package org.bouncycastle.pkix.jcajce;

import java.net.URI;
import java.security.GeneralSecurityException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.Provider;
import java.security.PublicKey;
import java.security.cert.CRL;
import java.security.cert.CertPathValidatorException;
import java.security.cert.CertStore;
import java.security.cert.CertStoreException;
import java.security.cert.Certificate;
import java.security.cert.CertificateFactory;
import java.security.cert.PKIXCertPathChecker;
import java.security.cert.PKIXParameters;
import java.security.cert.TrustAnchor;
import java.security.cert.X509CRL;
import java.security.cert.X509CRLSelector;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Collections;
import java.util.Date;
import java.util.Enumeration;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Set;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.security.auth.x500.X500Principal;
import org.bouncycastle.asn1.ASN1ObjectIdentifier;
import org.bouncycastle.asn1.ASN1Primitive;
import org.bouncycastle.asn1.ASN1String;
import org.bouncycastle.asn1.x509.CRLDistPoint;
import org.bouncycastle.asn1.x509.DistributionPoint;
import org.bouncycastle.asn1.x509.DistributionPointName;
import org.bouncycastle.asn1.x509.Extension;
import org.bouncycastle.asn1.x509.GeneralName;
import org.bouncycastle.asn1.x509.GeneralNames;
import org.bouncycastle.jcajce.PKIXCRLStore;
import org.bouncycastle.jcajce.PKIXCRLStoreSelector;
import org.bouncycastle.jcajce.PKIXExtendedParameters;
import org.bouncycastle.jcajce.util.DefaultJcaJceHelper;
import org.bouncycastle.jcajce.util.JcaJceHelper;
import org.bouncycastle.jcajce.util.NamedJcaJceHelper;
import org.bouncycastle.jcajce.util.ProviderJcaJceHelper;
import org.bouncycastle.util.CollectionStore;
import org.bouncycastle.util.Iterable;
import org.bouncycastle.util.Selector;
import org.bouncycastle.util.Store;

/* loaded from: classes10.dex */
public class X509RevocationChecker extends PKIXCertPathChecker {

    /* renamed from: p, reason: collision with root package name */
    public static final int f58056p = 0;

    /* renamed from: q, reason: collision with root package name */
    public static final int f58057q = 1;

    /* renamed from: r, reason: collision with root package name */
    public static Logger f58058r = Logger.getLogger(X509RevocationChecker.class.getName());

    /* renamed from: s, reason: collision with root package name */
    public static final String[] f58059s = {"unspecified", "keyCompromise", "cACompromise", "affiliationChanged", "superseded", "cessationOfOperation", "certificateHold", "unknown", "removeFromCRL", "privilegeWithdrawn", "aACompromise"};

    /* renamed from: a, reason: collision with root package name */
    public final Map<X500Principal, Long> f58060a;

    /* renamed from: b, reason: collision with root package name */
    public final Set<TrustAnchor> f58061b;

    /* renamed from: c, reason: collision with root package name */
    public final boolean f58062c;

    /* renamed from: d, reason: collision with root package name */
    public final int f58063d;

    /* renamed from: e, reason: collision with root package name */
    public final List<Store<CRL>> f58064e;

    /* renamed from: f, reason: collision with root package name */
    public final List<CertStore> f58065f;

    /* renamed from: g, reason: collision with root package name */
    public final JcaJceHelper f58066g;

    /* renamed from: h, reason: collision with root package name */
    public final boolean f58067h;

    /* renamed from: i, reason: collision with root package name */
    public final long f58068i;

    /* renamed from: j, reason: collision with root package name */
    public final long f58069j;

    /* renamed from: k, reason: collision with root package name */
    public final Date f58070k;

    /* renamed from: l, reason: collision with root package name */
    public Date f58071l;

    /* renamed from: m, reason: collision with root package name */
    public X500Principal f58072m;

    /* renamed from: n, reason: collision with root package name */
    public PublicKey f58073n;

    /* renamed from: o, reason: collision with root package name */
    public X509Certificate f58074o;

    /* loaded from: classes10.dex */
    public static class Builder {

        /* renamed from: a, reason: collision with root package name */
        public Set<TrustAnchor> f58079a;

        /* renamed from: b, reason: collision with root package name */
        public List<CertStore> f58080b;

        /* renamed from: c, reason: collision with root package name */
        public List<Store<CRL>> f58081c;

        /* renamed from: d, reason: collision with root package name */
        public boolean f58082d;

        /* renamed from: e, reason: collision with root package name */
        public int f58083e;

        /* renamed from: f, reason: collision with root package name */
        public Provider f58084f;

        /* renamed from: g, reason: collision with root package name */
        public String f58085g;

        /* renamed from: h, reason: collision with root package name */
        public boolean f58086h;

        /* renamed from: i, reason: collision with root package name */
        public long f58087i;

        /* renamed from: j, reason: collision with root package name */
        public long f58088j;

        /* renamed from: k, reason: collision with root package name */
        public Date f58089k;

        public Builder(KeyStore keyStore) throws KeyStoreException {
            this.f58080b = new ArrayList();
            this.f58081c = new ArrayList();
            this.f58083e = 0;
            this.f58089k = new Date();
            this.f58079a = new HashSet();
            Enumeration<String> aliases = keyStore.aliases();
            while (aliases.hasMoreElements()) {
                String nextElement = aliases.nextElement();
                if (keyStore.isCertificateEntry(nextElement)) {
                    this.f58079a.add(new TrustAnchor((X509Certificate) keyStore.getCertificate(nextElement), null));
                }
            }
        }

        public Builder(TrustAnchor trustAnchor) {
            this.f58080b = new ArrayList();
            this.f58081c = new ArrayList();
            this.f58083e = 0;
            this.f58089k = new Date();
            this.f58079a = Collections.singleton(trustAnchor);
        }

        public Builder(Set<TrustAnchor> set) {
            this.f58080b = new ArrayList();
            this.f58081c = new ArrayList();
            this.f58083e = 0;
            this.f58089k = new Date();
            this.f58079a = new HashSet(set);
        }

        public Builder l(CertStore certStore) {
            this.f58080b.add(certStore);
            return this;
        }

        public Builder m(Store<CRL> store) {
            this.f58081c.add(store);
            return this;
        }

        public X509RevocationChecker n() {
            return new X509RevocationChecker(this);
        }

        public Builder o(boolean z2) {
            this.f58082d = z2;
            return this;
        }

        public Builder p(Date date) {
            this.f58089k = new Date(date.getTime());
            return this;
        }

        public Builder q(boolean z2, long j2) {
            this.f58086h = z2;
            this.f58087i = j2;
            this.f58088j = -1L;
            return this;
        }

        public Builder r(boolean z2, long j2) {
            this.f58086h = z2;
            this.f58087i = (3 * j2) / 4;
            this.f58088j = j2;
            return this;
        }

        public Builder s(int i2) {
            this.f58083e = i2;
            return this;
        }

        public Builder t(String str) {
            this.f58085g = str;
            return this;
        }

        public Builder u(Provider provider) {
            this.f58084f = provider;
            return this;
        }
    }

    /* loaded from: classes10.dex */
    public static class LocalCRLStore implements PKIXCRLStore<CRL>, Iterable<CRL> {

        /* renamed from: a, reason: collision with root package name */
        public Collection<CRL> f58090a;

        public LocalCRLStore(Store<CRL> store) {
            this.f58090a = new ArrayList(store.a(null));
        }

        @Override // org.bouncycastle.jcajce.PKIXCRLStore, org.bouncycastle.util.Store
        public Collection<CRL> a(Selector<CRL> selector) {
            if (selector == null) {
                return new ArrayList(this.f58090a);
            }
            ArrayList arrayList = new ArrayList();
            for (CRL crl : this.f58090a) {
                if (selector.U1(crl)) {
                    arrayList.add(crl);
                }
            }
            return arrayList;
        }

        @Override // org.bouncycastle.util.Iterable, java.lang.Iterable
        public Iterator<CRL> iterator() {
            return a(null).iterator();
        }
    }

    public X509RevocationChecker(Builder builder) {
        JcaJceHelper namedJcaJceHelper;
        this.f58060a = new HashMap();
        this.f58064e = new ArrayList(builder.f58081c);
        this.f58065f = new ArrayList(builder.f58080b);
        this.f58062c = builder.f58082d;
        this.f58063d = builder.f58083e;
        this.f58061b = builder.f58079a;
        this.f58067h = builder.f58086h;
        this.f58068i = builder.f58087i;
        this.f58069j = builder.f58088j;
        this.f58070k = builder.f58089k;
        if (builder.f58084f != null) {
            namedJcaJceHelper = new ProviderJcaJceHelper(builder.f58084f);
        } else {
            if (builder.f58085g == null) {
                this.f58066g = new DefaultJcaJceHelper();
                return;
            }
            namedJcaJceHelper = new NamedJcaJceHelper(builder.f58085g);
        }
        this.f58066g = namedJcaJceHelper;
    }

    public static List<PKIXCRLStore> e(CRLDistPoint cRLDistPoint, Map<GeneralName, PKIXCRLStore> map) throws AnnotatedException {
        if (cRLDistPoint == null) {
            return Collections.emptyList();
        }
        try {
            DistributionPoint[] v2 = cRLDistPoint.v();
            ArrayList arrayList = new ArrayList();
            for (DistributionPoint distributionPoint : v2) {
                DistributionPointName w2 = distributionPoint.w();
                if (w2 != null && w2.y() == 0) {
                    for (GeneralName generalName : GeneralNames.w(w2.x()).y()) {
                        PKIXCRLStore pKIXCRLStore = map.get(generalName);
                        if (pKIXCRLStore != null) {
                            arrayList.add(pKIXCRLStore);
                        }
                    }
                }
            }
            return arrayList;
        } catch (Exception e2) {
            throw new AnnotatedException("could not read distribution points could not be read", e2);
        }
    }

    public final void a(final List<X500Principal> list, CertStore certStore) throws CertStoreException {
        certStore.getCRLs(new X509CRLSelector() { // from class: org.bouncycastle.pkix.jcajce.X509RevocationChecker.1
            @Override // java.security.cert.X509CRLSelector, java.security.cert.CRLSelector
            public boolean match(CRL crl) {
                if (!(crl instanceof X509CRL)) {
                    return false;
                }
                list.add(((X509CRL) crl).getIssuerX500Principal());
                return false;
            }
        });
    }

    public final void b(final List<X500Principal> list, Store<CRL> store) {
        store.a(new Selector<CRL>() { // from class: org.bouncycastle.pkix.jcajce.X509RevocationChecker.2
            @Override // org.bouncycastle.util.Selector
            public Object clone() {
                return this;
            }

            @Override // org.bouncycastle.util.Selector
            /* renamed from: match, reason: merged with bridge method [inline-methods] */
            public boolean U1(CRL crl) {
                if (!(crl instanceof X509CRL)) {
                    return false;
                }
                list.add(((X509CRL) crl).getIssuerX500Principal());
                return false;
            }
        });
    }

    /* JADX WARN: Removed duplicated region for block: B:17:0x0107  */
    /* JADX WARN: Removed duplicated region for block: B:24:0x0119  */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public void c(org.bouncycastle.jcajce.PKIXExtendedParameters r22, java.util.Date r23, java.util.Date r24, java.security.cert.X509Certificate r25, java.security.cert.X509Certificate r26, java.security.PublicKey r27, java.util.List r28, org.bouncycastle.jcajce.util.JcaJceHelper r29) throws org.bouncycastle.pkix.jcajce.AnnotatedException, java.security.cert.CertPathValidatorException {
        /*
            Method dump skipped, instructions count: 439
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: org.bouncycastle.pkix.jcajce.X509RevocationChecker.c(org.bouncycastle.jcajce.PKIXExtendedParameters, java.util.Date, java.util.Date, java.security.cert.X509Certificate, java.security.cert.X509Certificate, java.security.PublicKey, java.util.List, org.bouncycastle.jcajce.util.JcaJceHelper):void");
    }

    @Override // java.security.cert.PKIXCertPathChecker
    public void check(Certificate certificate, Collection<String> collection) throws CertPathValidatorException {
        Logger logger;
        Level level;
        StringBuilder sb;
        X509Certificate x509Certificate = (X509Certificate) certificate;
        if (this.f58062c && x509Certificate.getBasicConstraints() != -1) {
            this.f58072m = x509Certificate.getSubjectX500Principal();
            this.f58073n = x509Certificate.getPublicKey();
            this.f58074o = x509Certificate;
            return;
        }
        if (this.f58072m == null) {
            this.f58072m = x509Certificate.getIssuerX500Principal();
            TrustAnchor trustAnchor = null;
            for (TrustAnchor trustAnchor2 : this.f58061b) {
                if (this.f58072m.equals(trustAnchor2.getCA()) || this.f58072m.equals(trustAnchor2.getTrustedCert().getSubjectX500Principal())) {
                    trustAnchor = trustAnchor2;
                }
            }
            if (trustAnchor == null) {
                throw new CertPathValidatorException("no trust anchor found for " + this.f58072m);
            }
            X509Certificate trustedCert = trustAnchor.getTrustedCert();
            this.f58074o = trustedCert;
            this.f58073n = trustedCert.getPublicKey();
        }
        ArrayList arrayList = new ArrayList();
        try {
            PKIXParameters pKIXParameters = new PKIXParameters(this.f58061b);
            pKIXParameters.setRevocationEnabled(false);
            pKIXParameters.setDate(this.f58070k);
            for (int i2 = 0; i2 != this.f58065f.size(); i2++) {
                if (f58058r.isLoggable(Level.INFO)) {
                    a(arrayList, this.f58065f.get(i2));
                }
                pKIXParameters.addCertStore(this.f58065f.get(i2));
            }
            PKIXExtendedParameters.Builder builder = new PKIXExtendedParameters.Builder(pKIXParameters);
            builder.w(this.f58063d);
            for (int i3 = 0; i3 != this.f58064e.size(); i3++) {
                if (f58058r.isLoggable(Level.INFO)) {
                    b(arrayList, this.f58064e.get(i3));
                }
                builder.m(new LocalCRLStore(this.f58064e.get(i3)));
            }
            if (arrayList.isEmpty()) {
                f58058r.log(Level.INFO, "configured with 0 pre-loaded CRLs");
            } else if (f58058r.isLoggable(Level.FINE)) {
                for (int i4 = 0; i4 != arrayList.size(); i4++) {
                    f58058r.log(Level.FINE, "configuring with CRL for issuer \"" + arrayList.get(i4) + "\"");
                }
            } else {
                f58058r.log(Level.INFO, "configured with " + arrayList.size() + " pre-loaded CRLs");
            }
            PKIXExtendedParameters q2 = builder.q();
            Date m2 = RevocationUtilities.m(q2, this.f58070k);
            try {
                c(q2, this.f58071l, m2, x509Certificate, this.f58074o, this.f58073n, new ArrayList(), this.f58066g);
            } catch (AnnotatedException e2) {
                throw new CertPathValidatorException(e2.getMessage(), e2.getCause());
            } catch (CRLNotFoundException e3) {
                ASN1ObjectIdentifier aSN1ObjectIdentifier = Extension.f49777s;
                if (x509Certificate.getExtensionValue(aSN1ObjectIdentifier.I()) == null) {
                    throw e3;
                }
                try {
                    Set<CRL> d2 = d(x509Certificate.getIssuerX500Principal(), m2, RevocationUtilities.h(x509Certificate, aSN1ObjectIdentifier), this.f58066g);
                    if (!d2.isEmpty()) {
                        try {
                            builder.m(new LocalCRLStore(new CollectionStore(d2)));
                            PKIXExtendedParameters q3 = builder.q();
                            c(q3, this.f58071l, RevocationUtilities.m(q3, this.f58070k), x509Certificate, this.f58074o, this.f58073n, new ArrayList(), this.f58066g);
                        } catch (AnnotatedException e4) {
                            throw new CertPathValidatorException(e4.getMessage(), e4.getCause());
                        }
                    } else {
                        if (!this.f58067h) {
                            throw e3;
                        }
                        X500Principal issuerX500Principal = x509Certificate.getIssuerX500Principal();
                        Long l2 = this.f58060a.get(issuerX500Principal);
                        if (l2 != null) {
                            long currentTimeMillis = System.currentTimeMillis() - l2.longValue();
                            long j2 = this.f58069j;
                            if (j2 != -1 && j2 < currentTimeMillis) {
                                throw e3;
                            }
                            if (currentTimeMillis < this.f58068i) {
                                logger = f58058r;
                                level = Level.WARNING;
                                sb = new StringBuilder();
                            } else {
                                logger = f58058r;
                                level = Level.SEVERE;
                                sb = new StringBuilder();
                            }
                            sb.append("soft failing for issuer: \"");
                            sb.append(issuerX500Principal);
                            sb.append("\"");
                            logger.log(level, sb.toString());
                        } else {
                            this.f58060a.put(issuerX500Principal, Long.valueOf(System.currentTimeMillis()));
                        }
                    }
                } catch (AnnotatedException e5) {
                    throw new CertPathValidatorException(e5.getMessage(), e5.getCause());
                }
            }
            this.f58074o = x509Certificate;
            this.f58073n = x509Certificate.getPublicKey();
            this.f58072m = x509Certificate.getSubjectX500Principal();
        } catch (GeneralSecurityException e6) {
            throw new RuntimeException("error setting up baseParams: " + e6.getMessage());
        }
    }

    @Override // java.security.cert.PKIXCertPathChecker
    public Object clone() {
        return this;
    }

    public final Set<CRL> d(X500Principal x500Principal, Date date, ASN1Primitive aSN1Primitive, JcaJceHelper jcaJceHelper) {
        URI uri;
        PKIXCRLStore a2;
        DistributionPoint[] v2 = CRLDistPoint.w(aSN1Primitive).v();
        try {
            CertificateFactory r2 = jcaJceHelper.r("X.509");
            X509CRLSelector x509CRLSelector = new X509CRLSelector();
            x509CRLSelector.addIssuer(x500Principal);
            PKIXCRLStoreSelector<? extends CRL> g2 = new PKIXCRLStoreSelector.Builder(x509CRLSelector).g();
            HashSet hashSet = new HashSet();
            for (int i2 = 0; i2 != v2.length; i2++) {
                DistributionPointName w2 = v2[i2].w();
                if (w2 != null && w2.y() == 0) {
                    GeneralName[] y2 = GeneralNames.w(w2.x()).y();
                    for (int i3 = 0; i3 != y2.length; i3++) {
                        GeneralName generalName = y2[i3];
                        if (generalName.e() == 6) {
                            try {
                                uri = new URI(((ASN1String) generalName.x()).getString());
                                try {
                                    a2 = CrlCache.a(r2, this.f58070k, uri);
                                } catch (Exception e2) {
                                    e = e2;
                                }
                            } catch (Exception e3) {
                                e = e3;
                                uri = null;
                            }
                            if (a2 != null) {
                                try {
                                    hashSet.addAll(PKIXCRLUtil.b(g2, date, Collections.EMPTY_LIST, Collections.singletonList(a2)));
                                } catch (Exception e4) {
                                    e = e4;
                                    Logger logger = f58058r;
                                    Level level = Level.FINE;
                                    if (logger.isLoggable(level)) {
                                        f58058r.log(level, "CrlDP " + uri + " ignored: " + e.getMessage(), (Throwable) e);
                                    } else {
                                        f58058r.log(Level.INFO, "CrlDP " + uri + " ignored: " + e.getMessage());
                                    }
                                }
                            }
                        }
                    }
                }
            }
            return hashSet;
        } catch (Exception e5) {
            Logger logger2 = f58058r;
            Level level2 = Level.FINE;
            if (logger2.isLoggable(level2)) {
                f58058r.log(level2, "could not create certFact: " + e5.getMessage(), (Throwable) e5);
                return null;
            }
            f58058r.log(Level.INFO, "could not create certFact: " + e5.getMessage());
            return null;
        }
    }

    @Override // java.security.cert.PKIXCertPathChecker
    public Set<String> getSupportedExtensions() {
        return null;
    }

    @Override // java.security.cert.PKIXCertPathChecker, java.security.cert.CertPathChecker
    public void init(boolean z2) throws CertPathValidatorException {
        if (z2) {
            throw new IllegalArgumentException("forward processing not supported");
        }
        this.f58071l = new Date();
        this.f58072m = null;
    }

    @Override // java.security.cert.PKIXCertPathChecker, java.security.cert.CertPathChecker
    public boolean isForwardCheckingSupported() {
        return false;
    }
}
