package com;

import java.io.IOException;
import java.security.AlgorithmParameters;
import java.security.GeneralSecurityException;
import java.security.cert.CertPathValidatorException;
import java.security.cert.Certificate;
import java.security.cert.PKIXCertPathChecker;
import java.security.cert.X509Certificate;
import java.util.Arrays;
import java.util.Collections;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Map;
import java.util.Set;

/* loaded from: classes6.dex */
public final class oza extends PKIXCertPathChecker {
    public static final Map e;
    public static final Set f;
    public static final byte[] g;
    public static final String h;
    public static final String i;
    public static final String j;
    public static final String k;
    public static final String l;
    public static final String s;
    public final boolean a;
    public final um6 b;
    public final kq0 c;
    public X509Certificate d;

    static {
        HashMap hashMap = new HashMap(4);
        hashMap.put(jo4.c.J(), "Ed25519");
        hashMap.put(jo4.d.J(), "Ed448");
        u0 u0Var = s69.a;
        hashMap.put(u0Var.J(), "SHA1withDSA");
        u0 u0Var2 = d6f.D;
        hashMap.put(u0Var2.J(), "SHA1withDSA");
        e = Collections.unmodifiableMap(hashMap);
        HashSet hashSet = new HashSet();
        hashSet.add(u0Var.J());
        hashSet.add(u0Var2.J());
        hashSet.add(tw9.d.J());
        f = Collections.unmodifiableSet(hashSet);
        g = new byte[]{5, 0};
        h = ys6.m("SHA256withRSAandMGF1", "RSASSA-PSS");
        i = ys6.m("SHA384withRSAandMGF1", "RSASSA-PSS");
        j = ys6.m("SHA512withRSAandMGF1", "RSASSA-PSS");
        k = ys6.m("SHA256withRSAandMGF1", "RSA");
        l = ys6.m("SHA384withRSAandMGF1", "RSA");
        s = ys6.m("SHA512withRSAandMGF1", "RSA");
    }

    public oza(boolean z, um6 um6Var, pza pzaVar) {
        if (um6Var == null) {
            throw new NullPointerException("'helper' cannot be null");
        }
        if (pzaVar == null) {
            throw new NullPointerException("'algorithmConstraints' cannot be null");
        }
        this.a = z;
        this.b = um6Var;
        this.c = pzaVar;
        this.d = null;
    }

    public static void a(um6 um6Var, pza pzaVar, X509Certificate[] x509CertificateArr, p07 p07Var, int i2) {
        X509Certificate x509Certificate = x509CertificateArr[x509CertificateArr.length - 1];
        if (x509CertificateArr.length > 1) {
            d(um6Var, pzaVar, x509CertificateArr[x509CertificateArr.length - 2], x509Certificate);
        }
        c(pzaVar, x509CertificateArr[0], p07Var, i2);
    }

    public static void b(boolean z, um6 um6Var, pza pzaVar, Set set, X509Certificate[] x509CertificateArr, p07 p07Var, int i2) {
        int length = x509CertificateArr.length;
        while (length > 0 && set.contains(x509CertificateArr[length - 1])) {
            length--;
        }
        if (length < x509CertificateArr.length) {
            X509Certificate x509Certificate = x509CertificateArr[length];
            if (length > 0) {
                d(um6Var, pzaVar, x509CertificateArr[length - 1], x509Certificate);
            }
        } else {
            X509Certificate x509Certificate2 = x509CertificateArr[length - 1];
            String g2 = g(x509Certificate2, null);
            if (!ys6.x(g2)) {
                throw new CertPathValidatorException("Signature algorithm could not be determined");
            }
            if (!pzaVar.permits(ys6.j, g2, h(um6Var, x509Certificate2))) {
                throw new CertPathValidatorException(vg8.r("Signature algorithm '", g2, "' not permitted with given parameters"));
            }
        }
        oza ozaVar = new oza(z, um6Var, pzaVar);
        ozaVar.d = null;
        for (int i3 = length - 1; i3 >= 0; i3--) {
            ozaVar.check(x509CertificateArr[i3], Collections.emptySet());
        }
        c(pzaVar, x509CertificateArr[0], p07Var, i2);
    }

    /* JADX WARN: Code restructure failed: missing block: B:28:0x0022, code lost:
    
        if (r1.contains(com.p07.b.a.J()) != false) goto L20;
     */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public static void c(com.pza r3, java.security.cert.X509Certificate r4, com.p07 r5, int r6) {
        /*
            java.lang.String r0 = "Certificate doesn't support '"
            if (r5 == 0) goto L5f
            java.util.List r1 = r4.getExtendedKeyUsage()     // Catch: java.security.cert.CertificateParsingException -> L25
            if (r1 == 0) goto L5f
            com.u0 r2 = r5.a     // Catch: java.security.cert.CertificateParsingException -> L25
            java.lang.String r2 = r2.J()     // Catch: java.security.cert.CertificateParsingException -> L25
            boolean r2 = r1.contains(r2)     // Catch: java.security.cert.CertificateParsingException -> L25
            if (r2 != 0) goto L5f
            com.p07 r2 = com.p07.b     // Catch: java.security.cert.CertificateParsingException -> L25
            com.u0 r2 = r2.a     // Catch: java.security.cert.CertificateParsingException -> L25
            java.lang.String r2 = r2.J()     // Catch: java.security.cert.CertificateParsingException -> L25
            boolean r1 = r1.contains(r2)     // Catch: java.security.cert.CertificateParsingException -> L25
            if (r1 == 0) goto L25
            goto L5f
        L25:
            java.security.cert.CertPathValidatorException r3 = new java.security.cert.CertPathValidatorException
            java.lang.StringBuilder r4 = new java.lang.StringBuilder
            r4.<init>(r0)
            com.p07 r6 = com.p07.d
            boolean r6 = r6.equals(r5)
            if (r6 != 0) goto L53
            com.p07 r6 = com.p07.c
            boolean r6 = r6.equals(r5)
            if (r6 == 0) goto L3f
            java.lang.String r5 = "serverAuth"
            goto L55
        L3f:
            java.lang.StringBuilder r6 = new java.lang.StringBuilder
            java.lang.String r0 = "("
            r6.<init>(r0)
            r6.append(r5)
            java.lang.String r5 = ")"
            r6.append(r5)
            java.lang.String r5 = r6.toString()
            goto L55
        L53:
            java.lang.String r5 = "clientAuth"
        L55:
            java.lang.String r6 = "' ExtendedKeyUsage"
            java.lang.String r4 = com.eod.t(r4, r5, r6)
            r3.<init>(r4)
            throw r3
        L5f:
            if (r6 < 0) goto Lba
            boolean[] r5 = r4.getKeyUsage()
            boolean r5 = i(r5, r6)
            java.lang.String r1 = "' KeyUsage"
            if (r5 == 0) goto La1
            r5 = 2
            if (r6 == r5) goto L79
            r5 = 4
            if (r6 == r5) goto L76
            java.util.Set r5 = com.ys6.j
            goto L7b
        L76:
            java.util.Set r5 = com.ys6.h
            goto L7b
        L79:
            java.util.Set r5 = com.ys6.i
        L7b:
            java.security.PublicKey r4 = r4.getPublicKey()
            boolean r3 = r3.permits(r5, r4)
            if (r3 == 0) goto L86
            goto Lba
        L86:
            java.security.cert.CertPathValidatorException r3 = new java.security.cert.CertPathValidatorException
            java.lang.StringBuilder r4 = new java.lang.StringBuilder
            java.lang.String r5 = "Public key not permitted for '"
            r4.<init>(r5)
            java.lang.String r5 = f(r6)
            r4.append(r5)
            r4.append(r1)
            java.lang.String r4 = r4.toString()
            r3.<init>(r4)
            throw r3
        La1:
            java.security.cert.CertPathValidatorException r3 = new java.security.cert.CertPathValidatorException
            java.lang.StringBuilder r4 = new java.lang.StringBuilder
            r4.<init>(r0)
            java.lang.String r5 = f(r6)
            r4.append(r5)
            r4.append(r1)
            java.lang.String r4 = r4.toString()
            r3.<init>(r4)
            throw r3
        Lba:
            return
        */
        throw new UnsupportedOperationException("Method not decompiled: com.oza.c(com.pza, java.security.cert.X509Certificate, com.p07, int):void");
    }

    public static void d(um6 um6Var, pza pzaVar, X509Certificate x509Certificate, X509Certificate x509Certificate2) {
        String g2 = g(x509Certificate, x509Certificate2);
        if (!ys6.x(g2)) {
            throw new CertPathValidatorException("Signature algorithm could not be determined");
        }
        if (!pzaVar.permits(ys6.j, g2, x509Certificate2.getPublicKey(), h(um6Var, x509Certificate))) {
            throw new CertPathValidatorException(vg8.r("Signature algorithm '", g2, "' not permitted with given parameters and issuer public key"));
        }
    }

    public static String f(int i2) {
        return i2 != 0 ? i2 != 2 ? i2 != 4 ? c31.i(i2, "(", ")") : "keyAgreement" : "keyEncipherment" : "digitalSignature";
    }

    public static String g(X509Certificate x509Certificate, X509Certificate x509Certificate2) {
        u0 u0Var;
        String sigAlgOID = x509Certificate.getSigAlgOID();
        String str = (String) e.get(sigAlgOID);
        if (str != null) {
            return str;
        }
        if (!tw9.d.J().equals(sigAlgOID)) {
            return x509Certificate.getSigAlgName();
        }
        k3b s2 = k3b.s(x509Certificate.getSigAlgParams());
        if (s2 != null && (u0Var = s2.a.a) != null) {
            if (x509Certificate2 != null) {
                x509Certificate = x509Certificate2;
            }
            try {
                xm6 xm6Var = new xm6((td0) null, x509Certificate);
                if (iw8.a.z(u0Var)) {
                    if (xm6Var.j((short) 9)) {
                        return h;
                    }
                    if (xm6Var.j((short) 4)) {
                        return k;
                    }
                } else if (iw8.b.z(u0Var)) {
                    if (xm6Var.j((short) 10)) {
                        return i;
                    }
                    if (xm6Var.j((short) 5)) {
                        return l;
                    }
                } else if (iw8.c.z(u0Var)) {
                    if (xm6Var.j((short) 11)) {
                        return j;
                    }
                    if (xm6Var.j((short) 6)) {
                        return s;
                    }
                }
            } catch (IOException unused) {
            }
        }
        return null;
    }

    public static AlgorithmParameters h(um6 um6Var, X509Certificate x509Certificate) {
        byte[] sigAlgParams = x509Certificate.getSigAlgParams();
        if (sigAlgParams == null) {
            return null;
        }
        String sigAlgOID = x509Certificate.getSigAlgOID();
        if (f.contains(sigAlgOID) && Arrays.equals(g, sigAlgParams)) {
            return null;
        }
        try {
            AlgorithmParameters m = um6Var.m(sigAlgOID);
            try {
                m.init(sigAlgParams);
                return m;
            } catch (Exception e2) {
                throw new CertPathValidatorException(e2);
            }
        } catch (GeneralSecurityException unused) {
            return null;
        }
    }

    public static boolean i(boolean[] zArr, int i2) {
        return zArr == null || (zArr.length > i2 && zArr[i2]);
    }

    @Override // java.security.cert.PKIXCertPathChecker, java.security.cert.CertPathChecker
    public final void check(Certificate certificate) {
        check(certificate, Collections.emptySet());
    }

    /* JADX WARN: Code restructure failed: missing block: B:13:0x002d, code lost:
    
        if ((r4.d() instanceof com.u0) != false) goto L17;
     */
    @Override // java.security.cert.PKIXCertPathChecker
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public final void check(java.security.cert.Certificate r3, java.util.Collection r4) {
        /*
            r2 = this;
            boolean r4 = r3 instanceof java.security.cert.X509Certificate
            if (r4 == 0) goto L49
            java.security.cert.X509Certificate r3 = (java.security.cert.X509Certificate) r3
            boolean r4 = r2.a
            if (r4 == 0) goto L38
            java.security.PublicKey r4 = r3.getPublicKey()
            byte[] r4 = r4.getEncoded()     // Catch: java.lang.Exception -> L30
            com.omd r4 = com.omd.s(r4)     // Catch: java.lang.Exception -> L30
            com.ky r4 = r4.a     // Catch: java.lang.Exception -> L30
            com.u0 r0 = com.d6f.b     // Catch: java.lang.Exception -> L30
            com.u0 r1 = r4.a     // Catch: java.lang.Exception -> L30
            boolean r0 = r0.z(r1)     // Catch: java.lang.Exception -> L30
            if (r0 != 0) goto L23
            goto L38
        L23:
            com.d0 r4 = r4.b     // Catch: java.lang.Exception -> L30
            if (r4 == 0) goto L30
            com.z0 r4 = r4.d()     // Catch: java.lang.Exception -> L30
            boolean r4 = r4 instanceof com.u0     // Catch: java.lang.Exception -> L30
            if (r4 == 0) goto L30
            goto L38
        L30:
            java.security.cert.CertPathValidatorException r2 = new java.security.cert.CertPathValidatorException
            java.lang.String r3 = "non-FIPS public key found"
            r2.<init>(r3)
            throw r2
        L38:
            java.security.cert.X509Certificate r4 = r2.d
            if (r4 != 0) goto L3d
            goto L46
        L3d:
            com.kq0 r0 = r2.c
            com.pza r0 = (com.pza) r0
            com.um6 r1 = r2.b
            d(r1, r0, r3, r4)
        L46:
            r2.d = r3
            return
        L49:
            java.security.cert.CertPathValidatorException r2 = new java.security.cert.CertPathValidatorException
            java.lang.String r3 = "checker can only be used for X.509 certificates"
            r2.<init>(r3)
            throw r2
        */
        throw new UnsupportedOperationException("Method not decompiled: com.oza.check(java.security.cert.Certificate, java.util.Collection):void");
    }

    @Override // java.security.cert.PKIXCertPathChecker
    public final Set getSupportedExtensions() {
        return null;
    }

    @Override // java.security.cert.PKIXCertPathChecker, java.security.cert.CertPathChecker
    public final void init(boolean z) {
        if (z) {
            throw new CertPathValidatorException("forward checking not supported");
        }
        this.d = null;
    }

    @Override // java.security.cert.PKIXCertPathChecker, java.security.cert.CertPathChecker
    public final boolean isForwardCheckingSupported() {
        return false;
    }
}
