package org.bouncycastle.jcajce.provider.asymmetric.x509;

import defpackage.fmvg;
import defpackage.fmvl;
import defpackage.fmvz;
import defpackage.fmwb;
import defpackage.fmwk;
import defpackage.fmwm;
import defpackage.fmwq;
import defpackage.fmwx;
import defpackage.fned;
import defpackage.fneg;
import defpackage.fneo;
import defpackage.fner;
import defpackage.fnes;
import defpackage.fneu;
import defpackage.fnev;
import defpackage.fnfc;
import defpackage.fnfd;
import defpackage.fnfg;
import defpackage.fnfh;
import defpackage.fnfm;
import defpackage.fnfr;
import defpackage.fnzy;
import defpackage.foal;
import defpackage.fobn;
import defpackage.fobs;
import defpackage.fovu;
import defpackage.fowi;
import j$.util.DesugarCollections;
import java.io.BufferedOutputStream;
import java.io.IOException;
import java.math.BigInteger;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.Principal;
import java.security.Provider;
import java.security.PublicKey;
import java.security.Signature;
import java.security.SignatureException;
import java.security.cert.CRLException;
import java.security.cert.Certificate;
import java.security.cert.CertificateEncodingException;
import java.security.cert.X509CRL;
import java.security.cert.X509CRLEntry;
import java.security.cert.X509Certificate;
import java.util.Date;
import java.util.Enumeration;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Set;
import javax.security.auth.x500.X500Principal;

/* compiled from: :com.google.android.gms@244762004@24.47.62 (040400-705963428) */
/* loaded from: classes10.dex */
abstract class X509CRLImpl extends X509CRL {
    protected fobn bcHelper;
    protected fnev c;
    protected boolean isIndirect;
    protected String sigAlgName;
    protected byte[] sigAlgParams;

    public X509CRLImpl(fobn fobnVar, fnev fnevVar, String str, byte[] bArr, boolean z) {
        this.bcHelper = fobnVar;
        this.c = fnevVar;
        this.sigAlgName = str;
        this.sigAlgParams = bArr;
        this.isIndirect = z;
    }

    private void checkSignature(PublicKey publicKey, Signature signature, fmvl fmvlVar, byte[] bArr) {
        fnev fnevVar = this.c;
        if (!X509SignatureUtil.areEquivalentAlgorithms(fnevVar.b, fnevVar.a.b)) {
            throw new CRLException("Signature algorithm on CertificateList does not match TbsCertList.");
        }
        X509SignatureUtil.setSignatureParameters(signature, fmvlVar);
        signature.initVerify(publicKey);
        try {
            BufferedOutputStream bufferedOutputStream = new BufferedOutputStream(new foal(signature), 512);
            this.c.a.t(bufferedOutputStream, "DER");
            bufferedOutputStream.close();
            if (!signature.verify(bArr)) {
                throw new SignatureException("CRL does not verify with supplied public key.");
            }
        } catch (IOException e) {
            throw new CRLException(e.toString());
        }
    }

    private void doVerify(PublicKey publicKey, SignatureCreator signatureCreator) {
        fnev fnevVar = this.c;
        if (!fnevVar.b.equals(fnevVar.a.b)) {
            throw new CRLException("Signature algorithm on CertificateList does not match TBSCertList.");
        }
        int i = 0;
        if ((publicKey instanceof fnzy) && X509SignatureUtil.isCompositeAlgorithm(this.c.b)) {
            List list = ((fnzy) publicKey).a;
            fmwx m = fmwx.m(this.c.b.b);
            fmwx m2 = fmwx.m(this.c.c.n());
            boolean z = false;
            while (i != list.size()) {
                if (list.get(i) != null) {
                    fneo a = fneo.a(m.h(i));
                    try {
                        checkSignature((PublicKey) list.get(i), signatureCreator.createSignature(X509SignatureUtil.getSignatureName(a)), a.b, fmvg.i(m2.h(i)).n());
                        z = true;
                        e = null;
                    } catch (SignatureException e) {
                        e = e;
                    }
                    if (e != null) {
                        throw e;
                    }
                }
                i++;
            }
            if (!z) {
                throw new InvalidKeyException("no matching key found");
            }
            return;
        }
        if (!X509SignatureUtil.isCompositeAlgorithm(this.c.b)) {
            Signature createSignature = signatureCreator.createSignature(getSigAlgName());
            byte[] bArr = this.sigAlgParams;
            if (bArr == null) {
                checkSignature(publicKey, createSignature, null, getSignature());
                return;
            }
            try {
                checkSignature(publicKey, createSignature, fmwq.w(bArr), getSignature());
                return;
            } catch (IOException e2) {
                throw new SignatureException("cannot decode signature parameters: ".concat(String.valueOf(e2.getMessage())));
            }
        }
        fmwx m3 = fmwx.m(this.c.b.b);
        fmwx m4 = fmwx.m(this.c.c.n());
        boolean z2 = false;
        while (i != m4.b()) {
            fneo a2 = fneo.a(m3.h(i));
            try {
                checkSignature(publicKey, signatureCreator.createSignature(X509SignatureUtil.getSignatureName(a2)), a2.b, fmvg.i(m4.h(i)).n());
                z2 = true;
            } catch (InvalidKeyException | NoSuchAlgorithmException unused) {
            } catch (SignatureException e3) {
                e = e3;
            }
            e = null;
            if (e != null) {
                throw e;
            }
            i++;
        }
        if (!z2) {
            throw new InvalidKeyException("no matching key found");
        }
    }

    private Set getExtensionOIDs(boolean z) {
        fnfd fnfdVar;
        if (getVersion() != 2 || (fnfdVar = this.c.a.g) == null) {
            return null;
        }
        HashSet hashSet = new HashSet();
        Enumeration a = fnfdVar.a();
        while (a.hasMoreElements()) {
            fmwk fmwkVar = (fmwk) a.nextElement();
            if (z == fnfdVar.b(fmwkVar).w) {
                hashSet.add(fmwkVar.b());
            }
        }
        return hashSet;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static byte[] getExtensionOctets(fnev fnevVar, String str) {
        fmwm extensionValue = getExtensionValue(fnevVar, str);
        if (extensionValue != null) {
            return extensionValue.b;
        }
        return null;
    }

    protected static fmwm getExtensionValue(fnev fnevVar, String str) {
        fnfc b;
        fnfd fnfdVar = fnevVar.a.g;
        if (fnfdVar == null || (b = fnfdVar.b(new fmwk(str))) == null) {
            return null;
        }
        return b.x;
    }

    private Set loadCRLEntries() {
        fnfc b;
        HashSet hashSet = new HashSet();
        Enumeration a = this.c.a();
        fneg fnegVar = null;
        while (a.hasMoreElements()) {
            fnfm fnfmVar = (fnfm) a.nextElement();
            hashSet.add(new X509CRLEntryObject(fnfmVar, this.isIndirect, fnegVar));
            if (this.isIndirect && fnfmVar.d() && (b = fnfmVar.b().b(fnfc.k)) != null) {
                fnegVar = fneg.b(fnfg.a(fnfc.a(b)).b()[0].a);
            }
        }
        return hashSet;
    }

    @Override // java.security.cert.X509Extension
    public Set getCriticalExtensionOIDs() {
        return getExtensionOIDs(true);
    }

    @Override // java.security.cert.X509Extension
    public byte[] getExtensionValue(String str) {
        fmwm extensionValue = getExtensionValue(this.c, str);
        if (extensionValue == null) {
            return null;
        }
        try {
            return extensionValue.u();
        } catch (Exception e) {
            throw new IllegalStateException("error parsing ".concat(String.valueOf(e.toString())));
        }
    }

    @Override // java.security.cert.X509CRL
    public Principal getIssuerDN() {
        return new fobs(fneg.b(this.c.b().a));
    }

    @Override // java.security.cert.X509CRL
    public X500Principal getIssuerX500Principal() {
        try {
            return new X500Principal(this.c.b().u());
        } catch (IOException unused) {
            throw new IllegalStateException("can't encode issuer DN");
        }
    }

    @Override // java.security.cert.X509CRL
    public Date getNextUpdate() {
        fnfr fnfrVar = this.c.a.e;
        if (fnfrVar == null) {
            return null;
        }
        return fnfrVar.b();
    }

    @Override // java.security.cert.X509Extension
    public Set getNonCriticalExtensionOIDs() {
        return getExtensionOIDs(false);
    }

    @Override // java.security.cert.X509CRL
    public X509CRLEntry getRevokedCertificate(BigInteger bigInteger) {
        fnfc b;
        Enumeration a = this.c.a();
        fneg fnegVar = null;
        while (a.hasMoreElements()) {
            fnfm fnfmVar = (fnfm) a.nextElement();
            if (fnfmVar.a().r(bigInteger)) {
                return new X509CRLEntryObject(fnfmVar, this.isIndirect, fnegVar);
            }
            if (this.isIndirect && fnfmVar.d() && (b = fnfmVar.b().b(fnfc.k)) != null) {
                fnegVar = fneg.b(fnfg.a(fnfc.a(b)).b()[0].a);
            }
        }
        return null;
    }

    @Override // java.security.cert.X509CRL
    public Set getRevokedCertificates() {
        Set loadCRLEntries = loadCRLEntries();
        if (loadCRLEntries.isEmpty()) {
            return null;
        }
        return DesugarCollections.unmodifiableSet(loadCRLEntries);
    }

    @Override // java.security.cert.X509CRL
    public String getSigAlgName() {
        return this.sigAlgName;
    }

    @Override // java.security.cert.X509CRL
    public String getSigAlgOID() {
        return this.c.b.a.b();
    }

    @Override // java.security.cert.X509CRL
    public byte[] getSigAlgParams() {
        return fovu.h(this.sigAlgParams);
    }

    @Override // java.security.cert.X509CRL
    public byte[] getSignature() {
        return this.c.c.n();
    }

    @Override // java.security.cert.X509CRL
    public byte[] getTBSCertList() {
        try {
            return this.c.a.v("DER");
        } catch (IOException e) {
            throw new CRLException(e.toString());
        }
    }

    @Override // java.security.cert.X509CRL
    public Date getThisUpdate() {
        return this.c.a.d.b();
    }

    @Override // java.security.cert.X509CRL
    public int getVersion() {
        fmwb fmwbVar = this.c.a.a;
        if (fmwbVar == null) {
            return 1;
        }
        return fmwbVar.g() + 1;
    }

    @Override // java.security.cert.X509Extension
    public boolean hasUnsupportedCriticalExtension() {
        Set criticalExtensionOIDs = getCriticalExtensionOIDs();
        if (criticalExtensionOIDs == null) {
            return false;
        }
        criticalExtensionOIDs.remove(fnfc.j.b());
        criticalExtensionOIDs.remove(fnfc.i.b());
        return !criticalExtensionOIDs.isEmpty();
    }

    @Override // java.security.cert.CRL
    public boolean isRevoked(Certificate certificate) {
        fneg a;
        fnfc b;
        if (!certificate.getType().equals("X.509")) {
            throw new IllegalArgumentException("X.509 CRL used with non X.509 Cert");
        }
        Enumeration a2 = this.c.a();
        fneg b2 = this.c.b();
        if (a2.hasMoreElements()) {
            X509Certificate x509Certificate = (X509Certificate) certificate;
            BigInteger serialNumber = x509Certificate.getSerialNumber();
            while (a2.hasMoreElements()) {
                fnfm c = fnfm.c(a2.nextElement());
                if (this.isIndirect && c.d() && (b = c.b().b(fnfc.k)) != null) {
                    b2 = fneg.b(fnfg.a(fnfc.a(b)).b()[0].a);
                }
                if (c.a().r(serialNumber)) {
                    if (certificate instanceof X509Certificate) {
                        a = fneg.b(x509Certificate.getIssuerX500Principal().getEncoded());
                    } else {
                        try {
                            a = fneu.c(certificate.getEncoded()).a();
                        } catch (CertificateEncodingException e) {
                            throw new IllegalArgumentException("Cannot process certificate: ".concat(String.valueOf(e.getMessage())));
                        }
                    }
                    return b2.equals(a);
                }
            }
        }
        return false;
    }

    @Override // java.security.cert.CRL
    public String toString() {
        StringBuffer stringBuffer = new StringBuffer();
        String str = fowi.a;
        stringBuffer.append("              Version: ");
        stringBuffer.append(getVersion());
        stringBuffer.append(str);
        stringBuffer.append("             IssuerDN: ");
        stringBuffer.append(getIssuerDN());
        stringBuffer.append(str);
        stringBuffer.append("          This update: ");
        stringBuffer.append(getThisUpdate());
        stringBuffer.append(str);
        stringBuffer.append("          Next update: ");
        stringBuffer.append(getNextUpdate());
        stringBuffer.append(str);
        stringBuffer.append("  Signature Algorithm: ");
        stringBuffer.append(getSigAlgName());
        stringBuffer.append(str);
        X509SignatureUtil.prettyPrintSignature(getSignature(), stringBuffer, str);
        fnfd fnfdVar = this.c.a.g;
        if (fnfdVar != null) {
            Enumeration a = fnfdVar.a();
            if (a.hasMoreElements()) {
                stringBuffer.append("           Extensions: ");
                stringBuffer.append(str);
            }
            while (a.hasMoreElements()) {
                fmwk fmwkVar = (fmwk) a.nextElement();
                fnfc b = fnfdVar.b(fmwkVar);
                fmwm fmwmVar = b.x;
                if (fmwmVar != null) {
                    fmvz fmvzVar = new fmvz(fmwmVar.b);
                    stringBuffer.append("                       critical(");
                    stringBuffer.append(b.w);
                    stringBuffer.append(") ");
                    try {
                        if (fmwkVar.y(fnfc.g)) {
                            stringBuffer.append(new fnes(fmwb.n(fmvzVar.f()).j()));
                            stringBuffer.append(str);
                        } else if (fmwkVar.y(fnfc.i)) {
                            stringBuffer.append("Base CRL: " + new fnes(fmwb.n(fmvzVar.f()).j()).toString());
                            stringBuffer.append(str);
                        } else if (fmwkVar.y(fnfc.j)) {
                            stringBuffer.append(fnfh.a(fmvzVar.f()));
                            stringBuffer.append(str);
                        } else if (fmwkVar.y(fnfc.m)) {
                            stringBuffer.append(fner.a(fmvzVar.f()));
                            stringBuffer.append(str);
                        } else if (fmwkVar.y(fnfc.s)) {
                            stringBuffer.append(fner.a(fmvzVar.f()));
                            stringBuffer.append(str);
                        } else {
                            stringBuffer.append(fmwkVar.b());
                            stringBuffer.append(" value = ");
                            stringBuffer.append(fned.a(fmvzVar.f()));
                            stringBuffer.append(str);
                        }
                    } catch (Exception unused) {
                        stringBuffer.append(fmwkVar.b());
                        stringBuffer.append(" value = ");
                        stringBuffer.append("*****");
                        stringBuffer.append(str);
                    }
                } else {
                    stringBuffer.append(str);
                }
            }
        }
        Set revokedCertificates = getRevokedCertificates();
        if (revokedCertificates != null) {
            Iterator it = revokedCertificates.iterator();
            while (it.hasNext()) {
                stringBuffer.append(it.next());
                stringBuffer.append(str);
            }
        }
        return stringBuffer.toString();
    }

    @Override // java.security.cert.X509CRL
    public void verify(PublicKey publicKey) {
        doVerify(publicKey, new SignatureCreator() { // from class: org.bouncycastle.jcajce.provider.asymmetric.x509.X509CRLImpl.1
            @Override // org.bouncycastle.jcajce.provider.asymmetric.x509.SignatureCreator
            public Signature createSignature(String str) {
                try {
                    return X509CRLImpl.this.bcHelper.c(str);
                } catch (Exception unused) {
                    return Signature.getInstance(str);
                }
            }
        });
    }

    @Override // java.security.cert.X509CRL
    public void verify(PublicKey publicKey, final String str) {
        doVerify(publicKey, new SignatureCreator(this) { // from class: org.bouncycastle.jcajce.provider.asymmetric.x509.X509CRLImpl.2
            @Override // org.bouncycastle.jcajce.provider.asymmetric.x509.SignatureCreator
            public Signature createSignature(String str2) {
                String str3 = str;
                return str3 != null ? Signature.getInstance(str2, str3) : Signature.getInstance(str2);
            }
        });
    }

    @Override // java.security.cert.X509CRL
    public void verify(PublicKey publicKey, final Provider provider) {
        try {
            doVerify(publicKey, new SignatureCreator(this) { // from class: org.bouncycastle.jcajce.provider.asymmetric.x509.X509CRLImpl.3
                final /* synthetic */ X509CRLImpl this$0;

                {
                    this.this$0 = this;
                }

                @Override // org.bouncycastle.jcajce.provider.asymmetric.x509.SignatureCreator
                public Signature createSignature(String str) {
                    Provider provider2 = provider;
                    return provider2 != null ? Signature.getInstance(this.this$0.getSigAlgName(), provider2) : Signature.getInstance(this.this$0.getSigAlgName());
                }
            });
        } catch (NoSuchProviderException e) {
            throw new NoSuchAlgorithmException("provider issue: ".concat(String.valueOf(e.getMessage())));
        }
    }
}
