package r.d.f.d;

import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.math.BigInteger;
import java.security.GeneralSecurityException;
import java.security.PublicKey;
import java.security.cert.CRL;
import java.security.cert.CRLException;
import java.security.cert.CertPath;
import java.security.cert.CertPathValidatorException;
import java.security.cert.CertStore;
import java.security.cert.CertStoreException;
import java.security.cert.Certificate;
import java.security.cert.CertificateParsingException;
import java.security.cert.PolicyQualifierInfo;
import java.security.cert.TrustAnchor;
import java.security.cert.X509CRL;
import java.security.cert.X509CRLEntry;
import java.security.cert.X509CRLSelector;
import java.security.cert.X509CertSelector;
import java.security.cert.X509Certificate;
import java.security.cert.X509Extension;
import java.security.interfaces.DSAParams;
import java.security.interfaces.DSAPublicKey;
import java.security.spec.DSAPublicKeySpec;
import java.text.ParseException;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Collections;
import java.util.Date;
import java.util.Enumeration;
import java.util.HashSet;
import java.util.Iterator;
import java.util.LinkedHashSet;
import java.util.List;
import java.util.Map;
import java.util.Set;
import javax.security.auth.x500.X500Principal;
import r.d.b.g2.v;
import r.d.b.p;
import r.d.b.r;
import r.d.b.s;
import r.d.b.w0;
import r.d.e.b;
import r.d.e.d;

/* loaded from: classes4.dex */
public class d {
    public static final g a = new g();

    /* renamed from: b, reason: collision with root package name */
    public static final String f15300b = r.d.b.g2.k.q3.s();

    /* renamed from: c, reason: collision with root package name */
    public static final String f15301c = r.d.b.g2.k.K0.s();

    /* renamed from: d, reason: collision with root package name */
    public static final String f15302d = r.d.b.g2.k.r3.s();

    /* renamed from: e, reason: collision with root package name */
    public static final String f15303e = r.d.b.g2.k.f14626p.s();

    /* renamed from: f, reason: collision with root package name */
    public static final String f15304f = r.d.b.g2.k.o3.s();

    /* renamed from: g, reason: collision with root package name */
    public static final String f15305g = r.d.b.g2.k.f14624f.s();

    /* renamed from: h, reason: collision with root package name */
    public static final String f15306h = r.d.b.g2.k.w3.s();

    /* renamed from: i, reason: collision with root package name */
    public static final String f15307i = r.d.b.g2.k.m3.s();

    /* renamed from: j, reason: collision with root package name */
    public static final String f15308j = r.d.b.g2.k.K2.s();

    /* renamed from: k, reason: collision with root package name */
    public static final String f15309k = r.d.b.g2.k.t3.s();

    /* renamed from: l, reason: collision with root package name */
    public static final String f15310l = r.d.b.g2.k.v3.s();

    /* renamed from: m, reason: collision with root package name */
    public static final String f15311m = r.d.b.g2.k.p3.s();

    /* renamed from: n, reason: collision with root package name */
    public static final String f15312n = r.d.b.g2.k.s3.s();

    /* renamed from: o, reason: collision with root package name */
    public static final String f15313o = r.d.b.g2.k.k1.s();

    /* renamed from: p, reason: collision with root package name */
    public static final String[] f15314p = {"unspecified", "keyCompromise", "cACompromise", "affiliationChanged", "superseded", "cessationOfOperation", "certificateHold", "unknown", "removeFromCRL", "privilegeWithdrawn", "aACompromise"};

    public static void a(Set set, Object obj) throws a {
        if (set.isEmpty()) {
            if (obj instanceof r.d.j.d) {
                new StringBuilder().append("No CRLs found for issuer \"");
                ((r.d.j.d) obj).a();
                throw null;
            }
            throw new a("No CRLs found for issuer \"" + r.d.b.f2.f.d.T.a(l.d((X509Certificate) obj)) + "\"");
        }
    }

    public static Collection b(r.d.e.d dVar, List list) throws a {
        LinkedHashSet linkedHashSet = new LinkedHashSet();
        for (Object obj : list) {
            if (obj instanceof r.d.i.h) {
                try {
                    linkedHashSet.addAll(((r.d.i.h) obj).a(dVar));
                } catch (r.d.i.i e2) {
                    throw new a("Problem while picking certificates from X.509 store.", e2);
                }
            } else {
                try {
                    linkedHashSet.addAll(r.d.e.d.a(dVar, (CertStore) obj));
                } catch (CertStoreException e3) {
                    throw new a("Problem while picking certificates from certificate store.", e3);
                }
            }
        }
        return linkedHashSet;
    }

    public static Collection c(X509Certificate x509Certificate, List<CertStore> list, List<r.d.e.c> list2) throws a {
        byte[] i2;
        X509CertSelector x509CertSelector = new X509CertSelector();
        try {
            x509CertSelector.setSubject(l.d(x509Certificate).e());
            try {
                byte[] extensionValue = x509Certificate.getExtensionValue(f15312n);
                if (extensionValue != null && (i2 = r.d.b.g2.b.h(r.d.b.n.o(extensionValue).q()).i()) != null) {
                    x509CertSelector.setSubjectKeyIdentifier(new w0(i2).e());
                }
            } catch (Exception unused) {
            }
            r.d.e.d<? extends Certificate> a2 = new d.b(x509CertSelector).a();
            LinkedHashSet linkedHashSet = new LinkedHashSet();
            try {
                ArrayList arrayList = new ArrayList();
                arrayList.addAll(b(a2, list));
                arrayList.addAll(b(a2, list2));
                Iterator it = arrayList.iterator();
                while (it.hasNext()) {
                    linkedHashSet.add((X509Certificate) it.next());
                }
                return linkedHashSet;
            } catch (a e2) {
                throw new a("Issuer certificate cannot be searched.", e2);
            }
        } catch (IOException e3) {
            throw new a("Subject criteria for certificate selector to find issuer certificate could not be set.", e3);
        }
    }

    public static TrustAnchor d(X509Certificate x509Certificate, Set set, String str) throws a {
        X509CertSelector x509CertSelector = new X509CertSelector();
        r.d.b.f2.c b2 = l.b(x509Certificate);
        try {
            x509CertSelector.setSubject(b2.e());
            Iterator it = set.iterator();
            TrustAnchor trustAnchor = null;
            Exception e2 = null;
            PublicKey publicKey = null;
            while (it.hasNext() && trustAnchor == null) {
                trustAnchor = (TrustAnchor) it.next();
                if (trustAnchor.getTrustedCert() != null) {
                    if (x509CertSelector.match(trustAnchor.getTrustedCert())) {
                        publicKey = trustAnchor.getTrustedCert().getPublicKey();
                    }
                    trustAnchor = null;
                } else {
                    if (trustAnchor.getCAName() != null && trustAnchor.getCAPublicKey() != null) {
                        try {
                            if (b2.equals(l.a(trustAnchor))) {
                                publicKey = trustAnchor.getCAPublicKey();
                            }
                        } catch (IllegalArgumentException unused) {
                        }
                    }
                    trustAnchor = null;
                }
                if (publicKey != null) {
                    try {
                        z(x509Certificate, publicKey, str);
                    } catch (Exception e3) {
                        e2 = e3;
                        trustAnchor = null;
                        publicKey = null;
                    }
                }
            }
            if (trustAnchor != null || e2 == null) {
                return trustAnchor;
            }
            throw new a("TrustAnchor found but certificate validation failed.", e2);
        } catch (IOException e4) {
            throw new a("Cannot set subject search criteria for trust anchor.", e4);
        }
    }

    public static List<r.d.e.c> e(byte[] bArr, Map<r.d.b.g2.m, r.d.e.c> map) throws CertificateParsingException {
        if (bArr == null) {
            return Collections.EMPTY_LIST;
        }
        r.d.b.g2.m[] j2 = r.d.b.g2.n.h(r.d.b.n.o(bArr).q()).j();
        ArrayList arrayList = new ArrayList();
        for (int i2 = 0; i2 != j2.length; i2++) {
            r.d.e.c cVar = map.get(j2[i2]);
            if (cVar != null) {
                arrayList.add(cVar);
            }
        }
        return arrayList;
    }

    public static List<r.d.e.a> f(r.d.b.g2.d dVar, Map<r.d.b.g2.m, r.d.e.a> map) throws a {
        if (dVar == null) {
            return Collections.EMPTY_LIST;
        }
        try {
            r.d.b.g2.i[] h2 = dVar.h();
            ArrayList arrayList = new ArrayList();
            for (r.d.b.g2.i iVar : h2) {
                r.d.b.g2.j j2 = iVar.j();
                if (j2 != null && j2.l() == 0) {
                    for (r.d.b.g2.m mVar : r.d.b.g2.n.h(j2.k()).j()) {
                        r.d.e.a aVar = map.get(mVar);
                        if (aVar != null) {
                            arrayList.add(aVar);
                        }
                    }
                }
            }
            return arrayList;
        } catch (Exception e2) {
            throw new a("Distribution points could not be read.", e2);
        }
    }

    public static r.d.b.g2.a g(PublicKey publicKey) throws CertPathValidatorException {
        try {
            return v.i(new r.d.b.i(publicKey.getEncoded()).z()).h();
        } catch (Exception e2) {
            throw new r.d.f.b.b("Subject public key cannot be decoded.", e2);
        }
    }

    public static void h(r.d.b.g2.i iVar, Collection collection, X509CRLSelector x509CRLSelector) throws a {
        ArrayList arrayList = new ArrayList();
        if (iVar.i() != null) {
            r.d.b.g2.m[] j2 = iVar.i().j();
            for (int i2 = 0; i2 < j2.length; i2++) {
                if (j2[i2].k() == 4) {
                    try {
                        arrayList.add(r.d.b.f2.c.h(j2[i2].j().c().e()));
                    } catch (IOException e2) {
                        throw new a("CRL issuer information from distribution point cannot be decoded.", e2);
                    }
                }
            }
        } else {
            if (iVar.j() == null) {
                throw new a("CRL issuer is omitted from distribution point but no distributionPoint field present.");
            }
            Iterator it = collection.iterator();
            while (it.hasNext()) {
                arrayList.add(it.next());
            }
        }
        Iterator it2 = arrayList.iterator();
        while (it2.hasNext()) {
            try {
                x509CRLSelector.addIssuerName(((r.d.b.f2.c) it2.next()).e());
            } catch (IOException e3) {
                throw new a("Cannot decode CRL issuer information.", e3);
            }
        }
    }

    public static void i(Date date, X509CRL x509crl, Object obj, e eVar) throws a {
        X509CRLEntry revokedCertificate;
        try {
            if (o.b(x509crl)) {
                revokedCertificate = x509crl.getRevokedCertificate(p(obj));
                if (revokedCertificate == null) {
                    return;
                }
                X500Principal certificateIssuer = revokedCertificate.getCertificateIssuer();
                if (!l.b(obj).equals(certificateIssuer == null ? l.c(x509crl) : r.d.b.f2.c.h(certificateIssuer.getEncoded()))) {
                    return;
                }
            } else if (!l.b(obj).equals(l.c(x509crl)) || (revokedCertificate = x509crl.getRevokedCertificate(p(obj))) == null) {
                return;
            }
            r.d.b.f fVar = null;
            if (revokedCertificate.hasExtensions()) {
                try {
                    fVar = r.d.b.f.p(l(revokedCertificate, r.d.b.g2.k.C1.s()));
                } catch (Exception e2) {
                    throw new a("Reason code CRL entry extension could not be decoded.", e2);
                }
            }
            if (date.getTime() >= revokedCertificate.getRevocationDate().getTime() || fVar == null || fVar.q().intValue() == 0 || fVar.q().intValue() == 1 || fVar.q().intValue() == 2 || fVar.q().intValue() == 8) {
                if (fVar != null) {
                    eVar.c(fVar.q().intValue());
                } else {
                    eVar.c(0);
                }
                eVar.d(revokedCertificate.getRevocationDate());
            }
        } catch (CRLException e3) {
            throw new a("Failed check for indirect CRL.", e3);
        }
    }

    public static Set j(r.d.b.g2.i iVar, Object obj, Date date, r.d.e.f fVar) throws a {
        X509CRLSelector x509CRLSelector = new X509CRLSelector();
        try {
            HashSet hashSet = new HashSet();
            hashSet.add(l.b(obj));
            h(iVar, hashSet, x509CRLSelector);
            if (obj instanceof X509Certificate) {
                x509CRLSelector.setCertificateChecking((X509Certificate) obj);
            }
            r.d.e.b<? extends CRL> g2 = new b.C0333b(x509CRLSelector).h(true).g();
            if (fVar.o() != null) {
                date = fVar.o();
            }
            Set b2 = a.b(g2, date, fVar.m(), fVar.k());
            a(b2, obj);
            return b2;
        } catch (a e2) {
            throw new a("Could not get issuer information from distribution point.", e2);
        }
    }

    public static Set k(Date date, X509CRL x509crl, List<CertStore> list, List<r.d.e.a> list2) throws a {
        X509CRLSelector x509CRLSelector = new X509CRLSelector();
        try {
            x509CRLSelector.addIssuerName(l.c(x509crl).e());
            try {
                r l2 = l(x509crl, f15313o);
                BigInteger q2 = l2 != null ? r.d.b.j.o(l2).q() : null;
                try {
                    byte[] extensionValue = x509crl.getExtensionValue(f15307i);
                    x509CRLSelector.setMinCRLNumber(q2 != null ? q2.add(BigInteger.valueOf(1L)) : null);
                    b.C0333b c0333b = new b.C0333b(x509CRLSelector);
                    c0333b.i(extensionValue);
                    c0333b.j(true);
                    c0333b.k(q2);
                    Set<X509CRL> b2 = a.b(c0333b.g(), date, list, list2);
                    HashSet hashSet = new HashSet();
                    for (X509CRL x509crl2 : b2) {
                        if (t(x509crl2)) {
                            hashSet.add(x509crl2);
                        }
                    }
                    return hashSet;
                } catch (Exception e2) {
                    throw new a("Issuing distribution point extension value could not be read.", e2);
                }
            } catch (Exception e3) {
                throw new a("CRL number extension could not be extracted from CRL.", e3);
            }
        } catch (IOException e4) {
            throw new a("Cannot extract issuer from CRL.", e4);
        }
    }

    public static r l(X509Extension x509Extension, String str) throws a {
        byte[] extensionValue = x509Extension.getExtensionValue(str);
        if (extensionValue == null) {
            return null;
        }
        return n(str, extensionValue);
    }

    public static PublicKey m(List list, int i2, r.d.e.h.b bVar) throws CertPathValidatorException {
        DSAPublicKey dSAPublicKey;
        PublicKey publicKey = ((Certificate) list.get(i2)).getPublicKey();
        if (!(publicKey instanceof DSAPublicKey)) {
            return publicKey;
        }
        DSAPublicKey dSAPublicKey2 = (DSAPublicKey) publicKey;
        if (dSAPublicKey2.getParams() != null) {
            return dSAPublicKey2;
        }
        do {
            i2++;
            if (i2 >= list.size()) {
                throw new CertPathValidatorException("DSA parameters cannot be inherited from previous certificate.");
            }
            PublicKey publicKey2 = ((X509Certificate) list.get(i2)).getPublicKey();
            if (!(publicKey2 instanceof DSAPublicKey)) {
                throw new CertPathValidatorException("DSA parameters cannot be inherited from previous certificate.");
            }
            dSAPublicKey = (DSAPublicKey) publicKey2;
        } while (dSAPublicKey.getParams() == null);
        DSAParams params = dSAPublicKey.getParams();
        try {
            return bVar.c("DSA").generatePublic(new DSAPublicKeySpec(dSAPublicKey2.getY(), params.getP(), params.getQ(), params.getG()));
        } catch (Exception e2) {
            throw new RuntimeException(e2.getMessage());
        }
    }

    public static r n(String str, byte[] bArr) throws a {
        try {
            return new r.d.b.i(((r.d.b.n) new r.d.b.i(bArr).z()).q()).z();
        } catch (Exception e2) {
            throw new a("exception processing extension " + str, e2);
        }
    }

    public static final Set o(s sVar) throws CertPathValidatorException {
        HashSet hashSet = new HashSet();
        if (sVar == null) {
            return hashSet;
        }
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        p pVar = new p(byteArrayOutputStream);
        Enumeration s2 = sVar.s();
        while (s2.hasMoreElements()) {
            try {
                pVar.j((r.d.b.d) s2.nextElement());
                hashSet.add(new PolicyQualifierInfo(byteArrayOutputStream.toByteArray()));
                byteArrayOutputStream.reset();
            } catch (IOException e2) {
                throw new r.d.f.b.b("Policy qualifier info cannot be decoded.", e2);
            }
        }
        return hashSet;
    }

    public static BigInteger p(Object obj) {
        return ((X509Certificate) obj).getSerialNumber();
    }

    public static Date q(r.d.e.f fVar, CertPath certPath, int i2) throws a {
        if (fVar.v() == 1 && i2 > 0) {
            int i3 = i2 - 1;
            if (i3 != 0) {
                return ((X509Certificate) certPath.getCertificates().get(i3)).getNotBefore();
            }
            try {
                byte[] extensionValue = ((X509Certificate) certPath.getCertificates().get(i3)).getExtensionValue(r.d.b.x1.a.f14804e.s());
                r.d.b.h r2 = extensionValue != null ? r.d.b.h.r(r.k(extensionValue)) : null;
                if (r2 == null) {
                    return ((X509Certificate) certPath.getCertificates().get(i3)).getNotBefore();
                }
                try {
                    return r2.q();
                } catch (ParseException e2) {
                    throw new a("Date from date of cert gen extension could not be parsed.", e2);
                }
            } catch (IOException unused) {
                throw new a("Date of cert gen extension could not be read.");
            } catch (IllegalArgumentException unused2) {
                throw new a("Date of cert gen extension could not be read.");
            }
        }
        return r(fVar);
    }

    public static Date r(r.d.e.f fVar) {
        Date o2 = fVar.o();
        return o2 == null ? new Date() : o2;
    }

    public static boolean s(Set set) {
        return set == null || set.contains("2.5.29.32.0") || set.isEmpty();
    }

    public static boolean t(X509CRL x509crl) {
        Set<String> criticalExtensionOIDs = x509crl.getCriticalExtensionOIDs();
        if (criticalExtensionOIDs == null) {
            return false;
        }
        return criticalExtensionOIDs.contains(m.f15337g);
    }

    public static boolean u(X509Certificate x509Certificate) {
        return x509Certificate.getSubjectDN().equals(x509Certificate.getIssuerDN());
    }

    public static boolean v(int i2, List[] listArr, r.d.b.m mVar, Set set) {
        List list = listArr[i2 - 1];
        for (int i3 = 0; i3 < list.size(); i3++) {
            k kVar = (k) list.get(i3);
            if (kVar.getExpectedPolicies().contains(mVar.s())) {
                HashSet hashSet = new HashSet();
                hashSet.add(mVar.s());
                k kVar2 = new k(new ArrayList(), i2, hashSet, kVar, set, mVar.s(), false);
                kVar.a(kVar2);
                listArr[i2].add(kVar2);
                return true;
            }
        }
        return false;
    }

    public static void w(int i2, List[] listArr, r.d.b.m mVar, Set set) {
        List list = listArr[i2 - 1];
        for (int i3 = 0; i3 < list.size(); i3++) {
            k kVar = (k) list.get(i3);
            if ("2.5.29.32.0".equals(kVar.getValidPolicy())) {
                HashSet hashSet = new HashSet();
                hashSet.add(mVar.s());
                k kVar2 = new k(new ArrayList(), i2, hashSet, kVar, set, mVar.s(), false);
                kVar.a(kVar2);
                listArr[i2].add(kVar2);
                return;
            }
        }
    }

    public static k x(k kVar, List[] listArr, k kVar2) {
        k kVar3 = (k) kVar2.getParent();
        if (kVar == null) {
            return null;
        }
        if (kVar3 != null) {
            kVar3.d(kVar2);
            y(listArr, kVar2);
            return kVar;
        }
        for (int i2 = 0; i2 < listArr.length; i2++) {
            listArr[i2] = new ArrayList();
        }
        return null;
    }

    public static void y(List[] listArr, k kVar) {
        listArr[kVar.getDepth()].remove(kVar);
        if (kVar.c()) {
            Iterator children = kVar.getChildren();
            while (children.hasNext()) {
                y(listArr, (k) children.next());
            }
        }
    }

    public static void z(X509Certificate x509Certificate, PublicKey publicKey, String str) throws GeneralSecurityException {
        if (str == null) {
            x509Certificate.verify(publicKey);
        } else {
            x509Certificate.verify(publicKey, str);
        }
    }
}
