package org.spongycastle.jcajce.provider.asymmetric.x509;

import java.io.IOException;
import java.math.BigInteger;
import java.security.Principal;
import java.security.Provider;
import java.security.PublicKey;
import java.security.Signature;
import java.security.SignatureException;
import java.security.cert.CRLException;
import java.security.cert.Certificate;
import java.security.cert.CertificateEncodingException;
import java.security.cert.X509CRL;
import java.security.cert.X509CRLEntry;
import java.security.cert.X509Certificate;
import java.util.Collections;
import java.util.Date;
import java.util.Enumeration;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Set;
import javax.security.auth.x500.X500Principal;
import org.spongycastle.asn1.ASN1InputStream;
import org.spongycastle.asn1.ASN1Integer;
import org.spongycastle.asn1.ASN1ObjectIdentifier;
import org.spongycastle.asn1.ASN1OctetString;
import org.spongycastle.asn1.util.ASN1Dump;
import org.spongycastle.asn1.x500.X500Name;
import org.spongycastle.asn1.x509.CRLDistPoint;
import org.spongycastle.asn1.x509.CRLNumber;
import org.spongycastle.asn1.x509.CertificateList;
import org.spongycastle.asn1.x509.Extension;
import org.spongycastle.asn1.x509.Extensions;
import org.spongycastle.asn1.x509.GeneralNames;
import org.spongycastle.asn1.x509.IssuingDistributionPoint;
import org.spongycastle.asn1.x509.TBSCertList;
import org.spongycastle.jcajce.util.JcaJceHelper;
import org.spongycastle.jce.X509Principal;
import org.spongycastle.util.Strings;
import org.spongycastle.util.encoders.Hex;

/* loaded from: classes.dex */
class X509CRLObject extends X509CRL {

    /* renamed from: a, reason: collision with root package name */
    private JcaJceHelper f7830a;

    /* renamed from: b, reason: collision with root package name */
    private CertificateList f7831b;
    private String c;
    private byte[] d;
    private boolean e;
    private boolean f = false;
    private int g;

    /* JADX INFO: Access modifiers changed from: protected */
    public X509CRLObject(JcaJceHelper jcaJceHelper, CertificateList certificateList) {
        this.f7830a = jcaJceHelper;
        this.f7831b = certificateList;
        try {
            this.c = X509SignatureUtil.a(certificateList.c());
            if (certificateList.c().b() != null) {
                this.d = certificateList.c().b().j().a("DER");
            } else {
                this.d = null;
            }
            this.e = a(this);
        } catch (Exception e) {
            throw new CRLException("CRL contents invalid: " + e);
        }
    }

    private Set a() {
        Extension a2;
        HashSet hashSet = new HashSet();
        Enumeration b2 = this.f7831b.b();
        X500Name x500Name = null;
        while (b2.hasMoreElements()) {
            TBSCertList.CRLEntry cRLEntry = (TBSCertList.CRLEntry) b2.nextElement();
            hashSet.add(new X509CRLEntryObject(cRLEntry, this.e, x500Name));
            if (this.e && cRLEntry.d() && (a2 = cRLEntry.c().a(Extension.n)) != null) {
                x500Name = X500Name.a(GeneralNames.a(a2.d()).a()[0].b());
            }
        }
        return hashSet;
    }

    private Set a(boolean z) {
        Extensions g;
        if (getVersion() != 2 || (g = this.f7831b.a().g()) == null) {
            return null;
        }
        HashSet hashSet = new HashSet();
        Enumeration a2 = g.a();
        while (a2.hasMoreElements()) {
            ASN1ObjectIdentifier aSN1ObjectIdentifier = (ASN1ObjectIdentifier) a2.nextElement();
            if (z == g.a(aSN1ObjectIdentifier).b()) {
                hashSet.add(aSN1ObjectIdentifier.b());
            }
        }
        return hashSet;
    }

    private void a(PublicKey publicKey, Signature signature) {
        if (!this.f7831b.c().equals(this.f7831b.a().b())) {
            throw new CRLException("Signature algorithm on CertificateList does not match TBSCertList.");
        }
        signature.initVerify(publicKey);
        signature.update(getTBSCertList());
        if (!signature.verify(getSignature())) {
            throw new SignatureException("CRL does not verify with supplied public key.");
        }
    }

    static boolean a(X509CRL x509crl) {
        try {
            byte[] extensionValue = x509crl.getExtensionValue(Extension.m.b());
            if (extensionValue != null) {
                if (IssuingDistributionPoint.a(ASN1OctetString.a(extensionValue).c()).c()) {
                    return true;
                }
            }
            return false;
        } catch (Exception e) {
            throw new ExtCRLException("Exception reading IssuingDistributionPoint", e);
        }
    }

    @Override // java.security.cert.X509CRL
    public boolean equals(Object obj) {
        if (this == obj) {
            return true;
        }
        if (!(obj instanceof X509CRL)) {
            return false;
        }
        if (!(obj instanceof X509CRLObject)) {
            return super.equals(obj);
        }
        X509CRLObject x509CRLObject = (X509CRLObject) obj;
        if (this.f && x509CRLObject.f && x509CRLObject.g != this.g) {
            return false;
        }
        return this.f7831b.equals(x509CRLObject.f7831b);
    }

    @Override // java.security.cert.X509Extension
    public Set getCriticalExtensionOIDs() {
        return a(true);
    }

    @Override // java.security.cert.X509CRL
    public byte[] getEncoded() {
        try {
            return this.f7831b.a("DER");
        } catch (IOException e) {
            throw new CRLException(e.toString());
        }
    }

    @Override // java.security.cert.X509Extension
    public byte[] getExtensionValue(String str) {
        Extension a2;
        Extensions g = this.f7831b.a().g();
        if (g == null || (a2 = g.a(new ASN1ObjectIdentifier(str))) == null) {
            return null;
        }
        try {
            return a2.c().k();
        } catch (Exception e) {
            throw new IllegalStateException("error parsing " + e.toString());
        }
    }

    @Override // java.security.cert.X509CRL
    public Principal getIssuerDN() {
        return new X509Principal(X500Name.a(this.f7831b.f().j()));
    }

    @Override // java.security.cert.X509CRL
    public X500Principal getIssuerX500Principal() {
        try {
            return new X500Principal(this.f7831b.f().k());
        } catch (IOException unused) {
            throw new IllegalStateException("can't encode issuer DN");
        }
    }

    @Override // java.security.cert.X509CRL
    public Date getNextUpdate() {
        if (this.f7831b.h() != null) {
            return this.f7831b.h().b();
        }
        return null;
    }

    @Override // java.security.cert.X509Extension
    public Set getNonCriticalExtensionOIDs() {
        return a(false);
    }

    @Override // java.security.cert.X509CRL
    public X509CRLEntry getRevokedCertificate(BigInteger bigInteger) {
        Extension a2;
        Enumeration b2 = this.f7831b.b();
        X500Name x500Name = null;
        while (b2.hasMoreElements()) {
            TBSCertList.CRLEntry cRLEntry = (TBSCertList.CRLEntry) b2.nextElement();
            if (bigInteger.equals(cRLEntry.a().b())) {
                return new X509CRLEntryObject(cRLEntry, this.e, x500Name);
            }
            if (this.e && cRLEntry.d() && (a2 = cRLEntry.c().a(Extension.n)) != null) {
                x500Name = X500Name.a(GeneralNames.a(a2.d()).a()[0].b());
            }
        }
        return null;
    }

    @Override // java.security.cert.X509CRL
    public Set getRevokedCertificates() {
        Set a2 = a();
        if (a2.isEmpty()) {
            return null;
        }
        return Collections.unmodifiableSet(a2);
    }

    @Override // java.security.cert.X509CRL
    public String getSigAlgName() {
        return this.c;
    }

    @Override // java.security.cert.X509CRL
    public String getSigAlgOID() {
        return this.f7831b.c().a().b();
    }

    @Override // java.security.cert.X509CRL
    public byte[] getSigAlgParams() {
        byte[] bArr = this.d;
        if (bArr == null) {
            return null;
        }
        byte[] bArr2 = new byte[bArr.length];
        System.arraycopy(bArr, 0, bArr2, 0, bArr2.length);
        return bArr2;
    }

    @Override // java.security.cert.X509CRL
    public byte[] getSignature() {
        return this.f7831b.d().e();
    }

    @Override // java.security.cert.X509CRL
    public byte[] getTBSCertList() {
        try {
            return this.f7831b.a().a("DER");
        } catch (IOException e) {
            throw new CRLException(e.toString());
        }
    }

    @Override // java.security.cert.X509CRL
    public Date getThisUpdate() {
        return this.f7831b.g().b();
    }

    @Override // java.security.cert.X509CRL
    public int getVersion() {
        return this.f7831b.e();
    }

    @Override // java.security.cert.X509Extension
    public boolean hasUnsupportedCriticalExtension() {
        Set criticalExtensionOIDs = getCriticalExtensionOIDs();
        if (criticalExtensionOIDs == null) {
            return false;
        }
        criticalExtensionOIDs.remove(Extension.m.b());
        criticalExtensionOIDs.remove(Extension.l.b());
        return !criticalExtensionOIDs.isEmpty();
    }

    @Override // java.security.cert.X509CRL
    public int hashCode() {
        if (!this.f) {
            this.f = true;
            this.g = super.hashCode();
        }
        return this.g;
    }

    @Override // java.security.cert.CRL
    public boolean isRevoked(Certificate certificate) {
        X500Name d;
        Extension a2;
        if (!certificate.getType().equals("X.509")) {
            throw new IllegalArgumentException("X.509 CRL used with non X.509 Cert");
        }
        Enumeration b2 = this.f7831b.b();
        X500Name f = this.f7831b.f();
        if (b2.hasMoreElements()) {
            X509Certificate x509Certificate = (X509Certificate) certificate;
            BigInteger serialNumber = x509Certificate.getSerialNumber();
            while (b2.hasMoreElements()) {
                TBSCertList.CRLEntry a3 = TBSCertList.CRLEntry.a(b2.nextElement());
                if (this.e && a3.d() && (a2 = a3.c().a(Extension.n)) != null) {
                    f = X500Name.a(GeneralNames.a(a2.d()).a()[0].b());
                }
                if (a3.a().b().equals(serialNumber)) {
                    if (certificate instanceof X509Certificate) {
                        d = X500Name.a(x509Certificate.getIssuerX500Principal().getEncoded());
                    } else {
                        try {
                            d = org.spongycastle.asn1.x509.Certificate.a(certificate.getEncoded()).d();
                        } catch (CertificateEncodingException e) {
                            throw new IllegalArgumentException("Cannot process certificate: " + e.getMessage());
                        }
                    }
                    return f.equals(d);
                }
            }
        }
        return false;
    }

    @Override // java.security.cert.CRL
    public String toString() {
        StringBuffer stringBuffer = new StringBuffer();
        String a2 = Strings.a();
        stringBuffer.append("              Version: ");
        stringBuffer.append(getVersion());
        stringBuffer.append(a2);
        stringBuffer.append("             IssuerDN: ");
        stringBuffer.append(getIssuerDN());
        stringBuffer.append(a2);
        stringBuffer.append("          This update: ");
        stringBuffer.append(getThisUpdate());
        stringBuffer.append(a2);
        stringBuffer.append("          Next update: ");
        stringBuffer.append(getNextUpdate());
        stringBuffer.append(a2);
        stringBuffer.append("  Signature Algorithm: ");
        stringBuffer.append(getSigAlgName());
        stringBuffer.append(a2);
        byte[] signature = getSignature();
        stringBuffer.append("            Signature: ");
        stringBuffer.append(new String(Hex.a(signature, 0, 20)));
        stringBuffer.append(a2);
        for (int i = 20; i < signature.length; i += 20) {
            if (i < signature.length - 20) {
                stringBuffer.append("                       ");
                stringBuffer.append(new String(Hex.a(signature, i, 20)));
                stringBuffer.append(a2);
            } else {
                stringBuffer.append("                       ");
                stringBuffer.append(new String(Hex.a(signature, i, signature.length - i)));
                stringBuffer.append(a2);
            }
        }
        Extensions g = this.f7831b.a().g();
        if (g != null) {
            Enumeration a3 = g.a();
            if (a3.hasMoreElements()) {
                stringBuffer.append("           Extensions: ");
                stringBuffer.append(a2);
            }
            while (a3.hasMoreElements()) {
                ASN1ObjectIdentifier aSN1ObjectIdentifier = (ASN1ObjectIdentifier) a3.nextElement();
                Extension a4 = g.a(aSN1ObjectIdentifier);
                if (a4.c() != null) {
                    ASN1InputStream aSN1InputStream = new ASN1InputStream(a4.c().c());
                    stringBuffer.append("                       critical(");
                    stringBuffer.append(a4.b());
                    stringBuffer.append(") ");
                    try {
                        if (aSN1ObjectIdentifier.equals(Extension.h)) {
                            stringBuffer.append(new CRLNumber(ASN1Integer.a((Object) aSN1InputStream.d()).c()));
                            stringBuffer.append(a2);
                        } else if (aSN1ObjectIdentifier.equals(Extension.l)) {
                            stringBuffer.append("Base CRL: " + new CRLNumber(ASN1Integer.a((Object) aSN1InputStream.d()).c()));
                            stringBuffer.append(a2);
                        } else if (aSN1ObjectIdentifier.equals(Extension.m)) {
                            stringBuffer.append(IssuingDistributionPoint.a(aSN1InputStream.d()));
                            stringBuffer.append(a2);
                        } else if (aSN1ObjectIdentifier.equals(Extension.p)) {
                            stringBuffer.append(CRLDistPoint.a(aSN1InputStream.d()));
                            stringBuffer.append(a2);
                        } else if (aSN1ObjectIdentifier.equals(Extension.v)) {
                            stringBuffer.append(CRLDistPoint.a(aSN1InputStream.d()));
                            stringBuffer.append(a2);
                        } else {
                            stringBuffer.append(aSN1ObjectIdentifier.b());
                            stringBuffer.append(" value = ");
                            stringBuffer.append(ASN1Dump.a(aSN1InputStream.d()));
                            stringBuffer.append(a2);
                        }
                    } catch (Exception unused) {
                        stringBuffer.append(aSN1ObjectIdentifier.b());
                        stringBuffer.append(" value = ");
                        stringBuffer.append("*****");
                        stringBuffer.append(a2);
                    }
                } else {
                    stringBuffer.append(a2);
                }
            }
        }
        Set revokedCertificates = getRevokedCertificates();
        if (revokedCertificates != null) {
            Iterator it = revokedCertificates.iterator();
            while (it.hasNext()) {
                stringBuffer.append(it.next());
                stringBuffer.append(a2);
            }
        }
        return stringBuffer.toString();
    }

    @Override // java.security.cert.X509CRL
    public void verify(PublicKey publicKey) {
        Signature signature;
        try {
            signature = this.f7830a.g(getSigAlgName());
        } catch (Exception unused) {
            signature = Signature.getInstance(getSigAlgName());
        }
        a(publicKey, signature);
    }

    @Override // java.security.cert.X509CRL
    public void verify(PublicKey publicKey, String str) {
        a(publicKey, str != null ? Signature.getInstance(getSigAlgName(), str) : Signature.getInstance(getSigAlgName()));
    }

    @Override // java.security.cert.X509CRL
    public void verify(PublicKey publicKey, Provider provider) {
        a(publicKey, provider != null ? Signature.getInstance(getSigAlgName(), provider) : Signature.getInstance(getSigAlgName()));
    }
}
