package org.bouncycastle.jcajce.provider.asymmetric.x509;

import java.io.BufferedOutputStream;
import java.io.IOException;
import java.math.BigInteger;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.Principal;
import java.security.Provider;
import java.security.PublicKey;
import java.security.Signature;
import java.security.SignatureException;
import java.security.cert.CRLException;
import java.security.cert.Certificate;
import java.security.cert.CertificateEncodingException;
import java.security.cert.X509CRL;
import java.security.cert.X509CRLEntry;
import java.security.cert.X509Certificate;
import java.util.Collections;
import java.util.Date;
import java.util.Enumeration;
import java.util.HashSet;
import java.util.List;
import java.util.Set;
import javax.security.auth.x500.X500Principal;
import org.bouncycastle.asn1.ASN1BitString;
import org.bouncycastle.asn1.ASN1Encodable;
import org.bouncycastle.asn1.ASN1ObjectIdentifier;
import org.bouncycastle.asn1.ASN1OctetString;
import org.bouncycastle.asn1.ASN1Primitive;
import org.bouncycastle.asn1.ASN1Sequence;
import org.bouncycastle.asn1.x500.X500Name;
import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
import org.bouncycastle.asn1.x509.CertificateList;
import org.bouncycastle.asn1.x509.Extension;
import org.bouncycastle.asn1.x509.Extensions;
import org.bouncycastle.asn1.x509.GeneralNames;
import org.bouncycastle.asn1.x509.TBSCertList;
import org.bouncycastle.asn1.x509.Time;
import org.bouncycastle.jcajce.CompositePublicKey;
import org.bouncycastle.jcajce.io.OutputStreamFactory;
import org.bouncycastle.jcajce.util.JcaJceHelper;
import org.bouncycastle.jce.X509Principal;
import org.bouncycastle.util.Arrays;
import org.bouncycastle.util.Exceptions;
import tv.danmaku.ijk.media.player.IjkMediaMeta;

/* loaded from: classes6.dex */
abstract class X509CRLImpl extends X509CRL {
    protected byte[] X;
    protected boolean Y;

    /* renamed from: t, reason: collision with root package name */
    protected JcaJceHelper f58406t;

    /* renamed from: x, reason: collision with root package name */
    protected CertificateList f58407x;

    /* renamed from: y, reason: collision with root package name */
    protected String f58408y;

    /* JADX INFO: Access modifiers changed from: package-private */
    public X509CRLImpl(JcaJceHelper jcaJceHelper, CertificateList certificateList, String str, byte[] bArr, boolean z2) {
        this.f58406t = jcaJceHelper;
        this.f58407x = certificateList;
        this.f58408y = str;
        this.X = bArr;
        this.Y = z2;
    }

    private void c(PublicKey publicKey, Signature signature, ASN1Encodable aSN1Encodable, byte[] bArr) {
        if (!X509SignatureUtil.a(this.f58407x.B(), this.f58407x.C().B())) {
            throw new CRLException("Signature algorithm on CertificateList does not match TbsCertList.");
        }
        X509SignatureUtil.i(signature, aSN1Encodable);
        signature.initVerify(publicKey);
        try {
            BufferedOutputStream bufferedOutputStream = new BufferedOutputStream(OutputStreamFactory.a(signature), IjkMediaMeta.FF_PROFILE_H264_CONSTRAINED);
            this.f58407x.C().r(bufferedOutputStream, "DER");
            bufferedOutputStream.close();
            if (!signature.verify(bArr)) {
                throw new SignatureException("CRL does not verify with supplied public key.");
            }
        } catch (IOException e3) {
            throw new CRLException(e3.toString());
        }
    }

    private void d(PublicKey publicKey, SignatureCreator signatureCreator) {
        if (!this.f58407x.B().equals(this.f58407x.C().B())) {
            throw new CRLException("Signature algorithm on CertificateList does not match TBSCertList.");
        }
        int i3 = 0;
        if ((publicKey instanceof CompositePublicKey) && X509SignatureUtil.f(this.f58407x.B())) {
            List b3 = ((CompositePublicKey) publicKey).b();
            ASN1Sequence J = ASN1Sequence.J(this.f58407x.B().z());
            ASN1Sequence J2 = ASN1Sequence.J(this.f58407x.A().O());
            boolean z2 = false;
            while (i3 != b3.size()) {
                if (b3.get(i3) != null) {
                    AlgorithmIdentifier v2 = AlgorithmIdentifier.v(J.L(i3));
                    try {
                        c((PublicKey) b3.get(i3), signatureCreator.a(X509SignatureUtil.d(v2)), v2.z(), ASN1BitString.K(J2.L(i3)).O());
                        e = null;
                        z2 = true;
                    } catch (SignatureException e3) {
                        e = e3;
                    }
                    if (e != null) {
                        throw e;
                    }
                }
                i3++;
            }
            if (!z2) {
                throw new InvalidKeyException("no matching key found");
            }
            return;
        }
        if (!X509SignatureUtil.f(this.f58407x.B())) {
            Signature a3 = signatureCreator.a(getSigAlgName());
            byte[] bArr = this.X;
            if (bArr == null) {
                c(publicKey, a3, null, getSignature());
                return;
            }
            try {
                c(publicKey, a3, ASN1Primitive.D(bArr), getSignature());
                return;
            } catch (IOException e4) {
                throw new SignatureException("cannot decode signature parameters: " + e4.getMessage());
            }
        }
        ASN1Sequence J3 = ASN1Sequence.J(this.f58407x.B().z());
        ASN1Sequence J4 = ASN1Sequence.J(this.f58407x.A().O());
        boolean z3 = false;
        while (i3 != J4.size()) {
            AlgorithmIdentifier v3 = AlgorithmIdentifier.v(J3.L(i3));
            try {
                c(publicKey, signatureCreator.a(X509SignatureUtil.d(v3)), v3.z(), ASN1BitString.K(J4.L(i3)).O());
                e = null;
                z3 = true;
            } catch (InvalidKeyException | NoSuchAlgorithmException unused) {
                e = null;
            } catch (SignatureException e5) {
                e = e5;
            }
            if (e != null) {
                throw e;
            }
            i3++;
        }
        if (!z3) {
            throw new InvalidKeyException("no matching key found");
        }
    }

    private Set e(boolean z2) {
        Extensions t2;
        if (getVersion() != 2 || (t2 = this.f58407x.C().t()) == null) {
            return null;
        }
        HashSet hashSet = new HashSet();
        Enumeration z3 = t2.z();
        while (z3.hasMoreElements()) {
            ASN1ObjectIdentifier aSN1ObjectIdentifier = (ASN1ObjectIdentifier) z3.nextElement();
            if (z2 == t2.t(aSN1ObjectIdentifier).B()) {
                hashSet.add(aSN1ObjectIdentifier.O());
            }
        }
        return hashSet;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static byte[] f(CertificateList certificateList, ASN1ObjectIdentifier aSN1ObjectIdentifier) {
        ASN1OctetString g3 = g(certificateList, aSN1ObjectIdentifier);
        if (g3 != null) {
            return g3.K();
        }
        return null;
    }

    static ASN1OctetString g(CertificateList certificateList, ASN1ObjectIdentifier aSN1ObjectIdentifier) {
        Extension t2;
        Extensions t3 = certificateList.C().t();
        if (t3 == null || (t2 = t3.t(aSN1ObjectIdentifier)) == null) {
            return null;
        }
        return t2.y();
    }

    private Set h() {
        Extension t2;
        HashSet hashSet = new HashSet();
        Enumeration z2 = this.f58407x.z();
        X500Name x500Name = null;
        while (z2.hasMoreElements()) {
            TBSCertList.CRLEntry cRLEntry = (TBSCertList.CRLEntry) z2.nextElement();
            hashSet.add(new X509CRLEntryObject(cRLEntry, this.Y, x500Name));
            if (this.Y && cRLEntry.A() && (t2 = cRLEntry.t().t(Extension.J4)) != null) {
                x500Name = X500Name.t(GeneralNames.v(t2.A()).z()[0].z());
            }
        }
        return hashSet;
    }

    @Override // java.security.cert.X509Extension
    public Set getCriticalExtensionOIDs() {
        return e(true);
    }

    @Override // java.security.cert.X509Extension
    public byte[] getExtensionValue(String str) {
        ASN1ObjectIdentifier W;
        ASN1OctetString g3;
        if (str == null || (W = ASN1ObjectIdentifier.W(str)) == null || (g3 = g(this.f58407x, W)) == null) {
            return null;
        }
        try {
            return g3.getEncoded();
        } catch (Exception e3) {
            throw Exceptions.b("error parsing " + e3.getMessage(), e3);
        }
    }

    @Override // java.security.cert.X509CRL
    public Principal getIssuerDN() {
        return new X509Principal(X500Name.t(this.f58407x.v().l()));
    }

    @Override // java.security.cert.X509CRL
    public X500Principal getIssuerX500Principal() {
        try {
            return new X500Principal(this.f58407x.v().getEncoded());
        } catch (IOException unused) {
            throw new IllegalStateException("can't encode issuer DN");
        }
    }

    @Override // java.security.cert.X509CRL
    public Date getNextUpdate() {
        Time y2 = this.f58407x.y();
        if (y2 == null) {
            return null;
        }
        return y2.t();
    }

    @Override // java.security.cert.X509Extension
    public Set getNonCriticalExtensionOIDs() {
        return e(false);
    }

    @Override // java.security.cert.X509CRL
    public X509CRLEntry getRevokedCertificate(BigInteger bigInteger) {
        Extension t2;
        Enumeration z2 = this.f58407x.z();
        X500Name x500Name = null;
        while (z2.hasMoreElements()) {
            TBSCertList.CRLEntry cRLEntry = (TBSCertList.CRLEntry) z2.nextElement();
            if (cRLEntry.z().P(bigInteger)) {
                return new X509CRLEntryObject(cRLEntry, this.Y, x500Name);
            }
            if (this.Y && cRLEntry.A() && (t2 = cRLEntry.t().t(Extension.J4)) != null) {
                x500Name = X500Name.t(GeneralNames.v(t2.A()).z()[0].z());
            }
        }
        return null;
    }

    @Override // java.security.cert.X509CRL
    public Set getRevokedCertificates() {
        Set h3 = h();
        if (h3.isEmpty()) {
            return null;
        }
        return Collections.unmodifiableSet(h3);
    }

    @Override // java.security.cert.X509CRL
    public String getSigAlgName() {
        return this.f58408y;
    }

    @Override // java.security.cert.X509CRL
    public String getSigAlgOID() {
        return this.f58407x.B().t().O();
    }

    @Override // java.security.cert.X509CRL
    public byte[] getSigAlgParams() {
        return Arrays.j(this.X);
    }

    @Override // java.security.cert.X509CRL
    public byte[] getSignature() {
        return this.f58407x.A().O();
    }

    @Override // java.security.cert.X509CRL
    public byte[] getTBSCertList() {
        try {
            return this.f58407x.C().s("DER");
        } catch (IOException e3) {
            throw new CRLException(e3.toString());
        }
    }

    @Override // java.security.cert.X509CRL
    public Date getThisUpdate() {
        return this.f58407x.D().t();
    }

    @Override // java.security.cert.X509CRL
    public int getVersion() {
        return this.f58407x.E();
    }

    @Override // java.security.cert.X509Extension
    public boolean hasUnsupportedCriticalExtension() {
        Set criticalExtensionOIDs = getCriticalExtensionOIDs();
        if (criticalExtensionOIDs == null) {
            return false;
        }
        criticalExtensionOIDs.remove(Extension.I4.O());
        criticalExtensionOIDs.remove(Extension.H4.O());
        return !criticalExtensionOIDs.isEmpty();
    }

    @Override // java.security.cert.CRL
    public boolean isRevoked(Certificate certificate) {
        X500Name z2;
        Extension t2;
        if (!certificate.getType().equals("X.509")) {
            throw new IllegalArgumentException("X.509 CRL used with non X.509 Cert");
        }
        Enumeration z3 = this.f58407x.z();
        X500Name v2 = this.f58407x.v();
        if (z3.hasMoreElements()) {
            X509Certificate x509Certificate = (X509Certificate) certificate;
            BigInteger serialNumber = x509Certificate.getSerialNumber();
            while (z3.hasMoreElements()) {
                TBSCertList.CRLEntry v3 = TBSCertList.CRLEntry.v(z3.nextElement());
                if (this.Y && v3.A() && (t2 = v3.t().t(Extension.J4)) != null) {
                    v2 = X500Name.t(GeneralNames.v(t2.A()).z()[0].z());
                }
                if (v3.z().P(serialNumber)) {
                    if (certificate instanceof X509Certificate) {
                        z2 = X500Name.t(x509Certificate.getIssuerX500Principal().getEncoded());
                    } else {
                        try {
                            z2 = org.bouncycastle.asn1.x509.Certificate.v(certificate.getEncoded()).z();
                        } catch (CertificateEncodingException e3) {
                            throw new IllegalArgumentException("Cannot process certificate: " + e3.getMessage());
                        }
                    }
                    return v2.equals(z2);
                }
            }
        }
        return false;
    }

    /*  JADX ERROR: JadxRuntimeException in pass: RegionMakerVisitor
        jadx.core.utils.exceptions.JadxRuntimeException: Can't find top splitter block for handler:B:39:0x0143
        	at jadx.core.utils.BlockUtils.getTopSplitterForHandler(BlockUtils.java:1166)
        	at jadx.core.dex.visitors.regions.RegionMaker.processTryCatchBlocks(RegionMaker.java:1022)
        	at jadx.core.dex.visitors.regions.RegionMakerVisitor.visit(RegionMakerVisitor.java:55)
        */
    @Override // java.security.cert.CRL
    public java.lang.String toString() {
        /*
            Method dump skipped, instructions count: 369
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: org.bouncycastle.jcajce.provider.asymmetric.x509.X509CRLImpl.toString():java.lang.String");
    }

    @Override // java.security.cert.X509CRL
    public void verify(PublicKey publicKey) {
        d(publicKey, new SignatureCreator() { // from class: org.bouncycastle.jcajce.provider.asymmetric.x509.X509CRLImpl.1
            @Override // org.bouncycastle.jcajce.provider.asymmetric.x509.SignatureCreator
            public Signature a(String str) {
                try {
                    return X509CRLImpl.this.f58406t.a(str);
                } catch (Exception unused) {
                    return Signature.getInstance(str);
                }
            }
        });
    }

    @Override // java.security.cert.X509CRL
    public void verify(PublicKey publicKey, final String str) {
        d(publicKey, new SignatureCreator() { // from class: org.bouncycastle.jcajce.provider.asymmetric.x509.X509CRLImpl.2
            @Override // org.bouncycastle.jcajce.provider.asymmetric.x509.SignatureCreator
            public Signature a(String str2) {
                String str3 = str;
                return str3 != null ? Signature.getInstance(str2, str3) : Signature.getInstance(str2);
            }
        });
    }

    @Override // java.security.cert.X509CRL
    public void verify(PublicKey publicKey, final Provider provider) {
        try {
            d(publicKey, new SignatureCreator() { // from class: org.bouncycastle.jcajce.provider.asymmetric.x509.X509CRLImpl.3
                @Override // org.bouncycastle.jcajce.provider.asymmetric.x509.SignatureCreator
                public Signature a(String str) {
                    return provider != null ? Signature.getInstance(X509CRLImpl.this.getSigAlgName(), provider) : Signature.getInstance(X509CRLImpl.this.getSigAlgName());
                }
            });
        } catch (NoSuchProviderException e3) {
            throw new NoSuchAlgorithmException("provider issue: " + e3.getMessage());
        }
    }
}
