package iaik.x509;

import java.security.Principal;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.Enumeration;
import java.util.Vector;
import on.j0;
import org.bouncycastle.jce.provider.p1;
import qo.c0;
import qo.v;
import qo.w;
import qo.y;
import qo.z;

/* loaded from: classes4.dex */
public abstract class b {
    public static X509Certificate[] orderCertificateChain(X509Certificate x509Certificate, X509Certificate[] x509CertificateArr) throws CertificateException {
        Principal issuerDN;
        int i10;
        X509Certificate[] x509CertificateArr2 = (X509Certificate[]) x509CertificateArr.clone();
        Vector vector = new Vector();
        vector.addElement(x509Certificate);
        Enumeration elements = vector.elements();
        do {
            X509Certificate x509Certificate2 = (X509Certificate) elements.nextElement();
            Principal subjectDN = x509Certificate2.getSubjectDN();
            issuerDN = x509Certificate2.getIssuerDN();
            if (!subjectDN.equals(issuerDN)) {
                i10 = 0;
                while (true) {
                    if (i10 < x509CertificateArr2.length) {
                        X509Certificate x509Certificate3 = x509CertificateArr2[i10];
                        if (x509Certificate3 != null && x509Certificate3.getSubjectDN().equals(issuerDN)) {
                            vector.addElement(x509CertificateArr2[i10]);
                            x509CertificateArr2[i10] = null;
                            break;
                        }
                        i10++;
                    } else {
                        break;
                    }
                }
            } else {
                X509Certificate[] x509CertificateArr3 = new X509Certificate[vector.size()];
                vector.copyInto(x509CertificateArr3);
                return x509CertificateArr3;
            }
        } while (i10 != x509CertificateArr.length);
        StringBuffer stringBuffer = new StringBuffer("Certificate chain incomplete, no certificate found for ");
        stringBuffer.append(issuerDN);
        throw new CertificateException(stringBuffer.toString());
    }

    public void checkExtensions(X509Certificate[] x509CertificateArr, int i10) throws CertificateException {
        Enumeration listExtensions;
        X509Certificate x509Certificate = x509CertificateArr[i10];
        if ((x509Certificate instanceof o) && (listExtensions = ((o) x509Certificate).listExtensions()) != null) {
            while (listExtensions.hasMoreElements()) {
                i iVar = (i) listExtensions.nextElement();
                j0 b10 = iVar.b();
                if (b10.equals(qo.c.f64147d)) {
                    qo.c cVar = (qo.c) iVar;
                    if (cVar.g()) {
                        if (i10 == 0) {
                            throw new CertificateException("Extension error: certificate at index 0 is marked CA certificate");
                        }
                        int h10 = cVar.h();
                        if (h10 != -1 && h10 < i10 - 1) {
                            throw new CertificateException("Extension error: pathLenConstraint violated!");
                        }
                    } else if (i10 != 0) {
                        throw new CertificateException(on.i.a("Extension error: certificate at index ", i10, " is marked as non-CA certificate"));
                    }
                } else if (b10.equals(qo.t.f64204c)) {
                    qo.t tVar = (qo.t) iVar;
                    if (i10 > 0 && (tVar.g() & 32) == 0) {
                        throw new CertificateException("Extension error: keyusage does not allow certificate signing");
                    }
                } else if (!b10.equals(qo.b.f64142e) && !b10.equals(qo.e.f64153c) && !b10.equals(qo.f.f64154c) && !b10.equals(qo.l.f64166c) && !b10.equals(qo.r.f64195c) && !b10.equals(w.f64223c) && !b10.equals(y.f64238m) && !b10.equals(v.f64220d) && !b10.equals(z.f64240c) && !b10.equals(c0.f64150c) && !b10.equals(ro.a.f65722c) && !b10.equals(ro.b.f65724c) && !b10.equals(ro.c.f65726c) && !b10.equals(ro.d.f65728c) && !b10.equals(ro.f.f65739c) && !b10.equals(ro.g.f65741c) && !b10.equals(ro.h.f65743c) && iVar.d()) {
                    StringBuffer stringBuffer = new StringBuffer("Unhandled CRITICAL extension: ");
                    stringBuffer.append(iVar.b());
                    throw new CertificateException(stringBuffer.toString());
                }
            }
        }
    }

    public abstract boolean isTrustedCertificate(X509Certificate x509Certificate) throws CertificateException;

    public boolean verifyChain(X509Certificate[] x509CertificateArr) throws CertificateException {
        return verifyChain(x509CertificateArr, false);
    }

    /* JADX WARN: Multi-variable type inference failed */
    public boolean verifyChain(X509Certificate[] x509CertificateArr, boolean z10) throws CertificateException {
        int length = x509CertificateArr.length;
        X509Certificate[] x509CertificateArr2 = x509CertificateArr;
        if (z10) {
            X509Certificate[] x509CertificateArr3 = new X509Certificate[length];
            for (int i10 = 0; i10 < length; i10++) {
                x509CertificateArr3[i10] = x509CertificateArr[(length - i10) - 1];
            }
            x509CertificateArr2 = x509CertificateArr3;
        }
        for (int i11 = 0; i11 < length; i11++) {
            if (i11 > 0) {
                try {
                    int i12 = i11 - 1;
                    if (!x509CertificateArr2[i11].getSubjectDN().equals(x509CertificateArr2[i12].getIssuerDN())) {
                        throw new CertificateException("Certificate chain broken: not linked correctly");
                    }
                    x509CertificateArr2[i12].verify(x509CertificateArr2[i11].getPublicKey());
                    if (iaik.utils.l.r(x509CertificateArr2[i12].getSignature(), x509CertificateArr2[i11].getSignature()) && !x509CertificateArr2[i12].equals(x509CertificateArr2[i11])) {
                        StringBuffer stringBuffer = new StringBuffer();
                        stringBuffer.append("Certificate ");
                        stringBuffer.append(i12);
                        stringBuffer.append(" and ");
                        stringBuffer.append(i11);
                        stringBuffer.append(" have same signature value!");
                        throw new CertificateException(stringBuffer.toString());
                    }
                } catch (CertificateException e10) {
                    throw e10;
                } catch (Exception unused) {
                    throw new CertificateException("Error in certificate chain");
                }
            }
            if (x509CertificateArr2[i11].getSubjectDN().equals(x509CertificateArr2[i11].getIssuerDN())) {
                p1 p1Var = x509CertificateArr2[i11];
                p1Var.verify(p1Var.getPublicKey());
            }
            checkExtensions(x509CertificateArr2, i11);
            if (isTrustedCertificate(x509CertificateArr2[i11])) {
                return true;
            }
            x509CertificateArr2[i11].checkValidity();
        }
        return false;
    }
}
