package ru.text;

import com.yandex.metrica.push.common.CoreConstants;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.io.OutputStream;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.Signature;
import java.security.SignatureException;
import java.security.cert.Certificate;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateParsingException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.List;
import kotlin.Metadata;
import kotlin.collections.m;
import kotlin.jvm.internal.Intrinsics;
import org.jetbrains.annotations.NotNull;
import org.xbill.DNS.Message;
import ru.domesticroots.bouncycastle.asn1.a1;
import ru.domesticroots.bouncycastle.asn1.l;
import ru.domesticroots.bouncycastle.asn1.q;
import ru.domesticroots.certificatetransparency.internal.verifier.model.Version;
import ru.text.cnk;

@Metadata(d1 = {"\u0000d\n\u0002\u0018\u0002\n\u0002\u0010\u0000\n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0000\n\u0002\u0010 \n\u0000\n\u0002\u0018\u0002\n\u0000\n\u0002\u0010\u0012\n\u0000\n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0002\u0010\u000b\n\u0000\n\u0002\u0018\u0002\n\u0002\b\u0005\n\u0002\u0018\u0002\n\u0002\u0010\u0002\n\u0002\b\u0006\n\u0002\u0018\u0002\n\u0002\b\u0005\b\u0000\u0018\u0000 \r2\u00020\u0001:\u0001\u0007B\u000f\u0012\u0006\u0010'\u001a\u00020%¢\u0006\u0004\b(\u0010)J\u0018\u0010\u0007\u001a\u00020\u00062\u0006\u0010\u0003\u001a\u00020\u00022\u0006\u0010\u0005\u001a\u00020\u0004H\u0002J \u0010\r\u001a\b\u0012\u0004\u0012\u00020\n0\f2\u0006\u0010\t\u001a\u00020\b2\b\u0010\u000b\u001a\u0004\u0018\u00010\nH\u0002J\u0018\u0010\u0013\u001a\u00020\u00122\u0006\u0010\u000f\u001a\u00020\u000e2\u0006\u0010\u0011\u001a\u00020\u0010H\u0002J\f\u0010\u0016\u001a\u00020\u0015*\u00020\u0014H\u0002J\u0018\u0010\u0019\u001a\u00020\u00102\u0006\u0010\u0018\u001a\u00020\u00172\u0006\u0010\u000f\u001a\u00020\u000eH\u0002J \u0010\u001c\u001a\u00020\u00102\u0006\u0010\u001a\u001a\u00020\u00102\u0006\u0010\u001b\u001a\u00020\u00102\u0006\u0010\u000f\u001a\u00020\u000eH\u0002J\u0014\u0010\u001f\u001a\u00020\u001e*\u00020\u001d2\u0006\u0010\u000f\u001a\u00020\u000eH\u0002J\u001e\u0010!\u001a\u00020\u00122\u0006\u0010\u000f\u001a\u00020\u000e2\f\u0010 \u001a\b\u0012\u0004\u0012\u00020\u00170\fH\u0016J'\u0010#\u001a\u00020\u00122\u0006\u0010\u000f\u001a\u00020\u000e2\u0006\u0010\u0018\u001a\u00020\u00022\u0006\u0010\"\u001a\u00020\u0004H\u0000¢\u0006\u0004\b#\u0010$R\u0014\u0010'\u001a\u00020%8\u0002X\u0082\u0004¢\u0006\u0006\n\u0004\b\u0007\u0010&¨\u0006*"}, d2 = {"Lru/kinopoisk/xyb;", "", "Ljava/security/cert/X509Certificate;", "preCertificate", "Lru/kinopoisk/vza;", "issuerInformation", "Lru/kinopoisk/u8o;", "a", "Lru/kinopoisk/hj8;", "extensions", "Lru/kinopoisk/ej8;", "replacementX509authorityKeyIdentifier", "", "b", "Lru/kinopoisk/u6m;", "sct", "", "toVerify", "Lru/kinopoisk/cnk;", "h", "Lru/kinopoisk/la2;", "", "c", "Ljava/security/cert/Certificate;", "certificate", "e", "preCertBytes", "issuerKeyHash", "f", "Ljava/io/OutputStream;", "", "d", "chain", CoreConstants.PushMessage.SERVICE_TYPE, "issuerInfo", "g", "(Lru/kinopoisk/u6m;Ljava/security/cert/X509Certificate;Lru/kinopoisk/vza;)Lru/kinopoisk/cnk;", "Lru/kinopoisk/syb;", "Lru/kinopoisk/syb;", "logServer", "<init>", "(Lru/kinopoisk/syb;)V", "domesticroots-certificatetransparency_release"}, k = 1, mv = {1, 6, 0})
/* loaded from: classes9.dex */
public final class xyb {

    /* renamed from: a, reason: from kotlin metadata */
    @NotNull
    private final LogServer logServer;

    public xyb(@NotNull LogServer logServer) {
        Intrinsics.checkNotNullParameter(logServer, "logServer");
        this.logServer = logServer;
    }

    private final u8o a(X509Certificate preCertificate, IssuerInformation issuerInformation) {
        if (preCertificate.getVersion() < 3) {
            throw new IllegalArgumentException("Failed requirement.".toString());
        }
        l lVar = new l(preCertificate.getEncoded());
        try {
            la2 parsedPreCertificate = la2.s(lVar.j());
            Intrinsics.checkNotNullExpressionValue(parsedPreCertificate, "parsedPreCertificate");
            if (c(parsedPreCertificate) && issuerInformation.getIssuedByPreCertificateSigningCert() && issuerInformation.getX509authorityKeyIdentifier() == null) {
                throw new IllegalArgumentException("Failed requirement.".toString());
            }
            hj8 t = parsedPreCertificate.u().t();
            Intrinsics.checkNotNullExpressionValue(t, "parsedPreCertificate.tbsCertificate.extensions");
            List<ej8> b = b(t, issuerInformation.getX509authorityKeyIdentifier());
            ofq ofqVar = new ofq();
            u8o u = parsedPreCertificate.u();
            ofqVar.f(u.x());
            ofqVar.g(u.B());
            kdr name = issuerInformation.getName();
            if (name == null) {
                name = u.v();
            }
            ofqVar.d(name);
            ofqVar.h(u.C());
            ofqVar.b(u.s());
            ofqVar.i(u.D());
            ofqVar.j(u.E());
            ofqVar.e((a1) u.w());
            ofqVar.k((a1) u.F());
            Object[] array = b.toArray(new ej8[0]);
            if (array == null) {
                throw new NullPointerException("null cannot be cast to non-null type kotlin.Array<T of kotlin.collections.ArraysKt__ArraysJVMKt.toTypedArray>");
            }
            ofqVar.c(new hj8((ej8[]) array));
            u8o a = ofqVar.a();
            j63.a(lVar, null);
            Intrinsics.checkNotNullExpressionValue(a, "ASN1InputStream(preCerti…BSCertificate()\n        }");
            return a;
        } finally {
        }
    }

    private final List<ej8> b(hj8 extensions, ej8 replacementX509authorityKeyIdentifier) {
        int A;
        q[] t = extensions.t();
        Intrinsics.checkNotNullExpressionValue(t, "extensions.extensionOIDs");
        ArrayList arrayList = new ArrayList();
        for (q qVar : t) {
            if (!Intrinsics.d(qVar.J(), "1.3.6.1.4.1.11129.2.4.3")) {
                arrayList.add(qVar);
            }
        }
        ArrayList<q> arrayList2 = new ArrayList();
        for (Object obj : arrayList) {
            if (!Intrinsics.d(((q) obj).J(), "1.3.6.1.4.1.11129.2.4.2")) {
                arrayList2.add(obj);
            }
        }
        A = m.A(arrayList2, 10);
        ArrayList arrayList3 = new ArrayList(A);
        for (q qVar2 : arrayList2) {
            arrayList3.add((!Intrinsics.d(qVar2.J(), "2.5.29.35") || replacementX509authorityKeyIdentifier == null) ? extensions.s(qVar2) : replacementX509authorityKeyIdentifier);
        }
        return arrayList3;
    }

    private final boolean c(la2 la2Var) {
        return la2Var.u().t().s(new q("2.5.29.35")) != null;
    }

    private final void d(OutputStream outputStream, SignedCertificateTimestamp signedCertificateTimestamp) {
        if (signedCertificateTimestamp.getSctVersion() != Version.V1) {
            throw new IllegalArgumentException("Can only serialize SCT v1 for now.".toString());
        }
        mlf.a(outputStream, signedCertificateTimestamp.getSctVersion().getNumber(), 1);
        mlf.a(outputStream, 0L, 1);
        mlf.a(outputStream, signedCertificateTimestamp.getTimestamp(), 8);
    }

    private final byte[] e(Certificate certificate, SignedCertificateTimestamp sct) {
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        try {
            d(byteArrayOutputStream, sct);
            mlf.a(byteArrayOutputStream, 0L, 2);
            byte[] encoded = certificate.getEncoded();
            Intrinsics.checkNotNullExpressionValue(encoded, "certificate.encoded");
            mlf.b(byteArrayOutputStream, encoded, 16777215);
            mlf.b(byteArrayOutputStream, sct.getExtensions(), Message.MAXLENGTH);
            byte[] byteArray = byteArrayOutputStream.toByteArray();
            j63.a(byteArrayOutputStream, null);
            Intrinsics.checkNotNullExpressionValue(byteArray, "ByteArrayOutputStream().…t.toByteArray()\n        }");
            return byteArray;
        } finally {
        }
    }

    private final byte[] f(byte[] preCertBytes, byte[] issuerKeyHash, SignedCertificateTimestamp sct) {
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        try {
            d(byteArrayOutputStream, sct);
            mlf.a(byteArrayOutputStream, 1L, 2);
            byteArrayOutputStream.write(issuerKeyHash);
            mlf.b(byteArrayOutputStream, preCertBytes, 16777215);
            mlf.b(byteArrayOutputStream, sct.getExtensions(), Message.MAXLENGTH);
            byte[] byteArray = byteArrayOutputStream.toByteArray();
            j63.a(byteArrayOutputStream, null);
            Intrinsics.checkNotNullExpressionValue(byteArray, "ByteArrayOutputStream().…t.toByteArray()\n        }");
            return byteArray;
        } finally {
        }
    }

    private final cnk h(SignedCertificateTimestamp sct, byte[] toVerify) {
        String str;
        cnk s6mVar;
        if (Intrinsics.d(this.logServer.getKey().getAlgorithm(), "EC")) {
            str = "SHA256withECDSA";
        } else {
            if (!Intrinsics.d(this.logServer.getKey().getAlgorithm(), "RSA")) {
                String algorithm = this.logServer.getKey().getAlgorithm();
                Intrinsics.checkNotNullExpressionValue(algorithm, "logServer.key.algorithm");
                return new isp(algorithm, null, 2, null);
            }
            str = "SHA256withRSA";
        }
        try {
            Signature signature = Signature.getInstance(str);
            signature.initVerify(this.logServer.getKey());
            signature.update(toVerify);
            return signature.verify(sct.getSignature().getSignature()) ? cnk.b.a : cnk.a.b.a;
        } catch (InvalidKeyException e) {
            s6mVar = new nyb(e);
            return s6mVar;
        } catch (NoSuchAlgorithmException e2) {
            s6mVar = new isp(str, e2);
            return s6mVar;
        } catch (SignatureException e3) {
            s6mVar = new s6m(e3);
            return s6mVar;
        }
    }

    @NotNull
    public final cnk g(@NotNull SignedCertificateTimestamp sct, @NotNull X509Certificate certificate, @NotNull IssuerInformation issuerInfo) {
        qa2 qa2Var;
        Intrinsics.checkNotNullParameter(sct, "sct");
        Intrinsics.checkNotNullParameter(certificate, "certificate");
        Intrinsics.checkNotNullParameter(issuerInfo, "issuerInfo");
        try {
            byte[] q = a(certificate, issuerInfo).q();
            Intrinsics.checkNotNullExpressionValue(q, "preCertificateTBS.encoded");
            return h(sct, f(q, issuerInfo.getKeyHash(), sct));
        } catch (IOException e) {
            qa2Var = new qa2(e);
            return qa2Var;
        } catch (CertificateException e2) {
            qa2Var = new qa2(e2);
            return qa2Var;
        }
    }

    @NotNull
    public cnk i(@NotNull SignedCertificateTimestamp sct, @NotNull List<? extends Certificate> chain) {
        IssuerInformation d;
        qa2 qa2Var;
        Intrinsics.checkNotNullParameter(sct, "sct");
        Intrinsics.checkNotNullParameter(chain, "chain");
        long currentTimeMillis = System.currentTimeMillis();
        if (sct.getTimestamp() > currentTimeMillis) {
            return new cnk.a.d(sct.getTimestamp(), currentTimeMillis);
        }
        if (this.logServer.getValidUntil() != null && sct.getTimestamp() > this.logServer.getValidUntil().longValue()) {
            return new cnk.a.e(sct.getTimestamp(), this.logServer.getValidUntil().longValue());
        }
        if (!Arrays.equals(this.logServer.getId(), sct.getId().getKeyId())) {
            iz0 iz0Var = iz0.a;
            return new xxb(iz0Var.b(sct.getId().getKeyId()), iz0Var.b(this.logServer.getId()));
        }
        Certificate certificate = chain.get(0);
        if (!ra2.b(certificate) && !ra2.a(certificate)) {
            try {
                return h(sct, e(certificate, sct));
            } catch (IOException e) {
                qa2Var = new qa2(e);
                return qa2Var;
            } catch (CertificateEncodingException e2) {
                qa2Var = new qa2(e2);
                return qa2Var;
            }
        }
        if (chain.size() < 2) {
            return vre.a;
        }
        Certificate certificate2 = chain.get(1);
        try {
            if (!ra2.c(certificate2)) {
                try {
                    d = ra2.d(certificate2);
                } catch (NoSuchAlgorithmException e3) {
                    return new isp("SHA-256", e3);
                }
            } else {
                if (chain.size() < 3) {
                    return wre.a;
                }
                try {
                    d = ra2.e(certificate2, chain.get(2));
                } catch (IOException e4) {
                    return new e0(e4);
                } catch (NoSuchAlgorithmException e5) {
                    return new isp("SHA-256", e5);
                } catch (CertificateEncodingException e6) {
                    return new qa2(e6);
                }
            }
            return g(sct, (X509Certificate) certificate, d);
        } catch (CertificateParsingException e7) {
            return new sa2(e7);
        }
    }
}
