package org.bouncycastle.pkix.jcajce;

import java.io.BufferedInputStream;
import java.io.InputStream;
import java.lang.ref.WeakReference;
import java.net.URL;
import java.security.GeneralSecurityException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.Provider;
import java.security.PublicKey;
import java.security.cert.CRL;
import java.security.cert.CertPathValidatorException;
import java.security.cert.CertStore;
import java.security.cert.Certificate;
import java.security.cert.CertificateFactory;
import java.security.cert.PKIXCertPathChecker;
import java.security.cert.PKIXParameters;
import java.security.cert.TrustAnchor;
import java.security.cert.X509CRL;
import java.security.cert.X509CRLSelector;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Collections;
import java.util.Date;
import java.util.Enumeration;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Set;
import java.util.WeakHashMap;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.security.auth.x500.X500Principal;
import org.bouncycastle.asn1.ASN1ObjectIdentifier;
import org.bouncycastle.asn1.ASN1Primitive;
import org.bouncycastle.asn1.x509.CRLDistPoint;
import org.bouncycastle.asn1.x509.DistributionPoint;
import org.bouncycastle.asn1.x509.DistributionPointName;
import org.bouncycastle.asn1.x509.Extension;
import org.bouncycastle.asn1.x509.GeneralName;
import org.bouncycastle.asn1.x509.GeneralNames;
import org.bouncycastle.jcajce.PKIXCRLStore;
import org.bouncycastle.jcajce.PKIXExtendedParameters;
import org.bouncycastle.jcajce.util.DefaultJcaJceHelper;
import org.bouncycastle.jcajce.util.JcaJceHelper;
import org.bouncycastle.jcajce.util.NamedJcaJceHelper;
import org.bouncycastle.jcajce.util.ProviderJcaJceHelper;
import org.bouncycastle.util.CollectionStore;
import org.bouncycastle.util.Iterable;
import org.bouncycastle.util.Selector;
import org.bouncycastle.util.Store;

/* loaded from: classes4.dex */
public class X509RevocationChecker extends PKIXCertPathChecker {
    private static Logger $$a = null;
    private static final Map<GeneralName, WeakReference<X509CRL>> $$b;
    public static final int $$c = 0;
    public static final int CHAIN_VALIDITY_MODEL = 1;
    public static final int PKIX_VALIDITY_MODEL = 0;
    protected static final String[] crlReasons;
    private static byte[] debugBlockerAttacked;
    private final Set<TrustAnchor> $$d;
    private X509Certificate debugBlockerFailed;
    private final long isApkFileTampered;
    private final JcaJceHelper isAppDebuggable;
    private final boolean isAppTampered;
    private final Map<X500Principal, Long> isApplicationHooked;
    private X500Principal isCertificateTampered;
    private final boolean isDebuggerAttached;
    private final List<CertStore> isDeviceRooted;
    private Date isFileTampered;
    private PublicKey isMemoryTampered;
    private final int isRunningInEmulator;
    private final List<Store<CRL>> isRunningInVirtualEnvironment;
    private final long isTampered;

    /* loaded from: classes4.dex */
    public static class Builder {
        private int $$a;
        private List<Store<CRL>> $$b;
        private boolean $$c;
        private List<CertStore> $$d;
        private long isAppDebuggable;
        private Set<TrustAnchor> isApplicationHooked;
        private boolean isDebuggerAttached;
        private String isDeviceRooted;
        private long isRunningInEmulator;
        private Provider isRunningInVirtualEnvironment;

        public Builder(KeyStore keyStore) throws KeyStoreException {
            this.$$d = new ArrayList();
            this.$$b = new ArrayList();
            this.$$a = 0;
            this.isApplicationHooked = new HashSet();
            Enumeration<String> aliases = keyStore.aliases();
            while (aliases.hasMoreElements()) {
                String nextElement = aliases.nextElement();
                if (keyStore.isCertificateEntry(nextElement)) {
                    this.isApplicationHooked.add(new TrustAnchor((X509Certificate) keyStore.getCertificate(nextElement), null));
                }
            }
        }

        public Builder(TrustAnchor trustAnchor) {
            this.$$d = new ArrayList();
            this.$$b = new ArrayList();
            this.$$a = 0;
            this.isApplicationHooked = Collections.singleton(trustAnchor);
        }

        public Builder(Set<TrustAnchor> set) {
            this.$$d = new ArrayList();
            this.$$b = new ArrayList();
            this.$$a = 0;
            this.isApplicationHooked = new HashSet(set);
        }

        public Builder addCrls(CertStore certStore) {
            this.$$d.add(certStore);
            return this;
        }

        public Builder addCrls(Store<CRL> store) {
            this.$$b.add(store);
            return this;
        }

        public X509RevocationChecker build() {
            return new X509RevocationChecker(this, (byte) 0);
        }

        public Builder setCheckEndEntityOnly(boolean z) {
            this.$$c = z;
            return this;
        }

        public Builder setSoftFail(boolean z, long j) {
            this.isDebuggerAttached = z;
            this.isRunningInEmulator = j;
            this.isAppDebuggable = -1L;
            return this;
        }

        public Builder setSoftFailHardLimit(boolean z, long j) {
            this.isDebuggerAttached = z;
            this.isRunningInEmulator = (3 * j) / 4;
            this.isAppDebuggable = j;
            return this;
        }

        public Builder setValidityModel(int i) {
            this.$$a = i;
            return this;
        }

        public Builder usingProvider(String str) {
            this.isDeviceRooted = str;
            return this;
        }

        public Builder usingProvider(Provider provider) {
            this.isRunningInVirtualEnvironment = provider;
            return this;
        }
    }

    /* loaded from: classes4.dex */
    class d implements PKIXCRLStore<CRL>, Iterable<CRL> {
        private Collection<CRL> $$b;

        public d(Store<CRL> store) {
            this.$$b = new ArrayList(store.getMatches(null));
        }

        @Override // org.bouncycastle.jcajce.PKIXCRLStore, org.bouncycastle.util.Store
        public final Collection<CRL> getMatches(Selector<CRL> selector) {
            if (selector == null) {
                return new ArrayList(this.$$b);
            }
            ArrayList arrayList = new ArrayList();
            for (CRL crl : this.$$b) {
                if (selector.match(crl)) {
                    arrayList.add(crl);
                }
            }
            return arrayList;
        }

        @Override // org.bouncycastle.util.Iterable, java.lang.Iterable
        public final Iterator<CRL> iterator() {
            return getMatches(null).iterator();
        }
    }

    private static List<PKIXCRLStore> $$a(CRLDistPoint cRLDistPoint, Map<GeneralName, PKIXCRLStore> map) throws a {
        if (cRLDistPoint == null) {
            return Collections.emptyList();
        }
        try {
            DistributionPoint[] distributionPoints = cRLDistPoint.getDistributionPoints();
            ArrayList arrayList = new ArrayList();
            for (DistributionPoint distributionPoint : distributionPoints) {
                DistributionPointName distributionPoint2 = distributionPoint.getDistributionPoint();
                if (distributionPoint2 != null && distributionPoint2.getType() == 0) {
                    for (GeneralName generalName : GeneralNames.getInstance(distributionPoint2.getName()).getNames()) {
                        PKIXCRLStore pKIXCRLStore = map.get(generalName);
                        if (pKIXCRLStore != null) {
                            arrayList.add(pKIXCRLStore);
                        }
                    }
                }
            }
            return arrayList;
        } catch (Exception e) {
            throw new a("could not read distribution points could not be read", e);
        }
    }

    static void $$c() {
        debugBlockerAttacked = new byte[]{62, 91, -44, -44, -11, -5, -6, 12};
        $$c = 237;
    }

    static {
        $$c();
        $$a = Logger.getLogger(X509RevocationChecker.class.getName());
        $$b = Collections.synchronizedMap(new WeakHashMap());
        crlReasons = new String[]{"unspecified", "keyCompromise", "cACompromise", "affiliationChanged", "superseded", "cessationOfOperation", "certificateHold", "unknown", "removeFromCRL", "privilegeWithdrawn", "aACompromise"};
    }

    private X509RevocationChecker(Builder builder) {
        this.isApplicationHooked = new HashMap();
        this.isRunningInVirtualEnvironment = new ArrayList(builder.$$b);
        this.isDeviceRooted = new ArrayList(builder.$$d);
        this.isDebuggerAttached = builder.$$c;
        this.isRunningInEmulator = builder.$$a;
        this.$$d = builder.isApplicationHooked;
        this.isAppTampered = builder.isDebuggerAttached;
        this.isTampered = builder.isRunningInEmulator;
        this.isApkFileTampered = builder.isAppDebuggable;
        if (builder.isRunningInVirtualEnvironment != null) {
            this.isAppDebuggable = new ProviderJcaJceHelper(builder.isRunningInVirtualEnvironment);
        } else if (builder.isDeviceRooted != null) {
            this.isAppDebuggable = new NamedJcaJceHelper(builder.isDeviceRooted);
        } else {
            this.isAppDebuggable = new DefaultJcaJceHelper();
        }
    }

    /* synthetic */ X509RevocationChecker(Builder builder, byte b) {
        this(builder);
    }

    /* JADX WARN: Unreachable blocks removed: 2, instructions: 3 */
    private static CRL isApplicationHooked(X500Principal x500Principal, Date date, ASN1Primitive aSN1Primitive, JcaJceHelper jcaJceHelper) {
        URL url;
        DistributionPoint[] distributionPoints = CRLDistPoint.getInstance(aSN1Primitive).getDistributionPoints();
        int i = 0;
        int i2 = 0;
        while (i2 != distributionPoints.length) {
            DistributionPointName distributionPoint = distributionPoints[i2].getDistributionPoint();
            if (distributionPoint != null && distributionPoint.getType() == 0) {
                GeneralName[] names = GeneralNames.getInstance(distributionPoint.getName()).getNames();
                int i3 = i;
                while (i3 != names.length) {
                    GeneralName generalName = names[i3];
                    if (generalName.getTagNo() == 6) {
                        Map<GeneralName, WeakReference<X509CRL>> map = $$b;
                        WeakReference<X509CRL> weakReference = map.get(generalName);
                        if (weakReference != null) {
                            X509CRL x509crl = weakReference.get();
                            if (x509crl != null && !date.before(x509crl.getThisUpdate()) && !date.after(x509crl.getNextUpdate())) {
                                return x509crl;
                            }
                            map.remove(generalName);
                        }
                        try {
                            url = new URL(generalName.getName().toString());
                            try {
                                CertificateFactory createCertificateFactory = jcaJceHelper.createCertificateFactory("X.509");
                                InputStream openStream = url.openStream();
                                X509CRL x509crl2 = (X509CRL) createCertificateFactory.generateCRL(new BufferedInputStream(openStream));
                                try {
                                    try {
                                        Object[] objArr = new Object[1];
                                        isApplicationHooked(objArr);
                                        InputStream.class.getMethod((String) objArr[i], null).invoke(openStream, null);
                                        Logger logger = $$a;
                                        Level level = Level.INFO;
                                        StringBuilder sb = new StringBuilder("downloaded CRL from CrlDP ");
                                        sb.append(url);
                                        sb.append(" for issuer \"");
                                        sb.append(x500Principal);
                                        sb.append("\"");
                                        logger.log(level, sb.toString());
                                        map.put(generalName, new WeakReference<>(x509crl2));
                                        return x509crl2;
                                    } catch (Exception e) {
                                        e = e;
                                        Logger logger2 = $$a;
                                        Level level2 = Level.FINE;
                                        if (logger2.isLoggable(level2)) {
                                            Logger logger3 = $$a;
                                            StringBuilder sb2 = new StringBuilder("CrlDP ");
                                            sb2.append(url);
                                            sb2.append(" ignored: ");
                                            sb2.append(e.getMessage());
                                            logger3.log(level2, sb2.toString(), (Throwable) e);
                                        } else {
                                            Logger logger4 = $$a;
                                            Level level3 = Level.INFO;
                                            StringBuilder sb3 = new StringBuilder("CrlDP ");
                                            sb3.append(url);
                                            sb3.append(" ignored: ");
                                            sb3.append(e.getMessage());
                                            logger4.log(level3, sb3.toString());
                                        }
                                        i3++;
                                        i = 0;
                                    }
                                } catch (Throwable th) {
                                    Throwable cause = th.getCause();
                                    if (cause != null) {
                                        throw cause;
                                    }
                                    throw th;
                                }
                            } catch (Exception e2) {
                                e = e2;
                            }
                        } catch (Exception e3) {
                            e = e3;
                            url = null;
                        }
                    }
                    i3++;
                    i = 0;
                }
            }
            i2++;
            i = 0;
        }
        return null;
    }

    /* JADX WARN: Removed duplicated region for block: B:10:0x001f  */
    /* JADX WARN: Removed duplicated region for block: B:7:0x0017  */
    /* JADX WARN: Unsupported multi-entry loop pattern (BACK_EDGE: B:10:0x001f -> B:4:0x0023). Please report as a decompilation issue!!! */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    private static void isApplicationHooked(java.lang.Object[] r8) {
        /*
            byte[] r0 = org.bouncycastle.pkix.jcajce.X509RevocationChecker.debugBlockerAttacked
            r1 = 5
            byte[] r1 = new byte[r1]
            r2 = 0
            r3 = 4
            if (r0 != 0) goto Le
            r5 = r2
            r4 = r3
            r6 = r4
            r7 = r6
            goto L23
        Le:
            r4 = 99
            r5 = r2
            r6 = r3
        L12:
            byte r7 = (byte) r4
            r1[r5] = r7
            if (r5 != r3) goto L1f
            java.lang.String r0 = new java.lang.String
            r0.<init>(r1, r2)
            r8[r2] = r0
            return
        L1f:
            int r5 = r5 + 1
            r7 = r0[r6]
        L23:
            int r6 = r6 + 1
            int r4 = r4 - r7
            int r4 = r4 + (-2)
            goto L12
        */
        throw new UnsupportedOperationException("Method not decompiled: org.bouncycastle.pkix.jcajce.X509RevocationChecker.isApplicationHooked(java.lang.Object[]):void");
    }

    @Override // java.security.cert.PKIXCertPathChecker
    public void check(Certificate certificate, Collection<String> collection) throws CertPathValidatorException {
        Logger logger;
        Level level;
        StringBuilder sb;
        X509Certificate x509Certificate = (X509Certificate) certificate;
        if (this.isDebuggerAttached && x509Certificate.getBasicConstraints() != -1) {
            this.isCertificateTampered = x509Certificate.getSubjectX500Principal();
            this.isMemoryTampered = x509Certificate.getPublicKey();
            this.debugBlockerFailed = x509Certificate;
            return;
        }
        TrustAnchor trustAnchor = null;
        if (this.isCertificateTampered == null) {
            this.isCertificateTampered = x509Certificate.getIssuerX500Principal();
            for (TrustAnchor trustAnchor2 : this.$$d) {
                if (this.isCertificateTampered.equals(trustAnchor2.getCA()) || this.isCertificateTampered.equals(trustAnchor2.getTrustedCert().getSubjectX500Principal())) {
                    trustAnchor = trustAnchor2;
                }
            }
            if (trustAnchor == null) {
                StringBuilder sb2 = new StringBuilder("no trust anchor found for ");
                sb2.append(this.isCertificateTampered);
                throw new CertPathValidatorException(sb2.toString());
            }
            X509Certificate trustedCert = trustAnchor.getTrustedCert();
            this.debugBlockerFailed = trustedCert;
            this.isMemoryTampered = trustedCert.getPublicKey();
        }
        final ArrayList arrayList = new ArrayList();
        try {
            PKIXParameters pKIXParameters = new PKIXParameters(this.$$d);
            pKIXParameters.setRevocationEnabled(false);
            pKIXParameters.setDate(this.isFileTampered);
            for (int i = 0; i != this.isDeviceRooted.size(); i++) {
                if ($$a.isLoggable(Level.INFO)) {
                    this.isDeviceRooted.get(i).getCRLs(new X509CRLSelector() { // from class: org.bouncycastle.pkix.jcajce.X509RevocationChecker.5
                        @Override // java.security.cert.X509CRLSelector, java.security.cert.CRLSelector
                        public final boolean match(CRL crl) {
                            if (!(crl instanceof X509CRL)) {
                                return false;
                            }
                            arrayList.add(((X509CRL) crl).getIssuerX500Principal());
                            return false;
                        }
                    });
                }
                pKIXParameters.addCertStore(this.isDeviceRooted.get(i));
            }
            PKIXExtendedParameters.Builder builder = new PKIXExtendedParameters.Builder(pKIXParameters);
            builder.setValidityModel(this.isRunningInEmulator);
            for (int i2 = 0; i2 != this.isRunningInVirtualEnvironment.size(); i2++) {
                if ($$a.isLoggable(Level.INFO)) {
                    this.isRunningInVirtualEnvironment.get(i2).getMatches(new Selector<CRL>() { // from class: org.bouncycastle.pkix.jcajce.X509RevocationChecker.2
                        @Override // org.bouncycastle.util.Selector
                        public final Object clone() {
                            return this;
                        }

                        @Override // org.bouncycastle.util.Selector
                        public final /* synthetic */ boolean match(CRL crl) {
                            CRL crl2 = crl;
                            if (!(crl2 instanceof X509CRL)) {
                                return false;
                            }
                            arrayList.add(((X509CRL) crl2).getIssuerX500Principal());
                            return false;
                        }
                    });
                }
                builder.addCRLStore(new d(this.isRunningInVirtualEnvironment.get(i2)));
            }
            if (arrayList.isEmpty()) {
                $$a.log(Level.INFO, "configured with 0 pre-loaded CRLs");
            } else if ($$a.isLoggable(Level.FINE)) {
                for (int i3 = 0; i3 != arrayList.size(); i3++) {
                    Logger logger2 = $$a;
                    Level level2 = Level.FINE;
                    StringBuilder sb3 = new StringBuilder("configuring with CRL for issuer \"");
                    sb3.append(arrayList.get(i3));
                    sb3.append("\"");
                    logger2.log(level2, sb3.toString());
                }
            } else {
                Logger logger3 = $$a;
                Level level3 = Level.INFO;
                StringBuilder sb4 = new StringBuilder("configured with ");
                sb4.append(arrayList.size());
                sb4.append(" pre-loaded CRLs");
                logger3.log(level3, sb4.toString());
            }
            PKIXExtendedParameters build = builder.build();
            try {
                checkCRLs(build, this.isFileTampered, h.isApplicationHooked(build, this.isFileTampered), x509Certificate, this.debugBlockerFailed, this.isMemoryTampered, new ArrayList(), this.isAppDebuggable);
            } catch (a e) {
                throw new CertPathValidatorException(e.getMessage(), e.getCause());
            } catch (b e2) {
                ASN1ObjectIdentifier aSN1ObjectIdentifier = Extension.cRLDistributionPoints;
                if (x509Certificate.getExtensionValue(aSN1ObjectIdentifier.getId()) == null) {
                    throw e2;
                }
                try {
                    CRL isApplicationHooked = isApplicationHooked(x509Certificate.getIssuerX500Principal(), this.isFileTampered, h.$$a(x509Certificate, aSN1ObjectIdentifier), this.isAppDebuggable);
                    if (isApplicationHooked != null) {
                        try {
                            builder.addCRLStore(new d(new CollectionStore(Collections.singleton(isApplicationHooked))));
                            PKIXExtendedParameters build2 = builder.build();
                            checkCRLs(build2, this.isFileTampered, h.isApplicationHooked(build2, this.isFileTampered), x509Certificate, this.debugBlockerFailed, this.isMemoryTampered, new ArrayList(), this.isAppDebuggable);
                        } catch (a unused) {
                            throw new CertPathValidatorException(e2.getMessage(), e2.getCause());
                        }
                    } else {
                        if (!this.isAppTampered) {
                            throw e2;
                        }
                        X500Principal issuerX500Principal = x509Certificate.getIssuerX500Principal();
                        Long l = this.isApplicationHooked.get(issuerX500Principal);
                        if (l != null) {
                            long currentTimeMillis = System.currentTimeMillis() - l.longValue();
                            long j = this.isApkFileTampered;
                            if (j != -1 && j < currentTimeMillis) {
                                throw e2;
                            }
                            if (currentTimeMillis < this.isTampered) {
                                logger = $$a;
                                level = Level.WARNING;
                                sb = new StringBuilder("soft failing for issuer: \"");
                            } else {
                                logger = $$a;
                                level = Level.SEVERE;
                                sb = new StringBuilder("soft failing for issuer: \"");
                            }
                            sb.append(issuerX500Principal);
                            sb.append("\"");
                            logger.log(level, sb.toString());
                        } else {
                            this.isApplicationHooked.put(issuerX500Principal, Long.valueOf(System.currentTimeMillis()));
                        }
                    }
                } catch (a unused2) {
                    throw new CertPathValidatorException(e2.getMessage(), e2.getCause());
                }
            }
            this.debugBlockerFailed = x509Certificate;
            this.isMemoryTampered = x509Certificate.getPublicKey();
            this.isCertificateTampered = x509Certificate.getSubjectX500Principal();
        } catch (GeneralSecurityException e3) {
            StringBuilder sb5 = new StringBuilder("error setting up baseParams: ");
            sb5.append(e3.getMessage());
            throw new RuntimeException(sb5.toString());
        }
    }

    /* JADX WARN: Removed duplicated region for block: B:22:0x011b  */
    /* JADX WARN: Removed duplicated region for block: B:29:0x012d  */
    /* JADX WARN: Removed duplicated region for block: B:8:0x00be  */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    protected void checkCRLs(org.bouncycastle.jcajce.PKIXExtendedParameters r23, java.util.Date r24, java.util.Date r25, java.security.cert.X509Certificate r26, java.security.cert.X509Certificate r27, java.security.PublicKey r28, java.util.List r29, org.bouncycastle.jcajce.util.JcaJceHelper r30) throws org.bouncycastle.pkix.jcajce.a, java.security.cert.CertPathValidatorException {
        /*
            Method dump skipped, instructions count: 450
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: org.bouncycastle.pkix.jcajce.X509RevocationChecker.checkCRLs(org.bouncycastle.jcajce.PKIXExtendedParameters, java.util.Date, java.util.Date, java.security.cert.X509Certificate, java.security.cert.X509Certificate, java.security.PublicKey, java.util.List, org.bouncycastle.jcajce.util.JcaJceHelper):void");
    }

    @Override // java.security.cert.PKIXCertPathChecker
    public Object clone() {
        return this;
    }

    @Override // java.security.cert.PKIXCertPathChecker
    public Set<String> getSupportedExtensions() {
        return null;
    }

    @Override // java.security.cert.PKIXCertPathChecker, java.security.cert.CertPathChecker
    public void init(boolean z) throws CertPathValidatorException {
        if (z) {
            throw new IllegalArgumentException("forward processing not supported");
        }
        this.isFileTampered = new Date();
        this.isCertificateTampered = null;
    }

    @Override // java.security.cert.PKIXCertPathChecker, java.security.cert.CertPathChecker
    public boolean isForwardCheckingSupported() {
        return false;
    }
}
