package org.bouncycastle.x509;

import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.math.BigInteger;
import java.security.GeneralSecurityException;
import java.security.KeyFactory;
import java.security.PublicKey;
import java.security.cert.CRLException;
import java.security.cert.CertPathValidatorException;
import java.security.cert.CertStore;
import java.security.cert.CertStoreException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.PKIXParameters;
import java.security.cert.PolicyQualifierInfo;
import java.security.cert.X509CRL;
import java.security.cert.X509CRLEntry;
import java.security.cert.X509Certificate;
import java.security.cert.X509Extension;
import java.security.interfaces.DSAParams;
import java.security.interfaces.DSAPublicKey;
import java.security.spec.DSAPublicKeySpec;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Date;
import java.util.Enumeration;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Set;
import javax.security.auth.x500.X500Principal;
import org.bouncycastle.asn1.g0;
import org.bouncycastle.asn1.x509.h1;
import org.bouncycastle.asn1.x509.l0;
import org.bouncycastle.asn1.x509.w0;
import org.bouncycastle.asn1.x509.y1;
import org.bouncycastle.jcajce.provider.asymmetric.x509.CertificateFactory;
import org.bouncycastle.jce.provider.AnnotatedException;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.jce.provider.PKIXPolicyNode;

/* loaded from: classes3.dex */
class d {

    /* renamed from: l, reason: collision with root package name */
    protected static final String f51439l = "2.5.29.32.0";

    /* renamed from: m, reason: collision with root package name */
    protected static final int f51440m = 5;

    /* renamed from: n, reason: collision with root package name */
    protected static final int f51441n = 6;

    /* renamed from: a, reason: collision with root package name */
    protected static final String f51428a = org.bouncycastle.asn1.x509.b0.f41678t.L0();

    /* renamed from: b, reason: collision with root package name */
    protected static final String f51429b = org.bouncycastle.asn1.x509.b0.f41668j.L0();

    /* renamed from: c, reason: collision with root package name */
    protected static final String f51430c = org.bouncycastle.asn1.x509.b0.f41679u.L0();

    /* renamed from: d, reason: collision with root package name */
    protected static final String f51431d = org.bouncycastle.asn1.x509.b0.f41666h.L0();

    /* renamed from: e, reason: collision with root package name */
    protected static final String f51432e = org.bouncycastle.asn1.x509.b0.f41676r.L0();

    /* renamed from: f, reason: collision with root package name */
    protected static final String f51433f = org.bouncycastle.asn1.x509.b0.f41664f.L0();

    /* renamed from: g, reason: collision with root package name */
    protected static final String f51434g = org.bouncycastle.asn1.x509.b0.f41684z.L0();

    /* renamed from: h, reason: collision with root package name */
    protected static final String f51435h = org.bouncycastle.asn1.x509.b0.f41674p.L0();

    /* renamed from: i, reason: collision with root package name */
    protected static final String f51436i = org.bouncycastle.asn1.x509.b0.f41673o.L0();

    /* renamed from: j, reason: collision with root package name */
    protected static final String f51437j = org.bouncycastle.asn1.x509.b0.f41681w.L0();

    /* renamed from: k, reason: collision with root package name */
    protected static final String f51438k = org.bouncycastle.asn1.x509.b0.f41669k.L0();

    /* renamed from: o, reason: collision with root package name */
    protected static final String[] f51442o = {"unspecified", "keyCompromise", "cACompromise", "affiliationChanged", "superseded", "cessationOfOperation", "certificateHold", androidx.core.os.h.f7249b, "removeFromCRL", "privilegeWithdrawn", "aACompromise"};

    protected static Collection a(org.bouncycastle.jcajce.t tVar, List list) throws AnnotatedException {
        HashSet hashSet = new HashSet();
        for (Object obj : list) {
            if (obj instanceof org.bouncycastle.util.u) {
                try {
                    hashSet.addAll(((org.bouncycastle.util.u) obj).getMatches(tVar));
                } catch (org.bouncycastle.util.v e9) {
                    throw new AnnotatedException("Problem while picking certificates from X.509 store.", e9);
                }
            } else {
                try {
                    hashSet.addAll(org.bouncycastle.jcajce.t.d(tVar, (CertStore) obj));
                } catch (CertStoreException e10) {
                    throw new AnnotatedException("Problem while picking certificates from certificate store.", e10);
                }
            }
        }
        return hashSet;
    }

    protected static Collection b(o oVar, List list) throws AnnotatedException {
        HashSet hashSet = new HashSet();
        for (Object obj : list) {
            if (obj instanceof v) {
                try {
                    hashSet.addAll(((v) obj).getMatches(oVar));
                } catch (org.bouncycastle.util.v e9) {
                    throw new AnnotatedException("Problem while picking certificates from X.509 store.", e9);
                }
            }
        }
        return hashSet;
    }

    protected static Collection c(s sVar, List list) throws AnnotatedException {
        HashSet hashSet = new HashSet();
        CertificateFactory certificateFactory = new CertificateFactory();
        for (Object obj : list) {
            if (obj instanceof org.bouncycastle.util.u) {
                try {
                    for (Object obj2 : ((org.bouncycastle.util.u) obj).getMatches(sVar)) {
                        if (obj2 instanceof org.bouncycastle.util.g) {
                            obj2 = certificateFactory.engineGenerateCertificate(new ByteArrayInputStream(((org.bouncycastle.util.g) obj2).getEncoded()));
                        } else if (!(obj2 instanceof Certificate)) {
                            throw new AnnotatedException("Unknown object found in certificate store.");
                        }
                        hashSet.add(obj2);
                    }
                } catch (IOException e9) {
                    throw new AnnotatedException("Problem while extracting certificates from X.509 store.", e9);
                } catch (CertificateException e10) {
                    throw new AnnotatedException("Problem while extracting certificates from X.509 store.", e10);
                } catch (org.bouncycastle.util.v e11) {
                    throw new AnnotatedException("Problem while picking certificates from X.509 store.", e11);
                }
            } else {
                try {
                    hashSet.addAll(((CertStore) obj).getCertificates(sVar));
                } catch (CertStoreException e12) {
                    throw new AnnotatedException("Problem while picking certificates from certificate store.", e12);
                }
            }
        }
        return hashSet;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static org.bouncycastle.asn1.x509.b d(PublicKey publicKey) throws CertPathValidatorException {
        try {
            return h1.z0(new org.bouncycastle.asn1.s(publicKey.getEncoded()).q()).y0();
        } catch (Exception e9) {
            throw new s6.b("Subject public key cannot be decoded.", e9);
        }
    }

    protected static void e(Date date, X509CRL x509crl, Object obj, e eVar) throws AnnotatedException {
        X509CRLEntry revokedCertificate;
        org.bouncycastle.asn1.j H0;
        try {
            if (p(x509crl)) {
                revokedCertificate = x509crl.getRevokedCertificate(l(obj));
                if (revokedCertificate == null) {
                    return;
                }
                X500Principal certificateIssuer = revokedCertificate.getCertificateIssuer();
                if (certificateIssuer == null) {
                    certificateIssuer = h(x509crl);
                }
                if (!f(obj).equals(certificateIssuer)) {
                    return;
                }
            } else if (!f(obj).equals(h(x509crl)) || (revokedCertificate = x509crl.getRevokedCertificate(l(obj))) == null) {
                return;
            }
            if (revokedCertificate.hasExtensions()) {
                try {
                    H0 = org.bouncycastle.asn1.j.H0(g(revokedCertificate, y1.f42085k.L0()));
                } catch (Exception e9) {
                    throw new AnnotatedException("Reason code CRL entry extension could not be decoded.", e9);
                }
            } else {
                H0 = null;
            }
            int M0 = H0 == null ? 0 : H0.M0();
            if (date.getTime() >= revokedCertificate.getRevocationDate().getTime() || M0 == 0 || M0 == 1 || M0 == 2 || M0 == 10) {
                eVar.c(M0);
                eVar.d(revokedCertificate.getRevocationDate());
            }
        } catch (CRLException e10) {
            throw new AnnotatedException("Failed check for indirect CRL.", e10);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static X500Principal f(Object obj) {
        return obj instanceof X509Certificate ? ((X509Certificate) obj).getIssuerX500Principal() : (X500Principal) ((p) obj).g().c()[0];
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static org.bouncycastle.asn1.d0 g(X509Extension x509Extension, String str) throws AnnotatedException {
        byte[] extensionValue = x509Extension.getExtensionValue(str);
        if (extensionValue == null) {
            return null;
        }
        return j(str, extensionValue);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static X500Principal h(X509CRL x509crl) {
        return x509crl.getIssuerX500Principal();
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static PublicKey i(List list, int i9) throws CertPathValidatorException {
        DSAPublicKey dSAPublicKey;
        PublicKey publicKey = ((Certificate) list.get(i9)).getPublicKey();
        if (!(publicKey instanceof DSAPublicKey)) {
            return publicKey;
        }
        DSAPublicKey dSAPublicKey2 = (DSAPublicKey) publicKey;
        if (dSAPublicKey2.getParams() != null) {
            return dSAPublicKey2;
        }
        do {
            i9++;
            if (i9 >= list.size()) {
                throw new CertPathValidatorException("DSA parameters cannot be inherited from previous certificate.");
            }
            PublicKey publicKey2 = ((X509Certificate) list.get(i9)).getPublicKey();
            if (!(publicKey2 instanceof DSAPublicKey)) {
                throw new CertPathValidatorException("DSA parameters cannot be inherited from previous certificate.");
            }
            dSAPublicKey = (DSAPublicKey) publicKey2;
        } while (dSAPublicKey.getParams() == null);
        DSAParams params = dSAPublicKey.getParams();
        try {
            return KeyFactory.getInstance("DSA", BouncyCastleProvider.PROVIDER_NAME).generatePublic(new DSAPublicKeySpec(dSAPublicKey2.getY(), params.getP(), params.getQ(), params.getG()));
        } catch (Exception e9) {
            throw new RuntimeException(e9.getMessage());
        }
    }

    private static org.bouncycastle.asn1.d0 j(String str, byte[] bArr) throws AnnotatedException {
        try {
            return new org.bouncycastle.asn1.s(((org.bouncycastle.asn1.z) new org.bouncycastle.asn1.s(bArr).q()).J0()).q();
        } catch (Exception e9) {
            throw new AnnotatedException("exception processing extension " + str, e9);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static final Set k(g0 g0Var) throws CertPathValidatorException {
        HashSet hashSet = new HashSet();
        if (g0Var == null) {
            return hashSet;
        }
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        org.bouncycastle.asn1.b0 b9 = org.bouncycastle.asn1.b0.b(byteArrayOutputStream);
        Enumeration L0 = g0Var.L0();
        while (L0.hasMoreElements()) {
            try {
                b9.x((org.bouncycastle.asn1.g) L0.nextElement());
                hashSet.add(new PolicyQualifierInfo(byteArrayOutputStream.toByteArray()));
                byteArrayOutputStream.reset();
            } catch (IOException e9) {
                throw new s6.b("Policy qualifier info cannot be decoded.", e9);
            }
        }
        return hashSet;
    }

    private static BigInteger l(Object obj) {
        return obj instanceof X509Certificate ? ((X509Certificate) obj).getSerialNumber() : ((p) obj).getSerialNumber();
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static X500Principal m(X509Certificate x509Certificate) {
        return x509Certificate.getSubjectX500Principal();
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static Date n(PKIXParameters pKIXParameters, Date date) {
        Date date2 = pKIXParameters.getDate();
        return date2 == null ? date : date2;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static boolean o(Set set) {
        return set == null || set.contains("2.5.29.32.0") || set.isEmpty();
    }

    static boolean p(X509CRL x509crl) throws CRLException {
        try {
            byte[] extensionValue = x509crl.getExtensionValue(org.bouncycastle.asn1.x509.b0.f41674p.L0());
            if (extensionValue != null) {
                if (l0.A0(org.bouncycastle.asn1.z.H0(extensionValue).J0()).D0()) {
                    return true;
                }
            }
            return false;
        } catch (Exception e9) {
            throw new CRLException("Exception reading IssuingDistributionPoint: " + e9);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static boolean q(X509Certificate x509Certificate) {
        return x509Certificate.getSubjectDN().equals(x509Certificate.getIssuerDN());
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static void r(int i9, List[] listArr, String str, Map map, X509Certificate x509Certificate) throws AnnotatedException, CertPathValidatorException {
        Set set;
        for (PKIXPolicyNode pKIXPolicyNode : listArr[i9]) {
            if (pKIXPolicyNode.getValidPolicy().equals(str)) {
                pKIXPolicyNode.setExpectedPolicies((Set) map.get(str));
                return;
            }
        }
        for (PKIXPolicyNode pKIXPolicyNode2 : listArr[i9]) {
            if ("2.5.29.32.0".equals(pKIXPolicyNode2.getValidPolicy())) {
                try {
                    Enumeration L0 = g0.I0(g(x509Certificate, f51428a)).L0();
                    while (true) {
                        if (!L0.hasMoreElements()) {
                            set = null;
                            break;
                        }
                        try {
                            w0 x02 = w0.x0(L0.nextElement());
                            if ("2.5.29.32.0".equals(x02.y0().L0())) {
                                try {
                                    set = k(x02.z0());
                                    break;
                                } catch (CertPathValidatorException e9) {
                                    throw new s6.b("Policy qualifier info set could not be built.", e9);
                                }
                            }
                        } catch (Exception e10) {
                            throw new AnnotatedException("Policy information cannot be decoded.", e10);
                        }
                    }
                    Set set2 = set;
                    boolean contains = x509Certificate.getCriticalExtensionOIDs() != null ? x509Certificate.getCriticalExtensionOIDs().contains(f51428a) : false;
                    PKIXPolicyNode pKIXPolicyNode3 = (PKIXPolicyNode) pKIXPolicyNode2.getParent();
                    if ("2.5.29.32.0".equals(pKIXPolicyNode3.getValidPolicy())) {
                        PKIXPolicyNode pKIXPolicyNode4 = new PKIXPolicyNode(new ArrayList(), i9, (Set) map.get(str), pKIXPolicyNode3, set2, str, contains);
                        pKIXPolicyNode3.addChild(pKIXPolicyNode4);
                        listArr[i9].add(pKIXPolicyNode4);
                        return;
                    }
                    return;
                } catch (Exception e11) {
                    throw new AnnotatedException("Certificate policies cannot be decoded.", e11);
                }
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static PKIXPolicyNode s(int i9, List[] listArr, String str, PKIXPolicyNode pKIXPolicyNode) {
        int i10;
        Iterator it = listArr[i9].iterator();
        while (it.hasNext()) {
            PKIXPolicyNode pKIXPolicyNode2 = (PKIXPolicyNode) it.next();
            if (pKIXPolicyNode2.getValidPolicy().equals(str)) {
                ((PKIXPolicyNode) pKIXPolicyNode2.getParent()).removeChild(pKIXPolicyNode2);
                it.remove();
                for (int i11 = i9 - 1; i11 >= 0; i11--) {
                    List list = listArr[i11];
                    while (i10 < list.size()) {
                        PKIXPolicyNode pKIXPolicyNode3 = (PKIXPolicyNode) list.get(i10);
                        i10 = (pKIXPolicyNode3.hasChildren() || (pKIXPolicyNode = v(pKIXPolicyNode, listArr, pKIXPolicyNode3)) != null) ? i10 + 1 : 0;
                    }
                }
            }
        }
        return pKIXPolicyNode;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static boolean t(int i9, List[] listArr, org.bouncycastle.asn1.y yVar, Set set) {
        List list = listArr[i9 - 1];
        for (int i10 = 0; i10 < list.size(); i10++) {
            PKIXPolicyNode pKIXPolicyNode = (PKIXPolicyNode) list.get(i10);
            if (pKIXPolicyNode.getExpectedPolicies().contains(yVar.L0())) {
                HashSet hashSet = new HashSet();
                hashSet.add(yVar.L0());
                PKIXPolicyNode pKIXPolicyNode2 = new PKIXPolicyNode(new ArrayList(), i9, hashSet, pKIXPolicyNode, set, yVar.L0(), false);
                pKIXPolicyNode.addChild(pKIXPolicyNode2);
                listArr[i9].add(pKIXPolicyNode2);
                return true;
            }
        }
        return false;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static void u(int i9, List[] listArr, org.bouncycastle.asn1.y yVar, Set set) {
        List list = listArr[i9 - 1];
        for (int i10 = 0; i10 < list.size(); i10++) {
            PKIXPolicyNode pKIXPolicyNode = (PKIXPolicyNode) list.get(i10);
            if ("2.5.29.32.0".equals(pKIXPolicyNode.getValidPolicy())) {
                HashSet hashSet = new HashSet();
                hashSet.add(yVar.L0());
                PKIXPolicyNode pKIXPolicyNode2 = new PKIXPolicyNode(new ArrayList(), i9, hashSet, pKIXPolicyNode, set, yVar.L0(), false);
                pKIXPolicyNode.addChild(pKIXPolicyNode2);
                listArr[i9].add(pKIXPolicyNode2);
                return;
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static PKIXPolicyNode v(PKIXPolicyNode pKIXPolicyNode, List[] listArr, PKIXPolicyNode pKIXPolicyNode2) {
        PKIXPolicyNode pKIXPolicyNode3 = (PKIXPolicyNode) pKIXPolicyNode2.getParent();
        if (pKIXPolicyNode == null) {
            return null;
        }
        if (pKIXPolicyNode3 != null) {
            pKIXPolicyNode3.removeChild(pKIXPolicyNode2);
            w(listArr, pKIXPolicyNode2);
            return pKIXPolicyNode;
        }
        for (int i9 = 0; i9 < listArr.length; i9++) {
            listArr[i9] = new ArrayList();
        }
        return null;
    }

    private static void w(List[] listArr, PKIXPolicyNode pKIXPolicyNode) {
        listArr[pKIXPolicyNode.getDepth()].remove(pKIXPolicyNode);
        if (pKIXPolicyNode.hasChildren()) {
            Iterator children = pKIXPolicyNode.getChildren();
            while (children.hasNext()) {
                w(listArr, (PKIXPolicyNode) children.next());
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static void x(X509Certificate x509Certificate, PublicKey publicKey, String str) throws GeneralSecurityException {
        if (str == null) {
            x509Certificate.verify(publicKey);
        } else {
            x509Certificate.verify(publicKey, str);
        }
    }
}
