package com.rsa.cryptoj.o;

import com.rsa.jsafe.provider.CRLParameters;
import com.rsa.jsafe.provider.JsafeJCE;
import com.rsa.jsafe.provider.RevocationParameters;
import java.io.IOException;
import java.security.GeneralSecurityException;
import java.security.InvalidAlgorithmParameterException;
import java.security.PublicKey;
import java.security.cert.CertPath;
import java.security.cert.CertStore;
import java.security.cert.CertStoreException;
import java.security.cert.Certificate;
import java.security.cert.CollectionCertStoreParameters;
import java.security.cert.PKIXBuilderParameters;
import java.security.cert.PKIXCertPathBuilderResult;
import java.security.cert.PKIXParameters;
import java.security.cert.TrustAnchor;
import java.security.cert.X509CRL;
import java.security.cert.X509CRLEntry;
import java.security.cert.X509CRLSelector;
import java.security.cert.X509CertSelector;
import java.security.cert.X509Certificate;
import java.security.cert.X509Extension;
import java.util.Arrays;
import java.util.BitSet;
import java.util.Date;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Set;
import javax.security.auth.x500.X500Principal;

/* loaded from: classes.dex */
public class qd implements qq {

    /* renamed from: a, reason: collision with root package name */
    static final int f9955a = -1;

    /* renamed from: b, reason: collision with root package name */
    static final String f9956b = "Certificate has been revoked: reason ";
    private static final int t = 0;
    private static final int u = 8;
    private static final boolean[] v = {false, false, false, false, false, false, true};
    private static final String w = "CRL was not SuiteB compliant.";
    private static final String x = "CRL path validation failed.";
    private static final String y = "CRL was outdated.";
    private final CertPath A;
    private final X509CRL B;
    private String C = "";

    /* renamed from: c, reason: collision with root package name */
    final RevocationParameters f9957c;

    /* renamed from: d, reason: collision with root package name */
    final cf f9958d;

    /* renamed from: e, reason: collision with root package name */
    PublicKey f9959e;

    /* renamed from: f, reason: collision with root package name */
    final List<ca> f9960f;
    private final PKIXParameters z;

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: classes.dex */
    public class a {

        /* renamed from: b, reason: collision with root package name */
        private static final int f9961b = 9;

        /* renamed from: c, reason: collision with root package name */
        private final BitSet f9963c;

        a() {
            this.f9963c = new BitSet(9);
            this.f9963c.set(0, 9);
        }

        /* JADX INFO: Access modifiers changed from: package-private */
        public a(BitSet bitSet) {
            this.f9963c = (BitSet) bitSet.clone();
        }

        void a(a aVar) {
            this.f9963c.and(aVar.f9963c);
        }

        /* JADX INFO: Access modifiers changed from: package-private */
        public boolean a() {
            return this.f9963c.length() == 9 && this.f9963c.cardinality() == 9;
        }

        void b(a aVar) {
            this.f9963c.or(aVar.f9963c);
        }

        boolean c(a aVar) {
            ((BitSet) this.f9963c.clone()).or(aVar.f9963c);
            return !r0.equals(this.f9963c);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public qd(cf cfVar, List<ca> list, PKIXParameters pKIXParameters, RevocationParameters revocationParameters, CertPath certPath, X509CRL x509crl) {
        this.z = pKIXParameters;
        this.f9957c = revocationParameters;
        this.f9958d = cfVar;
        this.f9960f = list;
        this.A = certPath;
        this.B = x509crl;
    }

    private int a(X509CRL x509crl, X509Certificate x509Certificate, boolean z) {
        X509CRLEntry revokedCertificate = z ? x509crl.getRevokedCertificate(x509Certificate) : x509crl.getRevokedCertificate(x509Certificate.getSerialNumber());
        if (revokedCertificate == null) {
            return -1;
        }
        r rVar = (r) pj.a(revokedCertificate, ov.da);
        int i2 = rVar == null ? 0 : rVar.i();
        if (i2 == 8) {
            return -1;
        }
        return i2;
    }

    private a a(d dVar, d dVar2) {
        k kVar = dVar == null ? null : (k) dVar.a("onlySomeReasons");
        k kVar2 = dVar2 != null ? (k) dVar2.a("reasons") : null;
        if (kVar == null || kVar2 == null) {
            return kVar != null ? new a(kVar.j()) : kVar2 != null ? new a(kVar2.j()) : new a();
        }
        a aVar = new a(kVar.j());
        aVar.a(new a(kVar2.j()));
        return aVar;
    }

    private PKIXCertPathBuilderResult a(X509CRL x509crl, TrustAnchor trustAnchor) {
        X509CertSelector x509CertSelector = new X509CertSelector();
        x509CertSelector.setSubject(x509crl.getIssuerX500Principal().getEncoded());
        x509CertSelector.setKeyUsage(v);
        x509CertSelector.setSubjectKeyIdentifier(pj.a(x509crl));
        HashSet hashSet = new HashSet();
        hashSet.add(trustAnchor);
        PKIXBuilderParameters pKIXBuilderParameters = new PKIXBuilderParameters(hashSet, x509CertSelector);
        pKIXBuilderParameters.setTargetCertConstraints(x509CertSelector);
        pKIXBuilderParameters.setCertStores(this.z.getCertStores());
        pKIXBuilderParameters.addCertStore(CertStore.getInstance(JsafeJCE.COLLECTION, new CollectionCertStoreParameters(this.A.getCertificates()), com.rsa.jsafe.provider.b.a(this.f9958d, ka.f9235a)));
        return (PKIXCertPathBuilderResult) new qb(this.f9958d, this.f9960f, x509crl).engineBuild(pKIXBuilderParameters);
    }

    private Set<X509CRL> a(X509CRLSelector x509CRLSelector) {
        try {
            return (Set) ((CRLParameters) this.f9957c).getCRLs(x509CRLSelector);
        } catch (CertStoreException e2) {
            throw new InvalidAlgorithmParameterException(e2.getMessage());
        }
    }

    private void a() {
        this.C = "";
    }

    private boolean a(X509CRL x509crl, X509Certificate x509Certificate) {
        if (x509Certificate == null) {
            return true;
        }
        return Arrays.equals(pj.a(x509crl), pj.b(x509Certificate, ov.cx));
    }

    private boolean a(X509CRL x509crl, boolean z, PublicKey publicKey, X509Certificate x509Certificate, TrustAnchor trustAnchor) {
        if (x509crl.equals(this.B)) {
            return true;
        }
        try {
            this.f9959e = publicKey;
            if (z || x509Certificate == null || !a(x509crl, x509Certificate)) {
                this.f9959e = a(x509crl, trustAnchor).getPublicKey();
            } else {
                boolean[] keyUsage = x509Certificate.getKeyUsage();
                if (keyUsage != null && !keyUsage[6]) {
                    return false;
                }
            }
            if (this.z.getSigProvider() != null) {
                x509crl.verify(this.f9959e, this.z.getSigProvider());
            } else {
                x509crl.verify(this.f9959e);
            }
            return true;
        } catch (IOException | GeneralSecurityException unused) {
            return false;
        }
    }

    private boolean a(X500Principal x500Principal, d dVar, d dVar2) {
        int f2 = com.rsa.cryptoj.o.a.f(dVar.b().e());
        int f3 = com.rsa.cryptoj.o.a.f(dVar2.b().e());
        if (f2 == 0 && f3 == 0) {
            for (int i2 = 0; i2 < dVar.c(); i2++) {
                os osVar = new os(dVar.a(i2));
                for (int i3 = 0; i3 < dVar2.c(); i3++) {
                    if (osVar.equals(new os(dVar2.a(i3)))) {
                        return true;
                    }
                }
            }
        } else if (f2 == 1 && f3 == 0) {
            X500Principal a2 = pj.a(x500Principal, dVar);
            for (int i4 = 0; i4 < dVar2.c(); i4++) {
                os osVar2 = new os(dVar2.a(i4));
                if (osVar2.a() == 4 && osVar2.b().equals(a2)) {
                    return true;
                }
            }
        } else if (f2 == 0 && f3 == 1) {
            X500Principal a3 = pj.a(x500Principal, dVar2);
            for (int i5 = 0; i5 < dVar.c(); i5++) {
                os osVar3 = new os(dVar.a(i5));
                if (osVar3.a() == 4 && osVar3.b().equals(a3)) {
                    return true;
                }
            }
        } else if (f2 == 1 && f3 == 1) {
            return dVar.equals(dVar2);
        }
        return false;
    }

    private boolean a(X500Principal x500Principal, d dVar, X509Certificate x509Certificate) {
        if (com.rsa.cryptoj.o.a.f(dVar.b().a()) != 0) {
            return pj.a(x500Principal, dVar).equals(x509Certificate.getIssuerX500Principal());
        }
        for (int i2 = 0; i2 < dVar.c(); i2++) {
            os osVar = new os(dVar.a(i2));
            if ((osVar.a() == 4 && x509Certificate.getIssuerX500Principal().equals(osVar.b())) || pj.a((X509Extension) x509Certificate, false).contains(osVar)) {
                return true;
            }
        }
        return false;
    }

    private boolean a(X500Principal x500Principal, d dVar, boolean z, X509Certificate x509Certificate, d dVar2) {
        m mVar;
        if (z && (dVar == null || (mVar = (m) dVar.a("indirectCRL")) == null || !mVar.g())) {
            return false;
        }
        if (dVar == null) {
            return true;
        }
        d a2 = dVar.a("distributionPoint");
        if (a2 != null) {
            if (dVar2 != null) {
                d a3 = dVar2.a("distributionPoint");
                if (a3 != null) {
                    if (!a(x500Principal, a2, a3)) {
                        return false;
                    }
                } else if (!a(x500Principal, a2, x509Certificate)) {
                    return false;
                }
            } else if (!a(x500Principal, a2, x509Certificate)) {
                return false;
            }
        }
        m mVar2 = (m) dVar.a("onlyContainsUserCerts");
        if (mVar2 != null && mVar2.g() && x509Certificate.getBasicConstraints() != -1) {
            return false;
        }
        m mVar3 = (m) dVar.a("onlyContainsCACerts");
        if (mVar3 != null && mVar3.g() && x509Certificate.getBasicConstraints() == -1) {
            return false;
        }
        m mVar4 = (m) dVar.a("onlyContainsAttributeCerts");
        return mVar4 == null || !mVar4.g();
    }

    private X509Certificate b(X509Certificate x509Certificate) {
        List<? extends Certificate> certificates = this.A.getCertificates();
        int indexOf = certificates.indexOf(x509Certificate);
        if (indexOf == certificates.size() - 1) {
            return null;
        }
        return (X509Certificate) certificates.get(indexOf + 1);
    }

    int a(X509Certificate x509Certificate, a aVar, d dVar, PublicKey publicKey, TrustAnchor trustAnchor, Date date) {
        d a2;
        X500Principal a3;
        boolean z = false;
        if (dVar == null || (a2 = dVar.a("cRLIssuer")) == null) {
            a3 = x509Certificate.getIssuerX500Principal();
        } else {
            z = true;
            a3 = pj.a(a2);
            if (a3 == null) {
                this.C = "CRLDistributionPoints extension does not contain a CRLIssuer";
                return -1;
            }
        }
        boolean z2 = z;
        X500Principal x500Principal = a3;
        X509CRLSelector x509CRLSelector = new X509CRLSelector();
        try {
            x509CRLSelector.addIssuerName(x500Principal.getEncoded());
            return a(x509Certificate, aVar, dVar, publicKey, trustAnchor, z2, x500Principal, a(x509CRLSelector), date);
        } catch (IOException unused) {
            throw new Error();
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public int a(X509Certificate x509Certificate, a aVar, d dVar, PublicKey publicKey, TrustAnchor trustAnchor, boolean z, X500Principal x500Principal, Set<X509CRL> set, Date date) {
        String str;
        if (set.isEmpty()) {
            return -1;
        }
        Iterator<X509CRL> it = set.iterator();
        int i2 = -1;
        while (it.hasNext() && !aVar.a() && i2 == -1) {
            X509CRL next = it.next();
            Date nextUpdate = next.getNextUpdate();
            if (nextUpdate == null || !nextUpdate.before(date)) {
                d a2 = pj.a(next, ov.cZ);
                if (a(x500Principal, a2, z, x509Certificate, dVar)) {
                    a a3 = a(a2, dVar);
                    if (aVar.c(a3)) {
                        if (!a(next, z, publicKey, b(x509Certificate), trustAnchor)) {
                            str = x;
                        } else if (a(next)) {
                            i2 = a(next, x509Certificate, z);
                            if (i2 != -1 || !next.hasUnsupportedCriticalExtension()) {
                                aVar.b(a3);
                            }
                        } else {
                            str = w;
                        }
                        this.C = str;
                    } else {
                        a();
                    }
                } else {
                    a();
                }
            } else {
                this.C = y;
            }
        }
        return i2;
    }

    @Override // com.rsa.cryptoj.o.qq
    public qr a(X509Certificate x509Certificate, pl plVar, Date date) {
        d a2 = pj.a(x509Certificate, ov.cJ);
        int c2 = a2 == null ? 0 : a2.c();
        a aVar = new a(new BitSet());
        for (int i2 = 0; i2 < c2; i2++) {
            int a3 = a(x509Certificate, aVar, a2.a(i2), plVar.b(), plVar.a(), date);
            if (a3 != -1) {
                return new qr(1, f9956b + pa.f9820e.get(a3) + "." + a(x509Certificate), ov.cJ);
            }
            if (aVar.a()) {
                return new qr(0, null, ov.cJ);
            }
        }
        int a4 = a(x509Certificate, aVar, null, plVar.b(), plVar.a(), date);
        if (a4 != -1) {
            return new qr(1, f9956b + pa.f9820e.get(a4) + "." + a(x509Certificate), ov.cJ);
        }
        if (aVar.a()) {
            return new qr(0, null, ov.cJ);
        }
        return new qr(2, qm.f9974b + this.C + a(x509Certificate), ov.cJ);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public String a(X509Certificate x509Certificate) {
        return " Subject of Certificate: " + x509Certificate.getSubjectX500Principal().getName();
    }

    boolean a(X509CRL x509crl) {
        return true;
    }
}
