package android.framework.org.apache.harmony.security_custom.provider.cert;

import android.framework.org.apache.harmony.security_custom.utils.AlgNameMapper;
import android.framework.org.apache.harmony.security_custom.x509.CertificateList;
import android.framework.org.apache.harmony.security_custom.x509.Extension;
import android.framework.org.apache.harmony.security_custom.x509.Extensions;
import android.framework.org.apache.harmony.security_custom.x509.TBSCertList;
import java.io.IOException;
import java.io.InputStream;
import java.math.BigInteger;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.Principal;
import java.security.PublicKey;
import java.security.Signature;
import java.security.SignatureException;
import java.security.cert.CRLException;
import java.security.cert.Certificate;
import java.security.cert.X509CRL;
import java.security.cert.X509CRLEntry;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Date;
import java.util.HashSet;
import java.util.List;
import java.util.Set;
import javax.security.auth.x500.X500Principal;

/* loaded from: classes.dex */
public class X509CRLImpl extends X509CRL {
    private final CertificateList crl;
    private byte[] encoding;
    private ArrayList entries;
    private boolean entriesRetrieved;
    private int entriesSize;
    private final Extensions extensions;
    private boolean isIndirectCRL;
    private X500Principal issuer;
    private int nonIndirectEntriesSize;
    private boolean nullSigAlgParams;
    private String sigAlgName;
    private String sigAlgOID;
    private byte[] sigAlgParams;
    private byte[] signature;
    private final TBSCertList tbsCertList;
    private byte[] tbsCertListEncoding;

    public X509CRLImpl(CertificateList certificateList) {
        this.crl = certificateList;
        this.tbsCertList = certificateList.getTbsCertList();
        this.extensions = this.tbsCertList.getCrlExtensions();
    }

    public X509CRLImpl(InputStream inputStream) throws CRLException {
        try {
            this.crl = (CertificateList) CertificateList.ASN1.decode(inputStream);
            this.tbsCertList = this.crl.getTbsCertList();
            this.extensions = this.tbsCertList.getCrlExtensions();
        } catch (IOException e) {
            throw new CRLException(e);
        }
    }

    public X509CRLImpl(byte[] bArr) throws IOException {
        this((CertificateList) CertificateList.ASN1.decode(bArr));
    }

    private void retrieveEntries() {
        this.entriesRetrieved = true;
        List<TBSCertList.RevokedCertificate> revokedCertificates = this.tbsCertList.getRevokedCertificates();
        if (revokedCertificates == null) {
            return;
        }
        this.entriesSize = revokedCertificates.size();
        this.entries = new ArrayList(this.entriesSize);
        X500Principal x500Principal = null;
        for (int i = 0; i < this.entriesSize; i++) {
            TBSCertList.RevokedCertificate revokedCertificate = revokedCertificates.get(i);
            X500Principal issuer = revokedCertificate.getIssuer();
            if (issuer != null) {
                x500Principal = issuer;
                this.isIndirectCRL = true;
                this.nonIndirectEntriesSize = i;
            }
            this.entries.add(new X509CRLEntryImpl(revokedCertificate, x500Principal));
        }
    }

    @Override // java.security.cert.X509Extension
    public Set getCriticalExtensionOIDs() {
        if (this.extensions == null) {
            return null;
        }
        return this.extensions.getCriticalExtensions();
    }

    @Override // java.security.cert.X509CRL
    public byte[] getEncoded() throws CRLException {
        if (this.encoding == null) {
            this.encoding = this.crl.getEncoded();
        }
        byte[] bArr = new byte[this.encoding.length];
        System.arraycopy(this.encoding, 0, bArr, 0, this.encoding.length);
        return bArr;
    }

    @Override // java.security.cert.X509Extension
    public byte[] getExtensionValue(String str) {
        Extension extensionByOID;
        if (this.extensions == null || (extensionByOID = this.extensions.getExtensionByOID(str)) == null) {
            return null;
        }
        return extensionByOID.getRawExtnValue();
    }

    @Override // java.security.cert.X509CRL
    public Principal getIssuerDN() {
        if (this.issuer == null) {
            this.issuer = this.tbsCertList.getIssuer().getX500Principal();
        }
        return this.issuer;
    }

    @Override // java.security.cert.X509CRL
    public X500Principal getIssuerX500Principal() {
        if (this.issuer == null) {
            this.issuer = this.tbsCertList.getIssuer().getX500Principal();
        }
        return this.issuer;
    }

    @Override // java.security.cert.X509CRL
    public Date getNextUpdate() {
        return this.tbsCertList.getNextUpdate();
    }

    @Override // java.security.cert.X509Extension
    public Set getNonCriticalExtensionOIDs() {
        if (this.extensions == null) {
            return null;
        }
        return this.extensions.getNonCriticalExtensions();
    }

    @Override // java.security.cert.X509CRL
    public X509CRLEntry getRevokedCertificate(BigInteger bigInteger) {
        if (!this.entriesRetrieved) {
            retrieveEntries();
        }
        if (this.entries == null) {
            return null;
        }
        for (int i = 0; i < this.nonIndirectEntriesSize; i++) {
            X509CRLEntry x509CRLEntry = (X509CRLEntry) this.entries.get(i);
            if (bigInteger.equals(x509CRLEntry.getSerialNumber())) {
                return x509CRLEntry;
            }
        }
        return null;
    }

    @Override // java.security.cert.X509CRL
    public X509CRLEntry getRevokedCertificate(X509Certificate x509Certificate) {
        if (x509Certificate == null) {
            throw new NullPointerException();
        }
        if (!this.entriesRetrieved) {
            retrieveEntries();
        }
        if (this.entries == null) {
            return null;
        }
        BigInteger serialNumber = x509Certificate.getSerialNumber();
        if (this.isIndirectCRL) {
            X500Principal issuerX500Principal = x509Certificate.getIssuerX500Principal();
            if (issuerX500Principal.equals(getIssuerX500Principal())) {
                issuerX500Principal = null;
            }
            for (int i = 0; i < this.entriesSize; i++) {
                X509CRLEntry x509CRLEntry = (X509CRLEntry) this.entries.get(i);
                if (serialNumber.equals(x509CRLEntry.getSerialNumber())) {
                    X500Principal certificateIssuer = x509CRLEntry.getCertificateIssuer();
                    if (issuerX500Principal != null) {
                        if (issuerX500Principal.equals(certificateIssuer)) {
                            return x509CRLEntry;
                        }
                    } else if (certificateIssuer == null) {
                        return x509CRLEntry;
                    }
                }
            }
        } else {
            for (int i2 = 0; i2 < this.entriesSize; i2++) {
                X509CRLEntry x509CRLEntry2 = (X509CRLEntry) this.entries.get(i2);
                if (serialNumber.equals(x509CRLEntry2.getSerialNumber())) {
                    return x509CRLEntry2;
                }
            }
        }
        return null;
    }

    @Override // java.security.cert.X509CRL
    public Set<? extends X509CRLEntry> getRevokedCertificates() {
        if (!this.entriesRetrieved) {
            retrieveEntries();
        }
        if (this.entries == null) {
            return null;
        }
        return new HashSet(this.entries);
    }

    @Override // java.security.cert.X509CRL
    public String getSigAlgName() {
        if (this.sigAlgOID == null) {
            this.sigAlgOID = this.tbsCertList.getSignature().getAlgorithm();
            this.sigAlgName = AlgNameMapper.map2AlgName(this.sigAlgOID);
            if (this.sigAlgName == null) {
                this.sigAlgName = this.sigAlgOID;
            }
        }
        return this.sigAlgName;
    }

    @Override // java.security.cert.X509CRL
    public String getSigAlgOID() {
        if (this.sigAlgOID == null) {
            this.sigAlgOID = this.tbsCertList.getSignature().getAlgorithm();
            this.sigAlgName = AlgNameMapper.map2AlgName(this.sigAlgOID);
            if (this.sigAlgName == null) {
                this.sigAlgName = this.sigAlgOID;
            }
        }
        return this.sigAlgOID;
    }

    @Override // java.security.cert.X509CRL
    public byte[] getSigAlgParams() {
        if (this.nullSigAlgParams) {
            return null;
        }
        if (this.sigAlgParams == null) {
            this.sigAlgParams = this.tbsCertList.getSignature().getParameters();
            if (this.sigAlgParams == null) {
                this.nullSigAlgParams = true;
                return null;
            }
        }
        return this.sigAlgParams;
    }

    @Override // java.security.cert.X509CRL
    public byte[] getSignature() {
        if (this.signature == null) {
            this.signature = this.crl.getSignatureValue();
        }
        byte[] bArr = new byte[this.signature.length];
        System.arraycopy(this.signature, 0, bArr, 0, this.signature.length);
        return bArr;
    }

    @Override // java.security.cert.X509CRL
    public byte[] getTBSCertList() throws CRLException {
        if (this.tbsCertListEncoding == null) {
            this.tbsCertListEncoding = this.tbsCertList.getEncoded();
        }
        byte[] bArr = new byte[this.tbsCertListEncoding.length];
        System.arraycopy(this.tbsCertListEncoding, 0, bArr, 0, this.tbsCertListEncoding.length);
        return bArr;
    }

    @Override // java.security.cert.X509CRL
    public Date getThisUpdate() {
        return this.tbsCertList.getThisUpdate();
    }

    @Override // java.security.cert.X509CRL
    public int getVersion() {
        return this.tbsCertList.getVersion();
    }

    @Override // java.security.cert.X509Extension
    public boolean hasUnsupportedCriticalExtension() {
        if (this.extensions == null) {
            return false;
        }
        return this.extensions.hasUnsupportedCritical();
    }

    @Override // java.security.cert.CRL
    public boolean isRevoked(Certificate certificate) {
        return (certificate instanceof X509Certificate) && getRevokedCertificate((X509Certificate) certificate) != null;
    }

    @Override // java.security.cert.CRL
    public String toString() {
        return this.crl.toString();
    }

    @Override // java.security.cert.X509CRL
    public void verify(PublicKey publicKey) throws CRLException, NoSuchAlgorithmException, InvalidKeyException, NoSuchProviderException, SignatureException {
        Signature signature = Signature.getInstance(getSigAlgName());
        signature.initVerify(publicKey);
        byte[] encoded = this.tbsCertList.getEncoded();
        signature.update(encoded, 0, encoded.length);
        if (!signature.verify(this.crl.getSignatureValue())) {
            throw new SignatureException("Signature was not verified");
        }
    }

    @Override // java.security.cert.X509CRL
    public void verify(PublicKey publicKey, String str) throws CRLException, NoSuchAlgorithmException, InvalidKeyException, NoSuchProviderException, SignatureException {
        Signature signature = Signature.getInstance(getSigAlgName(), str);
        signature.initVerify(publicKey);
        byte[] encoded = this.tbsCertList.getEncoded();
        signature.update(encoded, 0, encoded.length);
        if (!signature.verify(this.crl.getSignatureValue())) {
            throw new SignatureException("Signature was not verified");
        }
    }
}
