package org.bouncycastle.pkix.jcajce;

import java.io.IOException;
import java.security.PublicKey;
import java.security.cert.CertPathBuilder;
import java.security.cert.CertPathBuilderException;
import java.security.cert.CertPathValidatorException;
import java.security.cert.Certificate;
import java.security.cert.X509CRL;
import java.security.cert.X509CRLSelector;
import java.security.cert.X509CertSelector;
import java.security.cert.X509Certificate;
import java.security.cert.X509Extension;
import java.util.ArrayList;
import java.util.Date;
import java.util.Enumeration;
import java.util.HashSet;
import java.util.Iterator;
import java.util.LinkedHashSet;
import java.util.List;
import java.util.Set;
import org.bouncycastle.asn1.ASN1Encodable;
import org.bouncycastle.asn1.ASN1EncodableVector;
import org.bouncycastle.asn1.ASN1ObjectIdentifier;
import org.bouncycastle.asn1.ASN1Primitive;
import org.bouncycastle.asn1.ASN1Sequence;
import org.bouncycastle.asn1.DERSequence;
import org.bouncycastle.asn1.x500.X500Name;
import org.bouncycastle.asn1.x509.BasicConstraints;
import org.bouncycastle.asn1.x509.CRLDistPoint;
import org.bouncycastle.asn1.x509.DistributionPoint;
import org.bouncycastle.asn1.x509.DistributionPointName;
import org.bouncycastle.asn1.x509.Extension;
import org.bouncycastle.asn1.x509.GeneralName;
import org.bouncycastle.asn1.x509.GeneralNames;
import org.bouncycastle.asn1.x509.IssuingDistributionPoint;
import org.bouncycastle.jcajce.PKIXCRLStoreSelector;
import org.bouncycastle.jcajce.PKIXCertStoreSelector;
import org.bouncycastle.jcajce.PKIXExtendedBuilderParameters;
import org.bouncycastle.jcajce.PKIXExtendedParameters;
import org.bouncycastle.jcajce.util.JcaJceHelper;
import org.bouncycastle.util.Arrays;

/* loaded from: classes13.dex */
class RFC3280CertPathUtilities {

    /* renamed from: a, reason: collision with root package name */
    public static final String f49663a = Extension.p.I();

    /* renamed from: b, reason: collision with root package name */
    public static final String f49664b = Extension.y.I();

    /* renamed from: c, reason: collision with root package name */
    public static final String f49665c = Extension.o.I();

    /* renamed from: d, reason: collision with root package name */
    public static final String f49666d = Extension.f43203j.I();

    /* renamed from: e, reason: collision with root package name */
    public static final String f49667e = Extension.v.I();

    /* renamed from: f, reason: collision with root package name */
    public static final int f49668f = 5;

    /* renamed from: g, reason: collision with root package name */
    public static final int f49669g = 6;

    /* JADX WARN: Code restructure failed: missing block: B:65:0x0137, code lost:
    
        return;
     */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public static void a(org.bouncycastle.asn1.x509.DistributionPoint r20, org.bouncycastle.jcajce.PKIXExtendedParameters r21, java.util.Date r22, java.util.Date r23, java.security.cert.X509Certificate r24, java.security.cert.X509Certificate r25, java.security.PublicKey r26, org.bouncycastle.pkix.jcajce.CertStatus r27, org.bouncycastle.pkix.jcajce.ReasonsMask r28, java.util.List r29, org.bouncycastle.jcajce.util.JcaJceHelper r30) throws org.bouncycastle.pkix.jcajce.AnnotatedException, org.bouncycastle.pkix.jcajce.CRLNotFoundException {
        /*
            Method dump skipped, instructions count: 321
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: org.bouncycastle.pkix.jcajce.RFC3280CertPathUtilities.a(org.bouncycastle.asn1.x509.DistributionPoint, org.bouncycastle.jcajce.PKIXExtendedParameters, java.util.Date, java.util.Date, java.security.cert.X509Certificate, java.security.cert.X509Certificate, java.security.PublicKey, org.bouncycastle.pkix.jcajce.CertStatus, org.bouncycastle.pkix.jcajce.ReasonsMask, java.util.List, org.bouncycastle.jcajce.util.JcaJceHelper):void");
    }

    public static Set b(PKIXExtendedParameters pKIXExtendedParameters, Date date, X509Certificate x509Certificate, X509CRL x509crl) throws AnnotatedException {
        HashSet hashSet = new HashSet();
        if (pKIXExtendedParameters.E()) {
            try {
                ASN1ObjectIdentifier aSN1ObjectIdentifier = Extension.y;
                CRLDistPoint w = CRLDistPoint.w(RevocationUtilities.h(x509Certificate, aSN1ObjectIdentifier));
                if (w == null) {
                    try {
                        w = CRLDistPoint.w(RevocationUtilities.h(x509crl, aSN1ObjectIdentifier));
                    } catch (AnnotatedException e2) {
                        throw new AnnotatedException("Freshest CRL extension could not be decoded from CRL.", e2);
                    }
                }
                if (w != null) {
                    ArrayList arrayList = new ArrayList();
                    arrayList.addAll(pKIXExtendedParameters.m());
                    try {
                        arrayList.addAll(RevocationUtilities.c(w, pKIXExtendedParameters.s()));
                        try {
                            hashSet.addAll(RevocationUtilities.g(date, x509crl, pKIXExtendedParameters.o(), arrayList));
                        } catch (AnnotatedException e3) {
                            throw new AnnotatedException("Exception obtaining delta CRLs.", e3);
                        }
                    } catch (AnnotatedException e4) {
                        throw new AnnotatedException("No new delta CRL locations could be added from Freshest CRL extension.", e4);
                    }
                }
            } catch (AnnotatedException e5) {
                throw new AnnotatedException("Freshest CRL extension could not be decoded from certificate.", e5);
            }
        }
        return hashSet;
    }

    public static Set[] c(PKIXExtendedParameters pKIXExtendedParameters, Date date, Date date2, X509Certificate x509Certificate, X509CRL x509crl) throws AnnotatedException {
        X509CRLSelector x509CRLSelector = new X509CRLSelector();
        x509CRLSelector.setCertificateChecking(x509Certificate);
        try {
            x509CRLSelector.addIssuerName(x509crl.getIssuerX500Principal().getEncoded());
            Set b2 = PKIXCRLUtil.b(new PKIXCRLStoreSelector.Builder(x509CRLSelector).h(true).g(), date2, pKIXExtendedParameters.o(), pKIXExtendedParameters.m());
            HashSet hashSet = new HashSet();
            if (pKIXExtendedParameters.E()) {
                try {
                    hashSet.addAll(RevocationUtilities.g(date2, x509crl, pKIXExtendedParameters.o(), pKIXExtendedParameters.m()));
                } catch (AnnotatedException e2) {
                    throw new AnnotatedException("Exception obtaining delta CRLs.", e2);
                }
            }
            return new Set[]{b2, hashSet};
        } catch (IOException e3) {
            throw new AnnotatedException("Cannot extract issuer from CRL." + e3, e3);
        }
    }

    public static void d(DistributionPoint distributionPoint, Object obj, X509CRL x509crl) throws AnnotatedException {
        ASN1Primitive h2 = RevocationUtilities.h(x509crl, Extension.p);
        int i2 = 0;
        boolean z = h2 != null && IssuingDistributionPoint.x(h2).A();
        byte[] encoded = x509crl.getIssuerX500Principal().getEncoded();
        if (distributionPoint.v() != null) {
            GeneralName[] y = distributionPoint.v().y();
            int i3 = 0;
            while (i2 < y.length) {
                if (y[i2].g() == 4) {
                    try {
                        if (Arrays.g(y[i2].x().i().getEncoded(), encoded)) {
                            i3 = 1;
                        }
                    } catch (IOException e2) {
                        throw new AnnotatedException("CRL issuer information from distribution point cannot be decoded.", e2);
                    }
                }
                i2++;
            }
            if (i3 != 0 && !z) {
                throw new AnnotatedException("Distribution point contains cRLIssuer field but CRL is not indirect.");
            }
            if (i3 == 0) {
                throw new AnnotatedException("CRL issuer of CRL does not match CRL issuer of distribution point.");
            }
            i2 = i3;
        } else if (x509crl.getIssuerX500Principal().equals(((X509Certificate) obj).getIssuerX500Principal())) {
            i2 = 1;
        }
        if (i2 == 0) {
            throw new AnnotatedException("Cannot find matching CRL issuer for certificate.");
        }
    }

    public static void e(DistributionPoint distributionPoint, Object obj, X509CRL x509crl) throws AnnotatedException {
        GeneralName[] generalNameArr;
        try {
            IssuingDistributionPoint x = IssuingDistributionPoint.x(RevocationUtilities.h(x509crl, Extension.p));
            if (x != null) {
                if (x.w() != null) {
                    DistributionPointName w = IssuingDistributionPoint.x(x).w();
                    ArrayList arrayList = new ArrayList();
                    boolean z = false;
                    if (w.y() == 0) {
                        for (GeneralName generalName : GeneralNames.w(w.x()).y()) {
                            arrayList.add(generalName);
                        }
                    }
                    if (w.y() == 1) {
                        ASN1EncodableVector aSN1EncodableVector = new ASN1EncodableVector();
                        try {
                            Enumeration I = ASN1Sequence.F(x509crl.getIssuerX500Principal().getEncoded()).I();
                            while (I.hasMoreElements()) {
                                aSN1EncodableVector.a((ASN1Encodable) I.nextElement());
                            }
                            aSN1EncodableVector.a(w.x());
                            arrayList.add(new GeneralName(X500Name.w(new DERSequence(aSN1EncodableVector))));
                        } catch (Exception e2) {
                            throw new AnnotatedException("Could not read CRL issuer.", e2);
                        }
                    }
                    if (distributionPoint.w() != null) {
                        DistributionPointName w2 = distributionPoint.w();
                        GeneralName[] y = w2.y() == 0 ? GeneralNames.w(w2.x()).y() : null;
                        if (w2.y() == 1) {
                            if (distributionPoint.v() != null) {
                                generalNameArr = distributionPoint.v().y();
                            } else {
                                generalNameArr = new GeneralName[1];
                                try {
                                    generalNameArr[0] = new GeneralName(X500Name.w(((X509Certificate) obj).getIssuerX500Principal().getEncoded()));
                                } catch (Exception e3) {
                                    throw new AnnotatedException("Could not read certificate issuer.", e3);
                                }
                            }
                            y = generalNameArr;
                            for (int i2 = 0; i2 < y.length; i2++) {
                                Enumeration I2 = ASN1Sequence.F(y[i2].x().i()).I();
                                ASN1EncodableVector aSN1EncodableVector2 = new ASN1EncodableVector();
                                while (I2.hasMoreElements()) {
                                    aSN1EncodableVector2.a((ASN1Encodable) I2.nextElement());
                                }
                                aSN1EncodableVector2.a(w2.x());
                                y[i2] = new GeneralName(X500Name.w(new DERSequence(aSN1EncodableVector2)));
                            }
                        }
                        if (y != null) {
                            int i3 = 0;
                            while (true) {
                                if (i3 >= y.length) {
                                    break;
                                }
                                if (arrayList.contains(y[i3])) {
                                    z = true;
                                    break;
                                }
                                i3++;
                            }
                        }
                        if (!z) {
                            throw new AnnotatedException("No match for certificate CRL issuing distribution point name to cRLIssuer CRL distribution point.");
                        }
                    } else {
                        if (distributionPoint.v() == null) {
                            throw new AnnotatedException("Either the cRLIssuer or the distributionPoint field must be contained in DistributionPoint.");
                        }
                        GeneralName[] y2 = distributionPoint.v().y();
                        int i4 = 0;
                        while (true) {
                            if (i4 >= y2.length) {
                                break;
                            }
                            if (arrayList.contains(y2[i4])) {
                                z = true;
                                break;
                            }
                            i4++;
                        }
                        if (!z) {
                            throw new AnnotatedException("No match for certificate CRL issuing distribution point name to cRLIssuer CRL distribution point.");
                        }
                    }
                }
                try {
                    BasicConstraints v = BasicConstraints.v(RevocationUtilities.h((X509Extension) obj, Extension.f43203j));
                    if (obj instanceof X509Certificate) {
                        if (x.D() && v != null && v.z()) {
                            throw new AnnotatedException("CA Cert CRL only contains user certificates.");
                        }
                        if (x.C() && (v == null || !v.z())) {
                            throw new AnnotatedException("End CRL only contains CA certificates.");
                        }
                    }
                    if (x.B()) {
                        throw new AnnotatedException("onlyContainsAttributeCerts boolean is asserted.");
                    }
                } catch (Exception e4) {
                    throw new AnnotatedException("Basic constraints extension could not be decoded.", e4);
                }
            }
        } catch (Exception e5) {
            throw new AnnotatedException("Issuing distribution point extension could not be decoded.", e5);
        }
    }

    public static void f(X509CRL x509crl, X509CRL x509crl2, PKIXExtendedParameters pKIXExtendedParameters) throws AnnotatedException {
        if (x509crl == null) {
            return;
        }
        try {
            ASN1ObjectIdentifier aSN1ObjectIdentifier = Extension.p;
            IssuingDistributionPoint x = IssuingDistributionPoint.x(RevocationUtilities.h(x509crl2, aSN1ObjectIdentifier));
            if (pKIXExtendedParameters.E()) {
                if (!x509crl.getIssuerX500Principal().equals(x509crl2.getIssuerX500Principal())) {
                    throw new AnnotatedException("complete CRL issuer does not match delta CRL issuer");
                }
                try {
                    IssuingDistributionPoint x2 = IssuingDistributionPoint.x(RevocationUtilities.h(x509crl, aSN1ObjectIdentifier));
                    boolean z = false;
                    if (x != null ? x.equals(x2) : x2 == null) {
                        z = true;
                    }
                    if (!z) {
                        throw new AnnotatedException("Issuing distribution point extension from delta CRL and complete CRL does not match.");
                    }
                    try {
                        ASN1ObjectIdentifier aSN1ObjectIdentifier2 = Extension.v;
                        ASN1Primitive h2 = RevocationUtilities.h(x509crl2, aSN1ObjectIdentifier2);
                        try {
                            ASN1Primitive h3 = RevocationUtilities.h(x509crl, aSN1ObjectIdentifier2);
                            if (h2 == null) {
                                throw new AnnotatedException("CRL authority key identifier is null.");
                            }
                            if (h3 == null) {
                                throw new AnnotatedException("Delta CRL authority key identifier is null.");
                            }
                            if (!h2.z(h3)) {
                                throw new AnnotatedException("Delta CRL authority key identifier does not match complete CRL authority key identifier.");
                            }
                        } catch (AnnotatedException e2) {
                            throw new AnnotatedException("Authority key identifier extension could not be extracted from delta CRL.", e2);
                        }
                    } catch (AnnotatedException e3) {
                        throw new AnnotatedException("Authority key identifier extension could not be extracted from complete CRL.", e3);
                    }
                } catch (Exception e4) {
                    throw new AnnotatedException("Issuing distribution point extension from delta CRL could not be decoded.", e4);
                }
            }
        } catch (Exception e5) {
            throw new AnnotatedException("issuing distribution point extension could not be decoded.", e5);
        }
    }

    public static ReasonsMask g(X509CRL x509crl, DistributionPoint distributionPoint) throws AnnotatedException {
        try {
            IssuingDistributionPoint x = IssuingDistributionPoint.x(RevocationUtilities.h(x509crl, Extension.p));
            if (x != null && x.z() != null && distributionPoint.z() != null) {
                return new ReasonsMask(distributionPoint.z()).d(new ReasonsMask(x.z()));
            }
            if ((x == null || x.z() == null) && distributionPoint.z() == null) {
                return ReasonsMask.f49670b;
            }
            return (distributionPoint.z() == null ? ReasonsMask.f49670b : new ReasonsMask(distributionPoint.z())).d(x == null ? ReasonsMask.f49670b : new ReasonsMask(x.z()));
        } catch (Exception e2) {
            throw new AnnotatedException("Issuing distribution point extension could not be decoded.", e2);
        }
    }

    public static Set h(X509CRL x509crl, Object obj, X509Certificate x509Certificate, PublicKey publicKey, PKIXExtendedParameters pKIXExtendedParameters, List list, JcaJceHelper jcaJceHelper) throws AnnotatedException {
        int i2;
        X509CertSelector x509CertSelector = new X509CertSelector();
        try {
            x509CertSelector.setSubject(x509crl.getIssuerX500Principal().getEncoded());
            PKIXCertStoreSelector<? extends Certificate> a2 = new PKIXCertStoreSelector.Builder(x509CertSelector).a();
            LinkedHashSet linkedHashSet = new LinkedHashSet();
            try {
                RevocationUtilities.b(linkedHashSet, a2, pKIXExtendedParameters.p());
                RevocationUtilities.b(linkedHashSet, a2, pKIXExtendedParameters.o());
                linkedHashSet.add(x509Certificate);
                ArrayList arrayList = new ArrayList();
                ArrayList arrayList2 = new ArrayList();
                Iterator it = linkedHashSet.iterator();
                while (true) {
                    if (!it.hasNext()) {
                        break;
                    }
                    X509Certificate x509Certificate2 = (X509Certificate) it.next();
                    if (x509Certificate2.equals(x509Certificate)) {
                        arrayList.add(x509Certificate2);
                        arrayList2.add(publicKey);
                    } else {
                        try {
                            CertPathBuilder n = jcaJceHelper.n("PKIX");
                            X509CertSelector x509CertSelector2 = new X509CertSelector();
                            x509CertSelector2.setCertificate(x509Certificate2);
                            PKIXExtendedParameters.Builder s = new PKIXExtendedParameters.Builder(pKIXExtendedParameters).s(new PKIXCertStoreSelector.Builder(x509CertSelector2).a());
                            if (list.contains(x509Certificate2)) {
                                s.r(false);
                            } else {
                                s.r(true);
                            }
                            List<? extends Certificate> certificates = n.build(new PKIXExtendedBuilderParameters.Builder(s.q()).e()).getCertPath().getCertificates();
                            arrayList.add(x509Certificate2);
                            arrayList2.add(RevocationUtilities.k(certificates, 0, jcaJceHelper));
                        } catch (CertPathBuilderException e2) {
                            throw new AnnotatedException("CertPath for CRL signer failed to validate.", e2);
                        } catch (CertPathValidatorException e3) {
                            throw new AnnotatedException("Public key of issuer certificate of CRL could not be retrieved.", e3);
                        } catch (Exception e4) {
                            throw new AnnotatedException(e4.getMessage());
                        }
                    }
                }
                HashSet hashSet = new HashSet();
                AnnotatedException annotatedException = null;
                for (i2 = 0; i2 < arrayList.size(); i2++) {
                    boolean[] keyUsage = ((X509Certificate) arrayList.get(i2)).getKeyUsage();
                    if (keyUsage == null || (keyUsage.length > 6 && keyUsage[6])) {
                        hashSet.add(arrayList2.get(i2));
                    } else {
                        annotatedException = new AnnotatedException("Issuer certificate key usage extension does not permit CRL signing.");
                    }
                }
                if (hashSet.isEmpty() && annotatedException == null) {
                    throw new AnnotatedException("Cannot find a valid issuer certificate.");
                }
                if (!hashSet.isEmpty() || annotatedException == null) {
                    return hashSet;
                }
                throw annotatedException;
            } catch (AnnotatedException e5) {
                throw new AnnotatedException("Issuer certificate for CRL cannot be searched.", e5);
            }
        } catch (IOException e6) {
            throw new AnnotatedException("subject criteria for certificate selector to find issuer certificate for CRL could not be set", e6);
        }
    }

    public static PublicKey i(X509CRL x509crl, Set set) throws AnnotatedException {
        Iterator it = set.iterator();
        Exception e2 = null;
        while (it.hasNext()) {
            PublicKey publicKey = (PublicKey) it.next();
            try {
                x509crl.verify(publicKey);
                return publicKey;
            } catch (Exception e3) {
                e2 = e3;
            }
        }
        throw new AnnotatedException("Cannot verify CRL.", e2);
    }

    public static X509CRL j(Set set, PublicKey publicKey) throws AnnotatedException {
        Iterator it = set.iterator();
        Exception e2 = null;
        while (it.hasNext()) {
            X509CRL x509crl = (X509CRL) it.next();
            try {
                x509crl.verify(publicKey);
                return x509crl;
            } catch (Exception e3) {
                e2 = e3;
            }
        }
        if (e2 == null) {
            return null;
        }
        throw new AnnotatedException("Cannot verify delta CRL.", e2);
    }

    public static void k(Date date, X509CRL x509crl, Object obj, CertStatus certStatus, PKIXExtendedParameters pKIXExtendedParameters) throws AnnotatedException {
        if (!pKIXExtendedParameters.E() || x509crl == null) {
            return;
        }
        RevocationUtilities.e(date, x509crl, obj, certStatus);
    }

    public static void l(Date date, X509CRL x509crl, Object obj, CertStatus certStatus) throws AnnotatedException {
        if (certStatus.a() == 11) {
            RevocationUtilities.e(date, x509crl, obj, certStatus);
        }
    }
}
