package org.bouncycastle.jcajce.provider.asymmetric.x509;

import java.io.BufferedOutputStream;
import java.io.IOException;
import java.math.BigInteger;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.Principal;
import java.security.Provider;
import java.security.PublicKey;
import java.security.Signature;
import java.security.SignatureException;
import java.security.cert.CRLException;
import java.security.cert.Certificate;
import java.security.cert.CertificateEncodingException;
import java.security.cert.X509CRL;
import java.security.cert.X509CRLEntry;
import java.security.cert.X509Certificate;
import java.util.Collections;
import java.util.Date;
import java.util.Enumeration;
import java.util.HashSet;
import java.util.List;
import java.util.Set;
import javax.security.auth.x500.X500Principal;
import org.bouncycastle.asn1.f;
import org.bouncycastle.asn1.p;
import org.bouncycastle.asn1.p0;
import org.bouncycastle.asn1.s;
import org.bouncycastle.asn1.t;
import org.bouncycastle.asn1.x509.b;
import org.bouncycastle.asn1.x509.n;
import org.bouncycastle.asn1.x509.n0;
import org.bouncycastle.asn1.x509.o;
import org.bouncycastle.asn1.x509.t0;
import org.bouncycastle.asn1.x509.u;
import org.bouncycastle.asn1.x509.v;
import org.bouncycastle.asn1.x509.x;
import org.bouncycastle.util.a;
import p.c.a.e;
import p.c.a.x.c;

/* loaded from: classes2.dex */
abstract class X509CRLImpl extends X509CRL {
    protected c bcHelper;
    protected o c;
    protected boolean isIndirect;
    protected String sigAlgName;
    protected byte[] sigAlgParams;

    /* JADX INFO: Access modifiers changed from: package-private */
    public X509CRLImpl(c cVar, o oVar, String str, byte[] bArr, boolean z) {
        this.bcHelper = cVar;
        this.c = oVar;
        this.sigAlgName = str;
        this.sigAlgParams = bArr;
        this.isIndirect = z;
    }

    /* JADX WARN: Unreachable blocks removed: 2, instructions: 2 */
    private void checkSignature(PublicKey publicKey, Signature signature, f fVar, byte[] bArr) throws NoSuchAlgorithmException, SignatureException, InvalidKeyException, CRLException {
        if (fVar != null) {
            X509SignatureUtil.setSignatureParameters(signature, fVar);
        }
        signature.initVerify(publicKey);
        try {
            BufferedOutputStream bufferedOutputStream = new BufferedOutputStream(p.c.a.v.c.a(signature), 512);
            this.c.k().a(bufferedOutputStream, "DER");
            bufferedOutputStream.close();
            if (!signature.verify(bArr)) {
                throw new SignatureException("CRL does not verify with supplied public key.");
            }
        } catch (IOException e2) {
            throw new CRLException(e2.toString());
        }
    }

    /* JADX WARN: Unreachable blocks removed: 6, instructions: 6 */
    private void doVerify(PublicKey publicKey, SignatureCreator signatureCreator) throws CRLException, NoSuchAlgorithmException, InvalidKeyException, SignatureException, NoSuchProviderException {
        if (!this.c.i().equals(this.c.k().i())) {
            throw new CRLException("Signature algorithm on CertificateList does not match TBSCertList.");
        }
        int i2 = 0;
        if ((publicKey instanceof e) && X509SignatureUtil.isCompositeAlgorithm(this.c.i())) {
            List<PublicKey> a = ((e) publicKey).a();
            t a2 = t.a((Object) this.c.i().f());
            t a3 = t.a((Object) p0.a((Object) this.c.h()).i());
            boolean z = false;
            while (i2 != a.size()) {
                if (a.get(i2) != null) {
                    b a4 = b.a(a2.c(i2));
                    try {
                        checkSignature(a.get(i2), signatureCreator.createSignature(X509SignatureUtil.getSignatureName(a4)), a4.f(), p0.a((Object) a3.c(i2)).i());
                        e = null;
                        z = true;
                    } catch (SignatureException e2) {
                        e = e2;
                    }
                    if (e != null) {
                        throw e;
                    }
                }
                i2++;
            }
            if (!z) {
                throw new InvalidKeyException("no matching key found");
            }
            return;
        }
        if (!X509SignatureUtil.isCompositeAlgorithm(this.c.i())) {
            Signature createSignature = signatureCreator.createSignature(getSigAlgName());
            byte[] bArr = this.sigAlgParams;
            if (bArr == null) {
                checkSignature(publicKey, createSignature, null, getSignature());
                return;
            }
            try {
                checkSignature(publicKey, createSignature, s.a(bArr), getSignature());
                return;
            } catch (IOException e3) {
                throw new SignatureException("cannot decode signature parameters: " + e3.getMessage());
            }
        }
        t a5 = t.a((Object) this.c.i().f());
        t a6 = t.a((Object) p0.a((Object) this.c.h()).i());
        boolean z2 = false;
        while (i2 != a6.size()) {
            b a7 = b.a(a5.c(i2));
            try {
                checkSignature(publicKey, signatureCreator.createSignature(X509SignatureUtil.getSignatureName(a7)), a7.f(), p0.a((Object) a6.c(i2)).i());
                e = null;
                z2 = true;
            } catch (InvalidKeyException | NoSuchAlgorithmException unused) {
                e = null;
            } catch (SignatureException e4) {
                e = e4;
            }
            if (e != null) {
                throw e;
            }
            i2++;
        }
        if (!z2) {
            throw new InvalidKeyException("no matching key found");
        }
    }

    private Set getExtensionOIDs(boolean z) {
        v e2;
        if (getVersion() != 2 || (e2 = this.c.k().e()) == null) {
            return null;
        }
        HashSet hashSet = new HashSet();
        Enumeration e3 = e2.e();
        while (true) {
            while (e3.hasMoreElements()) {
                org.bouncycastle.asn1.o oVar = (org.bouncycastle.asn1.o) e3.nextElement();
                if (z == e2.a(oVar).h()) {
                    hashSet.add(oVar.i());
                }
            }
            return hashSet;
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static byte[] getExtensionOctets(o oVar, String str) {
        p extensionValue = getExtensionValue(oVar, str);
        if (extensionValue != null) {
            return extensionValue.i();
        }
        return null;
    }

    protected static p getExtensionValue(o oVar, String str) {
        u a;
        v e2 = oVar.k().e();
        if (e2 == null || (a = e2.a(new org.bouncycastle.asn1.o(str))) == null) {
            return null;
        }
        return a.f();
    }

    private Set loadCRLEntries() {
        u a;
        HashSet hashSet = new HashSet();
        Enumeration g2 = this.c.g();
        org.bouncycastle.asn1.e3.c cVar = null;
        while (true) {
            while (g2.hasMoreElements()) {
                n0.b bVar = (n0.b) g2.nextElement();
                hashSet.add(new X509CRLEntryObject(bVar, this.isIndirect, cVar));
                if (this.isIndirect && bVar.h() && (a = bVar.e().a(u.f7313l)) != null) {
                    cVar = org.bouncycastle.asn1.e3.c.a(x.a(a.g()).e()[0].getName());
                }
            }
            return hashSet;
        }
    }

    @Override // java.security.cert.X509Extension
    public Set getCriticalExtensionOIDs() {
        return getExtensionOIDs(true);
    }

    /* JADX WARN: Unreachable blocks removed: 1, instructions: 1 */
    @Override // java.security.cert.X509CRL
    public byte[] getEncoded() throws CRLException {
        try {
            return this.c.a("DER");
        } catch (IOException e2) {
            throw new CRLException(e2.toString());
        }
    }

    /* JADX WARN: Unreachable blocks removed: 1, instructions: 1 */
    @Override // java.security.cert.X509Extension
    public byte[] getExtensionValue(String str) {
        p extensionValue = getExtensionValue(this.c, str);
        if (extensionValue == null) {
            return null;
        }
        try {
            return extensionValue.getEncoded();
        } catch (Exception e2) {
            throw new IllegalStateException("error parsing " + e2.toString());
        }
    }

    @Override // java.security.cert.X509CRL
    public Principal getIssuerDN() {
        return new p.c.b.e(org.bouncycastle.asn1.e3.c.a(this.c.e().b()));
    }

    /* JADX WARN: Unreachable blocks removed: 1, instructions: 1 */
    @Override // java.security.cert.X509CRL
    public X500Principal getIssuerX500Principal() {
        try {
            return new X500Principal(this.c.e().getEncoded());
        } catch (IOException unused) {
            throw new IllegalStateException("can't encode issuer DN");
        }
    }

    @Override // java.security.cert.X509CRL
    public Date getNextUpdate() {
        t0 f2 = this.c.f();
        if (f2 == null) {
            return null;
        }
        return f2.e();
    }

    @Override // java.security.cert.X509Extension
    public Set getNonCriticalExtensionOIDs() {
        return getExtensionOIDs(false);
    }

    @Override // java.security.cert.X509CRL
    public X509CRLEntry getRevokedCertificate(BigInteger bigInteger) {
        u a;
        Enumeration g2 = this.c.g();
        org.bouncycastle.asn1.e3.c cVar = null;
        while (true) {
            while (g2.hasMoreElements()) {
                n0.b bVar = (n0.b) g2.nextElement();
                if (bVar.g().a(bigInteger)) {
                    return new X509CRLEntryObject(bVar, this.isIndirect, cVar);
                }
                if (this.isIndirect && bVar.h() && (a = bVar.e().a(u.f7313l)) != null) {
                    cVar = org.bouncycastle.asn1.e3.c.a(x.a(a.g()).e()[0].getName());
                }
            }
            return null;
        }
    }

    @Override // java.security.cert.X509CRL
    public Set getRevokedCertificates() {
        Set loadCRLEntries = loadCRLEntries();
        if (loadCRLEntries.isEmpty()) {
            return null;
        }
        return Collections.unmodifiableSet(loadCRLEntries);
    }

    @Override // java.security.cert.X509CRL
    public String getSigAlgName() {
        return this.sigAlgName;
    }

    @Override // java.security.cert.X509CRL
    public String getSigAlgOID() {
        return this.c.i().e().i();
    }

    @Override // java.security.cert.X509CRL
    public byte[] getSigAlgParams() {
        return a.b(this.sigAlgParams);
    }

    @Override // java.security.cert.X509CRL
    public byte[] getSignature() {
        return this.c.h().k();
    }

    /* JADX WARN: Unreachable blocks removed: 1, instructions: 1 */
    @Override // java.security.cert.X509CRL
    public byte[] getTBSCertList() throws CRLException {
        try {
            return this.c.k().a("DER");
        } catch (IOException e2) {
            throw new CRLException(e2.toString());
        }
    }

    @Override // java.security.cert.X509CRL
    public Date getThisUpdate() {
        return this.c.l().e();
    }

    @Override // java.security.cert.X509CRL
    public int getVersion() {
        return this.c.m();
    }

    @Override // java.security.cert.X509Extension
    public boolean hasUnsupportedCriticalExtension() {
        Set criticalExtensionOIDs = getCriticalExtensionOIDs();
        if (criticalExtensionOIDs == null) {
            return false;
        }
        criticalExtensionOIDs.remove(u.f7312k.i());
        criticalExtensionOIDs.remove(u.f7311j.i());
        return !criticalExtensionOIDs.isEmpty();
    }

    /* JADX WARN: Unreachable blocks removed: 2, instructions: 2 */
    @Override // java.security.cert.CRL
    public boolean isRevoked(Certificate certificate) {
        org.bouncycastle.asn1.e3.c f2;
        u a;
        if (!certificate.getType().equals("X.509")) {
            throw new IllegalArgumentException("X.509 CRL used with non X.509 Cert");
        }
        Enumeration g2 = this.c.g();
        org.bouncycastle.asn1.e3.c e2 = this.c.e();
        if (g2.hasMoreElements()) {
            X509Certificate x509Certificate = (X509Certificate) certificate;
            BigInteger serialNumber = x509Certificate.getSerialNumber();
            while (g2.hasMoreElements()) {
                n0.b a2 = n0.b.a(g2.nextElement());
                if (this.isIndirect && a2.h() && (a = a2.e().a(u.f7313l)) != null) {
                    e2 = org.bouncycastle.asn1.e3.c.a(x.a(a.g()).e()[0].getName());
                }
                if (a2.g().a(serialNumber)) {
                    if (certificate instanceof X509Certificate) {
                        f2 = org.bouncycastle.asn1.e3.c.a(x509Certificate.getIssuerX500Principal().getEncoded());
                    } else {
                        try {
                            f2 = n.a(certificate.getEncoded()).f();
                        } catch (CertificateEncodingException e3) {
                            throw new IllegalArgumentException("Cannot process certificate: " + e3.getMessage());
                        }
                    }
                    return e2.equals(f2);
                }
            }
        }
        return false;
    }

    /*  JADX ERROR: JadxRuntimeException in pass: RegionMakerVisitor
        jadx.core.utils.exceptions.JadxRuntimeException: Can't find top splitter block for handler:B:38:0x0199
        	at jadx.core.utils.BlockUtils.getTopSplitterForHandler(BlockUtils.java:1166)
        	at jadx.core.dex.visitors.regions.RegionMaker.processTryCatchBlocks(RegionMaker.java:1022)
        	at jadx.core.dex.visitors.regions.RegionMakerVisitor.visit(RegionMakerVisitor.java:55)
        */
    @Override // java.security.cert.CRL
    public java.lang.String toString() {
        /*
            Method dump skipped, instructions count: 466
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: org.bouncycastle.jcajce.provider.asymmetric.x509.X509CRLImpl.toString():java.lang.String");
    }

    @Override // java.security.cert.X509CRL
    public void verify(PublicKey publicKey) throws CRLException, NoSuchAlgorithmException, InvalidKeyException, NoSuchProviderException, SignatureException {
        doVerify(publicKey, new SignatureCreator() { // from class: org.bouncycastle.jcajce.provider.asymmetric.x509.X509CRLImpl.1
            @Override // org.bouncycastle.jcajce.provider.asymmetric.x509.SignatureCreator
            public Signature createSignature(String str) throws NoSuchAlgorithmException, NoSuchProviderException {
                try {
                    return X509CRLImpl.this.bcHelper.createSignature(str);
                } catch (Exception unused) {
                    return Signature.getInstance(str);
                }
            }
        });
    }

    @Override // java.security.cert.X509CRL
    public void verify(PublicKey publicKey, final String str) throws CRLException, NoSuchAlgorithmException, InvalidKeyException, NoSuchProviderException, SignatureException {
        doVerify(publicKey, new SignatureCreator() { // from class: org.bouncycastle.jcajce.provider.asymmetric.x509.X509CRLImpl.2
            @Override // org.bouncycastle.jcajce.provider.asymmetric.x509.SignatureCreator
            public Signature createSignature(String str2) throws NoSuchAlgorithmException, NoSuchProviderException {
                String str3 = str;
                return str3 != null ? Signature.getInstance(str2, str3) : Signature.getInstance(str2);
            }
        });
    }

    /* JADX WARN: Unreachable blocks removed: 1, instructions: 1 */
    @Override // java.security.cert.X509CRL
    public void verify(PublicKey publicKey, final Provider provider) throws CRLException, NoSuchAlgorithmException, InvalidKeyException, SignatureException {
        try {
            doVerify(publicKey, new SignatureCreator() { // from class: org.bouncycastle.jcajce.provider.asymmetric.x509.X509CRLImpl.3
                @Override // org.bouncycastle.jcajce.provider.asymmetric.x509.SignatureCreator
                public Signature createSignature(String str) throws NoSuchAlgorithmException, NoSuchProviderException {
                    return provider != null ? Signature.getInstance(X509CRLImpl.this.getSigAlgName(), provider) : Signature.getInstance(X509CRLImpl.this.getSigAlgName());
                }
            });
        } catch (NoSuchProviderException e2) {
            throw new NoSuchAlgorithmException("provider issue: " + e2.getMessage());
        }
    }
}
