package org.spongycastle.jce.provider;

import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.math.BigInteger;
import java.security.GeneralSecurityException;
import java.security.PublicKey;
import java.security.cert.CRL;
import java.security.cert.CRLException;
import java.security.cert.CertPath;
import java.security.cert.CertPathValidatorException;
import java.security.cert.CertStore;
import java.security.cert.CertStoreException;
import java.security.cert.Certificate;
import java.security.cert.CertificateParsingException;
import java.security.cert.PolicyQualifierInfo;
import java.security.cert.TrustAnchor;
import java.security.cert.X509CRL;
import java.security.cert.X509CRLEntry;
import java.security.cert.X509CRLSelector;
import java.security.cert.X509CertSelector;
import java.security.cert.X509Certificate;
import java.security.cert.X509Extension;
import java.security.interfaces.DSAParams;
import java.security.interfaces.DSAPublicKey;
import java.security.spec.DSAPublicKeySpec;
import java.text.ParseException;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Collections;
import java.util.Date;
import java.util.Enumeration;
import java.util.HashSet;
import java.util.Iterator;
import java.util.LinkedHashSet;
import java.util.List;
import java.util.Map;
import java.util.Set;
import javax.security.auth.x500.X500Principal;
import org.spongycastle.a.bc;
import org.spongycastle.a.o;
import org.spongycastle.a.p;
import org.spongycastle.a.t;
import org.spongycastle.a.u.ah;
import org.spongycastle.a.u.q;
import org.spongycastle.a.u.r;
import org.spongycastle.a.u.s;
import org.spongycastle.a.u.u;
import org.spongycastle.a.u.v;
import org.spongycastle.jcajce.h;
import org.spongycastle.jcajce.j;
import org.spongycastle.jcajce.l;
import org.spongycastle.jce.exception.ExtCertPathValidatorException;

/* compiled from: CertPathValidatorUtilities.java */
/* loaded from: classes2.dex */
final class b {

    /* renamed from: a, reason: collision with root package name */
    protected static final f f30609a = new f();

    /* renamed from: b, reason: collision with root package name */
    protected static final String f30610b = s.q.f29700a;

    /* renamed from: c, reason: collision with root package name */
    protected static final String f30611c = s.f29979g.f29700a;

    /* renamed from: d, reason: collision with root package name */
    protected static final String f30612d = s.r.f29700a;

    /* renamed from: e, reason: collision with root package name */
    protected static final String f30613e = s.f29977e.f29700a;

    /* renamed from: f, reason: collision with root package name */
    protected static final String f30614f = s.o.f29700a;

    /* renamed from: g, reason: collision with root package name */
    protected static final String f30615g = s.f29975c.f29700a;

    /* renamed from: h, reason: collision with root package name */
    protected static final String f30616h = s.w.f29700a;
    protected static final String i = s.m.f29700a;
    protected static final String j = s.l.f29700a;
    protected static final String k = s.t.f29700a;
    protected static final String l = s.v.f29700a;
    protected static final String m = s.p.f29700a;
    protected static final String n = s.s.f29700a;
    protected static final String o = s.f29980h.f29700a;
    protected static final String[] p = {"unspecified", "keyCompromise", "cACompromise", "affiliationChanged", "superseded", "cessationOfOperation", "certificateHold", "unknown", "removeFromCRL", "privilegeWithdrawn", "aACompromise"};

    /* JADX INFO: Access modifiers changed from: protected */
    public static PublicKey a(List list, int i2, org.spongycastle.jcajce.a.b bVar) throws CertPathValidatorException {
        PublicKey publicKey = ((Certificate) list.get(i2)).getPublicKey();
        if (!(publicKey instanceof DSAPublicKey)) {
            return publicKey;
        }
        DSAPublicKey dSAPublicKey = (DSAPublicKey) publicKey;
        if (dSAPublicKey.getParams() != null) {
            return dSAPublicKey;
        }
        int i3 = i2 + 1;
        while (true) {
            int i4 = i3;
            if (i4 >= list.size()) {
                throw new CertPathValidatorException("DSA parameters cannot be inherited from previous certificate.");
            }
            PublicKey publicKey2 = ((X509Certificate) list.get(i4)).getPublicKey();
            if (!(publicKey2 instanceof DSAPublicKey)) {
                throw new CertPathValidatorException("DSA parameters cannot be inherited from previous certificate.");
            }
            DSAPublicKey dSAPublicKey2 = (DSAPublicKey) publicKey2;
            if (dSAPublicKey2.getParams() != null) {
                DSAParams params = dSAPublicKey2.getParams();
                try {
                    return bVar.d("DSA").generatePublic(new DSAPublicKeySpec(dSAPublicKey.getY(), params.getP(), params.getQ(), params.getG()));
                } catch (Exception e2) {
                    throw new RuntimeException(e2.getMessage());
                }
            }
            i3 = i4 + 1;
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static TrustAnchor a(X509Certificate x509Certificate, Set set, String str) throws AnnotatedException {
        PublicKey publicKey;
        TrustAnchor trustAnchor;
        X509CertSelector x509CertSelector = new X509CertSelector();
        org.spongycastle.a.t.c a2 = g.a((Object) x509Certificate);
        try {
            x509CertSelector.setSubject(a2.getEncoded());
            Iterator it = set.iterator();
            Exception exc = null;
            PublicKey publicKey2 = null;
            TrustAnchor trustAnchor2 = null;
            while (it.hasNext() && trustAnchor2 == null) {
                TrustAnchor trustAnchor3 = (TrustAnchor) it.next();
                if (trustAnchor3.getTrustedCert() == null) {
                    if (trustAnchor3.getCAName() != null && trustAnchor3.getCAPublicKey() != null) {
                        try {
                            if (a2.equals(g.a(trustAnchor3))) {
                                trustAnchor = trustAnchor3;
                                publicKey = trustAnchor3.getCAPublicKey();
                            } else {
                                publicKey = publicKey2;
                                trustAnchor = null;
                            }
                        } catch (IllegalArgumentException e2) {
                        }
                    }
                    publicKey = publicKey2;
                    trustAnchor = null;
                } else if (x509CertSelector.match(trustAnchor3.getTrustedCert())) {
                    trustAnchor = trustAnchor3;
                    publicKey = trustAnchor3.getTrustedCert().getPublicKey();
                } else {
                    publicKey = publicKey2;
                    trustAnchor = null;
                }
                if (publicKey != null) {
                    try {
                        a(x509Certificate, publicKey, str);
                        PublicKey publicKey3 = publicKey;
                        trustAnchor2 = trustAnchor;
                        publicKey2 = publicKey3;
                    } catch (Exception e3) {
                        exc = e3;
                        publicKey2 = null;
                        trustAnchor2 = null;
                    }
                } else {
                    PublicKey publicKey4 = publicKey;
                    trustAnchor2 = trustAnchor;
                    publicKey2 = publicKey4;
                }
            }
            if (trustAnchor2 != null || exc == null) {
                return trustAnchor2;
            }
            throw new AnnotatedException("TrustAnchor found but certificate validation failed.", exc);
        } catch (IOException e4) {
            throw new AnnotatedException("Cannot set subject search criteria for trust anchor.", e4);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static Collection a(X509Certificate x509Certificate, List<CertStore> list, List<org.spongycastle.jcajce.i> list2) throws AnnotatedException {
        byte[] a2;
        X509CertSelector x509CertSelector = new X509CertSelector();
        try {
            x509CertSelector.setSubject(g.b(x509Certificate).getEncoded());
            try {
                byte[] extensionValue = x509Certificate.getExtensionValue(n);
                if (extensionValue != null && (a2 = org.spongycastle.a.u.g.a(p.a(extensionValue).c()).a()) != null) {
                    x509CertSelector.setSubjectKeyIdentifier(new bc(a2).getEncoded());
                }
            } catch (Exception e2) {
            }
            org.spongycastle.jcajce.j<? extends Certificate> a3 = new j.a(x509CertSelector).a();
            LinkedHashSet linkedHashSet = new LinkedHashSet();
            try {
                ArrayList arrayList = new ArrayList();
                arrayList.addAll(a(a3, list));
                arrayList.addAll(a(a3, list2));
                Iterator it = arrayList.iterator();
                while (it.hasNext()) {
                    linkedHashSet.add((X509Certificate) it.next());
                }
                return linkedHashSet;
            } catch (AnnotatedException e3) {
                throw new AnnotatedException("Issuer certificate cannot be searched.", e3);
            }
        } catch (IOException e4) {
            throw new AnnotatedException("Subject criteria for certificate selector to find issuer certificate could not be set.", e4);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static Collection a(org.spongycastle.jcajce.j jVar, List list) throws AnnotatedException {
        LinkedHashSet linkedHashSet = new LinkedHashSet();
        for (Object obj : list) {
            if (obj instanceof org.spongycastle.f.j) {
                try {
                    linkedHashSet.addAll(((org.spongycastle.f.j) obj).a(jVar));
                } catch (org.spongycastle.f.k e2) {
                    throw new AnnotatedException("Problem while picking certificates from X.509 store.", e2);
                }
            } else {
                try {
                    linkedHashSet.addAll(org.spongycastle.jcajce.j.a(jVar, (CertStore) obj));
                } catch (CertStoreException e3) {
                    throw new AnnotatedException("Problem while picking certificates from certificate store.", e3);
                }
            }
        }
        return linkedHashSet;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static Date a(l lVar) {
        return lVar.a();
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static Date a(l lVar, CertPath certPath, int i2) throws AnnotatedException {
        if (lVar.i == 1 && i2 > 0) {
            if (i2 - 1 != 0) {
                return ((X509Certificate) certPath.getCertificates().get(i2 - 1)).getNotBefore();
            }
            try {
                byte[] extensionValue = ((X509Certificate) certPath.getCertificates().get(i2 - 1)).getExtensionValue(org.spongycastle.a.i.a.f29648e.f29700a);
                org.spongycastle.a.j a2 = extensionValue != null ? org.spongycastle.a.j.a((Object) t.b(extensionValue)) : null;
                if (a2 == null) {
                    return ((X509Certificate) certPath.getCertificates().get(i2 - 1)).getNotBefore();
                }
                try {
                    return a2.c();
                } catch (ParseException e2) {
                    throw new AnnotatedException("Date from date of cert gen extension could not be parsed.", e2);
                }
            } catch (IOException e3) {
                throw new AnnotatedException("Date of cert gen extension could not be read.");
            } catch (IllegalArgumentException e4) {
                throw new AnnotatedException("Date of cert gen extension could not be read.");
            }
        }
        return lVar.a();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static List<org.spongycastle.jcajce.g> a(org.spongycastle.a.u.i iVar, Map<u, org.spongycastle.jcajce.g> map) throws AnnotatedException {
        if (iVar == null) {
            return Collections.EMPTY_LIST;
        }
        try {
            q[] a2 = iVar.a();
            ArrayList arrayList = new ArrayList();
            for (q qVar : a2) {
                r rVar = qVar.f29968a;
                if (rVar != null && rVar.f29972b == 0) {
                    for (u uVar : v.a(rVar.f29971a).a()) {
                        org.spongycastle.jcajce.g gVar = map.get(uVar);
                        if (gVar != null) {
                            arrayList.add(gVar);
                        }
                    }
                }
            }
            return arrayList;
        } catch (Exception e2) {
            throw new AnnotatedException("Distribution points could not be read.", e2);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static List<org.spongycastle.jcajce.i> a(byte[] bArr, Map<u, org.spongycastle.jcajce.i> map) throws CertificateParsingException {
        if (bArr == null) {
            return Collections.EMPTY_LIST;
        }
        u[] a2 = v.a(p.a(bArr).c()).a();
        ArrayList arrayList = new ArrayList();
        int i2 = 0;
        while (true) {
            int i3 = i2;
            if (i3 == a2.length) {
                return arrayList;
            }
            org.spongycastle.jcajce.i iVar = map.get(a2[i3]);
            if (iVar != null) {
                arrayList.add(iVar);
            }
            i2 = i3 + 1;
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static Set a(Date date, X509CRL x509crl, List<CertStore> list, List<org.spongycastle.jcajce.g> list2) throws AnnotatedException {
        X509CRLSelector x509CRLSelector = new X509CRLSelector();
        try {
            x509CRLSelector.addIssuerName(g.a(x509crl).getEncoded());
            try {
                t a2 = a(x509crl, o);
                BigInteger c2 = a2 != null ? org.spongycastle.a.l.a((Object) a2).c() : null;
                try {
                    byte[] extensionValue = x509crl.getExtensionValue(i);
                    x509CRLSelector.setMinCRLNumber(c2 != null ? c2.add(BigInteger.valueOf(1L)) : null);
                    h.a aVar = new h.a(x509CRLSelector);
                    aVar.f30463e = org.spongycastle.f.a.b(extensionValue);
                    aVar.f30464f = true;
                    aVar.f30462d = c2;
                    Set<X509CRL> a3 = f.a(aVar.a(), date, list, list2);
                    HashSet hashSet = new HashSet();
                    for (X509CRL x509crl2 : a3) {
                        Set<String> criticalExtensionOIDs = x509crl2.getCriticalExtensionOIDs();
                        if (criticalExtensionOIDs == null ? false : criticalExtensionOIDs.contains(h.f30628f)) {
                            hashSet.add(x509crl2);
                        }
                    }
                    return hashSet;
                } catch (Exception e2) {
                    throw new AnnotatedException("Issuing distribution point extension value could not be read.", e2);
                }
            } catch (Exception e3) {
                throw new AnnotatedException("CRL number extension could not be extracted from CRL.", e3);
            }
        } catch (IOException e4) {
            throw new AnnotatedException("Cannot extract issuer from CRL.", e4);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static Set a(q qVar, Object obj, l lVar) throws AnnotatedException {
        X509CRLSelector x509CRLSelector = new X509CRLSelector();
        try {
            HashSet hashSet = new HashSet();
            hashSet.add(g.a(obj));
            a(qVar, hashSet, x509CRLSelector);
            if (obj instanceof X509Certificate) {
                x509CRLSelector.setCertificateChecking((X509Certificate) obj);
            }
            h.a aVar = new h.a(x509CRLSelector);
            aVar.f30461c = true;
            org.spongycastle.jcajce.h<? extends CRL> a2 = aVar.a();
            lVar.a();
            Set a3 = f.a(a2, lVar.a(), lVar.f30475a.getCertStores(), lVar.f30479e);
            if (!a3.isEmpty()) {
                return a3;
            }
            if (obj instanceof org.spongycastle.g.g) {
                throw new AnnotatedException("No CRLs found for issuer \"" + ((org.spongycastle.g.g) obj).d().a()[0] + "\"");
            }
            throw new AnnotatedException("No CRLs found for issuer \"" + org.spongycastle.a.t.a.d.R.b(g.b((X509Certificate) obj)) + "\"");
        } catch (AnnotatedException e2) {
            throw new AnnotatedException("Could not get issuer information from distribution point.", e2);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static final Set a(org.spongycastle.a.u uVar) throws CertPathValidatorException {
        HashSet hashSet = new HashSet();
        if (uVar == null) {
            return hashSet;
        }
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        org.spongycastle.a.r rVar = new org.spongycastle.a.r(byteArrayOutputStream);
        Enumeration c2 = uVar.c();
        while (c2.hasMoreElements()) {
            try {
                rVar.a((org.spongycastle.a.f) c2.nextElement());
                hashSet.add(new PolicyQualifierInfo(byteArrayOutputStream.toByteArray()));
                byteArrayOutputStream.reset();
            } catch (IOException e2) {
                throw new ExtCertPathValidatorException("Policy qualifier info cannot be decoded.", e2);
            }
        }
        return hashSet;
    }

    private static t a(String str, byte[] bArr) throws AnnotatedException {
        try {
            return new org.spongycastle.a.k(((p) new org.spongycastle.a.k(bArr).a()).c()).a();
        } catch (Exception e2) {
            throw new AnnotatedException("exception processing extension " + str, e2);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static t a(X509Extension x509Extension, String str) throws AnnotatedException {
        byte[] extensionValue = x509Extension.getExtensionValue(str);
        if (extensionValue == null) {
            return null;
        }
        return a(str, extensionValue);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static org.spongycastle.a.u.a a(PublicKey publicKey) throws CertPathValidatorException {
        try {
            return ah.a(new org.spongycastle.a.k(publicKey.getEncoded()).a()).f29869a;
        } catch (Exception e2) {
            throw new ExtCertPathValidatorException("Subject public key cannot be decoded.", e2);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static PKIXPolicyNode a(PKIXPolicyNode pKIXPolicyNode, List[] listArr, PKIXPolicyNode pKIXPolicyNode2) {
        PKIXPolicyNode pKIXPolicyNode3 = (PKIXPolicyNode) pKIXPolicyNode2.getParent();
        if (pKIXPolicyNode == null) {
            return null;
        }
        if (pKIXPolicyNode3 != null) {
            pKIXPolicyNode3.removeChild(pKIXPolicyNode2);
            a(listArr, pKIXPolicyNode2);
            return pKIXPolicyNode;
        }
        for (int i2 = 0; i2 < listArr.length; i2++) {
            listArr[i2] = new ArrayList();
        }
        return null;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static void a(X509Certificate x509Certificate, PublicKey publicKey, String str) throws GeneralSecurityException {
        if (str == null) {
            x509Certificate.verify(publicKey);
        } else {
            x509Certificate.verify(publicKey, str);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static void a(Date date, X509CRL x509crl, Object obj, c cVar) throws AnnotatedException {
        X509CRLEntry revokedCertificate;
        try {
            if (X509CRLObject.isIndirectCRL(x509crl)) {
                X509CRLEntry revokedCertificate2 = x509crl.getRevokedCertificate(((X509Certificate) obj).getSerialNumber());
                if (revokedCertificate2 == null) {
                    return;
                }
                X500Principal certificateIssuer = revokedCertificate2.getCertificateIssuer();
                if (!g.a(obj).equals(certificateIssuer == null ? g.a(x509crl) : org.spongycastle.a.t.c.a(certificateIssuer.getEncoded()))) {
                    return;
                } else {
                    revokedCertificate = revokedCertificate2;
                }
            } else if (!g.a(obj).equals(g.a(x509crl)) || (revokedCertificate = x509crl.getRevokedCertificate(((X509Certificate) obj).getSerialNumber())) == null) {
                return;
            }
            org.spongycastle.a.h hVar = null;
            if (revokedCertificate.hasExtensions()) {
                try {
                    hVar = org.spongycastle.a.h.a((Object) a(revokedCertificate, s.i.f29700a));
                } catch (Exception e2) {
                    throw new AnnotatedException("Reason code CRL entry extension could not be decoded.", e2);
                }
            }
            if (date.getTime() >= revokedCertificate.getRevocationDate().getTime() || hVar == null || hVar.b().intValue() == 0 || hVar.b().intValue() == 1 || hVar.b().intValue() == 2 || hVar.b().intValue() == 8) {
                if (hVar != null) {
                    cVar.f30617a = hVar.b().intValue();
                } else {
                    cVar.f30617a = 0;
                }
                cVar.f30618b = revokedCertificate.getRevocationDate();
            }
        } catch (CRLException e3) {
            throw new AnnotatedException("Failed check for indirect CRL.", e3);
        }
    }

    private static void a(q qVar, Collection collection, X509CRLSelector x509CRLSelector) throws AnnotatedException {
        ArrayList arrayList = new ArrayList();
        if (qVar.f29970c != null) {
            u[] a2 = qVar.f29970c.a();
            for (int i2 = 0; i2 < a2.length; i2++) {
                if (a2[i2].f29984b == 4) {
                    try {
                        arrayList.add(org.spongycastle.a.t.c.a(a2[i2].f29983a.toASN1Primitive().getEncoded()));
                    } catch (IOException e2) {
                        throw new AnnotatedException("CRL issuer information from distribution point cannot be decoded.", e2);
                    }
                }
            }
        } else {
            if (qVar.f29968a == null) {
                throw new AnnotatedException("CRL issuer is omitted from distribution point but no distributionPoint field present.");
            }
            Iterator it = collection.iterator();
            while (it.hasNext()) {
                arrayList.add(it.next());
            }
        }
        Iterator it2 = arrayList.iterator();
        while (it2.hasNext()) {
            try {
                x509CRLSelector.addIssuerName(((org.spongycastle.a.t.c) it2.next()).getEncoded());
            } catch (IOException e3) {
                throw new AnnotatedException("Cannot decode CRL issuer information.", e3);
            }
        }
    }

    private static void a(List[] listArr, PKIXPolicyNode pKIXPolicyNode) {
        listArr[pKIXPolicyNode.getDepth()].remove(pKIXPolicyNode);
        if (pKIXPolicyNode.hasChildren()) {
            Iterator children = pKIXPolicyNode.getChildren();
            while (children.hasNext()) {
                a(listArr, (PKIXPolicyNode) children.next());
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static boolean a(int i2, List[] listArr, o oVar, Set set) {
        List list = listArr[i2 - 1];
        for (int i3 = 0; i3 < list.size(); i3++) {
            PKIXPolicyNode pKIXPolicyNode = (PKIXPolicyNode) list.get(i3);
            if (pKIXPolicyNode.getExpectedPolicies().contains(oVar.f29700a)) {
                HashSet hashSet = new HashSet();
                hashSet.add(oVar.f29700a);
                PKIXPolicyNode pKIXPolicyNode2 = new PKIXPolicyNode(new ArrayList(), i2, hashSet, pKIXPolicyNode, set, oVar.f29700a, false);
                pKIXPolicyNode.addChild(pKIXPolicyNode2);
                listArr[i2].add(pKIXPolicyNode2);
                return true;
            }
        }
        return false;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static boolean a(X509Certificate x509Certificate) {
        return x509Certificate.getSubjectDN().equals(x509Certificate.getIssuerDN());
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static boolean a(Set set) {
        return set == null || set.contains("2.5.29.32.0") || set.isEmpty();
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static void b(int i2, List[] listArr, o oVar, Set set) {
        List list = listArr[i2 - 1];
        for (int i3 = 0; i3 < list.size(); i3++) {
            PKIXPolicyNode pKIXPolicyNode = (PKIXPolicyNode) list.get(i3);
            if ("2.5.29.32.0".equals(pKIXPolicyNode.getValidPolicy())) {
                HashSet hashSet = new HashSet();
                hashSet.add(oVar.f29700a);
                PKIXPolicyNode pKIXPolicyNode2 = new PKIXPolicyNode(new ArrayList(), i2, hashSet, pKIXPolicyNode, set, oVar.f29700a, false);
                pKIXPolicyNode.addChild(pKIXPolicyNode2);
                listArr[i2].add(pKIXPolicyNode2);
                return;
            }
        }
    }
}
