package org.bouncycastle.pkix.jcajce;

import java.io.IOException;
import java.math.BigInteger;
import java.security.GeneralSecurityException;
import java.security.PublicKey;
import java.security.cert.CRLException;
import java.security.cert.CertPath;
import java.security.cert.CertPathValidatorException;
import java.security.cert.CertStore;
import java.security.cert.CertStoreException;
import java.security.cert.Certificate;
import java.security.cert.CertificateParsingException;
import java.security.cert.TrustAnchor;
import java.security.cert.X509CRL;
import java.security.cert.X509CRLEntry;
import java.security.cert.X509CRLSelector;
import java.security.cert.X509CertSelector;
import java.security.cert.X509Certificate;
import java.security.cert.X509Extension;
import java.security.interfaces.DSAParams;
import java.security.interfaces.DSAPublicKey;
import java.security.spec.DSAPublicKeySpec;
import java.text.ParseException;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Collections;
import java.util.Date;
import java.util.HashSet;
import java.util.Iterator;
import java.util.LinkedHashSet;
import java.util.List;
import java.util.Map;
import java.util.Set;
import javax.security.auth.x500.X500Principal;
import org.bouncycastle.asn1.m;
import org.bouncycastle.asn1.n;
import org.bouncycastle.asn1.n1;
import org.bouncycastle.asn1.r;
import org.bouncycastle.asn1.u;
import org.bouncycastle.asn1.x509.b0;
import org.bouncycastle.asn1.x509.c0;
import org.bouncycastle.asn1.x509.c1;
import org.bouncycastle.asn1.x509.i0;
import org.bouncycastle.asn1.x509.k;
import org.bouncycastle.asn1.x509.v;
import org.bouncycastle.asn1.x509.w;
import org.bouncycastle.asn1.x509.y;
import org.bouncycastle.jcajce.l;
import org.bouncycastle.jcajce.m;
import org.bouncycastle.jcajce.q;
import org.bouncycastle.jcajce.s;
import org.bouncycastle.util.StoreException;
import org.bouncycastle.util.p;

/* loaded from: classes5.dex */
class h {

    /* renamed from: o, reason: collision with root package name */
    public static final String f56402o = "2.5.29.32.0";

    /* renamed from: q, reason: collision with root package name */
    public static final int f56404q = 5;

    /* renamed from: r, reason: collision with root package name */
    public static final int f56405r = 6;

    /* renamed from: a, reason: collision with root package name */
    public static final e f56388a = new e();

    /* renamed from: b, reason: collision with root package name */
    public static final String f56389b = y.f50286t.C();

    /* renamed from: c, reason: collision with root package name */
    public static final String f56390c = y.f50276j.C();

    /* renamed from: d, reason: collision with root package name */
    public static final String f56391d = y.f50287u.C();

    /* renamed from: e, reason: collision with root package name */
    public static final String f56392e = y.f50274h.C();

    /* renamed from: f, reason: collision with root package name */
    public static final String f56393f = y.f50284r.C();

    /* renamed from: g, reason: collision with root package name */
    public static final String f56394g = y.f50272f.C();

    /* renamed from: h, reason: collision with root package name */
    public static final String f56395h = y.f50292z.C();

    /* renamed from: i, reason: collision with root package name */
    public static final String f56396i = y.f50282p.C();

    /* renamed from: j, reason: collision with root package name */
    public static final String f56397j = y.f50281o.C();

    /* renamed from: k, reason: collision with root package name */
    public static final String f56398k = y.f50289w.C();

    /* renamed from: l, reason: collision with root package name */
    public static final String f56399l = y.f50291y.C();

    /* renamed from: m, reason: collision with root package name */
    public static final String f56400m = y.f50285s.C();

    /* renamed from: n, reason: collision with root package name */
    public static final String f56401n = y.f50288v.C();

    /* renamed from: p, reason: collision with root package name */
    public static final String f56403p = y.f50277k.C();

    /* renamed from: s, reason: collision with root package name */
    public static final String[] f56406s = {"unspecified", "keyCompromise", "cACompromise", "affiliationChanged", "superseded", "cessationOfOperation", "certificateHold", "unknown", "removeFromCRL", "privilegeWithdrawn", "aACompromise"};

    public static void a(Set set, Object obj) throws b {
        if (set.isEmpty()) {
            throw new b("No CRLs found for issuer \"" + z6.e.V.h(o((X509Certificate) obj)) + "\"");
        }
    }

    public static Collection b(q qVar, List list) throws a {
        LinkedHashSet linkedHashSet = new LinkedHashSet();
        for (Object obj : list) {
            if (obj instanceof p) {
                try {
                    linkedHashSet.addAll(((p) obj).a(qVar));
                } catch (StoreException e10) {
                    throw new a("Problem while picking certificates from X.509 store.", e10);
                }
            } else {
                try {
                    linkedHashSet.addAll(q.d(qVar, (CertStore) obj));
                } catch (CertStoreException e11) {
                    throw new a("Problem while picking certificates from certificate store.", e11);
                }
            }
        }
        return linkedHashSet;
    }

    public static Collection c(X509Certificate x509Certificate, List<CertStore> list, List<org.bouncycastle.jcajce.p> list2) throws a {
        byte[] s10;
        X509CertSelector x509CertSelector = new X509CertSelector();
        try {
            x509CertSelector.setSubject(x509Certificate.getIssuerX500Principal().getEncoded());
            try {
                byte[] extensionValue = x509Certificate.getExtensionValue(f56401n);
                if (extensionValue != null && (s10 = org.bouncycastle.asn1.x509.i.p(r.x(extensionValue).z()).s()) != null) {
                    x509CertSelector.setSubjectKeyIdentifier(new n1(s10).getEncoded());
                }
            } catch (Exception unused) {
            }
            q<? extends Certificate> a10 = new q.b(x509CertSelector).a();
            LinkedHashSet linkedHashSet = new LinkedHashSet();
            try {
                ArrayList arrayList = new ArrayList();
                arrayList.addAll(b(a10, list));
                arrayList.addAll(b(a10, list2));
                Iterator it = arrayList.iterator();
                while (it.hasNext()) {
                    linkedHashSet.add((X509Certificate) it.next());
                }
                return linkedHashSet;
            } catch (a e10) {
                throw new a("Issuer certificate cannot be searched.", e10);
            }
        } catch (IOException e11) {
            throw new a("Subject criteria for certificate selector to find issuer certificate could not be set.", e11);
        }
    }

    public static TrustAnchor d(X509Certificate x509Certificate, Set set) throws a {
        return e(x509Certificate, set, null);
    }

    public static TrustAnchor e(X509Certificate x509Certificate, Set set, String str) throws a {
        X509CertSelector x509CertSelector = new X509CertSelector();
        y6.d o10 = o(x509Certificate);
        try {
            x509CertSelector.setSubject(o10.getEncoded());
            Iterator it = set.iterator();
            TrustAnchor trustAnchor = null;
            Exception e10 = null;
            PublicKey publicKey = null;
            while (it.hasNext() && trustAnchor == null) {
                trustAnchor = (TrustAnchor) it.next();
                if (trustAnchor.getTrustedCert() != null) {
                    if (x509CertSelector.match(trustAnchor.getTrustedCert())) {
                        publicKey = trustAnchor.getTrustedCert().getPublicKey();
                    }
                    trustAnchor = null;
                } else {
                    if (trustAnchor.getCAName() != null && trustAnchor.getCAPublicKey() != null) {
                        try {
                            if (o10.equals(t(trustAnchor.getCA()))) {
                                publicKey = trustAnchor.getCAPublicKey();
                            }
                        } catch (IllegalArgumentException unused) {
                        }
                    }
                    trustAnchor = null;
                }
                if (publicKey != null) {
                    try {
                        y(x509Certificate, publicKey, str);
                    } catch (Exception e11) {
                        e10 = e11;
                        trustAnchor = null;
                        publicKey = null;
                    }
                }
            }
            if (trustAnchor != null || e10 == null) {
                return trustAnchor;
            }
            throw new a("TrustAnchor found but certificate validation failed.", e10);
        } catch (IOException e12) {
            throw new a("Cannot set subject search criteria for trust anchor.", e12);
        }
    }

    public static List<org.bouncycastle.jcajce.p> f(byte[] bArr, Map<b0, org.bouncycastle.jcajce.p> map) throws CertificateParsingException {
        if (bArr == null) {
            return Collections.EMPTY_LIST;
        }
        b0[] q10 = c0.o(r.x(bArr).z()).q();
        ArrayList arrayList = new ArrayList();
        for (int i10 = 0; i10 != q10.length; i10++) {
            org.bouncycastle.jcajce.p pVar = map.get(q10[i10]);
            if (pVar != null) {
                arrayList.add(pVar);
            }
        }
        return arrayList;
    }

    public static List<l> g(k kVar, Map<b0, l> map) throws a {
        if (kVar == null) {
            return Collections.EMPTY_LIST;
        }
        try {
            v[] n10 = kVar.n();
            ArrayList arrayList = new ArrayList();
            for (v vVar : n10) {
                w o10 = vVar.o();
                if (o10 != null && o10.q() == 0) {
                    for (b0 b0Var : c0.o(o10.p()).q()) {
                        l lVar = map.get(b0Var);
                        if (lVar != null) {
                            arrayList.add(lVar);
                        }
                    }
                }
            }
            return arrayList;
        } catch (Exception e10) {
            throw new a("Distribution points could not be read.", e10);
        }
    }

    public static org.bouncycastle.asn1.x509.b h(PublicKey publicKey) throws CertPathValidatorException {
        try {
            return c1.o(new m(publicKey.getEncoded()).j()).m();
        } catch (Exception e10) {
            throw new CertPathValidatorException("subject public key cannot be decoded", e10);
        }
    }

    public static void i(v vVar, Collection collection, X509CRLSelector x509CRLSelector) throws a {
        ArrayList arrayList = new ArrayList();
        if (vVar.n() != null) {
            b0[] q10 = vVar.n().q();
            for (int i10 = 0; i10 < q10.length; i10++) {
                if (q10[i10].d() == 4) {
                    try {
                        arrayList.add(y6.d.o(q10[i10].p()));
                    } catch (IllegalArgumentException e10) {
                        throw new a("CRL issuer information from distribution point cannot be decoded.", e10);
                    }
                }
            }
        } else {
            if (vVar.o() == null) {
                throw new a("CRL issuer is omitted from distribution point but no distributionPoint field present.");
            }
            Iterator it = collection.iterator();
            while (it.hasNext()) {
                arrayList.add(it.next());
            }
        }
        Iterator it2 = arrayList.iterator();
        while (it2.hasNext()) {
            try {
                x509CRLSelector.addIssuerName(((y6.d) it2.next()).getEncoded());
            } catch (IOException e11) {
                throw new a("Cannot decode CRL issuer information.", e11);
            }
        }
    }

    public static void j(Date date, X509CRL x509crl, Object obj, c cVar) throws a {
        X509CRLEntry revokedCertificate;
        try {
            boolean v10 = v(x509crl);
            X509Certificate x509Certificate = (X509Certificate) obj;
            y6.d o10 = o(x509Certificate);
            if ((v10 || o10.equals(n(x509crl))) && (revokedCertificate = x509crl.getRevokedCertificate(x509Certificate.getSerialNumber())) != null) {
                if (v10) {
                    X500Principal certificateIssuer = revokedCertificate.getCertificateIssuer();
                    if (!o10.equals(certificateIssuer == null ? n(x509crl) : t(certificateIssuer))) {
                        return;
                    }
                }
                int i10 = 0;
                if (revokedCertificate.hasExtensions()) {
                    try {
                        org.bouncycastle.asn1.i y10 = org.bouncycastle.asn1.i.y(m(revokedCertificate, y.f50278l));
                        if (y10 != null) {
                            i10 = y10.D();
                        }
                    } catch (Exception e10) {
                        throw new a("Reason code CRL entry extension could not be decoded.", e10);
                    }
                }
                Date revocationDate = revokedCertificate.getRevocationDate();
                if (!date.before(revocationDate) || i10 == 0 || i10 == 1 || i10 == 2 || i10 == 10) {
                    cVar.c(i10);
                    cVar.d(revocationDate);
                }
            }
        } catch (CRLException e11) {
            throw new a("Failed check for indirect CRL.", e11);
        }
    }

    public static Set k(v vVar, Object obj, Date date, List list, List list2) throws a, b {
        X509CRLSelector x509CRLSelector = new X509CRLSelector();
        try {
            HashSet hashSet = new HashSet();
            hashSet.add(o((X509Certificate) obj));
            i(vVar, hashSet, x509CRLSelector);
            if (obj instanceof X509Certificate) {
                x509CRLSelector.setCertificateChecking((X509Certificate) obj);
            }
            Set b10 = f56388a.b(new m.b(x509CRLSelector).h(true).g(), date, list, list2);
            a(b10, obj);
            return b10;
        } catch (a e10) {
            throw new a("Could not get issuer information from distribution point.", e10);
        }
    }

    public static Set l(Date date, X509CRL x509crl, List<CertStore> list, List<l> list2) throws a {
        X509CRLSelector x509CRLSelector = new X509CRLSelector();
        try {
            x509CRLSelector.addIssuerName(x509crl.getIssuerX500Principal().getEncoded());
            try {
                u m10 = m(x509crl, y.f50277k);
                BigInteger z10 = m10 != null ? n.x(m10).z() : null;
                try {
                    byte[] extensionValue = x509crl.getExtensionValue(f56396i);
                    x509CRLSelector.setMinCRLNumber(z10 != null ? z10.add(BigInteger.valueOf(1L)) : null);
                    m.b bVar = new m.b(x509CRLSelector);
                    bVar.j(extensionValue);
                    bVar.k(true);
                    bVar.l(z10);
                    Set<X509CRL> b10 = f56388a.b(bVar.g(), date, list, list2);
                    HashSet hashSet = new HashSet();
                    for (X509CRL x509crl2 : b10) {
                        if (u(x509crl2)) {
                            hashSet.add(x509crl2);
                        }
                    }
                    return hashSet;
                } catch (Exception e10) {
                    throw new a("issuing distribution point extension value could not be read", e10);
                }
            } catch (Exception e11) {
                throw new a("cannot extract CRL number extension from CRL", e11);
            }
        } catch (IOException e12) {
            throw new a("cannot extract issuer from CRL.", e12);
        }
    }

    public static u m(X509Extension x509Extension, org.bouncycastle.asn1.q qVar) throws a {
        byte[] extensionValue = x509Extension.getExtensionValue(qVar.C());
        if (extensionValue == null) {
            return null;
        }
        return q(qVar, extensionValue);
    }

    private static y6.d n(X509CRL x509crl) {
        return t(x509crl.getIssuerX500Principal());
    }

    private static y6.d o(X509Certificate x509Certificate) {
        return t(x509Certificate.getIssuerX500Principal());
    }

    public static PublicKey p(List list, int i10, org.bouncycastle.jcajce.util.f fVar) throws CertPathValidatorException {
        DSAPublicKey dSAPublicKey;
        PublicKey publicKey = ((Certificate) list.get(i10)).getPublicKey();
        if (!(publicKey instanceof DSAPublicKey)) {
            return publicKey;
        }
        DSAPublicKey dSAPublicKey2 = (DSAPublicKey) publicKey;
        if (dSAPublicKey2.getParams() != null) {
            return dSAPublicKey2;
        }
        do {
            i10++;
            if (i10 >= list.size()) {
                throw new CertPathValidatorException("DSA parameters cannot be inherited from previous certificate.");
            }
            PublicKey publicKey2 = ((X509Certificate) list.get(i10)).getPublicKey();
            if (!(publicKey2 instanceof DSAPublicKey)) {
                throw new CertPathValidatorException("DSA parameters cannot be inherited from previous certificate.");
            }
            dSAPublicKey = (DSAPublicKey) publicKey2;
        } while (dSAPublicKey.getParams() == null);
        DSAParams params = dSAPublicKey.getParams();
        try {
            return fVar.a("DSA").generatePublic(new DSAPublicKeySpec(dSAPublicKey2.getY(), params.getP(), params.getQ(), params.getG()));
        } catch (Exception e10) {
            throw new RuntimeException(e10.getMessage());
        }
    }

    private static u q(org.bouncycastle.asn1.q qVar, byte[] bArr) throws a {
        try {
            return u.s(r.x(bArr).z());
        } catch (Exception e10) {
            throw new a("exception processing extension " + qVar, e10);
        }
    }

    public static Date r(s sVar, CertPath certPath, int i10) throws a {
        if (sVar.w() == 1 && i10 > 0) {
            int i11 = i10 - 1;
            if (i11 == 0) {
                try {
                    byte[] extensionValue = ((X509Certificate) certPath.getCertificates().get(i11)).getExtensionValue(g6.a.f44499e.C());
                    org.bouncycastle.asn1.k C = extensionValue != null ? org.bouncycastle.asn1.k.C(u.s(extensionValue)) : null;
                    if (C != null) {
                        try {
                            return C.B();
                        } catch (ParseException e10) {
                            throw new a("Date from date of cert gen extension could not be parsed.", e10);
                        }
                    }
                } catch (IOException unused) {
                    throw new a("Date of cert gen extension could not be read.");
                } catch (IllegalArgumentException unused2) {
                    throw new a("Date of cert gen extension could not be read.");
                }
            }
            return ((X509Certificate) certPath.getCertificates().get(i11)).getNotBefore();
        }
        return s(sVar);
    }

    public static Date s(s sVar) {
        Date o10 = sVar.o();
        return o10 == null ? new Date() : o10;
    }

    private static y6.d t(X500Principal x500Principal) {
        return y6.d.o(x500Principal.getEncoded());
    }

    private static boolean u(X509CRL x509crl) {
        Set<String> criticalExtensionOIDs = x509crl.getCriticalExtensionOIDs();
        if (criticalExtensionOIDs == null) {
            return false;
        }
        return criticalExtensionOIDs.contains(f.f56381d);
    }

    public static boolean v(X509CRL x509crl) throws CRLException {
        try {
            byte[] extensionValue = x509crl.getExtensionValue(y.f50282p.C());
            if (extensionValue != null) {
                if (i0.p(r.x(extensionValue).z()).t()) {
                    return true;
                }
            }
            return false;
        } catch (Exception e10) {
            throw new CRLException("exception reading IssuingDistributionPoint", e10);
        }
    }

    public static boolean w(X509Certificate x509Certificate, Set set, String str) throws a {
        try {
            return e(x509Certificate, set, str) != null;
        } catch (Exception unused) {
            return false;
        }
    }

    public static boolean x(X509Certificate x509Certificate) {
        return x509Certificate.getSubjectDN().equals(x509Certificate.getIssuerDN());
    }

    public static void y(X509Certificate x509Certificate, PublicKey publicKey, String str) throws GeneralSecurityException {
        if (str == null) {
            x509Certificate.verify(publicKey);
        } else {
            x509Certificate.verify(publicKey, str);
        }
    }
}
