package sdk.pendo.io.p3;

import java.io.IOException;
import java.security.AlgorithmParameters;
import java.security.GeneralSecurityException;
import java.security.PublicKey;
import java.security.cert.CertPathValidatorException;
import java.security.cert.Certificate;
import java.security.cert.CertificateParsingException;
import java.security.cert.PKIXCertPathChecker;
import java.security.cert.X509Certificate;
import java.util.Collection;
import java.util.Collections;
import java.util.HashMap;
import java.util.HashSet;
import java.util.List;
import java.util.Map;
import java.util.Objects;
import java.util.Set;
import org.bouncycastle.jcajce.spec.EdDSAParameterSpec;

/* loaded from: classes4.dex */
class i0 extends PKIXCertPathChecker {
    private final sdk.pendo.io.o3.a A0;
    private X509Certificate B0;
    private final boolean y0;
    private final sdk.pendo.io.l3.b z0;

    /* renamed from: f, reason: collision with root package name */
    private static final Map<String, String> f41046f = b();
    private static final Set<String> s = d();
    private static final byte[] r0 = {5, 0};
    private static final String s0 = a0.a("SHA256withRSAandMGF1", "RSASSA-PSS");
    private static final String t0 = a0.a("SHA384withRSAandMGF1", "RSASSA-PSS");
    private static final String u0 = a0.a("SHA512withRSAandMGF1", "RSASSA-PSS");
    private static final String v0 = a0.a("SHA256withRSAandMGF1", "RSA");
    private static final String w0 = a0.a("SHA384withRSAandMGF1", "RSA");
    private static final String x0 = a0.a("SHA512withRSAandMGF1", "RSA");

    /* JADX INFO: Access modifiers changed from: package-private */
    public i0(boolean z, sdk.pendo.io.l3.b bVar, sdk.pendo.io.o3.a aVar) {
        Objects.requireNonNull(bVar, "'helper' cannot be null");
        Objects.requireNonNull(aVar, "'algorithmConstraints' cannot be null");
        this.y0 = z;
        this.z0 = bVar;
        this.A0 = aVar;
        this.B0 = null;
    }

    static String a(int i2) {
        if (i2 == 0) {
            return "digitalSignature";
        }
        if (i2 == 2) {
            return "keyEncipherment";
        }
        if (i2 == 4) {
            return "keyAgreement";
        }
        return "(" + i2 + ")";
    }

    static String a(X509Certificate x509Certificate, X509Certificate x509Certificate2) {
        sdk.pendo.io.j2.o f2;
        String sigAlgOID = x509Certificate.getSigAlgOID();
        String str = f41046f.get(sigAlgOID);
        if (str != null) {
            return str;
        }
        if (!sdk.pendo.io.v2.a.f42455k.k().equals(sigAlgOID)) {
            return x509Certificate.getSigAlgName();
        }
        sdk.pendo.io.v2.c a2 = sdk.pendo.io.v2.c.a(x509Certificate.getSigAlgParams());
        if (a2 != null && (f2 = a2.f().f()) != null) {
            if (x509Certificate2 != null) {
                x509Certificate = x509Certificate2;
            }
            try {
                sdk.pendo.io.x3.g gVar = new sdk.pendo.io.x3.g((sdk.pendo.io.x3.h) null, x509Certificate);
                if (sdk.pendo.io.s2.b.f41531c.b(f2)) {
                    if (gVar.e((short) 9)) {
                        return s0;
                    }
                    if (gVar.e((short) 4)) {
                        return v0;
                    }
                } else if (sdk.pendo.io.s2.b.f41532d.b(f2)) {
                    if (gVar.e((short) 10)) {
                        return t0;
                    }
                    if (gVar.e((short) 5)) {
                        return w0;
                    }
                } else if (sdk.pendo.io.s2.b.f41533e.b(f2)) {
                    if (gVar.e((short) 11)) {
                        return u0;
                    }
                    if (gVar.e((short) 6)) {
                        return x0;
                    }
                }
            } catch (IOException unused) {
            }
        }
        return null;
    }

    static String a(sdk.pendo.io.b3.f fVar) {
        if (sdk.pendo.io.b3.f.s0.equals(fVar)) {
            return "clientAuth";
        }
        if (sdk.pendo.io.b3.f.r0.equals(fVar)) {
            return "serverAuth";
        }
        return "(" + fVar + ")";
    }

    static AlgorithmParameters a(sdk.pendo.io.l3.b bVar, X509Certificate x509Certificate) {
        byte[] sigAlgParams = x509Certificate.getSigAlgParams();
        if (sigAlgParams == null) {
            return null;
        }
        String sigAlgOID = x509Certificate.getSigAlgOID();
        if (s.contains(sigAlgOID) && sdk.pendo.io.z3.a.a(r0, sigAlgParams)) {
            return null;
        }
        try {
            AlgorithmParameters e2 = bVar.e(sigAlgOID);
            try {
                e2.init(sigAlgParams);
                return e2;
            } catch (Exception e3) {
                throw new CertPathValidatorException(e3);
            }
        } catch (GeneralSecurityException unused) {
            return null;
        }
    }

    private static void a(sdk.pendo.io.l3.b bVar, sdk.pendo.io.o3.a aVar, X509Certificate x509Certificate) {
        String a2 = a(x509Certificate, (X509Certificate) null);
        if (!a0.a(a2)) {
            throw new CertPathValidatorException();
        }
        if (!aVar.permits(a0.f40955i, a2, a(bVar, x509Certificate))) {
            throw new CertPathValidatorException();
        }
    }

    private static void a(sdk.pendo.io.l3.b bVar, sdk.pendo.io.o3.a aVar, X509Certificate x509Certificate, X509Certificate x509Certificate2) {
        String a2 = a(x509Certificate, x509Certificate2);
        if (!a0.a(a2)) {
            throw new CertPathValidatorException();
        }
        if (!aVar.permits(a0.f40955i, a2, x509Certificate2.getPublicKey(), a(bVar, x509Certificate))) {
            throw new CertPathValidatorException();
        }
    }

    private static void a(sdk.pendo.io.l3.b bVar, sdk.pendo.io.o3.a aVar, X509Certificate x509Certificate, sdk.pendo.io.b3.f fVar, int i2) {
        if (fVar != null && !a(x509Certificate, fVar)) {
            throw new CertPathValidatorException("Certificate doesn't support '" + a(fVar) + "' ExtendedKeyUsage");
        }
        if (i2 >= 0) {
            if (!a(x509Certificate, i2)) {
                throw new CertPathValidatorException("Certificate doesn't support '" + a(i2) + "' KeyUsage");
            }
            if (aVar.permits(b(i2), x509Certificate.getPublicKey())) {
                return;
            }
            throw new CertPathValidatorException("Public key not permitted for '" + a(i2) + "' KeyUsage");
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static void a(sdk.pendo.io.l3.b bVar, sdk.pendo.io.o3.a aVar, X509Certificate[] x509CertificateArr, sdk.pendo.io.b3.f fVar, int i2) {
        X509Certificate x509Certificate = x509CertificateArr[x509CertificateArr.length - 1];
        if (x509CertificateArr.length > 1) {
            a(bVar, aVar, x509CertificateArr[x509CertificateArr.length - 2], x509Certificate);
        }
        a(bVar, aVar, x509CertificateArr[0], fVar, i2);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static void a(boolean z, sdk.pendo.io.l3.b bVar, sdk.pendo.io.o3.a aVar, Set<X509Certificate> set, X509Certificate[] x509CertificateArr, sdk.pendo.io.b3.f fVar, int i2) {
        int length = x509CertificateArr.length;
        while (length > 0 && set.contains(x509CertificateArr[length - 1])) {
            length--;
        }
        if (length < x509CertificateArr.length) {
            X509Certificate x509Certificate = x509CertificateArr[length];
            if (length > 0) {
                a(bVar, aVar, x509CertificateArr[length - 1], x509Certificate);
            }
        } else {
            a(bVar, aVar, x509CertificateArr[length - 1]);
        }
        i0 i0Var = new i0(z, bVar, aVar);
        i0Var.init(false);
        for (int i3 = length - 1; i3 >= 0; i3--) {
            i0Var.check(x509CertificateArr[i3], Collections.emptySet());
        }
        a(bVar, aVar, x509CertificateArr[0], fVar, i2);
    }

    static boolean a(PublicKey publicKey) {
        try {
            sdk.pendo.io.b3.a f2 = sdk.pendo.io.b3.g.a(publicKey.getEncoded()).f();
            if (!sdk.pendo.io.c3.j.f39453l.b(f2.f())) {
                return true;
            }
            sdk.pendo.io.j2.e g2 = f2.g();
            if (g2 != null) {
                return g2.c() instanceof sdk.pendo.io.j2.o;
            }
            return false;
        } catch (Exception unused) {
            return false;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static boolean a(PublicKey publicKey, boolean[] zArr, int i2, sdk.pendo.io.o3.a aVar) {
        return a(zArr, i2) && aVar.permits(b(i2), publicKey);
    }

    static boolean a(X509Certificate x509Certificate, int i2) {
        return a(x509Certificate.getKeyUsage(), i2);
    }

    static boolean a(X509Certificate x509Certificate, sdk.pendo.io.b3.f fVar) {
        try {
            return a(x509Certificate.getExtendedKeyUsage(), fVar);
        } catch (CertificateParsingException unused) {
            return false;
        }
    }

    static boolean a(List<String> list, sdk.pendo.io.b3.f fVar) {
        return list == null || list.contains(fVar.f()) || list.contains(sdk.pendo.io.b3.f.s.f());
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static boolean a(boolean[] zArr, int i2) {
        return zArr == null || (zArr.length > i2 && zArr[i2]);
    }

    private static Map<String, String> b() {
        HashMap hashMap = new HashMap(4);
        hashMap.put(sdk.pendo.io.q2.a.f41323d.k(), EdDSAParameterSpec.Ed25519);
        hashMap.put(sdk.pendo.io.q2.a.f41324e.k(), EdDSAParameterSpec.Ed448);
        hashMap.put(sdk.pendo.io.u2.a.f41980j.k(), "SHA1withDSA");
        hashMap.put(sdk.pendo.io.c3.j.X.k(), "SHA1withDSA");
        return Collections.unmodifiableMap(hashMap);
    }

    static Set<sdk.pendo.io.o3.b> b(int i2) {
        return i2 != 2 ? i2 != 4 ? a0.f40955i : a0.f40953g : a0.f40954h;
    }

    private static Set<String> d() {
        HashSet hashSet = new HashSet();
        hashSet.add(sdk.pendo.io.u2.a.f41980j.k());
        hashSet.add(sdk.pendo.io.c3.j.X.k());
        hashSet.add(sdk.pendo.io.v2.a.f42455k.k());
        return Collections.unmodifiableSet(hashSet);
    }

    @Override // java.security.cert.PKIXCertPathChecker
    public void check(Certificate certificate, Collection<String> collection) {
        if (!(certificate instanceof X509Certificate)) {
            throw new CertPathValidatorException("checker can only be used for X.509 certificates");
        }
        X509Certificate x509Certificate = (X509Certificate) certificate;
        if (this.y0 && !a(x509Certificate.getPublicKey())) {
            throw new CertPathValidatorException("non-FIPS public key found");
        }
        X509Certificate x509Certificate2 = this.B0;
        if (x509Certificate2 != null) {
            a(this.z0, this.A0, x509Certificate, x509Certificate2);
        }
        this.B0 = x509Certificate;
    }

    @Override // java.security.cert.PKIXCertPathChecker
    public Set<String> getSupportedExtensions() {
        return null;
    }

    @Override // java.security.cert.PKIXCertPathChecker, java.security.cert.CertPathChecker
    public void init(boolean z) {
        if (z) {
            throw new CertPathValidatorException("forward checking not supported");
        }
        this.B0 = null;
    }

    @Override // java.security.cert.PKIXCertPathChecker, java.security.cert.CertPathChecker
    public boolean isForwardCheckingSupported() {
        return false;
    }
}
