package org.b.e.d;

import java.io.IOException;
import java.security.InvalidAlgorithmParameterException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.Principal;
import java.security.cert.CertPath;
import java.security.cert.CertPathBuilder;
import java.security.cert.CertPathBuilderException;
import java.security.cert.CertPathBuilderResult;
import java.security.cert.CertPathValidator;
import java.security.cert.CertPathValidatorException;
import java.security.cert.CertPathValidatorResult;
import java.security.cert.CertificateExpiredException;
import java.security.cert.CertificateNotYetValidException;
import java.security.cert.TrustAnchor;
import java.security.cert.X509CertSelector;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Date;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Set;
import javax.security.auth.x500.X500Principal;
import org.b.a.ae.be;
import org.b.a.ae.br;
import org.b.d.h;
import org.b.d.j;
import org.b.d.k;

/* loaded from: classes.dex */
class al {
    private static final String TARGET_INFORMATION = br.TargetInformation.getId();
    private static final String NO_REV_AVAIL = br.NoRevAvail.getId();
    private static final String CRL_DISTRIBUTION_POINTS = br.CRLDistributionPoints.getId();
    private static final String AUTHORITY_INFO_ACCESS = br.AuthorityInfoAccess.getId();

    al() {
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static void additionalChecks(org.b.i.p pVar, Set set, Set set2) throws CertPathValidatorException {
        Iterator it = set.iterator();
        while (it.hasNext()) {
            String str = (String) it.next();
            if (pVar.getAttributes(str) != null) {
                throw new CertPathValidatorException("Attribute certificate contains prohibited attribute: " + str + ".");
            }
        }
        Iterator it2 = set2.iterator();
        while (it2.hasNext()) {
            String str2 = (String) it2.next();
            if (pVar.getAttributes(str2) == null) {
                throw new CertPathValidatorException("Attribute certificate does not contain necessary attribute: " + str2 + ".");
            }
        }
    }

    /* JADX WARN: Code restructure failed: missing block: B:47:0x00f6, code lost:
    
        throw r11;
     */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    private static void checkCRL(org.b.a.ae.v r16, org.b.i.p r17, org.b.d.k r18, java.util.Date r19, java.security.cert.X509Certificate r20, org.b.e.d.i r21, org.b.e.d.am r22, java.util.List r23, org.b.d.d.c r24) throws org.b.e.d.a {
        /*
            Method dump skipped, instructions count: 247
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: org.b.e.d.al.checkCRL(org.b.a.ae.v, org.b.i.p, org.b.d.k, java.util.Date, java.security.cert.X509Certificate, org.b.e.d.i, org.b.e.d.am, java.util.List, org.b.d.d.c):void");
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static void checkCRLs(org.b.i.p pVar, org.b.d.k kVar, X509Certificate x509Certificate, Date date, List list, org.b.d.d.c cVar) throws CertPathValidatorException {
        boolean z;
        if (kVar.isRevocationEnabled()) {
            if (pVar.getExtensionValue(NO_REV_AVAIL) != null) {
                if (pVar.getExtensionValue(CRL_DISTRIBUTION_POINTS) != null || pVar.getExtensionValue(AUTHORITY_INFO_ACCESS) != null) {
                    throw new CertPathValidatorException("No rev avail extension is set, but also an AC revocation pointer.");
                }
                return;
            }
            try {
                org.b.a.ae.k kVar2 = org.b.a.ae.k.getInstance(h.getExtensionValue(pVar, CRL_DISTRIBUTION_POINTS));
                List arrayList = new ArrayList();
                try {
                    arrayList.addAll(h.getAdditionalStoresFromCRLDistributionPoint(kVar2, kVar.getNamedCRLStoreMap()));
                    k.a aVar = new k.a(kVar);
                    Iterator it = arrayList.iterator();
                    while (it.hasNext()) {
                        aVar.addCRLStore((org.b.d.d) arrayList);
                    }
                    org.b.d.k build = aVar.build();
                    i iVar = new i();
                    am amVar = new am();
                    a aVar2 = null;
                    if (kVar2 != null) {
                        try {
                            org.b.a.ae.v[] distributionPoints = kVar2.getDistributionPoints();
                            z = false;
                            for (int i = 0; i < distributionPoints.length && iVar.getCertStatus() == 11 && !amVar.isAllReasons(); i++) {
                                try {
                                    checkCRL(distributionPoints[i], pVar, (org.b.d.k) build.clone(), date, x509Certificate, iVar, amVar, list, cVar);
                                    z = true;
                                } catch (a e) {
                                    aVar2 = new a("No valid CRL for distribution point found.", e);
                                }
                            }
                        } catch (Exception e2) {
                            throw new org.b.e.a.b("Distribution points could not be read.", e2);
                        }
                    } else {
                        z = false;
                    }
                    if (iVar.getCertStatus() == 11 && !amVar.isAllReasons()) {
                        try {
                            try {
                                checkCRL(new org.b.a.ae.v(new org.b.a.ae.w(0, new org.b.a.ae.ac(new org.b.a.ae.ab(4, new org.b.a.k(((X500Principal) pVar.getIssuer().getPrincipals()[0]).getEncoded()).readObject()))), null, null), pVar, (org.b.d.k) build.clone(), date, x509Certificate, iVar, amVar, list, cVar);
                                z = true;
                            } catch (Exception e3) {
                                throw new a("Issuer from certificate for CRL could not be reencoded.", e3);
                            }
                        } catch (a e4) {
                            aVar2 = new a("No valid CRL for distribution point found.", e4);
                        }
                    }
                    if (!z) {
                        throw new org.b.e.a.b("No valid CRL found.", aVar2);
                    }
                    if (iVar.getCertStatus() != 11) {
                        throw new CertPathValidatorException(("Attribute certificate revocation after " + iVar.getRevocationDate()) + ", reason: " + ak.crlReasons[iVar.getCertStatus()]);
                    }
                    if (!amVar.isAllReasons() && iVar.getCertStatus() == 11) {
                        iVar.setCertStatus(12);
                    }
                    if (iVar.getCertStatus() == 12) {
                        throw new CertPathValidatorException("Attribute certificate status could not be determined.");
                    }
                } catch (a e5) {
                    throw new CertPathValidatorException("No additional CRL locations could be decoded from CRL distribution point extension.", e5);
                }
            } catch (a e6) {
                throw new CertPathValidatorException("CRL distribution point extension could not be read.", e6);
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static CertPath processAttrCert1(org.b.i.p pVar, org.b.d.k kVar) throws CertPathValidatorException {
        org.b.e.a.b bVar;
        CertPathBuilderResult certPathBuilderResult;
        HashSet hashSet = new HashSet();
        if (pVar.getHolder().getIssuer() != null) {
            X509CertSelector x509CertSelector = new X509CertSelector();
            x509CertSelector.setSerialNumber(pVar.getHolder().getSerialNumber());
            Principal[] issuer = pVar.getHolder().getIssuer();
            for (int i = 0; i < issuer.length; i++) {
                try {
                    if (issuer[i] instanceof X500Principal) {
                        x509CertSelector.setIssuer(((X500Principal) issuer[i]).getEncoded());
                    }
                    hashSet.addAll(h.findCertificates(new h.a(x509CertSelector).build(), kVar.getCertStores()));
                } catch (IOException e) {
                    throw new org.b.e.a.b("Unable to encode X500 principal.", e);
                } catch (a e2) {
                    throw new org.b.e.a.b("Public key certificate for attribute certificate cannot be searched.", e2);
                }
            }
            if (hashSet.isEmpty()) {
                throw new CertPathValidatorException("Public key certificate specified in base certificate ID for attribute certificate cannot be found.");
            }
        }
        if (pVar.getHolder().getEntityNames() != null) {
            org.b.i.s sVar = new org.b.i.s();
            Principal[] entityNames = pVar.getHolder().getEntityNames();
            for (int i2 = 0; i2 < entityNames.length; i2++) {
                try {
                    if (entityNames[i2] instanceof X500Principal) {
                        sVar.setIssuer(((X500Principal) entityNames[i2]).getEncoded());
                    }
                    hashSet.addAll(h.findCertificates(new h.a(sVar).build(), kVar.getCertStores()));
                } catch (IOException e3) {
                    throw new org.b.e.a.b("Unable to encode X500 principal.", e3);
                } catch (a e4) {
                    throw new org.b.e.a.b("Public key certificate for attribute certificate cannot be searched.", e4);
                }
            }
            if (hashSet.isEmpty()) {
                throw new CertPathValidatorException("Public key certificate specified in entity name for attribute certificate cannot be found.");
            }
        }
        k.a aVar = new k.a(kVar);
        Iterator it = hashSet.iterator();
        org.b.e.a.b bVar2 = null;
        CertPathBuilderResult certPathBuilderResult2 = null;
        while (it.hasNext()) {
            org.b.i.s sVar2 = new org.b.i.s();
            sVar2.setCertificate((X509Certificate) it.next());
            aVar.setTargetConstraints(new h.a(sVar2).build());
            try {
                try {
                    org.b.e.a.b bVar3 = bVar2;
                    certPathBuilderResult = CertPathBuilder.getInstance("PKIX", b.PROVIDER_NAME).build(new j.a(aVar.build()).build());
                    bVar = bVar3;
                } catch (InvalidAlgorithmParameterException e5) {
                    throw new RuntimeException(e5.getMessage());
                } catch (CertPathBuilderException e6) {
                    bVar = new org.b.e.a.b("Certification path for public key certificate of attribute certificate could not be build.", e6);
                    certPathBuilderResult = certPathBuilderResult2;
                }
                certPathBuilderResult2 = certPathBuilderResult;
                bVar2 = bVar;
            } catch (NoSuchAlgorithmException e7) {
                throw new org.b.e.a.b("Support class could not be created.", e7);
            } catch (NoSuchProviderException e8) {
                throw new org.b.e.a.b("Support class could not be created.", e8);
            }
        }
        if (bVar2 != null) {
            throw bVar2;
        }
        return certPathBuilderResult2.getCertPath();
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static CertPathValidatorResult processAttrCert2(CertPath certPath, org.b.d.k kVar) throws CertPathValidatorException {
        try {
            try {
                return CertPathValidator.getInstance("PKIX", b.PROVIDER_NAME).validate(certPath, kVar);
            } catch (InvalidAlgorithmParameterException e) {
                throw new RuntimeException(e.getMessage());
            } catch (CertPathValidatorException e2) {
                throw new org.b.e.a.b("Certification path for issuer certificate of attribute certificate could not be validated.", e2);
            }
        } catch (NoSuchAlgorithmException e3) {
            throw new org.b.e.a.b("Support class could not be created.", e3);
        } catch (NoSuchProviderException e4) {
            throw new org.b.e.a.b("Support class could not be created.", e4);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static void processAttrCert3(X509Certificate x509Certificate, org.b.d.k kVar) throws CertPathValidatorException {
        if (x509Certificate.getKeyUsage() != null && !x509Certificate.getKeyUsage()[0] && !x509Certificate.getKeyUsage()[1]) {
            throw new CertPathValidatorException("Attribute certificate issuer public key cannot be used to validate digital signatures.");
        }
        if (x509Certificate.getBasicConstraints() != -1) {
            throw new CertPathValidatorException("Attribute certificate issuer is also a public key certificate issuer.");
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static void processAttrCert4(X509Certificate x509Certificate, Set set) throws CertPathValidatorException {
        boolean z;
        boolean z2 = false;
        Iterator it = set.iterator();
        while (true) {
            z = z2;
            if (!it.hasNext()) {
                break;
            }
            TrustAnchor trustAnchor = (TrustAnchor) it.next();
            z2 = (x509Certificate.getSubjectX500Principal().getName("RFC2253").equals(trustAnchor.getCAName()) || x509Certificate.equals(trustAnchor.getTrustedCert())) ? true : z;
        }
        if (!z) {
            throw new CertPathValidatorException("Attribute certificate issuer is not directly trusted.");
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static void processAttrCert5(org.b.i.p pVar, org.b.d.k kVar) throws CertPathValidatorException {
        try {
            pVar.checkValidity(h.getValidDate(kVar));
        } catch (CertificateExpiredException e) {
            throw new org.b.e.a.b("Attribute certificate is not valid.", e);
        } catch (CertificateNotYetValidException e2) {
            throw new org.b.e.a.b("Attribute certificate is not valid.", e2);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static void processAttrCert7(org.b.i.p pVar, CertPath certPath, CertPath certPath2, org.b.d.k kVar, Set set) throws CertPathValidatorException {
        Set<String> criticalExtensionOIDs = pVar.getCriticalExtensionOIDs();
        if (criticalExtensionOIDs.contains(TARGET_INFORMATION)) {
            try {
                be.getInstance(h.getExtensionValue(pVar, TARGET_INFORMATION));
            } catch (IllegalArgumentException e) {
                throw new org.b.e.a.b("Target information extension could not be read.", e);
            } catch (a e2) {
                throw new org.b.e.a.b("Target information extension could not be read.", e2);
            }
        }
        criticalExtensionOIDs.remove(TARGET_INFORMATION);
        Iterator it = set.iterator();
        while (it.hasNext()) {
            ((org.b.i.k) it.next()).check(pVar, certPath, certPath2, criticalExtensionOIDs);
        }
        if (!criticalExtensionOIDs.isEmpty()) {
            throw new CertPathValidatorException("Attribute certificate contains unsupported critical extensions: " + criticalExtensionOIDs);
        }
    }
}
