package mitm.common.security.crl;

import java.io.IOException;
import java.math.BigInteger;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PublicKey;
import java.security.SignatureException;
import java.security.cert.CRL;
import java.security.cert.CRLException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.X509CRL;
import java.security.cert.X509CRLEntry;
import java.security.cert.X509CRLSelector;
import java.security.cert.X509Certificate;
import java.util.Arrays;
import java.util.Collections;
import java.util.Date;
import java.util.HashSet;
import java.util.Iterator;
import java.util.LinkedList;
import java.util.List;
import java.util.Set;
import javax.security.auth.x500.X500Principal;
import mitm.common.security.SecurityFactory;
import mitm.common.security.SecurityFactoryFactory;
import mitm.common.security.asn1.ASN1Utils;
import mitm.common.security.certificate.X509CertificateInspector;
import mitm.common.security.crlstore.BasicCRLStore;
import mitm.common.security.crlstore.CRLStoreException;
import mitm.common.util.Check;
import mitm.common.util.CloseableIterator;
import mitm.common.util.CloseableIteratorException;
import mitm.common.util.CollectionUtils;
import mitm.common.util.LogUtils;
import org.apache.commons.lang.text.StrBuilder;
import org.bouncycastle.asn1.ASN1Encodable;
import org.bouncycastle.asn1.ASN1EncodableVector;
import org.bouncycastle.asn1.ASN1Encoding;
import org.bouncycastle.asn1.DERSequence;
import org.bouncycastle.asn1.x500.X500Name;
import org.bouncycastle.asn1.x509.AuthorityKeyIdentifier;
import org.bouncycastle.asn1.x509.BasicConstraints;
import org.bouncycastle.asn1.x509.CRLDistPoint;
import org.bouncycastle.asn1.x509.DistributionPoint;
import org.bouncycastle.asn1.x509.DistributionPointName;
import org.bouncycastle.asn1.x509.GeneralName;
import org.bouncycastle.asn1.x509.GeneralNames;
import org.bouncycastle.asn1.x509.IssuingDistributionPoint;
import org.bouncycastle.asn1.x509.ReasonFlags;
import org.bouncycastle.asn1.x509.X509Extension;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: classes2.dex */
public class PKIXRevocationChecker implements RevocationChecker {
    private static final Logger logger = LoggerFactory.getLogger((Class<?>) PKIXRevocationChecker.class);
    private final Set<BasicCRLStore> crlStores = Collections.synchronizedSet(new HashSet());
    final int allReasons = 33023;
    private final SecurityFactory securityFactory = SecurityFactoryFactory.getSecurityFactory();

    /* JADX INFO: Access modifiers changed from: package-private */
    /* renamed from: mitm.common.security.crl.PKIXRevocationChecker$1, reason: invalid class name */
    /* loaded from: classes2.dex */
    public static /* synthetic */ class AnonymousClass1 {
        static final /* synthetic */ int[] $SwitchMap$mitm$common$security$crl$RevocationStatus;

        static {
            int[] iArr = new int[RevocationStatus.values().length];
            $SwitchMap$mitm$common$security$crl$RevocationStatus = iArr;
            try {
                iArr[RevocationStatus.NOT_REVOKED.ordinal()] = 1;
            } catch (NoSuchFieldError unused) {
            }
            try {
                $SwitchMap$mitm$common$security$crl$RevocationStatus[RevocationStatus.EXPIRED.ordinal()] = 2;
            } catch (NoSuchFieldError unused2) {
            }
            try {
                $SwitchMap$mitm$common$security$crl$RevocationStatus[RevocationStatus.UNKNOWN.ordinal()] = 3;
            } catch (NoSuchFieldError unused3) {
            }
            try {
                $SwitchMap$mitm$common$security$crl$RevocationStatus[RevocationStatus.UNSUPPORTED_CRITICAL_EXTENSION.ordinal()] = 4;
            } catch (NoSuchFieldError unused4) {
            }
            try {
                $SwitchMap$mitm$common$security$crl$RevocationStatus[RevocationStatus.REVOKED.ordinal()] = 5;
            } catch (NoSuchFieldError unused5) {
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: classes2.dex */
    public enum DeltaCRLStatus {
        OK,
        UNKNOWN,
        UNSUPPORTED_CRITICAL_EXTENSION
    }

    /* JADX INFO: Access modifiers changed from: protected */
    /* loaded from: classes2.dex */
    public static class RevocationDetailImpl implements RevocationDetail {
        private Date nextUpdate;
        private RevocationReason reason;
        private final RevocationStatus status;

        public RevocationDetailImpl() {
            this.status = RevocationStatus.UNKNOWN;
            this.reason = null;
        }

        public RevocationDetailImpl(RevocationStatus revocationStatus) {
            Check.notNull(revocationStatus, "status");
            this.status = revocationStatus;
            this.reason = null;
        }

        public RevocationDetailImpl(RevocationStatus revocationStatus, int i) {
            Check.notNull(revocationStatus, "status");
            this.status = revocationStatus;
            this.reason = RevocationReason.fromTag(i);
        }

        public RevocationDetailImpl(RevocationStatus revocationStatus, Date date) {
            Check.notNull(revocationStatus, "status");
            this.status = revocationStatus;
            this.reason = null;
            this.nextUpdate = date;
        }

        @Override // mitm.common.security.crl.RevocationDetail
        public Date getNextUpdate() {
            return this.nextUpdate;
        }

        @Override // mitm.common.security.crl.RevocationDetail
        public RevocationReason getReason() {
            return this.reason;
        }

        @Override // mitm.common.security.crl.RevocationDetail
        public RevocationStatus getStatus() {
            return this.status;
        }

        public String toString() {
            StringBuilder sb = new StringBuilder();
            sb.append("Status: " + this.status.toString());
            if (this.reason != null) {
                sb.append("; Reason: " + this.reason.getFriendlyName());
            }
            if (this.nextUpdate != null) {
                sb.append("; nextUpdate: " + this.nextUpdate);
            }
            return sb.toString();
        }
    }

    /* loaded from: classes2.dex */
    protected static class RevocationResultImpl implements RevocationResult {
        private final RevocationDetail[] details;

        public RevocationResultImpl(int i) {
            this.details = new RevocationDetail[i];
            int i2 = 0;
            while (true) {
                RevocationDetail[] revocationDetailArr = this.details;
                if (i2 >= revocationDetailArr.length) {
                    return;
                }
                revocationDetailArr[i2] = new RevocationDetailImpl();
                i2++;
            }
        }

        private int getImportanceLevel(RevocationDetail revocationDetail) {
            int i = AnonymousClass1.$SwitchMap$mitm$common$security$crl$RevocationStatus[revocationDetail.getStatus().ordinal()];
            if (i == 1) {
                return 0;
            }
            if (i == 2) {
                return 1;
            }
            if (i == 3) {
                return 2;
            }
            if (i == 4) {
                return 3;
            }
            if (i == 5) {
                return 4;
            }
            PKIXRevocationChecker.logger.warn("Unknown revocation status.");
            return Integer.MAX_VALUE;
        }

        private RevocationDetail getOveralDetail() {
            RevocationDetail revocationDetail = null;
            int i = -1;
            for (RevocationDetail revocationDetail2 : this.details) {
                int importanceLevel = getImportanceLevel(revocationDetail2);
                if (importanceLevel > i) {
                    revocationDetail = revocationDetail2;
                    i = importanceLevel;
                }
            }
            return revocationDetail == null ? new RevocationDetailImpl(RevocationStatus.UNKNOWN) : revocationDetail;
        }

        @Override // mitm.common.security.crl.RevocationResult
        public RevocationDetail[] getDetails() {
            return this.details;
        }

        @Override // mitm.common.security.crl.RevocationResult
        public RevocationReason getReason() {
            return getOveralDetail().getReason();
        }

        @Override // mitm.common.security.crl.RevocationResult
        public RevocationStatus getStatus() {
            return getOveralDetail().getStatus();
        }

        public String toString() {
            StrBuilder strBuilder = new StrBuilder(1024);
            strBuilder.appendAll(this.details);
            return strBuilder.toString();
        }
    }

    public PKIXRevocationChecker(BasicCRLStore... basicCRLStoreArr) {
        for (BasicCRLStore basicCRLStore : basicCRLStoreArr) {
            this.crlStores.add(basicCRLStore);
        }
    }

    private boolean acceptCRL(X509Certificate x509Certificate, X509CRL x509crl, PublicKey publicKey, Date date) {
        try {
            x509crl.verify(publicKey, this.securityFactory.getNonSensitiveProvider());
            try {
                return preFilter(x509Certificate, x509crl);
            } catch (IOException e) {
                logger.error("IO Error pre-filtering the CRL and certificate.", (Throwable) e);
                return false;
            }
        } catch (SignatureException e2) {
            LogUtils.logWarnStackTraceOnDebug(logger, "CRL could not be verified. Hash not correct", e2);
            return false;
        } catch (Exception e3) {
            LogUtils.logErrorStackTraceOnDebug(logger, "CRL could not be verified.", e3);
            return false;
        }
    }

    private boolean acceptCRL_6_3_3_b(X509Certificate x509Certificate, X509CRL x509crl) throws IOException {
        boolean z;
        if (X509CRLInspector.isDeltaCRL(x509crl)) {
            return false;
        }
        if (!x509crl.getIssuerX500Principal().equals(x509Certificate.getIssuerX500Principal())) {
            logger.debug("CRL issuer and certificate issuer do not match.");
            return false;
        }
        IssuingDistributionPoint issuingDistributionPoint = X509CRLInspector.getIssuingDistributionPoint(x509crl);
        if (issuingDistributionPoint == null) {
            return true;
        }
        DistributionPointName distributionPoint = issuingDistributionPoint.getDistributionPoint();
        CRLDistPoint cRLDistibutionPoints = X509CertificateInspector.getCRLDistibutionPoints(x509Certificate);
        DistributionPoint[] distributionPoints = cRLDistibutionPoints != null ? cRLDistibutionPoints.getDistributionPoints() : null;
        if (distributionPoints != null) {
            int length = distributionPoints.length;
            int i = 0;
            while (true) {
                if (i >= length) {
                    z = false;
                    break;
                }
                DistributionPoint distributionPoint2 = distributionPoints[i];
                if (distributionPoint2 != null) {
                    if (distributionPoint2.getCRLIssuer() == null) {
                        DistributionPointName distributionPoint3 = distributionPoint2.getDistributionPoint();
                        if (issuingDistributionPoint != null && distributionPoint != null && distributionPoint3 != null && hasMatchingName(distributionPoint, distributionPoint3, x509Certificate.getIssuerX500Principal())) {
                            z = true;
                            break;
                        }
                    } else {
                        logger.debug("CRL issuer should only be used for indirect CRLs.");
                    }
                } else {
                    logger.debug("Distributionpoint is null.");
                }
                i++;
            }
            if (!z) {
                logger.debug("The CRL did not contain matching DistributionPoint names.");
            }
        } else {
            z = distributionPoint == null;
        }
        BasicConstraints basicConstraints = X509CertificateInspector.getBasicConstraints(x509Certificate);
        if (issuingDistributionPoint != null) {
            if (issuingDistributionPoint.onlyContainsCACerts()) {
                if ((basicConstraints == null) | ((basicConstraints == null || basicConstraints.isCA()) ? false : true)) {
                    logger.debug("Certificate is a user certificate but CRL only contains CA certificate.");
                    z = false;
                }
            }
            if (issuingDistributionPoint.onlyContainsUserCerts() && basicConstraints != null && basicConstraints.isCA()) {
                logger.debug("Certificate is a CA but CRL only contains user certificates.");
                z = false;
            }
            if (issuingDistributionPoint.onlyContainsAttributeCerts()) {
                logger.debug("Certificate only contains attribute certs.");
                return false;
            }
        }
        return z;
    }

    private boolean checkDeltaCRL_6_3_3_b(X509Certificate x509Certificate, X509CRL x509crl, X509CRL x509crl2) throws IOException {
        if (!X509CRLInspector.isDeltaCRL(x509crl)) {
            logger.debug("CRL is not a delta CRL.");
            return false;
        }
        if (X509CRLInspector.isDeltaCRL(x509crl2)) {
            logger.debug("CRL is not a base CRL it's a delta CRL.");
            return false;
        }
        if (!x509crl.getIssuerX500Principal().equals(x509crl2.getIssuerX500Principal())) {
            logger.debug("Delta CRL issuer does not match Base CRL issuer.");
            return false;
        }
        IssuingDistributionPoint issuingDistributionPoint = X509CRLInspector.getIssuingDistributionPoint(x509crl);
        IssuingDistributionPoint issuingDistributionPoint2 = X509CRLInspector.getIssuingDistributionPoint(x509crl2);
        if (issuingDistributionPoint2 != null) {
            if (!issuingDistributionPoint2.equals(issuingDistributionPoint)) {
                logger.debug("The Base CRL has a non matching IssuingDistributionPoint.");
                return false;
            }
        } else if (issuingDistributionPoint != null) {
            logger.debug("The Delta CRL has a non matching IssuingDistributionPoint.");
            return false;
        }
        AuthorityKeyIdentifier authorityKeyIdentifier = X509CRLInspector.getAuthorityKeyIdentifier(x509crl2);
        AuthorityKeyIdentifier authorityKeyIdentifier2 = X509CRLInspector.getAuthorityKeyIdentifier(x509crl);
        if (authorityKeyIdentifier != null) {
            if (authorityKeyIdentifier.equals(authorityKeyIdentifier2)) {
                return true;
            }
            logger.debug("Base AuthorityKeyIdentifier does not match Delta AuthorityKeyIdentifier.");
            return false;
        }
        if (authorityKeyIdentifier2 == null) {
            return true;
        }
        logger.debug("Delta AuthorityKeyIdentifier does not match Base AuthorityKeyIdentifier.");
        return false;
    }

    private List<X509CRL> findCRLs(X509Certificate x509Certificate, X509CRLSelector x509CRLSelector, PublicKey publicKey, Date date) throws NoSuchProviderException {
        LinkedList linkedList = new LinkedList();
        Iterator<BasicCRLStore> it = this.crlStores.iterator();
        while (it.hasNext()) {
            try {
                CloseableIterator<? extends CRL> cRLIterator = it.next().getCRLIterator(x509CRLSelector);
                while (cRLIterator.hasNext()) {
                    try {
                        CRL next = cRLIterator.next();
                        if (next instanceof X509CRL) {
                            X509CRL x509crl = (X509CRL) next;
                            if (acceptCRL(x509Certificate, x509crl, publicKey, date)) {
                                linkedList.add(x509crl);
                            }
                        } else {
                            logger.warn("Only X509CRLs are supported. Skipping this CRL.");
                        }
                    } catch (Throwable th) {
                        cRLIterator.close();
                        throw th;
                        break;
                    }
                }
                cRLIterator.close();
            } catch (CRLStoreException e) {
                logger.error("Error getting CRLs. Skipping this store.", (Throwable) e);
            } catch (CloseableIteratorException e2) {
                logger.error("Error stepping through the CRL store. Skipping this store.", (Throwable) e2);
            }
        }
        return linkedList;
    }

    private DeltaCRLStatus getDeltaCRLStatus(X509Certificate x509Certificate, X509CRL x509crl, PublicKey publicKey, Date date) throws NoSuchProviderException {
        BigInteger bigInteger;
        DeltaCRLStatus deltaCRLStatus = DeltaCRLStatus.UNKNOWN;
        try {
            BigInteger deltaIndicator = X509CRLInspector.getDeltaIndicator(x509crl);
            X509CRLSelector x509CRLSelector = new X509CRLSelector();
            x509CRLSelector.addIssuer(x509crl.getIssuerX500Principal());
            x509CRLSelector.setMinCRLNumber(deltaIndicator);
            try {
                bigInteger = X509CRLInspector.getCRLNumber(x509crl);
            } catch (IOException e) {
                logger.error("Error getting CRLNumber extension from the delta CRL.", (Throwable) e);
                bigInteger = null;
            }
            if (bigInteger != null) {
                x509CRLSelector.setMaxCRLNumber(bigInteger.subtract(BigInteger.valueOf(1L)));
                for (X509CRL x509crl2 : findCRLs(x509Certificate, x509CRLSelector, publicKey, date)) {
                    try {
                    } catch (IOException e2) {
                        logger.error("Error executing checkDeltaCRL_6_3_3_b.", (Throwable) e2);
                    }
                    if (checkDeltaCRL_6_3_3_b(x509Certificate, x509crl, x509crl2)) {
                        deltaCRLStatus = DeltaCRLStatus.OK;
                        break;
                    }
                    if (hasUnsupportedCriticalExtensions(x509crl2)) {
                        logger.warn("The base CRL has unsupported critical extensions.");
                        deltaCRLStatus = DeltaCRLStatus.UNSUPPORTED_CRITICAL_EXTENSION;
                    }
                }
            }
            return deltaCRLStatus;
        } catch (IOException e3) {
            logger.error("Error getting base CRL number", (Throwable) e3);
            return DeltaCRLStatus.UNKNOWN;
        }
    }

    private X500Name getFullName(X500Principal x500Principal, DistributionPointName distributionPointName) throws IOException {
        ASN1Encodable name = distributionPointName.getName();
        if (name == null) {
            return null;
        }
        ASN1EncodableVector aSN1EncodableVector = ASN1Utils.toASN1EncodableVector(x500Principal);
        aSN1EncodableVector.add(name);
        return X500Name.getInstance(new DERSequence(aSN1EncodableVector).getEncoded(ASN1Encoding.DER));
    }

    private int getInterimReasonsMask(X509Certificate x509Certificate, X509CRL x509crl) throws IOException {
        int intValue;
        IssuingDistributionPoint issuingDistributionPoint = X509CRLInspector.getIssuingDistributionPoint(x509crl);
        CRLDistPoint cRLDistibutionPoints = X509CertificateInspector.getCRLDistibutionPoints(x509Certificate);
        DistributionPoint[] distributionPoints = cRLDistibutionPoints != null ? cRLDistibutionPoints.getDistributionPoints() : null;
        int i = 0;
        if (issuingDistributionPoint == null || issuingDistributionPoint.getOnlySomeReasons() == null) {
            if (distributionPoints == null) {
                return 33023;
            }
            int length = distributionPoints.length;
            int i2 = 0;
            while (i < length) {
                DistributionPoint distributionPoint = distributionPoints[i];
                if (distributionPoint == null) {
                    logger.debug("Distributionpoint is null.");
                } else {
                    i2 = distributionPoint.getReasons() != null ? i2 | distributionPoint.getReasons().intValue() : i2 | 33023;
                }
                i++;
            }
            return i2;
        }
        ReasonFlags onlySomeReasons = issuingDistributionPoint.getOnlySomeReasons();
        if (distributionPoints == null) {
            return onlySomeReasons.intValue();
        }
        int length2 = distributionPoints.length;
        int i3 = 0;
        while (i < length2) {
            DistributionPoint distributionPoint2 = distributionPoints[i];
            if (distributionPoint2 == null) {
                logger.debug("Distributionpoint is null.");
            } else {
                if (distributionPoint2.getReasons() != null) {
                    intValue = distributionPoint2.getReasons().intValue() & onlySomeReasons.intValue();
                } else {
                    intValue = onlySomeReasons.intValue();
                }
                i3 |= intValue;
            }
            i++;
        }
        return i3;
    }

    private RevocationDetail getRevocationDetail(List<X509CRL> list, X509Certificate x509Certificate, X509Certificate x509Certificate2, PublicKey publicKey, Date date) throws NoSuchProviderException {
        Integer num;
        RevocationDetailImpl revocationDetailImpl = new RevocationDetailImpl(RevocationStatus.UNKNOWN);
        Iterator<X509CRL> it = list.iterator();
        boolean z = false;
        int i = 0;
        while (true) {
            if (!it.hasNext()) {
                break;
            }
            X509CRL next = it.next();
            X509CRLEntry revokedCertificate = next.getRevokedCertificate(x509Certificate.getSerialNumber());
            if (revokedCertificate != null) {
                Date revocationDate = revokedCertificate.getRevocationDate();
                if (revocationDate == null || !date.before(revocationDate)) {
                    try {
                        num = X509CRLEntryInspector.getReasonCode(revokedCertificate);
                    } catch (IOException e) {
                        logger.error("Error retrieving reasonCode.", (Throwable) e);
                        num = null;
                    }
                    revocationDetailImpl = num != null ? new RevocationDetailImpl(RevocationStatus.REVOKED, num.intValue()) : new RevocationDetailImpl(RevocationStatus.REVOKED);
                } else if (date.before(revocationDate)) {
                    logger.info("Certificate is revoked in the future.");
                }
            }
            if (hasUnsupportedCriticalExtensions(next)) {
                logger.debug("The CRL has unsupported critical extensions.");
                revocationDetailImpl = new RevocationDetailImpl(RevocationStatus.UNSUPPORTED_CRITICAL_EXTENSION);
            } else if (next.getThisUpdate() == null || !x509Certificate.getNotAfter().before(next.getThisUpdate())) {
                try {
                    if (X509CRLInspector.isDeltaCRL(next)) {
                        DeltaCRLStatus deltaCRLStatus = getDeltaCRLStatus(x509Certificate, next, publicKey, date);
                        if (deltaCRLStatus == DeltaCRLStatus.UNSUPPORTED_CRITICAL_EXTENSION) {
                            revocationDetailImpl = new RevocationDetailImpl(RevocationStatus.UNSUPPORTED_CRITICAL_EXTENSION);
                        } else if (deltaCRLStatus == DeltaCRLStatus.UNKNOWN) {
                        }
                    } else if (!acceptCRL_6_3_3_b(x509Certificate, next)) {
                        logger.debug("CRL not valid according to acceptCRL_6_3_3_b.");
                    }
                    if (next.getNextUpdate() == null || !date.after(next.getNextUpdate())) {
                        try {
                            i = getInterimReasonsMask(x509Certificate, next) | i;
                            z = true;
                        } catch (IOException e2) {
                            logger.error("Error getting interim mask.", (Throwable) e2);
                        }
                    } else {
                        logger.debug("The CRL next update is overdue.");
                        if (revocationDetailImpl.getStatus() != RevocationStatus.EXPIRED || revocationDetailImpl.getNextUpdate() == null) {
                            revocationDetailImpl = new RevocationDetailImpl(RevocationStatus.EXPIRED, next.getNextUpdate());
                        } else if (next.getNextUpdate().after(revocationDetailImpl.getNextUpdate())) {
                            revocationDetailImpl = new RevocationDetailImpl(RevocationStatus.EXPIRED, next.getNextUpdate());
                        }
                    }
                } catch (IOException e3) {
                    logger.error("Error inspecting CRL.", (Throwable) e3);
                }
            } else {
                logger.info("Certificate has expired before the CRL was valid.");
            }
        }
        if (!z || revocationDetailImpl.getStatus() == RevocationStatus.REVOKED) {
            return revocationDetailImpl;
        }
        if (i == 33023) {
            return new RevocationDetailImpl(RevocationStatus.NOT_REVOKED);
        }
        logger.debug("Not all reasons were covered.");
        return new RevocationDetailImpl(RevocationStatus.UNKNOWN);
    }

    private boolean hasMatchingName(X500Name x500Name, GeneralName[] generalNameArr) {
        if (x500Name != null && generalNameArr != null) {
            for (GeneralName generalName : generalNameArr) {
                if (generalName.getTagNo() == 4 && x500Name.equals(X500Name.getInstance(generalName.getName()))) {
                    return true;
                }
            }
        }
        return false;
    }

    private boolean hasMatchingName(DistributionPointName distributionPointName, DistributionPointName distributionPointName2, X500Principal x500Principal) throws IOException {
        GeneralName[] names;
        X500Name x500Name;
        X500Name x500Name2;
        if (distributionPointName == null && distributionPointName2 == null) {
            return true;
        }
        if (distributionPointName == null || distributionPointName2 == null) {
            return false;
        }
        GeneralName[] generalNameArr = null;
        if (distributionPointName.getType() == 1) {
            x500Name = getFullName(x500Principal, distributionPointName);
            names = null;
        } else {
            names = GeneralNames.getInstance(distributionPointName.getName()).getNames();
            x500Name = null;
        }
        if (distributionPointName2.getType() == 1) {
            x500Name2 = getFullName(x500Principal, distributionPointName2);
        } else {
            generalNameArr = GeneralNames.getInstance(distributionPointName2.getName()).getNames();
            x500Name2 = null;
        }
        return (names == null || generalNameArr == null) ? (x500Name == null || x500Name2 == null) ? x500Name != null ? hasMatchingName(x500Name, generalNameArr) : hasMatchingName(x500Name2, names) : x500Name.equals(x500Name2) : CollectionUtils.containsAny(Arrays.asList(names), Arrays.asList(generalNameArr));
    }

    private boolean hasUnsupportedCriticalExtensions(X509CRL x509crl) {
        Set<String> criticalExtensionOIDs = x509crl.getCriticalExtensionOIDs();
        if (criticalExtensionOIDs != null) {
            criticalExtensionOIDs.remove(X509Extension.issuingDistributionPoint.getId());
            criticalExtensionOIDs.remove(X509Extension.deltaCRLIndicator.getId());
            criticalExtensionOIDs.remove(X509Extension.cRLNumber.getId());
            criticalExtensionOIDs.remove(X509Extension.authorityKeyIdentifier.getId());
        }
        return criticalExtensionOIDs != null && criticalExtensionOIDs.size() > 0;
    }

    private boolean preFilter(X509Certificate x509Certificate, X509CRL x509crl) throws IOException {
        IssuingDistributionPoint issuingDistributionPoint = X509CRLInspector.getIssuingDistributionPoint(x509crl);
        if (issuingDistributionPoint != null && issuingDistributionPoint.isIndirectCRL()) {
            logger.debug("CRL is indirect.");
            return false;
        }
        if (x509crl.getIssuerX500Principal().equals(x509Certificate.getIssuerX500Principal())) {
            return true;
        }
        logger.debug("CRL issuer and certificate issuer do not match.");
        return false;
    }

    private X509Certificate toX509Certificate(Certificate certificate) {
        if (certificate instanceof X509Certificate) {
            return (X509Certificate) certificate;
        }
        throw new IllegalArgumentException("Only X509Certificates are supported.");
    }

    private void verifyCertificate(X509Certificate x509Certificate, PublicKey publicKey) throws CRLException {
        try {
            x509Certificate.verify(publicKey, this.securityFactory.getNonSensitiveProvider());
        } catch (InvalidKeyException e) {
            throw new CRLException("Certificate verification failed.", e);
        } catch (NoSuchAlgorithmException e2) {
            throw new CRLException("Certificate verification failed.", e2);
        } catch (NoSuchProviderException e3) {
            throw new CRLException("Certificate verification failed.", e3);
        } catch (SignatureException e4) {
            throw new CRLException("Certificate verification failed.", e4);
        } catch (CertificateException e5) {
            throw new CRLException("Certificate verification failed.", e5);
        }
    }

    /* JADX WARN: Code restructure failed: missing block: B:31:0x00c1, code lost:
    
        r14 = mitm.common.security.crl.PKIXRevocationChecker.logger;
        r14.warn("Certificate is revoked.");
     */
    /* JADX WARN: Code restructure failed: missing block: B:32:0x00cc, code lost:
    
        if (r14.isDebugEnabled() == false) goto L33;
     */
    /* JADX WARN: Code restructure failed: missing block: B:33:0x00ce, code lost:
    
        r14.debug("Revoked certificate: " + r3);
     */
    /* JADX WARN: Removed duplicated region for block: B:12:0x0074  */
    /* JADX WARN: Removed duplicated region for block: B:29:0x00e5 A[LOOP:0: B:2:0x0018->B:29:0x00e5, LOOP_END] */
    /* JADX WARN: Removed duplicated region for block: B:30:0x00c1 A[EDGE_INSN: B:30:0x00c1->B:31:0x00c1 BREAK  A[LOOP:0: B:2:0x0018->B:29:0x00e5], SYNTHETIC] */
    @Override // mitm.common.security.crl.RevocationChecker
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public mitm.common.security.crl.RevocationResult getRevocationStatus(java.security.cert.CertPath r12, java.security.cert.TrustAnchor r13, java.util.Date r14) throws java.security.cert.CRLException {
        /*
            Method dump skipped, instructions count: 286
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: mitm.common.security.crl.PKIXRevocationChecker.getRevocationStatus(java.security.cert.CertPath, java.security.cert.TrustAnchor, java.util.Date):mitm.common.security.crl.RevocationResult");
    }
}
