package sun.security.x509;

import com.facebook.react.views.textinput.ReactEditTextInputConnectionWrapper;
import com.jingdong.sdk.platform.business.personal.R2;
import java.io.IOException;
import java.math.BigInteger;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.Principal;
import java.security.PublicKey;
import java.security.Signature;
import java.security.SignatureException;
import java.security.cert.CRLException;
import java.security.cert.Certificate;
import java.security.cert.X509CRL;
import java.security.cert.X509CRLEntry;
import java.security.cert.X509Certificate;
import java.util.Date;
import java.util.Enumeration;
import java.util.HashSet;
import java.util.Iterator;
import java.util.LinkedHashMap;
import java.util.Map;
import java.util.Set;
import javax.security.auth.x500.X500Principal;
import sun.misc.HexDumpEncoder;
import sun.security.util.DerInputStream;
import sun.security.util.DerOutputStream;
import sun.security.util.DerValue;
import sun.security.util.ObjectIdentifier;

/* loaded from: classes9.dex */
public class X509CRLImpl extends X509CRL {
    private Map<X509IssuerSerial, X509CRLEntry> aTA;
    private CRLExtensions aTp;
    private byte[] aTs;
    private byte[] aTt;
    private AlgorithmId aTu;
    private AlgorithmId aTv;
    private X500Name aTw;
    private X500Principal aTx;
    private Date aTy;
    private Date aTz;
    private boolean readOnly;
    private byte[] signature;
    private String verifiedProvider;
    private PublicKey verifiedPublicKey;
    private int version;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: classes9.dex */
    public static final class X509IssuerSerial {
        final X500Principal aTB;
        final BigInteger aTC;
        volatile int aTD;

        X509IssuerSerial(X509Certificate x509Certificate) {
            this(x509Certificate.getIssuerX500Principal(), x509Certificate.getSerialNumber());
        }

        X509IssuerSerial(X500Principal x500Principal, BigInteger bigInteger) {
            this.aTD = 0;
            this.aTB = x500Principal;
            this.aTC = bigInteger;
        }

        BigInteger Ef() {
            return this.aTC;
        }

        public boolean equals(Object obj) {
            if (obj == this) {
                return true;
            }
            if (!(obj instanceof X509IssuerSerial)) {
                return false;
            }
            X509IssuerSerial x509IssuerSerial = (X509IssuerSerial) obj;
            return this.aTC.equals(x509IssuerSerial.Ef()) && this.aTB.equals(x509IssuerSerial.getIssuer());
        }

        X500Principal getIssuer() {
            return this.aTB;
        }

        public int hashCode() {
            if (this.aTD == 0) {
                this.aTD = ((R2.attr.jdreact_selectedTextColor + this.aTB.hashCode()) * 37) + this.aTC.hashCode();
            }
            return this.aTD;
        }
    }

    private X509CRLImpl() {
        this.aTs = null;
        this.signature = null;
        this.aTt = null;
        this.aTu = null;
        this.aTw = null;
        this.aTx = null;
        this.aTy = null;
        this.aTz = null;
        this.aTA = new LinkedHashMap();
        this.aTp = null;
        this.readOnly = false;
    }

    public X509CRLImpl(DerValue derValue) throws CRLException {
        this.aTs = null;
        this.signature = null;
        this.aTt = null;
        this.aTu = null;
        this.aTw = null;
        this.aTx = null;
        this.aTy = null;
        this.aTz = null;
        this.aTA = new LinkedHashMap();
        this.aTp = null;
        this.readOnly = false;
        try {
            h(derValue);
        } catch (IOException e) {
            this.aTs = null;
            throw new CRLException("Parsing error: " + e.getMessage());
        }
    }

    private X500Principal a(X509CRLEntryImpl x509CRLEntryImpl, X500Principal x500Principal) throws IOException {
        CertificateIssuerExtension Ee = x509CRLEntryImpl.Ee();
        return Ee != null ? ((X500Name) ((GeneralNames) Ee.get("issuer")).el(0).DS()).Ed() : x500Principal;
    }

    /* JADX WARN: Unreachable blocks removed: 1, instructions: 1 */
    private void h(DerValue derValue) throws CRLException, IOException {
        if (this.readOnly) {
            throw new CRLException("cannot over-write existing CRL");
        }
        if (derValue.Du() == null || derValue.aPd != 48) {
            throw new CRLException("Invalid DER-encoded CRL data");
        }
        this.aTs = derValue.toByteArray();
        DerValue[] derValueArr = {derValue.aPg.Dn(), derValue.aPg.Dn(), derValue.aPg.Dn()};
        if (derValue.aPg.available() != 0) {
            throw new CRLException("signed overrun, bytes = " + derValue.aPg.available());
        }
        if (derValueArr[0].aPd != 48) {
            throw new CRLException("signed CRL fields invalid");
        }
        this.aTu = AlgorithmId.parse(derValueArr[1]);
        this.signature = derValueArr[2].Di();
        if (derValueArr[1].aPg.available() != 0) {
            throw new CRLException("AlgorithmId field overrun");
        }
        if (derValueArr[2].aPg.available() != 0) {
            throw new CRLException("Signature field overrun");
        }
        this.aTt = derValueArr[0].toByteArray();
        DerInputStream derInputStream = derValueArr[0].aPg;
        this.version = 0;
        if (((byte) derInputStream.Dr()) == 2) {
            this.version = derInputStream.Dk();
            if (this.version != 1) {
                throw new CRLException("Invalid version");
            }
        }
        AlgorithmId parse = AlgorithmId.parse(derInputStream.Dn());
        if (!parse.equals(this.aTu)) {
            throw new CRLException("Signature algorithm mismatch");
        }
        this.aTv = parse;
        this.aTw = new X500Name(derInputStream);
        if (this.aTw.isEmpty()) {
            throw new CRLException("Empty issuer DN not allowed in X509CRLs");
        }
        byte Dr = (byte) derInputStream.Dr();
        if (Dr == 23) {
            this.aTy = derInputStream.Do();
        } else {
            if (Dr != 24) {
                throw new CRLException("Invalid encoding for thisUpdate (tag=" + ((int) Dr) + ")");
            }
            this.aTy = derInputStream.Dp();
        }
        if (derInputStream.available() == 0) {
            return;
        }
        byte Dr2 = (byte) derInputStream.Dr();
        if (Dr2 == 23) {
            this.aTz = derInputStream.Do();
        } else if (Dr2 == 24) {
            this.aTz = derInputStream.Dp();
        }
        if (derInputStream.available() == 0) {
            return;
        }
        byte Dr3 = (byte) derInputStream.Dr();
        if (Dr3 == 48 && (Dr3 & 192) != 128) {
            DerValue[] eb = derInputStream.eb(4);
            X500Principal issuerX500Principal = getIssuerX500Principal();
            X500Principal x500Principal = issuerX500Principal;
            for (DerValue derValue2 : eb) {
                X509CRLEntryImpl x509CRLEntryImpl = new X509CRLEntryImpl(derValue2);
                x500Principal = a(x509CRLEntryImpl, x500Principal);
                x509CRLEntryImpl.a(issuerX500Principal, x500Principal);
                this.aTA.put(new X509IssuerSerial(x500Principal, x509CRLEntryImpl.getSerialNumber()), x509CRLEntryImpl);
            }
        }
        if (derInputStream.available() == 0) {
            return;
        }
        DerValue Dn = derInputStream.Dn();
        if (Dn.isConstructed() && Dn.f((byte) 0)) {
            this.aTp = new CRLExtensions(Dn.aPg);
        }
        this.readOnly = true;
    }

    @Override // java.security.cert.X509Extension
    public Set<String> getCriticalExtensionOIDs() {
        if (this.aTp == null) {
            return null;
        }
        HashSet hashSet = new HashSet();
        for (Extension extension : this.aTp.DN()) {
            if (extension.isCritical()) {
                hashSet.add(extension.DQ().toString());
            }
        }
        return hashSet;
    }

    @Override // java.security.cert.X509CRL
    public byte[] getEncoded() throws CRLException {
        return (byte[]) getEncodedInternal().clone();
    }

    public byte[] getEncodedInternal() throws CRLException {
        byte[] bArr = this.aTs;
        if (bArr != null) {
            return bArr;
        }
        throw new CRLException("Null CRL to encode");
    }

    @Override // java.security.cert.X509Extension
    public byte[] getExtensionValue(String str) {
        Extension hy;
        byte[] DR;
        if (this.aTp == null) {
            return null;
        }
        try {
            String c2 = OIDMap.c(new ObjectIdentifier(str));
            if (c2 == null) {
                ObjectIdentifier objectIdentifier = new ObjectIdentifier(str);
                Enumeration<Extension> elements = this.aTp.getElements();
                while (true) {
                    if (!elements.hasMoreElements()) {
                        hy = null;
                        break;
                    }
                    hy = elements.nextElement();
                    if (hy.DQ().equals(objectIdentifier)) {
                        break;
                    }
                }
            } else {
                hy = this.aTp.hy(c2);
            }
            if (hy == null || (DR = hy.DR()) == null) {
                return null;
            }
            DerOutputStream derOutputStream = new DerOutputStream();
            derOutputStream.U(DR);
            return derOutputStream.toByteArray();
        } catch (Exception unused) {
            return null;
        }
    }

    @Override // java.security.cert.X509CRL
    public Principal getIssuerDN() {
        return this.aTw;
    }

    @Override // java.security.cert.X509CRL
    public X500Principal getIssuerX500Principal() {
        if (this.aTx == null) {
            this.aTx = this.aTw.Ed();
        }
        return this.aTx;
    }

    @Override // java.security.cert.X509CRL
    public Date getNextUpdate() {
        Date date = this.aTz;
        if (date == null) {
            return null;
        }
        return new Date(date.getTime());
    }

    @Override // java.security.cert.X509Extension
    public Set<String> getNonCriticalExtensionOIDs() {
        if (this.aTp == null) {
            return null;
        }
        HashSet hashSet = new HashSet();
        for (Extension extension : this.aTp.DN()) {
            if (!extension.isCritical()) {
                hashSet.add(extension.DQ().toString());
            }
        }
        return hashSet;
    }

    @Override // java.security.cert.X509CRL
    public X509CRLEntry getRevokedCertificate(BigInteger bigInteger) {
        if (this.aTA.isEmpty()) {
            return null;
        }
        return this.aTA.get(new X509IssuerSerial(getIssuerX500Principal(), bigInteger));
    }

    @Override // java.security.cert.X509CRL
    public X509CRLEntry getRevokedCertificate(X509Certificate x509Certificate) {
        if (this.aTA.isEmpty()) {
            return null;
        }
        return this.aTA.get(new X509IssuerSerial(x509Certificate));
    }

    @Override // java.security.cert.X509CRL
    public Set<X509CRLEntry> getRevokedCertificates() {
        if (this.aTA.isEmpty()) {
            return null;
        }
        return new HashSet(this.aTA.values());
    }

    @Override // java.security.cert.X509CRL
    public String getSigAlgName() {
        AlgorithmId algorithmId = this.aTu;
        if (algorithmId == null) {
            return null;
        }
        return algorithmId.getName();
    }

    @Override // java.security.cert.X509CRL
    public String getSigAlgOID() {
        AlgorithmId algorithmId = this.aTu;
        if (algorithmId == null) {
            return null;
        }
        return algorithmId.getOID().toString();
    }

    @Override // java.security.cert.X509CRL
    public byte[] getSigAlgParams() {
        AlgorithmId algorithmId = this.aTu;
        if (algorithmId == null) {
            return null;
        }
        try {
            return algorithmId.getEncodedParams();
        } catch (IOException unused) {
            return null;
        }
    }

    @Override // java.security.cert.X509CRL
    public byte[] getSignature() {
        byte[] bArr = this.signature;
        if (bArr == null) {
            return null;
        }
        byte[] bArr2 = new byte[bArr.length];
        System.arraycopy(bArr, 0, bArr2, 0, bArr2.length);
        return bArr2;
    }

    @Override // java.security.cert.X509CRL
    public byte[] getTBSCertList() throws CRLException {
        byte[] bArr = this.aTt;
        if (bArr == null) {
            throw new CRLException("Uninitialized CRL");
        }
        byte[] bArr2 = new byte[bArr.length];
        System.arraycopy(bArr, 0, bArr2, 0, bArr2.length);
        return bArr2;
    }

    @Override // java.security.cert.X509CRL
    public Date getThisUpdate() {
        return new Date(this.aTy.getTime());
    }

    @Override // java.security.cert.X509CRL
    public int getVersion() {
        return this.version + 1;
    }

    @Override // java.security.cert.X509Extension
    public boolean hasUnsupportedCriticalExtension() {
        CRLExtensions cRLExtensions = this.aTp;
        if (cRLExtensions == null) {
            return false;
        }
        return cRLExtensions.hasUnsupportedCriticalExtension();
    }

    @Override // java.security.cert.CRL
    public boolean isRevoked(Certificate certificate) {
        if (this.aTA.isEmpty() || !(certificate instanceof X509Certificate)) {
            return false;
        }
        return this.aTA.containsKey(new X509IssuerSerial((X509Certificate) certificate));
    }

    @Override // java.security.cert.CRL
    public String toString() {
        StringBuffer stringBuffer = new StringBuffer();
        stringBuffer.append("X.509 CRL v" + (this.version + 1) + ReactEditTextInputConnectionWrapper.NEWLINE_RAW_VALUE);
        if (this.aTu != null) {
            stringBuffer.append("Signature Algorithm: " + this.aTu.toString() + ", OID=" + this.aTu.getOID().toString() + ReactEditTextInputConnectionWrapper.NEWLINE_RAW_VALUE);
        }
        if (this.aTw != null) {
            stringBuffer.append("Issuer: " + this.aTw.toString() + ReactEditTextInputConnectionWrapper.NEWLINE_RAW_VALUE);
        }
        if (this.aTy != null) {
            stringBuffer.append("\nThis Update: " + this.aTy.toString() + ReactEditTextInputConnectionWrapper.NEWLINE_RAW_VALUE);
        }
        if (this.aTz != null) {
            stringBuffer.append("Next Update: " + this.aTz.toString() + ReactEditTextInputConnectionWrapper.NEWLINE_RAW_VALUE);
        }
        if (this.aTA.isEmpty()) {
            stringBuffer.append("\nNO certificates have been revoked\n");
        } else {
            stringBuffer.append("\nRevoked Certificates: " + this.aTA.size());
            Iterator<X509CRLEntry> it = this.aTA.values().iterator();
            int i = 1;
            while (it.hasNext()) {
                stringBuffer.append("\n[" + i + "] " + it.next().toString());
                i++;
            }
        }
        CRLExtensions cRLExtensions = this.aTp;
        if (cRLExtensions != null) {
            Object[] array = cRLExtensions.DN().toArray();
            stringBuffer.append("\nCRL Extensions: " + array.length);
            int i2 = 0;
            while (i2 < array.length) {
                StringBuilder sb = new StringBuilder();
                sb.append("\n[");
                int i3 = i2 + 1;
                sb.append(i3);
                sb.append("]: ");
                stringBuffer.append(sb.toString());
                Extension extension = (Extension) array[i2];
                try {
                    if (OIDMap.d(extension.DQ()) == null) {
                        stringBuffer.append(extension.toString());
                        byte[] DR = extension.DR();
                        if (DR != null) {
                            DerOutputStream derOutputStream = new DerOutputStream();
                            derOutputStream.U(DR);
                            byte[] byteArray = derOutputStream.toByteArray();
                            stringBuffer.append("Extension unknown: DER encoded OCTET string =\n" + new HexDumpEncoder().encodeBuffer(byteArray) + ReactEditTextInputConnectionWrapper.NEWLINE_RAW_VALUE);
                        }
                    } else {
                        stringBuffer.append(extension.toString());
                    }
                } catch (Exception unused) {
                    stringBuffer.append(", Error parsing this extension");
                }
                i2 = i3;
            }
        }
        if (this.signature != null) {
            stringBuffer.append("\nSignature:\n" + new HexDumpEncoder().encodeBuffer(this.signature) + ReactEditTextInputConnectionWrapper.NEWLINE_RAW_VALUE);
        } else {
            stringBuffer.append("NOT signed yet\n");
        }
        return stringBuffer.toString();
    }

    @Override // java.security.cert.X509CRL
    public void verify(PublicKey publicKey) throws CRLException, NoSuchAlgorithmException, InvalidKeyException, NoSuchProviderException, SignatureException {
        verify(publicKey, "");
    }

    @Override // java.security.cert.X509CRL
    public synchronized void verify(PublicKey publicKey, String str) throws CRLException, NoSuchAlgorithmException, InvalidKeyException, NoSuchProviderException, SignatureException {
        if (str == null) {
            str = "";
        }
        if (this.verifiedPublicKey != null && this.verifiedPublicKey.equals(publicKey) && str.equals(this.verifiedProvider)) {
            return;
        }
        if (this.aTs == null) {
            throw new CRLException("Uninitialized CRL");
        }
        Signature signature = str.length() == 0 ? Signature.getInstance(this.aTu.getName()) : Signature.getInstance(this.aTu.getName(), str);
        signature.initVerify(publicKey);
        if (this.aTt == null) {
            throw new CRLException("Uninitialized CRL");
        }
        signature.update(this.aTt, 0, this.aTt.length);
        if (!signature.verify(this.signature)) {
            throw new SignatureException("Signature does not match.");
        }
        this.verifiedPublicKey = publicKey;
        this.verifiedProvider = str;
    }
}
