package sdk.pendo.io.o4;

import java.io.IOException;
import java.security.AlgorithmParameters;
import java.security.GeneralSecurityException;
import java.security.PublicKey;
import java.security.cert.CertPathValidatorException;
import java.security.cert.Certificate;
import java.security.cert.CertificateParsingException;
import java.security.cert.PKIXCertPathChecker;
import java.security.cert.X509Certificate;
import java.util.Collection;
import java.util.Collections;
import java.util.HashMap;
import java.util.HashSet;
import java.util.List;
import java.util.Map;
import java.util.Set;

/* loaded from: classes2.dex */
class i0 extends PKIXCertPathChecker {
    private final sdk.pendo.io.n4.a A0;
    private X509Certificate B0;

    /* renamed from: y0, reason: collision with root package name */
    private final boolean f13610y0;

    /* renamed from: z0, reason: collision with root package name */
    private final sdk.pendo.io.k4.b f13611z0;

    /* renamed from: f, reason: collision with root package name */
    private static final Map<String, String> f13602f = c();
    private static final Set<String> s = f();

    /* renamed from: r0, reason: collision with root package name */
    private static final byte[] f13603r0 = {5, 0};

    /* renamed from: s0, reason: collision with root package name */
    private static final String f13604s0 = a0.a("SHA256withRSAandMGF1", "RSASSA-PSS");

    /* renamed from: t0, reason: collision with root package name */
    private static final String f13605t0 = a0.a("SHA384withRSAandMGF1", "RSASSA-PSS");

    /* renamed from: u0, reason: collision with root package name */
    private static final String f13606u0 = a0.a("SHA512withRSAandMGF1", "RSASSA-PSS");

    /* renamed from: v0, reason: collision with root package name */
    private static final String f13607v0 = a0.a("SHA256withRSAandMGF1", "RSA");

    /* renamed from: w0, reason: collision with root package name */
    private static final String f13608w0 = a0.a("SHA384withRSAandMGF1", "RSA");

    /* renamed from: x0, reason: collision with root package name */
    private static final String f13609x0 = a0.a("SHA512withRSAandMGF1", "RSA");

    public i0(boolean z8, sdk.pendo.io.k4.b bVar, sdk.pendo.io.n4.a aVar) {
        if (bVar == null) {
            throw new NullPointerException("'helper' cannot be null");
        }
        if (aVar == null) {
            throw new NullPointerException("'algorithmConstraints' cannot be null");
        }
        this.f13610y0 = z8;
        this.f13611z0 = bVar;
        this.A0 = aVar;
        this.B0 = null;
    }

    public static String a(int i9) {
        return i9 != 0 ? i9 != 2 ? i9 != 4 ? androidx.constraintlayout.motion.widget.e.b("(", i9, ")") : "keyAgreement" : "keyEncipherment" : "digitalSignature";
    }

    public static String a(X509Certificate x509Certificate, X509Certificate x509Certificate2) {
        sdk.pendo.io.i3.o f9;
        String sigAlgOID = x509Certificate.getSigAlgOID();
        String str = f13602f.get(sigAlgOID);
        if (str != null) {
            return str;
        }
        if (!sdk.pendo.io.u3.a.f15953k.k().equals(sigAlgOID)) {
            return x509Certificate.getSigAlgName();
        }
        sdk.pendo.io.u3.c a9 = sdk.pendo.io.u3.c.a(x509Certificate.getSigAlgParams());
        if (a9 != null && (f9 = a9.f().f()) != null) {
            if (x509Certificate2 != null) {
                x509Certificate = x509Certificate2;
            }
            try {
                sdk.pendo.io.w4.g gVar = new sdk.pendo.io.w4.g((sdk.pendo.io.w4.h) null, x509Certificate);
                if (sdk.pendo.io.r3.b.f14364c.b(f9)) {
                    if (gVar.e((short) 9)) {
                        return f13604s0;
                    }
                    if (gVar.e((short) 4)) {
                        return f13607v0;
                    }
                } else if (sdk.pendo.io.r3.b.f14366d.b(f9)) {
                    if (gVar.e((short) 10)) {
                        return f13605t0;
                    }
                    if (gVar.e((short) 5)) {
                        return f13608w0;
                    }
                } else if (sdk.pendo.io.r3.b.f14368e.b(f9)) {
                    if (gVar.e((short) 11)) {
                        return f13606u0;
                    }
                    if (gVar.e((short) 6)) {
                        return f13609x0;
                    }
                }
            } catch (IOException unused) {
            }
        }
        return null;
    }

    public static String a(sdk.pendo.io.a4.f fVar) {
        if (sdk.pendo.io.a4.f.f11021s0.equals(fVar)) {
            return "clientAuth";
        }
        if (sdk.pendo.io.a4.f.f11020r0.equals(fVar)) {
            return "serverAuth";
        }
        return "(" + fVar + ")";
    }

    public static AlgorithmParameters a(sdk.pendo.io.k4.b bVar, X509Certificate x509Certificate) {
        byte[] sigAlgParams = x509Certificate.getSigAlgParams();
        if (sigAlgParams == null) {
            return null;
        }
        String sigAlgOID = x509Certificate.getSigAlgOID();
        if (s.contains(sigAlgOID) && sdk.pendo.io.y4.a.a(f13603r0, sigAlgParams)) {
            return null;
        }
        try {
            AlgorithmParameters e9 = bVar.e(sigAlgOID);
            try {
                e9.init(sigAlgParams);
                return e9;
            } catch (Exception e10) {
                throw new CertPathValidatorException(e10);
            }
        } catch (GeneralSecurityException unused) {
            return null;
        }
    }

    private static void a(sdk.pendo.io.k4.b bVar, sdk.pendo.io.n4.a aVar, X509Certificate x509Certificate) {
        String a9 = a(x509Certificate, (X509Certificate) null);
        if (!a0.a(a9)) {
            throw new CertPathValidatorException();
        }
        if (!aVar.permits(a0.f13482i, a9, a(bVar, x509Certificate))) {
            throw new CertPathValidatorException();
        }
    }

    private static void a(sdk.pendo.io.k4.b bVar, sdk.pendo.io.n4.a aVar, X509Certificate x509Certificate, X509Certificate x509Certificate2) {
        String a9 = a(x509Certificate, x509Certificate2);
        if (!a0.a(a9)) {
            throw new CertPathValidatorException();
        }
        if (!aVar.permits(a0.f13482i, a9, x509Certificate2.getPublicKey(), a(bVar, x509Certificate))) {
            throw new CertPathValidatorException();
        }
    }

    private static void a(sdk.pendo.io.k4.b bVar, sdk.pendo.io.n4.a aVar, X509Certificate x509Certificate, sdk.pendo.io.a4.f fVar, int i9) {
        if (fVar != null && !a(x509Certificate, fVar)) {
            throw new CertPathValidatorException(android.support.v4.media.c.a(new StringBuilder("Certificate doesn't support '"), a(fVar), "' ExtendedKeyUsage"));
        }
        if (i9 >= 0) {
            if (!a(x509Certificate, i9)) {
                throw new CertPathValidatorException(android.support.v4.media.c.a(new StringBuilder("Certificate doesn't support '"), a(i9), "' KeyUsage"));
            }
            if (!aVar.permits(b(i9), x509Certificate.getPublicKey())) {
                throw new CertPathValidatorException(android.support.v4.media.c.a(new StringBuilder("Public key not permitted for '"), a(i9), "' KeyUsage"));
            }
        }
    }

    public static void a(sdk.pendo.io.k4.b bVar, sdk.pendo.io.n4.a aVar, X509Certificate[] x509CertificateArr, sdk.pendo.io.a4.f fVar, int i9) {
        X509Certificate x509Certificate = x509CertificateArr[x509CertificateArr.length - 1];
        if (x509CertificateArr.length > 1) {
            a(bVar, aVar, x509CertificateArr[x509CertificateArr.length - 2], x509Certificate);
        }
        a(bVar, aVar, x509CertificateArr[0], fVar, i9);
    }

    public static void a(boolean z8, sdk.pendo.io.k4.b bVar, sdk.pendo.io.n4.a aVar, Set<X509Certificate> set, X509Certificate[] x509CertificateArr, sdk.pendo.io.a4.f fVar, int i9) {
        int length = x509CertificateArr.length;
        while (length > 0 && set.contains(x509CertificateArr[length - 1])) {
            length--;
        }
        if (length < x509CertificateArr.length) {
            X509Certificate x509Certificate = x509CertificateArr[length];
            if (length > 0) {
                a(bVar, aVar, x509CertificateArr[length - 1], x509Certificate);
            }
        } else {
            a(bVar, aVar, x509CertificateArr[length - 1]);
        }
        i0 i0Var = new i0(z8, bVar, aVar);
        i0Var.init(false);
        for (int i10 = length - 1; i10 >= 0; i10--) {
            i0Var.check(x509CertificateArr[i10], Collections.emptySet());
        }
        a(bVar, aVar, x509CertificateArr[0], fVar, i9);
    }

    public static boolean a(PublicKey publicKey) {
        try {
            sdk.pendo.io.a4.a f9 = sdk.pendo.io.a4.g.a(publicKey.getEncoded()).f();
            if (!sdk.pendo.io.b4.j.f11251l.b(f9.f())) {
                return true;
            }
            sdk.pendo.io.i3.e g9 = f9.g();
            if (g9 != null) {
                return g9.c() instanceof sdk.pendo.io.i3.o;
            }
            return false;
        } catch (Exception unused) {
            return false;
        }
    }

    public static boolean a(PublicKey publicKey, boolean[] zArr, int i9, sdk.pendo.io.n4.a aVar) {
        return a(zArr, i9) && aVar.permits(b(i9), publicKey);
    }

    public static boolean a(X509Certificate x509Certificate, int i9) {
        return a(x509Certificate.getKeyUsage(), i9);
    }

    public static boolean a(X509Certificate x509Certificate, sdk.pendo.io.a4.f fVar) {
        try {
            return a(x509Certificate.getExtendedKeyUsage(), fVar);
        } catch (CertificateParsingException unused) {
            return false;
        }
    }

    public static boolean a(List<String> list, sdk.pendo.io.a4.f fVar) {
        return list == null || list.contains(fVar.f()) || list.contains(sdk.pendo.io.a4.f.s.f());
    }

    public static boolean a(boolean[] zArr, int i9) {
        return zArr == null || (zArr.length > i9 && zArr[i9]);
    }

    public static Set<sdk.pendo.io.n4.b> b(int i9) {
        return i9 != 2 ? i9 != 4 ? a0.f13482i : a0.f13480g : a0.f13481h;
    }

    private static Map<String, String> c() {
        HashMap hashMap = new HashMap(4);
        hashMap.put(sdk.pendo.io.p3.a.f13952d.k(), "Ed25519");
        hashMap.put(sdk.pendo.io.p3.a.f13953e.k(), "Ed448");
        hashMap.put(sdk.pendo.io.t3.a.f15179j.k(), "SHA1withDSA");
        hashMap.put(sdk.pendo.io.b4.j.X.k(), "SHA1withDSA");
        return Collections.unmodifiableMap(hashMap);
    }

    private static Set<String> f() {
        HashSet hashSet = new HashSet();
        hashSet.add(sdk.pendo.io.t3.a.f15179j.k());
        hashSet.add(sdk.pendo.io.b4.j.X.k());
        hashSet.add(sdk.pendo.io.u3.a.f15953k.k());
        return Collections.unmodifiableSet(hashSet);
    }

    @Override // java.security.cert.PKIXCertPathChecker
    public void check(Certificate certificate, Collection<String> collection) {
        if (!(certificate instanceof X509Certificate)) {
            throw new CertPathValidatorException("checker can only be used for X.509 certificates");
        }
        X509Certificate x509Certificate = (X509Certificate) certificate;
        if (this.f13610y0 && !a(x509Certificate.getPublicKey())) {
            throw new CertPathValidatorException("non-FIPS public key found");
        }
        X509Certificate x509Certificate2 = this.B0;
        if (x509Certificate2 != null) {
            a(this.f13611z0, this.A0, x509Certificate, x509Certificate2);
        }
        this.B0 = x509Certificate;
    }

    @Override // java.security.cert.PKIXCertPathChecker
    public Set<String> getSupportedExtensions() {
        return null;
    }

    @Override // java.security.cert.PKIXCertPathChecker, java.security.cert.CertPathChecker
    public void init(boolean z8) {
        if (z8) {
            throw new CertPathValidatorException("forward checking not supported");
        }
        this.B0 = null;
    }

    @Override // java.security.cert.PKIXCertPathChecker, java.security.cert.CertPathChecker
    public boolean isForwardCheckingSupported() {
        return false;
    }
}
