package org.symbouncycastle.jce.provider;

import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.math.BigInteger;
import java.security.KeyFactory;
import java.security.PublicKey;
import java.security.cert.CertPath;
import java.security.cert.CertPathValidatorException;
import java.security.cert.CertStore;
import java.security.cert.CertStoreException;
import java.security.cert.Certificate;
import java.security.cert.PKIXParameters;
import java.security.cert.PolicyQualifierInfo;
import java.security.cert.TrustAnchor;
import java.security.cert.X509CRL;
import java.security.cert.X509CRLSelector;
import java.security.cert.X509CertSelector;
import java.security.cert.X509Certificate;
import java.security.cert.X509Extension;
import java.security.interfaces.DSAParams;
import java.security.interfaces.DSAPublicKey;
import java.security.spec.DSAPublicKeySpec;
import java.text.ParseException;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Date;
import java.util.Enumeration;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Set;
import javax.security.auth.x500.X500Principal;
import org.symbouncycastle.a.aa;
import org.symbouncycastle.a.ae;
import org.symbouncycastle.a.aw;
import org.symbouncycastle.a.az;
import org.symbouncycastle.a.bb;
import org.symbouncycastle.a.bo;
import org.symbouncycastle.a.bp;
import org.symbouncycastle.a.bv;
import org.symbouncycastle.a.c.aj;
import org.symbouncycastle.a.c.ap;

/* loaded from: classes.dex */
public final class l {
    private static v a = new v();
    private static String b = org.symbouncycastle.a.c.d.k.d();
    private static String c = org.symbouncycastle.a.c.d.c.d();
    private static String d = org.symbouncycastle.a.c.d.l.d();
    private static String e = org.symbouncycastle.a.c.d.b.d();
    private static String f = org.symbouncycastle.a.c.d.i.d();
    private static String g = org.symbouncycastle.a.c.d.a.d();
    private static String h = org.symbouncycastle.a.c.d.p.d();
    private static String i = org.symbouncycastle.a.c.d.g.d();
    private static String j = org.symbouncycastle.a.c.d.f.d();
    private static String k = org.symbouncycastle.a.c.d.n.d();
    private static String l = org.symbouncycastle.a.c.d.o.d();
    private static String m = org.symbouncycastle.a.c.d.j.d();
    private static String n = org.symbouncycastle.a.c.d.m.d();
    private static String o = org.symbouncycastle.a.c.d.d.d();
    private static String[] p = {"unspecified", "keyCompromise", "cACompromise", "affiliationChanged", "superseded", "cessationOfOperation", "certificateHold", "unknown", "removeFromCRL", "privilegeWithdrawn", "aACompromise"};

    /* JADX INFO: Access modifiers changed from: protected */
    public static PublicKey a(List list, int i2) {
        PublicKey publicKey = ((Certificate) list.get(i2)).getPublicKey();
        if (!(publicKey instanceof DSAPublicKey)) {
            return publicKey;
        }
        DSAPublicKey dSAPublicKey = (DSAPublicKey) publicKey;
        if (dSAPublicKey.getParams() != null) {
            return dSAPublicKey;
        }
        int i3 = i2 + 1;
        while (true) {
            int i4 = i3;
            if (i4 >= list.size()) {
                throw new CertPathValidatorException("DSA parameters cannot be inherited from previous certificate.");
            }
            PublicKey publicKey2 = ((X509Certificate) list.get(i4)).getPublicKey();
            if (!(publicKey2 instanceof DSAPublicKey)) {
                throw new CertPathValidatorException("DSA parameters cannot be inherited from previous certificate.");
            }
            DSAPublicKey dSAPublicKey2 = (DSAPublicKey) publicKey2;
            if (dSAPublicKey2.getParams() != null) {
                DSAParams params = dSAPublicKey2.getParams();
                try {
                    return KeyFactory.getInstance("DSA", c.a).generatePublic(new DSAPublicKeySpec(dSAPublicKey.getY(), params.getP(), params.getQ(), params.getG()));
                } catch (Exception e2) {
                    throw new RuntimeException(e2.getMessage());
                }
            }
            i3 = i4 + 1;
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static TrustAnchor a(X509Certificate x509Certificate, Set set, String str) {
        PublicKey publicKey;
        TrustAnchor trustAnchor;
        X509CertSelector x509CertSelector = new X509CertSelector();
        X500Principal a2 = a((Object) x509Certificate);
        try {
            x509CertSelector.setSubject(a2.getEncoded());
            Iterator it = set.iterator();
            Exception e2 = null;
            PublicKey publicKey2 = null;
            TrustAnchor trustAnchor2 = null;
            while (it.hasNext() && trustAnchor2 == null) {
                TrustAnchor trustAnchor3 = (TrustAnchor) it.next();
                if (trustAnchor3.getTrustedCert() == null) {
                    if (trustAnchor3.getCAName() != null && trustAnchor3.getCAPublicKey() != null) {
                        try {
                            if (a2.equals(new X500Principal(trustAnchor3.getCAName()))) {
                                trustAnchor = trustAnchor3;
                                publicKey = trustAnchor3.getCAPublicKey();
                            } else {
                                publicKey = publicKey2;
                                trustAnchor = null;
                            }
                        } catch (IllegalArgumentException e3) {
                        }
                    }
                    publicKey = publicKey2;
                    trustAnchor = null;
                } else if (x509CertSelector.match(trustAnchor3.getTrustedCert())) {
                    trustAnchor = trustAnchor3;
                    publicKey = trustAnchor3.getTrustedCert().getPublicKey();
                } else {
                    publicKey = publicKey2;
                    trustAnchor = null;
                }
                if (publicKey != null) {
                    try {
                        a(x509Certificate, publicKey, str);
                        PublicKey publicKey3 = publicKey;
                        trustAnchor2 = trustAnchor;
                        publicKey2 = publicKey3;
                    } catch (Exception e4) {
                        e2 = e4;
                        publicKey2 = publicKey;
                        trustAnchor2 = null;
                    }
                } else {
                    PublicKey publicKey4 = publicKey;
                    trustAnchor2 = trustAnchor;
                    publicKey2 = publicKey4;
                }
            }
            if (trustAnchor2 != null || e2 == null) {
                return trustAnchor2;
            }
            throw new m("TrustAnchor found but certificate validation failed.", e2);
        } catch (IOException e5) {
            throw new m("Cannot set subject search criteria for trust anchor.", e5);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static Collection a(X509Certificate x509Certificate, org.symbouncycastle.c.l lVar) {
        org.symbouncycastle.c.h hVar = new org.symbouncycastle.c.h();
        HashSet hashSet = new HashSet();
        try {
            hVar.setSubject(x509Certificate.getIssuerX500Principal().getEncoded());
            try {
                ArrayList arrayList = new ArrayList();
                arrayList.addAll(a(hVar, lVar.getCertStores()));
                arrayList.addAll(a(hVar, lVar.f()));
                arrayList.addAll(a(hVar, lVar.e()));
                Iterator it = arrayList.iterator();
                while (it.hasNext()) {
                    hashSet.add((X509Certificate) it.next());
                }
                return hashSet;
            } catch (m e2) {
                throw new m("Issuer certificate cannot be searched.", e2);
            }
        } catch (IOException e3) {
            throw new m("Subject criteria for certificate selector to find issuer certificate could not be set.", e3);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static Collection a(org.symbouncycastle.c.h hVar, List list) {
        HashSet hashSet = new HashSet();
        for (Object obj : list) {
            if (obj instanceof org.symbouncycastle.c.j) {
                try {
                    hashSet.addAll(((org.symbouncycastle.c.j) obj).a(hVar));
                } catch (org.symbouncycastle.e.e e2) {
                    throw new m("Problem while picking certificates from X.509 store.", e2);
                }
            } else {
                try {
                    hashSet.addAll(((CertStore) obj).getCertificates(hVar));
                } catch (CertStoreException e3) {
                    throw new m("Problem while picking certificates from certificate store.", e3);
                }
            }
        }
        return hashSet;
    }

    private static Date a(PKIXParameters pKIXParameters) {
        Date date = pKIXParameters.getDate();
        return date == null ? new Date() : date;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static Date a(org.symbouncycastle.c.m mVar, CertPath certPath, int i2) {
        if (mVar.d() == 1 && i2 > 0) {
            if (i2 - 1 != 0) {
                return ((X509Certificate) certPath.getCertificates().get(i2 - 1)).getNotBefore();
            }
            aw awVar = null;
            try {
                byte[] extensionValue = ((X509Certificate) certPath.getCertificates().get(i2 - 1)).getExtensionValue(org.symbouncycastle.a.o.a.a.d());
                if (extensionValue != null) {
                    aa b2 = aa.b(extensionValue);
                    if (b2 != null && !(b2 instanceof aw)) {
                        throw new IllegalArgumentException("illegal object in getInstance: " + b2.getClass().getName());
                    }
                    awVar = (aw) b2;
                }
                if (awVar == null) {
                    return ((X509Certificate) certPath.getCertificates().get(i2 - 1)).getNotBefore();
                }
                try {
                    return awVar.e();
                } catch (ParseException e2) {
                    throw new m("Date from date of cert gen extension could not be parsed.", e2);
                }
            } catch (IOException e3) {
                throw new m("Date of cert gen extension could not be read.");
            } catch (IllegalArgumentException e4) {
                throw new m("Date of cert gen extension could not be read.");
            }
        }
        return a((PKIXParameters) mVar);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static Set a(Date date, org.symbouncycastle.c.m mVar, X509CRL x509crl) {
        org.symbouncycastle.c.f fVar = new org.symbouncycastle.c.f();
        try {
            fVar.addIssuerName(x509crl.getIssuerX500Principal().getEncoded());
        } catch (IOException e2) {
            new m("Cannot extract issuer from CRL.", e2);
        }
        try {
            bp a2 = a(x509crl, o);
            BigInteger e3 = a2 != null ? org.symbouncycastle.a.c.a.a((Object) a2).e() : null;
            try {
                byte[] extensionValue = x509crl.getExtensionValue(i);
                fVar.setMinCRLNumber(e3 == null ? null : e3.add(BigInteger.valueOf(1L)));
                fVar.a(extensionValue);
                fVar.a(true);
                fVar.a(e3);
                Set<X509CRL> a3 = v.a(fVar, mVar, date);
                HashSet hashSet = new HashSet();
                for (X509CRL x509crl2 : a3) {
                    if (x509crl2.getCriticalExtensionOIDs().contains(p.e)) {
                        hashSet.add(x509crl2);
                    }
                }
                return hashSet;
            } catch (Exception e4) {
                throw new m("Issuing distribution point extension value could not be read.", e4);
            }
        } catch (Exception e5) {
            throw new m("CRL number extension could not be extracted from CRL.", e5);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static final Set a(az azVar) {
        HashSet hashSet = new HashSet();
        if (azVar != null) {
            ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
            org.symbouncycastle.a.f fVar = new org.symbouncycastle.a.f(byteArrayOutputStream);
            Enumeration d2 = azVar.d();
            while (d2.hasMoreElements()) {
                try {
                    fVar.a(d2.nextElement());
                    hashSet.add(new PolicyQualifierInfo(byteArrayOutputStream.toByteArray()));
                    byteArrayOutputStream.reset();
                } catch (IOException e2) {
                    throw new org.symbouncycastle.jce.c.a("Policy qualifier info cannot be decoded.", e2);
                }
            }
        }
        return hashSet;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static Set a(org.symbouncycastle.a.c.t tVar, Object obj, Date date, org.symbouncycastle.c.m mVar) {
        org.symbouncycastle.c.f fVar = new org.symbouncycastle.c.f();
        try {
            HashSet hashSet = new HashSet();
            if (obj instanceof org.symbouncycastle.c.e) {
                hashSet.add(((org.symbouncycastle.c.e) obj).b().a()[0]);
            } else {
                hashSet.add(a(obj));
            }
            a(tVar, hashSet, fVar, mVar);
        } catch (m e2) {
            new m("Could not get issuer information from distribution point.", e2);
        }
        if (obj instanceof X509Certificate) {
            fVar.setCertificateChecking((X509Certificate) obj);
        } else if (obj instanceof org.symbouncycastle.c.e) {
            fVar.a((org.symbouncycastle.c.e) obj);
        }
        fVar.b(true);
        Set a2 = v.a(fVar, mVar, date);
        if (!a2.isEmpty()) {
            return a2;
        }
        if (obj instanceof org.symbouncycastle.c.e) {
            throw new m("No CRLs found for issuer \"" + ((org.symbouncycastle.c.e) obj).b().a()[0] + "\"");
        }
        throw new m("No CRLs found for issuer \"" + ((X509Certificate) obj).getIssuerX500Principal() + "\"");
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static X500Principal a(Object obj) {
        return obj instanceof X509Certificate ? ((X509Certificate) obj).getIssuerX500Principal() : (X500Principal) ((org.symbouncycastle.c.e) obj).b().a()[0];
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static X500Principal a(X509CRL x509crl) {
        return x509crl.getIssuerX500Principal();
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static X500Principal a(X509Certificate x509Certificate) {
        return x509Certificate.getSubjectX500Principal();
    }

    private static bp a(String str, byte[] bArr) {
        try {
            return new bv(((bb) new bv(bArr).a()).c_()).a();
        } catch (Exception e2) {
            throw new m("exception processing extension " + str, e2);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static bp a(X509Extension x509Extension, String str) {
        byte[] extensionValue = x509Extension.getExtensionValue(str);
        if (extensionValue == null) {
            return null;
        }
        return a(str, extensionValue);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static org.symbouncycastle.a.c.e a(PublicKey publicKey) {
        try {
            return org.symbouncycastle.a.c.q.a(new bv(publicKey.getEncoded()).a()).a();
        } catch (Exception e2) {
            throw new org.symbouncycastle.jce.c.a("Subject public key cannot be decoded.", e2);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static t a(t tVar, List[] listArr, t tVar2) {
        t tVar3 = (t) tVar2.getParent();
        if (tVar == null) {
            return null;
        }
        if (tVar3 != null) {
            tVar3.b(tVar2);
            a(listArr, tVar2);
            return tVar;
        }
        for (int i2 = 0; i2 < listArr.length; i2++) {
            listArr[i2] = new ArrayList();
        }
        return null;
    }

    private static void a(String str, org.symbouncycastle.c.m mVar) {
        String str2;
        String str3;
        if (mVar.g()) {
            try {
                if (str.startsWith("ldap://")) {
                    String substring = str.substring(7);
                    if (substring.indexOf("/") != -1) {
                        String substring2 = substring.substring(substring.indexOf("/"));
                        str2 = "ldap://" + substring.substring(0, substring.indexOf("/"));
                        str3 = substring2;
                    } else {
                        str2 = "ldap://" + substring;
                        str3 = null;
                    }
                    org.symbouncycastle.jce.a a2 = new org.symbouncycastle.jce.g(str2, str3).a();
                    mVar.a(org.symbouncycastle.c.j.a("CERTIFICATE/LDAP", a2, c.a));
                    mVar.a(org.symbouncycastle.c.j.a("CRL/LDAP", a2, c.a));
                    mVar.a(org.symbouncycastle.c.j.a("ATTRIBUTECERTIFICATE/LDAP", a2, c.a));
                    mVar.a(org.symbouncycastle.c.j.a("CERTIFICATEPAIR/LDAP", a2, c.a));
                }
            } catch (Exception e2) {
                throw new RuntimeException("Exception adding X.509 stores.");
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static void a(X509Certificate x509Certificate, PublicKey publicKey, String str) {
        if (str == null) {
            x509Certificate.verify(publicKey);
        } else {
            x509Certificate.verify(publicKey, str);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static void a(X509Certificate x509Certificate, org.symbouncycastle.c.m mVar) {
        if (x509Certificate.getIssuerAlternativeNames() != null) {
            for (List<?> list : x509Certificate.getIssuerAlternativeNames()) {
                if (list.get(0).equals(new Integer(6))) {
                    a((String) list.get(1), mVar);
                }
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static void a(Date date, X509CRL x509crl, Object obj, y yVar) {
        try {
            k kVar = (k) new b(new aj((az) az.b(x509crl.getEncoded()))).getRevokedCertificate(obj instanceof X509Certificate ? ((X509Certificate) obj).getSerialNumber() : ((org.symbouncycastle.c.e) obj).a());
            if (kVar != null) {
                if (a(obj).equals(kVar.getCertificateIssuer()) || a(obj).equals(x509crl.getIssuerX500Principal())) {
                    org.symbouncycastle.a.x xVar = null;
                    if (kVar.hasExtensions()) {
                        try {
                            xVar = org.symbouncycastle.a.x.a((Object) a(kVar, org.symbouncycastle.a.c.d.e.d()));
                        } catch (Exception e2) {
                            new m("Reason code CRL entry extension could not be decoded.", e2);
                        }
                    }
                    if (date.getTime() >= kVar.getRevocationDate().getTime() || xVar == null || xVar.a().intValue() == 0 || xVar.a().intValue() == 1 || xVar.a().intValue() == 2 || xVar.a().intValue() == 8) {
                        if (xVar != null) {
                            yVar.a = xVar.a().intValue();
                        } else {
                            yVar.a = 0;
                        }
                        yVar.b = kVar.getRevocationDate();
                    }
                }
            }
        } catch (Exception e3) {
            throw new m("Bouncy Castle X509CRLObject could not be created.", e3);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static void a(org.symbouncycastle.a.c.j jVar, org.symbouncycastle.c.m mVar) {
        if (jVar != null) {
            try {
                for (org.symbouncycastle.a.c.t tVar : jVar.a()) {
                    ap d2 = tVar.d();
                    if (d2 != null && d2.d() == 0) {
                        org.symbouncycastle.a.c.v[] d3 = org.symbouncycastle.a.c.x.a(d2.e()).d();
                        for (int i2 = 0; i2 < d3.length; i2++) {
                            if (d3[i2].d() == 6) {
                                a(ae.a(d3[i2].e()).g_(), mVar);
                            }
                        }
                    }
                }
            } catch (Exception e2) {
                throw new m("Distribution points could not be read.", e2);
            }
        }
    }

    private static void a(org.symbouncycastle.a.c.t tVar, Collection collection, X509CRLSelector x509CRLSelector, org.symbouncycastle.c.m mVar) {
        ArrayList arrayList = new ArrayList();
        if (tVar.f() != null) {
            org.symbouncycastle.a.c.v[] d2 = tVar.f().d();
            for (int i2 = 0; i2 < d2.length; i2++) {
                if (d2[i2].d() == 4) {
                    try {
                        arrayList.add(new X500Principal(d2[i2].e().p_().o_()));
                    } catch (IOException e2) {
                        throw new m("CRL issuer information from distribution point cannot be decoded.", e2);
                    }
                }
            }
        } else {
            if (tVar.d() == null) {
                throw new m("CRL issuer is omitted from distribution point but no distributionPoint field present.");
            }
            Iterator it = collection.iterator();
            while (it.hasNext()) {
                arrayList.add((X500Principal) it.next());
            }
        }
        Iterator it2 = arrayList.iterator();
        while (it2.hasNext()) {
            try {
                x509CRLSelector.addIssuerName(((X500Principal) it2.next()).getEncoded());
            } catch (IOException e3) {
                throw new m("Cannot decode CRL issuer information.", e3);
            }
        }
    }

    private static void a(List[] listArr, t tVar) {
        listArr[tVar.getDepth()].remove(tVar);
        if (tVar.a()) {
            Iterator children = tVar.getChildren();
            while (children.hasNext()) {
                a(listArr, (t) children.next());
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static boolean a(int i2, List[] listArr, bo boVar, Set set) {
        List list = listArr[i2 - 1];
        for (int i3 = 0; i3 < list.size(); i3++) {
            t tVar = (t) list.get(i3);
            if (tVar.getExpectedPolicies().contains(boVar.d())) {
                HashSet hashSet = new HashSet();
                hashSet.add(boVar.d());
                t tVar2 = new t(new ArrayList(), i2, hashSet, tVar, set, boVar.d(), false);
                tVar.a(tVar2);
                listArr[i2].add(tVar2);
                return true;
            }
        }
        return false;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static boolean a(Set set) {
        return set == null || set.contains("2.5.29.32.0") || set.isEmpty();
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static void b(int i2, List[] listArr, bo boVar, Set set) {
        List list = listArr[i2 - 1];
        for (int i3 = 0; i3 < list.size(); i3++) {
            t tVar = (t) list.get(i3);
            if ("2.5.29.32.0".equals(tVar.getValidPolicy())) {
                HashSet hashSet = new HashSet();
                hashSet.add(boVar.d());
                t tVar2 = new t(new ArrayList(), i2, hashSet, tVar, set, boVar.d(), false);
                tVar.a(tVar2);
                listArr[i2].add(tVar2);
                return;
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static boolean b(X509Certificate x509Certificate) {
        return x509Certificate.getSubjectDN().equals(x509Certificate.getIssuerDN());
    }
}
