package org.bouncycastle.jce.provider;

import android.support.v4.media.a;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.math.BigInteger;
import java.security.KeyFactory;
import java.security.PublicKey;
import java.security.cert.CRLException;
import java.security.cert.CertPath;
import java.security.cert.CertPathValidatorException;
import java.security.cert.CertStore;
import java.security.cert.CertStoreException;
import java.security.cert.Certificate;
import java.security.cert.PolicyQualifierInfo;
import java.security.cert.TrustAnchor;
import java.security.cert.X509CRL;
import java.security.cert.X509CRLEntry;
import java.security.cert.X509CertSelector;
import java.security.cert.X509Certificate;
import java.security.interfaces.DSAParams;
import java.security.interfaces.DSAPublicKey;
import java.security.spec.DSAPublicKeySpec;
import java.text.ParseException;
import java.util.ArrayList;
import java.util.Collections;
import java.util.Date;
import java.util.Enumeration;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Set;
import javax.security.auth.x500.X500Principal;
import org.bouncycastle.asn1.ASN1Encodable;
import org.bouncycastle.asn1.ASN1Enumerated;
import org.bouncycastle.asn1.ASN1GeneralizedTime;
import org.bouncycastle.asn1.ASN1InputStream;
import org.bouncycastle.asn1.ASN1OctetString;
import org.bouncycastle.asn1.ASN1OutputStream;
import org.bouncycastle.asn1.ASN1Primitive;
import org.bouncycastle.asn1.ASN1Sequence;
import org.bouncycastle.asn1.DEREnumerated;
import org.bouncycastle.asn1.DERGeneralizedTime;
import org.bouncycastle.asn1.DERIA5String;
import org.bouncycastle.asn1.DERInteger;
import org.bouncycastle.asn1.isismtt.ISISMTTObjectIdentifiers;
import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
import org.bouncycastle.asn1.x509.CRLDistPoint;
import org.bouncycastle.asn1.x509.DistributionPoint;
import org.bouncycastle.asn1.x509.DistributionPointName;
import org.bouncycastle.asn1.x509.Extension;
import org.bouncycastle.asn1.x509.GeneralName;
import org.bouncycastle.asn1.x509.GeneralNames;
import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo;
import org.bouncycastle.asn1.x509.X509Extension;
import org.bouncycastle.jce.X509LDAPCertStoreParameters;
import org.bouncycastle.jce.exception.ExtCertPathValidatorException;
import org.bouncycastle.util.Arrays;
import org.bouncycastle.util.StoreException;
import org.bouncycastle.util.Strings;
import org.bouncycastle.x509.ExtendedPKIXBuilderParameters;
import org.bouncycastle.x509.ExtendedPKIXParameters;
import org.bouncycastle.x509.X509AttributeCertStoreSelector;
import org.bouncycastle.x509.X509AttributeCertificate;
import org.bouncycastle.x509.X509CRLStoreSelector;
import org.bouncycastle.x509.X509CertStoreSelector;
import org.bouncycastle.x509.X509Store;

/* loaded from: classes2.dex */
public class CertPathValidatorUtilities {

    /* renamed from: a, reason: collision with root package name */
    public static final String f23232a;
    public static final String b;

    static {
        Extension.j1.getClass();
        Extension.b1.getClass();
        Extension.k1.getClass();
        Extension.Z0.getClass();
        Extension.h1.getClass();
        Extension.Y0.getClass();
        Extension.p1.getClass();
        f23232a = Extension.f1.V0;
        Extension.e1.getClass();
        Extension.m1.getClass();
        Extension.o1.getClass();
        Extension.i1.getClass();
        Extension.l1.getClass();
        b = Extension.c1.V0;
    }

    public static void a(String str, ExtendedPKIXParameters extendedPKIXParameters) {
        String concat;
        String str2;
        if (extendedPKIXParameters.n) {
            try {
                if (str.startsWith("ldap://")) {
                    String substring = str.substring(7);
                    if (substring.indexOf("/") != -1) {
                        str2 = substring.substring(substring.indexOf("/"));
                        concat = "ldap://" + substring.substring(0, substring.indexOf("/"));
                    } else {
                        concat = "ldap://".concat(substring);
                        str2 = null;
                    }
                    X509LDAPCertStoreParameters a2 = new X509LDAPCertStoreParameters.Builder(concat, str2).a();
                    extendedPKIXParameters.f23431o.add(X509Store.a("CERTIFICATE/LDAP", a2));
                    extendedPKIXParameters.f23431o.add(X509Store.a("CRL/LDAP", a2));
                    extendedPKIXParameters.f23431o.add(X509Store.a("ATTRIBUTECERTIFICATE/LDAP", a2));
                    extendedPKIXParameters.f23431o.add(X509Store.a("CERTIFICATEPAIR/LDAP", a2));
                }
            } catch (Exception unused) {
                throw new RuntimeException("Exception adding X.509 stores.");
            }
        }
    }

    public static void b(X509Certificate x509Certificate, ExtendedPKIXParameters extendedPKIXParameters) {
        if (x509Certificate.getIssuerAlternativeNames() != null) {
            for (List<?> list : x509Certificate.getIssuerAlternativeNames()) {
                if (list.get(0).equals(6)) {
                    a((String) list.get(1), extendedPKIXParameters);
                }
            }
        }
    }

    public static void c(CRLDistPoint cRLDistPoint, ExtendedPKIXParameters extendedPKIXParameters) {
        if (cRLDistPoint != null) {
            try {
                for (DistributionPoint distributionPoint : cRLDistPoint.g()) {
                    DistributionPointName distributionPointName = distributionPoint.V0;
                    if (distributionPointName != null && distributionPointName.W0 == 0) {
                        for (GeneralName generalName : GeneralNames.g(distributionPointName.V0).h()) {
                            if (generalName.W0 == 6) {
                                a(Strings.a(DERIA5String.n(generalName.V0).V0), extendedPKIXParameters);
                            }
                        }
                    }
                }
            } catch (Exception e) {
                throw new AnnotatedException("Distribution points could not be read.", e);
            }
        }
    }

    public static HashSet d(List list, X509AttributeCertStoreSelector x509AttributeCertStoreSelector) {
        HashSet hashSet = new HashSet();
        for (Object obj : list) {
            if (obj instanceof X509Store) {
                try {
                    hashSet.addAll(((X509Store) obj).f23446a.a(x509AttributeCertStoreSelector));
                } catch (StoreException e) {
                    throw new AnnotatedException("Problem while picking certificates from X.509 store.", e);
                }
            }
        }
        return hashSet;
    }

    public static HashSet e(List list, X509CertStoreSelector x509CertStoreSelector) {
        HashSet hashSet = new HashSet();
        for (Object obj : list) {
            if (obj instanceof X509Store) {
                try {
                    hashSet.addAll(((X509Store) obj).f23446a.a(x509CertStoreSelector));
                } catch (StoreException e) {
                    throw new AnnotatedException("Problem while picking certificates from X.509 store.", e);
                }
            } else {
                try {
                    hashSet.addAll(((CertStore) obj).getCertificates(x509CertStoreSelector));
                } catch (CertStoreException e2) {
                    throw new AnnotatedException("Problem while picking certificates from certificate store.", e2);
                }
            }
        }
        return hashSet;
    }

    /* JADX WARN: Type inference failed for: r0v0, types: [org.bouncycastle.x509.X509CertStoreSelector, java.security.cert.X509CertSelector] */
    public static HashSet f(X509Certificate x509Certificate, ExtendedPKIXBuilderParameters extendedPKIXBuilderParameters) {
        ?? x509CertSelector = new X509CertSelector();
        HashSet hashSet = new HashSet();
        try {
            x509CertSelector.setSubject(x509Certificate.getIssuerX500Principal().getEncoded());
            try {
                ArrayList arrayList = new ArrayList();
                arrayList.addAll(e(extendedPKIXBuilderParameters.getCertStores(), x509CertSelector));
                arrayList.addAll(e(extendedPKIXBuilderParameters.a(), x509CertSelector));
                arrayList.addAll(e(Collections.unmodifiableList(extendedPKIXBuilderParameters.f23431o), x509CertSelector));
                Iterator it = arrayList.iterator();
                while (it.hasNext()) {
                    hashSet.add((X509Certificate) it.next());
                }
                return hashSet;
            } catch (AnnotatedException e) {
                throw new AnnotatedException("Issuer certificate cannot be searched.", e);
            }
        } catch (IOException e2) {
            throw new AnnotatedException("Subject criteria for certificate selector to find issuer certificate could not be set.", e2);
        }
    }

    public static TrustAnchor g(X509Certificate x509Certificate, Set set, String str) {
        X509CertSelector x509CertSelector = new X509CertSelector();
        X500Principal m2 = m(x509Certificate);
        try {
            x509CertSelector.setSubject(m2.getEncoded());
            Iterator it = set.iterator();
            TrustAnchor trustAnchor = null;
            Exception exc = null;
            PublicKey publicKey = null;
            while (it.hasNext() && trustAnchor == null) {
                trustAnchor = (TrustAnchor) it.next();
                if (trustAnchor.getTrustedCert() != null) {
                    if (x509CertSelector.match(trustAnchor.getTrustedCert())) {
                        publicKey = trustAnchor.getTrustedCert().getPublicKey();
                    }
                    trustAnchor = null;
                } else {
                    if (trustAnchor.getCAName() != null && trustAnchor.getCAPublicKey() != null) {
                        try {
                            if (m2.equals(new X500Principal(trustAnchor.getCAName()))) {
                                publicKey = trustAnchor.getCAPublicKey();
                            }
                        } catch (IllegalArgumentException unused) {
                        }
                    }
                    trustAnchor = null;
                }
                if (publicKey != null) {
                    if (str == null) {
                        try {
                            x509Certificate.verify(publicKey);
                        } catch (Exception e) {
                            exc = e;
                            trustAnchor = null;
                            publicKey = null;
                        }
                    } else {
                        x509Certificate.verify(publicKey, str);
                    }
                }
            }
            if (trustAnchor != null || exc == null) {
                return trustAnchor;
            }
            throw new AnnotatedException("TrustAnchor found but certificate validation failed.", exc);
        } catch (IOException e2) {
            throw new AnnotatedException("Cannot set subject search criteria for trust anchor.", e2);
        }
    }

    public static AlgorithmIdentifier h(PublicKey publicKey) {
        try {
            return SubjectPublicKeyInfo.g(new ASN1InputStream(publicKey.getEncoded()).j()).V0;
        } catch (Exception e) {
            throw new ExtCertPathValidatorException("Subject public key cannot be decoded.", e);
        }
    }

    public static void i(DistributionPoint distributionPoint, HashSet hashSet, X509CRLStoreSelector x509CRLStoreSelector) {
        ArrayList arrayList = new ArrayList();
        GeneralNames generalNames = distributionPoint.X0;
        if (generalNames != null) {
            GeneralName[] h2 = generalNames.h();
            for (int i2 = 0; i2 < h2.length; i2++) {
                if (h2[i2].W0 == 4) {
                    try {
                        arrayList.add(new X500Principal(h2[i2].V0.b().e()));
                    } catch (IOException e) {
                        throw new AnnotatedException("CRL issuer information from distribution point cannot be decoded.", e);
                    }
                }
            }
        } else {
            if (distributionPoint.V0 == null) {
                throw new AnnotatedException("CRL issuer is omitted from distribution point but no distributionPoint field present.", null);
            }
            Iterator it = hashSet.iterator();
            while (it.hasNext()) {
                arrayList.add((X500Principal) it.next());
            }
        }
        Iterator it2 = arrayList.iterator();
        while (it2.hasNext()) {
            try {
                x509CRLStoreSelector.addIssuerName(((X500Principal) it2.next()).getEncoded());
            } catch (IOException e2) {
                throw new AnnotatedException("Cannot decode CRL issuer information.", e2);
            }
        }
    }

    public static void j(Date date, X509CRL x509crl, Object obj, CertStatus certStatus) {
        X509CRLEntry revokedCertificate;
        ASN1Enumerated n;
        try {
            if (X509CRLObject.c(x509crl)) {
                revokedCertificate = x509crl.getRevokedCertificate(obj instanceof X509Certificate ? ((X509Certificate) obj).getSerialNumber() : ((X509AttributeCertificate) obj).getSerialNumber());
                if (revokedCertificate == null) {
                    return;
                }
                X500Principal certificateIssuer = revokedCertificate.getCertificateIssuer();
                if (certificateIssuer == null) {
                    certificateIssuer = x509crl.getIssuerX500Principal();
                }
                if (!m(obj).equals(certificateIssuer)) {
                    return;
                }
            } else {
                if (!m(obj).equals(x509crl.getIssuerX500Principal())) {
                    return;
                }
                revokedCertificate = x509crl.getRevokedCertificate(obj instanceof X509Certificate ? ((X509Certificate) obj).getSerialNumber() : ((X509AttributeCertificate) obj).getSerialNumber());
                if (revokedCertificate == null) {
                    return;
                }
            }
            if (revokedCertificate.hasExtensions()) {
                try {
                    n = DEREnumerated.n(n(revokedCertificate, X509Extension.c.V0));
                } catch (Exception e) {
                    throw new AnnotatedException("Reason code CRL entry extension could not be decoded.", e);
                }
            } else {
                n = null;
            }
            if (date.getTime() >= revokedCertificate.getRevocationDate().getTime() || n == null || n.o().intValue() == 0 || n.o().intValue() == 1 || n.o().intValue() == 2 || n.o().intValue() == 8) {
                certStatus.f23233a = n != null ? n.o().intValue() : 0;
                certStatus.b = revokedCertificate.getRevocationDate();
            }
        } catch (CRLException e2) {
            throw new AnnotatedException("Failed check for indirect CRL.", e2);
        }
    }

    public static HashSet k(DistributionPoint distributionPoint, Object obj, Date date, ExtendedPKIXParameters extendedPKIXParameters) {
        X509CRLStoreSelector x509CRLStoreSelector = new X509CRLStoreSelector();
        try {
            HashSet hashSet = new HashSet();
            hashSet.add(obj instanceof X509AttributeCertificate ? ((X509AttributeCertificate) obj).e().a()[0] : m(obj));
            i(distributionPoint, hashSet, x509CRLStoreSelector);
            if (obj instanceof X509Certificate) {
                x509CRLStoreSelector.setCertificateChecking((X509Certificate) obj);
            } else if (obj instanceof X509AttributeCertificate) {
                x509CRLStoreSelector.q = (X509AttributeCertificate) obj;
            }
            x509CRLStoreSelector.f23439m = true;
            HashSet b2 = PKIXCRLUtil.b(x509CRLStoreSelector, extendedPKIXParameters, date);
            if (!b2.isEmpty()) {
                return b2;
            }
            if (obj instanceof X509AttributeCertificate) {
                throw new AnnotatedException("No CRLs found for issuer \"" + ((X509AttributeCertificate) obj).e().a()[0] + "\"", null);
            }
            throw new AnnotatedException("No CRLs found for issuer \"" + ((X509Certificate) obj).getIssuerX500Principal() + "\"", null);
        } catch (AnnotatedException e) {
            throw new AnnotatedException("Could not get issuer information from distribution point.", e);
        }
    }

    public static HashSet l(Date date, ExtendedPKIXParameters extendedPKIXParameters, X509CRL x509crl) {
        X509CRLStoreSelector x509CRLStoreSelector = new X509CRLStoreSelector();
        try {
            x509CRLStoreSelector.addIssuerName(x509crl.getIssuerX500Principal().getEncoded());
            try {
                ASN1Primitive n = n(x509crl, b);
                BigInteger p2 = n != null ? DERInteger.n(n).p() : null;
                try {
                    byte[] extensionValue = x509crl.getExtensionValue(f23232a);
                    x509CRLStoreSelector.setMinCRLNumber(p2 != null ? p2.add(BigInteger.valueOf(1L)) : null);
                    x509CRLStoreSelector.f23440o = Arrays.b(extensionValue);
                    x509CRLStoreSelector.f23441p = true;
                    x509CRLStoreSelector.n = p2;
                    HashSet b2 = PKIXCRLUtil.b(x509CRLStoreSelector, extendedPKIXParameters, date);
                    HashSet hashSet = new HashSet();
                    Iterator it = b2.iterator();
                    while (it.hasNext()) {
                        X509CRL x509crl2 = (X509CRL) it.next();
                        Set<String> criticalExtensionOIDs = x509crl2.getCriticalExtensionOIDs();
                        if (criticalExtensionOIDs != null && criticalExtensionOIDs.contains(RFC3280CertPathUtilities.e)) {
                            hashSet.add(x509crl2);
                        }
                    }
                    return hashSet;
                } catch (Exception e) {
                    throw new AnnotatedException("Issuing distribution point extension value could not be read.", e);
                }
            } catch (Exception e2) {
                throw new AnnotatedException("CRL number extension could not be extracted from CRL.", e2);
            }
        } catch (IOException e3) {
            throw new AnnotatedException("Cannot extract issuer from CRL.", e3);
        }
    }

    public static X500Principal m(Object obj) {
        return obj instanceof X509Certificate ? ((X509Certificate) obj).getIssuerX500Principal() : (X500Principal) ((X509AttributeCertificate) obj).e().a()[0];
    }

    public static ASN1Primitive n(java.security.cert.X509Extension x509Extension, String str) {
        byte[] extensionValue = x509Extension.getExtensionValue(str);
        if (extensionValue == null) {
            return null;
        }
        try {
            return new ASN1InputStream(((ASN1OctetString) new ASN1InputStream(extensionValue).j()).p()).j();
        } catch (Exception e) {
            throw new AnnotatedException(a.l("exception processing extension ", str), e);
        }
    }

    public static PublicKey o(int i2, List list) {
        DSAPublicKey dSAPublicKey;
        PublicKey publicKey = ((Certificate) list.get(i2)).getPublicKey();
        if (!(publicKey instanceof DSAPublicKey)) {
            return publicKey;
        }
        DSAPublicKey dSAPublicKey2 = (DSAPublicKey) publicKey;
        if (dSAPublicKey2.getParams() != null) {
            return dSAPublicKey2;
        }
        do {
            i2++;
            if (i2 >= list.size()) {
                throw new CertPathValidatorException("DSA parameters cannot be inherited from previous certificate.");
            }
            PublicKey publicKey2 = ((X509Certificate) list.get(i2)).getPublicKey();
            if (!(publicKey2 instanceof DSAPublicKey)) {
                throw new CertPathValidatorException("DSA parameters cannot be inherited from previous certificate.");
            }
            dSAPublicKey = (DSAPublicKey) publicKey2;
        } while (dSAPublicKey.getParams() == null);
        DSAParams params = dSAPublicKey.getParams();
        try {
            return KeyFactory.getInstance("DSA", "BC").generatePublic(new DSAPublicKeySpec(dSAPublicKey2.getY(), params.getP(), params.getQ(), params.getG()));
        } catch (Exception e) {
            throw new RuntimeException(e.getMessage());
        }
    }

    public static final HashSet p(ASN1Sequence aSN1Sequence) {
        HashSet hashSet = new HashSet();
        if (aSN1Sequence == null) {
            return hashSet;
        }
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        ASN1OutputStream aSN1OutputStream = new ASN1OutputStream(byteArrayOutputStream);
        Enumeration q = aSN1Sequence.q();
        while (q.hasMoreElements()) {
            try {
                aSN1OutputStream.g((ASN1Encodable) q.nextElement());
                hashSet.add(new PolicyQualifierInfo(byteArrayOutputStream.toByteArray()));
                byteArrayOutputStream.reset();
            } catch (IOException e) {
                throw new ExtCertPathValidatorException("Policy qualifier info cannot be decoded.", e);
            }
        }
        return hashSet;
    }

    public static Date q(ExtendedPKIXParameters extendedPKIXParameters, CertPath certPath, int i2) {
        if (extendedPKIXParameters.f23433t != 1) {
            Date date = extendedPKIXParameters.getDate();
            return date == null ? new Date() : date;
        }
        if (i2 <= 0) {
            Date date2 = extendedPKIXParameters.getDate();
            return date2 == null ? new Date() : date2;
        }
        int i3 = i2 - 1;
        if (i3 == 0) {
            try {
                byte[] extensionValue = ((X509Certificate) certPath.getCertificates().get(i3)).getExtensionValue(ISISMTTObjectIdentifiers.f22653a.V0);
                ASN1GeneralizedTime o2 = extensionValue != null ? DERGeneralizedTime.o(ASN1Primitive.j(extensionValue)) : null;
                if (o2 != null) {
                    try {
                        return o2.n();
                    } catch (ParseException e) {
                        throw new AnnotatedException("Date from date of cert gen extension could not be parsed.", e);
                    }
                }
            } catch (IOException unused) {
                throw new AnnotatedException("Date of cert gen extension could not be read.", null);
            } catch (IllegalArgumentException unused2) {
                throw new AnnotatedException("Date of cert gen extension could not be read.", null);
            }
        }
        return ((X509Certificate) certPath.getCertificates().get(i3)).getNotBefore();
    }

    public static PKIXPolicyNode r(PKIXPolicyNode pKIXPolicyNode, List[] listArr, PKIXPolicyNode pKIXPolicyNode2) {
        PKIXPolicyNode pKIXPolicyNode3 = (PKIXPolicyNode) pKIXPolicyNode2.getParent();
        if (pKIXPolicyNode == null) {
            return null;
        }
        if (pKIXPolicyNode3 != null) {
            pKIXPolicyNode3.f23246a.remove(pKIXPolicyNode2);
            s(listArr, pKIXPolicyNode2);
            return pKIXPolicyNode;
        }
        for (int i2 = 0; i2 < listArr.length; i2++) {
            listArr[i2] = new ArrayList();
        }
        return null;
    }

    public static void s(List[] listArr, PKIXPolicyNode pKIXPolicyNode) {
        listArr[pKIXPolicyNode.getDepth()].remove(pKIXPolicyNode);
        if (!pKIXPolicyNode.f23246a.isEmpty()) {
            Iterator children = pKIXPolicyNode.getChildren();
            while (children.hasNext()) {
                s(listArr, (PKIXPolicyNode) children.next());
            }
        }
    }
}
