package org.bouncycastle.jce.provider;

import dh.a0;
import dh.d0;
import dh.g0;
import dh.t1;
import dh.w;
import dh.y;
import gi.m0;
import gi.v;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.math.BigInteger;
import java.net.URI;
import java.security.GeneralSecurityException;
import java.security.PublicKey;
import java.security.cert.CRL;
import java.security.cert.CRLException;
import java.security.cert.CertPath;
import java.security.cert.CertPathBuilderException;
import java.security.cert.CertPathValidatorException;
import java.security.cert.CertStore;
import java.security.cert.CertStoreException;
import java.security.cert.Certificate;
import java.security.cert.CertificateFactory;
import java.security.cert.CertificateParsingException;
import java.security.cert.PolicyQualifierInfo;
import java.security.cert.TrustAnchor;
import java.security.cert.X509CRL;
import java.security.cert.X509CRLEntry;
import java.security.cert.X509CRLSelector;
import java.security.cert.X509CertSelector;
import java.security.cert.X509Certificate;
import java.security.cert.X509Extension;
import java.security.interfaces.DSAParams;
import java.security.interfaces.DSAPublicKey;
import java.security.spec.DSAPublicKeySpec;
import java.text.ParseException;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Collections;
import java.util.Date;
import java.util.Enumeration;
import java.util.HashSet;
import java.util.Iterator;
import java.util.LinkedHashSet;
import java.util.List;
import java.util.Map;
import java.util.Set;
import javax.security.auth.x500.X500Principal;
import jm.n;
import jm.r;

/* loaded from: classes2.dex */
class b {

    /* renamed from: a, reason: collision with root package name */
    protected static final String f26670a = gi.t.f15101t.L();

    /* renamed from: b, reason: collision with root package name */
    protected static final String f26671b = gi.t.f15091j.L();

    /* renamed from: c, reason: collision with root package name */
    protected static final String f26672c = gi.t.f15102u.L();

    /* renamed from: d, reason: collision with root package name */
    protected static final String f26673d = gi.t.f15089h.L();

    /* renamed from: e, reason: collision with root package name */
    protected static final String f26674e = gi.t.f15099r.L();

    /* renamed from: f, reason: collision with root package name */
    protected static final String f26675f = gi.t.f15087f.L();

    /* renamed from: g, reason: collision with root package name */
    protected static final String f26676g = gi.t.f15107z.L();

    /* renamed from: h, reason: collision with root package name */
    protected static final String f26677h = gi.t.f15097p.L();

    /* renamed from: i, reason: collision with root package name */
    protected static final String f26678i = gi.t.f15096o.L();

    /* renamed from: j, reason: collision with root package name */
    protected static final String f26679j = gi.t.f15104w.L();

    /* renamed from: k, reason: collision with root package name */
    protected static final String f26680k = gi.t.f15106y.L();

    /* renamed from: l, reason: collision with root package name */
    protected static final String f26681l = gi.t.f15100s.L();

    /* renamed from: m, reason: collision with root package name */
    protected static final String f26682m = gi.t.f15103v.L();

    /* renamed from: n, reason: collision with root package name */
    protected static final String f26683n = gi.t.f15092k.L();

    /* renamed from: o, reason: collision with root package name */
    protected static final String[] f26684o = {"unspecified", "keyCompromise", "cACompromise", "affiliationChanged", "superseded", "cessationOfOperation", "certificateHold", "unknown", "removeFromCRL", "privilegeWithdrawn", "aACompromise"};

    private static void A(List[] listArr, j jVar) {
        listArr[jVar.getDepth()].remove(jVar);
        if (jVar.c()) {
            Iterator children = jVar.getChildren();
            while (children.hasNext()) {
                A(listArr, (j) children.next());
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static void B(X509Certificate x509Certificate, PublicKey publicKey, String str) throws GeneralSecurityException {
        if (str == null) {
            x509Certificate.verify(publicKey);
        } else {
            x509Certificate.verify(publicKey, str);
        }
    }

    static void a(jm.p pVar, Set set, Object obj) throws q {
        if (set.isEmpty()) {
            if (obj instanceof mo.d) {
                new StringBuilder().append("No CRLs found for issuer \"");
                ((mo.d) obj).g();
                throw null;
            }
            throw new q("No CRLs found for issuer \"" + fi.e.V.a(k.e((X509Certificate) obj)) + "\"", null, pVar.a(), pVar.b());
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static void b(LinkedHashSet linkedHashSet, jm.r rVar, List list) throws a {
        for (Object obj : list) {
            if (obj instanceof io.o) {
                try {
                    linkedHashSet.addAll(((io.o) obj).d(rVar));
                } catch (io.p e10) {
                    throw new a("Problem while picking certificates from X.509 store.", e10);
                }
            } else {
                try {
                    linkedHashSet.addAll(jm.r.d(rVar, (CertStore) obj));
                } catch (CertStoreException e11) {
                    throw new a("Problem while picking certificates from certificate store.", e11);
                }
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static Collection c(X509Certificate x509Certificate, List<CertStore> list, List<jm.q> list2) throws a {
        byte[] o10;
        X509CertSelector x509CertSelector = new X509CertSelector();
        try {
            x509CertSelector.setSubject(k.e(x509Certificate).getEncoded());
            try {
                byte[] extensionValue = x509Certificate.getExtensionValue(f26682m);
                if (extensionValue != null && (o10 = gi.i.n(w.H(extensionValue).J()).o()) != null) {
                    x509CertSelector.setSubjectKeyIdentifier(new t1(o10).getEncoded());
                }
            } catch (Exception unused) {
            }
            jm.r<? extends Certificate> a10 = new r.b(x509CertSelector).a();
            LinkedHashSet linkedHashSet = new LinkedHashSet();
            try {
                b(linkedHashSet, a10, list);
                b(linkedHashSet, a10, list2);
                return linkedHashSet;
            } catch (a e10) {
                throw new a("Issuer certificate cannot be searched.", e10);
            }
        } catch (Exception e11) {
            throw new a("Subject criteria for certificate selector to find issuer certificate could not be set.", e11);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static Collection d(jm.s sVar) throws CertPathBuilderException {
        jm.t c10 = sVar.c();
        jm.r z10 = c10.z();
        LinkedHashSet linkedHashSet = new LinkedHashSet();
        try {
            b(linkedHashSet, z10, c10.u());
            b(linkedHashSet, z10, c10.t());
            if (!linkedHashSet.isEmpty()) {
                return linkedHashSet;
            }
            Certificate c11 = z10.c();
            if (c11 != null) {
                return Collections.singleton(c11);
            }
            throw new CertPathBuilderException("No certificate found matching targetConstraints.");
        } catch (a e10) {
            throw new pm.a("Error finding target certificate.", e10);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static TrustAnchor e(X509Certificate x509Certificate, Set set, String str) throws a {
        X509CertSelector x509CertSelector = new X509CertSelector();
        X500Principal issuerX500Principal = x509Certificate.getIssuerX500Principal();
        x509CertSelector.setSubject(issuerX500Principal);
        Iterator it = set.iterator();
        TrustAnchor trustAnchor = null;
        Exception e10 = null;
        ei.c cVar = null;
        PublicKey publicKey = null;
        while (it.hasNext() && trustAnchor == null) {
            trustAnchor = (TrustAnchor) it.next();
            if (trustAnchor.getTrustedCert() != null) {
                if (x509CertSelector.match(trustAnchor.getTrustedCert())) {
                    publicKey = trustAnchor.getTrustedCert().getPublicKey();
                }
                trustAnchor = null;
            } else {
                if (trustAnchor.getCA() != null && trustAnchor.getCAName() != null && trustAnchor.getCAPublicKey() != null) {
                    if (cVar == null) {
                        cVar = ei.c.p(issuerX500Principal.getEncoded());
                    }
                    try {
                        if (cVar.equals(ei.c.p(trustAnchor.getCA().getEncoded()))) {
                            publicKey = trustAnchor.getCAPublicKey();
                        }
                    } catch (IllegalArgumentException unused) {
                    }
                }
                trustAnchor = null;
            }
            if (publicKey != null) {
                try {
                    B(x509Certificate, publicKey, str);
                } catch (Exception e11) {
                    e10 = e11;
                    trustAnchor = null;
                    publicKey = null;
                }
            }
        }
        if (trustAnchor != null || e10 == null) {
            return trustAnchor;
        }
        throw new a("TrustAnchor found but certificate validation failed.", e10);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static List<jm.q> f(byte[] bArr, Map<v, jm.q> map) throws CertificateParsingException {
        if (bArr == null) {
            return Collections.EMPTY_LIST;
        }
        v[] q10 = gi.w.p(w.H(bArr).J()).q();
        ArrayList arrayList = new ArrayList();
        for (int i10 = 0; i10 != q10.length; i10++) {
            jm.q qVar = map.get(q10[i10]);
            if (qVar != null) {
                arrayList.add(qVar);
            }
        }
        return arrayList;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static List<jm.m> g(gi.k kVar, Map<v, jm.m> map, Date date, nm.d dVar) throws a {
        if (kVar == null) {
            return Collections.EMPTY_LIST;
        }
        try {
            gi.r[] n10 = kVar.n();
            ArrayList arrayList = new ArrayList();
            for (gi.r rVar : n10) {
                gi.s p10 = rVar.p();
                if (p10 != null && p10.t() == 0) {
                    for (v vVar : gi.w.p(p10.q()).q()) {
                        jm.m mVar = map.get(vVar);
                        if (mVar != null) {
                            arrayList.add(mVar);
                        }
                    }
                }
            }
            if (arrayList.isEmpty() && io.m.d("org.bouncycastle.x509.enableCRLDP")) {
                try {
                    CertificateFactory h10 = dVar.h("X.509");
                    for (int i10 = 0; i10 < n10.length; i10++) {
                        gi.s p11 = n10[i10].p();
                        if (p11 != null && p11.t() == 0) {
                            v[] q10 = gi.w.p(p11.q()).q();
                            int i11 = 0;
                            while (true) {
                                if (i11 < q10.length) {
                                    v vVar2 = q10[i10];
                                    if (vVar2.q() == 6) {
                                        try {
                                            jm.m a10 = d.a(h10, date, new URI(((g0) vVar2.p()).f()));
                                            if (a10 != null) {
                                                arrayList.add(a10);
                                            }
                                        } catch (Exception unused) {
                                            continue;
                                        }
                                    }
                                    i11++;
                                }
                            }
                        }
                    }
                } catch (Exception e10) {
                    throw new a("cannot create certificate factory: " + e10.getMessage(), e10);
                }
            }
            return arrayList;
        } catch (Exception e11) {
            throw new a("Distribution points could not be read.", e11);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static gi.b h(PublicKey publicKey) throws CertPathValidatorException {
        try {
            return m0.o(publicKey.getEncoded()).n();
        } catch (Exception e10) {
            throw new pm.b("Subject public key cannot be decoded.", e10);
        }
    }

    protected static void i(gi.r rVar, Collection collection, X509CRLSelector x509CRLSelector) throws a {
        ArrayList arrayList = new ArrayList();
        if (rVar.o() != null) {
            v[] q10 = rVar.o().q();
            for (int i10 = 0; i10 < q10.length; i10++) {
                if (q10[i10].q() == 4) {
                    try {
                        arrayList.add(ei.c.p(q10[i10].p().e().getEncoded()));
                    } catch (IOException e10) {
                        throw new a("CRL issuer information from distribution point cannot be decoded.", e10);
                    }
                }
            }
        } else {
            if (rVar.p() == null) {
                throw new a("CRL issuer is omitted from distribution point but no distributionPoint field present.");
            }
            Iterator it = collection.iterator();
            while (it.hasNext()) {
                arrayList.add(it.next());
            }
        }
        Iterator it2 = arrayList.iterator();
        while (it2.hasNext()) {
            try {
                x509CRLSelector.addIssuerName(((ei.c) it2.next()).getEncoded());
            } catch (IOException e11) {
                throw new a("Cannot decode CRL issuer information.", e11);
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static void j(Date date, X509CRL x509crl, Object obj, c cVar) throws a {
        X509CRLEntry revokedCertificate;
        try {
            if (rm.g.a(x509crl)) {
                revokedCertificate = x509crl.getRevokedCertificate(q(obj));
                if (revokedCertificate == null) {
                    return;
                }
                X500Principal certificateIssuer = revokedCertificate.getCertificateIssuer();
                if (!k.c(obj).equals(certificateIssuer == null ? k.d(x509crl) : k.g(certificateIssuer))) {
                    return;
                }
            } else if (!k.c(obj).equals(k.d(x509crl)) || (revokedCertificate = x509crl.getRevokedCertificate(q(obj))) == null) {
                return;
            }
            dh.i iVar = null;
            if (revokedCertificate.hasExtensions()) {
                if (revokedCertificate.hasUnsupportedCriticalExtension()) {
                    throw new a("CRL entry has unsupported critical extensions.");
                }
                try {
                    iVar = dh.i.H(m(revokedCertificate, gi.t.f15093l.L()));
                } catch (Exception e10) {
                    throw new a("Reason code CRL entry extension could not be decoded.", e10);
                }
            }
            int K = iVar == null ? 0 : iVar.K();
            if (date.getTime() >= revokedCertificate.getRevocationDate().getTime() || K == 0 || K == 1 || K == 2 || K == 10) {
                cVar.c(K);
                cVar.d(revokedCertificate.getRevocationDate());
            }
        } catch (CRLException e11) {
            throw new a("Failed check for indirect CRL.", e11);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static Set k(jm.p pVar, gi.r rVar, Object obj, jm.t tVar, Date date) throws a, q {
        X509CRLSelector x509CRLSelector = new X509CRLSelector();
        try {
            HashSet hashSet = new HashSet();
            hashSet.add(k.c(obj));
            i(rVar, hashSet, x509CRLSelector);
            if (obj instanceof X509Certificate) {
                x509CRLSelector.setCertificateChecking((X509Certificate) obj);
            }
            Set a10 = f.a(new n.b(x509CRLSelector).h(true).g(), date, tVar.t(), tVar.r());
            a(pVar, a10, obj);
            return a10;
        } catch (a e10) {
            throw new a("Could not get issuer information from distribution point.", e10);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static Set l(Date date, X509CRL x509crl, List<CertStore> list, List<jm.m> list2, nm.d dVar) throws a {
        X509CRLSelector x509CRLSelector = new X509CRLSelector();
        try {
            x509CRLSelector.addIssuerName(k.d(x509crl).getEncoded());
            try {
                a0 m10 = m(x509crl, f26683n);
                BigInteger J = m10 != null ? dh.q.H(m10).J() : null;
                try {
                    byte[] extensionValue = x509crl.getExtensionValue(f26677h);
                    x509CRLSelector.setMinCRLNumber(J != null ? J.add(BigInteger.valueOf(1L)) : null);
                    n.b bVar = new n.b(x509CRLSelector);
                    bVar.i(extensionValue);
                    bVar.j(true);
                    bVar.k(J);
                    jm.n<? extends CRL> g10 = bVar.g();
                    Set<X509CRL> a10 = f.a(g10, date, list, list2);
                    if (a10.isEmpty() && io.m.d("org.bouncycastle.x509.enableCRLDP")) {
                        try {
                            CertificateFactory h10 = dVar.h("X.509");
                            gi.r[] n10 = gi.k.o(extensionValue).n();
                            for (int i10 = 0; i10 < n10.length; i10++) {
                                gi.s p10 = n10[i10].p();
                                if (p10 != null && p10.t() == 0) {
                                    v[] q10 = gi.w.p(p10.q()).q();
                                    int i11 = 0;
                                    while (true) {
                                        if (i11 < q10.length) {
                                            v vVar = q10[i10];
                                            if (vVar.q() == 6) {
                                                try {
                                                    jm.m a11 = d.a(h10, date, new URI(((g0) vVar.p()).f()));
                                                    if (a11 != null) {
                                                        a10 = f.a(g10, date, Collections.EMPTY_LIST, Collections.singletonList(a11));
                                                    }
                                                } catch (Exception unused) {
                                                    continue;
                                                }
                                            }
                                            i11++;
                                        }
                                    }
                                }
                            }
                        } catch (Exception e10) {
                            throw new a("cannot create certificate factory: " + e10.getMessage(), e10);
                        }
                    }
                    HashSet hashSet = new HashSet();
                    for (X509CRL x509crl2 : a10) {
                        if (u(x509crl2)) {
                            hashSet.add(x509crl2);
                        }
                    }
                    return hashSet;
                } catch (Exception e11) {
                    throw new a("Issuing distribution point extension value could not be read.", e11);
                }
            } catch (Exception e12) {
                throw new a("CRL number extension could not be extracted from CRL.", e12);
            }
        } catch (IOException e13) {
            throw new a("Cannot extract issuer from CRL.", e13);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static a0 m(X509Extension x509Extension, String str) throws a {
        byte[] extensionValue = x509Extension.getExtensionValue(str);
        if (extensionValue == null) {
            return null;
        }
        return o(str, extensionValue);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static PublicKey n(List list, int i10, nm.d dVar) throws CertPathValidatorException {
        DSAPublicKey dSAPublicKey;
        PublicKey publicKey = ((Certificate) list.get(i10)).getPublicKey();
        if (!(publicKey instanceof DSAPublicKey)) {
            return publicKey;
        }
        DSAPublicKey dSAPublicKey2 = (DSAPublicKey) publicKey;
        if (dSAPublicKey2.getParams() != null) {
            return dSAPublicKey2;
        }
        do {
            i10++;
            if (i10 >= list.size()) {
                throw new CertPathValidatorException("DSA parameters cannot be inherited from previous certificate.");
            }
            PublicKey publicKey2 = ((X509Certificate) list.get(i10)).getPublicKey();
            if (!(publicKey2 instanceof DSAPublicKey)) {
                throw new CertPathValidatorException("DSA parameters cannot be inherited from previous certificate.");
            }
            dSAPublicKey = (DSAPublicKey) publicKey2;
        } while (dSAPublicKey.getParams() == null);
        DSAParams params = dSAPublicKey.getParams();
        try {
            return dVar.d("DSA").generatePublic(new DSAPublicKeySpec(dSAPublicKey2.getY(), params.getP(), params.getQ(), params.getG()));
        } catch (Exception e10) {
            throw new RuntimeException(e10.getMessage());
        }
    }

    private static a0 o(String str, byte[] bArr) throws a {
        try {
            return a0.z(w.H(bArr).J());
        } catch (Exception e10) {
            throw new a("exception processing extension " + str, e10);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static final Set p(d0 d0Var) throws CertPathValidatorException {
        HashSet hashSet = new HashSet();
        if (d0Var == null) {
            return hashSet;
        }
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        y a10 = y.a(byteArrayOutputStream);
        Enumeration L = d0Var.L();
        while (L.hasMoreElements()) {
            try {
                a10.u((dh.g) L.nextElement());
                hashSet.add(new PolicyQualifierInfo(byteArrayOutputStream.toByteArray()));
                byteArrayOutputStream.reset();
            } catch (IOException e10) {
                throw new pm.b("Policy qualifier info cannot be decoded.", e10);
            }
        }
        return hashSet;
    }

    private static BigInteger q(Object obj) {
        return ((X509Certificate) obj).getSerialNumber();
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static Date r(Date date, int i10, CertPath certPath, int i11) throws a {
        if (1 != i10 || i11 <= 0) {
            return date;
        }
        int i12 = i11 - 1;
        X509Certificate x509Certificate = (X509Certificate) certPath.getCertificates().get(i12);
        if (i12 == 0) {
            try {
                byte[] extensionValue = ((X509Certificate) certPath.getCertificates().get(i12)).getExtensionValue(im.a.f16769e.L());
                dh.m M = extensionValue != null ? dh.m.M(a0.z(extensionValue)) : null;
                if (M != null) {
                    try {
                        return M.K();
                    } catch (ParseException e10) {
                        throw new a("Date from date of cert gen extension could not be parsed.", e10);
                    }
                }
            } catch (IOException unused) {
                throw new a("Date of cert gen extension could not be read.");
            } catch (IllegalArgumentException unused2) {
                throw new a("Date of cert gen extension could not be read.");
            }
        }
        return x509Certificate.getNotBefore();
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static Date s(jm.t tVar, Date date) {
        Date C = tVar.C();
        return C == null ? date : C;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static boolean t(Set set) {
        return set == null || set.contains("2.5.29.32.0") || set.isEmpty();
    }

    private static boolean u(X509CRL x509crl) {
        Set<String> criticalExtensionOIDs = x509crl.getCriticalExtensionOIDs();
        if (criticalExtensionOIDs == null) {
            return false;
        }
        return criticalExtensionOIDs.contains(o.f26724g);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static boolean v(X509Certificate x509Certificate, Set set, String str) throws a {
        try {
            return e(x509Certificate, set, str) != null;
        } catch (Exception unused) {
            return false;
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static boolean w(X509Certificate x509Certificate) {
        return x509Certificate.getSubjectDN().equals(x509Certificate.getIssuerDN());
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static boolean x(int i10, List[] listArr, dh.v vVar, Set set) {
        List list = listArr[i10 - 1];
        for (int i11 = 0; i11 < list.size(); i11++) {
            j jVar = (j) list.get(i11);
            if (jVar.getExpectedPolicies().contains(vVar.L())) {
                HashSet hashSet = new HashSet();
                hashSet.add(vVar.L());
                j jVar2 = new j(new ArrayList(), i10, hashSet, jVar, set, vVar.L(), false);
                jVar.a(jVar2);
                listArr[i10].add(jVar2);
                return true;
            }
        }
        return false;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static void y(int i10, List[] listArr, dh.v vVar, Set set) {
        List list = listArr[i10 - 1];
        for (int i11 = 0; i11 < list.size(); i11++) {
            j jVar = (j) list.get(i11);
            if ("2.5.29.32.0".equals(jVar.getValidPolicy())) {
                HashSet hashSet = new HashSet();
                hashSet.add(vVar.L());
                j jVar2 = new j(new ArrayList(), i10, hashSet, jVar, set, vVar.L(), false);
                jVar.a(jVar2);
                listArr[i10].add(jVar2);
                return;
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static j z(j jVar, List[] listArr, j jVar2) {
        j jVar3 = (j) jVar2.getParent();
        if (jVar == null) {
            return null;
        }
        if (jVar3 != null) {
            jVar3.d(jVar2);
            A(listArr, jVar2);
            return jVar;
        }
        for (int i10 = 0; i10 < listArr.length; i10++) {
            listArr[i10] = new ArrayList();
        }
        return null;
    }
}
