package org.bouncycastle.pkix.jcajce;

import java.io.IOException;
import java.security.PublicKey;
import java.security.cert.CertPathBuilder;
import java.security.cert.CertPathBuilderException;
import java.security.cert.CertPathValidatorException;
import java.security.cert.Certificate;
import java.security.cert.X509CRL;
import java.security.cert.X509CertSelector;
import java.security.cert.X509Certificate;
import java.security.cert.X509Extension;
import java.util.ArrayList;
import java.util.Date;
import java.util.Enumeration;
import java.util.HashSet;
import java.util.Iterator;
import java.util.LinkedHashSet;
import java.util.List;
import java.util.Set;
import org.bouncycastle.asn1.ASN1Encodable;
import org.bouncycastle.asn1.ASN1EncodableVector;
import org.bouncycastle.asn1.ASN1ObjectIdentifier;
import org.bouncycastle.asn1.ASN1Primitive;
import org.bouncycastle.asn1.ASN1Sequence;
import org.bouncycastle.asn1.DERSequence;
import org.bouncycastle.asn1.x500.X500Name;
import org.bouncycastle.asn1.x509.BasicConstraints;
import org.bouncycastle.asn1.x509.DistributionPoint;
import org.bouncycastle.asn1.x509.DistributionPointName;
import org.bouncycastle.asn1.x509.Extension;
import org.bouncycastle.asn1.x509.GeneralName;
import org.bouncycastle.asn1.x509.GeneralNames;
import org.bouncycastle.asn1.x509.IssuingDistributionPoint;
import org.bouncycastle.jcajce.PKIXCertStoreSelector;
import org.bouncycastle.jcajce.PKIXExtendedBuilderParameters;
import org.bouncycastle.jcajce.PKIXExtendedParameters;
import org.bouncycastle.jcajce.util.JcaJceHelper;
import org.bouncycastle.util.Arrays;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: classes2.dex */
public class e {

    /* renamed from: a, reason: collision with root package name */
    public static final String f19169a;

    static {
        Extension.f14982m.x();
        Extension.f14991v.x();
        f19169a = Extension.f14981l.x();
        Extension.f14978i.x();
        Extension.f14988s.x();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* JADX WARN: Code restructure failed: missing block: B:67:0x013b, code lost:
    
        return;
     */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public static void a(org.bouncycastle.asn1.x509.DistributionPoint r20, org.bouncycastle.jcajce.PKIXExtendedParameters r21, java.util.Date r22, java.util.Date r23, java.security.cert.X509Certificate r24, java.security.cert.X509Certificate r25, java.security.PublicKey r26, org.bouncycastle.pkix.jcajce.c r27, org.bouncycastle.pkix.jcajce.f r28, java.util.List r29, org.bouncycastle.jcajce.util.JcaJceHelper r30) throws org.bouncycastle.pkix.jcajce.a, org.bouncycastle.pkix.jcajce.b {
        /*
            Method dump skipped, instructions count: 325
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: org.bouncycastle.pkix.jcajce.e.a(org.bouncycastle.asn1.x509.DistributionPoint, org.bouncycastle.jcajce.PKIXExtendedParameters, java.util.Date, java.util.Date, java.security.cert.X509Certificate, java.security.cert.X509Certificate, java.security.PublicKey, org.bouncycastle.pkix.jcajce.c, org.bouncycastle.pkix.jcajce.f, java.util.List, org.bouncycastle.jcajce.util.JcaJceHelper):void");
    }

    protected static void b(DistributionPoint distributionPoint, Object obj, X509CRL x509crl) throws a {
        ASN1Primitive g7 = g.g(x509crl, Extension.f14982m);
        int i7 = 0;
        boolean z6 = g7 != null && IssuingDistributionPoint.l(g7).n();
        byte[] encoded = x509crl.getIssuerX500Principal().getEncoded();
        if (distributionPoint.j() != null) {
            GeneralName[] l7 = distributionPoint.j().l();
            int i8 = 0;
            while (i7 < l7.length) {
                if (l7[i7].m() == 4) {
                    try {
                        if (Arrays.c(l7[i7].l().b().getEncoded(), encoded)) {
                            i8 = 1;
                        }
                    } catch (IOException e7) {
                        throw new a("CRL issuer information from distribution point cannot be decoded.", e7);
                    }
                }
                i7++;
            }
            if (i8 != 0 && !z6) {
                throw new a("Distribution point contains cRLIssuer field but CRL is not indirect.");
            }
            if (i8 == 0) {
                throw new a("CRL issuer of CRL does not match CRL issuer of distribution point.");
            }
            i7 = i8;
        } else if (x509crl.getIssuerX500Principal().equals(((X509Certificate) obj).getIssuerX500Principal())) {
            i7 = 1;
        }
        if (i7 == 0) {
            throw new a("Cannot find matching CRL issuer for certificate.");
        }
    }

    protected static void c(DistributionPoint distributionPoint, Object obj, X509CRL x509crl) throws a {
        GeneralName[] generalNameArr;
        try {
            IssuingDistributionPoint l7 = IssuingDistributionPoint.l(g.g(x509crl, Extension.f14982m));
            if (l7 != null) {
                if (l7.k() != null) {
                    DistributionPointName k7 = IssuingDistributionPoint.l(l7).k();
                    ArrayList arrayList = new ArrayList();
                    boolean z6 = false;
                    if (k7.getType() == 0) {
                        for (GeneralName generalName : GeneralNames.j(k7.l()).l()) {
                            arrayList.add(generalName);
                        }
                    }
                    if (k7.getType() == 1) {
                        ASN1EncodableVector aSN1EncodableVector = new ASN1EncodableVector();
                        try {
                            Enumeration x7 = ASN1Sequence.u(x509crl.getIssuerX500Principal().getEncoded()).x();
                            while (x7.hasMoreElements()) {
                                aSN1EncodableVector.a((ASN1Encodable) x7.nextElement());
                            }
                            aSN1EncodableVector.a(k7.l());
                            arrayList.add(new GeneralName(X500Name.i(new DERSequence(aSN1EncodableVector))));
                        } catch (Exception e7) {
                            throw new a("Could not read CRL issuer.", e7);
                        }
                    }
                    if (distributionPoint.k() != null) {
                        DistributionPointName k8 = distributionPoint.k();
                        GeneralName[] l8 = k8.getType() == 0 ? GeneralNames.j(k8.l()).l() : null;
                        if (k8.getType() == 1) {
                            if (distributionPoint.j() != null) {
                                generalNameArr = distributionPoint.j().l();
                            } else {
                                generalNameArr = new GeneralName[1];
                                try {
                                    generalNameArr[0] = new GeneralName(X500Name.i(((X509Certificate) obj).getIssuerX500Principal().getEncoded()));
                                } catch (Exception e8) {
                                    throw new a("Could not read certificate issuer.", e8);
                                }
                            }
                            l8 = generalNameArr;
                            for (int i7 = 0; i7 < l8.length; i7++) {
                                Enumeration x8 = ASN1Sequence.u(l8[i7].l().b()).x();
                                ASN1EncodableVector aSN1EncodableVector2 = new ASN1EncodableVector();
                                while (x8.hasMoreElements()) {
                                    aSN1EncodableVector2.a((ASN1Encodable) x8.nextElement());
                                }
                                aSN1EncodableVector2.a(k8.l());
                                l8[i7] = new GeneralName(X500Name.i(new DERSequence(aSN1EncodableVector2)));
                            }
                        }
                        if (l8 != null) {
                            int i8 = 0;
                            while (true) {
                                if (i8 >= l8.length) {
                                    break;
                                }
                                if (arrayList.contains(l8[i8])) {
                                    z6 = true;
                                    break;
                                }
                                i8++;
                            }
                        }
                        if (!z6) {
                            throw new a("No match for certificate CRL issuing distribution point name to cRLIssuer CRL distribution point.");
                        }
                    } else {
                        if (distributionPoint.j() == null) {
                            throw new a("Either the cRLIssuer or the distributionPoint field must be contained in DistributionPoint.");
                        }
                        GeneralName[] l9 = distributionPoint.j().l();
                        int i9 = 0;
                        while (true) {
                            if (i9 >= l9.length) {
                                break;
                            }
                            if (arrayList.contains(l9[i9])) {
                                z6 = true;
                                break;
                            }
                            i9++;
                        }
                        if (!z6) {
                            throw new a("No match for certificate CRL issuing distribution point name to cRLIssuer CRL distribution point.");
                        }
                    }
                }
                try {
                    BasicConstraints i10 = BasicConstraints.i(g.g((X509Extension) obj, Extension.f14978i));
                    if (obj instanceof X509Certificate) {
                        if (l7.q() && i10 != null && i10.k()) {
                            throw new a("CA Cert CRL only contains user certificates.");
                        }
                        if (l7.p() && (i10 == null || !i10.k())) {
                            throw new a("End CRL only contains CA certificates.");
                        }
                    }
                    if (l7.o()) {
                        throw new a("onlyContainsAttributeCerts boolean is asserted.");
                    }
                } catch (Exception e9) {
                    throw new a("Basic constraints extension could not be decoded.", e9);
                }
            }
        } catch (Exception e10) {
            throw new a("Issuing distribution point extension could not be decoded.", e10);
        }
    }

    protected static void d(X509CRL x509crl, X509CRL x509crl2, PKIXExtendedParameters pKIXExtendedParameters) throws a {
        if (x509crl == null) {
            return;
        }
        try {
            ASN1ObjectIdentifier aSN1ObjectIdentifier = Extension.f14982m;
            IssuingDistributionPoint l7 = IssuingDistributionPoint.l(g.g(x509crl2, aSN1ObjectIdentifier));
            if (pKIXExtendedParameters.B()) {
                if (!x509crl.getIssuerX500Principal().equals(x509crl2.getIssuerX500Principal())) {
                    throw new a("complete CRL issuer does not match delta CRL issuer");
                }
                try {
                    IssuingDistributionPoint l8 = IssuingDistributionPoint.l(g.g(x509crl, aSN1ObjectIdentifier));
                    boolean z6 = false;
                    if (l7 != null ? l7.equals(l8) : l8 == null) {
                        z6 = true;
                    }
                    if (!z6) {
                        throw new a("Issuing distribution point extension from delta CRL and complete CRL does not match.");
                    }
                    try {
                        ASN1ObjectIdentifier aSN1ObjectIdentifier2 = Extension.f14988s;
                        ASN1Primitive g7 = g.g(x509crl2, aSN1ObjectIdentifier2);
                        try {
                            ASN1Primitive g8 = g.g(x509crl, aSN1ObjectIdentifier2);
                            if (g7 == null) {
                                throw new a("CRL authority key identifier is null.");
                            }
                            if (g8 == null) {
                                throw new a("Delta CRL authority key identifier is null.");
                            }
                            if (!g7.o(g8)) {
                                throw new a("Delta CRL authority key identifier does not match complete CRL authority key identifier.");
                            }
                        } catch (a e7) {
                            throw new a("Authority key identifier extension could not be extracted from delta CRL.", e7);
                        }
                    } catch (a e8) {
                        throw new a("Authority key identifier extension could not be extracted from complete CRL.", e8);
                    }
                } catch (Exception e9) {
                    throw new a("Issuing distribution point extension from delta CRL could not be decoded.", e9);
                }
            }
        } catch (Exception e10) {
            throw new a("issuing distribution point extension could not be decoded.", e10);
        }
    }

    protected static f e(X509CRL x509crl, DistributionPoint distributionPoint) throws a {
        try {
            IssuingDistributionPoint l7 = IssuingDistributionPoint.l(g.g(x509crl, Extension.f14982m));
            if (l7 != null && l7.m() != null && distributionPoint.m() != null) {
                return new f(distributionPoint.m()).d(new f(l7.m()));
            }
            if ((l7 == null || l7.m() == null) && distributionPoint.m() == null) {
                return f.f19170b;
            }
            return (distributionPoint.m() == null ? f.f19170b : new f(distributionPoint.m())).d(l7 == null ? f.f19170b : new f(l7.m()));
        } catch (Exception e7) {
            throw new a("Issuing distribution point extension could not be decoded.", e7);
        }
    }

    protected static Set f(X509CRL x509crl, Object obj, X509Certificate x509Certificate, PublicKey publicKey, PKIXExtendedParameters pKIXExtendedParameters, List list, JcaJceHelper jcaJceHelper) throws a {
        int i7;
        X509CertSelector x509CertSelector = new X509CertSelector();
        try {
            x509CertSelector.setSubject(x509crl.getIssuerX500Principal().getEncoded());
            PKIXCertStoreSelector<? extends Certificate> a7 = new PKIXCertStoreSelector.Builder(x509CertSelector).a();
            LinkedHashSet linkedHashSet = new LinkedHashSet();
            try {
                g.b(linkedHashSet, a7, pKIXExtendedParameters.o());
                g.b(linkedHashSet, a7, pKIXExtendedParameters.n());
                linkedHashSet.add(x509Certificate);
                ArrayList arrayList = new ArrayList();
                ArrayList arrayList2 = new ArrayList();
                Iterator it = linkedHashSet.iterator();
                while (true) {
                    if (!it.hasNext()) {
                        break;
                    }
                    X509Certificate x509Certificate2 = (X509Certificate) it.next();
                    if (x509Certificate2.equals(x509Certificate)) {
                        arrayList.add(x509Certificate2);
                        arrayList2.add(publicKey);
                    } else {
                        try {
                            CertPathBuilder i8 = jcaJceHelper.i("PKIX");
                            X509CertSelector x509CertSelector2 = new X509CertSelector();
                            x509CertSelector2.setCertificate(x509Certificate2);
                            PKIXExtendedParameters.Builder q7 = new PKIXExtendedParameters.Builder(pKIXExtendedParameters).q(new PKIXCertStoreSelector.Builder(x509CertSelector2).a());
                            if (list.contains(x509Certificate2)) {
                                q7.p(false);
                            } else {
                                q7.p(true);
                            }
                            List<? extends Certificate> certificates = i8.build(new PKIXExtendedBuilderParameters.Builder(q7.o()).e()).getCertPath().getCertificates();
                            arrayList.add(x509Certificate2);
                            arrayList2.add(g.j(certificates, 0, jcaJceHelper));
                        } catch (CertPathBuilderException e7) {
                            throw new a("CertPath for CRL signer failed to validate.", e7);
                        } catch (CertPathValidatorException e8) {
                            throw new a("Public key of issuer certificate of CRL could not be retrieved.", e8);
                        } catch (Exception e9) {
                            throw new a(e9.getMessage());
                        }
                    }
                }
                HashSet hashSet = new HashSet();
                a aVar = null;
                for (i7 = 0; i7 < arrayList.size(); i7++) {
                    boolean[] keyUsage = ((X509Certificate) arrayList.get(i7)).getKeyUsage();
                    if (keyUsage == null || (keyUsage.length > 6 && keyUsage[6])) {
                        hashSet.add(arrayList2.get(i7));
                    } else {
                        aVar = new a("Issuer certificate key usage extension does not permit CRL signing.");
                    }
                }
                if (hashSet.isEmpty() && aVar == null) {
                    throw new a("Cannot find a valid issuer certificate.");
                }
                if (!hashSet.isEmpty() || aVar == null) {
                    return hashSet;
                }
                throw aVar;
            } catch (a e10) {
                throw new a("Issuer certificate for CRL cannot be searched.", e10);
            }
        } catch (IOException e11) {
            throw new a("subject criteria for certificate selector to find issuer certificate for CRL could not be set", e11);
        }
    }

    protected static PublicKey g(X509CRL x509crl, Set set) throws a {
        Iterator it = set.iterator();
        Exception e7 = null;
        while (it.hasNext()) {
            PublicKey publicKey = (PublicKey) it.next();
            try {
                x509crl.verify(publicKey);
                return publicKey;
            } catch (Exception e8) {
                e7 = e8;
            }
        }
        throw new a("Cannot verify CRL.", e7);
    }

    protected static X509CRL h(Set set, PublicKey publicKey) throws a {
        Iterator it = set.iterator();
        Exception e7 = null;
        while (it.hasNext()) {
            X509CRL x509crl = (X509CRL) it.next();
            try {
                x509crl.verify(publicKey);
                return x509crl;
            } catch (Exception e8) {
                e7 = e8;
            }
        }
        if (e7 == null) {
            return null;
        }
        throw new a("Cannot verify delta CRL.", e7);
    }

    protected static void i(Date date, X509CRL x509crl, Object obj, c cVar, PKIXExtendedParameters pKIXExtendedParameters) throws a {
        if (!pKIXExtendedParameters.B() || x509crl == null) {
            return;
        }
        g.d(date, x509crl, obj, cVar);
    }

    protected static void j(Date date, X509CRL x509crl, Object obj, c cVar) throws a {
        if (cVar.a() == 11) {
            g.d(date, x509crl, obj, cVar);
        }
    }
}
