package com.rsa.cryptoj.o;

import com.rsa.cryptoj.o.qr;
import com.rsa.jsafe.cert.GeneralName;
import com.rsa.jsafe.provider.CRLDPParameters;
import com.rsa.jsafe.provider.CacheInterface;
import java.io.IOException;
import java.io.UnsupportedEncodingException;
import java.net.URI;
import java.net.URISyntaxException;
import java.nio.ByteBuffer;
import java.security.PublicKey;
import java.security.cert.CRLException;
import java.security.cert.CertPath;
import java.security.cert.PKIXParameters;
import java.security.cert.TrustAnchor;
import java.security.cert.X509CRL;
import java.security.cert.X509CRLSelector;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.BitSet;
import java.util.Date;
import java.util.HashSet;
import java.util.List;
import java.util.Set;
import javax.security.auth.x500.X500Principal;

/* loaded from: classes.dex */
public class qq extends qr {
    private static final String t = "ISO-8859-1";
    private static final dl u = new dl();
    private final CacheInterface v;

    /* JADX INFO: Access modifiers changed from: package-private */
    public qq(ch chVar, List<cc> list, PKIXParameters pKIXParameters, CRLDPParameters cRLDPParameters, CertPath certPath, X509CRL x509crl) {
        super(chVar, list, pKIXParameters, cRLDPParameters, certPath, x509crl);
        this.v = cRLDPParameters.getCache();
    }

    private ah a(d dVar) {
        d a2 = dVar.a("distributionPoint");
        int c2 = a2 == null ? 0 : a2.c();
        for (int i = 0; i < c2; i++) {
            d a3 = a2.a(0);
            if (a.f(a3.b().a()) == GeneralName.Type.UNIFORM_RESOURCE_ID.ordinal()) {
                return (ah) a3;
            }
        }
        return null;
    }

    private X509CRL a(URI uri, CRLDPParameters cRLDPParameters, Date date) {
        dl dlVar;
        StringBuilder b2;
        String message;
        byte[] a2 = qh.a(uri, cRLDPParameters.getProxyURI());
        rp rpVar = null;
        if (a2 == null) {
            return null;
        }
        try {
            rp a3 = rm.a(this.d, this.f, ByteBuffer.wrap(a2));
            try {
                a(a3, uri, a2);
                Date nextUpdate = a3.getNextUpdate();
                if (nextUpdate != null) {
                    if (date.after(nextUpdate)) {
                        return null;
                    }
                }
                return a3;
            } catch (b e) {
                e = e;
                rpVar = a3;
                if (!dl.a()) {
                    return rpVar;
                }
                dlVar = u;
                b2 = b.a.a.a.a.b("Exception when creating CRL: ");
                message = e.getMessage();
                b2.append(message);
                b2.append(" - ignored.");
                dlVar.a(b2.toString());
                return rpVar;
            } catch (CRLException e2) {
                e = e2;
                rpVar = a3;
                if (!dl.a()) {
                    return rpVar;
                }
                dlVar = u;
                b2 = b.a.a.a.a.b("Exception when creating CRL: ");
                message = e.getMessage();
                b2.append(message);
                b2.append(" - ignored.");
                dlVar.a(b2.toString());
                return rpVar;
            }
        } catch (b e3) {
            e = e3;
        } catch (CRLException e4) {
            e = e4;
        }
    }

    private X509CRL a(URI uri, Date date) {
        if (this.v == null) {
            return null;
        }
        try {
            byte[] item = this.v.getItem(uri.toString().getBytes(t));
            if (item == null) {
                return null;
            }
            try {
                rp a2 = rm.a(this.d, this.f, ByteBuffer.wrap(item));
                try {
                    Date nextUpdate = a2.getNextUpdate();
                    if (nextUpdate != null) {
                        if (date.after(nextUpdate)) {
                            return null;
                        }
                    }
                } catch (Exception unused) {
                }
                return a2;
            } catch (Exception unused2) {
                return null;
            }
        } catch (UnsupportedEncodingException e) {
            throw new Error(e);
        }
    }

    private Set<X509CRL> a(d dVar, X509CRLSelector x509CRLSelector, Date date) {
        CRLDPParameters cRLDPParameters = (CRLDPParameters) this.f1878c;
        ah a2 = a(dVar);
        ArrayList<URI> arrayList = new ArrayList();
        try {
            URI uri = new URI(a2.toString());
            if ("HTTP".equalsIgnoreCase(uri.getScheme())) {
                arrayList.add(uri);
            } else if (dl.a()) {
                u.a("URI contains unsupported scheme: " + uri.getScheme() + " - ignored.");
            }
        } catch (URISyntaxException unused) {
            if (dl.a()) {
                dl dlVar = u;
                StringBuilder b2 = b.a.a.a.a.b("Exception when creating URI: ");
                b2.append(a2.toString());
                b2.append(" - ignored.");
                dlVar.a(b2.toString());
            }
        }
        if (cRLDPParameters.getAlternateDP() != null) {
            if (cRLDPParameters.doOverride()) {
                arrayList.remove(0);
            }
            arrayList.add(cRLDPParameters.getAlternateDP());
        }
        HashSet hashSet = new HashSet();
        for (URI uri2 : arrayList) {
            X509CRL a3 = a(uri2, date);
            if (a3 == null) {
                a3 = a(uri2, cRLDPParameters, date);
            } else if (dl.a()) {
                dl dlVar2 = u;
                StringBuilder b3 = b.a.a.a.a.b("Loading CRL from cache: ");
                b3.append(uri2.toString());
                dlVar2.a(b3.toString());
            }
            if (a3 != null && (x509CRLSelector == null || x509CRLSelector.match(a3))) {
                hashSet.add(a3);
                break;
            }
        }
        return hashSet;
    }

    private void a(X509CRL x509crl, URI uri, byte[] bArr) {
        if (this.v == null) {
            return;
        }
        if (dl.a()) {
            u.a("Adding CRL response to cache.");
        }
        Date nextUpdate = x509crl.getNextUpdate();
        try {
            this.v.updateItem(uri.toString().getBytes(t), bArr, (nextUpdate == null ? Long.MAX_VALUE : nextUpdate.getTime()) - System.currentTimeMillis());
        } catch (UnsupportedEncodingException e) {
            throw new Error(e);
        }
    }

    @Override // com.rsa.cryptoj.o.qr
    int a(X509Certificate x509Certificate, qr.a aVar, d dVar, PublicKey publicKey, TrustAnchor trustAnchor, Date date) {
        X500Principal x500Principal;
        boolean z;
        d a2 = dVar.a("cRLIssuer");
        if (a2 == null) {
            x500Principal = x509Certificate.getIssuerX500Principal();
            z = false;
        } else {
            X500Principal a3 = px.a(a2);
            if (a3 == null) {
                return -1;
            }
            x500Principal = a3;
            z = true;
        }
        X509CRLSelector x509CRLSelector = new X509CRLSelector();
        try {
            x509CRLSelector.addIssuerName(x500Principal.getEncoded());
            return a(x509Certificate, aVar, dVar, publicKey, trustAnchor, z, x500Principal, a(dVar, x509CRLSelector, date), date);
        } catch (IOException unused) {
            throw new Error();
        }
    }

    @Override // com.rsa.cryptoj.o.qr, com.rsa.cryptoj.o.re
    public rf a(X509Certificate x509Certificate, pz pzVar, Date date) {
        d a2 = px.a(x509Certificate, pj.cL);
        if (a2 == null || a2.c() == 0) {
            StringBuilder b2 = b.a.a.a.a.b("Certificate revocation status unknown: No CRLDistributionPoints defined. ");
            b2.append(a(x509Certificate));
            return new rf(2, b2.toString(), null);
        }
        qr.a aVar = new qr.a(new BitSet());
        int c2 = a2.c();
        for (int i = 0; i < c2; i++) {
            int a3 = a(x509Certificate, aVar, a2.a(i), pzVar.b(), pzVar.a(), date);
            if (a3 != -1) {
                StringBuilder b3 = b.a.a.a.a.b("Certificate has been revoked: reason ");
                b3.append(po.e.get(a3));
                b3.append(".");
                b3.append(a(x509Certificate));
                return new rf(1, b3.toString(), pj.cL);
            }
            if (aVar.a()) {
                return new rf(0, null, pj.cL);
            }
        }
        StringBuilder b4 = b.a.a.a.a.b("Certificate revocation status unknown: No valid response from defined CRLDPs.");
        b4.append(a(x509Certificate));
        return new rf(2, b4.toString(), pj.cL);
    }
}
