package org.bouncycastle.tls.crypto.impl.jcajce;

import androidx.appcompat.widget.ActionMenuView$$ExternalSyntheticOutline0;
import java.io.IOException;
import java.security.PublicKey;
import java.security.cert.CertificateEncodingException;
import java.security.cert.X509Certificate;
import java.security.interfaces.DSAPublicKey;
import java.security.interfaces.ECPublicKey;
import java.security.interfaces.RSAPublicKey;
import javax.crypto.interfaces.DHPublicKey;
import org.bouncycastle.asn1.ASN1Encodable;
import org.bouncycastle.asn1.ASN1ObjectIdentifier;
import org.bouncycastle.asn1.ASN1OctetString;
import org.bouncycastle.asn1.ASN1Primitive;
import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo;
import org.bouncycastle.asn1.x509.X509ObjectIdentifiers;
import org.bouncycastle.jcajce.util.JcaJceHelper;
import org.bouncycastle.tls.SignatureScheme;
import org.bouncycastle.tls.TlsFatalAlert;
import org.bouncycastle.tls.TlsUtils;
import org.bouncycastle.tls.crypto.Tls13Verifier;
import org.bouncycastle.tls.crypto.TlsCertificate;
import org.bouncycastle.tls.crypto.TlsCryptoException;
import org.bouncycastle.tls.crypto.TlsEncryptor;
import org.bouncycastle.tls.crypto.TlsVerifier;
import org.bouncycastle.tls.crypto.impl.LegacyTls13Verifier;

/* loaded from: classes5.dex */
public class JcaTlsCertificate implements TlsCertificate {
    public final X509Certificate certificate;
    public final JcaTlsCrypto crypto;
    public DHPublicKey pubKeyDH;
    public PublicKey pubKeyRSA;

    public JcaTlsCertificate(JcaTlsCrypto jcaTlsCrypto, X509Certificate x509Certificate) {
        this.pubKeyRSA = null;
        this.crypto = jcaTlsCrypto;
        this.certificate = x509Certificate;
    }

    /* JADX WARN: Illegal instructions before constructor call */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public JcaTlsCertificate(org.bouncycastle.tls.crypto.impl.jcajce.JcaTlsCrypto r3, byte[] r4) throws java.io.IOException {
        /*
            r2 = this;
            org.bouncycastle.jcajce.util.JcaJceHelper r0 = r3.helper
            org.bouncycastle.asn1.ASN1Primitive r4 = org.bouncycastle.tls.TlsUtils.readASN1Object(r4)     // Catch: java.security.GeneralSecurityException -> L33
            org.bouncycastle.asn1.x509.Certificate r4 = org.bouncycastle.asn1.x509.Certificate.getInstance(r4)     // Catch: java.security.GeneralSecurityException -> L33
            java.lang.String r1 = "DER"
            byte[] r4 = r4.getEncoded(r1)     // Catch: java.security.GeneralSecurityException -> L33
            java.io.ByteArrayInputStream r1 = new java.io.ByteArrayInputStream     // Catch: java.security.GeneralSecurityException -> L33
            r1.<init>(r4)     // Catch: java.security.GeneralSecurityException -> L33
            java.lang.String r4 = "X.509"
            java.security.cert.CertificateFactory r4 = r0.createCertificateFactory(r4)     // Catch: java.security.GeneralSecurityException -> L33
            java.security.cert.Certificate r4 = r4.generateCertificate(r1)     // Catch: java.security.GeneralSecurityException -> L33
            java.security.cert.X509Certificate r4 = (java.security.cert.X509Certificate) r4     // Catch: java.security.GeneralSecurityException -> L33
            int r0 = r1.available()     // Catch: java.security.GeneralSecurityException -> L33
            if (r0 != 0) goto L2b
            r2.<init>(r3, r4)
            return
        L2b:
            java.io.IOException r3 = new java.io.IOException     // Catch: java.security.GeneralSecurityException -> L33
            java.lang.String r4 = "Extra data detected in stream"
            r3.<init>(r4)     // Catch: java.security.GeneralSecurityException -> L33
            throw r3     // Catch: java.security.GeneralSecurityException -> L33
        L33:
            r3 = move-exception
            org.bouncycastle.tls.crypto.TlsCryptoException r4 = new org.bouncycastle.tls.crypto.TlsCryptoException
            java.lang.String r0 = "unable to decode certificate"
            r4.<init>(r0, r3)
            throw r4
        */
        throw new UnsupportedOperationException("Method not decompiled: org.bouncycastle.tls.crypto.impl.jcajce.JcaTlsCertificate.<init>(org.bouncycastle.tls.crypto.impl.jcajce.JcaTlsCrypto, byte[]):void");
    }

    public static JcaTlsCertificate convert(JcaTlsCrypto jcaTlsCrypto, TlsCertificate tlsCertificate) throws IOException {
        return tlsCertificate instanceof JcaTlsCertificate ? (JcaTlsCertificate) tlsCertificate : new JcaTlsCertificate(jcaTlsCrypto, tlsCertificate.getEncoded());
    }

    @Override // org.bouncycastle.tls.crypto.TlsCertificate
    public final TlsCertificate checkUsageInRole(int i) throws IOException {
        if (i == 1) {
            validateKeyUsageBit(4);
            try {
                this.pubKeyDH = (DHPublicKey) getPublicKey();
                return this;
            } catch (ClassCastException e) {
                throw new TlsFatalAlert((short) 46, (Throwable) e);
            }
        }
        if (i != 2) {
            throw new TlsFatalAlert((short) 46);
        }
        validateKeyUsageBit(4);
        try {
            return this;
        } catch (ClassCastException e2) {
            throw new TlsFatalAlert((short) 46, (Throwable) e2);
        }
    }

    @Override // org.bouncycastle.tls.crypto.TlsCertificate
    public final TlsEncryptor createEncryptor() throws IOException {
        validateKeyUsageBit(2);
        PublicKey publicKey = getPublicKey();
        this.pubKeyRSA = publicKey;
        return new JcaTlsRSAEncryptor(this.crypto, publicKey);
    }

    @Override // org.bouncycastle.tls.crypto.TlsCertificate
    public final Tls13Verifier createVerifier(int i) throws IOException {
        validateKeyUsageBit(0);
        if (i != 513) {
            if (i != 515) {
                if (i != 1025) {
                    if (i != 1027) {
                        if (i != 1281) {
                            if (i != 1283) {
                                if (i != 1537) {
                                    if (i != 1539) {
                                        switch (i) {
                                            case 2052:
                                            case 2053:
                                            case 2054:
                                                AlgorithmIdentifier algorithmIdentifier = SubjectPublicKeyInfo.getInstance(getPublicKey().getEncoded()).algId;
                                                byte[] bArr = org.bouncycastle.tls.crypto.impl.RSAUtil.RSAPSSParams_256_A;
                                                if (!PKCSObjectIdentifiers.rsaEncryption.equals((ASN1Primitive) algorithmIdentifier.algorithm)) {
                                                    throw new TlsFatalAlert((short) 46);
                                                }
                                                int cryptoHashAlgorithm = SignatureScheme.getCryptoHashAlgorithm(i);
                                                this.crypto.getClass();
                                                String digestName = JcaTlsCrypto.getDigestName(cryptoHashAlgorithm);
                                                String m = ActionMenuView$$ExternalSyntheticOutline0.m(new StringBuilder(), RSAUtil.getDigestSigAlgName(digestName), "WITHRSAANDMGF1");
                                                JcaJceHelper jcaJceHelper = this.crypto.helper;
                                                return this.crypto.createTls13Verifier(m, RSAUtil.getPSSParameterSpec(cryptoHashAlgorithm, digestName), getPublicKey());
                                            case 2055:
                                                JcaTlsCrypto jcaTlsCrypto = this.crypto;
                                                PublicKey publicKey = getPublicKey();
                                                if ("Ed25519".equals(publicKey.getAlgorithm()) || ("EdDSA".equals(publicKey.getAlgorithm()) && publicKey.toString().indexOf("Ed25519") >= 0)) {
                                                    return jcaTlsCrypto.createTls13Verifier("Ed25519", null, publicKey);
                                                }
                                                throw new TlsFatalAlert((short) 46);
                                            case 2056:
                                                JcaTlsCrypto jcaTlsCrypto2 = this.crypto;
                                                PublicKey publicKey2 = getPublicKey();
                                                if ("Ed448".equals(publicKey2.getAlgorithm()) || ("EdDSA".equals(publicKey2.getAlgorithm()) && publicKey2.toString().indexOf("Ed448") >= 0)) {
                                                    return jcaTlsCrypto2.createTls13Verifier("Ed448", null, publicKey2);
                                                }
                                                throw new TlsFatalAlert((short) 46);
                                            case 2057:
                                            case 2058:
                                            case 2059:
                                                if (!org.bouncycastle.tls.crypto.impl.RSAUtil.supportsPSS_PSS((short) (i & 255), SubjectPublicKeyInfo.getInstance(getPublicKey().getEncoded()).algId)) {
                                                    throw new TlsFatalAlert((short) 46);
                                                }
                                                int cryptoHashAlgorithm2 = SignatureScheme.getCryptoHashAlgorithm(i);
                                                this.crypto.getClass();
                                                String digestName2 = JcaTlsCrypto.getDigestName(cryptoHashAlgorithm2);
                                                String m2 = ActionMenuView$$ExternalSyntheticOutline0.m(new StringBuilder(), RSAUtil.getDigestSigAlgName(digestName2), "WITHRSAANDMGF1");
                                                JcaJceHelper jcaJceHelper2 = this.crypto.helper;
                                                return this.crypto.createTls13Verifier(m2, RSAUtil.getPSSParameterSpec(cryptoHashAlgorithm2, digestName2), getPublicKey());
                                            default:
                                                switch (i) {
                                                    case 2074:
                                                    case 2075:
                                                    case 2076:
                                                        break;
                                                    default:
                                                        throw new TlsFatalAlert((short) 46);
                                                }
                                        }
                                    }
                                }
                            }
                        }
                    }
                }
            }
            int cryptoHashAlgorithm3 = SignatureScheme.getCryptoHashAlgorithm(i);
            this.crypto.getClass();
            try {
                return this.crypto.createTls13Verifier(ActionMenuView$$ExternalSyntheticOutline0.m(new StringBuilder(), RSAUtil.getDigestSigAlgName(JcaTlsCrypto.getDigestName(cryptoHashAlgorithm3)), "WITHECDSA"), null, (ECPublicKey) getPublicKey());
            } catch (ClassCastException e) {
                throw new TlsFatalAlert((short) 46, (Throwable) e);
            }
        }
        AlgorithmIdentifier algorithmIdentifier2 = SubjectPublicKeyInfo.getInstance(getPublicKey().getEncoded()).algId;
        byte[] bArr2 = org.bouncycastle.tls.crypto.impl.RSAUtil.RSAPSSParams_256_A;
        ASN1ObjectIdentifier aSN1ObjectIdentifier = algorithmIdentifier2.algorithm;
        if (!(PKCSObjectIdentifiers.rsaEncryption.equals((ASN1Primitive) aSN1ObjectIdentifier) || X509ObjectIdentifiers.id_ea_rsa.equals((ASN1Primitive) aSN1ObjectIdentifier))) {
            throw new TlsFatalAlert((short) 46);
        }
        int cryptoHashAlgorithm4 = SignatureScheme.getCryptoHashAlgorithm(i);
        this.crypto.getClass();
        return this.crypto.createTls13Verifier(ActionMenuView$$ExternalSyntheticOutline0.m(new StringBuilder(), RSAUtil.getDigestSigAlgName(JcaTlsCrypto.getDigestName(cryptoHashAlgorithm4)), "WITHRSA"), null, getPublicKey());
    }

    @Override // org.bouncycastle.tls.crypto.TlsCertificate
    public final TlsVerifier createVerifier(short s) throws IOException {
        if (s == 7 || s == 8) {
            int from = SignatureScheme.from((short) 8, s);
            return new LegacyTls13Verifier(from, createVerifier(from));
        }
        validateKeyUsageBit(0);
        switch (s) {
            case 1:
                AlgorithmIdentifier algorithmIdentifier = SubjectPublicKeyInfo.getInstance(getPublicKey().getEncoded()).algId;
                byte[] bArr = org.bouncycastle.tls.crypto.impl.RSAUtil.RSAPSSParams_256_A;
                ASN1ObjectIdentifier aSN1ObjectIdentifier = algorithmIdentifier.algorithm;
                if (PKCSObjectIdentifiers.rsaEncryption.equals((ASN1Primitive) aSN1ObjectIdentifier) || X509ObjectIdentifiers.id_ea_rsa.equals((ASN1Primitive) aSN1ObjectIdentifier)) {
                    return new JcaTlsRSAVerifier(this.crypto, getPublicKey());
                }
                throw new TlsFatalAlert((short) 46);
            case 2:
                try {
                    return new JcaTlsDSAVerifier(this.crypto, (DSAPublicKey) getPublicKey());
                } catch (ClassCastException e) {
                    throw new TlsFatalAlert((short) 46, (Throwable) e);
                }
            case 3:
                try {
                    return new JcaTlsECDSAVerifier(this.crypto, (ECPublicKey) getPublicKey());
                } catch (ClassCastException e2) {
                    throw new TlsFatalAlert((short) 46, (Throwable) e2);
                }
            case 4:
            case 5:
            case 6:
                AlgorithmIdentifier algorithmIdentifier2 = SubjectPublicKeyInfo.getInstance(getPublicKey().getEncoded()).algId;
                byte[] bArr2 = org.bouncycastle.tls.crypto.impl.RSAUtil.RSAPSSParams_256_A;
                if (PKCSObjectIdentifiers.rsaEncryption.equals((ASN1Primitive) algorithmIdentifier2.algorithm)) {
                    return new JcaTlsRSAPSSVerifier(this.crypto, getPublicKey(), SignatureScheme.from((short) 8, s));
                }
                throw new TlsFatalAlert((short) 46);
            case 7:
            case 8:
            default:
                throw new TlsFatalAlert((short) 46);
            case 9:
            case 10:
            case 11:
                if (org.bouncycastle.tls.crypto.impl.RSAUtil.supportsPSS_PSS(s, SubjectPublicKeyInfo.getInstance(getPublicKey().getEncoded()).algId)) {
                    return new JcaTlsRSAPSSVerifier(this.crypto, getPublicKey(), SignatureScheme.from((short) 8, s));
                }
                throw new TlsFatalAlert((short) 46);
        }
    }

    @Override // org.bouncycastle.tls.crypto.TlsCertificate
    public final byte[] getEncoded() throws IOException {
        try {
            return this.certificate.getEncoded();
        } catch (CertificateEncodingException e) {
            StringBuilder m = ActionMenuView$$ExternalSyntheticOutline0.m("unable to encode certificate: ");
            m.append(e.getMessage());
            throw new TlsCryptoException(m.toString(), e);
        }
    }

    @Override // org.bouncycastle.tls.crypto.TlsCertificate
    public final byte[] getExtension(ASN1ObjectIdentifier aSN1ObjectIdentifier) throws IOException {
        byte[] extensionValue = this.certificate.getExtensionValue(aSN1ObjectIdentifier.identifier);
        if (extensionValue == null) {
            return null;
        }
        return ((ASN1OctetString) ASN1Primitive.fromByteArray(extensionValue)).string;
    }

    @Override // org.bouncycastle.tls.crypto.TlsCertificate
    public final short getLegacySignatureAlgorithm() throws IOException {
        PublicKey publicKey = getPublicKey();
        boolean[] keyUsage = this.certificate.getKeyUsage();
        boolean z = false;
        if (keyUsage == null || (keyUsage.length > 0 && keyUsage[0])) {
            z = true;
        }
        if (!z) {
            return (short) -1;
        }
        if (publicKey instanceof RSAPublicKey) {
            return (short) 1;
        }
        if (publicKey instanceof DSAPublicKey) {
            return (short) 2;
        }
        return publicKey instanceof ECPublicKey ? (short) 3 : (short) -1;
    }

    public final PublicKey getPublicKey() throws IOException {
        try {
            return this.certificate.getPublicKey();
        } catch (RuntimeException e) {
            throw new TlsFatalAlert((short) 42, (Throwable) e);
        }
    }

    @Override // org.bouncycastle.tls.crypto.TlsCertificate
    public final String getSigAlgOID() {
        return this.certificate.getSigAlgOID();
    }

    @Override // org.bouncycastle.tls.crypto.TlsCertificate
    public final ASN1Encodable getSigAlgParams() throws IOException {
        byte[] sigAlgParams = this.certificate.getSigAlgParams();
        if (sigAlgParams == null) {
            return null;
        }
        ASN1Primitive readASN1Object = TlsUtils.readASN1Object(sigAlgParams);
        TlsUtils.requireDEREncoding(readASN1Object, sigAlgParams);
        return readASN1Object;
    }

    /* JADX WARN: Can't fix incorrect switch cases order, some code will duplicate */
    /* JADX WARN: Failed to find 'out' block for switch in B:2:0x0006. Please report as an issue. */
    /* JADX WARN: Removed duplicated region for block: B:37:0x0089  */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public final boolean supportsSignatureAlgorithmCA(short r5) throws java.io.IOException {
        /*
            r4 = this;
            java.security.PublicKey r0 = r4.getPublicKey()
            r1 = 0
            r2 = 1
            switch(r5) {
                case 1: goto L5b;
                case 2: goto L58;
                case 3: goto L89;
                case 4: goto L39;
                case 5: goto L39;
                case 6: goto L39;
                case 7: goto L2e;
                case 8: goto L27;
                case 9: goto Le;
                case 10: goto Le;
                case 11: goto Le;
                default: goto L9;
            }
        L9:
            switch(r5) {
                case 26: goto L89;
                case 27: goto L89;
                case 28: goto L89;
                default: goto Lc;
            }
        Lc:
            goto L8b
        Le:
            java.security.PublicKey r3 = r4.getPublicKey()
            byte[] r3 = r3.getEncoded()
            org.bouncycastle.asn1.x509.SubjectPublicKeyInfo r3 = org.bouncycastle.asn1.x509.SubjectPublicKeyInfo.getInstance(r3)
            org.bouncycastle.asn1.x509.AlgorithmIdentifier r3 = r3.algId
            boolean r5 = org.bouncycastle.tls.crypto.impl.RSAUtil.supportsPSS_PSS(r5, r3)
            if (r5 == 0) goto L8b
            boolean r5 = r0 instanceof java.security.interfaces.RSAPublicKey
            if (r5 == 0) goto L8b
            goto L87
        L27:
            java.lang.String r5 = r0.getAlgorithm()
            java.lang.String r0 = "Ed448"
            goto L34
        L2e:
            java.lang.String r5 = r0.getAlgorithm()
            java.lang.String r0 = "Ed25519"
        L34:
            boolean r1 = r0.equals(r5)
            goto L8b
        L39:
            java.security.PublicKey r5 = r4.getPublicKey()
            byte[] r5 = r5.getEncoded()
            org.bouncycastle.asn1.x509.SubjectPublicKeyInfo r5 = org.bouncycastle.asn1.x509.SubjectPublicKeyInfo.getInstance(r5)
            org.bouncycastle.asn1.x509.AlgorithmIdentifier r5 = r5.algId
            byte[] r3 = org.bouncycastle.tls.crypto.impl.RSAUtil.RSAPSSParams_256_A
            org.bouncycastle.asn1.ASN1ObjectIdentifier r5 = r5.algorithm
            org.bouncycastle.asn1.ASN1ObjectIdentifier r3 = org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers.rsaEncryption
            boolean r5 = r3.equals(r5)
            if (r5 == 0) goto L8b
            boolean r5 = r0 instanceof java.security.interfaces.RSAPublicKey
            if (r5 == 0) goto L8b
            goto L87
        L58:
            boolean r1 = r0 instanceof java.security.interfaces.DSAPublicKey
            goto L8b
        L5b:
            java.security.PublicKey r5 = r4.getPublicKey()
            byte[] r5 = r5.getEncoded()
            org.bouncycastle.asn1.x509.SubjectPublicKeyInfo r5 = org.bouncycastle.asn1.x509.SubjectPublicKeyInfo.getInstance(r5)
            org.bouncycastle.asn1.x509.AlgorithmIdentifier r5 = r5.algId
            byte[] r3 = org.bouncycastle.tls.crypto.impl.RSAUtil.RSAPSSParams_256_A
            org.bouncycastle.asn1.ASN1ObjectIdentifier r5 = r5.algorithm
            org.bouncycastle.asn1.ASN1ObjectIdentifier r3 = org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers.rsaEncryption
            boolean r3 = r3.equals(r5)
            if (r3 != 0) goto L80
            org.bouncycastle.asn1.ASN1ObjectIdentifier r3 = org.bouncycastle.asn1.x509.X509ObjectIdentifiers.id_ea_rsa
            boolean r5 = r3.equals(r5)
            if (r5 == 0) goto L7e
            goto L80
        L7e:
            r5 = r1
            goto L81
        L80:
            r5 = r2
        L81:
            if (r5 == 0) goto L8b
            boolean r5 = r0 instanceof java.security.interfaces.RSAPublicKey
            if (r5 == 0) goto L8b
        L87:
            r1 = r2
            goto L8b
        L89:
            boolean r1 = r0 instanceof java.security.interfaces.ECPublicKey
        L8b:
            return r1
        */
        throw new UnsupportedOperationException("Method not decompiled: org.bouncycastle.tls.crypto.impl.jcajce.JcaTlsCertificate.supportsSignatureAlgorithmCA(short):boolean");
    }

    public final void validateKeyUsageBit(int i) throws IOException {
        boolean[] keyUsage = this.certificate.getKeyUsage();
        if (!(keyUsage == null || (keyUsage.length > i && keyUsage[i]))) {
            throw new TlsFatalAlert((short) 46);
        }
    }
}
