package com.initech.cpv.crl;

import com.initech.asn1.ASN1Exception;
import com.initech.asn1.useful.GeneralName;
import com.initech.asn1.useful.GeneralNames;
import com.initech.asn1.useful.Name;
import com.initech.asn1.useful.PublicKeyInfo;
import com.initech.asn1.useful.RDN;
import com.initech.cpv.manager.TrustManager;
import com.initech.cpv.util.Debug;
import com.initech.x509.extensions.BasicConstraints;
import com.initech.x509.extensions.DistPoint;
import com.initech.x509.extensions.IssuingDistPoint;
import com.initech.x509.extensions.KeyUsage;
import etri.fido.auth.crypto.CryptoConst;
import java.security.cert.X509CRL;
import java.security.cert.X509Certificate;
import java.util.Date;
import java.util.Enumeration;

/* loaded from: classes2.dex */
public class CRLVerifier {
    private X509CRL a;
    private TrustManager b;

    /* renamed from: c, reason: collision with root package name */
    private X509Certificate f131c;
    private DistPoint d;

    /* JADX WARN: Unreachable blocks removed: 1, instructions: 1 */
    public CRLVerifier(X509CRL x509crl, DistPoint distPoint, X509Certificate x509Certificate, TrustManager trustManager) throws CRLVerifyException {
        this.a = x509crl;
        this.d = distPoint;
        this.b = trustManager;
        this.f131c = x509Certificate;
        if (this.f131c == null) {
            throw new CRLVerifyException("Entity's ceritificate required to verify CRL.");
        }
        if (this.b == null) {
            throw new CRLVerifyException("CRL Issuer's ceritificate manager required to verify CRL.");
        }
    }

    /* JADX WARN: Unreachable blocks removed: 1, instructions: 1 */
    private void a() throws CRLVerifyException {
        try {
            try {
                if (this.a.getNextUpdate().before(new Date())) {
                    throw new CRLVerifyException("This CRL is expired.");
                }
                X509Certificate findIssuerCert = this.b.findIssuerCert(this.a);
                if (findIssuerCert == null) {
                    throw new CRLVerifyException("CRL Issuer certiticate cannot be found.");
                }
                byte[] extensionValue = findIssuerCert.getExtensionValue(KeyUsage.OID);
                if (extensionValue != null && !new KeyUsage(extensionValue).isProperUsage(512)) {
                    throw new CRLVerifyException("CRL issuer certificate's key usage is not correct : Key usage does not include cRLSign bit.");
                }
                try {
                    this.a.verify(findIssuerCert.getPublicKey());
                } catch (Exception e) {
                    Debug.handleException(e);
                    if (e instanceof NullPointerException) {
                        PublicKeyInfo publicKeyInfo = new PublicKeyInfo(findIssuerCert.getPublicKey().getEncoded());
                        X509Certificate findIssuerCert2 = this.b.findIssuerCert(findIssuerCert);
                        while (findIssuerCert2 != null) {
                            if (findIssuerCert2.getPublicKey().getFormat().equals(CryptoConst.CERT_X509) && findIssuerCert2.getPublicKey().getAlgorithm().equals(findIssuerCert.getPublicKey().getAlgorithm())) {
                                PublicKeyInfo publicKeyInfo2 = new PublicKeyInfo(findIssuerCert2.getPublicKey().getEncoded());
                                if (publicKeyInfo2.getAlgParameter() != null) {
                                    publicKeyInfo.setAlgParameter(publicKeyInfo2.getAlgParameter());
                                    try {
                                        this.a.verify(publicKeyInfo.getPublicKey());
                                        return;
                                    } catch (Exception e2) {
                                        Debug.handleException(e2);
                                    }
                                } else {
                                    findIssuerCert2 = this.b.findIssuerCert(findIssuerCert2);
                                }
                            }
                        }
                    }
                    throw new CRLVerifyException("Failed to verify CRL's signature");
                }
            } catch (Exception e3) {
                Debug.handleException(e3);
                throw new CRLVerifyException(e3);
            }
        } catch (CRLVerifyException e4) {
            throw e4;
        }
    }

    /* JADX WARN: Unreachable blocks removed: 1, instructions: 1 */
    public void verify() throws CRLVerifyException {
        GeneralNames issuer;
        boolean z2 = false;
        if (this.d != null) {
            try {
                Name name = new Name(this.a.getIssuerDN().getName());
                try {
                    byte[] extensionValue = this.a.getExtensionValue(IssuingDistPoint.OID);
                    IssuingDistPoint issuingDistPoint = extensionValue != null ? new IssuingDistPoint(extensionValue) : null;
                    if (this.d.getIssuer() == null || this.d.getIssuer().size() <= 0) {
                        if (!name.equals(new Name(this.f131c.getIssuerDN().getName()))) {
                            throw new CRLVerifyException("CRL issuer's name is different with certificate issuer's name");
                        }
                    } else {
                        if (!this.d.getIssuer().contains(name)) {
                            throw new CRLVerifyException("DistributionPoint names not contains CRLIssuer's name");
                        }
                        if (issuingDistPoint == null) {
                            throw new CRLVerifyException("IDP extension required, but not exist.");
                        }
                        if (!issuingDistPoint.isIndirect()) {
                            throw new CRLVerifyException("CRL is not indirect CRL. When DistributionPoint contains cRLIssuer field, IDP must have indirectCRL field.");
                        }
                    }
                    if (issuingDistPoint != null) {
                        if (!this.d.containsFullName() || this.d.getFullName().size() <= 0) {
                            RDN rdn = this.d.getRDN();
                            issuer = this.d.getIssuer();
                            if (rdn != null) {
                                if (issuer == null || issuer.size() == 0) {
                                    GeneralNames generalNames = issuer == null ? new GeneralNames() : issuer;
                                    Name name2 = new Name(this.f131c.getIssuerDN().getName());
                                    name2.add(rdn);
                                    generalNames.add(new GeneralName(name2));
                                    issuer = generalNames;
                                } else if (issuer.size() == 1) {
                                    Name name3 = (Name) ((Name) issuer.elementAt(0).getGeneralNameInterface()).clone();
                                    name3.add(rdn);
                                    issuer.clear();
                                    issuer.add(new GeneralName(name3));
                                }
                            }
                        } else {
                            issuer = this.d.getFullName();
                        }
                        if (!issuingDistPoint.containsFullName() || issuingDistPoint.getFullName().size() <= 0) {
                            Name name4 = (Name) name.clone();
                            RDN rdn2 = issuingDistPoint.getRDN();
                            if (rdn2 != null) {
                                name4.add(rdn2);
                            }
                            GeneralName generalName = new GeneralName(name4);
                            if (issuer != null && issuer.contains(generalName)) {
                                z2 = true;
                            }
                        } else {
                            Enumeration elementDistPoint = issuingDistPoint.elementDistPoint();
                            while (elementDistPoint.hasMoreElements()) {
                                z2 = (issuer == null || !issuer.contains((GeneralName) elementDistPoint.nextElement())) ? z2 : true;
                            }
                        }
                        if (!z2) {
                            throw new CRLVerifyException("IDP's dist point name and DP's dist point field has no intersection.");
                        }
                        if (issuingDistPoint.containOnlyUserCert()) {
                            try {
                                byte[] extensionValue2 = this.f131c.getExtensionValue(BasicConstraints.OID);
                                if (extensionValue2 != null && new BasicConstraints(extensionValue2).isCA()) {
                                    throw new CRLVerifyException("This CRL is for only user cert, but certificate is for CA.");
                                }
                            } catch (ASN1Exception e) {
                                Debug.handleException(e);
                                throw new CRLVerifyException("Failed to get BasicConstraints extension.");
                            }
                        }
                        if (issuingDistPoint.containOnlyCACert()) {
                            try {
                                if (!new BasicConstraints(this.f131c.getExtensionValue(BasicConstraints.OID)).isCA()) {
                                    throw new CRLVerifyException("This CRL is for only CA cert, but certificate is not for CA.");
                                }
                            } catch (ASN1Exception e2) {
                                Debug.handleException(e2);
                                throw new CRLVerifyException("Failed to get BasicConstraints extension.");
                            }
                        }
                        if (issuingDistPoint.containOnlyAttributeCert()) {
                            throw new CRLVerifyException("CRL is for only attribute certificates.");
                        }
                    }
                } catch (ASN1Exception e3) {
                    Debug.handleException(e3);
                    throw new CRLVerifyException("Failed to get IDP extension.");
                }
            } catch (CRLVerifyException e4) {
                throw e4;
            } catch (Exception e5) {
                Debug.handleException(e5);
                throw new CRLVerifyException(e5);
            }
        }
        a();
    }
}
