package org.bouncycastle.jcajce.provider.asymmetric.x509;

import androidx.activity.result.d;
import androidx.appcompat.widget.x0;
import java.io.BufferedOutputStream;
import java.io.IOException;
import java.math.BigInteger;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.Principal;
import java.security.Provider;
import java.security.PublicKey;
import java.security.Signature;
import java.security.SignatureException;
import java.security.cert.CRLException;
import java.security.cert.Certificate;
import java.security.cert.CertificateEncodingException;
import java.security.cert.X509CRL;
import java.security.cert.X509CRLEntry;
import java.security.cert.X509Certificate;
import java.util.Collections;
import java.util.Date;
import java.util.Enumeration;
import java.util.HashSet;
import java.util.List;
import java.util.Set;
import javax.security.auth.x500.X500Principal;
import org.bouncycastle.asn1.ASN1Encodable;
import org.bouncycastle.asn1.ASN1Encoding;
import org.bouncycastle.asn1.ASN1ObjectIdentifier;
import org.bouncycastle.asn1.ASN1OctetString;
import org.bouncycastle.asn1.ASN1OutputStream;
import org.bouncycastle.asn1.ASN1Primitive;
import org.bouncycastle.asn1.ASN1Sequence;
import org.bouncycastle.asn1.DERBitString;
import org.bouncycastle.asn1.misc.MiscObjectIdentifiers;
import org.bouncycastle.asn1.x500.X500Name;
import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
import org.bouncycastle.asn1.x509.CertificateList;
import org.bouncycastle.asn1.x509.Extension;
import org.bouncycastle.asn1.x509.Extensions;
import org.bouncycastle.asn1.x509.GeneralNames;
import org.bouncycastle.asn1.x509.TBSCertList;
import org.bouncycastle.asn1.x509.Time;
import org.bouncycastle.jcajce.CompositePublicKey;
import org.bouncycastle.jcajce.io.OutputStreamFactory;
import org.bouncycastle.jcajce.util.JcaJceHelper;
import org.bouncycastle.jce.X509Principal;
import org.bouncycastle.util.Arrays;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: classes2.dex */
public abstract class X509CRLImpl extends X509CRL {
    protected JcaJceHelper bcHelper;

    /* renamed from: c, reason: collision with root package name */
    protected CertificateList f8559c;
    protected boolean isIndirect;
    protected String sigAlgName;
    protected byte[] sigAlgParams;

    public X509CRLImpl(JcaJceHelper jcaJceHelper, CertificateList certificateList, String str, byte[] bArr, boolean z5) {
        this.bcHelper = jcaJceHelper;
        this.f8559c = certificateList;
        this.sigAlgName = str;
        this.sigAlgParams = bArr;
        this.isIndirect = z5;
    }

    public final void a(PublicKey publicKey, Signature signature, ASN1Encodable aSN1Encodable, byte[] bArr) throws NoSuchAlgorithmException, SignatureException, InvalidKeyException, CRLException {
        if (aSN1Encodable != null) {
            X509SignatureUtil.e(signature, aSN1Encodable);
        }
        signature.initVerify(publicKey);
        try {
            BufferedOutputStream bufferedOutputStream = new BufferedOutputStream(OutputStreamFactory.a(signature), 512);
            TBSCertList q10 = this.f8559c.q();
            q10.getClass();
            ASN1OutputStream.b(bufferedOutputStream, ASN1Encoding.DER).l(q10);
            bufferedOutputStream.close();
            if (!signature.verify(bArr)) {
                throw new SignatureException("CRL does not verify with supplied public key.");
            }
        } catch (IOException e10) {
            throw new CRLException(e10.toString());
        }
    }

    public final void b(PublicKey publicKey, SignatureCreator signatureCreator) throws CRLException, NoSuchAlgorithmException, InvalidKeyException, SignatureException, NoSuchProviderException {
        if (!this.f8559c.p().equals(this.f8559c.q().l())) {
            throw new CRLException("Signature algorithm on CertificateList does not match TBSCertList.");
        }
        int i5 = 0;
        if (publicKey instanceof CompositePublicKey) {
            AlgorithmIdentifier p10 = this.f8559c.p();
            int i10 = X509SignatureUtil.f8561a;
            if (MiscObjectIdentifiers.id_alg_composite.o(p10.h())) {
                List<PublicKey> a10 = ((CompositePublicKey) publicKey).a();
                ASN1Sequence v10 = ASN1Sequence.v(this.f8559c.p().m());
                ASN1Sequence v11 = ASN1Sequence.v(DERBitString.z(this.f8559c.o()).v());
                boolean z5 = false;
                while (i5 != a10.size()) {
                    if (a10.get(i5) != null) {
                        AlgorithmIdentifier l10 = AlgorithmIdentifier.l(v10.x(i5));
                        try {
                            a(a10.get(i5), signatureCreator.a(X509SignatureUtil.b(l10)), l10.m(), DERBitString.z(v11.x(i5)).v());
                            z5 = true;
                            e = null;
                        } catch (SignatureException e10) {
                            e = e10;
                        }
                        if (e != null) {
                            throw e;
                        }
                    }
                    i5++;
                }
                if (!z5) {
                    throw new InvalidKeyException("no matching key found");
                }
                return;
            }
        }
        AlgorithmIdentifier p11 = this.f8559c.p();
        int i11 = X509SignatureUtil.f8561a;
        if (!MiscObjectIdentifiers.id_alg_composite.o(p11.h())) {
            Signature a11 = signatureCreator.a(getSigAlgName());
            byte[] bArr = this.sigAlgParams;
            if (bArr == null) {
                a(publicKey, a11, null, getSignature());
                return;
            }
            try {
                a(publicKey, a11, ASN1Primitive.p(bArr), getSignature());
                return;
            } catch (IOException e11) {
                throw new SignatureException(x0.e(e11, new StringBuilder("cannot decode signature parameters: ")));
            }
        }
        ASN1Sequence v12 = ASN1Sequence.v(this.f8559c.p().m());
        ASN1Sequence v13 = ASN1Sequence.v(DERBitString.z(this.f8559c.o()).v());
        boolean z10 = false;
        while (i5 != v13.size()) {
            AlgorithmIdentifier l11 = AlgorithmIdentifier.l(v12.x(i5));
            try {
                a(publicKey, signatureCreator.a(X509SignatureUtil.b(l11)), l11.m(), DERBitString.z(v13.x(i5)).v());
                z10 = true;
            } catch (InvalidKeyException | NoSuchAlgorithmException unused) {
            } catch (SignatureException e12) {
                e = e12;
            }
            e = null;
            if (e != null) {
                throw e;
            }
            i5++;
        }
        if (!z10) {
            throw new InvalidKeyException("no matching key found");
        }
    }

    public final HashSet c(boolean z5) {
        Extensions h10;
        if (getVersion() != 2 || (h10 = this.f8559c.q().h()) == null) {
            return null;
        }
        HashSet hashSet = new HashSet();
        Enumeration m10 = h10.m();
        while (m10.hasMoreElements()) {
            ASN1ObjectIdentifier aSN1ObjectIdentifier = (ASN1ObjectIdentifier) m10.nextElement();
            if (z5 == h10.h(aSN1ObjectIdentifier).n()) {
                hashSet.add(aSN1ObjectIdentifier.y());
            }
        }
        return hashSet;
    }

    @Override // java.security.cert.X509Extension
    public final Set getCriticalExtensionOIDs() {
        return c(true);
    }

    @Override // java.security.cert.X509Extension
    public final byte[] getExtensionValue(String str) {
        Extension h10;
        Extensions h11 = this.f8559c.q().h();
        ASN1OctetString l10 = (h11 == null || (h10 = h11.h(new ASN1ObjectIdentifier(str))) == null) ? null : h10.l();
        if (l10 == null) {
            return null;
        }
        try {
            return l10.getEncoded();
        } catch (Exception e10) {
            throw new IllegalStateException(d.e(e10, new StringBuilder("error parsing ")));
        }
    }

    @Override // java.security.cert.X509CRL
    public final Principal getIssuerDN() {
        return new X509Principal(X500Name.h(this.f8559c.l().b()));
    }

    @Override // java.security.cert.X509CRL
    public final X500Principal getIssuerX500Principal() {
        try {
            return new X500Principal(this.f8559c.l().getEncoded());
        } catch (IOException unused) {
            throw new IllegalStateException("can't encode issuer DN");
        }
    }

    @Override // java.security.cert.X509CRL
    public final Date getNextUpdate() {
        Time m10 = this.f8559c.m();
        if (m10 == null) {
            return null;
        }
        return m10.h();
    }

    @Override // java.security.cert.X509Extension
    public final Set getNonCriticalExtensionOIDs() {
        return c(false);
    }

    @Override // java.security.cert.X509CRL
    public final X509CRLEntry getRevokedCertificate(BigInteger bigInteger) {
        Extension h10;
        Enumeration n = this.f8559c.n();
        X500Name x500Name = null;
        while (n.hasMoreElements()) {
            TBSCertList.CRLEntry cRLEntry = (TBSCertList.CRLEntry) n.nextElement();
            if (cRLEntry.n().B(bigInteger)) {
                return new X509CRLEntryObject(cRLEntry, this.isIndirect, x500Name);
            }
            if (this.isIndirect && cRLEntry.o() && (h10 = cRLEntry.h().h(Extension.certificateIssuer)) != null) {
                x500Name = X500Name.h(GeneralNames.h(h10.m()).l()[0].l());
            }
        }
        return null;
    }

    @Override // java.security.cert.X509CRL
    public final Set getRevokedCertificates() {
        Extension h10;
        HashSet hashSet = new HashSet();
        Enumeration n = this.f8559c.n();
        X500Name x500Name = null;
        while (n.hasMoreElements()) {
            TBSCertList.CRLEntry cRLEntry = (TBSCertList.CRLEntry) n.nextElement();
            hashSet.add(new X509CRLEntryObject(cRLEntry, this.isIndirect, x500Name));
            if (this.isIndirect && cRLEntry.o() && (h10 = cRLEntry.h().h(Extension.certificateIssuer)) != null) {
                x500Name = X500Name.h(GeneralNames.h(h10.m()).l()[0].l());
            }
        }
        if (hashSet.isEmpty()) {
            return null;
        }
        return Collections.unmodifiableSet(hashSet);
    }

    @Override // java.security.cert.X509CRL
    public final String getSigAlgName() {
        return this.sigAlgName;
    }

    @Override // java.security.cert.X509CRL
    public final String getSigAlgOID() {
        return this.f8559c.p().h().y();
    }

    @Override // java.security.cert.X509CRL
    public final byte[] getSigAlgParams() {
        return Arrays.b(this.sigAlgParams);
    }

    @Override // java.security.cert.X509CRL
    public final byte[] getSignature() {
        return this.f8559c.o().w();
    }

    @Override // java.security.cert.X509CRL
    public final byte[] getTBSCertList() throws CRLException {
        try {
            return this.f8559c.q().g(ASN1Encoding.DER);
        } catch (IOException e10) {
            throw new CRLException(e10.toString());
        }
    }

    @Override // java.security.cert.X509CRL
    public final Date getThisUpdate() {
        return this.f8559c.r().h();
    }

    @Override // java.security.cert.X509CRL
    public final int getVersion() {
        return this.f8559c.u();
    }

    @Override // java.security.cert.X509Extension
    public final boolean hasUnsupportedCriticalExtension() {
        Set criticalExtensionOIDs = getCriticalExtensionOIDs();
        if (criticalExtensionOIDs == null) {
            return false;
        }
        criticalExtensionOIDs.remove(Extension.issuingDistributionPoint.y());
        criticalExtensionOIDs.remove(Extension.deltaCRLIndicator.y());
        return !criticalExtensionOIDs.isEmpty();
    }

    @Override // java.security.cert.CRL
    public final boolean isRevoked(Certificate certificate) {
        X500Name m10;
        Extension h10;
        if (!certificate.getType().equals("X.509")) {
            throw new IllegalArgumentException("X.509 CRL used with non X.509 Cert");
        }
        Enumeration n = this.f8559c.n();
        X500Name l10 = this.f8559c.l();
        if (n.hasMoreElements()) {
            X509Certificate x509Certificate = (X509Certificate) certificate;
            BigInteger serialNumber = x509Certificate.getSerialNumber();
            while (n.hasMoreElements()) {
                TBSCertList.CRLEntry l11 = TBSCertList.CRLEntry.l(n.nextElement());
                if (this.isIndirect && l11.o() && (h10 = l11.h().h(Extension.certificateIssuer)) != null) {
                    l10 = X500Name.h(GeneralNames.h(h10.m()).l()[0].l());
                }
                if (l11.n().B(serialNumber)) {
                    if (certificate instanceof X509Certificate) {
                        m10 = X500Name.h(x509Certificate.getIssuerX500Principal().getEncoded());
                    } else {
                        try {
                            m10 = org.bouncycastle.asn1.x509.Certificate.l(certificate.getEncoded()).m();
                        } catch (CertificateEncodingException e10) {
                            throw new IllegalArgumentException("Cannot process certificate: " + e10.getMessage());
                        }
                    }
                    return l10.equals(m10);
                }
            }
        }
        return false;
    }

    /*  JADX ERROR: JadxRuntimeException in pass: RegionMakerVisitor
        jadx.core.utils.exceptions.JadxRuntimeException: Can't find top splitter block for handler:B:37:0x013c
        	at jadx.core.utils.BlockUtils.getTopSplitterForHandler(BlockUtils.java:1166)
        	at jadx.core.dex.visitors.regions.RegionMaker.processTryCatchBlocks(RegionMaker.java:1022)
        	at jadx.core.dex.visitors.regions.RegionMakerVisitor.visit(RegionMakerVisitor.java:55)
        */
    /* JADX WARN: Removed duplicated region for block: B:11:0x0080  */
    /* JADX WARN: Unsupported multi-entry loop pattern (BACK_EDGE: B:11:0x008e -> B:7:0x0151). Please report as a decompilation issue!!! */
    @Override // java.security.cert.CRL
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public final java.lang.String toString() {
        /*
            Method dump skipped, instructions count: 375
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: org.bouncycastle.jcajce.provider.asymmetric.x509.X509CRLImpl.toString():java.lang.String");
    }

    @Override // java.security.cert.X509CRL
    public final void verify(PublicKey publicKey) throws CRLException, NoSuchAlgorithmException, InvalidKeyException, NoSuchProviderException, SignatureException {
        b(publicKey, new SignatureCreator() { // from class: org.bouncycastle.jcajce.provider.asymmetric.x509.X509CRLImpl.1
            @Override // org.bouncycastle.jcajce.provider.asymmetric.x509.SignatureCreator
            public final Signature a(String str) throws NoSuchAlgorithmException, NoSuchProviderException {
                try {
                    return X509CRLImpl.this.bcHelper.a(str);
                } catch (Exception unused) {
                    return Signature.getInstance(str);
                }
            }
        });
    }

    @Override // java.security.cert.X509CRL
    public final void verify(PublicKey publicKey, final String str) throws CRLException, NoSuchAlgorithmException, InvalidKeyException, NoSuchProviderException, SignatureException {
        b(publicKey, new SignatureCreator() { // from class: org.bouncycastle.jcajce.provider.asymmetric.x509.X509CRLImpl.2
            @Override // org.bouncycastle.jcajce.provider.asymmetric.x509.SignatureCreator
            public final Signature a(String str2) throws NoSuchAlgorithmException, NoSuchProviderException {
                String str3 = str;
                return str3 != null ? Signature.getInstance(str2, str3) : Signature.getInstance(str2);
            }
        });
    }

    @Override // java.security.cert.X509CRL
    public final void verify(PublicKey publicKey, final Provider provider) throws CRLException, NoSuchAlgorithmException, InvalidKeyException, SignatureException {
        try {
            b(publicKey, new SignatureCreator() { // from class: org.bouncycastle.jcajce.provider.asymmetric.x509.X509CRLImpl.3
                @Override // org.bouncycastle.jcajce.provider.asymmetric.x509.SignatureCreator
                public final Signature a(String str) throws NoSuchAlgorithmException, NoSuchProviderException {
                    return provider != null ? Signature.getInstance(X509CRLImpl.this.getSigAlgName(), provider) : Signature.getInstance(X509CRLImpl.this.getSigAlgName());
                }
            });
        } catch (NoSuchProviderException e10) {
            throw new NoSuchAlgorithmException("provider issue: " + e10.getMessage());
        }
    }
}
