package org.bouncycastle.jcajce.provider.asymmetric.x509;

import defpackage.ab3;
import defpackage.ada;
import defpackage.db3;
import defpackage.dj4;
import defpackage.eu9;
import defpackage.f1;
import defpackage.f89;
import defpackage.hr;
import defpackage.kpb;
import defpackage.l1;
import defpackage.lc3;
import defpackage.lm1;
import defpackage.mv;
import defpackage.nj;
import defpackage.o1;
import defpackage.o22;
import defpackage.ov0;
import defpackage.p1;
import defpackage.pv0;
import defpackage.s1;
import defpackage.t1;
import defpackage.tka;
import defpackage.uob;
import defpackage.xu5;
import java.io.BufferedOutputStream;
import java.io.IOException;
import java.math.BigInteger;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.Principal;
import java.security.Provider;
import java.security.PublicKey;
import java.security.Signature;
import java.security.SignatureException;
import java.security.cert.CRLException;
import java.security.cert.Certificate;
import java.security.cert.CertificateEncodingException;
import java.security.cert.X509CRL;
import java.security.cert.X509CRLEntry;
import java.security.cert.X509Certificate;
import java.util.Collections;
import java.util.Date;
import java.util.Enumeration;
import java.util.HashSet;
import java.util.List;
import java.util.Set;
import javax.security.auth.x500.X500Principal;

/* loaded from: classes10.dex */
abstract class X509CRLImpl extends X509CRL {
    public xu5 bcHelper;
    public pv0 c;
    public boolean isIndirect;
    public String sigAlgName;
    public byte[] sigAlgParams;

    public X509CRLImpl(xu5 xu5Var, pv0 pv0Var, String str, byte[] bArr, boolean z) {
        this.bcHelper = xu5Var;
        this.c = pv0Var;
        this.sigAlgName = str;
        this.sigAlgParams = bArr;
        this.isIndirect = z;
    }

    private void checkSignature(PublicKey publicKey, Signature signature, f1 f1Var, byte[] bArr) throws NoSuchAlgorithmException, SignatureException, InvalidKeyException, CRLException {
        if (f1Var != null) {
            X509SignatureUtil.setSignatureParameters(signature, f1Var);
        }
        signature.initVerify(publicKey);
        try {
            BufferedOutputStream bufferedOutputStream = new BufferedOutputStream(new eu9(signature), 512);
            this.c.b.b(bufferedOutputStream, "DER");
            bufferedOutputStream.close();
            if (!signature.verify(bArr)) {
                throw new SignatureException("CRL does not verify with supplied public key.");
            }
        } catch (IOException e) {
            throw new CRLException(e.toString());
        }
    }

    private void doVerify(PublicKey publicKey, SignatureCreator signatureCreator) throws CRLException, NoSuchAlgorithmException, InvalidKeyException, SignatureException, NoSuchProviderException {
        pv0 pv0Var = this.c;
        if (!pv0Var.c.equals(pv0Var.b.c)) {
            throw new CRLException("Signature algorithm on CertificateList does not match TBSCertList.");
        }
        int i = 0;
        if ((publicKey instanceof lm1) && X509SignatureUtil.isCompositeAlgorithm(this.c.c)) {
            List<PublicKey> list = ((lm1) publicKey).b;
            t1 s = t1.s(this.c.c.c);
            t1 s2 = t1.s(o22.u(this.c.f16206d).r());
            boolean z = false;
            while (i != list.size()) {
                if (list.get(i) != null) {
                    nj d2 = nj.d(s.t(i));
                    try {
                        checkSignature(list.get(i), signatureCreator.createSignature(X509SignatureUtil.getSignatureName(d2)), d2.c, o22.u(s2.t(i)).r());
                        z = true;
                        e = null;
                    } catch (SignatureException e) {
                        e = e;
                    }
                    if (e != null) {
                        throw e;
                    }
                }
                i++;
            }
            if (!z) {
                throw new InvalidKeyException("no matching key found");
            }
            return;
        }
        if (!X509SignatureUtil.isCompositeAlgorithm(this.c.c)) {
            Signature createSignature = signatureCreator.createSignature(getSigAlgName());
            byte[] bArr = this.sigAlgParams;
            if (bArr == null) {
                checkSignature(publicKey, createSignature, null, getSignature());
                return;
            }
            try {
                checkSignature(publicKey, createSignature, s1.n(bArr), getSignature());
                return;
            } catch (IOException e2) {
                throw new SignatureException(lc3.h(e2, hr.d("cannot decode signature parameters: ")));
            }
        }
        t1 s3 = t1.s(this.c.c.c);
        t1 s4 = t1.s(o22.u(this.c.f16206d).r());
        boolean z2 = false;
        while (i != s4.size()) {
            nj d3 = nj.d(s3.t(i));
            try {
                checkSignature(publicKey, signatureCreator.createSignature(X509SignatureUtil.getSignatureName(d3)), d3.c, o22.u(s4.t(i)).r());
                z2 = true;
            } catch (InvalidKeyException | NoSuchAlgorithmException unused) {
            } catch (SignatureException e3) {
                e = e3;
            }
            e = null;
            if (e != null) {
                throw e;
            }
            i++;
        }
        if (!z2) {
            throw new InvalidKeyException("no matching key found");
        }
    }

    private Set getExtensionOIDs(boolean z) {
        db3 db3Var;
        if (getVersion() != 2 || (db3Var = this.c.b.h) == null) {
            return null;
        }
        HashSet hashSet = new HashSet();
        Enumeration k = db3Var.k();
        while (k.hasMoreElements()) {
            o1 o1Var = (o1) k.nextElement();
            if (z == db3Var.d(o1Var).c) {
                hashSet.add(o1Var.b);
            }
        }
        return hashSet;
    }

    public static byte[] getExtensionOctets(pv0 pv0Var, String str) {
        p1 extensionValue = getExtensionValue(pv0Var, str);
        if (extensionValue != null) {
            return extensionValue.b;
        }
        return null;
    }

    public static p1 getExtensionValue(pv0 pv0Var, String str) {
        db3 db3Var = pv0Var.b.h;
        if (db3Var == null) {
            return null;
        }
        ab3 ab3Var = (ab3) db3Var.b.get(new o1(str));
        if (ab3Var != null) {
            return ab3Var.f152d;
        }
        return null;
    }

    private Set loadCRLEntries() {
        ab3 d2;
        HashSet hashSet = new HashSet();
        Enumeration k = this.c.k();
        uob uobVar = null;
        while (k.hasMoreElements()) {
            ada.b bVar = (ada.b) k.nextElement();
            hashSet.add(new X509CRLEntryObject(bVar, this.isIndirect, uobVar));
            if (this.isIndirect && bVar.n() && (d2 = bVar.k().d(ab3.m)) != null) {
                uobVar = uob.h(dj4.d(d2.k()).k()[0].b);
            }
        }
        return hashSet;
    }

    @Override // java.security.cert.X509Extension
    public Set getCriticalExtensionOIDs() {
        return getExtensionOIDs(true);
    }

    @Override // java.security.cert.X509CRL
    public byte[] getEncoded() throws CRLException {
        try {
            return this.c.c("DER");
        } catch (IOException e) {
            throw new CRLException(e.toString());
        }
    }

    @Override // java.security.cert.X509Extension
    public byte[] getExtensionValue(String str) {
        p1 extensionValue = getExtensionValue(this.c, str);
        if (extensionValue == null) {
            return null;
        }
        try {
            return extensionValue.getEncoded();
        } catch (Exception e) {
            throw new IllegalStateException(f89.a(e, hr.d("error parsing ")));
        }
    }

    @Override // java.security.cert.X509CRL
    public Principal getIssuerDN() {
        return new kpb(uob.h(this.c.b.f175d.f));
    }

    @Override // java.security.cert.X509CRL
    public X500Principal getIssuerX500Principal() {
        try {
            return new X500Principal(this.c.b.f175d.getEncoded());
        } catch (IOException unused) {
            throw new IllegalStateException("can't encode issuer DN");
        }
    }

    @Override // java.security.cert.X509CRL
    public Date getNextUpdate() {
        tka tkaVar = this.c.b.f;
        if (tkaVar == null) {
            return null;
        }
        return tkaVar.k();
    }

    @Override // java.security.cert.X509Extension
    public Set getNonCriticalExtensionOIDs() {
        return getExtensionOIDs(false);
    }

    @Override // java.security.cert.X509CRL
    public X509CRLEntry getRevokedCertificate(BigInteger bigInteger) {
        ab3 d2;
        Enumeration k = this.c.k();
        uob uobVar = null;
        while (k.hasMoreElements()) {
            ada.b bVar = (ada.b) k.nextElement();
            if (bVar.m().v(bigInteger)) {
                return new X509CRLEntryObject(bVar, this.isIndirect, uobVar);
            }
            if (this.isIndirect && bVar.n() && (d2 = bVar.k().d(ab3.m)) != null) {
                uobVar = uob.h(dj4.d(d2.k()).k()[0].b);
            }
        }
        return null;
    }

    @Override // java.security.cert.X509CRL
    public Set getRevokedCertificates() {
        Set loadCRLEntries = loadCRLEntries();
        if (loadCRLEntries.isEmpty()) {
            return null;
        }
        return Collections.unmodifiableSet(loadCRLEntries);
    }

    @Override // java.security.cert.X509CRL
    public String getSigAlgName() {
        return this.sigAlgName;
    }

    @Override // java.security.cert.X509CRL
    public String getSigAlgOID() {
        return this.c.c.b.b;
    }

    @Override // java.security.cert.X509CRL
    public byte[] getSigAlgParams() {
        return mv.c(this.sigAlgParams);
    }

    @Override // java.security.cert.X509CRL
    public byte[] getSignature() {
        return this.c.f16206d.s();
    }

    @Override // java.security.cert.X509CRL
    public byte[] getTBSCertList() throws CRLException {
        try {
            return this.c.b.c("DER");
        } catch (IOException e) {
            throw new CRLException(e.toString());
        }
    }

    @Override // java.security.cert.X509CRL
    public Date getThisUpdate() {
        return this.c.b.e.k();
    }

    @Override // java.security.cert.X509CRL
    public int getVersion() {
        l1 l1Var = this.c.b.b;
        if (l1Var == null) {
            return 1;
        }
        return 1 + l1Var.y();
    }

    @Override // java.security.cert.X509Extension
    public boolean hasUnsupportedCriticalExtension() {
        Set criticalExtensionOIDs = getCriticalExtensionOIDs();
        if (criticalExtensionOIDs == null) {
            return false;
        }
        criticalExtensionOIDs.remove(ab3.l.b);
        criticalExtensionOIDs.remove(ab3.k.b);
        return !criticalExtensionOIDs.isEmpty();
    }

    @Override // java.security.cert.CRL
    public boolean isRevoked(Certificate certificate) {
        uob uobVar;
        ab3 d2;
        if (!certificate.getType().equals("X.509")) {
            throw new IllegalArgumentException("X.509 CRL used with non X.509 Cert");
        }
        Enumeration k = this.c.k();
        uob uobVar2 = this.c.b.f175d;
        if (k.hasMoreElements()) {
            X509Certificate x509Certificate = (X509Certificate) certificate;
            BigInteger serialNumber = x509Certificate.getSerialNumber();
            while (k.hasMoreElements()) {
                ada.b l = ada.b.l(k.nextElement());
                if (this.isIndirect && l.n() && (d2 = l.k().d(ab3.m)) != null) {
                    uobVar2 = uob.h(dj4.d(d2.k()).k()[0].b);
                }
                if (l.m().v(serialNumber)) {
                    if (certificate instanceof X509Certificate) {
                        uobVar = uob.h(x509Certificate.getIssuerX500Principal().getEncoded());
                    } else {
                        try {
                            uobVar = ov0.d(certificate.getEncoded()).c.f;
                        } catch (CertificateEncodingException e) {
                            StringBuilder d3 = hr.d("Cannot process certificate: ");
                            d3.append(e.getMessage());
                            throw new IllegalArgumentException(d3.toString());
                        }
                    }
                    return uobVar2.equals(uobVar);
                }
            }
        }
        return false;
    }

    /*  JADX ERROR: JadxRuntimeException in pass: RegionMakerVisitor
        jadx.core.utils.exceptions.JadxRuntimeException: Can't find top splitter block for handler:B:39:0x0131
        	at jadx.core.utils.BlockUtils.getTopSplitterForHandler(BlockUtils.java:1166)
        	at jadx.core.dex.visitors.regions.RegionMaker.processTryCatchBlocks(RegionMaker.java:1022)
        	at jadx.core.dex.visitors.regions.RegionMakerVisitor.visit(RegionMakerVisitor.java:55)
        */
    @Override // java.security.cert.CRL
    public java.lang.String toString() {
        /*
            Method dump skipped, instructions count: 349
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: org.bouncycastle.jcajce.provider.asymmetric.x509.X509CRLImpl.toString():java.lang.String");
    }

    @Override // java.security.cert.X509CRL
    public void verify(PublicKey publicKey) throws CRLException, NoSuchAlgorithmException, InvalidKeyException, NoSuchProviderException, SignatureException {
        doVerify(publicKey, new SignatureCreator() { // from class: org.bouncycastle.jcajce.provider.asymmetric.x509.X509CRLImpl.1
            @Override // org.bouncycastle.jcajce.provider.asymmetric.x509.SignatureCreator
            public Signature createSignature(String str) throws NoSuchAlgorithmException, NoSuchProviderException {
                try {
                    return X509CRLImpl.this.bcHelper.createSignature(str);
                } catch (Exception unused) {
                    return Signature.getInstance(str);
                }
            }
        });
    }

    @Override // java.security.cert.X509CRL
    public void verify(PublicKey publicKey, final String str) throws CRLException, NoSuchAlgorithmException, InvalidKeyException, NoSuchProviderException, SignatureException {
        doVerify(publicKey, new SignatureCreator() { // from class: org.bouncycastle.jcajce.provider.asymmetric.x509.X509CRLImpl.2
            @Override // org.bouncycastle.jcajce.provider.asymmetric.x509.SignatureCreator
            public Signature createSignature(String str2) throws NoSuchAlgorithmException, NoSuchProviderException {
                String str3 = str;
                return str3 != null ? Signature.getInstance(str2, str3) : Signature.getInstance(str2);
            }
        });
    }

    @Override // java.security.cert.X509CRL
    public void verify(PublicKey publicKey, final Provider provider) throws CRLException, NoSuchAlgorithmException, InvalidKeyException, SignatureException {
        try {
            doVerify(publicKey, new SignatureCreator() { // from class: org.bouncycastle.jcajce.provider.asymmetric.x509.X509CRLImpl.3
                @Override // org.bouncycastle.jcajce.provider.asymmetric.x509.SignatureCreator
                public Signature createSignature(String str) throws NoSuchAlgorithmException, NoSuchProviderException {
                    return provider != null ? Signature.getInstance(X509CRLImpl.this.getSigAlgName(), provider) : Signature.getInstance(X509CRLImpl.this.getSigAlgName());
                }
            });
        } catch (NoSuchProviderException e) {
            StringBuilder d2 = hr.d("provider issue: ");
            d2.append(e.getMessage());
            throw new NoSuchAlgorithmException(d2.toString());
        }
    }
}
