package km;

import java.security.GeneralSecurityException;
import java.security.cert.CertPathBuilderException;
import java.security.cert.X509CRL;
import java.security.cert.X509CRLEntry;
import java.security.cert.X509Certificate;
import java.util.Date;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Optional;
import java.util.Set;
import java.util.function.Predicate;
import javax.security.auth.x500.X500Principal;
import org.bouncycastle.jce.provider.AnnotatedException;
import x20.a0;

/* compiled from: CMSVerifyUtil.java */
/* loaded from: classes7.dex */
public final class i {
    public static void b(X509Certificate x509Certificate, nb0.e<u40.k> eVar, Date date, List<n> list, Map<X500Principal, s> map) throws GeneralSecurityException, AnnotatedException {
        boolean z11 = true;
        while (z11) {
            X509CRL orElse = e(x509Certificate, map).orElse(null);
            if (orElse == null) {
                throw new AnnotatedException("No crl issuered by " + x509Certificate.getIssuerX500Principal().getName() + " is found.");
            }
            if (date.after(orElse.getNextUpdate())) {
                throw new CertPathBuilderException(p.PKI_CERT_DATETIME_EXPIRED.toString());
            }
            X509Certificate k11 = q.k(eVar, orElse.getIssuerX500Principal(), list);
            q.b(k11);
            orElse.verify(k11.getPublicKey());
            X509CRLEntry revokedCertificate = orElse.getRevokedCertificate(x509Certificate);
            if (revokedCertificate != null) {
                if (q.c(revokedCertificate.getRevocationReason()) != p.OK) {
                    throw new AnnotatedException("Certificate has revoked");
                }
                if (revokedCertificate.getRevocationDate().before(date)) {
                    throw new AnnotatedException("CRL revoke date is before timestamp date");
                }
            }
            if (orElse.getThisUpdate().before(k11.getNotBefore()) || orElse.getThisUpdate().after(k11.getNotAfter())) {
                throw new CertPathBuilderException("CRL issue time is not in the period of validity of issuer.");
            }
            if (orElse.getNextUpdate().before(date)) {
                throw new AnnotatedException("Crl issuerd by" + x509Certificate.getIssuerX500Principal().getName() + " is not valid.");
            }
            if (q.l(k11)) {
                z11 = false;
            } else {
                x509Certificate = k11;
            }
        }
    }

    public static void c(q40.b bVar, Set<q40.b> set) throws AnnotatedException {
        a0 W = bVar.W();
        q.a(W.R0());
        Iterator<q40.b> it = set.iterator();
        while (it.hasNext()) {
            if (it.next().W().C0(W)) {
                return;
            }
        }
        throw new AnnotatedException("Algorithm is not in AlgorithmSet.");
    }

    public static void d(String str) throws AnnotatedException {
        if (!str.equals(g40.u.f46214u2.R0())) {
            throw new AnnotatedException("signedData Oid error.");
        }
    }

    public static Optional<X509CRL> e(final X509Certificate x509Certificate, Map<X500Principal, s> map) throws GeneralSecurityException {
        Optional<Map.Entry<X500Principal, s>> findFirst = map.entrySet().stream().filter(new Predicate() { // from class: km.h
            @Override // java.util.function.Predicate
            public final boolean test(Object obj) {
                return i.f(x509Certificate, (Map.Entry) obj);
            }
        }).findFirst();
        return findFirst.isPresent() ? Optional.of(q.d(findFirst.get().getValue().c())) : Optional.empty();
    }

    public static /* synthetic */ boolean f(X509Certificate x509Certificate, Map.Entry entry) {
        return ((X500Principal) entry.getKey()).equals(x509Certificate.getIssuerX500Principal());
    }
}
