package com.pp.certificatetransparency.internal.verifier;

import com.pp.certificatetransparency.internal.logclient.model.Version;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.io.OutputStream;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.Signature;
import java.security.SignatureException;
import java.security.cert.Certificate;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateParsingException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.List;
import kotlin.TypeCastException;
import kotlin.jvm.internal.o;
import l.k.a.f;

/* compiled from: LogSignatureVerifier.kt */
@kotlin.j(bv = {1, 0, 3}, d1 = {"\u0000h\n\u0002\u0018\u0002\n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0002\b\u0002\n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0000\n\u0002\u0010 \n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0002\b\u0002\n\u0002\u0010\u0012\n\u0000\n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0002\b\u0004\n\u0002\u0018\u0002\n\u0002\b\u0007\n\u0002\u0010\u000b\n\u0002\u0018\u0002\n\u0000\n\u0002\u0010\u0002\n\u0002\u0018\u0002\n\u0002\b\u0002\b\u0000\u0018\u0000 (2\u00020\u0001:\u0001(B\r\u0012\u0006\u0010\u0002\u001a\u00020\u0003¢\u0006\u0002\u0010\u0004J\u0018\u0010\u0005\u001a\u00020\u00062\u0006\u0010\u0007\u001a\u00020\b2\u0006\u0010\t\u001a\u00020\nH\u0002J \u0010\u000b\u001a\b\u0012\u0004\u0012\u00020\r0\f2\u0006\u0010\u000e\u001a\u00020\u000f2\b\u0010\u0010\u001a\u0004\u0018\u00010\rH\u0002J\u0018\u0010\u0011\u001a\u00020\u00122\u0006\u0010\u0013\u001a\u00020\u00142\u0006\u0010\u0015\u001a\u00020\u0016H\u0002J \u0010\u0017\u001a\u00020\u00122\u0006\u0010\u0018\u001a\u00020\u00122\u0006\u0010\u0019\u001a\u00020\u00122\u0006\u0010\u0015\u001a\u00020\u0016H\u0002J%\u0010\u001a\u001a\u00020\u001b2\u0006\u0010\u0015\u001a\u00020\u00162\u0006\u0010\u0013\u001a\u00020\b2\u0006\u0010\u001c\u001a\u00020\nH\u0000¢\u0006\u0002\b\u001dJ\u0018\u0010\u001e\u001a\u00020\u001b2\u0006\u0010\u0015\u001a\u00020\u00162\u0006\u0010\u001f\u001a\u00020\u0012H\u0002J\u001e\u0010 \u001a\u00020\u001b2\u0006\u0010\u0015\u001a\u00020\u00162\f\u0010!\u001a\b\u0012\u0004\u0012\u00020\u00140\fH\u0016J\f\u0010\"\u001a\u00020#*\u00020$H\u0002J\u0014\u0010%\u001a\u00020&*\u00020'2\u0006\u0010\u0015\u001a\u00020\u0016H\u0002R\u000e\u0010\u0002\u001a\u00020\u0003X\u0082\u0004¢\u0006\u0002\n\u0000¨\u0006)"}, d2 = {"Lcom/pp/certificatetransparency/internal/verifier/LogSignatureVerifier;", "Lcom/pp/certificatetransparency/internal/verifier/SignatureVerifier;", "logServer", "Lcom/pp/certificatetransparency/loglist/LogServer;", "(Lcom/pp/certificatetransparency/loglist/LogServer;)V", "createTbsForVerification", "Lorg/bouncycastle/asn1/x509/TBSCertificate;", "preCertificate", "Ljava/security/cert/X509Certificate;", "issuerInformation", "Lcom/pp/certificatetransparency/internal/verifier/model/IssuerInformation;", "getExtensionsWithoutPoisonAndSct", "", "Lorg/bouncycastle/asn1/x509/Extension;", "extensions", "Lorg/bouncycastle/asn1/x509/Extensions;", "replacementX509authorityKeyIdentifier", "serializeSignedSctData", "", "certificate", "Ljava/security/cert/Certificate;", "sct", "Lcom/pp/certificatetransparency/internal/logclient/model/SignedCertificateTimestamp;", "serializeSignedSctDataForPreCertificate", "preCertBytes", "issuerKeyHash", "verifySCTOverPreCertificate", "Lcom/pp/certificatetransparency/SctVerificationResult;", "issuerInfo", "verifySCTOverPreCertificate$aegis_core_release", "verifySctSignatureOverBytes", "toVerify", "verifySignature", "chain", "hasX509AuthorityKeyIdentifier", "", "Lorg/bouncycastle/asn1/x509/Certificate;", "serializeCommonSctFields", "", "Ljava/io/OutputStream;", "Companion", "aegis-core_release"}, k = 1, mv = {1, 1, 15})
/* loaded from: classes6.dex */
public final class h {
    private final l.k.a.i.b a;

    /* compiled from: LogSignatureVerifier.kt */
    /* loaded from: classes6.dex */
    public static final class a {
        private a() {
        }

        public /* synthetic */ a(kotlin.jvm.internal.i iVar) {
            this();
        }
    }

    static {
        new a(null);
    }

    public h(l.k.a.i.b bVar) {
        o.b(bVar, "logServer");
        this.a = bVar;
    }

    private final List<org.bouncycastle.asn1.x509.c> a(org.bouncycastle.asn1.x509.d dVar, org.bouncycastle.asn1.x509.c cVar) {
        int a2;
        org.bouncycastle.asn1.o[] h = dVar.h();
        o.a((Object) h, "extensions.extensionOIDs");
        ArrayList arrayList = new ArrayList();
        for (org.bouncycastle.asn1.o oVar : h) {
            o.a((Object) oVar, "it");
            if (!o.a((Object) oVar.q(), (Object) "1.3.6.1.4.1.11129.2.4.3")) {
                arrayList.add(oVar);
            }
        }
        ArrayList<org.bouncycastle.asn1.o> arrayList2 = new ArrayList();
        for (Object obj : arrayList) {
            org.bouncycastle.asn1.o oVar2 = (org.bouncycastle.asn1.o) obj;
            o.a((Object) oVar2, "it");
            if (!o.a((Object) oVar2.q(), (Object) "1.3.6.1.4.1.11129.2.4.2")) {
                arrayList2.add(obj);
            }
        }
        a2 = kotlin.collections.o.a(arrayList2, 10);
        ArrayList arrayList3 = new ArrayList(a2);
        for (org.bouncycastle.asn1.o oVar3 : arrayList2) {
            o.a((Object) oVar3, "it");
            arrayList3.add((!o.a((Object) oVar3.q(), (Object) "2.5.29.35") || cVar == null) ? dVar.a(oVar3) : cVar);
        }
        return arrayList3;
    }

    private final l.k.a.f a(com.pp.certificatetransparency.internal.logclient.model.b bVar, byte[] bArr) {
        String str;
        l.k.a.f kVar;
        if (o.a((Object) this.a.b().getAlgorithm(), (Object) "EC")) {
            str = "SHA256withECDSA";
        } else {
            if (!o.a((Object) this.a.b().getAlgorithm(), (Object) "RSA")) {
                String algorithm = this.a.b().getAlgorithm();
                o.a((Object) algorithm, "logServer.key.algorithm");
                return new l(algorithm, null, 2, null);
            }
            str = "SHA256withRSA";
        }
        try {
            Signature signature = Signature.getInstance(str);
            signature.initVerify(this.a.b());
            signature.update(bArr);
            return signature.verify(bVar.d().a()) ? f.b.a : f.a.b.a;
        } catch (InvalidKeyException e) {
            kVar = new g(e);
            return kVar;
        } catch (NoSuchAlgorithmException e2) {
            kVar = new l(str, e2);
            return kVar;
        } catch (SignatureException e3) {
            kVar = new k(e3);
            return kVar;
        }
    }

    private final org.bouncycastle.asn1.x509.f a(X509Certificate x509Certificate, com.pp.certificatetransparency.internal.verifier.m.b bVar) {
        boolean z = true;
        if (!(x509Certificate.getVersion() >= 3)) {
            throw new IllegalArgumentException("Failed requirement.".toString());
        }
        org.bouncycastle.asn1.k kVar = new org.bouncycastle.asn1.k(x509Certificate.getEncoded());
        try {
            org.bouncycastle.asn1.x509.b a2 = org.bouncycastle.asn1.x509.b.a(kVar.readObject());
            o.a((Object) a2, "parsedPreCertificate");
            if (a(a2) && bVar.a()) {
                if (bVar.d() == null) {
                    z = false;
                }
                if (!z) {
                    throw new IllegalArgumentException("Failed requirement.".toString());
                }
            }
            org.bouncycastle.asn1.x509.f i = a2.i();
            o.a((Object) i, "parsedPreCertificate.tbsCertificate");
            org.bouncycastle.asn1.x509.d i2 = i.i();
            o.a((Object) i2, "parsedPreCertificate.tbsCertificate.extensions");
            List<org.bouncycastle.asn1.x509.c> a3 = a(i2, bVar.d());
            org.bouncycastle.asn1.x509.h hVar = new org.bouncycastle.asn1.x509.h();
            org.bouncycastle.asn1.x509.f i3 = a2.i();
            o.a((Object) i3, "tbsPart");
            hVar.a(i3.q());
            hVar.a(i3.r());
            org.bouncycastle.asn1.t2.c c = bVar.c();
            if (c == null) {
                c = i3.k();
            }
            hVar.a(c);
            hVar.b(i3.s());
            hVar.a(i3.h());
            hVar.b(i3.t());
            hVar.a(i3.u());
            hVar.a(i3.o());
            hVar.b(i3.v());
            Object[] array = a3.toArray(new org.bouncycastle.asn1.x509.c[0]);
            if (array == null) {
                throw new TypeCastException("null cannot be cast to non-null type kotlin.Array<T>");
            }
            hVar.a(new org.bouncycastle.asn1.x509.d((org.bouncycastle.asn1.x509.c[]) array));
            org.bouncycastle.asn1.x509.f a4 = hVar.a();
            o.a((Object) a4, "V3TBSCertificateGenerato….generateTBSCertificate()");
            kotlin.io.b.a(kVar, null);
            o.a((Object) a4, "ASN1InputStream(preCerti…BSCertificate()\n        }");
            return a4;
        } finally {
        }
    }

    private final void a(OutputStream outputStream, com.pp.certificatetransparency.internal.logclient.model.b bVar) {
        if (!(bVar.c() == Version.V1)) {
            throw new IllegalArgumentException("Can only serialize SCT v1 for now.".toString());
        }
        l.k.a.h.a.c.a(outputStream, bVar.c().getNumber(), 1);
        l.k.a.h.a.c.a(outputStream, 0L, 1);
        l.k.a.h.a.c.a(outputStream, bVar.e(), 8);
    }

    private final boolean a(org.bouncycastle.asn1.x509.b bVar) {
        org.bouncycastle.asn1.x509.f i = bVar.i();
        o.a((Object) i, "tbsCertificate");
        return i.i().a(new org.bouncycastle.asn1.o("2.5.29.35")) != null;
    }

    private final byte[] a(Certificate certificate, com.pp.certificatetransparency.internal.logclient.model.b bVar) {
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        try {
            a(byteArrayOutputStream, bVar);
            l.k.a.h.a.c.a(byteArrayOutputStream, 0L, 2);
            byte[] encoded = certificate.getEncoded();
            o.a((Object) encoded, "certificate.encoded");
            l.k.a.h.a.c.a(byteArrayOutputStream, encoded, 16777215);
            l.k.a.h.a.c.a(byteArrayOutputStream, bVar.a(), 65535);
            byte[] byteArray = byteArrayOutputStream.toByteArray();
            o.a((Object) byteArray, "it.toByteArray()");
            kotlin.io.b.a(byteArrayOutputStream, null);
            o.a((Object) byteArray, "ByteArrayOutputStream().…t.toByteArray()\n        }");
            return byteArray;
        } finally {
        }
    }

    private final byte[] a(byte[] bArr, byte[] bArr2, com.pp.certificatetransparency.internal.logclient.model.b bVar) {
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        try {
            a(byteArrayOutputStream, bVar);
            l.k.a.h.a.c.a(byteArrayOutputStream, 1L, 2);
            byteArrayOutputStream.write(bArr2);
            l.k.a.h.a.c.a(byteArrayOutputStream, bArr, 16777215);
            l.k.a.h.a.c.a(byteArrayOutputStream, bVar.a(), 65535);
            byte[] byteArray = byteArrayOutputStream.toByteArray();
            o.a((Object) byteArray, "it.toByteArray()");
            kotlin.io.b.a(byteArrayOutputStream, null);
            o.a((Object) byteArray, "ByteArrayOutputStream().…t.toByteArray()\n        }");
            return byteArray;
        } finally {
        }
    }

    public final l.k.a.f a(com.pp.certificatetransparency.internal.logclient.model.b bVar, X509Certificate x509Certificate, com.pp.certificatetransparency.internal.verifier.m.b bVar2) {
        b bVar3;
        o.b(bVar, "sct");
        o.b(x509Certificate, "certificate");
        o.b(bVar2, "issuerInfo");
        try {
            byte[] encoded = a(x509Certificate, bVar2).getEncoded();
            o.a((Object) encoded, "preCertificateTBS.encoded");
            return a(bVar, a(encoded, bVar2.b(), bVar));
        } catch (IOException e) {
            bVar3 = new b(e);
            return bVar3;
        } catch (CertificateException e2) {
            bVar3 = new b(e2);
            return bVar3;
        }
    }

    public l.k.a.f a(com.pp.certificatetransparency.internal.logclient.model.b bVar, List<? extends Certificate> list) {
        com.pp.certificatetransparency.internal.verifier.m.b d;
        b bVar2;
        o.b(bVar, "sct");
        o.b(list, "chain");
        long currentTimeMillis = System.currentTimeMillis();
        if (bVar.e() > currentTimeMillis) {
            return new f.a.d(bVar.e(), currentTimeMillis);
        }
        if (this.a.c() != null && bVar.e() > this.a.c().longValue()) {
            return new f.a.e(bVar.e(), this.a.c().longValue());
        }
        if (!Arrays.equals(this.a.a(), bVar.b().a())) {
            String a2 = org.bouncycastle.util.encoders.a.a(bVar.b().a());
            o.a((Object) a2, "Base64.toBase64String(sct.id.keyId)");
            String a3 = org.bouncycastle.util.encoders.a.a(this.a.a());
            o.a((Object) a3, "Base64.toBase64String(logServer.id)");
            return new f(a2, a3);
        }
        Certificate certificate = list.get(0);
        if (!l.k.a.h.b.c.b(certificate) && !l.k.a.h.b.c.a(certificate)) {
            try {
                return a(bVar, a(certificate, bVar));
            } catch (IOException e) {
                bVar2 = new b(e);
                return bVar2;
            } catch (CertificateEncodingException e2) {
                bVar2 = new b(e2);
                return bVar2;
            }
        }
        if (list.size() < 2) {
            return i.a;
        }
        Certificate certificate2 = list.get(1);
        try {
            if (!l.k.a.h.b.c.c(certificate2)) {
                try {
                    d = l.k.a.h.b.c.d(certificate2);
                } catch (NoSuchAlgorithmException e3) {
                    return new l("SHA-256", e3);
                }
            } else {
                if (list.size() < 3) {
                    return j.a;
                }
                try {
                    d = l.k.a.h.b.c.a(certificate2, list.get(2));
                } catch (IOException e4) {
                    return new com.pp.certificatetransparency.internal.verifier.a(e4);
                } catch (NoSuchAlgorithmException e5) {
                    return new l("SHA-256", e5);
                } catch (CertificateEncodingException e6) {
                    return new b(e6);
                }
            }
            return a(bVar, (X509Certificate) certificate, d);
        } catch (CertificateParsingException e7) {
            return new c(e7);
        }
    }
}
