package id;

import e.p;
import java.io.IOException;
import java.math.BigInteger;
import java.security.PublicKey;
import java.security.cert.CertPathBuilder;
import java.security.cert.X509CRL;
import java.security.cert.X509Certificate;
import java.security.cert.X509Extension;
import java.util.ArrayList;
import java.util.Collections;
import java.util.Date;
import java.util.HashSet;
import java.util.Iterator;
import org.bouncycastle.asn1.DERObject;
import org.bouncycastle.asn1.x509.BasicConstraints;
import org.bouncycastle.asn1.x509.DistributionPoint;
import org.bouncycastle.asn1.x509.DistributionPointName;
import org.bouncycastle.asn1.x509.GeneralName;
import org.bouncycastle.asn1.x509.GeneralNames;
import org.bouncycastle.asn1.x509.IssuingDistributionPoint;
import org.bouncycastle.asn1.x509.ReasonFlags;
import org.bouncycastle.asn1.x509.X509Extensions;
import org.bouncycastle.jce.provider.AnnotatedException;
import org.bouncycastle.jce.provider.CertPathValidatorUtilities;
import org.bouncycastle.util.Selector;
import org.bouncycastle.x509.ExtendedPKIXBuilderParameters;
import org.bouncycastle.x509.ExtendedPKIXParameters;
import org.bouncycastle.x509.X509AttributeCertificate;
import org.bouncycastle.x509.X509CRLStoreSelector;
import org.bouncycastle.x509.X509CertStoreSelector;

/* loaded from: classes5.dex */
public abstract class f extends CertPathValidatorUtilities {

    /* renamed from: g, reason: collision with root package name */
    public static final String f32571g = X509Extensions.f36034v.f35584a;

    /* renamed from: h, reason: collision with root package name */
    public static final String f32572h = X509Extensions.f36033u.f35584a;

    /* renamed from: i, reason: collision with root package name */
    public static final String f32573i = X509Extensions.t.f35584a;

    public static b5.d A(X509CRL x509crl, DistributionPoint distributionPoint) {
        ReasonFlags reasonFlags;
        ReasonFlags reasonFlags2;
        try {
            IssuingDistributionPoint h6 = IssuingDistributionPoint.h(CertPathValidatorUtilities.l(x509crl, CertPathValidatorUtilities.f36512b));
            if (h6 != null && (reasonFlags = h6.d) != null && (reasonFlags2 = distributionPoint.f35946b) != null) {
                b5.d dVar = new b5.d(reasonFlags2.k());
                b5.d dVar2 = new b5.d(reasonFlags.k());
                b5.d dVar3 = new b5.d(0);
                dVar3.f7476a |= new b5.d(dVar.f7476a & dVar2.f7476a).f7476a;
                return dVar3;
            }
            b5.d dVar4 = b5.d.f7475b;
            if ((h6 == null || h6.d == null) && distributionPoint.f35946b == null) {
                return dVar4;
            }
            ReasonFlags reasonFlags3 = distributionPoint.f35946b;
            b5.d dVar5 = reasonFlags3 == null ? dVar4 : new b5.d(reasonFlags3.k());
            if (h6 != null) {
                dVar4 = new b5.d(h6.d.k());
            }
            b5.d dVar6 = new b5.d(0);
            dVar6.f7476a = new b5.d(dVar5.f7476a & dVar4.f7476a).f7476a | dVar6.f7476a;
            return dVar6;
        } catch (Exception e10) {
            throw new AnnotatedException("Issuing distribution point extension could not be decoded.", e10);
        }
    }

    public static HashSet B(X509CRL x509crl, Object obj, ExtendedPKIXParameters extendedPKIXParameters) {
        X509CertStoreSelector x509CertStoreSelector = new X509CertStoreSelector();
        try {
            x509CertStoreSelector.setSubject(x509crl.getIssuerX500Principal().getEncoded());
            try {
                CertPathValidatorUtilities.f(x509CertStoreSelector, extendedPKIXParameters.a());
                Iterator it = CertPathValidatorUtilities.f(x509CertStoreSelector, Collections.unmodifiableList(extendedPKIXParameters.d)).iterator();
                HashSet hashSet = new HashSet();
                while (it.hasNext()) {
                    X509Certificate x509Certificate = (X509Certificate) it.next();
                    if (CertPathValidatorUtilities.k(obj).equals(x509Certificate.getSubjectX500Principal()) && x509Certificate.getPublicKey().equals(null)) {
                        hashSet.add(x509Certificate);
                    } else {
                        try {
                            CertPathBuilder certPathBuilder = CertPathBuilder.getInstance("PKIX", "BC");
                            X509CertStoreSelector x509CertStoreSelector2 = new X509CertStoreSelector();
                            x509CertStoreSelector2.setCertificate(x509Certificate);
                            ExtendedPKIXBuilderParameters d = ExtendedPKIXBuilderParameters.d(extendedPKIXParameters);
                            d.f36792b = (Selector) x509CertStoreSelector2.clone();
                            HashSet hashSet2 = new HashSet();
                            hashSet2.add(obj);
                            d.f36789m = new HashSet(hashSet2);
                            certPathBuilder.build(d);
                            hashSet.add(x509Certificate);
                        } catch (Exception unused) {
                        }
                    }
                }
                HashSet hashSet3 = new HashSet();
                Iterator it2 = hashSet.iterator();
                AnnotatedException annotatedException = null;
                while (it2.hasNext()) {
                    X509Certificate x509Certificate2 = (X509Certificate) it2.next();
                    boolean[] keyUsage = x509Certificate2.getKeyUsage();
                    if (keyUsage == null || (keyUsage.length >= 7 && keyUsage[6])) {
                        hashSet3.add(x509Certificate2.getPublicKey());
                    } else {
                        annotatedException = new AnnotatedException("Issuer certificate key usage extension does not permit CRL signing.", null);
                    }
                }
                if (hashSet3.isEmpty() && annotatedException == null) {
                    throw new AnnotatedException("Cannot find a valid issuer certificate.", null);
                }
                if (!hashSet3.isEmpty() || annotatedException == null) {
                    return hashSet3;
                }
                throw annotatedException;
            } catch (AnnotatedException e10) {
                throw new AnnotatedException("Issuer certificate for CRL cannot be searched.", e10);
            }
        } catch (IOException e11) {
            throw new AnnotatedException("Subject criteria for certificate selector to find issuer certificate for CRL could not be set.", e11);
        }
    }

    /* JADX WARN: Multi-variable type inference failed */
    public static void w(DistributionPoint distributionPoint, X509AttributeCertificate x509AttributeCertificate, ExtendedPKIXParameters extendedPKIXParameters, Date date, p pVar, b5.d dVar) {
        Iterator it;
        X509CRL x509crl;
        Iterator it2;
        if (x509AttributeCertificate.getExtensionValue(X509Extensions.f36033u.f35584a) != null) {
            return;
        }
        Date date2 = new Date(System.currentTimeMillis());
        if (date.getTime() > date2.getTime()) {
            throw new AnnotatedException("Validation time is in future.", null);
        }
        X509CRLStoreSelector x509CRLStoreSelector = new X509CRLStoreSelector();
        int i10 = 0;
        try {
            HashSet hashSet = new HashSet();
            hashSet.add(x509AttributeCertificate.c().a()[0]);
            CertPathValidatorUtilities.h(distributionPoint, hashSet, x509CRLStoreSelector);
        } catch (AnnotatedException e10) {
            new AnnotatedException("Could not get issuer information from distribution point.", e10);
        }
        if (x509AttributeCertificate instanceof X509Certificate) {
            x509CRLStoreSelector.setCertificateChecking((X509Certificate) x509AttributeCertificate);
        } else {
            x509CRLStoreSelector.f36812g = x509AttributeCertificate;
        }
        x509CRLStoreSelector.setDateAndTime(date2);
        int i11 = 1;
        x509CRLStoreSelector.f36809c = true;
        HashSet hashSet2 = new HashSet();
        try {
            hashSet2.addAll(CertPathValidatorUtilities.d(extendedPKIXParameters.a(), x509CRLStoreSelector));
            hashSet2.addAll(CertPathValidatorUtilities.d(Collections.unmodifiableList(extendedPKIXParameters.d), x509CRLStoreSelector));
            if (hashSet2.isEmpty()) {
                throw new AnnotatedException("No CRLs found.", null);
            }
            Iterator it3 = hashSet2.iterator();
            AnnotatedException e11 = null;
            boolean z10 = false;
            while (it3.hasNext() && pVar.f31248a == 11) {
                if ((dVar.f7476a == b5.d.f7475b.f7476a ? i11 : i10) != 0) {
                    break;
                }
                try {
                    X509CRL x509crl2 = (X509CRL) it3.next();
                    b5.d A = A(x509crl2, distributionPoint);
                    int i12 = A.f7476a;
                    if (((i12 | (dVar.f7476a ^ i12)) != 0 ? i11 : 0) == 0) {
                        i10 = 0;
                    } else {
                        try {
                            it = B(x509crl2, x509AttributeCertificate, extendedPKIXParameters).iterator();
                        } catch (Exception e12) {
                            e = e12;
                        }
                        if (!it.hasNext()) {
                            e = null;
                            throw new AnnotatedException("Cannot verify CRL.", e);
                        }
                        PublicKey publicKey = (PublicKey) it.next();
                        x509crl2.verify(publicKey);
                        if (extendedPKIXParameters.f36799j) {
                            try {
                                it2 = CertPathValidatorUtilities.j(date2, extendedPKIXParameters, x509crl2).iterator();
                            } catch (Exception e13) {
                                e = e13;
                            }
                            if (!it2.hasNext()) {
                                e = null;
                                throw new AnnotatedException("Cannot verify delta CRL.", e);
                            }
                            x509crl = (X509CRL) it2.next();
                            x509crl.verify(publicKey);
                        } else {
                            x509crl = null;
                        }
                        if (extendedPKIXParameters.f36798i != i11 && x509AttributeCertificate.getNotAfter().getTime() < x509crl2.getThisUpdate().getTime()) {
                            throw new AnnotatedException("No valid CRL for current time found.", null);
                        }
                        x(distributionPoint, x509AttributeCertificate, x509crl2);
                        y(distributionPoint, x509AttributeCertificate, x509crl2);
                        z(x509crl, x509crl2, extendedPKIXParameters);
                        BigInteger serialNumber = x509AttributeCertificate.getSerialNumber();
                        if (extendedPKIXParameters.f36799j) {
                            CertPathValidatorUtilities.i(date, x509crl, serialNumber, pVar);
                        }
                        CertPathValidatorUtilities.i(date, x509crl2, x509AttributeCertificate.getSerialNumber(), pVar);
                        if (pVar.f31248a == 8) {
                            pVar.f31248a = 11;
                        }
                        dVar.f7476a |= A.f7476a;
                        i10 = 0;
                        i11 = 1;
                        z10 = true;
                    }
                } catch (AnnotatedException e14) {
                    e11 = e14;
                    i10 = 0;
                    i11 = 1;
                }
            }
            if (!z10) {
                throw e11;
            }
        } catch (AnnotatedException e15) {
            throw new AnnotatedException("Could not search for CRLs.", e15);
        }
    }

    public static void x(DistributionPoint distributionPoint, Object obj, X509CRL x509crl) {
        DERObject l10 = CertPathValidatorUtilities.l(x509crl, CertPathValidatorUtilities.f36512b);
        boolean z10 = true;
        boolean z11 = l10 != null && IssuingDistributionPoint.h(l10).f35967e;
        byte[] encoded = x509crl.getIssuerX500Principal().getEncoded();
        GeneralNames generalNames = distributionPoint.f35947c;
        if (generalNames != null) {
            boolean z12 = false;
            for (GeneralName generalName : generalNames.h()) {
                if (generalName.f35953b == 4) {
                    try {
                        if (generalName.f35952a.b().d().equals(encoded)) {
                            z12 = true;
                        }
                    } catch (IOException e10) {
                        throw new AnnotatedException("CRL issuer information from distribution point cannot be decoded.", e10);
                    }
                }
            }
            if (z12 && !z11) {
                throw new AnnotatedException("Distribution point contains cRLIssuer field but CRL is not indirect.", null);
            }
            if (!z12) {
                throw new AnnotatedException("CRL issuer of CRL does not match CRL issuer of distribution point.", null);
            }
            z10 = z12;
        } else if (!x509crl.getIssuerX500Principal().equals(CertPathValidatorUtilities.k(obj))) {
            z10 = false;
        }
        if (!z10) {
            throw new AnnotatedException("Cannot find matching CRL issuer for certificate.", null);
        }
    }

    public static void y(DistributionPoint distributionPoint, Object obj, X509CRL x509crl) {
        try {
            IssuingDistributionPoint h6 = IssuingDistributionPoint.h(CertPathValidatorUtilities.l(x509crl, CertPathValidatorUtilities.f36512b));
            if (h6 == null || h6.f35964a == null) {
                return;
            }
            DistributionPointName distributionPointName = IssuingDistributionPoint.h(h6).f35964a;
            ArrayList arrayList = new ArrayList();
            boolean z10 = false;
            if (distributionPointName.f35949b == 0) {
                for (GeneralName generalName : GeneralNames.g(distributionPointName.f35948a).h()) {
                    arrayList.add(generalName.c());
                }
            }
            DistributionPointName distributionPointName2 = distributionPoint.f35945a;
            if (distributionPointName2 != null) {
                if (distributionPointName2.f35949b == 0) {
                    GeneralName[] h10 = GeneralNames.g(distributionPointName2.f35948a).h();
                    int i10 = 0;
                    while (true) {
                        if (i10 >= h10.length) {
                            break;
                        }
                        if (arrayList.contains(h10[i10])) {
                            z10 = true;
                            break;
                        }
                        i10++;
                    }
                }
                if (!z10) {
                    throw new AnnotatedException("None of the names in the CRL issuing distribution point matches one of the names in a distributionPoint field of the certificate CRL distribution point.", null);
                }
            } else {
                GeneralNames generalNames = distributionPoint.f35947c;
                if (generalNames == null) {
                    throw new AnnotatedException("Either the cRLIssuer or the distributionPoint field must be contained in DistributionPoint.", null);
                }
                GeneralName[] h11 = generalNames.h();
                int i11 = 0;
                while (true) {
                    if (i11 >= h11.length) {
                        break;
                    }
                    if (arrayList.contains(h11[i11])) {
                        z10 = true;
                        break;
                    }
                    i11++;
                }
                if (!z10) {
                    throw new AnnotatedException("None of the names in the CRL issuing distribution point matches one of the names in a cRLIssuer field of the certificate CRL distribution point.", null);
                }
            }
            try {
                BasicConstraints g10 = BasicConstraints.g(CertPathValidatorUtilities.l((X509Extension) obj, CertPathValidatorUtilities.f36511a));
                if (obj instanceof X509Certificate) {
                    if (h6.f35965b && g10 != null && g10.h()) {
                        throw new AnnotatedException("CA Cert CRL only contains user certificates.", null);
                    }
                    if (h6.f35966c && (g10 == null || !g10.h())) {
                        throw new AnnotatedException("End CRL only contains CA certificates.", null);
                    }
                }
                if (h6.f35968f) {
                    throw new AnnotatedException("onlyContainsAttributeCerts boolean is asserted.", null);
                }
            } catch (Exception e10) {
                throw new AnnotatedException("Basic constraints extension could not be decoded.", e10);
            }
        } catch (Exception e11) {
            throw new AnnotatedException("Issuing distribution point extension could not be decoded.", e11);
        }
    }

    public static void z(X509CRL x509crl, X509CRL x509crl2, ExtendedPKIXParameters extendedPKIXParameters) {
        try {
            String str = CertPathValidatorUtilities.f36512b;
            IssuingDistributionPoint h6 = IssuingDistributionPoint.h(CertPathValidatorUtilities.l(x509crl2, str));
            if (extendedPKIXParameters.f36799j) {
                if (!x509crl.getIssuerX500Principal().equals(x509crl2.getIssuerX500Principal())) {
                    throw new AnnotatedException("Complete CRL issuer does not match delta CRL issuer.", null);
                }
                if (h6 != null) {
                    try {
                        if (!h6.equals(IssuingDistributionPoint.h(CertPathValidatorUtilities.l(x509crl, str)))) {
                            throw new AnnotatedException("Issuing distribution point extension from delta CRL and complete CRL does not match.", null);
                        }
                    } catch (Exception e10) {
                        throw new AnnotatedException("Issuing distribution point extension from delta CRL could not be decoded.", e10);
                    }
                }
                try {
                    String str2 = CertPathValidatorUtilities.d;
                    try {
                        if (!CertPathValidatorUtilities.l(x509crl, str2).equals(CertPathValidatorUtilities.l(x509crl, str2))) {
                            throw new AnnotatedException("Delta CRL authority key identifier does not match complete CRL authority key identifier.", null);
                        }
                    } catch (AnnotatedException e11) {
                        throw new AnnotatedException("Authority key identifier extension could not be extracted from delta CRL.", e11);
                    }
                } catch (AnnotatedException e12) {
                    throw new AnnotatedException("Authority key identifier extension could not be extracted from complete CRL.", e12);
                }
            }
        } catch (Exception e13) {
            throw new AnnotatedException("Issuing distribution point extension could not be decoded.", e13);
        }
    }
}
