package org.bouncycastle.tls.crypto.impl.jcajce;

import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.security.GeneralSecurityException;
import java.security.PublicKey;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.security.interfaces.DSAPublicKey;
import java.security.interfaces.ECPublicKey;
import java.security.interfaces.RSAPublicKey;
import java.util.Arrays;
import java.util.Objects;
import org.bouncycastle.tls.TlsFatalAlert;
import org.bouncycastle.tls.crypto.TlsCryptoException;

/* loaded from: classes2.dex */
public class d {
    public final g a;
    public final X509Certificate b;
    public PublicKey c;

    public d(g gVar, X509Certificate x509Certificate) {
        this.a = gVar;
        this.b = x509Certificate;
    }

    public d(g gVar, byte[] bArr) throws IOException {
        org.bouncycastle.jcajce.util.a aVar = gVar.a;
        try {
            ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(org.bouncycastle.asn1.x509.b.n(bArr).m("DER"));
            Objects.requireNonNull(aVar);
            X509Certificate x509Certificate = (X509Certificate) CertificateFactory.getInstance("X.509").generateCertificate(byteArrayInputStream);
            if (byteArrayInputStream.available() != 0) {
                throw new IOException("Extra data detected in stream");
            }
            if (3 != x509Certificate.getVersion()) {
                throw new TlsFatalAlert((short) 42, null);
            }
            this.a = gVar;
            this.b = x509Certificate;
        } catch (GeneralSecurityException e) {
            throw new TlsCryptoException("unable to decode certificate", e);
        }
    }

    public static d a(g gVar, d dVar) throws IOException {
        return dVar instanceof d ? dVar : new d(gVar, dVar.c());
    }

    public org.bouncycastle.tls.crypto.v b(short s) throws IOException {
        l(0);
        switch (s) {
            case 1:
                if (i()) {
                    return new x(this.a, e());
                }
                throw new TlsFatalAlert((short) 46, null);
            case 2:
                try {
                    return new i(this.a, (DSAPublicKey) e());
                } catch (ClassCastException e) {
                    throw new TlsFatalAlert((short) 46, e);
                }
            case 3:
                try {
                    return new m(this.a, (ECPublicKey) e());
                } catch (ClassCastException e2) {
                    throw new TlsFatalAlert((short) 46, e2);
                }
            case 4:
            case 5:
            case 6:
                org.bouncycastle.asn1.x509.a aVar = f().a;
                byte[] bArr = org.bouncycastle.tls.crypto.impl.c.a;
                if (org.bouncycastle.asn1.pkcs.a.b.t(aVar.a)) {
                    return new v(this.a, e(), s);
                }
                throw new TlsFatalAlert((short) 46, null);
            case 7:
                g gVar = this.a;
                PublicKey e3 = e();
                if ("Ed25519".equals(e3.getAlgorithm())) {
                    return new o(gVar, e3);
                }
                throw new TlsFatalAlert((short) 46, null);
            case 8:
                g gVar2 = this.a;
                PublicKey e4 = e();
                if ("Ed448".equals(e4.getAlgorithm())) {
                    return new q(gVar2, e4);
                }
                throw new TlsFatalAlert((short) 46, null);
            case 9:
            case 10:
            case 11:
                if (j(s)) {
                    return new v(this.a, e(), s);
                }
                throw new TlsFatalAlert((short) 46, null);
            default:
                throw new TlsFatalAlert((short) 46, null);
        }
    }

    public byte[] c() throws IOException {
        try {
            return this.b.getEncoded();
        } catch (CertificateEncodingException e) {
            StringBuilder b0 = com.android.tools.r8.a.b0("unable to encode certificate: ");
            b0.append(e.getMessage());
            throw new TlsCryptoException(b0.toString(), e);
        }
    }

    public short d() throws IOException {
        PublicKey e = e();
        if (!h(0)) {
            return (short) -1;
        }
        if (e instanceof RSAPublicKey) {
            return (short) 1;
        }
        if (e instanceof DSAPublicKey) {
            return (short) 2;
        }
        return e instanceof ECPublicKey ? (short) 3 : (short) -1;
    }

    public PublicKey e() throws IOException {
        try {
            return this.b.getPublicKey();
        } catch (RuntimeException e) {
            throw new TlsFatalAlert((short) 42, e);
        }
    }

    public org.bouncycastle.asn1.x509.g f() throws IOException {
        return org.bouncycastle.asn1.x509.g.n(e().getEncoded());
    }

    public boolean g(short s) throws IOException {
        String algorithm;
        String str;
        PublicKey e = e();
        switch (s) {
            case 1:
                return i() && (e instanceof RSAPublicKey);
            case 2:
                return e instanceof DSAPublicKey;
            case 3:
                return e instanceof ECPublicKey;
            case 4:
            case 5:
            case 6:
                org.bouncycastle.asn1.x509.a aVar = f().a;
                byte[] bArr = org.bouncycastle.tls.crypto.impl.c.a;
                return org.bouncycastle.asn1.pkcs.a.b.t(aVar.a) && (e instanceof RSAPublicKey);
            case 7:
                algorithm = e.getAlgorithm();
                str = "Ed25519";
                break;
            case 8:
                algorithm = e.getAlgorithm();
                str = "Ed448";
                break;
            case 9:
            case 10:
            case 11:
                return j(s) && (e instanceof RSAPublicKey);
            default:
                return false;
        }
        return str.equals(algorithm);
    }

    public boolean h(int i) {
        boolean[] keyUsage = this.b.getKeyUsage();
        return keyUsage == null || (keyUsage.length > i && keyUsage[i]);
    }

    public boolean i() throws IOException {
        org.bouncycastle.asn1.x509.a aVar = f().a;
        byte[] bArr = org.bouncycastle.tls.crypto.impl.c.a;
        org.bouncycastle.asn1.n nVar = aVar.a;
        return org.bouncycastle.asn1.pkcs.a.b.t(nVar) || org.bouncycastle.asn1.x509.k.e.t(nVar);
    }

    public boolean j(short s) throws IOException {
        byte[] bArr;
        byte[] bArr2;
        org.bouncycastle.asn1.x509.a aVar = f().a;
        byte[] bArr3 = org.bouncycastle.tls.crypto.impl.c.a;
        if (!org.bouncycastle.asn1.pkcs.a.e.t(aVar.a)) {
            return false;
        }
        org.bouncycastle.asn1.e eVar = aVar.b;
        if (eVar == null || (eVar instanceof org.bouncycastle.asn1.l)) {
            switch (s) {
                case 9:
                case 10:
                case 11:
                    break;
                default:
                    return false;
            }
        } else {
            try {
                byte[] m = eVar.e().m("DER");
                switch (s) {
                    case 9:
                        bArr = org.bouncycastle.tls.crypto.impl.c.a;
                        bArr2 = org.bouncycastle.tls.crypto.impl.c.d;
                        break;
                    case 10:
                        bArr = org.bouncycastle.tls.crypto.impl.c.b;
                        bArr2 = org.bouncycastle.tls.crypto.impl.c.e;
                        break;
                    case 11:
                        bArr = org.bouncycastle.tls.crypto.impl.c.c;
                        bArr2 = org.bouncycastle.tls.crypto.impl.c.f;
                        break;
                    default:
                        return false;
                }
                if (!Arrays.equals(bArr, m) && !Arrays.equals(bArr2, m)) {
                    return false;
                }
            } catch (Exception unused) {
                return false;
            }
        }
        return true;
    }

    public d k(int i, int i2) throws IOException {
        if (i2 == 7 || i2 == 9) {
            l(4);
            try {
                return this;
            } catch (ClassCastException e) {
                throw new TlsFatalAlert((short) 46, e);
            }
        }
        if (i2 == 16 || i2 == 18) {
            l(4);
            try {
                return this;
            } catch (ClassCastException e2) {
                throw new TlsFatalAlert((short) 46, e2);
            }
        }
        if (i != 0 || (i2 != 1 && i2 != 15)) {
            throw new TlsFatalAlert((short) 46, null);
        }
        l(2);
        this.c = e();
        return this;
    }

    public void l(int i) throws IOException {
        if (!h(i)) {
            throw new TlsFatalAlert((short) 46, null);
        }
    }
}
