package org.bouncycastle.jcajce.provider.asymmetric.x509;

import java.io.BufferedOutputStream;
import java.io.IOException;
import java.math.BigInteger;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.Principal;
import java.security.Provider;
import java.security.PublicKey;
import java.security.Signature;
import java.security.SignatureException;
import java.security.cert.CRLException;
import java.security.cert.Certificate;
import java.security.cert.CertificateEncodingException;
import java.security.cert.X509CRL;
import java.security.cert.X509CRLEntry;
import java.security.cert.X509Certificate;
import java.util.Collections;
import java.util.Date;
import java.util.Enumeration;
import java.util.HashSet;
import java.util.List;
import java.util.Set;
import javax.security.auth.x500.X500Principal;
import org.bouncycastle.asn1.ASN1BitString;
import org.bouncycastle.asn1.ASN1Encodable;
import org.bouncycastle.asn1.ASN1ObjectIdentifier;
import org.bouncycastle.asn1.ASN1OctetString;
import org.bouncycastle.asn1.ASN1Primitive;
import org.bouncycastle.asn1.ASN1Sequence;
import org.bouncycastle.asn1.x500.X500Name;
import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
import org.bouncycastle.asn1.x509.CertificateList;
import org.bouncycastle.asn1.x509.Extension;
import org.bouncycastle.asn1.x509.Extensions;
import org.bouncycastle.asn1.x509.GeneralNames;
import org.bouncycastle.asn1.x509.TBSCertList;
import org.bouncycastle.asn1.x509.Time;
import org.bouncycastle.jcajce.CompositePublicKey;
import org.bouncycastle.jcajce.io.OutputStreamFactory;
import org.bouncycastle.jcajce.util.JcaJceHelper;
import org.bouncycastle.jce.X509Principal;
import org.bouncycastle.util.Arrays;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: classes3.dex */
public abstract class X509CRLImpl extends X509CRL {

    /* renamed from: a, reason: collision with root package name */
    protected JcaJceHelper f19034a;

    /* renamed from: b, reason: collision with root package name */
    protected CertificateList f19035b;

    /* renamed from: c, reason: collision with root package name */
    protected String f19036c;

    /* renamed from: d, reason: collision with root package name */
    protected byte[] f19037d;

    /* renamed from: e, reason: collision with root package name */
    protected boolean f19038e;

    /* JADX INFO: Access modifiers changed from: package-private */
    public X509CRLImpl(JcaJceHelper jcaJceHelper, CertificateList certificateList, String str, byte[] bArr, boolean z) {
        this.f19034a = jcaJceHelper;
        this.f19035b = certificateList;
        this.f19036c = str;
        this.f19037d = bArr;
        this.f19038e = z;
    }

    private void d(PublicKey publicKey, Signature signature, ASN1Encodable aSN1Encodable, byte[] bArr) throws NoSuchAlgorithmException, SignatureException, InvalidKeyException, CRLException {
        if (aSN1Encodable != null) {
            X509SignatureUtil.g(signature, aSN1Encodable);
        }
        signature.initVerify(publicKey);
        try {
            BufferedOutputStream bufferedOutputStream = new BufferedOutputStream(OutputStreamFactory.b(signature), 512);
            this.f19035b.o().f(bufferedOutputStream, "DER");
            bufferedOutputStream.close();
            if (!signature.verify(bArr)) {
                throw new SignatureException("CRL does not verify with supplied public key.");
            }
        } catch (IOException e2) {
            throw new CRLException(e2.toString());
        }
    }

    private void e(PublicKey publicKey, SignatureCreator signatureCreator) throws CRLException, NoSuchAlgorithmException, InvalidKeyException, SignatureException, NoSuchProviderException {
        if (!this.f19035b.n().equals(this.f19035b.o().n())) {
            throw new CRLException("Signature algorithm on CertificateList does not match TBSCertList.");
        }
        int i = 0;
        if ((publicKey instanceof CompositePublicKey) && X509SignatureUtil.d(this.f19035b.n())) {
            List<PublicKey> publicKeys = ((CompositePublicKey) publicKey).getPublicKeys();
            ASN1Sequence t = ASN1Sequence.t(this.f19035b.n().k());
            ASN1Sequence t2 = ASN1Sequence.t(ASN1BitString.u(this.f19035b.m()).s());
            boolean z = false;
            while (i != publicKeys.size()) {
                if (publicKeys.get(i) != null) {
                    AlgorithmIdentifier i2 = AlgorithmIdentifier.i(t.v(i));
                    try {
                        d(publicKeys.get(i), signatureCreator.a(X509SignatureUtil.c(i2)), i2.k(), ASN1BitString.u(t2.v(i)).s());
                        e = null;
                        z = true;
                    } catch (SignatureException e2) {
                        e = e2;
                    }
                    if (e != null) {
                        throw e;
                    }
                }
                i++;
            }
            if (!z) {
                throw new InvalidKeyException("no matching key found");
            }
            return;
        }
        if (!X509SignatureUtil.d(this.f19035b.n())) {
            Signature a2 = signatureCreator.a(getSigAlgName());
            byte[] bArr = this.f19037d;
            if (bArr == null) {
                d(publicKey, a2, null, getSignature());
                return;
            }
            try {
                d(publicKey, a2, ASN1Primitive.o(bArr), getSignature());
                return;
            } catch (IOException e3) {
                throw new SignatureException("cannot decode signature parameters: " + e3.getMessage());
            }
        }
        ASN1Sequence t3 = ASN1Sequence.t(this.f19035b.n().k());
        ASN1Sequence t4 = ASN1Sequence.t(ASN1BitString.u(this.f19035b.m()).s());
        boolean z2 = false;
        while (i != t4.size()) {
            AlgorithmIdentifier i3 = AlgorithmIdentifier.i(t3.v(i));
            try {
                d(publicKey, signatureCreator.a(X509SignatureUtil.c(i3)), i3.k(), ASN1BitString.u(t4.v(i)).s());
                e = null;
                z2 = true;
            } catch (InvalidKeyException | NoSuchAlgorithmException unused) {
                e = null;
            } catch (SignatureException e4) {
                e = e4;
            }
            if (e != null) {
                throw e;
            }
            i++;
        }
        if (!z2) {
            throw new InvalidKeyException("no matching key found");
        }
    }

    private Set f(boolean z) {
        Extensions h;
        if (getVersion() != 2 || (h = this.f19035b.o().h()) == null) {
            return null;
        }
        HashSet hashSet = new HashSet();
        Enumeration q = h.q();
        while (q.hasMoreElements()) {
            ASN1ObjectIdentifier aSN1ObjectIdentifier = (ASN1ObjectIdentifier) q.nextElement();
            if (z == h.i(aSN1ObjectIdentifier).m()) {
                hashSet.add(aSN1ObjectIdentifier.w());
            }
        }
        return hashSet;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static byte[] g(CertificateList certificateList, String str) {
        ASN1OctetString h = h(certificateList, str);
        if (h != null) {
            return h.u();
        }
        return null;
    }

    protected static ASN1OctetString h(CertificateList certificateList, String str) {
        Extension i;
        Extensions h = certificateList.o().h();
        if (h == null || (i = h.i(new ASN1ObjectIdentifier(str))) == null) {
            return null;
        }
        return i.j();
    }

    private Set i() {
        Extension i;
        HashSet hashSet = new HashSet();
        Enumeration k2 = this.f19035b.k();
        X500Name x500Name = null;
        while (k2.hasMoreElements()) {
            TBSCertList.CRLEntry cRLEntry = (TBSCertList.CRLEntry) k2.nextElement();
            hashSet.add(new X509CRLEntryObject(cRLEntry, this.f19038e, x500Name));
            if (this.f19038e && cRLEntry.l() && (i = cRLEntry.h().i(Extension.q)) != null) {
                x500Name = X500Name.h(GeneralNames.i(i.l()).k()[0].k());
            }
        }
        return hashSet;
    }

    @Override // java.security.cert.X509Extension
    public Set getCriticalExtensionOIDs() {
        return f(true);
    }

    @Override // java.security.cert.X509Extension
    public byte[] getExtensionValue(String str) {
        ASN1OctetString h = h(this.f19035b, str);
        if (h == null) {
            return null;
        }
        try {
            return h.getEncoded();
        } catch (Exception e2) {
            throw new IllegalStateException("error parsing " + e2.toString());
        }
    }

    @Override // java.security.cert.X509CRL
    public Principal getIssuerDN() {
        return new X509Principal(X500Name.h(this.f19035b.i().b()));
    }

    @Override // java.security.cert.X509CRL
    public X500Principal getIssuerX500Principal() {
        try {
            return new X500Principal(this.f19035b.i().getEncoded());
        } catch (IOException unused) {
            throw new IllegalStateException("can't encode issuer DN");
        }
    }

    @Override // java.security.cert.X509CRL
    public Date getNextUpdate() {
        Time j = this.f19035b.j();
        if (j == null) {
            return null;
        }
        return j.h();
    }

    @Override // java.security.cert.X509Extension
    public Set getNonCriticalExtensionOIDs() {
        return f(false);
    }

    @Override // java.security.cert.X509CRL
    public X509CRLEntry getRevokedCertificate(BigInteger bigInteger) {
        Extension i;
        Enumeration k2 = this.f19035b.k();
        X500Name x500Name = null;
        while (k2.hasMoreElements()) {
            TBSCertList.CRLEntry cRLEntry = (TBSCertList.CRLEntry) k2.nextElement();
            if (cRLEntry.k().x(bigInteger)) {
                return new X509CRLEntryObject(cRLEntry, this.f19038e, x500Name);
            }
            if (this.f19038e && cRLEntry.l() && (i = cRLEntry.h().i(Extension.q)) != null) {
                x500Name = X500Name.h(GeneralNames.i(i.l()).k()[0].k());
            }
        }
        return null;
    }

    @Override // java.security.cert.X509CRL
    public Set getRevokedCertificates() {
        Set i = i();
        if (i.isEmpty()) {
            return null;
        }
        return Collections.unmodifiableSet(i);
    }

    @Override // java.security.cert.X509CRL
    public String getSigAlgName() {
        return this.f19036c;
    }

    @Override // java.security.cert.X509CRL
    public String getSigAlgOID() {
        return this.f19035b.n().h().w();
    }

    @Override // java.security.cert.X509CRL
    public byte[] getSigAlgParams() {
        return Arrays.h(this.f19037d);
    }

    @Override // java.security.cert.X509CRL
    public byte[] getSignature() {
        return this.f19035b.m().w();
    }

    @Override // java.security.cert.X509CRL
    public byte[] getTBSCertList() throws CRLException {
        try {
            return this.f19035b.o().g("DER");
        } catch (IOException e2) {
            throw new CRLException(e2.toString());
        }
    }

    @Override // java.security.cert.X509CRL
    public Date getThisUpdate() {
        return this.f19035b.p().h();
    }

    @Override // java.security.cert.X509CRL
    public int getVersion() {
        return this.f19035b.q();
    }

    @Override // java.security.cert.X509Extension
    public boolean hasUnsupportedCriticalExtension() {
        Set criticalExtensionOIDs = getCriticalExtensionOIDs();
        if (criticalExtensionOIDs == null) {
            return false;
        }
        criticalExtensionOIDs.remove(Extension.p.w());
        criticalExtensionOIDs.remove(Extension.f15959o.w());
        return !criticalExtensionOIDs.isEmpty();
    }

    @Override // java.security.cert.CRL
    public boolean isRevoked(Certificate certificate) {
        X500Name k2;
        Extension i;
        if (!certificate.getType().equals("X.509")) {
            throw new IllegalArgumentException("X.509 CRL used with non X.509 Cert");
        }
        Enumeration k3 = this.f19035b.k();
        X500Name i2 = this.f19035b.i();
        if (k3.hasMoreElements()) {
            X509Certificate x509Certificate = (X509Certificate) certificate;
            BigInteger serialNumber = x509Certificate.getSerialNumber();
            while (k3.hasMoreElements()) {
                TBSCertList.CRLEntry i3 = TBSCertList.CRLEntry.i(k3.nextElement());
                if (this.f19038e && i3.l() && (i = i3.h().i(Extension.q)) != null) {
                    i2 = X500Name.h(GeneralNames.i(i.l()).k()[0].k());
                }
                if (i3.k().x(serialNumber)) {
                    if (certificate instanceof X509Certificate) {
                        k2 = X500Name.h(x509Certificate.getIssuerX500Principal().getEncoded());
                    } else {
                        try {
                            k2 = org.bouncycastle.asn1.x509.Certificate.i(certificate.getEncoded()).k();
                        } catch (CertificateEncodingException e2) {
                            throw new IllegalArgumentException("Cannot process certificate: " + e2.getMessage());
                        }
                    }
                    return i2.equals(k2);
                }
            }
        }
        return false;
    }

    /*  JADX ERROR: JadxRuntimeException in pass: RegionMakerVisitor
        jadx.core.utils.exceptions.JadxRuntimeException: Can't find top splitter block for handler:B:39:0x0143
        	at jadx.core.utils.BlockUtils.getTopSplitterForHandler(BlockUtils.java:1166)
        	at jadx.core.dex.visitors.regions.RegionMaker.processTryCatchBlocks(RegionMaker.java:1022)
        	at jadx.core.dex.visitors.regions.RegionMakerVisitor.visit(RegionMakerVisitor.java:55)
        */
    @Override // java.security.cert.CRL
    public java.lang.String toString() {
        /*
            Method dump skipped, instructions count: 369
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: org.bouncycastle.jcajce.provider.asymmetric.x509.X509CRLImpl.toString():java.lang.String");
    }

    @Override // java.security.cert.X509CRL
    public void verify(PublicKey publicKey) throws CRLException, NoSuchAlgorithmException, InvalidKeyException, NoSuchProviderException, SignatureException {
        e(publicKey, new SignatureCreator() { // from class: org.bouncycastle.jcajce.provider.asymmetric.x509.X509CRLImpl.1
            @Override // org.bouncycastle.jcajce.provider.asymmetric.x509.SignatureCreator
            public Signature a(String str) throws NoSuchAlgorithmException, NoSuchProviderException {
                try {
                    return X509CRLImpl.this.f19034a.a(str);
                } catch (Exception unused) {
                    return Signature.getInstance(str);
                }
            }
        });
    }

    @Override // java.security.cert.X509CRL
    public void verify(PublicKey publicKey, final String str) throws CRLException, NoSuchAlgorithmException, InvalidKeyException, NoSuchProviderException, SignatureException {
        e(publicKey, new SignatureCreator() { // from class: org.bouncycastle.jcajce.provider.asymmetric.x509.X509CRLImpl.2
            @Override // org.bouncycastle.jcajce.provider.asymmetric.x509.SignatureCreator
            public Signature a(String str2) throws NoSuchAlgorithmException, NoSuchProviderException {
                String str3 = str;
                return str3 != null ? Signature.getInstance(str2, str3) : Signature.getInstance(str2);
            }
        });
    }

    @Override // java.security.cert.X509CRL
    public void verify(PublicKey publicKey, final Provider provider) throws CRLException, NoSuchAlgorithmException, InvalidKeyException, SignatureException {
        try {
            e(publicKey, new SignatureCreator() { // from class: org.bouncycastle.jcajce.provider.asymmetric.x509.X509CRLImpl.3
                @Override // org.bouncycastle.jcajce.provider.asymmetric.x509.SignatureCreator
                public Signature a(String str) throws NoSuchAlgorithmException, NoSuchProviderException {
                    return provider != null ? Signature.getInstance(X509CRLImpl.this.getSigAlgName(), provider) : Signature.getInstance(X509CRLImpl.this.getSigAlgName());
                }
            });
        } catch (NoSuchProviderException e2) {
            throw new NoSuchAlgorithmException("provider issue: " + e2.getMessage());
        }
    }
}
