package org.bouncycastle.pkix.jcajce;

import com.google.common.base.AbstractC4805f;
import j1.C5238d;
import java.io.IOException;
import java.security.PublicKey;
import java.security.cert.CertPathBuilder;
import java.security.cert.CertPathBuilderException;
import java.security.cert.CertPathValidatorException;
import java.security.cert.Certificate;
import java.security.cert.X509CRL;
import java.security.cert.X509CRLSelector;
import java.security.cert.X509CertSelector;
import java.security.cert.X509Certificate;
import java.security.cert.X509Extension;
import java.util.ArrayList;
import java.util.Date;
import java.util.Enumeration;
import java.util.HashSet;
import java.util.Iterator;
import java.util.LinkedHashSet;
import java.util.List;
import java.util.Set;
import org.bouncycastle.asn1.AbstractC5682w;
import org.bouncycastle.asn1.AbstractC5683x;
import org.bouncycastle.asn1.C5645g;
import org.bouncycastle.asn1.C5664p0;
import org.bouncycastle.asn1.InterfaceC5643f;
import org.bouncycastle.asn1.r;
import org.bouncycastle.asn1.x509.B;
import org.bouncycastle.asn1.x509.C;
import org.bouncycastle.asn1.x509.C5695j;
import org.bouncycastle.asn1.x509.C5696k;
import org.bouncycastle.asn1.x509.C5706v;
import org.bouncycastle.asn1.x509.C5707w;
import org.bouncycastle.asn1.x509.C5709y;
import org.bouncycastle.asn1.x509.I;
import org.bouncycastle.jcajce.o;
import org.bouncycastle.jcajce.s;
import org.bouncycastle.jcajce.t;
import org.bouncycastle.jcajce.u;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: classes4.dex */
public class f {

    /* renamed from: a, reason: collision with root package name */
    public static final String f25172a = C5709y.f21646r.getId();
    public static final String b = C5709y.f21623D.getId();
    public static final String c = C5709y.f21645q.getId();

    /* renamed from: d, reason: collision with root package name */
    public static final String f25173d = C5709y.f21640k.getId();

    /* renamed from: e, reason: collision with root package name */
    public static final String f25174e = C5709y.f21620A.getId();

    /* renamed from: f, reason: collision with root package name */
    protected static final int f25175f = 5;

    /* renamed from: g, reason: collision with root package name */
    protected static final int f25176g = 6;

    public static void a(C5706v c5706v, u uVar, Date date, Date date2, X509Certificate x509Certificate, X509Certificate x509Certificate2, PublicKey publicKey, c cVar, g gVar, List list, org.bouncycastle.jcajce.util.f fVar) {
        Iterator it;
        Set<String> criticalExtensionOIDs;
        if (date2.getTime() > date.getTime()) {
            throw new a("Validation time is in future.");
        }
        Iterator it2 = h.e(c5706v, x509Certificate, date2, uVar.getCertStores(), uVar.getCRLStores()).iterator();
        boolean z3 = false;
        a e3 = null;
        while (it2.hasNext() && cVar.getCertStatus() == 11 && !gVar.a()) {
            try {
                X509CRL x509crl = (X509CRL) it2.next();
                g g3 = g(x509crl, c5706v);
                int i3 = g3.f25177a;
                if ((i3 | (gVar.f25177a ^ i3)) != 0) {
                    it = it2;
                    a aVar = e3;
                    try {
                        X509CRL j3 = uVar.e() ? j(h.f(date2, x509crl, uVar.getCertStores(), uVar.getCRLStores()), i(x509crl, h(x509crl, x509Certificate, x509Certificate2, publicKey, uVar, list, fVar))) : null;
                        if (uVar.getValidityModel() != 1 && x509Certificate.getNotAfter().getTime() < x509crl.getThisUpdate().getTime()) {
                            throw new a("No valid CRL for current time found.");
                        }
                        d(c5706v, x509Certificate, x509crl);
                        e(c5706v, x509Certificate, x509crl);
                        f(j3, x509crl, uVar);
                        k(date2, j3, x509Certificate, cVar, uVar);
                        l(date2, x509crl, x509Certificate, cVar);
                        if (cVar.getCertStatus() == 8) {
                            cVar.setCertStatus(11);
                        }
                        gVar.f25177a |= g3.f25177a;
                        Set<String> criticalExtensionOIDs2 = x509crl.getCriticalExtensionOIDs();
                        if (criticalExtensionOIDs2 != null) {
                            HashSet hashSet = new HashSet(criticalExtensionOIDs2);
                            hashSet.remove(C5709y.f21646r.getId());
                            hashSet.remove(C5709y.f21645q.getId());
                            if (!hashSet.isEmpty()) {
                                throw new a("CRL contains unsupported critical extensions.");
                            }
                        }
                        if (j3 != null && (criticalExtensionOIDs = j3.getCriticalExtensionOIDs()) != null) {
                            HashSet hashSet2 = new HashSet(criticalExtensionOIDs);
                            hashSet2.remove(C5709y.f21646r.getId());
                            hashSet2.remove(C5709y.f21645q.getId());
                            if (!hashSet2.isEmpty()) {
                                throw new a("Delta CRL contains unsupported critical extension.");
                            }
                        }
                        z3 = true;
                        it2 = it;
                        e3 = aVar;
                    } catch (a e4) {
                        e3 = e4;
                        it2 = it;
                    }
                }
            } catch (a e5) {
                e3 = e5;
                it = it2;
            }
        }
        a aVar2 = e3;
        if (!z3) {
            throw aVar2;
        }
    }

    public static Set b(u uVar, Date date, X509Certificate x509Certificate, X509CRL x509crl) throws a {
        HashSet hashSet = new HashSet();
        if (uVar.e()) {
            try {
                r rVar = C5709y.f21623D;
                C5696k m3 = C5696k.m(h.g(x509Certificate, rVar));
                if (m3 == null) {
                    try {
                        m3 = C5696k.m(h.g(x509crl, rVar));
                    } catch (a e3) {
                        throw new a("Freshest CRL extension could not be decoded from CRL.", e3);
                    }
                }
                if (m3 != null) {
                    ArrayList arrayList = new ArrayList();
                    arrayList.addAll(uVar.getCRLStores());
                    try {
                        arrayList.addAll(h.b(m3, uVar.getNamedCRLStoreMap()));
                        try {
                            hashSet.addAll(h.f(date, x509crl, uVar.getCertStores(), arrayList));
                        } catch (a e4) {
                            throw new a("Exception obtaining delta CRLs.", e4);
                        }
                    } catch (a e5) {
                        throw new a("No new delta CRL locations could be added from Freshest CRL extension.", e5);
                    }
                }
            } catch (a e6) {
                throw new a("Freshest CRL extension could not be decoded from certificate.", e6);
            }
        }
        return hashSet;
    }

    public static Set[] c(u uVar, Date date, Date date2, X509Certificate x509Certificate, X509CRL x509crl) throws a {
        X509CRLSelector x509CRLSelector = new X509CRLSelector();
        x509CRLSelector.setCertificateChecking(x509Certificate);
        try {
            x509CRLSelector.addIssuerName(x509crl.getIssuerX500Principal().getEncoded());
            HashSet a3 = e.a(new o.b(x509CRLSelector).b(true).a(), date2, uVar.getCertStores(), uVar.getCRLStores());
            HashSet hashSet = new HashSet();
            if (uVar.e()) {
                try {
                    hashSet.addAll(h.f(date2, x509crl, uVar.getCertStores(), uVar.getCRLStores()));
                } catch (a e3) {
                    throw new a("Exception obtaining delta CRLs.", e3);
                }
            }
            return new Set[]{a3, hashSet};
        } catch (IOException e4) {
            throw new a(AbstractC4805f.h("Cannot extract issuer from CRL.", e4), e4);
        }
    }

    public static void d(C5706v c5706v, Object obj, X509CRL x509crl) throws a {
        AbstractC5682w g3 = h.g(x509crl, C5709y.f21646r);
        boolean z3 = true;
        boolean z4 = g3 != null && I.m(g3).o();
        byte[] encoded = x509crl.getIssuerX500Principal().getEncoded();
        if (c5706v.getCRLIssuer() != null) {
            B[] names = c5706v.getCRLIssuer().getNames();
            boolean z5 = false;
            for (int i3 = 0; i3 < names.length; i3++) {
                if (names[i3].getTagNo() == 4) {
                    try {
                        if (org.bouncycastle.util.a.g(names[i3].getName().b().getEncoded(), encoded)) {
                            z5 = true;
                        }
                    } catch (IOException e3) {
                        throw new a("CRL issuer information from distribution point cannot be decoded.", e3);
                    }
                }
            }
            if (z5 && !z4) {
                throw new a("Distribution point contains cRLIssuer field but CRL is not indirect.");
            }
            if (!z5) {
                throw new a("CRL issuer of CRL does not match CRL issuer of distribution point.");
            }
            z3 = z5;
        } else if (!x509crl.getIssuerX500Principal().equals(((X509Certificate) obj).getIssuerX500Principal())) {
            z3 = false;
        }
        if (!z3) {
            throw new a("Cannot find matching CRL issuer for certificate.");
        }
    }

    public static void e(C5706v c5706v, Object obj, X509CRL x509crl) throws a {
        int i3;
        B[] bArr;
        try {
            I m3 = I.m(h.g(x509crl, C5709y.f21646r));
            if (m3 != null) {
                if (m3.getDistributionPoint() != null) {
                    C5707w distributionPoint = I.m(m3).getDistributionPoint();
                    ArrayList arrayList = new ArrayList();
                    if (distributionPoint.getType() == 0) {
                        for (B b3 : C.m(distributionPoint.getName()).getNames()) {
                            arrayList.add(b3);
                        }
                    }
                    if (distributionPoint.getType() == 1) {
                        C5645g c5645g = new C5645g();
                        try {
                            Enumeration objects = AbstractC5683x.u(x509crl.getIssuerX500Principal().getEncoded()).getObjects();
                            while (objects.hasMoreElements()) {
                                c5645g.a((InterfaceC5643f) objects.nextElement());
                            }
                            c5645g.a(distributionPoint.getName());
                            arrayList.add(new B(C5238d.m(new C5664p0(c5645g))));
                        } catch (Exception e3) {
                            throw new a("Could not read CRL issuer.", e3);
                        }
                    }
                    if (c5706v.getDistributionPoint() == null) {
                        if (c5706v.getCRLIssuer() == null) {
                            throw new a("Either the cRLIssuer or the distributionPoint field must be contained in DistributionPoint.");
                        }
                        B[] names = c5706v.getCRLIssuer().getNames();
                        while (i3 < names.length) {
                            i3 = arrayList.contains(names[i3]) ? 0 : i3 + 1;
                        }
                        throw new a("No match for certificate CRL issuing distribution point name to cRLIssuer CRL distribution point.");
                    }
                    C5707w distributionPoint2 = c5706v.getDistributionPoint();
                    B[] names2 = distributionPoint2.getType() == 0 ? C.m(distributionPoint2.getName()).getNames() : null;
                    if (distributionPoint2.getType() == 1) {
                        if (c5706v.getCRLIssuer() != null) {
                            bArr = c5706v.getCRLIssuer().getNames();
                        } else {
                            bArr = new B[1];
                            try {
                                bArr[0] = new B(C5238d.m(((X509Certificate) obj).getIssuerX500Principal().getEncoded()));
                            } catch (Exception e4) {
                                throw new a("Could not read certificate issuer.", e4);
                            }
                        }
                        names2 = bArr;
                        for (int i4 = 0; i4 < names2.length; i4++) {
                            Enumeration objects2 = AbstractC5683x.u(names2[i4].getName().b()).getObjects();
                            C5645g c5645g2 = new C5645g();
                            while (objects2.hasMoreElements()) {
                                c5645g2.a((InterfaceC5643f) objects2.nextElement());
                            }
                            c5645g2.a(distributionPoint2.getName());
                            names2[i4] = new B(C5238d.m(new C5664p0(c5645g2)));
                        }
                    }
                    if (names2 != null) {
                        while (i3 < names2.length) {
                            i3 = arrayList.contains(names2[i3]) ? 0 : i3 + 1;
                        }
                    }
                    throw new a("No match for certificate CRL issuing distribution point name to cRLIssuer CRL distribution point.");
                }
                try {
                    C5695j m4 = C5695j.m(h.g((X509Extension) obj, C5709y.f21640k));
                    if (obj instanceof X509Certificate) {
                        if (m3.r() && m4 != null && m4.o()) {
                            throw new a("CA Cert CRL only contains user certificates.");
                        }
                        if (m3.q() && (m4 == null || !m4.o())) {
                            throw new a("End CRL only contains CA certificates.");
                        }
                    }
                    if (m3.p()) {
                        throw new a("onlyContainsAttributeCerts boolean is asserted.");
                    }
                } catch (Exception e5) {
                    throw new a("Basic constraints extension could not be decoded.", e5);
                }
            }
        } catch (Exception e6) {
            throw new a("Issuing distribution point extension could not be decoded.", e6);
        }
    }

    public static void f(X509CRL x509crl, X509CRL x509crl2, u uVar) throws a {
        if (x509crl == null) {
            return;
        }
        try {
            r rVar = C5709y.f21646r;
            I m3 = I.m(h.g(x509crl2, rVar));
            if (uVar.e()) {
                if (!x509crl.getIssuerX500Principal().equals(x509crl2.getIssuerX500Principal())) {
                    throw new a("complete CRL issuer does not match delta CRL issuer");
                }
                try {
                    I m4 = I.m(h.g(x509crl, rVar));
                    if (m3 != null ? !m3.equals(m4) : m4 != null) {
                        throw new a("Issuing distribution point extension from delta CRL and complete CRL does not match.");
                    }
                    try {
                        r rVar2 = C5709y.f21620A;
                        AbstractC5682w g3 = h.g(x509crl2, rVar2);
                        try {
                            AbstractC5682w g4 = h.g(x509crl, rVar2);
                            if (g3 == null) {
                                throw new a("CRL authority key identifier is null.");
                            }
                            if (g4 == null) {
                                throw new a("Delta CRL authority key identifier is null.");
                            }
                            if (!g3.p(g4)) {
                                throw new a("Delta CRL authority key identifier does not match complete CRL authority key identifier.");
                            }
                        } catch (a e3) {
                            throw new a("Authority key identifier extension could not be extracted from delta CRL.", e3);
                        }
                    } catch (a e4) {
                        throw new a("Authority key identifier extension could not be extracted from complete CRL.", e4);
                    }
                } catch (Exception e5) {
                    throw new a("Issuing distribution point extension from delta CRL could not be decoded.", e5);
                }
            }
        } catch (Exception e6) {
            throw new a("issuing distribution point extension could not be decoded.", e6);
        }
    }

    public static g g(X509CRL x509crl, C5706v c5706v) throws a {
        try {
            I m3 = I.m(h.g(x509crl, C5709y.f21646r));
            if (m3 != null && m3.getOnlySomeReasons() != null && c5706v.getReasons() != null) {
                g gVar = new g(c5706v.getReasons());
                g gVar2 = new g(m3.getOnlySomeReasons());
                g gVar3 = new g(0);
                gVar3.f25177a = gVar2.f25177a & gVar.f25177a;
                return gVar3;
            }
            g gVar4 = g.b;
            if ((m3 == null || m3.getOnlySomeReasons() == null) && c5706v.getReasons() == null) {
                return gVar4;
            }
            g gVar5 = c5706v.getReasons() == null ? gVar4 : new g(c5706v.getReasons());
            if (m3 != null) {
                gVar4 = new g(m3.getOnlySomeReasons());
            }
            g gVar6 = new g(0);
            gVar6.f25177a = gVar5.f25177a & gVar4.f25177a;
            return gVar6;
        } catch (Exception e3) {
            throw new a("Issuing distribution point extension could not be decoded.", e3);
        }
    }

    public static Set h(X509CRL x509crl, Object obj, X509Certificate x509Certificate, PublicKey publicKey, u uVar, List list, org.bouncycastle.jcajce.util.f fVar) throws a {
        int i3;
        X509CertSelector x509CertSelector = new X509CertSelector();
        try {
            x509CertSelector.setSubject(x509crl.getIssuerX500Principal().getEncoded());
            s<? extends Certificate> a3 = new s.b(x509CertSelector).a();
            LinkedHashSet linkedHashSet = new LinkedHashSet();
            try {
                h.a(linkedHashSet, a3, uVar.getCertificateStores());
                h.a(linkedHashSet, a3, uVar.getCertStores());
                linkedHashSet.add(x509Certificate);
                ArrayList arrayList = new ArrayList();
                ArrayList arrayList2 = new ArrayList();
                Iterator it = linkedHashSet.iterator();
                while (true) {
                    if (!it.hasNext()) {
                        break;
                    }
                    X509Certificate x509Certificate2 = (X509Certificate) it.next();
                    if (x509Certificate2.equals(x509Certificate)) {
                        arrayList.add(x509Certificate2);
                        arrayList2.add(publicKey);
                    } else {
                        try {
                            CertPathBuilder n3 = fVar.n("PKIX");
                            X509CertSelector x509CertSelector2 = new X509CertSelector();
                            x509CertSelector2.setCertificate(x509Certificate2);
                            u.b f3 = new u.b(uVar).f(new s.b(x509CertSelector2).a());
                            if (list.contains(x509Certificate2)) {
                                f3.setRevocationEnabled(false);
                            } else {
                                f3.setRevocationEnabled(true);
                            }
                            List<? extends Certificate> certificates = n3.build(new t.b(f3.e()).b()).getCertPath().getCertificates();
                            arrayList.add(x509Certificate2);
                            arrayList2.add(h.h(certificates, 0, fVar));
                        } catch (CertPathBuilderException e3) {
                            throw new a("CertPath for CRL signer failed to validate.", e3);
                        } catch (CertPathValidatorException e4) {
                            throw new a("Public key of issuer certificate of CRL could not be retrieved.", e4);
                        } catch (Exception e5) {
                            throw new a(e5.getMessage());
                        }
                    }
                }
                HashSet hashSet = new HashSet();
                a aVar = null;
                for (i3 = 0; i3 < arrayList.size(); i3++) {
                    boolean[] keyUsage = ((X509Certificate) arrayList.get(i3)).getKeyUsage();
                    if (keyUsage == null || (keyUsage.length > 6 && keyUsage[6])) {
                        hashSet.add(arrayList2.get(i3));
                    } else {
                        aVar = new a("Issuer certificate key usage extension does not permit CRL signing.");
                    }
                }
                if (hashSet.isEmpty() && aVar == null) {
                    throw new a("Cannot find a valid issuer certificate.");
                }
                if (!hashSet.isEmpty() || aVar == null) {
                    return hashSet;
                }
                throw aVar;
            } catch (a e6) {
                throw new a("Issuer certificate for CRL cannot be searched.", e6);
            }
        } catch (IOException e7) {
            throw new a("subject criteria for certificate selector to find issuer certificate for CRL could not be set", e7);
        }
    }

    public static PublicKey i(X509CRL x509crl, Set set) throws a {
        Iterator it = set.iterator();
        Exception e3 = null;
        while (it.hasNext()) {
            PublicKey publicKey = (PublicKey) it.next();
            try {
                x509crl.verify(publicKey);
                return publicKey;
            } catch (Exception e4) {
                e3 = e4;
            }
        }
        throw new a("Cannot verify CRL.", e3);
    }

    public static X509CRL j(Set set, PublicKey publicKey) throws a {
        Iterator it = set.iterator();
        Exception e3 = null;
        while (it.hasNext()) {
            X509CRL x509crl = (X509CRL) it.next();
            try {
                x509crl.verify(publicKey);
                return x509crl;
            } catch (Exception e4) {
                e3 = e4;
            }
        }
        if (e3 == null) {
            return null;
        }
        throw new a("Cannot verify delta CRL.", e3);
    }

    public static void k(Date date, X509CRL x509crl, Object obj, c cVar, u uVar) throws a {
        if (!uVar.e() || x509crl == null) {
            return;
        }
        h.d(date, x509crl, obj, cVar);
    }

    public static void l(Date date, X509CRL x509crl, Object obj, c cVar) throws a {
        if (cVar.getCertStatus() == 11) {
            h.d(date, x509crl, obj, cVar);
        }
    }
}
