package org.bouncycastle.tls;

import androidx.compose.runtime.JoinedKey$$ExternalSyntheticOutline0;
import com.ibm.icu.util.AnnualTimeZoneRule;
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.util.Hashtable;
import java.util.Vector;
import org.bouncycastle.tls.crypto.TlsCertificate;
import org.bouncycastle.tls.crypto.TlsCrypto;

/* loaded from: classes7.dex */
public class Certificate {
    public static final TlsCertificate[] EMPTY_CERTS;
    public static final CertificateEntry[] EMPTY_CERT_ENTRIES;
    public static final Certificate EMPTY_CHAIN;
    public static final Certificate EMPTY_CHAIN_TLS13;
    public final CertificateEntry[] certificateEntryList;
    public final byte[] certificateRequestContext;
    public final short certificateType;

    /* loaded from: classes7.dex */
    public static class ParseOptions {
        public int maxChainLength = AnnualTimeZoneRule.MAX_YEAR;
        public short certificateType = 0;
    }

    static {
        TlsCertificate[] tlsCertificateArr = new TlsCertificate[0];
        EMPTY_CERTS = tlsCertificateArr;
        CertificateEntry[] certificateEntryArr = new CertificateEntry[0];
        EMPTY_CERT_ENTRIES = certificateEntryArr;
        EMPTY_CHAIN = new Certificate(tlsCertificateArr);
        EMPTY_CHAIN_TLS13 = new Certificate((short) 0, TlsUtils.EMPTY_BYTES, certificateEntryArr);
    }

    public Certificate() {
        throw null;
    }

    public Certificate(short s, byte[] bArr, CertificateEntry[] certificateEntryArr) {
        if (bArr != null && !TlsUtils.isValidUint8(bArr.length)) {
            throw new IllegalArgumentException("'certificateRequestContext' cannot be longer than 255");
        }
        int length = certificateEntryArr.length;
        boolean z = false;
        int i = 0;
        while (true) {
            if (i >= length) {
                break;
            }
            if (certificateEntryArr[i] == null) {
                z = true;
                break;
            }
            i++;
        }
        if (z) {
            throw new NullPointerException("'certificateEntryList' cannot be null or contain any nulls");
        }
        this.certificateRequestContext = TlsUtils.clone(bArr);
        this.certificateEntryList = certificateEntryArr;
        this.certificateType = s;
    }

    /* JADX WARN: Illegal instructions before constructor call */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public Certificate(org.bouncycastle.tls.crypto.TlsCertificate[] r8) {
        /*
            r7 = this;
            byte[] r0 = org.bouncycastle.tls.TlsUtils.DOWNGRADE_TLS11
            int r0 = r8.length
            r1 = 0
            r2 = r1
        L5:
            if (r2 >= r0) goto L10
            r3 = r8[r2]
            if (r3 != 0) goto Ld
            r0 = 1
            goto L11
        Ld:
            int r2 = r2 + 1
            goto L5
        L10:
            r0 = r1
        L11:
            if (r0 != 0) goto L2a
            int r0 = r8.length
            org.bouncycastle.tls.CertificateEntry[] r2 = new org.bouncycastle.tls.CertificateEntry[r0]
            r3 = r1
        L17:
            r4 = 0
            if (r3 >= r0) goto L26
            org.bouncycastle.tls.CertificateEntry r5 = new org.bouncycastle.tls.CertificateEntry
            r6 = r8[r3]
            r5.<init>(r6, r4)
            r2[r3] = r5
            int r3 = r3 + 1
            goto L17
        L26:
            r7.<init>(r1, r4, r2)
            return
        L2a:
            java.lang.NullPointerException r8 = new java.lang.NullPointerException
            java.lang.String r0 = "'certificateList' cannot be null or contain any nulls"
            r8.<init>(r0)
            throw r8
        */
        throw new UnsupportedOperationException("Method not decompiled: org.bouncycastle.tls.Certificate.<init>(org.bouncycastle.tls.crypto.TlsCertificate[]):void");
    }

    /* JADX WARN: Removed duplicated region for block: B:16:0x0059  */
    /* JADX WARN: Removed duplicated region for block: B:17:0x005b  */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public static void calculateEndPointHash(org.bouncycastle.tls.TlsContext r5, org.bouncycastle.tls.crypto.TlsCertificate r6, byte[] r7, java.io.ByteArrayOutputStream r8) throws java.io.IOException {
        /*
            byte[] r0 = org.bouncycastle.tls.TlsUtils.DOWNGRADE_TLS11
            int r0 = r7.length
            java.lang.String r1 = r6.getSigAlgOID()
            r2 = 4
            r3 = 0
            if (r1 == 0) goto L4e
            org.bouncycastle.asn1.ASN1ObjectIdentifier r4 = org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers.id_RSASSA_PSS
            java.lang.String r4 = r4.identifier
            boolean r4 = r4.equals(r1)
            if (r4 == 0) goto L41
            org.bouncycastle.asn1.ASN1Encodable r6 = r6.getSigAlgParams()
            org.bouncycastle.asn1.pkcs.RSASSAPSSparams r6 = org.bouncycastle.asn1.pkcs.RSASSAPSSparams.getInstance(r6)
            if (r6 == 0) goto L4e
            org.bouncycastle.asn1.x509.AlgorithmIdentifier r6 = r6.hashAlgorithm
            org.bouncycastle.asn1.ASN1ObjectIdentifier r6 = r6.algorithm
            org.bouncycastle.asn1.ASN1ObjectIdentifier r1 = org.bouncycastle.asn1.nist.NISTObjectIdentifiers.id_sha256
            boolean r1 = r1.equals(r6)
            if (r1 == 0) goto L2d
            r6 = r2
            goto L4f
        L2d:
            org.bouncycastle.asn1.ASN1ObjectIdentifier r1 = org.bouncycastle.asn1.nist.NISTObjectIdentifiers.id_sha384
            boolean r1 = r1.equals(r6)
            if (r1 == 0) goto L37
            r6 = 5
            goto L4f
        L37:
            org.bouncycastle.asn1.ASN1ObjectIdentifier r1 = org.bouncycastle.asn1.nist.NISTObjectIdentifiers.id_sha512
            boolean r6 = r1.equals(r6)
            if (r6 == 0) goto L4e
            r6 = 6
            goto L4f
        L41:
            java.util.Hashtable r6 = org.bouncycastle.tls.TlsUtils.CERT_SIG_ALG_OIDS
            java.lang.Object r6 = r6.get(r1)
            org.bouncycastle.tls.SignatureAndHashAlgorithm r6 = (org.bouncycastle.tls.SignatureAndHashAlgorithm) r6
            if (r6 == 0) goto L4e
            short r6 = r6.hash
            goto L4f
        L4e:
            r6 = r3
        L4f:
            r1 = 1
            if (r6 == r1) goto L5c
            r1 = 2
            if (r6 == r1) goto L5c
            r1 = 8
            if (r6 == r1) goto L5b
            r2 = r6
            goto L5c
        L5b:
            r2 = r3
        L5c:
            if (r2 == 0) goto L74
            org.bouncycastle.tls.crypto.TlsCrypto r5 = r5.getCrypto()
            int r6 = org.bouncycastle.tls.crypto.TlsCryptoUtils.getHash(r2)
            org.bouncycastle.tls.crypto.TlsHash r5 = r5.createHash(r6)
            if (r5 == 0) goto L74
            r5.update(r7, r3, r0)
            byte[] r5 = r5.calculateHash()
            goto L76
        L74:
            byte[] r5 = org.bouncycastle.tls.TlsUtils.EMPTY_BYTES
        L76:
            if (r5 == 0) goto L7e
            int r6 = r5.length
            if (r6 <= 0) goto L7e
            r8.write(r5)
        L7e:
            return
        */
        throw new UnsupportedOperationException("Method not decompiled: org.bouncycastle.tls.Certificate.calculateEndPointHash(org.bouncycastle.tls.TlsContext, org.bouncycastle.tls.crypto.TlsCertificate, byte[], java.io.ByteArrayOutputStream):void");
    }

    public static Certificate parse(ParseOptions parseOptions, TlsContext tlsContext, InputStream inputStream, ByteArrayOutputStream byteArrayOutputStream) throws IOException {
        byte[] readOpaque24;
        AbstractTlsContext abstractTlsContext = (AbstractTlsContext) tlsContext;
        boolean isTLSv13 = TlsUtils.isTLSv13(abstractTlsContext.getSecurityParameters().negotiatedVersion);
        short s = parseOptions.certificateType;
        byte[] readFully = isTLSv13 ? TlsUtils.readFully(inputStream, TlsUtils.readUint8(inputStream)) : null;
        int readUint24 = TlsUtils.readUint24(inputStream);
        if (readUint24 == 0) {
            return !isTLSv13 ? EMPTY_CHAIN : readFully.length < 1 ? EMPTY_CHAIN_TLS13 : new Certificate(s, readFully, EMPTY_CERT_ENTRIES);
        }
        byte[] readFully2 = TlsUtils.readFully(inputStream, readUint24);
        ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(readFully2);
        TlsCrypto tlsCrypto = abstractTlsContext.crypto;
        int max = Math.max(1, parseOptions.maxChainLength);
        Vector vector = new Vector();
        while (byteArrayInputStream.available() > 0) {
            if (vector.size() >= max) {
                throw new TlsFatalAlert((short) 80, JoinedKey$$ExternalSyntheticOutline0.m("Certificate chain longer than maximum (", max, ")"));
            }
            if (isTLSv13 || s != 2) {
                readOpaque24 = TlsUtils.readOpaque24(byteArrayInputStream);
            } else {
                byteArrayInputStream.skip(readUint24);
                readOpaque24 = readFully2;
            }
            TlsCertificate createCertificate = tlsCrypto.createCertificate(s, readOpaque24);
            if (vector.isEmpty() && byteArrayOutputStream != null) {
                calculateEndPointHash(abstractTlsContext, createCertificate, readOpaque24, byteArrayOutputStream);
            }
            vector.addElement(new CertificateEntry(createCertificate, isTLSv13 ? TlsProtocol.readExtensionsData13(11, TlsUtils.readFully(byteArrayInputStream, TlsUtils.readUint16(byteArrayInputStream))) : null));
        }
        CertificateEntry[] certificateEntryArr = new CertificateEntry[vector.size()];
        for (int i = 0; i < vector.size(); i++) {
            certificateEntryArr[i] = (CertificateEntry) vector.elementAt(i);
        }
        return new Certificate(s, readFully, certificateEntryArr);
    }

    public final void encode(TlsContext tlsContext, OutputStream outputStream, ByteArrayOutputStream byteArrayOutputStream) throws IOException {
        byte[] bArr = TlsUtils.DOWNGRADE_TLS11;
        boolean isTLSv13 = TlsUtils.isTLSv13(tlsContext.getServerVersion());
        byte[] bArr2 = this.certificateRequestContext;
        if ((bArr2 != null) != isTLSv13) {
            throw new IllegalStateException();
        }
        if (isTLSv13) {
            TlsUtils.writeOpaque8(outputStream, bArr2);
        }
        int length = this.certificateEntryList.length;
        Vector vector = new Vector(length);
        Vector vector2 = isTLSv13 ? new Vector(length) : null;
        long j = 0;
        for (int i = 0; i < length; i++) {
            CertificateEntry certificateEntry = this.certificateEntryList[i];
            TlsCertificate tlsCertificate = certificateEntry.certificate;
            byte[] encoded = tlsCertificate.getEncoded();
            if (i == 0 && byteArrayOutputStream != null) {
                calculateEndPointHash(tlsContext, tlsCertificate, encoded, byteArrayOutputStream);
            }
            vector.addElement(encoded);
            j = j + encoded.length + 3;
            if (isTLSv13) {
                Hashtable hashtable = certificateEntry.extensions;
                vector2.addElement(hashtable == null ? TlsUtils.EMPTY_BYTES : TlsProtocol.writeExtensionsData(hashtable, 0));
                j = j + r9.length + 2;
            }
        }
        if (isTLSv13 || this.certificateType != 2) {
            if (!((16777215 & j) == j)) {
                throw new TlsFatalAlert((short) 80);
            }
            TlsUtils.writeUint24((int) j, outputStream);
        }
        for (int i2 = 0; i2 < length; i2++) {
            byte[] bArr3 = (byte[]) vector.elementAt(i2);
            TlsUtils.checkUint24(bArr3.length);
            TlsUtils.writeUint24(bArr3.length, outputStream);
            outputStream.write(bArr3);
            if (isTLSv13) {
                TlsUtils.writeOpaque16(outputStream, (byte[]) vector2.elementAt(i2));
            }
        }
    }

    public final TlsCertificate getCertificateAt(int i) {
        return this.certificateEntryList[i].certificate;
    }

    public final boolean isEmpty() {
        return this.certificateEntryList.length == 0;
    }
}
