package cn.com.bouncycastle.tls.crypto.impl.bc;

import cn.com.bouncycastle.tls.TlsFatalAlert;
import cn.com.bouncycastle.tls.crypto.TlsCertificate;
import cn.com.bouncycastle.tls.crypto.TlsCryptoException;
import cn.com.bouncycastle.tls.crypto.TlsVerifier;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.math.BigInteger;
import java.security.GeneralSecurityException;
import java.security.cert.X509Certificate;
import org.bouncycastle.asn1.ASN1Encoding;
import org.bouncycastle.asn1.ASN1ObjectIdentifier;
import org.bouncycastle.asn1.ASN1Primitive;
import org.bouncycastle.asn1.gm.GMObjectIdentifiers;
import org.bouncycastle.asn1.x509.Certificate;
import org.bouncycastle.asn1.x509.Extension;
import org.bouncycastle.asn1.x509.Extensions;
import org.bouncycastle.asn1.x509.KeyUsage;
import org.bouncycastle.crypto.params.AsymmetricKeyParameter;
import org.bouncycastle.crypto.params.DHPublicKeyParameters;
import org.bouncycastle.crypto.params.DSAPublicKeyParameters;
import org.bouncycastle.crypto.params.ECDomainParameters;
import org.bouncycastle.crypto.params.ECNamedDomainParameters;
import org.bouncycastle.crypto.params.ECPublicKeyParameters;
import org.bouncycastle.crypto.params.RSAKeyParameters;
import org.bouncycastle.crypto.util.PublicKeyFactory;
import org.bouncycastle.jcajce.util.JcaJceHelper;
import org.bouncycastle.util.Arrays;

/* loaded from: classes.dex */
public class BcTlsCertificate implements TlsCertificate {
    public final Certificate certificate;
    public final BcTlsCrypto crypto;
    public DHPublicKeyParameters pubKeyDH;
    public ECPublicKeyParameters pubKeyEC;
    public RSAKeyParameters pubKeyRSA;
    public final X509Certificate x509Certificate;

    public BcTlsCertificate(BcTlsCrypto bcTlsCrypto, Certificate certificate) throws IOException {
        this.pubKeyDH = null;
        this.pubKeyEC = null;
        this.pubKeyRSA = null;
        this.crypto = bcTlsCrypto;
        this.certificate = certificate;
        this.x509Certificate = parseX509Certificate(bcTlsCrypto.getHelper(), certificate.getEncoded());
    }

    public BcTlsCertificate(BcTlsCrypto bcTlsCrypto, byte[] bArr) throws IOException {
        this(bcTlsCrypto, parseCertificate(bArr));
    }

    public static BcTlsCertificate convert(BcTlsCrypto bcTlsCrypto, TlsCertificate tlsCertificate) throws IOException {
        return tlsCertificate instanceof BcTlsCertificate ? (BcTlsCertificate) tlsCertificate : new BcTlsCertificate(bcTlsCrypto, tlsCertificate.getEncoded());
    }

    public static Certificate parseCertificate(byte[] bArr) throws IOException {
        try {
            return Certificate.getInstance(bArr);
        } catch (IllegalArgumentException e2) {
            throw new TlsCryptoException("unable to decode certificate: " + e2.getMessage(), e2);
        }
    }

    public static X509Certificate parseX509Certificate(JcaJceHelper jcaJceHelper, byte[] bArr) throws IOException {
        try {
            ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(Certificate.getInstance(bArr).getEncoded(ASN1Encoding.DER));
            X509Certificate x509Certificate = (X509Certificate) jcaJceHelper.createCertificateFactory("X.509").generateCertificate(byteArrayInputStream);
            if (byteArrayInputStream.available() == 0) {
                return x509Certificate;
            }
            throw new IOException("Extra data detected in stream");
        } catch (GeneralSecurityException e2) {
            throw new TlsCryptoException("unable to decode certificate", e2);
        }
    }

    @Override // cn.com.bouncycastle.tls.crypto.TlsCertificate
    public TlsVerifier createVerifier(short s) throws IOException {
        validateKeyUsage(128);
        if (s == 1) {
            return new BcTlsRSAVerifier(this.crypto, getPubKeyRSA());
        }
        if (s == 2) {
            return new BcTlsDSAVerifier(this.crypto, getPubKeyDSS());
        }
        if (s == 3) {
            return new BcTlsECDSAVerifier(this.crypto, getPubKeyEC());
        }
        if (s == 4) {
            return new BcTlsSM2Verifier(this.crypto, getPubKeyEC());
        }
        throw new TlsFatalAlert((short) 46);
    }

    @Override // cn.com.bouncycastle.tls.crypto.TlsCertificate
    public short getClientCertificateType() throws IOException {
        AsymmetricKeyParameter publicKey = getPublicKey();
        if (publicKey.isPrivate()) {
            throw new TlsFatalAlert((short) 80);
        }
        try {
            if (publicKey instanceof RSAKeyParameters) {
                validateKeyUsage(128);
                return (short) 1;
            }
            if (publicKey instanceof DSAPublicKeyParameters) {
                validateKeyUsage(128);
                return (short) 2;
            }
            if (!(publicKey instanceof ECPublicKeyParameters)) {
                throw new TlsFatalAlert((short) 43);
            }
            validateKeyUsage(128);
            ECDomainParameters parameters = ((ECPublicKeyParameters) publicKey).getParameters();
            return ((parameters instanceof ECNamedDomainParameters) && ((ECNamedDomainParameters) parameters).getName().equals((ASN1Primitive) GMObjectIdentifiers.sm2p256v1)) ? (short) 81 : (short) 64;
        } catch (IOException e2) {
            throw e2;
        } catch (Exception e3) {
            throw new TlsFatalAlert((short) 43, e3);
        }
    }

    @Override // cn.com.bouncycastle.tls.crypto.TlsCertificate
    public byte[] getEncoded() throws IOException {
        return this.certificate.getEncoded(ASN1Encoding.DER);
    }

    @Override // cn.com.bouncycastle.tls.crypto.TlsCertificate
    public byte[] getExtension(ASN1ObjectIdentifier aSN1ObjectIdentifier) throws IOException {
        Extension extension;
        Extensions extensions = this.certificate.getTBSCertificate().getExtensions();
        if (extensions == null || (extension = extensions.getExtension(aSN1ObjectIdentifier)) == null) {
            return null;
        }
        return Arrays.clone(extension.getExtnValue().getOctets());
    }

    public DHPublicKeyParameters getPubKeyDH() throws IOException {
        try {
            return (DHPublicKeyParameters) getPublicKey();
        } catch (RuntimeException e2) {
            throw new TlsFatalAlert((short) 46, e2);
        }
    }

    public DSAPublicKeyParameters getPubKeyDSS() throws IOException {
        try {
            return validatePubKeyDSS((DSAPublicKeyParameters) getPublicKey());
        } catch (ClassCastException e2) {
            throw new TlsFatalAlert((short) 46, e2);
        }
    }

    public ECPublicKeyParameters getPubKeyEC() throws IOException {
        try {
            return validatePubKeyEC((ECPublicKeyParameters) getPublicKey());
        } catch (ClassCastException e2) {
            throw new TlsFatalAlert((short) 46, e2);
        }
    }

    public RSAKeyParameters getPubKeyRSA() throws IOException {
        try {
            return validatePubKeyRSA((RSAKeyParameters) getPublicKey());
        } catch (ClassCastException e2) {
            throw new TlsFatalAlert((short) 46, e2);
        }
    }

    public AsymmetricKeyParameter getPublicKey() throws IOException {
        try {
            return PublicKeyFactory.createKey(this.certificate.getSubjectPublicKeyInfo());
        } catch (RuntimeException e2) {
            throw new TlsFatalAlert((short) 43, e2);
        }
    }

    @Override // cn.com.bouncycastle.tls.crypto.TlsCertificate
    public BigInteger getSerialNumber() {
        return this.certificate.getSerialNumber().getValue();
    }

    public X509Certificate getX509Certificate() {
        return this.x509Certificate;
    }

    @Override // cn.com.bouncycastle.tls.crypto.TlsCertificate
    public TlsCertificate useInRole(int i2, int i3) throws IOException {
        if (i3 == 7 || i3 == 9) {
            validateKeyUsage(8);
            this.pubKeyDH = getPubKeyDH();
            return this;
        }
        if (i3 == 16 || i3 == 18 || i3 == 25) {
            validateKeyUsage(8);
            this.pubKeyEC = getPubKeyEC();
            return this;
        }
        if (i2 == 0) {
            if (i3 == 1 || i3 == 15) {
                validateKeyUsage(128);
                this.pubKeyRSA = getPubKeyRSA();
                return this;
            }
            if (i3 == 26) {
                validateKeyUsage(32);
                this.pubKeyEC = getPubKeyEC();
                return this;
            }
        }
        throw new TlsFatalAlert((short) 46);
    }

    public void validateKeyUsage(int i2) throws IOException {
        KeyUsage fromExtensions;
        Extensions extensions = this.certificate.getTBSCertificate().getExtensions();
        if (extensions == null || (fromExtensions = KeyUsage.fromExtensions(extensions)) == null) {
            return;
        }
        byte b2 = fromExtensions.getBytes()[0];
    }

    public DSAPublicKeyParameters validatePubKeyDSS(DSAPublicKeyParameters dSAPublicKeyParameters) throws IOException {
        return dSAPublicKeyParameters;
    }

    public ECPublicKeyParameters validatePubKeyEC(ECPublicKeyParameters eCPublicKeyParameters) throws IOException {
        return eCPublicKeyParameters;
    }

    public RSAKeyParameters validatePubKeyRSA(RSAKeyParameters rSAKeyParameters) throws IOException {
        return rSAKeyParameters;
    }
}
