package org.bouncycastle.jcajce.provider.asymmetric.x509;

import ar.d;
import java.io.BufferedOutputStream;
import java.io.IOException;
import java.math.BigInteger;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.Principal;
import java.security.Provider;
import java.security.PublicKey;
import java.security.Signature;
import java.security.SignatureException;
import java.security.cert.CRLException;
import java.security.cert.Certificate;
import java.security.cert.CertificateEncodingException;
import java.security.cert.X509CRL;
import java.security.cert.X509CRLEntry;
import java.security.cert.X509Certificate;
import java.util.Collections;
import java.util.Date;
import java.util.Enumeration;
import java.util.HashSet;
import java.util.List;
import java.util.Set;
import javax.security.auth.x500.X500Principal;
import ko.ASN1ObjectIdentifier;
import ko.c0;
import ko.f1;
import ko.g;
import ko.q;
import ko.z;
import qp.b;
import qp.n;
import qp.o;
import qp.p0;
import qp.u;
import qp.v;
import qp.v0;
import qp.y;
import qs.a;
import wq.e;
import yq.c;

/* loaded from: classes3.dex */
abstract class X509CRLImpl extends X509CRL {
    protected d bcHelper;

    /* renamed from: c, reason: collision with root package name */
    protected o f39392c;
    protected boolean isIndirect;
    protected String sigAlgName;
    protected byte[] sigAlgParams;

    public X509CRLImpl(d dVar, o oVar, String str, byte[] bArr, boolean z10) {
        this.bcHelper = dVar;
        this.f39392c = oVar;
        this.sigAlgName = str;
        this.sigAlgParams = bArr;
        this.isIndirect = z10;
    }

    private void checkSignature(PublicKey publicKey, Signature signature, g gVar, byte[] bArr) throws NoSuchAlgorithmException, SignatureException, InvalidKeyException, CRLException {
        if (gVar != null) {
            X509SignatureUtil.setSignatureParameters(signature, gVar);
        }
        signature.initVerify(publicKey);
        try {
            BufferedOutputStream bufferedOutputStream = new BufferedOutputStream(new c(signature), 512);
            this.f39392c.f43105c.g().z(bufferedOutputStream, "DER");
            bufferedOutputStream.close();
            if (!signature.verify(bArr)) {
                throw new SignatureException("CRL does not verify with supplied public key.");
            }
        } catch (IOException e10) {
            throw new CRLException(e10.toString());
        }
    }

    private void doVerify(PublicKey publicKey, SignatureCreator signatureCreator) throws CRLException, NoSuchAlgorithmException, InvalidKeyException, SignatureException, NoSuchProviderException {
        o oVar = this.f39392c;
        if (!oVar.f43106d.equals(oVar.f43105c.f43115d)) {
            throw new CRLException("Signature algorithm on CertificateList does not match TBSCertList.");
        }
        int i10 = 0;
        if ((publicKey instanceof e) && X509SignatureUtil.isCompositeAlgorithm(this.f39392c.f43106d)) {
            List<PublicKey> list = ((e) publicKey).f50311c;
            c0 S = c0.S(this.f39392c.f43106d.f43033d);
            c0 S2 = c0.S(f1.a0(this.f39392c.f43107e).R());
            boolean z10 = false;
            while (i10 != list.size()) {
                if (list.get(i10) != null) {
                    b v10 = b.v(S.Z(i10));
                    try {
                        checkSignature(list.get(i10), signatureCreator.createSignature(X509SignatureUtil.getSignatureName(v10)), v10.f43033d, f1.a0(S2.Z(i10)).R());
                        e = null;
                        z10 = true;
                    } catch (SignatureException e10) {
                        e = e10;
                    }
                    if (e != null) {
                        throw e;
                    }
                }
                i10++;
            }
            if (!z10) {
                throw new InvalidKeyException("no matching key found");
            }
            return;
        }
        if (!X509SignatureUtil.isCompositeAlgorithm(this.f39392c.f43106d)) {
            Signature createSignature = signatureCreator.createSignature(getSigAlgName());
            byte[] bArr = this.sigAlgParams;
            if (bArr == null) {
                checkSignature(publicKey, createSignature, null, getSignature());
                return;
            }
            try {
                checkSignature(publicKey, createSignature, z.J(bArr), getSignature());
                return;
            } catch (IOException e11) {
                throw new SignatureException("cannot decode signature parameters: " + e11.getMessage());
            }
        }
        c0 S3 = c0.S(this.f39392c.f43106d.f43033d);
        c0 S4 = c0.S(f1.a0(this.f39392c.f43107e).R());
        boolean z11 = false;
        while (i10 != S4.size()) {
            b v11 = b.v(S3.Z(i10));
            try {
                checkSignature(publicKey, signatureCreator.createSignature(X509SignatureUtil.getSignatureName(v11)), v11.f43033d, f1.a0(S4.Z(i10)).R());
                e = null;
                z11 = true;
            } catch (InvalidKeyException | NoSuchAlgorithmException unused) {
                e = null;
            } catch (SignatureException e12) {
                e = e12;
            }
            if (e != null) {
                throw e;
            }
            i10++;
        }
        if (!z11) {
            throw new InvalidKeyException("no matching key found");
        }
    }

    private Set getExtensionOIDs(boolean z10) {
        v vVar;
        if (getVersion() != 2 || (vVar = this.f39392c.f43105c.f43120s) == null) {
            return null;
        }
        HashSet hashSet = new HashSet();
        Enumeration z11 = vVar.z();
        while (z11.hasMoreElements()) {
            ASN1ObjectIdentifier aSN1ObjectIdentifier = (ASN1ObjectIdentifier) z11.nextElement();
            if (z10 == vVar.u(aSN1ObjectIdentifier).f43158d) {
                hashSet.add(aSN1ObjectIdentifier.f34896c);
            }
        }
        return hashSet;
    }

    public static byte[] getExtensionOctets(o oVar, String str) {
        ko.v extensionValue = getExtensionValue(oVar, str);
        if (extensionValue != null) {
            return extensionValue.f35034c;
        }
        return null;
    }

    public static ko.v getExtensionValue(o oVar, String str) {
        u u10;
        v vVar = oVar.f43105c.f43120s;
        if (vVar == null || (u10 = vVar.u(new ASN1ObjectIdentifier(str))) == null) {
            return null;
        }
        return u10.f43159e;
    }

    private Set loadCRLEntries() {
        u u10;
        HashSet hashSet = new HashSet();
        Enumeration v10 = this.f39392c.v();
        op.c cVar = null;
        while (v10.hasMoreElements()) {
            p0.a aVar = (p0.a) v10.nextElement();
            hashSet.add(new X509CRLEntryObject(aVar, this.isIndirect, cVar));
            if (this.isIndirect && aVar.z() && (u10 = aVar.u().u(u.E)) != null) {
                cVar = op.c.u(y.u(u10.u()).y()[0].f43170c);
            }
        }
        return hashSet;
    }

    @Override // java.security.cert.X509Extension
    public Set getCriticalExtensionOIDs() {
        return getExtensionOIDs(true);
    }

    @Override // java.security.cert.X509Extension
    public byte[] getExtensionValue(String str) {
        ko.v extensionValue = getExtensionValue(this.f39392c, str);
        if (extensionValue == null) {
            return null;
        }
        try {
            return extensionValue.getEncoded();
        } catch (Exception e10) {
            throw new IllegalStateException("error parsing " + e10.toString());
        }
    }

    @Override // java.security.cert.X509CRL
    public Principal getIssuerDN() {
        return new br.c(op.c.u(this.f39392c.f43105c.f43116e.f39308p));
    }

    @Override // java.security.cert.X509CRL
    public X500Principal getIssuerX500Principal() {
        try {
            return new X500Principal(this.f39392c.f43105c.f43116e.getEncoded());
        } catch (IOException unused) {
            throw new IllegalStateException("can't encode issuer DN");
        }
    }

    @Override // java.security.cert.X509CRL
    public Date getNextUpdate() {
        v0 v0Var = this.f39392c.f43105c.f43118p;
        if (v0Var == null) {
            return null;
        }
        return v0Var.u();
    }

    @Override // java.security.cert.X509Extension
    public Set getNonCriticalExtensionOIDs() {
        return getExtensionOIDs(false);
    }

    @Override // java.security.cert.X509CRL
    public X509CRLEntry getRevokedCertificate(BigInteger bigInteger) {
        u u10;
        Enumeration v10 = this.f39392c.v();
        op.c cVar = null;
        while (v10.hasMoreElements()) {
            p0.a aVar = (p0.a) v10.nextElement();
            if (aVar.y().Z(bigInteger)) {
                return new X509CRLEntryObject(aVar, this.isIndirect, cVar);
            }
            if (this.isIndirect && aVar.z() && (u10 = aVar.u().u(u.E)) != null) {
                cVar = op.c.u(y.u(u10.u()).y()[0].f43170c);
            }
        }
        return null;
    }

    @Override // java.security.cert.X509CRL
    public Set getRevokedCertificates() {
        Set loadCRLEntries = loadCRLEntries();
        if (loadCRLEntries.isEmpty()) {
            return null;
        }
        return Collections.unmodifiableSet(loadCRLEntries);
    }

    @Override // java.security.cert.X509CRL
    public String getSigAlgName() {
        return this.sigAlgName;
    }

    @Override // java.security.cert.X509CRL
    public String getSigAlgOID() {
        return this.f39392c.f43106d.f43032c.f34896c;
    }

    @Override // java.security.cert.X509CRL
    public byte[] getSigAlgParams() {
        return a.b(this.sigAlgParams);
    }

    @Override // java.security.cert.X509CRL
    public byte[] getSignature() {
        return this.f39392c.f43107e.T();
    }

    @Override // java.security.cert.X509CRL
    public byte[] getTBSCertList() throws CRLException {
        try {
            return this.f39392c.f43105c.t("DER");
        } catch (IOException e10) {
            throw new CRLException(e10.toString());
        }
    }

    @Override // java.security.cert.X509CRL
    public Date getThisUpdate() {
        return this.f39392c.f43105c.f43117n.u();
    }

    @Override // java.security.cert.X509CRL
    public int getVersion() {
        q qVar = this.f39392c.f43105c.f43114c;
        if (qVar == null) {
            return 1;
        }
        return 1 + qVar.d0();
    }

    @Override // java.security.cert.X509Extension
    public boolean hasUnsupportedCriticalExtension() {
        Set criticalExtensionOIDs = getCriticalExtensionOIDs();
        if (criticalExtensionOIDs == null) {
            return false;
        }
        criticalExtensionOIDs.remove(u.D.f34896c);
        criticalExtensionOIDs.remove(u.C.f34896c);
        return !criticalExtensionOIDs.isEmpty();
    }

    @Override // java.security.cert.CRL
    public boolean isRevoked(Certificate certificate) {
        op.c cVar;
        u u10;
        if (!certificate.getType().equals("X.509")) {
            throw new IllegalArgumentException("X.509 CRL used with non X.509 Cert");
        }
        Enumeration v10 = this.f39392c.v();
        op.c cVar2 = this.f39392c.f43105c.f43116e;
        if (v10.hasMoreElements()) {
            X509Certificate x509Certificate = (X509Certificate) certificate;
            BigInteger serialNumber = x509Certificate.getSerialNumber();
            while (v10.hasMoreElements()) {
                p0.a v11 = p0.a.v(v10.nextElement());
                if (this.isIndirect && v11.z() && (u10 = v11.u().u(u.E)) != null) {
                    cVar2 = op.c.u(y.u(u10.u()).y()[0].f43170c);
                }
                if (v11.y().Z(serialNumber)) {
                    if (certificate instanceof X509Certificate) {
                        cVar = op.c.u(x509Certificate.getIssuerX500Principal().getEncoded());
                    } else {
                        try {
                            cVar = n.u(certificate.getEncoded()).f43101d.f43131p;
                        } catch (CertificateEncodingException e10) {
                            throw new IllegalArgumentException("Cannot process certificate: " + e10.getMessage());
                        }
                    }
                    return cVar2.equals(cVar);
                }
            }
        }
        return false;
    }

    /*  JADX ERROR: JadxRuntimeException in pass: RegionMakerVisitor
        jadx.core.utils.exceptions.JadxRuntimeException: Can't find top splitter block for handler:B:39:0x0131
        	at jadx.core.utils.BlockUtils.getTopSplitterForHandler(BlockUtils.java:1166)
        	at jadx.core.dex.visitors.regions.RegionMaker.processTryCatchBlocks(RegionMaker.java:1022)
        	at jadx.core.dex.visitors.regions.RegionMakerVisitor.visit(RegionMakerVisitor.java:55)
        */
    @Override // java.security.cert.CRL
    public java.lang.String toString() {
        /*
            Method dump skipped, instructions count: 349
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: org.bouncycastle.jcajce.provider.asymmetric.x509.X509CRLImpl.toString():java.lang.String");
    }

    @Override // java.security.cert.X509CRL
    public void verify(PublicKey publicKey) throws CRLException, NoSuchAlgorithmException, InvalidKeyException, NoSuchProviderException, SignatureException {
        doVerify(publicKey, new SignatureCreator() { // from class: org.bouncycastle.jcajce.provider.asymmetric.x509.X509CRLImpl.1
            @Override // org.bouncycastle.jcajce.provider.asymmetric.x509.SignatureCreator
            public Signature createSignature(String str) throws NoSuchAlgorithmException, NoSuchProviderException {
                try {
                    return X509CRLImpl.this.bcHelper.createSignature(str);
                } catch (Exception unused) {
                    return Signature.getInstance(str);
                }
            }
        });
    }

    @Override // java.security.cert.X509CRL
    public void verify(PublicKey publicKey, final String str) throws CRLException, NoSuchAlgorithmException, InvalidKeyException, NoSuchProviderException, SignatureException {
        doVerify(publicKey, new SignatureCreator() { // from class: org.bouncycastle.jcajce.provider.asymmetric.x509.X509CRLImpl.2
            @Override // org.bouncycastle.jcajce.provider.asymmetric.x509.SignatureCreator
            public Signature createSignature(String str2) throws NoSuchAlgorithmException, NoSuchProviderException {
                String str3 = str;
                return str3 != null ? Signature.getInstance(str2, str3) : Signature.getInstance(str2);
            }
        });
    }

    @Override // java.security.cert.X509CRL
    public void verify(PublicKey publicKey, final Provider provider) throws CRLException, NoSuchAlgorithmException, InvalidKeyException, SignatureException {
        try {
            doVerify(publicKey, new SignatureCreator() { // from class: org.bouncycastle.jcajce.provider.asymmetric.x509.X509CRLImpl.3
                @Override // org.bouncycastle.jcajce.provider.asymmetric.x509.SignatureCreator
                public Signature createSignature(String str) throws NoSuchAlgorithmException, NoSuchProviderException {
                    return provider != null ? Signature.getInstance(X509CRLImpl.this.getSigAlgName(), provider) : Signature.getInstance(X509CRLImpl.this.getSigAlgName());
                }
            });
        } catch (NoSuchProviderException e10) {
            throw new NoSuchAlgorithmException("provider issue: " + e10.getMessage());
        }
    }
}
