package org.bouncycastle.jcajce.provider.asymmetric.x509;

import java.io.BufferedOutputStream;
import java.io.IOException;
import java.math.BigInteger;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.Principal;
import java.security.Provider;
import java.security.PublicKey;
import java.security.Signature;
import java.security.SignatureException;
import java.security.cert.CRLException;
import java.security.cert.Certificate;
import java.security.cert.CertificateEncodingException;
import java.security.cert.X509CRL;
import java.security.cert.X509CRLEntry;
import java.security.cert.X509Certificate;
import java.util.Collections;
import java.util.Date;
import java.util.Enumeration;
import java.util.HashSet;
import java.util.List;
import java.util.Set;
import javax.security.auth.x500.X500Principal;
import org.bouncycastle.asn1.ASN1Encodable;
import org.bouncycastle.asn1.ASN1ObjectIdentifier;
import org.bouncycastle.asn1.ASN1OctetString;
import org.bouncycastle.asn1.ASN1Primitive;
import org.bouncycastle.asn1.ASN1Sequence;
import org.bouncycastle.asn1.DERBitString;
import org.bouncycastle.asn1.x500.X500Name;
import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
import org.bouncycastle.asn1.x509.CertificateList;
import org.bouncycastle.asn1.x509.Extension;
import org.bouncycastle.asn1.x509.Extensions;
import org.bouncycastle.asn1.x509.GeneralNames;
import org.bouncycastle.asn1.x509.TBSCertList;
import org.bouncycastle.asn1.x509.Time;
import org.bouncycastle.jcajce.CompositePublicKey;
import org.bouncycastle.jcajce.io.OutputStreamFactory;
import org.bouncycastle.jcajce.util.JcaJceHelper;
import org.bouncycastle.jce.X509Principal;
import org.bouncycastle.util.Arrays;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: classes2.dex */
public abstract class e extends X509CRL {

    /* renamed from: a, reason: collision with root package name */
    protected JcaJceHelper f18302a;

    /* renamed from: b, reason: collision with root package name */
    protected CertificateList f18303b;

    /* renamed from: c, reason: collision with root package name */
    protected String f18304c;

    /* renamed from: d, reason: collision with root package name */
    protected byte[] f18305d;

    /* renamed from: e, reason: collision with root package name */
    protected boolean f18306e;

    /* loaded from: classes2.dex */
    class a implements org.bouncycastle.jcajce.provider.asymmetric.x509.c {
        a() {
        }

        @Override // org.bouncycastle.jcajce.provider.asymmetric.x509.c
        public Signature a(String str) throws NoSuchAlgorithmException, NoSuchProviderException {
            try {
                return e.this.f18302a.a(str);
            } catch (Exception unused) {
                return Signature.getInstance(str);
            }
        }
    }

    /* loaded from: classes2.dex */
    class b implements org.bouncycastle.jcajce.provider.asymmetric.x509.c {

        /* renamed from: a, reason: collision with root package name */
        final /* synthetic */ String f18308a;

        b(e eVar, String str) {
            this.f18308a = str;
        }

        @Override // org.bouncycastle.jcajce.provider.asymmetric.x509.c
        public Signature a(String str) throws NoSuchAlgorithmException, NoSuchProviderException {
            String str2 = this.f18308a;
            return str2 != null ? Signature.getInstance(str, str2) : Signature.getInstance(str);
        }
    }

    /* loaded from: classes2.dex */
    class c implements org.bouncycastle.jcajce.provider.asymmetric.x509.c {

        /* renamed from: a, reason: collision with root package name */
        final /* synthetic */ Provider f18309a;

        c(Provider provider) {
            this.f18309a = provider;
        }

        @Override // org.bouncycastle.jcajce.provider.asymmetric.x509.c
        public Signature a(String str) throws NoSuchAlgorithmException, NoSuchProviderException {
            return this.f18309a != null ? Signature.getInstance(e.this.getSigAlgName(), this.f18309a) : Signature.getInstance(e.this.getSigAlgName());
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public e(JcaJceHelper jcaJceHelper, CertificateList certificateList, String str, byte[] bArr, boolean z6) {
        this.f18302a = jcaJceHelper;
        this.f18303b = certificateList;
        this.f18304c = str;
        this.f18305d = bArr;
        this.f18306e = z6;
    }

    private void a(PublicKey publicKey, Signature signature, ASN1Encodable aSN1Encodable, byte[] bArr) throws NoSuchAlgorithmException, SignatureException, InvalidKeyException, CRLException {
        if (aSN1Encodable != null) {
            k.g(signature, aSN1Encodable);
        }
        signature.initVerify(publicKey);
        try {
            BufferedOutputStream bufferedOutputStream = new BufferedOutputStream(OutputStreamFactory.a(signature), 512);
            this.f18303b.o().g(bufferedOutputStream, "DER");
            bufferedOutputStream.close();
            if (!signature.verify(bArr)) {
                throw new SignatureException("CRL does not verify with supplied public key.");
            }
        } catch (IOException e7) {
            throw new CRLException(e7.toString());
        }
    }

    private void b(PublicKey publicKey, org.bouncycastle.jcajce.provider.asymmetric.x509.c cVar) throws CRLException, NoSuchAlgorithmException, InvalidKeyException, SignatureException, NoSuchProviderException {
        if (!this.f18303b.n().equals(this.f18303b.o().n())) {
            throw new CRLException("Signature algorithm on CertificateList does not match TBSCertList.");
        }
        int i7 = 0;
        if ((publicKey instanceof CompositePublicKey) && k.d(this.f18303b.n())) {
            List<PublicKey> a7 = ((CompositePublicKey) publicKey).a();
            ASN1Sequence u6 = ASN1Sequence.u(this.f18303b.n().l());
            ASN1Sequence u7 = ASN1Sequence.u(DERBitString.C(this.f18303b.m()).t());
            boolean z6 = false;
            while (i7 != a7.size()) {
                if (a7.get(i7) != null) {
                    AlgorithmIdentifier j7 = AlgorithmIdentifier.j(u6.w(i7));
                    try {
                        a(a7.get(i7), cVar.a(k.c(j7)), j7.l(), DERBitString.C(u7.w(i7)).t());
                        e = null;
                        z6 = true;
                    } catch (SignatureException e7) {
                        e = e7;
                    }
                    if (e != null) {
                        throw e;
                    }
                }
                i7++;
            }
            if (!z6) {
                throw new InvalidKeyException("no matching key found");
            }
            return;
        }
        if (!k.d(this.f18303b.n())) {
            Signature a8 = cVar.a(getSigAlgName());
            byte[] bArr = this.f18305d;
            if (bArr == null) {
                a(publicKey, a8, null, getSignature());
                return;
            }
            try {
                a(publicKey, a8, ASN1Primitive.p(bArr), getSignature());
                return;
            } catch (IOException e8) {
                throw new SignatureException("cannot decode signature parameters: " + e8.getMessage());
            }
        }
        ASN1Sequence u8 = ASN1Sequence.u(this.f18303b.n().l());
        ASN1Sequence u9 = ASN1Sequence.u(DERBitString.C(this.f18303b.m()).t());
        boolean z7 = false;
        while (i7 != u9.size()) {
            AlgorithmIdentifier j8 = AlgorithmIdentifier.j(u8.w(i7));
            try {
                a(publicKey, cVar.a(k.c(j8)), j8.l(), DERBitString.C(u9.w(i7)).t());
                e = null;
                z7 = true;
            } catch (InvalidKeyException | NoSuchAlgorithmException unused) {
                e = null;
            } catch (SignatureException e9) {
                e = e9;
            }
            if (e != null) {
                throw e;
            }
            i7++;
        }
        if (!z7) {
            throw new InvalidKeyException("no matching key found");
        }
    }

    private Set c(boolean z6) {
        Extensions i7;
        if (getVersion() != 2 || (i7 = this.f18303b.o().i()) == null) {
            return null;
        }
        HashSet hashSet = new HashSet();
        Enumeration l7 = i7.l();
        while (l7.hasMoreElements()) {
            ASN1ObjectIdentifier aSN1ObjectIdentifier = (ASN1ObjectIdentifier) l7.nextElement();
            if (z6 == i7.i(aSN1ObjectIdentifier).n()) {
                hashSet.add(aSN1ObjectIdentifier.x());
            }
        }
        return hashSet;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static byte[] d(CertificateList certificateList, String str) {
        ASN1OctetString e7 = e(certificateList, str);
        if (e7 != null) {
            return e7.v();
        }
        return null;
    }

    protected static ASN1OctetString e(CertificateList certificateList, String str) {
        Extension i7;
        Extensions i8 = certificateList.o().i();
        if (i8 == null || (i7 = i8.i(new ASN1ObjectIdentifier(str))) == null) {
            return null;
        }
        return i7.k();
    }

    private Set h() {
        Extension i7;
        HashSet hashSet = new HashSet();
        Enumeration l7 = this.f18303b.l();
        X500Name x500Name = null;
        while (l7.hasMoreElements()) {
            TBSCertList.CRLEntry cRLEntry = (TBSCertList.CRLEntry) l7.nextElement();
            hashSet.add(new d(cRLEntry, this.f18306e, x500Name));
            if (this.f18306e && cRLEntry.m() && (i7 = cRLEntry.i().i(Extension.f15518n)) != null) {
                x500Name = X500Name.i(GeneralNames.j(i7.m()).l()[0].l());
            }
        }
        return hashSet;
    }

    @Override // java.security.cert.X509Extension
    public Set getCriticalExtensionOIDs() {
        return c(true);
    }

    @Override // java.security.cert.X509Extension
    public byte[] getExtensionValue(String str) {
        ASN1OctetString e7 = e(this.f18303b, str);
        if (e7 == null) {
            return null;
        }
        try {
            return e7.getEncoded();
        } catch (Exception e8) {
            throw new IllegalStateException("error parsing " + e8.toString());
        }
    }

    @Override // java.security.cert.X509CRL
    public Principal getIssuerDN() {
        return new X509Principal(X500Name.i(this.f18303b.j().b()));
    }

    @Override // java.security.cert.X509CRL
    public X500Principal getIssuerX500Principal() {
        try {
            return new X500Principal(this.f18303b.j().getEncoded());
        } catch (IOException unused) {
            throw new IllegalStateException("can't encode issuer DN");
        }
    }

    @Override // java.security.cert.X509CRL
    public Date getNextUpdate() {
        Time k7 = this.f18303b.k();
        if (k7 == null) {
            return null;
        }
        return k7.i();
    }

    @Override // java.security.cert.X509Extension
    public Set getNonCriticalExtensionOIDs() {
        return c(false);
    }

    @Override // java.security.cert.X509CRL
    public X509CRLEntry getRevokedCertificate(BigInteger bigInteger) {
        Extension i7;
        Enumeration l7 = this.f18303b.l();
        X500Name x500Name = null;
        while (l7.hasMoreElements()) {
            TBSCertList.CRLEntry cRLEntry = (TBSCertList.CRLEntry) l7.nextElement();
            if (cRLEntry.l().y(bigInteger)) {
                return new d(cRLEntry, this.f18306e, x500Name);
            }
            if (this.f18306e && cRLEntry.m() && (i7 = cRLEntry.i().i(Extension.f15518n)) != null) {
                x500Name = X500Name.i(GeneralNames.j(i7.m()).l()[0].l());
            }
        }
        return null;
    }

    @Override // java.security.cert.X509CRL
    public Set getRevokedCertificates() {
        Set h7 = h();
        if (h7.isEmpty()) {
            return null;
        }
        return Collections.unmodifiableSet(h7);
    }

    @Override // java.security.cert.X509CRL
    public String getSigAlgName() {
        return this.f18304c;
    }

    @Override // java.security.cert.X509CRL
    public String getSigAlgOID() {
        return this.f18303b.n().i().x();
    }

    @Override // java.security.cert.X509CRL
    public byte[] getSigAlgParams() {
        return Arrays.h(this.f18305d);
    }

    @Override // java.security.cert.X509CRL
    public byte[] getSignature() {
        return this.f18303b.m().x();
    }

    @Override // java.security.cert.X509CRL
    public byte[] getTBSCertList() throws CRLException {
        try {
            return this.f18303b.o().h("DER");
        } catch (IOException e7) {
            throw new CRLException(e7.toString());
        }
    }

    @Override // java.security.cert.X509CRL
    public Date getThisUpdate() {
        return this.f18303b.p().i();
    }

    @Override // java.security.cert.X509CRL
    public int getVersion() {
        return this.f18303b.q();
    }

    @Override // java.security.cert.X509Extension
    public boolean hasUnsupportedCriticalExtension() {
        Set criticalExtensionOIDs = getCriticalExtensionOIDs();
        if (criticalExtensionOIDs == null) {
            return false;
        }
        criticalExtensionOIDs.remove(Extension.f15517m.x());
        criticalExtensionOIDs.remove(Extension.f15516l.x());
        return !criticalExtensionOIDs.isEmpty();
    }

    @Override // java.security.cert.CRL
    public boolean isRevoked(Certificate certificate) {
        X500Name l7;
        Extension i7;
        if (!certificate.getType().equals("X.509")) {
            throw new IllegalArgumentException("X.509 CRL used with non X.509 Cert");
        }
        Enumeration l8 = this.f18303b.l();
        X500Name j7 = this.f18303b.j();
        if (l8.hasMoreElements()) {
            X509Certificate x509Certificate = (X509Certificate) certificate;
            BigInteger serialNumber = x509Certificate.getSerialNumber();
            while (l8.hasMoreElements()) {
                TBSCertList.CRLEntry j8 = TBSCertList.CRLEntry.j(l8.nextElement());
                if (this.f18306e && j8.m() && (i7 = j8.i().i(Extension.f15518n)) != null) {
                    j7 = X500Name.i(GeneralNames.j(i7.m()).l()[0].l());
                }
                if (j8.l().y(serialNumber)) {
                    if (certificate instanceof X509Certificate) {
                        l7 = X500Name.i(x509Certificate.getIssuerX500Principal().getEncoded());
                    } else {
                        try {
                            l7 = org.bouncycastle.asn1.x509.Certificate.j(certificate.getEncoded()).l();
                        } catch (CertificateEncodingException e7) {
                            throw new IllegalArgumentException("Cannot process certificate: " + e7.getMessage());
                        }
                    }
                    return j7.equals(l7);
                }
            }
        }
        return false;
    }

    /*  JADX ERROR: JadxRuntimeException in pass: RegionMakerVisitor
        jadx.core.utils.exceptions.JadxRuntimeException: Can't find top splitter block for handler:B:39:0x0143
        	at jadx.core.utils.BlockUtils.getTopSplitterForHandler(BlockUtils.java:1166)
        	at jadx.core.dex.visitors.regions.RegionMaker.processTryCatchBlocks(RegionMaker.java:1022)
        	at jadx.core.dex.visitors.regions.RegionMakerVisitor.visit(RegionMakerVisitor.java:55)
        */
    @Override // java.security.cert.CRL
    public java.lang.String toString() {
        /*
            Method dump skipped, instructions count: 369
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: org.bouncycastle.jcajce.provider.asymmetric.x509.e.toString():java.lang.String");
    }

    @Override // java.security.cert.X509CRL
    public void verify(PublicKey publicKey) throws CRLException, NoSuchAlgorithmException, InvalidKeyException, NoSuchProviderException, SignatureException {
        b(publicKey, new a());
    }

    @Override // java.security.cert.X509CRL
    public void verify(PublicKey publicKey, String str) throws CRLException, NoSuchAlgorithmException, InvalidKeyException, NoSuchProviderException, SignatureException {
        b(publicKey, new b(this, str));
    }

    @Override // java.security.cert.X509CRL
    public void verify(PublicKey publicKey, Provider provider) throws CRLException, NoSuchAlgorithmException, InvalidKeyException, SignatureException {
        try {
            b(publicKey, new c(provider));
        } catch (NoSuchProviderException e7) {
            throw new NoSuchAlgorithmException("provider issue: " + e7.getMessage());
        }
    }
}
