package ru.CryptoPro.reprov.certpath;

import java.io.IOException;
import java.security.AccessController;
import java.security.PublicKey;
import java.security.cert.CRL;
import java.security.cert.CertStore;
import java.security.cert.CertStoreException;
import java.security.cert.X509CRL;
import java.security.cert.X509CRLSelector;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collection;
import java.util.Collections;
import java.util.Date;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Set;
import javax.security.auth.x500.X500Principal;
import ru.CryptoPro.JCP.Random.BioRandomFrame;
import ru.CryptoPro.JCP.tools.JCPLogger;
import ru.CryptoPro.reprov.array.DerValue;
import ru.CryptoPro.reprov.certpath.URICertStore;
import ru.CryptoPro.reprov.utils.GetPropertyAction;
import ru.CryptoPro.reprov.x509.CRLDistributionPointsExtension;
import ru.CryptoPro.reprov.x509.DistributionPoint;
import ru.CryptoPro.reprov.x509.GeneralName;
import ru.CryptoPro.reprov.x509.GeneralNames;
import ru.CryptoPro.reprov.x509.PKIXExtensions;
import ru.CryptoPro.reprov.x509.RDN;
import ru.CryptoPro.reprov.x509.URIName;
import ru.CryptoPro.reprov.x509.X500Name;

/* loaded from: classes4.dex */
public class DistributionPointFetcher {
    private static final boolean[] a = {true, true, true, true, true, true, true, true, true};
    private static final boolean b;
    private static final DistributionPointFetcher c;

    static {
        b = getBooleanProperty("com.sun.security.enableCRLDP", false) || getBooleanProperty("com.ibm.security.enableCRLDP", false);
        c = new DistributionPointFetcher();
    }

    private DistributionPointFetcher() {
    }

    private static X509CRL a(URIName uRIName) {
        try {
            Collection<? extends CRL> cRLs = URICertStore.a(new URICertStore.URICertStoreParameters(uRIName.getURI())).getCRLs(null);
            if (cRLs.isEmpty()) {
                return null;
            }
            return (X509CRL) cRLs.iterator().next();
        } catch (Exception e) {
            JCPLogger.warning("Exception getting CRL from CertStore: ", (Throwable) e);
            return null;
        }
    }

    private static Collection a(X509CRLSelector x509CRLSelector, X509Certificate x509Certificate, DistributionPoint distributionPoint, boolean[] zArr, boolean z, PublicKey publicKey, String str, List list, Set set, Date date) {
        X509CRL a2;
        GeneralNames fullName = distributionPoint.getFullName();
        if (fullName == null) {
            RDN relativeName = distributionPoint.getRelativeName();
            if (relativeName == null) {
                return Collections.EMPTY_SET;
            }
            try {
                GeneralNames cRLIssuer = distributionPoint.getCRLIssuer();
                if (cRLIssuer == null) {
                    fullName = a(new X500Name(x509Certificate.getIssuerX500Principal().getEncoded()), relativeName);
                } else {
                    if (cRLIssuer.size() != 1) {
                        return Collections.EMPTY_SET;
                    }
                    fullName = a((X500Name) cRLIssuer.get(0).getName(), relativeName);
                }
            } catch (IOException unused) {
                return Collections.EMPTY_SET;
            }
        }
        ArrayList<X509CRL> arrayList = new ArrayList();
        ArrayList arrayList2 = new ArrayList(2);
        Iterator it = fullName.iterator();
        while (it.hasNext()) {
            GeneralName generalName = (GeneralName) it.next();
            if (generalName.getType() == 4) {
                arrayList.addAll(a((X500Name) generalName.getName(), x509Certificate.getIssuerX500Principal(), list));
            } else if (generalName.getType() == 6 && (a2 = a((URIName) generalName.getName())) != null) {
                arrayList.add(a2);
            }
        }
        for (X509CRL x509crl : arrayList) {
            try {
                x509CRLSelector.setIssuerNames(null);
                if (x509CRLSelector.match(x509crl) && a(x509Certificate, distributionPoint, x509crl, zArr, z, publicKey, str, set, list, date)) {
                    arrayList2.add(x509crl);
                } else {
                    JCPLogger.finer("CRL does not satisfy the cert selector (match) or some other options (verifyCRL)");
                }
            } catch (Exception e) {
                JCPLogger.subThrown("Exception verifying CRL:", e);
            }
        }
        return arrayList2;
    }

    private static Collection a(X500Name x500Name, X500Principal x500Principal, List list) {
        JCPLogger.finer("Trying to fetch CRL from DP ", x500Name);
        X509CRLSelector x509CRLSelector = new X509CRLSelector();
        x509CRLSelector.addIssuer(new X500Principal(x500Name.asX500Principal().getEncoded()));
        x509CRLSelector.addIssuer(x500Principal);
        ArrayList arrayList = new ArrayList();
        Iterator it = list.iterator();
        while (it.hasNext()) {
            try {
                Iterator<? extends CRL> it2 = ((CertStore) it.next()).getCRLs(x509CRLSelector).iterator();
                while (it2.hasNext()) {
                    arrayList.add((X509CRL) it2.next());
                }
            } catch (CertStoreException e) {
                JCPLogger.fine("Non-fatal exception while retrieving CRLs: ", (Throwable) e);
            }
        }
        return arrayList;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static DistributionPointFetcher a() {
        return c;
    }

    private static GeneralNames a(X500Name x500Name, RDN rdn) throws IOException {
        ArrayList arrayList = new ArrayList(x500Name.rdns());
        arrayList.add(rdn);
        X500Name x500Name2 = new X500Name((RDN[]) arrayList.toArray(new RDN[0]));
        GeneralNames generalNames = new GeneralNames();
        generalNames.add(new GeneralName(x500Name2));
        return generalNames;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* JADX WARN: Removed duplicated region for block: B:123:0x01fc A[ADDED_TO_REGION] */
    /* JADX WARN: Removed duplicated region for block: B:135:0x020c A[RETURN] */
    /* JADX WARN: Removed duplicated region for block: B:136:0x020d  */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public static boolean a(java.security.cert.X509Certificate r14, ru.CryptoPro.reprov.x509.DistributionPoint r15, java.security.cert.X509CRL r16, boolean[] r17, boolean r18, java.security.PublicKey r19, java.lang.String r20, java.util.Set r21, java.util.List r22, java.util.Date r23) throws java.security.cert.CRLException, java.io.IOException {
        /*
            Method dump skipped, instructions count: 806
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: ru.CryptoPro.reprov.certpath.DistributionPointFetcher.a(java.security.cert.X509Certificate, ru.CryptoPro.reprov.x509.DistributionPoint, java.security.cert.X509CRL, boolean[], boolean, java.security.PublicKey, java.lang.String, java.util.Set, java.util.List, java.util.Date):boolean");
    }

    public static boolean getBooleanProperty(String str, boolean z) {
        String str2 = (String) AccessController.doPrivileged(new GetPropertyAction(str));
        if (str2 == null) {
            return z;
        }
        if (str2.equalsIgnoreCase("false")) {
            return false;
        }
        if (str2.equalsIgnoreCase(BioRandomFrame.STR_DIALOG_PROPERTY_VALUE)) {
            return true;
        }
        throw new RuntimeException("Value of " + str + " must either be 'true' or 'false'");
    }

    public static Collection getCRLs(X509CRLSelector x509CRLSelector, boolean z, PublicKey publicKey, String str, List list, boolean[] zArr, Set set, Date date) throws CertStoreException {
        X509Certificate certificateChecking;
        if (b && (certificateChecking = x509CRLSelector.getCertificateChecking()) != null) {
            try {
                byte[] extensionValue = certificateChecking.getExtensionValue(PKIXExtensions.CRLDistributionPoints_Id.toString());
                CRLDistributionPointsExtension cRLDistributionPointsExtension = extensionValue != null ? new CRLDistributionPointsExtension((Boolean) false, (Object) new DerValue(extensionValue).getOctetString()) : null;
                if (cRLDistributionPointsExtension == null) {
                    JCPLogger.finer("No CRLDP ext");
                    return Collections.EMPTY_SET;
                }
                List list2 = (List) cRLDistributionPointsExtension.get(CRLDistributionPointsExtension.POINTS);
                HashSet hashSet = new HashSet();
                Iterator it = list2.iterator();
                while (it.hasNext() && !Arrays.equals(zArr, a)) {
                    hashSet.addAll(a(x509CRLSelector, certificateChecking, (DistributionPoint) it.next(), zArr, z, publicKey, str, list, set, date));
                }
                JCPLogger.finerFormat("Returning {0} CRLs", Integer.valueOf(hashSet.size()));
                return hashSet;
            } catch (IOException unused) {
                return Collections.EMPTY_SET;
            }
        }
        return Collections.EMPTY_SET;
    }
}
