package org.bouncycastle.jcajce.provider.asymmetric.x509;

import com.jcraft.jsch.C6198;
import java.io.BufferedOutputStream;
import java.io.IOException;
import java.math.BigInteger;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.Principal;
import java.security.Provider;
import java.security.PublicKey;
import java.security.Signature;
import java.security.SignatureException;
import java.security.cert.CRLException;
import java.security.cert.Certificate;
import java.security.cert.CertificateEncodingException;
import java.security.cert.X509CRL;
import java.security.cert.X509CRLEntry;
import java.security.cert.X509Certificate;
import java.util.Collections;
import java.util.Date;
import java.util.Enumeration;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Set;
import javax.security.auth.x500.X500Principal;
import p1494.C48804;
import p164.InterfaceC13307;
import p1715.C52492;
import p1787.C53883;
import p1787.C53912;
import p1913.C56065;
import p1913.C56076;
import p1913.C56077;
import p1913.C56080;
import p1913.C56081;
import p1913.C56092;
import p1913.C56093;
import p1913.C56097;
import p1913.C56103;
import p1913.C56126;
import p1913.C56136;
import p2031.C59701;
import p2135.C61996;
import p2152.C62375;
import p405.C20147;
import p545.AbstractC25642;
import p545.AbstractC25679;
import p545.AbstractC25684;
import p545.AbstractC25689;
import p545.C25666;
import p545.C25667;
import p545.C25676;
import p545.InterfaceC25648;

/* loaded from: classes3.dex */
abstract class X509CRLImpl extends X509CRL {
    protected InterfaceC13307 bcHelper;
    protected C56081 c;
    protected boolean isIndirect;
    protected String sigAlgName;
    protected byte[] sigAlgParams;

    public X509CRLImpl(InterfaceC13307 interfaceC13307, C56081 c56081, String str, byte[] bArr, boolean z) {
        this.bcHelper = interfaceC13307;
        this.c = c56081;
        this.sigAlgName = str;
        this.sigAlgParams = bArr;
        this.isIndirect = z;
    }

    private void checkSignature(PublicKey publicKey, Signature signature, InterfaceC25648 interfaceC25648, byte[] bArr) throws NoSuchAlgorithmException, SignatureException, InvalidKeyException, CRLException {
        if (interfaceC25648 != null) {
            X509SignatureUtil.setSignatureParameters(signature, interfaceC25648);
        }
        signature.initVerify(publicKey);
        try {
            BufferedOutputStream bufferedOutputStream = new BufferedOutputStream(new C61996(signature), 512);
            this.c.m206844().mo113041(bufferedOutputStream, "DER");
            bufferedOutputStream.close();
            if (!signature.verify(bArr)) {
                throw new SignatureException("CRL does not verify with supplied public key.");
            }
        } catch (IOException e) {
            throw new CRLException(e.toString());
        }
    }

    private void doVerify(PublicKey publicKey, SignatureCreator signatureCreator) throws CRLException, NoSuchAlgorithmException, InvalidKeyException, SignatureException, NoSuchProviderException {
        if (!this.c.m206843().equals(this.c.m206844().m207107())) {
            throw new CRLException("Signature algorithm on CertificateList does not match TBSCertList.");
        }
        int i = 0;
        if ((publicKey instanceof C62375) && X509SignatureUtil.isCompositeAlgorithm(this.c.m206843())) {
            List<PublicKey> m224371 = ((C62375) publicKey).m224371();
            AbstractC25689 m113111 = AbstractC25689.m113111(this.c.m206843().m206762());
            AbstractC25689 m1131112 = AbstractC25689.m113111(AbstractC25642.m112924(this.c.m206842()).m112933());
            boolean z = false;
            while (i != m224371.size()) {
                if (m224371.get(i) != null) {
                    C56065 m206759 = C56065.m206759(m113111.mo113115(i));
                    try {
                        checkSignature(m224371.get(i), signatureCreator.createSignature(X509SignatureUtil.getSignatureName(m206759)), m206759.m206762(), AbstractC25642.m112924(m1131112.mo113115(i)).m112933());
                        z = true;
                        e = null;
                    } catch (SignatureException e) {
                        e = e;
                    }
                    if (e != null) {
                        throw e;
                    }
                }
                i++;
            }
            if (!z) {
                throw new InvalidKeyException("no matching key found");
            }
            return;
        }
        if (!X509SignatureUtil.isCompositeAlgorithm(this.c.m206843())) {
            Signature createSignature = signatureCreator.createSignature(getSigAlgName());
            byte[] bArr = this.sigAlgParams;
            if (bArr == null) {
                checkSignature(publicKey, createSignature, null, getSignature());
                return;
            }
            try {
                checkSignature(publicKey, createSignature, AbstractC25684.m113092(bArr), getSignature());
                return;
            } catch (IOException e2) {
                throw new SignatureException(C59701.m216829(e2, new StringBuilder("cannot decode signature parameters: ")));
            }
        }
        AbstractC25689 m1131113 = AbstractC25689.m113111(this.c.m206843().m206762());
        AbstractC25689 m1131114 = AbstractC25689.m113111(AbstractC25642.m112924(this.c.m206842()).m112933());
        boolean z2 = false;
        while (i != m1131114.size()) {
            C56065 m2067592 = C56065.m206759(m1131113.mo113115(i));
            try {
                checkSignature(publicKey, signatureCreator.createSignature(X509SignatureUtil.getSignatureName(m2067592)), m2067592.m206762(), AbstractC25642.m112924(m1131114.mo113115(i)).m112933());
                z2 = true;
            } catch (InvalidKeyException | NoSuchAlgorithmException unused) {
            } catch (SignatureException e3) {
                e = e3;
            }
            e = null;
            if (e != null) {
                throw e;
            }
            i++;
        }
        if (!z2) {
            throw new InvalidKeyException("no matching key found");
        }
    }

    private Set getExtensionOIDs(boolean z) {
        C56093 m207102;
        if (getVersion() != 2 || (m207102 = this.c.m206844().m207102()) == null) {
            return null;
        }
        HashSet hashSet = new HashSet();
        Enumeration m206915 = m207102.m206915();
        while (m206915.hasMoreElements()) {
            C25676 c25676 = (C25676) m206915.nextElement();
            if (z == m207102.m206910(c25676).m206903()) {
                hashSet.add(c25676.m113055());
            }
        }
        return hashSet;
    }

    public static byte[] getExtensionOctets(C56081 c56081, String str) {
        AbstractC25679 extensionValue = getExtensionValue(c56081, str);
        if (extensionValue != null) {
            return extensionValue.m113062();
        }
        return null;
    }

    public static AbstractC25679 getExtensionValue(C56081 c56081, String str) {
        C56092 m206910;
        C56093 m207102 = c56081.m206844().m207102();
        if (m207102 == null || (m206910 = m207102.m206910(new C25676(str))) == null) {
            return null;
        }
        return m206910.m206901();
    }

    private Set loadCRLEntries() {
        C56092 m206910;
        HashSet hashSet = new HashSet();
        Enumeration m206840 = this.c.m206840();
        C52492 c52492 = null;
        while (m206840.hasMoreElements()) {
            C56126.C56128 c56128 = (C56126.C56128) m206840.nextElement();
            hashSet.add(new X509CRLEntryObject(c56128, this.isIndirect, c52492));
            if (this.isIndirect && c56128.m207115() && (m206910 = c56128.m207112().m206910(C56092.f171618)) != null) {
                c52492 = C52492.m195781(C56097.m206943(m206910.m206902()).m206945()[0].m206935());
            }
        }
        return hashSet;
    }

    @Override // java.security.cert.X509Extension
    public Set getCriticalExtensionOIDs() {
        return getExtensionOIDs(true);
    }

    @Override // java.security.cert.X509Extension
    public byte[] getExtensionValue(String str) {
        AbstractC25679 extensionValue = getExtensionValue(this.c, str);
        if (extensionValue == null) {
            return null;
        }
        try {
            return extensionValue.getEncoded();
        } catch (Exception e) {
            throw new IllegalStateException(C6198.m33455(e, new StringBuilder("error parsing ")));
        }
    }

    @Override // java.security.cert.X509CRL
    public Principal getIssuerDN() {
        return new C48804(C52492.m195781(this.c.m206838().mo41807()));
    }

    @Override // java.security.cert.X509CRL
    public X500Principal getIssuerX500Principal() {
        try {
            return new X500Principal(this.c.m206838().getEncoded());
        } catch (IOException unused) {
            throw new IllegalStateException("can't encode issuer DN");
        }
    }

    @Override // java.security.cert.X509CRL
    public Date getNextUpdate() {
        C56136 m206839 = this.c.m206839();
        if (m206839 == null) {
            return null;
        }
        return m206839.m207153();
    }

    @Override // java.security.cert.X509Extension
    public Set getNonCriticalExtensionOIDs() {
        return getExtensionOIDs(false);
    }

    @Override // java.security.cert.X509CRL
    public X509CRLEntry getRevokedCertificate(BigInteger bigInteger) {
        C56092 m206910;
        Enumeration m206840 = this.c.m206840();
        C52492 c52492 = null;
        while (m206840.hasMoreElements()) {
            C56126.C56128 c56128 = (C56126.C56128) m206840.nextElement();
            if (c56128.m207114().m113026(bigInteger)) {
                return new X509CRLEntryObject(c56128, this.isIndirect, c52492);
            }
            if (this.isIndirect && c56128.m207115() && (m206910 = c56128.m207112().m206910(C56092.f171618)) != null) {
                c52492 = C52492.m195781(C56097.m206943(m206910.m206902()).m206945()[0].m206935());
            }
        }
        return null;
    }

    @Override // java.security.cert.X509CRL
    public Set getRevokedCertificates() {
        Set loadCRLEntries = loadCRLEntries();
        if (loadCRLEntries.isEmpty()) {
            return null;
        }
        return Collections.unmodifiableSet(loadCRLEntries);
    }

    @Override // java.security.cert.X509CRL
    public String getSigAlgName() {
        return this.sigAlgName;
    }

    @Override // java.security.cert.X509CRL
    public String getSigAlgOID() {
        return this.c.m206843().m206761().m113055();
    }

    @Override // java.security.cert.X509CRL
    public byte[] getSigAlgParams() {
        return C53883.m199560(this.sigAlgParams);
    }

    @Override // java.security.cert.X509CRL
    public byte[] getSignature() {
        return this.c.m206842().m112934();
    }

    @Override // java.security.cert.X509CRL
    public byte[] getTBSCertList() throws CRLException {
        try {
            return this.c.m206844().m113042("DER");
        } catch (IOException e) {
            throw new CRLException(e.toString());
        }
    }

    @Override // java.security.cert.X509CRL
    public Date getThisUpdate() {
        return this.c.m206845().m207153();
    }

    @Override // java.security.cert.X509CRL
    public int getVersion() {
        return this.c.m206846();
    }

    @Override // java.security.cert.X509Extension
    public boolean hasUnsupportedCriticalExtension() {
        Set criticalExtensionOIDs = getCriticalExtensionOIDs();
        if (criticalExtensionOIDs == null) {
            return false;
        }
        criticalExtensionOIDs.remove(C56092.f171601.m113055());
        criticalExtensionOIDs.remove(C56092.f171591.m113055());
        return !criticalExtensionOIDs.isEmpty();
    }

    @Override // java.security.cert.CRL
    public boolean isRevoked(Certificate certificate) {
        C52492 m206826;
        C56092 m206910;
        if (!certificate.getType().equals("X.509")) {
            throw new IllegalArgumentException("X.509 CRL used with non X.509 Cert");
        }
        Enumeration m206840 = this.c.m206840();
        C52492 m206838 = this.c.m206838();
        if (m206840.hasMoreElements()) {
            X509Certificate x509Certificate = (X509Certificate) certificate;
            BigInteger serialNumber = x509Certificate.getSerialNumber();
            while (true) {
                if (!m206840.hasMoreElements()) {
                    break;
                }
                C56126.C56128 m207111 = C56126.C56128.m207111(m206840.nextElement());
                if (this.isIndirect && m207111.m207115() && (m206910 = m207111.m207112().m206910(C56092.f171618)) != null) {
                    m206838 = C52492.m195781(C56097.m206943(m206910.m206902()).m206945()[0].m206935());
                }
                if (m207111.m207114().m113026(serialNumber)) {
                    if (certificate instanceof X509Certificate) {
                        m206826 = C52492.m195781(x509Certificate.getIssuerX500Principal().getEncoded());
                    } else {
                        try {
                            m206826 = C56080.m206823(certificate.getEncoded()).m206826();
                        } catch (CertificateEncodingException e) {
                            throw new IllegalArgumentException("Cannot process certificate: " + e.getMessage());
                        }
                    }
                    if (!m206838.equals(m206826)) {
                        break;
                    }
                    return true;
                }
            }
        }
        return false;
    }

    @Override // java.security.cert.CRL
    public String toString() {
        Object c56077;
        StringBuffer stringBuffer = new StringBuffer();
        String m199772 = C53912.m199772();
        stringBuffer.append("              Version: ");
        stringBuffer.append(getVersion());
        stringBuffer.append(m199772);
        stringBuffer.append("             IssuerDN: ");
        stringBuffer.append(getIssuerDN());
        stringBuffer.append(m199772);
        stringBuffer.append("          This update: ");
        stringBuffer.append(getThisUpdate());
        stringBuffer.append(m199772);
        stringBuffer.append("          Next update: ");
        stringBuffer.append(getNextUpdate());
        stringBuffer.append(m199772);
        stringBuffer.append("  Signature Algorithm: ");
        stringBuffer.append(getSigAlgName());
        stringBuffer.append(m199772);
        X509SignatureUtil.prettyPrintSignature(getSignature(), stringBuffer, m199772);
        C56093 m207102 = this.c.m206844().m207102();
        if (m207102 != null) {
            Enumeration m206915 = m207102.m206915();
            if (m206915.hasMoreElements()) {
                stringBuffer.append("           Extensions: ");
                stringBuffer.append(m199772);
            }
            while (m206915.hasMoreElements()) {
                C25676 c25676 = (C25676) m206915.nextElement();
                C56092 m206910 = m207102.m206910(c25676);
                if (m206910.m206901() != null) {
                    C25666 c25666 = new C25666(m206910.m206901().m113062());
                    stringBuffer.append("                       critical(");
                    stringBuffer.append(m206910.m206903());
                    stringBuffer.append(") ");
                    try {
                    } catch (Exception unused) {
                        stringBuffer.append(c25676.m113055());
                        stringBuffer.append(" value = ");
                        stringBuffer.append("*****");
                    }
                    if (c25676.m113094(C56092.f171590)) {
                        c56077 = new C56077(C25667.m113016(c25666.m113011()).m113022());
                    } else if (c25676.m113094(C56092.f171591)) {
                        stringBuffer.append("Base CRL: " + new C56077(C25667.m113016(c25666.m113011()).m113022()));
                        stringBuffer.append(m199772);
                    } else if (c25676.m113094(C56092.f171601)) {
                        c56077 = C56103.m206969(c25666.m113011());
                    } else if (c25676.m113094(C56092.f171611)) {
                        c56077 = C56076.m206813(c25666.m113011());
                    } else if (c25676.m113094(C56092.f171605)) {
                        c56077 = C56076.m206813(c25666.m113011());
                    } else {
                        stringBuffer.append(c25676.m113055());
                        stringBuffer.append(" value = ");
                        stringBuffer.append(C20147.m91592(c25666.m113011(), false));
                        stringBuffer.append(m199772);
                    }
                    stringBuffer.append(c56077);
                    stringBuffer.append(m199772);
                }
                stringBuffer.append(m199772);
            }
        }
        Set revokedCertificates = getRevokedCertificates();
        if (revokedCertificates != null) {
            Iterator it2 = revokedCertificates.iterator();
            while (it2.hasNext()) {
                stringBuffer.append(it2.next());
                stringBuffer.append(m199772);
            }
        }
        return stringBuffer.toString();
    }

    @Override // java.security.cert.X509CRL
    public void verify(PublicKey publicKey) throws CRLException, NoSuchAlgorithmException, InvalidKeyException, NoSuchProviderException, SignatureException {
        doVerify(publicKey, new SignatureCreator() { // from class: org.bouncycastle.jcajce.provider.asymmetric.x509.X509CRLImpl.1
            @Override // org.bouncycastle.jcajce.provider.asymmetric.x509.SignatureCreator
            public Signature createSignature(String str) throws NoSuchAlgorithmException, NoSuchProviderException {
                try {
                    return X509CRLImpl.this.bcHelper.createSignature(str);
                } catch (Exception unused) {
                    return Signature.getInstance(str);
                }
            }
        });
    }

    @Override // java.security.cert.X509CRL
    public void verify(PublicKey publicKey, final String str) throws CRLException, NoSuchAlgorithmException, InvalidKeyException, NoSuchProviderException, SignatureException {
        doVerify(publicKey, new SignatureCreator() { // from class: org.bouncycastle.jcajce.provider.asymmetric.x509.X509CRLImpl.2
            @Override // org.bouncycastle.jcajce.provider.asymmetric.x509.SignatureCreator
            public Signature createSignature(String str2) throws NoSuchAlgorithmException, NoSuchProviderException {
                String str3 = str;
                return str3 != null ? Signature.getInstance(str2, str3) : Signature.getInstance(str2);
            }
        });
    }

    @Override // java.security.cert.X509CRL
    public void verify(PublicKey publicKey, final Provider provider) throws CRLException, NoSuchAlgorithmException, InvalidKeyException, SignatureException {
        try {
            doVerify(publicKey, new SignatureCreator() { // from class: org.bouncycastle.jcajce.provider.asymmetric.x509.X509CRLImpl.3
                @Override // org.bouncycastle.jcajce.provider.asymmetric.x509.SignatureCreator
                public Signature createSignature(String str) throws NoSuchAlgorithmException, NoSuchProviderException {
                    return provider != null ? Signature.getInstance(X509CRLImpl.this.getSigAlgName(), provider) : Signature.getInstance(X509CRLImpl.this.getSigAlgName());
                }
            });
        } catch (NoSuchProviderException e) {
            throw new NoSuchAlgorithmException("provider issue: " + e.getMessage());
        }
    }
}
