package f.a.k.o;

import f.a.b.p1;
import f.a.j.j;
import f.a.j.l;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.math.BigInteger;
import java.security.GeneralSecurityException;
import java.security.PublicKey;
import java.security.cert.CRL;
import java.security.cert.CRLException;
import java.security.cert.CertPath;
import java.security.cert.CertPathValidatorException;
import java.security.cert.CertStore;
import java.security.cert.CertStoreException;
import java.security.cert.Certificate;
import java.security.cert.CertificateParsingException;
import java.security.cert.PolicyQualifierInfo;
import java.security.cert.TrustAnchor;
import java.security.cert.X509CRL;
import java.security.cert.X509CRLEntry;
import java.security.cert.X509CRLSelector;
import java.security.cert.X509CertSelector;
import java.security.cert.X509Certificate;
import java.security.cert.X509Extension;
import java.security.interfaces.DSAParams;
import java.security.interfaces.DSAPublicKey;
import java.security.spec.DSAPublicKeySpec;
import java.text.ParseException;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Collections;
import java.util.Date;
import java.util.Enumeration;
import java.util.HashSet;
import java.util.Iterator;
import java.util.LinkedHashSet;
import java.util.List;
import java.util.Map;
import java.util.Set;
import javax.security.auth.x500.X500Principal;

/* loaded from: classes3.dex */
class g {
    protected static final String o = "2.5.29.32.0";
    protected static final int q = 5;
    protected static final int r = 6;

    /* renamed from: a, reason: collision with root package name */
    protected static final c0 f23484a = new c0();

    /* renamed from: b, reason: collision with root package name */
    protected static final String f23485b = f.a.b.b4.y.t.l();

    /* renamed from: c, reason: collision with root package name */
    protected static final String f23486c = f.a.b.b4.y.j.l();

    /* renamed from: d, reason: collision with root package name */
    protected static final String f23487d = f.a.b.b4.y.u.l();

    /* renamed from: e, reason: collision with root package name */
    protected static final String f23488e = f.a.b.b4.y.h.l();

    /* renamed from: f, reason: collision with root package name */
    protected static final String f23489f = f.a.b.b4.y.r.l();
    protected static final String g = f.a.b.b4.y.f19613f.l();
    protected static final String h = f.a.b.b4.y.z.l();
    protected static final String i = f.a.b.b4.y.p.l();
    protected static final String j = f.a.b.b4.y.o.l();
    protected static final String k = f.a.b.b4.y.w.l();
    protected static final String l = f.a.b.b4.y.y.l();
    protected static final String m = f.a.b.b4.y.s.l();
    protected static final String n = f.a.b.b4.y.v.l();
    protected static final String p = f.a.b.b4.y.k.l();
    protected static final String[] s = {"unspecified", "keyCompromise", "cACompromise", "affiliationChanged", "superseded", "cessationOfOperation", "certificateHold", androidx.core.i.d.f2332b, "removeFromCRL", "privilegeWithdrawn", "aACompromise"};

    g() {
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static f.a.b.b4.b a(PublicKey publicKey) throws CertPathValidatorException {
        try {
            return f.a.b.b4.c1.a(new f.a.b.m(publicKey.getEncoded()).readObject()).h();
        } catch (Exception e2) {
            throw new f.a.k.l.b("Subject public key cannot be decoded.", e2);
        }
    }

    private static f.a.b.v a(String str, byte[] bArr) throws a {
        try {
            return new f.a.b.m(((f.a.b.r) new f.a.b.m(bArr).readObject()).l()).readObject();
        } catch (Exception e2) {
            throw new a("exception processing extension " + str, e2);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static f.a.b.v a(X509Extension x509Extension, String str) throws a {
        byte[] extensionValue = x509Extension.getExtensionValue(str);
        if (extensionValue == null) {
            return null;
        }
        return a(str, extensionValue);
    }

    protected static h0 a(int i2, List[] listArr, String str, h0 h0Var) {
        int i3;
        Iterator it = listArr[i2].iterator();
        while (it.hasNext()) {
            h0 h0Var2 = (h0) it.next();
            if (h0Var2.getValidPolicy().equals(str)) {
                ((h0) h0Var2.getParent()).b(h0Var2);
                it.remove();
                for (int i4 = i2 - 1; i4 >= 0; i4--) {
                    List list = listArr[i4];
                    while (i3 < list.size()) {
                        h0 h0Var3 = (h0) list.get(i3);
                        i3 = (h0Var3.b() || (h0Var = a(h0Var, listArr, h0Var3)) != null) ? i3 + 1 : 0;
                    }
                }
            }
        }
        return h0Var;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static h0 a(h0 h0Var, List[] listArr, h0 h0Var2) {
        h0 h0Var3 = (h0) h0Var2.getParent();
        if (h0Var == null) {
            return null;
        }
        if (h0Var3 != null) {
            h0Var3.b(h0Var2);
            a(listArr, h0Var2);
            return h0Var;
        }
        for (int i2 = 0; i2 < listArr.length; i2++) {
            listArr[i2] = new ArrayList();
        }
        return null;
    }

    private static BigInteger a(Object obj) {
        return ((X509Certificate) obj).getSerialNumber();
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static PublicKey a(List list, int i2, f.a.j.r.d dVar) throws CertPathValidatorException {
        DSAPublicKey dSAPublicKey;
        PublicKey publicKey = ((Certificate) list.get(i2)).getPublicKey();
        if (!(publicKey instanceof DSAPublicKey)) {
            return publicKey;
        }
        DSAPublicKey dSAPublicKey2 = (DSAPublicKey) publicKey;
        if (dSAPublicKey2.getParams() != null) {
            return dSAPublicKey2;
        }
        do {
            i2++;
            if (i2 >= list.size()) {
                throw new CertPathValidatorException("DSA parameters cannot be inherited from previous certificate.");
            }
            PublicKey publicKey2 = ((X509Certificate) list.get(i2)).getPublicKey();
            if (!(publicKey2 instanceof DSAPublicKey)) {
                throw new CertPathValidatorException("DSA parameters cannot be inherited from previous certificate.");
            }
            dSAPublicKey = (DSAPublicKey) publicKey2;
        } while (dSAPublicKey.getParams() == null);
        DSAParams params = dSAPublicKey.getParams();
        try {
            return dVar.a("DSA").generatePublic(new DSAPublicKeySpec(dSAPublicKey2.getY(), params.getP(), params.getQ(), params.getG()));
        } catch (Exception e2) {
            throw new RuntimeException(e2.getMessage());
        }
    }

    protected static TrustAnchor a(X509Certificate x509Certificate, Set set) throws a {
        return a(x509Certificate, set, (String) null);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static TrustAnchor a(X509Certificate x509Certificate, Set set, String str) throws a {
        X509CertSelector x509CertSelector = new X509CertSelector();
        f.a.b.a4.d a2 = i0.a((Object) x509Certificate);
        try {
            x509CertSelector.setSubject(a2.getEncoded());
            Iterator it = set.iterator();
            TrustAnchor trustAnchor = null;
            Exception e2 = null;
            PublicKey publicKey = null;
            while (it.hasNext() && trustAnchor == null) {
                trustAnchor = (TrustAnchor) it.next();
                if (trustAnchor.getTrustedCert() != null) {
                    if (x509CertSelector.match(trustAnchor.getTrustedCert())) {
                        publicKey = trustAnchor.getTrustedCert().getPublicKey();
                    }
                    trustAnchor = null;
                } else {
                    if (trustAnchor.getCAName() != null && trustAnchor.getCAPublicKey() != null) {
                        try {
                            if (a2.equals(i0.a(trustAnchor))) {
                                publicKey = trustAnchor.getCAPublicKey();
                            }
                        } catch (IllegalArgumentException unused) {
                        }
                    }
                    trustAnchor = null;
                }
                if (publicKey != null) {
                    try {
                        a(x509Certificate, publicKey, str);
                    } catch (Exception e3) {
                        e2 = e3;
                        trustAnchor = null;
                        publicKey = null;
                    }
                }
            }
            if (trustAnchor != null || e2 == null) {
                return trustAnchor;
            }
            throw new a("TrustAnchor found but certificate validation failed.", e2);
        } catch (IOException e4) {
            throw new a("Cannot set subject search criteria for trust anchor.", e4);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static Collection a(f.a.j.l lVar, List list) throws a {
        LinkedHashSet linkedHashSet = new LinkedHashSet();
        for (Object obj : list) {
            if (obj instanceof f.a.t.n) {
                try {
                    linkedHashSet.addAll(((f.a.t.n) obj).a(lVar));
                } catch (f.a.t.o e2) {
                    throw new a("Problem while picking certificates from X.509 store.", e2);
                }
            } else {
                try {
                    linkedHashSet.addAll(f.a.j.l.a(lVar, (CertStore) obj));
                } catch (CertStoreException e3) {
                    throw new a("Problem while picking certificates from certificate store.", e3);
                }
            }
        }
        return linkedHashSet;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static Collection a(X509Certificate x509Certificate, List<CertStore> list, List<f.a.j.k> list2) throws a {
        byte[] j2;
        X509CertSelector x509CertSelector = new X509CertSelector();
        try {
            x509CertSelector.setSubject(i0.a(x509Certificate).getEncoded());
            try {
                byte[] extensionValue = x509Certificate.getExtensionValue(n);
                if (extensionValue != null && (j2 = f.a.b.b4.i.a(f.a.b.r.a((Object) extensionValue).l()).j()) != null) {
                    x509CertSelector.setSubjectKeyIdentifier(new p1(j2).getEncoded());
                }
            } catch (Exception unused) {
            }
            f.a.j.l<? extends Certificate> a2 = new l.b(x509CertSelector).a();
            LinkedHashSet linkedHashSet = new LinkedHashSet();
            try {
                ArrayList arrayList = new ArrayList();
                arrayList.addAll(a(a2, list));
                arrayList.addAll(a(a2, list2));
                Iterator it = arrayList.iterator();
                while (it.hasNext()) {
                    linkedHashSet.add((X509Certificate) it.next());
                }
                return linkedHashSet;
            } catch (a e2) {
                throw new a("Issuer certificate cannot be searched.", e2);
            }
        } catch (IOException e3) {
            throw new a("Subject criteria for certificate selector to find issuer certificate could not be set.", e3);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static Date a(f.a.j.n nVar) {
        Date e2 = nVar.e();
        return e2 == null ? new Date() : e2;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static Date a(f.a.j.n nVar, CertPath certPath, int i2) throws a {
        if (nVar.l() == 1 && i2 > 0) {
            int i3 = i2 - 1;
            if (i3 == 0) {
                try {
                    byte[] extensionValue = ((X509Certificate) certPath.getCertificates().get(i3)).getExtensionValue(f.a.b.i3.a.f19874e.l());
                    f.a.b.k a2 = extensionValue != null ? f.a.b.k.a((Object) f.a.b.v.a(extensionValue)) : null;
                    if (a2 != null) {
                        try {
                            return a2.l();
                        } catch (ParseException e2) {
                            throw new a("Date from date of cert gen extension could not be parsed.", e2);
                        }
                    }
                } catch (IOException unused) {
                    throw new a("Date of cert gen extension could not be read.");
                } catch (IllegalArgumentException unused2) {
                    throw new a("Date of cert gen extension could not be read.");
                }
            }
            return ((X509Certificate) certPath.getCertificates().get(i3)).getNotBefore();
        }
        return a(nVar);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static List<f.a.j.i> a(f.a.b.b4.k kVar, Map<f.a.b.b4.b0, f.a.j.i> map) throws a {
        if (kVar == null) {
            return Collections.EMPTY_LIST;
        }
        try {
            f.a.b.b4.v[] h2 = kVar.h();
            ArrayList arrayList = new ArrayList();
            for (f.a.b.b4.v vVar : h2) {
                f.a.b.b4.w i2 = vVar.i();
                if (i2 != null && i2.h() == 0) {
                    for (f.a.b.b4.b0 b0Var : f.a.b.b4.c0.a(i2.getName()).h()) {
                        f.a.j.i iVar = map.get(b0Var);
                        if (iVar != null) {
                            arrayList.add(iVar);
                        }
                    }
                }
            }
            return arrayList;
        } catch (Exception e2) {
            throw new a("Distribution points could not be read.", e2);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static List<f.a.j.k> a(byte[] bArr, Map<f.a.b.b4.b0, f.a.j.k> map) throws CertificateParsingException {
        if (bArr == null) {
            return Collections.EMPTY_LIST;
        }
        f.a.b.b4.b0[] h2 = f.a.b.b4.c0.a(f.a.b.r.a((Object) bArr).l()).h();
        ArrayList arrayList = new ArrayList();
        for (int i2 = 0; i2 != h2.length; i2++) {
            f.a.j.k kVar = map.get(h2[i2]);
            if (kVar != null) {
                arrayList.add(kVar);
            }
        }
        return arrayList;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static Set a(f.a.b.b4.v vVar, Object obj, Date date, f.a.j.n nVar) throws a {
        X509CRLSelector x509CRLSelector = new X509CRLSelector();
        try {
            HashSet hashSet = new HashSet();
            hashSet.add(i0.a(obj));
            a(vVar, hashSet, x509CRLSelector);
            if (obj instanceof X509Certificate) {
                x509CRLSelector.setCertificateChecking((X509Certificate) obj);
            }
            f.a.j.j<? extends CRL> a2 = new j.b(x509CRLSelector).a(true).a();
            if (nVar.e() != null) {
                date = nVar.e();
            }
            Set a3 = f23484a.a(a2, date, nVar.c(), nVar.a());
            a(a3, obj);
            return a3;
        } catch (a e2) {
            throw new a("Could not get issuer information from distribution point.", e2);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static final Set a(f.a.b.w wVar) throws CertPathValidatorException {
        HashSet hashSet = new HashSet();
        if (wVar == null) {
            return hashSet;
        }
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        f.a.b.t tVar = new f.a.b.t(byteArrayOutputStream);
        Enumeration l2 = wVar.l();
        while (l2.hasMoreElements()) {
            try {
                tVar.a((f.a.b.f) l2.nextElement());
                hashSet.add(new PolicyQualifierInfo(byteArrayOutputStream.toByteArray()));
                byteArrayOutputStream.reset();
            } catch (IOException e2) {
                throw new f.a.k.l.b("Policy qualifier info cannot be decoded.", e2);
            }
        }
        return hashSet;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static Set a(Date date, X509CRL x509crl, List<CertStore> list, List<f.a.j.i> list2) throws a {
        X509CRLSelector x509CRLSelector = new X509CRLSelector();
        try {
            x509CRLSelector.addIssuerName(i0.a(x509crl).getEncoded());
            try {
                f.a.b.v a2 = a(x509crl, p);
                BigInteger l2 = a2 != null ? f.a.b.n.a((Object) a2).l() : null;
                try {
                    byte[] extensionValue = x509crl.getExtensionValue(i);
                    x509CRLSelector.setMinCRLNumber(l2 != null ? l2.add(BigInteger.valueOf(1L)) : null);
                    j.b bVar = new j.b(x509CRLSelector);
                    bVar.a(extensionValue);
                    bVar.c(true);
                    bVar.a(l2);
                    Set<X509CRL> a3 = f23484a.a(bVar.a(), date, list, list2);
                    HashSet hashSet = new HashSet();
                    for (X509CRL x509crl2 : a3) {
                        if (a(x509crl2)) {
                            hashSet.add(x509crl2);
                        }
                    }
                    return hashSet;
                } catch (Exception e2) {
                    throw new a("Issuing distribution point extension value could not be read.", e2);
                }
            } catch (Exception e3) {
                throw new a("CRL number extension could not be extracted from CRL.", e3);
            }
        } catch (IOException e4) {
            throw new a("Cannot extract issuer from CRL.", e4);
        }
    }

    protected static void a(int i2, List[] listArr, String str, Map map, X509Certificate x509Certificate) throws a, CertPathValidatorException {
        boolean z;
        Iterator it = listArr[i2].iterator();
        while (true) {
            if (!it.hasNext()) {
                z = false;
                break;
            }
            h0 h0Var = (h0) it.next();
            if (h0Var.getValidPolicy().equals(str)) {
                z = true;
                h0Var.f23496c = (Set) map.get(str);
                break;
            }
        }
        if (z) {
            return;
        }
        for (h0 h0Var2 : listArr[i2]) {
            if ("2.5.29.32.0".equals(h0Var2.getValidPolicy())) {
                Set set = null;
                try {
                    Enumeration l2 = f.a.b.w.a((Object) a(x509Certificate, f23485b)).l();
                    while (true) {
                        if (!l2.hasMoreElements()) {
                            break;
                        }
                        try {
                            f.a.b.b4.s0 a2 = f.a.b.b4.s0.a(l2.nextElement());
                            if ("2.5.29.32.0".equals(a2.h().l())) {
                                try {
                                    set = a(a2.i());
                                    break;
                                } catch (CertPathValidatorException e2) {
                                    throw new f.a.k.l.b("Policy qualifier info set could not be built.", e2);
                                }
                            }
                        } catch (Exception e3) {
                            throw new a("Policy information cannot be decoded.", e3);
                        }
                    }
                    Set set2 = set;
                    boolean contains = x509Certificate.getCriticalExtensionOIDs() != null ? x509Certificate.getCriticalExtensionOIDs().contains(f23485b) : false;
                    h0 h0Var3 = (h0) h0Var2.getParent();
                    if ("2.5.29.32.0".equals(h0Var3.getValidPolicy())) {
                        h0 h0Var4 = new h0(new ArrayList(), i2, (Set) map.get(str), h0Var3, set2, str, contains);
                        h0Var3.a(h0Var4);
                        listArr[i2].add(h0Var4);
                        return;
                    }
                    return;
                } catch (Exception e4) {
                    throw new a("Certificate policies cannot be decoded.", e4);
                }
            }
        }
    }

    protected static void a(f.a.b.b4.v vVar, Collection collection, X509CRLSelector x509CRLSelector) throws a {
        ArrayList arrayList = new ArrayList();
        if (vVar.h() != null) {
            f.a.b.b4.b0[] h2 = vVar.h().h();
            for (int i2 = 0; i2 < h2.length; i2++) {
                if (h2[i2].f() == 4) {
                    try {
                        arrayList.add(f.a.b.a4.d.a(h2[i2].getName().b().getEncoded()));
                    } catch (IOException e2) {
                        throw new a("CRL issuer information from distribution point cannot be decoded.", e2);
                    }
                }
            }
        } else {
            if (vVar.i() == null) {
                throw new a("CRL issuer is omitted from distribution point but no distributionPoint field present.");
            }
            Iterator it = collection.iterator();
            while (it.hasNext()) {
                arrayList.add(it.next());
            }
        }
        Iterator it2 = arrayList.iterator();
        while (it2.hasNext()) {
            try {
                x509CRLSelector.addIssuerName(((f.a.b.a4.d) it2.next()).getEncoded());
            } catch (IOException e3) {
                throw new a("Cannot decode CRL issuer information.", e3);
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static void a(X509Certificate x509Certificate, PublicKey publicKey, String str) throws GeneralSecurityException {
        if (str == null) {
            x509Certificate.verify(publicKey);
        } else {
            x509Certificate.verify(publicKey, str);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static void a(Date date, X509CRL x509crl, Object obj, h hVar) throws a {
        X509CRLEntry revokedCertificate;
        try {
            if (o0.a(x509crl)) {
                revokedCertificate = x509crl.getRevokedCertificate(a(obj));
                if (revokedCertificate == null) {
                    return;
                }
                X500Principal certificateIssuer = revokedCertificate.getCertificateIssuer();
                if (!i0.a(obj).equals(certificateIssuer == null ? i0.a(x509crl) : f.a.b.a4.d.a(certificateIssuer.getEncoded()))) {
                    return;
                }
            } else if (!i0.a(obj).equals(i0.a(x509crl)) || (revokedCertificate = x509crl.getRevokedCertificate(a(obj))) == null) {
                return;
            }
            f.a.b.i iVar = null;
            if (revokedCertificate.hasExtensions()) {
                try {
                    iVar = f.a.b.i.a((Object) a(revokedCertificate, f.a.b.b4.y.l.l()));
                } catch (Exception e2) {
                    throw new a("Reason code CRL entry extension could not be decoded.", e2);
                }
            }
            if (date.getTime() >= revokedCertificate.getRevocationDate().getTime() || iVar == null || iVar.l().intValue() == 0 || iVar.l().intValue() == 1 || iVar.l().intValue() == 2 || iVar.l().intValue() == 8) {
                hVar.a(iVar != null ? iVar.l().intValue() : 0);
                hVar.a(revokedCertificate.getRevocationDate());
            }
        } catch (CRLException e3) {
            throw new a("Failed check for indirect CRL.", e3);
        }
    }

    static void a(Set set, Object obj) throws a {
        if (set.isEmpty()) {
            if (obj instanceof f.a.v.p) {
                throw new a("No CRLs found for issuer \"" + ((f.a.v.p) obj).d().a()[0] + "\"");
            }
            throw new a("No CRLs found for issuer \"" + f.a.b.a4.g.e.V.b(i0.a((X509Certificate) obj)) + "\"");
        }
    }

    private static void a(List[] listArr, h0 h0Var) {
        listArr[h0Var.getDepth()].remove(h0Var);
        if (h0Var.b()) {
            Iterator children = h0Var.getChildren();
            while (children.hasNext()) {
                a(listArr, (h0) children.next());
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static boolean a(int i2, List[] listArr, f.a.b.q qVar, Set set) {
        List list = listArr[i2 - 1];
        for (int i3 = 0; i3 < list.size(); i3++) {
            h0 h0Var = (h0) list.get(i3);
            if (h0Var.getExpectedPolicies().contains(qVar.l())) {
                HashSet hashSet = new HashSet();
                hashSet.add(qVar.l());
                h0 h0Var2 = new h0(new ArrayList(), i2, hashSet, h0Var, set, qVar.l(), false);
                h0Var.a(h0Var2);
                listArr[i2].add(h0Var2);
                return true;
            }
        }
        return false;
    }

    private static boolean a(X509CRL x509crl) {
        Set<String> criticalExtensionOIDs = x509crl.getCriticalExtensionOIDs();
        if (criticalExtensionOIDs == null) {
            return false;
        }
        return criticalExtensionOIDs.contains(j0.g);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static boolean a(X509Certificate x509Certificate) {
        return x509Certificate.getSubjectDN().equals(x509Certificate.getIssuerDN());
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static boolean a(Set set) {
        return set == null || set.contains("2.5.29.32.0") || set.isEmpty();
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static void b(int i2, List[] listArr, f.a.b.q qVar, Set set) {
        List list = listArr[i2 - 1];
        for (int i3 = 0; i3 < list.size(); i3++) {
            h0 h0Var = (h0) list.get(i3);
            if ("2.5.29.32.0".equals(h0Var.getValidPolicy())) {
                HashSet hashSet = new HashSet();
                hashSet.add(qVar.l());
                h0 h0Var2 = new h0(new ArrayList(), i2, hashSet, h0Var, set, qVar.l(), false);
                h0Var.a(h0Var2);
                listArr[i2].add(h0Var2);
                return;
            }
        }
    }
}
