package sun.security.c;

import java.io.IOException;
import java.math.BigInteger;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.Principal;
import java.security.PublicKey;
import java.security.Signature;
import java.security.SignatureException;
import java.security.cert.CRLException;
import java.security.cert.Certificate;
import java.security.cert.X509CRL;
import java.security.cert.X509CRLEntry;
import java.security.cert.X509Certificate;
import java.util.Date;
import java.util.Enumeration;
import java.util.HashSet;
import java.util.Iterator;
import java.util.LinkedHashMap;
import java.util.Map;
import java.util.Set;
import javax.security.auth.x500.X500Principal;
import sun.misc.HexDumpEncoder;

/* compiled from: X509CRLImpl.java */
/* loaded from: classes3.dex */
public class bi extends X509CRL {
    private k cke;
    private byte[] ckh;
    private byte[] cki;
    private e ckj;
    private e ckk;
    private bf ckl;
    private X500Principal ckm;
    private Date ckn;
    private Date cko;
    private Map<a, X509CRLEntry> ckp;
    private boolean readOnly;
    private byte[] signature;
    private String verifiedProvider;
    private PublicKey verifiedPublicKey;
    private int version;

    /* JADX INFO: Access modifiers changed from: private */
    /* compiled from: X509CRLImpl.java */
    /* loaded from: classes3.dex */
    public static final class a {
        final X500Principal ckq;
        final BigInteger ckr;
        volatile int cks;

        a(X509Certificate x509Certificate) {
            this(x509Certificate.getIssuerX500Principal(), x509Certificate.getSerialNumber());
        }

        a(X500Principal x500Principal, BigInteger bigInteger) {
            this.cks = 0;
            this.ckq = x500Principal;
            this.ckr = bigInteger;
        }

        BigInteger Uj() {
            return this.ckr;
        }

        public boolean equals(Object obj) {
            if (obj == this) {
                return true;
            }
            if (!(obj instanceof a)) {
                return false;
            }
            a aVar = (a) obj;
            return this.ckr.equals(aVar.Uj()) && this.ckq.equals(aVar.getIssuer());
        }

        X500Principal getIssuer() {
            return this.ckq;
        }

        public int hashCode() {
            if (this.cks == 0) {
                this.cks = ((this.ckq.hashCode() + 629) * 37) + this.ckr.hashCode();
            }
            return this.cks;
        }
    }

    private bi() {
        this.ckh = null;
        this.signature = null;
        this.cki = null;
        this.ckj = null;
        this.ckl = null;
        this.ckm = null;
        this.ckn = null;
        this.cko = null;
        this.ckp = new LinkedHashMap();
        this.cke = null;
        this.readOnly = false;
    }

    public bi(sun.security.b.j jVar) throws CRLException {
        this.ckh = null;
        this.signature = null;
        this.cki = null;
        this.ckj = null;
        this.ckl = null;
        this.ckm = null;
        this.ckn = null;
        this.cko = null;
        this.ckp = new LinkedHashMap();
        this.cke = null;
        this.readOnly = false;
        try {
            h(jVar);
        } catch (IOException e2) {
            this.ckh = null;
            throw new CRLException("Parsing error: " + e2.getMessage());
        }
    }

    private X500Principal a(bh bhVar, X500Principal x500Principal) throws IOException {
        o Ui = bhVar.Ui();
        return Ui != null ? ((bf) ((ah) Ui.get("issuer")).hN(0).TV()).Ug() : x500Principal;
    }

    private void h(sun.security.b.j jVar) throws CRLException, IOException {
        if (this.readOnly) {
            throw new CRLException("cannot over-write existing CRL");
        }
        if (jVar.Tz() == null || jVar.cgj != 48) {
            throw new CRLException("Invalid DER-encoded CRL data");
        }
        this.ckh = jVar.toByteArray();
        sun.security.b.j[] jVarArr = {jVar.cgm.Tr(), jVar.cgm.Tr(), jVar.cgm.Tr()};
        if (jVar.cgm.available() != 0) {
            throw new CRLException("signed overrun, bytes = " + jVar.cgm.available());
        }
        if (jVarArr[0].cgj != 48) {
            throw new CRLException("signed CRL fields invalid");
        }
        this.ckj = e.parse(jVarArr[1]);
        this.signature = jVarArr[2].Tm();
        if (jVarArr[1].cgm.available() != 0) {
            throw new CRLException("AlgorithmId field overrun");
        }
        if (jVarArr[2].cgm.available() != 0) {
            throw new CRLException("Signature field overrun");
        }
        this.cki = jVarArr[0].toByteArray();
        sun.security.b.h hVar = jVarArr[0].cgm;
        this.version = 0;
        if (((byte) hVar.Tv()) == 2) {
            this.version = hVar.To();
            if (this.version != 1) {
                throw new CRLException("Invalid version");
            }
        }
        e parse = e.parse(hVar.Tr());
        if (!parse.equals(this.ckj)) {
            throw new CRLException("Signature algorithm mismatch");
        }
        this.ckk = parse;
        this.ckl = new bf(hVar);
        if (this.ckl.isEmpty()) {
            throw new CRLException("Empty issuer DN not allowed in X509CRLs");
        }
        byte Tv = (byte) hVar.Tv();
        if (Tv == 23) {
            this.ckn = hVar.Ts();
        } else {
            if (Tv != 24) {
                throw new CRLException("Invalid encoding for thisUpdate (tag=" + ((int) Tv) + ")");
            }
            this.ckn = hVar.Tt();
        }
        if (hVar.available() == 0) {
            return;
        }
        byte Tv2 = (byte) hVar.Tv();
        if (Tv2 == 23) {
            this.cko = hVar.Ts();
        } else if (Tv2 == 24) {
            this.cko = hVar.Tt();
        }
        if (hVar.available() != 0) {
            byte Tv3 = (byte) hVar.Tv();
            if (Tv3 == 48 && (Tv3 & 192) != 128) {
                sun.security.b.j[] hE = hVar.hE(4);
                X500Principal issuerX500Principal = getIssuerX500Principal();
                X500Principal x500Principal = issuerX500Principal;
                for (sun.security.b.j jVar2 : hE) {
                    bh bhVar = new bh(jVar2);
                    x500Principal = a(bhVar, x500Principal);
                    bhVar.a(issuerX500Principal, x500Principal);
                    this.ckp.put(new a(x500Principal, bhVar.getSerialNumber()), bhVar);
                }
            }
            if (hVar.available() != 0) {
                sun.security.b.j Tr = hVar.Tr();
                if (Tr.Ty() && Tr.b((byte) 0)) {
                    this.cke = new k(Tr.cgm);
                }
                this.readOnly = true;
            }
        }
    }

    @Override // java.security.cert.X509Extension
    public Set<String> getCriticalExtensionOIDs() {
        if (this.cke == null) {
            return null;
        }
        HashSet hashSet = new HashSet();
        for (ae aeVar : this.cke.TQ()) {
            if (aeVar.isCritical()) {
                hashSet.add(aeVar.TT().toString());
            }
        }
        return hashSet;
    }

    @Override // java.security.cert.X509CRL
    public byte[] getEncoded() throws CRLException {
        return (byte[]) getEncodedInternal().clone();
    }

    public byte[] getEncodedInternal() throws CRLException {
        if (this.ckh == null) {
            throw new CRLException("Null CRL to encode");
        }
        return this.ckh;
    }

    @Override // java.security.cert.X509Extension
    public byte[] getExtensionValue(String str) {
        ae hG;
        byte[] TU;
        byte[] bArr = null;
        if (this.cke == null) {
            return null;
        }
        try {
            String c2 = ap.c(new sun.security.b.k(str));
            if (c2 == null) {
                sun.security.b.k kVar = new sun.security.b.k(str);
                Enumeration<ae> elements = this.cke.getElements();
                while (true) {
                    if (!elements.hasMoreElements()) {
                        hG = null;
                        break;
                    }
                    hG = elements.nextElement();
                    if (hG.TT().equals(kVar)) {
                        break;
                    }
                }
            } else {
                hG = this.cke.hG(c2);
            }
            if (hG == null || (TU = hG.TU()) == null) {
                return null;
            }
            sun.security.b.i iVar = new sun.security.b.i();
            iVar.v(TU);
            bArr = iVar.toByteArray();
            return bArr;
        } catch (Exception e2) {
            return bArr;
        }
    }

    @Override // java.security.cert.X509CRL
    public Principal getIssuerDN() {
        return this.ckl;
    }

    @Override // java.security.cert.X509CRL
    public X500Principal getIssuerX500Principal() {
        if (this.ckm == null) {
            this.ckm = this.ckl.Ug();
        }
        return this.ckm;
    }

    @Override // java.security.cert.X509CRL
    public Date getNextUpdate() {
        if (this.cko == null) {
            return null;
        }
        return new Date(this.cko.getTime());
    }

    @Override // java.security.cert.X509Extension
    public Set<String> getNonCriticalExtensionOIDs() {
        if (this.cke == null) {
            return null;
        }
        HashSet hashSet = new HashSet();
        for (ae aeVar : this.cke.TQ()) {
            if (!aeVar.isCritical()) {
                hashSet.add(aeVar.TT().toString());
            }
        }
        return hashSet;
    }

    @Override // java.security.cert.X509CRL
    public X509CRLEntry getRevokedCertificate(BigInteger bigInteger) {
        if (this.ckp.isEmpty()) {
            return null;
        }
        return this.ckp.get(new a(getIssuerX500Principal(), bigInteger));
    }

    @Override // java.security.cert.X509CRL
    public X509CRLEntry getRevokedCertificate(X509Certificate x509Certificate) {
        if (this.ckp.isEmpty()) {
            return null;
        }
        return this.ckp.get(new a(x509Certificate));
    }

    @Override // java.security.cert.X509CRL
    public Set<X509CRLEntry> getRevokedCertificates() {
        if (this.ckp.isEmpty()) {
            return null;
        }
        return new HashSet(this.ckp.values());
    }

    @Override // java.security.cert.X509CRL
    public String getSigAlgName() {
        if (this.ckj == null) {
            return null;
        }
        return this.ckj.getName();
    }

    @Override // java.security.cert.X509CRL
    public String getSigAlgOID() {
        if (this.ckj == null) {
            return null;
        }
        return this.ckj.getOID().toString();
    }

    @Override // java.security.cert.X509CRL
    public byte[] getSigAlgParams() {
        if (this.ckj == null) {
            return null;
        }
        try {
            return this.ckj.getEncodedParams();
        } catch (IOException e2) {
            return null;
        }
    }

    @Override // java.security.cert.X509CRL
    public byte[] getSignature() {
        if (this.signature == null) {
            return null;
        }
        byte[] bArr = new byte[this.signature.length];
        System.arraycopy(this.signature, 0, bArr, 0, bArr.length);
        return bArr;
    }

    @Override // java.security.cert.X509CRL
    public byte[] getTBSCertList() throws CRLException {
        if (this.cki == null) {
            throw new CRLException("Uninitialized CRL");
        }
        byte[] bArr = new byte[this.cki.length];
        System.arraycopy(this.cki, 0, bArr, 0, bArr.length);
        return bArr;
    }

    @Override // java.security.cert.X509CRL
    public Date getThisUpdate() {
        return new Date(this.ckn.getTime());
    }

    @Override // java.security.cert.X509CRL
    public int getVersion() {
        return this.version + 1;
    }

    @Override // java.security.cert.X509Extension
    public boolean hasUnsupportedCriticalExtension() {
        if (this.cke == null) {
            return false;
        }
        return this.cke.hasUnsupportedCriticalExtension();
    }

    @Override // java.security.cert.CRL
    public boolean isRevoked(Certificate certificate) {
        if (this.ckp.isEmpty() || !(certificate instanceof X509Certificate)) {
            return false;
        }
        return this.ckp.containsKey(new a((X509Certificate) certificate));
    }

    @Override // java.security.cert.CRL
    public String toString() {
        StringBuffer stringBuffer = new StringBuffer();
        stringBuffer.append("X.509 CRL v" + (this.version + 1) + "\n");
        if (this.ckj != null) {
            stringBuffer.append("Signature Algorithm: " + this.ckj.toString() + ", OID=" + this.ckj.getOID().toString() + "\n");
        }
        if (this.ckl != null) {
            stringBuffer.append("Issuer: " + this.ckl.toString() + "\n");
        }
        if (this.ckn != null) {
            stringBuffer.append("\nThis Update: " + this.ckn.toString() + "\n");
        }
        if (this.cko != null) {
            stringBuffer.append("Next Update: " + this.cko.toString() + "\n");
        }
        if (!this.ckp.isEmpty()) {
            stringBuffer.append("\nRevoked Certificates: " + this.ckp.size());
            int i = 1;
            Iterator<X509CRLEntry> it = this.ckp.values().iterator();
            while (true) {
                int i2 = i;
                if (!it.hasNext()) {
                    break;
                }
                stringBuffer.append("\n[" + i2 + "] " + it.next().toString());
                i = i2 + 1;
            }
        } else {
            stringBuffer.append("\nNO certificates have been revoked\n");
        }
        if (this.cke != null) {
            Object[] array = this.cke.TQ().toArray();
            stringBuffer.append("\nCRL Extensions: " + array.length);
            int i3 = 0;
            while (true) {
                int i4 = i3;
                if (i4 >= array.length) {
                    break;
                }
                stringBuffer.append("\n[" + (i4 + 1) + "]: ");
                ae aeVar = (ae) array[i4];
                try {
                    if (ap.d(aeVar.TT()) == null) {
                        stringBuffer.append(aeVar.toString());
                        byte[] TU = aeVar.TU();
                        if (TU != null) {
                            sun.security.b.i iVar = new sun.security.b.i();
                            iVar.v(TU);
                            stringBuffer.append("Extension unknown: DER encoded OCTET string =\n" + new HexDumpEncoder().encodeBuffer(iVar.toByteArray()) + "\n");
                        }
                    } else {
                        stringBuffer.append(aeVar.toString());
                    }
                } catch (Exception e2) {
                    stringBuffer.append(", Error parsing this extension");
                }
                i3 = i4 + 1;
            }
        }
        if (this.signature != null) {
            stringBuffer.append("\nSignature:\n" + new HexDumpEncoder().encodeBuffer(this.signature) + "\n");
        } else {
            stringBuffer.append("NOT signed yet\n");
        }
        return stringBuffer.toString();
    }

    @Override // java.security.cert.X509CRL
    public void verify(PublicKey publicKey) throws CRLException, NoSuchAlgorithmException, InvalidKeyException, NoSuchProviderException, SignatureException {
        verify(publicKey, "");
    }

    @Override // java.security.cert.X509CRL
    public synchronized void verify(PublicKey publicKey, String str) throws CRLException, NoSuchAlgorithmException, InvalidKeyException, NoSuchProviderException, SignatureException {
        if (str == null) {
            str = "";
        }
        if (this.verifiedPublicKey == null || !this.verifiedPublicKey.equals(publicKey) || !str.equals(this.verifiedProvider)) {
            if (this.ckh == null) {
                throw new CRLException("Uninitialized CRL");
            }
            Signature signature = str.length() == 0 ? Signature.getInstance(this.ckj.getName()) : Signature.getInstance(this.ckj.getName(), str);
            signature.initVerify(publicKey);
            if (this.cki == null) {
                throw new CRLException("Uninitialized CRL");
            }
            signature.update(this.cki, 0, this.cki.length);
            if (!signature.verify(this.signature)) {
                throw new SignatureException("Signature does not match.");
            }
            this.verifiedPublicKey = publicKey;
            this.verifiedProvider = str;
        }
    }
}
