package bh;

import hd.b0;
import hd.c0;
import hd.k;
import hd.v;
import hd.w;
import hd.y;
import java.io.BufferedInputStream;
import java.io.InputStream;
import java.lang.ref.WeakReference;
import java.net.URL;
import java.security.GeneralSecurityException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.Provider;
import java.security.PublicKey;
import java.security.cert.CRL;
import java.security.cert.CertPathValidatorException;
import java.security.cert.CertStore;
import java.security.cert.CertStoreException;
import java.security.cert.Certificate;
import java.security.cert.CertificateFactory;
import java.security.cert.PKIXCertPathChecker;
import java.security.cert.PKIXParameters;
import java.security.cert.TrustAnchor;
import java.security.cert.X509CRL;
import java.security.cert.X509CRLSelector;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Collections;
import java.util.Date;
import java.util.Enumeration;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Set;
import java.util.WeakHashMap;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.security.auth.x500.X500Principal;
import org.bouncycastle.util.n;
import org.bouncycastle.util.p;
import p057if.i;
import qb.q;
import qb.u;

/* loaded from: classes5.dex */
public class i extends PKIXCertPathChecker {
    public static final int E = 0;
    public static final int F = 1;
    public static Logger G = Logger.getLogger(i.class.getName());
    public static final Map<b0, WeakReference<X509CRL>> H = Collections.synchronizedMap(new WeakHashMap());
    public static final String[] I = {"unspecified", "keyCompromise", "cACompromise", "affiliationChanged", "superseded", "cessationOfOperation", "certificateHold", "unknown", "removeFromCRL", "privilegeWithdrawn", "aACompromise"};
    public final long A;
    public X500Principal B;
    public PublicKey C;
    public X509Certificate D;

    /* renamed from: n, reason: collision with root package name */
    public final Map<X500Principal, Long> f2675n;

    /* renamed from: t, reason: collision with root package name */
    public final Set<TrustAnchor> f2676t;

    /* renamed from: u, reason: collision with root package name */
    public final boolean f2677u;

    /* renamed from: v, reason: collision with root package name */
    public final List<p<CRL>> f2678v;

    /* renamed from: w, reason: collision with root package name */
    public final List<CertStore> f2679w;

    /* renamed from: x, reason: collision with root package name */
    public final wf.d f2680x;

    /* renamed from: y, reason: collision with root package name */
    public final boolean f2681y;

    /* renamed from: z, reason: collision with root package name */
    public final long f2682z;

    /* loaded from: classes5.dex */
    public class a extends X509CRLSelector {

        /* renamed from: n, reason: collision with root package name */
        public final /* synthetic */ List f2683n;

        public a(List list) {
            this.f2683n = list;
        }

        @Override // java.security.cert.X509CRLSelector, java.security.cert.CRLSelector
        public boolean match(CRL crl) {
            if (!(crl instanceof X509CRL)) {
                return false;
            }
            this.f2683n.add(((X509CRL) crl).getIssuerX500Principal());
            return false;
        }
    }

    /* loaded from: classes5.dex */
    public class b implements n<CRL> {

        /* renamed from: n, reason: collision with root package name */
        public final /* synthetic */ List f2685n;

        public b(List list) {
            this.f2685n = list;
        }

        @Override // org.bouncycastle.util.n
        public Object clone() {
            return this;
        }

        @Override // org.bouncycastle.util.n
        /* renamed from: match, reason: merged with bridge method [inline-methods] */
        public boolean r(CRL crl) {
            if (!(crl instanceof X509CRL)) {
                return false;
            }
            this.f2685n.add(((X509CRL) crl).getIssuerX500Principal());
            return false;
        }
    }

    /* loaded from: classes5.dex */
    public static class c {

        /* renamed from: a, reason: collision with root package name */
        public Set<TrustAnchor> f2687a;

        /* renamed from: b, reason: collision with root package name */
        public List<CertStore> f2688b;

        /* renamed from: c, reason: collision with root package name */
        public List<p<CRL>> f2689c;

        /* renamed from: d, reason: collision with root package name */
        public boolean f2690d;

        /* renamed from: e, reason: collision with root package name */
        public int f2691e;

        /* renamed from: f, reason: collision with root package name */
        public Provider f2692f;

        /* renamed from: g, reason: collision with root package name */
        public String f2693g;

        /* renamed from: h, reason: collision with root package name */
        public boolean f2694h;

        /* renamed from: i, reason: collision with root package name */
        public long f2695i;

        /* renamed from: j, reason: collision with root package name */
        public long f2696j;

        public c(KeyStore keyStore) throws KeyStoreException {
            this.f2688b = new ArrayList();
            this.f2689c = new ArrayList();
            this.f2691e = 0;
            this.f2687a = new HashSet();
            Enumeration<String> aliases = keyStore.aliases();
            while (aliases.hasMoreElements()) {
                String nextElement = aliases.nextElement();
                if (keyStore.isCertificateEntry(nextElement)) {
                    this.f2687a.add(new TrustAnchor((X509Certificate) keyStore.getCertificate(nextElement), null));
                }
            }
        }

        public c(TrustAnchor trustAnchor) {
            this.f2688b = new ArrayList();
            this.f2689c = new ArrayList();
            this.f2691e = 0;
            this.f2687a = Collections.singleton(trustAnchor);
        }

        public c(Set<TrustAnchor> set) {
            this.f2688b = new ArrayList();
            this.f2689c = new ArrayList();
            this.f2691e = 0;
            this.f2687a = new HashSet(set);
        }

        public c j(CertStore certStore) {
            this.f2688b.add(certStore);
            return this;
        }

        public c k(p<CRL> pVar) {
            this.f2689c.add(pVar);
            return this;
        }

        public i l() {
            return new i(this, null);
        }

        public c m(boolean z10) {
            this.f2690d = z10;
            return this;
        }

        public c n(boolean z10, long j10) {
            this.f2694h = z10;
            this.f2695i = j10;
            this.f2696j = -1L;
            return this;
        }

        public c o(boolean z10, long j10) {
            this.f2694h = z10;
            this.f2695i = (3 * j10) / 4;
            this.f2696j = j10;
            return this;
        }

        public c p(String str) {
            this.f2693g = str;
            return this;
        }

        public c q(Provider provider) {
            this.f2692f = provider;
            return this;
        }
    }

    /* loaded from: classes5.dex */
    public class d<T extends CRL> implements p057if.d, org.bouncycastle.util.h<CRL> {

        /* renamed from: n, reason: collision with root package name */
        public Collection<CRL> f2697n;

        public d(p<CRL> pVar) {
            this.f2697n = new ArrayList(pVar.a(null));
        }

        @Override // p057if.d, org.bouncycastle.util.p
        public Collection a(n nVar) {
            if (nVar == null) {
                return new ArrayList(this.f2697n);
            }
            ArrayList arrayList = new ArrayList();
            for (CRL crl : this.f2697n) {
                if (nVar.r(crl)) {
                    arrayList.add(crl);
                }
            }
            return arrayList;
        }

        @Override // org.bouncycastle.util.h, java.lang.Iterable
        public Iterator<CRL> iterator() {
            return a(null).iterator();
        }
    }

    public i(c cVar) {
        wf.d gVar;
        this.f2675n = new HashMap();
        this.f2678v = new ArrayList(cVar.f2689c);
        this.f2679w = new ArrayList(cVar.f2688b);
        this.f2677u = cVar.f2690d;
        this.f2676t = cVar.f2687a;
        this.f2681y = cVar.f2694h;
        this.f2682z = cVar.f2695i;
        this.A = cVar.f2696j;
        if (cVar.f2692f != null) {
            gVar = new wf.i(cVar.f2692f);
        } else {
            if (cVar.f2693g == null) {
                this.f2680x = new wf.c();
                return;
            }
            gVar = new wf.g(cVar.f2693g);
        }
        this.f2680x = gVar;
    }

    public /* synthetic */ i(c cVar, a aVar) {
        this(cVar);
    }

    public static List<p057if.d> j(k kVar, Map<b0, p057if.d> map) throws bh.a {
        if (kVar == null) {
            return Collections.EMPTY_LIST;
        }
        try {
            v[] n10 = kVar.n();
            ArrayList arrayList = new ArrayList();
            for (v vVar : n10) {
                w o10 = vVar.o();
                if (o10 != null && o10.getType() == 0) {
                    for (b0 b0Var : c0.o(o10.p()).q()) {
                        p057if.d dVar = map.get(b0Var);
                        if (dVar != null) {
                            arrayList.add(dVar);
                        }
                    }
                }
            }
            return arrayList;
        } catch (Exception e10) {
            throw new bh.a("could not read distribution points could not be read", e10);
        }
    }

    public final void c(List<X500Principal> list, CertStore certStore) throws CertStoreException {
        certStore.getCRLs(new a(list));
    }

    @Override // java.security.cert.PKIXCertPathChecker
    public void check(Certificate certificate, Collection<String> collection) throws CertPathValidatorException {
        Logger logger;
        Level level;
        StringBuilder sb2;
        X509Certificate x509Certificate = (X509Certificate) certificate;
        if (this.f2677u && x509Certificate.getBasicConstraints() != -1) {
            this.B = x509Certificate.getSubjectX500Principal();
            this.C = x509Certificate.getPublicKey();
            this.D = x509Certificate;
            return;
        }
        if (this.B == null) {
            this.B = x509Certificate.getIssuerX500Principal();
            TrustAnchor trustAnchor = null;
            for (TrustAnchor trustAnchor2 : this.f2676t) {
                if (this.B.equals(trustAnchor2.getCA()) || this.B.equals(trustAnchor2.getTrustedCert().getSubjectX500Principal())) {
                    trustAnchor = trustAnchor2;
                }
            }
            if (trustAnchor == null) {
                throw new CertPathValidatorException("no trust anchor found for " + this.B);
            }
            X509Certificate trustedCert = trustAnchor.getTrustedCert();
            this.D = trustedCert;
            this.C = trustedCert.getPublicKey();
        }
        ArrayList arrayList = new ArrayList();
        try {
            PKIXParameters pKIXParameters = new PKIXParameters(this.f2676t);
            pKIXParameters.setRevocationEnabled(false);
            pKIXParameters.setDate(new Date());
            for (int i10 = 0; i10 != this.f2679w.size(); i10++) {
                if (G.isLoggable(Level.INFO)) {
                    c(arrayList, this.f2679w.get(i10));
                }
                pKIXParameters.addCertStore(this.f2679w.get(i10));
            }
            i.b bVar = new i.b(pKIXParameters);
            for (int i11 = 0; i11 != this.f2678v.size(); i11++) {
                if (G.isLoggable(Level.INFO)) {
                    f(arrayList, this.f2678v.get(i11));
                }
                bVar.l(new d(this.f2678v.get(i11)));
            }
            if (arrayList.isEmpty()) {
                G.log(Level.INFO, "configured with 0 pre-loaded CRLs");
            } else if (G.isLoggable(Level.FINE)) {
                for (int i12 = 0; i12 != arrayList.size(); i12++) {
                    G.log(Level.FINE, "configuring with CRL for issuer \"" + arrayList.get(i12) + "\"");
                }
            } else {
                G.log(Level.INFO, "configured with " + arrayList.size() + " pre-loaded CRLs");
            }
            try {
                h(bVar.p(), x509Certificate, pKIXParameters.getDate(), this.D, this.C, new ArrayList(), this.f2680x);
            } catch (bh.a e10) {
                throw new CertPathValidatorException(e10.getMessage(), e10.getCause());
            } catch (bh.b e11) {
                q qVar = y.K;
                if (x509Certificate.getExtensionValue(qVar.z()) == null) {
                    throw e11;
                }
                try {
                    CRL i13 = i(x509Certificate.getIssuerX500Principal(), pKIXParameters.getDate(), h.m(x509Certificate, qVar), this.f2680x);
                    if (i13 != null) {
                        try {
                            bVar.l(new d(new org.bouncycastle.util.c(Collections.singleton(i13))));
                            h(bVar.p(), x509Certificate, new Date(), this.D, this.C, new ArrayList(), this.f2680x);
                        } catch (bh.a unused) {
                            throw new CertPathValidatorException(e11.getMessage(), e11.getCause());
                        }
                    } else {
                        if (!this.f2681y) {
                            throw e11;
                        }
                        X500Principal issuerX500Principal = x509Certificate.getIssuerX500Principal();
                        Long l10 = this.f2675n.get(issuerX500Principal);
                        if (l10 != null) {
                            long currentTimeMillis = System.currentTimeMillis() - l10.longValue();
                            long j10 = this.A;
                            if (j10 != -1 && j10 < currentTimeMillis) {
                                throw e11;
                            }
                            if (currentTimeMillis < this.f2682z) {
                                logger = G;
                                level = Level.WARNING;
                                sb2 = new StringBuilder();
                            } else {
                                logger = G;
                                level = Level.SEVERE;
                                sb2 = new StringBuilder();
                            }
                            sb2.append("soft failing for issuer: \"");
                            sb2.append(issuerX500Principal);
                            sb2.append("\"");
                            logger.log(level, sb2.toString());
                        } else {
                            this.f2675n.put(issuerX500Principal, Long.valueOf(System.currentTimeMillis()));
                        }
                    }
                } catch (bh.a unused2) {
                    throw new CertPathValidatorException(e11.getMessage(), e11.getCause());
                }
            }
            this.D = x509Certificate;
            this.C = x509Certificate.getPublicKey();
            this.B = x509Certificate.getSubjectX500Principal();
        } catch (GeneralSecurityException e12) {
            throw new RuntimeException("error setting up baseParams: " + e12.getMessage());
        }
    }

    @Override // java.security.cert.PKIXCertPathChecker
    public Object clone() {
        return this;
    }

    public final void f(List<X500Principal> list, p<CRL> pVar) {
        pVar.a(new b(list));
    }

    @Override // java.security.cert.PKIXCertPathChecker
    public Set<String> getSupportedExtensions() {
        return null;
    }

    /* JADX WARN: Removed duplicated region for block: B:20:0x00ec  */
    /* JADX WARN: Removed duplicated region for block: B:27:0x00fe  */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public void h(p057if.i r21, java.security.cert.X509Certificate r22, java.util.Date r23, java.security.cert.X509Certificate r24, java.security.PublicKey r25, java.util.List r26, wf.d r27) throws bh.a, java.security.cert.CertPathValidatorException {
        /*
            Method dump skipped, instructions count: 421
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: bh.i.h(if.i, java.security.cert.X509Certificate, java.util.Date, java.security.cert.X509Certificate, java.security.PublicKey, java.util.List, wf.d):void");
    }

    /* JADX WARN: Unreachable blocks removed: 2, instructions: 3 */
    public final CRL i(X500Principal x500Principal, Date date, u uVar, wf.d dVar) {
        URL url;
        X509CRL x509crl;
        Logger logger;
        Level level;
        StringBuilder sb2;
        v[] n10 = k.o(uVar).n();
        for (int i10 = 0; i10 != n10.length; i10++) {
            w o10 = n10[i10].o();
            if (o10.getType() == 0) {
                b0[] q10 = c0.o(o10.p()).q();
                for (int i11 = 0; i11 != q10.length; i11++) {
                    b0 b0Var = q10[i11];
                    if (b0Var.e() == 6) {
                        Map<b0, WeakReference<X509CRL>> map = H;
                        WeakReference<X509CRL> weakReference = map.get(b0Var);
                        if (weakReference != null) {
                            X509CRL x509crl2 = weakReference.get();
                            if (x509crl2 != null && !date.before(x509crl2.getThisUpdate()) && !date.after(x509crl2.getNextUpdate())) {
                                return x509crl2;
                            }
                            map.remove(b0Var);
                        }
                        try {
                            url = new URL(b0Var.p().toString());
                            try {
                                CertificateFactory j10 = dVar.j("X.509");
                                InputStream openStream = url.openStream();
                                x509crl = (X509CRL) j10.generateCRL(new BufferedInputStream(openStream));
                                openStream.close();
                                logger = G;
                                level = Level.INFO;
                                sb2 = new StringBuilder();
                                sb2.append("downloaded CRL from CrlDP ");
                                sb2.append(url);
                                sb2.append(" for issuer \"");
                            } catch (Exception e10) {
                                e = e10;
                            }
                            try {
                                sb2.append(x500Principal);
                                sb2.append("\"");
                                logger.log(level, sb2.toString());
                                map.put(b0Var, new WeakReference<>(x509crl));
                                return x509crl;
                            } catch (Exception e11) {
                                e = e11;
                                Logger logger2 = G;
                                Level level2 = Level.FINE;
                                if (logger2.isLoggable(level2)) {
                                    G.log(level2, "CrlDP " + url + " ignored: " + e.getMessage(), (Throwable) e);
                                } else {
                                    G.log(Level.INFO, "CrlDP " + url + " ignored: " + e.getMessage());
                                }
                            }
                        } catch (Exception e12) {
                            e = e12;
                            url = null;
                        }
                    }
                }
            }
        }
        return null;
    }

    @Override // java.security.cert.PKIXCertPathChecker, java.security.cert.CertPathChecker
    public void init(boolean z10) throws CertPathValidatorException {
        if (z10) {
            throw new IllegalArgumentException("forward processing not supported");
        }
        this.B = null;
    }

    @Override // java.security.cert.PKIXCertPathChecker, java.security.cert.CertPathChecker
    public boolean isForwardCheckingSupported() {
        return false;
    }
}
