package org.bouncycastle.jcajce.provider.asymmetric.x509;

import java.io.BufferedOutputStream;
import java.io.IOException;
import java.math.BigInteger;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.Principal;
import java.security.Provider;
import java.security.PublicKey;
import java.security.Signature;
import java.security.SignatureException;
import java.security.cert.CRLException;
import java.security.cert.Certificate;
import java.security.cert.CertificateEncodingException;
import java.security.cert.X509CRL;
import java.security.cert.X509CRLEntry;
import java.security.cert.X509Certificate;
import java.util.Collections;
import java.util.Date;
import java.util.Enumeration;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Set;
import javax.security.auth.x500.X500Principal;
import od.b;
import od.d0;
import od.e1;
import od.j0;
import od.k;
import od.k1;
import od.p;
import od.y;
import od.z;
import org.bouncycastle.jcajce.CompositePublicKey;
import org.bouncycastle.jcajce.util.d;
import org.bouncycastle.util.Strings;
import org.bouncycastle.util.a;
import u2.o;
import wb.a0;
import wb.b0;
import wb.e0;
import wb.h0;
import wb.j;
import wb.l;
import wb.u;
import wb.v;
import wb.w1;
import zf.g;

/* loaded from: classes6.dex */
abstract class X509CRLImpl extends X509CRL {
    protected d bcHelper;

    /* renamed from: c, reason: collision with root package name */
    protected p f34739c;
    protected boolean isIndirect;
    protected String sigAlgName;
    protected byte[] sigAlgParams;

    public X509CRLImpl(d dVar, p pVar, String str, byte[] bArr, boolean z10) {
        this.bcHelper = dVar;
        this.f34739c = pVar;
        this.sigAlgName = str;
        this.sigAlgParams = bArr;
        this.isIndirect = z10;
    }

    private void checkSignature(PublicKey publicKey, Signature signature, j jVar, byte[] bArr) throws NoSuchAlgorithmException, SignatureException, InvalidKeyException, CRLException {
        if (jVar != null) {
            X509SignatureUtil.setSignatureParameters(signature, jVar);
        }
        signature.initVerify(publicKey);
        try {
            BufferedOutputStream bufferedOutputStream = new BufferedOutputStream(new g(signature), 512);
            this.f34739c.C().q(bufferedOutputStream, l.f39610a);
            bufferedOutputStream.close();
            if (!signature.verify(bArr)) {
                throw new SignatureException("CRL does not verify with supplied public key.");
            }
        } catch (IOException e10) {
            throw new CRLException(e10.toString());
        }
    }

    private void doVerify(PublicKey publicKey, SignatureCreator signatureCreator) throws CRLException, NoSuchAlgorithmException, InvalidKeyException, SignatureException, NoSuchProviderException {
        if (!this.f34739c.B().equals(this.f34739c.C().B())) {
            throw new CRLException("Signature algorithm on CertificateList does not match TBSCertList.");
        }
        int i10 = 0;
        if ((publicKey instanceof CompositePublicKey) && X509SignatureUtil.isCompositeAlgorithm(this.f34739c.B())) {
            List<PublicKey> b10 = ((CompositePublicKey) publicKey).b();
            h0 G = h0.G(this.f34739c.B().x());
            h0 G2 = h0.G(w1.P(this.f34739c.A()).F());
            boolean z10 = false;
            while (i10 != b10.size()) {
                if (b10.get(i10) != null) {
                    b v10 = b.v(G.I(i10));
                    try {
                        checkSignature(b10.get(i10), signatureCreator.createSignature(X509SignatureUtil.getSignatureName(v10)), v10.x(), w1.P(G2.I(i10)).F());
                        e = null;
                        z10 = true;
                    } catch (SignatureException e10) {
                        e = e10;
                    }
                    if (e != null) {
                        throw e;
                    }
                }
                i10++;
            }
            if (!z10) {
                throw new InvalidKeyException("no matching key found");
            }
            return;
        }
        if (!X509SignatureUtil.isCompositeAlgorithm(this.f34739c.B())) {
            Signature createSignature = signatureCreator.createSignature(getSigAlgName());
            byte[] bArr = this.sigAlgParams;
            if (bArr == null) {
                checkSignature(publicKey, createSignature, null, getSignature());
                return;
            }
            try {
                checkSignature(publicKey, createSignature, e0.A(bArr), getSignature());
                return;
            } catch (IOException e11) {
                throw new SignatureException(o.a(e11, new StringBuilder("cannot decode signature parameters: ")));
            }
        }
        h0 G3 = h0.G(this.f34739c.B().x());
        h0 G4 = h0.G(w1.P(this.f34739c.A()).F());
        boolean z11 = false;
        while (i10 != G4.size()) {
            b v11 = b.v(G3.I(i10));
            try {
                checkSignature(publicKey, signatureCreator.createSignature(X509SignatureUtil.getSignatureName(v11)), v11.x(), w1.P(G4.I(i10)).F());
                e = null;
                z11 = true;
            } catch (InvalidKeyException | NoSuchAlgorithmException unused) {
                e = null;
            } catch (SignatureException e12) {
                e = e12;
            }
            if (e != null) {
                throw e;
            }
            i10++;
        }
        if (!z11) {
            throw new InvalidKeyException("no matching key found");
        }
    }

    private Set getExtensionOIDs(boolean z10) {
        z u10;
        if (getVersion() != 2 || (u10 = this.f34739c.C().u()) == null) {
            return null;
        }
        HashSet hashSet = new HashSet();
        Enumeration G = u10.G();
        while (G.hasMoreElements()) {
            a0 a0Var = (a0) G.nextElement();
            if (z10 == u10.x(a0Var).A()) {
                hashSet.add(a0Var.J());
            }
        }
        return hashSet;
    }

    public static byte[] getExtensionOctets(p pVar, String str) {
        b0 extensionValue = getExtensionValue(pVar, str);
        if (extensionValue != null) {
            return extensionValue.H();
        }
        return null;
    }

    public static b0 getExtensionValue(p pVar, String str) {
        y x10;
        z u10 = pVar.C().u();
        if (u10 == null || (x10 = u10.x(new a0(str))) == null) {
            return null;
        }
        return x10.x();
    }

    private Set loadCRLEntries() {
        y x10;
        HashSet hashSet = new HashSet();
        Enumeration y10 = this.f34739c.y();
        md.d dVar = null;
        while (y10.hasMoreElements()) {
            e1.b bVar = (e1.b) y10.nextElement();
            hashSet.add(new X509CRLEntryObject(bVar, this.isIndirect, dVar));
            if (this.isIndirect && bVar.y() && (x10 = bVar.u().x(y.f32243x)) != null) {
                dVar = md.d.w(d0.w(x10.z()).y()[0].x());
            }
        }
        return hashSet;
    }

    @Override // java.security.cert.X509Extension
    public Set getCriticalExtensionOIDs() {
        return getExtensionOIDs(true);
    }

    @Override // java.security.cert.X509Extension
    public byte[] getExtensionValue(String str) {
        b0 extensionValue = getExtensionValue(this.f34739c, str);
        if (extensionValue == null) {
            return null;
        }
        try {
            return extensionValue.getEncoded();
        } catch (Exception e10) {
            throw new IllegalStateException(wb.d.a(e10, new StringBuilder("error parsing ")));
        }
    }

    @Override // java.security.cert.X509CRL
    public Principal getIssuerDN() {
        return new org.bouncycastle.jce.j(md.d.w(this.f34739c.w().i()));
    }

    @Override // java.security.cert.X509CRL
    public X500Principal getIssuerX500Principal() {
        try {
            return new X500Principal(this.f34739c.w().getEncoded());
        } catch (IOException unused) {
            throw new IllegalStateException("can't encode issuer DN");
        }
    }

    @Override // java.security.cert.X509CRL
    public Date getNextUpdate() {
        k1 x10 = this.f34739c.x();
        if (x10 == null) {
            return null;
        }
        return x10.u();
    }

    @Override // java.security.cert.X509Extension
    public Set getNonCriticalExtensionOIDs() {
        return getExtensionOIDs(false);
    }

    @Override // java.security.cert.X509CRL
    public X509CRLEntry getRevokedCertificate(BigInteger bigInteger) {
        y x10;
        Enumeration y10 = this.f34739c.y();
        md.d dVar = null;
        while (y10.hasMoreElements()) {
            e1.b bVar = (e1.b) y10.nextElement();
            if (bVar.x().L(bigInteger)) {
                return new X509CRLEntryObject(bVar, this.isIndirect, dVar);
            }
            if (this.isIndirect && bVar.y() && (x10 = bVar.u().x(y.f32243x)) != null) {
                dVar = md.d.w(d0.w(x10.z()).y()[0].x());
            }
        }
        return null;
    }

    @Override // java.security.cert.X509CRL
    public Set getRevokedCertificates() {
        Set loadCRLEntries = loadCRLEntries();
        if (loadCRLEntries.isEmpty()) {
            return null;
        }
        return Collections.unmodifiableSet(loadCRLEntries);
    }

    @Override // java.security.cert.X509CRL
    public String getSigAlgName() {
        return this.sigAlgName;
    }

    @Override // java.security.cert.X509CRL
    public String getSigAlgOID() {
        return this.f34739c.B().u().J();
    }

    @Override // java.security.cert.X509CRL
    public byte[] getSigAlgParams() {
        return a.p(this.sigAlgParams);
    }

    @Override // java.security.cert.X509CRL
    public byte[] getSignature() {
        return this.f34739c.A().J();
    }

    @Override // java.security.cert.X509CRL
    public byte[] getTBSCertList() throws CRLException {
        try {
            return this.f34739c.C().r(l.f39610a);
        } catch (IOException e10) {
            throw new CRLException(e10.toString());
        }
    }

    @Override // java.security.cert.X509CRL
    public Date getThisUpdate() {
        return this.f34739c.D().u();
    }

    @Override // java.security.cert.X509CRL
    public int getVersion() {
        return this.f34739c.F();
    }

    @Override // java.security.cert.X509Extension
    public boolean hasUnsupportedCriticalExtension() {
        Set criticalExtensionOIDs = getCriticalExtensionOIDs();
        if (criticalExtensionOIDs == null) {
            return false;
        }
        criticalExtensionOIDs.remove(y.f32242w.J());
        criticalExtensionOIDs.remove(y.f32241v.J());
        return !criticalExtensionOIDs.isEmpty();
    }

    @Override // java.security.cert.CRL
    public boolean isRevoked(Certificate certificate) {
        md.d x10;
        y x11;
        if (!certificate.getType().equals("X.509")) {
            throw new IllegalArgumentException("X.509 CRL used with non X.509 Cert");
        }
        Enumeration y10 = this.f34739c.y();
        md.d w10 = this.f34739c.w();
        if (y10.hasMoreElements()) {
            X509Certificate x509Certificate = (X509Certificate) certificate;
            BigInteger serialNumber = x509Certificate.getSerialNumber();
            while (y10.hasMoreElements()) {
                e1.b v10 = e1.b.v(y10.nextElement());
                if (this.isIndirect && v10.y() && (x11 = v10.u().x(y.f32243x)) != null) {
                    w10 = md.d.w(d0.w(x11.z()).y()[0].x());
                }
                if (v10.x().L(serialNumber)) {
                    if (certificate instanceof X509Certificate) {
                        x10 = md.d.w(x509Certificate.getIssuerX500Principal().getEncoded());
                    } else {
                        try {
                            x10 = od.o.v(certificate.getEncoded()).x();
                        } catch (CertificateEncodingException e10) {
                            throw new IllegalArgumentException("Cannot process certificate: " + e10.getMessage());
                        }
                    }
                    return w10.equals(x10);
                }
            }
        }
        return false;
    }

    @Override // java.security.cert.CRL
    public String toString() {
        Object lVar;
        StringBuffer stringBuffer = new StringBuffer();
        String f10 = Strings.f();
        stringBuffer.append("              Version: ");
        stringBuffer.append(getVersion());
        stringBuffer.append(f10);
        stringBuffer.append("             IssuerDN: ");
        stringBuffer.append(getIssuerDN());
        stringBuffer.append(f10);
        stringBuffer.append("          This update: ");
        stringBuffer.append(getThisUpdate());
        stringBuffer.append(f10);
        stringBuffer.append("          Next update: ");
        stringBuffer.append(getNextUpdate());
        stringBuffer.append(f10);
        stringBuffer.append("  Signature Algorithm: ");
        stringBuffer.append(getSigAlgName());
        stringBuffer.append(f10);
        X509SignatureUtil.prettyPrintSignature(getSignature(), stringBuffer, f10);
        z u10 = this.f34739c.C().u();
        if (u10 != null) {
            Enumeration G = u10.G();
            if (G.hasMoreElements()) {
                stringBuffer.append("           Extensions: ");
                stringBuffer.append(f10);
            }
            while (G.hasMoreElements()) {
                a0 a0Var = (a0) G.nextElement();
                y x10 = u10.x(a0Var);
                if (x10.x() != null) {
                    u uVar = new u(x10.x().H());
                    stringBuffer.append("                       critical(");
                    stringBuffer.append(x10.A());
                    stringBuffer.append(") ");
                    try {
                    } catch (Exception unused) {
                        stringBuffer.append(a0Var.J());
                        stringBuffer.append(" value = ");
                        stringBuffer.append("*****");
                    }
                    if (a0Var.z(y.f32237p)) {
                        lVar = new od.l(v.F(uVar.s()).H());
                    } else if (a0Var.z(y.f32241v)) {
                        stringBuffer.append("Base CRL: " + new od.l(v.F(uVar.s()).H()));
                        stringBuffer.append(f10);
                    } else if (a0Var.z(y.f32242w)) {
                        lVar = j0.x(uVar.s());
                    } else if (a0Var.z(y.f32245z)) {
                        lVar = k.w(uVar.s());
                    } else if (a0Var.z(y.M)) {
                        lVar = k.w(uVar.s());
                    } else {
                        stringBuffer.append(a0Var.J());
                        stringBuffer.append(" value = ");
                        stringBuffer.append(ld.a.d(uVar.s(), false));
                        stringBuffer.append(f10);
                    }
                    stringBuffer.append(lVar);
                    stringBuffer.append(f10);
                }
                stringBuffer.append(f10);
            }
        }
        Set revokedCertificates = getRevokedCertificates();
        if (revokedCertificates != null) {
            Iterator it2 = revokedCertificates.iterator();
            while (it2.hasNext()) {
                stringBuffer.append(it2.next());
                stringBuffer.append(f10);
            }
        }
        return stringBuffer.toString();
    }

    @Override // java.security.cert.X509CRL
    public void verify(PublicKey publicKey) throws CRLException, NoSuchAlgorithmException, InvalidKeyException, NoSuchProviderException, SignatureException {
        doVerify(publicKey, new SignatureCreator() { // from class: org.bouncycastle.jcajce.provider.asymmetric.x509.X509CRLImpl.1
            @Override // org.bouncycastle.jcajce.provider.asymmetric.x509.SignatureCreator
            public Signature createSignature(String str) throws NoSuchAlgorithmException, NoSuchProviderException {
                try {
                    return X509CRLImpl.this.bcHelper.createSignature(str);
                } catch (Exception unused) {
                    return Signature.getInstance(str);
                }
            }
        });
    }

    @Override // java.security.cert.X509CRL
    public void verify(PublicKey publicKey, final String str) throws CRLException, NoSuchAlgorithmException, InvalidKeyException, NoSuchProviderException, SignatureException {
        doVerify(publicKey, new SignatureCreator() { // from class: org.bouncycastle.jcajce.provider.asymmetric.x509.X509CRLImpl.2
            @Override // org.bouncycastle.jcajce.provider.asymmetric.x509.SignatureCreator
            public Signature createSignature(String str2) throws NoSuchAlgorithmException, NoSuchProviderException {
                String str3 = str;
                return str3 != null ? Signature.getInstance(str2, str3) : Signature.getInstance(str2);
            }
        });
    }

    @Override // java.security.cert.X509CRL
    public void verify(PublicKey publicKey, final Provider provider) throws CRLException, NoSuchAlgorithmException, InvalidKeyException, SignatureException {
        try {
            doVerify(publicKey, new SignatureCreator() { // from class: org.bouncycastle.jcajce.provider.asymmetric.x509.X509CRLImpl.3
                @Override // org.bouncycastle.jcajce.provider.asymmetric.x509.SignatureCreator
                public Signature createSignature(String str) throws NoSuchAlgorithmException, NoSuchProviderException {
                    return provider != null ? Signature.getInstance(X509CRLImpl.this.getSigAlgName(), provider) : Signature.getInstance(X509CRLImpl.this.getSigAlgName());
                }
            });
        } catch (NoSuchProviderException e10) {
            throw new NoSuchAlgorithmException("provider issue: " + e10.getMessage());
        }
    }
}
