package org.spongycastle.jce.provider;

import java.io.IOException;
import java.security.InvalidAlgorithmParameterException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.Principal;
import java.security.cert.CertPath;
import java.security.cert.CertPathBuilder;
import java.security.cert.CertPathBuilderException;
import java.security.cert.CertPathBuilderResult;
import java.security.cert.CertPathValidator;
import java.security.cert.CertPathValidatorException;
import java.security.cert.CertPathValidatorResult;
import java.security.cert.CertificateExpiredException;
import java.security.cert.CertificateNotYetValidException;
import java.security.cert.TrustAnchor;
import java.security.cert.X509CertSelector;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Date;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Set;
import javax.security.auth.x500.X500Principal;
import org.spongycastle.a.u.am;
import org.spongycastle.a.u.as;
import org.spongycastle.a.u.q;
import org.spongycastle.a.u.r;
import org.spongycastle.a.u.u;
import org.spongycastle.a.u.v;
import org.spongycastle.jcajce.j;
import org.spongycastle.jcajce.k;
import org.spongycastle.jcajce.l;
import org.spongycastle.jce.exception.ExtCertPathValidatorException;

/* compiled from: RFC3281CertPathUtilities.java */
/* loaded from: classes2.dex */
final class i {

    /* renamed from: a, reason: collision with root package name */
    private static final String f30631a = as.E.f29700a;

    /* renamed from: b, reason: collision with root package name */
    private static final String f30632b = as.D.f29700a;

    /* renamed from: c, reason: collision with root package name */
    private static final String f30633c = as.p.f29700a;

    /* renamed from: d, reason: collision with root package name */
    private static final String f30634d = as.x.f29700a;

    /* JADX INFO: Access modifiers changed from: protected */
    public static CertPathValidatorResult a(CertPath certPath, l lVar) throws CertPathValidatorException {
        try {
            try {
                return CertPathValidator.getInstance("PKIX", "SC").validate(certPath, lVar);
            } catch (InvalidAlgorithmParameterException e2) {
                throw new RuntimeException(e2.getMessage());
            } catch (CertPathValidatorException e3) {
                throw new ExtCertPathValidatorException("Certification path for issuer certificate of attribute certificate could not be validated.", e3);
            }
        } catch (NoSuchAlgorithmException e4) {
            throw new ExtCertPathValidatorException("Support class could not be created.", e4);
        } catch (NoSuchProviderException e5) {
            throw new ExtCertPathValidatorException("Support class could not be created.", e5);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static void a(X509Certificate x509Certificate) throws CertPathValidatorException {
        if (x509Certificate.getKeyUsage() != null && !x509Certificate.getKeyUsage()[0] && !x509Certificate.getKeyUsage()[1]) {
            throw new CertPathValidatorException("Attribute certificate issuer public key cannot be used to validate digital signatures.");
        }
        if (x509Certificate.getBasicConstraints() != -1) {
            throw new CertPathValidatorException("Attribute certificate issuer is also a public key certificate issuer.");
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static void a(X509Certificate x509Certificate, Set set) throws CertPathValidatorException {
        boolean z;
        boolean z2 = false;
        Iterator it = set.iterator();
        while (true) {
            z = z2;
            if (!it.hasNext()) {
                break;
            }
            TrustAnchor trustAnchor = (TrustAnchor) it.next();
            z2 = (x509Certificate.getSubjectX500Principal().getName("RFC2253").equals(trustAnchor.getCAName()) || x509Certificate.equals(trustAnchor.getTrustedCert())) ? true : z;
        }
        if (!z) {
            throw new CertPathValidatorException("Attribute certificate issuer is not directly trusted.");
        }
    }

    /* JADX WARN: Code restructure failed: missing block: B:47:0x00d4, code lost:
    
        throw r8;
     */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    private static void a(org.spongycastle.a.u.q r13, org.spongycastle.g.g r14, org.spongycastle.jcajce.l r15, java.util.Date r16, org.spongycastle.jce.provider.c r17, org.spongycastle.jce.provider.j r18, java.util.List r19, org.spongycastle.jcajce.a.b r20) throws org.spongycastle.jce.provider.AnnotatedException {
        /*
            org.spongycastle.a.o r2 = org.spongycastle.a.u.as.D
            java.lang.String r2 = r2.f29700a
            byte[] r2 = r14.getExtensionValue(r2)
            if (r2 == 0) goto Lb
        La:
            return
        Lb:
            java.util.Date r10 = new java.util.Date
            long r2 = java.lang.System.currentTimeMillis()
            r10.<init>(r2)
            long r2 = r16.getTime()
            long r4 = r10.getTime()
            int r2 = (r2 > r4 ? 1 : (r2 == r4 ? 0 : -1))
            if (r2 <= 0) goto L29
            org.spongycastle.jce.provider.AnnotatedException r2 = new org.spongycastle.jce.provider.AnnotatedException
            java.lang.String r3 = "Validation time is in future."
            r2.<init>(r3)
            throw r2
        L29:
            java.util.Set r4 = org.spongycastle.jce.provider.b.a(r13, r14, r15)
            r3 = 0
            r2 = 0
            java.util.Iterator r11 = r4.iterator()
            r8 = r2
            r9 = r3
        L35:
            boolean r2 = r11.hasNext()
            if (r2 == 0) goto Ld2
            r0 = r17
            int r2 = r0.f30617a
            r3 = 11
            if (r2 != r3) goto Ld2
            boolean r2 = r18.a()
            if (r2 != 0) goto Ld2
            java.lang.Object r2 = r11.next()     // Catch: org.spongycastle.jce.provider.AnnotatedException -> La1
            java.security.cert.X509CRL r2 = (java.security.cert.X509CRL) r2     // Catch: org.spongycastle.jce.provider.AnnotatedException -> La1
            org.spongycastle.jce.provider.j r12 = org.spongycastle.jce.provider.h.a(r2, r13)     // Catch: org.spongycastle.jce.provider.AnnotatedException -> La1
            r0 = r18
            boolean r3 = r12.c(r0)     // Catch: org.spongycastle.jce.provider.AnnotatedException -> La1
            if (r3 == 0) goto L35
            r3 = 0
            r4 = 0
            r5 = r15
            r6 = r19
            r7 = r20
            java.util.Set r3 = org.spongycastle.jce.provider.h.a(r2, r3, r4, r5, r6, r7)     // Catch: org.spongycastle.jce.provider.AnnotatedException -> La1
            java.security.PublicKey r4 = org.spongycastle.jce.provider.h.a(r2, r3)     // Catch: org.spongycastle.jce.provider.AnnotatedException -> La1
            r3 = 0
            boolean r5 = r15.f30482h     // Catch: org.spongycastle.jce.provider.AnnotatedException -> La1
            if (r5 == 0) goto L7f
            java.security.cert.PKIXParameters r3 = r15.f30475a     // Catch: org.spongycastle.jce.provider.AnnotatedException -> La1
            java.util.List r3 = r3.getCertStores()     // Catch: org.spongycastle.jce.provider.AnnotatedException -> La1
            java.util.List<org.spongycastle.jcajce.g> r5 = r15.f30479e     // Catch: org.spongycastle.jce.provider.AnnotatedException -> La1
            java.util.Set r3 = org.spongycastle.jce.provider.b.a(r10, r2, r3, r5)     // Catch: org.spongycastle.jce.provider.AnnotatedException -> La1
            java.security.cert.X509CRL r3 = org.spongycastle.jce.provider.h.a(r3, r4)     // Catch: org.spongycastle.jce.provider.AnnotatedException -> La1
        L7f:
            int r4 = r15.i     // Catch: org.spongycastle.jce.provider.AnnotatedException -> La1
            r5 = 1
            if (r4 == r5) goto La4
            java.util.Date r4 = r14.b()     // Catch: org.spongycastle.jce.provider.AnnotatedException -> La1
            long r4 = r4.getTime()     // Catch: org.spongycastle.jce.provider.AnnotatedException -> La1
            java.util.Date r6 = r2.getThisUpdate()     // Catch: org.spongycastle.jce.provider.AnnotatedException -> La1
            long r6 = r6.getTime()     // Catch: org.spongycastle.jce.provider.AnnotatedException -> La1
            int r4 = (r4 > r6 ? 1 : (r4 == r6 ? 0 : -1))
            if (r4 >= 0) goto La4
            org.spongycastle.jce.provider.AnnotatedException r2 = new org.spongycastle.jce.provider.AnnotatedException     // Catch: org.spongycastle.jce.provider.AnnotatedException -> La1
            java.lang.String r3 = "No valid CRL for current time found."
            r2.<init>(r3)     // Catch: org.spongycastle.jce.provider.AnnotatedException -> La1
            throw r2     // Catch: org.spongycastle.jce.provider.AnnotatedException -> La1
        La1:
            r2 = move-exception
            r8 = r2
            goto L35
        La4:
            org.spongycastle.jce.provider.h.b(r13, r14, r2)     // Catch: org.spongycastle.jce.provider.AnnotatedException -> La1
            org.spongycastle.jce.provider.h.a(r13, r14, r2)     // Catch: org.spongycastle.jce.provider.AnnotatedException -> La1
            org.spongycastle.jce.provider.h.a(r3, r2, r15)     // Catch: org.spongycastle.jce.provider.AnnotatedException -> La1
            r0 = r16
            r1 = r17
            org.spongycastle.jce.provider.h.a(r0, r3, r14, r1, r15)     // Catch: org.spongycastle.jce.provider.AnnotatedException -> La1
            r0 = r16
            r1 = r17
            org.spongycastle.jce.provider.h.a(r0, r2, r14, r1)     // Catch: org.spongycastle.jce.provider.AnnotatedException -> La1
            r0 = r17
            int r2 = r0.f30617a     // Catch: org.spongycastle.jce.provider.AnnotatedException -> La1
            r3 = 8
            if (r2 != r3) goto Lc9
            r2 = 11
            r0 = r17
            r0.f30617a = r2     // Catch: org.spongycastle.jce.provider.AnnotatedException -> La1
        Lc9:
            r0 = r18
            r0.a(r12)     // Catch: org.spongycastle.jce.provider.AnnotatedException -> La1
            r2 = 1
            r9 = r2
            goto L35
        Ld2:
            if (r9 != 0) goto La
            throw r8
        */
        throw new UnsupportedOperationException("Method not decompiled: org.spongycastle.jce.provider.i.a(org.spongycastle.a.u.q, org.spongycastle.g.g, org.spongycastle.jcajce.l, java.util.Date, org.spongycastle.jce.provider.c, org.spongycastle.jce.provider.j, java.util.List, org.spongycastle.jcajce.a.b):void");
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static void a(org.spongycastle.g.g gVar, Set set) throws CertPathValidatorException {
        Set<String> criticalExtensionOIDs = gVar.getCriticalExtensionOIDs();
        if (criticalExtensionOIDs.contains(f30631a)) {
            try {
                am.a(b.a(gVar, f30631a));
            } catch (IllegalArgumentException e2) {
                throw new ExtCertPathValidatorException("Target information extension could not be read.", e2);
            } catch (AnnotatedException e3) {
                throw new ExtCertPathValidatorException("Target information extension could not be read.", e3);
            }
        }
        criticalExtensionOIDs.remove(f30631a);
        Iterator it = set.iterator();
        while (it.hasNext()) {
            it.next();
        }
        if (!criticalExtensionOIDs.isEmpty()) {
            throw new CertPathValidatorException("Attribute certificate contains unsupported critical extensions: " + criticalExtensionOIDs);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static void a(org.spongycastle.g.g gVar, Set set, Set set2) throws CertPathValidatorException {
        Iterator it = set.iterator();
        while (it.hasNext()) {
            String str = (String) it.next();
            if (gVar.a(str) != null) {
                throw new CertPathValidatorException("Attribute certificate contains prohibited attribute: " + str + ".");
            }
        }
        Iterator it2 = set2.iterator();
        while (it2.hasNext()) {
            String str2 = (String) it2.next();
            if (gVar.a(str2) == null) {
                throw new CertPathValidatorException("Attribute certificate does not contain necessary attribute: " + str2 + ".");
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static void a(org.spongycastle.g.g gVar, l lVar) throws CertPathValidatorException {
        try {
            gVar.a(b.a(lVar));
        } catch (CertificateExpiredException e2) {
            throw new ExtCertPathValidatorException("Attribute certificate is not valid.", e2);
        } catch (CertificateNotYetValidException e3) {
            throw new ExtCertPathValidatorException("Attribute certificate is not valid.", e3);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static void a(org.spongycastle.g.g gVar, l lVar, Date date, List list, org.spongycastle.jcajce.a.b bVar) throws CertPathValidatorException {
        boolean z;
        if (lVar.f30481g) {
            if (gVar.getExtensionValue(f30632b) != null) {
                if (gVar.getExtensionValue(f30633c) != null || gVar.getExtensionValue(f30634d) != null) {
                    throw new CertPathValidatorException("No rev avail extension is set, but also an AC revocation pointer.");
                }
                return;
            }
            try {
                org.spongycastle.a.u.i a2 = org.spongycastle.a.u.i.a(b.a(gVar, f30633c));
                List arrayList = new ArrayList();
                try {
                    arrayList.addAll(b.a(a2, lVar.f30480f));
                    l.a aVar = new l.a(lVar);
                    Iterator it = arrayList.iterator();
                    while (it.hasNext()) {
                        aVar.a((org.spongycastle.jcajce.g) arrayList);
                    }
                    l a3 = aVar.a();
                    c cVar = new c();
                    j jVar = new j();
                    AnnotatedException annotatedException = null;
                    if (a2 != null) {
                        try {
                            q[] a4 = a2.a();
                            z = false;
                            for (int i = 0; i < a4.length && cVar.f30617a == 11 && !jVar.a(); i++) {
                                try {
                                    a(a4[i], gVar, (l) a3.clone(), date, cVar, jVar, list, bVar);
                                    z = true;
                                } catch (AnnotatedException e2) {
                                    annotatedException = new AnnotatedException("No valid CRL for distribution point found.", e2);
                                }
                            }
                        } catch (Exception e3) {
                            throw new ExtCertPathValidatorException("Distribution points could not be read.", e3);
                        }
                    } else {
                        z = false;
                    }
                    if (cVar.f30617a == 11) {
                        try {
                            if (!jVar.a()) {
                                try {
                                    a(new q(new r(new v(new u(4, new org.spongycastle.a.k(((X500Principal) gVar.d().a()[0]).getEncoded()).a())))), gVar, (l) a3.clone(), date, cVar, jVar, list, bVar);
                                    z = true;
                                } catch (Exception e4) {
                                    throw new AnnotatedException("Issuer from certificate for CRL could not be reencoded.", e4);
                                }
                            }
                        } catch (AnnotatedException e5) {
                            annotatedException = new AnnotatedException("No valid CRL for distribution point found.", e5);
                        }
                    }
                    if (!z) {
                        throw new ExtCertPathValidatorException("No valid CRL found.", annotatedException);
                    }
                    if (cVar.f30617a != 11) {
                        throw new CertPathValidatorException(("Attribute certificate revocation after " + cVar.f30618b) + ", reason: " + h.o[cVar.f30617a]);
                    }
                    if (!jVar.a() && cVar.f30617a == 11) {
                        cVar.f30617a = 12;
                    }
                    if (cVar.f30617a == 12) {
                        throw new CertPathValidatorException("Attribute certificate status could not be determined.");
                    }
                } catch (AnnotatedException e6) {
                    throw new CertPathValidatorException("No additional CRL locations could be decoded from CRL distribution point extension.", e6);
                }
            } catch (AnnotatedException e7) {
                throw new CertPathValidatorException("CRL distribution point extension could not be read.", e7);
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static CertPath b(org.spongycastle.g.g gVar, l lVar) throws CertPathValidatorException {
        CertPathBuilderResult certPathBuilderResult = null;
        HashSet hashSet = new HashSet();
        if (gVar.c().b() != null) {
            X509CertSelector x509CertSelector = new X509CertSelector();
            x509CertSelector.setSerialNumber(gVar.c().c());
            Principal[] b2 = gVar.c().b();
            for (int i = 0; i < b2.length; i++) {
                try {
                    if (b2[i] instanceof X500Principal) {
                        x509CertSelector.setIssuer(((X500Principal) b2[i]).getEncoded());
                    }
                    hashSet.addAll(b.a(new j.a(x509CertSelector).a(), lVar.f30475a.getCertStores()));
                } catch (IOException e2) {
                    throw new ExtCertPathValidatorException("Unable to encode X500 principal.", e2);
                } catch (AnnotatedException e3) {
                    throw new ExtCertPathValidatorException("Public key certificate for attribute certificate cannot be searched.", e3);
                }
            }
            if (hashSet.isEmpty()) {
                throw new CertPathValidatorException("Public key certificate specified in base certificate ID for attribute certificate cannot be found.");
            }
        }
        if (gVar.c().a() != null) {
            org.spongycastle.g.j jVar = new org.spongycastle.g.j();
            Principal[] a2 = gVar.c().a();
            for (int i2 = 0; i2 < a2.length; i2++) {
                try {
                    if (a2[i2] instanceof X500Principal) {
                        jVar.setIssuer(((X500Principal) a2[i2]).getEncoded());
                    }
                    hashSet.addAll(b.a(new j.a(jVar).a(), lVar.f30475a.getCertStores()));
                } catch (IOException e4) {
                    throw new ExtCertPathValidatorException("Unable to encode X500 principal.", e4);
                } catch (AnnotatedException e5) {
                    throw new ExtCertPathValidatorException("Public key certificate for attribute certificate cannot be searched.", e5);
                }
            }
            if (hashSet.isEmpty()) {
                throw new CertPathValidatorException("Public key certificate specified in entity name for attribute certificate cannot be found.");
            }
        }
        l.a aVar = new l.a(lVar);
        Iterator it = hashSet.iterator();
        ExtCertPathValidatorException extCertPathValidatorException = null;
        while (it.hasNext()) {
            org.spongycastle.g.j jVar2 = new org.spongycastle.g.j();
            jVar2.setCertificate((X509Certificate) it.next());
            aVar.f30485c = new j.a(jVar2).a();
            try {
                try {
                    certPathBuilderResult = CertPathBuilder.getInstance("PKIX", "SC").build(new k.a(aVar.a()).a());
                } catch (InvalidAlgorithmParameterException e6) {
                    throw new RuntimeException(e6.getMessage());
                } catch (CertPathBuilderException e7) {
                    extCertPathValidatorException = new ExtCertPathValidatorException("Certification path for public key certificate of attribute certificate could not be build.", e7);
                }
            } catch (NoSuchAlgorithmException e8) {
                throw new ExtCertPathValidatorException("Support class could not be created.", e8);
            } catch (NoSuchProviderException e9) {
                throw new ExtCertPathValidatorException("Support class could not be created.", e9);
            }
        }
        if (extCertPathValidatorException != null) {
            throw extCertPathValidatorException;
        }
        return certPathBuilderResult.getCertPath();
    }
}
