package org.spongycastle.jce.provider;

import com.anonyome.phonenumber.ui.di.a;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.math.BigInteger;
import java.security.PublicKey;
import java.security.cert.CRLException;
import java.security.cert.CertPath;
import java.security.cert.CertPathValidatorException;
import java.security.cert.CertStore;
import java.security.cert.CertStoreException;
import java.security.cert.Certificate;
import java.security.cert.PolicyQualifierInfo;
import java.security.cert.TrustAnchor;
import java.security.cert.X509CRL;
import java.security.cert.X509CRLEntry;
import java.security.cert.X509CRLSelector;
import java.security.cert.X509CertSelector;
import java.security.cert.X509Certificate;
import java.security.cert.X509Extension;
import java.security.interfaces.DSAParams;
import java.security.interfaces.DSAPublicKey;
import java.security.spec.DSAPublicKeySpec;
import java.text.ParseException;
import java.util.ArrayList;
import java.util.Collections;
import java.util.Date;
import java.util.Enumeration;
import java.util.HashSet;
import java.util.Iterator;
import java.util.LinkedHashSet;
import java.util.List;
import java.util.Map;
import java.util.Set;
import javax.security.auth.x500.X500Principal;
import org.spongycastle.asn1.ASN1Encodable;
import org.spongycastle.asn1.ASN1Enumerated;
import org.spongycastle.asn1.ASN1GeneralizedTime;
import org.spongycastle.asn1.ASN1InputStream;
import org.spongycastle.asn1.ASN1Integer;
import org.spongycastle.asn1.ASN1OctetString;
import org.spongycastle.asn1.ASN1OutputStream;
import org.spongycastle.asn1.ASN1Primitive;
import org.spongycastle.asn1.ASN1Sequence;
import org.spongycastle.asn1.isismtt.ISISMTTObjectIdentifiers;
import org.spongycastle.asn1.x500.X500Name;
import org.spongycastle.asn1.x500.style.RFC4519Style;
import org.spongycastle.asn1.x509.AlgorithmIdentifier;
import org.spongycastle.asn1.x509.AuthorityKeyIdentifier;
import org.spongycastle.asn1.x509.CRLDistPoint;
import org.spongycastle.asn1.x509.DistributionPoint;
import org.spongycastle.asn1.x509.DistributionPointName;
import org.spongycastle.asn1.x509.Extension;
import org.spongycastle.asn1.x509.GeneralName;
import org.spongycastle.asn1.x509.GeneralNames;
import org.spongycastle.asn1.x509.SubjectPublicKeyInfo;
import org.spongycastle.jcajce.PKIXCRLStore;
import org.spongycastle.jcajce.PKIXCRLStoreSelector;
import org.spongycastle.jcajce.PKIXCertStore;
import org.spongycastle.jcajce.PKIXCertStoreSelector;
import org.spongycastle.jcajce.PKIXExtendedParameters;
import org.spongycastle.jcajce.util.BCJcaJceHelper;
import org.spongycastle.jce.exception.ExtCertPathValidatorException;
import org.spongycastle.util.Arrays;
import org.spongycastle.util.Store;
import org.spongycastle.util.StoreException;
import org.spongycastle.x509.X509AttributeCertificate;

/* loaded from: classes4.dex */
class CertPathValidatorUtilities {

    /* renamed from: a, reason: collision with root package name */
    public static final PKIXCRLUtil f56111a = new PKIXCRLUtil();

    /* renamed from: b, reason: collision with root package name */
    public static final String f56112b;

    /* renamed from: c, reason: collision with root package name */
    public static final String f56113c;

    /* renamed from: d, reason: collision with root package name */
    public static final String f56114d;

    static {
        Extension.f54085p.getClass();
        Extension.f54077h.getClass();
        Extension.f54086q.getClass();
        Extension.f54075f.getClass();
        Extension.f54083n.getClass();
        Extension.f54074e.getClass();
        Extension.v.getClass();
        f56112b = Extension.f54081l.f53443b;
        Extension.f54080k.getClass();
        Extension.f54088s.getClass();
        Extension.f54090u.getClass();
        Extension.f54084o.getClass();
        f56113c = Extension.f54087r.f53443b;
        f56114d = Extension.f54078i.f53443b;
    }

    public static LinkedHashSet a(PKIXCertStoreSelector pKIXCertStoreSelector, List list) {
        LinkedHashSet linkedHashSet = new LinkedHashSet();
        for (Object obj : list) {
            if (obj instanceof Store) {
                try {
                    linkedHashSet.addAll(((Store) obj).a(pKIXCertStoreSelector));
                } catch (StoreException e11) {
                    throw new AnnotatedException("Problem while picking certificates from X.509 store.", e11);
                }
            } else {
                try {
                    linkedHashSet.addAll(PKIXCertStoreSelector.a(pKIXCertStoreSelector, (CertStore) obj));
                } catch (CertStoreException e12) {
                    throw new AnnotatedException("Problem while picking certificates from certificate store.", e12);
                }
            }
        }
        return linkedHashSet;
    }

    public static LinkedHashSet b(X509Certificate x509Certificate, List list, ArrayList arrayList) {
        X509CertSelector x509CertSelector = new X509CertSelector();
        try {
            x509CertSelector.setSubject(X500Name.k(x509Certificate.getIssuerX500Principal().getEncoded()).i());
            try {
                byte[] extensionValue = x509Certificate.getExtensionValue(f56113c);
                if (extensionValue != null) {
                    ASN1OctetString aSN1OctetString = AuthorityKeyIdentifier.k(ASN1OctetString.t(extensionValue).w()).f54043b;
                    byte[] w = aSN1OctetString != null ? aSN1OctetString.w() : null;
                    if (w != null) {
                        x509CertSelector.setSubjectKeyIdentifier(new ASN1OctetString(w).i());
                    }
                }
            } catch (Exception unused) {
            }
            PKIXCertStoreSelector a11 = new PKIXCertStoreSelector.Builder(x509CertSelector).a();
            LinkedHashSet linkedHashSet = new LinkedHashSet();
            try {
                ArrayList arrayList2 = new ArrayList();
                arrayList2.addAll(a(a11, list));
                arrayList2.addAll(a(a11, arrayList));
                Iterator it = arrayList2.iterator();
                while (it.hasNext()) {
                    linkedHashSet.add((X509Certificate) it.next());
                }
                return linkedHashSet;
            } catch (AnnotatedException e11) {
                throw new AnnotatedException("Issuer certificate cannot be searched.", e11);
            }
        } catch (IOException e12) {
            throw new AnnotatedException("Subject criteria for certificate selector to find issuer certificate could not be set.", e12);
        }
    }

    public static TrustAnchor c(X509Certificate x509Certificate, Set set, String str) {
        X509CertSelector x509CertSelector = new X509CertSelector();
        X500Name a11 = PrincipalUtils.a(x509Certificate);
        try {
            x509CertSelector.setSubject(a11.i());
            Iterator it = set.iterator();
            TrustAnchor trustAnchor = null;
            Exception exc = null;
            PublicKey publicKey = null;
            while (it.hasNext() && trustAnchor == null) {
                trustAnchor = (TrustAnchor) it.next();
                if (trustAnchor.getTrustedCert() != null) {
                    if (x509CertSelector.match(trustAnchor.getTrustedCert())) {
                        publicKey = trustAnchor.getTrustedCert().getPublicKey();
                    }
                    trustAnchor = null;
                } else {
                    if (trustAnchor.getCAName() != null && trustAnchor.getCAPublicKey() != null) {
                        try {
                            if (a11.equals(X500Name.k(trustAnchor.getCA().getEncoded()))) {
                                publicKey = trustAnchor.getCAPublicKey();
                            }
                        } catch (IllegalArgumentException unused) {
                        }
                    }
                    trustAnchor = null;
                }
                if (publicKey != null) {
                    if (str == null) {
                        try {
                            x509Certificate.verify(publicKey);
                        } catch (Exception e11) {
                            exc = e11;
                            trustAnchor = null;
                            publicKey = null;
                        }
                    } else {
                        x509Certificate.verify(publicKey, str);
                    }
                }
            }
            if (trustAnchor != null || exc == null) {
                return trustAnchor;
            }
            throw new AnnotatedException("TrustAnchor found but certificate validation failed.", exc);
        } catch (IOException e12) {
            throw new AnnotatedException("Cannot set subject search criteria for trust anchor.", e12);
        }
    }

    public static List d(byte[] bArr, Map map) {
        if (bArr == null) {
            return Collections.EMPTY_LIST;
        }
        GeneralName[] l11 = GeneralNames.k(ASN1OctetString.t(bArr).w()).l();
        ArrayList arrayList = new ArrayList();
        for (int i3 = 0; i3 != l11.length; i3++) {
            PKIXCertStore pKIXCertStore = (PKIXCertStore) map.get(l11[i3]);
            if (pKIXCertStore != null) {
                arrayList.add(pKIXCertStore);
            }
        }
        return arrayList;
    }

    public static List e(CRLDistPoint cRLDistPoint, Map map) {
        if (cRLDistPoint == null) {
            return Collections.EMPTY_LIST;
        }
        try {
            DistributionPoint[] k11 = cRLDistPoint.k();
            ArrayList arrayList = new ArrayList();
            for (DistributionPoint distributionPoint : k11) {
                DistributionPointName distributionPointName = distributionPoint.f54067b;
                if (distributionPointName != null && distributionPointName.f54071c == 0) {
                    for (GeneralName generalName : GeneralNames.k(distributionPointName.f54070b).l()) {
                        PKIXCRLStore pKIXCRLStore = (PKIXCRLStore) map.get(generalName);
                        if (pKIXCRLStore != null) {
                            arrayList.add(pKIXCRLStore);
                        }
                    }
                }
            }
            return arrayList;
        } catch (Exception e11) {
            throw new AnnotatedException("Distribution points could not be read.", e11);
        }
    }

    public static AlgorithmIdentifier f(PublicKey publicKey) {
        try {
            return SubjectPublicKeyInfo.k(new ASN1InputStream(publicKey.getEncoded()).j()).f54143b;
        } catch (Exception e11) {
            throw new ExtCertPathValidatorException("Subject public key cannot be decoded.", e11);
        }
    }

    public static void g(DistributionPoint distributionPoint, HashSet hashSet, X509CRLSelector x509CRLSelector) {
        ArrayList arrayList = new ArrayList();
        GeneralNames generalNames = distributionPoint.f54069d;
        if (generalNames != null) {
            for (GeneralName generalName : generalNames.l()) {
                if (generalName.f54102c == 4) {
                    try {
                        arrayList.add(X500Name.k(generalName.f54101b.b().i()));
                    } catch (IOException e11) {
                        throw new AnnotatedException("CRL issuer information from distribution point cannot be decoded.", e11);
                    }
                }
            }
        } else {
            if (distributionPoint.f54067b == null) {
                throw new AnnotatedException("CRL issuer is omitted from distribution point but no distributionPoint field present.", null);
            }
            Iterator it = hashSet.iterator();
            while (it.hasNext()) {
                arrayList.add(it.next());
            }
        }
        Iterator it2 = arrayList.iterator();
        while (it2.hasNext()) {
            try {
                x509CRLSelector.addIssuerName(((X500Name) it2.next()).i());
            } catch (IOException e12) {
                throw new AnnotatedException("Cannot decode CRL issuer information.", e12);
            }
        }
    }

    public static void h(Date date, X509CRL x509crl, Object obj, CertStatus certStatus) {
        X509CRLEntry revokedCertificate;
        ASN1Enumerated t11;
        try {
            if (X509CRLObject.c(x509crl)) {
                revokedCertificate = x509crl.getRevokedCertificate(((X509Certificate) obj).getSerialNumber());
                if (revokedCertificate == null) {
                    return;
                }
                X500Principal certificateIssuer = revokedCertificate.getCertificateIssuer();
                if (!PrincipalUtils.a(obj).equals(certificateIssuer == null ? X500Name.k(x509crl.getIssuerX500Principal().getEncoded()) : X500Name.k(certificateIssuer.getEncoded()))) {
                    return;
                }
            } else if (!PrincipalUtils.a(obj).equals(X500Name.k(x509crl.getIssuerX500Principal().getEncoded())) || (revokedCertificate = x509crl.getRevokedCertificate(((X509Certificate) obj).getSerialNumber())) == null) {
                return;
            }
            if (revokedCertificate.hasExtensions()) {
                try {
                    t11 = ASN1Enumerated.t(k(revokedCertificate, Extension.f54079j.f53443b));
                } catch (Exception e11) {
                    throw new AnnotatedException("Reason code CRL entry extension could not be decoded.", e11);
                }
            } else {
                t11 = null;
            }
            if (date.getTime() >= revokedCertificate.getRevocationDate().getTime() || t11 == null || t11.v().intValue() == 0 || t11.v().intValue() == 1 || t11.v().intValue() == 2 || t11.v().intValue() == 8) {
                if (t11 != null) {
                    certStatus.f56115a = t11.v().intValue();
                } else {
                    certStatus.f56115a = 0;
                }
                certStatus.f56116b = revokedCertificate.getRevocationDate();
            }
        } catch (CRLException e12) {
            throw new AnnotatedException("Failed check for indirect CRL.", e12);
        }
    }

    public static HashSet i(DistributionPoint distributionPoint, Object obj, PKIXExtendedParameters pKIXExtendedParameters) {
        X509CRLSelector x509CRLSelector = new X509CRLSelector();
        try {
            HashSet hashSet = new HashSet();
            hashSet.add(PrincipalUtils.a(obj));
            g(distributionPoint, hashSet, x509CRLSelector);
            if (obj instanceof X509Certificate) {
                x509CRLSelector.setCertificateChecking((X509Certificate) obj);
            }
            PKIXCRLStoreSelector.Builder builder = new PKIXCRLStoreSelector.Builder(x509CRLSelector);
            builder.f55566b = true;
            PKIXCRLStoreSelector pKIXCRLStoreSelector = new PKIXCRLStoreSelector(builder);
            pKIXExtendedParameters.a();
            Date a11 = pKIXExtendedParameters.a();
            PKIXCRLUtil pKIXCRLUtil = f56111a;
            List<CertStore> certStores = pKIXExtendedParameters.f55580b.getCertStores();
            pKIXCRLUtil.getClass();
            HashSet a12 = PKIXCRLUtil.a(pKIXCRLStoreSelector, a11, certStores, pKIXExtendedParameters.f55585g);
            if (!a12.isEmpty()) {
                return a12;
            }
            if (obj instanceof X509AttributeCertificate) {
                throw new AnnotatedException("No CRLs found for issuer \"" + ((X509AttributeCertificate) obj).f().a()[0] + "\"", null);
            }
            throw new AnnotatedException("No CRLs found for issuer \"" + RFC4519Style.f54021i.b(X500Name.k(((X509Certificate) obj).getIssuerX500Principal().getEncoded())) + "\"", null);
        } catch (AnnotatedException e11) {
            throw new AnnotatedException("Could not get issuer information from distribution point.", e11);
        }
    }

    public static HashSet j(Date date, X509CRL x509crl, List list, List list2) {
        X509CRLSelector x509CRLSelector = new X509CRLSelector();
        try {
            x509CRLSelector.addIssuerName(X500Name.k(x509crl.getIssuerX500Principal().getEncoded()).i());
            try {
                ASN1Primitive k11 = k(x509crl, f56114d);
                BigInteger w = k11 != null ? ASN1Integer.t(k11).w() : null;
                try {
                    byte[] extensionValue = x509crl.getExtensionValue(f56112b);
                    x509CRLSelector.setMinCRLNumber(w != null ? w.add(BigInteger.valueOf(1L)) : null);
                    PKIXCRLStoreSelector.Builder builder = new PKIXCRLStoreSelector.Builder(x509CRLSelector);
                    builder.f55568d = Arrays.c(extensionValue);
                    builder.f55569e = true;
                    builder.f55567c = w;
                    PKIXCRLStoreSelector pKIXCRLStoreSelector = new PKIXCRLStoreSelector(builder);
                    f56111a.getClass();
                    HashSet a11 = PKIXCRLUtil.a(pKIXCRLStoreSelector, date, list, list2);
                    HashSet hashSet = new HashSet();
                    Iterator it = a11.iterator();
                    while (it.hasNext()) {
                        X509CRL x509crl2 = (X509CRL) it.next();
                        Set<String> criticalExtensionOIDs = x509crl2.getCriticalExtensionOIDs();
                        if (criticalExtensionOIDs != null && criticalExtensionOIDs.contains(RFC3280CertPathUtilities.f56152e)) {
                            hashSet.add(x509crl2);
                        }
                    }
                    return hashSet;
                } catch (Exception e11) {
                    throw new AnnotatedException("Issuing distribution point extension value could not be read.", e11);
                }
            } catch (Exception e12) {
                throw new AnnotatedException("CRL number extension could not be extracted from CRL.", e12);
            }
        } catch (IOException e13) {
            throw new AnnotatedException("Cannot extract issuer from CRL.", e13);
        }
    }

    public static ASN1Primitive k(X509Extension x509Extension, String str) {
        byte[] extensionValue = x509Extension.getExtensionValue(str);
        if (extensionValue == null) {
            return null;
        }
        try {
            return new ASN1InputStream(((ASN1OctetString) new ASN1InputStream(extensionValue).j()).w()).j();
        } catch (Exception e11) {
            throw new AnnotatedException(a.e("exception processing extension ", str), e11);
        }
    }

    public static PublicKey l(List list, int i3, BCJcaJceHelper bCJcaJceHelper) {
        DSAPublicKey dSAPublicKey;
        PublicKey publicKey = ((Certificate) list.get(i3)).getPublicKey();
        if (!(publicKey instanceof DSAPublicKey)) {
            return publicKey;
        }
        DSAPublicKey dSAPublicKey2 = (DSAPublicKey) publicKey;
        if (dSAPublicKey2.getParams() != null) {
            return dSAPublicKey2;
        }
        do {
            i3++;
            if (i3 >= list.size()) {
                throw new CertPathValidatorException("DSA parameters cannot be inherited from previous certificate.");
            }
            PublicKey publicKey2 = ((X509Certificate) list.get(i3)).getPublicKey();
            if (!(publicKey2 instanceof DSAPublicKey)) {
                throw new CertPathValidatorException("DSA parameters cannot be inherited from previous certificate.");
            }
            dSAPublicKey = (DSAPublicKey) publicKey2;
        } while (dSAPublicKey.getParams() == null);
        DSAParams params = dSAPublicKey.getParams();
        try {
            return bCJcaJceHelper.d().generatePublic(new DSAPublicKeySpec(dSAPublicKey2.getY(), params.getP(), params.getQ(), params.getG()));
        } catch (Exception e11) {
            throw new RuntimeException(e11.getMessage());
        }
    }

    public static final HashSet m(ASN1Sequence aSN1Sequence) {
        HashSet hashSet = new HashSet();
        if (aSN1Sequence == null) {
            return hashSet;
        }
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        ASN1OutputStream aSN1OutputStream = new ASN1OutputStream(byteArrayOutputStream);
        Enumeration x11 = aSN1Sequence.x();
        while (x11.hasMoreElements()) {
            try {
                aSN1OutputStream.g((ASN1Encodable) x11.nextElement());
                hashSet.add(new PolicyQualifierInfo(byteArrayOutputStream.toByteArray()));
                byteArrayOutputStream.reset();
            } catch (IOException e11) {
                throw new ExtCertPathValidatorException("Policy qualifier info cannot be decoded.", e11);
            }
        }
        return hashSet;
    }

    public static Date n(PKIXExtendedParameters pKIXExtendedParameters, CertPath certPath, int i3) {
        if (pKIXExtendedParameters.f55589k == 1 && i3 > 0) {
            int i6 = i3 - 1;
            if (i6 != 0) {
                return ((X509Certificate) certPath.getCertificates().get(i6)).getNotBefore();
            }
            try {
                byte[] extensionValue = ((X509Certificate) certPath.getCertificates().get(i6)).getExtensionValue(ISISMTTObjectIdentifiers.f53671a.f53443b);
                ASN1GeneralizedTime v = extensionValue != null ? ASN1GeneralizedTime.v(ASN1Primitive.n(extensionValue)) : null;
                if (v == null) {
                    return ((X509Certificate) certPath.getCertificates().get(i6)).getNotBefore();
                }
                try {
                    return v.t();
                } catch (ParseException e11) {
                    throw new AnnotatedException("Date from date of cert gen extension could not be parsed.", e11);
                }
            } catch (IOException unused) {
                throw new AnnotatedException("Date of cert gen extension could not be read.", null);
            } catch (IllegalArgumentException unused2) {
                throw new AnnotatedException("Date of cert gen extension could not be read.", null);
            }
        }
        return pKIXExtendedParameters.a();
    }

    public static PKIXPolicyNode o(PKIXPolicyNode pKIXPolicyNode, List[] listArr, PKIXPolicyNode pKIXPolicyNode2) {
        PKIXPolicyNode pKIXPolicyNode3 = (PKIXPolicyNode) pKIXPolicyNode2.getParent();
        if (pKIXPolicyNode == null) {
            return null;
        }
        if (pKIXPolicyNode3 != null) {
            pKIXPolicyNode3.f56141a.remove(pKIXPolicyNode2);
            p(listArr, pKIXPolicyNode2);
            return pKIXPolicyNode;
        }
        for (int i3 = 0; i3 < listArr.length; i3++) {
            listArr[i3] = new ArrayList();
        }
        return null;
    }

    public static void p(List[] listArr, PKIXPolicyNode pKIXPolicyNode) {
        listArr[pKIXPolicyNode.getDepth()].remove(pKIXPolicyNode);
        if (!pKIXPolicyNode.f56141a.isEmpty()) {
            Iterator children = pKIXPolicyNode.getChildren();
            while (children.hasNext()) {
                p(listArr, (PKIXPolicyNode) children.next());
            }
        }
    }
}
