package org.spongycastle.jce.provider;

import h2.l;
import h2.s0;
import h3.a;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.math.BigInteger;
import java.security.GeneralSecurityException;
import java.security.KeyFactory;
import java.security.PublicKey;
import java.security.cert.CRLException;
import java.security.cert.CertPath;
import java.security.cert.CertPathValidatorException;
import java.security.cert.CertStore;
import java.security.cert.CertStoreException;
import java.security.cert.Certificate;
import java.security.cert.PKIXParameters;
import java.security.cert.PolicyQualifierInfo;
import java.security.cert.TrustAnchor;
import java.security.cert.X509CRL;
import java.security.cert.X509CRLEntry;
import java.security.cert.X509CRLSelector;
import java.security.cert.X509CertSelector;
import java.security.cert.X509Certificate;
import java.security.cert.X509Extension;
import java.security.interfaces.DSAParams;
import java.security.interfaces.DSAPublicKey;
import java.security.spec.DSAPublicKeySpec;
import java.text.ParseException;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Date;
import java.util.Enumeration;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Set;
import javax.security.auth.x500.X500Principal;
import s2.a0;
import s2.f0;
import s2.m;
import s2.n;
import s2.o;
import s2.q;
import s2.r;

/* loaded from: classes.dex */
public class b {

    /* renamed from: a, reason: collision with root package name */
    protected static final e f6876a = new e();

    /* renamed from: b, reason: collision with root package name */
    protected static final String f6877b = o.E0.r();

    /* renamed from: c, reason: collision with root package name */
    protected static final String f6878c = o.f7492u0.r();

    /* renamed from: d, reason: collision with root package name */
    protected static final String f6879d = o.F0.r();

    /* renamed from: e, reason: collision with root package name */
    protected static final String f6880e = o.f7490s0.r();

    /* renamed from: f, reason: collision with root package name */
    protected static final String f6881f = o.C0.r();

    /* renamed from: g, reason: collision with root package name */
    protected static final String f6882g = o.f7488q0.r();

    /* renamed from: h, reason: collision with root package name */
    protected static final String f6883h = o.K0.r();

    /* renamed from: i, reason: collision with root package name */
    protected static final String f6884i = o.A0.r();

    /* renamed from: j, reason: collision with root package name */
    protected static final String f6885j = o.f7497z0.r();

    /* renamed from: k, reason: collision with root package name */
    protected static final String f6886k = o.H0.r();

    /* renamed from: l, reason: collision with root package name */
    protected static final String f6887l = o.J0.r();

    /* renamed from: m, reason: collision with root package name */
    protected static final String f6888m = o.D0.r();

    /* renamed from: n, reason: collision with root package name */
    protected static final String f6889n = o.G0.r();

    /* renamed from: o, reason: collision with root package name */
    protected static final String f6890o = o.f7493v0.r();

    /* renamed from: p, reason: collision with root package name */
    protected static final String[] f6891p = {"unspecified", "keyCompromise", "cACompromise", "affiliationChanged", "superseded", "cessationOfOperation", "certificateHold", "unknown", "removeFromCRL", "privilegeWithdrawn", "aACompromise"};

    /* JADX INFO: Access modifiers changed from: protected */
    public static void A(X509Certificate x509Certificate, PublicKey publicKey, String str) throws GeneralSecurityException {
        if (str == null) {
            x509Certificate.verify(publicKey);
        } else {
            x509Certificate.verify(publicKey, str);
        }
    }

    protected static void a(String str, w3.c cVar) {
        String str2;
        String str3;
        if (cVar.g()) {
            try {
                if (str.startsWith("ldap://")) {
                    String substring = str.substring(7);
                    if (substring.indexOf("/") != -1) {
                        str3 = substring.substring(substring.indexOf("/"));
                        str2 = "ldap://" + substring.substring(0, substring.indexOf("/"));
                    } else {
                        str2 = "ldap://" + substring;
                        str3 = null;
                    }
                    h3.a K = new a.b(str2, str3).K();
                    cVar.a(w3.h.b("CERTIFICATE/LDAP", K, "SC"));
                    cVar.a(w3.h.b("CRL/LDAP", K, "SC"));
                    cVar.a(w3.h.b("ATTRIBUTECERTIFICATE/LDAP", K, "SC"));
                    cVar.a(w3.h.b("CERTIFICATEPAIR/LDAP", K, "SC"));
                }
            } catch (Exception unused) {
                throw new RuntimeException("Exception adding X.509 stores.");
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static void b(s2.h hVar, w3.c cVar) throws a {
        if (hVar != null) {
            try {
                for (m mVar : hVar.g()) {
                    n i4 = mVar.i();
                    if (i4 != null && i4.k() == 0) {
                        q[] i5 = r.h(i4.j()).i();
                        for (int i6 = 0; i6 < i5.length; i6++) {
                            if (i5[i6].j() == 6) {
                                a(s0.o(i5[i6].i()).c(), cVar);
                            }
                        }
                    }
                }
            } catch (Exception e4) {
                throw new a("Distribution points could not be read.", e4);
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static Collection c(w3.g gVar, List list) throws a {
        HashSet hashSet = new HashSet();
        for (Object obj : list) {
            if (obj instanceof w3.h) {
                hashSet.addAll(((w3.h) obj).d(gVar));
            } else {
                try {
                    hashSet.addAll(((CertStore) obj).getCertificates(gVar));
                } catch (CertStoreException e4) {
                    throw new a("Problem while picking certificates from certificate store.", e4);
                }
            }
        }
        return hashSet;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static TrustAnchor d(X509Certificate x509Certificate, Set set, String str) throws a {
        X509CertSelector x509CertSelector = new X509CertSelector();
        X500Principal j4 = j(x509Certificate);
        try {
            x509CertSelector.setSubject(j4.getEncoded());
            Iterator it = set.iterator();
            TrustAnchor trustAnchor = null;
            Exception e4 = null;
            PublicKey publicKey = null;
            while (it.hasNext() && trustAnchor == null) {
                trustAnchor = (TrustAnchor) it.next();
                if (trustAnchor.getTrustedCert() != null) {
                    if (x509CertSelector.match(trustAnchor.getTrustedCert())) {
                        publicKey = trustAnchor.getTrustedCert().getPublicKey();
                    }
                    trustAnchor = null;
                } else {
                    if (trustAnchor.getCAName() != null && trustAnchor.getCAPublicKey() != null) {
                        try {
                            if (j4.equals(new X500Principal(trustAnchor.getCAName()))) {
                                publicKey = trustAnchor.getCAPublicKey();
                            }
                        } catch (IllegalArgumentException unused) {
                        }
                    }
                    trustAnchor = null;
                }
                if (publicKey != null) {
                    try {
                        A(x509Certificate, publicKey, str);
                    } catch (Exception e5) {
                        e4 = e5;
                        trustAnchor = null;
                        publicKey = null;
                    }
                }
            }
            if (trustAnchor != null || e4 == null) {
                return trustAnchor;
            }
            throw new a("TrustAnchor found but certificate validation failed.", e4);
        } catch (IOException e6) {
            throw new a("Cannot set subject search criteria for trust anchor.", e6);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static s2.a e(PublicKey publicKey) throws CertPathValidatorException {
        try {
            return a0.i(new h2.h(publicKey.getEncoded()).J()).h();
        } catch (Exception e4) {
            throw new i3.a("Subject public key cannot be decoded.", e4);
        }
    }

    protected static void f(m mVar, Collection collection, X509CRLSelector x509CRLSelector, w3.c cVar) throws a {
        ArrayList arrayList = new ArrayList();
        if (mVar.h() != null) {
            q[] i4 = mVar.h().i();
            for (int i5 = 0; i5 < i4.length; i5++) {
                if (i4[i5].j() == 4) {
                    try {
                        arrayList.add(new X500Principal(i4[i5].i().b().e()));
                    } catch (IOException e4) {
                        throw new a("CRL issuer information from distribution point cannot be decoded.", e4);
                    }
                }
            }
        } else {
            if (mVar.i() == null) {
                throw new a("CRL issuer is omitted from distribution point but no distributionPoint field present.");
            }
            Iterator it = collection.iterator();
            while (it.hasNext()) {
                arrayList.add((X500Principal) it.next());
            }
        }
        Iterator it2 = arrayList.iterator();
        while (it2.hasNext()) {
            try {
                x509CRLSelector.addIssuerName(((X500Principal) it2.next()).getEncoded());
            } catch (IOException e5) {
                throw new a("Cannot decode CRL issuer information.", e5);
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static void g(Date date, X509CRL x509crl, Object obj, c cVar) throws a {
        X509CRLEntry revokedCertificate;
        h2.e o4;
        try {
            if (i.c(x509crl)) {
                revokedCertificate = x509crl.getRevokedCertificate(p(obj));
                if (revokedCertificate == null) {
                    return;
                }
                X500Principal certificateIssuer = revokedCertificate.getCertificateIssuer();
                if (certificateIssuer == null) {
                    certificateIssuer = l(x509crl);
                }
                if (!j(obj).equals(certificateIssuer)) {
                    return;
                }
            } else if (!j(obj).equals(l(x509crl)) || (revokedCertificate = x509crl.getRevokedCertificate(p(obj))) == null) {
                return;
            }
            if (revokedCertificate.hasExtensions()) {
                try {
                    o4 = h2.e.o(k(revokedCertificate, f0.f7387k.r()));
                } catch (Exception e4) {
                    throw new a("Reason code CRL entry extension could not be decoded.", e4);
                }
            } else {
                o4 = null;
            }
            if (date.getTime() >= revokedCertificate.getRevocationDate().getTime() || o4 == null || o4.p().intValue() == 0 || o4.p().intValue() == 1 || o4.p().intValue() == 2 || o4.p().intValue() == 8) {
                cVar.c(o4 != null ? o4.p().intValue() : 0);
                cVar.d(revokedCertificate.getRevocationDate());
            }
        } catch (CRLException e5) {
            throw new a("Failed check for indirect CRL.", e5);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static Set h(m mVar, Object obj, Date date, w3.c cVar) throws a {
        w3.f fVar = new w3.f();
        try {
            HashSet hashSet = new HashSet();
            if (obj instanceof w3.e) {
                ((w3.e) obj).b();
                throw null;
            }
            hashSet.add(j(obj));
            f(mVar, hashSet, fVar, cVar);
            if (obj instanceof X509Certificate) {
                fVar.setCertificateChecking((X509Certificate) obj);
            } else if (obj instanceof w3.e) {
                fVar.d((w3.e) obj);
            }
            fVar.e(true);
            Set b4 = f6876a.b(fVar, cVar, date);
            if (!b4.isEmpty()) {
                return b4;
            }
            if (obj instanceof w3.e) {
                new StringBuilder().append("No CRLs found for issuer \"");
                ((w3.e) obj).b();
                throw null;
            }
            throw new a("No CRLs found for issuer \"" + ((X509Certificate) obj).getIssuerX500Principal() + "\"");
        } catch (a e4) {
            throw new a("Could not get issuer information from distribution point.", e4);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static Set i(Date date, w3.c cVar, X509CRL x509crl) throws a {
        w3.f fVar = new w3.f();
        try {
            fVar.addIssuerName(l(x509crl).getEncoded());
            try {
                h2.q k4 = k(x509crl, f6890o);
                BigInteger p4 = k4 != null ? h2.i.o(k4).p() : null;
                try {
                    byte[] extensionValue = x509crl.getExtensionValue(f6884i);
                    fVar.setMinCRLNumber(p4 != null ? p4.add(BigInteger.valueOf(1L)) : null);
                    fVar.f(extensionValue);
                    fVar.g(true);
                    fVar.h(p4);
                    Set<X509CRL> b4 = f6876a.b(fVar, cVar, date);
                    HashSet hashSet = new HashSet();
                    for (X509CRL x509crl2 : b4) {
                        if (u(x509crl2)) {
                            hashSet.add(x509crl2);
                        }
                    }
                    return hashSet;
                } catch (Exception e4) {
                    throw new a("Issuing distribution point extension value could not be read.", e4);
                }
            } catch (Exception e5) {
                throw new a("CRL number extension could not be extracted from CRL.", e5);
            }
        } catch (IOException e6) {
            throw new a("Cannot extract issuer from CRL.", e6);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static X500Principal j(Object obj) {
        if (obj instanceof X509Certificate) {
            return ((X509Certificate) obj).getIssuerX500Principal();
        }
        ((w3.e) obj).b();
        throw null;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static h2.q k(X509Extension x509Extension, String str) throws a {
        byte[] extensionValue = x509Extension.getExtensionValue(str);
        if (extensionValue == null) {
            return null;
        }
        return n(str, extensionValue);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static X500Principal l(X509CRL x509crl) {
        return x509crl.getIssuerX500Principal();
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static PublicKey m(List list, int i4) throws CertPathValidatorException {
        DSAPublicKey dSAPublicKey;
        PublicKey publicKey = ((Certificate) list.get(i4)).getPublicKey();
        if (!(publicKey instanceof DSAPublicKey)) {
            return publicKey;
        }
        DSAPublicKey dSAPublicKey2 = (DSAPublicKey) publicKey;
        if (dSAPublicKey2.getParams() != null) {
            return dSAPublicKey2;
        }
        do {
            i4++;
            if (i4 >= list.size()) {
                throw new CertPathValidatorException("DSA parameters cannot be inherited from previous certificate.");
            }
            PublicKey publicKey2 = ((X509Certificate) list.get(i4)).getPublicKey();
            if (!(publicKey2 instanceof DSAPublicKey)) {
                throw new CertPathValidatorException("DSA parameters cannot be inherited from previous certificate.");
            }
            dSAPublicKey = (DSAPublicKey) publicKey2;
        } while (dSAPublicKey.getParams() == null);
        DSAParams params = dSAPublicKey.getParams();
        try {
            return KeyFactory.getInstance("DSA", "SC").generatePublic(new DSAPublicKeySpec(dSAPublicKey2.getY(), params.getP(), params.getQ(), params.getG()));
        } catch (Exception e4) {
            throw new RuntimeException(e4.getMessage());
        }
    }

    private static h2.q n(String str, byte[] bArr) throws a {
        try {
            return new h2.h(((h2.m) new h2.h(bArr).J()).p()).J();
        } catch (Exception e4) {
            throw new a("exception processing extension " + str, e4);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static final Set o(h2.r rVar) throws CertPathValidatorException {
        HashSet hashSet = new HashSet();
        if (rVar == null) {
            return hashSet;
        }
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        h2.o oVar = new h2.o(byteArrayOutputStream);
        Enumeration r4 = rVar.r();
        while (r4.hasMoreElements()) {
            try {
                oVar.j((h2.c) r4.nextElement());
                hashSet.add(new PolicyQualifierInfo(byteArrayOutputStream.toByteArray()));
                byteArrayOutputStream.reset();
            } catch (IOException e4) {
                throw new i3.a("Policy qualifier info cannot be decoded.", e4);
            }
        }
        return hashSet;
    }

    private static BigInteger p(Object obj) {
        return obj instanceof X509Certificate ? ((X509Certificate) obj).getSerialNumber() : ((w3.e) obj).a();
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static X500Principal q(X509Certificate x509Certificate) {
        return x509Certificate.getSubjectX500Principal();
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static Date r(w3.c cVar, CertPath certPath, int i4) throws a {
        if (cVar.f() == 1 && i4 > 0) {
            int i5 = i4 - 1;
            if (i5 == 0) {
                try {
                    byte[] extensionValue = ((X509Certificate) certPath.getCertificates().get(i5)).getExtensionValue(k2.a.f6259e.r());
                    h2.g q4 = extensionValue != null ? h2.g.q(h2.q.j(extensionValue)) : null;
                    if (q4 != null) {
                        try {
                            return q4.p();
                        } catch (ParseException e4) {
                            throw new a("Date from date of cert gen extension could not be parsed.", e4);
                        }
                    }
                } catch (IOException unused) {
                    throw new a("Date of cert gen extension could not be read.");
                } catch (IllegalArgumentException unused2) {
                    throw new a("Date of cert gen extension could not be read.");
                }
            }
            return ((X509Certificate) certPath.getCertificates().get(i5)).getNotBefore();
        }
        return s(cVar);
    }

    protected static Date s(PKIXParameters pKIXParameters) {
        Date date = pKIXParameters.getDate();
        return date == null ? new Date() : date;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static boolean t(Set set) {
        return set == null || set.contains("2.5.29.32.0") || set.isEmpty();
    }

    private static boolean u(X509CRL x509crl) {
        Set<String> criticalExtensionOIDs = x509crl.getCriticalExtensionOIDs();
        if (criticalExtensionOIDs == null) {
            return false;
        }
        return criticalExtensionOIDs.contains(g.f6908g);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static boolean v(X509Certificate x509Certificate) {
        return x509Certificate.getSubjectDN().equals(x509Certificate.getIssuerDN());
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static boolean w(int i4, List[] listArr, l lVar, Set set) {
        List list = listArr[i4 - 1];
        for (int i5 = 0; i5 < list.size(); i5++) {
            f fVar = (f) list.get(i5);
            if (fVar.getExpectedPolicies().contains(lVar.r())) {
                HashSet hashSet = new HashSet();
                hashSet.add(lVar.r());
                f fVar2 = new f(new ArrayList(), i4, hashSet, fVar, set, lVar.r(), false);
                fVar.a(fVar2);
                listArr[i4].add(fVar2);
                return true;
            }
        }
        return false;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static void x(int i4, List[] listArr, l lVar, Set set) {
        List list = listArr[i4 - 1];
        for (int i5 = 0; i5 < list.size(); i5++) {
            f fVar = (f) list.get(i5);
            if ("2.5.29.32.0".equals(fVar.getValidPolicy())) {
                HashSet hashSet = new HashSet();
                hashSet.add(lVar.r());
                f fVar2 = new f(new ArrayList(), i4, hashSet, fVar, set, lVar.r(), false);
                fVar.a(fVar2);
                listArr[i4].add(fVar2);
                return;
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static f y(f fVar, List[] listArr, f fVar2) {
        f fVar3 = (f) fVar2.getParent();
        if (fVar == null) {
            return null;
        }
        if (fVar3 != null) {
            fVar3.d(fVar2);
            z(listArr, fVar2);
            return fVar;
        }
        for (int i4 = 0; i4 < listArr.length; i4++) {
            listArr[i4] = new ArrayList();
        }
        return null;
    }

    private static void z(List[] listArr, f fVar) {
        listArr[fVar.getDepth()].remove(fVar);
        if (fVar.c()) {
            Iterator children = fVar.getChildren();
            while (children.hasNext()) {
                z(listArr, (f) children.next());
            }
        }
    }
}
