package org.bouncycastle.jce.provider;

import A.AbstractC0070j0;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.net.URI;
import java.security.KeyFactory;
import java.security.PublicKey;
import java.security.cert.CRLException;
import java.security.cert.CRLSelector;
import java.security.cert.CertPathBuilderException;
import java.security.cert.CertPathValidatorException;
import java.security.cert.CertSelector;
import java.security.cert.CertStore;
import java.security.cert.CertStoreException;
import java.security.cert.Certificate;
import java.security.cert.CertificateFactory;
import java.security.cert.PolicyQualifierInfo;
import java.security.cert.TrustAnchor;
import java.security.cert.X509CRL;
import java.security.cert.X509CRLEntry;
import java.security.cert.X509CRLSelector;
import java.security.cert.X509CertSelector;
import java.security.cert.X509Certificate;
import java.security.cert.X509Extension;
import java.security.interfaces.DSAParams;
import java.security.interfaces.DSAPublicKey;
import java.security.spec.DSAPublicKeySpec;
import java.util.ArrayList;
import java.util.Collections;
import java.util.Date;
import java.util.Enumeration;
import java.util.HashSet;
import java.util.Iterator;
import java.util.LinkedHashSet;
import java.util.List;
import java.util.Map;
import java.util.Set;
import javax.security.auth.x500.X500Principal;
import org.bouncycastle.asn1.ASN1Encodable;
import org.bouncycastle.asn1.ASN1Enumerated;
import org.bouncycastle.asn1.ASN1OctetString;
import org.bouncycastle.asn1.ASN1OutputStream;
import org.bouncycastle.asn1.ASN1Primitive;
import org.bouncycastle.asn1.ASN1Sequence;
import org.bouncycastle.asn1.ASN1String;
import org.bouncycastle.asn1.x500.X500Name;
import org.bouncycastle.asn1.x500.style.RFC4519Style;
import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
import org.bouncycastle.asn1.x509.AuthorityKeyIdentifier;
import org.bouncycastle.asn1.x509.CRLDistPoint;
import org.bouncycastle.asn1.x509.DistributionPoint;
import org.bouncycastle.asn1.x509.DistributionPointName;
import org.bouncycastle.asn1.x509.Extension;
import org.bouncycastle.asn1.x509.GeneralName;
import org.bouncycastle.asn1.x509.GeneralNames;
import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo;
import org.bouncycastle.crypto.digests.a;
import org.bouncycastle.jcajce.PKIXCRLStore;
import org.bouncycastle.jcajce.PKIXCRLStoreSelector;
import org.bouncycastle.jcajce.PKIXCertRevocationCheckerParameters;
import org.bouncycastle.jcajce.PKIXCertStore;
import org.bouncycastle.jcajce.PKIXCertStoreSelector;
import org.bouncycastle.jcajce.PKIXExtendedBuilderParameters;
import org.bouncycastle.jcajce.PKIXExtendedParameters;
import org.bouncycastle.jcajce.util.BCJcaJceHelper;
import org.bouncycastle.jce.exception.ExtCertPathBuilderException;
import org.bouncycastle.jce.exception.ExtCertPathValidatorException;
import org.bouncycastle.util.Properties;
import org.bouncycastle.util.Store;
import org.bouncycastle.util.StoreException;
import org.bouncycastle.x509.X509AttributeCertificate;

/* loaded from: classes5.dex */
class CertPathValidatorUtilities {

    /* renamed from: a, reason: collision with root package name */
    public static final String f60445a;

    static {
        Extension.f57812p.w();
        Extension.f57806h.w();
        Extension.q.w();
        Extension.f57804f.w();
        Extension.f57810n.w();
        Extension.f57803e.w();
        Extension.f57816v.w();
        Extension.f57808l.w();
        Extension.f57807k.w();
        Extension.f57813s.w();
        Extension.f57815u.w();
        Extension.f57811o.w();
        f60445a = Extension.r.w();
        Extension.i.w();
    }

    public static void a(LinkedHashSet linkedHashSet, PKIXCertStoreSelector pKIXCertStoreSelector, List list) {
        for (Object obj : list) {
            if (obj instanceof Store) {
                try {
                    linkedHashSet.addAll(((Store) obj).a(pKIXCertStoreSelector));
                } catch (StoreException e10) {
                    throw new AnnotatedException("Problem while picking certificates from X.509 store.", e10);
                }
            } else {
                try {
                    linkedHashSet.addAll(PKIXCertStoreSelector.a(pKIXCertStoreSelector, (CertStore) obj));
                } catch (CertStoreException e11) {
                    throw new AnnotatedException("Problem while picking certificates from certificate store.", e11);
                }
            }
        }
    }

    public static LinkedHashSet b(X509Certificate x509Certificate, List list, ArrayList arrayList) {
        X509CertSelector x509CertSelector = new X509CertSelector();
        try {
            x509CertSelector.setSubject(PrincipalUtils.c(x509Certificate).getEncoded());
            try {
                byte[] extensionValue = x509Certificate.getExtensionValue(f60445a);
                if (extensionValue != null) {
                    ASN1OctetString aSN1OctetString = AuthorityKeyIdentifier.i(ASN1OctetString.t(extensionValue).f57054a).f57771a;
                    byte[] bArr = aSN1OctetString != null ? aSN1OctetString.f57054a : null;
                    if (bArr != null) {
                        x509CertSelector.setSubjectKeyIdentifier(new ASN1OctetString(bArr).getEncoded());
                    }
                }
            } catch (Exception unused) {
            }
            PKIXCertStoreSelector a10 = new PKIXCertStoreSelector.Builder(x509CertSelector).a();
            LinkedHashSet linkedHashSet = new LinkedHashSet();
            try {
                a(linkedHashSet, a10, list);
                a(linkedHashSet, a10, arrayList);
                return linkedHashSet;
            } catch (AnnotatedException e10) {
                throw new AnnotatedException("Issuer certificate cannot be searched.", e10);
            }
        } catch (Exception e11) {
            throw new AnnotatedException("Subject criteria for certificate selector to find issuer certificate could not be set.", e11);
        }
    }

    public static Set c(PKIXExtendedBuilderParameters pKIXExtendedBuilderParameters) {
        PKIXExtendedParameters pKIXExtendedParameters = pKIXExtendedBuilderParameters.f59660a;
        PKIXCertStoreSelector pKIXCertStoreSelector = pKIXExtendedParameters.f59667b;
        LinkedHashSet linkedHashSet = new LinkedHashSet();
        try {
            a(linkedHashSet, pKIXCertStoreSelector, pKIXExtendedParameters.f59670e);
            a(linkedHashSet, pKIXCertStoreSelector, pKIXExtendedParameters.f59666a.getCertStores());
            if (!linkedHashSet.isEmpty()) {
                return linkedHashSet;
            }
            CertSelector certSelector = pKIXCertStoreSelector.f59657a;
            X509Certificate certificate = certSelector instanceof X509CertSelector ? ((X509CertSelector) certSelector).getCertificate() : null;
            if (certificate != null) {
                return Collections.singleton(certificate);
            }
            throw new CertPathBuilderException("No certificate found matching targetConstraints.");
        } catch (AnnotatedException e10) {
            throw new ExtCertPathBuilderException("Error finding target certificate.", e10);
        }
    }

    public static TrustAnchor d(X509Certificate x509Certificate, Set set, String str) {
        X509CertSelector x509CertSelector = new X509CertSelector();
        X500Principal issuerX500Principal = x509Certificate.getIssuerX500Principal();
        x509CertSelector.setSubject(issuerX500Principal);
        Iterator it = set.iterator();
        TrustAnchor trustAnchor = null;
        Exception exc = null;
        X500Name x500Name = null;
        PublicKey publicKey = null;
        while (it.hasNext() && trustAnchor == null) {
            trustAnchor = (TrustAnchor) it.next();
            if (trustAnchor.getTrustedCert() != null) {
                if (x509CertSelector.match(trustAnchor.getTrustedCert())) {
                    publicKey = trustAnchor.getTrustedCert().getPublicKey();
                }
                trustAnchor = null;
            } else {
                if (trustAnchor.getCA() != null && trustAnchor.getCAName() != null && trustAnchor.getCAPublicKey() != null) {
                    if (x500Name == null) {
                        x500Name = X500Name.i(issuerX500Principal.getEncoded());
                    }
                    try {
                        if (x500Name.equals(X500Name.i(trustAnchor.getCA().getEncoded()))) {
                            publicKey = trustAnchor.getCAPublicKey();
                        }
                    } catch (IllegalArgumentException unused) {
                    }
                }
                trustAnchor = null;
            }
            if (publicKey != null) {
                if (str == null) {
                    try {
                        x509Certificate.verify(publicKey);
                    } catch (Exception e10) {
                        exc = e10;
                        trustAnchor = null;
                        publicKey = null;
                    }
                } else {
                    x509Certificate.verify(publicKey, str);
                }
            }
        }
        if (trustAnchor != null || exc == null) {
            return trustAnchor;
        }
        throw new AnnotatedException("TrustAnchor found but certificate validation failed.", exc);
    }

    public static List e(byte[] bArr, Map map) {
        if (bArr == null) {
            return Collections.EMPTY_LIST;
        }
        GeneralName[] j = GeneralNames.i(ASN1OctetString.t(bArr).f57054a).j();
        ArrayList arrayList = new ArrayList();
        for (int i = 0; i != j.length; i++) {
            PKIXCertStore pKIXCertStore = (PKIXCertStore) map.get(j[i]);
            if (pKIXCertStore != null) {
                arrayList.add(pKIXCertStore);
            }
        }
        return arrayList;
    }

    public static List f(CRLDistPoint cRLDistPoint, Map map, Date date, BCJcaJceHelper bCJcaJceHelper) {
        if (cRLDistPoint == null) {
            return Collections.EMPTY_LIST;
        }
        try {
            DistributionPoint[] i = cRLDistPoint.i();
            ArrayList arrayList = new ArrayList();
            for (DistributionPoint distributionPoint : i) {
                DistributionPointName distributionPointName = distributionPoint.f57795a;
                if (distributionPointName != null && distributionPointName.f57799b == 0) {
                    for (GeneralName generalName : GeneralNames.i(distributionPointName.f57798a).j()) {
                        PKIXCRLStore pKIXCRLStore = (PKIXCRLStore) map.get(generalName);
                        if (pKIXCRLStore != null) {
                            arrayList.add(pKIXCRLStore);
                        }
                    }
                }
            }
            if (arrayList.isEmpty() && Properties.b("org.bouncycastle.x509.enableCRLDP")) {
                try {
                    CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509", bCJcaJceHelper.f60419a);
                    for (DistributionPoint distributionPoint2 : i) {
                        DistributionPointName distributionPointName2 = distributionPoint2.f57795a;
                        if (distributionPointName2 != null && distributionPointName2.f57799b == 0) {
                            for (GeneralName generalName2 : GeneralNames.i(distributionPointName2.f57798a).j()) {
                                if (generalName2.f57827b == 6) {
                                    try {
                                        arrayList.add(CrlCache.a(certificateFactory, date, new URI(((ASN1String) generalName2.f57826a).f())));
                                        break;
                                    } catch (Exception unused) {
                                        continue;
                                    }
                                }
                            }
                        }
                    }
                } catch (Exception e10) {
                    throw new AnnotatedException(AbstractC0070j0.n(e10, new StringBuilder("cannot create certificate factory: ")), e10);
                }
            }
            return arrayList;
        } catch (Exception e11) {
            throw new AnnotatedException("Distribution points could not be read.", e11);
        }
    }

    public static AlgorithmIdentifier g(PublicKey publicKey) {
        try {
            return SubjectPublicKeyInfo.i(publicKey.getEncoded()).f57874a;
        } catch (Exception e10) {
            throw new ExtCertPathValidatorException("Subject public key cannot be decoded.", e10);
        }
    }

    public static void h(DistributionPoint distributionPoint, HashSet hashSet, X509CRLSelector x509CRLSelector) {
        ArrayList arrayList = new ArrayList();
        GeneralNames generalNames = distributionPoint.f57797c;
        if (generalNames != null) {
            for (GeneralName generalName : generalNames.j()) {
                if (generalName.f57827b == 4) {
                    try {
                        arrayList.add(X500Name.i(generalName.f57826a.e().getEncoded()));
                    } catch (IOException e10) {
                        throw new AnnotatedException("CRL issuer information from distribution point cannot be decoded.", e10);
                    }
                }
            }
        } else {
            if (distributionPoint.f57795a == null) {
                throw new AnnotatedException("CRL issuer is omitted from distribution point but no distributionPoint field present.", null);
            }
            Iterator it = hashSet.iterator();
            while (it.hasNext()) {
                arrayList.add(it.next());
            }
        }
        Iterator it2 = arrayList.iterator();
        while (it2.hasNext()) {
            try {
                x509CRLSelector.addIssuerName(((X500Name) it2.next()).getEncoded());
            } catch (IOException e11) {
                throw new AnnotatedException("Cannot decode CRL issuer information.", e11);
            }
        }
    }

    public static void i(Date date, X509CRL x509crl, X509Extension x509Extension, CertStatus certStatus) {
        X509CRLEntry revokedCertificate;
        try {
            if (X509CRLObject.c(x509crl)) {
                revokedCertificate = x509crl.getRevokedCertificate(((X509Certificate) x509Extension).getSerialNumber());
                if (revokedCertificate == null) {
                    return;
                }
                X500Principal certificateIssuer = revokedCertificate.getCertificateIssuer();
                if (!PrincipalUtils.a(x509Extension).equals(certificateIssuer == null ? PrincipalUtils.b(x509crl) : PrincipalUtils.e(certificateIssuer))) {
                    return;
                }
            } else if (!PrincipalUtils.a(x509Extension).equals(PrincipalUtils.b(x509crl)) || (revokedCertificate = x509crl.getRevokedCertificate(((X509Certificate) x509Extension).getSerialNumber())) == null) {
                return;
            }
            ASN1Enumerated aSN1Enumerated = null;
            if (revokedCertificate.hasExtensions()) {
                if (revokedCertificate.hasUnsupportedCriticalExtension()) {
                    throw new AnnotatedException("CRL entry has unsupported critical extensions.", null);
                }
                try {
                    aSN1Enumerated = ASN1Enumerated.u(k(revokedCertificate, Extension.j.w()));
                } catch (Exception e10) {
                    throw new AnnotatedException("Reason code CRL entry extension could not be decoded.", e10);
                }
            }
            int w4 = aSN1Enumerated == null ? 0 : aSN1Enumerated.w();
            if (date.getTime() >= revokedCertificate.getRevocationDate().getTime() || w4 == 0 || w4 == 1 || w4 == 2 || w4 == 10) {
                certStatus.f60446a = w4;
                certStatus.f60447b = revokedCertificate.getRevocationDate();
            }
        } catch (CRLException e11) {
            throw new AnnotatedException("Failed check for indirect CRL.", e11);
        }
    }

    public static HashSet j(PKIXCertRevocationCheckerParameters pKIXCertRevocationCheckerParameters, DistributionPoint distributionPoint, X509Extension x509Extension, PKIXExtendedParameters pKIXExtendedParameters, Date date) {
        X509CRLSelector x509CRLSelector = new X509CRLSelector();
        try {
            HashSet hashSet = new HashSet();
            hashSet.add(PrincipalUtils.a(x509Extension));
            h(distributionPoint, hashSet, x509CRLSelector);
            if (x509Extension instanceof X509Certificate) {
                x509CRLSelector.setCertificateChecking((X509Certificate) x509Extension);
            }
            PKIXCRLStoreSelector.Builder builder = new PKIXCRLStoreSelector.Builder(x509CRLSelector);
            builder.f59646b = true;
            PKIXCRLStoreSelector pKIXCRLStoreSelector = new PKIXCRLStoreSelector(builder);
            List<CertStore> certStores = pKIXExtendedParameters.f59666a.getCertStores();
            List list = pKIXExtendedParameters.f59672g;
            HashSet hashSet2 = new HashSet();
            try {
                PKIXCRLUtil.a(hashSet2, pKIXCRLStoreSelector, list);
                PKIXCRLUtil.a(hashSet2, pKIXCRLStoreSelector, certStores);
                HashSet hashSet3 = new HashSet();
                Iterator it = hashSet2.iterator();
                while (it.hasNext()) {
                    X509CRL x509crl = (X509CRL) it.next();
                    Date nextUpdate = x509crl.getNextUpdate();
                    if (nextUpdate == null || nextUpdate.after(date)) {
                        CRLSelector cRLSelector = pKIXCRLStoreSelector.f59640a;
                        X509Certificate certificateChecking = cRLSelector instanceof X509CRLSelector ? ((X509CRLSelector) cRLSelector).getCertificateChecking() : null;
                        if (certificateChecking == null || x509crl.getThisUpdate().before(certificateChecking.getNotAfter())) {
                            hashSet3.add(x509crl);
                        }
                    }
                }
                if (!hashSet3.isEmpty()) {
                    return hashSet3;
                }
                if (x509Extension instanceof X509AttributeCertificate) {
                    throw new CertPathValidatorException("No CRLs found for issuer \"" + ((X509AttributeCertificate) x509Extension).m().a()[0] + "\"", null, pKIXCertRevocationCheckerParameters.f59653c, pKIXCertRevocationCheckerParameters.f59654d);
                }
                throw new CertPathValidatorException("No CRLs found for issuer \"" + RFC4519Style.f57761e.b(PrincipalUtils.c((X509Certificate) x509Extension)) + "\"", null, pKIXCertRevocationCheckerParameters.f59653c, pKIXCertRevocationCheckerParameters.f59654d);
            } catch (AnnotatedException e10) {
                throw new AnnotatedException("Exception obtaining complete CRLs.", e10);
            }
        } catch (AnnotatedException e11) {
            throw new AnnotatedException("Could not get issuer information from distribution point.", e11);
        }
    }

    public static ASN1Primitive k(X509Extension x509Extension, String str) {
        byte[] extensionValue = x509Extension.getExtensionValue(str);
        if (extensionValue == null) {
            return null;
        }
        try {
            return ASN1Primitive.q(ASN1OctetString.t(extensionValue).f57054a);
        } catch (Exception e10) {
            throw new AnnotatedException(a.i("exception processing extension ", str), e10);
        }
    }

    public static PublicKey l(List list, int i, BCJcaJceHelper bCJcaJceHelper) {
        DSAPublicKey dSAPublicKey;
        PublicKey publicKey = ((Certificate) list.get(i)).getPublicKey();
        if (!(publicKey instanceof DSAPublicKey)) {
            return publicKey;
        }
        DSAPublicKey dSAPublicKey2 = (DSAPublicKey) publicKey;
        if (dSAPublicKey2.getParams() != null) {
            return dSAPublicKey2;
        }
        do {
            i++;
            if (i >= list.size()) {
                throw new CertPathValidatorException("DSA parameters cannot be inherited from previous certificate.");
            }
            PublicKey publicKey2 = ((X509Certificate) list.get(i)).getPublicKey();
            if (!(publicKey2 instanceof DSAPublicKey)) {
                throw new CertPathValidatorException("DSA parameters cannot be inherited from previous certificate.");
            }
            dSAPublicKey = (DSAPublicKey) publicKey2;
        } while (dSAPublicKey.getParams() == null);
        DSAParams params = dSAPublicKey.getParams();
        try {
            return KeyFactory.getInstance("DSA", bCJcaJceHelper.f60419a).generatePublic(new DSAPublicKeySpec(dSAPublicKey2.getY(), params.getP(), params.getQ(), params.getG()));
        } catch (Exception e10) {
            throw new RuntimeException(e10.getMessage());
        }
    }

    public static final HashSet m(ASN1Sequence aSN1Sequence) {
        HashSet hashSet = new HashSet();
        if (aSN1Sequence != null) {
            ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
            ASN1OutputStream aSN1OutputStream = new ASN1OutputStream(byteArrayOutputStream);
            Enumeration y9 = aSN1Sequence.y();
            while (y9.hasMoreElements()) {
                try {
                    ASN1Encodable aSN1Encodable = (ASN1Encodable) y9.nextElement();
                    if (aSN1Encodable == null) {
                        throw new IOException("null object detected");
                    }
                    aSN1Encodable.e().j(aSN1OutputStream, true);
                    hashSet.add(new PolicyQualifierInfo(byteArrayOutputStream.toByteArray()));
                    byteArrayOutputStream.reset();
                } catch (IOException e10) {
                    throw new ExtCertPathValidatorException("Policy qualifier info cannot be decoded.", e10);
                }
            }
        }
        return hashSet;
    }

    public static Date n(PKIXExtendedParameters pKIXExtendedParameters, Date date) {
        Date date2 = pKIXExtendedParameters.f59668c;
        Date date3 = date2 == null ? null : new Date(date2.getTime());
        return date3 == null ? date : date3;
    }

    public static boolean o(X509Certificate x509Certificate) {
        return x509Certificate.getSubjectDN().equals(x509Certificate.getIssuerDN());
    }

    public static PKIXPolicyNode p(PKIXPolicyNode pKIXPolicyNode, List[] listArr, PKIXPolicyNode pKIXPolicyNode2) {
        PKIXPolicyNode pKIXPolicyNode3 = pKIXPolicyNode2.f60497d;
        if (pKIXPolicyNode == null) {
            return null;
        }
        if (pKIXPolicyNode3 != null) {
            pKIXPolicyNode3.f60494a.remove(pKIXPolicyNode2);
            q(listArr, pKIXPolicyNode2);
            return pKIXPolicyNode;
        }
        for (int i = 0; i < listArr.length; i++) {
            listArr[i] = new ArrayList();
        }
        return null;
    }

    public static void q(List[] listArr, PKIXPolicyNode pKIXPolicyNode) {
        listArr[pKIXPolicyNode.f60495b].remove(pKIXPolicyNode);
        if (pKIXPolicyNode.f60494a.isEmpty()) {
            return;
        }
        Iterator it = pKIXPolicyNode.f60494a.iterator();
        while (it.hasNext()) {
            q(listArr, (PKIXPolicyNode) it.next());
        }
    }
}
