package org.bouncycastle.jsse.provider;

import java.security.AlgorithmParameters;
import java.security.GeneralSecurityException;
import java.security.PublicKey;
import java.security.cert.CertPathValidatorException;
import java.security.cert.Certificate;
import java.security.cert.CertificateParsingException;
import java.security.cert.PKIXCertPathChecker;
import java.security.cert.X509Certificate;
import java.util.Collection;
import java.util.Collections;
import java.util.HashMap;
import java.util.HashSet;
import java.util.List;
import java.util.Map;
import java.util.Set;

/* loaded from: classes.dex */
class k1 extends PKIXCertPathChecker {

    /* renamed from: g, reason: collision with root package name */
    private static final Map f14663g = h();

    /* renamed from: h, reason: collision with root package name */
    private static final Set f14664h = i();

    /* renamed from: i, reason: collision with root package name */
    private static final byte[] f14665i = {5, 0};

    /* renamed from: d, reason: collision with root package name */
    private final sd.b f14666d;

    /* renamed from: e, reason: collision with root package name */
    private final vd.a f14667e;

    /* renamed from: f, reason: collision with root package name */
    private X509Certificate f14668f;

    /* JADX INFO: Access modifiers changed from: package-private */
    public k1(sd.b bVar, vd.a aVar) {
        if (bVar == null) {
            throw new NullPointerException("'helper' cannot be null");
        }
        if (aVar == null) {
            throw new NullPointerException("'algorithmConstraints' cannot be null");
        }
        this.f14666d = bVar;
        this.f14667e = aVar;
        this.f14668f = null;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static void b(sd.b bVar, vd.a aVar, X509Certificate[] x509CertificateArr, fd.f fVar, int i10) {
        X509Certificate x509Certificate = x509CertificateArr[x509CertificateArr.length - 1];
        if (x509CertificateArr.length > 1) {
            g(bVar, aVar, x509CertificateArr[x509CertificateArr.length - 2], x509Certificate);
        }
        d(bVar, aVar, x509CertificateArr[0], fVar, i10);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static void c(sd.b bVar, vd.a aVar, Set set, X509Certificate[] x509CertificateArr, fd.f fVar, int i10) {
        int length = x509CertificateArr.length;
        while (length > 0 && set.contains(x509CertificateArr[length - 1])) {
            length--;
        }
        if (length < x509CertificateArr.length) {
            X509Certificate x509Certificate = x509CertificateArr[length];
            if (length > 0) {
                g(bVar, aVar, x509CertificateArr[length - 1], x509Certificate);
            }
        } else {
            f(bVar, aVar, x509CertificateArr[length - 1]);
        }
        k1 k1Var = new k1(bVar, aVar);
        k1Var.init(false);
        for (int i11 = length - 1; i11 >= 0; i11--) {
            k1Var.check(x509CertificateArr[i11]);
        }
        d(bVar, aVar, x509CertificateArr[0], fVar, i10);
    }

    private static void d(sd.b bVar, vd.a aVar, X509Certificate x509Certificate, fd.f fVar, int i10) {
        if (fVar != null && !q(x509Certificate, fVar)) {
            throw new CertPathValidatorException("Certificate doesn't support '" + j(fVar) + "' ExtendedKeyUsage");
        }
        if (i10 >= 0) {
            if (!t(x509Certificate, i10)) {
                throw new CertPathValidatorException("Certificate doesn't support '" + k(i10) + "' KeyUsage");
            }
            if (aVar.permits(l(i10), x509Certificate.getPublicKey())) {
                return;
            }
            throw new CertPathValidatorException("Public key not permitted for '" + k(i10) + "' KeyUsage");
        }
    }

    private static void f(sd.b bVar, vd.a aVar, X509Certificate x509Certificate) {
        if (!aVar.permits(z.f14868f, n(x509Certificate), o(bVar, x509Certificate))) {
            throw new CertPathValidatorException();
        }
    }

    private static void g(sd.b bVar, vd.a aVar, X509Certificate x509Certificate, X509Certificate x509Certificate2) {
        if (!aVar.permits(z.f14868f, n(x509Certificate), x509Certificate2.getPublicKey(), o(bVar, x509Certificate))) {
            throw new CertPathValidatorException();
        }
    }

    private static Map h() {
        HashMap hashMap = new HashMap();
        hashMap.put(xc.a.f18179d.t(), "Ed25519");
        hashMap.put(xc.a.f18180e.t(), "Ed448");
        hashMap.put(bd.a.f4893j.t(), "SHA1withDSA");
        hashMap.put(gd.a.V.t(), "SHA1withDSA");
        return Collections.unmodifiableMap(hashMap);
    }

    private static Set i() {
        HashSet hashSet = new HashSet();
        hashSet.add(bd.a.f4893j.t());
        hashSet.add(gd.a.V.t());
        return Collections.unmodifiableSet(hashSet);
    }

    static String j(fd.f fVar) {
        if (fd.f.f9545h.equals(fVar)) {
            return "clientAuth";
        }
        if (fd.f.f9544g.equals(fVar)) {
            return "serverAuth";
        }
        return "(" + fVar + ")";
    }

    static String k(int i10) {
        if (i10 == 0) {
            return "digitalSignature";
        }
        if (i10 == 2) {
            return "keyEncipherment";
        }
        if (i10 == 4) {
            return "keyAgreement";
        }
        return "(" + i10 + ")";
    }

    static Set l(int i10) {
        return i10 != 2 ? i10 != 4 ? z.f14868f : z.f14866d : z.f14867e;
    }

    static String n(X509Certificate x509Certificate) {
        String str = (String) f14663g.get(x509Certificate.getSigAlgOID());
        return str != null ? str : x509Certificate.getSigAlgName();
    }

    static AlgorithmParameters o(sd.b bVar, X509Certificate x509Certificate) {
        byte[] sigAlgParams = x509Certificate.getSigAlgParams();
        if (sigAlgParams == null) {
            return null;
        }
        String sigAlgOID = x509Certificate.getSigAlgOID();
        if (f14664h.contains(sigAlgOID) && ze.a.d(f14665i, sigAlgParams)) {
            return null;
        }
        try {
            AlgorithmParameters e10 = bVar.e(sigAlgOID);
            try {
                e10.init(sigAlgParams);
                return e10;
            } catch (Exception e11) {
                throw new CertPathValidatorException(e11);
            }
        } catch (GeneralSecurityException unused) {
            return null;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static boolean p(PublicKey publicKey, boolean[] zArr, int i10, vd.a aVar) {
        return u(zArr, i10) && aVar.permits(l(i10), publicKey);
    }

    static boolean q(X509Certificate x509Certificate, fd.f fVar) {
        try {
            return s(x509Certificate.getExtendedKeyUsage(), fVar);
        } catch (CertificateParsingException unused) {
            return false;
        }
    }

    static boolean s(List list, fd.f fVar) {
        return list == null || list.contains(fVar.h()) || list.contains(fd.f.f9543f.h());
    }

    static boolean t(X509Certificate x509Certificate, int i10) {
        return u(x509Certificate.getKeyUsage(), i10);
    }

    static boolean u(boolean[] zArr, int i10) {
        return zArr == null || (zArr.length > i10 && zArr[i10]);
    }

    @Override // java.security.cert.PKIXCertPathChecker
    public void check(Certificate certificate, Collection collection) {
        if (!(certificate instanceof X509Certificate)) {
            throw new CertPathValidatorException("checker can only be used for X.509 certificates");
        }
        X509Certificate x509Certificate = (X509Certificate) certificate;
        X509Certificate x509Certificate2 = this.f14668f;
        if (x509Certificate2 != null) {
            g(this.f14666d, this.f14667e, x509Certificate, x509Certificate2);
        }
        this.f14668f = x509Certificate;
    }

    @Override // java.security.cert.PKIXCertPathChecker
    public Set getSupportedExtensions() {
        return null;
    }

    @Override // java.security.cert.PKIXCertPathChecker, java.security.cert.CertPathChecker
    public void init(boolean z10) {
        if (z10) {
            throw new CertPathValidatorException("forward checking not supported");
        }
        this.f14668f = null;
    }

    @Override // java.security.cert.PKIXCertPathChecker, java.security.cert.CertPathChecker
    public boolean isForwardCheckingSupported() {
        return false;
    }
}
