package org.bouncycastle.jcajce.provider.asymmetric.x509;

import java.io.BufferedOutputStream;
import java.io.IOException;
import java.math.BigInteger;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.Principal;
import java.security.Provider;
import java.security.PublicKey;
import java.security.Signature;
import java.security.SignatureException;
import java.security.cert.CRLException;
import java.security.cert.Certificate;
import java.security.cert.CertificateEncodingException;
import java.security.cert.X509CRL;
import java.security.cert.X509CRLEntry;
import java.security.cert.X509Certificate;
import java.util.Collections;
import java.util.Date;
import java.util.Enumeration;
import java.util.HashSet;
import java.util.List;
import java.util.Set;
import javax.security.auth.x500.X500Principal;
import nxt.j9;
import nxt.s5;
import nxt.vi;
import org.bouncycastle.asn1.ASN1Encodable;
import org.bouncycastle.asn1.ASN1Integer;
import org.bouncycastle.asn1.ASN1ObjectIdentifier;
import org.bouncycastle.asn1.ASN1OctetString;
import org.bouncycastle.asn1.ASN1Primitive;
import org.bouncycastle.asn1.ASN1Sequence;
import org.bouncycastle.asn1.DERBitString;
import org.bouncycastle.asn1.x500.X500Name;
import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
import org.bouncycastle.asn1.x509.CertificateList;
import org.bouncycastle.asn1.x509.Extension;
import org.bouncycastle.asn1.x509.Extensions;
import org.bouncycastle.asn1.x509.GeneralNames;
import org.bouncycastle.asn1.x509.TBSCertList;
import org.bouncycastle.asn1.x509.Time;
import org.bouncycastle.jcajce.CompositePublicKey;
import org.bouncycastle.jcajce.io.OutputStreamFactory;
import org.bouncycastle.jcajce.util.JcaJceHelper;
import org.bouncycastle.jce.X509Principal;
import org.bouncycastle.util.Arrays;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: classes.dex */
public abstract class X509CRLImpl extends X509CRL {
    public JcaJceHelper b2;
    public CertificateList c2;
    public String d2;
    public byte[] e2;
    public boolean f2;

    public X509CRLImpl(JcaJceHelper jcaJceHelper, CertificateList certificateList, String str, byte[] bArr, boolean z) {
        this.b2 = jcaJceHelper;
        this.c2 = certificateList;
        this.d2 = str;
        this.e2 = bArr;
        this.f2 = z;
    }

    public static ASN1OctetString f(CertificateList certificateList, String str) {
        Extensions extensions = certificateList.b2.h2;
        if (extensions == null) {
            return null;
        }
        Extension extension = (Extension) extensions.b2.get(new ASN1ObjectIdentifier(str));
        if (extension != null) {
            return extension.d2;
        }
        return null;
    }

    public final void a(PublicKey publicKey, Signature signature, ASN1Encodable aSN1Encodable, byte[] bArr) {
        if (aSN1Encodable != null) {
            X509SignatureUtil.f(signature, aSN1Encodable);
        }
        signature.initVerify(publicKey);
        try {
            BufferedOutputStream bufferedOutputStream = new BufferedOutputStream(OutputStreamFactory.a(signature), 512);
            this.c2.b2.c().m(bufferedOutputStream, "DER");
            bufferedOutputStream.close();
            if (!signature.verify(bArr)) {
                throw new SignatureException("CRL does not verify with supplied public key.");
            }
        } catch (IOException e) {
            throw new CRLException(e.toString());
        }
    }

    public final void b(PublicKey publicKey, SignatureCreator signatureCreator) {
        CertificateList certificateList = this.c2;
        if (!certificateList.c2.equals(certificateList.b2.c2)) {
            throw new CRLException("Signature algorithm on CertificateList does not match TBSCertList.");
        }
        int i = 0;
        if ((publicKey instanceof CompositePublicKey) && X509SignatureUtil.c(this.c2.c2)) {
            List<PublicKey> list = ((CompositePublicKey) publicKey).b2;
            ASN1Sequence v = ASN1Sequence.v(this.c2.c2.c2);
            ASN1Sequence v2 = ASN1Sequence.v(DERBitString.z(this.c2.d2).u());
            boolean z = false;
            while (i != list.size()) {
                if (list.get(i) != null) {
                    AlgorithmIdentifier j = AlgorithmIdentifier.j(v.x(i));
                    try {
                        a(list.get(i), signatureCreator.a(X509SignatureUtil.b(j)), j.c2, DERBitString.z(v2.x(i)).u());
                        e = null;
                        z = true;
                    } catch (SignatureException e) {
                        e = e;
                    }
                    if (e != null) {
                        throw e;
                    }
                }
                i++;
            }
            if (!z) {
                throw new InvalidKeyException("no matching key found");
            }
            return;
        }
        if (!X509SignatureUtil.c(this.c2.c2)) {
            Signature a = signatureCreator.a(getSigAlgName());
            byte[] bArr = this.e2;
            if (bArr == null) {
                a(publicKey, a, null, getSignature());
                return;
            }
            try {
                a(publicKey, a, ASN1Primitive.q(bArr), getSignature());
                return;
            } catch (IOException e2) {
                throw new SignatureException(s5.g(e2, j9.o("cannot decode signature parameters: ")));
            }
        }
        ASN1Sequence v3 = ASN1Sequence.v(this.c2.c2.c2);
        ASN1Sequence v4 = ASN1Sequence.v(DERBitString.z(this.c2.d2).u());
        boolean z2 = false;
        while (i != v4.size()) {
            AlgorithmIdentifier j2 = AlgorithmIdentifier.j(v3.x(i));
            try {
                a(publicKey, signatureCreator.a(X509SignatureUtil.b(j2)), j2.c2, DERBitString.z(v4.x(i)).u());
                e = null;
                z2 = true;
            } catch (InvalidKeyException | NoSuchAlgorithmException unused) {
                e = null;
            } catch (SignatureException e3) {
                e = e3;
            }
            if (e != null) {
                throw e;
            }
            i++;
        }
        if (!z2) {
            throw new InvalidKeyException("no matching key found");
        }
    }

    public final Set c(boolean z) {
        Extensions extensions;
        if (getVersion() != 2 || (extensions = this.c2.b2.h2) == null) {
            return null;
        }
        HashSet hashSet = new HashSet();
        Enumeration m = extensions.m();
        while (m.hasMoreElements()) {
            ASN1ObjectIdentifier aSN1ObjectIdentifier = (ASN1ObjectIdentifier) m.nextElement();
            if (z == extensions.j(aSN1ObjectIdentifier).c2) {
                hashSet.add(aSN1ObjectIdentifier.b2);
            }
        }
        return hashSet;
    }

    @Override // java.security.cert.X509Extension
    public Set getCriticalExtensionOIDs() {
        return c(true);
    }

    @Override // java.security.cert.X509Extension
    public byte[] getExtensionValue(String str) {
        ASN1OctetString f = f(this.c2, str);
        if (f == null) {
            return null;
        }
        try {
            return f.getEncoded();
        } catch (Exception e) {
            throw new IllegalStateException(vi.i(e, j9.o("error parsing ")));
        }
    }

    @Override // java.security.cert.X509CRL
    public Principal getIssuerDN() {
        return new X509Principal(X500Name.j(this.c2.b2.d2.f2));
    }

    @Override // java.security.cert.X509CRL
    public X500Principal getIssuerX500Principal() {
        try {
            return new X500Principal(this.c2.b2.d2.getEncoded());
        } catch (IOException unused) {
            throw new IllegalStateException("can't encode issuer DN");
        }
    }

    @Override // java.security.cert.X509CRL
    public Date getNextUpdate() {
        Time time = this.c2.b2.f2;
        if (time == null) {
            return null;
        }
        return time.j();
    }

    @Override // java.security.cert.X509Extension
    public Set getNonCriticalExtensionOIDs() {
        return c(false);
    }

    @Override // java.security.cert.X509CRL
    public X509CRLEntry getRevokedCertificate(BigInteger bigInteger) {
        Extension j;
        Enumeration k = this.c2.k();
        X500Name x500Name = null;
        while (k.hasMoreElements()) {
            TBSCertList.CRLEntry cRLEntry = (TBSCertList.CRLEntry) k.nextElement();
            if (cRLEntry.l().y(bigInteger)) {
                return new X509CRLEntryObject(cRLEntry, this.f2, x500Name);
            }
            if (this.f2 && cRLEntry.m() && (j = cRLEntry.j().j(Extension.n2)) != null) {
                x500Name = X500Name.j(GeneralNames.j(j.j()).k()[0].b2);
            }
        }
        return null;
    }

    @Override // java.security.cert.X509CRL
    public Set getRevokedCertificates() {
        Extension j;
        HashSet hashSet = new HashSet();
        Enumeration k = this.c2.k();
        X500Name x500Name = null;
        while (k.hasMoreElements()) {
            TBSCertList.CRLEntry cRLEntry = (TBSCertList.CRLEntry) k.nextElement();
            hashSet.add(new X509CRLEntryObject(cRLEntry, this.f2, x500Name));
            if (this.f2 && cRLEntry.m() && (j = cRLEntry.j().j(Extension.n2)) != null) {
                x500Name = X500Name.j(GeneralNames.j(j.j()).k()[0].b2);
            }
        }
        if (hashSet.isEmpty()) {
            return null;
        }
        return Collections.unmodifiableSet(hashSet);
    }

    @Override // java.security.cert.X509CRL
    public String getSigAlgName() {
        return this.d2;
    }

    @Override // java.security.cert.X509CRL
    public String getSigAlgOID() {
        return this.c2.c2.b2.b2;
    }

    @Override // java.security.cert.X509CRL
    public byte[] getSigAlgParams() {
        return Arrays.c(this.e2);
    }

    @Override // java.security.cert.X509CRL
    public byte[] getSignature() {
        return this.c2.d2.x();
    }

    @Override // java.security.cert.X509CRL
    public byte[] getTBSCertList() {
        try {
            return this.c2.b2.h("DER");
        } catch (IOException e) {
            throw new CRLException(e.toString());
        }
    }

    @Override // java.security.cert.X509CRL
    public Date getThisUpdate() {
        return this.c2.b2.e2.j();
    }

    @Override // java.security.cert.X509CRL
    public int getVersion() {
        ASN1Integer aSN1Integer = this.c2.b2.b2;
        if (aSN1Integer == null) {
            return 1;
        }
        return 1 + aSN1Integer.B();
    }

    @Override // java.security.cert.X509Extension
    public boolean hasUnsupportedCriticalExtension() {
        Set criticalExtensionOIDs = getCriticalExtensionOIDs();
        if (criticalExtensionOIDs == null) {
            return false;
        }
        criticalExtensionOIDs.remove(Extension.m2.b2);
        criticalExtensionOIDs.remove(Extension.l2.b2);
        return !criticalExtensionOIDs.isEmpty();
    }

    @Override // java.security.cert.CRL
    public boolean isRevoked(Certificate certificate) {
        X500Name x500Name;
        Extension j;
        if (!certificate.getType().equals("X.509")) {
            throw new IllegalArgumentException("X.509 CRL used with non X.509 Cert");
        }
        Enumeration k = this.c2.k();
        X500Name x500Name2 = this.c2.b2.d2;
        if (k.hasMoreElements()) {
            X509Certificate x509Certificate = (X509Certificate) certificate;
            BigInteger serialNumber = x509Certificate.getSerialNumber();
            while (k.hasMoreElements()) {
                TBSCertList.CRLEntry k2 = TBSCertList.CRLEntry.k(k.nextElement());
                if (this.f2 && k2.m() && (j = k2.j().j(Extension.n2)) != null) {
                    x500Name2 = X500Name.j(GeneralNames.j(j.j()).k()[0].b2);
                }
                if (k2.l().y(serialNumber)) {
                    if (certificate instanceof X509Certificate) {
                        x500Name = X500Name.j(x509Certificate.getIssuerX500Principal().getEncoded());
                    } else {
                        try {
                            x500Name = org.bouncycastle.asn1.x509.Certificate.j(certificate.getEncoded()).c2.f2;
                        } catch (CertificateEncodingException e) {
                            StringBuilder o = j9.o("Cannot process certificate: ");
                            o.append(e.getMessage());
                            throw new IllegalArgumentException(o.toString());
                        }
                    }
                    return x500Name2.equals(x500Name);
                }
            }
        }
        return false;
    }

    /*  JADX ERROR: JadxRuntimeException in pass: RegionMakerVisitor
        jadx.core.utils.exceptions.JadxRuntimeException: Can't find top splitter block for handler:B:37:0x0129
        	at jadx.core.utils.BlockUtils.getTopSplitterForHandler(BlockUtils.java:1166)
        	at jadx.core.dex.visitors.regions.RegionMaker.processTryCatchBlocks(RegionMaker.java:1022)
        	at jadx.core.dex.visitors.regions.RegionMakerVisitor.visit(RegionMakerVisitor.java:55)
        */
    /* JADX WARN: Removed duplicated region for block: B:11:0x0079  */
    /* JADX WARN: Unsupported multi-entry loop pattern (BACK_EDGE: B:11:0x0085 -> B:7:0x013a). Please report as a decompilation issue!!! */
    @Override // java.security.cert.CRL
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public java.lang.String toString() {
        /*
            Method dump skipped, instructions count: 352
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: org.bouncycastle.jcajce.provider.asymmetric.x509.X509CRLImpl.toString():java.lang.String");
    }

    @Override // java.security.cert.X509CRL
    public void verify(PublicKey publicKey) {
        b(publicKey, new SignatureCreator() { // from class: org.bouncycastle.jcajce.provider.asymmetric.x509.X509CRLImpl.1
            @Override // org.bouncycastle.jcajce.provider.asymmetric.x509.SignatureCreator
            public Signature a(String str) {
                try {
                    return X509CRLImpl.this.b2.a(str);
                } catch (Exception unused) {
                    return Signature.getInstance(str);
                }
            }
        });
    }

    @Override // java.security.cert.X509CRL
    public void verify(PublicKey publicKey, final String str) {
        b(publicKey, new SignatureCreator(this) { // from class: org.bouncycastle.jcajce.provider.asymmetric.x509.X509CRLImpl.2
            @Override // org.bouncycastle.jcajce.provider.asymmetric.x509.SignatureCreator
            public Signature a(String str2) {
                String str3 = str;
                return str3 != null ? Signature.getInstance(str2, str3) : Signature.getInstance(str2);
            }
        });
    }

    @Override // java.security.cert.X509CRL
    public void verify(PublicKey publicKey, final Provider provider) {
        try {
            b(publicKey, new SignatureCreator() { // from class: org.bouncycastle.jcajce.provider.asymmetric.x509.X509CRLImpl.3
                @Override // org.bouncycastle.jcajce.provider.asymmetric.x509.SignatureCreator
                public Signature a(String str) {
                    return provider != null ? Signature.getInstance(X509CRLImpl.this.getSigAlgName(), provider) : Signature.getInstance(X509CRLImpl.this.getSigAlgName());
                }
            });
        } catch (NoSuchProviderException e) {
            StringBuilder o = j9.o("provider issue: ");
            o.append(e.getMessage());
            throw new NoSuchAlgorithmException(o.toString());
        }
    }
}
