package org.bouncycastle.cert;

import java.io.IOException;
import java.io.ObjectInputStream;
import java.io.ObjectOutputStream;
import java.io.OutputStream;
import java.io.Serializable;
import java.math.BigInteger;
import java.util.Date;
import java.util.List;
import java.util.Set;
import org.bouncycastle.asn1.ASN1EncodableVector;
import org.bouncycastle.asn1.ASN1ObjectIdentifier;
import org.bouncycastle.asn1.ASN1Sequence;
import org.bouncycastle.asn1.DERSequence;
import org.bouncycastle.asn1.x500.X500Name;
import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
import org.bouncycastle.asn1.x509.AltSignatureAlgorithm;
import org.bouncycastle.asn1.x509.AltSignatureValue;
import org.bouncycastle.asn1.x509.Certificate;
import org.bouncycastle.asn1.x509.Extension;
import org.bouncycastle.asn1.x509.Extensions;
import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo;
import org.bouncycastle.asn1.x509.TBSCertificate;
import org.bouncycastle.operator.ContentVerifier;
import org.bouncycastle.operator.ContentVerifierProvider;
import org.bouncycastle.util.Encodable;

/* loaded from: classes7.dex */
public class X509CertificateHolder implements Encodable, Serializable {
    private static final long serialVersionUID = 20170722001L;
    private transient Extensions extensions;
    private transient Certificate x509Certificate;

    public X509CertificateHolder(Certificate certificate) {
        init(certificate);
    }

    public X509CertificateHolder(byte[] bArr) throws IOException {
        this(parseBytes(bArr));
    }

    private void init(Certificate certificate) {
        this.x509Certificate = certificate;
        this.extensions = certificate.t().j();
    }

    private static Certificate parseBytes(byte[] bArr) throws IOException {
        try {
            return Certificate.j(CertUtils.f(bArr));
        } catch (ClassCastException e2) {
            throw new CertIOException("malformed data: " + e2.getMessage(), e2);
        } catch (IllegalArgumentException e3) {
            throw new CertIOException("malformed data: " + e3.getMessage(), e3);
        }
    }

    private void readObject(ObjectInputStream objectInputStream) throws IOException, ClassNotFoundException {
        objectInputStream.defaultReadObject();
        init(Certificate.j(objectInputStream.readObject()));
    }

    private void writeObject(ObjectOutputStream objectOutputStream) throws IOException {
        objectOutputStream.defaultWriteObject();
        objectOutputStream.writeObject(getEncoded());
    }

    public boolean equals(Object obj) {
        if (obj == this) {
            return true;
        }
        if (obj instanceof X509CertificateHolder) {
            return this.x509Certificate.equals(((X509CertificateHolder) obj).x509Certificate);
        }
        return false;
    }

    public Set getCriticalExtensionOIDs() {
        return CertUtils.b(this.extensions);
    }

    @Override // org.bouncycastle.util.Encodable
    public byte[] getEncoded() throws IOException {
        return this.x509Certificate.getEncoded();
    }

    public Extension getExtension(ASN1ObjectIdentifier aSN1ObjectIdentifier) {
        Extensions extensions = this.extensions;
        if (extensions != null) {
            return extensions.j(aSN1ObjectIdentifier);
        }
        return null;
    }

    public List getExtensionOIDs() {
        return CertUtils.c(this.extensions);
    }

    public Extensions getExtensions() {
        return this.extensions;
    }

    public X500Name getIssuer() {
        return X500Name.i(this.x509Certificate.l());
    }

    public Set getNonCriticalExtensionOIDs() {
        return CertUtils.d(this.extensions);
    }

    public Date getNotAfter() {
        return this.x509Certificate.i().i();
    }

    public Date getNotBefore() {
        return this.x509Certificate.q().i();
    }

    public BigInteger getSerialNumber() {
        return this.x509Certificate.m().w();
    }

    public byte[] getSignature() {
        return this.x509Certificate.o().x();
    }

    public AlgorithmIdentifier getSignatureAlgorithm() {
        return this.x509Certificate.p();
    }

    public X500Name getSubject() {
        return X500Name.i(this.x509Certificate.r());
    }

    public SubjectPublicKeyInfo getSubjectPublicKeyInfo() {
        return this.x509Certificate.s();
    }

    public int getVersion() {
        return this.x509Certificate.u();
    }

    public int getVersionNumber() {
        return this.x509Certificate.u();
    }

    public boolean hasExtensions() {
        return this.extensions != null;
    }

    public int hashCode() {
        return this.x509Certificate.hashCode();
    }

    public boolean isAlternativeSignatureValid(ContentVerifierProvider contentVerifierProvider) throws CertException {
        TBSCertificate t2 = this.x509Certificate.t();
        AltSignatureAlgorithm i2 = AltSignatureAlgorithm.i(t2.j());
        AltSignatureValue i3 = AltSignatureValue.i(t2.j());
        try {
            ContentVerifier a2 = contentVerifierProvider.a(AlgorithmIdentifier.j(i2.d()));
            OutputStream outputStream = a2.getOutputStream();
            ASN1Sequence u2 = ASN1Sequence.u(t2.d());
            ASN1EncodableVector aSN1EncodableVector = new ASN1EncodableVector();
            for (int i4 = 0; i4 != u2.size() - 1; i4++) {
                if (i4 != 2) {
                    aSN1EncodableVector.a(u2.w(i4));
                }
            }
            aSN1EncodableVector.a(CertUtils.h(3, t2.j()));
            new DERSequence(aSN1EncodableVector).g(outputStream, "DER");
            outputStream.close();
            return a2.a(i3.k().x());
        } catch (Exception e2) {
            throw new CertException("unable to process signature: " + e2.getMessage(), e2);
        }
    }

    public boolean isSignatureValid(ContentVerifierProvider contentVerifierProvider) throws CertException {
        TBSCertificate t2 = this.x509Certificate.t();
        if (!CertUtils.e(t2.p(), this.x509Certificate.p())) {
            throw new CertException("signature invalid - algorithm identifier mismatch");
        }
        try {
            ContentVerifier a2 = contentVerifierProvider.a(t2.p());
            OutputStream outputStream = a2.getOutputStream();
            t2.g(outputStream, "DER");
            outputStream.close();
            return a2.a(getSignature());
        } catch (Exception e2) {
            throw new CertException("unable to process signature: " + e2.getMessage(), e2);
        }
    }

    public boolean isValidOn(Date date) {
        return (date.before(this.x509Certificate.q().i()) || date.after(this.x509Certificate.i().i())) ? false : true;
    }

    public Certificate toASN1Structure() {
        return this.x509Certificate;
    }
}
