package org.bouncycastle.jcajce.provider.asymmetric.x509;

import java.io.BufferedOutputStream;
import java.io.IOException;
import java.math.BigInteger;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.Principal;
import java.security.Provider;
import java.security.PublicKey;
import java.security.Signature;
import java.security.SignatureException;
import java.security.cert.CRLException;
import java.security.cert.Certificate;
import java.security.cert.CertificateEncodingException;
import java.security.cert.X509CRL;
import java.security.cert.X509CRLEntry;
import java.security.cert.X509Certificate;
import java.util.Collections;
import java.util.Date;
import java.util.Enumeration;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Set;
import javax.security.auth.x500.X500Principal;
import org.bouncycastle.asn1.ASN1BitString;
import org.bouncycastle.asn1.ASN1Encodable;
import org.bouncycastle.asn1.ASN1Encoding;
import org.bouncycastle.asn1.ASN1InputStream;
import org.bouncycastle.asn1.ASN1Integer;
import org.bouncycastle.asn1.ASN1ObjectIdentifier;
import org.bouncycastle.asn1.ASN1OctetString;
import org.bouncycastle.asn1.ASN1Primitive;
import org.bouncycastle.asn1.ASN1Sequence;
import org.bouncycastle.asn1.util.ASN1Dump;
import org.bouncycastle.asn1.x500.X500Name;
import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
import org.bouncycastle.asn1.x509.CRLDistPoint;
import org.bouncycastle.asn1.x509.CRLNumber;
import org.bouncycastle.asn1.x509.CertificateList;
import org.bouncycastle.asn1.x509.Extension;
import org.bouncycastle.asn1.x509.Extensions;
import org.bouncycastle.asn1.x509.GeneralNames;
import org.bouncycastle.asn1.x509.IssuingDistributionPoint;
import org.bouncycastle.asn1.x509.TBSCertList;
import org.bouncycastle.asn1.x509.Time;
import org.bouncycastle.jcajce.CompositePublicKey;
import org.bouncycastle.jcajce.io.OutputStreamFactory;
import org.bouncycastle.jcajce.util.JcaJceHelper;
import org.bouncycastle.jce.X509Principal;
import org.bouncycastle.util.Arrays;
import org.bouncycastle.util.Strings;

/* loaded from: input_file:org/bouncycastle/jcajce/provider/asymmetric/x509/X509CRLImpl.class */
abstract class X509CRLImpl extends X509CRL {
    protected JcaJceHelper lI;
    protected CertificateList lf;
    protected String lj;
    protected byte[] lt;
    protected boolean lb;

    /* JADX INFO: Access modifiers changed from: package-private */
    public X509CRLImpl(JcaJceHelper jcaJceHelper, CertificateList certificateList, String str, byte[] bArr, boolean z) {
        this.lI = jcaJceHelper;
        this.lf = certificateList;
        this.lj = str;
        this.lt = bArr;
        this.lb = z;
    }

    @Override // java.security.cert.X509Extension
    public boolean hasUnsupportedCriticalExtension() {
        Set criticalExtensionOIDs = getCriticalExtensionOIDs();
        if (criticalExtensionOIDs == null) {
            return false;
        }
        criticalExtensionOIDs.remove(Extension.ly.lf());
        criticalExtensionOIDs.remove(Extension.lc.lf());
        return !criticalExtensionOIDs.isEmpty();
    }

    private Set lI(boolean z) {
        Extensions lh;
        if (getVersion() != 2 || (lh = this.lf.lI().lh()) == null) {
            return null;
        }
        HashSet hashSet = new HashSet();
        Enumeration lI = lh.lI();
        while (lI.hasMoreElements()) {
            ASN1ObjectIdentifier aSN1ObjectIdentifier = (ASN1ObjectIdentifier) lI.nextElement();
            if (z == lh.lI(aSN1ObjectIdentifier).lf()) {
                hashSet.add(aSN1ObjectIdentifier.lf());
            }
        }
        return hashSet;
    }

    @Override // java.security.cert.X509Extension
    public Set getCriticalExtensionOIDs() {
        return lI(true);
    }

    @Override // java.security.cert.X509Extension
    public Set getNonCriticalExtensionOIDs() {
        return lI(false);
    }

    @Override // java.security.cert.X509Extension
    public byte[] getExtensionValue(String str) {
        ASN1OctetString lf = lf(this.lf, str);
        if (null == lf) {
            return null;
        }
        try {
            return lf.l0if();
        } catch (Exception e) {
            throw new IllegalStateException("error parsing " + e.toString());
        }
    }

    @Override // java.security.cert.X509CRL
    public void verify(PublicKey publicKey) throws CRLException, NoSuchAlgorithmException, InvalidKeyException, NoSuchProviderException, SignatureException {
        lI(publicKey, new SignatureCreator() { // from class: org.bouncycastle.jcajce.provider.asymmetric.x509.X509CRLImpl.1
            @Override // org.bouncycastle.jcajce.provider.asymmetric.x509.SignatureCreator
            public Signature lI(String str) throws NoSuchAlgorithmException, NoSuchProviderException {
                try {
                    return X509CRLImpl.this.lI.lc(str);
                } catch (Exception e) {
                    return Signature.getInstance(str);
                }
            }
        });
    }

    @Override // java.security.cert.X509CRL
    public void verify(PublicKey publicKey, final String str) throws CRLException, NoSuchAlgorithmException, InvalidKeyException, NoSuchProviderException, SignatureException {
        lI(publicKey, new SignatureCreator() { // from class: org.bouncycastle.jcajce.provider.asymmetric.x509.X509CRLImpl.2
            @Override // org.bouncycastle.jcajce.provider.asymmetric.x509.SignatureCreator
            public Signature lI(String str2) throws NoSuchAlgorithmException, NoSuchProviderException {
                return str != null ? Signature.getInstance(str2, str) : Signature.getInstance(str2);
            }
        });
    }

    @Override // java.security.cert.X509CRL
    public void verify(PublicKey publicKey, final Provider provider) throws CRLException, NoSuchAlgorithmException, InvalidKeyException, SignatureException {
        try {
            lI(publicKey, new SignatureCreator() { // from class: org.bouncycastle.jcajce.provider.asymmetric.x509.X509CRLImpl.3
                @Override // org.bouncycastle.jcajce.provider.asymmetric.x509.SignatureCreator
                public Signature lI(String str) throws NoSuchAlgorithmException, NoSuchProviderException {
                    return provider != null ? Signature.getInstance(X509CRLImpl.this.getSigAlgName(), provider) : Signature.getInstance(X509CRLImpl.this.getSigAlgName());
                }
            });
        } catch (NoSuchProviderException e) {
            throw new NoSuchAlgorithmException("provider issue: " + e.getMessage());
        }
    }

    private void lI(PublicKey publicKey, SignatureCreator signatureCreator) throws CRLException, NoSuchAlgorithmException, InvalidKeyException, SignatureException, NoSuchProviderException {
        if (!this.lf.lt().equals(this.lf.lI().lj())) {
            throw new CRLException("Signature algorithm on CertificateList does not match TBSCertList.");
        }
        if ((publicKey instanceof CompositePublicKey) && X509SignatureUtil.lI(this.lf.lt())) {
            List<PublicKey> lI = ((CompositePublicKey) publicKey).lI();
            ASN1Sequence lI2 = ASN1Sequence.lI((Object) this.lf.lt().lf());
            ASN1Sequence lI3 = ASN1Sequence.lI(ASN1BitString.lI((Object) this.lf.lb()).le());
            boolean z = false;
            for (int i = 0; i != lI.size(); i++) {
                if (lI.get(i) != null) {
                    AlgorithmIdentifier lI4 = AlgorithmIdentifier.lI(lI2.lI(i));
                    SignatureException signatureException = null;
                    try {
                        lI(lI.get(i), signatureCreator.lI(X509SignatureUtil.lf(lI4)), lI4.lf(), ASN1BitString.lI((Object) lI3.lI(i)).le());
                        z = true;
                    } catch (SignatureException e) {
                        signatureException = e;
                    }
                    if (signatureException != null) {
                        throw signatureException;
                    }
                }
            }
            if (!z) {
                throw new InvalidKeyException("no matching key found");
            }
            return;
        }
        if (!X509SignatureUtil.lI(this.lf.lt())) {
            Signature lI5 = signatureCreator.lI(getSigAlgName());
            if (this.lt == null) {
                lI(publicKey, lI5, null, getSignature());
                return;
            }
            try {
                lI(publicKey, lI5, ASN1Primitive.lt(this.lt), getSignature());
                return;
            } catch (IOException e2) {
                throw new SignatureException("cannot decode signature parameters: " + e2.getMessage());
            }
        }
        ASN1Sequence lI6 = ASN1Sequence.lI((Object) this.lf.lt().lf());
        ASN1Sequence lI7 = ASN1Sequence.lI(ASN1BitString.lI((Object) this.lf.lb()).le());
        boolean z2 = false;
        for (int i2 = 0; i2 != lI7.ld(); i2++) {
            AlgorithmIdentifier lI8 = AlgorithmIdentifier.lI(lI6.lI(i2));
            SignatureException signatureException2 = null;
            try {
                lI(publicKey, signatureCreator.lI(X509SignatureUtil.lf(lI8)), lI8.lf(), ASN1BitString.lI((Object) lI7.lI(i2)).le());
                z2 = true;
            } catch (InvalidKeyException e3) {
            } catch (NoSuchAlgorithmException e4) {
            } catch (SignatureException e5) {
                signatureException2 = e5;
            }
            if (signatureException2 != null) {
                throw signatureException2;
            }
        }
        if (!z2) {
            throw new InvalidKeyException("no matching key found");
        }
    }

    private void lI(PublicKey publicKey, Signature signature, ASN1Encodable aSN1Encodable, byte[] bArr) throws NoSuchAlgorithmException, SignatureException, InvalidKeyException, CRLException {
        if (aSN1Encodable != null) {
            X509SignatureUtil.lI(signature, aSN1Encodable);
        }
        signature.initVerify(publicKey);
        try {
            BufferedOutputStream bufferedOutputStream = new BufferedOutputStream(OutputStreamFactory.lI(signature), 512);
            this.lf.lI().lI(bufferedOutputStream, ASN1Encoding.lI);
            bufferedOutputStream.close();
            if (!signature.verify(bArr)) {
                throw new SignatureException("CRL does not verify with supplied public key.");
            }
        } catch (IOException e) {
            throw new CRLException(e.toString());
        }
    }

    @Override // java.security.cert.X509CRL
    public int getVersion() {
        return this.lf.ld();
    }

    @Override // java.security.cert.X509CRL
    public Principal getIssuerDN() {
        return new X509Principal(X500Name.lI(this.lf.lu().ly()));
    }

    @Override // java.security.cert.X509CRL
    public X500Principal getIssuerX500Principal() {
        try {
            return new X500Principal(this.lf.lu().l0if());
        } catch (IOException e) {
            throw new IllegalStateException("can't encode issuer DN");
        }
    }

    @Override // java.security.cert.X509CRL
    public Date getThisUpdate() {
        return this.lf.le().lf();
    }

    @Override // java.security.cert.X509CRL
    public Date getNextUpdate() {
        Time lh = this.lf.lh();
        if (null == lh) {
            return null;
        }
        return lh.lf();
    }

    private Set lI() {
        Extension lI;
        HashSet hashSet = new HashSet();
        Enumeration lj = this.lf.lj();
        X500Name x500Name = null;
        while (lj.hasMoreElements()) {
            TBSCertList.CRLEntry cRLEntry = (TBSCertList.CRLEntry) lj.nextElement();
            hashSet.add(new X509CRLEntryObject(cRLEntry, this.lb, x500Name));
            if (this.lb && cRLEntry.lt() && (lI = cRLEntry.lj().lI(Extension.l0if)) != null) {
                x500Name = X500Name.lI(GeneralNames.lI(lI.lt()).lI()[0].lf());
            }
        }
        return hashSet;
    }

    @Override // java.security.cert.X509CRL
    public X509CRLEntry getRevokedCertificate(BigInteger bigInteger) {
        Extension lI;
        Enumeration lj = this.lf.lj();
        X500Name x500Name = null;
        while (lj.hasMoreElements()) {
            TBSCertList.CRLEntry cRLEntry = (TBSCertList.CRLEntry) lj.nextElement();
            if (cRLEntry.lI().lI(bigInteger)) {
                return new X509CRLEntryObject(cRLEntry, this.lb, x500Name);
            }
            if (this.lb && cRLEntry.lt() && (lI = cRLEntry.lj().lI(Extension.l0if)) != null) {
                x500Name = X500Name.lI(GeneralNames.lI(lI.lt()).lI()[0].lf());
            }
        }
        return null;
    }

    @Override // java.security.cert.X509CRL
    public Set getRevokedCertificates() {
        Set lI = lI();
        if (lI.isEmpty()) {
            return null;
        }
        return Collections.unmodifiableSet(lI);
    }

    @Override // java.security.cert.X509CRL
    public byte[] getTBSCertList() throws CRLException {
        try {
            return this.lf.lI().lf(ASN1Encoding.lI);
        } catch (IOException e) {
            throw new CRLException(e.toString());
        }
    }

    @Override // java.security.cert.X509CRL
    public byte[] getSignature() {
        return this.lf.lb().lu();
    }

    @Override // java.security.cert.X509CRL
    public String getSigAlgName() {
        return this.lj;
    }

    @Override // java.security.cert.X509CRL
    public String getSigAlgOID() {
        return this.lf.lt().lI().lf();
    }

    @Override // java.security.cert.X509CRL
    public byte[] getSigAlgParams() {
        return Arrays.lf(this.lt);
    }

    @Override // java.security.cert.CRL
    public String toString() {
        StringBuffer stringBuffer = new StringBuffer();
        String lf = Strings.lf();
        stringBuffer.append("              Version: ").append(getVersion()).append(lf);
        stringBuffer.append("             IssuerDN: ").append(getIssuerDN()).append(lf);
        stringBuffer.append("          This update: ").append(getThisUpdate()).append(lf);
        stringBuffer.append("          Next update: ").append(getNextUpdate()).append(lf);
        stringBuffer.append("  Signature Algorithm: ").append(getSigAlgName()).append(lf);
        X509SignatureUtil.lI(getSignature(), stringBuffer, lf);
        Extensions lh = this.lf.lI().lh();
        if (lh != null) {
            Enumeration lI = lh.lI();
            if (lI.hasMoreElements()) {
                stringBuffer.append("           Extensions: ").append(lf);
            }
            while (lI.hasMoreElements()) {
                ASN1ObjectIdentifier aSN1ObjectIdentifier = (ASN1ObjectIdentifier) lI.nextElement();
                Extension lI2 = lh.lI(aSN1ObjectIdentifier);
                if (lI2.lj() != null) {
                    ASN1InputStream aSN1InputStream = new ASN1InputStream(lI2.lj().lt());
                    stringBuffer.append("                       critical(").append(lI2.lf()).append(") ");
                    try {
                        if (aSN1ObjectIdentifier.lf(Extension.le)) {
                            stringBuffer.append(new CRLNumber(ASN1Integer.lI((Object) aSN1InputStream.lj()).lf())).append(lf);
                        } else if (aSN1ObjectIdentifier.lf(Extension.lc)) {
                            stringBuffer.append("Base CRL: " + new CRLNumber(ASN1Integer.lI((Object) aSN1InputStream.lj()).lf())).append(lf);
                        } else if (aSN1ObjectIdentifier.lf(Extension.ly)) {
                            stringBuffer.append(IssuingDistributionPoint.lI(aSN1InputStream.lj())).append(lf);
                        } else if (aSN1ObjectIdentifier.lf(Extension.l0t)) {
                            stringBuffer.append(CRLDistPoint.lI(aSN1InputStream.lj())).append(lf);
                        } else if (aSN1ObjectIdentifier.lf(Extension.l0y)) {
                            stringBuffer.append(CRLDistPoint.lI(aSN1InputStream.lj())).append(lf);
                        } else {
                            stringBuffer.append(aSN1ObjectIdentifier.lf());
                            stringBuffer.append(" value = ").append(ASN1Dump.lI(aSN1InputStream.lj())).append(lf);
                        }
                    } catch (Exception e) {
                        stringBuffer.append(aSN1ObjectIdentifier.lf());
                        stringBuffer.append(" value = ").append("*****").append(lf);
                    }
                } else {
                    stringBuffer.append(lf);
                }
            }
        }
        Set revokedCertificates = getRevokedCertificates();
        if (revokedCertificates != null) {
            Iterator it = revokedCertificates.iterator();
            while (it.hasNext()) {
                stringBuffer.append(it.next());
                stringBuffer.append(lf);
            }
        }
        return stringBuffer.toString();
    }

    @Override // java.security.cert.CRL
    public boolean isRevoked(Certificate certificate) {
        X500Name lb;
        Extension lI;
        if (!certificate.getType().equals("X.509")) {
            throw new IllegalArgumentException("X.509 CRL used with non X.509 Cert");
        }
        Enumeration lj = this.lf.lj();
        X500Name lu = this.lf.lu();
        if (!lj.hasMoreElements()) {
            return false;
        }
        BigInteger serialNumber = ((X509Certificate) certificate).getSerialNumber();
        while (lj.hasMoreElements()) {
            TBSCertList.CRLEntry lI2 = TBSCertList.CRLEntry.lI(lj.nextElement());
            if (this.lb && lI2.lt() && (lI = lI2.lj().lI(Extension.l0if)) != null) {
                lu = X500Name.lI(GeneralNames.lI(lI.lt()).lI()[0].lf());
            }
            if (lI2.lI().lI(serialNumber)) {
                if (certificate instanceof X509Certificate) {
                    lb = X500Name.lI(((X509Certificate) certificate).getIssuerX500Principal().getEncoded());
                } else {
                    try {
                        lb = org.bouncycastle.asn1.x509.Certificate.lI(certificate.getEncoded()).lb();
                    } catch (CertificateEncodingException e) {
                        throw new IllegalArgumentException("Cannot process certificate: " + e.getMessage());
                    }
                }
                return lu.equals(lb);
            }
        }
        return false;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static byte[] lI(CertificateList certificateList, String str) {
        ASN1OctetString lf = lf(certificateList, str);
        if (null != lf) {
            return lf.lt();
        }
        return null;
    }

    protected static ASN1OctetString lf(CertificateList certificateList, String str) {
        Extension lI;
        Extensions lh = certificateList.lI().lh();
        if (null == lh || null == (lI = lh.lI(new ASN1ObjectIdentifier(str)))) {
            return null;
        }
        return lI.lj();
    }
}
