package org.spongycastle.jce.provider;

import java.io.IOException;
import java.math.BigInteger;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.Principal;
import java.security.PublicKey;
import java.security.Signature;
import java.security.SignatureException;
import java.security.cert.CRLException;
import java.security.cert.Certificate;
import java.security.cert.CertificateEncodingException;
import java.security.cert.X509CRL;
import java.security.cert.X509CRLEntry;
import java.security.cert.X509Certificate;
import java.util.Collections;
import java.util.Date;
import java.util.Enumeration;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Set;
import javax.security.auth.x500.X500Principal;
import org.spongycastle.asn1.ASN1Encoding;
import org.spongycastle.asn1.ASN1InputStream;
import org.spongycastle.asn1.ASN1Integer;
import org.spongycastle.asn1.ASN1ObjectIdentifier;
import org.spongycastle.asn1.ASN1OctetString;
import org.spongycastle.asn1.util.ASN1Dump;
import org.spongycastle.asn1.x500.X500Name;
import org.spongycastle.asn1.x509.CRLDistPoint;
import org.spongycastle.asn1.x509.CRLNumber;
import org.spongycastle.asn1.x509.CertificateList;
import org.spongycastle.asn1.x509.Extension;
import org.spongycastle.asn1.x509.Extensions;
import org.spongycastle.asn1.x509.GeneralNames;
import org.spongycastle.asn1.x509.IssuingDistributionPoint;
import org.spongycastle.asn1.x509.TBSCertList;
import org.spongycastle.jce.X509Principal;
import org.spongycastle.util.encoders.Hex;

/* loaded from: classes3.dex */
public class X509CRLObject extends X509CRL {
    private byte[] X;
    private boolean Y;
    private boolean Z = false;
    private int p5;

    /* renamed from: x, reason: collision with root package name */
    private CertificateList f29857x;

    /* renamed from: y, reason: collision with root package name */
    private String f29858y;

    public X509CRLObject(CertificateList certificateList) throws CRLException {
        this.f29857x = certificateList;
        try {
            this.f29858y = X509SignatureUtil.b(certificateList.q());
            if (certificateList.q().n() != null) {
                this.X = certificateList.q().n().e().g(ASN1Encoding.f24625a);
            } else {
                this.X = null;
            }
            this.Y = b(this);
        } catch (Exception e4) {
            throw new CRLException("CRL contents invalid: " + e4);
        }
    }

    private Set a(boolean z4) {
        Extensions j4;
        if (getVersion() != 2 || (j4 = this.f29857x.r().j()) == null) {
            return null;
        }
        HashSet hashSet = new HashSet();
        Enumeration s4 = j4.s();
        while (s4.hasMoreElements()) {
            ASN1ObjectIdentifier aSN1ObjectIdentifier = (ASN1ObjectIdentifier) s4.nextElement();
            if (z4 == j4.l(aSN1ObjectIdentifier).o()) {
                hashSet.add(aSN1ObjectIdentifier.u());
            }
        }
        return hashSet;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static boolean b(X509CRL x509crl) throws CRLException {
        try {
            byte[] extensionValue = x509crl.getExtensionValue(Extension.z5.u());
            if (extensionValue != null) {
                if (IssuingDistributionPoint.m(ASN1OctetString.q(extensionValue).s()).p()) {
                    return true;
                }
            }
            return false;
        } catch (Exception e4) {
            throw new ExtCRLException("Exception reading IssuingDistributionPoint", e4);
        }
    }

    private Set e() {
        Extension l4;
        HashSet hashSet = new HashSet();
        Enumeration n4 = this.f29857x.n();
        X500Name x500Name = null;
        while (n4.hasMoreElements()) {
            TBSCertList.CRLEntry cRLEntry = (TBSCertList.CRLEntry) n4.nextElement();
            hashSet.add(new X509CRLEntryObject(cRLEntry, this.Y, x500Name));
            if (this.Y && cRLEntry.n() && (l4 = cRLEntry.j().l(Extension.A5)) != null) {
                x500Name = X500Name.l(GeneralNames.k(l4.n()).m()[0].m());
            }
        }
        return hashSet;
    }

    @Override // java.security.cert.X509CRL
    public boolean equals(Object obj) {
        if (this == obj) {
            return true;
        }
        if (!(obj instanceof X509CRL)) {
            return false;
        }
        if (!(obj instanceof X509CRLObject)) {
            return super.equals(obj);
        }
        X509CRLObject x509CRLObject = (X509CRLObject) obj;
        if (this.Z && x509CRLObject.Z && x509CRLObject.p5 != this.p5) {
            return false;
        }
        return this.f29857x.equals(x509CRLObject.f29857x);
    }

    @Override // java.security.cert.X509Extension
    public Set getCriticalExtensionOIDs() {
        return a(true);
    }

    @Override // java.security.cert.X509CRL
    public byte[] getEncoded() throws CRLException {
        try {
            return this.f29857x.g(ASN1Encoding.f24625a);
        } catch (IOException e4) {
            throw new CRLException(e4.toString());
        }
    }

    @Override // java.security.cert.X509Extension
    public byte[] getExtensionValue(String str) {
        Extension l4;
        Extensions j4 = this.f29857x.r().j();
        if (j4 == null || (l4 = j4.l(new ASN1ObjectIdentifier(str))) == null) {
            return null;
        }
        try {
            return l4.l().f();
        } catch (Exception e4) {
            throw new IllegalStateException("error parsing " + e4.toString());
        }
    }

    @Override // java.security.cert.X509CRL
    public Principal getIssuerDN() {
        return new X509Principal(X500Name.l(this.f29857x.l().e()));
    }

    @Override // java.security.cert.X509CRL
    public X500Principal getIssuerX500Principal() {
        try {
            return new X500Principal(this.f29857x.l().f());
        } catch (IOException unused) {
            throw new IllegalStateException("can't encode issuer DN");
        }
    }

    @Override // java.security.cert.X509CRL
    public Date getNextUpdate() {
        if (this.f29857x.m() != null) {
            return this.f29857x.m().j();
        }
        return null;
    }

    @Override // java.security.cert.X509Extension
    public Set getNonCriticalExtensionOIDs() {
        return a(false);
    }

    @Override // java.security.cert.X509CRL
    public X509CRLEntry getRevokedCertificate(BigInteger bigInteger) {
        Extension l4;
        Enumeration n4 = this.f29857x.n();
        X500Name x500Name = null;
        while (n4.hasMoreElements()) {
            TBSCertList.CRLEntry cRLEntry = (TBSCertList.CRLEntry) n4.nextElement();
            if (bigInteger.equals(cRLEntry.m().t())) {
                return new X509CRLEntryObject(cRLEntry, this.Y, x500Name);
            }
            if (this.Y && cRLEntry.n() && (l4 = cRLEntry.j().l(Extension.A5)) != null) {
                x500Name = X500Name.l(GeneralNames.k(l4.n()).m()[0].m());
            }
        }
        return null;
    }

    @Override // java.security.cert.X509CRL
    public Set getRevokedCertificates() {
        Set e4 = e();
        if (e4.isEmpty()) {
            return null;
        }
        return Collections.unmodifiableSet(e4);
    }

    @Override // java.security.cert.X509CRL
    public String getSigAlgName() {
        return this.f29858y;
    }

    @Override // java.security.cert.X509CRL
    public String getSigAlgOID() {
        return this.f29857x.q().j().u();
    }

    @Override // java.security.cert.X509CRL
    public byte[] getSigAlgParams() {
        byte[] bArr = this.X;
        if (bArr == null) {
            return null;
        }
        int length = bArr.length;
        byte[] bArr2 = new byte[length];
        System.arraycopy(bArr, 0, bArr2, 0, length);
        return bArr2;
    }

    @Override // java.security.cert.X509CRL
    public byte[] getSignature() {
        return this.f29857x.p().s();
    }

    @Override // java.security.cert.X509CRL
    public byte[] getTBSCertList() throws CRLException {
        try {
            return this.f29857x.r().g(ASN1Encoding.f24625a);
        } catch (IOException e4) {
            throw new CRLException(e4.toString());
        }
    }

    @Override // java.security.cert.X509CRL
    public Date getThisUpdate() {
        return this.f29857x.s().j();
    }

    @Override // java.security.cert.X509CRL
    public int getVersion() {
        return this.f29857x.t();
    }

    @Override // java.security.cert.X509Extension
    public boolean hasUnsupportedCriticalExtension() {
        Set criticalExtensionOIDs = getCriticalExtensionOIDs();
        if (criticalExtensionOIDs == null) {
            return false;
        }
        criticalExtensionOIDs.remove(RFC3280CertPathUtilities.f29830e);
        criticalExtensionOIDs.remove(RFC3280CertPathUtilities.f29832g);
        return !criticalExtensionOIDs.isEmpty();
    }

    @Override // java.security.cert.X509CRL
    public int hashCode() {
        if (!this.Z) {
            this.Z = true;
            this.p5 = super.hashCode();
        }
        return this.p5;
    }

    @Override // java.security.cert.CRL
    public boolean isRevoked(Certificate certificate) {
        X500Name m4;
        Extension l4;
        if (!certificate.getType().equals("X.509")) {
            throw new RuntimeException("X.509 CRL used with non X.509 Cert");
        }
        Enumeration n4 = this.f29857x.n();
        X500Name l5 = this.f29857x.l();
        if (n4 != null) {
            X509Certificate x509Certificate = (X509Certificate) certificate;
            BigInteger serialNumber = x509Certificate.getSerialNumber();
            while (n4.hasMoreElements()) {
                TBSCertList.CRLEntry k4 = TBSCertList.CRLEntry.k(n4.nextElement());
                if (this.Y && k4.n() && (l4 = k4.j().l(Extension.A5)) != null) {
                    l5 = X500Name.l(GeneralNames.k(l4.n()).m()[0].m());
                }
                if (k4.m().t().equals(serialNumber)) {
                    if (certificate instanceof X509Certificate) {
                        m4 = X500Name.l(x509Certificate.getIssuerX500Principal().getEncoded());
                    } else {
                        try {
                            m4 = org.spongycastle.asn1.x509.Certificate.k(certificate.getEncoded()).m();
                        } catch (CertificateEncodingException unused) {
                            throw new RuntimeException("Cannot process certificate");
                        }
                    }
                    return l5.equals(m4);
                }
            }
        }
        return false;
    }

    @Override // java.security.cert.CRL
    public String toString() {
        StringBuffer stringBuffer = new StringBuffer();
        String property = System.getProperty("line.separator");
        stringBuffer.append("              Version: ");
        stringBuffer.append(getVersion());
        stringBuffer.append(property);
        stringBuffer.append("             IssuerDN: ");
        stringBuffer.append(getIssuerDN());
        stringBuffer.append(property);
        stringBuffer.append("          This update: ");
        stringBuffer.append(getThisUpdate());
        stringBuffer.append(property);
        stringBuffer.append("          Next update: ");
        stringBuffer.append(getNextUpdate());
        stringBuffer.append(property);
        stringBuffer.append("  Signature Algorithm: ");
        stringBuffer.append(getSigAlgName());
        stringBuffer.append(property);
        byte[] signature = getSignature();
        stringBuffer.append("            Signature: ");
        stringBuffer.append(new String(Hex.g(signature, 0, 20)));
        stringBuffer.append(property);
        for (int i4 = 20; i4 < signature.length; i4 += 20) {
            if (i4 < signature.length - 20) {
                stringBuffer.append("                       ");
                stringBuffer.append(new String(Hex.g(signature, i4, 20)));
                stringBuffer.append(property);
            } else {
                stringBuffer.append("                       ");
                stringBuffer.append(new String(Hex.g(signature, i4, signature.length - i4)));
                stringBuffer.append(property);
            }
        }
        Extensions j4 = this.f29857x.r().j();
        if (j4 != null) {
            Enumeration s4 = j4.s();
            if (s4.hasMoreElements()) {
                stringBuffer.append("           Extensions: ");
                stringBuffer.append(property);
            }
            while (s4.hasMoreElements()) {
                ASN1ObjectIdentifier aSN1ObjectIdentifier = (ASN1ObjectIdentifier) s4.nextElement();
                Extension l4 = j4.l(aSN1ObjectIdentifier);
                if (l4.l() != null) {
                    ASN1InputStream aSN1InputStream = new ASN1InputStream(l4.l().s());
                    stringBuffer.append("                       critical(");
                    stringBuffer.append(l4.o());
                    stringBuffer.append(") ");
                    try {
                        if (aSN1ObjectIdentifier.equals(Extension.u5)) {
                            stringBuffer.append(new CRLNumber(ASN1Integer.q(aSN1InputStream.q()).s()));
                            stringBuffer.append(property);
                        } else if (aSN1ObjectIdentifier.equals(Extension.y5)) {
                            stringBuffer.append("Base CRL: " + new CRLNumber(ASN1Integer.q(aSN1InputStream.q()).s()));
                            stringBuffer.append(property);
                        } else if (aSN1ObjectIdentifier.equals(Extension.z5)) {
                            stringBuffer.append(IssuingDistributionPoint.m(aSN1InputStream.q()));
                            stringBuffer.append(property);
                        } else if (aSN1ObjectIdentifier.equals(Extension.C5)) {
                            stringBuffer.append(CRLDistPoint.k(aSN1InputStream.q()));
                            stringBuffer.append(property);
                        } else if (aSN1ObjectIdentifier.equals(Extension.I5)) {
                            stringBuffer.append(CRLDistPoint.k(aSN1InputStream.q()));
                            stringBuffer.append(property);
                        } else {
                            stringBuffer.append(aSN1ObjectIdentifier.u());
                            stringBuffer.append(" value = ");
                            stringBuffer.append(ASN1Dump.c(aSN1InputStream.q()));
                            stringBuffer.append(property);
                        }
                    } catch (Exception unused) {
                        stringBuffer.append(aSN1ObjectIdentifier.u());
                        stringBuffer.append(" value = ");
                        stringBuffer.append("*****");
                        stringBuffer.append(property);
                    }
                } else {
                    stringBuffer.append(property);
                }
            }
        }
        Set revokedCertificates = getRevokedCertificates();
        if (revokedCertificates != null) {
            Iterator it = revokedCertificates.iterator();
            while (it.hasNext()) {
                stringBuffer.append(it.next());
                stringBuffer.append(property);
            }
        }
        return stringBuffer.toString();
    }

    @Override // java.security.cert.X509CRL
    public void verify(PublicKey publicKey) throws CRLException, NoSuchAlgorithmException, InvalidKeyException, NoSuchProviderException, SignatureException {
        verify(publicKey, BouncyCastleProvider.f29717y);
    }

    @Override // java.security.cert.X509CRL
    public void verify(PublicKey publicKey, String str) throws CRLException, NoSuchAlgorithmException, InvalidKeyException, NoSuchProviderException, SignatureException {
        if (!this.f29857x.q().equals(this.f29857x.r().q())) {
            throw new CRLException("Signature algorithm on CertificateList does not match TBSCertList.");
        }
        Signature signature = str != null ? Signature.getInstance(getSigAlgName(), str) : Signature.getInstance(getSigAlgName());
        signature.initVerify(publicKey);
        signature.update(getTBSCertList());
        if (!signature.verify(getSignature())) {
            throw new SignatureException("CRL does not verify with supplied public key.");
        }
    }
}
