package org.bouncycastle.jce.provider;

import defpackage.a76;
import defpackage.cv;
import defpackage.h07;
import defpackage.km6;
import defpackage.l07;
import defpackage.lm6;
import defpackage.mm6;
import defpackage.o07;
import defpackage.r07;
import defpackage.r76;
import defpackage.rn6;
import defpackage.u66;
import java.io.IOException;
import java.security.InvalidAlgorithmParameterException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.Principal;
import java.security.cert.CertPath;
import java.security.cert.CertPathBuilder;
import java.security.cert.CertPathBuilderException;
import java.security.cert.CertPathBuilderResult;
import java.security.cert.CertPathValidator;
import java.security.cert.CertPathValidatorException;
import java.security.cert.CertPathValidatorResult;
import java.security.cert.CertSelector;
import java.security.cert.CertificateExpiredException;
import java.security.cert.CertificateNotYetValidException;
import java.security.cert.TrustAnchor;
import java.security.cert.X509CertSelector;
import java.security.cert.X509Certificate;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Set;
import javax.security.auth.x500.X500Principal;

/* loaded from: classes2.dex */
public class RFC3281CertPathUtilities {
    private static final String TARGET_INFORMATION = u66.k2.a;
    private static final String NO_REV_AVAIL = u66.j2.a;
    private static final String CRL_DISTRIBUTION_POINTS = u66.a2.a;
    private static final String AUTHORITY_INFO_ACCESS = u66.i2.a;

    public static void additionalChecks(o07 o07Var, Set set, Set set2) throws CertPathValidatorException {
        Iterator it = set.iterator();
        while (it.hasNext()) {
            String str = (String) it.next();
            if (o07Var.b(str) != null) {
                throw new CertPathValidatorException(cv.W("Attribute certificate contains prohibited attribute: ", str, "."));
            }
        }
        Iterator it2 = set2.iterator();
        while (it2.hasNext()) {
            String str2 = (String) it2.next();
            if (o07Var.b(str2) == null) {
                throw new CertPathValidatorException(cv.W("Attribute certificate does not contain necessary attribute: ", str2, "."));
            }
        }
    }

    /* JADX WARN: Code restructure failed: missing block: B:49:0x00e9, code lost:
    
        return;
     */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    private static void checkCRL(defpackage.s66 r21, defpackage.o07 r22, defpackage.mm6 r23, java.util.Date r24, java.security.cert.X509Certificate r25, org.bouncycastle.jce.provider.CertStatus r26, org.bouncycastle.jce.provider.ReasonsMask r27, java.util.List r28, defpackage.ln6 r29) throws org.bouncycastle.jce.provider.AnnotatedException {
        /*
            Method dump skipped, instructions count: 243
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: org.bouncycastle.jce.provider.RFC3281CertPathUtilities.checkCRL(s66, o07, mm6, java.util.Date, java.security.cert.X509Certificate, org.bouncycastle.jce.provider.CertStatus, org.bouncycastle.jce.provider.ReasonsMask, java.util.List, ln6):void");
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Removed duplicated region for block: B:34:0x0100  */
    /* JADX WARN: Removed duplicated region for block: B:48:0x0152  */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public static void checkCRLs(defpackage.o07 r19, defpackage.mm6 r20, java.security.cert.X509Certificate r21, java.util.Date r22, java.util.List r23, defpackage.ln6 r24) throws java.security.cert.CertPathValidatorException {
        /*
            Method dump skipped, instructions count: 390
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: org.bouncycastle.jce.provider.RFC3281CertPathUtilities.checkCRLs(o07, mm6, java.security.cert.X509Certificate, java.util.Date, java.util.List, ln6):void");
    }

    public static CertPath processAttrCert1(o07 o07Var, mm6 mm6Var) throws CertPathValidatorException {
        HashSet hashSet = new HashSet();
        h07 a = o07Var.a();
        a76 a76Var = a.a.a;
        if ((a76Var != null ? a.c(a76Var.a) : null) != null) {
            X509CertSelector x509CertSelector = new X509CertSelector();
            x509CertSelector.setSerialNumber(o07Var.a().d());
            h07 a2 = o07Var.a();
            a76 a76Var2 = a2.a.a;
            Principal[] c = a76Var2 != null ? a2.c(a76Var2.a) : null;
            for (int i = 0; i < c.length; i++) {
                try {
                    if (c[i] instanceof X500Principal) {
                        x509CertSelector.setIssuer(((X500Principal) c[i]).getEncoded());
                    }
                    hashSet.addAll(CertPathValidatorUtilities.findCertificates(new km6((CertSelector) x509CertSelector.clone(), null), mm6Var.b()));
                } catch (IOException e) {
                    throw new rn6("Unable to encode X500 principal.", e);
                } catch (AnnotatedException e2) {
                    throw new rn6("Public key certificate for attribute certificate cannot be searched.", e2);
                }
            }
            if (hashSet.isEmpty()) {
                throw new CertPathValidatorException("Public key certificate specified in base certificate ID for attribute certificate cannot be found.");
            }
        }
        if (o07Var.a().b() != null) {
            r07 r07Var = new r07();
            Principal[] b = o07Var.a().b();
            for (int i2 = 0; i2 < b.length; i2++) {
                try {
                    if (b[i2] instanceof X500Principal) {
                        r07Var.setIssuer(((X500Principal) b[i2]).getEncoded());
                    }
                    hashSet.addAll(CertPathValidatorUtilities.findCertificates(new km6((CertSelector) r07Var.clone(), null), mm6Var.b()));
                } catch (IOException e3) {
                    throw new rn6("Unable to encode X500 principal.", e3);
                } catch (AnnotatedException e4) {
                    throw new rn6("Public key certificate for attribute certificate cannot be searched.", e4);
                }
            }
            if (hashSet.isEmpty()) {
                throw new CertPathValidatorException("Public key certificate specified in entity name for attribute certificate cannot be found.");
            }
        }
        mm6.b bVar = new mm6.b(mm6Var);
        Iterator it = hashSet.iterator();
        rn6 rn6Var = null;
        CertPathBuilderResult certPathBuilderResult = null;
        while (it.hasNext()) {
            r07 r07Var2 = new r07();
            r07Var2.setCertificate((X509Certificate) it.next());
            bVar.c = new km6((CertSelector) r07Var2.clone(), null);
            try {
                try {
                    certPathBuilderResult = CertPathBuilder.getInstance("PKIX", BouncyCastleProvider.PROVIDER_NAME).build(new lm6.b(bVar.a()).a());
                } catch (InvalidAlgorithmParameterException e5) {
                    throw new RuntimeException(e5.getMessage());
                } catch (CertPathBuilderException e6) {
                    rn6Var = new rn6("Certification path for public key certificate of attribute certificate could not be build.", e6);
                }
            } catch (NoSuchAlgorithmException e7) {
                throw new rn6("Support class could not be created.", e7);
            } catch (NoSuchProviderException e8) {
                throw new rn6("Support class could not be created.", e8);
            }
        }
        if (rn6Var == null) {
            return certPathBuilderResult.getCertPath();
        }
        throw rn6Var;
    }

    public static CertPathValidatorResult processAttrCert2(CertPath certPath, mm6 mm6Var) throws CertPathValidatorException {
        try {
            try {
                return CertPathValidator.getInstance("PKIX", BouncyCastleProvider.PROVIDER_NAME).validate(certPath, mm6Var);
            } catch (InvalidAlgorithmParameterException e) {
                throw new RuntimeException(e.getMessage());
            } catch (CertPathValidatorException e2) {
                throw new rn6("Certification path for issuer certificate of attribute certificate could not be validated.", e2);
            }
        } catch (NoSuchAlgorithmException e3) {
            throw new rn6("Support class could not be created.", e3);
        } catch (NoSuchProviderException e4) {
            throw new rn6("Support class could not be created.", e4);
        }
    }

    public static void processAttrCert3(X509Certificate x509Certificate, mm6 mm6Var) throws CertPathValidatorException {
        if (x509Certificate.getKeyUsage() != null && !x509Certificate.getKeyUsage()[0] && !x509Certificate.getKeyUsage()[1]) {
            throw new CertPathValidatorException("Attribute certificate issuer public key cannot be used to validate digital signatures.");
        }
        if (x509Certificate.getBasicConstraints() != -1) {
            throw new CertPathValidatorException("Attribute certificate issuer is also a public key certificate issuer.");
        }
    }

    public static void processAttrCert4(X509Certificate x509Certificate, Set set) throws CertPathValidatorException {
        Iterator it = set.iterator();
        boolean z = false;
        while (it.hasNext()) {
            TrustAnchor trustAnchor = (TrustAnchor) it.next();
            if (x509Certificate.getSubjectX500Principal().getName("RFC2253").equals(trustAnchor.getCAName()) || x509Certificate.equals(trustAnchor.getTrustedCert())) {
                z = true;
            }
        }
        if (!z) {
            throw new CertPathValidatorException("Attribute certificate issuer is not directly trusted.");
        }
    }

    public static void processAttrCert5(o07 o07Var, mm6 mm6Var) throws CertPathValidatorException {
        try {
            o07Var.checkValidity(CertPathValidatorUtilities.getValidDate(mm6Var));
        } catch (CertificateExpiredException e) {
            throw new rn6("Attribute certificate is not valid.", e);
        } catch (CertificateNotYetValidException e2) {
            throw new rn6("Attribute certificate is not valid.", e2);
        }
    }

    public static void processAttrCert7(o07 o07Var, CertPath certPath, CertPath certPath2, mm6 mm6Var, Set set) throws CertPathValidatorException {
        Set<String> criticalExtensionOIDs = o07Var.getCriticalExtensionOIDs();
        String str = TARGET_INFORMATION;
        if (criticalExtensionOIDs.contains(str)) {
            try {
                r76.v(CertPathValidatorUtilities.getExtensionValue(o07Var, str));
            } catch (IllegalArgumentException e) {
                throw new rn6("Target information extension could not be read.", e);
            } catch (AnnotatedException e2) {
                throw new rn6("Target information extension could not be read.", e2);
            }
        }
        criticalExtensionOIDs.remove(str);
        Iterator it = set.iterator();
        while (it.hasNext()) {
            ((l07) it.next()).b(o07Var, certPath, certPath2, criticalExtensionOIDs);
        }
        if (criticalExtensionOIDs.isEmpty()) {
            return;
        }
        throw new CertPathValidatorException("Attribute certificate contains unsupported critical extensions: " + criticalExtensionOIDs);
    }
}
