package org.spongycastle.jce.provider;

import g40.l;
import g40.m;
import g40.o;
import g40.p;
import h60.g;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.math.BigInteger;
import java.security.GeneralSecurityException;
import java.security.PublicKey;
import java.security.cert.CRL;
import java.security.cert.CRLException;
import java.security.cert.CertPath;
import java.security.cert.CertPathValidatorException;
import java.security.cert.CertStore;
import java.security.cert.CertStoreException;
import java.security.cert.Certificate;
import java.security.cert.CertificateParsingException;
import java.security.cert.PolicyQualifierInfo;
import java.security.cert.TrustAnchor;
import java.security.cert.X509CRL;
import java.security.cert.X509CRLEntry;
import java.security.cert.X509CRLSelector;
import java.security.cert.X509CertSelector;
import java.security.cert.X509Certificate;
import java.security.cert.X509Extension;
import java.security.interfaces.DSAParams;
import java.security.interfaces.DSAPublicKey;
import java.security.spec.DSAPublicKeySpec;
import java.text.ParseException;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Collections;
import java.util.Date;
import java.util.Enumeration;
import java.util.HashSet;
import java.util.Iterator;
import java.util.LinkedHashSet;
import java.util.List;
import java.util.Map;
import java.util.Set;
import javax.security.auth.x500.X500Principal;
import k50.h;
import org.spongycastle.asn1.e0;
import org.spongycastle.asn1.j;
import y40.g;
import y40.i;
import y40.k;

/* loaded from: classes4.dex */
public class a {

    /* renamed from: a, reason: collision with root package name */
    public static final b f19935a = new b();

    /* renamed from: b, reason: collision with root package name */
    public static final String f19936b;

    /* renamed from: c, reason: collision with root package name */
    public static final String f19937c;

    /* renamed from: d, reason: collision with root package name */
    public static final String f19938d;

    static {
        org.spongycastle.asn1.x509.a.f19550l.z();
        org.spongycastle.asn1.x509.a.f19542d.z();
        org.spongycastle.asn1.x509.a.f19551m.z();
        org.spongycastle.asn1.x509.a.f19540b.z();
        org.spongycastle.asn1.x509.a.f19548j.z();
        org.spongycastle.asn1.x509.a.f19539a.z();
        org.spongycastle.asn1.x509.a.f19556r.z();
        f19936b = org.spongycastle.asn1.x509.a.f19546h.z();
        org.spongycastle.asn1.x509.a.f19545g.z();
        org.spongycastle.asn1.x509.a.f19553o.z();
        org.spongycastle.asn1.x509.a.f19555q.z();
        org.spongycastle.asn1.x509.a.f19549k.z();
        f19937c = org.spongycastle.asn1.x509.a.f19552n.z();
        f19938d = org.spongycastle.asn1.x509.a.f19543e.z();
    }

    public static void a(Set set, Object obj) throws k50.a {
        if (set.isEmpty()) {
            if (obj instanceof org.spongycastle.x509.c) {
                new StringBuilder().append("No CRLs found for issuer \"");
                ((org.spongycastle.x509.c) obj).f();
                throw null;
            }
            throw new k50.a("No CRLs found for issuer \"" + f40.b.T.e(h.d((X509Certificate) obj)) + "\"");
        }
    }

    public static Collection b(i iVar, List list) throws k50.a {
        LinkedHashSet linkedHashSet = new LinkedHashSet();
        for (Object obj : list) {
            if (obj instanceof org.spongycastle.util.a) {
                try {
                    linkedHashSet.addAll(((org.spongycastle.util.a) obj).a(iVar));
                } catch (g e11) {
                    throw new k50.a("Problem while picking certificates from X.509 store.", e11);
                }
            } else {
                try {
                    linkedHashSet.addAll(i.c(iVar, (CertStore) obj));
                } catch (CertStoreException e12) {
                    throw new k50.a("Problem while picking certificates from certificate store.", e12);
                }
            }
        }
        return linkedHashSet;
    }

    public static Collection c(X509Certificate x509Certificate, List<CertStore> list, List<y40.h> list2) throws k50.a {
        byte[] m11;
        X509CertSelector x509CertSelector = new X509CertSelector();
        try {
            x509CertSelector.setSubject(h.d(x509Certificate).j());
            try {
                byte[] extensionValue = x509Certificate.getExtensionValue(f19937c);
                if (extensionValue != null && (m11 = g40.c.l(g30.d.w(extensionValue).x()).m()) != null) {
                    x509CertSelector.setSubjectKeyIdentifier(new e0(m11).j());
                }
            } catch (Exception unused) {
            }
            i<? extends Certificate> a11 = new i.b(x509CertSelector).a();
            LinkedHashSet linkedHashSet = new LinkedHashSet();
            try {
                ArrayList arrayList = new ArrayList();
                arrayList.addAll(b(a11, list));
                arrayList.addAll(b(a11, list2));
                Iterator it2 = arrayList.iterator();
                while (it2.hasNext()) {
                    linkedHashSet.add((X509Certificate) it2.next());
                }
                return linkedHashSet;
            } catch (k50.a e11) {
                throw new k50.a("Issuer certificate cannot be searched.", e11);
            }
        } catch (IOException e12) {
            throw new k50.a("Subject criteria for certificate selector to find issuer certificate could not be set.", e12);
        }
    }

    public static TrustAnchor d(X509Certificate x509Certificate, Set set, String str) throws k50.a {
        X509CertSelector x509CertSelector = new X509CertSelector();
        e40.c b11 = h.b(x509Certificate);
        try {
            x509CertSelector.setSubject(b11.j());
            Iterator it2 = set.iterator();
            TrustAnchor trustAnchor = null;
            Exception e11 = null;
            PublicKey publicKey = null;
            while (it2.hasNext() && trustAnchor == null) {
                trustAnchor = (TrustAnchor) it2.next();
                if (trustAnchor.getTrustedCert() != null) {
                    if (x509CertSelector.match(trustAnchor.getTrustedCert())) {
                        publicKey = trustAnchor.getTrustedCert().getPublicKey();
                    }
                    trustAnchor = null;
                } else {
                    if (trustAnchor.getCAName() != null && trustAnchor.getCAPublicKey() != null) {
                        try {
                            if (b11.equals(h.a(trustAnchor))) {
                                publicKey = trustAnchor.getCAPublicKey();
                            }
                        } catch (IllegalArgumentException unused) {
                        }
                    }
                    trustAnchor = null;
                }
                if (publicKey != null) {
                    try {
                        z(x509Certificate, publicKey, str);
                    } catch (Exception e12) {
                        e11 = e12;
                        trustAnchor = null;
                        publicKey = null;
                    }
                }
            }
            if (trustAnchor != null || e11 == null) {
                return trustAnchor;
            }
            throw new k50.a("TrustAnchor found but certificate validation failed.", e11);
        } catch (IOException e13) {
            throw new k50.a("Cannot set subject search criteria for trust anchor.", e13);
        }
    }

    public static List<y40.h> e(byte[] bArr, Map<o, y40.h> map) throws CertificateParsingException {
        if (bArr == null) {
            return Collections.EMPTY_LIST;
        }
        o[] n4 = p.m(g30.d.w(bArr).x()).n();
        ArrayList arrayList = new ArrayList();
        for (int i11 = 0; i11 != n4.length; i11++) {
            y40.h hVar = map.get(n4[i11]);
            if (hVar != null) {
                arrayList.add(hVar);
            }
        }
        return arrayList;
    }

    public static List<y40.f> f(g40.e eVar, Map<o, y40.f> map) throws k50.a {
        if (eVar == null) {
            return Collections.EMPTY_LIST;
        }
        try {
            l[] l11 = eVar.l();
            ArrayList arrayList = new ArrayList();
            for (l lVar : l11) {
                m n4 = lVar.n();
                if (n4 != null && n4.p() == 0) {
                    for (o oVar : p.m(n4.o()).n()) {
                        y40.f fVar = map.get(oVar);
                        if (fVar != null) {
                            arrayList.add(fVar);
                        }
                    }
                }
            }
            return arrayList;
        } catch (Exception e11) {
            throw new k50.a("Distribution points could not be read.", e11);
        }
    }

    public static g40.a g(PublicKey publicKey) throws CertPathValidatorException {
        try {
            return org.spongycastle.asn1.x509.b.n(new org.spongycastle.asn1.f(publicKey.getEncoded()).q()).l();
        } catch (Exception e11) {
            throw new i50.b("Subject public key cannot be decoded.", e11);
        }
    }

    public static void h(l lVar, Collection collection, X509CRLSelector x509CRLSelector) throws k50.a {
        ArrayList arrayList = new ArrayList();
        if (lVar.m() != null) {
            o[] n4 = lVar.m().n();
            for (int i11 = 0; i11 < n4.length; i11++) {
                if (n4[i11].p() == 4) {
                    try {
                        arrayList.add(e40.c.n(n4[i11].o().g().j()));
                    } catch (IOException e11) {
                        throw new k50.a("CRL issuer information from distribution point cannot be decoded.", e11);
                    }
                }
            }
        } else {
            if (lVar.n() == null) {
                throw new k50.a("CRL issuer is omitted from distribution point but no distributionPoint field present.");
            }
            Iterator it2 = collection.iterator();
            while (it2.hasNext()) {
                arrayList.add(it2.next());
            }
        }
        Iterator it3 = arrayList.iterator();
        while (it3.hasNext()) {
            try {
                x509CRLSelector.addIssuerName(((e40.c) it3.next()).j());
            } catch (IOException e12) {
                throw new k50.a("Cannot decode CRL issuer information.", e12);
            }
        }
    }

    public static void i(Date date, X509CRL x509crl, Object obj, k50.c cVar) throws k50.a {
        X509CRLEntry revokedCertificate;
        try {
            if (f.e(x509crl)) {
                revokedCertificate = x509crl.getRevokedCertificate(p(obj));
                if (revokedCertificate == null) {
                    return;
                }
                X500Principal certificateIssuer = revokedCertificate.getCertificateIssuer();
                if (!h.b(obj).equals(certificateIssuer == null ? h.c(x509crl) : e40.c.n(certificateIssuer.getEncoded()))) {
                    return;
                }
            } else if (!h.b(obj).equals(h.c(x509crl)) || (revokedCertificate = x509crl.getRevokedCertificate(p(obj))) == null) {
                return;
            }
            org.spongycastle.asn1.d dVar = null;
            if (revokedCertificate.hasExtensions()) {
                try {
                    dVar = org.spongycastle.asn1.d.w(l(revokedCertificate, org.spongycastle.asn1.x509.a.f19544f.z()));
                } catch (Exception e11) {
                    throw new k50.a("Reason code CRL entry extension could not be decoded.", e11);
                }
            }
            if (date.getTime() >= revokedCertificate.getRevocationDate().getTime() || dVar == null || dVar.x().intValue() == 0 || dVar.x().intValue() == 1 || dVar.x().intValue() == 2 || dVar.x().intValue() == 8) {
                if (dVar != null) {
                    cVar.c(dVar.x().intValue());
                } else {
                    cVar.c(0);
                }
                cVar.d(revokedCertificate.getRevocationDate());
            }
        } catch (CRLException e12) {
            throw new k50.a("Failed check for indirect CRL.", e12);
        }
    }

    public static Set j(l lVar, Object obj, Date date, k kVar) throws k50.a {
        X509CRLSelector x509CRLSelector = new X509CRLSelector();
        try {
            HashSet hashSet = new HashSet();
            hashSet.add(h.b(obj));
            h(lVar, hashSet, x509CRLSelector);
            if (obj instanceof X509Certificate) {
                x509CRLSelector.setCertificateChecking((X509Certificate) obj);
            }
            y40.g<? extends CRL> g11 = new g.b(x509CRLSelector).h(true).g();
            if (kVar.r() != null) {
                date = kVar.r();
            }
            Set b11 = f19935a.b(g11, date, kVar.o(), kVar.m());
            a(b11, obj);
            return b11;
        } catch (k50.a e11) {
            throw new k50.a("Could not get issuer information from distribution point.", e11);
        }
    }

    public static Set k(Date date, X509CRL x509crl, List<CertStore> list, List<y40.f> list2) throws k50.a {
        X509CRLSelector x509CRLSelector = new X509CRLSelector();
        try {
            x509CRLSelector.addIssuerName(h.c(x509crl).j());
            try {
                j l11 = l(x509crl, f19938d);
                BigInteger x11 = l11 != null ? org.spongycastle.asn1.g.w(l11).x() : null;
                try {
                    byte[] extensionValue = x509crl.getExtensionValue(f19936b);
                    x509CRLSelector.setMinCRLNumber(x11 != null ? x11.add(BigInteger.valueOf(1L)) : null);
                    g.b bVar = new g.b(x509CRLSelector);
                    bVar.i(extensionValue);
                    bVar.j(true);
                    bVar.k(x11);
                    Set<X509CRL> b11 = f19935a.b(bVar.g(), date, list, list2);
                    HashSet hashSet = new HashSet();
                    for (X509CRL x509crl2 : b11) {
                        if (t(x509crl2)) {
                            hashSet.add(x509crl2);
                        }
                    }
                    return hashSet;
                } catch (Exception e11) {
                    throw new k50.a("Issuing distribution point extension value could not be read.", e11);
                }
            } catch (Exception e12) {
                throw new k50.a("CRL number extension could not be extracted from CRL.", e12);
            }
        } catch (IOException e13) {
            throw new k50.a("Cannot extract issuer from CRL.", e13);
        }
    }

    public static j l(X509Extension x509Extension, String str) throws k50.a {
        byte[] extensionValue = x509Extension.getExtensionValue(str);
        if (extensionValue == null) {
            return null;
        }
        return n(str, extensionValue);
    }

    public static PublicKey m(List list, int i11, org.spongycastle.jcajce.util.a aVar) throws CertPathValidatorException {
        DSAPublicKey dSAPublicKey;
        PublicKey publicKey = ((Certificate) list.get(i11)).getPublicKey();
        if (!(publicKey instanceof DSAPublicKey)) {
            return publicKey;
        }
        DSAPublicKey dSAPublicKey2 = (DSAPublicKey) publicKey;
        if (dSAPublicKey2.getParams() != null) {
            return dSAPublicKey2;
        }
        do {
            i11++;
            if (i11 >= list.size()) {
                throw new CertPathValidatorException("DSA parameters cannot be inherited from previous certificate.");
            }
            PublicKey publicKey2 = ((X509Certificate) list.get(i11)).getPublicKey();
            if (!(publicKey2 instanceof DSAPublicKey)) {
                throw new CertPathValidatorException("DSA parameters cannot be inherited from previous certificate.");
            }
            dSAPublicKey = (DSAPublicKey) publicKey2;
        } while (dSAPublicKey.getParams() == null);
        DSAParams params = dSAPublicKey.getParams();
        try {
            return aVar.e("DSA").generatePublic(new DSAPublicKeySpec(dSAPublicKey2.getY(), params.getP(), params.getQ(), params.getG()));
        } catch (Exception e11) {
            throw new RuntimeException(e11.getMessage());
        }
    }

    public static j n(String str, byte[] bArr) throws k50.a {
        try {
            return new org.spongycastle.asn1.f(((g30.d) new org.spongycastle.asn1.f(bArr).q()).x()).q();
        } catch (Exception e11) {
            throw new k50.a("exception processing extension " + str, e11);
        }
    }

    public static final Set o(g30.g gVar) throws CertPathValidatorException {
        HashSet hashSet = new HashSet();
        if (gVar == null) {
            return hashSet;
        }
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        org.spongycastle.asn1.i iVar = new org.spongycastle.asn1.i(byteArrayOutputStream);
        Enumeration z11 = gVar.z();
        while (z11.hasMoreElements()) {
            try {
                iVar.j((g30.b) z11.nextElement());
                hashSet.add(new PolicyQualifierInfo(byteArrayOutputStream.toByteArray()));
                byteArrayOutputStream.reset();
            } catch (IOException e11) {
                throw new i50.b("Policy qualifier info cannot be decoded.", e11);
            }
        }
        return hashSet;
    }

    public static BigInteger p(Object obj) {
        return ((X509Certificate) obj).getSerialNumber();
    }

    public static Date q(k kVar, CertPath certPath, int i11) throws k50.a {
        if (kVar.A() == 1 && i11 > 0) {
            int i12 = i11 - 1;
            if (i12 != 0) {
                return ((X509Certificate) certPath.getCertificates().get(i12)).getNotBefore();
            }
            try {
                byte[] extensionValue = ((X509Certificate) certPath.getCertificates().get(i12)).getExtensionValue(s30.a.f21574d.z());
                org.spongycastle.asn1.e y11 = extensionValue != null ? org.spongycastle.asn1.e.y(j.o(extensionValue)) : null;
                if (y11 == null) {
                    return ((X509Certificate) certPath.getCertificates().get(i12)).getNotBefore();
                }
                try {
                    return y11.x();
                } catch (ParseException e11) {
                    throw new k50.a("Date from date of cert gen extension could not be parsed.", e11);
                }
            } catch (IOException unused) {
                throw new k50.a("Date of cert gen extension could not be read.");
            } catch (IllegalArgumentException unused2) {
                throw new k50.a("Date of cert gen extension could not be read.");
            }
        }
        return r(kVar);
    }

    public static Date r(k kVar) {
        Date r11 = kVar.r();
        return r11 == null ? new Date() : r11;
    }

    public static boolean s(Set set) {
        return set == null || set.contains("2.5.29.32.0") || set.isEmpty();
    }

    public static boolean t(X509CRL x509crl) {
        Set<String> criticalExtensionOIDs = x509crl.getCriticalExtensionOIDs();
        if (criticalExtensionOIDs == null) {
            return false;
        }
        return criticalExtensionOIDs.contains(c.f19943e);
    }

    public static boolean u(X509Certificate x509Certificate) {
        return x509Certificate.getSubjectDN().equals(x509Certificate.getIssuerDN());
    }

    public static boolean v(int i11, List[] listArr, org.spongycastle.asn1.h hVar, Set set) {
        List list = listArr[i11 - 1];
        for (int i12 = 0; i12 < list.size(); i12++) {
            k50.g gVar = (k50.g) list.get(i12);
            if (gVar.getExpectedPolicies().contains(hVar.z())) {
                HashSet hashSet = new HashSet();
                hashSet.add(hVar.z());
                k50.g gVar2 = new k50.g(new ArrayList(), i11, hashSet, gVar, set, hVar.z(), false);
                gVar.a(gVar2);
                listArr[i11].add(gVar2);
                return true;
            }
        }
        return false;
    }

    public static void w(int i11, List[] listArr, org.spongycastle.asn1.h hVar, Set set) {
        List list = listArr[i11 - 1];
        for (int i12 = 0; i12 < list.size(); i12++) {
            k50.g gVar = (k50.g) list.get(i12);
            if ("2.5.29.32.0".equals(gVar.getValidPolicy())) {
                HashSet hashSet = new HashSet();
                hashSet.add(hVar.z());
                k50.g gVar2 = new k50.g(new ArrayList(), i11, hashSet, gVar, set, hVar.z(), false);
                gVar.a(gVar2);
                listArr[i11].add(gVar2);
                return;
            }
        }
    }

    public static k50.g x(k50.g gVar, List[] listArr, k50.g gVar2) {
        k50.g gVar3 = (k50.g) gVar2.getParent();
        if (gVar == null) {
            return null;
        }
        if (gVar3 != null) {
            gVar3.d(gVar2);
            y(listArr, gVar2);
            return gVar;
        }
        for (int i11 = 0; i11 < listArr.length; i11++) {
            listArr[i11] = new ArrayList();
        }
        return null;
    }

    public static void y(List[] listArr, k50.g gVar) {
        listArr[gVar.getDepth()].remove(gVar);
        if (gVar.c()) {
            Iterator children = gVar.getChildren();
            while (children.hasNext()) {
                y(listArr, (k50.g) children.next());
            }
        }
    }

    public static void z(X509Certificate x509Certificate, PublicKey publicKey, String str) throws GeneralSecurityException {
        if (str == null) {
            x509Certificate.verify(publicKey);
        } else {
            x509Certificate.verify(publicKey, str);
        }
    }
}
