package org.bouncycastle.pkix.jcajce;

import java.net.URI;
import java.security.GeneralSecurityException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.Provider;
import java.security.PublicKey;
import java.security.cert.CRL;
import java.security.cert.CertPathValidatorException;
import java.security.cert.CertStore;
import java.security.cert.CertStoreException;
import java.security.cert.Certificate;
import java.security.cert.CertificateFactory;
import java.security.cert.PKIXCertPathChecker;
import java.security.cert.PKIXParameters;
import java.security.cert.TrustAnchor;
import java.security.cert.X509CRL;
import java.security.cert.X509CRLSelector;
import java.security.cert.X509Certificate;
import java.text.SimpleDateFormat;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Collections;
import java.util.Date;
import java.util.Enumeration;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Set;
import java.util.TimeZone;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.security.auth.x500.X500Principal;
import me.c0;
import me.d0;
import me.k;
import me.v;
import me.w;
import me.y;
import org.bouncycastle.jcajce.util.i;
import org.bouncycastle.util.l;
import org.bouncycastle.util.r;
import org.bouncycastle.util.t;
import uc.a0;
import uc.e0;
import uc.m0;
import vg.e;
import vg.k;

/* loaded from: classes7.dex */
public class h extends PKIXCertPathChecker {

    /* renamed from: w, reason: collision with root package name */
    public static final int f41806w = 0;

    /* renamed from: x, reason: collision with root package name */
    public static final int f41807x = 1;

    /* renamed from: y, reason: collision with root package name */
    public static Logger f41808y = Logger.getLogger(h.class.getName());

    /* renamed from: z, reason: collision with root package name */
    public static final String[] f41809z = {"unspecified", "keyCompromise", "cACompromise", "affiliationChanged", "superseded", "cessationOfOperation", "certificateHold", "unknown", "removeFromCRL", "privilegeWithdrawn", "aACompromise"};

    /* renamed from: c, reason: collision with root package name */
    public final Map<X500Principal, Long> f41810c;

    /* renamed from: d, reason: collision with root package name */
    public final Set<TrustAnchor> f41811d;

    /* renamed from: e, reason: collision with root package name */
    public final boolean f41812e;

    /* renamed from: f, reason: collision with root package name */
    public final int f41813f;

    /* renamed from: g, reason: collision with root package name */
    public final List<t<CRL>> f41814g;

    /* renamed from: i, reason: collision with root package name */
    public final List<CertStore> f41815i;

    /* renamed from: j, reason: collision with root package name */
    public final org.bouncycastle.jcajce.util.d f41816j;

    /* renamed from: k, reason: collision with root package name */
    public final boolean f41817k;

    /* renamed from: n, reason: collision with root package name */
    public final long f41818n;

    /* renamed from: o, reason: collision with root package name */
    public final long f41819o;

    /* renamed from: p, reason: collision with root package name */
    public final Date f41820p;

    /* renamed from: q, reason: collision with root package name */
    public Date f41821q;

    /* renamed from: r, reason: collision with root package name */
    public X500Principal f41822r;

    /* renamed from: t, reason: collision with root package name */
    public PublicKey f41823t;

    /* renamed from: v, reason: collision with root package name */
    public X509Certificate f41824v;

    /* loaded from: classes7.dex */
    public class a extends X509CRLSelector {

        /* renamed from: c, reason: collision with root package name */
        public final /* synthetic */ List f41825c;

        public a(List list) {
            this.f41825c = list;
        }

        @Override // java.security.cert.X509CRLSelector, java.security.cert.CRLSelector
        public boolean match(CRL crl) {
            if (!(crl instanceof X509CRL)) {
                return false;
            }
            this.f41825c.add(((X509CRL) crl).getIssuerX500Principal());
            return false;
        }
    }

    /* loaded from: classes7.dex */
    public class b implements r<CRL> {

        /* renamed from: c, reason: collision with root package name */
        public final /* synthetic */ List f41827c;

        public b(List list) {
            this.f41827c = list;
        }

        @Override // org.bouncycastle.util.r
        public Object clone() {
            return this;
        }

        @Override // org.bouncycastle.util.r
        public /* bridge */ /* synthetic */ boolean e2(CRL crl) {
            match(crl);
            return false;
        }

        public boolean match(CRL crl) {
            if (!(crl instanceof X509CRL)) {
                return false;
            }
            this.f41827c.add(((X509CRL) crl).getIssuerX500Principal());
            return false;
        }
    }

    /* loaded from: classes7.dex */
    public static class c {

        /* renamed from: a, reason: collision with root package name */
        public Set<TrustAnchor> f41829a;

        /* renamed from: b, reason: collision with root package name */
        public List<CertStore> f41830b;

        /* renamed from: c, reason: collision with root package name */
        public List<t<CRL>> f41831c;

        /* renamed from: d, reason: collision with root package name */
        public boolean f41832d;

        /* renamed from: e, reason: collision with root package name */
        public int f41833e;

        /* renamed from: f, reason: collision with root package name */
        public Provider f41834f;

        /* renamed from: g, reason: collision with root package name */
        public String f41835g;

        /* renamed from: h, reason: collision with root package name */
        public boolean f41836h;

        /* renamed from: i, reason: collision with root package name */
        public long f41837i;

        /* renamed from: j, reason: collision with root package name */
        public long f41838j;

        /* renamed from: k, reason: collision with root package name */
        public Date f41839k;

        public c(KeyStore keyStore) throws KeyStoreException {
            this.f41830b = new ArrayList();
            this.f41831c = new ArrayList();
            this.f41833e = 0;
            this.f41839k = new Date();
            this.f41829a = new HashSet();
            Enumeration<String> aliases = keyStore.aliases();
            while (aliases.hasMoreElements()) {
                String nextElement = aliases.nextElement();
                if (keyStore.isCertificateEntry(nextElement)) {
                    this.f41829a.add(new TrustAnchor((X509Certificate) keyStore.getCertificate(nextElement), null));
                }
            }
        }

        public c(TrustAnchor trustAnchor) {
            this.f41830b = new ArrayList();
            this.f41831c = new ArrayList();
            this.f41833e = 0;
            this.f41839k = new Date();
            this.f41829a = Collections.singleton(trustAnchor);
        }

        public c(Set<TrustAnchor> set) {
            this.f41830b = new ArrayList();
            this.f41831c = new ArrayList();
            this.f41833e = 0;
            this.f41839k = new Date();
            this.f41829a = new HashSet(set);
        }

        public c l(CertStore certStore) {
            this.f41830b.add(certStore);
            return this;
        }

        public c m(t<CRL> tVar) {
            this.f41831c.add(tVar);
            return this;
        }

        public h n() {
            return new h(this, null);
        }

        public c o(boolean z10) {
            this.f41832d = z10;
            return this;
        }

        public c p(Date date) {
            this.f41839k = new Date(date.getTime());
            return this;
        }

        public c q(boolean z10, long j10) {
            this.f41836h = z10;
            this.f41837i = j10;
            this.f41838j = -1L;
            return this;
        }

        public c r(boolean z10, long j10) {
            this.f41836h = z10;
            this.f41837i = (3 * j10) / 4;
            this.f41838j = j10;
            return this;
        }

        public c s(int i10) {
            this.f41833e = i10;
            return this;
        }

        public c t(String str) {
            this.f41835g = str;
            return this;
        }

        public c u(Provider provider) {
            this.f41834f = provider;
            return this;
        }
    }

    /* loaded from: classes7.dex */
    public static class d implements vg.d<CRL>, l<CRL> {

        /* renamed from: c, reason: collision with root package name */
        public Collection<CRL> f41840c;

        public d(t<CRL> tVar) {
            this.f41840c = new ArrayList(tVar.a(null));
        }

        @Override // vg.d, org.bouncycastle.util.t
        public Collection<CRL> a(r<CRL> rVar) {
            if (rVar == null) {
                return new ArrayList(this.f41840c);
            }
            ArrayList arrayList = new ArrayList();
            for (CRL crl : this.f41840c) {
                if (rVar.e2(crl)) {
                    arrayList.add(crl);
                }
            }
            return arrayList;
        }

        @Override // org.bouncycastle.util.l, java.lang.Iterable
        public Iterator<CRL> iterator() {
            return ((ArrayList) a(null)).iterator();
        }
    }

    private h(c cVar) {
        org.bouncycastle.jcajce.util.d cVar2;
        this.f41810c = new HashMap();
        this.f41814g = new ArrayList(cVar.f41831c);
        this.f41815i = new ArrayList(cVar.f41830b);
        this.f41812e = cVar.f41832d;
        this.f41813f = cVar.f41833e;
        this.f41811d = cVar.f41829a;
        this.f41817k = cVar.f41836h;
        this.f41818n = cVar.f41837i;
        this.f41819o = cVar.f41838j;
        this.f41820p = cVar.f41839k;
        Provider provider = cVar.f41834f;
        if (provider != null) {
            cVar2 = new i(provider);
        } else {
            String str = cVar.f41835g;
            if (str != null) {
                this.f41816j = new org.bouncycastle.jcajce.util.g(str);
                return;
            }
            cVar2 = new org.bouncycastle.jcajce.util.c();
        }
        this.f41816j = cVar2;
    }

    public /* synthetic */ h(c cVar, a aVar) {
        this(cVar);
    }

    public static List<vg.d> f(k kVar, Map<c0, vg.d> map) throws AnnotatedException {
        if (kVar == null) {
            return Collections.emptyList();
        }
        try {
            v[] u10 = kVar.u();
            ArrayList arrayList = new ArrayList();
            for (v vVar : u10) {
                w v10 = vVar.v();
                if (v10 != null && v10.y() == 0) {
                    for (c0 c0Var : d0.v(v10.x()).y()) {
                        vg.d dVar = map.get(c0Var);
                        if (dVar != null) {
                            arrayList.add(dVar);
                        }
                    }
                }
            }
            return arrayList;
        } catch (Exception e10) {
            throw new AnnotatedException("could not read distribution points could not be read", e10);
        }
    }

    public final void a(List<X500Principal> list, CertStore certStore) throws CertStoreException {
        certStore.getCRLs(new a(list));
    }

    public final void b(List<X500Principal> list, t<CRL> tVar) {
        tVar.a(new b(list));
    }

    public void c(vg.k kVar, Date date, Date date2, X509Certificate x509Certificate, X509Certificate x509Certificate2, PublicKey publicKey, List list, org.bouncycastle.jcajce.util.d dVar) throws AnnotatedException, CertPathValidatorException {
        AnnotatedException e10;
        boolean z10;
        int i10;
        int i11;
        v[] vVarArr;
        try {
            k v10 = k.v(g.h(x509Certificate, y.f37310z));
            org.bouncycastle.pkix.jcajce.a aVar = new org.bouncycastle.pkix.jcajce.a();
            f fVar = new f();
            if (v10 != null) {
                try {
                    v[] u10 = v10.u();
                    k.b bVar = new k.b(kVar);
                    try {
                        Iterator<vg.d> it2 = f(v10, kVar.s()).iterator();
                        while (it2.hasNext()) {
                            bVar.m(it2.next());
                        }
                        vg.k q10 = bVar.q();
                        Date z11 = q10.z();
                        Date date3 = z11 == null ? date : z11;
                        e10 = null;
                        int i12 = 0;
                        z10 = false;
                        for (int i13 = 11; i12 < u10.length && aVar.f41789a == i13 && !fVar.e(); i13 = 11) {
                            try {
                                i11 = i12;
                                vVarArr = u10;
                                try {
                                    e.a(u10[i12], q10, date, date3, x509Certificate, x509Certificate2, publicKey, aVar, fVar, list, dVar);
                                    z10 = true;
                                } catch (AnnotatedException e11) {
                                    e10 = e11;
                                }
                            } catch (AnnotatedException e12) {
                                e10 = e12;
                                i11 = i12;
                                vVarArr = u10;
                            }
                            i12 = i11 + 1;
                            u10 = vVarArr;
                        }
                        i10 = 11;
                    } catch (AnnotatedException e13) {
                        throw new AnnotatedException("no additional CRL locations could be decoded from CRL distribution point extension", e13);
                    }
                } catch (Exception e14) {
                    throw new AnnotatedException("cannot read distribution points", e14);
                }
            } else {
                i10 = 11;
                e10 = null;
                z10 = false;
            }
            if (aVar.f41789a == i10 && !fVar.e()) {
                try {
                    e.a(new v(new w(0, new d0(new c0(4, ke.d.v(x509Certificate.getIssuerX500Principal().getEncoded())))), null, null), (vg.k) kVar.clone(), date, date2, x509Certificate, x509Certificate2, publicKey, aVar, fVar, list, dVar);
                    z10 = true;
                } catch (AnnotatedException e15) {
                    e10 = e15;
                }
            }
            if (!z10) {
                if (!(e10 instanceof AnnotatedException)) {
                    throw new CRLNotFoundException("no valid CRL found");
                }
                throw new CRLNotFoundException("no valid CRL found", e10);
            }
            if (aVar.f41789a == i10) {
                if (!fVar.e() && aVar.f41789a == i10) {
                    aVar.f41789a = 12;
                }
                if (aVar.f41789a == 12) {
                    throw new AnnotatedException("certificate status could not be determined");
                }
                return;
            }
            SimpleDateFormat simpleDateFormat = new SimpleDateFormat("yyyy-MM-dd HH:mm:ss Z");
            simpleDateFormat.setTimeZone(TimeZone.getTimeZone(io.sentry.vendor.gson.internal.bind.util.a.f30288a));
            StringBuilder a10 = androidx.browser.browseractions.a.a("certificate [issuer=\"" + x509Certificate.getIssuerX500Principal() + "\",serialNumber=" + x509Certificate.getSerialNumber() + ",subject=\"" + x509Certificate.getSubjectX500Principal() + "\"] revoked after " + simpleDateFormat.format(aVar.f41790b), ", reason: ");
            a10.append(f41809z[aVar.f41789a]);
            throw new AnnotatedException(a10.toString());
        } catch (Exception e16) {
            throw new AnnotatedException("cannot read CRL distribution point extension", e16);
        }
    }

    @Override // java.security.cert.PKIXCertPathChecker
    public void check(Certificate certificate, Collection<String> collection) throws CertPathValidatorException {
        Level level;
        StringBuilder sb2;
        X509Certificate x509Certificate = (X509Certificate) certificate;
        if (this.f41812e && x509Certificate.getBasicConstraints() != -1) {
            this.f41822r = x509Certificate.getSubjectX500Principal();
            this.f41823t = x509Certificate.getPublicKey();
            this.f41824v = x509Certificate;
            return;
        }
        if (this.f41822r == null) {
            this.f41822r = x509Certificate.getIssuerX500Principal();
            TrustAnchor trustAnchor = null;
            for (TrustAnchor trustAnchor2 : this.f41811d) {
                if (this.f41822r.equals(trustAnchor2.getCA()) || this.f41822r.equals(trustAnchor2.getTrustedCert().getSubjectX500Principal())) {
                    trustAnchor = trustAnchor2;
                }
            }
            if (trustAnchor == null) {
                throw new CertPathValidatorException("no trust anchor found for " + this.f41822r);
            }
            X509Certificate trustedCert = trustAnchor.getTrustedCert();
            this.f41824v = trustedCert;
            this.f41823t = trustedCert.getPublicKey();
        }
        ArrayList arrayList = new ArrayList();
        try {
            PKIXParameters pKIXParameters = new PKIXParameters(this.f41811d);
            pKIXParameters.setRevocationEnabled(false);
            pKIXParameters.setDate(this.f41820p);
            for (int i10 = 0; i10 != this.f41815i.size(); i10++) {
                if (f41808y.isLoggable(Level.INFO)) {
                    a(arrayList, this.f41815i.get(i10));
                }
                pKIXParameters.addCertStore(this.f41815i.get(i10));
            }
            k.b bVar = new k.b(pKIXParameters);
            bVar.f47658j = this.f41813f;
            for (int i11 = 0; i11 != this.f41814g.size(); i11++) {
                if (f41808y.isLoggable(Level.INFO)) {
                    b(arrayList, this.f41814g.get(i11));
                }
                bVar.m(new d(this.f41814g.get(i11)));
            }
            if (arrayList.isEmpty()) {
                f41808y.log(Level.INFO, "configured with 0 pre-loaded CRLs");
            } else if (f41808y.isLoggable(Level.FINE)) {
                for (int i12 = 0; i12 != arrayList.size(); i12++) {
                    f41808y.log(Level.FINE, "configuring with CRL for issuer \"" + arrayList.get(i12) + f5.c.f24084q0);
                }
            } else {
                f41808y.log(Level.INFO, "configured with " + arrayList.size() + " pre-loaded CRLs");
            }
            vg.k q10 = bVar.q();
            Date m10 = g.m(q10, this.f41820p);
            try {
                c(q10, this.f41821q, m10, x509Certificate, this.f41824v, this.f41823t, new ArrayList(), this.f41816j);
            } catch (AnnotatedException e10) {
                throw new CertPathValidatorException(e10.getMessage(), e10.getCause());
            } catch (CRLNotFoundException e11) {
                a0 a0Var = y.f37310z;
                if (x509Certificate.getExtensionValue(a0Var.I()) == null) {
                    throw e11;
                }
                try {
                    HashSet hashSet = (HashSet) d(x509Certificate.getIssuerX500Principal(), m10, g.h(x509Certificate, a0Var), this.f41816j);
                    if (!hashSet.isEmpty()) {
                        try {
                            bVar.m(new d(new org.bouncycastle.util.e(hashSet)));
                            vg.k q11 = bVar.q();
                            Date date = this.f41820p;
                            Date z10 = q11.z();
                            c(q11, this.f41821q, z10 == null ? date : z10, x509Certificate, this.f41824v, this.f41823t, new ArrayList(), this.f41816j);
                        } catch (AnnotatedException e12) {
                            throw new CertPathValidatorException(e12.getMessage(), e12.getCause());
                        }
                    } else {
                        if (!this.f41817k) {
                            throw e11;
                        }
                        X500Principal issuerX500Principal = x509Certificate.getIssuerX500Principal();
                        Long l10 = this.f41810c.get(issuerX500Principal);
                        if (l10 != null) {
                            long currentTimeMillis = System.currentTimeMillis() - l10.longValue();
                            long j10 = this.f41819o;
                            if (j10 != -1 && j10 < currentTimeMillis) {
                                throw e11;
                            }
                            long j11 = this.f41818n;
                            Logger logger = f41808y;
                            if (currentTimeMillis < j11) {
                                level = Level.WARNING;
                                sb2 = new StringBuilder("soft failing for issuer: \"");
                            } else {
                                level = Level.SEVERE;
                                sb2 = new StringBuilder("soft failing for issuer: \"");
                            }
                            sb2.append(issuerX500Principal);
                            sb2.append(f5.c.f24084q0);
                            logger.log(level, sb2.toString());
                        } else {
                            this.f41810c.put(issuerX500Principal, Long.valueOf(System.currentTimeMillis()));
                        }
                    }
                } catch (AnnotatedException e13) {
                    throw new CertPathValidatorException(e13.getMessage(), e13.getCause());
                }
            }
            this.f41824v = x509Certificate;
            this.f41823t = x509Certificate.getPublicKey();
            this.f41822r = x509Certificate.getSubjectX500Principal();
        } catch (GeneralSecurityException e14) {
            throw new RuntimeException(com.nimbusds.jose.crypto.e.a(e14, new StringBuilder("error setting up baseParams: ")));
        }
    }

    @Override // java.security.cert.PKIXCertPathChecker
    public Object clone() {
        return this;
    }

    public final Set<CRL> d(X500Principal x500Principal, Date date, e0 e0Var, org.bouncycastle.jcajce.util.d dVar) {
        URI uri;
        v[] u10 = me.k.v(e0Var).u();
        try {
            CertificateFactory k10 = dVar.k("X.509");
            X509CRLSelector x509CRLSelector = new X509CRLSelector();
            x509CRLSelector.addIssuer(x500Principal);
            vg.e<? extends CRL> g10 = new e.b(x509CRLSelector).g();
            HashSet hashSet = new HashSet();
            for (int i10 = 0; i10 != u10.length; i10++) {
                w v10 = u10[i10].v();
                if (v10 != null && v10.y() == 0) {
                    c0[] y10 = d0.v(v10.x()).y();
                    for (int i11 = 0; i11 != y10.length; i11++) {
                        c0 c0Var = y10[i11];
                        if (c0Var.i() == 6) {
                            try {
                                uri = new URI(((m0) c0Var.x()).getString());
                                try {
                                } catch (Exception e10) {
                                    e = e10;
                                }
                            } catch (Exception e11) {
                                e = e11;
                                uri = null;
                            }
                            try {
                                hashSet.addAll(org.bouncycastle.pkix.jcajce.d.a(g10, date, Collections.EMPTY_LIST, Collections.singletonList(org.bouncycastle.pkix.jcajce.b.a(k10, this.f41820p, uri))));
                            } catch (Exception e12) {
                                e = e12;
                                Logger logger = f41808y;
                                Level level = Level.FINE;
                                if (logger.isLoggable(level)) {
                                    f41808y.log(level, "CrlDP " + uri + " ignored: " + e.getMessage(), (Throwable) e);
                                } else {
                                    f41808y.log(Level.INFO, "CrlDP " + uri + " ignored: " + e.getMessage());
                                }
                            }
                        }
                    }
                }
            }
            return hashSet;
        } catch (Exception e13) {
            Logger logger2 = f41808y;
            Level level2 = Level.FINE;
            if (logger2.isLoggable(level2)) {
                f41808y.log(level2, "could not create certFact: " + e13.getMessage(), (Throwable) e13);
                return null;
            }
            f41808y.log(Level.INFO, "could not create certFact: " + e13.getMessage());
            return null;
        }
    }

    @Override // java.security.cert.PKIXCertPathChecker
    public Set<String> getSupportedExtensions() {
        return null;
    }

    @Override // java.security.cert.PKIXCertPathChecker, java.security.cert.CertPathChecker
    public void init(boolean z10) throws CertPathValidatorException {
        if (z10) {
            throw new IllegalArgumentException("forward processing not supported");
        }
        this.f41821q = new Date();
        this.f41822r = null;
    }

    @Override // java.security.cert.PKIXCertPathChecker, java.security.cert.CertPathChecker
    public boolean isForwardCheckingSupported() {
        return false;
    }
}
