package org.eclipse.californium.elements.util;

import java.security.GeneralSecurityException;
import java.security.cert.CertPath;
import java.security.cert.Certificate;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.CertificateParsingException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Collections;
import java.util.Iterator;
import java.util.List;
import java.util.Objects;
import javax.security.auth.x500.X500Principal;
import org.slf4j.LoggerFactory;

/* loaded from: classes6.dex */
public class CertPathUtil {

    /* renamed from: a, reason: collision with root package name */
    private static final org.slf4j.c f21483a = LoggerFactory.i(CertPathUtil.class);

    /* renamed from: b, reason: collision with root package name */
    private static final String f21484b = "X.509";

    /* renamed from: c, reason: collision with root package name */
    private static final String f21485c = "1.3.6.1.5.5.7.3.1";

    /* renamed from: d, reason: collision with root package name */
    private static final String f21486d = "1.3.6.1.5.5.7.3.2";

    /* renamed from: e, reason: collision with root package name */
    private static final int f21487e = 0;
    private static final int f = 5;

    public static boolean a(X509Certificate x509Certificate, boolean z) {
        if (x509Certificate.getKeyUsage() != null && !x509Certificate.getKeyUsage()[0]) {
            f21483a.debug("certificate: {}, not for signing!", x509Certificate.getSubjectDN());
            return false;
        }
        try {
            List<String> extendedKeyUsage = x509Certificate.getExtendedKeyUsage();
            if (extendedKeyUsage == null || extendedKeyUsage.isEmpty()) {
                f21483a.debug("certificate: {}, no extkeyusage!", x509Certificate.getSubjectDN());
            } else {
                f21483a.trace("certificate: {}", x509Certificate.getSubjectDN());
                String str = z ? f21486d : f21485c;
                boolean z2 = false;
                for (String str2 : extendedKeyUsage) {
                    f21483a.trace("   extkeyusage {}", str2);
                    if (str.equals(str2)) {
                        z2 = true;
                    }
                }
                if (!z2) {
                    f21483a.debug("certificate: {}, not for {}!", x509Certificate.getSubjectDN(), z ? "client" : "server");
                    return false;
                }
            }
        } catch (CertificateParsingException e2) {
            f21483a.warn("x509 certificate:", (Throwable) e2);
        }
        return true;
    }

    public static boolean b(X509Certificate x509Certificate) {
        if (x509Certificate.getBasicConstraints() < 0) {
            f21483a.debug("certificate: {}, not for CA!", x509Certificate.getSubjectDN());
            return false;
        }
        if (x509Certificate.getKeyUsage() == null || x509Certificate.getKeyUsage()[5]) {
            return true;
        }
        f21483a.debug("certificate: {}, not for certificate signing!", x509Certificate.getSubjectDN());
        return false;
    }

    private static boolean c(X509Certificate x509Certificate, X509Certificate[] x509CertificateArr) throws CertificateEncodingException {
        for (X509Certificate x509Certificate2 : x509CertificateArr) {
            if (x509Certificate.equals(x509Certificate2)) {
                return true;
            }
        }
        return false;
    }

    public static CertPath d(List<X509Certificate> list) {
        Objects.requireNonNull(list, "Certificate chain must not be null!");
        return e(list, list.size());
    }

    public static CertPath e(List<X509Certificate> list, int i) {
        Objects.requireNonNull(list, "Certificate chain must not be null!");
        if (i > list.size()) {
            throw new IllegalArgumentException("size must not be larger then certificate chain!");
        }
        try {
            if (!list.isEmpty()) {
                int size = list.size() - 1;
                X500Principal x500Principal = null;
                for (int i2 = 0; i2 <= size; i2++) {
                    X509Certificate x509Certificate = list.get(i2);
                    org.slf4j.c cVar = f21483a;
                    cVar.debug("Current Subject DN: {}", x509Certificate.getSubjectX500Principal().getName());
                    if (x500Principal != null && !x500Principal.equals(x509Certificate.getSubjectX500Principal())) {
                        cVar.debug("Actual Issuer DN: {}", x509Certificate.getSubjectX500Principal().getName());
                        throw new IllegalArgumentException("Given certificates do not form a chain");
                    }
                    x500Principal = x509Certificate.getIssuerX500Principal();
                    cVar.debug("Expected Issuer DN: {}", x500Principal.getName());
                    if (x500Principal.equals(x509Certificate.getSubjectX500Principal()) && i2 != size) {
                        throw new IllegalArgumentException("Given certificates do not form a chain, root is not the last!");
                    }
                }
                if (i < list.size()) {
                    ArrayList arrayList = new ArrayList();
                    for (int i3 = 0; i3 < i; i3++) {
                        arrayList.add(list.get(i3));
                    }
                    list = arrayList;
                }
            }
            return CertificateFactory.getInstance(f21484b).generateCertPath(list);
        } catch (CertificateException e2) {
            throw new IllegalArgumentException("could not create X.509 certificate factory", e2);
        }
    }

    /* JADX WARN: Code restructure failed: missing block: B:17:0x0047, code lost:
    
        if (r6.getIssuerX500Principal().equals(r6.getSubjectX500Principal()) != false) goto L21;
     */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public static java.security.cert.CertPath f(java.util.List<java.security.cert.X509Certificate> r5, java.util.List<javax.security.auth.x500.X500Principal> r6) {
        /*
            java.lang.String r0 = "Certificate chain must not be null!"
            java.util.Objects.requireNonNull(r5, r0)
            int r0 = r5.size()
            if (r0 <= 0) goto L4b
            r1 = 0
            r2 = 1
            if (r6 == 0) goto L2e
            boolean r3 = r6.isEmpty()
            if (r3 != 0) goto L2e
            r3 = 0
        L16:
            if (r3 >= r0) goto L2f
            java.lang.Object r4 = r5.get(r3)
            java.security.cert.X509Certificate r4 = (java.security.cert.X509Certificate) r4
            javax.security.auth.x500.X500Principal r4 = r4.getIssuerX500Principal()
            boolean r4 = r6.contains(r4)
            if (r4 == 0) goto L2b
            int r1 = r3 + 1
            goto L2f
        L2b:
            int r3 = r3 + 1
            goto L16
        L2e:
            r1 = r0
        L2f:
            if (r0 <= r2) goto L4a
            if (r1 != r0) goto L4a
            int r0 = r0 + (-1)
            java.lang.Object r6 = r5.get(r0)
            java.security.cert.X509Certificate r6 = (java.security.cert.X509Certificate) r6
            javax.security.auth.x500.X500Principal r2 = r6.getIssuerX500Principal()
            javax.security.auth.x500.X500Principal r6 = r6.getSubjectX500Principal()
            boolean r6 = r2.equals(r6)
            if (r6 == 0) goto L4a
            goto L4b
        L4a:
            r0 = r1
        L4b:
            java.security.cert.CertPath r5 = e(r5, r0)
            return r5
        */
        throw new UnsupportedOperationException("Method not decompiled: org.eclipse.californium.elements.util.CertPathUtil.f(java.util.List, java.util.List):java.security.cert.CertPath");
    }

    private static X509Certificate g(X509Certificate x509Certificate, X509Certificate[] x509CertificateArr) {
        X500Principal issuerX500Principal = x509Certificate.getIssuerX500Principal();
        X509Certificate x509Certificate2 = null;
        for (X509Certificate x509Certificate3 : x509CertificateArr) {
            if (x509Certificate3 != null && issuerX500Principal.equals(x509Certificate3.getSubjectX500Principal())) {
                if (x509Certificate2 != null && k(x509Certificate, x509Certificate2)) {
                    return x509Certificate2;
                }
                x509Certificate2 = x509Certificate3;
            }
        }
        return x509Certificate2;
    }

    public static List<X500Principal> h(List<X509Certificate> list) {
        if (list == null || list.isEmpty()) {
            return Collections.emptyList();
        }
        ArrayList arrayList = new ArrayList(list.size());
        Iterator<X509Certificate> it = list.iterator();
        while (it.hasNext()) {
            X500Principal subjectX500Principal = it.next().getSubjectX500Principal();
            if (!arrayList.contains(subjectX500Principal)) {
                arrayList.add(subjectX500Principal);
            }
        }
        return arrayList;
    }

    public static List<X509Certificate> i(List<? extends Certificate> list) {
        Objects.requireNonNull(list, "Certificates list must not be null!");
        ArrayList arrayList = new ArrayList(list.size());
        for (Certificate certificate : list) {
            if (!(certificate instanceof X509Certificate)) {
                throw new IllegalArgumentException("Given certificate is not X.509! " + certificate);
            }
            arrayList.add((X509Certificate) certificate);
        }
        return arrayList;
    }

    /* JADX WARN: Removed duplicated region for block: B:19:0x00c9  */
    /* JADX WARN: Removed duplicated region for block: B:22:0x00db  */
    /* JADX WARN: Removed duplicated region for block: B:39:0x0155  */
    /* JADX WARN: Removed duplicated region for block: B:43:? A[RETURN, SYNTHETIC] */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public static java.security.cert.CertPath j(boolean r16, java.security.cert.CertPath r17, java.security.cert.X509Certificate[] r18) throws java.security.GeneralSecurityException {
        /*
            Method dump skipped, instructions count: 360
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: org.eclipse.californium.elements.util.CertPathUtil.j(boolean, java.security.cert.CertPath, java.security.cert.X509Certificate[]):java.security.cert.CertPath");
    }

    private static boolean k(X509Certificate x509Certificate, X509Certificate x509Certificate2) {
        try {
            x509Certificate2.checkValidity();
            x509Certificate.verify(x509Certificate2.getPublicKey());
            return true;
        } catch (GeneralSecurityException unused) {
            return false;
        }
    }
}
