package defpackage;

import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.Signature;
import java.security.SignatureException;
import java.security.cert.CertPath;
import java.security.cert.CertPathValidatorException;
import java.security.cert.CertificateException;
import java.security.cert.PKIXCertPathValidatorResult;
import java.security.cert.X509Certificate;
import java.util.Arrays;
import java.util.List;
import java.util.Set;
import java.util.concurrent.TimeUnit;

/* compiled from: :com.google.android.gms@11746438 */
/* loaded from: classes.dex */
public final class jte {
    private jth a;
    private Set b;
    private Set c;
    private boolean d;
    private jtl e;

    static {
        new kag("DeviceCertVerifier", (byte) 0);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public jte(jth jthVar, Set set, Set set2, boolean z, jtl jtlVar) {
        this.a = (jth) a(jthVar);
        this.b = (Set) a(set);
        this.c = (Set) a(set2);
        this.d = z;
        this.e = jtlVar;
    }

    public static Object a(Object obj) {
        if (obj == null) {
            throw new NullPointerException();
        }
        return obj;
    }

    public static jtg a() {
        return new jtg();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static void a(boolean z, String str) {
        if (!z) {
            throw new jtf(str);
        }
    }

    public final jti a(byte[] bArr, long j) {
        try {
            asfy asfyVar = (asfy) aywc.mergeFrom(new asfy(), bArr);
            a(asfyVar.a.length > 0, "Empty CRL bundle");
            for (asfx asfxVar : asfyVar.a) {
                a((asfxVar.a == null || asfxVar.b == null || asfxVar.c == null) ? false : true, "CRL is missing a required field.");
                asga asgaVar = (asga) aywc.mergeFrom(new asga(), asfxVar.a);
                if (asgaVar.a == 0) {
                    a(asgaVar.b > 0, new StringBuilder(47).append("Invalid CRL issuance time: ").append(asgaVar.b).toString());
                    if (asgaVar.b > j) {
                        this.a.a(new StringBuilder(89).append("CRL is not yet valid: issuanceTime=").append(asgaVar.b).append(", currentTime=").append(j).toString());
                        return null;
                    }
                    a(asgaVar.c > asgaVar.b, new StringBuilder(71).append("Invalid CRL validity period: ").append(asgaVar.b).append(", ").append(asgaVar.c).toString());
                    if (j > asgaVar.c) {
                        this.a.a(new StringBuilder(86).append("CRL has expired: expirationTime=").append(asgaVar.c).append(", currentTime=").append(j).toString());
                        return null;
                    }
                    a(asfxVar.b != null, "CRL is missing a signer certificate.");
                    X509Certificate a = this.e.a(asfxVar.b);
                    try {
                        X509Certificate trustedCert = this.e.a(this.e.a.generateCertPath(Arrays.asList(a)), TimeUnit.SECONDS.toMillis(j), this.c).getTrustAnchor().getTrustedCert();
                        if (trustedCert == null) {
                            throw new AssertionError("Trust anchor missing a certificate. Unexpected failure because all CRL trust anchors are specified as certificates.");
                        }
                        Signature c = this.e.c();
                        c.initVerify(a.getPublicKey());
                        c.update(asfxVar.a);
                        if (!c.verify(asfxVar.c)) {
                            this.a.a("CRL signature is invalid.");
                            return null;
                        }
                        jth jthVar = this.a;
                        jtl jtlVar = this.e;
                        this.e.b().digest(bArr);
                        return new jti(jthVar, jtlVar, asgaVar, new jtk(asgaVar.b, asgaVar.c, a, trustedCert));
                    } catch (InvalidAlgorithmParameterException | CertPathValidatorException e) {
                        this.a.b("CRL signer certificate path validation failed with exception.");
                        return null;
                    }
                }
                this.a.a(new StringBuilder(54).append("Skipping unsupported CRL version: ").append(asgaVar.a).toString());
            }
            this.a.a("No supported CRL version found in a CRL bundle. CRL verification failed.");
        } catch (aywb | InvalidKeyException | SignatureException | CertificateException | jtf e2) {
            this.a.b("CRL verification failed due to an exception.");
        }
        return null;
    }

    public final boolean a(List list, long j) {
        try {
            if (this.d) {
                this.a.a("Device certificate revocation check is required, but no CRL has been provided.");
                return false;
            }
            if (list.isEmpty()) {
                throw new IllegalArgumentException("Empty certificate path.");
            }
            CertPath a = this.e.a(list);
            PKIXCertPathValidatorResult a2 = this.e.a(a, TimeUnit.SECONDS.toMillis(j), this.b);
            if (this.d) {
                jti jtiVar = null;
                if (!jtiVar.a(a, a2.getTrustAnchor(), j)) {
                    return false;
                }
            }
            return true;
        } catch (InvalidAlgorithmParameterException | CertPathValidatorException | CertificateException e) {
            this.a.b("Device certificate verification failed due to exception.");
            return false;
        }
    }
}
