package org.jruby.ext.openssl.x509store;

import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.math.BigInteger;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.Principal;
import java.security.PublicKey;
import java.security.SignatureException;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateExpiredException;
import java.security.cert.CertificateNotYetValidException;
import java.security.cert.CertificateParsingException;
import java.security.cert.X509Certificate;
import java.util.Arrays;
import java.util.Collection;
import java.util.Date;
import java.util.List;
import java.util.Set;
import javax.security.auth.x500.X500Principal;
import org.bouncycastle.asn1.ASN1InputStream;
import org.bouncycastle.asn1.ASN1OctetString;
import org.bouncycastle.asn1.ASN1Primitive;
import org.bouncycastle.asn1.ASN1Sequence;
import org.bouncycastle.asn1.DERBitString;
import org.bouncycastle.asn1.DEROctetString;
import org.bouncycastle.asn1.DERTaggedObject;
import org.bouncycastle.asn1.DLSequence;
import org.bouncycastle.asn1.x509.AuthorityKeyIdentifier;
import org.bouncycastle.asn1.x509.SubjectKeyIdentifier;
import org.bouncycastle.jce.provider.X509CertificateObject;
import org.jruby.ext.openssl.SecurityHelper;
import org.jruby.ext.openssl.impl.ASN1Registry;

/* loaded from: input_file:META-INF/jruby.home/lib/ruby/stdlib/jopenssl.jar:org/jruby/ext/openssl/x509store/X509AuxCertificate.class */
public class X509AuxCertificate extends X509Certificate implements Cloneable {
    private static final long serialVersionUID = -909543379295427515L;
    final X509Certificate cert;
    final X509Aux aux;
    boolean verified;
    private int ex_flags;

    public X509AuxCertificate(org.bouncycastle.asn1.x509.Certificate certificate) throws IOException, CertificateException {
        this.verified = false;
        this.ex_flags = -1;
        this.cert = (X509Certificate) SecurityHelper.getCertificateFactory("X.509").generateCertificate(new ByteArrayInputStream(certificate.getEncoded()));
        this.aux = null;
    }

    public X509AuxCertificate(X509Certificate x509Certificate) {
        this(x509Certificate, null);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public X509AuxCertificate(X509Certificate x509Certificate, X509Aux x509Aux) {
        this.verified = false;
        this.ex_flags = -1;
        this.cert = x509Certificate;
        this.aux = x509Aux;
    }

    /* renamed from: clone, reason: merged with bridge method [inline-methods] */
    public final X509AuxCertificate m2732clone() {
        try {
            return (X509AuxCertificate) super.clone();
        } catch (CloneNotSupportedException e) {
            throw new IllegalStateException(e);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public final X509AuxCertificate cloneForCache() {
        X509AuxCertificate m2732clone = m2732clone();
        m2732clone.verified = false;
        m2732clone.ex_flags = -1;
        return m2732clone;
    }

    public int getExFlags() throws IOException {
        if (this.ex_flags == -1) {
            this.ex_flags = computeExFlags();
        }
        return this.ex_flags;
    }

    private int computeExFlags() throws IOException {
        int i = 0;
        if (getVersion() == 1) {
            i = 0 | 64;
        }
        if (getExtensionValue(ASN1Registry.OBJ_basic_constraints) != null) {
            if (getBasicConstraints() != -1) {
                i |= 16;
            }
            i |= 1;
        }
        if (getSubjectX500Principal().equals(getIssuerX500Principal())) {
            i |= 32;
            if (getExtensionValue(ASN1Registry.OBJ_authority_key_identifier) != null) {
                ASN1Primitive aSN1Primitive = X509Utils.get(getExtensionValue(ASN1Registry.OBJ_authority_key_identifier));
                if (!(aSN1Primitive instanceof ASN1Sequence)) {
                    aSN1Primitive = X509Utils.get((DEROctetString) aSN1Primitive);
                }
                ASN1Sequence aSN1Sequence = (ASN1Sequence) aSN1Primitive;
                AuthorityKeyIdentifier authorityKeyIdentifier = (aSN1Sequence.size() == 1 && (aSN1Sequence.getObjectAt(0) instanceof ASN1OctetString)) ? AuthorityKeyIdentifier.getInstance(new DLSequence(new DERTaggedObject(0, aSN1Sequence.getObjectAt(0)))) : AuthorityKeyIdentifier.getInstance(aSN1Sequence);
                if (authorityKeyIdentifier.getKeyIdentifier() != null && getExtensionValue(ASN1Registry.OBJ_subject_key_identifier) != null) {
                    SubjectKeyIdentifier subjectKeyIdentifier = SubjectKeyIdentifier.getInstance(X509Utils.get(((DEROctetString) X509Utils.get(getExtensionValue(ASN1Registry.OBJ_subject_key_identifier))).getOctets()));
                    if (subjectKeyIdentifier.getKeyIdentifier() != null && Arrays.equals(authorityKeyIdentifier.getKeyIdentifier(), subjectKeyIdentifier.getKeyIdentifier()) && getSigAlgName().equals(getPublicKey().getAlgorithm())) {
                        i |= 8192;
                    }
                }
            }
        }
        if (getKeyUsage() != null) {
            i |= 4;
        }
        if (getExtensionValue(ASN1Registry.OBJ_proxyCertInfo) != null) {
            i |= 1024;
        }
        return i;
    }

    @Override // java.security.cert.X509Certificate
    public void checkValidity() throws CertificateExpiredException, CertificateNotYetValidException {
        this.cert.checkValidity();
    }

    @Override // java.security.cert.X509Certificate
    public void checkValidity(Date date) throws CertificateExpiredException, CertificateNotYetValidException {
        this.cert.checkValidity(date);
    }

    @Override // java.security.cert.X509Certificate
    public int getBasicConstraints() {
        return this.cert.getBasicConstraints();
    }

    @Override // java.security.cert.X509Certificate
    public List<String> getExtendedKeyUsage() throws CertificateParsingException {
        return this.cert.getExtendedKeyUsage();
    }

    @Override // java.security.cert.X509Certificate
    public Collection<List<?>> getIssuerAlternativeNames() throws CertificateParsingException {
        return this.cert.getIssuerAlternativeNames();
    }

    @Override // java.security.cert.X509Certificate
    public Principal getIssuerDN() {
        return this.cert.getIssuerDN();
    }

    @Override // java.security.cert.X509Certificate
    public boolean[] getIssuerUniqueID() {
        return this.cert.getIssuerUniqueID();
    }

    @Override // java.security.cert.X509Certificate
    public X500Principal getIssuerX500Principal() {
        return this.cert.getIssuerX500Principal();
    }

    @Override // java.security.cert.X509Certificate
    public boolean[] getKeyUsage() {
        return this.cert.getKeyUsage();
    }

    @Override // java.security.cert.X509Certificate
    public Date getNotAfter() {
        return this.cert.getNotAfter();
    }

    @Override // java.security.cert.X509Certificate
    public Date getNotBefore() {
        return this.cert.getNotBefore();
    }

    @Override // java.security.cert.X509Certificate
    public BigInteger getSerialNumber() {
        return this.cert.getSerialNumber();
    }

    @Override // java.security.cert.X509Certificate
    public String getSigAlgName() {
        return this.cert.getSigAlgName();
    }

    @Override // java.security.cert.X509Certificate
    public String getSigAlgOID() {
        return this.cert.getSigAlgOID();
    }

    @Override // java.security.cert.X509Certificate
    public byte[] getSigAlgParams() {
        return this.cert.getSigAlgParams();
    }

    @Override // java.security.cert.X509Certificate
    public byte[] getSignature() {
        return this.cert.getSignature();
    }

    @Override // java.security.cert.X509Certificate
    public Collection<List<?>> getSubjectAlternativeNames() throws CertificateParsingException {
        return this.cert.getSubjectAlternativeNames();
    }

    @Override // java.security.cert.X509Certificate
    public Principal getSubjectDN() {
        return this.cert.getSubjectDN();
    }

    @Override // java.security.cert.X509Certificate
    public boolean[] getSubjectUniqueID() {
        return this.cert.getSubjectUniqueID();
    }

    @Override // java.security.cert.X509Certificate
    public X500Principal getSubjectX500Principal() {
        return this.cert.getSubjectX500Principal();
    }

    @Override // java.security.cert.X509Certificate
    public byte[] getTBSCertificate() throws CertificateEncodingException {
        return this.cert.getTBSCertificate();
    }

    @Override // java.security.cert.X509Certificate
    public int getVersion() {
        return this.cert.getVersion();
    }

    @Override // java.security.cert.Certificate
    public byte[] getEncoded() throws CertificateEncodingException {
        return this.cert.getEncoded();
    }

    @Override // java.security.cert.Certificate
    public PublicKey getPublicKey() {
        return this.cert.getPublicKey();
    }

    @Override // java.security.cert.Certificate
    public String toString() {
        return this.cert.toString();
    }

    @Override // java.security.cert.Certificate
    public boolean equals(Object obj) {
        if (this == obj) {
            return true;
        }
        if (!(obj instanceof X509AuxCertificate)) {
            return false;
        }
        X509AuxCertificate x509AuxCertificate = (X509AuxCertificate) obj;
        return this.cert.equals(x509AuxCertificate.cert) && (this.aux != null ? this.aux.equals(x509AuxCertificate.aux) : x509AuxCertificate.aux == null);
    }

    @Override // java.security.cert.Certificate
    public int hashCode() {
        return this.cert.hashCode() + (3 * (this.aux == null ? 1 : this.aux.hashCode()));
    }

    @Override // java.security.cert.Certificate
    public void verify(PublicKey publicKey) throws CertificateException, NoSuchAlgorithmException, InvalidKeyException, NoSuchProviderException, SignatureException {
        this.cert.verify(publicKey);
    }

    @Override // java.security.cert.Certificate
    public void verify(PublicKey publicKey, String str) throws CertificateException, NoSuchAlgorithmException, InvalidKeyException, NoSuchProviderException, SignatureException {
        this.cert.verify(publicKey, str);
    }

    @Override // java.security.cert.X509Extension
    public Set<String> getCriticalExtensionOIDs() {
        return this.cert.getCriticalExtensionOIDs();
    }

    @Override // java.security.cert.X509Extension
    public byte[] getExtensionValue(String str) {
        return this.cert.getExtensionValue(str);
    }

    @Override // java.security.cert.X509Extension
    public Set<String> getNonCriticalExtensionOIDs() {
        return this.cert.getNonCriticalExtensionOIDs();
    }

    @Override // java.security.cert.X509Extension
    public boolean hasUnsupportedCriticalExtension() {
        return this.cert.hasUnsupportedCriticalExtension();
    }

    public Integer getNsCertType() throws CertificateException {
        byte[] extensionValue = getExtensionValue(ASN1Registry.OBJ_netscape_cert_type);
        if (extensionValue == null) {
            return null;
        }
        try {
            ASN1Primitive readObject = new ASN1InputStream(extensionValue).readObject();
            if (readObject instanceof DERBitString) {
                return Integer.valueOf(((DERBitString) readObject).intValue());
            }
            if (readObject instanceof DEROctetString) {
                return Integer.valueOf(((DERBitString) new ASN1InputStream(((DEROctetString) readObject).getOctets()).readObject()).intValue());
            }
            throw new CertificateException("unknown type from ASN1InputStream.readObject: " + readObject);
        } catch (IOException e) {
            throw new CertificateEncodingException(e.getMessage(), e);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static boolean equalSubjects(X509AuxCertificate x509AuxCertificate, X509AuxCertificate x509AuxCertificate2) {
        if (x509AuxCertificate.cert == x509AuxCertificate2.cert) {
            return true;
        }
        return ((x509AuxCertificate.cert instanceof X509CertificateObject) && (x509AuxCertificate2.cert instanceof X509CertificateObject)) ? x509AuxCertificate.cert.getSubjectDN().equals(x509AuxCertificate2.cert.getSubjectDN()) : x509AuxCertificate.getSubjectX500Principal().equals(x509AuxCertificate2.getSubjectX500Principal());
    }
}
