package sun.security.provider.certpath;

import com.sun.org.apache.xml.internal.security.keys.content.x509.XMLX509Certificate;
import java.io.IOException;
import java.net.URI;
import java.security.AccessController;
import java.security.PublicKey;
import java.security.cert.CRL;
import java.security.cert.CRLSelector;
import java.security.cert.CertStore;
import java.security.cert.CertStoreException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509CRL;
import java.security.cert.X509CRLSelector;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collection;
import java.util.Collections;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import javax.security.auth.x500.X500Principal;
import sun.security.action.GetPropertyAction;
import sun.security.provider.certpath.LDAPCertStore;
import sun.security.util.Cache;
import sun.security.util.Debug;
import sun.security.x509.CRLDistributionPointsExtension;
import sun.security.x509.DistributionPoint;
import sun.security.x509.GeneralName;
import sun.security.x509.GeneralNames;
import sun.security.x509.RDN;
import sun.security.x509.URIName;
import sun.security.x509.X500Name;
import sun.security.x509.X509CertImpl;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: classes8.dex */
public class DistributionPointFetcher {
    private static final int CACHE_SIZE = 185;
    private static final int CHECK_INTERVAL = 30000;
    private final Cache cache;
    private final CertificateFactory factory;
    private static final Debug debug = Debug.getInstance("certpath");
    private static final boolean[] ALL_REASONS = {true, true, true, true, true, true, true, true, true};
    private static final boolean USE_CRLDP = getBooleanProperty("com.sun.security.enableCRLDP", false);
    private static final DistributionPointFetcher INSTANCE = new DistributionPointFetcher();

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: classes8.dex */
    public static class CacheEntry {
        private X509CRL crl;
        private long lastChecked;
        private long lastModified;

        CacheEntry() {
        }

        /* JADX WARN: Code restructure failed: missing block: B:65:0x00dc, code lost:
        
            if (r3 != null) goto L93;
         */
        /* JADX WARN: Code restructure failed: missing block: B:66:0x00df, code lost:
        
            r9.lastModified = 0;
            r9.crl = null;
         */
        /* JADX WARN: Code restructure failed: missing block: B:68:0x00e4, code lost:
        
            return null;
         */
        /* JADX WARN: Code restructure failed: missing block: B:70:0x00c4, code lost:
        
            r3.close();
         */
        /* JADX WARN: Code restructure failed: missing block: B:77:0x00c2, code lost:
        
            if (r3 != null) goto L93;
         */
        /* JADX WARN: Not initialized variable reg: 3, insn: 0x00e6: MOVE (r2 I:??[OBJECT, ARRAY]) = (r3 I:??[OBJECT, ARRAY]), block:B:80:0x00e6 */
        /* JADX WARN: Removed duplicated region for block: B:83:0x00e9 A[EXC_TOP_SPLITTER, SYNTHETIC] */
        /*
            Code decompiled incorrectly, please refer to instructions dump.
            To view partially-correct add '--show-bad-code' argument
        */
        synchronized java.security.cert.X509CRL getCRL(java.security.cert.CertificateFactory r10, java.net.URI r11) {
            /*
                Method dump skipped, instructions count: 240
                To view this dump add '--comments-level debug' option
            */
            throw new UnsupportedOperationException("Method not decompiled: sun.security.provider.certpath.DistributionPointFetcher.CacheEntry.getCRL(java.security.cert.CertificateFactory, java.net.URI):java.security.cert.X509CRL");
        }
    }

    private DistributionPointFetcher() {
        try {
            this.factory = CertificateFactory.getInstance(XMLX509Certificate.JCA_CERT_ID);
            this.cache = Cache.newSoftMemoryCache(185);
        } catch (CertificateException unused) {
            throw new RuntimeException();
        }
    }

    public static boolean getBooleanProperty(String str, boolean z) {
        String str2 = (String) AccessController.doPrivileged(new GetPropertyAction(str));
        if (str2 == null) {
            return z;
        }
        if (str2.equalsIgnoreCase("false")) {
            return false;
        }
        if (str2.equalsIgnoreCase("true")) {
            return true;
        }
        throw new RuntimeException("Value of " + str + " must either be 'true' or 'false'");
    }

    private X509CRL getCRL(URIName uRIName) {
        URI uri = uRIName.getURI();
        Debug debug2 = debug;
        if (debug2 != null) {
            debug2.println("Trying to fetch CRL from DP " + ((Object) uri));
        }
        if (!uri.getScheme().toLowerCase().equals("ldap")) {
            CacheEntry cacheEntry = (CacheEntry) this.cache.get(uri);
            if (cacheEntry == null) {
                cacheEntry = new CacheEntry();
                this.cache.put(uri, cacheEntry);
            }
            return cacheEntry.getCRL(this.factory, uri);
        }
        String path = uri.getPath();
        if (debug2 != null) {
            debug2.println("authority:" + uri.getAuthority());
            debug2.println("path:" + path);
        }
        if (path.charAt(0) == '/') {
            path = path.substring(1);
        }
        try {
            LDAPCertStore.LDAPCRLSelector lDAPCRLSelector = new LDAPCertStore.LDAPCRLSelector();
            lDAPCRLSelector.addIssuerName(path);
            Collection<? extends CRL> cRLs = LDAPCertStore.getInstance(LDAPCertStore.getParameters(uri)).getCRLs(lDAPCRLSelector);
            if (cRLs.isEmpty()) {
                return null;
            }
            return (X509CRL) cRLs.iterator().next();
        } catch (Exception e) {
            Debug debug3 = debug;
            if (debug3 != null) {
                debug3.println("Exception getting CRL from CertStore: " + ((Object) e));
                e.printStackTrace();
            }
            return null;
        }
    }

    private Collection<X509CRL> getCRLs(X509CRLSelector x509CRLSelector, X509CertImpl x509CertImpl, DistributionPoint distributionPoint, boolean[] zArr, PublicKey publicKey, String str, List<CertStore> list) {
        X509CRL crl;
        GeneralNames fullName = distributionPoint.getFullName();
        if (fullName == null) {
            return Collections.emptySet();
        }
        ArrayList<X509CRL> arrayList = new ArrayList();
        ArrayList arrayList2 = new ArrayList(2);
        Iterator<GeneralName> it = fullName.iterator();
        while (it.getHasNext()) {
            GeneralName next = it.next();
            if (next.getType() == 4) {
                arrayList.addAll(getCRLs((X500Name) next.getName(), x509CertImpl.getIssuerX500Principal(), list));
            } else if (next.getType() == 6 && (crl = getCRL((URIName) next.getName())) != null) {
                arrayList.add(crl);
            }
        }
        for (X509CRL x509crl : arrayList) {
            try {
                x509CRLSelector.setIssuerNames(null);
                if (x509CRLSelector.match(x509crl) && verifyCRL(x509CertImpl, distributionPoint, x509crl, zArr, publicKey, str)) {
                    arrayList2.add(x509crl);
                }
            } catch (Exception e) {
                Debug debug2 = debug;
                if (debug2 != null) {
                    debug2.println("Exception verifying CRL: " + e.getMessage());
                    e.printStackTrace();
                }
            }
        }
        return arrayList2;
    }

    private Collection<X509CRL> getCRLs(X500Name x500Name, X500Principal x500Principal, List<CertStore> list) {
        Debug debug2 = debug;
        if (debug2 != null) {
            debug2.println("Trying to fetch CRL from DP " + ((Object) x500Name));
        }
        X509CRLSelector x509CRLSelector = new X509CRLSelector();
        x509CRLSelector.addIssuer(x500Name.asX500Principal());
        x509CRLSelector.addIssuer(x500Principal);
        ArrayList arrayList = new ArrayList();
        Iterator<CertStore> it = list.iterator();
        while (it.getHasNext()) {
            try {
                arrayList.addAll(it.next().getCRLs(x509CRLSelector));
            } catch (CertStoreException e) {
                Debug debug3 = debug;
                if (debug3 != null) {
                    debug3.println("Non-fatal exception while retrieving CRLs: " + ((Object) e));
                    e.printStackTrace();
                }
            }
        }
        return arrayList;
    }

    private GeneralNames getFullNames(X500Name x500Name, RDN rdn) throws IOException {
        ArrayList arrayList = new ArrayList(x500Name.rdns());
        arrayList.add(rdn);
        X500Name x500Name2 = new X500Name((RDN[]) arrayList.toArray(new RDN[0]));
        GeneralNames generalNames = new GeneralNames();
        generalNames.add(new GeneralName(x500Name2));
        return generalNames;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static DistributionPointFetcher getInstance() {
        return INSTANCE;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public Collection<X509CRL> getCRLs(CRLSelector cRLSelector, PublicKey publicKey, String str, List<CertStore> list, boolean[] zArr) throws CertStoreException {
        X509CRLSelector x509CRLSelector;
        X509Certificate certificateChecking;
        if (USE_CRLDP && (cRLSelector instanceof X509CRLSelector) && (certificateChecking = (x509CRLSelector = (X509CRLSelector) cRLSelector).getCertificateChecking()) != null) {
            try {
                X509CertImpl impl = X509CertImpl.toImpl(certificateChecking);
                Debug debug2 = debug;
                if (debug2 != null) {
                    debug2.println("DistributionPointFetcher.getCRLs: Checking CRLDPs for " + ((Object) impl.getSubjectX500Principal()));
                }
                CRLDistributionPointsExtension cRLDistributionPointsExtension = impl.getCRLDistributionPointsExtension();
                if (cRLDistributionPointsExtension == null) {
                    if (debug2 != null) {
                        debug2.println("No CRLDP ext");
                    }
                    return Collections.emptySet();
                }
                List list2 = (List) cRLDistributionPointsExtension.get(CRLDistributionPointsExtension.POINTS);
                HashSet hashSet = new HashSet();
                Iterator it = list2.iterator();
                while (it.getHasNext() && !Arrays.equals(zArr, ALL_REASONS)) {
                    hashSet.addAll(getCRLs(x509CRLSelector, impl, (DistributionPoint) it.next(), zArr, publicKey, str, list));
                }
                Debug debug3 = debug;
                if (debug3 != null) {
                    debug3.println("Returning " + hashSet.size() + " CRLs");
                }
                return hashSet;
            } catch (IOException unused) {
                return Collections.emptySet();
            } catch (CertificateException unused2) {
                return Collections.emptySet();
            }
        }
        return Collections.emptySet();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* JADX WARN: Code restructure failed: missing block: B:18:0x004f, code lost:
    
        if (r8 == false) goto L16;
     */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public boolean verifyCRL(sun.security.x509.X509CertImpl r13, sun.security.x509.DistributionPoint r14, java.security.cert.X509CRL r15, boolean[] r16, java.security.PublicKey r17, java.lang.String r18) throws java.security.cert.CRLException, java.io.IOException {
        /*
            Method dump skipped, instructions count: 683
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: sun.security.provider.certpath.DistributionPointFetcher.verifyCRL(sun.security.x509.X509CertImpl, sun.security.x509.DistributionPoint, java.security.cert.X509CRL, boolean[], java.security.PublicKey, java.lang.String):boolean");
    }
}
