package f.a.a.b0.f;

import i.a0;
import i.f0.b0;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.io.OutputStream;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.Signature;
import java.security.SignatureException;
import java.security.cert.Certificate;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateParsingException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.List;

/* loaded from: classes.dex */
public final class l {
    private final f.a.a.c0.d a;

    public l(f.a.a.c0.d logServer) {
        kotlin.jvm.internal.l.f(logServer, "logServer");
        this.a = logServer;
    }

    private final l.a.a.l2.f a(X509Certificate x509Certificate, f.a.a.b0.f.q.b bVar) {
        boolean z = true;
        if (!(x509Certificate.getVersion() >= 3)) {
            throw new IllegalArgumentException("Failed requirement.".toString());
        }
        l.a.a.k kVar = new l.a.a.k(x509Certificate.getEncoded());
        try {
            l.a.a.l2.b parsedPreCertificate = l.a.a.l2.b.p(kVar.K());
            kotlin.jvm.internal.l.b(parsedPreCertificate, "parsedPreCertificate");
            if (c(parsedPreCertificate) && bVar.a()) {
                if (bVar.d() == null) {
                    z = false;
                }
                if (!z) {
                    throw new IllegalArgumentException("Failed requirement.".toString());
                }
            }
            l.a.a.l2.f w = parsedPreCertificate.w();
            kotlin.jvm.internal.l.b(w, "parsedPreCertificate.tbsCertificate");
            l.a.a.l2.d s = w.s();
            kotlin.jvm.internal.l.b(s, "parsedPreCertificate.tbsCertificate.extensions");
            List<l.a.a.l2.c> b = b(s, bVar.d());
            l.a.a.l2.h hVar = new l.a.a.l2.h();
            l.a.a.l2.f tbsPart = parsedPreCertificate.w();
            kotlin.jvm.internal.l.b(tbsPart, "tbsPart");
            hVar.f(tbsPart.B());
            hVar.g(tbsPart.C());
            l.a.a.k2.c c = bVar.c();
            if (c == null) {
                c = tbsPart.x();
            }
            hVar.d(c);
            hVar.h(tbsPart.D());
            hVar.b(tbsPart.p());
            hVar.i(tbsPart.E());
            hVar.j(tbsPart.F());
            hVar.e(tbsPart.A());
            hVar.k(tbsPart.G());
            if (b == null) {
                throw new a0("null cannot be cast to non-null type java.util.Collection<T>");
            }
            Object[] array = b.toArray(new l.a.a.l2.c[0]);
            if (array == null) {
                throw new a0("null cannot be cast to non-null type kotlin.Array<T>");
            }
            hVar.c(new l.a.a.l2.d((l.a.a.l2.c[]) array));
            l.a.a.l2.f a = hVar.a();
            kotlin.jvm.internal.l.b(a, "V3TBSCertificateGenerato….generateTBSCertificate()");
            i.j0.a.a(kVar, null);
            kotlin.jvm.internal.l.b(a, "ASN1InputStream(preCerti…BSCertificate()\n        }");
            return a;
        } finally {
        }
    }

    private final List<l.a.a.l2.c> b(l.a.a.l2.d dVar, l.a.a.l2.c cVar) {
        int q;
        l.a.a.p[] s = dVar.s();
        kotlin.jvm.internal.l.b(s, "extensions.extensionOIDs");
        ArrayList arrayList = new ArrayList();
        for (l.a.a.p it : s) {
            kotlin.jvm.internal.l.b(it, "it");
            if (!kotlin.jvm.internal.l.a(it.H(), "1.3.6.1.4.1.11129.2.4.3")) {
                arrayList.add(it);
            }
        }
        ArrayList<l.a.a.p> arrayList2 = new ArrayList();
        for (Object obj : arrayList) {
            l.a.a.p it2 = (l.a.a.p) obj;
            kotlin.jvm.internal.l.b(it2, "it");
            if (!kotlin.jvm.internal.l.a(it2.H(), "1.3.6.1.4.1.11129.2.4.2")) {
                arrayList2.add(obj);
            }
        }
        q = b0.q(arrayList2, 10);
        ArrayList arrayList3 = new ArrayList(q);
        for (l.a.a.p it3 : arrayList2) {
            kotlin.jvm.internal.l.b(it3, "it");
            arrayList3.add((!kotlin.jvm.internal.l.a(it3.H(), "2.5.29.35") || cVar == null) ? dVar.p(it3) : cVar);
        }
        return arrayList3;
    }

    private final boolean c(l.a.a.l2.b bVar) {
        l.a.a.l2.f tbsCertificate = bVar.w();
        kotlin.jvm.internal.l.b(tbsCertificate, "tbsCertificate");
        return tbsCertificate.s().p(new l.a.a.p("2.5.29.35")) != null;
    }

    private final void d(OutputStream outputStream, f.a.a.b0.b.a.g gVar) {
        if (!(gVar.c() == f.a.a.b0.b.a.i.V1)) {
            throw new IllegalArgumentException("Can only serialize SCT v1 for now.".toString());
        }
        f.a.a.b0.d.c.a(outputStream, gVar.c().a(), 1);
        f.a.a.b0.d.c.a(outputStream, 0L, 1);
        f.a.a.b0.d.c.a(outputStream, gVar.e(), 8);
    }

    private final byte[] e(Certificate certificate, f.a.a.b0.b.a.g gVar) {
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        try {
            d(byteArrayOutputStream, gVar);
            f.a.a.b0.d.c.a(byteArrayOutputStream, 0L, 2);
            byte[] encoded = certificate.getEncoded();
            kotlin.jvm.internal.l.b(encoded, "certificate.encoded");
            f.a.a.b0.d.c.b(byteArrayOutputStream, encoded, 16777215);
            f.a.a.b0.d.c.b(byteArrayOutputStream, gVar.a(), 65535);
            byte[] byteArray = byteArrayOutputStream.toByteArray();
            kotlin.jvm.internal.l.b(byteArray, "it.toByteArray()");
            i.j0.a.a(byteArrayOutputStream, null);
            kotlin.jvm.internal.l.b(byteArray, "ByteArrayOutputStream().…t.toByteArray()\n        }");
            return byteArray;
        } finally {
        }
    }

    private final byte[] f(byte[] bArr, byte[] bArr2, f.a.a.b0.b.a.g gVar) {
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        try {
            d(byteArrayOutputStream, gVar);
            f.a.a.b0.d.c.a(byteArrayOutputStream, 1L, 2);
            byteArrayOutputStream.write(bArr2);
            f.a.a.b0.d.c.b(byteArrayOutputStream, bArr, 16777215);
            f.a.a.b0.d.c.b(byteArrayOutputStream, gVar.a(), 65535);
            byte[] byteArray = byteArrayOutputStream.toByteArray();
            kotlin.jvm.internal.l.b(byteArray, "it.toByteArray()");
            i.j0.a.a(byteArrayOutputStream, null);
            kotlin.jvm.internal.l.b(byteArray, "ByteArrayOutputStream().…t.toByteArray()\n        }");
            return byteArray;
        } finally {
        }
    }

    private final f.a.a.m h(f.a.a.b0.b.a.g gVar, byte[] bArr) {
        String str;
        f.a.a.m oVar;
        if (kotlin.jvm.internal.l.a(this.a.b().getAlgorithm(), "EC")) {
            str = "SHA256withECDSA";
        } else {
            if (!kotlin.jvm.internal.l.a(this.a.b().getAlgorithm(), "RSA")) {
                String algorithm = this.a.b().getAlgorithm();
                kotlin.jvm.internal.l.b(algorithm, "logServer.key.algorithm");
                return new p(algorithm, null, 2, null);
            }
            str = "SHA256withRSA";
        }
        try {
            Signature signature = Signature.getInstance(str);
            signature.initVerify(this.a.b());
            signature.update(bArr);
            return signature.verify(gVar.d().a()) ? f.a.a.l.a : f.a.a.f.a;
        } catch (InvalidKeyException e2) {
            oVar = new k(e2);
            return oVar;
        } catch (NoSuchAlgorithmException e3) {
            oVar = new p(str, e3);
            return oVar;
        } catch (SignatureException e4) {
            oVar = new o(e4);
            return oVar;
        }
    }

    public final f.a.a.m g(f.a.a.b0.b.a.g sct, X509Certificate certificate, f.a.a.b0.f.q.b issuerInfo) {
        b bVar;
        kotlin.jvm.internal.l.f(sct, "sct");
        kotlin.jvm.internal.l.f(certificate, "certificate");
        kotlin.jvm.internal.l.f(issuerInfo, "issuerInfo");
        try {
            byte[] l2 = a(certificate, issuerInfo).l();
            kotlin.jvm.internal.l.b(l2, "preCertificateTBS.encoded");
            return h(sct, f(l2, issuerInfo.b(), sct));
        } catch (IOException e2) {
            bVar = new b(e2);
            return bVar;
        } catch (CertificateException e3) {
            bVar = new b(e3);
            return bVar;
        }
    }

    public f.a.a.m i(f.a.a.b0.b.a.g sct, List<? extends Certificate> chain) {
        f.a.a.b0.f.q.b d2;
        b bVar;
        kotlin.jvm.internal.l.f(sct, "sct");
        kotlin.jvm.internal.l.f(chain, "chain");
        long currentTimeMillis = System.currentTimeMillis();
        if (sct.e() > currentTimeMillis) {
            return new f.a.a.h(sct.e(), currentTimeMillis);
        }
        if (this.a.c() != null && sct.e() > this.a.c().longValue()) {
            return new f.a.a.i(sct.e(), this.a.c().longValue());
        }
        if (!Arrays.equals(this.a.a(), sct.b().a())) {
            String c = l.a.f.j.a.c(sct.b().a());
            kotlin.jvm.internal.l.b(c, "Base64.toBase64String(sct.id.keyId)");
            String c2 = l.a.f.j.a.c(this.a.a());
            kotlin.jvm.internal.l.b(c2, "Base64.toBase64String(logServer.id)");
            return new j(c, c2);
        }
        Certificate certificate = chain.get(0);
        if (!f.a.a.b0.e.b.b(certificate) && !f.a.a.b0.e.b.a(certificate)) {
            try {
                return h(sct, e(certificate, sct));
            } catch (IOException e2) {
                bVar = new b(e2);
                return bVar;
            } catch (CertificateEncodingException e3) {
                bVar = new b(e3);
                return bVar;
            }
        }
        if (chain.size() < 2) {
            return m.a;
        }
        Certificate certificate2 = chain.get(1);
        try {
            if (!f.a.a.b0.e.b.c(certificate2)) {
                try {
                    d2 = f.a.a.b0.e.b.d(certificate2);
                } catch (NoSuchAlgorithmException e4) {
                    return new p("SHA-256", e4);
                }
            } else {
                if (chain.size() < 3) {
                    return n.a;
                }
                try {
                    d2 = f.a.a.b0.e.b.e(certificate2, chain.get(2));
                } catch (IOException e5) {
                    return new a(e5);
                } catch (NoSuchAlgorithmException e6) {
                    return new p("SHA-256", e6);
                } catch (CertificateEncodingException e7) {
                    return new b(e7);
                }
            }
            return g(sct, (X509Certificate) certificate, d2);
        } catch (CertificateParsingException e8) {
            return new c(e8);
        }
    }
}
