package org.bouncycastle.pkix.jcajce;

import com.salesforce.marketingcloud.messages.iam.j;
import java.io.IOException;
import java.math.BigInteger;
import java.security.PublicKey;
import java.security.cert.CRLException;
import java.security.cert.CertPathValidatorException;
import java.security.cert.CertStore;
import java.security.cert.CertStoreException;
import java.security.cert.Certificate;
import java.security.cert.X509CRL;
import java.security.cert.X509CRLEntry;
import java.security.cert.X509CRLSelector;
import java.security.cert.X509Certificate;
import java.security.cert.X509Extension;
import java.security.interfaces.DSAParams;
import java.security.interfaces.DSAPublicKey;
import java.security.spec.DSAPublicKeySpec;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Date;
import java.util.HashSet;
import java.util.Iterator;
import java.util.LinkedHashSet;
import java.util.List;
import java.util.Set;
import javax.security.auth.x500.X500Principal;
import org.bouncycastle.asn1.ASN1Enumerated;
import org.bouncycastle.asn1.ASN1Integer;
import org.bouncycastle.asn1.ASN1ObjectIdentifier;
import org.bouncycastle.asn1.ASN1OctetString;
import org.bouncycastle.asn1.ASN1Primitive;
import org.bouncycastle.asn1.x500.X500Name;
import org.bouncycastle.asn1.x500.style.RFC4519Style;
import org.bouncycastle.asn1.x509.DistributionPoint;
import org.bouncycastle.asn1.x509.Extension;
import org.bouncycastle.asn1.x509.GeneralName;
import org.bouncycastle.asn1.x509.IssuingDistributionPoint;
import org.bouncycastle.jcajce.PKIXCRLStore;
import org.bouncycastle.jcajce.PKIXCRLStoreSelector;
import org.bouncycastle.jcajce.PKIXCertStoreSelector;
import org.bouncycastle.jcajce.util.JcaJceHelper;
import org.bouncycastle.util.Store;
import org.bouncycastle.util.StoreException;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: classes4.dex */
public class RevocationUtilities {

    /* renamed from: a, reason: collision with root package name */
    protected static final PKIXCRLUtil f83921a = new PKIXCRLUtil();

    /* renamed from: b, reason: collision with root package name */
    protected static final String f83922b = Extension.f79296w.T();

    /* renamed from: c, reason: collision with root package name */
    protected static final String f83923c = Extension.f79286m.T();

    /* renamed from: d, reason: collision with root package name */
    protected static final String f83924d = Extension.f79297x.T();

    /* renamed from: e, reason: collision with root package name */
    protected static final String f83925e = Extension.f79284k.T();

    /* renamed from: f, reason: collision with root package name */
    protected static final String f83926f = Extension.f79294u.T();

    /* renamed from: g, reason: collision with root package name */
    protected static final String f83927g = Extension.f79282i.T();

    /* renamed from: h, reason: collision with root package name */
    protected static final String f83928h = Extension.f79270C.T();

    /* renamed from: i, reason: collision with root package name */
    protected static final String f83929i = Extension.f79292s.T();

    /* renamed from: j, reason: collision with root package name */
    protected static final String f83930j = Extension.f79291r.T();

    /* renamed from: k, reason: collision with root package name */
    protected static final String f83931k = Extension.f79299z.T();

    /* renamed from: l, reason: collision with root package name */
    protected static final String f83932l = Extension.f79269B.T();

    /* renamed from: m, reason: collision with root package name */
    protected static final String f83933m = Extension.f79295v.T();

    /* renamed from: n, reason: collision with root package name */
    protected static final String f83934n = Extension.f79298y.T();

    /* renamed from: o, reason: collision with root package name */
    protected static final String f83935o = Extension.f79287n.T();

    /* renamed from: p, reason: collision with root package name */
    protected static final String[] f83936p = {"unspecified", "keyCompromise", "cACompromise", "affiliationChanged", "superseded", "cessationOfOperation", "certificateHold", j.f34159h, "removeFromCRL", "privilegeWithdrawn", "aACompromise"};

    RevocationUtilities() {
    }

    static void a(Set set, Object obj) {
        if (set.isEmpty()) {
            throw new CRLNotFoundException("No CRLs found for issuer \"" + RFC4519Style.f79176V.f(X500Name.A(((X509Certificate) obj).getIssuerX500Principal().getEncoded())) + "\"");
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static Collection b(PKIXCertStoreSelector pKIXCertStoreSelector, List list2) {
        LinkedHashSet linkedHashSet = new LinkedHashSet();
        for (Object obj : list2) {
            if (obj instanceof Store) {
                try {
                    linkedHashSet.addAll(((Store) obj).d(pKIXCertStoreSelector));
                } catch (StoreException e10) {
                    throw new AnnotatedException("Problem while picking certificates from X.509 store.", e10);
                }
            } else {
                try {
                    linkedHashSet.addAll(PKIXCertStoreSelector.c(pKIXCertStoreSelector, (CertStore) obj));
                } catch (CertStoreException e11) {
                    throw new AnnotatedException("Problem while picking certificates from certificate store.", e11);
                }
            }
        }
        return linkedHashSet;
    }

    protected static void c(DistributionPoint distributionPoint, Collection collection, X509CRLSelector x509CRLSelector) {
        ArrayList arrayList = new ArrayList();
        if (distributionPoint.B() != null) {
            GeneralName[] E10 = distributionPoint.B().E();
            for (int i10 = 0; i10 < E10.length; i10++) {
                if (E10[i10].F() == 4) {
                    try {
                        arrayList.add(X500Name.A(E10[i10].E().o().getEncoded()));
                    } catch (IOException e10) {
                        throw new AnnotatedException("CRL issuer information from distribution point cannot be decoded.", e10);
                    }
                }
            }
        } else {
            if (distributionPoint.C() == null) {
                throw new AnnotatedException("CRL issuer is omitted from distribution point but no distributionPoint field present.");
            }
            Iterator it = collection.iterator();
            while (it.hasNext()) {
                arrayList.add(it.next());
            }
        }
        Iterator it2 = arrayList.iterator();
        while (it2.hasNext()) {
            try {
                x509CRLSelector.addIssuerName(((X500Name) it2.next()).getEncoded());
            } catch (IOException e11) {
                throw new AnnotatedException("Cannot decode CRL issuer information.", e11);
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static void d(Date date, X509CRL x509crl, Object obj, CertStatus certStatus) {
        X509CRLEntry revokedCertificate;
        ASN1Enumerated M10;
        try {
            if (l(x509crl)) {
                revokedCertificate = x509crl.getRevokedCertificate(j(obj));
                if (revokedCertificate == null) {
                    return;
                }
                X500Principal certificateIssuer = revokedCertificate.getCertificateIssuer();
                if (!X500Name.A(((X509Certificate) obj).getIssuerX500Principal().getEncoded()).equals(certificateIssuer == null ? X500Name.A(x509crl.getIssuerX500Principal()) : X500Name.A(certificateIssuer.getEncoded()))) {
                    return;
                }
            } else if (!X500Name.A(((X509Certificate) obj).getIssuerX500Principal().getEncoded()).equals(X500Name.A(x509crl.getIssuerX500Principal().getEncoded())) || (revokedCertificate = x509crl.getRevokedCertificate(j(obj))) == null) {
                return;
            }
            if (revokedCertificate.hasExtensions()) {
                try {
                    M10 = ASN1Enumerated.M(g(revokedCertificate, Extension.f79288o));
                } catch (Exception e10) {
                    throw new AnnotatedException("Reason code CRL entry extension could not be decoded.", e10);
                }
            } else {
                M10 = null;
            }
            if (date.getTime() >= revokedCertificate.getRevocationDate().getTime() || M10 == null || M10.P().intValue() == 0 || M10.P().intValue() == 1 || M10.P().intValue() == 2 || M10.P().intValue() == 8) {
                certStatus.c(M10 != null ? M10.P().intValue() : 0);
                certStatus.d(revokedCertificate.getRevocationDate());
            }
        } catch (CRLException e11) {
            throw new AnnotatedException("Failed check for indirect CRL.", e11);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static Set e(DistributionPoint distributionPoint, Object obj, Date date, List list2, List list3) {
        X509CRLSelector x509CRLSelector = new X509CRLSelector();
        try {
            HashSet hashSet = new HashSet();
            hashSet.add(X500Name.A(((X509Certificate) obj).getIssuerX500Principal().getEncoded()));
            c(distributionPoint, hashSet, x509CRLSelector);
            if (obj instanceof X509Certificate) {
                x509CRLSelector.setCertificateChecking((X509Certificate) obj);
            }
            Set b10 = f83921a.b(new PKIXCRLStoreSelector.Builder(x509CRLSelector).h(true).g(), date, list2, list3);
            a(b10, obj);
            return b10;
        } catch (AnnotatedException e10) {
            throw new AnnotatedException("Could not get issuer information from distribution point.", e10);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static Set f(Date date, X509CRL x509crl, List<CertStore> list2, List<PKIXCRLStore> list3) {
        X509CRLSelector x509CRLSelector = new X509CRLSelector();
        try {
            x509CRLSelector.addIssuerName(X500Name.A(x509crl.getIssuerX500Principal().getEncoded()).getEncoded());
            try {
                ASN1Primitive g10 = g(x509crl, Extension.f79287n);
                BigInteger P10 = g10 != null ? ASN1Integer.M(g10).P() : null;
                try {
                    byte[] extensionValue = x509crl.getExtensionValue(f83929i);
                    x509CRLSelector.setMinCRLNumber(P10 != null ? P10.add(BigInteger.valueOf(1L)) : null);
                    PKIXCRLStoreSelector.Builder builder = new PKIXCRLStoreSelector.Builder(x509CRLSelector);
                    builder.i(extensionValue);
                    builder.j(true);
                    builder.k(P10);
                    Set<X509CRL> b10 = f83921a.b(builder.g(), date, list2, list3);
                    HashSet hashSet = new HashSet();
                    for (X509CRL x509crl2 : b10) {
                        if (k(x509crl2)) {
                            hashSet.add(x509crl2);
                        }
                    }
                    return hashSet;
                } catch (Exception e10) {
                    throw new AnnotatedException("issuing distribution point extension value could not be read", e10);
                }
            } catch (Exception e11) {
                throw new AnnotatedException("cannot extract CRL number extension from CRL", e11);
            }
        } catch (IOException e12) {
            throw new AnnotatedException("cannot extract issuer from CRL.", e12);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static ASN1Primitive g(X509Extension x509Extension, ASN1ObjectIdentifier aSN1ObjectIdentifier) {
        byte[] extensionValue = x509Extension.getExtensionValue(aSN1ObjectIdentifier.T());
        if (extensionValue == null) {
            return null;
        }
        return i(aSN1ObjectIdentifier, extensionValue);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static PublicKey h(List list2, int i10, JcaJceHelper jcaJceHelper) {
        DSAPublicKey dSAPublicKey;
        PublicKey publicKey = ((Certificate) list2.get(i10)).getPublicKey();
        if (!(publicKey instanceof DSAPublicKey)) {
            return publicKey;
        }
        DSAPublicKey dSAPublicKey2 = (DSAPublicKey) publicKey;
        if (dSAPublicKey2.getParams() != null) {
            return dSAPublicKey2;
        }
        do {
            i10++;
            if (i10 >= list2.size()) {
                throw new CertPathValidatorException("DSA parameters cannot be inherited from previous certificate.");
            }
            PublicKey publicKey2 = ((X509Certificate) list2.get(i10)).getPublicKey();
            if (!(publicKey2 instanceof DSAPublicKey)) {
                throw new CertPathValidatorException("DSA parameters cannot be inherited from previous certificate.");
            }
            dSAPublicKey = (DSAPublicKey) publicKey2;
        } while (dSAPublicKey.getParams() == null);
        DSAParams params = dSAPublicKey.getParams();
        try {
            return jcaJceHelper.g("DSA").generatePublic(new DSAPublicKeySpec(dSAPublicKey2.getY(), params.getP(), params.getQ(), params.getG()));
        } catch (Exception e10) {
            throw new RuntimeException(e10.getMessage());
        }
    }

    private static ASN1Primitive i(ASN1ObjectIdentifier aSN1ObjectIdentifier, byte[] bArr) {
        try {
            return ASN1Primitive.I(ASN1OctetString.M(bArr).P());
        } catch (Exception e10) {
            throw new AnnotatedException("exception processing extension " + aSN1ObjectIdentifier, e10);
        }
    }

    private static BigInteger j(Object obj) {
        return ((X509Certificate) obj).getSerialNumber();
    }

    private static boolean k(X509CRL x509crl) {
        Set<String> criticalExtensionOIDs = x509crl.getCriticalExtensionOIDs();
        if (criticalExtensionOIDs == null) {
            return false;
        }
        return criticalExtensionOIDs.contains(RFC3280CertPathUtilities.f83916d);
    }

    public static boolean l(X509CRL x509crl) {
        try {
            byte[] extensionValue = x509crl.getExtensionValue(Extension.f79292s.T());
            if (extensionValue != null) {
                if (IssuingDistributionPoint.E(ASN1OctetString.M(extensionValue).P()).G()) {
                    return true;
                }
            }
            return false;
        } catch (Exception e10) {
            throw new CRLException("exception reading IssuingDistributionPoint", e10);
        }
    }
}
