package org.bouncycastle.pkix.jcajce;

import androidx.core.os.EnvironmentCompat;
import com.google.firebase.ktx.BuildConfig;
import java.io.BufferedInputStream;
import java.io.InputStream;
import java.lang.ref.WeakReference;
import java.net.URL;
import java.security.GeneralSecurityException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.Provider;
import java.security.PublicKey;
import java.security.cert.CRL;
import java.security.cert.CertPathValidatorException;
import java.security.cert.CertStore;
import java.security.cert.CertStoreException;
import java.security.cert.Certificate;
import java.security.cert.CertificateFactory;
import java.security.cert.PKIXCertPathChecker;
import java.security.cert.PKIXParameters;
import java.security.cert.TrustAnchor;
import java.security.cert.X509CRL;
import java.security.cert.X509CRLSelector;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Collections;
import java.util.Date;
import java.util.Enumeration;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Set;
import java.util.WeakHashMap;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.security.auth.x500.X500Principal;
import net.sf.json.util.JSONUtils;
import org.bouncycastle.asn1.c0;
import org.bouncycastle.asn1.x509.b0;
import org.bouncycastle.asn1.x509.v;
import org.bouncycastle.asn1.x509.w;
import org.bouncycastle.asn1.y;
import org.bouncycastle.jcajce.n;
import org.bouncycastle.jcajce.u;
import org.bouncycastle.util.k;
import org.bouncycastle.util.q;
import org.bouncycastle.util.s;

/* loaded from: classes4.dex */
public class i extends PKIXCertPathChecker {
    public static final int L = 0;
    public static final int M = 1;
    private static Logger Q = Logger.getLogger(i.class.getName());
    private static final Map<b0, WeakReference<X509CRL>> X = Collections.synchronizedMap(new WeakHashMap());
    protected static final String[] Y = {BuildConfig.VERSION_NAME, "keyCompromise", "cACompromise", "affiliationChanged", "superseded", "cessationOfOperation", "certificateHold", EnvironmentCompat.MEDIA_UNKNOWN, "removeFromCRL", "privilegeWithdrawn", "aACompromise"};
    private X509Certificate H;

    /* renamed from: a, reason: collision with root package name */
    private final Map<X500Principal, Long> f45068a;

    /* renamed from: c, reason: collision with root package name */
    private final Set<TrustAnchor> f45069c;

    /* renamed from: d, reason: collision with root package name */
    private final boolean f45070d;

    /* renamed from: f, reason: collision with root package name */
    private final int f45071f;

    /* renamed from: g, reason: collision with root package name */
    private final List<s<CRL>> f45072g;

    /* renamed from: i, reason: collision with root package name */
    private final List<CertStore> f45073i;

    /* renamed from: j, reason: collision with root package name */
    private final org.bouncycastle.jcajce.util.f f45074j;

    /* renamed from: o, reason: collision with root package name */
    private final boolean f45075o;

    /* renamed from: p, reason: collision with root package name */
    private final long f45076p;

    /* renamed from: r, reason: collision with root package name */
    private final long f45077r;

    /* renamed from: v, reason: collision with root package name */
    private Date f45078v;

    /* renamed from: x, reason: collision with root package name */
    private X500Principal f45079x;

    /* renamed from: y, reason: collision with root package name */
    private PublicKey f45080y;

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: classes4.dex */
    public class a extends X509CRLSelector {

        /* renamed from: a, reason: collision with root package name */
        final /* synthetic */ List f45081a;

        a(List list) {
            this.f45081a = list;
        }

        @Override // java.security.cert.X509CRLSelector, java.security.cert.CRLSelector
        public boolean match(CRL crl) {
            if (!(crl instanceof X509CRL)) {
                return false;
            }
            this.f45081a.add(((X509CRL) crl).getIssuerX500Principal());
            return false;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: classes4.dex */
    public class b implements q<CRL> {

        /* renamed from: a, reason: collision with root package name */
        final /* synthetic */ List f45083a;

        b(List list) {
            this.f45083a = list;
        }

        @Override // org.bouncycastle.util.q
        public Object clone() {
            return this;
        }

        @Override // org.bouncycastle.util.q
        /* renamed from: match, reason: merged with bridge method [inline-methods] */
        public boolean z6(CRL crl) {
            if (!(crl instanceof X509CRL)) {
                return false;
            }
            this.f45083a.add(((X509CRL) crl).getIssuerX500Principal());
            return false;
        }
    }

    /* loaded from: classes4.dex */
    public static class c {

        /* renamed from: a, reason: collision with root package name */
        private Set<TrustAnchor> f45085a;

        /* renamed from: b, reason: collision with root package name */
        private List<CertStore> f45086b;

        /* renamed from: c, reason: collision with root package name */
        private List<s<CRL>> f45087c;

        /* renamed from: d, reason: collision with root package name */
        private boolean f45088d;

        /* renamed from: e, reason: collision with root package name */
        private int f45089e;

        /* renamed from: f, reason: collision with root package name */
        private Provider f45090f;

        /* renamed from: g, reason: collision with root package name */
        private String f45091g;

        /* renamed from: h, reason: collision with root package name */
        private boolean f45092h;

        /* renamed from: i, reason: collision with root package name */
        private long f45093i;

        /* renamed from: j, reason: collision with root package name */
        private long f45094j;

        public c(KeyStore keyStore) throws KeyStoreException {
            this.f45086b = new ArrayList();
            this.f45087c = new ArrayList();
            this.f45089e = 0;
            this.f45085a = new HashSet();
            Enumeration<String> aliases = keyStore.aliases();
            while (aliases.hasMoreElements()) {
                String nextElement = aliases.nextElement();
                if (keyStore.isCertificateEntry(nextElement)) {
                    this.f45085a.add(new TrustAnchor((X509Certificate) keyStore.getCertificate(nextElement), null));
                }
            }
        }

        public c(TrustAnchor trustAnchor) {
            this.f45086b = new ArrayList();
            this.f45087c = new ArrayList();
            this.f45089e = 0;
            this.f45085a = Collections.singleton(trustAnchor);
        }

        public c(Set<TrustAnchor> set) {
            this.f45086b = new ArrayList();
            this.f45087c = new ArrayList();
            this.f45089e = 0;
            this.f45085a = new HashSet(set);
        }

        public c k(CertStore certStore) {
            this.f45086b.add(certStore);
            return this;
        }

        public c l(s<CRL> sVar) {
            this.f45087c.add(sVar);
            return this;
        }

        public i m() {
            return new i(this, null);
        }

        public c n(boolean z5) {
            this.f45088d = z5;
            return this;
        }

        public c o(boolean z5, long j6) {
            this.f45092h = z5;
            this.f45093i = j6;
            this.f45094j = -1L;
            return this;
        }

        public c p(boolean z5, long j6) {
            this.f45092h = z5;
            this.f45093i = (3 * j6) / 4;
            this.f45094j = j6;
            return this;
        }

        public c q(int i6) {
            this.f45089e = i6;
            return this;
        }

        public c r(String str) {
            this.f45091g = str;
            return this;
        }

        public c s(Provider provider) {
            this.f45090f = provider;
            return this;
        }
    }

    /* loaded from: classes4.dex */
    private class d implements n<CRL>, k<CRL> {

        /* renamed from: a, reason: collision with root package name */
        private Collection<CRL> f45095a;

        public d(s<CRL> sVar) {
            this.f45095a = new ArrayList(sVar.a(null));
        }

        @Override // org.bouncycastle.jcajce.n, org.bouncycastle.util.s
        public Collection<CRL> a(q<CRL> qVar) {
            if (qVar == null) {
                return new ArrayList(this.f45095a);
            }
            ArrayList arrayList = new ArrayList();
            for (CRL crl : this.f45095a) {
                if (qVar.z6(crl)) {
                    arrayList.add(crl);
                }
            }
            return arrayList;
        }

        @Override // org.bouncycastle.util.k, java.lang.Iterable
        public Iterator<CRL> iterator() {
            return a(null).iterator();
        }
    }

    private i(c cVar) {
        org.bouncycastle.jcajce.util.f iVar;
        this.f45068a = new HashMap();
        this.f45072g = new ArrayList(cVar.f45087c);
        this.f45073i = new ArrayList(cVar.f45086b);
        this.f45070d = cVar.f45088d;
        this.f45071f = cVar.f45089e;
        this.f45069c = cVar.f45085a;
        this.f45075o = cVar.f45092h;
        this.f45076p = cVar.f45093i;
        this.f45077r = cVar.f45094j;
        if (cVar.f45090f != null) {
            iVar = new org.bouncycastle.jcajce.util.k(cVar.f45090f);
        } else {
            if (cVar.f45091g == null) {
                this.f45074j = new org.bouncycastle.jcajce.util.d();
                return;
            }
            iVar = new org.bouncycastle.jcajce.util.i(cVar.f45091g);
        }
        this.f45074j = iVar;
    }

    /* synthetic */ i(c cVar, a aVar) {
        this(cVar);
    }

    private void a(List<X500Principal> list, CertStore certStore) throws CertStoreException {
        certStore.getCRLs(new a(list));
    }

    private void b(List<X500Principal> list, s<CRL> sVar) {
        sVar.a(new b(list));
    }

    /* JADX WARN: Unreachable blocks removed: 2, instructions: 3 */
    private CRL d(X500Principal x500Principal, Date date, c0 c0Var, org.bouncycastle.jcajce.util.f fVar) {
        URL url;
        X509CRL x509crl;
        Logger logger;
        Level level;
        StringBuilder sb;
        v[] G = org.bouncycastle.asn1.x509.k.I(c0Var).G();
        for (int i6 = 0; i6 != G.length; i6++) {
            w I = G[i6].I();
            if (I != null && I.L() == 0) {
                b0[] L2 = org.bouncycastle.asn1.x509.c0.I(I.J()).L();
                for (int i7 = 0; i7 != L2.length; i7++) {
                    b0 b0Var = L2[i7];
                    if (b0Var.h() == 6) {
                        Map<b0, WeakReference<X509CRL>> map = X;
                        WeakReference<X509CRL> weakReference = map.get(b0Var);
                        if (weakReference != null) {
                            X509CRL x509crl2 = weakReference.get();
                            if (x509crl2 != null && !date.before(x509crl2.getThisUpdate()) && !date.after(x509crl2.getNextUpdate())) {
                                return x509crl2;
                            }
                            map.remove(b0Var);
                        }
                        try {
                            url = new URL(b0Var.J().toString());
                            try {
                                CertificateFactory l6 = fVar.l("X.509");
                                InputStream openStream = url.openStream();
                                x509crl = (X509CRL) l6.generateCRL(new BufferedInputStream(openStream));
                                openStream.close();
                                logger = Q;
                                level = Level.INFO;
                                sb = new StringBuilder();
                                sb.append("downloaded CRL from CrlDP ");
                                sb.append(url);
                                sb.append(" for issuer \"");
                            } catch (Exception e6) {
                                e = e6;
                            }
                            try {
                                sb.append(x500Principal);
                                sb.append(JSONUtils.DOUBLE_QUOTE);
                                logger.log(level, sb.toString());
                                map.put(b0Var, new WeakReference<>(x509crl));
                                return x509crl;
                            } catch (Exception e7) {
                                e = e7;
                                Logger logger2 = Q;
                                Level level2 = Level.FINE;
                                if (logger2.isLoggable(level2)) {
                                    Q.log(level2, "CrlDP " + url + " ignored: " + e.getMessage(), (Throwable) e);
                                } else {
                                    Q.log(Level.INFO, "CrlDP " + url + " ignored: " + e.getMessage());
                                }
                            }
                        } catch (Exception e8) {
                            e = e8;
                            url = null;
                        }
                    }
                }
            }
        }
        return null;
    }

    static List<n> e(org.bouncycastle.asn1.x509.k kVar, Map<b0, n> map) throws org.bouncycastle.pkix.jcajce.a {
        if (kVar == null) {
            return Collections.emptyList();
        }
        try {
            v[] G = kVar.G();
            ArrayList arrayList = new ArrayList();
            for (v vVar : G) {
                w I = vVar.I();
                if (I != null && I.L() == 0) {
                    for (b0 b0Var : org.bouncycastle.asn1.x509.c0.I(I.J()).L()) {
                        n nVar = map.get(b0Var);
                        if (nVar != null) {
                            arrayList.add(nVar);
                        }
                    }
                }
            }
            return arrayList;
        } catch (Exception e6) {
            throw new org.bouncycastle.pkix.jcajce.a("could not read distribution points could not be read", e6);
        }
    }

    /* JADX WARN: Removed duplicated region for block: B:17:0x0107  */
    /* JADX WARN: Removed duplicated region for block: B:24:0x0117  */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    protected void c(org.bouncycastle.jcajce.u r22, java.util.Date r23, java.util.Date r24, java.security.cert.X509Certificate r25, java.security.cert.X509Certificate r26, java.security.PublicKey r27, java.util.List r28, org.bouncycastle.jcajce.util.f r29) throws org.bouncycastle.pkix.jcajce.a, java.security.cert.CertPathValidatorException {
        /*
            Method dump skipped, instructions count: 437
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: org.bouncycastle.pkix.jcajce.i.c(org.bouncycastle.jcajce.u, java.util.Date, java.util.Date, java.security.cert.X509Certificate, java.security.cert.X509Certificate, java.security.PublicKey, java.util.List, org.bouncycastle.jcajce.util.f):void");
    }

    @Override // java.security.cert.PKIXCertPathChecker
    public void check(Certificate certificate, Collection<String> collection) throws CertPathValidatorException {
        Logger logger;
        Level level;
        StringBuilder sb;
        X509Certificate x509Certificate = (X509Certificate) certificate;
        if (this.f45070d && x509Certificate.getBasicConstraints() != -1) {
            this.f45079x = x509Certificate.getSubjectX500Principal();
            this.f45080y = x509Certificate.getPublicKey();
            this.H = x509Certificate;
            return;
        }
        if (this.f45079x == null) {
            this.f45079x = x509Certificate.getIssuerX500Principal();
            TrustAnchor trustAnchor = null;
            for (TrustAnchor trustAnchor2 : this.f45069c) {
                if (this.f45079x.equals(trustAnchor2.getCA()) || this.f45079x.equals(trustAnchor2.getTrustedCert().getSubjectX500Principal())) {
                    trustAnchor = trustAnchor2;
                }
            }
            if (trustAnchor == null) {
                throw new CertPathValidatorException("no trust anchor found for " + this.f45079x);
            }
            X509Certificate trustedCert = trustAnchor.getTrustedCert();
            this.H = trustedCert;
            this.f45080y = trustedCert.getPublicKey();
        }
        ArrayList arrayList = new ArrayList();
        try {
            PKIXParameters pKIXParameters = new PKIXParameters(this.f45069c);
            pKIXParameters.setRevocationEnabled(false);
            pKIXParameters.setDate(this.f45078v);
            for (int i6 = 0; i6 != this.f45073i.size(); i6++) {
                if (Q.isLoggable(Level.INFO)) {
                    a(arrayList, this.f45073i.get(i6));
                }
                pKIXParameters.addCertStore(this.f45073i.get(i6));
            }
            u.b bVar = new u.b(pKIXParameters);
            bVar.w(this.f45071f);
            for (int i7 = 0; i7 != this.f45072g.size(); i7++) {
                if (Q.isLoggable(Level.INFO)) {
                    b(arrayList, this.f45072g.get(i7));
                }
                bVar.m(new d(this.f45072g.get(i7)));
            }
            if (arrayList.isEmpty()) {
                Q.log(Level.INFO, "configured with 0 pre-loaded CRLs");
            } else if (Q.isLoggable(Level.FINE)) {
                for (int i8 = 0; i8 != arrayList.size(); i8++) {
                    Q.log(Level.FINE, "configuring with CRL for issuer \"" + arrayList.get(i8) + JSONUtils.DOUBLE_QUOTE);
                }
            } else {
                Q.log(Level.INFO, "configured with " + arrayList.size() + " pre-loaded CRLs");
            }
            u q6 = bVar.q();
            try {
                c(q6, this.f45078v, h.m(q6, this.f45078v), x509Certificate, this.H, this.f45080y, new ArrayList(), this.f45074j);
            } catch (org.bouncycastle.pkix.jcajce.a e6) {
                throw new CertPathValidatorException(e6.getMessage(), e6.getCause());
            } catch (org.bouncycastle.pkix.jcajce.b e7) {
                y yVar = org.bouncycastle.asn1.x509.y.Y;
                if (x509Certificate.getExtensionValue(yVar.e0()) == null) {
                    throw e7;
                }
                try {
                    CRL d6 = d(x509Certificate.getIssuerX500Principal(), this.f45078v, h.h(x509Certificate, yVar), this.f45074j);
                    if (d6 != null) {
                        try {
                            bVar.m(new d(new org.bouncycastle.util.e(Collections.singleton(d6))));
                            u q7 = bVar.q();
                            c(q7, this.f45078v, h.m(q7, this.f45078v), x509Certificate, this.H, this.f45080y, new ArrayList(), this.f45074j);
                        } catch (org.bouncycastle.pkix.jcajce.a e8) {
                            throw new CertPathValidatorException(e8.getMessage(), e8.getCause());
                        }
                    } else {
                        if (!this.f45075o) {
                            throw e7;
                        }
                        X500Principal issuerX500Principal = x509Certificate.getIssuerX500Principal();
                        Long l6 = this.f45068a.get(issuerX500Principal);
                        if (l6 != null) {
                            long currentTimeMillis = System.currentTimeMillis() - l6.longValue();
                            long j6 = this.f45077r;
                            if (j6 != -1 && j6 < currentTimeMillis) {
                                throw e7;
                            }
                            if (currentTimeMillis < this.f45076p) {
                                logger = Q;
                                level = Level.WARNING;
                                sb = new StringBuilder();
                            } else {
                                logger = Q;
                                level = Level.SEVERE;
                                sb = new StringBuilder();
                            }
                            sb.append("soft failing for issuer: \"");
                            sb.append(issuerX500Principal);
                            sb.append(JSONUtils.DOUBLE_QUOTE);
                            logger.log(level, sb.toString());
                        } else {
                            this.f45068a.put(issuerX500Principal, Long.valueOf(System.currentTimeMillis()));
                        }
                    }
                } catch (org.bouncycastle.pkix.jcajce.a e9) {
                    throw new CertPathValidatorException(e9.getMessage(), e9.getCause());
                }
            }
            this.H = x509Certificate;
            this.f45080y = x509Certificate.getPublicKey();
            this.f45079x = x509Certificate.getSubjectX500Principal();
        } catch (GeneralSecurityException e10) {
            throw new RuntimeException("error setting up baseParams: " + e10.getMessage());
        }
    }

    @Override // java.security.cert.PKIXCertPathChecker
    public Object clone() {
        return this;
    }

    @Override // java.security.cert.PKIXCertPathChecker
    public Set<String> getSupportedExtensions() {
        return null;
    }

    @Override // java.security.cert.PKIXCertPathChecker, java.security.cert.CertPathChecker
    public void init(boolean z5) throws CertPathValidatorException {
        if (z5) {
            throw new IllegalArgumentException("forward processing not supported");
        }
        this.f45078v = new Date();
        this.f45079x = null;
    }

    @Override // java.security.cert.PKIXCertPathChecker, java.security.cert.CertPathChecker
    public boolean isForwardCheckingSupported() {
        return false;
    }
}
