package com.ntko.app.pdf.signature.cert;

import cn.jpush.android.local.JPushConstants;
import com.ntko.app.support.RhLogger;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.net.URL;
import java.security.cert.CRLException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509CRL;
import java.security.cert.X509CRLEntry;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Date;
import java.util.List;
import org.spongycastle.asn1.ASN1InputStream;
import org.spongycastle.asn1.ASN1OctetString;
import org.spongycastle.asn1.DERIA5String;
import org.spongycastle.asn1.x509.CRLDistPoint;
import org.spongycastle.asn1.x509.DistributionPoint;
import org.spongycastle.asn1.x509.DistributionPointName;
import org.spongycastle.asn1.x509.Extension;
import org.spongycastle.asn1.x509.GeneralName;
import org.spongycastle.asn1.x509.GeneralNames;

/* loaded from: classes2.dex */
public final class CRLVerifier {
    private CRLVerifier() {
    }

    public static void checkRevocation(X509CRL x509crl, X509Certificate x509Certificate, Date date, String str) throws RevokedCertificateException {
        X509CRLEntry revokedCertificate = x509crl.getRevokedCertificate(x509Certificate);
        if (revokedCertificate != null && revokedCertificate.getRevocationDate().compareTo(date) <= 0) {
            throw new RevokedCertificateException("The certificate was revoked by CRL " + str + " on " + revokedCertificate.getRevocationDate(), revokedCertificate.getRevocationDate());
        }
        if (revokedCertificate == null) {
            RhLogger.info("The certificate was not revoked by CRL " + str);
            return;
        }
        RhLogger.info("The certificate was revoked after signing by CRL " + str + " on " + revokedCertificate.getRevocationDate());
    }

    private static X509CRL downloadCRL(String str) throws IOException, CertificateException, CRLException, CertificateVerificationException {
        if (str.startsWith(JPushConstants.HTTP_PRE) || str.startsWith(JPushConstants.HTTPS_PRE) || str.startsWith("ftp://")) {
            return downloadCRLFromWeb(str);
        }
        throw new CertificateVerificationException("Can not download CRL from certificate distribution point: " + str);
    }

    public static X509CRL downloadCRLFromWeb(String str) throws IOException, CertificateException, CRLException {
        InputStream openStream = new URL(str).openStream();
        try {
            X509CRL x509crl = (X509CRL) CertificateFactory.getInstance("X.509").generateCRL(openStream);
            if (openStream != null) {
                openStream.close();
            }
            return x509crl;
        } catch (Throwable th) {
            try {
                throw th;
            } catch (Throwable th2) {
                if (openStream != null) {
                    try {
                        openStream.close();
                    } catch (Throwable th3) {
                        th.addSuppressed(th3);
                    }
                }
                throw th2;
            }
        }
    }

    public static List<String> getCrlDistributionPoints(X509Certificate x509Certificate) throws IOException {
        byte[] extensionValue = x509Certificate.getExtensionValue(Extension.cRLDistributionPoints.getId());
        if (extensionValue == null) {
            return new ArrayList();
        }
        CRLDistPoint cRLDistPoint = CRLDistPoint.getInstance(new ASN1InputStream(new ByteArrayInputStream(((ASN1OctetString) new ASN1InputStream(new ByteArrayInputStream(extensionValue)).readObject()).getOctets())).readObject());
        ArrayList arrayList = new ArrayList();
        for (DistributionPoint distributionPoint : cRLDistPoint.getDistributionPoints()) {
            DistributionPointName distributionPoint2 = distributionPoint.getDistributionPoint();
            if (distributionPoint2 != null && distributionPoint2.getType() == 0) {
                for (GeneralName generalName : GeneralNames.getInstance(distributionPoint2.getName()).getNames()) {
                    if (generalName.getTagNo() == 6) {
                        arrayList.add(DERIA5String.getInstance(generalName.getName()).getString());
                    }
                }
            }
        }
        return arrayList;
    }

    /* JADX WARN: Removed duplicated region for block: B:33:0x00e3 A[SYNTHETIC] */
    /* JADX WARN: Removed duplicated region for block: B:37:0x0012 A[SYNTHETIC] */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public static void verifyCertificateCRLs(java.security.cert.X509Certificate r8, java.util.Date r9, java.util.Set<java.security.cert.X509Certificate> r10) throws com.ntko.app.pdf.signature.cert.CertificateVerificationException, com.ntko.app.pdf.signature.cert.RevokedCertificateException {
        /*
            Method dump skipped, instructions count: 266
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: com.ntko.app.pdf.signature.cert.CRLVerifier.verifyCertificateCRLs(java.security.cert.X509Certificate, java.util.Date, java.util.Set):void");
    }
}
