package org.bouncycastle.jce.provider;

import java.io.IOException;
import java.math.BigInteger;
import java.security.PublicKey;
import java.security.cert.CertPathValidatorSpi;
import java.security.cert.PKIXParameters;
import java.security.cert.X509CRL;
import java.security.cert.X509CRLEntry;
import java.security.cert.X509CRLSelector;
import java.security.cert.X509Certificate;
import java.util.Date;
import java.util.Iterator;

/* loaded from: classes5.dex */
public class o0 extends CertPathValidatorSpi {

    /* renamed from: l, reason: collision with root package name */
    private static final String f44314l = "2.5.29.32.0";

    /* renamed from: m, reason: collision with root package name */
    private static final int f44315m = 5;

    /* renamed from: n, reason: collision with root package name */
    private static final int f44316n = 6;

    /* renamed from: a, reason: collision with root package name */
    private static final String f44303a = org.bouncycastle.asn1.x509.h1.f42711u.l();

    /* renamed from: b, reason: collision with root package name */
    private static final String f44304b = org.bouncycastle.asn1.x509.h1.f42712v.l();

    /* renamed from: c, reason: collision with root package name */
    private static final String f44305c = org.bouncycastle.asn1.x509.h1.A.l();

    /* renamed from: d, reason: collision with root package name */
    private static final String f44306d = org.bouncycastle.asn1.x509.h1.f42707q.l();

    /* renamed from: e, reason: collision with root package name */
    private static final String f44307e = org.bouncycastle.asn1.x509.h1.f42706p.l();

    /* renamed from: f, reason: collision with root package name */
    private static final String f44308f = org.bouncycastle.asn1.x509.h1.f42714x.l();

    /* renamed from: g, reason: collision with root package name */
    private static final String f44309g = org.bouncycastle.asn1.x509.h1.f42701k.l();

    /* renamed from: h, reason: collision with root package name */
    private static final String f44310h = org.bouncycastle.asn1.x509.h1.f42699i.l();

    /* renamed from: i, reason: collision with root package name */
    private static final String f44311i = org.bouncycastle.asn1.x509.h1.f42709s.l();

    /* renamed from: j, reason: collision with root package name */
    private static final String f44312j = org.bouncycastle.asn1.x509.h1.f42697g.l();

    /* renamed from: k, reason: collision with root package name */
    private static final String f44313k = org.bouncycastle.asn1.x509.h1.f42702l.l();

    /* renamed from: o, reason: collision with root package name */
    private static final String[] f44317o = {"unspecified", "keyCompromise", "cACompromise", "affiliationChanged", "superseded", "cessationOfOperation", "certificateHold", "unknown", "removeFromCRL", "privilegeWithdrawn", "aACompromise"};

    private void a(PKIXParameters pKIXParameters, X509Certificate x509Certificate, Date date, X509Certificate x509Certificate2, PublicKey publicKey) throws AnnotatedException {
        org.bouncycastle.asn1.q0 l6;
        boolean[] keyUsage;
        X509CRLSelector x509CRLSelector = new X509CRLSelector();
        try {
            x509CRLSelector.addIssuerName(d.j(x509Certificate).getEncoded());
            x509CRLSelector.setCertificateChecking(x509Certificate);
            boolean z5 = false;
            for (X509CRL x509crl : d.g(x509CRLSelector, pKIXParameters.getCertStores())) {
                if (x509Certificate.getNotAfter().after(x509crl.getThisUpdate())) {
                    boolean z6 = true;
                    if (x509crl.getNextUpdate() == null || date.before(x509crl.getNextUpdate())) {
                        z5 = true;
                    }
                    if (x509Certificate2 != null && (keyUsage = x509Certificate2.getKeyUsage()) != null && (keyUsage.length < 7 || !keyUsage[6])) {
                        throw new AnnotatedException("Issuer certificate keyusage extension does not permit crl signing.\n" + x509Certificate2);
                    }
                    try {
                        x509crl.verify(publicKey, "BC");
                        X509CRLEntry revokedCertificate = x509crl.getRevokedCertificate(x509Certificate.getSerialNumber());
                        if (revokedCertificate != null && !date.before(revokedCertificate.getRevocationDate())) {
                            String str = (!revokedCertificate.hasExtensions() || (l6 = org.bouncycastle.asn1.q0.l(d.k(revokedCertificate, org.bouncycastle.asn1.x509.h1.f42703m.l()))) == null) ? null : f44317o[l6.n().intValue()];
                            String str2 = "Certificate revocation after " + revokedCertificate.getRevocationDate();
                            if (str != null) {
                                str2 = str2 + ", reason: " + str;
                            }
                            throw new AnnotatedException(str2);
                        }
                        org.bouncycastle.asn1.z0 k6 = d.k(x509crl, f44306d);
                        org.bouncycastle.asn1.z0 k7 = d.k(x509crl, f44307e);
                        if (k7 != null) {
                            X509CRLSelector x509CRLSelector2 = new X509CRLSelector();
                            try {
                                x509CRLSelector2.addIssuerName(d.l(x509crl).getEncoded());
                                x509CRLSelector2.setMinCRLNumber(((org.bouncycastle.asn1.w0) k7).n());
                                x509CRLSelector2.setMaxCRLNumber(((org.bouncycastle.asn1.w0) d.k(x509crl, f44313k)).n().subtract(BigInteger.valueOf(1L)));
                                Iterator it = d.g(x509CRLSelector2, pKIXParameters.getCertStores()).iterator();
                                while (true) {
                                    if (!it.hasNext()) {
                                        z6 = false;
                                        break;
                                    }
                                    org.bouncycastle.asn1.z0 k8 = d.k((X509CRL) it.next(), f44306d);
                                    if (k6 != null) {
                                        if (k6.equals(k8)) {
                                            break;
                                        }
                                    } else {
                                        if (k8 == null) {
                                            break;
                                        }
                                    }
                                }
                                if (!z6) {
                                    throw new AnnotatedException("No base CRL for delta CRL");
                                }
                            } catch (IOException e6) {
                                throw new AnnotatedException("can't extract issuer from certificate: " + e6, e6);
                            }
                        }
                        if (k6 != null) {
                            org.bouncycastle.asn1.x509.d0 i6 = org.bouncycastle.asn1.x509.d0.i(k6);
                            org.bouncycastle.asn1.x509.j i7 = org.bouncycastle.asn1.x509.j.i(d.k(x509Certificate, f44309g));
                            if (i6.n() && i7 != null && i7.l()) {
                                throw new AnnotatedException("CA Cert CRL only contains user certificates");
                            }
                            if (i6.m() && (i7 == null || !i7.l())) {
                                throw new AnnotatedException("End CRL only contains CA certificates");
                            }
                            if (i6.l()) {
                                throw new AnnotatedException("onlyContainsAttributeCerts boolean is asserted");
                            }
                        } else {
                            continue;
                        }
                    } catch (Exception e7) {
                        throw new AnnotatedException("can't verify CRL: " + e7, e7);
                    }
                }
            }
            if (!z5) {
                throw new AnnotatedException("no valid CRL found");
            }
        } catch (IOException e8) {
            throw new AnnotatedException("Cannot extract issuer from certificate: " + e8, e8);
        }
    }

    /*  JADX ERROR: Types fix failed
        jadx.core.utils.exceptions.JadxRuntimeException: Several immutable types in one variable: [boolean[], boolean], vars: [r6v1 ??, r6v2 ??, r6v9 ??, r6v5 ??, r6v115 ??, r6v6 ??, r6v8 ??, r6v7 ??, r6v15 ??, r6v14 ??, r6v13 ??, r6v16 ??, r6v4 ??, r6v3 ??, r6v114 ??]
        	at jadx.core.dex.visitors.InitCodeVariables.setCodeVarType(InitCodeVariables.java:107)
        	at jadx.core.dex.visitors.InitCodeVariables.setCodeVar(InitCodeVariables.java:83)
        	at jadx.core.dex.visitors.InitCodeVariables.initCodeVar(InitCodeVariables.java:74)
        	at jadx.core.dex.visitors.InitCodeVariables.initCodeVars(InitCodeVariables.java:48)
        	at jadx.core.dex.visitors.InitCodeVariables.rerun(InitCodeVariables.java:36)
        	at jadx.core.dex.visitors.typeinference.FixTypesVisitor.trySplitConstInsns(FixTypesVisitor.java:457)
        	at jadx.core.dex.visitors.typeinference.FixTypesVisitor.visit(FixTypesVisitor.java:91)
        */
    @Override // java.security.cert.CertPathValidatorSpi
    public java.security.cert.CertPathValidatorResult engineValidate(java.security.cert.CertPath r50, java.security.cert.CertPathParameters r51) throws java.security.cert.CertPathValidatorException, java.security.InvalidAlgorithmParameterException {
        /*
            Method dump skipped, instructions count: 2956
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: org.bouncycastle.jce.provider.o0.engineValidate(java.security.cert.CertPath, java.security.cert.CertPathParameters):java.security.cert.CertPathValidatorResult");
    }
}
