package org.bouncycastle.pkix.jcajce;

import java.io.IOException;
import java.security.PublicKey;
import java.security.cert.CertPathBuilder;
import java.security.cert.CertPathBuilderException;
import java.security.cert.CertPathValidatorException;
import java.security.cert.Certificate;
import java.security.cert.X509CRL;
import java.security.cert.X509CRLSelector;
import java.security.cert.X509CertSelector;
import java.security.cert.X509Certificate;
import java.security.cert.X509Extension;
import java.util.ArrayList;
import java.util.Date;
import java.util.Enumeration;
import java.util.HashSet;
import java.util.Iterator;
import java.util.LinkedHashSet;
import java.util.List;
import java.util.Set;
import org.bouncycastle.asn1.bm;
import org.bouncycastle.asn1.u;
import org.bouncycastle.asn1.x509.ab;
import org.bouncycastle.asn1.x509.ac;
import org.bouncycastle.asn1.x509.ai;
import org.bouncycastle.asn1.x509.v;
import org.bouncycastle.asn1.x509.w;
import org.bouncycastle.asn1.x509.y;
import org.bouncycastle.jcajce.e;
import org.bouncycastle.jcajce.i;
import org.bouncycastle.jcajce.j;
import org.bouncycastle.jcajce.k;

/* loaded from: classes6.dex */
class d {

    /* renamed from: a, reason: collision with root package name */
    public static final String f116167a = y.m.f112319a;

    /* renamed from: b, reason: collision with root package name */
    public static final String f116168b = y.v.f112319a;

    /* renamed from: c, reason: collision with root package name */
    public static final String f116169c = y.l.f112319a;

    /* renamed from: d, reason: collision with root package name */
    public static final String f116170d = y.g.f112319a;

    /* renamed from: e, reason: collision with root package name */
    public static final String f116171e = y.s.f112319a;

    d() {
    }

    protected static PublicKey a(X509CRL x509crl, Set set) throws AnnotatedException {
        Iterator it2 = set.iterator();
        Exception e2 = null;
        while (it2.hasNext()) {
            PublicKey publicKey = (PublicKey) it2.next();
            try {
                x509crl.verify(publicKey);
                return publicKey;
            } catch (Exception e3) {
                e2 = e3;
            }
        }
        throw new AnnotatedException("Cannot verify CRL.", e2);
    }

    protected static X509CRL a(Set set, PublicKey publicKey) throws AnnotatedException {
        Iterator it2 = set.iterator();
        Exception e2 = null;
        while (it2.hasNext()) {
            X509CRL x509crl = (X509CRL) it2.next();
            try {
                x509crl.verify(publicKey);
                return x509crl;
            } catch (Exception e3) {
                e2 = e3;
            }
        }
        if (e2 == null) {
            return null;
        }
        throw new AnnotatedException("Cannot verify delta CRL.", e2);
    }

    protected static Set a(X509CRL x509crl, Object obj, X509Certificate x509Certificate, PublicKey publicKey, k kVar, List list, org.bouncycastle.jcajce.util.d dVar) throws AnnotatedException {
        int i;
        X509CertSelector x509CertSelector = new X509CertSelector();
        try {
            x509CertSelector.setSubject(x509crl.getIssuerX500Principal().getEncoded());
            i<? extends Certificate> a2 = new i.a(x509CertSelector).a();
            LinkedHashSet linkedHashSet = new LinkedHashSet();
            try {
                f.a(linkedHashSet, a2, kVar.f115158e);
                f.a(linkedHashSet, a2, kVar.i());
                linkedHashSet.add(x509Certificate);
                ArrayList arrayList = new ArrayList();
                ArrayList arrayList2 = new ArrayList();
                Iterator it2 = linkedHashSet.iterator();
                while (true) {
                    if (!it2.hasNext()) {
                        break;
                    }
                    X509Certificate x509Certificate2 = (X509Certificate) it2.next();
                    if (x509Certificate2.equals(x509Certificate)) {
                        arrayList.add(x509Certificate2);
                        arrayList2.add(publicKey);
                    } else {
                        try {
                            CertPathBuilder o = dVar.o("PKIX");
                            X509CertSelector x509CertSelector2 = new X509CertSelector();
                            x509CertSelector2.setCertificate(x509Certificate2);
                            k.a a3 = new k.a(kVar).a(new i.a(x509CertSelector2).a());
                            if (list.contains(x509Certificate2)) {
                                a3.i = false;
                            } else {
                                a3.i = true;
                            }
                            List<? extends Certificate> certificates = o.build(new j.a(a3.a()).a()).getCertPath().getCertificates();
                            arrayList.add(x509Certificate2);
                            arrayList2.add(f.a(certificates, 0, dVar));
                        } catch (CertPathBuilderException e2) {
                            throw new AnnotatedException("CertPath for CRL signer failed to validate.", e2);
                        } catch (CertPathValidatorException e3) {
                            throw new AnnotatedException("Public key of issuer certificate of CRL could not be retrieved.", e3);
                        } catch (Exception e4) {
                            throw new AnnotatedException(e4.getMessage());
                        }
                    }
                }
                HashSet hashSet = new HashSet();
                AnnotatedException annotatedException = null;
                for (i = 0; i < arrayList.size(); i++) {
                    boolean[] keyUsage = ((X509Certificate) arrayList.get(i)).getKeyUsage();
                    if (keyUsage == null || (keyUsage.length > 6 && keyUsage[6])) {
                        hashSet.add(arrayList2.get(i));
                    } else {
                        annotatedException = new AnnotatedException("Issuer certificate key usage extension does not permit CRL signing.");
                    }
                }
                if (hashSet.isEmpty() && annotatedException == null) {
                    throw new AnnotatedException("Cannot find a valid issuer certificate.");
                }
                if (!hashSet.isEmpty() || annotatedException == null) {
                    return hashSet;
                }
                throw annotatedException;
            } catch (AnnotatedException e5) {
                throw new AnnotatedException("Issuer certificate for CRL cannot be searched.", e5);
            }
        } catch (IOException e6) {
            throw new AnnotatedException("subject criteria for certificate selector to find issuer certificate for CRL could not be set", e6);
        }
    }

    protected static Set a(k kVar, Date date, X509Certificate x509Certificate, X509CRL x509crl) throws AnnotatedException {
        HashSet hashSet = new HashSet();
        if (kVar.j) {
            try {
                org.bouncycastle.asn1.x509.k a2 = org.bouncycastle.asn1.x509.k.a(f.a(x509Certificate, y.v));
                if (a2 == null) {
                    try {
                        a2 = org.bouncycastle.asn1.x509.k.a(f.a(x509crl, y.v));
                    } catch (AnnotatedException e2) {
                        throw new AnnotatedException("Freshest CRL extension could not be decoded from CRL.", e2);
                    }
                }
                if (a2 != null) {
                    ArrayList arrayList = new ArrayList();
                    arrayList.addAll(kVar.g);
                    try {
                        arrayList.addAll(f.a(a2, kVar.h));
                        try {
                            hashSet.addAll(f.a(date, x509crl, kVar.i(), arrayList));
                        } catch (AnnotatedException e3) {
                            throw new AnnotatedException("Exception obtaining delta CRLs.", e3);
                        }
                    } catch (AnnotatedException e4) {
                        throw new AnnotatedException("No new delta CRL locations could be added from Freshest CRL extension.", e4);
                    }
                }
            } catch (AnnotatedException e5) {
                throw new AnnotatedException("Freshest CRL extension could not be decoded from certificate.", e5);
            }
        }
        return hashSet;
    }

    protected static e a(X509CRL x509crl, v vVar) throws AnnotatedException {
        try {
            ai a2 = ai.a(f.a(x509crl, y.m));
            if (a2 != null && a2.f112466d != null && vVar.f112647b != null) {
                return new e(vVar.f112647b).b(new e(a2.f112466d));
            }
            if ((a2 == null || a2.f112466d == null) && vVar.f112647b == null) {
                return e.f116172b;
            }
            return (vVar.f112647b == null ? e.f116172b : new e(vVar.f112647b)).b(a2 == null ? e.f116172b : new e(a2.f112466d));
        } catch (Exception e2) {
            throw new AnnotatedException("Issuing distribution point extension could not be decoded.", e2);
        }
    }

    protected static void a(X509CRL x509crl, X509CRL x509crl2, k kVar) throws AnnotatedException {
        if (x509crl == null) {
            return;
        }
        try {
            ai a2 = ai.a(f.a(x509crl2, y.m));
            if (kVar.j) {
                if (!x509crl.getIssuerX500Principal().equals(x509crl2.getIssuerX500Principal())) {
                    throw new AnnotatedException("complete CRL issuer does not match delta CRL issuer");
                }
                try {
                    ai a3 = ai.a(f.a(x509crl, y.m));
                    boolean z = false;
                    if (a2 != null ? a2.equals(a3) : a3 == null) {
                        z = true;
                    }
                    if (!z) {
                        throw new AnnotatedException("Issuing distribution point extension from delta CRL and complete CRL does not match.");
                    }
                    try {
                        u a4 = f.a(x509crl2, y.s);
                        try {
                            u a5 = f.a(x509crl, y.s);
                            if (a4 == null) {
                                throw new AnnotatedException("CRL authority key identifier is null.");
                            }
                            if (a5 == null) {
                                throw new AnnotatedException("Delta CRL authority key identifier is null.");
                            }
                            if (!a4.b(a5)) {
                                throw new AnnotatedException("Delta CRL authority key identifier does not match complete CRL authority key identifier.");
                            }
                        } catch (AnnotatedException e2) {
                            throw new AnnotatedException("Authority key identifier extension could not be extracted from delta CRL.", e2);
                        }
                    } catch (AnnotatedException e3) {
                        throw new AnnotatedException("Authority key identifier extension could not be extracted from complete CRL.", e3);
                    }
                } catch (Exception e4) {
                    throw new AnnotatedException("Issuing distribution point extension from delta CRL could not be decoded.", e4);
                }
            }
        } catch (Exception e5) {
            throw new AnnotatedException("issuing distribution point extension could not be decoded.", e5);
        }
    }

    protected static void a(Date date, X509CRL x509crl, Object obj, a aVar) throws AnnotatedException {
        if (aVar.f116163a == 11) {
            f.a(date, x509crl, obj, aVar);
        }
    }

    protected static void a(Date date, X509CRL x509crl, Object obj, a aVar, k kVar) throws AnnotatedException {
        if (!kVar.j || x509crl == null) {
            return;
        }
        f.a(date, x509crl, obj, aVar);
    }

    protected static void a(v vVar, Object obj, X509CRL x509crl) throws AnnotatedException {
        ab[] abVarArr;
        try {
            ai a2 = ai.a(f.a(x509crl, y.m));
            if (a2 != null) {
                if (a2.f112463a != null) {
                    w wVar = ai.a(a2).f112463a;
                    ArrayList arrayList = new ArrayList();
                    boolean z = false;
                    if (wVar.f112650b == 0) {
                        for (ab abVar : ac.a(wVar.f112649a).a()) {
                            arrayList.add(abVar);
                        }
                    }
                    if (wVar.f112650b == 1) {
                        org.bouncycastle.asn1.g gVar = new org.bouncycastle.asn1.g();
                        try {
                            Enumeration e2 = org.bouncycastle.asn1.v.a(x509crl.getIssuerX500Principal().getEncoded()).e();
                            while (e2.hasMoreElements()) {
                                gVar.a((org.bouncycastle.asn1.f) e2.nextElement());
                            }
                            gVar.a(wVar.f112649a);
                            arrayList.add(new ab(org.bouncycastle.asn1.am.d.a(new bm(gVar))));
                        } catch (Exception e3) {
                            throw new AnnotatedException("Could not read CRL issuer.", e3);
                        }
                    }
                    if (vVar.f112646a != null) {
                        w wVar2 = vVar.f112646a;
                        ab[] a3 = wVar2.f112650b == 0 ? ac.a(wVar2.f112649a).a() : null;
                        if (wVar2.f112650b == 1) {
                            if (vVar.f112648c != null) {
                                abVarArr = vVar.f112648c.a();
                            } else {
                                abVarArr = new ab[1];
                                try {
                                    abVarArr[0] = new ab(org.bouncycastle.asn1.am.d.a(((X509Certificate) obj).getIssuerX500Principal().getEncoded()));
                                } catch (Exception e4) {
                                    throw new AnnotatedException("Could not read certificate issuer.", e4);
                                }
                            }
                            a3 = abVarArr;
                            for (int i = 0; i < a3.length; i++) {
                                Enumeration e5 = org.bouncycastle.asn1.v.a((Object) a3[i].f112445a.j()).e();
                                org.bouncycastle.asn1.g gVar2 = new org.bouncycastle.asn1.g();
                                while (e5.hasMoreElements()) {
                                    gVar2.a((org.bouncycastle.asn1.f) e5.nextElement());
                                }
                                gVar2.a(wVar2.f112649a);
                                a3[i] = new ab(org.bouncycastle.asn1.am.d.a(new bm(gVar2)));
                            }
                        }
                        if (a3 != null) {
                            int i2 = 0;
                            while (true) {
                                if (i2 >= a3.length) {
                                    break;
                                }
                                if (arrayList.contains(a3[i2])) {
                                    z = true;
                                    break;
                                }
                                i2++;
                            }
                        }
                        if (!z) {
                            throw new AnnotatedException("No match for certificate CRL issuing distribution point name to cRLIssuer CRL distribution point.");
                        }
                    } else {
                        if (vVar.f112648c == null) {
                            throw new AnnotatedException("Either the cRLIssuer or the distributionPoint field must be contained in DistributionPoint.");
                        }
                        ab[] a4 = vVar.f112648c.a();
                        int i3 = 0;
                        while (true) {
                            if (i3 >= a4.length) {
                                break;
                            }
                            if (arrayList.contains(a4[i3])) {
                                z = true;
                                break;
                            }
                            i3++;
                        }
                        if (!z) {
                            throw new AnnotatedException("No match for certificate CRL issuing distribution point name to cRLIssuer CRL distribution point.");
                        }
                    }
                }
                try {
                    org.bouncycastle.asn1.x509.j a5 = org.bouncycastle.asn1.x509.j.a(f.a((X509Extension) obj, y.g));
                    if (obj instanceof X509Certificate) {
                        if (a2.f112464b && a5 != null && a5.a()) {
                            throw new AnnotatedException("CA Cert CRL only contains user certificates.");
                        }
                        if (a2.f112465c && (a5 == null || !a5.a())) {
                            throw new AnnotatedException("End CRL only contains CA certificates.");
                        }
                    }
                    if (a2.f) {
                        throw new AnnotatedException("onlyContainsAttributeCerts boolean is asserted.");
                    }
                } catch (Exception e6) {
                    throw new AnnotatedException("Basic constraints extension could not be decoded.", e6);
                }
            }
        } catch (Exception e7) {
            throw new AnnotatedException("Issuing distribution point extension could not be decoded.", e7);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* JADX WARN: Code restructure failed: missing block: B:67:0x0126, code lost:
    
        return;
     */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public static void a(org.bouncycastle.asn1.x509.v r20, org.bouncycastle.jcajce.k r21, java.util.Date r22, java.util.Date r23, java.security.cert.X509Certificate r24, java.security.cert.X509Certificate r25, java.security.PublicKey r26, org.bouncycastle.pkix.jcajce.a r27, org.bouncycastle.pkix.jcajce.e r28, java.util.List r29, org.bouncycastle.jcajce.util.d r30) throws org.bouncycastle.pkix.jcajce.AnnotatedException, org.bouncycastle.pkix.jcajce.CRLNotFoundException {
        /*
            Method dump skipped, instructions count: 304
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: org.bouncycastle.pkix.jcajce.d.a(org.bouncycastle.asn1.x509.v, org.bouncycastle.jcajce.k, java.util.Date, java.util.Date, java.security.cert.X509Certificate, java.security.cert.X509Certificate, java.security.PublicKey, org.bouncycastle.pkix.jcajce.a, org.bouncycastle.pkix.jcajce.e, java.util.List, org.bouncycastle.jcajce.util.d):void");
    }

    protected static Set[] a(k kVar, Date date, Date date2, X509Certificate x509Certificate, X509CRL x509crl) throws AnnotatedException {
        X509CRLSelector x509CRLSelector = new X509CRLSelector();
        x509CRLSelector.setCertificateChecking(x509Certificate);
        try {
            x509CRLSelector.addIssuerName(x509crl.getIssuerX500Principal().getEncoded());
            Set a2 = c.a(new e.a(x509CRLSelector).a(true).a(), date2, kVar.i(), kVar.g);
            HashSet hashSet = new HashSet();
            if (kVar.j) {
                try {
                    hashSet.addAll(f.a(date2, x509crl, kVar.i(), kVar.g));
                } catch (AnnotatedException e2) {
                    throw new AnnotatedException("Exception obtaining delta CRLs.", e2);
                }
            }
            return new Set[]{a2, hashSet};
        } catch (IOException e3) {
            throw new AnnotatedException("Cannot extract issuer from CRL." + e3, e3);
        }
    }

    protected static void b(v vVar, Object obj, X509CRL x509crl) throws AnnotatedException {
        u a2 = f.a(x509crl, y.m);
        int i = 0;
        boolean z = a2 != null && ai.a(a2).f112467e;
        byte[] encoded = x509crl.getIssuerX500Principal().getEncoded();
        if (vVar.f112648c != null) {
            ab[] a3 = vVar.f112648c.a();
            int i2 = 0;
            while (i < a3.length) {
                if (a3[i].f112446b == 4) {
                    try {
                        if (org.bouncycastle.util.a.a(a3[i].f112445a.j().getEncoded(), encoded)) {
                            i2 = 1;
                        }
                    } catch (IOException e2) {
                        throw new AnnotatedException("CRL issuer information from distribution point cannot be decoded.", e2);
                    }
                }
                i++;
            }
            if (i2 != 0 && !z) {
                throw new AnnotatedException("Distribution point contains cRLIssuer field but CRL is not indirect.");
            }
            if (i2 == 0) {
                throw new AnnotatedException("CRL issuer of CRL does not match CRL issuer of distribution point.");
            }
            i = i2;
        } else if (x509crl.getIssuerX500Principal().equals(((X509Certificate) obj).getIssuerX500Principal())) {
            i = 1;
        }
        if (i == 0) {
            throw new AnnotatedException("Cannot find matching CRL issuer for certificate.");
        }
    }
}
