package org.bouncycastle.jcajce.provider.asymmetric.x509;

import java.io.BufferedOutputStream;
import java.io.IOException;
import java.math.BigInteger;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.Principal;
import java.security.Provider;
import java.security.PublicKey;
import java.security.Signature;
import java.security.SignatureException;
import java.security.cert.CRLException;
import java.security.cert.Certificate;
import java.security.cert.CertificateEncodingException;
import java.security.cert.X509CRL;
import java.security.cert.X509CRLEntry;
import java.security.cert.X509Certificate;
import java.util.Collections;
import java.util.Date;
import java.util.Enumeration;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Set;
import javax.security.auth.x500.X500Principal;
import org.bouncycastle.asn1.au;
import org.bouncycastle.asn1.o;
import org.bouncycastle.asn1.p;
import org.bouncycastle.asn1.v;
import org.bouncycastle.asn1.x509.g;
import org.bouncycastle.asn1.x509.k;
import org.bouncycastle.asn1.x509.l;
import org.bouncycastle.asn1.x509.n;
import org.bouncycastle.asn1.x509.s;
import org.bouncycastle.asn1.x509.u;
import org.bouncycastle.jcajce.CompositePublicKey;
import org.bouncycastle.util.Strings;

/* loaded from: classes5.dex */
abstract class d extends X509CRL {

    /* renamed from: a, reason: collision with root package name */
    protected org.bouncycastle.jcajce.util.b f7037a;
    protected g b;
    protected String c;
    protected byte[] d;
    protected boolean e;

    /* JADX INFO: Access modifiers changed from: package-private */
    public d(org.bouncycastle.jcajce.util.b bVar, g gVar, String str, byte[] bArr, boolean z) {
        this.f7037a = bVar;
        this.b = gVar;
        this.c = str;
        this.d = bArr;
        this.e = z;
    }

    private Set a() {
        k a2;
        HashSet hashSet = new HashSet();
        Enumeration b = this.b.b();
        org.bouncycastle.asn1.v.c cVar = null;
        while (b.hasMoreElements()) {
            s.a aVar = (s.a) b.nextElement();
            hashSet.add(new c(aVar, this.e, cVar));
            if (this.e && aVar.d() && (a2 = aVar.c().a(k.n)) != null) {
                cVar = org.bouncycastle.asn1.v.c.a(n.a(a2.d()).a()[0].b());
            }
        }
        return hashSet;
    }

    private Set a(boolean z) {
        l g;
        if (getVersion() != 2 || (g = this.b.a().g()) == null) {
            return null;
        }
        HashSet hashSet = new HashSet();
        Enumeration a2 = g.a();
        while (a2.hasMoreElements()) {
            o oVar = (o) a2.nextElement();
            if (z == g.a(oVar).b()) {
                hashSet.add(oVar.b());
            }
        }
        return hashSet;
    }

    private void a(PublicKey publicKey, Signature signature, org.bouncycastle.asn1.f fVar, byte[] bArr) throws NoSuchAlgorithmException, SignatureException, InvalidKeyException, CRLException {
        if (fVar != null) {
            f.a(signature, fVar);
        }
        signature.initVerify(publicKey);
        try {
            BufferedOutputStream bufferedOutputStream = new BufferedOutputStream(org.bouncycastle.jcajce.a.c.a(signature), 512);
            this.b.a().a(bufferedOutputStream, "DER");
            bufferedOutputStream.close();
            if (!signature.verify(bArr)) {
                throw new SignatureException("CRL does not verify with supplied public key.");
            }
        } catch (IOException e) {
            throw new CRLException(e.toString());
        }
    }

    private void a(PublicKey publicKey, b bVar) throws CRLException, NoSuchAlgorithmException, InvalidKeyException, SignatureException, NoSuchProviderException {
        if (!this.b.c().equals(this.b.a().b())) {
            throw new CRLException("Signature algorithm on CertificateList does not match TBSCertList.");
        }
        int i = 0;
        if ((publicKey instanceof CompositePublicKey) && f.a(this.b.c())) {
            List<PublicKey> publicKeys = ((CompositePublicKey) publicKey).getPublicKeys();
            v a2 = v.a((Object) this.b.c().b());
            v a3 = v.a(au.a((Object) this.b.d()).e());
            boolean z = false;
            while (i != publicKeys.size()) {
                if (publicKeys.get(i) != null) {
                    org.bouncycastle.asn1.x509.a a4 = org.bouncycastle.asn1.x509.a.a(a2.a(i));
                    try {
                        a(publicKeys.get(i), bVar.a(f.b(a4)), a4.b(), au.a((Object) a3.a(i)).e());
                        e = null;
                        z = true;
                    } catch (SignatureException e) {
                        e = e;
                    }
                    if (e != null) {
                        throw e;
                    }
                }
                i++;
            }
            if (!z) {
                throw new InvalidKeyException("no matching key found");
            }
            return;
        }
        if (!f.a(this.b.c())) {
            Signature a5 = bVar.a(getSigAlgName());
            byte[] bArr = this.d;
            if (bArr == null) {
                a(publicKey, a5, null, getSignature());
                return;
            }
            try {
                a(publicKey, a5, org.bouncycastle.asn1.s.c(bArr), getSignature());
                return;
            } catch (IOException e2) {
                throw new SignatureException("cannot decode signature parameters: " + e2.getMessage());
            }
        }
        v a6 = v.a((Object) this.b.c().b());
        v a7 = v.a(au.a((Object) this.b.d()).e());
        boolean z2 = false;
        while (i != a7.e()) {
            org.bouncycastle.asn1.x509.a a8 = org.bouncycastle.asn1.x509.a.a(a6.a(i));
            try {
                a(publicKey, bVar.a(f.b(a8)), a8.b(), au.a((Object) a7.a(i)).e());
                e = null;
                z2 = true;
            } catch (InvalidKeyException | NoSuchAlgorithmException unused) {
                e = null;
            } catch (SignatureException e3) {
                e = e3;
            }
            if (e != null) {
                throw e;
            }
            i++;
        }
        if (!z2) {
            throw new InvalidKeyException("no matching key found");
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static byte[] a(g gVar, String str) {
        p b = b(gVar, str);
        if (b != null) {
            return b.c();
        }
        return null;
    }

    protected static p b(g gVar, String str) {
        k a2;
        l g = gVar.a().g();
        if (g == null || (a2 = g.a(new o(str))) == null) {
            return null;
        }
        return a2.c();
    }

    @Override // java.security.cert.X509Extension
    public Set getCriticalExtensionOIDs() {
        return a(true);
    }

    @Override // java.security.cert.X509Extension
    public byte[] getExtensionValue(String str) {
        p b = b(this.b, str);
        if (b == null) {
            return null;
        }
        try {
            return b.getEncoded();
        } catch (Exception e) {
            throw new IllegalStateException("error parsing " + e.toString());
        }
    }

    @Override // java.security.cert.X509CRL
    public Principal getIssuerDN() {
        return new org.bouncycastle.jce.b(org.bouncycastle.asn1.v.c.a(this.b.f().i()));
    }

    @Override // java.security.cert.X509CRL
    public X500Principal getIssuerX500Principal() {
        try {
            return new X500Principal(this.b.f().getEncoded());
        } catch (IOException unused) {
            throw new IllegalStateException("can't encode issuer DN");
        }
    }

    @Override // java.security.cert.X509CRL
    public Date getNextUpdate() {
        u h = this.b.h();
        if (h == null) {
            return null;
        }
        return h.b();
    }

    @Override // java.security.cert.X509Extension
    public Set getNonCriticalExtensionOIDs() {
        return a(false);
    }

    @Override // java.security.cert.X509CRL
    public X509CRLEntry getRevokedCertificate(BigInteger bigInteger) {
        k a2;
        Enumeration b = this.b.b();
        org.bouncycastle.asn1.v.c cVar = null;
        while (b.hasMoreElements()) {
            s.a aVar = (s.a) b.nextElement();
            if (aVar.a().a(bigInteger)) {
                return new c(aVar, this.e, cVar);
            }
            if (this.e && aVar.d() && (a2 = aVar.c().a(k.n)) != null) {
                cVar = org.bouncycastle.asn1.v.c.a(n.a(a2.d()).a()[0].b());
            }
        }
        return null;
    }

    @Override // java.security.cert.X509CRL
    public Set getRevokedCertificates() {
        Set a2 = a();
        if (a2.isEmpty()) {
            return null;
        }
        return Collections.unmodifiableSet(a2);
    }

    @Override // java.security.cert.X509CRL
    public String getSigAlgName() {
        return this.c;
    }

    @Override // java.security.cert.X509CRL
    public String getSigAlgOID() {
        return this.b.c().a().b();
    }

    @Override // java.security.cert.X509CRL
    public byte[] getSigAlgParams() {
        return org.bouncycastle.util.a.b(this.d);
    }

    @Override // java.security.cert.X509CRL
    public byte[] getSignature() {
        return this.b.d().c();
    }

    @Override // java.security.cert.X509CRL
    public byte[] getTBSCertList() throws CRLException {
        try {
            return this.b.a().a("DER");
        } catch (IOException e) {
            throw new CRLException(e.toString());
        }
    }

    @Override // java.security.cert.X509CRL
    public Date getThisUpdate() {
        return this.b.g().b();
    }

    @Override // java.security.cert.X509CRL
    public int getVersion() {
        return this.b.e();
    }

    @Override // java.security.cert.X509Extension
    public boolean hasUnsupportedCriticalExtension() {
        Set criticalExtensionOIDs = getCriticalExtensionOIDs();
        if (criticalExtensionOIDs == null) {
            return false;
        }
        criticalExtensionOIDs.remove(k.m.b());
        criticalExtensionOIDs.remove(k.l.b());
        return !criticalExtensionOIDs.isEmpty();
    }

    @Override // java.security.cert.CRL
    public boolean isRevoked(Certificate certificate) {
        org.bouncycastle.asn1.v.c d;
        k a2;
        if (!certificate.getType().equals("X.509")) {
            throw new IllegalArgumentException("X.509 CRL used with non X.509 Cert");
        }
        Enumeration b = this.b.b();
        org.bouncycastle.asn1.v.c f = this.b.f();
        if (b.hasMoreElements()) {
            X509Certificate x509Certificate = (X509Certificate) certificate;
            BigInteger serialNumber = x509Certificate.getSerialNumber();
            while (b.hasMoreElements()) {
                s.a a3 = s.a.a(b.nextElement());
                if (this.e && a3.d() && (a2 = a3.c().a(k.n)) != null) {
                    f = org.bouncycastle.asn1.v.c.a(n.a(a2.d()).a()[0].b());
                }
                if (a3.a().a(serialNumber)) {
                    if (certificate instanceof X509Certificate) {
                        d = org.bouncycastle.asn1.v.c.a(x509Certificate.getIssuerX500Principal().getEncoded());
                    } else {
                        try {
                            d = org.bouncycastle.asn1.x509.f.a(certificate.getEncoded()).d();
                        } catch (CertificateEncodingException e) {
                            throw new IllegalArgumentException("Cannot process certificate: " + e.getMessage());
                        }
                    }
                    return f.equals(d);
                }
            }
        }
        return false;
    }

    @Override // java.security.cert.CRL
    public String toString() {
        StringBuffer append;
        Object a2;
        StringBuffer stringBuffer = new StringBuffer();
        String a3 = Strings.a();
        stringBuffer.append("              Version: ").append(getVersion()).append(a3);
        stringBuffer.append("             IssuerDN: ").append(getIssuerDN()).append(a3);
        stringBuffer.append("          This update: ").append(getThisUpdate()).append(a3);
        stringBuffer.append("          Next update: ").append(getNextUpdate()).append(a3);
        stringBuffer.append("  Signature Algorithm: ").append(getSigAlgName()).append(a3);
        f.a(getSignature(), stringBuffer, a3);
        l g = this.b.a().g();
        if (g != null) {
            Enumeration a4 = g.a();
            if (a4.hasMoreElements()) {
                stringBuffer.append("           Extensions: ").append(a3);
            }
            while (a4.hasMoreElements()) {
                o oVar = (o) a4.nextElement();
                k a5 = g.a(oVar);
                if (a5.c() != null) {
                    org.bouncycastle.asn1.k kVar = new org.bouncycastle.asn1.k(a5.c().c());
                    stringBuffer.append("                       critical(").append(a5.b()).append(") ");
                    try {
                        if (oVar.b(k.h)) {
                            a2 = new org.bouncycastle.asn1.x509.d(org.bouncycastle.asn1.l.a((Object) kVar.c()).b());
                        } else {
                            if (oVar.b(k.l)) {
                                append = stringBuffer.append("Base CRL: " + new org.bouncycastle.asn1.x509.d(org.bouncycastle.asn1.l.a((Object) kVar.c()).b()));
                            } else if (oVar.b(k.m)) {
                                a2 = org.bouncycastle.asn1.x509.o.a(kVar.c());
                            } else if (oVar.b(k.p)) {
                                a2 = org.bouncycastle.asn1.x509.c.a(kVar.c());
                            } else if (oVar.b(k.v)) {
                                a2 = org.bouncycastle.asn1.x509.c.a(kVar.c());
                            } else {
                                stringBuffer.append(oVar.b());
                                append = stringBuffer.append(" value = ").append(org.bouncycastle.asn1.u.a.a(kVar.c()));
                            }
                            append.append(a3);
                        }
                        append = stringBuffer.append(a2);
                        append.append(a3);
                    } catch (Exception unused) {
                        stringBuffer.append(oVar.b());
                        stringBuffer.append(" value = ").append("*****").append(a3);
                    }
                } else {
                    stringBuffer.append(a3);
                }
            }
        }
        Set revokedCertificates = getRevokedCertificates();
        if (revokedCertificates != null) {
            Iterator it = revokedCertificates.iterator();
            while (it.hasNext()) {
                stringBuffer.append(it.next());
                stringBuffer.append(a3);
            }
        }
        return stringBuffer.toString();
    }

    @Override // java.security.cert.X509CRL
    public void verify(PublicKey publicKey) throws CRLException, NoSuchAlgorithmException, InvalidKeyException, NoSuchProviderException, SignatureException {
        a(publicKey, new b() { // from class: org.bouncycastle.jcajce.provider.asymmetric.x509.d.1
            @Override // org.bouncycastle.jcajce.provider.asymmetric.x509.b
            public Signature a(String str) throws NoSuchAlgorithmException, NoSuchProviderException {
                try {
                    return d.this.f7037a.f(str);
                } catch (Exception unused) {
                    return Signature.getInstance(str);
                }
            }
        });
    }

    @Override // java.security.cert.X509CRL
    public void verify(PublicKey publicKey, final String str) throws CRLException, NoSuchAlgorithmException, InvalidKeyException, NoSuchProviderException, SignatureException {
        a(publicKey, new b() { // from class: org.bouncycastle.jcajce.provider.asymmetric.x509.d.2
            @Override // org.bouncycastle.jcajce.provider.asymmetric.x509.b
            public Signature a(String str2) throws NoSuchAlgorithmException, NoSuchProviderException {
                String str3 = str;
                return str3 != null ? Signature.getInstance(str2, str3) : Signature.getInstance(str2);
            }
        });
    }

    @Override // java.security.cert.X509CRL
    public void verify(PublicKey publicKey, final Provider provider) throws CRLException, NoSuchAlgorithmException, InvalidKeyException, SignatureException {
        try {
            a(publicKey, new b() { // from class: org.bouncycastle.jcajce.provider.asymmetric.x509.d.3
                @Override // org.bouncycastle.jcajce.provider.asymmetric.x509.b
                public Signature a(String str) throws NoSuchAlgorithmException, NoSuchProviderException {
                    return provider != null ? Signature.getInstance(d.this.getSigAlgName(), provider) : Signature.getInstance(d.this.getSigAlgName());
                }
            });
        } catch (NoSuchProviderException e) {
            throw new NoSuchAlgorithmException("provider issue: " + e.getMessage());
        }
    }
}
