package org.bouncycastle.jce.provider;

import a6.g;
import ad.c0;
import f9.a0;
import f9.d0;
import f9.l;
import f9.l1;
import f9.v;
import f9.x;
import fa.d;
import fa.e0;
import fa.f;
import fa.o;
import fa.r;
import fa.s;
import fb.j;
import fb.k;
import fb.m;
import fb.n;
import fb.p;
import fd.h;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.math.BigInteger;
import java.net.URI;
import java.security.PublicKey;
import java.security.cert.CertPath;
import java.security.cert.CertPathBuilderException;
import java.security.cert.CertPathValidatorException;
import java.security.cert.CertSelector;
import java.security.cert.CertStore;
import java.security.cert.CertStoreException;
import java.security.cert.Certificate;
import java.security.cert.CertificateFactory;
import java.security.cert.PolicyQualifierInfo;
import java.security.cert.TrustAnchor;
import java.security.cert.X509CRL;
import java.security.cert.X509CRLSelector;
import java.security.cert.X509CertSelector;
import java.security.cert.X509Certificate;
import java.security.cert.X509Extension;
import java.security.interfaces.DSAParams;
import java.security.interfaces.DSAPublicKey;
import java.security.spec.DSAPublicKeySpec;
import java.text.ParseException;
import java.util.ArrayList;
import java.util.Collections;
import java.util.Date;
import java.util.Enumeration;
import java.util.HashSet;
import java.util.Iterator;
import java.util.LinkedHashSet;
import java.util.List;
import java.util.Map;
import java.util.Set;
import javax.security.auth.x500.X500Principal;
import org.bouncycastle.jce.exception.ExtCertPathBuilderException;
import org.bouncycastle.jce.exception.ExtCertPathValidatorException;
import vb.i;

/* loaded from: classes.dex */
public final class a {

    /* renamed from: a, reason: collision with root package name */
    public static final String f7389a;

    /* renamed from: b, reason: collision with root package name */
    public static final String f7390b;

    /* renamed from: c, reason: collision with root package name */
    public static final String f7391c;

    static {
        o.J1.getClass();
        o.B1.getClass();
        o.K1.getClass();
        o.f5021x1.getClass();
        o.H1.getClass();
        o.f5022y0.getClass();
        o.P1.getClass();
        f7389a = o.F1.X;
        o.E1.getClass();
        o.M1.getClass();
        o.O1.getClass();
        o.I1.getClass();
        f7390b = o.L1.X;
        f7391c = o.C1.X;
    }

    public static void a(LinkedHashSet linkedHashSet, n nVar, List list) {
        for (Object obj : list) {
            if (obj instanceof h) {
                linkedHashSet.addAll(((h) obj).b(nVar));
            } else {
                try {
                    linkedHashSet.addAll(((CertStore) obj).getCertificates(new n.a(nVar)));
                } catch (CertStoreException e7) {
                    throw new AnnotatedException("Problem while picking certificates from certificate store.", e7);
                }
            }
        }
    }

    /* JADX WARN: Multi-variable type inference failed */
    public static LinkedHashSet b(X509Certificate x509Certificate, List list, ArrayList arrayList) {
        X509CertSelector x509CertSelector = new X509CertSelector();
        try {
            x509CertSelector.setSubject(c0.O(x509Certificate).getEncoded());
            try {
                byte[] extensionValue = x509Certificate.getExtensionValue(f7390b);
                if (extensionValue != null) {
                    byte[] bArr = v.B(extensionValue).X;
                    v vVar = (bArr instanceof d ? (d) bArr : bArr != 0 ? new d(a0.E(bArr)) : null).X;
                    byte[] bArr2 = vVar != null ? vVar.X : null;
                    if (bArr2 != null) {
                        x509CertSelector.setSubjectKeyIdentifier(new l1(bArr2).getEncoded());
                    }
                }
            } catch (Exception unused) {
            }
            n nVar = new n((CertSelector) x509CertSelector.clone());
            LinkedHashSet linkedHashSet = new LinkedHashSet();
            try {
                a(linkedHashSet, nVar, list);
                a(linkedHashSet, nVar, arrayList);
                return linkedHashSet;
            } catch (AnnotatedException e7) {
                throw new AnnotatedException("Issuer certificate cannot be searched.", e7);
            }
        } catch (Exception e10) {
            throw new AnnotatedException("Subject criteria for certificate selector to find issuer certificate could not be set.", e10);
        }
    }

    public static Set c(fb.o oVar) {
        p pVar = oVar.X;
        n nVar = pVar.Y;
        LinkedHashSet linkedHashSet = new LinkedHashSet();
        try {
            a(linkedHashSet, nVar, pVar.f5062y0);
            a(linkedHashSet, nVar, pVar.a());
            if (!linkedHashSet.isEmpty()) {
                return linkedHashSet;
            }
            CertSelector certSelector = nVar.X;
            X509Certificate certificate = certSelector instanceof X509CertSelector ? ((X509CertSelector) certSelector).getCertificate() : null;
            if (certificate != null) {
                return Collections.singleton(certificate);
            }
            throw new CertPathBuilderException("No certificate found matching targetConstraints.");
        } catch (AnnotatedException e7) {
            throw new ExtCertPathBuilderException("Error finding target certificate.", e7);
        }
    }

    public static TrustAnchor d(X509Certificate x509Certificate, Set set, String str) {
        X509CertSelector x509CertSelector = new X509CertSelector();
        X500Principal issuerX500Principal = x509Certificate.getIssuerX500Principal();
        x509CertSelector.setSubject(issuerX500Principal);
        Iterator it = set.iterator();
        TrustAnchor trustAnchor = null;
        Exception exc = null;
        da.c cVar = null;
        PublicKey publicKey = null;
        while (it.hasNext() && trustAnchor == null) {
            trustAnchor = (TrustAnchor) it.next();
            if (trustAnchor.getTrustedCert() != null) {
                if (x509CertSelector.match(trustAnchor.getTrustedCert())) {
                    publicKey = trustAnchor.getTrustedCert().getPublicKey();
                }
                trustAnchor = null;
            } else {
                if (trustAnchor.getCA() != null && trustAnchor.getCAName() != null && trustAnchor.getCAPublicKey() != null) {
                    if (cVar == null) {
                        cVar = da.c.r(issuerX500Principal.getEncoded());
                    }
                    try {
                        if (cVar.equals(da.c.r(trustAnchor.getCA().getEncoded()))) {
                            publicKey = trustAnchor.getCAPublicKey();
                        }
                    } catch (IllegalArgumentException unused) {
                    }
                }
                trustAnchor = null;
            }
            if (publicKey != null) {
                if (str == null) {
                    try {
                        x509Certificate.verify(publicKey);
                    } catch (Exception e7) {
                        exc = e7;
                        trustAnchor = null;
                        publicKey = null;
                    }
                } else {
                    x509Certificate.verify(publicKey, str);
                }
            }
        }
        if (trustAnchor != null || exc == null) {
            return trustAnchor;
        }
        throw new AnnotatedException("TrustAnchor found but certificate validation failed.", exc);
    }

    public static List<m> e(byte[] bArr, Map<r, m> map) {
        if (bArr == null) {
            return Collections.EMPTY_LIST;
        }
        r[] r10 = s.q(v.B(bArr).X).r();
        ArrayList arrayList = new ArrayList();
        for (int i10 = 0; i10 != r10.length; i10++) {
            m mVar = map.get(r10[i10]);
            if (mVar != null) {
                arrayList.add(mVar);
            }
        }
        return arrayList;
    }

    public static List<j> f(f fVar, Map<r, j> map, Date date, sb.b bVar) {
        if (fVar == null) {
            return Collections.EMPTY_LIST;
        }
        try {
            fa.m[] q3 = fVar.q();
            ArrayList arrayList = new ArrayList();
            for (fa.m mVar : q3) {
                fa.n nVar = mVar.X;
                if (nVar != null && nVar.Y == 0) {
                    for (r rVar : s.q(nVar.X).r()) {
                        j jVar = map.get(rVar);
                        if (jVar != null) {
                            arrayList.add(jVar);
                        }
                    }
                }
            }
            if (arrayList.isEmpty() && fd.f.b("org.bouncycastle.x509.enableCRLDP")) {
                try {
                    CertificateFactory g10 = bVar.g("X.509");
                    for (int i10 = 0; i10 < q3.length; i10++) {
                        fa.n nVar2 = q3[i10].X;
                        if (nVar2 != null && nVar2.Y == 0) {
                            r[] r10 = s.q(nVar2.X).r();
                            for (int i11 = 0; i11 < r10.length; i11++) {
                                r rVar2 = r10[i10];
                                if (rVar2.Y == 6) {
                                    try {
                                        arrayList.add(vb.c.a(g10, date, new URI(((d0) rVar2.X).h())));
                                        break;
                                    } catch (Exception unused) {
                                        continue;
                                    }
                                }
                            }
                        }
                    }
                } catch (Exception e7) {
                    throw new AnnotatedException(g.e(e7, androidx.activity.f.o("cannot create certificate factory: ")), e7);
                }
            }
            return arrayList;
        } catch (Exception e10) {
            throw new AnnotatedException("Distribution points could not be read.", e10);
        }
    }

    public static fa.b g(PublicKey publicKey) {
        try {
            return e0.q(publicKey.getEncoded()).X;
        } catch (Exception e7) {
            throw new ExtCertPathValidatorException("Subject public key cannot be decoded.", e7);
        }
    }

    public static void h(fa.m mVar, HashSet hashSet, X509CRLSelector x509CRLSelector) {
        ArrayList arrayList = new ArrayList();
        s sVar = mVar.Z;
        if (sVar != null) {
            for (r rVar : sVar.r()) {
                if (rVar.Y == 4) {
                    try {
                        arrayList.add(da.c.r(rVar.X.g().getEncoded()));
                    } catch (IOException e7) {
                        throw new AnnotatedException("CRL issuer information from distribution point cannot be decoded.", e7);
                    }
                }
            }
        } else {
            if (mVar.X == null) {
                throw new AnnotatedException("CRL issuer is omitted from distribution point but no distributionPoint field present.", null);
            }
            Iterator it = hashSet.iterator();
            while (it.hasNext()) {
                arrayList.add(it.next());
            }
        }
        Iterator it2 = arrayList.iterator();
        while (it2.hasNext()) {
            try {
                x509CRLSelector.addIssuerName(((da.c) it2.next()).getEncoded());
            } catch (IOException e10) {
                throw new AnnotatedException("Cannot decode CRL issuer information.", e10);
            }
        }
    }

    /* JADX WARN: Removed duplicated region for block: B:10:0x0021  */
    /* JADX WARN: Removed duplicated region for block: B:22:0x006c  */
    /* JADX WARN: Removed duplicated region for block: B:33:0x0093  */
    /* JADX WARN: Removed duplicated region for block: B:46:0x0049  */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public static void i(java.util.Date r5, java.security.cert.X509CRL r6, java.lang.Object r7, d3.s r8) {
        /*
            int r0 = vb.l.X     // Catch: java.security.cert.CRLException -> Lc2
            f9.u r0 = fa.o.F1     // Catch: java.lang.Exception -> Lbb
            java.lang.String r0 = r0.X     // Catch: java.lang.Exception -> Lbb
            byte[] r0 = r6.getExtensionValue(r0)     // Catch: java.lang.Exception -> Lbb
            r1 = 0
            r2 = 1
            if (r0 == 0) goto L1e
            f9.v r0 = f9.v.B(r0)     // Catch: java.lang.Exception -> Lbb
            byte[] r0 = r0.X     // Catch: java.lang.Exception -> Lbb
            fa.u r0 = fa.u.r(r0)     // Catch: java.lang.Exception -> Lbb
            boolean r0 = r0.f5035y0     // Catch: java.lang.Exception -> Lbb
            if (r0 == 0) goto L1e
            r0 = 1
            goto L1f
        L1e:
            r0 = 0
        L1f:
            if (r0 == 0) goto L49
            r0 = r7
            java.security.cert.X509Certificate r0 = (java.security.cert.X509Certificate) r0
            java.math.BigInteger r0 = r0.getSerialNumber()
            java.security.cert.X509CRLEntry r0 = r6.getRevokedCertificate(r0)
            if (r0 != 0) goto L2f
            return
        L2f:
            javax.security.auth.x500.X500Principal r3 = r0.getCertificateIssuer()
            if (r3 != 0) goto L3a
            da.c r6 = ad.c0.N(r6)
            goto L3e
        L3a:
            da.c r6 = ad.c0.Q(r3)
        L3e:
            da.c r7 = ad.c0.M(r7)
            boolean r6 = r7.equals(r6)
            if (r6 != 0) goto L65
            return
        L49:
            da.c r0 = ad.c0.M(r7)
            da.c r3 = ad.c0.N(r6)
            boolean r0 = r0.equals(r3)
            if (r0 != 0) goto L58
            return
        L58:
            java.security.cert.X509Certificate r7 = (java.security.cert.X509Certificate) r7
            java.math.BigInteger r7 = r7.getSerialNumber()
            java.security.cert.X509CRLEntry r0 = r6.getRevokedCertificate(r7)
            if (r0 != 0) goto L65
            return
        L65:
            boolean r6 = r0.hasExtensions()
            r7 = 0
            if (r6 == 0) goto L90
            boolean r6 = r0.hasUnsupportedCriticalExtension()
            if (r6 != 0) goto L88
            f9.u r6 = fa.o.D1     // Catch: java.lang.Exception -> L7f
            java.lang.String r6 = r6.X     // Catch: java.lang.Exception -> L7f
            f9.x r6 = l(r0, r6)     // Catch: java.lang.Exception -> L7f
            f9.i r7 = f9.i.D(r6)     // Catch: java.lang.Exception -> L7f
            goto L90
        L7f:
            r5 = move-exception
            org.bouncycastle.jce.provider.AnnotatedException r6 = new org.bouncycastle.jce.provider.AnnotatedException
            java.lang.String r7 = "Reason code CRL entry extension could not be decoded."
            r6.<init>(r7, r5)
            throw r6
        L88:
            org.bouncycastle.jce.provider.AnnotatedException r5 = new org.bouncycastle.jce.provider.AnnotatedException
            java.lang.String r6 = "CRL entry has unsupported critical extensions."
            r5.<init>(r6, r7)
            throw r5
        L90:
            if (r7 != 0) goto L93
            goto L97
        L93:
            int r1 = r7.E()
        L97:
            long r5 = r5.getTime()
            java.util.Date r7 = r0.getRevocationDate()
            long r3 = r7.getTime()
            int r7 = (r5 > r3 ? 1 : (r5 == r3 ? 0 : -1))
            if (r7 >= 0) goto Lb2
            if (r1 == 0) goto Lb2
            if (r1 == r2) goto Lb2
            r5 = 2
            if (r1 == r5) goto Lb2
            r5 = 10
            if (r1 != r5) goto Lba
        Lb2:
            r8.f4355a = r1
            java.util.Date r5 = r0.getRevocationDate()
            r8.f4356b = r5
        Lba:
            return
        Lbb:
            r5 = move-exception
            org.bouncycastle.jce.provider.ExtCRLException r6 = new org.bouncycastle.jce.provider.ExtCRLException     // Catch: java.security.cert.CRLException -> Lc2
            r6.<init>(r5)     // Catch: java.security.cert.CRLException -> Lc2
            throw r6     // Catch: java.security.cert.CRLException -> Lc2
        Lc2:
            r5 = move-exception
            org.bouncycastle.jce.provider.AnnotatedException r6 = new org.bouncycastle.jce.provider.AnnotatedException
            java.lang.String r7 = "Failed check for indirect CRL."
            r6.<init>(r7, r5)
            throw r6
        */
        throw new UnsupportedOperationException("Method not decompiled: org.bouncycastle.jce.provider.a.i(java.util.Date, java.security.cert.X509CRL, java.lang.Object, d3.s):void");
    }

    public static HashSet j(k0.f fVar, fa.m mVar, Object obj, p pVar, Date date) {
        X509CRLSelector x509CRLSelector = new X509CRLSelector();
        try {
            HashSet hashSet = new HashSet();
            hashSet.add(c0.M(obj));
            h(mVar, hashSet, x509CRLSelector);
            if (obj instanceof X509Certificate) {
                x509CRLSelector.setCertificateChecking((X509Certificate) obj);
            }
            k.a aVar = new k.a(x509CRLSelector);
            aVar.f5054b = true;
            HashSet F0 = bd.h.F0(new k(aVar), date, pVar.a(), pVar.f5063y1);
            if (!F0.isEmpty()) {
                return F0;
            }
            if (obj instanceof jd.f) {
                ((jd.f) obj).h();
                throw null;
            }
            StringBuilder o10 = androidx.activity.f.o("No CRLs found for issuer \"");
            o10.append(ea.c.n.a3(c0.O((X509Certificate) obj)));
            o10.append("\"");
            throw new RecoverableCertPathValidatorException(o10.toString(), (CertPath) fVar.f5809e, fVar.f5807b);
        } catch (AnnotatedException e7) {
            throw new AnnotatedException("Could not get issuer information from distribution point.", e7);
        }
    }

    public static HashSet k(Date date, X509CRL x509crl, List list, List list2, sb.b bVar) {
        X509CRLSelector x509CRLSelector = new X509CRLSelector();
        try {
            x509CRLSelector.addIssuerName(c0.N(x509crl).getEncoded());
            try {
                x l10 = l(x509crl, f7391c);
                BigInteger D = l10 != null ? f9.p.B(l10).D() : null;
                try {
                    byte[] extensionValue = x509crl.getExtensionValue(f7389a);
                    x509CRLSelector.setMinCRLNumber(D != null ? D.add(BigInteger.valueOf(1L)) : null);
                    k.a aVar = new k.a(x509CRLSelector);
                    aVar.d = fd.a.c(extensionValue);
                    aVar.f5056e = true;
                    aVar.f5055c = D;
                    k kVar = new k(aVar);
                    HashSet<X509CRL> F0 = bd.h.F0(kVar, date, list, list2);
                    if (F0.isEmpty() && fd.f.b("org.bouncycastle.x509.enableCRLDP")) {
                        try {
                            CertificateFactory g10 = bVar.g("X.509");
                            fa.m[] q3 = f.r(extensionValue).q();
                            for (int i10 = 0; i10 < q3.length; i10++) {
                                fa.n nVar = q3[i10].X;
                                if (nVar != null && nVar.Y == 0) {
                                    r[] r10 = s.q(nVar.X).r();
                                    for (int i11 = 0; i11 < r10.length; i11++) {
                                        r rVar = r10[i10];
                                        if (rVar.Y == 6) {
                                            try {
                                                F0 = bd.h.F0(kVar, date, Collections.EMPTY_LIST, Collections.singletonList(vb.c.a(g10, date, new URI(((d0) rVar.X).h()))));
                                                break;
                                            } catch (Exception unused) {
                                                continue;
                                            }
                                        }
                                    }
                                }
                            }
                        } catch (Exception e7) {
                            throw new AnnotatedException(g.e(e7, androidx.activity.f.o("cannot create certificate factory: ")), e7);
                        }
                    }
                    HashSet hashSet = new HashSet();
                    for (X509CRL x509crl2 : F0) {
                        Set<String> criticalExtensionOIDs = x509crl2.getCriticalExtensionOIDs();
                        if (criticalExtensionOIDs == null ? false : criticalExtensionOIDs.contains(i.f8982f)) {
                            hashSet.add(x509crl2);
                        }
                    }
                    return hashSet;
                } catch (Exception e10) {
                    throw new AnnotatedException("Issuing distribution point extension value could not be read.", e10);
                }
            } catch (Exception e11) {
                throw new AnnotatedException("CRL number extension could not be extracted from CRL.", e11);
            }
        } catch (IOException e12) {
            throw new AnnotatedException("Cannot extract issuer from CRL.", e12);
        }
    }

    public static x l(X509Extension x509Extension, String str) {
        byte[] extensionValue = x509Extension.getExtensionValue(str);
        if (extensionValue == null) {
            return null;
        }
        try {
            return x.w(v.B(extensionValue).X);
        } catch (Exception e7) {
            throw new AnnotatedException(androidx.fragment.app.a.h("exception processing extension ", str), e7);
        }
    }

    public static PublicKey m(List list, int i10, sb.b bVar) {
        DSAPublicKey dSAPublicKey;
        PublicKey publicKey = ((Certificate) list.get(i10)).getPublicKey();
        if (!(publicKey instanceof DSAPublicKey)) {
            return publicKey;
        }
        DSAPublicKey dSAPublicKey2 = (DSAPublicKey) publicKey;
        if (dSAPublicKey2.getParams() != null) {
            return dSAPublicKey2;
        }
        do {
            i10++;
            if (i10 >= list.size()) {
                throw new CertPathValidatorException("DSA parameters cannot be inherited from previous certificate.");
            }
            PublicKey publicKey2 = ((X509Certificate) list.get(i10)).getPublicKey();
            if (!(publicKey2 instanceof DSAPublicKey)) {
                throw new CertPathValidatorException("DSA parameters cannot be inherited from previous certificate.");
            }
            dSAPublicKey = (DSAPublicKey) publicKey2;
        } while (dSAPublicKey.getParams() == null);
        DSAParams params = dSAPublicKey.getParams();
        try {
            return bVar.q("DSA").generatePublic(new DSAPublicKeySpec(dSAPublicKey2.getY(), params.getP(), params.getQ(), params.getG()));
        } catch (Exception e7) {
            throw new RuntimeException(e7.getMessage());
        }
    }

    public static final HashSet n(a0 a0Var) {
        HashSet hashSet = new HashSet();
        if (a0Var == null) {
            return hashSet;
        }
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        b2.f fVar = new b2.f(11, byteArrayOutputStream);
        Enumeration G = a0Var.G();
        while (G.hasMoreElements()) {
            try {
                f9.g gVar = (f9.g) G.nextElement();
                if (gVar == null) {
                    throw new IOException("null object detected");
                }
                gVar.g().r(fVar, true);
                hashSet.add(new PolicyQualifierInfo(byteArrayOutputStream.toByteArray()));
                byteArrayOutputStream.reset();
            } catch (IOException e7) {
                throw new ExtCertPathValidatorException("Policy qualifier info cannot be decoded.", e7);
            }
        }
        return hashSet;
    }

    public static Date o(Date date, int i10, CertPath certPath, int i11) {
        if (1 != i10 || i11 <= 0) {
            return date;
        }
        int i12 = i11 - 1;
        X509Certificate x509Certificate = (X509Certificate) certPath.getCertificates().get(i12);
        if (i12 == 0) {
            try {
                byte[] extensionValue = ((X509Certificate) certPath.getCertificates().get(i12)).getExtensionValue(eb.a.f4765a.X);
                l F = extensionValue != null ? l.F(x.w(extensionValue)) : null;
                if (F != null) {
                    try {
                        return F.E();
                    } catch (ParseException e7) {
                        throw new AnnotatedException("Date from date of cert gen extension could not be parsed.", e7);
                    }
                }
            } catch (IOException unused) {
                throw new AnnotatedException("Date of cert gen extension could not be read.", null);
            } catch (IllegalArgumentException unused2) {
                throw new AnnotatedException("Date of cert gen extension could not be read.", null);
            }
        }
        return x509Certificate.getNotBefore();
    }

    public static Date p(p pVar, Date date) {
        Date date2 = pVar.Z == null ? null : new Date(pVar.Z.getTime());
        return date2 == null ? date : date2;
    }

    public static boolean q(X509Certificate x509Certificate) {
        return x509Certificate.getSubjectDN().equals(x509Certificate.getIssuerDN());
    }

    public static vb.g r(vb.g gVar, List[] listArr, vb.g gVar2) {
        vb.g gVar3 = (vb.g) gVar2.d;
        if (gVar == null) {
            return null;
        }
        if (gVar3 != null) {
            gVar3.f8972a.remove(gVar2);
            s(listArr, gVar2);
            return gVar;
        }
        for (int i10 = 0; i10 < listArr.length; i10++) {
            listArr[i10] = new ArrayList();
        }
        return null;
    }

    public static void s(List[] listArr, vb.g gVar) {
        listArr[gVar.f8973b].remove(gVar);
        if (!gVar.f8972a.isEmpty()) {
            Iterator children = gVar.getChildren();
            while (children.hasNext()) {
                s(listArr, (vb.g) children.next());
            }
        }
    }
}
