package org.bouncycastle.jce.provider;

import com.google.firebase.ktx.BuildConfig;
import gb.d1;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.math.BigInteger;
import java.security.GeneralSecurityException;
import java.security.PublicKey;
import java.security.cert.CRL;
import java.security.cert.CRLException;
import java.security.cert.CertPath;
import java.security.cert.CertPathValidatorException;
import java.security.cert.CertStore;
import java.security.cert.CertStoreException;
import java.security.cert.Certificate;
import java.security.cert.CertificateParsingException;
import java.security.cert.PolicyQualifierInfo;
import java.security.cert.TrustAnchor;
import java.security.cert.X509CRL;
import java.security.cert.X509CRLEntry;
import java.security.cert.X509CRLSelector;
import java.security.cert.X509CertSelector;
import java.security.cert.X509Certificate;
import java.security.cert.X509Extension;
import java.security.interfaces.DSAParams;
import java.security.interfaces.DSAPublicKey;
import java.security.spec.DSAPublicKeySpec;
import java.text.ParseException;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Collections;
import java.util.Date;
import java.util.Enumeration;
import java.util.HashSet;
import java.util.Iterator;
import java.util.LinkedHashSet;
import java.util.List;
import java.util.Map;
import java.util.Set;
import javax.security.auth.x500.X500Principal;
import kc.k;
import kc.m;
import r9.p1;

/* loaded from: classes7.dex */
public class g {

    /* renamed from: o, reason: collision with root package name */
    public static final String f34751o = "2.5.29.32.0";

    /* renamed from: q, reason: collision with root package name */
    public static final int f34753q = 5;

    /* renamed from: r, reason: collision with root package name */
    public static final int f34754r = 6;

    /* renamed from: a, reason: collision with root package name */
    public static final c0 f34737a = new c0();

    /* renamed from: b, reason: collision with root package name */
    public static final String f34738b = gb.y.f24862t.K0();

    /* renamed from: c, reason: collision with root package name */
    public static final String f34739c = gb.y.f24852j.K0();

    /* renamed from: d, reason: collision with root package name */
    public static final String f34740d = gb.y.f24863u.K0();

    /* renamed from: e, reason: collision with root package name */
    public static final String f34741e = gb.y.f24850h.K0();

    /* renamed from: f, reason: collision with root package name */
    public static final String f34742f = gb.y.f24860r.K0();

    /* renamed from: g, reason: collision with root package name */
    public static final String f34743g = gb.y.f24848f.K0();

    /* renamed from: h, reason: collision with root package name */
    public static final String f34744h = gb.y.f24868z.K0();

    /* renamed from: i, reason: collision with root package name */
    public static final String f34745i = gb.y.f24858p.K0();

    /* renamed from: j, reason: collision with root package name */
    public static final String f34746j = gb.y.f24857o.K0();

    /* renamed from: k, reason: collision with root package name */
    public static final String f34747k = gb.y.f24865w.K0();

    /* renamed from: l, reason: collision with root package name */
    public static final String f34748l = gb.y.f24867y.K0();

    /* renamed from: m, reason: collision with root package name */
    public static final String f34749m = gb.y.f24861s.K0();

    /* renamed from: n, reason: collision with root package name */
    public static final String f34750n = gb.y.f24864v.K0();

    /* renamed from: p, reason: collision with root package name */
    public static final String f34752p = gb.y.f24853k.K0();

    /* renamed from: s, reason: collision with root package name */
    public static final String[] f34755s = {BuildConfig.VERSION_NAME, "keyCompromise", "cACompromise", "affiliationChanged", "superseded", "cessationOfOperation", "certificateHold", "unknown", "removeFromCRL", "privilegeWithdrawn", "aACompromise"};

    public static void A(int i10, List[] listArr, r9.q qVar, Set set) {
        List list = listArr[i10 - 1];
        for (int i11 = 0; i11 < list.size(); i11++) {
            h0 h0Var = (h0) list.get(i11);
            if ("2.5.29.32.0".equals(h0Var.getValidPolicy())) {
                HashSet hashSet = new HashSet();
                hashSet.add(qVar.K0());
                h0 h0Var2 = new h0(new ArrayList(), i10, hashSet, h0Var, set, qVar.K0(), false);
                h0Var.a(h0Var2);
                listArr[i10].add(h0Var2);
                return;
            }
        }
    }

    public static h0 B(h0 h0Var, List[] listArr, h0 h0Var2) {
        h0 h0Var3 = (h0) h0Var2.getParent();
        if (h0Var == null) {
            return null;
        }
        if (h0Var3 != null) {
            h0Var3.d(h0Var2);
            C(listArr, h0Var2);
            return h0Var;
        }
        for (int i10 = 0; i10 < listArr.length; i10++) {
            listArr[i10] = new ArrayList();
        }
        return null;
    }

    public static void C(List[] listArr, h0 h0Var) {
        listArr[h0Var.getDepth()].remove(h0Var);
        if (h0Var.c()) {
            Iterator children = h0Var.getChildren();
            while (children.hasNext()) {
                C(listArr, (h0) children.next());
            }
        }
    }

    public static void D(X509Certificate x509Certificate, PublicKey publicKey, String str) throws GeneralSecurityException {
        if (str == null) {
            x509Certificate.verify(publicKey);
        } else {
            x509Certificate.verify(publicKey, str);
        }
    }

    public static void a(Set set, Object obj) throws a {
        if (set.isEmpty()) {
            if (obj instanceof org.bouncycastle.x509.p) {
                throw new a("No CRLs found for issuer \"" + ((org.bouncycastle.x509.p) obj).f().b()[0] + "\"");
            }
            throw new a("No CRLs found for issuer \"" + fb.e.V.c(i0.d((X509Certificate) obj)) + "\"");
        }
    }

    public static Collection b(kc.m mVar, List list) throws a {
        LinkedHashSet linkedHashSet = new LinkedHashSet();
        for (Object obj : list) {
            if (obj instanceof org.bouncycastle.util.o) {
                try {
                    linkedHashSet.addAll(((org.bouncycastle.util.o) obj).a(mVar));
                } catch (org.bouncycastle.util.p e10) {
                    throw new a("Problem while picking certificates from X.509 store.", e10);
                }
            } else {
                try {
                    linkedHashSet.addAll(kc.m.b(mVar, (CertStore) obj));
                } catch (CertStoreException e11) {
                    throw new a("Problem while picking certificates from certificate store.", e11);
                }
            }
        }
        return linkedHashSet;
    }

    public static Collection c(X509Certificate x509Certificate, List<CertStore> list, List<kc.l> list2) throws a {
        byte[] o02;
        X509CertSelector x509CertSelector = new X509CertSelector();
        try {
            x509CertSelector.setSubject(i0.d(x509Certificate).getEncoded());
            try {
                byte[] extensionValue = x509Certificate.getExtensionValue(f34750n);
                if (extensionValue != null && (o02 = gb.i.a0(r9.r.x0(extensionValue).G0()).o0()) != null) {
                    x509CertSelector.setSubjectKeyIdentifier(new p1(o02).getEncoded());
                }
            } catch (Exception unused) {
            }
            kc.m<? extends Certificate> a10 = new m.b(x509CertSelector).a();
            LinkedHashSet linkedHashSet = new LinkedHashSet();
            try {
                ArrayList arrayList = new ArrayList();
                arrayList.addAll(b(a10, list));
                arrayList.addAll(b(a10, list2));
                Iterator it = arrayList.iterator();
                while (it.hasNext()) {
                    linkedHashSet.add((X509Certificate) it.next());
                }
                return linkedHashSet;
            } catch (a e10) {
                throw new a("Issuer certificate cannot be searched.", e10);
            }
        } catch (IOException e11) {
            throw new a("Subject criteria for certificate selector to find issuer certificate could not be set.", e11);
        }
    }

    public static TrustAnchor d(X509Certificate x509Certificate, Set set) throws a {
        return e(x509Certificate, set, null);
    }

    public static TrustAnchor e(X509Certificate x509Certificate, Set set, String str) throws a {
        X509CertSelector x509CertSelector = new X509CertSelector();
        eb.d b10 = i0.b(x509Certificate);
        try {
            x509CertSelector.setSubject(b10.getEncoded());
            Iterator it = set.iterator();
            TrustAnchor trustAnchor = null;
            Exception e10 = null;
            PublicKey publicKey = null;
            while (it.hasNext() && trustAnchor == null) {
                trustAnchor = (TrustAnchor) it.next();
                if (trustAnchor.getTrustedCert() != null) {
                    if (x509CertSelector.match(trustAnchor.getTrustedCert())) {
                        publicKey = trustAnchor.getTrustedCert().getPublicKey();
                    }
                    trustAnchor = null;
                } else {
                    if (trustAnchor.getCAName() != null && trustAnchor.getCAPublicKey() != null) {
                        try {
                            if (b10.equals(i0.a(trustAnchor))) {
                                publicKey = trustAnchor.getCAPublicKey();
                            }
                        } catch (IllegalArgumentException unused) {
                        }
                    }
                    trustAnchor = null;
                }
                if (publicKey != null) {
                    try {
                        D(x509Certificate, publicKey, str);
                    } catch (Exception e11) {
                        e10 = e11;
                        trustAnchor = null;
                        publicKey = null;
                    }
                }
            }
            if (trustAnchor != null || e10 == null) {
                return trustAnchor;
            }
            throw new a("TrustAnchor found but certificate validation failed.", e10);
        } catch (IOException e12) {
            throw new a("Cannot set subject search criteria for trust anchor.", e12);
        }
    }

    public static List<kc.l> f(byte[] bArr, Map<gb.b0, kc.l> map) throws CertificateParsingException {
        if (bArr == null) {
            return Collections.EMPTY_LIST;
        }
        gb.b0[] a02 = gb.c0.P(r9.r.x0(bArr).G0()).a0();
        ArrayList arrayList = new ArrayList();
        for (int i10 = 0; i10 != a02.length; i10++) {
            kc.l lVar = map.get(a02[i10]);
            if (lVar != null) {
                arrayList.add(lVar);
            }
        }
        return arrayList;
    }

    public static List<kc.j> g(gb.k kVar, Map<gb.b0, kc.j> map) throws a {
        if (kVar == null) {
            return Collections.EMPTY_LIST;
        }
        try {
            gb.v[] M = kVar.M();
            ArrayList arrayList = new ArrayList();
            for (gb.v vVar : M) {
                gb.w W = vVar.W();
                if (W != null && W.l0() == 0) {
                    for (gb.b0 b0Var : gb.c0.P(W.a0()).a0()) {
                        kc.j jVar = map.get(b0Var);
                        if (jVar != null) {
                            arrayList.add(jVar);
                        }
                    }
                }
            }
            return arrayList;
        } catch (Exception e10) {
            throw new a("Distribution points could not be read.", e10);
        }
    }

    public static gb.b h(PublicKey publicKey) throws CertPathValidatorException {
        try {
            return d1.W(new r9.m(publicKey.getEncoded()).j()).M();
        } catch (Exception e10) {
            throw new ad.b("Subject public key cannot be decoded.", e10);
        }
    }

    public static void i(gb.v vVar, Collection collection, X509CRLSelector x509CRLSelector) throws a {
        ArrayList arrayList = new ArrayList();
        if (vVar.P() != null) {
            gb.b0[] a02 = vVar.P().a0();
            for (int i10 = 0; i10 < a02.length; i10++) {
                if (a02[i10].f() == 4) {
                    try {
                        arrayList.add(eb.d.a0(a02[i10].a0().g().getEncoded()));
                    } catch (IOException e10) {
                        throw new a("CRL issuer information from distribution point cannot be decoded.", e10);
                    }
                }
            }
        } else {
            if (vVar.W() == null) {
                throw new a("CRL issuer is omitted from distribution point but no distributionPoint field present.");
            }
            Iterator it = collection.iterator();
            while (it.hasNext()) {
                arrayList.add(it.next());
            }
        }
        Iterator it2 = arrayList.iterator();
        while (it2.hasNext()) {
            try {
                x509CRLSelector.addIssuerName(((eb.d) it2.next()).getEncoded());
            } catch (IOException e11) {
                throw new a("Cannot decode CRL issuer information.", e11);
            }
        }
    }

    public static void j(Date date, X509CRL x509crl, Object obj, h hVar) throws a {
        X509CRLEntry revokedCertificate;
        r9.i A0;
        try {
            if (o0.e(x509crl)) {
                revokedCertificate = x509crl.getRevokedCertificate(q(obj));
                if (revokedCertificate == null) {
                    return;
                }
                X500Principal certificateIssuer = revokedCertificate.getCertificateIssuer();
                if (!i0.b(obj).equals(certificateIssuer == null ? i0.c(x509crl) : eb.d.a0(certificateIssuer.getEncoded()))) {
                    return;
                }
            } else if (!i0.b(obj).equals(i0.c(x509crl)) || (revokedCertificate = x509crl.getRevokedCertificate(q(obj))) == null) {
                return;
            }
            if (revokedCertificate.hasExtensions()) {
                try {
                    A0 = r9.i.A0(m(revokedCertificate, gb.y.f24854l.K0()));
                } catch (Exception e10) {
                    throw new a("Reason code CRL entry extension could not be decoded.", e10);
                }
            } else {
                A0 = null;
            }
            if (date.getTime() >= revokedCertificate.getRevocationDate().getTime() || A0 == null || A0.I0().intValue() == 0 || A0.I0().intValue() == 1 || A0.I0().intValue() == 2 || A0.I0().intValue() == 8) {
                hVar.c(A0 != null ? A0.I0().intValue() : 0);
                hVar.d(revokedCertificate.getRevocationDate());
            }
        } catch (CRLException e11) {
            throw new a("Failed check for indirect CRL.", e11);
        }
    }

    public static Set k(gb.v vVar, Object obj, Date date, kc.o oVar) throws a {
        X509CRLSelector x509CRLSelector = new X509CRLSelector();
        try {
            HashSet hashSet = new HashSet();
            hashSet.add(i0.b(obj));
            i(vVar, hashSet, x509CRLSelector);
            if (obj instanceof X509Certificate) {
                x509CRLSelector.setCertificateChecking((X509Certificate) obj);
            }
            kc.k<? extends CRL> g10 = new k.b(x509CRLSelector).h(true).g();
            if (oVar.n() != null) {
                date = oVar.n();
            }
            Set b10 = f34737a.b(g10, date, oVar.l(), oVar.j());
            a(b10, obj);
            return b10;
        } catch (a e10) {
            throw new a("Could not get issuer information from distribution point.", e10);
        }
    }

    public static Set l(Date date, X509CRL x509crl, List<CertStore> list, List<kc.j> list2) throws a {
        X509CRLSelector x509CRLSelector = new X509CRLSelector();
        try {
            x509CRLSelector.addIssuerName(i0.c(x509crl).getEncoded());
            try {
                r9.v m10 = m(x509crl, f34752p);
                BigInteger G0 = m10 != null ? r9.n.x0(m10).G0() : null;
                try {
                    byte[] extensionValue = x509crl.getExtensionValue(f34745i);
                    x509CRLSelector.setMinCRLNumber(G0 != null ? G0.add(BigInteger.valueOf(1L)) : null);
                    k.b bVar = new k.b(x509CRLSelector);
                    bVar.j(extensionValue);
                    bVar.k(true);
                    bVar.l(G0);
                    Set<X509CRL> b10 = f34737a.b(bVar.g(), date, list, list2);
                    HashSet hashSet = new HashSet();
                    for (X509CRL x509crl2 : b10) {
                        if (u(x509crl2)) {
                            hashSet.add(x509crl2);
                        }
                    }
                    return hashSet;
                } catch (Exception e10) {
                    throw new a("Issuing distribution point extension value could not be read.", e10);
                }
            } catch (Exception e11) {
                throw new a("CRL number extension could not be extracted from CRL.", e11);
            }
        } catch (IOException e12) {
            throw new a("Cannot extract issuer from CRL.", e12);
        }
    }

    public static r9.v m(X509Extension x509Extension, String str) throws a {
        byte[] extensionValue = x509Extension.getExtensionValue(str);
        if (extensionValue == null) {
            return null;
        }
        return o(str, extensionValue);
    }

    public static PublicKey n(List list, int i10, yc.d dVar) throws CertPathValidatorException {
        DSAPublicKey dSAPublicKey;
        PublicKey publicKey = ((Certificate) list.get(i10)).getPublicKey();
        if (!(publicKey instanceof DSAPublicKey)) {
            return publicKey;
        }
        DSAPublicKey dSAPublicKey2 = (DSAPublicKey) publicKey;
        if (dSAPublicKey2.getParams() != null) {
            return dSAPublicKey2;
        }
        do {
            i10++;
            if (i10 >= list.size()) {
                throw new CertPathValidatorException("DSA parameters cannot be inherited from previous certificate.");
            }
            PublicKey publicKey2 = ((X509Certificate) list.get(i10)).getPublicKey();
            if (!(publicKey2 instanceof DSAPublicKey)) {
                throw new CertPathValidatorException("DSA parameters cannot be inherited from previous certificate.");
            }
            dSAPublicKey = (DSAPublicKey) publicKey2;
        } while (dSAPublicKey.getParams() == null);
        DSAParams params = dSAPublicKey.getParams();
        try {
            return dVar.g("DSA").generatePublic(new DSAPublicKeySpec(dSAPublicKey2.getY(), params.getP(), params.getQ(), params.getG()));
        } catch (Exception e10) {
            throw new RuntimeException(e10.getMessage());
        }
    }

    public static r9.v o(String str, byte[] bArr) throws a {
        try {
            return new r9.m(((r9.r) new r9.m(bArr).j()).G0()).j();
        } catch (Exception e10) {
            throw new a("exception processing extension " + str, e10);
        }
    }

    public static final Set p(r9.w wVar) throws CertPathValidatorException {
        HashSet hashSet = new HashSet();
        if (wVar == null) {
            return hashSet;
        }
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        r9.t tVar = new r9.t(byteArrayOutputStream);
        Enumeration K0 = wVar.K0();
        while (K0.hasMoreElements()) {
            try {
                tVar.m((r9.f) K0.nextElement());
                hashSet.add(new PolicyQualifierInfo(byteArrayOutputStream.toByteArray()));
                byteArrayOutputStream.reset();
            } catch (IOException e10) {
                throw new ad.b("Policy qualifier info cannot be decoded.", e10);
            }
        }
        return hashSet;
    }

    public static BigInteger q(Object obj) {
        return ((X509Certificate) obj).getSerialNumber();
    }

    public static Date r(kc.o oVar, CertPath certPath, int i10) throws a {
        if (oVar.u() == 1 && i10 > 0) {
            int i11 = i10 - 1;
            if (i11 == 0) {
                try {
                    byte[] extensionValue = ((X509Certificate) certPath.getCertificates().get(i11)).getExtensionValue(ja.a.f28572e.K0());
                    r9.k I0 = extensionValue != null ? r9.k.I0(r9.v.a0(extensionValue)) : null;
                    if (I0 != null) {
                        try {
                            return I0.G0();
                        } catch (ParseException e10) {
                            throw new a("Date from date of cert gen extension could not be parsed.", e10);
                        }
                    }
                } catch (IOException unused) {
                    throw new a("Date of cert gen extension could not be read.");
                } catch (IllegalArgumentException unused2) {
                    throw new a("Date of cert gen extension could not be read.");
                }
            }
            return ((X509Certificate) certPath.getCertificates().get(i11)).getNotBefore();
        }
        return s(oVar);
    }

    public static Date s(kc.o oVar) {
        Date n10 = oVar.n();
        return n10 == null ? new Date() : n10;
    }

    public static boolean t(Set set) {
        return set == null || set.contains("2.5.29.32.0") || set.isEmpty();
    }

    public static boolean u(X509CRL x509crl) {
        Set<String> criticalExtensionOIDs = x509crl.getCriticalExtensionOIDs();
        if (criticalExtensionOIDs == null) {
            return false;
        }
        return criticalExtensionOIDs.contains(j0.f34774g);
    }

    public static boolean v(X509Certificate x509Certificate, Set set, String str) throws a {
        try {
            return e(x509Certificate, set, str) != null;
        } catch (Exception unused) {
            return false;
        }
    }

    public static boolean w(X509Certificate x509Certificate) {
        return x509Certificate.getSubjectDN().equals(x509Certificate.getIssuerDN());
    }

    public static void x(int i10, List[] listArr, String str, Map map, X509Certificate x509Certificate) throws a, CertPathValidatorException {
        boolean z10;
        Set set;
        Iterator it = listArr[i10].iterator();
        while (true) {
            if (!it.hasNext()) {
                z10 = false;
                break;
            }
            h0 h0Var = (h0) it.next();
            if (h0Var.getValidPolicy().equals(str)) {
                h0Var.f34762c = (Set) map.get(str);
                z10 = true;
                break;
            }
        }
        if (z10) {
            return;
        }
        for (h0 h0Var2 : listArr[i10]) {
            if ("2.5.29.32.0".equals(h0Var2.getValidPolicy())) {
                try {
                    Enumeration K0 = r9.w.x0(m(x509Certificate, f34738b)).K0();
                    while (true) {
                        if (!K0.hasMoreElements()) {
                            set = null;
                            break;
                        }
                        try {
                            gb.t0 M = gb.t0.M(K0.nextElement());
                            if ("2.5.29.32.0".equals(M.P().K0())) {
                                try {
                                    set = p(M.W());
                                    break;
                                } catch (CertPathValidatorException e10) {
                                    throw new ad.b("Policy qualifier info set could not be built.", e10);
                                }
                            }
                        } catch (Exception e11) {
                            throw new a("Policy information cannot be decoded.", e11);
                        }
                    }
                    Set set2 = set;
                    boolean contains = x509Certificate.getCriticalExtensionOIDs() != null ? x509Certificate.getCriticalExtensionOIDs().contains(f34738b) : false;
                    h0 h0Var3 = (h0) h0Var2.getParent();
                    if ("2.5.29.32.0".equals(h0Var3.getValidPolicy())) {
                        h0 h0Var4 = new h0(new ArrayList(), i10, (Set) map.get(str), h0Var3, set2, str, contains);
                        h0Var3.a(h0Var4);
                        listArr[i10].add(h0Var4);
                        return;
                    }
                    return;
                } catch (Exception e12) {
                    throw new a("Certificate policies cannot be decoded.", e12);
                }
            }
        }
    }

    public static h0 y(int i10, List[] listArr, String str, h0 h0Var) {
        int i11;
        Iterator it = listArr[i10].iterator();
        while (it.hasNext()) {
            h0 h0Var2 = (h0) it.next();
            if (h0Var2.getValidPolicy().equals(str)) {
                ((h0) h0Var2.getParent()).d(h0Var2);
                it.remove();
                for (int i12 = i10 - 1; i12 >= 0; i12--) {
                    List list = listArr[i12];
                    while (i11 < list.size()) {
                        h0 h0Var3 = (h0) list.get(i11);
                        i11 = (h0Var3.c() || (h0Var = B(h0Var, listArr, h0Var3)) != null) ? i11 + 1 : 0;
                    }
                }
            }
        }
        return h0Var;
    }

    public static boolean z(int i10, List[] listArr, r9.q qVar, Set set) {
        List list = listArr[i10 - 1];
        for (int i11 = 0; i11 < list.size(); i11++) {
            h0 h0Var = (h0) list.get(i11);
            if (h0Var.getExpectedPolicies().contains(qVar.K0())) {
                HashSet hashSet = new HashSet();
                hashSet.add(qVar.K0());
                h0 h0Var2 = new h0(new ArrayList(), i10, hashSet, h0Var, set, qVar.K0(), false);
                h0Var.a(h0Var2);
                listArr[i10].add(h0Var2);
                return true;
            }
        }
        return false;
    }
}
