package org.bouncycastle.jce.provider;

import a0.a;
import androidx.fragment.app.n;
import java.io.IOException;
import java.security.InvalidAlgorithmParameterException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.Principal;
import java.security.cert.CertPath;
import java.security.cert.CertPathBuilder;
import java.security.cert.CertPathBuilderException;
import java.security.cert.CertPathBuilderResult;
import java.security.cert.CertPathValidator;
import java.security.cert.CertPathValidatorException;
import java.security.cert.CertPathValidatorResult;
import java.security.cert.CertSelector;
import java.security.cert.CertificateExpiredException;
import java.security.cert.CertificateNotYetValidException;
import java.security.cert.TrustAnchor;
import java.security.cert.X509CertSelector;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Date;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Set;
import javax.security.auth.x500.X500Principal;
import mm.k;
import mm.l;
import mm.m;
import rm.b;
import sn.e;
import sn.h;
import tl.i;
import tl.m0;
import tl.q;
import tl.r;
import tl.s;
import tl.u;
import tl.v;
import tl.y;

/* loaded from: classes.dex */
class RFC3281CertPathUtilities {
    private static final String TARGET_INFORMATION = s.I1.f17206c;
    private static final String NO_REV_AVAIL = s.H1.f17206c;
    private static final String CRL_DISTRIBUTION_POINTS = s.f16702y1.f17206c;
    private static final String AUTHORITY_INFO_ACCESS = s.G1.f17206c;

    public static void additionalChecks(h hVar, Set set, Set set2) {
        Iterator it = set.iterator();
        while (it.hasNext()) {
            String str = (String) it.next();
            if (hVar.b(str) != null) {
                throw new CertPathValidatorException(a.b("Attribute certificate contains prohibited attribute: ", str, "."));
            }
        }
        Iterator it2 = set2.iterator();
        while (it2.hasNext()) {
            String str2 = (String) it2.next();
            if (hVar.b(str2) == null) {
                throw new CertPathValidatorException(a.b("Attribute certificate does not contain necessary attribute: ", str2, "."));
            }
        }
    }

    /* JADX WARN: Code restructure failed: missing block: B:52:0x00e4, code lost:
    
        return;
     */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    private static void checkCRL(tl.q r21, sn.h r22, mm.m r23, java.util.Date r24, java.security.cert.X509Certificate r25, org.bouncycastle.jce.provider.CertStatus r26, org.bouncycastle.jce.provider.ReasonsMask r27, java.util.List r28, pm.a r29) {
        /*
            Method dump skipped, instructions count: 238
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: org.bouncycastle.jce.provider.RFC3281CertPathUtilities.checkCRL(tl.q, sn.h, mm.m, java.util.Date, java.security.cert.X509Certificate, org.bouncycastle.jce.provider.CertStatus, org.bouncycastle.jce.provider.ReasonsMask, java.util.List, pm.a):void");
    }

    /* JADX WARN: Multi-variable type inference failed */
    public static void checkCRLs(h hVar, m mVar, X509Certificate x509Certificate, Date date, List list, pm.a aVar) {
        boolean z6;
        if (mVar.L) {
            if (hVar.getExtensionValue(NO_REV_AVAIL) != null) {
                if (hVar.getExtensionValue(CRL_DISTRIBUTION_POINTS) != null || hVar.getExtensionValue(AUTHORITY_INFO_ACCESS) != null) {
                    throw new CertPathValidatorException("No rev avail extension is set, but also an AC revocation pointer.");
                }
                return;
            }
            try {
                i m10 = i.m(CertPathValidatorUtilities.getExtensionValue(hVar, CRL_DISTRIBUTION_POINTS));
                ArrayList arrayList = new ArrayList();
                try {
                    arrayList.addAll(CertPathValidatorUtilities.getAdditionalStoresFromCRLDistributionPoint(m10, mVar.H));
                    m.a aVar2 = new m.a(mVar);
                    Iterator it = arrayList.iterator();
                    while (it.hasNext()) {
                        aVar2.f12776f.add((mm.h) arrayList);
                    }
                    m mVar2 = new m(aVar2);
                    CertStatus certStatus = new CertStatus();
                    ReasonsMask reasonsMask = new ReasonsMask();
                    AnnotatedException annotatedException = null;
                    if (m10 != null) {
                        try {
                            q[] j10 = m10.j();
                            int i10 = 0;
                            z6 = false;
                            while (i10 < j10.length && certStatus.getCertStatus() == 11 && !reasonsMask.isAllReasons()) {
                                try {
                                    int i11 = i10;
                                    q[] qVarArr = j10;
                                    checkCRL(j10[i10], hVar, mVar2, date, x509Certificate, certStatus, reasonsMask, list, aVar);
                                    i10 = i11 + 1;
                                    z6 = true;
                                    j10 = qVarArr;
                                } catch (AnnotatedException e10) {
                                    annotatedException = new AnnotatedException("No valid CRL for distribution point found.", e10);
                                }
                            }
                        } catch (Exception e11) {
                            throw new b("Distribution points could not be read.", e11);
                        }
                    } else {
                        z6 = false;
                    }
                    if (certStatus.getCertStatus() == 11 && !reasonsMask.isAllReasons()) {
                        try {
                            try {
                                checkCRL(new q(new r(new v(new u(4, new uk.i(((X500Principal) hVar.c().d()[0]).getEncoded()).o())))), hVar, mVar2, date, x509Certificate, certStatus, reasonsMask, list, aVar);
                                z6 = true;
                            } catch (Exception e12) {
                                throw new AnnotatedException("Issuer from certificate for CRL could not be reencoded.", e12);
                            }
                        } catch (AnnotatedException e13) {
                            annotatedException = new AnnotatedException("No valid CRL for distribution point found.", e13);
                        }
                    }
                    if (!z6) {
                        throw new b("No valid CRL found.", annotatedException);
                    }
                    if (certStatus.getCertStatus() != 11) {
                        StringBuilder d10 = n.d("Attribute certificate revocation after " + certStatus.getRevocationDate(), ", reason: ");
                        d10.append(RFC3280CertPathUtilities.crlReasons[certStatus.getCertStatus()]);
                        throw new CertPathValidatorException(d10.toString());
                    }
                    if (!reasonsMask.isAllReasons() && certStatus.getCertStatus() == 11) {
                        certStatus.setCertStatus(12);
                    }
                    if (certStatus.getCertStatus() == 12) {
                        throw new CertPathValidatorException("Attribute certificate status could not be determined.");
                    }
                } catch (AnnotatedException e14) {
                    throw new CertPathValidatorException("No additional CRL locations could be decoded from CRL distribution point extension.", e14);
                }
            } catch (AnnotatedException e15) {
                throw new CertPathValidatorException("CRL distribution point extension could not be read.", e15);
            }
        }
    }

    public static CertPath processAttrCert1(h hVar, m mVar) {
        HashSet hashSet = new HashSet();
        y yVar = hVar.a().f16093c.f16724c;
        b bVar = null;
        if ((yVar != null ? sn.a.e(yVar.f16727c) : null) != null) {
            X509CertSelector x509CertSelector = new X509CertSelector();
            y yVar2 = hVar.a().f16093c.f16724c;
            x509CertSelector.setSerialNumber(yVar2 != null ? yVar2.f16728d.z() : null);
            y yVar3 = hVar.a().f16093c.f16724c;
            for (Principal principal : yVar3 != null ? sn.a.e(yVar3.f16727c) : null) {
                try {
                    if (principal instanceof X500Principal) {
                        x509CertSelector.setIssuer(((X500Principal) principal).getEncoded());
                    }
                    hashSet.addAll(CertPathValidatorUtilities.findCertificates(new k((CertSelector) x509CertSelector.clone()), mVar.d()));
                } catch (IOException e10) {
                    throw new b("Unable to encode X500 principal.", e10);
                } catch (AnnotatedException e11) {
                    throw new b("Public key certificate for attribute certificate cannot be searched.", e11);
                }
            }
            if (hashSet.isEmpty()) {
                throw new CertPathValidatorException("Public key certificate specified in base certificate ID for attribute certificate cannot be found.");
            }
        }
        if (hVar.a().d() != null) {
            sn.k kVar = new sn.k();
            for (Principal principal2 : hVar.a().d()) {
                try {
                    if (principal2 instanceof X500Principal) {
                        kVar.setIssuer(((X500Principal) principal2).getEncoded());
                    }
                    hashSet.addAll(CertPathValidatorUtilities.findCertificates(new k((CertSelector) kVar.clone()), mVar.d()));
                } catch (IOException e12) {
                    throw new b("Unable to encode X500 principal.", e12);
                } catch (AnnotatedException e13) {
                    throw new b("Public key certificate for attribute certificate cannot be searched.", e13);
                }
            }
            if (hashSet.isEmpty()) {
                throw new CertPathValidatorException("Public key certificate specified in entity name for attribute certificate cannot be found.");
            }
        }
        m.a aVar = new m.a(mVar);
        Iterator it = hashSet.iterator();
        CertPathBuilderResult certPathBuilderResult = null;
        while (it.hasNext()) {
            sn.k kVar2 = new sn.k();
            kVar2.setCertificate((X509Certificate) it.next());
            aVar.f12773c = new k((CertSelector) kVar2.clone());
            try {
                try {
                    certPathBuilderResult = CertPathBuilder.getInstance("PKIX", BouncyCastleProvider.PROVIDER_NAME).build(new l(new l.a(new m(aVar))));
                } catch (InvalidAlgorithmParameterException e14) {
                    throw new RuntimeException(e14.getMessage());
                } catch (CertPathBuilderException e15) {
                    bVar = new b("Certification path for public key certificate of attribute certificate could not be build.", e15);
                }
            } catch (NoSuchAlgorithmException e16) {
                throw new b("Support class could not be created.", e16);
            } catch (NoSuchProviderException e17) {
                throw new b("Support class could not be created.", e17);
            }
        }
        if (bVar == null) {
            return certPathBuilderResult.getCertPath();
        }
        throw bVar;
    }

    public static CertPathValidatorResult processAttrCert2(CertPath certPath, m mVar) {
        try {
            try {
                return CertPathValidator.getInstance("PKIX", BouncyCastleProvider.PROVIDER_NAME).validate(certPath, mVar);
            } catch (InvalidAlgorithmParameterException e10) {
                throw new RuntimeException(e10.getMessage());
            } catch (CertPathValidatorException e11) {
                throw new b("Certification path for issuer certificate of attribute certificate could not be validated.", e11);
            }
        } catch (NoSuchAlgorithmException e12) {
            throw new b("Support class could not be created.", e12);
        } catch (NoSuchProviderException e13) {
            throw new b("Support class could not be created.", e13);
        }
    }

    public static void processAttrCert3(X509Certificate x509Certificate, m mVar) {
        if (x509Certificate.getKeyUsage() != null && !x509Certificate.getKeyUsage()[0] && !x509Certificate.getKeyUsage()[1]) {
            throw new CertPathValidatorException("Attribute certificate issuer public key cannot be used to validate digital signatures.");
        }
        if (x509Certificate.getBasicConstraints() != -1) {
            throw new CertPathValidatorException("Attribute certificate issuer is also a public key certificate issuer.");
        }
    }

    public static void processAttrCert4(X509Certificate x509Certificate, Set set) {
        Iterator it = set.iterator();
        boolean z6 = false;
        while (it.hasNext()) {
            TrustAnchor trustAnchor = (TrustAnchor) it.next();
            if (x509Certificate.getSubjectX500Principal().getName("RFC2253").equals(trustAnchor.getCAName()) || x509Certificate.equals(trustAnchor.getTrustedCert())) {
                z6 = true;
            }
        }
        if (!z6) {
            throw new CertPathValidatorException("Attribute certificate issuer is not directly trusted.");
        }
    }

    public static void processAttrCert5(h hVar, m mVar) {
        try {
            hVar.checkValidity(CertPathValidatorUtilities.getValidDate(mVar));
        } catch (CertificateExpiredException e10) {
            throw new b("Attribute certificate is not valid.", e10);
        } catch (CertificateNotYetValidException e11) {
            throw new b("Attribute certificate is not valid.", e11);
        }
    }

    public static void processAttrCert7(h hVar, CertPath certPath, CertPath certPath2, m mVar, Set set) {
        Set<String> criticalExtensionOIDs = hVar.getCriticalExtensionOIDs();
        String str = TARGET_INFORMATION;
        if (criticalExtensionOIDs.contains(str)) {
            try {
                uk.l extensionValue = CertPathValidatorUtilities.getExtensionValue(hVar, str);
                if (extensionValue instanceof m0) {
                } else if (extensionValue != null) {
                    new m0(uk.s.w(extensionValue));
                }
            } catch (IllegalArgumentException e10) {
                throw new b("Target information extension could not be read.", e10);
            } catch (AnnotatedException e11) {
                throw new b("Target information extension could not be read.", e11);
            }
        }
        criticalExtensionOIDs.remove(str);
        Iterator it = set.iterator();
        while (it.hasNext()) {
            ((e) it.next()).d();
        }
        if (criticalExtensionOIDs.isEmpty()) {
            return;
        }
        throw new CertPathValidatorException("Attribute certificate contains unsupported critical extensions: " + criticalExtensionOIDs);
    }
}
