package iw;

import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.math.BigInteger;
import java.net.URI;
import java.security.GeneralSecurityException;
import java.security.PublicKey;
import java.security.cert.CRL;
import java.security.cert.CRLException;
import java.security.cert.CertPath;
import java.security.cert.CertPathBuilderException;
import java.security.cert.CertPathValidatorException;
import java.security.cert.CertStore;
import java.security.cert.CertStoreException;
import java.security.cert.Certificate;
import java.security.cert.CertificateFactory;
import java.security.cert.CertificateParsingException;
import java.security.cert.PolicyQualifierInfo;
import java.security.cert.TrustAnchor;
import java.security.cert.X509CRL;
import java.security.cert.X509CRLEntry;
import java.security.cert.X509CRLSelector;
import java.security.cert.X509CertSelector;
import java.security.cert.X509Certificate;
import java.security.cert.X509Extension;
import java.security.interfaces.DSAParams;
import java.security.interfaces.DSAPublicKey;
import java.security.spec.DSAPublicKeySpec;
import java.text.ParseException;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Collections;
import java.util.Date;
import java.util.Enumeration;
import java.util.HashSet;
import java.util.Iterator;
import java.util.LinkedHashSet;
import java.util.List;
import java.util.Map;
import java.util.Set;
import javax.security.auth.x500.X500Principal;
import ku.u0;
import mv.d0;
import ov.l;
import ov.p;

/* loaded from: classes3.dex */
public class c {

    /* renamed from: a, reason: collision with root package name */
    public static final l f33215a = new l();

    /* renamed from: b, reason: collision with root package name */
    public static final String f33216b = mv.o.C.B();

    /* renamed from: c, reason: collision with root package name */
    public static final String f33217c = mv.o.f37890l.B();

    /* renamed from: d, reason: collision with root package name */
    public static final String f33218d = mv.o.D.B();

    /* renamed from: e, reason: collision with root package name */
    public static final String f33219e = mv.o.f37888h.B();

    /* renamed from: f, reason: collision with root package name */
    public static final String f33220f = mv.o.f37899y.B();

    /* renamed from: g, reason: collision with root package name */
    public static final String f33221g = mv.o.f37885f.B();

    /* renamed from: h, reason: collision with root package name */
    public static final String f33222h = mv.o.M.B();

    /* renamed from: i, reason: collision with root package name */
    public static final String f33223i = mv.o.f37896t.B();

    /* renamed from: j, reason: collision with root package name */
    public static final String f33224j = mv.o.f37895r.B();

    /* renamed from: k, reason: collision with root package name */
    public static final String f33225k = mv.o.H.B();

    /* renamed from: l, reason: collision with root package name */
    public static final String f33226l = mv.o.L.B();

    /* renamed from: m, reason: collision with root package name */
    public static final String f33227m = mv.o.f37901z.B();

    /* renamed from: n, reason: collision with root package name */
    public static final String f33228n = mv.o.F.B();

    /* renamed from: o, reason: collision with root package name */
    public static final String f33229o = mv.o.f37891m.B();

    /* renamed from: p, reason: collision with root package name */
    public static final String[] f33230p = {"unspecified", "keyCompromise", "cACompromise", "affiliationChanged", "superseded", "cessationOfOperation", "certificateHold", "unknown", "removeFromCRL", "privilegeWithdrawn", "aACompromise"};

    public static void A(List[] listArr, n nVar) {
        listArr[nVar.getDepth()].remove(nVar);
        if (nVar.c()) {
            Iterator children = nVar.getChildren();
            while (children.hasNext()) {
                A(listArr, (n) children.next());
            }
        }
    }

    public static void B(X509Certificate x509Certificate, PublicKey publicKey, String str) throws GeneralSecurityException {
        if (str == null) {
            x509Certificate.verify(publicKey);
        } else {
            x509Certificate.verify(publicKey, str);
        }
    }

    public static void a(ov.n nVar, Set set, Object obj) throws y {
        if (set.isEmpty()) {
            if (obj instanceof ox.h) {
                new StringBuilder().append("No CRLs found for issuer \"");
                ((ox.h) obj).i();
                throw null;
            }
            throw new y("No CRLs found for issuer \"" + lv.b.V.d(o.e((X509Certificate) obj)) + "\"", null, nVar.a(), nVar.b());
        }
    }

    public static Collection b(ov.p pVar, List list) throws a {
        LinkedHashSet linkedHashSet = new LinkedHashSet();
        for (Object obj : list) {
            if (obj instanceof kx.i) {
                linkedHashSet.addAll(((kx.i) obj).a(pVar));
            } else {
                try {
                    linkedHashSet.addAll(ov.p.c(pVar, (CertStore) obj));
                } catch (CertStoreException e10) {
                    throw new a("Problem while picking certificates from certificate store.", e10);
                }
            }
        }
        return linkedHashSet;
    }

    public static Collection c(X509Certificate x509Certificate, List<CertStore> list, List<ov.o> list2) throws a {
        byte[] m10;
        X509CertSelector x509CertSelector = new X509CertSelector();
        try {
            x509CertSelector.setSubject(o.e(x509Certificate).getEncoded());
            try {
                byte[] extensionValue = x509Certificate.getExtensionValue(f33228n);
                if (extensionValue != null && (m10 = mv.d.j(ku.n.x(extensionValue).z()).m()) != null) {
                    x509CertSelector.setSubjectKeyIdentifier(new u0(m10).getEncoded());
                }
            } catch (Exception unused) {
            }
            ov.p<? extends Certificate> a10 = new p.b(x509CertSelector).a();
            LinkedHashSet linkedHashSet = new LinkedHashSet();
            try {
                ArrayList arrayList = new ArrayList();
                arrayList.addAll(b(a10, list));
                arrayList.addAll(b(a10, list2));
                Iterator it = arrayList.iterator();
                while (it.hasNext()) {
                    linkedHashSet.add((X509Certificate) it.next());
                }
                return linkedHashSet;
            } catch (a e10) {
                throw new a("Issuer certificate cannot be searched.", e10);
            }
        } catch (Exception e11) {
            throw new a("Subject criteria for certificate selector to find issuer certificate could not be set.", e11);
        }
    }

    public static Collection d(ov.q qVar) throws CertPathBuilderException {
        ov.p v10 = qVar.a().v();
        try {
            Collection b10 = b(v10, qVar.a().o());
            b10.addAll(b(v10, qVar.a().n()));
            if (!b10.isEmpty()) {
                return b10;
            }
            Certificate b11 = v10.b();
            if (b11 != null) {
                return Collections.singleton(b11);
            }
            throw new CertPathBuilderException("No certificate found matching targetConstraints.");
        } catch (a e10) {
            throw new gw.a("Error finding target certificate.", e10);
        }
    }

    public static TrustAnchor e(X509Certificate x509Certificate, Set set, String str) throws a {
        X509CertSelector x509CertSelector = new X509CertSelector();
        X500Principal issuerX500Principal = x509Certificate.getIssuerX500Principal();
        x509CertSelector.setSubject(issuerX500Principal);
        Iterator it = set.iterator();
        TrustAnchor trustAnchor = null;
        Exception e10 = null;
        kv.c cVar = null;
        PublicKey publicKey = null;
        while (it.hasNext() && trustAnchor == null) {
            trustAnchor = (TrustAnchor) it.next();
            if (trustAnchor.getTrustedCert() != null) {
                if (x509CertSelector.match(trustAnchor.getTrustedCert())) {
                    publicKey = trustAnchor.getTrustedCert().getPublicKey();
                }
                trustAnchor = null;
            } else {
                if (trustAnchor.getCA() != null && trustAnchor.getCAName() != null && trustAnchor.getCAPublicKey() != null) {
                    if (cVar == null) {
                        cVar = kv.c.j(issuerX500Principal.getEncoded());
                    }
                    try {
                        if (cVar.equals(kv.c.j(trustAnchor.getCA().getEncoded()))) {
                            publicKey = trustAnchor.getCAPublicKey();
                        }
                    } catch (IllegalArgumentException unused) {
                    }
                }
                trustAnchor = null;
            }
            if (publicKey != null) {
                try {
                    B(x509Certificate, publicKey, str);
                } catch (Exception e11) {
                    e10 = e11;
                    trustAnchor = null;
                    publicKey = null;
                }
            }
        }
        if (trustAnchor != null || e10 == null) {
            return trustAnchor;
        }
        throw new a("TrustAnchor found but certificate validation failed.", e10);
    }

    public static List<ov.o> f(byte[] bArr, Map<mv.q, ov.o> map) throws CertificateParsingException {
        if (bArr == null) {
            return Collections.EMPTY_LIST;
        }
        mv.q[] o10 = mv.r.m(ku.n.x(bArr).z()).o();
        ArrayList arrayList = new ArrayList();
        for (int i10 = 0; i10 != o10.length; i10++) {
            ov.o oVar = map.get(o10[i10]);
            if (oVar != null) {
                arrayList.add(oVar);
            }
        }
        return arrayList;
    }

    public static List<ov.k> g(mv.f fVar, Map<mv.q, ov.k> map, Date date, ew.a aVar) throws a {
        if (fVar == null) {
            return Collections.EMPTY_LIST;
        }
        try {
            mv.m[] j10 = fVar.j();
            ArrayList arrayList = new ArrayList();
            for (mv.m mVar : j10) {
                mv.n n10 = mVar.n();
                if (n10 != null && n10.p() == 0) {
                    for (mv.q qVar : mv.r.m(n10.o()).o()) {
                        ov.k kVar = map.get(qVar);
                        if (kVar != null) {
                            arrayList.add(kVar);
                        }
                    }
                }
            }
            if (arrayList.isEmpty() && kx.g.c("org.bouncycastle.x509.enableCRLDP")) {
                try {
                    CertificateFactory d10 = aVar.d("X.509");
                    for (int i10 = 0; i10 < j10.length; i10++) {
                        mv.n n11 = j10[i10].n();
                        if (n11 != null && n11.p() == 0) {
                            mv.q[] o10 = mv.r.m(n11.o()).o();
                            int i11 = 0;
                            while (true) {
                                if (i11 < o10.length) {
                                    mv.q qVar2 = o10[i10];
                                    if (qVar2.p() == 6) {
                                        try {
                                            ov.k a10 = e.a(d10, date, new URI(((ku.x) qVar2.o()).f()));
                                            if (a10 != null) {
                                                arrayList.add(a10);
                                            }
                                        } catch (Exception unused) {
                                            continue;
                                        }
                                    }
                                    i11++;
                                }
                            }
                        }
                    }
                } catch (Exception e10) {
                    throw new a("cannot create certificate factory: " + e10.getMessage(), e10);
                }
            }
            return arrayList;
        } catch (Exception e11) {
            throw new a("Distribution points could not be read.", e11);
        }
    }

    public static mv.b h(PublicKey publicKey) throws CertPathValidatorException {
        try {
            return d0.m(new ku.j(publicKey.getEncoded()).q()).j();
        } catch (Exception e10) {
            throw new gw.b("Subject public key cannot be decoded.", e10);
        }
    }

    public static void i(mv.m mVar, Collection collection, X509CRLSelector x509CRLSelector) throws a {
        ArrayList arrayList = new ArrayList();
        if (mVar.m() != null) {
            mv.q[] o10 = mVar.m().o();
            for (int i10 = 0; i10 < o10.length; i10++) {
                if (o10[i10].p() == 4) {
                    try {
                        arrayList.add(kv.c.j(o10[i10].o().d().getEncoded()));
                    } catch (IOException e10) {
                        throw new a("CRL issuer information from distribution point cannot be decoded.", e10);
                    }
                }
            }
        } else {
            if (mVar.n() == null) {
                throw new a("CRL issuer is omitted from distribution point but no distributionPoint field present.");
            }
            Iterator it = collection.iterator();
            while (it.hasNext()) {
                arrayList.add(it.next());
            }
        }
        Iterator it2 = arrayList.iterator();
        while (it2.hasNext()) {
            try {
                x509CRLSelector.addIssuerName(((kv.c) it2.next()).getEncoded());
            } catch (IOException e11) {
                throw new a("Cannot decode CRL issuer information.", e11);
            }
        }
    }

    public static void j(Date date, X509CRL x509crl, Object obj, d dVar) throws a {
        X509CRLEntry revokedCertificate;
        ku.f fVar;
        try {
            if (b0.c(x509crl)) {
                revokedCertificate = x509crl.getRevokedCertificate(q(obj));
                if (revokedCertificate == null) {
                    return;
                }
                X500Principal certificateIssuer = revokedCertificate.getCertificateIssuer();
                if (!o.c(obj).equals(certificateIssuer == null ? o.d(x509crl) : o.g(certificateIssuer))) {
                    return;
                }
            } else if (!o.c(obj).equals(o.d(x509crl)) || (revokedCertificate = x509crl.getRevokedCertificate(q(obj))) == null) {
                return;
            }
            if (!revokedCertificate.hasExtensions()) {
                fVar = null;
            } else {
                if (revokedCertificate.hasUnsupportedCriticalExtension()) {
                    throw new a("CRL entry has unsupported critical extensions.");
                }
                try {
                    fVar = ku.f.y(m(revokedCertificate, mv.o.f37892n.B()));
                } catch (Exception e10) {
                    throw new a("Reason code CRL entry extension could not be decoded.", e10);
                }
            }
            int B = fVar == null ? 0 : fVar.B();
            if (date.getTime() >= revokedCertificate.getRevocationDate().getTime() || B == 0 || B == 1 || B == 2 || B == 10) {
                dVar.c(B);
                dVar.d(revokedCertificate.getRevocationDate());
            }
        } catch (CRLException e11) {
            throw new a("Failed check for indirect CRL.", e11);
        }
    }

    public static Set k(ov.n nVar, mv.m mVar, Object obj, Date date, ov.r rVar) throws a, y {
        X509CRLSelector x509CRLSelector = new X509CRLSelector();
        try {
            HashSet hashSet = new HashSet();
            hashSet.add(o.c(obj));
            i(mVar, hashSet, x509CRLSelector);
            if (obj instanceof X509Certificate) {
                x509CRLSelector.setCertificateChecking((X509Certificate) obj);
            }
            ov.l<? extends CRL> g10 = new l.b(x509CRLSelector).h(true).g();
            if (rVar.p() != null) {
                date = rVar.p();
            }
            Set b10 = f33215a.b(g10, date, rVar.n(), rVar.l());
            a(nVar, b10, obj);
            return b10;
        } catch (a e10) {
            throw new a("Could not get issuer information from distribution point.", e10);
        }
    }

    public static Set l(Date date, X509CRL x509crl, List<CertStore> list, List<ov.k> list2, ew.a aVar) throws a {
        X509CRLSelector x509CRLSelector = new X509CRLSelector();
        try {
            x509CRLSelector.addIssuerName(o.d(x509crl).getEncoded());
            try {
                ku.r m10 = m(x509crl, f33229o);
                BigInteger z10 = m10 != null ? ku.k.x(m10).z() : null;
                try {
                    byte[] extensionValue = x509crl.getExtensionValue(f33223i);
                    x509CRLSelector.setMinCRLNumber(z10 != null ? z10.add(BigInteger.valueOf(1L)) : null);
                    l.b bVar = new l.b(x509CRLSelector);
                    bVar.i(extensionValue);
                    bVar.j(true);
                    bVar.k(z10);
                    ov.l<? extends CRL> g10 = bVar.g();
                    Set<X509CRL> b10 = f33215a.b(g10, date, list, list2);
                    if (b10.isEmpty() && kx.g.c("org.bouncycastle.x509.enableCRLDP")) {
                        try {
                            CertificateFactory d10 = aVar.d("X.509");
                            mv.m[] j10 = mv.f.m(extensionValue).j();
                            for (int i10 = 0; i10 < j10.length; i10++) {
                                mv.n n10 = j10[i10].n();
                                if (n10 != null && n10.p() == 0) {
                                    mv.q[] o10 = mv.r.m(n10.o()).o();
                                    int i11 = 0;
                                    while (true) {
                                        if (i11 < o10.length) {
                                            mv.q qVar = o10[i10];
                                            if (qVar.p() == 6) {
                                                try {
                                                    ov.k a10 = e.a(d10, date, new URI(((ku.x) qVar.o()).f()));
                                                    if (a10 != null) {
                                                        b10 = f33215a.b(g10, date, Collections.emptyList(), Collections.singletonList(a10));
                                                    }
                                                } catch (Exception unused) {
                                                    continue;
                                                }
                                            }
                                            i11++;
                                        }
                                    }
                                }
                            }
                        } catch (Exception e10) {
                            throw new a("cannot create certificate factory: " + e10.getMessage(), e10);
                        }
                    }
                    HashSet hashSet = new HashSet();
                    for (X509CRL x509crl2 : b10) {
                        if (u(x509crl2)) {
                            hashSet.add(x509crl2);
                        }
                    }
                    return hashSet;
                } catch (Exception e11) {
                    throw new a("Issuing distribution point extension value could not be read.", e11);
                }
            } catch (Exception e12) {
                throw new a("CRL number extension could not be extracted from CRL.", e12);
            }
        } catch (IOException e13) {
            throw new a("Cannot extract issuer from CRL.", e13);
        }
    }

    public static ku.r m(X509Extension x509Extension, String str) throws a {
        byte[] extensionValue = x509Extension.getExtensionValue(str);
        if (extensionValue == null) {
            return null;
        }
        return o(str, extensionValue);
    }

    public static PublicKey n(List list, int i10, ew.a aVar) throws CertPathValidatorException {
        DSAPublicKey dSAPublicKey;
        PublicKey publicKey = ((Certificate) list.get(i10)).getPublicKey();
        if (!(publicKey instanceof DSAPublicKey)) {
            return publicKey;
        }
        DSAPublicKey dSAPublicKey2 = (DSAPublicKey) publicKey;
        if (dSAPublicKey2.getParams() != null) {
            return dSAPublicKey2;
        }
        do {
            i10++;
            if (i10 >= list.size()) {
                throw new CertPathValidatorException("DSA parameters cannot be inherited from previous certificate.");
            }
            PublicKey publicKey2 = ((X509Certificate) list.get(i10)).getPublicKey();
            if (!(publicKey2 instanceof DSAPublicKey)) {
                throw new CertPathValidatorException("DSA parameters cannot be inherited from previous certificate.");
            }
            dSAPublicKey = (DSAPublicKey) publicKey2;
        } while (dSAPublicKey.getParams() == null);
        DSAParams params = dSAPublicKey.getParams();
        try {
            return aVar.f("DSA").generatePublic(new DSAPublicKeySpec(dSAPublicKey2.getY(), params.getP(), params.getQ(), params.getG()));
        } catch (Exception e10) {
            throw new RuntimeException(e10.getMessage());
        }
    }

    public static ku.r o(String str, byte[] bArr) throws a {
        try {
            return ku.r.r(ku.n.x(new ku.j(bArr).q()).z());
        } catch (Exception e10) {
            throw new a("exception processing extension " + str, e10);
        }
    }

    public static final Set p(ku.s sVar) throws CertPathValidatorException {
        HashSet hashSet = new HashSet();
        if (sVar == null) {
            return hashSet;
        }
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        ku.p a10 = ku.p.a(byteArrayOutputStream);
        Enumeration A = sVar.A();
        while (A.hasMoreElements()) {
            try {
                a10.s((ku.e) A.nextElement());
                hashSet.add(new PolicyQualifierInfo(byteArrayOutputStream.toByteArray()));
                byteArrayOutputStream.reset();
            } catch (IOException e10) {
                throw new gw.b("Policy qualifier info cannot be decoded.", e10);
            }
        }
        return hashSet;
    }

    public static BigInteger q(Object obj) {
        return ((X509Certificate) obj).getSerialNumber();
    }

    public static Date r(ov.r rVar, CertPath certPath, int i10) throws a {
        if (rVar.x() == 1 && i10 > 0) {
            int i11 = i10 - 1;
            if (i11 == 0) {
                try {
                    byte[] extensionValue = ((X509Certificate) certPath.getCertificates().get(i11)).getExtensionValue(wu.a.f49665e.B());
                    ku.i B = extensionValue != null ? ku.i.B(ku.r.r(extensionValue)) : null;
                    if (B != null) {
                        try {
                            return B.A();
                        } catch (ParseException e10) {
                            throw new a("Date from date of cert gen extension could not be parsed.", e10);
                        }
                    }
                } catch (IOException unused) {
                    throw new a("Date of cert gen extension could not be read.");
                } catch (IllegalArgumentException unused2) {
                    throw new a("Date of cert gen extension could not be read.");
                }
            }
            return ((X509Certificate) certPath.getCertificates().get(i11)).getNotBefore();
        }
        return s(rVar);
    }

    public static Date s(ov.r rVar) {
        Date p10 = rVar.p();
        return p10 == null ? new Date() : p10;
    }

    public static boolean t(Set set) {
        return set == null || set.contains("2.5.29.32.0") || set.isEmpty();
    }

    public static boolean u(X509CRL x509crl) {
        Set<String> criticalExtensionOIDs = x509crl.getCriticalExtensionOIDs();
        if (criticalExtensionOIDs == null) {
            return false;
        }
        return criticalExtensionOIDs.contains(v.f33269h);
    }

    public static boolean v(X509Certificate x509Certificate, Set set, String str) throws a {
        try {
            return e(x509Certificate, set, str) != null;
        } catch (Exception unused) {
            return false;
        }
    }

    public static boolean w(X509Certificate x509Certificate) {
        return x509Certificate.getSubjectDN().equals(x509Certificate.getIssuerDN());
    }

    public static boolean x(int i10, List[] listArr, ku.m mVar, Set set) {
        List list = listArr[i10 - 1];
        for (int i11 = 0; i11 < list.size(); i11++) {
            n nVar = (n) list.get(i11);
            if (nVar.getExpectedPolicies().contains(mVar.B())) {
                HashSet hashSet = new HashSet();
                hashSet.add(mVar.B());
                n nVar2 = new n(new ArrayList(), i10, hashSet, nVar, set, mVar.B(), false);
                nVar.a(nVar2);
                listArr[i10].add(nVar2);
                return true;
            }
        }
        return false;
    }

    public static void y(int i10, List[] listArr, ku.m mVar, Set set) {
        List list = listArr[i10 - 1];
        for (int i11 = 0; i11 < list.size(); i11++) {
            n nVar = (n) list.get(i11);
            if ("2.5.29.32.0".equals(nVar.getValidPolicy())) {
                HashSet hashSet = new HashSet();
                hashSet.add(mVar.B());
                n nVar2 = new n(new ArrayList(), i10, hashSet, nVar, set, mVar.B(), false);
                nVar.a(nVar2);
                listArr[i10].add(nVar2);
                return;
            }
        }
    }

    public static n z(n nVar, List[] listArr, n nVar2) {
        n nVar3 = (n) nVar2.getParent();
        if (nVar == null) {
            return null;
        }
        if (nVar3 != null) {
            nVar3.d(nVar2);
            A(listArr, nVar2);
            return nVar;
        }
        for (int i10 = 0; i10 < listArr.length; i10++) {
            listArr[i10] = new ArrayList();
        }
        return null;
    }
}
