package org.bouncycastle.jcajce.provider.asymmetric.x509;

import defpackage.ar8;
import defpackage.c1;
import defpackage.cb;
import defpackage.d1;
import defpackage.d62;
import defpackage.ed5;
import defpackage.f51;
import defpackage.gq8;
import defpackage.gs7;
import defpackage.h1;
import defpackage.ht0;
import defpackage.j1;
import defpackage.jy7;
import defpackage.kg0;
import defpackage.lg0;
import defpackage.s0;
import defpackage.wn;
import defpackage.ym3;
import defpackage.z52;
import defpackage.zs2;
import java.io.BufferedOutputStream;
import java.io.IOException;
import java.math.BigInteger;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.Principal;
import java.security.Provider;
import java.security.PublicKey;
import java.security.Signature;
import java.security.SignatureException;
import java.security.cert.CRLException;
import java.security.cert.Certificate;
import java.security.cert.CertificateEncodingException;
import java.security.cert.X509CRL;
import java.security.cert.X509CRLEntry;
import java.security.cert.X509Certificate;
import java.util.Collections;
import java.util.Date;
import java.util.Enumeration;
import java.util.HashSet;
import java.util.List;
import java.util.Set;
import javax.security.auth.x500.X500Principal;

/* loaded from: classes9.dex */
abstract class X509CRLImpl extends X509CRL {
    public ym3 bcHelper;
    public lg0 c;
    public boolean isIndirect;
    public String sigAlgName;
    public byte[] sigAlgParams;

    public X509CRLImpl(ym3 ym3Var, lg0 lg0Var, String str, byte[] bArr, boolean z) {
        this.bcHelper = ym3Var;
        this.c = lg0Var;
        this.sigAlgName = str;
        this.sigAlgParams = bArr;
        this.isIndirect = z;
    }

    private void checkSignature(PublicKey publicKey, Signature signature, s0 s0Var, byte[] bArr) throws NoSuchAlgorithmException, SignatureException, InvalidKeyException, CRLException {
        if (s0Var != null) {
            X509SignatureUtil.setSignatureParameters(signature, s0Var);
        }
        signature.initVerify(publicKey);
        try {
            BufferedOutputStream bufferedOutputStream = new BufferedOutputStream(ed5.a(signature), 512);
            this.c.o().c(bufferedOutputStream, "DER");
            bufferedOutputStream.close();
            if (!signature.verify(bArr)) {
                throw new SignatureException("CRL does not verify with supplied public key.");
            }
        } catch (IOException e) {
            throw new CRLException(e.toString());
        }
    }

    private void doVerify(PublicKey publicKey, SignatureCreator signatureCreator) throws CRLException, NoSuchAlgorithmException, InvalidKeyException, SignatureException, NoSuchProviderException {
        if (!this.c.n().equals(this.c.o().o())) {
            throw new CRLException("Signature algorithm on CertificateList does not match TBSCertList.");
        }
        int i = 0;
        if ((publicKey instanceof ht0) && X509SignatureUtil.isCompositeAlgorithm(this.c.n())) {
            List<PublicKey> a = ((ht0) publicKey).a();
            j1 r = j1.r(this.c.n().m());
            j1 r2 = j1.r(f51.y(this.c.m()).r());
            boolean z = false;
            while (i != a.size()) {
                if (a.get(i) != null) {
                    cb l = cb.l(r.s(i));
                    try {
                        checkSignature(a.get(i), signatureCreator.createSignature(X509SignatureUtil.getSignatureName(l)), l.m(), f51.y(r2.s(i)).r());
                        e = null;
                        z = true;
                    } catch (SignatureException e) {
                        e = e;
                    }
                    if (e != null) {
                        throw e;
                    }
                }
                i++;
            }
            if (!z) {
                throw new InvalidKeyException("no matching key found");
            }
            return;
        }
        if (!X509SignatureUtil.isCompositeAlgorithm(this.c.n())) {
            Signature createSignature = signatureCreator.createSignature(getSigAlgName());
            byte[] bArr = this.sigAlgParams;
            if (bArr == null) {
                checkSignature(publicKey, createSignature, null, getSignature());
                return;
            }
            try {
                checkSignature(publicKey, createSignature, h1.m(bArr), getSignature());
                return;
            } catch (IOException e2) {
                throw new SignatureException("cannot decode signature parameters: " + e2.getMessage());
            }
        }
        j1 r3 = j1.r(this.c.n().m());
        j1 r4 = j1.r(f51.y(this.c.m()).r());
        boolean z2 = false;
        while (i != r4.size()) {
            cb l2 = cb.l(r3.s(i));
            try {
                checkSignature(publicKey, signatureCreator.createSignature(X509SignatureUtil.getSignatureName(l2)), l2.m(), f51.y(r4.s(i)).r());
                e = null;
                z2 = true;
            } catch (InvalidKeyException | NoSuchAlgorithmException unused) {
                e = null;
            } catch (SignatureException e3) {
                e = e3;
            }
            if (e != null) {
                throw e;
            }
            i++;
        }
        if (!z2) {
            throw new InvalidKeyException("no matching key found");
        }
    }

    private Set getExtensionOIDs(boolean z) {
        d62 j;
        if (getVersion() != 2 || (j = this.c.o().j()) == null) {
            return null;
        }
        HashSet hashSet = new HashSet();
        Enumeration k = j.k();
        while (k.hasMoreElements()) {
            c1 c1Var = (c1) k.nextElement();
            if (z == j.e(c1Var).n()) {
                hashSet.add(c1Var.v());
            }
        }
        return hashSet;
    }

    public static byte[] getExtensionOctets(lg0 lg0Var, String str) {
        d1 extensionValue = getExtensionValue(lg0Var, str);
        if (extensionValue != null) {
            return extensionValue.s();
        }
        return null;
    }

    public static d1 getExtensionValue(lg0 lg0Var, String str) {
        z52 e;
        d62 j = lg0Var.o().j();
        if (j == null || (e = j.e(new c1(str))) == null) {
            return null;
        }
        return e.k();
    }

    private Set loadCRLEntries() {
        z52 e;
        HashSet hashSet = new HashSet();
        Enumeration l = this.c.l();
        gq8 gq8Var = null;
        while (l.hasMoreElements()) {
            gs7.b bVar = (gs7.b) l.nextElement();
            hashSet.add(new X509CRLEntryObject(bVar, this.isIndirect, gq8Var));
            if (this.isIndirect && bVar.n() && (e = bVar.j().e(z52.r)) != null) {
                gq8Var = gq8.j(zs2.j(e.m()).k()[0].k());
            }
        }
        return hashSet;
    }

    @Override // java.security.cert.X509Extension
    public Set getCriticalExtensionOIDs() {
        return getExtensionOIDs(true);
    }

    @Override // java.security.cert.X509Extension
    public byte[] getExtensionValue(String str) {
        d1 extensionValue = getExtensionValue(this.c, str);
        if (extensionValue == null) {
            return null;
        }
        try {
            return extensionValue.getEncoded();
        } catch (Exception e) {
            throw new IllegalStateException("error parsing " + e.toString());
        }
    }

    @Override // java.security.cert.X509CRL
    public Principal getIssuerDN() {
        return new ar8(gq8.j(this.c.j().i()));
    }

    @Override // java.security.cert.X509CRL
    public X500Principal getIssuerX500Principal() {
        try {
            return new X500Principal(this.c.j().getEncoded());
        } catch (IOException unused) {
            throw new IllegalStateException("can't encode issuer DN");
        }
    }

    @Override // java.security.cert.X509CRL
    public Date getNextUpdate() {
        jy7 k = this.c.k();
        if (k == null) {
            return null;
        }
        return k.j();
    }

    @Override // java.security.cert.X509Extension
    public Set getNonCriticalExtensionOIDs() {
        return getExtensionOIDs(false);
    }

    @Override // java.security.cert.X509CRL
    public X509CRLEntry getRevokedCertificate(BigInteger bigInteger) {
        z52 e;
        Enumeration l = this.c.l();
        gq8 gq8Var = null;
        while (l.hasMoreElements()) {
            gs7.b bVar = (gs7.b) l.nextElement();
            if (bVar.m().w(bigInteger)) {
                return new X509CRLEntryObject(bVar, this.isIndirect, gq8Var);
            }
            if (this.isIndirect && bVar.n() && (e = bVar.j().e(z52.r)) != null) {
                gq8Var = gq8.j(zs2.j(e.m()).k()[0].k());
            }
        }
        return null;
    }

    @Override // java.security.cert.X509CRL
    public Set getRevokedCertificates() {
        Set loadCRLEntries = loadCRLEntries();
        if (loadCRLEntries.isEmpty()) {
            return null;
        }
        return Collections.unmodifiableSet(loadCRLEntries);
    }

    @Override // java.security.cert.X509CRL
    public String getSigAlgName() {
        return this.sigAlgName;
    }

    @Override // java.security.cert.X509CRL
    public String getSigAlgOID() {
        return this.c.n().j().v();
    }

    @Override // java.security.cert.X509CRL
    public byte[] getSigAlgParams() {
        return wn.h(this.sigAlgParams);
    }

    @Override // java.security.cert.X509CRL
    public byte[] getSignature() {
        return this.c.m().s();
    }

    @Override // java.security.cert.X509CRL
    public byte[] getTBSCertList() throws CRLException {
        try {
            return this.c.o().d("DER");
        } catch (IOException e) {
            throw new CRLException(e.toString());
        }
    }

    @Override // java.security.cert.X509CRL
    public Date getThisUpdate() {
        return this.c.p().j();
    }

    @Override // java.security.cert.X509CRL
    public int getVersion() {
        return this.c.q();
    }

    @Override // java.security.cert.X509Extension
    public boolean hasUnsupportedCriticalExtension() {
        Set criticalExtensionOIDs = getCriticalExtensionOIDs();
        if (criticalExtensionOIDs == null) {
            return false;
        }
        criticalExtensionOIDs.remove(z52.q.v());
        criticalExtensionOIDs.remove(z52.p.v());
        return !criticalExtensionOIDs.isEmpty();
    }

    @Override // java.security.cert.CRL
    public boolean isRevoked(Certificate certificate) {
        gq8 m;
        z52 e;
        if (!certificate.getType().equals("X.509")) {
            throw new IllegalArgumentException("X.509 CRL used with non X.509 Cert");
        }
        Enumeration l = this.c.l();
        gq8 j = this.c.j();
        if (l.hasMoreElements()) {
            X509Certificate x509Certificate = (X509Certificate) certificate;
            BigInteger serialNumber = x509Certificate.getSerialNumber();
            while (l.hasMoreElements()) {
                gs7.b k = gs7.b.k(l.nextElement());
                if (this.isIndirect && k.n() && (e = k.j().e(z52.r)) != null) {
                    j = gq8.j(zs2.j(e.m()).k()[0].k());
                }
                if (k.m().w(serialNumber)) {
                    if (certificate instanceof X509Certificate) {
                        m = gq8.j(x509Certificate.getIssuerX500Principal().getEncoded());
                    } else {
                        try {
                            m = kg0.l(certificate.getEncoded()).m();
                        } catch (CertificateEncodingException e2) {
                            throw new IllegalArgumentException("Cannot process certificate: " + e2.getMessage());
                        }
                    }
                    return j.equals(m);
                }
            }
        }
        return false;
    }

    /*  JADX ERROR: JadxRuntimeException in pass: RegionMakerVisitor
        jadx.core.utils.exceptions.JadxRuntimeException: Can't find top splitter block for handler:B:39:0x0143
        	at jadx.core.utils.BlockUtils.getTopSplitterForHandler(BlockUtils.java:1166)
        	at jadx.core.dex.visitors.regions.RegionMaker.processTryCatchBlocks(RegionMaker.java:1022)
        	at jadx.core.dex.visitors.regions.RegionMakerVisitor.visit(RegionMakerVisitor.java:55)
        */
    @Override // java.security.cert.CRL
    public java.lang.String toString() {
        /*
            Method dump skipped, instructions count: 369
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: org.bouncycastle.jcajce.provider.asymmetric.x509.X509CRLImpl.toString():java.lang.String");
    }

    @Override // java.security.cert.X509CRL
    public void verify(PublicKey publicKey) throws CRLException, NoSuchAlgorithmException, InvalidKeyException, NoSuchProviderException, SignatureException {
        doVerify(publicKey, new SignatureCreator() { // from class: org.bouncycastle.jcajce.provider.asymmetric.x509.X509CRLImpl.1
            @Override // org.bouncycastle.jcajce.provider.asymmetric.x509.SignatureCreator
            public Signature createSignature(String str) throws NoSuchAlgorithmException, NoSuchProviderException {
                try {
                    return X509CRLImpl.this.bcHelper.createSignature(str);
                } catch (Exception unused) {
                    return Signature.getInstance(str);
                }
            }
        });
    }

    @Override // java.security.cert.X509CRL
    public void verify(PublicKey publicKey, final String str) throws CRLException, NoSuchAlgorithmException, InvalidKeyException, NoSuchProviderException, SignatureException {
        doVerify(publicKey, new SignatureCreator() { // from class: org.bouncycastle.jcajce.provider.asymmetric.x509.X509CRLImpl.2
            @Override // org.bouncycastle.jcajce.provider.asymmetric.x509.SignatureCreator
            public Signature createSignature(String str2) throws NoSuchAlgorithmException, NoSuchProviderException {
                String str3 = str;
                return str3 != null ? Signature.getInstance(str2, str3) : Signature.getInstance(str2);
            }
        });
    }

    @Override // java.security.cert.X509CRL
    public void verify(PublicKey publicKey, final Provider provider) throws CRLException, NoSuchAlgorithmException, InvalidKeyException, SignatureException {
        try {
            doVerify(publicKey, new SignatureCreator() { // from class: org.bouncycastle.jcajce.provider.asymmetric.x509.X509CRLImpl.3
                @Override // org.bouncycastle.jcajce.provider.asymmetric.x509.SignatureCreator
                public Signature createSignature(String str) throws NoSuchAlgorithmException, NoSuchProviderException {
                    return provider != null ? Signature.getInstance(X509CRLImpl.this.getSigAlgName(), provider) : Signature.getInstance(X509CRLImpl.this.getSigAlgName());
                }
            });
        } catch (NoSuchProviderException e) {
            throw new NoSuchAlgorithmException("provider issue: " + e.getMessage());
        }
    }
}
