package org.bouncycastle.jcajce.provider.asymmetric.x509;

import cn.hutool.crypto.KeyUtil;
import com.taobao.accs.data.m;
import java.io.BufferedOutputStream;
import java.io.IOException;
import java.math.BigInteger;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.Principal;
import java.security.Provider;
import java.security.PublicKey;
import java.security.Signature;
import java.security.SignatureException;
import java.security.cert.CRLException;
import java.security.cert.Certificate;
import java.security.cert.CertificateEncodingException;
import java.security.cert.X509CRL;
import java.security.cert.X509CRLEntry;
import java.security.cert.X509Certificate;
import java.util.Collections;
import java.util.Date;
import java.util.Enumeration;
import java.util.HashSet;
import java.util.List;
import java.util.Set;
import javax.security.auth.x500.X500Principal;
import org.bouncycastle.asn1.ASN1Encodable;
import org.bouncycastle.asn1.ASN1Encoding;
import org.bouncycastle.asn1.ASN1ObjectIdentifier;
import org.bouncycastle.asn1.ASN1OctetString;
import org.bouncycastle.asn1.ASN1Primitive;
import org.bouncycastle.asn1.ASN1Sequence;
import org.bouncycastle.asn1.DERBitString;
import org.bouncycastle.asn1.a;
import org.bouncycastle.asn1.x500.X500Name;
import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
import org.bouncycastle.asn1.x509.CertificateList;
import org.bouncycastle.asn1.x509.Extension;
import org.bouncycastle.asn1.x509.Extensions;
import org.bouncycastle.asn1.x509.GeneralNames;
import org.bouncycastle.asn1.x509.TBSCertList;
import org.bouncycastle.asn1.x509.Time;
import org.bouncycastle.jcajce.CompositePublicKey;
import org.bouncycastle.jcajce.io.OutputStreamFactory;
import org.bouncycastle.jcajce.util.JcaJceHelper;
import org.bouncycastle.jce.X509Principal;
import org.bouncycastle.util.Arrays;

/* loaded from: classes8.dex */
abstract class X509CRLImpl extends X509CRL {

    /* renamed from: a, reason: collision with root package name */
    public JcaJceHelper f110301a;

    /* renamed from: b, reason: collision with root package name */
    public CertificateList f110302b;

    /* renamed from: c, reason: collision with root package name */
    public String f110303c;

    /* renamed from: d, reason: collision with root package name */
    public byte[] f110304d;

    /* renamed from: e, reason: collision with root package name */
    public boolean f110305e;

    public X509CRLImpl(JcaJceHelper jcaJceHelper, CertificateList certificateList, String str, byte[] bArr, boolean z3) {
        this.f110301a = jcaJceHelper;
        this.f110302b = certificateList;
        this.f110303c = str;
        this.f110304d = bArr;
        this.f110305e = z3;
    }

    public static byte[] f(CertificateList certificateList, String str) {
        ASN1OctetString g4 = g(certificateList, str);
        if (g4 != null) {
            return g4.T();
        }
        return null;
    }

    public static ASN1OctetString g(CertificateList certificateList, String str) {
        Extension F;
        Extensions D = certificateList.N().D();
        if (D == null || (F = D.F(new ASN1ObjectIdentifier(str))) == null) {
            return null;
        }
        return F.H();
    }

    public final void b(PublicKey publicKey, Signature signature, ASN1Encodable aSN1Encodable, byte[] bArr) throws NoSuchAlgorithmException, SignatureException, InvalidKeyException, CRLException {
        if (aSN1Encodable != null) {
            X509SignatureUtil.g(signature, aSN1Encodable);
        }
        signature.initVerify(publicKey);
        try {
            BufferedOutputStream bufferedOutputStream = new BufferedOutputStream(OutputStreamFactory.b(signature), 512);
            this.f110302b.N().A(bufferedOutputStream, ASN1Encoding.f105451a);
            bufferedOutputStream.close();
            if (!signature.verify(bArr)) {
                throw new SignatureException("CRL does not verify with supplied public key.");
            }
        } catch (IOException e4) {
            throw new CRLException(e4.toString());
        }
    }

    public final void c(PublicKey publicKey, SignatureCreator signatureCreator) throws CRLException, NoSuchAlgorithmException, InvalidKeyException, SignatureException, NoSuchProviderException {
        if (!this.f110302b.M().equals(this.f110302b.N().M())) {
            throw new CRLException("Signature algorithm on CertificateList does not match TBSCertList.");
        }
        int i4 = 0;
        if ((publicKey instanceof CompositePublicKey) && X509SignatureUtil.d(this.f110302b.M())) {
            List<PublicKey> a4 = ((CompositePublicKey) publicKey).a();
            ASN1Sequence R = ASN1Sequence.R(this.f110302b.M().H());
            ASN1Sequence R2 = ASN1Sequence.R(DERBitString.c0(this.f110302b.K()).Q());
            boolean z3 = false;
            while (i4 != a4.size()) {
                if (a4.get(i4) != null) {
                    AlgorithmIdentifier E = AlgorithmIdentifier.E(R.U(i4));
                    try {
                        b(a4.get(i4), signatureCreator.a(X509SignatureUtil.c(E)), E.H(), DERBitString.c0(R2.U(i4)).Q());
                        e = null;
                        z3 = true;
                    } catch (SignatureException e4) {
                        e = e4;
                    }
                    if (e != null) {
                        throw e;
                    }
                }
                i4++;
            }
            if (!z3) {
                throw new InvalidKeyException("no matching key found");
            }
            return;
        }
        if (!X509SignatureUtil.d(this.f110302b.M())) {
            Signature a5 = signatureCreator.a(getSigAlgName());
            byte[] bArr = this.f110304d;
            if (bArr == null) {
                b(publicKey, a5, null, getSignature());
                return;
            }
            try {
                b(publicKey, a5, ASN1Primitive.K(bArr), getSignature());
                return;
            } catch (IOException e5) {
                throw new SignatureException(a.a(e5, new StringBuilder("cannot decode signature parameters: ")));
            }
        }
        ASN1Sequence R3 = ASN1Sequence.R(this.f110302b.M().H());
        ASN1Sequence R4 = ASN1Sequence.R(DERBitString.c0(this.f110302b.K()).Q());
        boolean z4 = false;
        while (i4 != R4.size()) {
            AlgorithmIdentifier E2 = AlgorithmIdentifier.E(R3.U(i4));
            try {
                b(publicKey, signatureCreator.a(X509SignatureUtil.c(E2)), E2.H(), DERBitString.c0(R4.U(i4)).Q());
                e = null;
                z4 = true;
            } catch (InvalidKeyException | NoSuchAlgorithmException unused) {
                e = null;
            } catch (SignatureException e6) {
                e = e6;
            }
            if (e != null) {
                throw e;
            }
            i4++;
        }
        if (!z4) {
            throw new InvalidKeyException("no matching key found");
        }
    }

    public final Set e(boolean z3) {
        Extensions D;
        if (getVersion() != 2 || (D = this.f110302b.N().D()) == null) {
            return null;
        }
        HashSet hashSet = new HashSet();
        Enumeration R = D.R();
        while (R.hasMoreElements()) {
            ASN1ObjectIdentifier aSN1ObjectIdentifier = (ASN1ObjectIdentifier) R.nextElement();
            if (z3 == D.F(aSN1ObjectIdentifier).K()) {
                hashSet.add(aSN1ObjectIdentifier.V());
            }
        }
        return hashSet;
    }

    @Override // java.security.cert.X509Extension
    public Set getCriticalExtensionOIDs() {
        return e(true);
    }

    @Override // java.security.cert.X509Extension
    public byte[] getExtensionValue(String str) {
        ASN1OctetString g4 = g(this.f110302b, str);
        if (g4 == null) {
            return null;
        }
        try {
            return g4.getEncoded();
        } catch (Exception e4) {
            throw new IllegalStateException(m.a(e4, new StringBuilder("error parsing ")));
        }
    }

    @Override // java.security.cert.X509CRL
    public Principal getIssuerDN() {
        return new X509Principal(X500Name.F(this.f110302b.F().n()));
    }

    @Override // java.security.cert.X509CRL
    public X500Principal getIssuerX500Principal() {
        try {
            return new X500Principal(this.f110302b.F().getEncoded());
        } catch (IOException unused) {
            throw new IllegalStateException("can't encode issuer DN");
        }
    }

    @Override // java.security.cert.X509CRL
    public Date getNextUpdate() {
        Time H = this.f110302b.H();
        if (H == null) {
            return null;
        }
        return H.D();
    }

    @Override // java.security.cert.X509Extension
    public Set getNonCriticalExtensionOIDs() {
        return e(false);
    }

    @Override // java.security.cert.X509CRL
    public X509CRLEntry getRevokedCertificate(BigInteger bigInteger) {
        Extension F;
        Enumeration I = this.f110302b.I();
        X500Name x500Name = null;
        while (I.hasMoreElements()) {
            TBSCertList.CRLEntry cRLEntry = (TBSCertList.CRLEntry) I.nextElement();
            if (cRLEntry.H().X(bigInteger)) {
                return new X509CRLEntryObject(cRLEntry, this.f110305e, x500Name);
            }
            if (this.f110305e && cRLEntry.I() && (F = cRLEntry.D().F(Extension.f106529q)) != null) {
                x500Name = X500Name.F(GeneralNames.F(F.J()).I()[0].H());
            }
        }
        return null;
    }

    @Override // java.security.cert.X509CRL
    public Set getRevokedCertificates() {
        Set h4 = h();
        if (h4.isEmpty()) {
            return null;
        }
        return Collections.unmodifiableSet(h4);
    }

    @Override // java.security.cert.X509CRL
    public String getSigAlgName() {
        return this.f110303c;
    }

    @Override // java.security.cert.X509CRL
    public String getSigAlgOID() {
        return this.f110302b.M().D().V();
    }

    @Override // java.security.cert.X509CRL
    public byte[] getSigAlgParams() {
        return Arrays.p(this.f110304d);
    }

    @Override // java.security.cert.X509CRL
    public byte[] getSignature() {
        return this.f110302b.K().V();
    }

    @Override // java.security.cert.X509CRL
    public byte[] getTBSCertList() throws CRLException {
        try {
            return this.f110302b.N().B(ASN1Encoding.f105451a);
        } catch (IOException e4) {
            throw new CRLException(e4.toString());
        }
    }

    @Override // java.security.cert.X509CRL
    public Date getThisUpdate() {
        return this.f110302b.P().D();
    }

    @Override // java.security.cert.X509CRL
    public int getVersion() {
        return this.f110302b.Q();
    }

    public final Set h() {
        Extension F;
        HashSet hashSet = new HashSet();
        Enumeration I = this.f110302b.I();
        X500Name x500Name = null;
        while (I.hasMoreElements()) {
            TBSCertList.CRLEntry cRLEntry = (TBSCertList.CRLEntry) I.nextElement();
            hashSet.add(new X509CRLEntryObject(cRLEntry, this.f110305e, x500Name));
            if (this.f110305e && cRLEntry.I() && (F = cRLEntry.D().F(Extension.f106529q)) != null) {
                x500Name = X500Name.F(GeneralNames.F(F.J()).I()[0].H());
            }
        }
        return hashSet;
    }

    @Override // java.security.cert.X509Extension
    public boolean hasUnsupportedCriticalExtension() {
        Set criticalExtensionOIDs = getCriticalExtensionOIDs();
        if (criticalExtensionOIDs == null) {
            return false;
        }
        criticalExtensionOIDs.remove(Extension.f106528p.V());
        criticalExtensionOIDs.remove(Extension.f106527o.V());
        return !criticalExtensionOIDs.isEmpty();
    }

    @Override // java.security.cert.CRL
    public boolean isRevoked(Certificate certificate) {
        X500Name H;
        Extension F;
        if (!certificate.getType().equals(KeyUtil.f56504d)) {
            throw new IllegalArgumentException("X.509 CRL used with non X.509 Cert");
        }
        Enumeration I = this.f110302b.I();
        X500Name F2 = this.f110302b.F();
        if (I.hasMoreElements()) {
            X509Certificate x509Certificate = (X509Certificate) certificate;
            BigInteger serialNumber = x509Certificate.getSerialNumber();
            while (I.hasMoreElements()) {
                TBSCertList.CRLEntry E = TBSCertList.CRLEntry.E(I.nextElement());
                if (this.f110305e && E.I() && (F = E.D().F(Extension.f106529q)) != null) {
                    F2 = X500Name.F(GeneralNames.F(F.J()).I()[0].H());
                }
                if (E.H().X(serialNumber)) {
                    if (certificate instanceof X509Certificate) {
                        H = X500Name.F(x509Certificate.getIssuerX500Principal().getEncoded());
                    } else {
                        try {
                            H = org.bouncycastle.asn1.x509.Certificate.E(certificate.getEncoded()).H();
                        } catch (CertificateEncodingException e4) {
                            throw new IllegalArgumentException("Cannot process certificate: " + e4.getMessage());
                        }
                    }
                    return F2.equals(H);
                }
            }
        }
        return false;
    }

    /*  JADX ERROR: JadxRuntimeException in pass: RegionMakerVisitor
        jadx.core.utils.exceptions.JadxRuntimeException: Can't find top splitter block for handler:B:39:0x0144
        	at jadx.core.utils.BlockUtils.getTopSplitterForHandler(BlockUtils.java:1166)
        	at jadx.core.dex.visitors.regions.RegionMaker.processTryCatchBlocks(RegionMaker.java:1022)
        	at jadx.core.dex.visitors.regions.RegionMakerVisitor.visit(RegionMakerVisitor.java:55)
        */
    @Override // java.security.cert.CRL
    public java.lang.String toString() {
        /*
            Method dump skipped, instructions count: 370
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: org.bouncycastle.jcajce.provider.asymmetric.x509.X509CRLImpl.toString():java.lang.String");
    }

    @Override // java.security.cert.X509CRL
    public void verify(PublicKey publicKey) throws CRLException, NoSuchAlgorithmException, InvalidKeyException, NoSuchProviderException, SignatureException {
        c(publicKey, new SignatureCreator() { // from class: org.bouncycastle.jcajce.provider.asymmetric.x509.X509CRLImpl.1
            @Override // org.bouncycastle.jcajce.provider.asymmetric.x509.SignatureCreator
            public Signature a(String str) throws NoSuchAlgorithmException, NoSuchProviderException {
                try {
                    return X509CRLImpl.this.f110301a.a(str);
                } catch (Exception unused) {
                    return Signature.getInstance(str);
                }
            }
        });
    }

    @Override // java.security.cert.X509CRL
    public void verify(PublicKey publicKey, final String str) throws CRLException, NoSuchAlgorithmException, InvalidKeyException, NoSuchProviderException, SignatureException {
        c(publicKey, new SignatureCreator() { // from class: org.bouncycastle.jcajce.provider.asymmetric.x509.X509CRLImpl.2
            @Override // org.bouncycastle.jcajce.provider.asymmetric.x509.SignatureCreator
            public Signature a(String str2) throws NoSuchAlgorithmException, NoSuchProviderException {
                String str3 = str;
                return str3 != null ? Signature.getInstance(str2, str3) : Signature.getInstance(str2);
            }
        });
    }

    @Override // java.security.cert.X509CRL
    public void verify(PublicKey publicKey, final Provider provider) throws CRLException, NoSuchAlgorithmException, InvalidKeyException, SignatureException {
        try {
            c(publicKey, new SignatureCreator() { // from class: org.bouncycastle.jcajce.provider.asymmetric.x509.X509CRLImpl.3
                @Override // org.bouncycastle.jcajce.provider.asymmetric.x509.SignatureCreator
                public Signature a(String str) throws NoSuchAlgorithmException, NoSuchProviderException {
                    return provider != null ? Signature.getInstance(X509CRLImpl.this.getSigAlgName(), provider) : Signature.getInstance(X509CRLImpl.this.getSigAlgName());
                }
            });
        } catch (NoSuchProviderException e4) {
            throw new NoSuchAlgorithmException("provider issue: " + e4.getMessage());
        }
    }
}
