package org.bouncycastle.jce.provider;

import java.io.IOException;
import java.math.BigInteger;
import java.security.InvalidAlgorithmParameterException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.Principal;
import java.security.PublicKey;
import java.security.cert.CertPath;
import java.security.cert.CertPathBuilder;
import java.security.cert.CertPathBuilderException;
import java.security.cert.CertPathBuilderResult;
import java.security.cert.CertPathValidator;
import java.security.cert.CertPathValidatorException;
import java.security.cert.CertPathValidatorResult;
import java.security.cert.CertificateExpiredException;
import java.security.cert.CertificateNotYetValidException;
import java.security.cert.TrustAnchor;
import java.security.cert.X509CRL;
import java.security.cert.X509Certificate;
import java.security.cert.X509Extension;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Date;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Set;
import javax.security.auth.x500.X500Principal;
import org.bouncycastle.asn1.DERObject;
import org.bouncycastle.asn1.x509.BasicConstraints;
import org.bouncycastle.asn1.x509.CRLDistPoint;
import org.bouncycastle.asn1.x509.DistributionPoint;
import org.bouncycastle.asn1.x509.DistributionPointName;
import org.bouncycastle.asn1.x509.GeneralName;
import org.bouncycastle.asn1.x509.GeneralNames;
import org.bouncycastle.asn1.x509.IssuingDistributionPoint;
import org.bouncycastle.asn1.x509.TargetInformation;
import org.bouncycastle.asn1.x509.X509Extensions;
import org.bouncycastle.jce.exception.ExtCertPathValidatorException;
import org.bouncycastle.util.Selector;
import org.bouncycastle.x509.ExtendedPKIXBuilderParameters;
import org.bouncycastle.x509.ExtendedPKIXParameters;
import org.bouncycastle.x509.PKIXAttrCertChecker;
import org.bouncycastle.x509.X509AttributeCertificate;
import org.bouncycastle.x509.X509CRLStoreSelector;
import org.bouncycastle.x509.X509CertStoreSelector;

/* loaded from: classes2.dex */
class RFC3281CertPathUtilities extends CertPathValidatorUtilities {
    private static final String TARGET_INFORMATION = X509Extensions.TargetInformation.getId();
    private static final String NO_REV_AVAIL = X509Extensions.NoRevAvail.getId();
    private static final String AUTHORITY_INFO_ACCESS = X509Extensions.AuthorityInfoAccess.getId();

    RFC3281CertPathUtilities() {
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static void additionalChecks(X509AttributeCertificate x509AttributeCertificate, ExtendedPKIXParameters extendedPKIXParameters) throws CertPathValidatorException {
        for (String str : extendedPKIXParameters.getProhibitedACAttributes()) {
            if (x509AttributeCertificate.getAttributes(str) != null) {
                throw new CertPathValidatorException("Attribute certificate contains prohibited attribute: " + str + ".");
            }
        }
        for (String str2 : extendedPKIXParameters.getNecessaryACAttributes()) {
            if (x509AttributeCertificate.getAttributes(str2) == null) {
                throw new CertPathValidatorException("Attribute certificate does not contain necessary attribute: " + str2 + ".");
            }
        }
    }

    /* JADX WARN: Code restructure failed: missing block: B:54:0x00d0, code lost:
    
        return;
     */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    private static void checkCRL(org.bouncycastle.asn1.x509.DistributionPoint r22, org.bouncycastle.x509.ExtendedPKIXParameters r23, java.security.cert.X509Certificate r24, java.util.Date r25, java.security.cert.X509Certificate r26, java.security.PublicKey r27, org.bouncycastle.jce.provider.CertStatus r28, org.bouncycastle.jce.provider.ReasonsMask r29, java.util.List r30) throws org.bouncycastle.jce.provider.AnnotatedException {
        /*
            r1 = r22
            r2 = r23
            r3 = r24
            r4 = r25
            r5 = r28
            r6 = r29
            java.util.Date r7 = new java.util.Date
            long r8 = java.lang.System.currentTimeMillis()
            r7.<init>(r8)
            long r8 = r25.getTime()
            long r10 = r7.getTime()
            int r0 = (r8 > r10 ? 1 : (r8 == r10 ? 0 : -1))
            if (r0 > 0) goto Ld2
            java.util.Set r0 = org.bouncycastle.jce.provider.CertPathValidatorUtilities.getCompleteCRLs(r1, r3, r7, r2)
            r8 = 0
            java.util.Iterator r9 = r0.iterator()
            r0 = 0
        L2b:
            boolean r12 = r9.hasNext()
            if (r12 == 0) goto Lce
            int r12 = r28.getCertStatus()
            r13 = 11
            if (r12 != r13) goto Lce
            boolean r12 = r29.isAllReasons()
            if (r12 != 0) goto Lce
            java.lang.Object r12 = r9.next()     // Catch: org.bouncycastle.jce.provider.AnnotatedException -> Lc2
            java.security.cert.X509CRL r12 = (java.security.cert.X509CRL) r12     // Catch: org.bouncycastle.jce.provider.AnnotatedException -> Lc2
            org.bouncycastle.jce.provider.ReasonsMask r14 = processCRLD(r12, r1)     // Catch: org.bouncycastle.jce.provider.AnnotatedException -> Lc2
            boolean r15 = r14.hasNewReasons(r6)     // Catch: org.bouncycastle.jce.provider.AnnotatedException -> Lc2
            if (r15 != 0) goto L50
            goto L2b
        L50:
            r15 = r26
            r11 = r27
            java.util.Set r13 = processCRLF(r12, r3, r15, r11, r2)     // Catch: org.bouncycastle.jce.provider.AnnotatedException -> Lc0
            java.security.PublicKey r13 = processCRLG(r12, r13)     // Catch: org.bouncycastle.jce.provider.AnnotatedException -> Lc0
            boolean r16 = r23.isUseDeltasEnabled()     // Catch: org.bouncycastle.jce.provider.AnnotatedException -> Lc0
            if (r16 == 0) goto L6b
            java.util.Set r10 = org.bouncycastle.jce.provider.CertPathValidatorUtilities.getDeltaCRLs(r7, r2, r12)     // Catch: org.bouncycastle.jce.provider.AnnotatedException -> Lc0
            java.security.cert.X509CRL r10 = processCRLH(r10, r13)     // Catch: org.bouncycastle.jce.provider.AnnotatedException -> Lc0
            goto L6c
        L6b:
            r10 = 0
        L6c:
            int r13 = r23.getValidityModel()     // Catch: org.bouncycastle.jce.provider.AnnotatedException -> Lc0
            r17 = r7
            r7 = 1
            if (r13 == r7) goto L92
            java.util.Date r13 = r24.getNotAfter()     // Catch: org.bouncycastle.jce.provider.AnnotatedException -> Lbe
            long r18 = r13.getTime()     // Catch: org.bouncycastle.jce.provider.AnnotatedException -> Lbe
            java.util.Date r13 = r12.getThisUpdate()     // Catch: org.bouncycastle.jce.provider.AnnotatedException -> Lbe
            long r20 = r13.getTime()     // Catch: org.bouncycastle.jce.provider.AnnotatedException -> Lbe
            int r13 = (r18 > r20 ? 1 : (r18 == r20 ? 0 : -1))
            if (r13 < 0) goto L8a
            goto L92
        L8a:
            org.bouncycastle.jce.provider.AnnotatedException r0 = new org.bouncycastle.jce.provider.AnnotatedException     // Catch: org.bouncycastle.jce.provider.AnnotatedException -> Lbe
            java.lang.String r10 = "No valid CRL for current time found."
            r0.<init>(r10)     // Catch: org.bouncycastle.jce.provider.AnnotatedException -> Lbe
            throw r0     // Catch: org.bouncycastle.jce.provider.AnnotatedException -> Lbe
        L92:
            processCRLB1(r1, r3, r12)     // Catch: org.bouncycastle.jce.provider.AnnotatedException -> Lbe
            processCRLB2(r1, r3, r12)     // Catch: org.bouncycastle.jce.provider.AnnotatedException -> Lbe
            processCRLC(r10, r12, r2)     // Catch: org.bouncycastle.jce.provider.AnnotatedException -> Lbe
            java.math.BigInteger r13 = r24.getSerialNumber()     // Catch: org.bouncycastle.jce.provider.AnnotatedException -> Lbe
            processCRLI(r4, r10, r13, r5, r2)     // Catch: org.bouncycastle.jce.provider.AnnotatedException -> Lbe
            java.math.BigInteger r10 = r24.getSerialNumber()     // Catch: org.bouncycastle.jce.provider.AnnotatedException -> Lbe
            processCRLJ(r4, r12, r10, r5)     // Catch: org.bouncycastle.jce.provider.AnnotatedException -> Lbe
            int r10 = r28.getCertStatus()     // Catch: org.bouncycastle.jce.provider.AnnotatedException -> Lbe
            r12 = 8
            if (r10 != r12) goto Lb6
            r10 = 11
            r5.setCertStatus(r10)     // Catch: org.bouncycastle.jce.provider.AnnotatedException -> Lbe
        Lb6:
            r6.addReasons(r14)     // Catch: org.bouncycastle.jce.provider.AnnotatedException -> Lbe
            r7 = r17
            r8 = 1
            goto L2b
        Lbe:
            r0 = move-exception
            goto Lca
        Lc0:
            r0 = move-exception
            goto Lc7
        Lc2:
            r0 = move-exception
            r15 = r26
            r11 = r27
        Lc7:
            r17 = r7
            r7 = 1
        Lca:
            r7 = r17
            goto L2b
        Lce:
            if (r8 == 0) goto Ld1
            return
        Ld1:
            throw r0
        Ld2:
            org.bouncycastle.jce.provider.AnnotatedException r0 = new org.bouncycastle.jce.provider.AnnotatedException
            java.lang.String r1 = "Validation time is in future."
            r0.<init>(r1)
            goto Ldb
        Lda:
            throw r0
        Ldb:
            goto Lda
        */
        throw new UnsupportedOperationException("Method not decompiled: org.bouncycastle.jce.provider.RFC3281CertPathUtilities.checkCRL(org.bouncycastle.asn1.x509.DistributionPoint, org.bouncycastle.x509.ExtendedPKIXParameters, java.security.cert.X509Certificate, java.util.Date, java.security.cert.X509Certificate, java.security.PublicKey, org.bouncycastle.jce.provider.CertStatus, org.bouncycastle.jce.provider.ReasonsMask, java.util.List):void");
    }

    /* JADX WARN: Code restructure failed: missing block: B:45:0x00c7, code lost:
    
        return;
     */
    /* JADX WARN: Type inference failed for: r11v0 */
    /* JADX WARN: Type inference failed for: r11v1, types: [java.security.cert.X509Certificate, java.security.PublicKey] */
    /* JADX WARN: Type inference failed for: r11v2 */
    /* JADX WARN: Type inference failed for: r11v3 */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    private static void checkCRL(org.bouncycastle.asn1.x509.DistributionPoint r20, org.bouncycastle.x509.X509AttributeCertificate r21, org.bouncycastle.x509.ExtendedPKIXParameters r22, java.util.Date r23, java.security.cert.X509Certificate r24, org.bouncycastle.jce.provider.CertStatus r25, org.bouncycastle.jce.provider.ReasonsMask r26) throws org.bouncycastle.jce.provider.AnnotatedException {
        /*
            r1 = r20
            r2 = r21
            r3 = r22
            r4 = r23
            r5 = r25
            r6 = r26
            org.bouncycastle.asn1.DERObjectIdentifier r0 = org.bouncycastle.asn1.x509.X509Extensions.NoRevAvail
            java.lang.String r0 = r0.getId()
            byte[] r0 = r2.getExtensionValue(r0)
            if (r0 == 0) goto L19
            return
        L19:
            java.util.Date r7 = new java.util.Date
            long r8 = java.lang.System.currentTimeMillis()
            r7.<init>(r8)
            long r8 = r23.getTime()
            long r10 = r7.getTime()
            int r0 = (r8 > r10 ? 1 : (r8 == r10 ? 0 : -1))
            if (r0 > 0) goto Lc9
            java.util.Set r0 = org.bouncycastle.jce.provider.CertPathValidatorUtilities.getCompleteCRLs(r1, r2, r7, r3)
            r8 = 0
            java.util.Iterator r9 = r0.iterator()
            r10 = 1
            r11 = 0
            r0 = r11
        L3a:
            boolean r12 = r9.hasNext()
            if (r12 == 0) goto Lc5
            int r12 = r25.getCertStatus()
            r13 = 11
            if (r12 != r13) goto Lc5
            boolean r12 = r26.isAllReasons()
            if (r12 != 0) goto Lc5
            java.lang.Object r12 = r9.next()     // Catch: org.bouncycastle.jce.provider.AnnotatedException -> Lc1
            java.security.cert.X509CRL r12 = (java.security.cert.X509CRL) r12     // Catch: org.bouncycastle.jce.provider.AnnotatedException -> Lc1
            org.bouncycastle.jce.provider.ReasonsMask r14 = processCRLD(r12, r1)     // Catch: org.bouncycastle.jce.provider.AnnotatedException -> Lc1
            boolean r15 = r14.hasNewReasons(r6)     // Catch: org.bouncycastle.jce.provider.AnnotatedException -> Lc1
            if (r15 != 0) goto L5f
            goto L3a
        L5f:
            java.util.Set r15 = processCRLF(r12, r2, r11, r11, r3)     // Catch: org.bouncycastle.jce.provider.AnnotatedException -> Lc1
            java.security.PublicKey r15 = processCRLG(r12, r15)     // Catch: org.bouncycastle.jce.provider.AnnotatedException -> Lc1
            boolean r16 = r22.isUseDeltasEnabled()     // Catch: org.bouncycastle.jce.provider.AnnotatedException -> Lc1
            if (r16 == 0) goto L76
            java.util.Set r11 = org.bouncycastle.jce.provider.CertPathValidatorUtilities.getDeltaCRLs(r7, r3, r12)     // Catch: org.bouncycastle.jce.provider.AnnotatedException -> Lc1
            java.security.cert.X509CRL r11 = processCRLH(r11, r15)     // Catch: org.bouncycastle.jce.provider.AnnotatedException -> Lc1
            goto L77
        L76:
            r11 = 0
        L77:
            int r15 = r22.getValidityModel()     // Catch: org.bouncycastle.jce.provider.AnnotatedException -> Lc1
            if (r15 == r10) goto L9a
            java.util.Date r15 = r21.getNotAfter()     // Catch: org.bouncycastle.jce.provider.AnnotatedException -> Lc1
            long r15 = r15.getTime()     // Catch: org.bouncycastle.jce.provider.AnnotatedException -> Lc1
            java.util.Date r17 = r12.getThisUpdate()     // Catch: org.bouncycastle.jce.provider.AnnotatedException -> Lc1
            long r17 = r17.getTime()     // Catch: org.bouncycastle.jce.provider.AnnotatedException -> Lc1
            int r19 = (r15 > r17 ? 1 : (r15 == r17 ? 0 : -1))
            if (r19 < 0) goto L92
            goto L9a
        L92:
            org.bouncycastle.jce.provider.AnnotatedException r0 = new org.bouncycastle.jce.provider.AnnotatedException     // Catch: org.bouncycastle.jce.provider.AnnotatedException -> Lc1
            java.lang.String r11 = "No valid CRL for current time found."
            r0.<init>(r11)     // Catch: org.bouncycastle.jce.provider.AnnotatedException -> Lc1
            throw r0     // Catch: org.bouncycastle.jce.provider.AnnotatedException -> Lc1
        L9a:
            processCRLB1(r1, r2, r12)     // Catch: org.bouncycastle.jce.provider.AnnotatedException -> Lc1
            processCRLB2(r1, r2, r12)     // Catch: org.bouncycastle.jce.provider.AnnotatedException -> Lc1
            processCRLC(r11, r12, r3)     // Catch: org.bouncycastle.jce.provider.AnnotatedException -> Lc1
            java.math.BigInteger r15 = r21.getSerialNumber()     // Catch: org.bouncycastle.jce.provider.AnnotatedException -> Lc1
            processCRLI(r4, r11, r15, r5, r3)     // Catch: org.bouncycastle.jce.provider.AnnotatedException -> Lc1
            java.math.BigInteger r11 = r21.getSerialNumber()     // Catch: org.bouncycastle.jce.provider.AnnotatedException -> Lc1
            processCRLJ(r4, r12, r11, r5)     // Catch: org.bouncycastle.jce.provider.AnnotatedException -> Lc1
            int r11 = r25.getCertStatus()     // Catch: org.bouncycastle.jce.provider.AnnotatedException -> Lc1
            r12 = 8
            if (r11 != r12) goto Lbc
            r5.setCertStatus(r13)     // Catch: org.bouncycastle.jce.provider.AnnotatedException -> Lc1
        Lbc:
            r6.addReasons(r14)     // Catch: org.bouncycastle.jce.provider.AnnotatedException -> Lc1
            r8 = 1
            goto Lc2
        Lc1:
            r0 = move-exception
        Lc2:
            r11 = 0
            goto L3a
        Lc5:
            if (r8 == 0) goto Lc8
            return
        Lc8:
            throw r0
        Lc9:
            org.bouncycastle.jce.provider.AnnotatedException r0 = new org.bouncycastle.jce.provider.AnnotatedException
            java.lang.String r1 = "Validation time is in future."
            r0.<init>(r1)
            goto Ld2
        Ld1:
            throw r0
        Ld2:
            goto Ld1
        */
        throw new UnsupportedOperationException("Method not decompiled: org.bouncycastle.jce.provider.RFC3281CertPathUtilities.checkCRL(org.bouncycastle.asn1.x509.DistributionPoint, org.bouncycastle.x509.X509AttributeCertificate, org.bouncycastle.x509.ExtendedPKIXParameters, java.util.Date, java.security.cert.X509Certificate, org.bouncycastle.jce.provider.CertStatus, org.bouncycastle.jce.provider.ReasonsMask):void");
    }

    /* JADX WARN: Removed duplicated region for block: B:25:0x00df  */
    /* JADX WARN: Removed duplicated region for block: B:39:0x013c  */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    private static void checkCRLs(org.bouncycastle.x509.ExtendedPKIXParameters r18, java.security.cert.X509Certificate r19, java.util.Date r20, java.security.cert.X509Certificate r21, java.security.PublicKey r22, java.util.List r23) throws org.bouncycastle.jce.provider.AnnotatedException {
        /*
            Method dump skipped, instructions count: 345
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: org.bouncycastle.jce.provider.RFC3281CertPathUtilities.checkCRLs(org.bouncycastle.x509.ExtendedPKIXParameters, java.security.cert.X509Certificate, java.util.Date, java.security.cert.X509Certificate, java.security.PublicKey, java.util.List):void");
    }

    /* JADX INFO: Access modifiers changed from: protected */
    /* JADX WARN: Removed duplicated region for block: B:23:0x0086  */
    /* JADX WARN: Removed duplicated region for block: B:30:0x00e4  */
    /* JADX WARN: Removed duplicated region for block: B:44:0x0141  */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public static void checkCRLs(org.bouncycastle.x509.X509AttributeCertificate r18, org.bouncycastle.x509.ExtendedPKIXParameters r19, java.security.cert.X509Certificate r20, java.util.Date r21) throws java.security.cert.CertPathValidatorException {
        /*
            Method dump skipped, instructions count: 374
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: org.bouncycastle.jce.provider.RFC3281CertPathUtilities.checkCRLs(org.bouncycastle.x509.X509AttributeCertificate, org.bouncycastle.x509.ExtendedPKIXParameters, java.security.cert.X509Certificate, java.util.Date):void");
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static CertPath processAttrCert1(X509AttributeCertificate x509AttributeCertificate, ExtendedPKIXParameters extendedPKIXParameters) throws CertPathValidatorException {
        HashSet hashSet = new HashSet();
        if (x509AttributeCertificate.getHolder().getIssuer() != null) {
            X509CertStoreSelector x509CertStoreSelector = new X509CertStoreSelector();
            x509CertStoreSelector.setSerialNumber(x509AttributeCertificate.getHolder().getSerialNumber());
            Principal[] issuer = x509AttributeCertificate.getHolder().getIssuer();
            for (int i = 0; i < issuer.length; i++) {
                try {
                    if (issuer[i] instanceof X500Principal) {
                        x509CertStoreSelector.setIssuer(((X500Principal) issuer[i]).getEncoded());
                    }
                    hashSet.addAll(CertPathValidatorUtilities.findCertificates((Selector) x509CertStoreSelector, extendedPKIXParameters.getStores()));
                } catch (IOException e) {
                    throw new ExtCertPathValidatorException("Unable to encode X500 principal.", e);
                } catch (AnnotatedException e2) {
                    throw new ExtCertPathValidatorException("Public key certificate for attribute certificate cannot be searched.", e2);
                }
            }
            if (hashSet.isEmpty()) {
                throw new CertPathValidatorException("Public key certificate specified in base certificate ID for attribute certificate cannot be found.");
            }
        }
        if (x509AttributeCertificate.getHolder().getEntityNames() != null) {
            X509CertStoreSelector x509CertStoreSelector2 = new X509CertStoreSelector();
            Principal[] entityNames = x509AttributeCertificate.getHolder().getEntityNames();
            for (int i2 = 0; i2 < entityNames.length; i2++) {
                try {
                    if (entityNames[i2] instanceof X500Principal) {
                        x509CertStoreSelector2.setIssuer(((X500Principal) entityNames[i2]).getEncoded());
                    }
                    hashSet.addAll(CertPathValidatorUtilities.findCertificates((Selector) x509CertStoreSelector2, extendedPKIXParameters.getStores()));
                } catch (IOException e3) {
                    throw new ExtCertPathValidatorException("Unable to encode X500 principal.", e3);
                } catch (AnnotatedException e4) {
                    throw new ExtCertPathValidatorException("Public key certificate for attribute certificate cannot be searched.", e4);
                }
            }
            if (hashSet.isEmpty()) {
                throw new CertPathValidatorException("Public key certificate specified in entity name for attribute certificate cannot be found.");
            }
        }
        ExtendedPKIXBuilderParameters extendedPKIXBuilderParameters = (ExtendedPKIXBuilderParameters) ExtendedPKIXBuilderParameters.getInstance(extendedPKIXParameters);
        Iterator it = hashSet.iterator();
        ExtCertPathValidatorException extCertPathValidatorException = null;
        CertPathBuilderResult certPathBuilderResult = null;
        while (it.hasNext()) {
            X509CertStoreSelector x509CertStoreSelector3 = new X509CertStoreSelector();
            x509CertStoreSelector3.setCertificate((X509Certificate) it.next());
            extendedPKIXBuilderParameters.setTargetConstraints(x509CertStoreSelector3);
            try {
                try {
                    certPathBuilderResult = CertPathBuilder.getInstance("PKIX", "BC").build(ExtendedPKIXBuilderParameters.getInstance(extendedPKIXBuilderParameters));
                } catch (InvalidAlgorithmParameterException e5) {
                    throw new RuntimeException(e5.getMessage());
                } catch (CertPathBuilderException e6) {
                    extCertPathValidatorException = new ExtCertPathValidatorException("Certification path for public key certificate of attribute certificate could not be build.", e6);
                }
            } catch (NoSuchAlgorithmException e7) {
                throw new ExtCertPathValidatorException("Support class could not be created.", e7);
            } catch (NoSuchProviderException e8) {
                throw new ExtCertPathValidatorException("Support class could not be created.", e8);
            }
        }
        if (extCertPathValidatorException == null) {
            return certPathBuilderResult.getCertPath();
        }
        throw extCertPathValidatorException;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static CertPathValidatorResult processAttrCert2(CertPath certPath, ExtendedPKIXParameters extendedPKIXParameters) throws CertPathValidatorException {
        try {
            try {
                return CertPathValidator.getInstance("PKIX", "BC").validate(certPath, extendedPKIXParameters);
            } catch (InvalidAlgorithmParameterException e) {
                throw new RuntimeException(e.getMessage());
            } catch (CertPathValidatorException e2) {
                throw new ExtCertPathValidatorException("Certification path for issuer certificate of attribute certificate could not be validated.", e2);
            }
        } catch (NoSuchAlgorithmException e3) {
            throw new ExtCertPathValidatorException("Support class could not be created.", e3);
        } catch (NoSuchProviderException e4) {
            throw new ExtCertPathValidatorException("Support class could not be created.", e4);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static void processAttrCert3(X509Certificate x509Certificate, ExtendedPKIXParameters extendedPKIXParameters) throws CertPathValidatorException {
        if (x509Certificate.getKeyUsage() != null && !x509Certificate.getKeyUsage()[0] && !x509Certificate.getKeyUsage()[1]) {
            throw new CertPathValidatorException("Attribute certificate issuer public key cannot be used to validate digital signatures.");
        }
        if (x509Certificate.getBasicConstraints() != -1) {
            throw new CertPathValidatorException("Attribute certificate issuer is also a public key certificate issuer.");
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static void processAttrCert4(X509Certificate x509Certificate, ExtendedPKIXParameters extendedPKIXParameters) throws CertPathValidatorException {
        boolean z = false;
        for (TrustAnchor trustAnchor : extendedPKIXParameters.getTrustedACIssuers()) {
            if (x509Certificate.getSubjectX500Principal().getName("RFC2253").equals(trustAnchor.getCAName()) || x509Certificate.equals(trustAnchor.getTrustedCert())) {
                z = true;
            }
        }
        if (!z) {
            throw new CertPathValidatorException("Attribute certificate issuer is not directly trusted.");
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static void processAttrCert5(X509AttributeCertificate x509AttributeCertificate, ExtendedPKIXParameters extendedPKIXParameters) throws CertPathValidatorException {
        try {
            x509AttributeCertificate.checkValidity(CertPathValidatorUtilities.getValidDate(extendedPKIXParameters));
        } catch (CertificateExpiredException e) {
            throw new ExtCertPathValidatorException("Attribute certificate is not valid.", e);
        } catch (CertificateNotYetValidException e2) {
            throw new ExtCertPathValidatorException("Attribute certificate is not valid.", e2);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static void processAttrCert7(X509AttributeCertificate x509AttributeCertificate, CertPath certPath, CertPath certPath2, ExtendedPKIXParameters extendedPKIXParameters) throws CertPathValidatorException {
        Set<String> criticalExtensionOIDs = x509AttributeCertificate.getCriticalExtensionOIDs();
        String str = TARGET_INFORMATION;
        if (criticalExtensionOIDs.contains(str)) {
            try {
                TargetInformation.getInstance(CertPathValidatorUtilities.getExtensionValue(x509AttributeCertificate, str));
            } catch (IllegalArgumentException e) {
                throw new ExtCertPathValidatorException("Target information extension could not be read.", e);
            } catch (AnnotatedException e2) {
                throw new ExtCertPathValidatorException("Target information extension could not be read.", e2);
            }
        }
        criticalExtensionOIDs.remove(str);
        Iterator it = extendedPKIXParameters.getAttrCertCheckers().iterator();
        while (it.hasNext()) {
            ((PKIXAttrCertChecker) it.next()).check(x509AttributeCertificate, certPath, certPath2, criticalExtensionOIDs);
        }
        if (criticalExtensionOIDs.isEmpty()) {
            return;
        }
        throw new CertPathValidatorException("Attribute certificate contains unsupported critical extensions: " + criticalExtensionOIDs);
    }

    protected static Set processCRLA1i(Date date, ExtendedPKIXParameters extendedPKIXParameters, X509Certificate x509Certificate, X509CRL x509crl) throws AnnotatedException {
        HashSet hashSet = new HashSet();
        if (extendedPKIXParameters.isUseDeltasEnabled()) {
            try {
                CRLDistPoint cRLDistPoint = CRLDistPoint.getInstance(CertPathValidatorUtilities.getExtensionValue(x509Certificate, FRESHEST_CRL));
                if (cRLDistPoint == null) {
                    try {
                        cRLDistPoint = CRLDistPoint.getInstance(CertPathValidatorUtilities.getExtensionValue(x509crl, FRESHEST_CRL));
                    } catch (AnnotatedException e) {
                        throw new AnnotatedException("Freshest CRL extension could not be decoded from CRL.", e);
                    }
                }
                if (cRLDistPoint != null) {
                    try {
                        CertPathValidatorUtilities.addAdditionalStoresFromCRLDistributionPoint(cRLDistPoint, extendedPKIXParameters);
                        try {
                            hashSet.addAll(CertPathValidatorUtilities.getDeltaCRLs(date, extendedPKIXParameters, x509crl));
                        } catch (AnnotatedException e2) {
                            throw new AnnotatedException("Exception obtaining delta CRLs.", e2);
                        }
                    } catch (AnnotatedException e3) {
                        throw new AnnotatedException("No new delta CRL locations could be added from Freshest CRL extension.", e3);
                    }
                }
            } catch (AnnotatedException e4) {
                throw new AnnotatedException("Freshest CRL extension could not be decoded from certificate.", e4);
            }
        }
        return hashSet;
    }

    protected static Set[] processCRLA1ii(Date date, ExtendedPKIXParameters extendedPKIXParameters, X509Certificate x509Certificate, X509CRL x509crl) throws AnnotatedException {
        HashSet hashSet = new HashSet();
        HashSet hashSet2 = new HashSet();
        X509CRLStoreSelector x509CRLStoreSelector = new X509CRLStoreSelector();
        x509CRLStoreSelector.setCertificateChecking(x509Certificate);
        x509CRLStoreSelector.setCompleteCRLEnabled(true);
        x509CRLStoreSelector.setDateAndTime(date);
        try {
            x509CRLStoreSelector.addIssuerName(x509crl.getIssuerX500Principal().getEncoded());
            try {
                hashSet.addAll(CertPathValidatorUtilities.findCRLs(x509CRLStoreSelector, extendedPKIXParameters.getAddionalStores()));
                hashSet.addAll(CertPathValidatorUtilities.findCRLs(x509CRLStoreSelector, extendedPKIXParameters.getStores()));
                if (extendedPKIXParameters.isUseDeltasEnabled()) {
                    try {
                        hashSet2.addAll(CertPathValidatorUtilities.getDeltaCRLs(date, extendedPKIXParameters, x509crl));
                    } catch (AnnotatedException e) {
                        throw new AnnotatedException("Exception obtaining delta CRLs.", e);
                    }
                }
                return new Set[]{hashSet, hashSet2};
            } catch (AnnotatedException e2) {
                throw new AnnotatedException("Exception obtaining complete CRLs.", e2);
            }
        } catch (IOException e3) {
            throw new AnnotatedException("Cannot extract issuer from CRL." + e3, e3);
        }
    }

    protected static void processCRLB1(DistributionPoint distributionPoint, Object obj, X509CRL x509crl) throws AnnotatedException {
        DERObject extensionValue = CertPathValidatorUtilities.getExtensionValue(x509crl, ISSUING_DISTRIBUTION_POINT);
        int i = 0;
        boolean z = extensionValue != null && IssuingDistributionPoint.getInstance(extensionValue).isIndirectCRL();
        byte[] encoded = CertPathValidatorUtilities.getIssuerPrincipal(x509crl).getEncoded();
        if (distributionPoint.getCRLIssuer() != null) {
            GeneralName[] names = distributionPoint.getCRLIssuer().getNames();
            int i2 = 0;
            while (i < names.length) {
                if (names[i].getTagNo() == 4) {
                    try {
                        if (names[i].getName().getDERObject().getEncoded().equals(encoded)) {
                            i2 = 1;
                        }
                    } catch (IOException e) {
                        throw new AnnotatedException("CRL issuer information from distribution point cannot be decoded.", e);
                    }
                }
                i++;
            }
            if (i2 != 0 && !z) {
                throw new AnnotatedException("Distribution point contains cRLIssuer field but CRL is not indirect.");
            }
            if (i2 == 0) {
                throw new AnnotatedException("CRL issuer of CRL does not match CRL issuer of distribution point.");
            }
            i = i2;
        } else if (CertPathValidatorUtilities.getIssuerPrincipal(x509crl).equals(CertPathValidatorUtilities.getEncodedIssuerPrincipal(obj))) {
            i = 1;
        }
        if (i == 0) {
            throw new AnnotatedException("Cannot find matching CRL issuer for certificate.");
        }
    }

    protected static void processCRLB2(DistributionPoint distributionPoint, Object obj, X509CRL x509crl) throws AnnotatedException {
        try {
            IssuingDistributionPoint issuingDistributionPoint = IssuingDistributionPoint.getInstance(CertPathValidatorUtilities.getExtensionValue(x509crl, ISSUING_DISTRIBUTION_POINT));
            if (issuingDistributionPoint == null || issuingDistributionPoint.getDistributionPoint() == null) {
                return;
            }
            DistributionPointName distributionPoint2 = IssuingDistributionPoint.getInstance(issuingDistributionPoint).getDistributionPoint();
            ArrayList arrayList = new ArrayList();
            boolean z = false;
            if (distributionPoint2.getType() == 0) {
                for (GeneralName generalName : GeneralNames.getInstance(distributionPoint2.getName()).getNames()) {
                    arrayList.add(generalName.getDEREncoded());
                }
            }
            if (distributionPoint.getDistributionPoint() != null) {
                DistributionPointName distributionPoint3 = distributionPoint.getDistributionPoint();
                if (distributionPoint3.getType() == 0) {
                    GeneralName[] names = GeneralNames.getInstance(distributionPoint3.getName()).getNames();
                    int i = 0;
                    while (true) {
                        if (i >= names.length) {
                            break;
                        }
                        if (arrayList.contains(names[i])) {
                            z = true;
                            break;
                        }
                        i++;
                    }
                }
                if (!z) {
                    throw new AnnotatedException("None of the names in the CRL issuing distribution point matches one of the names in a distributionPoint field of the certificate CRL distribution point.");
                }
            } else {
                if (distributionPoint.getCRLIssuer() == null) {
                    throw new AnnotatedException("Either the cRLIssuer or the distributionPoint field must be contained in DistributionPoint.");
                }
                GeneralName[] names2 = distributionPoint.getCRLIssuer().getNames();
                int i2 = 0;
                while (true) {
                    if (i2 >= names2.length) {
                        break;
                    }
                    if (arrayList.contains(names2[i2])) {
                        z = true;
                        break;
                    }
                    i2++;
                }
                if (!z) {
                    throw new AnnotatedException("None of the names in the CRL issuing distribution point matches one of the names in a cRLIssuer field of the certificate CRL distribution point.");
                }
            }
            try {
                BasicConstraints basicConstraints = BasicConstraints.getInstance(CertPathValidatorUtilities.getExtensionValue((X509Extension) obj, BASIC_CONSTRAINTS));
                if (obj instanceof X509Certificate) {
                    if (issuingDistributionPoint.onlyContainsUserCerts() && basicConstraints != null && basicConstraints.isCA()) {
                        throw new AnnotatedException("CA Cert CRL only contains user certificates.");
                    }
                    if (issuingDistributionPoint.onlyContainsCACerts() && (basicConstraints == null || !basicConstraints.isCA())) {
                        throw new AnnotatedException("End CRL only contains CA certificates.");
                    }
                }
                if (issuingDistributionPoint.onlyContainsAttributeCerts()) {
                    throw new AnnotatedException("onlyContainsAttributeCerts boolean is asserted.");
                }
            } catch (Exception e) {
                throw new AnnotatedException("Basic constraints extension could not be decoded.", e);
            }
        } catch (Exception e2) {
            throw new AnnotatedException("Issuing distribution point extension could not be decoded.", e2);
        }
    }

    protected static void processCRLC(X509CRL x509crl, X509CRL x509crl2, ExtendedPKIXParameters extendedPKIXParameters) throws AnnotatedException {
        try {
            IssuingDistributionPoint issuingDistributionPoint = IssuingDistributionPoint.getInstance(CertPathValidatorUtilities.getExtensionValue(x509crl2, ISSUING_DISTRIBUTION_POINT));
            if (extendedPKIXParameters.isUseDeltasEnabled()) {
                if (!x509crl.getIssuerX500Principal().equals(x509crl2.getIssuerX500Principal())) {
                    throw new AnnotatedException("Complete CRL issuer does not match delta CRL issuer.");
                }
                if (issuingDistributionPoint != null) {
                    try {
                        IssuingDistributionPoint issuingDistributionPoint2 = IssuingDistributionPoint.getInstance(CertPathValidatorUtilities.getExtensionValue(x509crl, ISSUING_DISTRIBUTION_POINT));
                        boolean z = false;
                        if (issuingDistributionPoint != null ? issuingDistributionPoint.equals(issuingDistributionPoint2) : issuingDistributionPoint2 == null) {
                            z = true;
                        }
                        if (!z) {
                            throw new AnnotatedException("Issuing distribution point extension from delta CRL and complete CRL does not match.");
                        }
                    } catch (Exception e) {
                        throw new AnnotatedException("Issuing distribution point extension from delta CRL could not be decoded.", e);
                    }
                }
                try {
                    try {
                        if (!CertPathValidatorUtilities.getExtensionValue(x509crl, AUTHORITY_KEY_IDENTIFIER).equals(CertPathValidatorUtilities.getExtensionValue(x509crl, AUTHORITY_KEY_IDENTIFIER))) {
                            throw new AnnotatedException("Delta CRL authority key identifier does not match complete CRL authority key identifier.");
                        }
                    } catch (AnnotatedException e2) {
                        throw new AnnotatedException("Authority key identifier extension could not be extracted from delta CRL.", e2);
                    }
                } catch (AnnotatedException e3) {
                    throw new AnnotatedException("Authority key identifier extension could not be extracted from complete CRL.", e3);
                }
            }
        } catch (Exception e4) {
            throw new AnnotatedException("Issuing distribution point extension could not be decoded.", e4);
        }
    }

    protected static ReasonsMask processCRLD(X509CRL x509crl, DistributionPoint distributionPoint) throws AnnotatedException {
        try {
            IssuingDistributionPoint issuingDistributionPoint = IssuingDistributionPoint.getInstance(CertPathValidatorUtilities.getExtensionValue(x509crl, ISSUING_DISTRIBUTION_POINT));
            if (issuingDistributionPoint != null && issuingDistributionPoint.getOnlySomeReasons() != null && distributionPoint.getReasons() != null) {
                return new ReasonsMask(distributionPoint.getReasons().intValue()).intersect(new ReasonsMask(issuingDistributionPoint.getOnlySomeReasons().intValue()));
            }
            if ((issuingDistributionPoint == null || issuingDistributionPoint.getOnlySomeReasons() == null) && distributionPoint.getReasons() == null) {
                return ReasonsMask.allReasons;
            }
            return (distributionPoint.getReasons() == null ? ReasonsMask.allReasons : new ReasonsMask(distributionPoint.getReasons().intValue())).intersect(issuingDistributionPoint == null ? ReasonsMask.allReasons : new ReasonsMask(issuingDistributionPoint.getOnlySomeReasons().intValue()));
        } catch (Exception e) {
            throw new AnnotatedException("Issuing distribution point extension could not be decoded.", e);
        }
    }

    protected static Set processCRLF(X509CRL x509crl, Object obj, X509Certificate x509Certificate, PublicKey publicKey, ExtendedPKIXParameters extendedPKIXParameters) throws AnnotatedException {
        X509CertStoreSelector x509CertStoreSelector = new X509CertStoreSelector();
        try {
            x509CertStoreSelector.setSubject(CertPathValidatorUtilities.getIssuerPrincipal(x509crl).getEncoded());
            try {
                CertPathValidatorUtilities.findCertificates((Selector) x509CertStoreSelector, extendedPKIXParameters.getStores());
                Collection<X509Certificate> findCertificates = CertPathValidatorUtilities.findCertificates((Selector) x509CertStoreSelector, extendedPKIXParameters.getAddionalStores());
                if (x509Certificate != null) {
                    findCertificates.add(x509Certificate);
                }
                HashSet<X509Certificate> hashSet = new HashSet();
                for (X509Certificate x509Certificate2 : findCertificates) {
                    if (CertPathValidatorUtilities.getEncodedIssuerPrincipal(obj).equals(x509Certificate2.getSubjectX500Principal()) && x509Certificate2.getPublicKey().equals(publicKey)) {
                        hashSet.add(x509Certificate2);
                    } else {
                        try {
                            CertPathBuilder certPathBuilder = CertPathBuilder.getInstance("PKIX", "BC");
                            X509CertStoreSelector x509CertStoreSelector2 = new X509CertStoreSelector();
                            x509CertStoreSelector2.setCertificate(x509Certificate2);
                            ExtendedPKIXBuilderParameters extendedPKIXBuilderParameters = (ExtendedPKIXBuilderParameters) ExtendedPKIXBuilderParameters.getInstance(extendedPKIXParameters);
                            extendedPKIXBuilderParameters.setTargetConstraints(x509CertStoreSelector2);
                            HashSet hashSet2 = new HashSet();
                            hashSet2.add(obj);
                            extendedPKIXBuilderParameters.setExcludedCerts(hashSet2);
                            certPathBuilder.build(extendedPKIXBuilderParameters);
                            hashSet.add(x509Certificate2);
                        } catch (Exception unused) {
                        }
                    }
                }
                HashSet hashSet3 = new HashSet();
                if (x509Certificate == null && publicKey != null) {
                    hashSet3.add(publicKey);
                }
                AnnotatedException annotatedException = null;
                for (X509Certificate x509Certificate3 : hashSet) {
                    boolean[] keyUsage = x509Certificate3.getKeyUsage();
                    if (keyUsage == null || (keyUsage.length >= 7 && keyUsage[6])) {
                        hashSet3.add(x509Certificate3.getPublicKey());
                    } else {
                        annotatedException = new AnnotatedException("Issuer certificate key usage extension does not permit CRL signing.");
                    }
                }
                if (hashSet3.isEmpty() && annotatedException == null) {
                    throw new AnnotatedException("Cannot find a valid issuer certificate.");
                }
                if (!hashSet3.isEmpty() || annotatedException == null) {
                    return hashSet3;
                }
                throw annotatedException;
            } catch (AnnotatedException e) {
                throw new AnnotatedException("Issuer certificate for CRL cannot be searched.", e);
            }
        } catch (IOException e2) {
            throw new AnnotatedException("Subject criteria for certificate selector to find issuer certificate for CRL could not be set.", e2);
        }
    }

    protected static PublicKey processCRLG(X509CRL x509crl, Set set) throws AnnotatedException {
        Iterator it;
        try {
            it = set.iterator();
        } catch (Exception e) {
            e = e;
        }
        if (!it.hasNext()) {
            e = null;
            throw new AnnotatedException("Cannot verify CRL.", e);
        }
        PublicKey publicKey = (PublicKey) it.next();
        x509crl.verify(publicKey);
        return publicKey;
    }

    protected static X509CRL processCRLH(Set set, PublicKey publicKey) throws AnnotatedException {
        Iterator it;
        try {
            it = set.iterator();
        } catch (Exception e) {
            e = e;
        }
        if (!it.hasNext()) {
            e = null;
            throw new AnnotatedException("Cannot verify delta CRL.", e);
        }
        X509CRL x509crl = (X509CRL) it.next();
        x509crl.verify(publicKey);
        return x509crl;
    }

    protected static void processCRLI(Date date, X509CRL x509crl, BigInteger bigInteger, CertStatus certStatus, ExtendedPKIXParameters extendedPKIXParameters) throws AnnotatedException {
        if (extendedPKIXParameters.isUseDeltasEnabled()) {
            CertPathValidatorUtilities.getCertStatus(date, x509crl, bigInteger, certStatus);
        }
    }

    protected static void processCRLJ(Date date, X509CRL x509crl, BigInteger bigInteger, CertStatus certStatus) throws AnnotatedException {
        CertPathValidatorUtilities.getCertStatus(date, x509crl, bigInteger, certStatus);
    }
}
