package org.bouncycastle.x509;

import androidx.camera.camera2.internal.c1;
import com.chad.library.BuildConfig;
import com.taobao.accs.net.z;
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.math.BigInteger;
import java.security.GeneralSecurityException;
import java.security.KeyFactory;
import java.security.PublicKey;
import java.security.cert.CRLException;
import java.security.cert.CertPathValidatorException;
import java.security.cert.CertStore;
import java.security.cert.CertStoreException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.PKIXParameters;
import java.security.cert.PolicyQualifierInfo;
import java.security.cert.X509CRL;
import java.security.cert.X509CRLEntry;
import java.security.cert.X509Certificate;
import java.security.interfaces.DSAParams;
import java.security.interfaces.DSAPublicKey;
import java.security.spec.DSAPublicKeySpec;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Date;
import java.util.Enumeration;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Set;
import javax.security.auth.x500.X500Principal;
import org.bouncycastle.asn1.ASN1Encodable;
import org.bouncycastle.asn1.ASN1Enumerated;
import org.bouncycastle.asn1.ASN1InputStream;
import org.bouncycastle.asn1.ASN1ObjectIdentifier;
import org.bouncycastle.asn1.ASN1OctetString;
import org.bouncycastle.asn1.ASN1OutputStream;
import org.bouncycastle.asn1.ASN1Primitive;
import org.bouncycastle.asn1.ASN1Sequence;
import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
import org.bouncycastle.asn1.x509.Extension;
import org.bouncycastle.asn1.x509.IssuingDistributionPoint;
import org.bouncycastle.asn1.x509.PolicyInformation;
import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo;
import org.bouncycastle.asn1.x509.X509Extension;
import org.bouncycastle.jcajce.PKIXCertStoreSelector;
import org.bouncycastle.jcajce.provider.asymmetric.x509.CertificateFactory;
import org.bouncycastle.jce.exception.ExtCertPathValidatorException;
import org.bouncycastle.jce.provider.AnnotatedException;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.jce.provider.PKIXPolicyNode;
import org.bouncycastle.util.Encodable;
import org.bouncycastle.util.Store;
import org.bouncycastle.util.StoreException;

/* loaded from: classes9.dex */
class CertPathValidatorUtilities {

    /* renamed from: l, reason: collision with root package name */
    public static final String f118038l = "2.5.29.32.0";

    /* renamed from: m, reason: collision with root package name */
    public static final int f118039m = 5;

    /* renamed from: n, reason: collision with root package name */
    public static final int f118040n = 6;

    /* renamed from: a, reason: collision with root package name */
    public static final String f118027a = Extension.f111414t.V();

    /* renamed from: b, reason: collision with root package name */
    public static final String f118028b = Extension.f111404j.V();

    /* renamed from: c, reason: collision with root package name */
    public static final String f118029c = Extension.f111415u.V();

    /* renamed from: d, reason: collision with root package name */
    public static final String f118030d = Extension.f111402h.V();

    /* renamed from: e, reason: collision with root package name */
    public static final String f118031e = Extension.f111412r.V();

    /* renamed from: f, reason: collision with root package name */
    public static final String f118032f = Extension.f111400f.V();

    /* renamed from: g, reason: collision with root package name */
    public static final String f118033g = Extension.f111420z.V();

    /* renamed from: h, reason: collision with root package name */
    public static final String f118034h = Extension.f111410p.V();

    /* renamed from: i, reason: collision with root package name */
    public static final String f118035i = Extension.f111409o.V();

    /* renamed from: j, reason: collision with root package name */
    public static final String f118036j = Extension.f111417w.V();

    /* renamed from: k, reason: collision with root package name */
    public static final String f118037k = Extension.f111405k.V();

    /* renamed from: o, reason: collision with root package name */
    public static final String[] f118041o = {BuildConfig.f68468f, "keyCompromise", "cACompromise", "affiliationChanged", "superseded", "cessationOfOperation", "certificateHold", "unknown", "removeFromCRL", "privilegeWithdrawn", "aACompromise"};

    public static Collection a(PKIXCertStoreSelector pKIXCertStoreSelector, List list) throws AnnotatedException {
        HashSet hashSet = new HashSet();
        for (Object obj : list) {
            if (obj instanceof Store) {
                try {
                    hashSet.addAll(((Store) obj).a(pKIXCertStoreSelector));
                } catch (StoreException e4) {
                    throw new AnnotatedException("Problem while picking certificates from X.509 store.", e4);
                }
            } else {
                try {
                    hashSet.addAll(PKIXCertStoreSelector.c(pKIXCertStoreSelector, (CertStore) obj));
                } catch (CertStoreException e5) {
                    throw new AnnotatedException("Problem while picking certificates from certificate store.", e5);
                }
            }
        }
        return hashSet;
    }

    public static Collection b(X509AttributeCertStoreSelector x509AttributeCertStoreSelector, List list) throws AnnotatedException {
        HashSet hashSet = new HashSet();
        for (Object obj : list) {
            if (obj instanceof X509Store) {
                try {
                    hashSet.addAll(((X509Store) obj).a(x509AttributeCertStoreSelector));
                } catch (StoreException e4) {
                    throw new AnnotatedException("Problem while picking certificates from X.509 store.", e4);
                }
            }
        }
        return hashSet;
    }

    public static Collection c(X509CertStoreSelector x509CertStoreSelector, List list) throws AnnotatedException {
        HashSet hashSet = new HashSet();
        CertificateFactory certificateFactory = new CertificateFactory();
        for (Object obj : list) {
            if (obj instanceof Store) {
                try {
                    for (Object obj2 : ((Store) obj).a(x509CertStoreSelector)) {
                        if (obj2 instanceof Encodable) {
                            obj2 = certificateFactory.c(new ByteArrayInputStream(((Encodable) obj2).getEncoded()), true);
                        } else if (!(obj2 instanceof Certificate)) {
                            throw new AnnotatedException("Unknown object found in certificate store.", null);
                        }
                        hashSet.add(obj2);
                    }
                } catch (IOException e4) {
                    throw new AnnotatedException("Problem while extracting certificates from X.509 store.", e4);
                } catch (CertificateException e5) {
                    throw new AnnotatedException("Problem while extracting certificates from X.509 store.", e5);
                } catch (StoreException e6) {
                    throw new AnnotatedException("Problem while picking certificates from X.509 store.", e6);
                }
            } else {
                try {
                    hashSet.addAll(((CertStore) obj).getCertificates(x509CertStoreSelector));
                } catch (CertStoreException e7) {
                    throw new AnnotatedException("Problem while picking certificates from certificate store.", e7);
                }
            }
        }
        return hashSet;
    }

    public static AlgorithmIdentifier d(PublicKey publicKey) throws CertPathValidatorException {
        try {
            return SubjectPublicKeyInfo.F(new ASN1InputStream(publicKey.getEncoded()).k()).E();
        } catch (Exception e4) {
            throw new ExtCertPathValidatorException("Subject public key cannot be decoded.", e4);
        }
    }

    public static void e(Date date, X509CRL x509crl, Object obj, CertStatus certStatus) throws AnnotatedException {
        X509CRLEntry revokedCertificate;
        ASN1Enumerated Q;
        try {
            if (p(x509crl)) {
                revokedCertificate = x509crl.getRevokedCertificate(l(obj));
                if (revokedCertificate == null) {
                    return;
                }
                X500Principal certificateIssuer = revokedCertificate.getCertificateIssuer();
                if (certificateIssuer == null) {
                    certificateIssuer = x509crl.getIssuerX500Principal();
                }
                if (!f(obj).equals(certificateIssuer)) {
                    return;
                }
            } else if (!f(obj).equals(x509crl.getIssuerX500Principal()) || (revokedCertificate = x509crl.getRevokedCertificate(l(obj))) == null) {
                return;
            }
            if (revokedCertificate.hasExtensions()) {
                try {
                    Q = ASN1Enumerated.Q(g(revokedCertificate, X509Extension.f111678k.V()));
                } catch (Exception e4) {
                    throw new AnnotatedException("Reason code CRL entry extension could not be decoded.", e4);
                }
            } else {
                Q = null;
            }
            int W = Q == null ? 0 : Q.W();
            if (date.getTime() >= revokedCertificate.getRevocationDate().getTime() || W == 0 || W == 1 || W == 2 || W == 10) {
                certStatus.c(W);
                certStatus.d(revokedCertificate.getRevocationDate());
            }
        } catch (CRLException e5) {
            throw new AnnotatedException("Failed check for indirect CRL.", e5);
        }
    }

    public static X500Principal f(Object obj) {
        return obj instanceof X509Certificate ? ((X509Certificate) obj).getIssuerX500Principal() : (X500Principal) ((X509AttributeCertificate) obj).j().b()[0];
    }

    public static ASN1Primitive g(java.security.cert.X509Extension x509Extension, String str) throws AnnotatedException {
        byte[] extensionValue = x509Extension.getExtensionValue(str);
        if (extensionValue == null) {
            return null;
        }
        return j(str, extensionValue);
    }

    public static X500Principal h(X509CRL x509crl) {
        return x509crl.getIssuerX500Principal();
    }

    public static PublicKey i(List list, int i4) throws CertPathValidatorException {
        DSAPublicKey dSAPublicKey;
        PublicKey publicKey = ((Certificate) list.get(i4)).getPublicKey();
        if (!(publicKey instanceof DSAPublicKey)) {
            return publicKey;
        }
        DSAPublicKey dSAPublicKey2 = (DSAPublicKey) publicKey;
        if (dSAPublicKey2.getParams() != null) {
            return dSAPublicKey2;
        }
        do {
            i4++;
            if (i4 >= list.size()) {
                throw new CertPathValidatorException("DSA parameters cannot be inherited from previous certificate.");
            }
            PublicKey publicKey2 = ((X509Certificate) list.get(i4)).getPublicKey();
            if (!(publicKey2 instanceof DSAPublicKey)) {
                throw new CertPathValidatorException("DSA parameters cannot be inherited from previous certificate.");
            }
            dSAPublicKey = (DSAPublicKey) publicKey2;
        } while (dSAPublicKey.getParams() == null);
        DSAParams params = dSAPublicKey.getParams();
        try {
            return KeyFactory.getInstance("DSA", BouncyCastleProvider.f115736b).generatePublic(new DSAPublicKeySpec(dSAPublicKey2.getY(), params.getP(), params.getQ(), params.getG()));
        } catch (Exception e4) {
            throw new RuntimeException(e4.getMessage());
        }
    }

    public static ASN1Primitive j(String str, byte[] bArr) throws AnnotatedException {
        try {
            return new ASN1InputStream(((ASN1OctetString) new ASN1InputStream(bArr).k()).T()).k();
        } catch (Exception e4) {
            throw new AnnotatedException(c1.a("exception processing extension ", str), e4);
        }
    }

    public static final Set k(ASN1Sequence aSN1Sequence) throws CertPathValidatorException {
        HashSet hashSet = new HashSet();
        if (aSN1Sequence == null) {
            return hashSet;
        }
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        ASN1OutputStream aSN1OutputStream = new ASN1OutputStream(byteArrayOutputStream);
        Enumeration V = aSN1Sequence.V();
        while (V.hasMoreElements()) {
            try {
                aSN1OutputStream.x((ASN1Encodable) V.nextElement());
                hashSet.add(new PolicyQualifierInfo(byteArrayOutputStream.toByteArray()));
                byteArrayOutputStream.reset();
            } catch (IOException e4) {
                throw new ExtCertPathValidatorException("Policy qualifier info cannot be decoded.", e4);
            }
        }
        return hashSet;
    }

    public static BigInteger l(Object obj) {
        return obj instanceof X509Certificate ? ((X509Certificate) obj).getSerialNumber() : ((X509AttributeCertificate) obj).getSerialNumber();
    }

    public static X500Principal m(X509Certificate x509Certificate) {
        return x509Certificate.getSubjectX500Principal();
    }

    public static Date n(PKIXParameters pKIXParameters, Date date) {
        Date date2 = pKIXParameters.getDate();
        return date2 == null ? date : date2;
    }

    public static boolean o(Set set) {
        return set == null || set.contains("2.5.29.32.0") || set.isEmpty();
    }

    public static boolean p(X509CRL x509crl) throws CRLException {
        try {
            byte[] extensionValue = x509crl.getExtensionValue(Extension.f111410p.V());
            if (extensionValue != null) {
                if (IssuingDistributionPoint.G(ASN1OctetString.Q(extensionValue).T()).J()) {
                    return true;
                }
            }
            return false;
        } catch (Exception e4) {
            throw new CRLException(z.a("Exception reading IssuingDistributionPoint: ", e4));
        }
    }

    public static boolean q(X509Certificate x509Certificate) {
        return x509Certificate.getSubjectDN().equals(x509Certificate.getIssuerDN());
    }

    public static void r(int i4, List[] listArr, String str, Map map, X509Certificate x509Certificate) throws AnnotatedException, CertPathValidatorException {
        boolean z3;
        Set set;
        Iterator it = listArr[i4].iterator();
        while (true) {
            if (!it.hasNext()) {
                z3 = false;
                break;
            }
            PKIXPolicyNode pKIXPolicyNode = (PKIXPolicyNode) it.next();
            if (pKIXPolicyNode.getValidPolicy().equals(str)) {
                pKIXPolicyNode.f((Set) map.get(str));
                z3 = true;
                break;
            }
        }
        if (z3) {
            return;
        }
        for (PKIXPolicyNode pKIXPolicyNode2 : listArr[i4]) {
            if ("2.5.29.32.0".equals(pKIXPolicyNode2.getValidPolicy())) {
                try {
                    Enumeration V = ASN1Sequence.R(g(x509Certificate, f118027a)).V();
                    while (true) {
                        if (!V.hasMoreElements()) {
                            set = null;
                            break;
                        }
                        try {
                            PolicyInformation D = PolicyInformation.D(V.nextElement());
                            if ("2.5.29.32.0".equals(D.E().V())) {
                                try {
                                    set = k(D.F());
                                    break;
                                } catch (CertPathValidatorException e4) {
                                    throw new ExtCertPathValidatorException("Policy qualifier info set could not be built.", e4);
                                }
                            }
                        } catch (Exception e5) {
                            throw new AnnotatedException("Policy information cannot be decoded.", e5);
                        }
                    }
                    Set set2 = set;
                    boolean contains = x509Certificate.getCriticalExtensionOIDs() != null ? x509Certificate.getCriticalExtensionOIDs().contains(f118027a) : false;
                    PKIXPolicyNode pKIXPolicyNode3 = (PKIXPolicyNode) pKIXPolicyNode2.getParent();
                    if ("2.5.29.32.0".equals(pKIXPolicyNode3.getValidPolicy())) {
                        PKIXPolicyNode pKIXPolicyNode4 = new PKIXPolicyNode(new ArrayList(), i4, (Set) map.get(str), pKIXPolicyNode3, set2, str, contains);
                        pKIXPolicyNode3.a(pKIXPolicyNode4);
                        listArr[i4].add(pKIXPolicyNode4);
                        return;
                    }
                    return;
                } catch (Exception e6) {
                    throw new AnnotatedException("Certificate policies cannot be decoded.", e6);
                }
            }
        }
    }

    public static PKIXPolicyNode s(int i4, List[] listArr, String str, PKIXPolicyNode pKIXPolicyNode) {
        int i5;
        Iterator it = listArr[i4].iterator();
        while (it.hasNext()) {
            PKIXPolicyNode pKIXPolicyNode2 = (PKIXPolicyNode) it.next();
            if (pKIXPolicyNode2.getValidPolicy().equals(str)) {
                ((PKIXPolicyNode) pKIXPolicyNode2.getParent()).d(pKIXPolicyNode2);
                it.remove();
                for (int i6 = i4 - 1; i6 >= 0; i6--) {
                    List list = listArr[i6];
                    while (i5 < list.size()) {
                        PKIXPolicyNode pKIXPolicyNode3 = (PKIXPolicyNode) list.get(i5);
                        i5 = (pKIXPolicyNode3.c() || (pKIXPolicyNode = v(pKIXPolicyNode, listArr, pKIXPolicyNode3)) != null) ? i5 + 1 : 0;
                    }
                }
            }
        }
        return pKIXPolicyNode;
    }

    public static boolean t(int i4, List[] listArr, ASN1ObjectIdentifier aSN1ObjectIdentifier, Set set) {
        List list = listArr[i4 - 1];
        for (int i5 = 0; i5 < list.size(); i5++) {
            PKIXPolicyNode pKIXPolicyNode = (PKIXPolicyNode) list.get(i5);
            if (pKIXPolicyNode.getExpectedPolicies().contains(aSN1ObjectIdentifier.V())) {
                HashSet hashSet = new HashSet();
                hashSet.add(aSN1ObjectIdentifier.V());
                PKIXPolicyNode pKIXPolicyNode2 = new PKIXPolicyNode(new ArrayList(), i4, hashSet, pKIXPolicyNode, set, aSN1ObjectIdentifier.V(), false);
                pKIXPolicyNode.a(pKIXPolicyNode2);
                listArr[i4].add(pKIXPolicyNode2);
                return true;
            }
        }
        return false;
    }

    public static void u(int i4, List[] listArr, ASN1ObjectIdentifier aSN1ObjectIdentifier, Set set) {
        List list = listArr[i4 - 1];
        for (int i5 = 0; i5 < list.size(); i5++) {
            PKIXPolicyNode pKIXPolicyNode = (PKIXPolicyNode) list.get(i5);
            if ("2.5.29.32.0".equals(pKIXPolicyNode.getValidPolicy())) {
                HashSet hashSet = new HashSet();
                hashSet.add(aSN1ObjectIdentifier.V());
                PKIXPolicyNode pKIXPolicyNode2 = new PKIXPolicyNode(new ArrayList(), i4, hashSet, pKIXPolicyNode, set, aSN1ObjectIdentifier.V(), false);
                pKIXPolicyNode.a(pKIXPolicyNode2);
                listArr[i4].add(pKIXPolicyNode2);
                return;
            }
        }
    }

    public static PKIXPolicyNode v(PKIXPolicyNode pKIXPolicyNode, List[] listArr, PKIXPolicyNode pKIXPolicyNode2) {
        PKIXPolicyNode pKIXPolicyNode3 = (PKIXPolicyNode) pKIXPolicyNode2.getParent();
        if (pKIXPolicyNode == null) {
            return null;
        }
        if (pKIXPolicyNode3 != null) {
            pKIXPolicyNode3.d(pKIXPolicyNode2);
            w(listArr, pKIXPolicyNode2);
            return pKIXPolicyNode;
        }
        for (int i4 = 0; i4 < listArr.length; i4++) {
            listArr[i4] = new ArrayList();
        }
        return null;
    }

    public static void w(List[] listArr, PKIXPolicyNode pKIXPolicyNode) {
        listArr[pKIXPolicyNode.getDepth()].remove(pKIXPolicyNode);
        if (pKIXPolicyNode.c()) {
            Iterator children = pKIXPolicyNode.getChildren();
            while (children.hasNext()) {
                w(listArr, (PKIXPolicyNode) children.next());
            }
        }
    }

    public static void x(X509Certificate x509Certificate, PublicKey publicKey, String str) throws GeneralSecurityException {
        if (str == null) {
            x509Certificate.verify(publicKey);
        } else {
            x509Certificate.verify(publicKey, str);
        }
    }
}
