package hg;

import java.io.IOException;
import java.security.PublicKey;
import java.security.cert.CRL;
import java.security.cert.CertPathBuilder;
import java.security.cert.CertPathBuilderException;
import java.security.cert.CertPathValidatorException;
import java.security.cert.Certificate;
import java.security.cert.X509CRL;
import java.security.cert.X509CRLSelector;
import java.security.cert.X509CertSelector;
import java.security.cert.X509Certificate;
import java.security.cert.X509Extension;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Date;
import java.util.Enumeration;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Set;
import nc.b0;
import nc.c0;
import nc.i0;
import nc.j;
import nc.k;
import nc.v;
import nc.w;
import nc.y;
import oe.e;
import oe.g;
import oe.h;
import oe.i;
import wa.q;
import wa.r1;
import wa.u;

/* loaded from: classes2.dex */
public class f {

    /* renamed from: a, reason: collision with root package name */
    public static final e f31770a = new e();

    /* renamed from: b, reason: collision with root package name */
    public static final String f31771b = y.H.z();

    /* renamed from: c, reason: collision with root package name */
    public static final String f31772c = y.Q.z();

    /* renamed from: d, reason: collision with root package name */
    public static final String f31773d = y.G.z();

    /* renamed from: e, reason: collision with root package name */
    public static final String f31774e = y.B.z();

    /* renamed from: f, reason: collision with root package name */
    public static final String f31775f = y.N.z();

    /* renamed from: g, reason: collision with root package name */
    public static final int f31776g = 5;

    /* renamed from: h, reason: collision with root package name */
    public static final int f31777h = 6;

    public static void a(v vVar, oe.i iVar, X509Certificate x509Certificate, Date date, X509Certificate x509Certificate2, PublicKey publicKey, c cVar, g gVar, List list, cf.d dVar) throws a, b {
        g gVar2;
        Iterator it;
        Set<String> criticalExtensionOIDs;
        g gVar3 = gVar;
        Date date2 = new Date(System.currentTimeMillis());
        if (date.getTime() > date2.getTime()) {
            throw new a("Validation time is in future.");
        }
        if (iVar.x() != null) {
            date2 = iVar.x();
        }
        Date date3 = date2;
        Iterator it2 = h.k(vVar, x509Certificate, date3, iVar.v(), iVar.t()).iterator();
        boolean z10 = false;
        a e10 = null;
        while (it2.hasNext() && cVar.a() == 11 && !gVar.e()) {
            try {
                X509CRL x509crl = (X509CRL) it2.next();
                g g10 = g(x509crl, vVar);
                if (g10.c(gVar3)) {
                    it = it2;
                    a aVar = e10;
                    try {
                        X509CRL j10 = iVar.K() ? j(h.l(date3, x509crl, iVar.v(), iVar.t()), i(x509crl, h(x509crl, x509Certificate, x509Certificate2, publicKey, iVar, list, dVar))) : null;
                        if (iVar.F() != 1 && x509Certificate.getNotAfter().getTime() < x509crl.getThisUpdate().getTime()) {
                            throw new a("No valid CRL for current time found.");
                            break;
                        }
                        d(vVar, x509Certificate, x509crl);
                        e(vVar, x509Certificate, x509crl);
                        f(j10, x509crl, iVar);
                        k(date, j10, x509Certificate, cVar, iVar);
                        l(date, x509crl, x509Certificate, cVar);
                        if (cVar.a() == 8) {
                            cVar.c(11);
                        }
                        gVar2 = gVar;
                        try {
                            gVar2.a(g10);
                            Set<String> criticalExtensionOIDs2 = x509crl.getCriticalExtensionOIDs();
                            if (criticalExtensionOIDs2 != null) {
                                HashSet hashSet = new HashSet(criticalExtensionOIDs2);
                                hashSet.remove(y.H.z());
                                hashSet.remove(y.G.z());
                                if (!hashSet.isEmpty()) {
                                    throw new a("CRL contains unsupported critical extensions.");
                                }
                            }
                            if (j10 != null && (criticalExtensionOIDs = j10.getCriticalExtensionOIDs()) != null) {
                                HashSet hashSet2 = new HashSet(criticalExtensionOIDs);
                                hashSet2.remove(y.H.z());
                                hashSet2.remove(y.G.z());
                                if (!hashSet2.isEmpty()) {
                                    throw new a("Delta CRL contains unsupported critical extension.");
                                }
                            }
                            gVar3 = gVar2;
                            z10 = true;
                            it2 = it;
                            e10 = aVar;
                        } catch (a e11) {
                            e10 = e11;
                            gVar3 = gVar2;
                            it2 = it;
                        }
                    } catch (a e12) {
                        e10 = e12;
                        gVar2 = gVar;
                    }
                } else {
                    continue;
                }
            } catch (a e13) {
                e10 = e13;
                gVar2 = gVar3;
                it = it2;
            }
        }
        a aVar2 = e10;
        if (!z10) {
            throw aVar2;
        }
    }

    public static Set b(Date date, oe.i iVar, X509Certificate x509Certificate, X509CRL x509crl) throws a {
        HashSet hashSet = new HashSet();
        if (iVar.K()) {
            try {
                q qVar = y.Q;
                k o10 = k.o(h.m(x509Certificate, qVar));
                if (o10 == null) {
                    try {
                        o10 = k.o(h.m(x509crl, qVar));
                    } catch (a e10) {
                        throw new a("Freshest CRL extension could not be decoded from CRL.", e10);
                    }
                }
                if (o10 != null) {
                    ArrayList arrayList = new ArrayList();
                    arrayList.addAll(iVar.t());
                    try {
                        arrayList.addAll(h.g(o10, iVar.z()));
                        try {
                            hashSet.addAll(h.l(date, x509crl, iVar.v(), arrayList));
                        } catch (a e11) {
                            throw new a("Exception obtaining delta CRLs.", e11);
                        }
                    } catch (a e12) {
                        throw new a("No new delta CRL locations could be added from Freshest CRL extension.", e12);
                    }
                }
            } catch (a e13) {
                throw new a("Freshest CRL extension could not be decoded from certificate.", e13);
            }
        }
        return hashSet;
    }

    public static Set[] c(Date date, oe.i iVar, X509Certificate x509Certificate, X509CRL x509crl) throws a {
        HashSet hashSet = new HashSet();
        X509CRLSelector x509CRLSelector = new X509CRLSelector();
        x509CRLSelector.setCertificateChecking(x509Certificate);
        try {
            x509CRLSelector.addIssuerName(x509crl.getIssuerX500Principal().getEncoded());
            oe.e<? extends CRL> g10 = new e.b(x509CRLSelector).h(true).g();
            if (iVar.x() != null) {
                date = iVar.x();
            }
            Set b10 = f31770a.b(g10, date, iVar.v(), iVar.t());
            if (iVar.K()) {
                try {
                    hashSet.addAll(h.l(date, x509crl, iVar.v(), iVar.t()));
                } catch (a e10) {
                    throw new a("Exception obtaining delta CRLs.", e10);
                }
            }
            return new Set[]{b10, hashSet};
        } catch (IOException e11) {
            throw new a("Cannot extract issuer from CRL." + e11, e11);
        }
    }

    public static void d(v vVar, Object obj, X509CRL x509crl) throws a {
        u m10 = h.m(x509crl, y.H);
        boolean z10 = true;
        boolean z11 = m10 != null && i0.p(m10).s();
        byte[] encoded = x509crl.getIssuerX500Principal().getEncoded();
        if (vVar.n() != null) {
            b0[] q10 = vVar.n().q();
            boolean z12 = false;
            for (int i10 = 0; i10 < q10.length; i10++) {
                if (q10[i10].e() == 4) {
                    try {
                        if (org.bouncycastle.util.a.f(q10[i10].p().f().getEncoded(), encoded)) {
                            z12 = true;
                        }
                    } catch (IOException e10) {
                        throw new a("CRL issuer information from distribution point cannot be decoded.", e10);
                    }
                }
            }
            if (z12 && !z11) {
                throw new a("Distribution point contains cRLIssuer field but CRL is not indirect.");
            }
            if (!z12) {
                throw new a("CRL issuer of CRL does not match CRL issuer of distribution point.");
            }
            z10 = z12;
        } else if (!x509crl.getIssuerX500Principal().equals(((X509Certificate) obj).getIssuerX500Principal())) {
            z10 = false;
        }
        if (!z10) {
            throw new a("Cannot find matching CRL issuer for certificate.");
        }
    }

    public static void e(v vVar, Object obj, X509CRL x509crl) throws a {
        b0[] b0VarArr;
        try {
            i0 p10 = i0.p(h.m(x509crl, y.H));
            if (p10 != null) {
                if (p10.o() != null) {
                    w o10 = i0.p(p10).o();
                    ArrayList arrayList = new ArrayList();
                    boolean z10 = false;
                    if (o10.getType() == 0) {
                        for (b0 b0Var : c0.o(o10.p()).q()) {
                            arrayList.add(b0Var);
                        }
                    }
                    if (o10.getType() == 1) {
                        wa.g gVar = new wa.g();
                        try {
                            Enumeration y10 = wa.v.v(x509crl.getIssuerX500Principal().getEncoded()).y();
                            while (y10.hasMoreElements()) {
                                gVar.a((wa.f) y10.nextElement());
                            }
                            gVar.a(o10.p());
                            arrayList.add(new b0(lc.d.o(new r1(gVar))));
                        } catch (Exception e10) {
                            throw new a("Could not read CRL issuer.", e10);
                        }
                    }
                    if (vVar.o() != null) {
                        w o11 = vVar.o();
                        b0[] q10 = o11.getType() == 0 ? c0.o(o11.p()).q() : null;
                        if (o11.getType() == 1) {
                            if (vVar.n() != null) {
                                b0VarArr = vVar.n().q();
                            } else {
                                b0VarArr = new b0[1];
                                try {
                                    b0VarArr[0] = new b0(lc.d.o(((X509Certificate) obj).getIssuerX500Principal().getEncoded()));
                                } catch (Exception e11) {
                                    throw new a("Could not read certificate issuer.", e11);
                                }
                            }
                            q10 = b0VarArr;
                            for (int i10 = 0; i10 < q10.length; i10++) {
                                Enumeration y11 = wa.v.v(q10[i10].p().f()).y();
                                wa.g gVar2 = new wa.g();
                                while (y11.hasMoreElements()) {
                                    gVar2.a((wa.f) y11.nextElement());
                                }
                                gVar2.a(o11.p());
                                q10[i10] = new b0(lc.d.o(new r1(gVar2)));
                            }
                        }
                        if (q10 != null) {
                            int i11 = 0;
                            while (true) {
                                if (i11 >= q10.length) {
                                    break;
                                }
                                if (arrayList.contains(q10[i11])) {
                                    z10 = true;
                                    break;
                                }
                                i11++;
                            }
                        }
                        if (!z10) {
                            throw new a("No match for certificate CRL issuing distribution point name to cRLIssuer CRL distribution point.");
                        }
                    } else {
                        if (vVar.n() == null) {
                            throw new a("Either the cRLIssuer or the distributionPoint field must be contained in DistributionPoint.");
                        }
                        b0[] q11 = vVar.n().q();
                        int i12 = 0;
                        while (true) {
                            if (i12 >= q11.length) {
                                break;
                            }
                            if (arrayList.contains(q11[i12])) {
                                z10 = true;
                                break;
                            }
                            i12++;
                        }
                        if (!z10) {
                            throw new a("No match for certificate CRL issuing distribution point name to cRLIssuer CRL distribution point.");
                        }
                    }
                }
                try {
                    j n10 = j.n(h.m((X509Extension) obj, y.B));
                    if (obj instanceof X509Certificate) {
                        if (p10.v() && n10 != null && n10.q()) {
                            throw new a("CA Cert CRL only contains user certificates.");
                        }
                        if (p10.u() && (n10 == null || !n10.q())) {
                            throw new a("End CRL only contains CA certificates.");
                        }
                    }
                    if (p10.t()) {
                        throw new a("onlyContainsAttributeCerts boolean is asserted.");
                    }
                } catch (Exception e12) {
                    throw new a("Basic constraints extension could not be decoded.", e12);
                }
            }
        } catch (Exception e13) {
            throw new a("Issuing distribution point extension could not be decoded.", e13);
        }
    }

    public static void f(X509CRL x509crl, X509CRL x509crl2, oe.i iVar) throws a {
        if (x509crl == null) {
            return;
        }
        try {
            q qVar = y.H;
            i0 p10 = i0.p(h.m(x509crl2, qVar));
            if (iVar.K()) {
                if (!x509crl.getIssuerX500Principal().equals(x509crl2.getIssuerX500Principal())) {
                    throw new a("complete CRL issuer does not match delta CRL issuer");
                }
                try {
                    i0 p11 = i0.p(h.m(x509crl, qVar));
                    boolean z10 = true;
                    if (p10 != null ? !p10.equals(p11) : p11 != null) {
                        z10 = false;
                    }
                    if (!z10) {
                        throw new a("Issuing distribution point extension from delta CRL and complete CRL does not match.");
                    }
                    try {
                        q qVar2 = y.N;
                        u m10 = h.m(x509crl2, qVar2);
                        try {
                            u m11 = h.m(x509crl, qVar2);
                            if (m10 == null) {
                                throw new a("CRL authority key identifier is null.");
                            }
                            if (m11 == null) {
                                throw new a("Delta CRL authority key identifier is null.");
                            }
                            if (!m10.q(m11)) {
                                throw new a("Delta CRL authority key identifier does not match complete CRL authority key identifier.");
                            }
                        } catch (a e10) {
                            throw new a("Authority key identifier extension could not be extracted from delta CRL.", e10);
                        }
                    } catch (a e11) {
                        throw new a("Authority key identifier extension could not be extracted from complete CRL.", e11);
                    }
                } catch (Exception e12) {
                    throw new a("Issuing distribution point extension from delta CRL could not be decoded.", e12);
                }
            }
        } catch (Exception e13) {
            throw new a("issuing distribution point extension could not be decoded.", e13);
        }
    }

    public static g g(X509CRL x509crl, v vVar) throws a {
        try {
            i0 p10 = i0.p(h.m(x509crl, y.H));
            if (p10 != null && p10.r() != null && vVar.r() != null) {
                return new g(vVar.r()).d(new g(p10.r()));
            }
            if ((p10 == null || p10.r() == null) && vVar.r() == null) {
                return g.f31778b;
            }
            return (vVar.r() == null ? g.f31778b : new g(vVar.r())).d(p10 == null ? g.f31778b : new g(p10.r()));
        } catch (Exception e10) {
            throw new a("Issuing distribution point extension could not be decoded.", e10);
        }
    }

    public static Set h(X509CRL x509crl, Object obj, X509Certificate x509Certificate, PublicKey publicKey, oe.i iVar, List list, cf.d dVar) throws a {
        int i10;
        X509CertSelector x509CertSelector = new X509CertSelector();
        try {
            x509CertSelector.setSubject(x509crl.getIssuerX500Principal().getEncoded());
            oe.g<? extends Certificate> a10 = new g.b(x509CertSelector).a();
            try {
                Collection b10 = h.b(a10, iVar.w());
                b10.addAll(h.b(a10, iVar.v()));
                b10.add(x509Certificate);
                Iterator it = b10.iterator();
                ArrayList arrayList = new ArrayList();
                ArrayList arrayList2 = new ArrayList();
                while (true) {
                    if (!it.hasNext()) {
                        break;
                    }
                    X509Certificate x509Certificate2 = (X509Certificate) it.next();
                    if (x509Certificate2.equals(x509Certificate)) {
                        arrayList.add(x509Certificate2);
                        arrayList2.add(publicKey);
                    } else {
                        try {
                            CertPathBuilder l10 = dVar.l("PKIX");
                            X509CertSelector x509CertSelector2 = new X509CertSelector();
                            x509CertSelector2.setCertificate(x509Certificate2);
                            i.b r10 = new i.b(iVar).r(new g.b(x509CertSelector2).a());
                            if (list.contains(x509Certificate2)) {
                                r10.q(false);
                            } else {
                                r10.q(true);
                            }
                            List<? extends Certificate> certificates = l10.build(new h.b(r10.p()).e()).getCertPath().getCertificates();
                            arrayList.add(x509Certificate2);
                            arrayList2.add(h.p(certificates, 0, dVar));
                        } catch (CertPathBuilderException e10) {
                            throw new a("CertPath for CRL signer failed to validate.", e10);
                        } catch (CertPathValidatorException e11) {
                            throw new a("Public key of issuer certificate of CRL could not be retrieved.", e11);
                        } catch (Exception e12) {
                            throw new a(e12.getMessage());
                        }
                    }
                }
                HashSet hashSet = new HashSet();
                a aVar = null;
                for (i10 = 0; i10 < arrayList.size(); i10++) {
                    boolean[] keyUsage = ((X509Certificate) arrayList.get(i10)).getKeyUsage();
                    if (keyUsage == null || (keyUsage.length >= 7 && keyUsage[6])) {
                        hashSet.add(arrayList2.get(i10));
                    } else {
                        aVar = new a("Issuer certificate key usage extension does not permit CRL signing.");
                    }
                }
                if (hashSet.isEmpty() && aVar == null) {
                    throw new a("Cannot find a valid issuer certificate.");
                }
                if (!hashSet.isEmpty() || aVar == null) {
                    return hashSet;
                }
                throw aVar;
            } catch (a e13) {
                throw new a("Issuer certificate for CRL cannot be searched.", e13);
            }
        } catch (IOException e14) {
            throw new a("subject criteria for certificate selector to find issuer certificate for CRL could not be set", e14);
        }
    }

    public static PublicKey i(X509CRL x509crl, Set set) throws a {
        Iterator it = set.iterator();
        Exception e10 = null;
        while (it.hasNext()) {
            PublicKey publicKey = (PublicKey) it.next();
            try {
                x509crl.verify(publicKey);
                return publicKey;
            } catch (Exception e11) {
                e10 = e11;
            }
        }
        throw new a("Cannot verify CRL.", e10);
    }

    public static X509CRL j(Set set, PublicKey publicKey) throws a {
        Iterator it = set.iterator();
        Exception e10 = null;
        while (it.hasNext()) {
            X509CRL x509crl = (X509CRL) it.next();
            try {
                x509crl.verify(publicKey);
                return x509crl;
            } catch (Exception e11) {
                e10 = e11;
            }
        }
        if (e10 == null) {
            return null;
        }
        throw new a("Cannot verify delta CRL.", e10);
    }

    public static void k(Date date, X509CRL x509crl, Object obj, c cVar, oe.i iVar) throws a {
        if (!iVar.K() || x509crl == null) {
            return;
        }
        h.j(date, x509crl, obj, cVar);
    }

    public static void l(Date date, X509CRL x509crl, Object obj, c cVar) throws a {
        if (cVar.a() == 11) {
            h.j(date, x509crl, obj, cVar);
        }
    }
}
