package xch.bouncycastle.pkix.jcajce;

import java.io.IOException;
import java.math.BigInteger;
import java.security.GeneralSecurityException;
import java.security.PublicKey;
import java.security.cert.CRLException;
import java.security.cert.CertPath;
import java.security.cert.CertPathValidatorException;
import java.security.cert.CertStore;
import java.security.cert.CertStoreException;
import java.security.cert.Certificate;
import java.security.cert.CertificateParsingException;
import java.security.cert.TrustAnchor;
import java.security.cert.X509CRL;
import java.security.cert.X509CRLEntry;
import java.security.cert.X509CRLSelector;
import java.security.cert.X509CertSelector;
import java.security.cert.X509Certificate;
import java.security.cert.X509Extension;
import java.security.interfaces.DSAParams;
import java.security.interfaces.DSAPublicKey;
import java.security.spec.DSAPublicKeySpec;
import java.text.ParseException;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Collections;
import java.util.Date;
import java.util.HashSet;
import java.util.Iterator;
import java.util.LinkedHashSet;
import java.util.List;
import java.util.Map;
import java.util.Set;
import javax.security.auth.x500.X500Principal;
import xch.bouncycastle.asn1.ASN1Enumerated;
import xch.bouncycastle.asn1.ASN1GeneralizedTime;
import xch.bouncycastle.asn1.ASN1InputStream;
import xch.bouncycastle.asn1.ASN1Integer;
import xch.bouncycastle.asn1.ASN1ObjectIdentifier;
import xch.bouncycastle.asn1.ASN1OctetString;
import xch.bouncycastle.asn1.ASN1Primitive;
import xch.bouncycastle.asn1.DEROctetString;
import xch.bouncycastle.asn1.isismtt.ISISMTTObjectIdentifiers;
import xch.bouncycastle.asn1.x500.X500Name;
import xch.bouncycastle.asn1.x500.style.RFC4519Style;
import xch.bouncycastle.asn1.x509.AlgorithmIdentifier;
import xch.bouncycastle.asn1.x509.AuthorityKeyIdentifier;
import xch.bouncycastle.asn1.x509.CRLDistPoint;
import xch.bouncycastle.asn1.x509.DistributionPoint;
import xch.bouncycastle.asn1.x509.DistributionPointName;
import xch.bouncycastle.asn1.x509.Extension;
import xch.bouncycastle.asn1.x509.GeneralName;
import xch.bouncycastle.asn1.x509.GeneralNames;
import xch.bouncycastle.asn1.x509.IssuingDistributionPoint;
import xch.bouncycastle.asn1.x509.SubjectPublicKeyInfo;
import xch.bouncycastle.cms.y;
import xch.bouncycastle.jcajce.PKIXCRLStore;
import xch.bouncycastle.jcajce.PKIXCRLStoreSelector;
import xch.bouncycastle.jcajce.PKIXCertStore;
import xch.bouncycastle.jcajce.PKIXCertStoreSelector;
import xch.bouncycastle.jcajce.PKIXExtendedParameters;
import xch.bouncycastle.jcajce.util.JcaJceHelper;
import xch.bouncycastle.util.Store;
import xch.bouncycastle.util.StoreException;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: classes.dex */
public class g {

    /* renamed from: o, reason: collision with root package name */
    protected static final String f6089o = "2.5.29.32.0";
    protected static final int q = 5;
    protected static final int r = 6;

    /* renamed from: a, reason: collision with root package name */
    protected static final d f6075a = new d();

    /* renamed from: b, reason: collision with root package name */
    protected static final String f6076b = Extension.O5.B();

    /* renamed from: c, reason: collision with root package name */
    protected static final String f6077c = Extension.E5.B();

    /* renamed from: d, reason: collision with root package name */
    protected static final String f6078d = Extension.P5.B();

    /* renamed from: e, reason: collision with root package name */
    protected static final String f6079e = Extension.C5.B();

    /* renamed from: f, reason: collision with root package name */
    protected static final String f6080f = Extension.M5.B();

    /* renamed from: g, reason: collision with root package name */
    protected static final String f6081g = Extension.A5.B();

    /* renamed from: h, reason: collision with root package name */
    protected static final String f6082h = Extension.U5.B();

    /* renamed from: i, reason: collision with root package name */
    protected static final String f6083i = Extension.K5.B();

    /* renamed from: j, reason: collision with root package name */
    protected static final String f6084j = Extension.J5.B();

    /* renamed from: k, reason: collision with root package name */
    protected static final String f6085k = Extension.R5.B();

    /* renamed from: l, reason: collision with root package name */
    protected static final String f6086l = Extension.T5.B();

    /* renamed from: m, reason: collision with root package name */
    protected static final String f6087m = Extension.N5.B();

    /* renamed from: n, reason: collision with root package name */
    protected static final String f6088n = Extension.Q5.B();
    protected static final String p = Extension.F5.B();
    protected static final String[] s = {"unspecified", "keyCompromise", "cACompromise", "affiliationChanged", "superseded", "cessationOfOperation", "certificateHold", "unknown", "removeFromCRL", "privilegeWithdrawn", "aACompromise"};

    g() {
    }

    static void a(Set set, Object obj) throws b {
        if (set.isEmpty()) {
            throw new b("No CRLs found for issuer \"" + RFC4519Style.V.b(o((X509Certificate) obj)) + "\"");
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static Collection b(PKIXCertStoreSelector pKIXCertStoreSelector, List list) throws a {
        LinkedHashSet linkedHashSet = new LinkedHashSet();
        for (Object obj : list) {
            if (obj instanceof Store) {
                try {
                    linkedHashSet.addAll(((Store) obj).a(pKIXCertStoreSelector));
                } catch (StoreException e2) {
                    throw new a("Problem while picking certificates from X.509 store.", e2);
                }
            } else {
                try {
                    linkedHashSet.addAll(PKIXCertStoreSelector.b(pKIXCertStoreSelector, (CertStore) obj));
                } catch (CertStoreException e3) {
                    throw new a("Problem while picking certificates from certificate store.", e3);
                }
            }
        }
        return linkedHashSet;
    }

    static Collection c(X509Certificate x509Certificate, List list, List list2) throws a {
        byte[] t;
        X509CertSelector x509CertSelector = new X509CertSelector();
        try {
            x509CertSelector.setSubject(x509Certificate.getIssuerX500Principal().getEncoded());
            try {
                byte[] extensionValue = x509Certificate.getExtensionValue(f6088n);
                if (extensionValue != null && (t = AuthorityKeyIdentifier.r(ASN1OctetString.x(extensionValue).z()).t()) != null) {
                    x509CertSelector.setSubjectKeyIdentifier(new DEROctetString(t).getEncoded());
                }
            } catch (Exception unused) {
            }
            PKIXCertStoreSelector a2 = new PKIXCertStoreSelector.Builder(x509CertSelector).a();
            LinkedHashSet linkedHashSet = new LinkedHashSet();
            try {
                ArrayList arrayList = new ArrayList();
                arrayList.addAll(b(a2, list));
                arrayList.addAll(b(a2, list2));
                Iterator it = arrayList.iterator();
                while (it.hasNext()) {
                    linkedHashSet.add((X509Certificate) it.next());
                }
                return linkedHashSet;
            } catch (a e2) {
                throw new a("Issuer certificate cannot be searched.", e2);
            }
        } catch (IOException e3) {
            throw new a("Subject criteria for certificate selector to find issuer certificate could not be set.", e3);
        }
    }

    protected static TrustAnchor d(X509Certificate x509Certificate, Set set) throws a {
        return e(x509Certificate, set, null);
    }

    protected static TrustAnchor e(X509Certificate x509Certificate, Set set, String str) throws a {
        X509CertSelector x509CertSelector = new X509CertSelector();
        X500Name o2 = o(x509Certificate);
        try {
            x509CertSelector.setSubject(o2.getEncoded());
            Iterator it = set.iterator();
            TrustAnchor trustAnchor = null;
            Exception e2 = null;
            PublicKey publicKey = null;
            while (it.hasNext() && trustAnchor == null) {
                trustAnchor = (TrustAnchor) it.next();
                if (trustAnchor.getTrustedCert() != null) {
                    if (x509CertSelector.match(trustAnchor.getTrustedCert())) {
                        publicKey = trustAnchor.getTrustedCert().getPublicKey();
                    }
                    trustAnchor = null;
                } else {
                    if (trustAnchor.getCAName() != null && trustAnchor.getCAPublicKey() != null) {
                        try {
                            if (o2.equals(t(trustAnchor.getCA()))) {
                                publicKey = trustAnchor.getCAPublicKey();
                            }
                        } catch (IllegalArgumentException unused) {
                        }
                    }
                    trustAnchor = null;
                }
                if (publicKey != null) {
                    try {
                        y(x509Certificate, publicKey, str);
                    } catch (Exception e3) {
                        e2 = e3;
                        trustAnchor = null;
                        publicKey = null;
                    }
                }
            }
            if (trustAnchor != null || e2 == null) {
                return trustAnchor;
            }
            throw new a("TrustAnchor found but certificate validation failed.", e2);
        } catch (IOException e4) {
            throw new a("Cannot set subject search criteria for trust anchor.", e4);
        }
    }

    static List f(byte[] bArr, Map map) throws CertificateParsingException {
        if (bArr == null) {
            return Collections.EMPTY_LIST;
        }
        GeneralName[] s2 = GeneralNames.q(ASN1OctetString.x(bArr).z()).s();
        ArrayList arrayList = new ArrayList();
        for (int i2 = 0; i2 != s2.length; i2++) {
            PKIXCertStore pKIXCertStore = (PKIXCertStore) map.get(s2[i2]);
            if (pKIXCertStore != null) {
                arrayList.add(pKIXCertStore);
            }
        }
        return arrayList;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static List g(CRLDistPoint cRLDistPoint, Map map) throws a {
        if (cRLDistPoint == null) {
            return Collections.EMPTY_LIST;
        }
        try {
            DistributionPoint[] p2 = cRLDistPoint.p();
            ArrayList arrayList = new ArrayList();
            for (DistributionPoint distributionPoint : p2) {
                DistributionPointName q2 = distributionPoint.q();
                if (q2 != null && q2.s() == 0) {
                    for (GeneralName generalName : GeneralNames.q(q2.r()).s()) {
                        PKIXCRLStore pKIXCRLStore = (PKIXCRLStore) map.get(generalName);
                        if (pKIXCRLStore != null) {
                            arrayList.add(pKIXCRLStore);
                        }
                    }
                }
            }
            return arrayList;
        } catch (Exception e2) {
            throw new a("Distribution points could not be read.", e2);
        }
    }

    protected static AlgorithmIdentifier h(PublicKey publicKey) throws CertPathValidatorException {
        try {
            return SubjectPublicKeyInfo.q(new ASN1InputStream(publicKey.getEncoded()).p()).o();
        } catch (Exception e2) {
            throw new CertPathValidatorException("subject public key cannot be decoded", e2);
        }
    }

    protected static void i(DistributionPoint distributionPoint, Collection collection, X509CRLSelector x509CRLSelector) throws a {
        ArrayList arrayList = new ArrayList();
        if (distributionPoint.p() != null) {
            GeneralName[] s2 = distributionPoint.p().s();
            for (int i2 = 0; i2 < s2.length; i2++) {
                if (s2[i2].b() == 4) {
                    try {
                        arrayList.add(X500Name.q(s2[i2].r()));
                    } catch (IllegalArgumentException e2) {
                        throw new a("CRL issuer information from distribution point cannot be decoded.", e2);
                    }
                }
            }
        } else {
            if (distributionPoint.q() == null) {
                throw new a("CRL issuer is omitted from distribution point but no distributionPoint field present.", null);
            }
            Iterator it = collection.iterator();
            while (it.hasNext()) {
                arrayList.add(it.next());
            }
        }
        Iterator it2 = arrayList.iterator();
        while (it2.hasNext()) {
            try {
                x509CRLSelector.addIssuerName(((X500Name) it2.next()).getEncoded());
            } catch (IOException e3) {
                throw new a("Cannot decode CRL issuer information.", e3);
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static void j(Date date, X509CRL x509crl, Object obj, c cVar) throws a {
        X509CRLEntry revokedCertificate;
        try {
            boolean v = v(x509crl);
            X509Certificate x509Certificate = (X509Certificate) obj;
            X500Name o2 = o(x509Certificate);
            if ((v || o2.equals(n(x509crl))) && (revokedCertificate = x509crl.getRevokedCertificate(x509Certificate.getSerialNumber())) != null) {
                if (v) {
                    X500Principal certificateIssuer = revokedCertificate.getCertificateIssuer();
                    if (!o2.equals(certificateIssuer == null ? n(x509crl) : t(certificateIssuer))) {
                        return;
                    }
                }
                int i2 = 0;
                if (revokedCertificate.hasExtensions()) {
                    try {
                        ASN1Enumerated y = ASN1Enumerated.y(m(revokedCertificate, Extension.G5));
                        if (y != null) {
                            i2 = y.C();
                        }
                    } catch (Exception e2) {
                        throw new a("Reason code CRL entry extension could not be decoded.", e2);
                    }
                }
                Date revocationDate = revokedCertificate.getRevocationDate();
                if (!date.before(revocationDate) || i2 == 0 || i2 == 1 || i2 == 2 || i2 == 10) {
                    cVar.c(i2);
                    cVar.d(revocationDate);
                }
            }
        } catch (CRLException e3) {
            throw new a("Failed check for indirect CRL.", e3);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static Set k(DistributionPoint distributionPoint, Object obj, Date date, List list, List list2) throws a, b {
        X509CRLSelector x509CRLSelector = new X509CRLSelector();
        try {
            HashSet hashSet = new HashSet();
            hashSet.add(o((X509Certificate) obj));
            i(distributionPoint, hashSet, x509CRLSelector);
            if (obj instanceof X509Certificate) {
                x509CRLSelector.setCertificateChecking((X509Certificate) obj);
            }
            Set b2 = f6075a.b(new PKIXCRLStoreSelector.Builder(x509CRLSelector).h(true).g(), date, list, list2);
            a(b2, obj);
            return b2;
        } catch (a e2) {
            throw new a("Could not get issuer information from distribution point.", e2);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static Set l(Date date, X509CRL x509crl, List list, List list2) throws a {
        X509CRLSelector x509CRLSelector = new X509CRLSelector();
        try {
            x509CRLSelector.addIssuerName(x509crl.getIssuerX500Principal().getEncoded());
            try {
                ASN1Primitive m2 = m(x509crl, Extension.F5);
                BigInteger z = m2 != null ? ASN1Integer.x(m2).z() : null;
                try {
                    byte[] extensionValue = x509crl.getExtensionValue(f6083i);
                    x509CRLSelector.setMinCRLNumber(z != null ? z.add(BigInteger.valueOf(1L)) : null);
                    PKIXCRLStoreSelector.Builder builder = new PKIXCRLStoreSelector.Builder(x509CRLSelector);
                    builder.j(extensionValue);
                    builder.k(true);
                    builder.l(z);
                    Set<X509CRL> b2 = f6075a.b(builder.g(), date, list, list2);
                    HashSet hashSet = new HashSet();
                    for (X509CRL x509crl2 : b2) {
                        if (u(x509crl2)) {
                            hashSet.add(x509crl2);
                        }
                    }
                    return hashSet;
                } catch (Exception e2) {
                    throw new a("issuing distribution point extension value could not be read", e2);
                }
            } catch (Exception e3) {
                throw new a("cannot extract CRL number extension from CRL", e3);
            }
        } catch (IOException e4) {
            throw new a("cannot extract issuer from CRL.", e4);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static ASN1Primitive m(X509Extension x509Extension, ASN1ObjectIdentifier aSN1ObjectIdentifier) throws a {
        byte[] extensionValue = x509Extension.getExtensionValue(aSN1ObjectIdentifier.B());
        if (extensionValue == null) {
            return null;
        }
        return q(aSN1ObjectIdentifier, extensionValue);
    }

    private static X500Name n(X509CRL x509crl) {
        return t(x509crl.getIssuerX500Principal());
    }

    private static X500Name o(X509Certificate x509Certificate) {
        return t(x509Certificate.getIssuerX500Principal());
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static PublicKey p(List list, int i2, JcaJceHelper jcaJceHelper) throws CertPathValidatorException {
        DSAPublicKey dSAPublicKey;
        PublicKey publicKey = ((Certificate) list.get(i2)).getPublicKey();
        if (!(publicKey instanceof DSAPublicKey)) {
            return publicKey;
        }
        DSAPublicKey dSAPublicKey2 = (DSAPublicKey) publicKey;
        if (dSAPublicKey2.getParams() != null) {
            return dSAPublicKey2;
        }
        do {
            i2++;
            if (i2 >= list.size()) {
                throw new CertPathValidatorException("DSA parameters cannot be inherited from previous certificate.");
            }
            PublicKey publicKey2 = ((X509Certificate) list.get(i2)).getPublicKey();
            if (!(publicKey2 instanceof DSAPublicKey)) {
                throw new CertPathValidatorException("DSA parameters cannot be inherited from previous certificate.");
            }
            dSAPublicKey = (DSAPublicKey) publicKey2;
        } while (dSAPublicKey.getParams() == null);
        DSAParams params = dSAPublicKey.getParams();
        try {
            return jcaJceHelper.a(g.a.f513b).generatePublic(new DSAPublicKeySpec(dSAPublicKey2.getY(), params.getP(), params.getQ(), params.getG()));
        } catch (Exception e2) {
            throw new RuntimeException(e2.getMessage());
        }
    }

    private static ASN1Primitive q(ASN1ObjectIdentifier aSN1ObjectIdentifier, byte[] bArr) throws a {
        try {
            return ASN1Primitive.t(ASN1OctetString.x(bArr).z());
        } catch (Exception e2) {
            throw new a(y.a("exception processing extension ", aSN1ObjectIdentifier), e2);
        }
    }

    protected static Date r(PKIXExtendedParameters pKIXExtendedParameters, CertPath certPath, int i2) throws a {
        if (pKIXExtendedParameters.w() == 1 && i2 > 0) {
            int i3 = i2 - 1;
            if (i3 == 0) {
                try {
                    byte[] extensionValue = ((X509Certificate) certPath.getCertificates().get(i3)).getExtensionValue(ISISMTTObjectIdentifiers.f1394e.B());
                    ASN1GeneralizedTime B = extensionValue != null ? ASN1GeneralizedTime.B(ASN1Primitive.t(extensionValue)) : null;
                    if (B != null) {
                        try {
                            return B.A();
                        } catch (ParseException e2) {
                            throw new a("Date from date of cert gen extension could not be parsed.", e2);
                        }
                    }
                } catch (IOException unused) {
                    throw new a("Date of cert gen extension could not be read.", null);
                } catch (IllegalArgumentException unused2) {
                    throw new a("Date of cert gen extension could not be read.", null);
                }
            }
            return ((X509Certificate) certPath.getCertificates().get(i3)).getNotBefore();
        }
        return s(pKIXExtendedParameters);
    }

    protected static Date s(PKIXExtendedParameters pKIXExtendedParameters) {
        Date o2 = pKIXExtendedParameters.o();
        return o2 == null ? new Date() : o2;
    }

    private static X500Name t(X500Principal x500Principal) {
        return X500Name.q(x500Principal.getEncoded());
    }

    private static boolean u(X509CRL x509crl) {
        Set<String> criticalExtensionOIDs = x509crl.getCriticalExtensionOIDs();
        if (criticalExtensionOIDs == null) {
            return false;
        }
        return criticalExtensionOIDs.contains(e.f6068d);
    }

    public static boolean v(X509CRL x509crl) throws CRLException {
        try {
            byte[] extensionValue = x509crl.getExtensionValue(Extension.K5.B());
            if (extensionValue != null) {
                if (IssuingDistributionPoint.r(ASN1OctetString.x(extensionValue).z()).u()) {
                    return true;
                }
            }
            return false;
        } catch (Exception e2) {
            throw new CRLException("exception reading IssuingDistributionPoint", e2);
        }
    }

    static boolean w(X509Certificate x509Certificate, Set set, String str) throws a {
        try {
            return e(x509Certificate, set, str) != null;
        } catch (Exception unused) {
            return false;
        }
    }

    protected static boolean x(X509Certificate x509Certificate) {
        return x509Certificate.getSubjectDN().equals(x509Certificate.getIssuerDN());
    }

    protected static void y(X509Certificate x509Certificate, PublicKey publicKey, String str) throws GeneralSecurityException {
        if (str == null) {
            x509Certificate.verify(publicKey);
        } else {
            x509Certificate.verify(publicKey, str);
        }
    }
}
