package org.bouncycastle.jcajce.provider.asymmetric.x509;

import dh.a0;
import dh.d0;
import dh.g;
import dh.k1;
import dh.p;
import dh.v;
import dh.w;
import gi.b;
import gi.k;
import gi.l;
import gi.n;
import gi.n0;
import gi.o;
import gi.q0;
import gi.t;
import gi.u;
import io.a;
import io.q;
import java.io.BufferedOutputStream;
import java.io.IOException;
import java.math.BigInteger;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.Principal;
import java.security.Provider;
import java.security.PublicKey;
import java.security.Signature;
import java.security.SignatureException;
import java.security.cert.CRLException;
import java.security.cert.Certificate;
import java.security.cert.CertificateEncodingException;
import java.security.cert.X509CRL;
import java.security.cert.X509CRLEntry;
import java.security.cert.X509Certificate;
import java.util.Collections;
import java.util.Date;
import java.util.Enumeration;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Set;
import javax.security.auth.x500.X500Principal;
import jm.e;
import lm.c;
import nm.d;

/* loaded from: classes2.dex */
abstract class X509CRLImpl extends X509CRL {

    /* renamed from: a, reason: collision with root package name */
    protected d f26332a;

    /* renamed from: b, reason: collision with root package name */
    protected o f26333b;

    /* renamed from: c, reason: collision with root package name */
    protected String f26334c;

    /* renamed from: d, reason: collision with root package name */
    protected byte[] f26335d;

    /* renamed from: e, reason: collision with root package name */
    protected boolean f26336e;

    /* JADX INFO: Access modifiers changed from: package-private */
    public X509CRLImpl(d dVar, o oVar, String str, byte[] bArr, boolean z10) {
        this.f26332a = dVar;
        this.f26333b = oVar;
        this.f26334c = str;
        this.f26335d = bArr;
        this.f26336e = z10;
    }

    private void a(PublicKey publicKey, Signature signature, g gVar, byte[] bArr) throws NoSuchAlgorithmException, SignatureException, InvalidKeyException, CRLException {
        if (gVar != null) {
            X509SignatureUtil.g(signature, gVar);
        }
        signature.initVerify(publicKey);
        try {
            BufferedOutputStream bufferedOutputStream = new BufferedOutputStream(c.a(signature), 512);
            this.f26333b.y().l(bufferedOutputStream, "DER");
            bufferedOutputStream.close();
            if (!signature.verify(bArr)) {
                throw new SignatureException("CRL does not verify with supplied public key.");
            }
        } catch (IOException e10) {
            throw new CRLException(e10.toString());
        }
    }

    private void b(PublicKey publicKey, SignatureCreator signatureCreator) throws CRLException, NoSuchAlgorithmException, InvalidKeyException, SignatureException, NoSuchProviderException {
        if (!this.f26333b.x().equals(this.f26333b.y().x())) {
            throw new CRLException("Signature algorithm on CertificateList does not match TBSCertList.");
        }
        int i10 = 0;
        if ((publicKey instanceof e) && X509SignatureUtil.d(this.f26333b.x())) {
            List<PublicKey> a10 = ((e) publicKey).a();
            d0 J = d0.J(this.f26333b.x().q());
            d0 J2 = d0.J(k1.P(this.f26333b.t()).G());
            boolean z10 = false;
            while (i10 != a10.size()) {
                if (a10.get(i10) != null) {
                    b p10 = b.p(J.K(i10));
                    try {
                        a(a10.get(i10), signatureCreator.c(X509SignatureUtil.c(p10)), p10.q(), k1.P(J2.K(i10)).G());
                        e = null;
                        z10 = true;
                    } catch (SignatureException e10) {
                        e = e10;
                    }
                    if (e != null) {
                        throw e;
                    }
                }
                i10++;
            }
            if (!z10) {
                throw new InvalidKeyException("no matching key found");
            }
            return;
        }
        if (!X509SignatureUtil.d(this.f26333b.x())) {
            Signature c10 = signatureCreator.c(getSigAlgName());
            byte[] bArr = this.f26335d;
            if (bArr == null) {
                a(publicKey, c10, null, getSignature());
                return;
            }
            try {
                a(publicKey, c10, a0.z(bArr), getSignature());
                return;
            } catch (IOException e11) {
                throw new SignatureException("cannot decode signature parameters: " + e11.getMessage());
            }
        }
        d0 J3 = d0.J(this.f26333b.x().q());
        d0 J4 = d0.J(k1.P(this.f26333b.t()).G());
        boolean z11 = false;
        while (i10 != J4.size()) {
            b p11 = b.p(J3.K(i10));
            try {
                a(publicKey, signatureCreator.c(X509SignatureUtil.c(p11)), p11.q(), k1.P(J4.K(i10)).G());
                e = null;
                z11 = true;
            } catch (InvalidKeyException | NoSuchAlgorithmException unused) {
                e = null;
            } catch (SignatureException e12) {
                e = e12;
            }
            if (e != null) {
                throw e;
            }
            i10++;
        }
        if (!z11) {
            throw new InvalidKeyException("no matching key found");
        }
    }

    private Set c(boolean z10) {
        u n10;
        if (getVersion() != 2 || (n10 = this.f26333b.y().n()) == null) {
            return null;
        }
        HashSet hashSet = new HashSet();
        Enumeration q10 = n10.q();
        while (q10.hasMoreElements()) {
            v vVar = (v) q10.nextElement();
            if (z10 == n10.n(vVar).x()) {
                hashSet.add(vVar.L());
            }
        }
        return hashSet;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static byte[] d(o oVar, String str) {
        w e10 = e(oVar, str);
        if (e10 != null) {
            return e10.J();
        }
        return null;
    }

    protected static w e(o oVar, String str) {
        t n10;
        u n11 = oVar.y().n();
        if (n11 == null || (n10 = n11.n(new v(str))) == null) {
            return null;
        }
        return n10.p();
    }

    private Set f() {
        t n10;
        HashSet hashSet = new HashSet();
        Enumeration q10 = this.f26333b.q();
        ei.c cVar = null;
        while (q10.hasMoreElements()) {
            n0.b bVar = (n0.b) q10.nextElement();
            hashSet.add(new X509CRLEntryObject(bVar, this.f26336e, cVar));
            if (this.f26336e && bVar.t() && (n10 = bVar.n().n(t.f15098q)) != null) {
                cVar = ei.c.p(gi.w.p(n10.t()).q()[0].p());
            }
        }
        return hashSet;
    }

    @Override // java.security.cert.X509Extension
    public Set getCriticalExtensionOIDs() {
        return c(true);
    }

    @Override // java.security.cert.X509Extension
    public byte[] getExtensionValue(String str) {
        w e10 = e(this.f26333b, str);
        if (e10 == null) {
            return null;
        }
        try {
            return e10.getEncoded();
        } catch (Exception e11) {
            throw new IllegalStateException("error parsing " + e11.toString());
        }
    }

    @Override // java.security.cert.X509CRL
    public Principal getIssuerDN() {
        return new om.c(ei.c.p(this.f26333b.o().e()));
    }

    @Override // java.security.cert.X509CRL
    public X500Principal getIssuerX500Principal() {
        try {
            return new X500Principal(this.f26333b.o().getEncoded());
        } catch (IOException unused) {
            throw new IllegalStateException("can't encode issuer DN");
        }
    }

    @Override // java.security.cert.X509CRL
    public Date getNextUpdate() {
        q0 p10 = this.f26333b.p();
        if (p10 == null) {
            return null;
        }
        return p10.n();
    }

    @Override // java.security.cert.X509Extension
    public Set getNonCriticalExtensionOIDs() {
        return c(false);
    }

    @Override // java.security.cert.X509CRL
    public X509CRLEntry getRevokedCertificate(BigInteger bigInteger) {
        t n10;
        Enumeration q10 = this.f26333b.q();
        ei.c cVar = null;
        while (q10.hasMoreElements()) {
            n0.b bVar = (n0.b) q10.nextElement();
            if (bVar.q().M(bigInteger)) {
                return new X509CRLEntryObject(bVar, this.f26336e, cVar);
            }
            if (this.f26336e && bVar.t() && (n10 = bVar.n().n(t.f15098q)) != null) {
                cVar = ei.c.p(gi.w.p(n10.t()).q()[0].p());
            }
        }
        return null;
    }

    @Override // java.security.cert.X509CRL
    public Set getRevokedCertificates() {
        Set f10 = f();
        if (f10.isEmpty()) {
            return null;
        }
        return Collections.unmodifiableSet(f10);
    }

    @Override // java.security.cert.X509CRL
    public String getSigAlgName() {
        return this.f26334c;
    }

    @Override // java.security.cert.X509CRL
    public String getSigAlgOID() {
        return this.f26333b.x().n().L();
    }

    @Override // java.security.cert.X509CRL
    public byte[] getSigAlgParams() {
        return a.h(this.f26335d);
    }

    @Override // java.security.cert.X509CRL
    public byte[] getSignature() {
        return this.f26333b.t().K();
    }

    @Override // java.security.cert.X509CRL
    public byte[] getTBSCertList() throws CRLException {
        try {
            return this.f26333b.y().m("DER");
        } catch (IOException e10) {
            throw new CRLException(e10.toString());
        }
    }

    @Override // java.security.cert.X509CRL
    public Date getThisUpdate() {
        return this.f26333b.z().n();
    }

    @Override // java.security.cert.X509CRL
    public int getVersion() {
        return this.f26333b.B();
    }

    @Override // java.security.cert.X509Extension
    public boolean hasUnsupportedCriticalExtension() {
        Set criticalExtensionOIDs = getCriticalExtensionOIDs();
        if (criticalExtensionOIDs == null) {
            return false;
        }
        criticalExtensionOIDs.remove(t.f15097p.L());
        criticalExtensionOIDs.remove(t.f15096o.L());
        return !criticalExtensionOIDs.isEmpty();
    }

    @Override // java.security.cert.CRL
    public boolean isRevoked(Certificate certificate) {
        ei.c p10;
        t n10;
        if (!certificate.getType().equals("X.509")) {
            throw new IllegalArgumentException("X.509 CRL used with non X.509 Cert");
        }
        Enumeration q10 = this.f26333b.q();
        ei.c o10 = this.f26333b.o();
        if (q10.hasMoreElements()) {
            X509Certificate x509Certificate = (X509Certificate) certificate;
            BigInteger serialNumber = x509Certificate.getSerialNumber();
            while (q10.hasMoreElements()) {
                n0.b o11 = n0.b.o(q10.nextElement());
                if (this.f26336e && o11.t() && (n10 = o11.n().n(t.f15098q)) != null) {
                    o10 = ei.c.p(gi.w.p(n10.t()).q()[0].p());
                }
                if (o11.q().M(serialNumber)) {
                    if (certificate instanceof X509Certificate) {
                        p10 = ei.c.p(x509Certificate.getIssuerX500Principal().getEncoded());
                    } else {
                        try {
                            p10 = n.o(certificate.getEncoded()).p();
                        } catch (CertificateEncodingException e10) {
                            throw new IllegalArgumentException("Cannot process certificate: " + e10.getMessage());
                        }
                    }
                    return o10.equals(p10);
                }
            }
        }
        return false;
    }

    @Override // java.security.cert.CRL
    public String toString() {
        StringBuffer stringBuffer = new StringBuffer();
        String d10 = q.d();
        stringBuffer.append("              Version: ");
        stringBuffer.append(getVersion());
        stringBuffer.append(d10);
        stringBuffer.append("             IssuerDN: ");
        stringBuffer.append(getIssuerDN());
        stringBuffer.append(d10);
        stringBuffer.append("          This update: ");
        stringBuffer.append(getThisUpdate());
        stringBuffer.append(d10);
        stringBuffer.append("          Next update: ");
        stringBuffer.append(getNextUpdate());
        stringBuffer.append(d10);
        stringBuffer.append("  Signature Algorithm: ");
        stringBuffer.append(getSigAlgName());
        stringBuffer.append(d10);
        X509SignatureUtil.f(getSignature(), stringBuffer, d10);
        u n10 = this.f26333b.y().n();
        if (n10 != null) {
            Enumeration q10 = n10.q();
            if (q10.hasMoreElements()) {
                stringBuffer.append("           Extensions: ");
                stringBuffer.append(d10);
            }
            while (q10.hasMoreElements()) {
                v vVar = (v) q10.nextElement();
                t n11 = n10.n(vVar);
                if (n11.p() != null) {
                    p pVar = new p(n11.p().J());
                    stringBuffer.append("                       critical(");
                    stringBuffer.append(n11.x());
                    stringBuffer.append(") ");
                    try {
                        if (vVar.y(t.f15092k)) {
                            stringBuffer.append(new l(dh.q.H(pVar.G()).J()));
                            stringBuffer.append(d10);
                        } else if (vVar.y(t.f15096o)) {
                            stringBuffer.append("Base CRL: " + new l(dh.q.H(pVar.G()).J()));
                            stringBuffer.append(d10);
                        } else if (vVar.y(t.f15097p)) {
                            stringBuffer.append(gi.a0.q(pVar.G()));
                            stringBuffer.append(d10);
                        } else if (vVar.y(t.f15100s)) {
                            stringBuffer.append(k.o(pVar.G()));
                            stringBuffer.append(d10);
                        } else if (vVar.y(t.f15106y)) {
                            stringBuffer.append(k.o(pVar.G()));
                            stringBuffer.append(d10);
                        } else {
                            stringBuffer.append(vVar.L());
                            stringBuffer.append(" value = ");
                            stringBuffer.append(di.a.c(pVar.G()));
                            stringBuffer.append(d10);
                        }
                    } catch (Exception unused) {
                        stringBuffer.append(vVar.L());
                        stringBuffer.append(" value = ");
                        stringBuffer.append("*****");
                        stringBuffer.append(d10);
                    }
                } else {
                    stringBuffer.append(d10);
                }
            }
        }
        Set revokedCertificates = getRevokedCertificates();
        if (revokedCertificates != null) {
            Iterator it = revokedCertificates.iterator();
            while (it.hasNext()) {
                stringBuffer.append(it.next());
                stringBuffer.append(d10);
            }
        }
        return stringBuffer.toString();
    }

    @Override // java.security.cert.X509CRL
    public void verify(PublicKey publicKey) throws CRLException, NoSuchAlgorithmException, InvalidKeyException, NoSuchProviderException, SignatureException {
        b(publicKey, new SignatureCreator() { // from class: org.bouncycastle.jcajce.provider.asymmetric.x509.X509CRLImpl.1
            @Override // org.bouncycastle.jcajce.provider.asymmetric.x509.SignatureCreator
            public Signature c(String str) throws NoSuchAlgorithmException, NoSuchProviderException {
                try {
                    return X509CRLImpl.this.f26332a.c(str);
                } catch (Exception unused) {
                    return Signature.getInstance(str);
                }
            }
        });
    }

    @Override // java.security.cert.X509CRL
    public void verify(PublicKey publicKey, final String str) throws CRLException, NoSuchAlgorithmException, InvalidKeyException, NoSuchProviderException, SignatureException {
        b(publicKey, new SignatureCreator() { // from class: org.bouncycastle.jcajce.provider.asymmetric.x509.X509CRLImpl.2
            @Override // org.bouncycastle.jcajce.provider.asymmetric.x509.SignatureCreator
            public Signature c(String str2) throws NoSuchAlgorithmException, NoSuchProviderException {
                String str3 = str;
                return str3 != null ? Signature.getInstance(str2, str3) : Signature.getInstance(str2);
            }
        });
    }

    @Override // java.security.cert.X509CRL
    public void verify(PublicKey publicKey, final Provider provider) throws CRLException, NoSuchAlgorithmException, InvalidKeyException, SignatureException {
        try {
            b(publicKey, new SignatureCreator() { // from class: org.bouncycastle.jcajce.provider.asymmetric.x509.X509CRLImpl.3
                @Override // org.bouncycastle.jcajce.provider.asymmetric.x509.SignatureCreator
                public Signature c(String str) throws NoSuchAlgorithmException, NoSuchProviderException {
                    return provider != null ? Signature.getInstance(X509CRLImpl.this.getSigAlgName(), provider) : Signature.getInstance(X509CRLImpl.this.getSigAlgName());
                }
            });
        } catch (NoSuchProviderException e10) {
            throw new NoSuchAlgorithmException("provider issue: " + e10.getMessage());
        }
    }
}
