certificate.encoded");
            b.a.f2.a.B(byteArrayOutputStream, encoded, 16777215);
            b.a.f2.a.B(byteArrayOutputStream, bVar.e, ZipConstants.ZIP64_MAGIC_SHORT);
            byte[] byteArray = byteArrayOutputStream.toByteArray();
            t.o.b.i.b(byteArray, "it.toByteArray()");
            RxJavaPlugins.I(byteArrayOutputStream, null);
            t.o.b.i.b(byteArray, "ByteArrayOutputStream().…t.toByteArray()\n        }");
            return byteArray;
        } finally {
        }
    }

    public final byte[] e(byte[] bArr, byte[] bArr2, b.t.a.k.a.a.b bVar) {
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        try {
            c(byteArrayOutputStream, bVar);
            b.a.f2.a.A(byteArrayOutputStream, 1L, 2);
            byteArrayOutputStream.write(bArr2);
            b.a.f2.a.B(byteArrayOutputStream, bArr, 16777215);
            b.a.f2.a.B(byteArrayOutputStream, bVar.e, ZipConstants.ZIP64_MAGIC_SHORT);
            byte[] byteArray = byteArrayOutputStream.toByteArray();
            t.o.b.i.b(byteArray, "it.toByteArray()");
            RxJavaPlugins.I(byteArrayOutputStream, null);
            t.o.b.i.b(byteArray, "ByteArrayOutputStream().…t.toByteArray()\n        }");
            return byteArray;
        } finally {
        }
    }

    public final b.t.a.f f(b.t.a.k.a.a.b bVar, byte[] bArr) {
        String str;
        b.t.a.f kVar;
        if (t.o.b.i.a(this.a.f26039b.getAlgorithm(), "EC")) {
            str = "SHA256withECDSA";
        } else {
            if (!t.o.b.i.a(this.a.f26039b.getAlgorithm(), "RSA")) {
                String algorithm = this.a.f26039b.getAlgorithm();
                t.o.b.i.b(algorithm, "logServer.key.algorithm");
                return new l(algorithm, null);
            }
            str = "SHA256withRSA";
        }
        try {
            Signature signature = Signature.getInstance(str);
            signature.initVerify(this.a.f26039b);
            signature.update(bArr);
            return signature.verify(bVar.d.c) ? f.b.a : f.a.b.a;
        } catch (InvalidKeyException e) {
            kVar = new g(e);
            return kVar;
        } catch (NoSuchAlgorithmException e2) {
            kVar = new l(str, e2);
            return kVar;
        } catch (SignatureException e3) {
            kVar = new k(e3);
            return kVar;
        }
    }

    public b.t.a.f g(b.t.a.k.a.a.b bVar, List<? extends Certificate> list) {
        b.t.a.k.d.m.b bVar2;
        b bVar3;
        List<String> extendedKeyUsage;
        b bVar4;
        Set<String> criticalExtensionOIDs;
        t.o.b.i.f(bVar, "sct");
        t.o.b.i.f(list, "chain");
        long currentTimeMillis = System.currentTimeMillis();
        long j2 = bVar.c;
        if (j2 > currentTimeMillis) {
            return new f.a.d(j2, currentTimeMillis);
        }
        Long l2 = this.a.c;
        if (l2 != null && j2 > l2.longValue()) {
            return new f.a.e(bVar.c, this.a.c.longValue());
        }
        if (!Arrays.equals(this.a.a, bVar.f26019b.a)) {
            String b2 = y.a.f.e.a.b(bVar.f26019b.a);
            t.o.b.i.b(b2, "Base64.toBase64String(sct.id.keyId)");
            String b3 = y.a.f.e.a.b(this.a.a);
            t.o.b.i.b(b3, "Base64.toBase64String(logServer.id)");
            return new f(b2, b3);
        }
        boolean z2 = false;
        Certificate certificate = list.get(0);
        t.o.b.i.f(certificate, "$this$isPreCertificate");
        if (!((certificate instanceof X509Certificate) && (criticalExtensionOIDs = ((X509Certificate) certificate).getCriticalExtensionOIDs()) != null && criticalExtensionOIDs.contains("1.3.6.1.4.1.11129.2.4.3")) && !b.a.f2.a.e(certificate)) {
            try {
                return f(bVar, d(certificate, bVar));
            } catch (IOException e) {
                bVar4 = new b(e);
                return bVar4;
            } catch (CertificateEncodingException e2) {
                bVar4 = new b(e2);
                return bVar4;
            }
        }
        if (list.size() < 2) {
            return i.a;
        }
        Certificate certificate2 = list.get(1);
        try {
            t.o.b.i.f(certificate2, "$this$isPreCertificateSigningCert");
            if ((certificate2 instanceof X509Certificate) && (extendedKeyUsage = ((X509Certificate) certificate2).getExtendedKeyUsage()) != null) {
                if (extendedKeyUsage.contains("1.3.6.1.4.1.11129.2.4.4")) {
                    z2 = true;
                }
            }
            if (!z2) {
                try {
                    t.o.b.i.f(certificate2, "$this$issuerInformation");
                    PublicKey publicKey = certificate2.getPublicKey();
                    t.o.b.i.b(publicKey, "publicKey");
                    bVar2 = new b.t.a.k.d.m.b(null, b.a.f2.a.w(publicKey), null, false, 5);
                } catch (NoSuchAlgorithmException e3) {
                    return new l("SHA-256", e3);
                }
            } else {
                if (list.size() < 3) {
                    return j.a;
                }
                try {
                    bVar2 = b.a.f2.a.h(certificate2, list.get(2));
                } catch (IOException e4) {
                    return new a(e4);
                } catch (NoSuchAlgorithmException e5) {
                    return new l("SHA-256", e5);
                } catch (CertificateEncodingException e6) {
                    return new b(e6);
                }
            }
            X509Certificate x509Certificate = (X509Certificate) certificate;
            t.o.b.i.f(bVar, "sct");
            t.o.b.i.f(x509Certificate, "certificate");
            t.o.b.i.f(bVar2, "issuerInfo");
            try {
                byte[] k2 = a(x509Certificate, bVar2).k();
                t.o.b.i.b(k2, "preCertificateTBS.encoded");
                return f(bVar, e(k2, bVar2.f26038b, bVar));
            } catch (IOException e7) {
                bVar3 = new b(e7);
                return bVar3;
            } catch (CertificateException e8) {
                bVar3 = new b(e8);
                return bVar3;
            }
        } catch (CertificateParsingException e9) {
            return new c(e9);
        }
    }
}
