package org.bouncycastle.jce.provider;

import java.io.IOException;
import java.math.BigInteger;
import java.security.GeneralSecurityException;
import java.security.PublicKey;
import java.security.cert.CertPath;
import java.security.cert.CertPathBuilderException;
import java.security.cert.CertPathBuilderSpi;
import java.security.cert.CertPathValidatorException;
import java.security.cert.Certificate;
import java.security.cert.CertificateExpiredException;
import java.security.cert.CertificateNotYetValidException;
import java.security.cert.PKIXCertPathChecker;
import java.security.cert.X509CRL;
import java.security.cert.X509CertSelector;
import java.security.cert.X509Certificate;
import java.security.cert.X509Extension;
import java.util.ArrayList;
import java.util.Date;
import java.util.Enumeration;
import java.util.HashSet;
import java.util.Iterator;
import java.util.LinkedHashSet;
import java.util.List;
import java.util.Set;
import org.bouncycastle.asn1.ASN1Encodable;
import org.bouncycastle.asn1.ASN1EncodableVector;
import org.bouncycastle.asn1.ASN1Integer;
import org.bouncycastle.asn1.ASN1ObjectIdentifier;
import org.bouncycastle.asn1.ASN1Primitive;
import org.bouncycastle.asn1.ASN1Sequence;
import org.bouncycastle.asn1.ASN1String;
import org.bouncycastle.asn1.ASN1TaggedObject;
import org.bouncycastle.asn1.DERSequence;
import org.bouncycastle.asn1.x500.RDN;
import org.bouncycastle.asn1.x500.X500Name;
import org.bouncycastle.asn1.x500.style.BCStyle;
import org.bouncycastle.asn1.x509.BasicConstraints;
import org.bouncycastle.asn1.x509.DistributionPoint;
import org.bouncycastle.asn1.x509.DistributionPointName;
import org.bouncycastle.asn1.x509.Extension;
import org.bouncycastle.asn1.x509.GeneralName;
import org.bouncycastle.asn1.x509.GeneralNames;
import org.bouncycastle.asn1.x509.GeneralSubtree;
import org.bouncycastle.asn1.x509.IssuingDistributionPoint;
import org.bouncycastle.asn1.x509.NameConstraints;
import org.bouncycastle.asn1.x509.PolicyInformation;
import org.bouncycastle.jcajce.PKIXCertRevocationChecker;
import org.bouncycastle.jcajce.PKIXCertRevocationCheckerParameters;
import org.bouncycastle.jcajce.PKIXCertStoreSelector;
import org.bouncycastle.jcajce.PKIXExtendedBuilderParameters;
import org.bouncycastle.jcajce.PKIXExtendedParameters;
import org.bouncycastle.jcajce.provider.symmetric.util.ClassUtil;
import org.bouncycastle.jcajce.util.JcaJceHelper;
import org.bouncycastle.jce.exception.ExtCertPathValidatorException;
import org.bouncycastle.util.Arrays;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: classes2.dex */
public class RFC3280CertPathUtilities {

    /* renamed from: a, reason: collision with root package name */
    private static final Class f28040a = ClassUtil.a(RFC3280CertPathUtilities.class, "java.security.cert.PKIXRevocationChecker");

    /* renamed from: b, reason: collision with root package name */
    public static final String f28041b = Extension.f24590v1.D();

    /* renamed from: c, reason: collision with root package name */
    public static final String f28042c = Extension.M1.D();

    /* renamed from: d, reason: collision with root package name */
    public static final String f28043d = Extension.f24580p3.D();

    /* renamed from: e, reason: collision with root package name */
    public static final String f28044e = Extension.Y.D();

    /* renamed from: f, reason: collision with root package name */
    public static final String f28045f = Extension.C2.D();

    /* renamed from: g, reason: collision with root package name */
    public static final String f28046g = Extension.X.D();

    /* renamed from: h, reason: collision with root package name */
    public static final String f28047h = Extension.f24584q2.D();

    /* renamed from: i, reason: collision with root package name */
    public static final String f28048i = Extension.C.D();

    /* renamed from: j, reason: collision with root package name */
    public static final String f28049j = Extension.f24583q1.D();

    /* renamed from: k, reason: collision with root package name */
    public static final String f28050k = Extension.f24589u.D();

    /* renamed from: l, reason: collision with root package name */
    public static final String f28051l = Extension.f24578p1.D();

    /* renamed from: m, reason: collision with root package name */
    public static final String f28052m = Extension.f24579p2.D();

    /* renamed from: n, reason: collision with root package name */
    public static final String f28053n = Extension.f24577n.D();

    /* renamed from: o, reason: collision with root package name */
    public static final String f28054o = Extension.F.D();

    /* renamed from: p, reason: collision with root package name */
    protected static final String[] f28055p = {"unspecified", "keyCompromise", "cACompromise", "affiliationChanged", "superseded", "cessationOfOperation", "certificateHold", "unknown", "removeFromCRL", "privilegeWithdrawn", "aACompromise"};

    RFC3280CertPathUtilities() {
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static void A(CertPath certPath, int i10, PKIXNameConstraintValidator pKIXNameConstraintValidator, boolean z10) {
        List<? extends Certificate> certificates = certPath.getCertificates();
        X509Certificate x509Certificate = (X509Certificate) certificates.get(i10);
        int size = certificates.size();
        int i11 = size - i10;
        if (!CertPathValidatorUtilities.w(x509Certificate) || (i11 >= size && !z10)) {
            try {
                ASN1Sequence A = ASN1Sequence.A(PrincipalUtils.f(x509Certificate));
                try {
                    pKIXNameConstraintValidator.e(A);
                    pKIXNameConstraintValidator.c(A);
                    try {
                        GeneralNames o10 = GeneralNames.o(CertPathValidatorUtilities.m(x509Certificate, f28050k));
                        RDN[] r10 = X500Name.n(A).r(BCStyle.I);
                        for (int i12 = 0; i12 != r10.length; i12++) {
                            GeneralName generalName = new GeneralName(1, ((ASN1String) r10[i12].o().p()).f());
                            try {
                                pKIXNameConstraintValidator.d(generalName);
                                pKIXNameConstraintValidator.b(generalName);
                            } catch (PKIXNameConstraintValidatorException e10) {
                                throw new CertPathValidatorException("Subtree check for certificate subject alternative email failed.", e10, certPath, i10);
                            }
                        }
                        if (o10 != null) {
                            try {
                                GeneralName[] q10 = o10.q();
                                for (int i13 = 0; i13 < q10.length; i13++) {
                                    try {
                                        pKIXNameConstraintValidator.d(q10[i13]);
                                        pKIXNameConstraintValidator.b(q10[i13]);
                                    } catch (PKIXNameConstraintValidatorException e11) {
                                        throw new CertPathValidatorException("Subtree check for certificate subject alternative name failed.", e11, certPath, i10);
                                    }
                                }
                            } catch (Exception e12) {
                                throw new CertPathValidatorException("Subject alternative name contents could not be decoded.", e12, certPath, i10);
                            }
                        }
                    } catch (Exception e13) {
                        throw new CertPathValidatorException("Subject alternative name extension could not be decoded.", e13, certPath, i10);
                    }
                } catch (PKIXNameConstraintValidatorException e14) {
                    throw new CertPathValidatorException("Subtree check for certificate subject failed.", e14, certPath, i10);
                }
            } catch (Exception e15) {
                throw new CertPathValidatorException("Exception extracting subject name when checking subtrees.", e15, certPath, i10);
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static PKIXPolicyNode B(CertPath certPath, int i10, Set set, PKIXPolicyNode pKIXPolicyNode, List[] listArr, int i11, boolean z10) {
        String str;
        int i12;
        List<? extends Certificate> certificates = certPath.getCertificates();
        X509Certificate x509Certificate = (X509Certificate) certificates.get(i10);
        int size = certificates.size();
        int i13 = size - i10;
        try {
            ASN1Sequence A = ASN1Sequence.A(CertPathValidatorUtilities.m(x509Certificate, f28041b));
            if (A == null || pKIXPolicyNode == null) {
                return null;
            }
            Enumeration D = A.D();
            HashSet hashSet = new HashSet();
            while (D.hasMoreElements()) {
                PolicyInformation n10 = PolicyInformation.n(D.nextElement());
                ASN1ObjectIdentifier o10 = n10.o();
                hashSet.add(o10.D());
                if (!"2.5.29.32.0".equals(o10.D())) {
                    try {
                        Set p10 = CertPathValidatorUtilities.p(n10.p());
                        if (!CertPathValidatorUtilities.x(i13, listArr, o10, p10)) {
                            CertPathValidatorUtilities.y(i13, listArr, o10, p10);
                        }
                    } catch (CertPathValidatorException e10) {
                        throw new ExtCertPathValidatorException("Policy qualifier info set could not be build.", e10, certPath, i10);
                    }
                }
            }
            if (set.isEmpty() || set.contains("2.5.29.32.0")) {
                set.clear();
                set.addAll(hashSet);
            } else {
                HashSet hashSet2 = new HashSet();
                for (Object obj : set) {
                    if (hashSet.contains(obj)) {
                        hashSet2.add(obj);
                    }
                }
                set.clear();
                set.addAll(hashSet2);
            }
            if (i11 > 0 || ((i13 < size || z10) && CertPathValidatorUtilities.w(x509Certificate))) {
                Enumeration D2 = A.D();
                while (true) {
                    if (!D2.hasMoreElements()) {
                        break;
                    }
                    PolicyInformation n11 = PolicyInformation.n(D2.nextElement());
                    if ("2.5.29.32.0".equals(n11.o().D())) {
                        Set p11 = CertPathValidatorUtilities.p(n11.p());
                        List list = listArr[i13 - 1];
                        for (int i14 = 0; i14 < list.size(); i14++) {
                            PKIXPolicyNode pKIXPolicyNode2 = (PKIXPolicyNode) list.get(i14);
                            for (Object obj2 : pKIXPolicyNode2.getExpectedPolicies()) {
                                if (obj2 instanceof String) {
                                    str = (String) obj2;
                                } else if (obj2 instanceof ASN1ObjectIdentifier) {
                                    str = ((ASN1ObjectIdentifier) obj2).D();
                                }
                                String str2 = str;
                                Iterator children = pKIXPolicyNode2.getChildren();
                                boolean z11 = false;
                                while (children.hasNext()) {
                                    if (str2.equals(((PKIXPolicyNode) children.next()).getValidPolicy())) {
                                        z11 = true;
                                    }
                                }
                                if (!z11) {
                                    HashSet hashSet3 = new HashSet();
                                    hashSet3.add(str2);
                                    PKIXPolicyNode pKIXPolicyNode3 = new PKIXPolicyNode(new ArrayList(), i13, hashSet3, pKIXPolicyNode2, p11, str2, false);
                                    pKIXPolicyNode2.a(pKIXPolicyNode3);
                                    listArr[i13].add(pKIXPolicyNode3);
                                }
                            }
                        }
                    }
                }
            }
            PKIXPolicyNode pKIXPolicyNode4 = pKIXPolicyNode;
            for (int i15 = i13 - 1; i15 >= 0; i15--) {
                List list2 = listArr[i15];
                while (i12 < list2.size()) {
                    PKIXPolicyNode pKIXPolicyNode5 = (PKIXPolicyNode) list2.get(i12);
                    i12 = (pKIXPolicyNode5.c() || (pKIXPolicyNode4 = CertPathValidatorUtilities.z(pKIXPolicyNode4, listArr, pKIXPolicyNode5)) != null) ? i12 + 1 : 0;
                }
            }
            Set<String> criticalExtensionOIDs = x509Certificate.getCriticalExtensionOIDs();
            if (criticalExtensionOIDs != null) {
                boolean contains = criticalExtensionOIDs.contains(f28041b);
                List list3 = listArr[i13];
                for (int i16 = 0; i16 < list3.size(); i16++) {
                    ((PKIXPolicyNode) list3.get(i16)).e(contains);
                }
            }
            return pKIXPolicyNode4;
        } catch (AnnotatedException e11) {
            throw new ExtCertPathValidatorException("Could not read certificate policies extension from certificate.", e11, certPath, i10);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static PKIXPolicyNode C(CertPath certPath, int i10, PKIXPolicyNode pKIXPolicyNode) {
        try {
            if (ASN1Sequence.A(CertPathValidatorUtilities.m((X509Certificate) certPath.getCertificates().get(i10), f28041b)) == null) {
                return null;
            }
            return pKIXPolicyNode;
        } catch (AnnotatedException e10) {
            throw new ExtCertPathValidatorException("Could not read certificate policies extension from certificate.", e10, certPath, i10);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static void D(CertPath certPath, int i10, PKIXPolicyNode pKIXPolicyNode, int i11) {
        if (i11 <= 0 && pKIXPolicyNode == null) {
            throw new ExtCertPathValidatorException("No valid policy tree found when one expected.", null, certPath, i10);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static int E(int i10, X509Certificate x509Certificate) {
        return (CertPathValidatorUtilities.w(x509Certificate) || i10 == 0) ? i10 : i10 - 1;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static int F(CertPath certPath, int i10, int i11) {
        try {
            ASN1Sequence A = ASN1Sequence.A(CertPathValidatorUtilities.m((X509Certificate) certPath.getCertificates().get(i10), f28047h));
            if (A != null) {
                Enumeration D = A.D();
                while (D.hasMoreElements()) {
                    ASN1TaggedObject aSN1TaggedObject = (ASN1TaggedObject) D.nextElement();
                    if (aSN1TaggedObject.Q() == 0) {
                        try {
                            if (ASN1Integer.A(aSN1TaggedObject, false).J() == 0) {
                                return 0;
                            }
                        } catch (Exception e10) {
                            throw new ExtCertPathValidatorException("Policy constraints requireExplicitPolicy field could not be decoded.", e10, certPath, i10);
                        }
                    }
                }
            }
            return i11;
        } catch (AnnotatedException e11) {
            throw new ExtCertPathValidatorException("Policy constraints could not be decoded.", e11, certPath, i10);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static void G(CertPath certPath, int i10, List list, Set set) {
        X509Certificate x509Certificate = (X509Certificate) certPath.getCertificates().get(i10);
        Iterator it = list.iterator();
        while (it.hasNext()) {
            try {
                ((PKIXCertPathChecker) it.next()).check(x509Certificate, set);
            } catch (CertPathValidatorException e10) {
                throw new ExtCertPathValidatorException(e10.getMessage(), e10, certPath, i10);
            } catch (Exception e11) {
                throw new CertPathValidatorException("Additional certificate path checker failed.", e11, certPath, i10);
            }
        }
        if (set.isEmpty()) {
            return;
        }
        throw new ExtCertPathValidatorException("Certificate has unsupported critical extension: " + set, null, certPath, i10);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static PKIXPolicyNode H(CertPath certPath, PKIXExtendedParameters pKIXExtendedParameters, Set set, int i10, List[] listArr, PKIXPolicyNode pKIXPolicyNode, Set set2) {
        int size = certPath.getCertificates().size();
        if (pKIXPolicyNode == null) {
            if (pKIXExtendedParameters.B()) {
                throw new ExtCertPathValidatorException("Explicit policy requested but none available.", null, certPath, i10);
            }
            return null;
        }
        if (!CertPathValidatorUtilities.t(set)) {
            HashSet<PKIXPolicyNode> hashSet = new HashSet();
            for (List list : listArr) {
                for (int i11 = 0; i11 < list.size(); i11++) {
                    PKIXPolicyNode pKIXPolicyNode2 = (PKIXPolicyNode) list.get(i11);
                    if ("2.5.29.32.0".equals(pKIXPolicyNode2.getValidPolicy())) {
                        Iterator children = pKIXPolicyNode2.getChildren();
                        while (children.hasNext()) {
                            PKIXPolicyNode pKIXPolicyNode3 = (PKIXPolicyNode) children.next();
                            if (!"2.5.29.32.0".equals(pKIXPolicyNode3.getValidPolicy())) {
                                hashSet.add(pKIXPolicyNode3);
                            }
                        }
                    }
                }
            }
            for (PKIXPolicyNode pKIXPolicyNode4 : hashSet) {
                if (!set.contains(pKIXPolicyNode4.getValidPolicy())) {
                    pKIXPolicyNode = CertPathValidatorUtilities.z(pKIXPolicyNode, listArr, pKIXPolicyNode4);
                }
            }
            if (pKIXPolicyNode != null) {
                for (int i12 = size - 1; i12 >= 0; i12--) {
                    List list2 = listArr[i12];
                    for (int i13 = 0; i13 < list2.size(); i13++) {
                        PKIXPolicyNode pKIXPolicyNode5 = (PKIXPolicyNode) list2.get(i13);
                        if (!pKIXPolicyNode5.c()) {
                            pKIXPolicyNode = CertPathValidatorUtilities.z(pKIXPolicyNode, listArr, pKIXPolicyNode5);
                        }
                    }
                }
            }
        } else if (pKIXExtendedParameters.B()) {
            if (set2.isEmpty()) {
                throw new ExtCertPathValidatorException("Explicit policy requested but none available.", null, certPath, i10);
            }
            HashSet hashSet2 = new HashSet();
            for (List list3 : listArr) {
                for (int i14 = 0; i14 < list3.size(); i14++) {
                    PKIXPolicyNode pKIXPolicyNode6 = (PKIXPolicyNode) list3.get(i14);
                    if ("2.5.29.32.0".equals(pKIXPolicyNode6.getValidPolicy())) {
                        Iterator children2 = pKIXPolicyNode6.getChildren();
                        while (children2.hasNext()) {
                            hashSet2.add(children2.next());
                        }
                    }
                }
            }
            Iterator it = hashSet2.iterator();
            while (it.hasNext()) {
                set2.contains(((PKIXPolicyNode) it.next()).getValidPolicy());
            }
            for (int i15 = size - 1; i15 >= 0; i15--) {
                List list4 = listArr[i15];
                for (int i16 = 0; i16 < list4.size(); i16++) {
                    PKIXPolicyNode pKIXPolicyNode7 = (PKIXPolicyNode) list4.get(i16);
                    if (!pKIXPolicyNode7.c()) {
                        pKIXPolicyNode = CertPathValidatorUtilities.z(pKIXPolicyNode, listArr, pKIXPolicyNode7);
                    }
                }
            }
        }
        return pKIXPolicyNode;
    }

    private static void a(PKIXCertRevocationCheckerParameters pKIXCertRevocationCheckerParameters, DistributionPoint distributionPoint, PKIXExtendedParameters pKIXExtendedParameters, Date date, Date date2, X509Certificate x509Certificate, X509Certificate x509Certificate2, PublicKey publicKey, CertStatus certStatus, ReasonsMask reasonsMask, List list, JcaJceHelper jcaJceHelper) {
        Iterator it;
        X509CRL x509crl;
        Set<String> criticalExtensionOIDs;
        if (date2.getTime() > date.getTime()) {
            throw new AnnotatedException("Validation time is in future.");
        }
        Iterator it2 = CertPathValidatorUtilities.k(pKIXCertRevocationCheckerParameters, distributionPoint, x509Certificate, pKIXExtendedParameters, date2).iterator();
        boolean z10 = false;
        AnnotatedException e10 = null;
        while (it2.hasNext() && certStatus.a() == 11 && !reasonsMask.e()) {
            try {
                X509CRL x509crl2 = (X509CRL) it2.next();
                ReasonsMask t10 = t(x509crl2, distributionPoint);
                if (t10.c(reasonsMask)) {
                    it = it2;
                    AnnotatedException annotatedException = e10;
                    try {
                        PublicKey v10 = v(x509crl2, u(x509crl2, x509Certificate, x509Certificate2, publicKey, pKIXExtendedParameters, list, jcaJceHelper));
                        if (pKIXExtendedParameters.F()) {
                            try {
                                x509crl = w(CertPathValidatorUtilities.l(date2, x509crl2, pKIXExtendedParameters.o(), pKIXExtendedParameters.m(), jcaJceHelper), v10);
                            } catch (AnnotatedException e11) {
                                e10 = e11;
                                it2 = it;
                            }
                        } else {
                            x509crl = null;
                        }
                        if (pKIXExtendedParameters.z() != 1 && x509Certificate.getNotAfter().getTime() < x509crl2.getThisUpdate().getTime()) {
                            throw new AnnotatedException("No valid CRL for current time found.");
                        }
                        q(distributionPoint, x509Certificate, x509crl2);
                        r(distributionPoint, x509Certificate, x509crl2);
                        s(x509crl, x509crl2, pKIXExtendedParameters);
                        x(date2, x509crl, x509Certificate, certStatus, pKIXExtendedParameters);
                        y(date2, x509crl2, x509Certificate, certStatus);
                        if (certStatus.a() == 8) {
                            certStatus.c(11);
                        }
                        reasonsMask.a(t10);
                        Set<String> criticalExtensionOIDs2 = x509crl2.getCriticalExtensionOIDs();
                        if (criticalExtensionOIDs2 != null) {
                            HashSet hashSet = new HashSet(criticalExtensionOIDs2);
                            hashSet.remove(Extension.Y.D());
                            hashSet.remove(Extension.X.D());
                            if (!hashSet.isEmpty()) {
                                throw new AnnotatedException("CRL contains unsupported critical extensions.");
                            }
                        }
                        if (x509crl != null && (criticalExtensionOIDs = x509crl.getCriticalExtensionOIDs()) != null) {
                            HashSet hashSet2 = new HashSet(criticalExtensionOIDs);
                            hashSet2.remove(Extension.Y.D());
                            hashSet2.remove(Extension.X.D());
                            if (!hashSet2.isEmpty()) {
                                throw new AnnotatedException("Delta CRL contains unsupported critical extension.");
                            }
                        }
                        it2 = it;
                        z10 = true;
                        e10 = annotatedException;
                    } catch (AnnotatedException e12) {
                        e10 = e12;
                    }
                } else {
                    continue;
                }
            } catch (AnnotatedException e13) {
                e10 = e13;
                it = it2;
            }
        }
        AnnotatedException annotatedException2 = e10;
        if (!z10) {
            throw annotatedException2;
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    /* JADX WARN: Removed duplicated region for block: B:15:0x00b9  */
    /* JADX WARN: Removed duplicated region for block: B:22:0x0109  */
    /* JADX WARN: Removed duplicated region for block: B:28:0x0116  */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public static void b(org.bouncycastle.jcajce.PKIXCertRevocationCheckerParameters r23, org.bouncycastle.jcajce.PKIXExtendedParameters r24, java.util.Date r25, java.util.Date r26, java.security.cert.X509Certificate r27, java.security.cert.X509Certificate r28, java.security.PublicKey r29, java.util.List r30, org.bouncycastle.jcajce.util.JcaJceHelper r31) {
        /*
            Method dump skipped, instructions count: 416
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: org.bouncycastle.jce.provider.RFC3280CertPathUtilities.b(org.bouncycastle.jcajce.PKIXCertRevocationCheckerParameters, org.bouncycastle.jcajce.PKIXExtendedParameters, java.util.Date, java.util.Date, java.security.cert.X509Certificate, java.security.cert.X509Certificate, java.security.PublicKey, java.util.List, org.bouncycastle.jcajce.util.JcaJceHelper):void");
    }

    /* JADX INFO: Access modifiers changed from: protected */
    /* JADX WARN: Code restructure failed: missing block: B:36:0x00d3, code lost:
    
        r5 = ((org.bouncycastle.asn1.ASN1Sequence) org.bouncycastle.jce.provider.CertPathValidatorUtilities.m(r4, org.bouncycastle.jce.provider.RFC3280CertPathUtilities.f28041b)).D();
     */
    /* JADX WARN: Code restructure failed: missing block: B:38:0x00db, code lost:
    
        if (r5.hasMoreElements() == false) goto L103;
     */
    /* JADX WARN: Code restructure failed: missing block: B:40:0x00dd, code lost:
    
        r7 = org.bouncycastle.asn1.x509.PolicyInformation.n(r5.nextElement());
     */
    /* JADX WARN: Code restructure failed: missing block: B:42:0x00f1, code lost:
    
        if ("2.5.29.32.0".equals(r7.o().D()) == false) goto L104;
     */
    /* JADX WARN: Code restructure failed: missing block: B:44:0x00f3, code lost:
    
        r5 = org.bouncycastle.jce.provider.CertPathValidatorUtilities.p(r7.p());
     */
    /* JADX WARN: Code restructure failed: missing block: B:45:0x010f, code lost:
    
        r10 = r5;
     */
    /* JADX WARN: Code restructure failed: missing block: B:46:0x0114, code lost:
    
        if (r4.getCriticalExtensionOIDs() == null) goto L50;
     */
    /* JADX WARN: Code restructure failed: missing block: B:47:0x0116, code lost:
    
        r12 = r4.getCriticalExtensionOIDs().contains(org.bouncycastle.jce.provider.RFC3280CertPathUtilities.f28041b);
     */
    /* JADX WARN: Code restructure failed: missing block: B:48:0x0123, code lost:
    
        r9 = (org.bouncycastle.jce.provider.PKIXPolicyNode) r6.getParent();
     */
    /* JADX WARN: Code restructure failed: missing block: B:49:0x0132, code lost:
    
        if ("2.5.29.32.0".equals(r9.getValidPolicy()) == false) goto L95;
     */
    /* JADX WARN: Code restructure failed: missing block: B:50:0x0134, code lost:
    
        r8 = new org.bouncycastle.jce.provider.PKIXPolicyNode(new java.util.ArrayList(), r3, (java.util.Set) r13.get(r11), r9, r10, r11, r12);
        r9.a(r8);
        r21[r3].add(r8);
     */
    /* JADX WARN: Code restructure failed: missing block: B:54:0x0122, code lost:
    
        r12 = r14;
     */
    /* JADX WARN: Code restructure failed: missing block: B:56:0x00fc, code lost:
    
        r0 = move-exception;
     */
    /* JADX WARN: Code restructure failed: missing block: B:58:0x0104, code lost:
    
        throw new org.bouncycastle.jce.exception.ExtCertPathValidatorException("Policy qualifier info set could not be decoded.", r0, r19, r20);
     */
    /* JADX WARN: Code restructure failed: missing block: B:62:0x0105, code lost:
    
        r0 = move-exception;
     */
    /* JADX WARN: Code restructure failed: missing block: B:64:0x010d, code lost:
    
        throw new java.security.cert.CertPathValidatorException("Policy information could not be decoded.", r0, r19, r20);
     */
    /* JADX WARN: Code restructure failed: missing block: B:66:0x010e, code lost:
    
        r5 = null;
     */
    /* JADX WARN: Code restructure failed: missing block: B:72:0x01b5, code lost:
    
        continue;
     */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public static org.bouncycastle.jce.provider.PKIXPolicyNode c(java.security.cert.CertPath r19, int r20, java.util.List[] r21, org.bouncycastle.jce.provider.PKIXPolicyNode r22, int r23) {
        /*
            Method dump skipped, instructions count: 452
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: org.bouncycastle.jce.provider.RFC3280CertPathUtilities.c(java.security.cert.CertPath, int, java.util.List[], org.bouncycastle.jce.provider.PKIXPolicyNode, int):org.bouncycastle.jce.provider.PKIXPolicyNode");
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static void d(CertPath certPath, int i10) {
        try {
            ASN1Sequence A = ASN1Sequence.A(CertPathValidatorUtilities.m((X509Certificate) certPath.getCertificates().get(i10), f28042c));
            if (A != null) {
                for (int i11 = 0; i11 < A.size(); i11++) {
                    try {
                        ASN1Sequence A2 = ASN1Sequence.A(A.C(i11));
                        ASN1ObjectIdentifier E = ASN1ObjectIdentifier.E(A2.C(0));
                        ASN1ObjectIdentifier E2 = ASN1ObjectIdentifier.E(A2.C(1));
                        if ("2.5.29.32.0".equals(E.D())) {
                            throw new CertPathValidatorException("IssuerDomainPolicy is anyPolicy", null, certPath, i10);
                        }
                        if ("2.5.29.32.0".equals(E2.D())) {
                            throw new CertPathValidatorException("SubjectDomainPolicy is anyPolicy", null, certPath, i10);
                        }
                    } catch (Exception e10) {
                        throw new ExtCertPathValidatorException("Policy mappings extension contents could not be decoded.", e10, certPath, i10);
                    }
                }
            }
        } catch (AnnotatedException e11) {
            throw new ExtCertPathValidatorException("Policy mappings extension could not be decoded.", e11, certPath, i10);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static void e(CertPath certPath, int i10, PKIXNameConstraintValidator pKIXNameConstraintValidator) {
        try {
            ASN1Sequence A = ASN1Sequence.A(CertPathValidatorUtilities.m((X509Certificate) certPath.getCertificates().get(i10), f28051l));
            NameConstraints q10 = A != null ? NameConstraints.q(A) : null;
            if (q10 != null) {
                GeneralSubtree[] r10 = q10.r();
                if (r10 != null) {
                    try {
                        pKIXNameConstraintValidator.f(r10);
                    } catch (Exception e10) {
                        throw new ExtCertPathValidatorException("Permitted subtrees cannot be build from name constraints extension.", e10, certPath, i10);
                    }
                }
                GeneralSubtree[] p10 = q10.p();
                if (p10 != null) {
                    for (int i11 = 0; i11 != p10.length; i11++) {
                        try {
                            pKIXNameConstraintValidator.a(p10[i11]);
                        } catch (Exception e11) {
                            throw new ExtCertPathValidatorException("Excluded subtrees cannot be build from name constraints extension.", e11, certPath, i10);
                        }
                    }
                }
            }
        } catch (Exception e12) {
            throw new ExtCertPathValidatorException("Name constraints extension could not be decoded.", e12, certPath, i10);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static int f(CertPath certPath, int i10, int i11) {
        return (CertPathValidatorUtilities.w((X509Certificate) certPath.getCertificates().get(i10)) || i11 == 0) ? i11 : i11 - 1;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static int g(CertPath certPath, int i10, int i11) {
        return (CertPathValidatorUtilities.w((X509Certificate) certPath.getCertificates().get(i10)) || i11 == 0) ? i11 : i11 - 1;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static int h(CertPath certPath, int i10, int i11) {
        return (CertPathValidatorUtilities.w((X509Certificate) certPath.getCertificates().get(i10)) || i11 == 0) ? i11 : i11 - 1;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    /* JADX WARN: Code restructure failed: missing block: B:12:0x002e, code lost:
    
        r3 = org.bouncycastle.asn1.ASN1Integer.A(r1, false).J();
     */
    /* JADX WARN: Code restructure failed: missing block: B:13:0x0037, code lost:
    
        if (r3 >= r5) goto L16;
     */
    /* JADX WARN: Code restructure failed: missing block: B:14:0x0039, code lost:
    
        return r3;
     */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public static int i(java.security.cert.CertPath r3, int r4, int r5) {
        /*
            java.util.List r0 = r3.getCertificates()
            java.lang.Object r0 = r0.get(r4)
            java.security.cert.X509Certificate r0 = (java.security.cert.X509Certificate) r0
            java.lang.String r1 = org.bouncycastle.jce.provider.RFC3280CertPathUtilities.f28047h     // Catch: java.lang.Exception -> L44
            org.bouncycastle.asn1.ASN1Primitive r0 = org.bouncycastle.jce.provider.CertPathValidatorUtilities.m(r0, r1)     // Catch: java.lang.Exception -> L44
            org.bouncycastle.asn1.ASN1Sequence r0 = org.bouncycastle.asn1.ASN1Sequence.A(r0)     // Catch: java.lang.Exception -> L44
            if (r0 == 0) goto L43
            java.util.Enumeration r0 = r0.D()
        L1a:
            boolean r1 = r0.hasMoreElements()
            if (r1 == 0) goto L43
            java.lang.Object r1 = r0.nextElement()     // Catch: java.lang.IllegalArgumentException -> L3a
            org.bouncycastle.asn1.ASN1TaggedObject r1 = org.bouncycastle.asn1.ASN1TaggedObject.L(r1)     // Catch: java.lang.IllegalArgumentException -> L3a
            int r2 = r1.Q()     // Catch: java.lang.IllegalArgumentException -> L3a
            if (r2 != 0) goto L1a
            r0 = 0
            org.bouncycastle.asn1.ASN1Integer r0 = org.bouncycastle.asn1.ASN1Integer.A(r1, r0)     // Catch: java.lang.IllegalArgumentException -> L3a
            int r3 = r0.J()     // Catch: java.lang.IllegalArgumentException -> L3a
            if (r3 >= r5) goto L43
            return r3
        L3a:
            r5 = move-exception
            org.bouncycastle.jce.exception.ExtCertPathValidatorException r0 = new org.bouncycastle.jce.exception.ExtCertPathValidatorException
            java.lang.String r1 = "Policy constraints extension contents cannot be decoded."
            r0.<init>(r1, r5, r3, r4)
            throw r0
        L43:
            return r5
        L44:
            r5 = move-exception
            org.bouncycastle.jce.exception.ExtCertPathValidatorException r0 = new org.bouncycastle.jce.exception.ExtCertPathValidatorException
            java.lang.String r1 = "Policy constraints extension cannot be decoded."
            r0.<init>(r1, r5, r3, r4)
            throw r0
        */
        throw new UnsupportedOperationException("Method not decompiled: org.bouncycastle.jce.provider.RFC3280CertPathUtilities.i(java.security.cert.CertPath, int, int):int");
    }

    /* JADX INFO: Access modifiers changed from: protected */
    /* JADX WARN: Code restructure failed: missing block: B:12:0x002f, code lost:
    
        r4 = org.bouncycastle.asn1.ASN1Integer.A(r1, false).J();
     */
    /* JADX WARN: Code restructure failed: missing block: B:13:0x0038, code lost:
    
        if (r4 >= r6) goto L16;
     */
    /* JADX WARN: Code restructure failed: missing block: B:14:0x003a, code lost:
    
        return r4;
     */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public static int j(java.security.cert.CertPath r4, int r5, int r6) {
        /*
            java.util.List r0 = r4.getCertificates()
            java.lang.Object r0 = r0.get(r5)
            java.security.cert.X509Certificate r0 = (java.security.cert.X509Certificate) r0
            java.lang.String r1 = org.bouncycastle.jce.provider.RFC3280CertPathUtilities.f28047h     // Catch: java.lang.Exception -> L45
            org.bouncycastle.asn1.ASN1Primitive r0 = org.bouncycastle.jce.provider.CertPathValidatorUtilities.m(r0, r1)     // Catch: java.lang.Exception -> L45
            org.bouncycastle.asn1.ASN1Sequence r0 = org.bouncycastle.asn1.ASN1Sequence.A(r0)     // Catch: java.lang.Exception -> L45
            if (r0 == 0) goto L44
            java.util.Enumeration r0 = r0.D()
        L1a:
            boolean r1 = r0.hasMoreElements()
            if (r1 == 0) goto L44
            java.lang.Object r1 = r0.nextElement()     // Catch: java.lang.IllegalArgumentException -> L3b
            org.bouncycastle.asn1.ASN1TaggedObject r1 = org.bouncycastle.asn1.ASN1TaggedObject.L(r1)     // Catch: java.lang.IllegalArgumentException -> L3b
            int r2 = r1.Q()     // Catch: java.lang.IllegalArgumentException -> L3b
            r3 = 1
            if (r2 != r3) goto L1a
            r0 = 0
            org.bouncycastle.asn1.ASN1Integer r0 = org.bouncycastle.asn1.ASN1Integer.A(r1, r0)     // Catch: java.lang.IllegalArgumentException -> L3b
            int r4 = r0.J()     // Catch: java.lang.IllegalArgumentException -> L3b
            if (r4 >= r6) goto L44
            return r4
        L3b:
            r6 = move-exception
            org.bouncycastle.jce.exception.ExtCertPathValidatorException r0 = new org.bouncycastle.jce.exception.ExtCertPathValidatorException
            java.lang.String r1 = "Policy constraints extension contents cannot be decoded."
            r0.<init>(r1, r6, r4, r5)
            throw r0
        L44:
            return r6
        L45:
            r6 = move-exception
            org.bouncycastle.jce.exception.ExtCertPathValidatorException r0 = new org.bouncycastle.jce.exception.ExtCertPathValidatorException
            java.lang.String r1 = "Policy constraints extension cannot be decoded."
            r0.<init>(r1, r6, r4, r5)
            throw r0
        */
        throw new UnsupportedOperationException("Method not decompiled: org.bouncycastle.jce.provider.RFC3280CertPathUtilities.j(java.security.cert.CertPath, int, int):int");
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static int k(CertPath certPath, int i10, int i11) {
        int J;
        try {
            ASN1Integer z10 = ASN1Integer.z(CertPathValidatorUtilities.m((X509Certificate) certPath.getCertificates().get(i10), f28043d));
            return (z10 == null || (J = z10.J()) >= i11) ? i11 : J;
        } catch (Exception e10) {
            throw new ExtCertPathValidatorException("Inhibit any-policy extension cannot be decoded.", e10, certPath, i10);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static void l(CertPath certPath, int i10) {
        try {
            BasicConstraints n10 = BasicConstraints.n(CertPathValidatorUtilities.m((X509Certificate) certPath.getCertificates().get(i10), f28048i));
            if (n10 == null) {
                throw new CertPathValidatorException("Intermediate certificate lacks BasicConstraints", null, certPath, i10);
            }
            if (!n10.p()) {
                throw new CertPathValidatorException("Not a CA certificate", null, certPath, i10);
            }
        } catch (Exception e10) {
            throw new ExtCertPathValidatorException("Basic constraints extension cannot be decoded.", e10, certPath, i10);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static int m(CertPath certPath, int i10, int i11) {
        if (CertPathValidatorUtilities.w((X509Certificate) certPath.getCertificates().get(i10))) {
            return i11;
        }
        if (i11 > 0) {
            return i11 - 1;
        }
        throw new ExtCertPathValidatorException("Max path length not greater than zero", null, certPath, i10);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static int n(CertPath certPath, int i10, int i11) {
        BigInteger o10;
        int intValue;
        try {
            BasicConstraints n10 = BasicConstraints.n(CertPathValidatorUtilities.m((X509Certificate) certPath.getCertificates().get(i10), f28048i));
            return (n10 == null || (o10 = n10.o()) == null || (intValue = o10.intValue()) >= i11) ? i11 : intValue;
        } catch (Exception e10) {
            throw new ExtCertPathValidatorException("Basic constraints extension cannot be decoded.", e10, certPath, i10);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static void o(CertPath certPath, int i10) {
        boolean[] keyUsage = ((X509Certificate) certPath.getCertificates().get(i10)).getKeyUsage();
        if (keyUsage != null) {
            if (keyUsage.length <= 5 || !keyUsage[5]) {
                throw new ExtCertPathValidatorException("Issuer certificate keyusage extension is critical and does not permit key signing.", null, certPath, i10);
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static void p(CertPath certPath, int i10, Set set, List list) {
        X509Certificate x509Certificate = (X509Certificate) certPath.getCertificates().get(i10);
        Iterator it = list.iterator();
        while (it.hasNext()) {
            try {
                ((PKIXCertPathChecker) it.next()).check(x509Certificate, set);
            } catch (CertPathValidatorException e10) {
                throw new CertPathValidatorException(e10.getMessage(), e10.getCause(), certPath, i10);
            }
        }
        if (set.isEmpty()) {
            return;
        }
        throw new ExtCertPathValidatorException("Certificate has unsupported critical extension: " + set, null, certPath, i10);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static void q(DistributionPoint distributionPoint, Object obj, X509CRL x509crl) {
        ASN1Primitive m10 = CertPathValidatorUtilities.m(x509crl, f28044e);
        boolean z10 = true;
        boolean z11 = m10 != null && IssuingDistributionPoint.q(m10).s();
        try {
            byte[] encoded = PrincipalUtils.d(x509crl).getEncoded();
            if (distributionPoint.o() != null) {
                GeneralName[] q10 = distributionPoint.o().q();
                boolean z12 = false;
                for (int i10 = 0; i10 < q10.length; i10++) {
                    if (q10[i10].r() == 4) {
                        try {
                            if (Arrays.c(q10[i10].q().d().getEncoded(), encoded)) {
                                z12 = true;
                            }
                        } catch (IOException e10) {
                            throw new AnnotatedException("CRL issuer information from distribution point cannot be decoded.", e10);
                        }
                    }
                }
                if (z12 && !z11) {
                    throw new AnnotatedException("Distribution point contains cRLIssuer field but CRL is not indirect.");
                }
                if (!z12) {
                    throw new AnnotatedException("CRL issuer of CRL does not match CRL issuer of distribution point.");
                }
                z10 = z12;
            } else if (!PrincipalUtils.d(x509crl).equals(PrincipalUtils.c(obj))) {
                z10 = false;
            }
            if (!z10) {
                throw new AnnotatedException("Cannot find matching CRL issuer for certificate.");
            }
        } catch (IOException e11) {
            throw new AnnotatedException("Exception encoding CRL issuer: " + e11.getMessage(), e11);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static void r(DistributionPoint distributionPoint, Object obj, X509CRL x509crl) {
        GeneralName[] generalNameArr;
        try {
            IssuingDistributionPoint q10 = IssuingDistributionPoint.q(CertPathValidatorUtilities.m(x509crl, f28044e));
            if (q10 != null) {
                if (q10.p() != null) {
                    DistributionPointName p10 = IssuingDistributionPoint.q(q10).p();
                    ArrayList arrayList = new ArrayList();
                    boolean z10 = false;
                    if (p10.r() == 0) {
                        for (GeneralName generalName : GeneralNames.o(p10.q()).q()) {
                            arrayList.add(generalName);
                        }
                    }
                    if (p10.r() == 1) {
                        ASN1EncodableVector aSN1EncodableVector = new ASN1EncodableVector();
                        try {
                            Enumeration D = ASN1Sequence.A(PrincipalUtils.d(x509crl)).D();
                            while (D.hasMoreElements()) {
                                aSN1EncodableVector.a((ASN1Encodable) D.nextElement());
                            }
                            aSN1EncodableVector.a(p10.q());
                            arrayList.add(new GeneralName(X500Name.n(new DERSequence(aSN1EncodableVector))));
                        } catch (Exception e10) {
                            throw new AnnotatedException("Could not read CRL issuer.", e10);
                        }
                    }
                    if (distributionPoint.p() != null) {
                        DistributionPointName p11 = distributionPoint.p();
                        GeneralName[] q11 = p11.r() == 0 ? GeneralNames.o(p11.q()).q() : null;
                        if (p11.r() == 1) {
                            if (distributionPoint.o() != null) {
                                generalNameArr = distributionPoint.o().q();
                            } else {
                                generalNameArr = new GeneralName[1];
                                try {
                                    generalNameArr[0] = new GeneralName(PrincipalUtils.c(obj));
                                } catch (Exception e11) {
                                    throw new AnnotatedException("Could not read certificate issuer.", e11);
                                }
                            }
                            q11 = generalNameArr;
                            for (int i10 = 0; i10 < q11.length; i10++) {
                                Enumeration D2 = ASN1Sequence.A(q11[i10].q().d()).D();
                                ASN1EncodableVector aSN1EncodableVector2 = new ASN1EncodableVector();
                                while (D2.hasMoreElements()) {
                                    aSN1EncodableVector2.a((ASN1Encodable) D2.nextElement());
                                }
                                aSN1EncodableVector2.a(p11.q());
                                q11[i10] = new GeneralName(X500Name.n(new DERSequence(aSN1EncodableVector2)));
                            }
                        }
                        if (q11 != null) {
                            int i11 = 0;
                            while (true) {
                                if (i11 >= q11.length) {
                                    break;
                                }
                                if (arrayList.contains(q11[i11])) {
                                    z10 = true;
                                    break;
                                }
                                i11++;
                            }
                        }
                        if (!z10) {
                            throw new AnnotatedException("No match for certificate CRL issuing distribution point name to cRLIssuer CRL distribution point.");
                        }
                    } else {
                        if (distributionPoint.o() == null) {
                            throw new AnnotatedException("Either the cRLIssuer or the distributionPoint field must be contained in DistributionPoint.");
                        }
                        GeneralName[] q12 = distributionPoint.o().q();
                        int i12 = 0;
                        while (true) {
                            if (i12 >= q12.length) {
                                break;
                            }
                            if (arrayList.contains(q12[i12])) {
                                z10 = true;
                                break;
                            }
                            i12++;
                        }
                        if (!z10) {
                            throw new AnnotatedException("No match for certificate CRL issuing distribution point name to cRLIssuer CRL distribution point.");
                        }
                    }
                }
                try {
                    BasicConstraints n10 = BasicConstraints.n(CertPathValidatorUtilities.m((X509Extension) obj, f28048i));
                    if (obj instanceof X509Certificate) {
                        if (q10.v() && n10 != null && n10.p()) {
                            throw new AnnotatedException("CA Cert CRL only contains user certificates.");
                        }
                        if (q10.u() && (n10 == null || !n10.p())) {
                            throw new AnnotatedException("End CRL only contains CA certificates.");
                        }
                    }
                    if (q10.t()) {
                        throw new AnnotatedException("onlyContainsAttributeCerts boolean is asserted.");
                    }
                } catch (Exception e12) {
                    throw new AnnotatedException("Basic constraints extension could not be decoded.", e12);
                }
            }
        } catch (Exception e13) {
            throw new AnnotatedException("Issuing distribution point extension could not be decoded.", e13);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static void s(X509CRL x509crl, X509CRL x509crl2, PKIXExtendedParameters pKIXExtendedParameters) {
        if (x509crl == null) {
            return;
        }
        if (x509crl.hasUnsupportedCriticalExtension()) {
            throw new AnnotatedException("delta CRL has unsupported critical extensions");
        }
        try {
            String str = f28044e;
            IssuingDistributionPoint q10 = IssuingDistributionPoint.q(CertPathValidatorUtilities.m(x509crl2, str));
            if (pKIXExtendedParameters.F()) {
                if (!PrincipalUtils.d(x509crl).equals(PrincipalUtils.d(x509crl2))) {
                    throw new AnnotatedException("Complete CRL issuer does not match delta CRL issuer.");
                }
                try {
                    IssuingDistributionPoint q11 = IssuingDistributionPoint.q(CertPathValidatorUtilities.m(x509crl, str));
                    boolean z10 = true;
                    if (q10 != null ? !q10.equals(q11) : q11 != null) {
                        z10 = false;
                    }
                    if (!z10) {
                        throw new AnnotatedException("Issuing distribution point extension from delta CRL and complete CRL does not match.");
                    }
                    try {
                        String str2 = f28052m;
                        ASN1Primitive m10 = CertPathValidatorUtilities.m(x509crl2, str2);
                        try {
                            ASN1Primitive m11 = CertPathValidatorUtilities.m(x509crl, str2);
                            if (m10 == null) {
                                throw new AnnotatedException("CRL authority key identifier is null.");
                            }
                            if (m11 == null) {
                                throw new AnnotatedException("Delta CRL authority key identifier is null.");
                            }
                            if (!m10.t(m11)) {
                                throw new AnnotatedException("Delta CRL authority key identifier does not match complete CRL authority key identifier.");
                            }
                        } catch (AnnotatedException e10) {
                            throw new AnnotatedException("Authority key identifier extension could not be extracted from delta CRL.", e10);
                        }
                    } catch (AnnotatedException e11) {
                        throw new AnnotatedException("Authority key identifier extension could not be extracted from complete CRL.", e11);
                    }
                } catch (Exception e12) {
                    throw new AnnotatedException("Issuing distribution point extension from delta CRL could not be decoded.", e12);
                }
            }
        } catch (Exception e13) {
            throw new AnnotatedException("Issuing distribution point extension could not be decoded.", e13);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static ReasonsMask t(X509CRL x509crl, DistributionPoint distributionPoint) {
        try {
            IssuingDistributionPoint q10 = IssuingDistributionPoint.q(CertPathValidatorUtilities.m(x509crl, f28044e));
            if (q10 != null && q10.r() != null && distributionPoint.r() != null) {
                return new ReasonsMask(distributionPoint.r()).d(new ReasonsMask(q10.r()));
            }
            if ((q10 == null || q10.r() == null) && distributionPoint.r() == null) {
                return ReasonsMask.f28060b;
            }
            return (distributionPoint.r() == null ? ReasonsMask.f28060b : new ReasonsMask(distributionPoint.r())).d(q10 == null ? ReasonsMask.f28060b : new ReasonsMask(q10.r()));
        } catch (Exception e10) {
            throw new AnnotatedException("Issuing distribution point extension could not be decoded.", e10);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static Set u(X509CRL x509crl, Object obj, X509Certificate x509Certificate, PublicKey publicKey, PKIXExtendedParameters pKIXExtendedParameters, List list, JcaJceHelper jcaJceHelper) {
        int i10;
        X509CertSelector x509CertSelector = new X509CertSelector();
        try {
            x509CertSelector.setSubject(PrincipalUtils.d(x509crl).getEncoded());
            PKIXCertStoreSelector a10 = new PKIXCertStoreSelector.Builder(x509CertSelector).a();
            LinkedHashSet linkedHashSet = new LinkedHashSet();
            try {
                CertPathValidatorUtilities.b(linkedHashSet, a10, pKIXExtendedParameters.p());
                CertPathValidatorUtilities.b(linkedHashSet, a10, pKIXExtendedParameters.o());
                linkedHashSet.add(x509Certificate);
                Iterator it = linkedHashSet.iterator();
                ArrayList arrayList = new ArrayList();
                ArrayList arrayList2 = new ArrayList();
                while (true) {
                    if (!it.hasNext()) {
                        break;
                    }
                    X509Certificate x509Certificate2 = (X509Certificate) it.next();
                    if (x509Certificate2.equals(x509Certificate)) {
                        arrayList.add(x509Certificate2);
                        arrayList2.add(publicKey);
                    } else {
                        try {
                            CertPathBuilderSpi pKIXCertPathBuilderSpi_8 = f28040a != null ? new PKIXCertPathBuilderSpi_8(true) : new PKIXCertPathBuilderSpi(true);
                            X509CertSelector x509CertSelector2 = new X509CertSelector();
                            x509CertSelector2.setCertificate(x509Certificate2);
                            PKIXExtendedParameters.Builder q10 = new PKIXExtendedParameters.Builder(pKIXExtendedParameters).q(new PKIXCertStoreSelector.Builder(x509CertSelector2).a());
                            if (list.contains(x509Certificate2)) {
                                q10.p(false);
                            } else {
                                q10.p(true);
                            }
                            List<? extends Certificate> certificates = pKIXCertPathBuilderSpi_8.engineBuild(new PKIXExtendedBuilderParameters.Builder(q10.o()).e()).getCertPath().getCertificates();
                            arrayList.add(x509Certificate2);
                            arrayList2.add(CertPathValidatorUtilities.n(certificates, 0, jcaJceHelper));
                        } catch (CertPathBuilderException e10) {
                            throw new AnnotatedException("CertPath for CRL signer failed to validate.", e10);
                        } catch (CertPathValidatorException e11) {
                            throw new AnnotatedException("Public key of issuer certificate of CRL could not be retrieved.", e11);
                        } catch (Exception e12) {
                            throw new AnnotatedException(e12.getMessage());
                        }
                    }
                }
                HashSet hashSet = new HashSet();
                AnnotatedException annotatedException = null;
                for (i10 = 0; i10 < arrayList.size(); i10++) {
                    boolean[] keyUsage = ((X509Certificate) arrayList.get(i10)).getKeyUsage();
                    if (keyUsage == null || (keyUsage.length > 6 && keyUsage[6])) {
                        hashSet.add(arrayList2.get(i10));
                    } else {
                        annotatedException = new AnnotatedException("Issuer certificate key usage extension does not permit CRL signing.");
                    }
                }
                if (hashSet.isEmpty() && annotatedException == null) {
                    throw new AnnotatedException("Cannot find a valid issuer certificate.");
                }
                if (!hashSet.isEmpty() || annotatedException == null) {
                    return hashSet;
                }
                throw annotatedException;
            } catch (AnnotatedException e13) {
                throw new AnnotatedException("Issuer certificate for CRL cannot be searched.", e13);
            }
        } catch (IOException e14) {
            throw new AnnotatedException("Subject criteria for certificate selector to find issuer certificate for CRL could not be set.", e14);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static PublicKey v(X509CRL x509crl, Set set) {
        Iterator it = set.iterator();
        Exception e10 = null;
        while (it.hasNext()) {
            PublicKey publicKey = (PublicKey) it.next();
            try {
                x509crl.verify(publicKey);
                return publicKey;
            } catch (Exception e11) {
                e10 = e11;
            }
        }
        throw new AnnotatedException("Cannot verify CRL.", e10);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static X509CRL w(Set set, PublicKey publicKey) {
        Iterator it = set.iterator();
        Exception e10 = null;
        while (it.hasNext()) {
            X509CRL x509crl = (X509CRL) it.next();
            try {
                x509crl.verify(publicKey);
                return x509crl;
            } catch (Exception e11) {
                e10 = e11;
            }
        }
        if (e10 == null) {
            return null;
        }
        throw new AnnotatedException("Cannot verify delta CRL.", e10);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static void x(Date date, X509CRL x509crl, Object obj, CertStatus certStatus, PKIXExtendedParameters pKIXExtendedParameters) {
        if (!pKIXExtendedParameters.F() || x509crl == null) {
            return;
        }
        CertPathValidatorUtilities.j(date, x509crl, obj, certStatus);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static void y(Date date, X509CRL x509crl, Object obj, CertStatus certStatus) {
        if (certStatus.a() == 11) {
            CertPathValidatorUtilities.j(date, x509crl, obj, certStatus);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static void z(CertPath certPath, PKIXExtendedParameters pKIXExtendedParameters, Date date, PKIXCertRevocationChecker pKIXCertRevocationChecker, int i10, PublicKey publicKey, boolean z10, X500Name x500Name, X509Certificate x509Certificate) {
        X509Certificate x509Certificate2 = (X509Certificate) certPath.getCertificates().get(i10);
        if (!z10) {
            try {
                CertPathValidatorUtilities.B(x509Certificate2, publicKey, pKIXExtendedParameters.u());
            } catch (GeneralSecurityException e10) {
                throw new ExtCertPathValidatorException("Could not validate certificate signature.", e10, certPath, i10);
            }
        }
        try {
            Date r10 = CertPathValidatorUtilities.r(date, pKIXExtendedParameters.z(), certPath, i10);
            try {
                x509Certificate2.checkValidity(r10);
                if (pKIXCertRevocationChecker != null) {
                    pKIXCertRevocationChecker.a(new PKIXCertRevocationCheckerParameters(pKIXExtendedParameters, r10, certPath, i10, x509Certificate, publicKey));
                    pKIXCertRevocationChecker.check(x509Certificate2);
                }
                X500Name e11 = PrincipalUtils.e(x509Certificate2);
                if (e11.equals(x500Name)) {
                    return;
                }
                throw new ExtCertPathValidatorException("IssuerName(" + e11 + ") does not match SubjectName(" + x500Name + ") of signing certificate.", null, certPath, i10);
            } catch (CertificateExpiredException e12) {
                throw new ExtCertPathValidatorException("Could not validate certificate: " + e12.getMessage(), e12, certPath, i10);
            } catch (CertificateNotYetValidException e13) {
                throw new ExtCertPathValidatorException("Could not validate certificate: " + e13.getMessage(), e13, certPath, i10);
            }
        } catch (AnnotatedException e14) {
            throw new ExtCertPathValidatorException("Could not validate time of certificate.", e14, certPath, i10);
        }
    }
}
