package org.bouncycastle.jce.provider;

import io.nn.lpop.hd2;
import io.nn.lpop.qj2;
import io.nn.lpop.tn;
import io.nn.lpop.tp1;
import io.nn.lpop.z5;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.lang.ref.WeakReference;
import java.net.HttpURLConnection;
import java.net.URI;
import java.security.cert.CRL;
import java.security.cert.CRLException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509CRL;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Collections;
import java.util.Date;
import java.util.Hashtable;
import java.util.Iterator;
import java.util.Map;
import java.util.WeakHashMap;
import javax.naming.NamingException;
import javax.naming.directory.InitialDirContext;

/* loaded from: classes3.dex */
class CrlCache {
    private static final int DEFAULT_TIMEOUT = 15000;
    private static Map<URI, WeakReference<tp1>> cache = Collections.synchronizedMap(new WeakHashMap());

    /* loaded from: classes3.dex */
    public static class LocalCRLStore<T extends CRL> implements tp1, Iterable {
        private Collection<CRL> _local;

        public LocalCRLStore(qj2<CRL> qj2Var) {
            this._local = new ArrayList(qj2Var.getMatches(null));
        }

        @Override // io.nn.lpop.tp1, io.nn.lpop.qj2
        public Collection getMatches(hd2 hd2Var) {
            if (hd2Var == null) {
                return new ArrayList(this._local);
            }
            ArrayList arrayList = new ArrayList();
            for (CRL crl : this._local) {
                if (hd2Var.mo13653xc5179697(crl)) {
                    arrayList.add(crl);
                }
            }
            return arrayList;
        }

        @Override // java.lang.Iterable
        public Iterator<CRL> iterator() {
            return getMatches(null).iterator();
        }
    }

    public static synchronized tp1 getCrl(CertificateFactory certificateFactory, Date date, URI uri) throws IOException, CRLException {
        synchronized (CrlCache.class) {
            WeakReference<tp1> weakReference = cache.get(uri);
            tp1 tp1Var = weakReference != null ? weakReference.get() : null;
            if (tp1Var != null) {
                boolean z = false;
                Iterator it = tp1Var.getMatches(null).iterator();
                while (true) {
                    if (!it.hasNext()) {
                        break;
                    }
                    Date nextUpdate = ((X509CRL) it.next()).getNextUpdate();
                    if (nextUpdate != null && nextUpdate.before(date)) {
                        z = true;
                        break;
                    }
                }
                if (!z) {
                    return tp1Var;
                }
            }
            LocalCRLStore localCRLStore = new LocalCRLStore(new tn(uri.getScheme().equals("ldap") ? getCrlsFromLDAP(certificateFactory, uri) : getCrls(certificateFactory, uri)));
            cache.put(uri, new WeakReference<>(localCRLStore));
            return localCRLStore;
        }
    }

    private static Collection getCrls(CertificateFactory certificateFactory, URI uri) throws IOException, CRLException {
        HttpURLConnection httpURLConnection = (HttpURLConnection) uri.toURL().openConnection();
        httpURLConnection.setConnectTimeout(DEFAULT_TIMEOUT);
        httpURLConnection.setReadTimeout(DEFAULT_TIMEOUT);
        InputStream inputStream = httpURLConnection.getInputStream();
        Collection<? extends CRL> generateCRLs = certificateFactory.generateCRLs(inputStream);
        inputStream.close();
        return generateCRLs;
    }

    private static Collection getCrlsFromLDAP(CertificateFactory certificateFactory, URI uri) throws IOException, CRLException {
        Hashtable hashtable = new Hashtable();
        hashtable.put("java.naming.factory.initial", "com.sun.jndi.ldap.LdapCtxFactory");
        hashtable.put("java.naming.provider.url", uri.toString());
        try {
            byte[] bArr = (byte[]) new InitialDirContext(hashtable).getAttributes("").get("certificateRevocationList;binary").get();
            if (bArr != null && bArr.length != 0) {
                return certificateFactory.generateCRLs(new ByteArrayInputStream(bArr));
            }
            throw new CRLException("no CRL returned from: " + uri);
        } catch (NamingException e) {
            StringBuilder m19446xf2aebc = z5.m19446xf2aebc("issue connecting to: ");
            m19446xf2aebc.append(uri.toString());
            throw new CRLException(m19446xf2aebc.toString(), e);
        }
    }
}
