package ec;

import androidx.annotation.NonNull;
import androidx.annotation.Nullable;
import java.io.IOException;
import java.security.cert.CertificateExpiredException;
import java.security.cert.CertificateNotYetValidException;
import java.security.cert.CertificateParsingException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Iterator;
import java.util.List;
import org.spongycastle.asn1.ASN1ObjectIdentifier;
import org.spongycastle.asn1.ASN1Primitive;
import org.spongycastle.asn1.ASN1Sequence;
import ym.g0;

/* loaded from: classes2.dex */
public class c {
    private static boolean a(@NonNull X509Certificate x509Certificate) {
        try {
            Collection<List<?>> subjectAlternativeNames = x509Certificate.getSubjectAlternativeNames();
            if (subjectAlternativeNames != null) {
                Iterator<List<?>> it = subjectAlternativeNames.iterator();
                while (it.hasNext()) {
                    if (((Integer) it.next().get(0)).intValue() == 1) {
                        return true;
                    }
                }
            }
        } catch (CertificateParsingException e11) {
            g0.n("X509CertUtil", "Certificate parse exception while getting SAN.", e11);
        }
        return false;
    }

    private static boolean b(@NonNull X509Certificate x509Certificate) {
        try {
            Collection<List<?>> subjectAlternativeNames = x509Certificate.getSubjectAlternativeNames();
            if (subjectAlternativeNames != null) {
                for (List<?> list : subjectAlternativeNames) {
                    if (((Integer) list.get(0)).intValue() == 0) {
                        ASN1ObjectIdentifier aSN1ObjectIdentifier = ASN1ObjectIdentifier.getInstance(ASN1Sequence.getInstance(ASN1Primitive.fromByteArray((byte[]) list.get(1))).getObjectAt(0));
                        if (aSN1ObjectIdentifier != null) {
                            return "1.3.6.1.4.1.311.20.2.3".equals(aSN1ObjectIdentifier.getId());
                        }
                        return false;
                    }
                }
            }
        } catch (IOException | CertificateParsingException e11) {
            g0.n("X509CertUtil", "Certificate parse exception while getting SAN.", e11);
        }
        return false;
    }

    @Nullable
    public static X509Certificate c(@NonNull List<X509Certificate> list) {
        ArrayList<X509Certificate> arrayList = new ArrayList();
        for (X509Certificate x509Certificate : list) {
            if (j(x509Certificate) && f(x509Certificate) && b(x509Certificate)) {
                arrayList.add(x509Certificate);
            }
        }
        if (arrayList.size() <= 1) {
            if (arrayList.size() == 1) {
                return (X509Certificate) arrayList.get(0);
            }
            return null;
        }
        for (X509Certificate x509Certificate2 : arrayList) {
            if (!a(x509Certificate2)) {
                return x509Certificate2;
            }
        }
        return null;
    }

    @Nullable
    public static X509Certificate d(@NonNull List<X509Certificate> list) {
        ArrayList<X509Certificate> arrayList = new ArrayList();
        for (X509Certificate x509Certificate : list) {
            if (j(x509Certificate) && (g(x509Certificate) || i(x509Certificate))) {
                if (a(x509Certificate)) {
                    arrayList.add(x509Certificate);
                }
            }
        }
        if (arrayList.size() <= 1) {
            if (arrayList.size() == 1) {
                return (X509Certificate) arrayList.get(0);
            }
            return null;
        }
        for (X509Certificate x509Certificate2 : arrayList) {
            if (!h(x509Certificate2)) {
                return x509Certificate2;
            }
        }
        return null;
    }

    @Nullable
    public static X509Certificate e(@NonNull List<X509Certificate> list) {
        ArrayList<X509Certificate> arrayList = new ArrayList();
        for (X509Certificate x509Certificate : list) {
            if (j(x509Certificate) && h(x509Certificate) && a(x509Certificate)) {
                arrayList.add(x509Certificate);
            }
        }
        if (arrayList.size() <= 1) {
            if (arrayList.size() == 1) {
                return (X509Certificate) arrayList.get(0);
            }
            return null;
        }
        for (X509Certificate x509Certificate2 : arrayList) {
            if (!i(x509Certificate2)) {
                return x509Certificate2;
            }
        }
        return null;
    }

    private static boolean f(@NonNull X509Certificate x509Certificate) {
        try {
            List<String> extendedKeyUsage = x509Certificate.getExtendedKeyUsage();
            if (extendedKeyUsage == null) {
                return false;
            }
            Iterator<String> it = extendedKeyUsage.iterator();
            while (it.hasNext()) {
                if ("1.3.6.1.5.5.7.3.2".equals(it.next())) {
                    return true;
                }
            }
            return false;
        } catch (CertificateParsingException e11) {
            g0.n("X509CertUtil", "Certificate parse exception while getting extended key usage.", e11);
            return false;
        }
    }

    private static boolean g(@NonNull X509Certificate x509Certificate) {
        boolean[] keyUsage = x509Certificate.getKeyUsage();
        return keyUsage != null && keyUsage[3];
    }

    private static boolean h(@NonNull X509Certificate x509Certificate) {
        boolean[] keyUsage = x509Certificate.getKeyUsage();
        return keyUsage != null && keyUsage[0];
    }

    private static boolean i(@NonNull X509Certificate x509Certificate) {
        boolean[] keyUsage = x509Certificate.getKeyUsage();
        return keyUsage != null && keyUsage[2];
    }

    private static boolean j(@NonNull X509Certificate x509Certificate) {
        try {
            x509Certificate.checkValidity();
            return true;
        } catch (CertificateExpiredException unused) {
            g0.k("X509CertUtil", "Certificate expired");
            return false;
        } catch (CertificateNotYetValidException unused2) {
            g0.k("X509CertUtil", "Certificate not yet valid");
            return false;
        }
    }
}
