package defpackage;

import defpackage.r44;
import defpackage.t44;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.math.BigInteger;
import java.security.GeneralSecurityException;
import java.security.PublicKey;
import java.security.cert.CRL;
import java.security.cert.CRLException;
import java.security.cert.CertPath;
import java.security.cert.CertPathValidatorException;
import java.security.cert.CertStore;
import java.security.cert.CertStoreException;
import java.security.cert.Certificate;
import java.security.cert.CertificateParsingException;
import java.security.cert.PolicyQualifierInfo;
import java.security.cert.TrustAnchor;
import java.security.cert.X509CRL;
import java.security.cert.X509CRLEntry;
import java.security.cert.X509CRLSelector;
import java.security.cert.X509CertSelector;
import java.security.cert.X509Certificate;
import java.security.cert.X509Extension;
import java.security.interfaces.DSAParams;
import java.security.interfaces.DSAPublicKey;
import java.security.spec.DSAPublicKeySpec;
import java.text.ParseException;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Collections;
import java.util.Date;
import java.util.Enumeration;
import java.util.HashSet;
import java.util.Iterator;
import java.util.LinkedHashSet;
import java.util.List;
import java.util.Map;
import java.util.Set;
import javax.security.auth.x500.X500Principal;

/* loaded from: classes4.dex */
public class sg4 {
    public static final String o = "2.5.29.32.0";
    public static final int q = 5;
    public static final int r = 6;
    public static final oh4 a = new oh4();
    public static final String b = qa3.t.m();
    public static final String c = qa3.j.m();
    public static final String d = qa3.u.m();
    public static final String e = qa3.h.m();
    public static final String f = qa3.r.m();
    public static final String g = qa3.f.m();
    public static final String h = qa3.z.m();
    public static final String i = qa3.p.m();
    public static final String j = qa3.o.m();
    public static final String k = qa3.w.m();
    public static final String l = qa3.y.m();
    public static final String m = qa3.s.m();
    public static final String n = qa3.v.m();
    public static final String p = qa3.k.m();
    public static final String[] s = {"unspecified", "keyCompromise", "cACompromise", "affiliationChanged", "superseded", "cessationOfOperation", "certificateHold", "unknown", "removeFromCRL", "privilegeWithdrawn", "aACompromise"};

    public static BigInteger a(Object obj) {
        return ((X509Certificate) obj).getSerialNumber();
    }

    public static PublicKey a(List list, int i2, ze4 ze4Var) throws CertPathValidatorException {
        DSAPublicKey dSAPublicKey;
        PublicKey publicKey = ((Certificate) list.get(i2)).getPublicKey();
        if (!(publicKey instanceof DSAPublicKey)) {
            return publicKey;
        }
        DSAPublicKey dSAPublicKey2 = (DSAPublicKey) publicKey;
        if (dSAPublicKey2.getParams() != null) {
            return dSAPublicKey2;
        }
        do {
            i2++;
            if (i2 >= list.size()) {
                throw new CertPathValidatorException("DSA parameters cannot be inherited from previous certificate.");
            }
            PublicKey publicKey2 = ((X509Certificate) list.get(i2)).getPublicKey();
            if (!(publicKey2 instanceof DSAPublicKey)) {
                throw new CertPathValidatorException("DSA parameters cannot be inherited from previous certificate.");
            }
            dSAPublicKey = (DSAPublicKey) publicKey2;
        } while (dSAPublicKey.getParams() == null);
        DSAParams params = dSAPublicKey.getParams();
        try {
            return ze4Var.l("DSA").generatePublic(new DSAPublicKeySpec(dSAPublicKey2.getY(), params.getP(), params.getQ(), params.getG()));
        } catch (Exception e2) {
            throw new RuntimeException(e2.getMessage());
        }
    }

    public static TrustAnchor a(X509Certificate x509Certificate, Set set) throws mg4 {
        return a(x509Certificate, set, (String) null);
    }

    public static TrustAnchor a(X509Certificate x509Certificate, Set set, String str) throws mg4 {
        X509CertSelector x509CertSelector = new X509CertSelector();
        X500Principal issuerX500Principal = x509Certificate.getIssuerX500Principal();
        x509CertSelector.setSubject(issuerX500Principal);
        Iterator it = set.iterator();
        TrustAnchor trustAnchor = null;
        Exception e2 = null;
        j93 j93Var = null;
        PublicKey publicKey = null;
        while (it.hasNext() && trustAnchor == null) {
            trustAnchor = (TrustAnchor) it.next();
            if (trustAnchor.getTrustedCert() != null) {
                if (x509CertSelector.match(trustAnchor.getTrustedCert())) {
                    publicKey = trustAnchor.getTrustedCert().getPublicKey();
                }
                trustAnchor = null;
            } else {
                if (trustAnchor.getCA() != null && trustAnchor.getCAName() != null && trustAnchor.getCAPublicKey() != null) {
                    if (j93Var == null) {
                        j93Var = j93.a(issuerX500Principal.getEncoded());
                    }
                    try {
                        if (j93Var.equals(j93.a(trustAnchor.getCA().getEncoded()))) {
                            publicKey = trustAnchor.getCAPublicKey();
                        }
                    } catch (IllegalArgumentException unused) {
                    }
                }
                trustAnchor = null;
            }
            if (publicKey != null) {
                try {
                    a(x509Certificate, publicKey, str);
                } catch (Exception e3) {
                    e2 = e3;
                    trustAnchor = null;
                    publicKey = null;
                }
            }
        }
        if (trustAnchor != null || e2 == null) {
            return trustAnchor;
        }
        throw new mg4("TrustAnchor found but certificate validation failed.", e2);
    }

    public static Collection a(X509Certificate x509Certificate, List<CertStore> list, List<s44> list2) throws mg4 {
        byte[] k2;
        X509CertSelector x509CertSelector = new X509CertSelector();
        try {
            x509CertSelector.setSubject(uh4.a(x509Certificate).getEncoded());
            try {
                byte[] extensionValue = x509Certificate.getExtensionValue(n);
                if (extensionValue != null && (k2 = aa3.a(ur2.a((Object) extensionValue).m()).k()) != null) {
                    x509CertSelector.setSubjectKeyIdentifier(new rt2(k2).getEncoded());
                }
            } catch (Exception unused) {
            }
            t44<? extends Certificate> a2 = new t44.b(x509CertSelector).a();
            LinkedHashSet linkedHashSet = new LinkedHashSet();
            try {
                ArrayList arrayList = new ArrayList();
                arrayList.addAll(a(a2, list));
                arrayList.addAll(a(a2, list2));
                Iterator it = arrayList.iterator();
                while (it.hasNext()) {
                    linkedHashSet.add((X509Certificate) it.next());
                }
                return linkedHashSet;
            } catch (mg4 e2) {
                throw new mg4("Issuer certificate cannot be searched.", e2);
            }
        } catch (Exception e3) {
            throw new mg4("Subject criteria for certificate selector to find issuer certificate could not be set.", e3);
        }
    }

    public static Collection a(t44 t44Var, List list) throws mg4 {
        LinkedHashSet linkedHashSet = new LinkedHashSet();
        for (Object obj : list) {
            if (obj instanceof f25) {
                try {
                    linkedHashSet.addAll(((f25) obj).a(t44Var));
                } catch (g25 e2) {
                    throw new mg4("Problem while picking certificates from X.509 store.", e2);
                }
            } else {
                try {
                    linkedHashSet.addAll(t44.a(t44Var, (CertStore) obj));
                } catch (CertStoreException e3) {
                    throw new mg4("Problem while picking certificates from certificate store.", e3);
                }
            }
        }
        return linkedHashSet;
    }

    public static Date a(v44 v44Var) {
        Date e2 = v44Var.e();
        return e2 == null ? new Date() : e2;
    }

    public static Date a(v44 v44Var, CertPath certPath, int i2) throws mg4 {
        if (v44Var.m() == 1 && i2 > 0) {
            int i3 = i2 - 1;
            if (i3 == 0) {
                try {
                    byte[] extensionValue = ((X509Certificate) certPath.getCertificates().get(i3)).getExtensionValue(y43.e.m());
                    nr2 a2 = extensionValue != null ? nr2.a((Object) yr2.a(extensionValue)) : null;
                    if (a2 != null) {
                        try {
                            return a2.m();
                        } catch (ParseException e2) {
                            throw new mg4("Date from date of cert gen extension could not be parsed.", e2);
                        }
                    }
                } catch (IOException unused) {
                    throw new mg4("Date of cert gen extension could not be read.");
                } catch (IllegalArgumentException unused2) {
                    throw new mg4("Date of cert gen extension could not be read.");
                }
            }
            return ((X509Certificate) certPath.getCertificates().get(i3)).getNotBefore();
        }
        return a(v44Var);
    }

    public static List<q44> a(ca3 ca3Var, Map<ta3, q44> map) throws mg4 {
        if (ca3Var == null) {
            return Collections.EMPTY_LIST;
        }
        try {
            na3[] i2 = ca3Var.i();
            ArrayList arrayList = new ArrayList();
            for (na3 na3Var : i2) {
                oa3 j2 = na3Var.j();
                if (j2 != null && j2.i() == 0) {
                    for (ta3 ta3Var : ua3.a(j2.getName()).i()) {
                        q44 q44Var = map.get(ta3Var);
                        if (q44Var != null) {
                            arrayList.add(q44Var);
                        }
                    }
                }
            }
            return arrayList;
        } catch (Exception e2) {
            throw new mg4("Distribution points could not be read.", e2);
        }
    }

    public static List<s44> a(byte[] bArr, Map<ta3, s44> map) throws CertificateParsingException {
        if (bArr == null) {
            return Collections.EMPTY_LIST;
        }
        ta3[] i2 = ua3.a(ur2.a((Object) bArr).m()).i();
        ArrayList arrayList = new ArrayList();
        for (int i3 = 0; i3 != i2.length; i3++) {
            s44 s44Var = map.get(i2[i3]);
            if (s44Var != null) {
                arrayList.add(s44Var);
            }
        }
        return arrayList;
    }

    public static Set a(Date date, X509CRL x509crl, List<CertStore> list, List<q44> list2) throws mg4 {
        X509CRLSelector x509CRLSelector = new X509CRLSelector();
        try {
            x509CRLSelector.addIssuerName(uh4.a(x509crl).getEncoded());
            try {
                yr2 a2 = a(x509crl, p);
                BigInteger m2 = a2 != null ? qr2.a((Object) a2).m() : null;
                try {
                    byte[] extensionValue = x509crl.getExtensionValue(i);
                    x509CRLSelector.setMinCRLNumber(m2 != null ? m2.add(BigInteger.valueOf(1L)) : null);
                    r44.b bVar = new r44.b(x509CRLSelector);
                    bVar.a(extensionValue);
                    bVar.c(true);
                    bVar.a(m2);
                    Set<X509CRL> a3 = a.a(bVar.a(), date, list, list2);
                    HashSet hashSet = new HashSet();
                    for (X509CRL x509crl2 : a3) {
                        if (a(x509crl2)) {
                            hashSet.add(x509crl2);
                        }
                    }
                    return hashSet;
                } catch (Exception e2) {
                    throw new mg4("Issuing distribution point extension value could not be read.", e2);
                }
            } catch (Exception e3) {
                throw new mg4("CRL number extension could not be extracted from CRL.", e3);
            }
        } catch (IOException e4) {
            throw new mg4("Cannot extract issuer from CRL.", e4);
        }
    }

    public static Set a(na3 na3Var, Object obj, Date date, v44 v44Var) throws mg4 {
        X509CRLSelector x509CRLSelector = new X509CRLSelector();
        try {
            HashSet hashSet = new HashSet();
            hashSet.add(uh4.a(obj));
            a(na3Var, hashSet, x509CRLSelector);
            if (obj instanceof X509Certificate) {
                x509CRLSelector.setCertificateChecking((X509Certificate) obj);
            }
            r44<? extends CRL> a2 = new r44.b(x509CRLSelector).a(true).a();
            if (v44Var.e() != null) {
                date = v44Var.e();
            }
            Set a3 = a.a(a2, date, v44Var.c(), v44Var.a());
            a(a3, obj);
            return a3;
        } catch (mg4 e2) {
            throw new mg4("Could not get issuer information from distribution point.", e2);
        }
    }

    public static final Set a(zr2 zr2Var) throws CertPathValidatorException {
        HashSet hashSet = new HashSet();
        if (zr2Var == null) {
            return hashSet;
        }
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        wr2 a2 = wr2.a(byteArrayOutputStream);
        Enumeration m2 = zr2Var.m();
        while (m2.hasMoreElements()) {
            try {
                a2.a((hr2) m2.nextElement());
                hashSet.add(new PolicyQualifierInfo(byteArrayOutputStream.toByteArray()));
                byteArrayOutputStream.reset();
            } catch (IOException e2) {
                throw new rf4("Policy qualifier info cannot be decoded.", e2);
            }
        }
        return hashSet;
    }

    public static t93 a(PublicKey publicKey) throws CertPathValidatorException {
        try {
            return vb3.a(new pr2(publicKey.getEncoded()).readObject()).i();
        } catch (Exception e2) {
            throw new rf4("Subject public key cannot be decoded.", e2);
        }
    }

    public static th4 a(int i2, List[] listArr, String str, th4 th4Var) {
        int i3;
        Iterator it = listArr[i2].iterator();
        while (it.hasNext()) {
            th4 th4Var2 = (th4) it.next();
            if (th4Var2.getValidPolicy().equals(str)) {
                ((th4) th4Var2.getParent()).b(th4Var2);
                it.remove();
                for (int i4 = i2 - 1; i4 >= 0; i4--) {
                    List list = listArr[i4];
                    while (i3 < list.size()) {
                        th4 th4Var3 = (th4) list.get(i3);
                        i3 = (th4Var3.b() || (th4Var = a(th4Var, listArr, th4Var3)) != null) ? i3 + 1 : 0;
                    }
                }
            }
        }
        return th4Var;
    }

    public static th4 a(th4 th4Var, List[] listArr, th4 th4Var2) {
        th4 th4Var3 = (th4) th4Var2.getParent();
        if (th4Var == null) {
            return null;
        }
        if (th4Var3 != null) {
            th4Var3.b(th4Var2);
            a(listArr, th4Var2);
            return th4Var;
        }
        for (int i2 = 0; i2 < listArr.length; i2++) {
            listArr[i2] = new ArrayList();
        }
        return null;
    }

    public static yr2 a(String str, byte[] bArr) throws mg4 {
        try {
            return yr2.a(ur2.a((Object) new pr2(bArr).readObject()).m());
        } catch (Exception e2) {
            throw new mg4("exception processing extension " + str, e2);
        }
    }

    public static yr2 a(X509Extension x509Extension, String str) throws mg4 {
        byte[] extensionValue = x509Extension.getExtensionValue(str);
        if (extensionValue == null) {
            return null;
        }
        return a(str, extensionValue);
    }

    public static void a(int i2, List[] listArr, String str, Map map, X509Certificate x509Certificate) throws mg4, CertPathValidatorException {
        boolean z;
        Iterator it = listArr[i2].iterator();
        while (true) {
            if (!it.hasNext()) {
                z = false;
                break;
            }
            th4 th4Var = (th4) it.next();
            if (th4Var.getValidPolicy().equals(str)) {
                z = true;
                th4Var.c = (Set) map.get(str);
                break;
            }
        }
        if (z) {
            return;
        }
        for (th4 th4Var2 : listArr[i2]) {
            if ("2.5.29.32.0".equals(th4Var2.getValidPolicy())) {
                Set set = null;
                try {
                    Enumeration m2 = zr2.a((Object) a(x509Certificate, b)).m();
                    while (true) {
                        if (!m2.hasMoreElements()) {
                            break;
                        }
                        try {
                            lb3 a2 = lb3.a(m2.nextElement());
                            if ("2.5.29.32.0".equals(a2.i().m())) {
                                try {
                                    set = a(a2.j());
                                    break;
                                } catch (CertPathValidatorException e2) {
                                    throw new rf4("Policy qualifier info set could not be built.", e2);
                                }
                            }
                        } catch (Exception e3) {
                            throw new mg4("Policy information cannot be decoded.", e3);
                        }
                    }
                    Set set2 = set;
                    boolean contains = x509Certificate.getCriticalExtensionOIDs() != null ? x509Certificate.getCriticalExtensionOIDs().contains(b) : false;
                    th4 th4Var3 = (th4) th4Var2.getParent();
                    if ("2.5.29.32.0".equals(th4Var3.getValidPolicy())) {
                        th4 th4Var4 = new th4(new ArrayList(), i2, (Set) map.get(str), th4Var3, set2, str, contains);
                        th4Var3.a(th4Var4);
                        listArr[i2].add(th4Var4);
                        return;
                    }
                    return;
                } catch (Exception e4) {
                    throw new mg4("Certificate policies cannot be decoded.", e4);
                }
            }
        }
    }

    public static void a(X509Certificate x509Certificate, PublicKey publicKey, String str) throws GeneralSecurityException {
        if (str == null) {
            x509Certificate.verify(publicKey);
        } else {
            x509Certificate.verify(publicKey, str);
        }
    }

    public static void a(Date date, X509CRL x509crl, Object obj, tg4 tg4Var) throws mg4 {
        X509CRLEntry revokedCertificate;
        try {
            if (ai4.a(x509crl)) {
                revokedCertificate = x509crl.getRevokedCertificate(a(obj));
                if (revokedCertificate == null) {
                    return;
                }
                X500Principal certificateIssuer = revokedCertificate.getCertificateIssuer();
                if (!uh4.a(obj).equals(certificateIssuer == null ? uh4.a(x509crl) : uh4.b(certificateIssuer))) {
                    return;
                }
            } else if (!uh4.a(obj).equals(uh4.a(x509crl)) || (revokedCertificate = x509crl.getRevokedCertificate(a(obj))) == null) {
                return;
            }
            kr2 kr2Var = null;
            if (revokedCertificate.hasExtensions()) {
                if (revokedCertificate.hasUnsupportedCriticalExtension()) {
                    throw new mg4("CRL entry has unsupported critical extensions.");
                }
                try {
                    kr2Var = kr2.a((Object) a(revokedCertificate, qa3.l.m()));
                } catch (Exception e2) {
                    throw new mg4("Reason code CRL entry extension could not be decoded.", e2);
                }
            }
            int n2 = kr2Var == null ? 0 : kr2Var.n();
            if (date.getTime() >= revokedCertificate.getRevocationDate().getTime() || n2 == 0 || n2 == 1 || n2 == 2 || n2 == 10) {
                tg4Var.a(n2);
                tg4Var.a(revokedCertificate.getRevocationDate());
            }
        } catch (CRLException e3) {
            throw new mg4("Failed check for indirect CRL.", e3);
        }
    }

    public static void a(Set set, Object obj) throws mg4 {
        if (set.isEmpty()) {
            if (obj instanceof n45) {
                throw new mg4("No CRLs found for issuer \"" + ((n45) obj).g().a()[0] + "\"");
            }
            throw new mg4("No CRLs found for issuer \"" + q93.V.b(uh4.a((X509Certificate) obj)) + "\"");
        }
    }

    public static void a(na3 na3Var, Collection collection, X509CRLSelector x509CRLSelector) throws mg4 {
        ArrayList arrayList = new ArrayList();
        if (na3Var.i() != null) {
            ta3[] i2 = na3Var.i().i();
            for (int i3 = 0; i3 < i2.length; i3++) {
                if (i2[i3].d() == 4) {
                    try {
                        arrayList.add(j93.a(i2[i3].getName().e().getEncoded()));
                    } catch (IOException e2) {
                        throw new mg4("CRL issuer information from distribution point cannot be decoded.", e2);
                    }
                }
            }
        } else {
            if (na3Var.j() == null) {
                throw new mg4("CRL issuer is omitted from distribution point but no distributionPoint field present.");
            }
            Iterator it = collection.iterator();
            while (it.hasNext()) {
                arrayList.add(it.next());
            }
        }
        Iterator it2 = arrayList.iterator();
        while (it2.hasNext()) {
            try {
                x509CRLSelector.addIssuerName(((j93) it2.next()).getEncoded());
            } catch (IOException e3) {
                throw new mg4("Cannot decode CRL issuer information.", e3);
            }
        }
    }

    public static void a(List[] listArr, th4 th4Var) {
        listArr[th4Var.getDepth()].remove(th4Var);
        if (th4Var.b()) {
            Iterator children = th4Var.getChildren();
            while (children.hasNext()) {
                a(listArr, (th4) children.next());
            }
        }
    }

    public static boolean a(int i2, List[] listArr, tr2 tr2Var, Set set) {
        List list = listArr[i2 - 1];
        for (int i3 = 0; i3 < list.size(); i3++) {
            th4 th4Var = (th4) list.get(i3);
            if (th4Var.getExpectedPolicies().contains(tr2Var.m())) {
                HashSet hashSet = new HashSet();
                hashSet.add(tr2Var.m());
                th4 th4Var2 = new th4(new ArrayList(), i2, hashSet, th4Var, set, tr2Var.m(), false);
                th4Var.a(th4Var2);
                listArr[i2].add(th4Var2);
                return true;
            }
        }
        return false;
    }

    public static boolean a(X509CRL x509crl) {
        Set<String> criticalExtensionOIDs = x509crl.getCriticalExtensionOIDs();
        if (criticalExtensionOIDs == null) {
            return false;
        }
        return criticalExtensionOIDs.contains(vh4.g);
    }

    public static boolean a(X509Certificate x509Certificate) {
        return x509Certificate.getSubjectDN().equals(x509Certificate.getIssuerDN());
    }

    public static boolean a(Set set) {
        return set == null || set.contains("2.5.29.32.0") || set.isEmpty();
    }

    public static void b(int i2, List[] listArr, tr2 tr2Var, Set set) {
        List list = listArr[i2 - 1];
        for (int i3 = 0; i3 < list.size(); i3++) {
            th4 th4Var = (th4) list.get(i3);
            if ("2.5.29.32.0".equals(th4Var.getValidPolicy())) {
                HashSet hashSet = new HashSet();
                hashSet.add(tr2Var.m());
                th4 th4Var2 = new th4(new ArrayList(), i2, hashSet, th4Var, set, tr2Var.m(), false);
                th4Var.a(th4Var2);
                listArr[i2].add(th4Var2);
                return;
            }
        }
    }

    public static boolean b(X509Certificate x509Certificate, Set set, String str) throws mg4 {
        try {
            return a(x509Certificate, set, str) != null;
        } catch (Exception unused) {
            return false;
        }
    }
}
