package org.bouncycastle.pkix.jcajce;

import java.io.IOException;
import java.security.PublicKey;
import java.security.cert.CertPathBuilder;
import java.security.cert.CertPathBuilderException;
import java.security.cert.CertPathValidatorException;
import java.security.cert.Certificate;
import java.security.cert.X509CRL;
import java.security.cert.X509CRLSelector;
import java.security.cert.X509CertSelector;
import java.security.cert.X509Certificate;
import java.security.cert.X509Extension;
import java.util.ArrayList;
import java.util.Date;
import java.util.Enumeration;
import java.util.HashSet;
import java.util.Iterator;
import java.util.LinkedHashSet;
import java.util.List;
import java.util.Set;
import org.bouncycastle.asn1.d0;
import org.bouncycastle.asn1.g0;
import org.bouncycastle.asn1.h2;
import org.bouncycastle.asn1.x509.b0;
import org.bouncycastle.asn1.x509.e0;
import org.bouncycastle.asn1.x509.f0;
import org.bouncycastle.asn1.x509.l0;
import org.bouncycastle.asn1.x509.y;
import org.bouncycastle.asn1.x509.z;
import org.bouncycastle.jcajce.p;
import org.bouncycastle.jcajce.t;
import org.bouncycastle.jcajce.u;
import org.bouncycastle.jcajce.v;

/* loaded from: classes3.dex */
class k {

    /* renamed from: a, reason: collision with root package name */
    public static final String f48702a = b0.f41674p.L0();

    /* renamed from: b, reason: collision with root package name */
    public static final String f48703b = b0.f41683y.L0();

    /* renamed from: c, reason: collision with root package name */
    public static final String f48704c = b0.f41673o.L0();

    /* renamed from: d, reason: collision with root package name */
    public static final String f48705d = b0.f41668j.L0();

    /* renamed from: e, reason: collision with root package name */
    public static final String f48706e = b0.f41680v.L0();

    /* renamed from: f, reason: collision with root package name */
    protected static final int f48707f = 5;

    /* renamed from: g, reason: collision with root package name */
    protected static final int f48708g = 6;

    k() {
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static void a(y yVar, v vVar, Date date, Date date2, X509Certificate x509Certificate, X509Certificate x509Certificate2, PublicKey publicKey, e eVar, l lVar, List list, org.bouncycastle.jcajce.util.f fVar) throws a, b {
        Iterator it;
        Set<String> criticalExtensionOIDs;
        if (date2.getTime() > date.getTime()) {
            throw new a("Validation time is in future.");
        }
        Iterator it2 = m.f(yVar, x509Certificate, date2, vVar.o(), vVar.m()).iterator();
        a e9 = null;
        boolean z8 = false;
        while (it2.hasNext() && eVar.a() == 11 && !lVar.e()) {
            try {
                X509CRL x509crl = (X509CRL) it2.next();
                l g9 = g(x509crl, yVar);
                if (g9.c(lVar)) {
                    it = it2;
                    a aVar = e9;
                    try {
                        X509CRL j9 = vVar.F() ? j(m.g(date2, x509crl, vVar.o(), vVar.m()), i(x509crl, h(x509crl, x509Certificate, x509Certificate2, publicKey, vVar, list, fVar))) : null;
                        if (vVar.A() != 1 && x509Certificate.getNotAfter().getTime() < x509crl.getThisUpdate().getTime()) {
                            throw new a("No valid CRL for current time found.");
                        }
                        d(yVar, x509Certificate, x509crl);
                        e(yVar, x509Certificate, x509crl);
                        f(j9, x509crl, vVar);
                        k(date2, j9, x509Certificate, eVar, vVar);
                        l(date2, x509crl, x509Certificate, eVar);
                        if (eVar.a() == 8) {
                            eVar.c(11);
                        }
                        lVar.a(g9);
                        Set<String> criticalExtensionOIDs2 = x509crl.getCriticalExtensionOIDs();
                        if (criticalExtensionOIDs2 != null) {
                            HashSet hashSet = new HashSet(criticalExtensionOIDs2);
                            hashSet.remove(b0.f41674p.L0());
                            hashSet.remove(b0.f41673o.L0());
                            if (!hashSet.isEmpty()) {
                                throw new a("CRL contains unsupported critical extensions.");
                            }
                        }
                        if (j9 != null && (criticalExtensionOIDs = j9.getCriticalExtensionOIDs()) != null) {
                            HashSet hashSet2 = new HashSet(criticalExtensionOIDs);
                            hashSet2.remove(b0.f41674p.L0());
                            hashSet2.remove(b0.f41673o.L0());
                            if (!hashSet2.isEmpty()) {
                                throw new a("Delta CRL contains unsupported critical extension.");
                            }
                        }
                        it2 = it;
                        e9 = aVar;
                        z8 = true;
                    } catch (a e10) {
                        e9 = e10;
                        it2 = it;
                    }
                } else {
                    continue;
                }
            } catch (a e11) {
                e9 = e11;
                it = it2;
            }
        }
        a aVar2 = e9;
        if (!z8) {
            throw aVar2;
        }
    }

    protected static Set b(v vVar, Date date, X509Certificate x509Certificate, X509CRL x509crl) throws a {
        HashSet hashSet = new HashSet();
        if (vVar.F()) {
            try {
                org.bouncycastle.asn1.y yVar = b0.f41683y;
                org.bouncycastle.asn1.x509.m z02 = org.bouncycastle.asn1.x509.m.z0(m.h(x509Certificate, yVar));
                if (z02 == null) {
                    try {
                        z02 = org.bouncycastle.asn1.x509.m.z0(m.h(x509crl, yVar));
                    } catch (a e9) {
                        throw new a("Freshest CRL extension could not be decoded from CRL.", e9);
                    }
                }
                if (z02 != null) {
                    ArrayList arrayList = new ArrayList();
                    arrayList.addAll(vVar.m());
                    try {
                        arrayList.addAll(m.c(z02, vVar.t()));
                        try {
                            hashSet.addAll(m.g(date, x509crl, vVar.o(), arrayList));
                        } catch (a e10) {
                            throw new a("Exception obtaining delta CRLs.", e10);
                        }
                    } catch (a e11) {
                        throw new a("No new delta CRL locations could be added from Freshest CRL extension.", e11);
                    }
                }
            } catch (a e12) {
                throw new a("Freshest CRL extension could not be decoded from certificate.", e12);
            }
        }
        return hashSet;
    }

    protected static Set[] c(v vVar, Date date, Date date2, X509Certificate x509Certificate, X509CRL x509crl) throws a {
        X509CRLSelector x509CRLSelector = new X509CRLSelector();
        x509CRLSelector.setCertificateChecking(x509Certificate);
        try {
            x509CRLSelector.addIssuerName(x509crl.getIssuerX500Principal().getEncoded());
            Set b9 = h.b(new p.b(x509CRLSelector).h(true).g(), date2, vVar.o(), vVar.m());
            HashSet hashSet = new HashSet();
            if (vVar.F()) {
                try {
                    hashSet.addAll(m.g(date2, x509crl, vVar.o(), vVar.m()));
                } catch (a e9) {
                    throw new a("Exception obtaining delta CRLs.", e9);
                }
            }
            return new Set[]{b9, hashSet};
        } catch (IOException e10) {
            throw new a("Cannot extract issuer from CRL." + e10, e10);
        }
    }

    protected static void d(y yVar, Object obj, X509CRL x509crl) throws a {
        d0 h9 = m.h(x509crl, b0.f41674p);
        boolean z8 = h9 != null && l0.A0(h9).D0();
        byte[] encoded = x509crl.getIssuerX500Principal().getEncoded();
        if (yVar.y0() != null) {
            e0[] B0 = yVar.y0().B0();
            boolean z9 = false;
            for (int i9 = 0; i9 < B0.length; i9++) {
                if (B0[i9].R() == 4) {
                    try {
                        if (org.bouncycastle.util.a.g(B0[i9].A0().d().getEncoded(), encoded)) {
                            z9 = true;
                        }
                    } catch (IOException e9) {
                        throw new a("CRL issuer information from distribution point cannot be decoded.", e9);
                    }
                }
            }
            if (z9 && !z8) {
                throw new a("Distribution point contains cRLIssuer field but CRL is not indirect.");
            }
            if (!z9) {
                throw new a("CRL issuer of CRL does not match CRL issuer of distribution point.");
            }
            if (z9) {
                return;
            }
        } else if (x509crl.getIssuerX500Principal().equals(((X509Certificate) obj).getIssuerX500Principal())) {
            return;
        }
        throw new a("Cannot find matching CRL issuer for certificate.");
    }

    protected static void e(y yVar, Object obj, X509CRL x509crl) throws a {
        int i9;
        e0[] e0VarArr;
        try {
            l0 A0 = l0.A0(m.h(x509crl, b0.f41674p));
            if (A0 != null) {
                if (A0.z0() != null) {
                    z z02 = l0.A0(A0).z0();
                    ArrayList arrayList = new ArrayList();
                    if (z02.B0() == 0) {
                        for (e0 e0Var : f0.z0(z02.A0()).B0()) {
                            arrayList.add(e0Var);
                        }
                    }
                    if (z02.B0() == 1) {
                        org.bouncycastle.asn1.h hVar = new org.bouncycastle.asn1.h();
                        try {
                            Enumeration L0 = g0.I0(x509crl.getIssuerX500Principal().getEncoded()).L0();
                            while (L0.hasMoreElements()) {
                                hVar.a((org.bouncycastle.asn1.g) L0.nextElement());
                            }
                            hVar.a(z02.A0());
                            arrayList.add(new e0(org.bouncycastle.asn1.x500.d.z0(new h2(hVar))));
                        } catch (Exception e9) {
                            throw new a("Could not read CRL issuer.", e9);
                        }
                    }
                    if (yVar.z0() == null) {
                        if (yVar.y0() == null) {
                            throw new a("Either the cRLIssuer or the distributionPoint field must be contained in DistributionPoint.");
                        }
                        e0[] B0 = yVar.y0().B0();
                        while (i9 < B0.length) {
                            i9 = arrayList.contains(B0[i9]) ? 0 : i9 + 1;
                        }
                        throw new a("No match for certificate CRL issuing distribution point name to cRLIssuer CRL distribution point.");
                    }
                    z z03 = yVar.z0();
                    e0[] B02 = z03.B0() == 0 ? f0.z0(z03.A0()).B0() : null;
                    if (z03.B0() == 1) {
                        if (yVar.y0() != null) {
                            e0VarArr = yVar.y0().B0();
                        } else {
                            e0VarArr = new e0[1];
                            try {
                                e0VarArr[0] = new e0(org.bouncycastle.asn1.x500.d.z0(((X509Certificate) obj).getIssuerX500Principal().getEncoded()));
                            } catch (Exception e10) {
                                throw new a("Could not read certificate issuer.", e10);
                            }
                        }
                        B02 = e0VarArr;
                        for (int i10 = 0; i10 < B02.length; i10++) {
                            Enumeration L02 = g0.I0(B02[i10].A0().d()).L0();
                            org.bouncycastle.asn1.h hVar2 = new org.bouncycastle.asn1.h();
                            while (L02.hasMoreElements()) {
                                hVar2.a((org.bouncycastle.asn1.g) L02.nextElement());
                            }
                            hVar2.a(z03.A0());
                            B02[i10] = new e0(org.bouncycastle.asn1.x500.d.z0(new h2(hVar2)));
                        }
                    }
                    if (B02 != null) {
                        while (i9 < B02.length) {
                            i9 = arrayList.contains(B02[i9]) ? 0 : i9 + 1;
                        }
                    }
                    throw new a("No match for certificate CRL issuing distribution point name to cRLIssuer CRL distribution point.");
                }
                try {
                    org.bouncycastle.asn1.x509.l y02 = org.bouncycastle.asn1.x509.l.y0(m.h((X509Extension) obj, b0.f41668j));
                    if (obj instanceof X509Certificate) {
                        if (A0.G0() && y02 != null && y02.C0()) {
                            throw new a("CA Cert CRL only contains user certificates.");
                        }
                        if (A0.F0() && (y02 == null || !y02.C0())) {
                            throw new a("End CRL only contains CA certificates.");
                        }
                    }
                    if (A0.E0()) {
                        throw new a("onlyContainsAttributeCerts boolean is asserted.");
                    }
                } catch (Exception e11) {
                    throw new a("Basic constraints extension could not be decoded.", e11);
                }
            }
        } catch (Exception e12) {
            throw new a("Issuing distribution point extension could not be decoded.", e12);
        }
    }

    protected static void f(X509CRL x509crl, X509CRL x509crl2, v vVar) throws a {
        if (x509crl == null) {
            return;
        }
        try {
            org.bouncycastle.asn1.y yVar = b0.f41674p;
            l0 A0 = l0.A0(m.h(x509crl2, yVar));
            if (vVar.F()) {
                if (!x509crl.getIssuerX500Principal().equals(x509crl2.getIssuerX500Principal())) {
                    throw new a("complete CRL issuer does not match delta CRL issuer");
                }
                try {
                    l0 A02 = l0.A0(m.h(x509crl, yVar));
                    if (A0 != null ? !A0.equals(A02) : A02 != null) {
                        throw new a("Issuing distribution point extension from delta CRL and complete CRL does not match.");
                    }
                    try {
                        org.bouncycastle.asn1.y yVar2 = b0.f41680v;
                        d0 h9 = m.h(x509crl2, yVar2);
                        try {
                            d0 h10 = m.h(x509crl, yVar2);
                            if (h9 == null) {
                                throw new a("CRL authority key identifier is null.");
                            }
                            if (h10 == null) {
                                throw new a("Delta CRL authority key identifier is null.");
                            }
                            if (!h9.C0(h10)) {
                                throw new a("Delta CRL authority key identifier does not match complete CRL authority key identifier.");
                            }
                        } catch (a e9) {
                            throw new a("Authority key identifier extension could not be extracted from delta CRL.", e9);
                        }
                    } catch (a e10) {
                        throw new a("Authority key identifier extension could not be extracted from complete CRL.", e10);
                    }
                } catch (Exception e11) {
                    throw new a("Issuing distribution point extension from delta CRL could not be decoded.", e11);
                }
            }
        } catch (Exception e12) {
            throw new a("issuing distribution point extension could not be decoded.", e12);
        }
    }

    protected static l g(X509CRL x509crl, y yVar) throws a {
        try {
            l0 A0 = l0.A0(m.h(x509crl, b0.f41674p));
            if (A0 != null && A0.C0() != null && yVar.C0() != null) {
                return new l(yVar.C0()).d(new l(A0.C0()));
            }
            if ((A0 == null || A0.C0() == null) && yVar.C0() == null) {
                return l.f48709b;
            }
            return (yVar.C0() == null ? l.f48709b : new l(yVar.C0())).d(A0 == null ? l.f48709b : new l(A0.C0()));
        } catch (Exception e9) {
            throw new a("Issuing distribution point extension could not be decoded.", e9);
        }
    }

    protected static Set h(X509CRL x509crl, Object obj, X509Certificate x509Certificate, PublicKey publicKey, v vVar, List list, org.bouncycastle.jcajce.util.f fVar) throws a {
        int i9;
        X509CertSelector x509CertSelector = new X509CertSelector();
        try {
            x509CertSelector.setSubject(x509crl.getIssuerX500Principal().getEncoded());
            t<? extends Certificate> a9 = new t.b(x509CertSelector).a();
            LinkedHashSet linkedHashSet = new LinkedHashSet();
            try {
                m.b(linkedHashSet, a9, vVar.p());
                m.b(linkedHashSet, a9, vVar.o());
                linkedHashSet.add(x509Certificate);
                ArrayList arrayList = new ArrayList();
                ArrayList arrayList2 = new ArrayList();
                Iterator it = linkedHashSet.iterator();
                while (true) {
                    if (!it.hasNext()) {
                        break;
                    }
                    X509Certificate x509Certificate2 = (X509Certificate) it.next();
                    if (x509Certificate2.equals(x509Certificate)) {
                        arrayList.add(x509Certificate2);
                        arrayList2.add(publicKey);
                    } else {
                        try {
                            CertPathBuilder v8 = fVar.v("PKIX");
                            X509CertSelector x509CertSelector2 = new X509CertSelector();
                            x509CertSelector2.setCertificate(x509Certificate2);
                            v.b s8 = new v.b(vVar).s(new t.b(x509CertSelector2).a());
                            if (list.contains(x509Certificate2)) {
                                s8.r(false);
                            } else {
                                s8.r(true);
                            }
                            List<? extends Certificate> certificates = v8.build(new u.b(s8.q()).e()).getCertPath().getCertificates();
                            arrayList.add(x509Certificate2);
                            arrayList2.add(m.k(certificates, 0, fVar));
                        } catch (CertPathBuilderException e9) {
                            throw new a("CertPath for CRL signer failed to validate.", e9);
                        } catch (CertPathValidatorException e10) {
                            throw new a("Public key of issuer certificate of CRL could not be retrieved.", e10);
                        } catch (Exception e11) {
                            throw new a(e11.getMessage());
                        }
                    }
                }
                HashSet hashSet = new HashSet();
                a aVar = null;
                for (i9 = 0; i9 < arrayList.size(); i9++) {
                    boolean[] keyUsage = ((X509Certificate) arrayList.get(i9)).getKeyUsage();
                    if (keyUsage == null || (keyUsage.length > 6 && keyUsage[6])) {
                        hashSet.add(arrayList2.get(i9));
                    } else {
                        aVar = new a("Issuer certificate key usage extension does not permit CRL signing.");
                    }
                }
                if (hashSet.isEmpty() && aVar == null) {
                    throw new a("Cannot find a valid issuer certificate.");
                }
                if (!hashSet.isEmpty() || aVar == null) {
                    return hashSet;
                }
                throw aVar;
            } catch (a e12) {
                throw new a("Issuer certificate for CRL cannot be searched.", e12);
            }
        } catch (IOException e13) {
            throw new a("subject criteria for certificate selector to find issuer certificate for CRL could not be set", e13);
        }
    }

    protected static PublicKey i(X509CRL x509crl, Set set) throws a {
        Iterator it = set.iterator();
        Exception e9 = null;
        while (it.hasNext()) {
            PublicKey publicKey = (PublicKey) it.next();
            try {
                x509crl.verify(publicKey);
                return publicKey;
            } catch (Exception e10) {
                e9 = e10;
            }
        }
        throw new a("Cannot verify CRL.", e9);
    }

    protected static X509CRL j(Set set, PublicKey publicKey) throws a {
        Iterator it = set.iterator();
        Exception e9 = null;
        while (it.hasNext()) {
            X509CRL x509crl = (X509CRL) it.next();
            try {
                x509crl.verify(publicKey);
                return x509crl;
            } catch (Exception e10) {
                e9 = e10;
            }
        }
        if (e9 == null) {
            return null;
        }
        throw new a("Cannot verify delta CRL.", e9);
    }

    protected static void k(Date date, X509CRL x509crl, Object obj, e eVar, v vVar) throws a {
        if (!vVar.F() || x509crl == null) {
            return;
        }
        m.e(date, x509crl, obj, eVar);
    }

    protected static void l(Date date, X509CRL x509crl, Object obj, e eVar) throws a {
        if (eVar.a() == 11) {
            m.e(date, x509crl, obj, eVar);
        }
    }
}
