package org.bouncycastle.pkix.jcajce;

import java.io.IOException;
import java.math.BigInteger;
import java.security.GeneralSecurityException;
import java.security.PublicKey;
import java.security.cert.CRLException;
import java.security.cert.CertPath;
import java.security.cert.CertPathValidatorException;
import java.security.cert.CertStore;
import java.security.cert.CertStoreException;
import java.security.cert.Certificate;
import java.security.cert.CertificateParsingException;
import java.security.cert.TrustAnchor;
import java.security.cert.X509CRL;
import java.security.cert.X509CRLEntry;
import java.security.cert.X509CRLSelector;
import java.security.cert.X509CertSelector;
import java.security.cert.X509Certificate;
import java.security.cert.X509Extension;
import java.security.interfaces.DSAParams;
import java.security.interfaces.DSAPublicKey;
import java.security.spec.DSAPublicKeySpec;
import java.text.ParseException;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Collections;
import java.util.Date;
import java.util.HashSet;
import java.util.Iterator;
import java.util.LinkedHashSet;
import java.util.List;
import java.util.Map;
import java.util.Set;
import javax.security.auth.x500.X500Principal;
import org.bouncycastle.asn1.i1;
import org.bouncycastle.asn1.m;
import org.bouncycastle.asn1.n;
import org.bouncycastle.asn1.q;
import org.bouncycastle.asn1.r;
import org.bouncycastle.asn1.u;
import org.bouncycastle.asn1.x509.b0;
import org.bouncycastle.asn1.x509.c0;
import org.bouncycastle.asn1.x509.c1;
import org.bouncycastle.asn1.x509.i0;
import org.bouncycastle.asn1.x509.k;
import org.bouncycastle.asn1.x509.v;
import org.bouncycastle.asn1.x509.w;
import org.bouncycastle.asn1.x509.y;
import org.bouncycastle.jcajce.e;
import org.bouncycastle.jcajce.h;
import org.bouncycastle.jcajce.i;
import org.bouncycastle.util.StoreException;
import org.bouncycastle.util.p;

/* loaded from: classes5.dex */
class f {
    protected static final String o = "2.5.29.32.0";
    protected static final int q = 5;
    protected static final int r = 6;
    protected static final c a = new c();
    protected static final String b = y.u.z();
    protected static final String c = y.k.z();
    protected static final String d = y.v.z();
    protected static final String e = y.i.z();
    protected static final String f = y.s.z();
    protected static final String g = y.g.z();
    protected static final String h = y.A.z();
    protected static final String i = y.q.z();
    protected static final String j = y.p.z();
    protected static final String k = y.x.z();
    protected static final String l = y.z.z();
    protected static final String m = y.t.z();
    protected static final String n = y.w.z();
    protected static final String p = y.l.z();
    protected static final String[] s = {"unspecified", "keyCompromise", "cACompromise", "affiliationChanged", "superseded", "cessationOfOperation", "certificateHold", "unknown", "removeFromCRL", "privilegeWithdrawn", "aACompromise"};

    f() {
    }

    static void a(Set set, Object obj) throws CRLNotFoundException {
        if (set.isEmpty()) {
            throw new CRLNotFoundException("No CRLs found for issuer \"" + org.bouncycastle.asn1.x500.style.e.V.h(o((X509Certificate) obj)) + "\"");
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static Collection b(i iVar, List list) throws AnnotatedException {
        LinkedHashSet linkedHashSet = new LinkedHashSet();
        for (Object obj : list) {
            if (obj instanceof p) {
                try {
                    linkedHashSet.addAll(((p) obj).b(iVar));
                } catch (StoreException e2) {
                    throw new AnnotatedException("Problem while picking certificates from X.509 store.", e2);
                }
            } else {
                try {
                    linkedHashSet.addAll(i.c(iVar, (CertStore) obj));
                } catch (CertStoreException e3) {
                    throw new AnnotatedException("Problem while picking certificates from certificate store.", e3);
                }
            }
        }
        return linkedHashSet;
    }

    static Collection c(X509Certificate x509Certificate, List<CertStore> list, List<h> list2) throws AnnotatedException {
        byte[] r2;
        X509CertSelector x509CertSelector = new X509CertSelector();
        try {
            x509CertSelector.setSubject(x509Certificate.getIssuerX500Principal().getEncoded());
            try {
                byte[] extensionValue = x509Certificate.getExtensionValue(n);
                if (extensionValue != null && (r2 = org.bouncycastle.asn1.x509.i.p(r.v(extensionValue).x()).r()) != null) {
                    x509CertSelector.setSubjectKeyIdentifier(new i1(r2).getEncoded());
                }
            } catch (Exception unused) {
            }
            i<? extends Certificate> a2 = new i.b(x509CertSelector).a();
            LinkedHashSet linkedHashSet = new LinkedHashSet();
            try {
                ArrayList arrayList = new ArrayList();
                arrayList.addAll(b(a2, list));
                arrayList.addAll(b(a2, list2));
                Iterator it = arrayList.iterator();
                while (it.hasNext()) {
                    linkedHashSet.add((X509Certificate) it.next());
                }
                return linkedHashSet;
            } catch (AnnotatedException e2) {
                throw new AnnotatedException("Issuer certificate cannot be searched.", e2);
            }
        } catch (IOException e3) {
            throw new AnnotatedException("Subject criteria for certificate selector to find issuer certificate could not be set.", e3);
        }
    }

    protected static TrustAnchor d(X509Certificate x509Certificate, Set set) throws AnnotatedException {
        return e(x509Certificate, set, null);
    }

    protected static TrustAnchor e(X509Certificate x509Certificate, Set set, String str) throws AnnotatedException {
        X509CertSelector x509CertSelector = new X509CertSelector();
        org.bouncycastle.asn1.x500.d o2 = o(x509Certificate);
        try {
            x509CertSelector.setSubject(o2.getEncoded());
            Iterator it = set.iterator();
            TrustAnchor trustAnchor = null;
            Exception e2 = null;
            PublicKey publicKey = null;
            while (it.hasNext() && trustAnchor == null) {
                trustAnchor = (TrustAnchor) it.next();
                if (trustAnchor.getTrustedCert() != null) {
                    if (x509CertSelector.match(trustAnchor.getTrustedCert())) {
                        publicKey = trustAnchor.getTrustedCert().getPublicKey();
                    }
                    trustAnchor = null;
                } else {
                    if (trustAnchor.getCAName() != null && trustAnchor.getCAPublicKey() != null) {
                        try {
                            if (o2.equals(t(trustAnchor.getCA()))) {
                                publicKey = trustAnchor.getCAPublicKey();
                            }
                        } catch (IllegalArgumentException unused) {
                        }
                    }
                    trustAnchor = null;
                }
                if (publicKey != null) {
                    try {
                        y(x509Certificate, publicKey, str);
                    } catch (Exception e3) {
                        e2 = e3;
                        trustAnchor = null;
                        publicKey = null;
                    }
                }
            }
            if (trustAnchor != null || e2 == null) {
                return trustAnchor;
            }
            throw new AnnotatedException("TrustAnchor found but certificate validation failed.", e2);
        } catch (IOException e4) {
            throw new AnnotatedException("Cannot set subject search criteria for trust anchor.", e4);
        }
    }

    static List<h> f(byte[] bArr, Map<b0, h> map) throws CertificateParsingException {
        if (bArr == null) {
            return Collections.EMPTY_LIST;
        }
        b0[] q2 = c0.o(r.v(bArr).x()).q();
        ArrayList arrayList = new ArrayList();
        for (int i2 = 0; i2 != q2.length; i2++) {
            h hVar = map.get(q2[i2]);
            if (hVar != null) {
                arrayList.add(hVar);
            }
        }
        return arrayList;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static List<org.bouncycastle.jcajce.d> g(k kVar, Map<b0, org.bouncycastle.jcajce.d> map) throws AnnotatedException {
        if (kVar == null) {
            return Collections.EMPTY_LIST;
        }
        try {
            v[] n2 = kVar.n();
            ArrayList arrayList = new ArrayList();
            for (v vVar : n2) {
                w o2 = vVar.o();
                if (o2 != null && o2.getType() == 0) {
                    for (b0 b0Var : c0.o(o2.p()).q()) {
                        org.bouncycastle.jcajce.d dVar = map.get(b0Var);
                        if (dVar != null) {
                            arrayList.add(dVar);
                        }
                    }
                }
            }
            return arrayList;
        } catch (Exception e2) {
            throw new AnnotatedException("Distribution points could not be read.", e2);
        }
    }

    protected static org.bouncycastle.asn1.x509.b h(PublicKey publicKey) throws CertPathValidatorException {
        try {
            return c1.o(new m(publicKey.getEncoded()).k()).m();
        } catch (Exception e2) {
            throw new CertPathValidatorException("subject public key cannot be decoded", e2);
        }
    }

    protected static void i(v vVar, Collection collection, X509CRLSelector x509CRLSelector) throws AnnotatedException {
        ArrayList arrayList = new ArrayList();
        if (vVar.n() != null) {
            b0[] q2 = vVar.n().q();
            for (int i2 = 0; i2 < q2.length; i2++) {
                if (q2[i2].e() == 4) {
                    try {
                        arrayList.add(org.bouncycastle.asn1.x500.d.o(q2[i2].p()));
                    } catch (IllegalArgumentException e2) {
                        throw new AnnotatedException("CRL issuer information from distribution point cannot be decoded.", e2);
                    }
                }
            }
        } else {
            if (vVar.o() == null) {
                throw new AnnotatedException("CRL issuer is omitted from distribution point but no distributionPoint field present.");
            }
            Iterator it = collection.iterator();
            while (it.hasNext()) {
                arrayList.add(it.next());
            }
        }
        Iterator it2 = arrayList.iterator();
        while (it2.hasNext()) {
            try {
                x509CRLSelector.addIssuerName(((org.bouncycastle.asn1.x500.d) it2.next()).getEncoded());
            } catch (IOException e3) {
                throw new AnnotatedException("Cannot decode CRL issuer information.", e3);
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static void j(Date date, X509CRL x509crl, Object obj, a aVar) throws AnnotatedException {
        X509CRLEntry revokedCertificate;
        try {
            boolean v = v(x509crl);
            X509Certificate x509Certificate = (X509Certificate) obj;
            org.bouncycastle.asn1.x500.d o2 = o(x509Certificate);
            if ((v || o2.equals(n(x509crl))) && (revokedCertificate = x509crl.getRevokedCertificate(x509Certificate.getSerialNumber())) != null) {
                if (v) {
                    X500Principal certificateIssuer = revokedCertificate.getCertificateIssuer();
                    if (!o2.equals(certificateIssuer == null ? n(x509crl) : t(certificateIssuer))) {
                        return;
                    }
                }
                int i2 = 0;
                if (revokedCertificate.hasExtensions()) {
                    try {
                        org.bouncycastle.asn1.i w = org.bouncycastle.asn1.i.w(m(revokedCertificate, y.m));
                        if (w != null) {
                            i2 = w.A();
                        }
                    } catch (Exception e2) {
                        throw new AnnotatedException("Reason code CRL entry extension could not be decoded.", e2);
                    }
                }
                Date revocationDate = revokedCertificate.getRevocationDate();
                if (!date.before(revocationDate) || i2 == 0 || i2 == 1 || i2 == 2 || i2 == 10) {
                    aVar.c(i2);
                    aVar.d(revocationDate);
                }
            }
        } catch (CRLException e3) {
            throw new AnnotatedException("Failed check for indirect CRL.", e3);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static Set k(v vVar, Object obj, Date date, List list, List list2) throws AnnotatedException, CRLNotFoundException {
        X509CRLSelector x509CRLSelector = new X509CRLSelector();
        try {
            HashSet hashSet = new HashSet();
            hashSet.add(o((X509Certificate) obj));
            i(vVar, hashSet, x509CRLSelector);
            if (obj instanceof X509Certificate) {
                x509CRLSelector.setCertificateChecking((X509Certificate) obj);
            }
            Set b2 = a.b(new e.b(x509CRLSelector).h(true).g(), date, list, list2);
            a(b2, obj);
            return b2;
        } catch (AnnotatedException e2) {
            throw new AnnotatedException("Could not get issuer information from distribution point.", e2);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static Set l(Date date, X509CRL x509crl, List<CertStore> list, List<org.bouncycastle.jcajce.d> list2) throws AnnotatedException {
        X509CRLSelector x509CRLSelector = new X509CRLSelector();
        try {
            x509CRLSelector.addIssuerName(x509crl.getIssuerX500Principal().getEncoded());
            try {
                u m2 = m(x509crl, y.l);
                BigInteger x = m2 != null ? n.v(m2).x() : null;
                try {
                    byte[] extensionValue = x509crl.getExtensionValue(i);
                    x509CRLSelector.setMinCRLNumber(x != null ? x.add(BigInteger.valueOf(1L)) : null);
                    e.b bVar = new e.b(x509CRLSelector);
                    bVar.j(extensionValue);
                    bVar.k(true);
                    bVar.l(x);
                    Set<X509CRL> b2 = a.b(bVar.g(), date, list, list2);
                    HashSet hashSet = new HashSet();
                    for (X509CRL x509crl2 : b2) {
                        if (u(x509crl2)) {
                            hashSet.add(x509crl2);
                        }
                    }
                    return hashSet;
                } catch (Exception e2) {
                    throw new AnnotatedException("issuing distribution point extension value could not be read", e2);
                }
            } catch (Exception e3) {
                throw new AnnotatedException("cannot extract CRL number extension from CRL", e3);
            }
        } catch (IOException e4) {
            throw new AnnotatedException("cannot extract issuer from CRL.", e4);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static u m(X509Extension x509Extension, q qVar) throws AnnotatedException {
        byte[] extensionValue = x509Extension.getExtensionValue(qVar.z());
        if (extensionValue == null) {
            return null;
        }
        return q(qVar, extensionValue);
    }

    private static org.bouncycastle.asn1.x500.d n(X509CRL x509crl) {
        return t(x509crl.getIssuerX500Principal());
    }

    private static org.bouncycastle.asn1.x500.d o(X509Certificate x509Certificate) {
        return t(x509Certificate.getIssuerX500Principal());
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static PublicKey p(List list, int i2, org.bouncycastle.jcajce.util.d dVar) throws CertPathValidatorException {
        DSAPublicKey dSAPublicKey;
        PublicKey publicKey = ((Certificate) list.get(i2)).getPublicKey();
        if (!(publicKey instanceof DSAPublicKey)) {
            return publicKey;
        }
        DSAPublicKey dSAPublicKey2 = (DSAPublicKey) publicKey;
        if (dSAPublicKey2.getParams() != null) {
            return dSAPublicKey2;
        }
        do {
            i2++;
            if (i2 >= list.size()) {
                throw new CertPathValidatorException("DSA parameters cannot be inherited from previous certificate.");
            }
            PublicKey publicKey2 = ((X509Certificate) list.get(i2)).getPublicKey();
            if (!(publicKey2 instanceof DSAPublicKey)) {
                throw new CertPathValidatorException("DSA parameters cannot be inherited from previous certificate.");
            }
            dSAPublicKey = (DSAPublicKey) publicKey2;
        } while (dSAPublicKey.getParams() == null);
        DSAParams params = dSAPublicKey.getParams();
        try {
            return dVar.b("DSA").generatePublic(new DSAPublicKeySpec(dSAPublicKey2.getY(), params.getP(), params.getQ(), params.getG()));
        } catch (Exception e2) {
            throw new RuntimeException(e2.getMessage());
        }
    }

    private static u q(q qVar, byte[] bArr) throws AnnotatedException {
        try {
            return u.r(r.v(bArr).x());
        } catch (Exception e2) {
            throw new AnnotatedException("exception processing extension " + qVar, e2);
        }
    }

    protected static Date r(org.bouncycastle.jcajce.k kVar, CertPath certPath, int i2) throws AnnotatedException {
        if (kVar.x() == 1 && i2 > 0) {
            int i3 = i2 - 1;
            if (i3 == 0) {
                try {
                    byte[] extensionValue = ((X509Certificate) certPath.getCertificates().get(i3)).getExtensionValue(q3.a.e.z());
                    org.bouncycastle.asn1.k z = extensionValue != null ? org.bouncycastle.asn1.k.z(u.r(extensionValue)) : null;
                    if (z != null) {
                        try {
                            return z.y();
                        } catch (ParseException e2) {
                            throw new AnnotatedException("Date from date of cert gen extension could not be parsed.", e2);
                        }
                    }
                } catch (IOException unused) {
                    throw new AnnotatedException("Date of cert gen extension could not be read.");
                } catch (IllegalArgumentException unused2) {
                    throw new AnnotatedException("Date of cert gen extension could not be read.");
                }
            }
            return ((X509Certificate) certPath.getCertificates().get(i3)).getNotBefore();
        }
        return s(kVar);
    }

    protected static Date s(org.bouncycastle.jcajce.k kVar) {
        Date p2 = kVar.p();
        return p2 == null ? new Date() : p2;
    }

    private static org.bouncycastle.asn1.x500.d t(X500Principal x500Principal) {
        return org.bouncycastle.asn1.x500.d.o(x500Principal.getEncoded());
    }

    private static boolean u(X509CRL x509crl) {
        Set<String> criticalExtensionOIDs = x509crl.getCriticalExtensionOIDs();
        if (criticalExtensionOIDs == null) {
            return false;
        }
        return criticalExtensionOIDs.contains(d.d);
    }

    public static boolean v(X509CRL x509crl) throws CRLException {
        try {
            byte[] extensionValue = x509crl.getExtensionValue(y.q.z());
            if (extensionValue != null) {
                if (i0.p(r.v(extensionValue).x()).s()) {
                    return true;
                }
            }
            return false;
        } catch (Exception e2) {
            throw new CRLException("exception reading IssuingDistributionPoint", e2);
        }
    }

    static boolean w(X509Certificate x509Certificate, Set set, String str) throws AnnotatedException {
        try {
            return e(x509Certificate, set, str) != null;
        } catch (Exception unused) {
            return false;
        }
    }

    protected static boolean x(X509Certificate x509Certificate) {
        return x509Certificate.getSubjectDN().equals(x509Certificate.getIssuerDN());
    }

    protected static void y(X509Certificate x509Certificate, PublicKey publicKey, String str) throws GeneralSecurityException {
        if (str == null) {
            x509Certificate.verify(publicKey);
        } else {
            x509Certificate.verify(publicKey, str);
        }
    }
}
