package org.spongycastle.jce.provider;

import java.io.IOException;
import java.math.BigInteger;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.Principal;
import java.security.PublicKey;
import java.security.Signature;
import java.security.SignatureException;
import java.security.cert.CRLException;
import java.security.cert.Certificate;
import java.security.cert.CertificateEncodingException;
import java.security.cert.X509CRL;
import java.security.cert.X509CRLEntry;
import java.security.cert.X509Certificate;
import java.util.Collections;
import java.util.Date;
import java.util.Enumeration;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Set;
import javax.security.auth.x500.X500Principal;
import t.h.a.b1;
import t.h.a.i;
import t.h.a.v2.c;
import t.h.a.w2.i0;
import t.h.a.w2.j;
import t.h.a.w2.l;
import t.h.a.w2.m;
import t.h.a.w2.s;
import t.h.a.w2.t;
import t.h.a.w2.v;
import t.h.a.w2.z;
import t.h.c.f;
import t.h.e.i.d;
import t.h.f.u.a;

/* loaded from: classes2.dex */
public class X509CRLObject extends X509CRL {
    private m c;
    private boolean isIndirect;
    private String sigAlgName;
    private byte[] sigAlgParams;

    public X509CRLObject(m mVar) throws CRLException {
        this.c = mVar;
        try {
            this.sigAlgName = X509SignatureUtil.getSignatureName(mVar.l());
            if (mVar.l().i() != null) {
                this.sigAlgParams = mVar.l().i().a().a("DER");
            } else {
                this.sigAlgParams = null;
            }
            this.isIndirect = isIndirectCRL(this);
        } catch (Exception e) {
            throw new CRLException("CRL contents invalid: " + e);
        }
    }

    private Set getExtensionOIDs(boolean z) {
        t g2;
        if (getVersion() != 2 || (g2 = this.c.m().g()) == null) {
            return null;
        }
        HashSet hashSet = new HashSet();
        Enumeration g3 = g2.g();
        while (g3.hasMoreElements()) {
            t.h.a.m mVar = (t.h.a.m) g3.nextElement();
            if (z == g2.a(mVar).c()) {
                hashSet.add(mVar.l());
            }
        }
        return hashSet;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static boolean isIndirectCRL(X509CRL x509crl) throws CRLException {
        try {
            byte[] extensionValue = x509crl.getExtensionValue(s.e.l());
            if (extensionValue != null) {
                if (z.a(a.a(extensionValue)).i()) {
                    return true;
                }
            }
            return false;
        } catch (Exception e) {
            throw new ExtCRLException("Exception reading IssuingDistributionPoint", e);
        }
    }

    private Set loadCRLEntries() {
        s a;
        HashSet hashSet = new HashSet();
        Enumeration i2 = this.c.i();
        c cVar = null;
        while (i2.hasMoreElements()) {
            i0.b bVar = (i0.b) i2.nextElement();
            hashSet.add(new X509CRLEntryObject(bVar, this.isIndirect, cVar));
            if (this.isIndirect && bVar.j() && (a = bVar.g().a(s.f7182f)) != null) {
                cVar = c.a(v.a(a.b()).g()[0].getName());
            }
        }
        return hashSet;
    }

    @Override // java.security.cert.X509Extension
    public Set getCriticalExtensionOIDs() {
        return getExtensionOIDs(true);
    }

    @Override // java.security.cert.X509CRL
    public byte[] getEncoded() throws CRLException {
        try {
            return this.c.a("DER");
        } catch (IOException e) {
            throw new CRLException(e.toString());
        }
    }

    @Override // java.security.cert.X509Extension
    public byte[] getExtensionValue(String str) {
        s a;
        t g2 = this.c.m().g();
        if (g2 == null || (a = g2.a(new t.h.a.m(str))) == null) {
            return null;
        }
        try {
            return a.a().e();
        } catch (Exception e) {
            throw new IllegalStateException("error parsing " + e.toString());
        }
    }

    @Override // java.security.cert.X509CRL
    public Principal getIssuerDN() {
        return new f(c.a(this.c.g().a()));
    }

    @Override // java.security.cert.X509CRL
    public X500Principal getIssuerX500Principal() {
        try {
            return new X500Principal(this.c.g().e());
        } catch (IOException unused) {
            throw new IllegalStateException("can't encode issuer DN");
        }
    }

    @Override // java.security.cert.X509CRL
    public Date getNextUpdate() {
        if (this.c.h() != null) {
            return this.c.h().g();
        }
        return null;
    }

    @Override // java.security.cert.X509Extension
    public Set getNonCriticalExtensionOIDs() {
        return getExtensionOIDs(false);
    }

    @Override // java.security.cert.X509CRL
    public X509CRLEntry getRevokedCertificate(BigInteger bigInteger) {
        s a;
        Enumeration i2 = this.c.i();
        c cVar = null;
        while (i2.hasMoreElements()) {
            i0.b bVar = (i0.b) i2.nextElement();
            if (bigInteger.equals(bVar.i().l())) {
                return new X509CRLEntryObject(bVar, this.isIndirect, cVar);
            }
            if (this.isIndirect && bVar.j() && (a = bVar.g().a(s.f7182f)) != null) {
                cVar = c.a(v.a(a.b()).g()[0].getName());
            }
        }
        return null;
    }

    @Override // java.security.cert.X509CRL
    public Set getRevokedCertificates() {
        Set loadCRLEntries = loadCRLEntries();
        if (loadCRLEntries.isEmpty()) {
            return null;
        }
        return Collections.unmodifiableSet(loadCRLEntries);
    }

    @Override // java.security.cert.X509CRL
    public String getSigAlgName() {
        return this.sigAlgName;
    }

    @Override // java.security.cert.X509CRL
    public String getSigAlgOID() {
        return this.c.l().g().l();
    }

    @Override // java.security.cert.X509CRL
    public byte[] getSigAlgParams() {
        byte[] bArr = this.sigAlgParams;
        if (bArr == null) {
            return null;
        }
        byte[] bArr2 = new byte[bArr.length];
        System.arraycopy(bArr, 0, bArr2, 0, bArr2.length);
        return bArr2;
    }

    @Override // java.security.cert.X509CRL
    public byte[] getSignature() {
        return this.c.k().k();
    }

    @Override // java.security.cert.X509CRL
    public byte[] getTBSCertList() throws CRLException {
        try {
            return this.c.m().a("DER");
        } catch (IOException e) {
            throw new CRLException(e.toString());
        }
    }

    @Override // java.security.cert.X509CRL
    public Date getThisUpdate() {
        return this.c.n().g();
    }

    @Override // java.security.cert.X509CRL
    public int getVersion() {
        return this.c.o();
    }

    @Override // java.security.cert.X509Extension
    public boolean hasUnsupportedCriticalExtension() {
        Set criticalExtensionOIDs = getCriticalExtensionOIDs();
        if (criticalExtensionOIDs == null) {
            return false;
        }
        criticalExtensionOIDs.remove(RFC3280CertPathUtilities.ISSUING_DISTRIBUTION_POINT);
        criticalExtensionOIDs.remove(RFC3280CertPathUtilities.DELTA_CRL_INDICATOR);
        return !criticalExtensionOIDs.isEmpty();
    }

    @Override // java.security.cert.CRL
    public boolean isRevoked(Certificate certificate) {
        c g2;
        s a;
        if (!certificate.getType().equals("X.509")) {
            throw new RuntimeException("X.509 CRL used with non X.509 Cert");
        }
        i0.b[] j2 = this.c.j();
        c g3 = this.c.g();
        if (j2 != null) {
            X509Certificate x509Certificate = (X509Certificate) certificate;
            BigInteger serialNumber = x509Certificate.getSerialNumber();
            c cVar = g3;
            for (int i2 = 0; i2 < j2.length; i2++) {
                if (this.isIndirect && j2[i2].j() && (a = j2[i2].g().a(s.f7182f)) != null) {
                    cVar = c.a(v.a(a.b()).g()[0].getName());
                }
                if (j2[i2].i().l().equals(serialNumber)) {
                    if (certificate instanceof X509Certificate) {
                        g2 = c.a(x509Certificate.getIssuerX500Principal().getEncoded());
                    } else {
                        try {
                            g2 = l.a(certificate.getEncoded()).g();
                        } catch (CertificateEncodingException unused) {
                            throw new RuntimeException("Cannot process certificate");
                        }
                    }
                    return cVar.equals(g2);
                }
            }
        }
        return false;
    }

    @Override // java.security.cert.CRL
    public String toString() {
        StringBuffer stringBuffer = new StringBuffer();
        String property = System.getProperty("line.separator");
        stringBuffer.append("              Version: ");
        stringBuffer.append(getVersion());
        stringBuffer.append(property);
        stringBuffer.append("             IssuerDN: ");
        stringBuffer.append(getIssuerDN());
        stringBuffer.append(property);
        stringBuffer.append("          This update: ");
        stringBuffer.append(getThisUpdate());
        stringBuffer.append(property);
        stringBuffer.append("          Next update: ");
        stringBuffer.append(getNextUpdate());
        stringBuffer.append(property);
        stringBuffer.append("  Signature Algorithm: ");
        stringBuffer.append(getSigAlgName());
        stringBuffer.append(property);
        byte[] signature = getSignature();
        stringBuffer.append("            Signature: ");
        stringBuffer.append(new String(d.a(signature, 0, 20)));
        stringBuffer.append(property);
        for (int i2 = 20; i2 < signature.length; i2 += 20) {
            if (i2 < signature.length - 20) {
                stringBuffer.append("                       ");
                stringBuffer.append(new String(d.a(signature, i2, 20)));
                stringBuffer.append(property);
            } else {
                stringBuffer.append("                       ");
                stringBuffer.append(new String(d.a(signature, i2, signature.length - i2)));
                stringBuffer.append(property);
            }
        }
        t g2 = this.c.m().g();
        if (g2 != null) {
            Enumeration g3 = g2.g();
            if (g3.hasMoreElements()) {
                stringBuffer.append("           Extensions: ");
                stringBuffer.append(property);
            }
            while (g3.hasMoreElements()) {
                t.h.a.m mVar = (t.h.a.m) g3.nextElement();
                s a = g2.a(mVar);
                if (a.a() != null) {
                    i iVar = new i(a.a().k());
                    stringBuffer.append("                       critical(");
                    stringBuffer.append(a.c());
                    stringBuffer.append(") ");
                    try {
                        if (mVar.equals(s.c)) {
                            stringBuffer.append(new j(b1.a((Object) iVar.d()).k()));
                            stringBuffer.append(property);
                        } else if (mVar.equals(s.d)) {
                            stringBuffer.append("Base CRL: " + new j(b1.a((Object) iVar.d()).k()));
                            stringBuffer.append(property);
                        } else if (mVar.equals(s.e)) {
                            stringBuffer.append(z.a(iVar.d()));
                            stringBuffer.append(property);
                        } else if (mVar.equals(s.f7183g)) {
                            stringBuffer.append(t.h.a.w2.i.a(iVar.d()));
                            stringBuffer.append(property);
                        } else if (mVar.equals(s.f7184h)) {
                            stringBuffer.append(t.h.a.w2.i.a(iVar.d()));
                            stringBuffer.append(property);
                        } else {
                            stringBuffer.append(mVar.l());
                            stringBuffer.append(" value = ");
                            stringBuffer.append(t.h.a.u2.a.a(iVar.d()));
                            stringBuffer.append(property);
                        }
                    } catch (Exception unused) {
                        stringBuffer.append(mVar.l());
                        stringBuffer.append(" value = ");
                        stringBuffer.append("*****");
                        stringBuffer.append(property);
                    }
                } else {
                    stringBuffer.append(property);
                }
            }
        }
        Set revokedCertificates = getRevokedCertificates();
        if (revokedCertificates != null) {
            Iterator it = revokedCertificates.iterator();
            while (it.hasNext()) {
                stringBuffer.append(it.next());
                stringBuffer.append(property);
            }
        }
        return stringBuffer.toString();
    }

    @Override // java.security.cert.X509CRL
    public void verify(PublicKey publicKey) throws CRLException, NoSuchAlgorithmException, InvalidKeyException, NoSuchProviderException, SignatureException {
        verify(publicKey, BouncyCastleProvider.PROVIDER_NAME);
    }

    @Override // java.security.cert.X509CRL
    public void verify(PublicKey publicKey, String str) throws CRLException, NoSuchAlgorithmException, InvalidKeyException, NoSuchProviderException, SignatureException {
        if (!this.c.l().equals(this.c.m().l())) {
            throw new CRLException("Signature algorithm on CertificateList does not match TBSCertList.");
        }
        Signature signature = str != null ? Signature.getInstance(getSigAlgName(), str) : Signature.getInstance(getSigAlgName());
        signature.initVerify(publicKey);
        signature.update(getTBSCertList());
        if (!signature.verify(getSignature())) {
            throw new SignatureException("CRL does not verify with supplied public key.");
        }
    }
}
