package g90;

import g70.p;
import g70.t;
import g70.u;
import g70.v;
import java.io.IOException;
import java.security.PublicKey;
import java.security.cert.CertPathBuilder;
import java.security.cert.CertPathBuilderException;
import java.security.cert.CertPathValidatorException;
import java.security.cert.Certificate;
import java.security.cert.X509CRL;
import java.security.cert.X509CRLSelector;
import java.security.cert.X509CertSelector;
import java.security.cert.X509Certificate;
import java.security.cert.X509Extension;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Date;
import java.util.Enumeration;
import java.util.HashSet;
import java.util.Iterator;
import java.util.LinkedHashSet;
import java.util.List;
import java.util.Set;
import q40.a0;
import q40.e0;
import q40.l0;
import q40.x;
import q40.y;
import x20.f0;
import x20.i0;
import x20.m2;

/* loaded from: classes11.dex */
public class k {

    /* renamed from: a, reason: collision with root package name */
    public static final String f46619a = a0.f83144p.R0();

    /* renamed from: b, reason: collision with root package name */
    public static final String f46620b = a0.f83153y.R0();

    /* renamed from: c, reason: collision with root package name */
    public static final String f46621c = a0.f83143o.R0();

    /* renamed from: d, reason: collision with root package name */
    public static final String f46622d = a0.f83138j.R0();

    /* renamed from: e, reason: collision with root package name */
    public static final String f46623e = a0.f83150v.R0();

    /* renamed from: f, reason: collision with root package name */
    public static final int f46624f = 5;

    /* renamed from: g, reason: collision with root package name */
    public static final int f46625g = 6;

    /* JADX WARN: Code restructure failed: missing block: B:60:0x0133, code lost:
    
        return;
     */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public static void a(q40.x r19, g70.v r20, java.util.Date r21, java.util.Date r22, java.security.cert.X509Certificate r23, java.security.cert.X509Certificate r24, java.security.PublicKey r25, g90.e r26, g90.l r27, java.util.List r28, k70.f r29) throws g90.a, g90.b {
        /*
            Method dump skipped, instructions count: 318
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: g90.k.a(q40.x, g70.v, java.util.Date, java.util.Date, java.security.cert.X509Certificate, java.security.cert.X509Certificate, java.security.PublicKey, g90.e, g90.l, java.util.List, k70.f):void");
    }

    public static Set b(v vVar, Date date, X509Certificate x509Certificate, X509CRL x509crl) throws a {
        HashSet hashSet = new HashSet();
        if (vVar.D()) {
            try {
                x20.a0 a0Var = a0.f83153y;
                q40.m g02 = q40.m.g0(m.h(x509Certificate, a0Var));
                if (g02 == null) {
                    try {
                        g02 = q40.m.g0(m.h(x509crl, a0Var));
                    } catch (a e11) {
                        throw new a("Freshest CRL extension could not be decoded from CRL.", e11);
                    }
                }
                if (g02 != null) {
                    ArrayList arrayList = new ArrayList();
                    arrayList.addAll(vVar.k());
                    try {
                        arrayList.addAll(m.c(g02, vVar.r()));
                        try {
                            hashSet.addAll(m.g(date, x509crl, vVar.n(), arrayList));
                        } catch (a e12) {
                            throw new a("Exception obtaining delta CRLs.", e12);
                        }
                    } catch (a e13) {
                        throw new a("No new delta CRL locations could be added from Freshest CRL extension.", e13);
                    }
                }
            } catch (a e14) {
                throw new a("Freshest CRL extension could not be decoded from certificate.", e14);
            }
        }
        return hashSet;
    }

    public static Set[] c(v vVar, Date date, Date date2, X509Certificate x509Certificate, X509CRL x509crl) throws a {
        X509CRLSelector x509CRLSelector = new X509CRLSelector();
        x509CRLSelector.setCertificateChecking(x509Certificate);
        try {
            x509CRLSelector.addIssuerName(x509crl.getIssuerX500Principal().getEncoded());
            p.b bVar = new p.b(x509CRLSelector);
            bVar.f46362c = true;
            Set b11 = h.b(new g70.p(bVar), date2, vVar.n(), vVar.k());
            HashSet hashSet = new HashSet();
            if (vVar.D()) {
                try {
                    hashSet.addAll(m.g(date2, x509crl, vVar.n(), vVar.k()));
                } catch (a e11) {
                    throw new a("Exception obtaining delta CRLs.", e11);
                }
            }
            return new Set[]{b11, hashSet};
        } catch (IOException e12) {
            throw new a(r0.a.a("Cannot extract issuer from CRL.", e12), e12);
        }
    }

    public static void d(x xVar, Object obj, X509CRL x509crl) throws a {
        f0 h11 = m.h(x509crl, a0.f83144p);
        boolean z11 = true;
        boolean z12 = h11 != null && l0.h0(h11).D0();
        byte[] encoded = x509crl.getIssuerX500Principal().getEncoded();
        if (xVar.Y() != null) {
            e0[] w02 = xVar.Y().w0();
            boolean z13 = false;
            for (int i11 = 0; i11 < w02.length; i11++) {
                if (w02[i11].o() == 4) {
                    try {
                        if (Arrays.equals(w02[i11].h0().r().getEncoded(), encoded)) {
                            z13 = true;
                        }
                    } catch (IOException e11) {
                        throw new a("CRL issuer information from distribution point cannot be decoded.", e11);
                    }
                }
            }
            if (z13 && !z12) {
                throw new a("Distribution point contains cRLIssuer field but CRL is not indirect.", null);
            }
            if (!z13) {
                throw new a("CRL issuer of CRL does not match CRL issuer of distribution point.", null);
            }
            z11 = z13;
        } else if (!x509crl.getIssuerX500Principal().equals(((X509Certificate) obj).getIssuerX500Principal())) {
            z11 = false;
        }
        if (!z11) {
            throw new a("Cannot find matching CRL issuer for certificate.", null);
        }
    }

    public static void e(x xVar, Object obj, X509CRL x509crl) throws a {
        e0[] e0VarArr;
        try {
            l0 h02 = l0.h0(m.h(x509crl, a0.f83144p));
            if (h02 != null) {
                if (h02.g0() != null) {
                    y g02 = l0.h0(h02).g0();
                    ArrayList arrayList = new ArrayList();
                    boolean z11 = false;
                    if (g02.w0() == 0) {
                        for (e0 e0Var : q40.f0.g0(g02.h0()).w0()) {
                            arrayList.add(e0Var);
                        }
                    }
                    if (g02.w0() == 1) {
                        x20.j jVar = new x20.j();
                        try {
                            Enumeration R0 = i0.L0(x509crl.getIssuerX500Principal().getEncoded()).R0();
                            while (R0.hasMoreElements()) {
                                jVar.a((x20.i) R0.nextElement());
                            }
                            jVar.a(g02.h0());
                            arrayList.add(new e0(o40.d.g0(new m2(jVar))));
                        } catch (Exception e11) {
                            throw new a("Could not read CRL issuer.", e11);
                        }
                    }
                    if (xVar.g0() != null) {
                        y g03 = xVar.g0();
                        e0[] w02 = g03.w0() == 0 ? q40.f0.g0(g03.h0()).w0() : null;
                        if (g03.w0() == 1) {
                            if (xVar.Y() != null) {
                                e0VarArr = xVar.Y().w0();
                            } else {
                                e0VarArr = new e0[1];
                                try {
                                    e0VarArr[0] = new e0(o40.d.g0(((X509Certificate) obj).getIssuerX500Principal().getEncoded()));
                                } catch (Exception e12) {
                                    throw new a("Could not read certificate issuer.", e12);
                                }
                            }
                            w02 = e0VarArr;
                            for (int i11 = 0; i11 < w02.length; i11++) {
                                Enumeration R02 = i0.L0(w02[i11].h0().r()).R0();
                                x20.j jVar2 = new x20.j();
                                while (R02.hasMoreElements()) {
                                    jVar2.a((x20.i) R02.nextElement());
                                }
                                jVar2.a(g03.h0());
                                w02[i11] = new e0(o40.d.g0(new m2(jVar2)));
                            }
                        }
                        if (w02 != null) {
                            int i12 = 0;
                            while (true) {
                                if (i12 >= w02.length) {
                                    break;
                                }
                                if (arrayList.contains(w02[i12])) {
                                    z11 = true;
                                    break;
                                }
                                i12++;
                            }
                        }
                        if (!z11) {
                            throw new a("No match for certificate CRL issuing distribution point name to cRLIssuer CRL distribution point.", null);
                        }
                    } else {
                        if (xVar.Y() == null) {
                            throw new a("Either the cRLIssuer or the distributionPoint field must be contained in DistributionPoint.", null);
                        }
                        e0[] w03 = xVar.Y().w0();
                        int i13 = 0;
                        while (true) {
                            if (i13 >= w03.length) {
                                break;
                            }
                            if (arrayList.contains(w03[i13])) {
                                z11 = true;
                                break;
                            }
                            i13++;
                        }
                        if (!z11) {
                            throw new a("No match for certificate CRL issuing distribution point name to cRLIssuer CRL distribution point.", null);
                        }
                    }
                }
                try {
                    q40.l Y = q40.l.Y(m.h((X509Extension) obj, a0.f83138j));
                    if (obj instanceof X509Certificate) {
                        if (h02.G0() && Y != null && Y.C0()) {
                            throw new a("CA Cert CRL only contains user certificates.", null);
                        }
                        if (h02.F0() && (Y == null || !Y.C0())) {
                            throw new a("End CRL only contains CA certificates.", null);
                        }
                    }
                    if (h02.E0()) {
                        throw new a("onlyContainsAttributeCerts boolean is asserted.", null);
                    }
                } catch (Exception e13) {
                    throw new a("Basic constraints extension could not be decoded.", e13);
                }
            }
        } catch (Exception e14) {
            throw new a("Issuing distribution point extension could not be decoded.", e14);
        }
    }

    public static void f(X509CRL x509crl, X509CRL x509crl2, v vVar) throws a {
        if (x509crl == null) {
            return;
        }
        try {
            x20.a0 a0Var = a0.f83144p;
            l0 h02 = l0.h0(m.h(x509crl2, a0Var));
            if (vVar.D()) {
                if (!x509crl.getIssuerX500Principal().equals(x509crl2.getIssuerX500Principal())) {
                    throw new a("complete CRL issuer does not match delta CRL issuer", null);
                }
                try {
                    l0 h03 = l0.h0(m.h(x509crl, a0Var));
                    boolean z11 = true;
                    if (h02 != null ? !h02.equals(h03) : h03 != null) {
                        z11 = false;
                    }
                    if (!z11) {
                        throw new a("Issuing distribution point extension from delta CRL and complete CRL does not match.", null);
                    }
                    try {
                        x20.a0 a0Var2 = a0.f83150v;
                        f0 h11 = m.h(x509crl2, a0Var2);
                        try {
                            f0 h12 = m.h(x509crl, a0Var2);
                            if (h11 == null) {
                                throw new a("CRL authority key identifier is null.", null);
                            }
                            if (h12 == null) {
                                throw new a("Delta CRL authority key identifier is null.", null);
                            }
                            if (!h11.C0(h12)) {
                                throw new a("Delta CRL authority key identifier does not match complete CRL authority key identifier.", null);
                            }
                        } catch (a e11) {
                            throw new a("Authority key identifier extension could not be extracted from delta CRL.", e11);
                        }
                    } catch (a e12) {
                        throw new a("Authority key identifier extension could not be extracted from complete CRL.", e12);
                    }
                } catch (Exception e13) {
                    throw new a("Issuing distribution point extension from delta CRL could not be decoded.", e13);
                }
            }
        } catch (Exception e14) {
            throw new a("issuing distribution point extension could not be decoded.", e14);
        }
    }

    public static l g(X509CRL x509crl, x xVar) throws a {
        try {
            l0 h02 = l0.h0(m.h(x509crl, a0.f83144p));
            if (h02 != null && h02.C0() != null && xVar.C0() != null) {
                return new l(xVar.C0()).d(new l(h02.C0()));
            }
            if ((h02 == null || h02.C0() == null) && xVar.C0() == null) {
                return l.f46626b;
            }
            return (xVar.C0() == null ? l.f46626b : new l(xVar.C0())).d(h02 == null ? l.f46626b : new l(h02.C0()));
        } catch (Exception e11) {
            throw new a("Issuing distribution point extension could not be decoded.", e11);
        }
    }

    public static Set h(X509CRL x509crl, Object obj, X509Certificate x509Certificate, PublicKey publicKey, v vVar, List list, k70.f fVar) throws a {
        int i11;
        X509CertSelector x509CertSelector = new X509CertSelector();
        try {
            x509CertSelector.setSubject(x509crl.getIssuerX500Principal().getEncoded());
            t<? extends Certificate> a11 = new t.b(x509CertSelector).a();
            LinkedHashSet linkedHashSet = new LinkedHashSet();
            try {
                m.b(linkedHashSet, a11, vVar.o());
                m.b(linkedHashSet, a11, vVar.n());
                linkedHashSet.add(x509Certificate);
                ArrayList arrayList = new ArrayList();
                ArrayList arrayList2 = new ArrayList();
                Iterator it = linkedHashSet.iterator();
                while (true) {
                    if (!it.hasNext()) {
                        break;
                    }
                    X509Certificate x509Certificate2 = (X509Certificate) it.next();
                    if (x509Certificate2.equals(x509Certificate)) {
                        arrayList.add(x509Certificate2);
                        arrayList2.add(publicKey);
                    } else {
                        try {
                            CertPathBuilder n11 = fVar.n("PKIX");
                            X509CertSelector x509CertSelector2 = new X509CertSelector();
                            x509CertSelector2.setCertificate(x509Certificate2);
                            v.b bVar = new v.b(vVar);
                            bVar.f46399d = new t.b(x509CertSelector2).a();
                            if (list.contains(x509Certificate2)) {
                                bVar.f46404i = false;
                            } else {
                                bVar.f46404i = true;
                            }
                            List<? extends Certificate> certificates = n11.build(new u(new u.b(new v(bVar)))).getCertPath().getCertificates();
                            arrayList.add(x509Certificate2);
                            arrayList2.add(m.k(certificates, 0, fVar));
                        } catch (CertPathBuilderException e11) {
                            throw new a("CertPath for CRL signer failed to validate.", e11);
                        } catch (CertPathValidatorException e12) {
                            throw new a("Public key of issuer certificate of CRL could not be retrieved.", e12);
                        } catch (Exception e13) {
                            throw new a(e13.getMessage(), null);
                        }
                    }
                }
                HashSet hashSet = new HashSet();
                a aVar = null;
                for (i11 = 0; i11 < arrayList.size(); i11++) {
                    boolean[] keyUsage = ((X509Certificate) arrayList.get(i11)).getKeyUsage();
                    if (keyUsage == null || (keyUsage.length > 6 && keyUsage[6])) {
                        hashSet.add(arrayList2.get(i11));
                    } else {
                        aVar = new a("Issuer certificate key usage extension does not permit CRL signing.", null);
                    }
                }
                if (hashSet.isEmpty() && aVar == null) {
                    throw new a("Cannot find a valid issuer certificate.", null);
                }
                if (!hashSet.isEmpty() || aVar == null) {
                    return hashSet;
                }
                throw aVar;
            } catch (a e14) {
                throw new a("Issuer certificate for CRL cannot be searched.", e14);
            }
        } catch (IOException e15) {
            throw new a("subject criteria for certificate selector to find issuer certificate for CRL could not be set", e15);
        }
    }

    public static PublicKey i(X509CRL x509crl, Set set) throws a {
        Iterator it = set.iterator();
        Exception e11 = null;
        while (it.hasNext()) {
            PublicKey publicKey = (PublicKey) it.next();
            try {
                x509crl.verify(publicKey);
                return publicKey;
            } catch (Exception e12) {
                e11 = e12;
            }
        }
        throw new a("Cannot verify CRL.", e11);
    }

    public static X509CRL j(Set set, PublicKey publicKey) throws a {
        Iterator it = set.iterator();
        Exception e11 = null;
        while (it.hasNext()) {
            X509CRL x509crl = (X509CRL) it.next();
            try {
                x509crl.verify(publicKey);
                return x509crl;
            } catch (Exception e12) {
                e11 = e12;
            }
        }
        if (e11 == null) {
            return null;
        }
        throw new a("Cannot verify delta CRL.", e11);
    }

    public static void k(Date date, X509CRL x509crl, Object obj, e eVar, v vVar) throws a {
        if (!vVar.D() || x509crl == null) {
            return;
        }
        m.e(date, x509crl, obj, eVar);
    }

    public static void l(Date date, X509CRL x509crl, Object obj, e eVar) throws a {
        if (eVar.a() == 11) {
            m.e(date, x509crl, obj, eVar);
        }
    }
}
