package org.bouncycastle.jce.provider;

import java.io.IOException;
import java.math.BigInteger;
import java.security.GeneralSecurityException;
import java.security.PublicKey;
import java.security.cert.CertPath;
import java.security.cert.CertPathBuilder;
import java.security.cert.CertPathBuilderException;
import java.security.cert.CertPathValidatorException;
import java.security.cert.Certificate;
import java.security.cert.CertificateExpiredException;
import java.security.cert.CertificateNotYetValidException;
import java.security.cert.PKIXCertPathChecker;
import java.security.cert.X509CRL;
import java.security.cert.X509Certificate;
import java.security.cert.X509Extension;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Date;
import java.util.Enumeration;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Set;
import javax.security.auth.x500.X500Principal;
import org.bouncycastle.asn1.az;
import org.bouncycastle.asn1.bc;
import org.bouncycastle.asn1.bh;
import org.bouncycastle.asn1.r;
import org.bouncycastle.asn1.s;
import org.bouncycastle.asn1.x509.ah;
import org.bouncycastle.asn1.x509.ai;
import org.bouncycastle.asn1.x509.o;
import org.bouncycastle.asn1.x509.p;
import org.bouncycastle.asn1.x509.q;
import org.bouncycastle.asn1.x509.t;
import org.bouncycastle.asn1.x509.u;
import org.bouncycastle.asn1.x509.w;
import org.bouncycastle.asn1.y;

/* loaded from: classes.dex */
public class RFC3280CertPathUtilities {
    protected static final String ANY_POLICY = "2.5.29.32.0";
    protected static final int CRL_SIGN = 6;
    protected static final int KEY_CERT_SIGN = 5;
    private static final h CRL_UTIL = new h();
    protected static final String CERTIFICATE_POLICIES = ah.q.a();
    protected static final String POLICY_MAPPINGS = ah.r.a();
    protected static final String INHIBIT_ANY_POLICY = ah.w.a();
    protected static final String ISSUING_DISTRIBUTION_POINT = ah.m.a();
    protected static final String FRESHEST_CRL = ah.v.a();
    protected static final String DELTA_CRL_INDICATOR = ah.l.a();
    protected static final String POLICY_CONSTRAINTS = ah.t.a();
    protected static final String BASIC_CONSTRAINTS = ah.g.a();
    protected static final String CRL_DISTRIBUTION_POINTS = ah.p.a();
    protected static final String SUBJECT_ALTERNATIVE_NAME = ah.e.a();
    protected static final String NAME_CONSTRAINTS = ah.o.a();
    protected static final String AUTHORITY_KEY_IDENTIFIER = ah.s.a();
    protected static final String KEY_USAGE = ah.c.a();
    protected static final String CRL_NUMBER = ah.h.a();
    protected static final String[] crlReasons = {"unspecified", "keyCompromise", "cACompromise", "affiliationChanged", "superseded", "cessationOfOperation", "certificateHold", "unknown", "removeFromCRL", "privilegeWithdrawn", "aACompromise"};

    /* JADX WARN: Code restructure failed: missing block: B:54:0x011d, code lost:
    
        throw r8;
     */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    private static void checkCRL(org.bouncycastle.asn1.x509.k r13, org.bouncycastle.b.d r14, java.security.cert.X509Certificate r15, java.util.Date r16, java.security.cert.X509Certificate r17, java.security.PublicKey r18, org.bouncycastle.jce.provider.e r19, org.bouncycastle.jce.provider.ReasonsMask r20, java.util.List r21) throws org.bouncycastle.jce.provider.a {
        /*
            Method dump skipped, instructions count: 287
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: org.bouncycastle.jce.provider.RFC3280CertPathUtilities.checkCRL(org.bouncycastle.asn1.x509.k, org.bouncycastle.b.d, java.security.cert.X509Certificate, java.util.Date, java.security.cert.X509Certificate, java.security.PublicKey, org.bouncycastle.jce.provider.e, org.bouncycastle.jce.provider.ReasonsMask, java.util.List):void");
    }

    protected static void checkCRLs(org.bouncycastle.b.d dVar, X509Certificate x509Certificate, Date date, X509Certificate x509Certificate2, PublicKey publicKey, List list) throws a {
        a aVar;
        boolean z;
        a aVar2 = null;
        try {
            org.bouncycastle.asn1.x509.e a = org.bouncycastle.asn1.x509.e.a(d.a(x509Certificate, CRL_DISTRIBUTION_POINTS));
            try {
                d.a(a, dVar);
                e eVar = new e();
                ReasonsMask reasonsMask = new ReasonsMask();
                boolean z2 = false;
                if (a != null) {
                    try {
                        org.bouncycastle.asn1.x509.k[] a2 = a.a();
                        if (a2 != null) {
                            int i = 0;
                            while (i < a2.length && eVar.b() == 11 && !reasonsMask.isAllReasons()) {
                                try {
                                    checkCRL(a2[i], (org.bouncycastle.b.d) dVar.clone(), x509Certificate, date, x509Certificate2, publicKey, eVar, reasonsMask, list);
                                    z = true;
                                    aVar = aVar2;
                                } catch (a e) {
                                    aVar = e;
                                    z = z2;
                                }
                                i++;
                                z2 = z;
                                aVar2 = aVar;
                            }
                        }
                    } catch (Exception e2) {
                        throw new a("Distribution points could not be read.", e2);
                    }
                }
                if (eVar.b() == 11 && !reasonsMask.isAllReasons()) {
                    try {
                        try {
                            checkCRL(new org.bouncycastle.asn1.x509.k(new org.bouncycastle.asn1.x509.l(0, new p(new o(4, new org.bouncycastle.asn1.i(d.a((Object) x509Certificate).getEncoded()).d()))), null, null), (org.bouncycastle.b.d) dVar.clone(), x509Certificate, date, x509Certificate2, publicKey, eVar, reasonsMask, list);
                            z2 = true;
                        } catch (Exception e3) {
                            throw new a("Issuer from certificate for CRL could not be reencoded.", e3);
                        }
                    } catch (a e4) {
                        aVar2 = e4;
                    }
                }
                if (!z2) {
                    if (!(aVar2 instanceof a)) {
                        throw new a("No valid CRL found.", aVar2);
                    }
                    throw aVar2;
                }
                if (eVar.b() != 11) {
                    throw new a(("Certificate revocation after " + eVar.a()) + ", reason: " + crlReasons[eVar.b()]);
                }
                if (!reasonsMask.isAllReasons() && eVar.b() == 11) {
                    eVar.a(12);
                }
                if (eVar.b() == 12) {
                    throw new a("Certificate status could not be determined.");
                }
            } catch (a e5) {
                throw new a("No additional CRL locations could be decoded from CRL distribution point extension.", e5);
            }
        } catch (Exception e6) {
            throw new a("CRL distribution point extension could not be read.", e6);
        }
    }

    /* JADX WARN: Code restructure failed: missing block: B:102:0x013f, code lost:
    
        r0 = move-exception;
     */
    /* JADX WARN: Code restructure failed: missing block: B:104:0x0147, code lost:
    
        throw new org.bouncycastle.jce.a.a("Certificate policies extension could not be decoded.", r0, r12, r13);
     */
    /* JADX WARN: Code restructure failed: missing block: B:106:0x007a, code lost:
    
        continue;
     */
    /* JADX WARN: Code restructure failed: missing block: B:69:0x00cf, code lost:
    
        r5 = null;
     */
    /* JADX WARN: Code restructure failed: missing block: B:72:0x00d8, code lost:
    
        r1 = ((org.bouncycastle.asn1.s) org.bouncycastle.jce.provider.d.a(r8, org.bouncycastle.jce.provider.RFC3280CertPathUtilities.CERTIFICATE_POLICIES)).b();
     */
    /* JADX WARN: Code restructure failed: missing block: B:74:0x00e0, code lost:
    
        if (r1.hasMoreElements() == false) goto L115;
     */
    /* JADX WARN: Code restructure failed: missing block: B:76:0x00e2, code lost:
    
        r3 = org.bouncycastle.asn1.x509.w.a(r1.nextElement());
     */
    /* JADX WARN: Code restructure failed: missing block: B:78:0x00f8, code lost:
    
        if (org.bouncycastle.jce.provider.RFC3280CertPathUtilities.ANY_POLICY.equals(r3.a().a()) == false) goto L116;
     */
    /* JADX WARN: Code restructure failed: missing block: B:80:0x00fa, code lost:
    
        r5 = org.bouncycastle.jce.provider.d.a(r3.b());
     */
    /* JADX WARN: Code restructure failed: missing block: B:81:0x0102, code lost:
    
        r7 = false;
     */
    /* JADX WARN: Code restructure failed: missing block: B:82:0x0107, code lost:
    
        if (r8.getCriticalExtensionOIDs() == null) goto L45;
     */
    /* JADX WARN: Code restructure failed: missing block: B:83:0x0109, code lost:
    
        r7 = r8.getCriticalExtensionOIDs().contains(org.bouncycastle.jce.provider.RFC3280CertPathUtilities.CERTIFICATE_POLICIES);
     */
    /* JADX WARN: Code restructure failed: missing block: B:84:0x0113, code lost:
    
        r4 = (org.bouncycastle.jce.provider.k) r0.getParent();
     */
    /* JADX WARN: Code restructure failed: missing block: B:85:0x0123, code lost:
    
        if (org.bouncycastle.jce.provider.RFC3280CertPathUtilities.ANY_POLICY.equals(r4.getValidPolicy()) == false) goto L100;
     */
    /* JADX WARN: Code restructure failed: missing block: B:87:0x0125, code lost:
    
        r0 = new org.bouncycastle.jce.provider.k(new java.util.ArrayList(), r2, (java.util.Set) r9.get(r6), r4, r5, r6, r7);
        r4.a(r0);
        r14[r2].add(r0);
     */
    /* JADX WARN: Code restructure failed: missing block: B:91:0x0151, code lost:
    
        r0 = move-exception;
     */
    /* JADX WARN: Code restructure failed: missing block: B:93:0x0159, code lost:
    
        throw new org.bouncycastle.jce.a.a("Policy qualifier info set could not be decoded.", r0, r12, r13);
     */
    /* JADX WARN: Code restructure failed: missing block: B:97:0x0148, code lost:
    
        r0 = move-exception;
     */
    /* JADX WARN: Code restructure failed: missing block: B:99:0x0150, code lost:
    
        throw new java.security.cert.CertPathValidatorException("Policy information could not be decoded.", r0, r12, r13);
     */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    protected static org.bouncycastle.jce.provider.k prepareCertB(java.security.cert.CertPath r12, int r13, java.util.List[] r14, org.bouncycastle.jce.provider.k r15, int r16) throws java.security.cert.CertPathValidatorException {
        /*
            Method dump skipped, instructions count: 438
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: org.bouncycastle.jce.provider.RFC3280CertPathUtilities.prepareCertB(java.security.cert.CertPath, int, java.util.List[], org.bouncycastle.jce.provider.k, int):org.bouncycastle.jce.provider.k");
    }

    protected static void prepareNextCertA(CertPath certPath, int i) throws CertPathValidatorException {
        try {
            s a = bh.a(d.a((X509Certificate) certPath.getCertificates().get(i), POLICY_MAPPINGS));
            if (a != null) {
                for (int i2 = 0; i2 < a.c(); i2++) {
                    try {
                        s a2 = bh.a(a.a(i2));
                        org.bouncycastle.asn1.m a3 = bc.a(a2.a(0));
                        org.bouncycastle.asn1.m a4 = bc.a(a2.a(1));
                        if (ANY_POLICY.equals(a3.a())) {
                            throw new CertPathValidatorException("IssuerDomainPolicy is anyPolicy", null, certPath, i);
                        }
                        if (ANY_POLICY.equals(a4.a())) {
                            throw new CertPathValidatorException("SubjectDomainPolicy is anyPolicy,", null, certPath, i);
                        }
                    } catch (Exception e) {
                        throw new org.bouncycastle.jce.a.a("Policy mappings extension contents could not be decoded.", e, certPath, i);
                    }
                }
            }
        } catch (a e2) {
            throw new org.bouncycastle.jce.a.a("Policy mappings extension could not be decoded.", e2, certPath, i);
        }
    }

    protected static void prepareNextCertG(CertPath certPath, int i, i iVar) throws CertPathValidatorException {
        try {
            s a = bh.a(d.a((X509Certificate) certPath.getCertificates().get(i), NAME_CONSTRAINTS));
            u a2 = a != null ? u.a(a) : null;
            if (a2 != null) {
                s a3 = a2.a();
                if (a3 != null) {
                    try {
                        iVar.c(a3);
                    } catch (Exception e) {
                        throw new org.bouncycastle.jce.a.a("Permitted subtrees cannot be build from name constraints extension.", e, certPath, i);
                    }
                }
                s b = a2.b();
                if (b != null) {
                    Enumeration b2 = b.b();
                    while (b2.hasMoreElements()) {
                        try {
                            iVar.a(q.a(b2.nextElement()));
                        } catch (Exception e2) {
                            throw new org.bouncycastle.jce.a.a("Excluded subtrees cannot be build from name constraints extension.", e2, certPath, i);
                        }
                    }
                }
            }
        } catch (Exception e3) {
            throw new org.bouncycastle.jce.a.a("Name constraints extension could not be decoded.", e3, certPath, i);
        }
    }

    protected static int prepareNextCertH1(CertPath certPath, int i, int i2) {
        return (d.b((X509Certificate) certPath.getCertificates().get(i)) || i2 == 0) ? i2 : i2 - 1;
    }

    protected static int prepareNextCertH2(CertPath certPath, int i, int i2) {
        return (d.b((X509Certificate) certPath.getCertificates().get(i)) || i2 == 0) ? i2 : i2 - 1;
    }

    protected static int prepareNextCertH3(CertPath certPath, int i, int i2) {
        return (d.b((X509Certificate) certPath.getCertificates().get(i)) || i2 == 0) ? i2 : i2 - 1;
    }

    protected static int prepareNextCertI1(CertPath certPath, int i, int i2) throws CertPathValidatorException {
        try {
            s a = bh.a(d.a((X509Certificate) certPath.getCertificates().get(i), POLICY_CONSTRAINTS));
            if (a == null) {
                return i2;
            }
            Enumeration b = a.b();
            while (b.hasMoreElements()) {
                try {
                    y a2 = y.a(b.nextElement());
                    if (a2.a() == 0) {
                        int intValue = az.a(a2, false).a().intValue();
                        return intValue < i2 ? intValue : i2;
                    }
                } catch (IllegalArgumentException e) {
                    throw new org.bouncycastle.jce.a.a("Policy constraints extension contents cannot be decoded.", e, certPath, i);
                }
            }
            return i2;
        } catch (Exception e2) {
            throw new org.bouncycastle.jce.a.a("Policy constraints extension cannot be decoded.", e2, certPath, i);
        }
    }

    protected static int prepareNextCertI2(CertPath certPath, int i, int i2) throws CertPathValidatorException {
        try {
            s a = bh.a(d.a((X509Certificate) certPath.getCertificates().get(i), POLICY_CONSTRAINTS));
            if (a == null) {
                return i2;
            }
            Enumeration b = a.b();
            while (b.hasMoreElements()) {
                try {
                    y a2 = y.a(b.nextElement());
                    if (a2.a() == 1) {
                        int intValue = az.a(a2, false).a().intValue();
                        return intValue < i2 ? intValue : i2;
                    }
                } catch (IllegalArgumentException e) {
                    throw new org.bouncycastle.jce.a.a("Policy constraints extension contents cannot be decoded.", e, certPath, i);
                }
            }
            return i2;
        } catch (Exception e2) {
            throw new org.bouncycastle.jce.a.a("Policy constraints extension cannot be decoded.", e2, certPath, i);
        }
    }

    protected static int prepareNextCertJ(CertPath certPath, int i, int i2) throws CertPathValidatorException {
        int intValue;
        try {
            org.bouncycastle.asn1.j a = az.a(d.a((X509Certificate) certPath.getCertificates().get(i), INHIBIT_ANY_POLICY));
            return (a == null || (intValue = a.a().intValue()) >= i2) ? i2 : intValue;
        } catch (Exception e) {
            throw new org.bouncycastle.jce.a.a("Inhibit any-policy extension cannot be decoded.", e, certPath, i);
        }
    }

    protected static void prepareNextCertK(CertPath certPath, int i) throws CertPathValidatorException {
        try {
            org.bouncycastle.asn1.x509.d a = org.bouncycastle.asn1.x509.d.a(d.a((X509Certificate) certPath.getCertificates().get(i), BASIC_CONSTRAINTS));
            if (a == null) {
                throw new CertPathValidatorException("Intermediate certificate lacks BasicConstraints");
            }
            if (!a.a()) {
                throw new CertPathValidatorException("Not a CA certificate");
            }
        } catch (Exception e) {
            throw new org.bouncycastle.jce.a.a("Basic constraints extension cannot be decoded.", e, certPath, i);
        }
    }

    protected static int prepareNextCertL(CertPath certPath, int i, int i2) throws CertPathValidatorException {
        if (d.b((X509Certificate) certPath.getCertificates().get(i))) {
            return i2;
        }
        if (i2 <= 0) {
            throw new org.bouncycastle.jce.a.a("Max path length not greater than zero", null, certPath, i);
        }
        return i2 - 1;
    }

    protected static int prepareNextCertM(CertPath certPath, int i, int i2) throws CertPathValidatorException {
        BigInteger b;
        int intValue;
        try {
            org.bouncycastle.asn1.x509.d a = org.bouncycastle.asn1.x509.d.a(d.a((X509Certificate) certPath.getCertificates().get(i), BASIC_CONSTRAINTS));
            return (a == null || (b = a.b()) == null || (intValue = b.intValue()) >= i2) ? i2 : intValue;
        } catch (Exception e) {
            throw new org.bouncycastle.jce.a.a("Basic constraints extension cannot be decoded.", e, certPath, i);
        }
    }

    protected static void prepareNextCertN(CertPath certPath, int i) throws CertPathValidatorException {
        boolean[] keyUsage = ((X509Certificate) certPath.getCertificates().get(i)).getKeyUsage();
        if (keyUsage != null && !keyUsage[5]) {
            throw new org.bouncycastle.jce.a.a("Issuer certificate keyusage extension is critical and does not permit key signing.", null, certPath, i);
        }
    }

    protected static void prepareNextCertO(CertPath certPath, int i, Set set, List list) throws CertPathValidatorException {
        X509Certificate x509Certificate = (X509Certificate) certPath.getCertificates().get(i);
        Iterator it = list.iterator();
        while (it.hasNext()) {
            try {
                ((PKIXCertPathChecker) it.next()).check(x509Certificate, set);
            } catch (CertPathValidatorException e) {
                throw new CertPathValidatorException(e.getMessage(), e.getCause(), certPath, i);
            }
        }
        if (!set.isEmpty()) {
            throw new org.bouncycastle.jce.a.a("Certificate has unsupported critical extension.", null, certPath, i);
        }
    }

    protected static Set processCRLA1i(Date date, org.bouncycastle.b.d dVar, X509Certificate x509Certificate, X509CRL x509crl) throws a {
        HashSet hashSet = new HashSet();
        if (dVar.a()) {
            try {
                org.bouncycastle.asn1.x509.e a = org.bouncycastle.asn1.x509.e.a(d.a(x509Certificate, FRESHEST_CRL));
                if (a == null) {
                    try {
                        a = org.bouncycastle.asn1.x509.e.a(d.a(x509crl, FRESHEST_CRL));
                    } catch (a e) {
                        throw new a("Freshest CRL extension could not be decoded from CRL.", e);
                    }
                }
                if (a != null) {
                    try {
                        d.a(a, dVar);
                        try {
                            hashSet.addAll(d.a(date, dVar, x509crl));
                        } catch (a e2) {
                            throw new a("Exception obtaining delta CRLs.", e2);
                        }
                    } catch (a e3) {
                        throw new a("No new delta CRL locations could be added from Freshest CRL extension.", e3);
                    }
                }
            } catch (a e4) {
                throw new a("Freshest CRL extension could not be decoded from certificate.", e4);
            }
        }
        return hashSet;
    }

    protected static Set[] processCRLA1ii(Date date, org.bouncycastle.b.d dVar, X509Certificate x509Certificate, X509CRL x509crl) throws a {
        HashSet hashSet = new HashSet();
        org.bouncycastle.b.i iVar = new org.bouncycastle.b.i();
        iVar.setCertificateChecking(x509Certificate);
        try {
            iVar.addIssuerName(x509crl.getIssuerX500Principal().getEncoded());
            iVar.b(true);
            Set a = CRL_UTIL.a(iVar, dVar, date);
            if (dVar.a()) {
                try {
                    hashSet.addAll(d.a(date, dVar, x509crl));
                } catch (a e) {
                    throw new a("Exception obtaining delta CRLs.", e);
                }
            }
            return new Set[]{a, hashSet};
        } catch (IOException e2) {
            throw new a("Cannot extract issuer from CRL." + e2, e2);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static void processCRLB1(org.bouncycastle.asn1.x509.k kVar, Object obj, X509CRL x509crl) throws a {
        boolean z;
        r a = d.a(x509crl, ISSUING_DISTRIBUTION_POINT);
        boolean z2 = a != null && t.a(a).c();
        byte[] encoded = d.a(x509crl).getEncoded();
        if (kVar.c() != null) {
            o[] a2 = kVar.c().a();
            z = false;
            for (int i = 0; i < a2.length; i++) {
                if (a2[i].a() == 4) {
                    try {
                        if (org.bouncycastle.a.a.a(a2[i].b().toASN1Primitive().getEncoded(), encoded)) {
                            z = true;
                        }
                    } catch (IOException e) {
                        throw new a("CRL issuer information from distribution point cannot be decoded.", e);
                    }
                }
            }
            if (z && !z2) {
                throw new a("Distribution point contains cRLIssuer field but CRL is not indirect.");
            }
            if (!z) {
                throw new a("CRL issuer of CRL does not match CRL issuer of distribution point.");
            }
        } else {
            z = d.a(x509crl).equals(d.a(obj));
        }
        if (!z) {
            throw new a("Cannot find matching CRL issuer for certificate.");
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static void processCRLB2(org.bouncycastle.asn1.x509.k kVar, Object obj, X509CRL x509crl) throws a {
        o[] oVarArr;
        boolean z = false;
        try {
            t a = t.a(d.a(x509crl, ISSUING_DISTRIBUTION_POINT));
            if (a != null) {
                if (a.e() != null) {
                    org.bouncycastle.asn1.x509.l e = t.a(a).e();
                    ArrayList arrayList = new ArrayList();
                    if (e.a() == 0) {
                        for (o oVar : p.a(e.b()).a()) {
                            arrayList.add(oVar);
                        }
                    }
                    if (e.a() == 1) {
                        org.bouncycastle.asn1.e eVar = new org.bouncycastle.asn1.e();
                        try {
                            Enumeration b = s.a(s.fromByteArray(d.a(x509crl).getEncoded())).b();
                            while (b.hasMoreElements()) {
                                eVar.a((org.bouncycastle.asn1.d) b.nextElement());
                            }
                            eVar.a(e.b());
                            arrayList.add(new o(ai.a(new bh(eVar))));
                        } catch (IOException e2) {
                            throw new a("Could not read CRL issuer.", e2);
                        }
                    }
                    if (kVar.a() != null) {
                        org.bouncycastle.asn1.x509.l a2 = kVar.a();
                        o[] a3 = a2.a() == 0 ? p.a(a2.b()).a() : null;
                        if (a2.a() == 1) {
                            if (kVar.c() != null) {
                                oVarArr = kVar.c().a();
                            } else {
                                oVarArr = new o[1];
                                try {
                                    oVarArr[0] = new o(new ai((s) s.fromByteArray(d.a(obj).getEncoded())));
                                } catch (IOException e3) {
                                    throw new a("Could not read certificate issuer.", e3);
                                }
                            }
                            for (int i = 0; i < oVarArr.length; i++) {
                                Enumeration b2 = s.a(oVarArr[i].b().toASN1Primitive()).b();
                                org.bouncycastle.asn1.e eVar2 = new org.bouncycastle.asn1.e();
                                while (b2.hasMoreElements()) {
                                    eVar2.a((org.bouncycastle.asn1.d) b2.nextElement());
                                }
                                eVar2.a(a2.b());
                                oVarArr[i] = new o(new ai(new bh(eVar2)));
                            }
                        } else {
                            oVarArr = a3;
                        }
                        if (oVarArr != null) {
                            int i2 = 0;
                            while (true) {
                                if (i2 >= oVarArr.length) {
                                    break;
                                }
                                if (arrayList.contains(oVarArr[i2])) {
                                    z = true;
                                    break;
                                }
                                i2++;
                            }
                        }
                        if (!z) {
                            throw new a("No match for certificate CRL issuing distribution point name to cRLIssuer CRL distribution point.");
                        }
                    } else {
                        if (kVar.c() == null) {
                            throw new a("Either the cRLIssuer or the distributionPoint field must be contained in DistributionPoint.");
                        }
                        o[] a4 = kVar.c().a();
                        int i3 = 0;
                        while (true) {
                            if (i3 >= a4.length) {
                                break;
                            }
                            if (arrayList.contains(a4[i3])) {
                                z = true;
                                break;
                            }
                            i3++;
                        }
                        if (!z) {
                            throw new a("No match for certificate CRL issuing distribution point name to cRLIssuer CRL distribution point.");
                        }
                    }
                }
                try {
                    org.bouncycastle.asn1.x509.d a5 = org.bouncycastle.asn1.x509.d.a(d.a((X509Extension) obj, BASIC_CONSTRAINTS));
                    if (obj instanceof X509Certificate) {
                        if (a.a() && a5 != null && a5.a()) {
                            throw new a("CA Cert CRL only contains user certificates.");
                        }
                        if (a.b() && (a5 == null || !a5.a())) {
                            throw new a("End CRL only contains CA certificates.");
                        }
                    }
                    if (a.d()) {
                        throw new a("onlyContainsAttributeCerts boolean is asserted.");
                    }
                } catch (Exception e4) {
                    throw new a("Basic constraints extension could not be decoded.", e4);
                }
            }
        } catch (Exception e5) {
            throw new a("Issuing distribution point extension could not be decoded.", e5);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static void processCRLC(X509CRL x509crl, X509CRL x509crl2, org.bouncycastle.b.d dVar) throws a {
        boolean z = true;
        if (x509crl == null) {
            return;
        }
        try {
            t a = t.a(d.a(x509crl2, ISSUING_DISTRIBUTION_POINT));
            if (dVar.a()) {
                if (!x509crl.getIssuerX500Principal().equals(x509crl2.getIssuerX500Principal())) {
                    throw new a("Complete CRL issuer does not match delta CRL issuer.");
                }
                try {
                    t a2 = t.a(d.a(x509crl, ISSUING_DISTRIBUTION_POINT));
                    if (a != null ? !a.equals(a2) : a2 != null) {
                        z = false;
                    }
                    if (!z) {
                        throw new a("Issuing distribution point extension from delta CRL and complete CRL does not match.");
                    }
                    try {
                        r a3 = d.a(x509crl2, AUTHORITY_KEY_IDENTIFIER);
                        try {
                            r a4 = d.a(x509crl, AUTHORITY_KEY_IDENTIFIER);
                            if (a3 == null) {
                                throw new a("CRL authority key identifier is null.");
                            }
                            if (a4 == null) {
                                throw new a("Delta CRL authority key identifier is null.");
                            }
                            if (!a3.equals(a4)) {
                                throw new a("Delta CRL authority key identifier does not match complete CRL authority key identifier.");
                            }
                        } catch (a e) {
                            throw new a("Authority key identifier extension could not be extracted from delta CRL.", e);
                        }
                    } catch (a e2) {
                        throw new a("Authority key identifier extension could not be extracted from complete CRL.", e2);
                    }
                } catch (Exception e3) {
                    throw new a("Issuing distribution point extension from delta CRL could not be decoded.", e3);
                }
            }
        } catch (Exception e4) {
            throw new a("Issuing distribution point extension could not be decoded.", e4);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static ReasonsMask processCRLD(X509CRL x509crl, org.bouncycastle.asn1.x509.k kVar) throws a {
        try {
            t a = t.a(d.a(x509crl, ISSUING_DISTRIBUTION_POINT));
            if (a != null && a.f() != null && kVar.b() != null) {
                return new ReasonsMask(kVar.b()).intersect(new ReasonsMask(a.f()));
            }
            if ((a == null || a.f() == null) && kVar.b() == null) {
                return ReasonsMask.allReasons;
            }
            return (kVar.b() == null ? ReasonsMask.allReasons : new ReasonsMask(kVar.b())).intersect(a == null ? ReasonsMask.allReasons : new ReasonsMask(a.f()));
        } catch (Exception e) {
            throw new a("Issuing distribution point extension could not be decoded.", e);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static Set processCRLF(X509CRL x509crl, Object obj, X509Certificate x509Certificate, PublicKey publicKey, org.bouncycastle.b.d dVar, List list) throws a {
        a aVar;
        int i = 0;
        org.bouncycastle.b.j jVar = new org.bouncycastle.b.j();
        try {
            jVar.setSubject(d.a(x509crl).getEncoded());
            try {
                Collection<X509Certificate> a = d.a(jVar, dVar.d());
                a.addAll(d.a(jVar, dVar.c()));
                a.addAll(d.a(jVar, dVar.getCertStores()));
                a.add(x509Certificate);
                ArrayList arrayList = new ArrayList();
                ArrayList arrayList2 = new ArrayList();
                for (X509Certificate x509Certificate2 : a) {
                    if (x509Certificate2.equals(x509Certificate)) {
                        arrayList.add(x509Certificate2);
                        arrayList2.add(publicKey);
                    } else {
                        try {
                            CertPathBuilder certPathBuilder = CertPathBuilder.getInstance("PKIX", b.a);
                            org.bouncycastle.b.j jVar2 = new org.bouncycastle.b.j();
                            jVar2.setCertificate(x509Certificate2);
                            org.bouncycastle.b.d dVar2 = (org.bouncycastle.b.d) dVar.clone();
                            dVar2.setTargetCertConstraints(jVar2);
                            org.bouncycastle.b.c cVar = (org.bouncycastle.b.c) org.bouncycastle.b.c.b(dVar2);
                            if (list.contains(x509Certificate2)) {
                                cVar.setRevocationEnabled(false);
                            } else {
                                cVar.setRevocationEnabled(true);
                            }
                            List<? extends Certificate> certificates = certPathBuilder.build(cVar).getCertPath().getCertificates();
                            arrayList.add(x509Certificate2);
                            arrayList2.add(d.a(certificates, 0));
                        } catch (CertPathBuilderException e) {
                            throw new a("Internal error.", e);
                        } catch (CertPathValidatorException e2) {
                            throw new a("Public key of issuer certificate of CRL could not be retrieved.", e2);
                        } catch (Exception e3) {
                            throw new RuntimeException(e3.getMessage());
                        }
                    }
                }
                HashSet hashSet = new HashSet();
                a aVar2 = null;
                while (i < arrayList.size()) {
                    boolean[] keyUsage = ((X509Certificate) arrayList.get(i)).getKeyUsage();
                    if (keyUsage == null || (keyUsage.length >= 7 && keyUsage[6])) {
                        hashSet.add(arrayList2.get(i));
                        aVar = aVar2;
                    } else {
                        aVar = new a("Issuer certificate key usage extension does not permit CRL signing.");
                    }
                    i++;
                    aVar2 = aVar;
                }
                if (hashSet.isEmpty() && aVar2 == null) {
                    throw new a("Cannot find a valid issuer certificate.");
                }
                if (!hashSet.isEmpty() || aVar2 == null) {
                    return hashSet;
                }
                throw aVar2;
            } catch (a e4) {
                throw new a("Issuer certificate for CRL cannot be searched.", e4);
            }
        } catch (IOException e5) {
            throw new a("Subject criteria for certificate selector to find issuer certificate for CRL could not be set.", e5);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static PublicKey processCRLG(X509CRL x509crl, Set set) throws a {
        Exception e = null;
        Iterator it = set.iterator();
        while (it.hasNext()) {
            PublicKey publicKey = (PublicKey) it.next();
            try {
                x509crl.verify(publicKey);
                return publicKey;
            } catch (Exception e2) {
                e = e2;
            }
        }
        throw new a("Cannot verify CRL.", e);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static X509CRL processCRLH(Set set, PublicKey publicKey) throws a {
        Iterator it = set.iterator();
        Exception e = null;
        while (it.hasNext()) {
            X509CRL x509crl = (X509CRL) it.next();
            try {
                x509crl.verify(publicKey);
                return x509crl;
            } catch (Exception e2) {
                e = e2;
            }
        }
        if (e != null) {
            throw new a("Cannot verify delta CRL.", e);
        }
        return null;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static void processCRLI(Date date, X509CRL x509crl, Object obj, e eVar, org.bouncycastle.b.d dVar) throws a {
        if (!dVar.a() || x509crl == null) {
            return;
        }
        d.a(date, x509crl, obj, eVar);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static void processCRLJ(Date date, X509CRL x509crl, Object obj, e eVar) throws a {
        if (eVar.b() == 11) {
            d.a(date, x509crl, obj, eVar);
        }
    }

    protected static void processCertA(CertPath certPath, org.bouncycastle.b.d dVar, int i, PublicKey publicKey, boolean z, X500Principal x500Principal, X509Certificate x509Certificate) throws org.bouncycastle.jce.a.a {
        List<? extends Certificate> certificates = certPath.getCertificates();
        X509Certificate x509Certificate2 = (X509Certificate) certificates.get(i);
        if (!z) {
            try {
                d.a(x509Certificate2, publicKey, dVar.getSigProvider());
            } catch (GeneralSecurityException e) {
                throw new org.bouncycastle.jce.a.a("Could not validate certificate signature.", e, certPath, i);
            }
        }
        try {
            x509Certificate2.checkValidity(d.a(dVar, certPath, i));
            if (dVar.isRevocationEnabled()) {
                try {
                    checkCRLs(dVar, x509Certificate2, d.a(dVar, certPath, i), x509Certificate, publicKey, certificates);
                } catch (a e2) {
                    throw new org.bouncycastle.jce.a.a(e2.getMessage(), e2.getCause() != null ? e2.getCause() : e2, certPath, i);
                }
            }
            if (!d.a((Object) x509Certificate2).equals(x500Principal)) {
                throw new org.bouncycastle.jce.a.a("IssuerName(" + d.a((Object) x509Certificate2) + ") does not match SubjectName(" + x500Principal + ") of signing certificate.", null, certPath, i);
            }
        } catch (CertificateExpiredException e3) {
            throw new org.bouncycastle.jce.a.a("Could not validate certificate: " + e3.getMessage(), e3, certPath, i);
        } catch (CertificateNotYetValidException e4) {
            throw new org.bouncycastle.jce.a.a("Could not validate certificate: " + e4.getMessage(), e4, certPath, i);
        } catch (a e5) {
            throw new org.bouncycastle.jce.a.a("Could not validate time of certificate.", e5, certPath, i);
        }
    }

    protected static void processCertBC(CertPath certPath, int i, i iVar) throws CertPathValidatorException {
        List<? extends Certificate> certificates = certPath.getCertificates();
        X509Certificate x509Certificate = (X509Certificate) certificates.get(i);
        int size = certificates.size();
        int i2 = size - i;
        if (!d.b(x509Certificate) || i2 >= size) {
            try {
                s a = bh.a(new org.bouncycastle.asn1.i(d.a(x509Certificate).getEncoded()).d());
                try {
                    iVar.a(a);
                    iVar.b(a);
                    try {
                        p a2 = p.a(d.a(x509Certificate, SUBJECT_ALTERNATIVE_NAME));
                        Enumeration elements = new ai(a).a(ai.D).elements();
                        while (elements.hasMoreElements()) {
                            o oVar = new o(1, (String) elements.nextElement());
                            try {
                                iVar.a(oVar);
                                iVar.b(oVar);
                            } catch (j e) {
                                throw new CertPathValidatorException("Subtree check for certificate subject alternative email failed.", e, certPath, i);
                            }
                        }
                        if (a2 != null) {
                            try {
                                o[] a3 = a2.a();
                                for (int i3 = 0; i3 < a3.length; i3++) {
                                    try {
                                        iVar.a(a3[i3]);
                                        iVar.b(a3[i3]);
                                    } catch (j e2) {
                                        throw new CertPathValidatorException("Subtree check for certificate subject alternative name failed.", e2, certPath, i);
                                    }
                                }
                            } catch (Exception e3) {
                                throw new CertPathValidatorException("Subject alternative name contents could not be decoded.", e3, certPath, i);
                            }
                        }
                    } catch (Exception e4) {
                        throw new CertPathValidatorException("Subject alternative name extension could not be decoded.", e4, certPath, i);
                    }
                } catch (j e5) {
                    throw new CertPathValidatorException("Subtree check for certificate subject failed.", e5, certPath, i);
                }
            } catch (Exception e6) {
                throw new CertPathValidatorException("Exception extracting subject name when checking subtrees.", e6, certPath, i);
            }
        }
    }

    protected static k processCertD(CertPath certPath, int i, Set set, k kVar, List[] listArr, int i2) throws CertPathValidatorException {
        String str;
        boolean z;
        int i3;
        List<? extends Certificate> certificates = certPath.getCertificates();
        X509Certificate x509Certificate = (X509Certificate) certificates.get(i);
        int size = certificates.size();
        int i4 = size - i;
        try {
            s a = bh.a(d.a(x509Certificate, CERTIFICATE_POLICIES));
            if (a == null || kVar == null) {
                return null;
            }
            Enumeration b = a.b();
            HashSet hashSet = new HashSet();
            while (b.hasMoreElements()) {
                w a2 = w.a(b.nextElement());
                org.bouncycastle.asn1.m a3 = a2.a();
                hashSet.add(a3.a());
                if (!ANY_POLICY.equals(a3.a())) {
                    try {
                        Set a4 = d.a(a2.b());
                        if (!d.a(i4, listArr, a3, a4)) {
                            d.b(i4, listArr, a3, a4);
                        }
                    } catch (CertPathValidatorException e) {
                        throw new org.bouncycastle.jce.a.a("Policy qualifier info set could not be build.", e, certPath, i);
                    }
                }
            }
            if (set.isEmpty() || set.contains(ANY_POLICY)) {
                set.clear();
                set.addAll(hashSet);
            } else {
                HashSet hashSet2 = new HashSet();
                for (Object obj : set) {
                    if (hashSet.contains(obj)) {
                        hashSet2.add(obj);
                    }
                }
                set.clear();
                set.addAll(hashSet2);
            }
            if (i2 > 0 || (i4 < size && d.b(x509Certificate))) {
                Enumeration b2 = a.b();
                while (true) {
                    if (!b2.hasMoreElements()) {
                        break;
                    }
                    w a5 = w.a(b2.nextElement());
                    if (ANY_POLICY.equals(a5.a().a())) {
                        Set a6 = d.a(a5.b());
                        List list = listArr[i4 - 1];
                        int i5 = 0;
                        while (true) {
                            int i6 = i5;
                            if (i6 >= list.size()) {
                                break;
                            }
                            k kVar2 = (k) list.get(i6);
                            for (Object obj2 : kVar2.getExpectedPolicies()) {
                                if (obj2 instanceof String) {
                                    str = (String) obj2;
                                } else if (obj2 instanceof bc) {
                                    str = ((bc) obj2).a();
                                }
                                boolean z2 = false;
                                Iterator children = kVar2.getChildren();
                                while (true) {
                                    z = z2;
                                    if (!children.hasNext()) {
                                        break;
                                    }
                                    z2 = str.equals(((k) children.next()).getValidPolicy()) ? true : z;
                                }
                                if (!z) {
                                    HashSet hashSet3 = new HashSet();
                                    hashSet3.add(str);
                                    k kVar3 = new k(new ArrayList(), i4, hashSet3, kVar2, a6, str, false);
                                    kVar2.a(kVar3);
                                    listArr[i4].add(kVar3);
                                }
                            }
                            i5 = i6 + 1;
                        }
                    }
                }
            }
            int i7 = i4 - 1;
            k kVar4 = kVar;
            while (i7 >= 0) {
                List list2 = listArr[i7];
                k kVar5 = kVar4;
                while (true) {
                    int i8 = i3;
                    if (i8 < list2.size()) {
                        k kVar6 = (k) list2.get(i8);
                        i3 = (kVar6.a() || (kVar5 = d.a(kVar5, listArr, kVar6)) != null) ? i8 + 1 : 0;
                    }
                }
                i7--;
                kVar4 = kVar5;
            }
            Set<String> criticalExtensionOIDs = x509Certificate.getCriticalExtensionOIDs();
            if (criticalExtensionOIDs == null) {
                return kVar4;
            }
            boolean contains = criticalExtensionOIDs.contains(CERTIFICATE_POLICIES);
            List list3 = listArr[i4];
            int i9 = 0;
            while (true) {
                int i10 = i9;
                if (i10 >= list3.size()) {
                    return kVar4;
                }
                ((k) list3.get(i10)).a(contains);
                i9 = i10 + 1;
            }
        } catch (a e2) {
            throw new org.bouncycastle.jce.a.a("Could not read certificate policies extension from certificate.", e2, certPath, i);
        }
    }

    protected static k processCertE(CertPath certPath, int i, k kVar) throws CertPathValidatorException {
        try {
            if (bh.a(d.a((X509Certificate) certPath.getCertificates().get(i), CERTIFICATE_POLICIES)) == null) {
                return null;
            }
            return kVar;
        } catch (a e) {
            throw new org.bouncycastle.jce.a.a("Could not read certificate policies extension from certificate.", e, certPath, i);
        }
    }

    protected static void processCertF(CertPath certPath, int i, k kVar, int i2) throws CertPathValidatorException {
        if (i2 <= 0 && kVar == null) {
            throw new org.bouncycastle.jce.a.a("No valid policy tree found when one expected.", null, certPath, i);
        }
    }

    protected static int wrapupCertA(int i, X509Certificate x509Certificate) {
        return (d.b(x509Certificate) || i == 0) ? i : i - 1;
    }

    protected static int wrapupCertB(CertPath certPath, int i, int i2) throws CertPathValidatorException {
        try {
            s a = bh.a(d.a((X509Certificate) certPath.getCertificates().get(i), POLICY_CONSTRAINTS));
            if (a == null) {
                return i2;
            }
            Enumeration b = a.b();
            while (b.hasMoreElements()) {
                y yVar = (y) b.nextElement();
                switch (yVar.a()) {
                    case 0:
                        try {
                            if (az.a(yVar, false).a().intValue() != 0) {
                                break;
                            } else {
                                return 0;
                            }
                        } catch (Exception e) {
                            throw new org.bouncycastle.jce.a.a("Policy constraints requireExplicitPolicy field could not be decoded.", e, certPath, i);
                        }
                }
            }
            return i2;
        } catch (a e2) {
            throw new org.bouncycastle.jce.a.a("Policy constraints could not be decoded.", e2, certPath, i);
        }
    }

    protected static void wrapupCertF(CertPath certPath, int i, List list, Set set) throws CertPathValidatorException {
        X509Certificate x509Certificate = (X509Certificate) certPath.getCertificates().get(i);
        Iterator it = list.iterator();
        while (it.hasNext()) {
            try {
                ((PKIXCertPathChecker) it.next()).check(x509Certificate, set);
            } catch (CertPathValidatorException e) {
                throw new org.bouncycastle.jce.a.a("Additional certificate path checker failed.", e, certPath, i);
            }
        }
        if (!set.isEmpty()) {
            throw new org.bouncycastle.jce.a.a("Certificate has unsupported critical extension", null, certPath, i);
        }
    }

    /* JADX WARN: Removed duplicated region for block: B:38:0x0080  */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    protected static org.bouncycastle.jce.provider.k wrapupCertG(java.security.cert.CertPath r9, org.bouncycastle.b.d r10, java.util.Set r11, int r12, java.util.List[] r13, org.bouncycastle.jce.provider.k r14, java.util.Set r15) throws java.security.cert.CertPathValidatorException {
        /*
            Method dump skipped, instructions count: 349
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: org.bouncycastle.jce.provider.RFC3280CertPathUtilities.wrapupCertG(java.security.cert.CertPath, org.bouncycastle.b.d, java.util.Set, int, java.util.List[], org.bouncycastle.jce.provider.k, java.util.Set):org.bouncycastle.jce.provider.k");
    }
}
