package org.bouncycastle.pkix.jcajce;

import java.io.BufferedInputStream;
import java.io.InputStream;
import java.lang.ref.WeakReference;
import java.net.URL;
import java.security.GeneralSecurityException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.Provider;
import java.security.PublicKey;
import java.security.cert.CRL;
import java.security.cert.CertPathValidatorException;
import java.security.cert.CertStore;
import java.security.cert.CertStoreException;
import java.security.cert.Certificate;
import java.security.cert.CertificateFactory;
import java.security.cert.PKIXCertPathChecker;
import java.security.cert.PKIXParameters;
import java.security.cert.TrustAnchor;
import java.security.cert.X509CRL;
import java.security.cert.X509CRLSelector;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Collections;
import java.util.Date;
import java.util.Enumeration;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Set;
import java.util.WeakHashMap;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.security.auth.x500.X500Principal;
import org.bouncycastle.asn1.u;
import org.bouncycastle.asn1.x509.ab;
import org.bouncycastle.asn1.x509.ac;
import org.bouncycastle.asn1.x509.k;
import org.bouncycastle.asn1.x509.v;
import org.bouncycastle.asn1.x509.w;
import org.bouncycastle.asn1.x509.y;
import org.bouncycastle.jcajce.k;
import org.bouncycastle.util.i;
import org.bouncycastle.util.o;
import org.bouncycastle.util.q;

/* loaded from: classes5.dex */
public class g extends PKIXCertPathChecker {

    /* renamed from: d, reason: collision with root package name */
    private final Map<X500Principal, Long> f98994d;
    private final Set<TrustAnchor> e;
    private final boolean f;
    private final int g;
    private final List<q<CRL>> h;
    private final List<CertStore> i;
    private final org.bouncycastle.jcajce.util.d j;
    private final boolean k;
    private final long l;
    private final long m;
    private Date n;
    private X500Principal o;
    private PublicKey p;
    private X509Certificate q;

    /* renamed from: b, reason: collision with root package name */
    private static Logger f98992b = Logger.getLogger(g.class.getName());

    /* renamed from: c, reason: collision with root package name */
    private static final Map<ab, WeakReference<X509CRL>> f98993c = Collections.synchronizedMap(new WeakHashMap());

    /* renamed from: a, reason: collision with root package name */
    protected static final String[] f98991a = {com.bytedance.usergrowth.data.deviceinfo.g.f21630b, "keyCompromise", "cACompromise", "affiliationChanged", "superseded", "cessationOfOperation", "certificateHold", "unknown", "removeFromCRL", "privilegeWithdrawn", "aACompromise"};

    /* loaded from: classes5.dex */
    public static class a {

        /* renamed from: a, reason: collision with root package name */
        public Set<TrustAnchor> f98999a;

        /* renamed from: b, reason: collision with root package name */
        public List<CertStore> f99000b;

        /* renamed from: c, reason: collision with root package name */
        public List<q<CRL>> f99001c;

        /* renamed from: d, reason: collision with root package name */
        public boolean f99002d;
        public int e;
        public Provider f;
        public String g;
        public boolean h;
        public long i;
        public long j;

        public a(KeyStore keyStore) throws KeyStoreException {
            this.f99000b = new ArrayList();
            this.f99001c = new ArrayList();
            this.e = 0;
            this.f98999a = new HashSet();
            Enumeration<String> aliases = keyStore.aliases();
            while (aliases.hasMoreElements()) {
                String nextElement = aliases.nextElement();
                if (keyStore.isCertificateEntry(nextElement)) {
                    this.f98999a.add(new TrustAnchor((X509Certificate) keyStore.getCertificate(nextElement), null));
                }
            }
        }

        public a(TrustAnchor trustAnchor) {
            this.f99000b = new ArrayList();
            this.f99001c = new ArrayList();
            this.e = 0;
            this.f98999a = Collections.singleton(trustAnchor);
        }

        public a(Set<TrustAnchor> set) {
            this.f99000b = new ArrayList();
            this.f99001c = new ArrayList();
            this.e = 0;
            this.f98999a = new HashSet(set);
        }

        public a a(int i) {
            this.e = i;
            return this;
        }

        public a a(String str) {
            this.g = str;
            return this;
        }

        public a a(Provider provider) {
            this.f = provider;
            return this;
        }

        public a a(CertStore certStore) {
            this.f99000b.add(certStore);
            return this;
        }

        public a a(q<CRL> qVar) {
            this.f99001c.add(qVar);
            return this;
        }

        public a a(boolean z) {
            this.f99002d = z;
            return this;
        }

        public a a(boolean z, long j) {
            this.h = z;
            this.i = j;
            this.j = -1L;
            return this;
        }

        public g a() {
            return new g(this);
        }

        public a b(boolean z, long j) {
            this.h = z;
            this.i = (3 * j) / 4;
            this.j = j;
            return this;
        }
    }

    /* loaded from: classes5.dex */
    private class b implements org.bouncycastle.jcajce.d<CRL>, i<CRL> {

        /* renamed from: b, reason: collision with root package name */
        private Collection<CRL> f99004b;

        public b(q<CRL> qVar) {
            this.f99004b = new ArrayList(qVar.a(null));
        }

        @Override // org.bouncycastle.jcajce.d, org.bouncycastle.util.q
        public Collection<CRL> a(o<CRL> oVar) {
            if (oVar == null) {
                return new ArrayList(this.f99004b);
            }
            ArrayList arrayList = new ArrayList();
            for (CRL crl : this.f99004b) {
                if (oVar.a(crl)) {
                    arrayList.add(crl);
                }
            }
            return arrayList;
        }

        @Override // org.bouncycastle.util.i, java.lang.Iterable
        public Iterator<CRL> iterator() {
            return a(null).iterator();
        }
    }

    private g(a aVar) {
        org.bouncycastle.jcajce.util.d gVar;
        this.f98994d = new HashMap();
        this.h = new ArrayList(aVar.f99001c);
        this.i = new ArrayList(aVar.f99000b);
        this.f = aVar.f99002d;
        this.g = aVar.e;
        this.e = aVar.f98999a;
        this.k = aVar.h;
        this.l = aVar.i;
        this.m = aVar.j;
        if (aVar.f != null) {
            gVar = new org.bouncycastle.jcajce.util.i(aVar.f);
        } else {
            if (aVar.g == null) {
                this.j = new org.bouncycastle.jcajce.util.c();
                return;
            }
            gVar = new org.bouncycastle.jcajce.util.g(aVar.g);
        }
        this.j = gVar;
    }

    /* JADX WARN: Unreachable blocks removed: 2, instructions: 3 */
    private CRL a(X500Principal x500Principal, Date date, u uVar, org.bouncycastle.jcajce.util.d dVar) {
        URL url;
        X509CRL x509crl;
        Logger logger;
        Level level;
        StringBuilder a2;
        v[] a3 = k.a(uVar).a();
        for (int i = 0; i != a3.length; i++) {
            w wVar = a3[i].f95785a;
            if (wVar != null && wVar.f95789b == 0) {
                ab[] a4 = ac.a(wVar.f95788a).a();
                for (int i2 = 0; i2 != a4.length; i2++) {
                    ab abVar = a4[i2];
                    if (abVar.f95603b == 6) {
                        Map<ab, WeakReference<X509CRL>> map = f98993c;
                        WeakReference<X509CRL> weakReference = map.get(abVar);
                        if (weakReference != null) {
                            X509CRL x509crl2 = weakReference.get();
                            if (x509crl2 != null && !date.before(x509crl2.getThisUpdate()) && !date.after(x509crl2.getNextUpdate())) {
                                return x509crl2;
                            }
                            map.remove(abVar);
                        }
                        try {
                            url = new URL(abVar.f95602a.toString());
                            try {
                                CertificateFactory m = dVar.m("X.509");
                                InputStream openStream = url.openStream();
                                x509crl = (X509CRL) m.generateCRL(new BufferedInputStream(openStream));
                                openStream.close();
                                logger = f98992b;
                                level = Level.INFO;
                                a2 = com.bytedance.p.d.a();
                                a2.append("downloaded CRL from CrlDP ");
                                a2.append(url);
                                a2.append(" for issuer \"");
                            } catch (Exception e) {
                                e = e;
                            }
                            try {
                                a2.append(x500Principal);
                                a2.append("\"");
                                logger.log(level, com.bytedance.p.d.a(a2));
                                map.put(abVar, new WeakReference<>(x509crl));
                                return x509crl;
                            } catch (Exception e2) {
                                e = e2;
                                if (f98992b.isLoggable(Level.FINE)) {
                                    Logger logger2 = f98992b;
                                    Level level2 = Level.FINE;
                                    StringBuilder a5 = com.bytedance.p.d.a();
                                    a5.append("CrlDP ");
                                    a5.append(url);
                                    a5.append(" ignored: ");
                                    a5.append(e.getMessage());
                                    logger2.log(level2, com.bytedance.p.d.a(a5), (Throwable) e);
                                } else {
                                    Logger logger3 = f98992b;
                                    Level level3 = Level.INFO;
                                    StringBuilder a6 = com.bytedance.p.d.a();
                                    a6.append("CrlDP ");
                                    a6.append(url);
                                    a6.append(" ignored: ");
                                    a6.append(e.getMessage());
                                    logger3.log(level3, com.bytedance.p.d.a(a6));
                                }
                            }
                        } catch (Exception e3) {
                            e = e3;
                            url = null;
                        }
                    }
                }
            }
        }
        return null;
    }

    static List<org.bouncycastle.jcajce.d> a(k kVar, Map<ab, org.bouncycastle.jcajce.d> map) throws AnnotatedException {
        if (kVar == null) {
            return Collections.emptyList();
        }
        try {
            v[] a2 = kVar.a();
            ArrayList arrayList = new ArrayList();
            for (v vVar : a2) {
                w wVar = vVar.f95785a;
                if (wVar != null && wVar.f95789b == 0) {
                    for (ab abVar : ac.a(wVar.f95788a).a()) {
                        org.bouncycastle.jcajce.d dVar = map.get(abVar);
                        if (dVar != null) {
                            arrayList.add(dVar);
                        }
                    }
                }
            }
            return arrayList;
        } catch (Exception e) {
            throw new AnnotatedException("could not read distribution points could not be read", e);
        }
    }

    private void a(final List<X500Principal> list, CertStore certStore) throws CertStoreException {
        certStore.getCRLs(new X509CRLSelector() { // from class: org.bouncycastle.pkix.jcajce.g.1
            @Override // java.security.cert.X509CRLSelector, java.security.cert.CRLSelector
            public boolean match(CRL crl) {
                if (!(crl instanceof X509CRL)) {
                    return false;
                }
                list.add(((X509CRL) crl).getIssuerX500Principal());
                return false;
            }
        });
    }

    private void a(final List<X500Principal> list, q<CRL> qVar) {
        qVar.a(new o<CRL>() { // from class: org.bouncycastle.pkix.jcajce.g.2
            @Override // org.bouncycastle.util.o
            public boolean a(CRL crl) {
                if (!(crl instanceof X509CRL)) {
                    return false;
                }
                list.add(((X509CRL) crl).getIssuerX500Principal());
                return false;
            }

            @Override // org.bouncycastle.util.o
            public Object clone() {
                return this;
            }
        });
    }

    /* JADX WARN: Removed duplicated region for block: B:14:0x0105  */
    /* JADX WARN: Removed duplicated region for block: B:21:0x0117  */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    protected void a(org.bouncycastle.jcajce.k r23, java.util.Date r24, java.util.Date r25, java.security.cert.X509Certificate r26, java.security.cert.X509Certificate r27, java.security.PublicKey r28, java.util.List r29, org.bouncycastle.jcajce.util.d r30) throws org.bouncycastle.pkix.jcajce.AnnotatedException, java.security.cert.CertPathValidatorException {
        /*
            Method dump skipped, instructions count: 424
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: org.bouncycastle.pkix.jcajce.g.a(org.bouncycastle.jcajce.k, java.util.Date, java.util.Date, java.security.cert.X509Certificate, java.security.cert.X509Certificate, java.security.PublicKey, java.util.List, org.bouncycastle.jcajce.util.d):void");
    }

    @Override // java.security.cert.PKIXCertPathChecker
    public void check(Certificate certificate, Collection<String> collection) throws CertPathValidatorException {
        Logger logger;
        Level level;
        X509Certificate x509Certificate = (X509Certificate) certificate;
        if (this.f && x509Certificate.getBasicConstraints() != -1) {
            this.o = x509Certificate.getSubjectX500Principal();
            this.p = x509Certificate.getPublicKey();
            this.q = x509Certificate;
            return;
        }
        TrustAnchor trustAnchor = null;
        if (this.o == null) {
            this.o = x509Certificate.getIssuerX500Principal();
            for (TrustAnchor trustAnchor2 : this.e) {
                if (this.o.equals(trustAnchor2.getCA()) || this.o.equals(trustAnchor2.getTrustedCert().getSubjectX500Principal())) {
                    trustAnchor = trustAnchor2;
                }
            }
            if (trustAnchor == null) {
                StringBuilder a2 = com.bytedance.p.d.a();
                a2.append("no trust anchor found for ");
                a2.append(this.o);
                throw new CertPathValidatorException(com.bytedance.p.d.a(a2));
            }
            X509Certificate trustedCert = trustAnchor.getTrustedCert();
            this.q = trustedCert;
            this.p = trustedCert.getPublicKey();
        }
        ArrayList arrayList = new ArrayList();
        try {
            PKIXParameters pKIXParameters = new PKIXParameters(this.e);
            pKIXParameters.setRevocationEnabled(false);
            pKIXParameters.setDate(this.n);
            for (int i = 0; i != this.i.size(); i++) {
                if (f98992b.isLoggable(Level.INFO)) {
                    a(arrayList, this.i.get(i));
                }
                pKIXParameters.addCertStore(this.i.get(i));
            }
            k.a aVar = new k.a(pKIXParameters);
            aVar.a(this.g);
            for (int i2 = 0; i2 != this.h.size(); i2++) {
                if (f98992b.isLoggable(Level.INFO)) {
                    a(arrayList, this.h.get(i2));
                }
                aVar.a(new b(this.h.get(i2)));
            }
            if (arrayList.isEmpty()) {
                f98992b.log(Level.INFO, "configured with 0 pre-loaded CRLs");
            } else if (f98992b.isLoggable(Level.FINE)) {
                for (int i3 = 0; i3 != arrayList.size(); i3++) {
                    Logger logger2 = f98992b;
                    Level level2 = Level.FINE;
                    StringBuilder a3 = com.bytedance.p.d.a();
                    a3.append("configuring with CRL for issuer \"");
                    a3.append(arrayList.get(i3));
                    a3.append("\"");
                    logger2.log(level2, com.bytedance.p.d.a(a3));
                }
            } else {
                Logger logger3 = f98992b;
                Level level3 = Level.INFO;
                StringBuilder a4 = com.bytedance.p.d.a();
                a4.append("configured with ");
                a4.append(arrayList.size());
                a4.append(" pre-loaded CRLs");
                logger3.log(level3, com.bytedance.p.d.a(a4));
            }
            org.bouncycastle.jcajce.k a5 = aVar.a();
            try {
                a(a5, this.n, f.a(a5, this.n), x509Certificate, this.q, this.p, new ArrayList(), this.j);
            } catch (AnnotatedException e) {
                throw new CertPathValidatorException(e.getMessage(), e.getCause());
            } catch (CRLNotFoundException e2) {
                if (x509Certificate.getExtensionValue(y.p.f95487a) == null) {
                    throw e2;
                }
                try {
                    CRL a6 = a(x509Certificate.getIssuerX500Principal(), this.n, f.a(x509Certificate, y.p), this.j);
                    if (a6 != null) {
                        try {
                            aVar.a(new b(new org.bouncycastle.util.c(Collections.singleton(a6))));
                            org.bouncycastle.jcajce.k a7 = aVar.a();
                            a(a7, this.n, f.a(a7, this.n), x509Certificate, this.q, this.p, new ArrayList(), this.j);
                        } catch (AnnotatedException unused) {
                            throw new CertPathValidatorException(e2.getMessage(), e2.getCause());
                        }
                    } else {
                        if (!this.k) {
                            throw e2;
                        }
                        X500Principal issuerX500Principal = x509Certificate.getIssuerX500Principal();
                        Long l = this.f98994d.get(issuerX500Principal);
                        if (l != null) {
                            long currentTimeMillis = System.currentTimeMillis() - l.longValue();
                            long j = this.m;
                            if (j != -1 && j < currentTimeMillis) {
                                throw e2;
                            }
                            if (currentTimeMillis < this.l) {
                                logger = f98992b;
                                level = Level.WARNING;
                            } else {
                                logger = f98992b;
                                level = Level.SEVERE;
                            }
                            StringBuilder a8 = com.bytedance.p.d.a();
                            a8.append("soft failing for issuer: \"");
                            a8.append(issuerX500Principal);
                            a8.append("\"");
                            logger.log(level, com.bytedance.p.d.a(a8));
                        } else {
                            this.f98994d.put(issuerX500Principal, Long.valueOf(System.currentTimeMillis()));
                        }
                    }
                } catch (AnnotatedException unused2) {
                    throw new CertPathValidatorException(e2.getMessage(), e2.getCause());
                }
            }
            this.q = x509Certificate;
            this.p = x509Certificate.getPublicKey();
            this.o = x509Certificate.getSubjectX500Principal();
        } catch (GeneralSecurityException e3) {
            StringBuilder a9 = com.bytedance.p.d.a();
            a9.append("error setting up baseParams: ");
            a9.append(e3.getMessage());
            throw new RuntimeException(com.bytedance.p.d.a(a9));
        }
    }

    @Override // java.security.cert.PKIXCertPathChecker
    public Object clone() {
        return this;
    }

    @Override // java.security.cert.PKIXCertPathChecker
    public Set<String> getSupportedExtensions() {
        return null;
    }

    @Override // java.security.cert.PKIXCertPathChecker, java.security.cert.CertPathChecker
    public void init(boolean z) throws CertPathValidatorException {
        if (z) {
            throw new IllegalArgumentException("forward processing not supported");
        }
        this.n = new Date();
        this.o = null;
    }

    @Override // java.security.cert.PKIXCertPathChecker, java.security.cert.CertPathChecker
    public boolean isForwardCheckingSupported() {
        return false;
    }
}
