package defpackage;

import defpackage.l92;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.io.OutputStream;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.Signature;
import java.security.SignatureException;
import java.security.cert.Certificate;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateParsingException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.List;
import kotlin.Metadata;

@Metadata(d1 = {"\u0000f\n\u0002\u0018\u0002\n\u0002\u0010\u0000\n\u0002\u0018\u0002\n\u0000\n\u0002\u0010 \n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0002\b\u0005\n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0002\b\u0002\n\u0002\u0010\u0012\n\u0002\b\u0002\n\u0002\u0018\u0002\n\u0002\u0010\u000b\n\u0002\b\u0005\n\u0002\u0018\u0002\n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0002\b\u0005\b\u0000\u0018\u0000 \u00172\u00020\u0001:\u0001\u0012B\u000f\u0012\u0006\u0010'\u001a\u00020%¢\u0006\u0004\b(\u0010)J\u001e\u0010\b\u001a\u00020\u00072\u0006\u0010\u0003\u001a\u00020\u00022\f\u0010\u0006\u001a\b\u0012\u0004\u0012\u00020\u00050\u0004H\u0016J'\u0010\r\u001a\u00020\u00072\u0006\u0010\u0003\u001a\u00020\u00022\u0006\u0010\n\u001a\u00020\t2\u0006\u0010\f\u001a\u00020\u000bH\u0000¢\u0006\u0004\b\r\u0010\u000eJ\u0018\u0010\u0012\u001a\u00020\u00112\u0006\u0010\u000f\u001a\u00020\t2\u0006\u0010\u0010\u001a\u00020\u000bH\u0002J \u0010\u0017\u001a\b\u0012\u0004\u0012\u00020\u00150\u00042\u0006\u0010\u0014\u001a\u00020\u00132\b\u0010\u0016\u001a\u0004\u0018\u00010\u0015H\u0002J\u0018\u0010\u001a\u001a\u00020\u00072\u0006\u0010\u0003\u001a\u00020\u00022\u0006\u0010\u0019\u001a\u00020\u0018H\u0002J\f\u0010\u001d\u001a\u00020\u001c*\u00020\u001bH\u0002J\u0018\u0010\u001e\u001a\u00020\u00182\u0006\u0010\n\u001a\u00020\u00052\u0006\u0010\u0003\u001a\u00020\u0002H\u0002J \u0010!\u001a\u00020\u00182\u0006\u0010\u001f\u001a\u00020\u00182\u0006\u0010 \u001a\u00020\u00182\u0006\u0010\u0003\u001a\u00020\u0002H\u0002J\u0014\u0010$\u001a\u00020#*\u00020\"2\u0006\u0010\u0003\u001a\u00020\u0002H\u0002R\u0014\u0010'\u001a\u00020%8\u0002X\u0082\u0004¢\u0006\u0006\n\u0004\b\u0012\u0010&¨\u0006*"}, d2 = {"Lq71;", "", "Lze2;", "sct", "", "Ljava/security/cert/Certificate;", "chain", "Ll92;", "i", "Ljava/security/cert/X509Certificate;", "certificate", "Lly0;", "issuerInfo", "g", "(Lze2;Ljava/security/cert/X509Certificate;Lly0;)Ll92;", "preCertificate", "issuerInformation", "Llo2;", "a", "Lcg0;", "extensions", "Ltf0;", "replacementX509authorityKeyIdentifier", "b", "", "toVerify", "h", "Lvo;", "", "c", "e", "preCertBytes", "issuerKeyHash", "f", "Ljava/io/OutputStream;", "Lj03;", "d", "Ln71;", "Ln71;", "logServer", "<init>", "(Ln71;)V", "domesticroots-certificatetransparency_release"}, k = 1, mv = {1, 9, 0})
/* loaded from: classes2.dex */
public final class q71 {

    /* renamed from: a, reason: from kotlin metadata */
    public final LogServer logServer;

    public q71(LogServer logServer) {
        yx0.e(logServer, "logServer");
        this.logServer = logServer;
    }

    public final lo2 a(X509Certificate preCertificate, IssuerInformation issuerInformation) {
        if (preCertificate.getVersion() < 3) {
            throw new IllegalArgumentException("Failed requirement.".toString());
        }
        d0 d0Var = new d0(preCertificate.getEncoded());
        try {
            vo q = vo.q(d0Var.C());
            yx0.b(q);
            if (c(q) && issuerInformation.getIssuedByPreCertificateSigningCert() && issuerInformation.getX509authorityKeyIdentifier() == null) {
                throw new IllegalArgumentException("Failed requirement.".toString());
            }
            cg0 r = q.t().r();
            yx0.d(r, "getExtensions(...)");
            List<tf0> b = b(r, issuerInformation.getX509authorityKeyIdentifier());
            y23 y23Var = new y23();
            lo2 t = q.t();
            y23Var.f(t.w());
            y23Var.g(t.x());
            ic3 name = issuerInformation.getName();
            if (name == null) {
                name = t.u();
            }
            y23Var.d(name);
            y23Var.h(t.y());
            y23Var.b(t.q());
            y23Var.i(t.z());
            y23Var.j(t.A());
            y23Var.e((h20) t.v());
            y23Var.k((h20) t.B());
            y23Var.c(new cg0((tf0[]) b.toArray(new tf0[0])));
            lo2 a = y23Var.a();
            ks.a(d0Var, null);
            yx0.d(a, "use(...)");
            return a;
        } finally {
        }
    }

    public final List<tf0> b(cg0 extensions, tf0 replacementX509authorityKeyIdentifier) {
        int v;
        j0[] r = extensions.r();
        yx0.d(r, "getExtensionOIDs(...)");
        ArrayList arrayList = new ArrayList();
        for (j0 j0Var : r) {
            if (!yx0.a(j0Var.F(), "1.3.6.1.4.1.11129.2.4.3")) {
                arrayList.add(j0Var);
            }
        }
        ArrayList<j0> arrayList2 = new ArrayList();
        for (Object obj : arrayList) {
            if (!yx0.a(((j0) obj).F(), "1.3.6.1.4.1.11129.2.4.2")) {
                arrayList2.add(obj);
            }
        }
        v = C1336tt.v(arrayList2, 10);
        ArrayList arrayList3 = new ArrayList(v);
        for (j0 j0Var2 : arrayList2) {
            arrayList3.add((!yx0.a(j0Var2.F(), "2.5.29.35") || replacementX509authorityKeyIdentifier == null) ? extensions.q(j0Var2) : replacementX509authorityKeyIdentifier);
        }
        return arrayList3;
    }

    public final boolean c(vo voVar) {
        return voVar.t().r().q(new j0("2.5.29.35")) != null;
    }

    public final void d(OutputStream outputStream, SignedCertificateTimestamp signedCertificateTimestamp) {
        if (signedCertificateTimestamp.getSctVersion() != h33.c) {
            throw new IllegalArgumentException("Can only serialize SCT v1 for now.".toString());
        }
        rn1.a(outputStream, signedCertificateTimestamp.getSctVersion().getNumber(), 1);
        rn1.a(outputStream, 0L, 1);
        rn1.a(outputStream, signedCertificateTimestamp.getTimestamp(), 8);
    }

    public final byte[] e(Certificate certificate, SignedCertificateTimestamp sct) {
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        try {
            d(byteArrayOutputStream, sct);
            rn1.a(byteArrayOutputStream, 0L, 2);
            byte[] encoded = certificate.getEncoded();
            yx0.d(encoded, "getEncoded(...)");
            rn1.b(byteArrayOutputStream, encoded, 16777215);
            rn1.b(byteArrayOutputStream, sct.getExtensions(), 65535);
            byte[] byteArray = byteArrayOutputStream.toByteArray();
            ks.a(byteArrayOutputStream, null);
            yx0.d(byteArray, "use(...)");
            return byteArray;
        } finally {
        }
    }

    public final byte[] f(byte[] preCertBytes, byte[] issuerKeyHash, SignedCertificateTimestamp sct) {
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        try {
            d(byteArrayOutputStream, sct);
            rn1.a(byteArrayOutputStream, 1L, 2);
            byteArrayOutputStream.write(issuerKeyHash);
            rn1.b(byteArrayOutputStream, preCertBytes, 16777215);
            rn1.b(byteArrayOutputStream, sct.getExtensions(), 65535);
            byte[] byteArray = byteArrayOutputStream.toByteArray();
            ks.a(byteArrayOutputStream, null);
            yx0.d(byteArray, "use(...)");
            return byteArray;
        } finally {
        }
    }

    public final l92 g(SignedCertificateTimestamp sct, X509Certificate certificate, IssuerInformation issuerInfo) {
        yo yoVar;
        yx0.e(sct, "sct");
        yx0.e(certificate, "certificate");
        yx0.e(issuerInfo, "issuerInfo");
        try {
            byte[] l = a(certificate, issuerInfo).l();
            yx0.d(l, "getEncoded(...)");
            return h(sct, f(l, issuerInfo.getKeyHash(), sct));
        } catch (IOException e) {
            yoVar = new yo(e);
            return yoVar;
        } catch (CertificateException e2) {
            yoVar = new yo(e2);
            return yoVar;
        }
    }

    public final l92 h(SignedCertificateTimestamp sct, byte[] toVerify) {
        String str;
        l92 xe2Var;
        if (yx0.a(this.logServer.getKey().getAlgorithm(), "EC")) {
            str = "SHA256withECDSA";
        } else {
            if (!yx0.a(this.logServer.getKey().getAlgorithm(), "RSA")) {
                String algorithm = this.logServer.getKey().getAlgorithm();
                yx0.d(algorithm, "getAlgorithm(...)");
                return new z03(algorithm, null, 2, null);
            }
            str = "SHA256withRSA";
        }
        try {
            Signature signature = Signature.getInstance(str);
            signature.initVerify(this.logServer.getKey());
            signature.update(toVerify);
            return signature.verify(sct.getSignature().getSignature()) ? l92.b.a : l92.a.b.a;
        } catch (InvalidKeyException e) {
            xe2Var = new m71(e);
            return xe2Var;
        } catch (NoSuchAlgorithmException e2) {
            xe2Var = new z03(str, e2);
            return xe2Var;
        } catch (SignatureException e3) {
            xe2Var = new xe2(e3);
            return xe2Var;
        }
    }

    public l92 i(SignedCertificateTimestamp sct, List<? extends Certificate> chain) {
        IssuerInformation d;
        yo yoVar;
        yx0.e(sct, "sct");
        yx0.e(chain, "chain");
        long currentTimeMillis = System.currentTimeMillis();
        if (sct.getTimestamp() > currentTimeMillis) {
            return new l92.a.d(sct.getTimestamp(), currentTimeMillis);
        }
        if (this.logServer.getValidUntil() != null && sct.getTimestamp() > this.logServer.getValidUntil().longValue()) {
            return new l92.a.e(sct.getTimestamp(), this.logServer.getValidUntil().longValue());
        }
        if (!Arrays.equals(this.logServer.getId(), sct.getId().getKeyId())) {
            ng ngVar = ng.a;
            return new y61(ngVar.b(sct.getId().getKeyId()), ngVar.b(this.logServer.getId()));
        }
        Certificate certificate = chain.get(0);
        if (!zo.b(certificate) && !zo.a(certificate)) {
            try {
                return h(sct, e(certificate, sct));
            } catch (IOException e) {
                yoVar = new yo(e);
                return yoVar;
            } catch (CertificateEncodingException e2) {
                yoVar = new yo(e2);
                return yoVar;
            }
        }
        if (chain.size() < 2) {
            return wj1.a;
        }
        Certificate certificate2 = chain.get(1);
        try {
            if (!zo.c(certificate2)) {
                try {
                    d = zo.d(certificate2);
                } catch (NoSuchAlgorithmException e3) {
                    return new z03("SHA-256", e3);
                }
            } else {
                if (chain.size() < 3) {
                    return xj1.a;
                }
                try {
                    d = zo.e(certificate2, chain.get(2));
                } catch (IOException e4) {
                    return new o0(e4);
                } catch (NoSuchAlgorithmException e5) {
                    return new z03("SHA-256", e5);
                } catch (CertificateEncodingException e6) {
                    return new yo(e6);
                }
            }
            return g(sct, (X509Certificate) certificate, d);
        } catch (CertificateParsingException e7) {
            return new ap(e7);
        }
    }
}
