package org.bouncycastle.pkix.jcajce;

import java.io.BufferedInputStream;
import java.io.InputStream;
import java.lang.ref.WeakReference;
import java.net.URL;
import java.security.GeneralSecurityException;
import java.security.PublicKey;
import java.security.cert.CRL;
import java.security.cert.CertPathValidatorException;
import java.security.cert.CertStore;
import java.security.cert.Certificate;
import java.security.cert.CertificateFactory;
import java.security.cert.PKIXCertPathChecker;
import java.security.cert.PKIXParameters;
import java.security.cert.TrustAnchor;
import java.security.cert.X509CRL;
import java.security.cert.X509CRLSelector;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Collections;
import java.util.Date;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Set;
import java.util.WeakHashMap;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.security.auth.x500.X500Principal;
import org.bouncycastle.asn1.ASN1ObjectIdentifier;
import org.bouncycastle.asn1.ASN1Primitive;
import org.bouncycastle.asn1.x509.CRLDistPoint;
import org.bouncycastle.asn1.x509.DistributionPoint;
import org.bouncycastle.asn1.x509.DistributionPointName;
import org.bouncycastle.asn1.x509.Extension;
import org.bouncycastle.asn1.x509.GeneralName;
import org.bouncycastle.asn1.x509.GeneralNames;
import org.bouncycastle.jcajce.PKIXCRLStore;
import org.bouncycastle.jcajce.PKIXExtendedParameters;
import org.bouncycastle.jcajce.util.JcaJceHelper;
import org.bouncycastle.util.CollectionStore;
import org.bouncycastle.util.Iterable;
import org.bouncycastle.util.Selector;
import org.bouncycastle.util.Store;

/* loaded from: classes2.dex */
public class X509RevocationChecker extends PKIXCertPathChecker {

    /* renamed from: j5, reason: collision with root package name */
    private static Logger f24760j5 = Logger.getLogger(X509RevocationChecker.class.getName());

    /* renamed from: k5, reason: collision with root package name */
    private static final Map<GeneralName, WeakReference<X509CRL>> f24761k5 = Collections.synchronizedMap(new WeakHashMap());

    /* renamed from: l5, reason: collision with root package name */
    protected static final String[] f24762l5 = {"unspecified", "keyCompromise", "cACompromise", "affiliationChanged", "superseded", "cessationOfOperation", "certificateHold", "unknown", "removeFromCRL", "privilegeWithdrawn", "aACompromise"};
    private final boolean X;
    private final int Y;
    private final List<Store<CRL>> Z;

    /* renamed from: a5, reason: collision with root package name */
    private final List<CertStore> f24763a5;

    /* renamed from: b5, reason: collision with root package name */
    private final JcaJceHelper f24764b5;

    /* renamed from: c5, reason: collision with root package name */
    private final boolean f24765c5;

    /* renamed from: d5, reason: collision with root package name */
    private final long f24766d5;

    /* renamed from: e5, reason: collision with root package name */
    private final long f24767e5;

    /* renamed from: f, reason: collision with root package name */
    private final Map<X500Principal, Long> f24768f;

    /* renamed from: f5, reason: collision with root package name */
    private Date f24769f5;

    /* renamed from: g5, reason: collision with root package name */
    private X500Principal f24770g5;

    /* renamed from: h5, reason: collision with root package name */
    private PublicKey f24771h5;

    /* renamed from: i, reason: collision with root package name */
    private final Set<TrustAnchor> f24772i;

    /* renamed from: i5, reason: collision with root package name */
    private X509Certificate f24773i5;

    /* loaded from: classes2.dex */
    public static class Builder {
    }

    /* loaded from: classes2.dex */
    private class LocalCRLStore implements PKIXCRLStore<CRL>, Iterable<CRL> {

        /* renamed from: f, reason: collision with root package name */
        private Collection<CRL> f24778f;

        public LocalCRLStore(Store<CRL> store) {
            this.f24778f = new ArrayList(store.a(null));
        }

        @Override // org.bouncycastle.jcajce.PKIXCRLStore, org.bouncycastle.util.Store
        public Collection<CRL> a(Selector<CRL> selector) {
            if (selector == null) {
                return new ArrayList(this.f24778f);
            }
            ArrayList arrayList = new ArrayList();
            for (CRL crl : this.f24778f) {
                if (selector.o1(crl)) {
                    arrayList.add(crl);
                }
            }
            return arrayList;
        }

        @Override // java.lang.Iterable
        public Iterator<CRL> iterator() {
            return a(null).iterator();
        }
    }

    private void b(final List<X500Principal> list, CertStore certStore) {
        certStore.getCRLs(new X509CRLSelector() { // from class: org.bouncycastle.pkix.jcajce.X509RevocationChecker.1
            @Override // java.security.cert.X509CRLSelector, java.security.cert.CRLSelector
            public boolean match(CRL crl) {
                if (!(crl instanceof X509CRL)) {
                    return false;
                }
                list.add(((X509CRL) crl).getIssuerX500Principal());
                return false;
            }
        });
    }

    private void e(final List<X500Principal> list, Store<CRL> store) {
        store.a(new Selector<CRL>() { // from class: org.bouncycastle.pkix.jcajce.X509RevocationChecker.2
            @Override // org.bouncycastle.util.Selector
            public Object clone() {
                return this;
            }

            @Override // org.bouncycastle.util.Selector
            /* renamed from: match, reason: merged with bridge method [inline-methods] */
            public boolean o1(CRL crl) {
                if (!(crl instanceof X509CRL)) {
                    return false;
                }
                list.add(((X509CRL) crl).getIssuerX500Principal());
                return false;
            }
        });
    }

    /* JADX WARN: Unreachable blocks removed: 2, instructions: 3 */
    private CRL g(X500Principal x500Principal, Date date, ASN1Primitive aSN1Primitive, JcaJceHelper jcaJceHelper) {
        URL url;
        X509CRL x509crl;
        Logger logger;
        Level level;
        StringBuilder sb2;
        DistributionPoint[] i10 = CRLDistPoint.j(aSN1Primitive).i();
        for (int i11 = 0; i11 != i10.length; i11++) {
            DistributionPointName k10 = i10[i11].k();
            if (k10 != null && k10.m() == 0) {
                GeneralName[] l10 = GeneralNames.j(k10.l()).l();
                for (int i12 = 0; i12 != l10.length; i12++) {
                    GeneralName generalName = l10[i12];
                    if (generalName.m() == 6) {
                        Map<GeneralName, WeakReference<X509CRL>> map = f24761k5;
                        WeakReference<X509CRL> weakReference = map.get(generalName);
                        if (weakReference != null) {
                            X509CRL x509crl2 = weakReference.get();
                            if (x509crl2 != null && !date.before(x509crl2.getThisUpdate()) && !date.after(x509crl2.getNextUpdate())) {
                                return x509crl2;
                            }
                            map.remove(generalName);
                        }
                        try {
                            url = new URL(generalName.l().toString());
                            try {
                                CertificateFactory f10 = jcaJceHelper.f("X.509");
                                InputStream openStream = url.openStream();
                                x509crl = (X509CRL) f10.generateCRL(new BufferedInputStream(openStream));
                                openStream.close();
                                logger = f24760j5;
                                level = Level.INFO;
                                sb2 = new StringBuilder();
                                sb2.append("downloaded CRL from CrlDP ");
                                sb2.append(url);
                                sb2.append(" for issuer \"");
                            } catch (Exception e10) {
                                e = e10;
                            }
                            try {
                                sb2.append(x500Principal);
                                sb2.append("\"");
                                logger.log(level, sb2.toString());
                                map.put(generalName, new WeakReference<>(x509crl));
                                return x509crl;
                            } catch (Exception e11) {
                                e = e11;
                                Logger logger2 = f24760j5;
                                Level level2 = Level.FINE;
                                if (logger2.isLoggable(level2)) {
                                    f24760j5.log(level2, "CrlDP " + url + " ignored: " + e.getMessage(), (Throwable) e);
                                } else {
                                    f24760j5.log(Level.INFO, "CrlDP " + url + " ignored: " + e.getMessage());
                                }
                            }
                        } catch (Exception e12) {
                            e = e12;
                            url = null;
                        }
                    }
                }
            }
        }
        return null;
    }

    static List<PKIXCRLStore> h(CRLDistPoint cRLDistPoint, Map<GeneralName, PKIXCRLStore> map) {
        if (cRLDistPoint == null) {
            return Collections.emptyList();
        }
        try {
            DistributionPoint[] i10 = cRLDistPoint.i();
            ArrayList arrayList = new ArrayList();
            for (DistributionPoint distributionPoint : i10) {
                DistributionPointName k10 = distributionPoint.k();
                if (k10 != null && k10.m() == 0) {
                    for (GeneralName generalName : GeneralNames.j(k10.l()).l()) {
                        PKIXCRLStore pKIXCRLStore = map.get(generalName);
                        if (pKIXCRLStore != null) {
                            arrayList.add(pKIXCRLStore);
                        }
                    }
                }
            }
            return arrayList;
        } catch (Exception e10) {
            throw new AnnotatedException("could not read distribution points could not be read", e10);
        }
    }

    @Override // java.security.cert.PKIXCertPathChecker
    public void check(Certificate certificate, Collection<String> collection) {
        Logger logger;
        Level level;
        StringBuilder sb2;
        X509Certificate x509Certificate = (X509Certificate) certificate;
        if (this.X && x509Certificate.getBasicConstraints() != -1) {
            this.f24770g5 = x509Certificate.getSubjectX500Principal();
            this.f24771h5 = x509Certificate.getPublicKey();
            this.f24773i5 = x509Certificate;
            return;
        }
        if (this.f24770g5 == null) {
            this.f24770g5 = x509Certificate.getIssuerX500Principal();
            TrustAnchor trustAnchor = null;
            for (TrustAnchor trustAnchor2 : this.f24772i) {
                if (this.f24770g5.equals(trustAnchor2.getCA()) || this.f24770g5.equals(trustAnchor2.getTrustedCert().getSubjectX500Principal())) {
                    trustAnchor = trustAnchor2;
                }
            }
            if (trustAnchor == null) {
                throw new CertPathValidatorException("no trust anchor found for " + this.f24770g5);
            }
            X509Certificate trustedCert = trustAnchor.getTrustedCert();
            this.f24773i5 = trustedCert;
            this.f24771h5 = trustedCert.getPublicKey();
        }
        ArrayList arrayList = new ArrayList();
        try {
            PKIXParameters pKIXParameters = new PKIXParameters(this.f24772i);
            pKIXParameters.setRevocationEnabled(false);
            pKIXParameters.setDate(this.f24769f5);
            for (int i10 = 0; i10 != this.f24763a5.size(); i10++) {
                if (f24760j5.isLoggable(Level.INFO)) {
                    b(arrayList, this.f24763a5.get(i10));
                }
                pKIXParameters.addCertStore(this.f24763a5.get(i10));
            }
            PKIXExtendedParameters.Builder builder = new PKIXExtendedParameters.Builder(pKIXParameters);
            builder.t(this.Y);
            for (int i11 = 0; i11 != this.Z.size(); i11++) {
                if (f24760j5.isLoggable(Level.INFO)) {
                    e(arrayList, this.Z.get(i11));
                }
                builder.m(new LocalCRLStore(this.Z.get(i11)));
            }
            if (arrayList.isEmpty()) {
                f24760j5.log(Level.INFO, "configured with 0 pre-loaded CRLs");
            } else if (f24760j5.isLoggable(Level.FINE)) {
                for (int i12 = 0; i12 != arrayList.size(); i12++) {
                    f24760j5.log(Level.FINE, "configuring with CRL for issuer \"" + arrayList.get(i12) + "\"");
                }
            } else {
                f24760j5.log(Level.INFO, "configured with " + arrayList.size() + " pre-loaded CRLs");
            }
            PKIXExtendedParameters o10 = builder.o();
            try {
                f(o10, this.f24769f5, RevocationUtilities.l(o10, this.f24769f5), x509Certificate, this.f24773i5, this.f24771h5, new ArrayList(), this.f24764b5);
            } catch (AnnotatedException e10) {
                throw new CertPathValidatorException(e10.getMessage(), e10.getCause());
            } catch (CRLNotFoundException e11) {
                ASN1ObjectIdentifier aSN1ObjectIdentifier = Extension.f19628n5;
                if (x509Certificate.getExtensionValue(aSN1ObjectIdentifier.x()) == null) {
                    throw e11;
                }
                try {
                    CRL g10 = g(x509Certificate.getIssuerX500Principal(), this.f24769f5, RevocationUtilities.g(x509Certificate, aSN1ObjectIdentifier), this.f24764b5);
                    if (g10 != null) {
                        try {
                            builder.m(new LocalCRLStore(new CollectionStore(Collections.singleton(g10))));
                            PKIXExtendedParameters o11 = builder.o();
                            f(o11, this.f24769f5, RevocationUtilities.l(o11, this.f24769f5), x509Certificate, this.f24773i5, this.f24771h5, new ArrayList(), this.f24764b5);
                        } catch (AnnotatedException e12) {
                            throw new CertPathValidatorException(e12.getMessage(), e12.getCause());
                        }
                    } else {
                        if (!this.f24765c5) {
                            throw e11;
                        }
                        X500Principal issuerX500Principal = x509Certificate.getIssuerX500Principal();
                        Long l10 = this.f24768f.get(issuerX500Principal);
                        if (l10 != null) {
                            long currentTimeMillis = System.currentTimeMillis() - l10.longValue();
                            long j10 = this.f24767e5;
                            if (j10 != -1 && j10 < currentTimeMillis) {
                                throw e11;
                            }
                            if (currentTimeMillis < this.f24766d5) {
                                logger = f24760j5;
                                level = Level.WARNING;
                                sb2 = new StringBuilder();
                            } else {
                                logger = f24760j5;
                                level = Level.SEVERE;
                                sb2 = new StringBuilder();
                            }
                            sb2.append("soft failing for issuer: \"");
                            sb2.append(issuerX500Principal);
                            sb2.append("\"");
                            logger.log(level, sb2.toString());
                        } else {
                            this.f24768f.put(issuerX500Principal, Long.valueOf(System.currentTimeMillis()));
                        }
                    }
                } catch (AnnotatedException e13) {
                    throw new CertPathValidatorException(e13.getMessage(), e13.getCause());
                }
            }
            this.f24773i5 = x509Certificate;
            this.f24771h5 = x509Certificate.getPublicKey();
            this.f24770g5 = x509Certificate.getSubjectX500Principal();
        } catch (GeneralSecurityException e14) {
            throw new RuntimeException("error setting up baseParams: " + e14.getMessage());
        }
    }

    @Override // java.security.cert.PKIXCertPathChecker
    public Object clone() {
        return this;
    }

    /* JADX WARN: Removed duplicated region for block: B:16:0x0109  */
    /* JADX WARN: Removed duplicated region for block: B:23:0x011b  */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    protected void f(org.bouncycastle.jcajce.PKIXExtendedParameters r22, java.util.Date r23, java.util.Date r24, java.security.cert.X509Certificate r25, java.security.cert.X509Certificate r26, java.security.PublicKey r27, java.util.List r28, org.bouncycastle.jcajce.util.JcaJceHelper r29) {
        /*
            Method dump skipped, instructions count: 441
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: org.bouncycastle.pkix.jcajce.X509RevocationChecker.f(org.bouncycastle.jcajce.PKIXExtendedParameters, java.util.Date, java.util.Date, java.security.cert.X509Certificate, java.security.cert.X509Certificate, java.security.PublicKey, java.util.List, org.bouncycastle.jcajce.util.JcaJceHelper):void");
    }

    @Override // java.security.cert.PKIXCertPathChecker
    public Set<String> getSupportedExtensions() {
        return null;
    }

    @Override // java.security.cert.PKIXCertPathChecker, java.security.cert.CertPathChecker
    public void init(boolean z10) {
        if (z10) {
            throw new IllegalArgumentException("forward processing not supported");
        }
        this.f24769f5 = new Date();
        this.f24770g5 = null;
    }

    @Override // java.security.cert.PKIXCertPathChecker, java.security.cert.CertPathChecker
    public boolean isForwardCheckingSupported() {
        return false;
    }
}
