package org.bouncycastle.pkix.jcajce;

import com.itextpdf.text.pdf.security.SecurityConstants;
import h.j;
import java.io.IOException;
import java.math.BigInteger;
import java.security.PublicKey;
import java.security.cert.CertPathValidatorException;
import java.security.cert.CertStore;
import java.security.cert.CertStoreException;
import java.security.cert.Certificate;
import java.security.cert.X509CRL;
import java.security.cert.X509CRLSelector;
import java.security.cert.X509Certificate;
import java.security.cert.X509Extension;
import java.security.interfaces.DSAParams;
import java.security.interfaces.DSAPublicKey;
import java.security.spec.DSAPublicKeySpec;
import java.util.ArrayList;
import java.util.Date;
import java.util.HashSet;
import java.util.Iterator;
import java.util.LinkedHashSet;
import java.util.List;
import java.util.Set;
import org.bouncycastle.asn1.ASN1Integer;
import org.bouncycastle.asn1.ASN1ObjectIdentifier;
import org.bouncycastle.asn1.ASN1OctetString;
import org.bouncycastle.asn1.ASN1Primitive;
import org.bouncycastle.asn1.x500.X500Name;
import org.bouncycastle.asn1.x509.DistributionPoint;
import org.bouncycastle.asn1.x509.Extension;
import org.bouncycastle.asn1.x509.GeneralName;
import org.bouncycastle.jcajce.PKIXCRLStoreSelector;
import org.bouncycastle.jcajce.PKIXCertStoreSelector;
import org.bouncycastle.jcajce.util.JcaJceHelper;
import org.bouncycastle.util.Store;
import org.bouncycastle.util.StoreException;

/* loaded from: classes7.dex */
public abstract class f {

    /* renamed from: a, reason: collision with root package name */
    public static final String f29552a = Extension.issuingDistributionPoint.getId();

    public static void a(LinkedHashSet linkedHashSet, PKIXCertStoreSelector pKIXCertStoreSelector, List list) {
        for (Object obj : list) {
            if (obj instanceof Store) {
                try {
                    linkedHashSet.addAll(((Store) obj).getMatches(pKIXCertStoreSelector));
                } catch (StoreException e10) {
                    throw new a("Problem while picking certificates from X.509 store.", e10);
                }
            } else {
                try {
                    linkedHashSet.addAll(PKIXCertStoreSelector.getCertificates(pKIXCertStoreSelector, (CertStore) obj));
                } catch (CertStoreException e11) {
                    throw new a("Problem while picking certificates from certificate store.", e11);
                }
            }
        }
    }

    public static void b(DistributionPoint distributionPoint, HashSet hashSet, X509CRLSelector x509CRLSelector) {
        ArrayList arrayList = new ArrayList();
        if (distributionPoint.getCRLIssuer() != null) {
            GeneralName[] names = distributionPoint.getCRLIssuer().getNames();
            for (int i10 = 0; i10 < names.length; i10++) {
                if (names[i10].getTagNo() == 4) {
                    try {
                        arrayList.add(X500Name.getInstance(names[i10].getName()));
                    } catch (IllegalArgumentException e10) {
                        throw new a("CRL issuer information from distribution point cannot be decoded.", e10);
                    }
                }
            }
        } else {
            if (distributionPoint.getDistributionPoint() == null) {
                throw new a("CRL issuer is omitted from distribution point but no distributionPoint field present.", null);
            }
            Iterator it = hashSet.iterator();
            while (it.hasNext()) {
                arrayList.add(it.next());
            }
        }
        Iterator it2 = arrayList.iterator();
        while (it2.hasNext()) {
            try {
                x509CRLSelector.addIssuerName(((X500Name) it2.next()).getEncoded());
            } catch (IOException e11) {
                throw new a("Cannot decode CRL issuer information.", e11);
            }
        }
    }

    /* JADX WARN: Removed duplicated region for block: B:17:0x0056  */
    /* JADX WARN: Removed duplicated region for block: B:37:0x00b6  */
    /* JADX WARN: Removed duplicated region for block: B:39:0x00b9  */
    /* JADX WARN: Removed duplicated region for block: B:41:0x007e A[EXC_TOP_SPLITTER, SYNTHETIC] */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public static void c(java.util.Date r5, java.security.cert.X509CRL r6, java.lang.Object r7, org.bouncycastle.jce.provider.d r8) {
        /*
            org.bouncycastle.asn1.ASN1ObjectIdentifier r0 = org.bouncycastle.asn1.x509.Extension.issuingDistributionPoint     // Catch: java.lang.Exception -> L22
            java.lang.String r0 = r0.getId()     // Catch: java.lang.Exception -> L22
            byte[] r0 = r6.getExtensionValue(r0)     // Catch: java.lang.Exception -> L22
            r1 = 0
            r2 = 1
            if (r0 == 0) goto L25
            org.bouncycastle.asn1.ASN1OctetString r0 = org.bouncycastle.asn1.ASN1OctetString.getInstance(r0)     // Catch: java.lang.Exception -> L22
            byte[] r0 = r0.getOctets()     // Catch: java.lang.Exception -> L22
            org.bouncycastle.asn1.x509.IssuingDistributionPoint r0 = org.bouncycastle.asn1.x509.IssuingDistributionPoint.getInstance(r0)     // Catch: java.lang.Exception -> L22
            boolean r0 = r0.isIndirectCRL()     // Catch: java.lang.Exception -> L22
            if (r0 == 0) goto L25
            r0 = r2
            goto L26
        L22:
            r5 = move-exception
            goto Lbc
        L25:
            r0 = r1
        L26:
            java.security.cert.X509Certificate r7 = (java.security.cert.X509Certificate) r7
            javax.security.auth.x500.X500Principal r3 = r7.getIssuerX500Principal()
            byte[] r3 = r3.getEncoded()
            org.bouncycastle.asn1.x500.X500Name r3 = org.bouncycastle.asn1.x500.X500Name.getInstance(r3)
            if (r0 != 0) goto L49
            javax.security.auth.x500.X500Principal r4 = r6.getIssuerX500Principal()
            byte[] r4 = r4.getEncoded()
            org.bouncycastle.asn1.x500.X500Name r4 = org.bouncycastle.asn1.x500.X500Name.getInstance(r4)
            boolean r4 = r3.equals(r4)
            if (r4 != 0) goto L49
            return
        L49:
            java.math.BigInteger r7 = r7.getSerialNumber()
            java.security.cert.X509CRLEntry r7 = r6.getRevokedCertificate(r7)
            if (r7 != 0) goto L54
            return
        L54:
            if (r0 == 0) goto L78
            javax.security.auth.x500.X500Principal r0 = r7.getCertificateIssuer()
            if (r0 != 0) goto L69
            javax.security.auth.x500.X500Principal r6 = r6.getIssuerX500Principal()
            byte[] r6 = r6.getEncoded()
            org.bouncycastle.asn1.x500.X500Name r6 = org.bouncycastle.asn1.x500.X500Name.getInstance(r6)
            goto L71
        L69:
            byte[] r6 = r0.getEncoded()
            org.bouncycastle.asn1.x500.X500Name r6 = org.bouncycastle.asn1.x500.X500Name.getInstance(r6)
        L71:
            boolean r6 = r3.equals(r6)
            if (r6 != 0) goto L78
            return
        L78:
            boolean r6 = r7.hasExtensions()
            if (r6 == 0) goto L98
            org.bouncycastle.asn1.ASN1ObjectIdentifier r6 = org.bouncycastle.asn1.x509.Extension.reasonCode     // Catch: java.lang.Exception -> L8f
            org.bouncycastle.asn1.ASN1Primitive r6 = e(r7, r6)     // Catch: java.lang.Exception -> L8f
            org.bouncycastle.asn1.ASN1Enumerated r6 = org.bouncycastle.asn1.ASN1Enumerated.getInstance(r6)     // Catch: java.lang.Exception -> L8f
            if (r6 == 0) goto L98
            int r1 = r6.intValueExact()     // Catch: java.lang.Exception -> L8f
            goto L98
        L8f:
            r5 = move-exception
            org.bouncycastle.pkix.jcajce.a r6 = new org.bouncycastle.pkix.jcajce.a
            java.lang.String r7 = "Reason code CRL entry extension could not be decoded."
            r6.<init>(r7, r5)
            throw r6
        L98:
            java.util.Date r6 = r7.getRevocationDate()
            boolean r5 = r5.before(r6)
            if (r5 == 0) goto Lae
            if (r1 == 0) goto Lae
            if (r1 == r2) goto Lae
            r5 = 2
            if (r1 == r5) goto Lae
            r5 = 10
            if (r1 == r5) goto Lae
            return
        Lae:
            r8.b(r1)
            int r5 = r8.f29366a
            switch(r5) {
                case 0: goto Lb9;
                default: goto Lb6;
            }
        Lb6:
            r8.f29367c = r6
            goto Lbb
        Lb9:
            r8.f29367c = r6
        Lbb:
            return
        Lbc:
            java.security.cert.CRLException r6 = new java.security.cert.CRLException     // Catch: java.security.cert.CRLException -> Lc4
            java.lang.String r7 = "exception reading IssuingDistributionPoint"
            r6.<init>(r7, r5)     // Catch: java.security.cert.CRLException -> Lc4
            throw r6     // Catch: java.security.cert.CRLException -> Lc4
        Lc4:
            r5 = move-exception
            org.bouncycastle.pkix.jcajce.a r6 = new org.bouncycastle.pkix.jcajce.a
            java.lang.String r7 = "Failed check for indirect CRL."
            r6.<init>(r7, r5)
            throw r6
        */
        throw new UnsupportedOperationException("Method not decompiled: org.bouncycastle.pkix.jcajce.f.c(java.util.Date, java.security.cert.X509CRL, java.lang.Object, org.bouncycastle.jce.provider.d):void");
    }

    public static HashSet d(Date date, X509CRL x509crl, List list, List list2) {
        X509CRLSelector x509CRLSelector = new X509CRLSelector();
        try {
            x509CRLSelector.addIssuerName(x509crl.getIssuerX500Principal().getEncoded());
            try {
                ASN1Primitive e10 = e(x509crl, Extension.cRLNumber);
                BigInteger positiveValue = e10 != null ? ASN1Integer.getInstance(e10).getPositiveValue() : null;
                try {
                    byte[] extensionValue = x509crl.getExtensionValue(f29552a);
                    x509CRLSelector.setMinCRLNumber(positiveValue != null ? positiveValue.add(BigInteger.valueOf(1L)) : null);
                    PKIXCRLStoreSelector.Builder builder = new PKIXCRLStoreSelector.Builder(x509CRLSelector);
                    builder.setIssuingDistributionPoint(extensionValue);
                    builder.setIssuingDistributionPointEnabled(true);
                    builder.setMaxBaseCRLNumber(positiveValue);
                    HashSet Y0 = j.Y0(builder.build(), date, list, list2);
                    HashSet hashSet = new HashSet();
                    Iterator it = Y0.iterator();
                    while (it.hasNext()) {
                        X509CRL x509crl2 = (X509CRL) it.next();
                        Set<String> criticalExtensionOIDs = x509crl2.getCriticalExtensionOIDs();
                        if (criticalExtensionOIDs != null && criticalExtensionOIDs.contains(d.f29550a)) {
                            hashSet.add(x509crl2);
                        }
                    }
                    return hashSet;
                } catch (Exception e11) {
                    throw new a("issuing distribution point extension value could not be read", e11);
                }
            } catch (Exception e12) {
                throw new a("cannot extract CRL number extension from CRL", e12);
            }
        } catch (IOException e13) {
            throw new a("cannot extract issuer from CRL.", e13);
        }
    }

    public static ASN1Primitive e(X509Extension x509Extension, ASN1ObjectIdentifier aSN1ObjectIdentifier) {
        byte[] extensionValue = x509Extension.getExtensionValue(aSN1ObjectIdentifier.getId());
        if (extensionValue == null) {
            return null;
        }
        try {
            return ASN1Primitive.fromByteArray(ASN1OctetString.getInstance(extensionValue).getOctets());
        } catch (Exception e10) {
            throw new a(org.bouncycastle.asn1.pkcs.a.h("exception processing extension ", aSN1ObjectIdentifier), e10);
        }
    }

    public static PublicKey f(List list, JcaJceHelper jcaJceHelper) {
        PublicKey publicKey = ((Certificate) list.get(0)).getPublicKey();
        if (!(publicKey instanceof DSAPublicKey)) {
            return publicKey;
        }
        DSAPublicKey dSAPublicKey = (DSAPublicKey) publicKey;
        if (dSAPublicKey.getParams() != null) {
            return dSAPublicKey;
        }
        for (int i10 = 1; i10 < list.size(); i10++) {
            PublicKey publicKey2 = ((X509Certificate) list.get(i10)).getPublicKey();
            if (!(publicKey2 instanceof DSAPublicKey)) {
                throw new CertPathValidatorException("DSA parameters cannot be inherited from previous certificate.");
            }
            DSAPublicKey dSAPublicKey2 = (DSAPublicKey) publicKey2;
            if (dSAPublicKey2.getParams() != null) {
                DSAParams params = dSAPublicKey2.getParams();
                try {
                    return jcaJceHelper.createKeyFactory(SecurityConstants.DSA).generatePublic(new DSAPublicKeySpec(dSAPublicKey.getY(), params.getP(), params.getQ(), params.getG()));
                } catch (Exception e10) {
                    throw new RuntimeException(e10.getMessage());
                }
            }
        }
        throw new CertPathValidatorException("DSA parameters cannot be inherited from previous certificate.");
    }
}
