package org.a.e.d;

import java.io.IOException;
import java.math.BigInteger;
import java.security.GeneralSecurityException;
import java.security.PublicKey;
import java.security.cert.CRL;
import java.security.cert.CertPath;
import java.security.cert.CertPathBuilderException;
import java.security.cert.CertPathValidatorException;
import java.security.cert.Certificate;
import java.security.cert.CertificateExpiredException;
import java.security.cert.CertificateNotYetValidException;
import java.security.cert.PKIXCertPathChecker;
import java.security.cert.X509CRL;
import java.security.cert.X509CRLSelector;
import java.security.cert.X509CertSelector;
import java.security.cert.X509Certificate;
import java.security.cert.X509Extension;
import java.text.SimpleDateFormat;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Date;
import java.util.Enumeration;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Set;
import java.util.TimeZone;
import org.a.a.bq;
import org.a.d.e;
import org.a.d.g;
import org.a.d.h;
import org.a.d.i;

/* loaded from: classes2.dex */
class aj {
    public static final String o = "2.5.29.32.0";
    protected static final int p = 5;
    protected static final int q = 6;
    private static final ac s = new ac();

    /* renamed from: a, reason: collision with root package name */
    public static final String f10091a = org.a.a.ae.y.q.a();

    /* renamed from: b, reason: collision with root package name */
    public static final String f10092b = org.a.a.ae.y.r.a();
    public static final String c = org.a.a.ae.y.w.a();
    public static final String d = org.a.a.ae.y.m.a();
    public static final String e = org.a.a.ae.y.v.a();
    public static final String f = org.a.a.ae.y.l.a();
    public static final String g = org.a.a.ae.y.t.a();
    public static final String h = org.a.a.ae.y.g.a();
    public static final String i = org.a.a.ae.y.p.a();
    public static final String j = org.a.a.ae.y.e.a();
    public static final String k = org.a.a.ae.y.o.a();
    public static final String l = org.a.a.ae.y.s.a();
    public static final String m = org.a.a.ae.y.c.a();
    public static final String n = org.a.a.ae.y.h.a();
    protected static final String[] r = {"unspecified", "keyCompromise", "cACompromise", "affiliationChanged", "superseded", "cessationOfOperation", "certificateHold", android.support.v4.os.f.f754a, "removeFromCRL", "privilegeWithdrawn", "aACompromise"};

    aj() {
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static int a(int i2, X509Certificate x509Certificate) {
        return (g.a(x509Certificate) || i2 == 0) ? i2 : i2 - 1;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static int a(CertPath certPath, int i2, int i3) throws CertPathValidatorException {
        try {
            org.a.a.u a2 = bq.a((Object) g.a((X509Certificate) certPath.getCertificates().get(i2), g));
            if (a2 == null) {
                return i3;
            }
            Enumeration e2 = a2.e();
            while (e2.hasMoreElements()) {
                try {
                    org.a.a.aa a3 = org.a.a.aa.a(e2.nextElement());
                    if (a3.a() == 0) {
                        int intValue = org.a.a.l.a(a3, false).a().intValue();
                        return intValue < i3 ? intValue : i3;
                    }
                } catch (IllegalArgumentException e3) {
                    throw new org.a.e.a.b("Policy constraints extension contents cannot be decoded.", e3, certPath, i2);
                }
            }
            return i3;
        } catch (Exception e4) {
            throw new org.a.e.a.b("Policy constraints extension cannot be decoded.", e4, certPath, i2);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static PublicKey a(X509CRL x509crl, Set set) throws a {
        Exception e2 = null;
        Iterator it = set.iterator();
        while (it.hasNext()) {
            PublicKey publicKey = (PublicKey) it.next();
            try {
                x509crl.verify(publicKey);
                return publicKey;
            } catch (Exception e3) {
                e2 = e3;
            }
        }
        throw new a("Cannot verify CRL.", e2);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static X509CRL a(Set set, PublicKey publicKey) throws a {
        Iterator it = set.iterator();
        Exception e2 = null;
        while (it.hasNext()) {
            X509CRL x509crl = (X509CRL) it.next();
            try {
                x509crl.verify(publicKey);
                return x509crl;
            } catch (Exception e3) {
                e2 = e3;
            }
        }
        if (e2 != null) {
            throw new a("Cannot verify delta CRL.", e2);
        }
        return null;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static Set a(X509CRL x509crl, Object obj, X509Certificate x509Certificate, PublicKey publicKey, org.a.d.i iVar, List list, org.a.d.d.c cVar) throws a {
        a aVar;
        int i2 = 0;
        X509CertSelector x509CertSelector = new X509CertSelector();
        try {
            x509CertSelector.setSubject(ai.a(x509crl).g());
            org.a.d.g<? extends Certificate> a2 = new g.a(x509CertSelector).a();
            try {
                Collection<X509Certificate> a3 = g.a(a2, iVar.a());
                a3.addAll(g.a(a2, iVar.p()));
                a3.add(x509Certificate);
                ArrayList arrayList = new ArrayList();
                ArrayList arrayList2 = new ArrayList();
                for (X509Certificate x509Certificate2 : a3) {
                    if (x509Certificate2.equals(x509Certificate)) {
                        arrayList.add(x509Certificate2);
                        arrayList2.add(publicKey);
                    } else {
                        try {
                            ad adVar = new ad();
                            X509CertSelector x509CertSelector2 = new X509CertSelector();
                            x509CertSelector2.setCertificate(x509Certificate2);
                            i.a a4 = new i.a(iVar).a(new g.a(x509CertSelector2).a());
                            if (list.contains(x509Certificate2)) {
                                a4.b(false);
                            } else {
                                a4.b(true);
                            }
                            List<? extends Certificate> certificates = adVar.engineBuild(new h.a(a4.a()).a()).getCertPath().getCertificates();
                            arrayList.add(x509Certificate2);
                            arrayList2.add(g.a(certificates, 0, cVar));
                        } catch (CertPathBuilderException e2) {
                            throw new a("CertPath for CRL signer failed to validate.", e2);
                        } catch (CertPathValidatorException e3) {
                            throw new a("Public key of issuer certificate of CRL could not be retrieved.", e3);
                        } catch (Exception e4) {
                            throw new a(e4.getMessage());
                        }
                    }
                }
                HashSet hashSet = new HashSet();
                a aVar2 = null;
                while (true) {
                    int i3 = i2;
                    aVar = aVar2;
                    if (i3 >= arrayList.size()) {
                        break;
                    }
                    boolean[] keyUsage = ((X509Certificate) arrayList.get(i3)).getKeyUsage();
                    if (keyUsage == null || (keyUsage.length >= 7 && keyUsage[6])) {
                        hashSet.add(arrayList2.get(i3));
                        aVar2 = aVar;
                    } else {
                        aVar2 = new a("Issuer certificate key usage extension does not permit CRL signing.");
                    }
                    i2 = i3 + 1;
                }
                if (hashSet.isEmpty() && aVar == null) {
                    throw new a("Cannot find a valid issuer certificate.");
                }
                if (!hashSet.isEmpty() || aVar == null) {
                    return hashSet;
                }
                throw aVar;
            } catch (a e5) {
                throw new a("Issuer certificate for CRL cannot be searched.", e5);
            }
        } catch (IOException e6) {
            throw new a("Subject criteria for certificate selector to find issuer certificate for CRL could not be set.", e6);
        }
    }

    protected static Set a(Date date, org.a.d.i iVar, X509Certificate x509Certificate, X509CRL x509crl) throws a {
        HashSet hashSet = new HashSet();
        if (iVar.f()) {
            try {
                org.a.a.ae.k a2 = org.a.a.ae.k.a(g.a(x509Certificate, e));
                if (a2 == null) {
                    try {
                        a2 = org.a.a.ae.k.a(g.a(x509crl, e));
                    } catch (a e2) {
                        throw new a("Freshest CRL extension could not be decoded from CRL.", e2);
                    }
                }
                if (a2 != null) {
                    ArrayList arrayList = new ArrayList();
                    arrayList.addAll(iVar.c());
                    try {
                        arrayList.addAll(g.a(a2, iVar.d()));
                        try {
                            hashSet.addAll(g.a(date, x509crl, iVar.p(), arrayList));
                        } catch (a e3) {
                            throw new a("Exception obtaining delta CRLs.", e3);
                        }
                    } catch (a e4) {
                        throw new a("No new delta CRL locations could be added from Freshest CRL extension.", e4);
                    }
                }
            } catch (a e5) {
                throw new a("Freshest CRL extension could not be decoded from certificate.", e5);
            }
        }
        return hashSet;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static ah a(CertPath certPath, int i2, Set set, ah ahVar, List[] listArr, int i3) throws CertPathValidatorException {
        String str;
        boolean z;
        int i4;
        List<? extends Certificate> certificates = certPath.getCertificates();
        X509Certificate x509Certificate = (X509Certificate) certificates.get(i2);
        int size = certificates.size();
        int i5 = size - i2;
        try {
            org.a.a.u a2 = bq.a((Object) g.a(x509Certificate, f10091a));
            if (a2 == null || ahVar == null) {
                return null;
            }
            Enumeration e2 = a2.e();
            HashSet hashSet = new HashSet();
            while (e2.hasMoreElements()) {
                org.a.a.ae.ap a3 = org.a.a.ae.ap.a(e2.nextElement());
                org.a.a.o a4 = a3.a();
                hashSet.add(a4.a());
                if (!o.equals(a4.a())) {
                    try {
                        Set a5 = g.a(a3.b());
                        if (!g.a(i5, listArr, a4, a5)) {
                            g.b(i5, listArr, a4, a5);
                        }
                    } catch (CertPathValidatorException e3) {
                        throw new org.a.e.a.b("Policy qualifier info set could not be build.", e3, certPath, i2);
                    }
                }
            }
            if (set.isEmpty() || set.contains(o)) {
                set.clear();
                set.addAll(hashSet);
            } else {
                HashSet hashSet2 = new HashSet();
                for (Object obj : set) {
                    if (hashSet.contains(obj)) {
                        hashSet2.add(obj);
                    }
                }
                set.clear();
                set.addAll(hashSet2);
            }
            if (i3 > 0 || (i5 < size && g.a(x509Certificate))) {
                Enumeration e4 = a2.e();
                while (true) {
                    if (!e4.hasMoreElements()) {
                        break;
                    }
                    org.a.a.ae.ap a6 = org.a.a.ae.ap.a(e4.nextElement());
                    if (o.equals(a6.a().a())) {
                        Set a7 = g.a(a6.b());
                        List list = listArr[i5 - 1];
                        int i6 = 0;
                        while (true) {
                            int i7 = i6;
                            if (i7 >= list.size()) {
                                break;
                            }
                            ah ahVar2 = (ah) list.get(i7);
                            for (Object obj2 : ahVar2.getExpectedPolicies()) {
                                if (obj2 instanceof String) {
                                    str = (String) obj2;
                                } else if (obj2 instanceof org.a.a.o) {
                                    str = ((org.a.a.o) obj2).a();
                                }
                                boolean z2 = false;
                                Iterator children = ahVar2.getChildren();
                                while (true) {
                                    z = z2;
                                    if (!children.hasNext()) {
                                        break;
                                    }
                                    z2 = str.equals(((ah) children.next()).getValidPolicy()) ? true : z;
                                }
                                if (!z) {
                                    HashSet hashSet3 = new HashSet();
                                    hashSet3.add(str);
                                    ah ahVar3 = new ah(new ArrayList(), i5, hashSet3, ahVar2, a7, str, false);
                                    ahVar2.a(ahVar3);
                                    listArr[i5].add(ahVar3);
                                }
                            }
                            i6 = i7 + 1;
                        }
                    }
                }
            }
            int i8 = i5 - 1;
            ah ahVar4 = ahVar;
            while (i8 >= 0) {
                List list2 = listArr[i8];
                ah ahVar5 = ahVar4;
                while (true) {
                    int i9 = i4;
                    if (i9 < list2.size()) {
                        ah ahVar6 = (ah) list2.get(i9);
                        i4 = (ahVar6.a() || (ahVar5 = g.a(ahVar5, listArr, ahVar6)) != null) ? i9 + 1 : 0;
                    }
                }
                i8--;
                ahVar4 = ahVar5;
            }
            Set<String> criticalExtensionOIDs = x509Certificate.getCriticalExtensionOIDs();
            if (criticalExtensionOIDs == null) {
                return ahVar4;
            }
            boolean contains = criticalExtensionOIDs.contains(f10091a);
            List list3 = listArr[i5];
            int i10 = 0;
            while (true) {
                int i11 = i10;
                if (i11 >= list3.size()) {
                    return ahVar4;
                }
                ((ah) list3.get(i11)).a(contains);
                i10 = i11 + 1;
            }
        } catch (a e5) {
            throw new org.a.e.a.b("Could not read certificate policies extension from certificate.", e5, certPath, i2);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static ah a(CertPath certPath, int i2, ah ahVar) throws CertPathValidatorException {
        try {
            if (bq.a((Object) g.a((X509Certificate) certPath.getCertificates().get(i2), f10091a)) == null) {
                return null;
            }
            return ahVar;
        } catch (a e2) {
            throw new org.a.e.a.b("Could not read certificate policies extension from certificate.", e2, certPath, i2);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    /* JADX WARN: Code restructure failed: missing block: B:102:0x013f, code lost:
    
        r0 = move-exception;
     */
    /* JADX WARN: Code restructure failed: missing block: B:104:0x0147, code lost:
    
        throw new org.a.e.a.b("Certificate policies extension could not be decoded.", r0, r12, r13);
     */
    /* JADX WARN: Code restructure failed: missing block: B:106:0x007a, code lost:
    
        continue;
     */
    /* JADX WARN: Code restructure failed: missing block: B:69:0x00cf, code lost:
    
        r5 = null;
     */
    /* JADX WARN: Code restructure failed: missing block: B:72:0x00d8, code lost:
    
        r1 = ((org.a.a.u) org.a.e.d.g.a(r8, org.a.e.d.aj.f10091a)).e();
     */
    /* JADX WARN: Code restructure failed: missing block: B:74:0x00e0, code lost:
    
        if (r1.hasMoreElements() == false) goto L115;
     */
    /* JADX WARN: Code restructure failed: missing block: B:76:0x00e2, code lost:
    
        r3 = org.a.a.ae.ap.a(r1.nextElement());
     */
    /* JADX WARN: Code restructure failed: missing block: B:78:0x00f8, code lost:
    
        if (org.a.e.d.aj.o.equals(r3.a().a()) == false) goto L116;
     */
    /* JADX WARN: Code restructure failed: missing block: B:80:0x00fa, code lost:
    
        r5 = org.a.e.d.g.a(r3.b());
     */
    /* JADX WARN: Code restructure failed: missing block: B:81:0x0102, code lost:
    
        r7 = false;
     */
    /* JADX WARN: Code restructure failed: missing block: B:82:0x0107, code lost:
    
        if (r8.getCriticalExtensionOIDs() == null) goto L45;
     */
    /* JADX WARN: Code restructure failed: missing block: B:83:0x0109, code lost:
    
        r7 = r8.getCriticalExtensionOIDs().contains(org.a.e.d.aj.f10091a);
     */
    /* JADX WARN: Code restructure failed: missing block: B:84:0x0113, code lost:
    
        r4 = (org.a.e.d.ah) r0.getParent();
     */
    /* JADX WARN: Code restructure failed: missing block: B:85:0x0123, code lost:
    
        if (org.a.e.d.aj.o.equals(r4.getValidPolicy()) == false) goto L100;
     */
    /* JADX WARN: Code restructure failed: missing block: B:87:0x0125, code lost:
    
        r0 = new org.a.e.d.ah(new java.util.ArrayList(), r2, (java.util.Set) r9.get(r6), r4, r5, r6, r7);
        r4.a(r0);
        r14[r2].add(r0);
     */
    /* JADX WARN: Code restructure failed: missing block: B:91:0x0151, code lost:
    
        r0 = move-exception;
     */
    /* JADX WARN: Code restructure failed: missing block: B:93:0x0159, code lost:
    
        throw new org.a.e.a.b("Policy qualifier info set could not be decoded.", r0, r12, r13);
     */
    /* JADX WARN: Code restructure failed: missing block: B:97:0x0148, code lost:
    
        r0 = move-exception;
     */
    /* JADX WARN: Code restructure failed: missing block: B:99:0x0150, code lost:
    
        throw new java.security.cert.CertPathValidatorException("Policy information could not be decoded.", r0, r12, r13);
     */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public static org.a.e.d.ah a(java.security.cert.CertPath r12, int r13, java.util.List[] r14, org.a.e.d.ah r15, int r16) throws java.security.cert.CertPathValidatorException {
        /*
            Method dump skipped, instructions count: 438
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: org.a.e.d.aj.a(java.security.cert.CertPath, int, java.util.List[], org.a.e.d.ah, int):org.a.e.d.ah");
    }

    /* JADX INFO: Access modifiers changed from: protected */
    /* JADX WARN: Removed duplicated region for block: B:38:0x0080  */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public static org.a.e.d.ah a(java.security.cert.CertPath r9, org.a.d.i r10, java.util.Set r11, int r12, java.util.List[] r13, org.a.e.d.ah r14, java.util.Set r15) throws java.security.cert.CertPathValidatorException {
        /*
            Method dump skipped, instructions count: 349
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: org.a.e.d.aj.a(java.security.cert.CertPath, org.a.d.i, java.util.Set, int, java.util.List[], org.a.e.d.ah, java.util.Set):org.a.e.d.ah");
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static al a(X509CRL x509crl, org.a.a.ae.v vVar) throws a {
        try {
            org.a.a.ae.ai a2 = org.a.a.ae.ai.a(g.a(x509crl, d));
            if (a2 != null && a2.i() != null && vVar.b() != null) {
                return new al(vVar.b()).b(new al(a2.i()));
            }
            if ((a2 == null || a2.i() == null) && vVar.b() == null) {
                return al.f10095a;
            }
            return (vVar.b() == null ? al.f10095a : new al(vVar.b())).b(a2 == null ? al.f10095a : new al(a2.i()));
        } catch (Exception e2) {
            throw new a("Issuing distribution point extension could not be decoded.", e2);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static void a(CertPath certPath, int i2) throws CertPathValidatorException {
        try {
            org.a.a.u a2 = bq.a((Object) g.a((X509Certificate) certPath.getCertificates().get(i2), f10092b));
            if (a2 != null) {
                for (int i3 = 0; i3 < a2.i(); i3++) {
                    try {
                        org.a.a.u a3 = bq.a(a2.a(i3));
                        org.a.a.o a4 = org.a.a.o.a(a3.a(0));
                        org.a.a.o a5 = org.a.a.o.a(a3.a(1));
                        if (o.equals(a4.a())) {
                            throw new CertPathValidatorException("IssuerDomainPolicy is anyPolicy", null, certPath, i2);
                        }
                        if (o.equals(a5.a())) {
                            throw new CertPathValidatorException("SubjectDomainPolicy is anyPolicy,", null, certPath, i2);
                        }
                    } catch (Exception e2) {
                        throw new org.a.e.a.b("Policy mappings extension contents could not be decoded.", e2, certPath, i2);
                    }
                }
            }
        } catch (a e3) {
            throw new org.a.e.a.b("Policy mappings extension could not be decoded.", e3, certPath, i2);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static void a(CertPath certPath, int i2, List list, Set set) throws CertPathValidatorException {
        X509Certificate x509Certificate = (X509Certificate) certPath.getCertificates().get(i2);
        Iterator it = list.iterator();
        while (it.hasNext()) {
            try {
                ((PKIXCertPathChecker) it.next()).check(x509Certificate, set);
            } catch (CertPathValidatorException e2) {
                throw new org.a.e.a.b("Additional certificate path checker failed.", e2, certPath, i2);
            }
        }
        if (!set.isEmpty()) {
            throw new org.a.e.a.b("Certificate has unsupported critical extension: " + set, null, certPath, i2);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static void a(CertPath certPath, int i2, Set set, List list) throws CertPathValidatorException {
        X509Certificate x509Certificate = (X509Certificate) certPath.getCertificates().get(i2);
        Iterator it = list.iterator();
        while (it.hasNext()) {
            try {
                ((PKIXCertPathChecker) it.next()).check(x509Certificate, set);
            } catch (CertPathValidatorException e2) {
                throw new CertPathValidatorException(e2.getMessage(), e2.getCause(), certPath, i2);
            }
        }
        if (!set.isEmpty()) {
            throw new org.a.e.a.b("Certificate has unsupported critical extension: " + set, null, certPath, i2);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static void a(CertPath certPath, int i2, af afVar) throws CertPathValidatorException {
        List<? extends Certificate> certificates = certPath.getCertificates();
        X509Certificate x509Certificate = (X509Certificate) certificates.get(i2);
        int size = certificates.size();
        int i3 = size - i2;
        if (!g.a(x509Certificate) || i3 >= size) {
            try {
                org.a.a.u a2 = bq.a(ai.a(x509Certificate).g());
                try {
                    afVar.a(a2);
                    afVar.b(a2);
                    try {
                        org.a.a.ae.ac a3 = org.a.a.ae.ac.a(g.a(x509Certificate, j));
                        org.a.a.ad.c[] a4 = org.a.a.ad.d.a(a2).a(org.a.a.ad.a.c.E);
                        for (int i4 = 0; i4 != a4.length; i4++) {
                            org.a.a.ae.ab abVar = new org.a.a.ae.ab(1, ((org.a.a.z) a4[i4].c().b()).a());
                            try {
                                afVar.a(abVar);
                                afVar.b(abVar);
                            } catch (ag e2) {
                                throw new CertPathValidatorException("Subtree check for certificate subject alternative email failed.", e2, certPath, i2);
                            }
                        }
                        if (a3 != null) {
                            try {
                                org.a.a.ae.ab[] a5 = a3.a();
                                for (int i5 = 0; i5 < a5.length; i5++) {
                                    try {
                                        afVar.a(a5[i5]);
                                        afVar.b(a5[i5]);
                                    } catch (ag e3) {
                                        throw new CertPathValidatorException("Subtree check for certificate subject alternative name failed.", e3, certPath, i2);
                                    }
                                }
                            } catch (Exception e4) {
                                throw new CertPathValidatorException("Subject alternative name contents could not be decoded.", e4, certPath, i2);
                            }
                        }
                    } catch (Exception e5) {
                        throw new CertPathValidatorException("Subject alternative name extension could not be decoded.", e5, certPath, i2);
                    }
                } catch (ag e6) {
                    throw new CertPathValidatorException("Subtree check for certificate subject failed.", e6, certPath, i2);
                }
            } catch (Exception e7) {
                throw new CertPathValidatorException("Exception extracting subject name when checking subtrees.", e7, certPath, i2);
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static void a(CertPath certPath, int i2, ah ahVar, int i3) throws CertPathValidatorException {
        if (i3 <= 0 && ahVar == null) {
            throw new org.a.e.a.b("No valid policy tree found when one expected.", null, certPath, i2);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static void a(CertPath certPath, org.a.d.i iVar, int i2, PublicKey publicKey, boolean z, org.a.a.ad.d dVar, X509Certificate x509Certificate, org.a.d.d.c cVar) throws org.a.e.a.b {
        List<? extends Certificate> certificates = certPath.getCertificates();
        X509Certificate x509Certificate2 = (X509Certificate) certificates.get(i2);
        if (!z) {
            try {
                g.a(x509Certificate2, publicKey, iVar.k());
            } catch (GeneralSecurityException e2) {
                throw new org.a.e.a.b("Could not validate certificate signature.", e2, certPath, i2);
            }
        }
        try {
            x509Certificate2.checkValidity(g.a(iVar, certPath, i2));
            if (iVar.q()) {
                try {
                    a(iVar, x509Certificate2, g.a(iVar, certPath, i2), x509Certificate, publicKey, certificates, cVar);
                } catch (a e3) {
                    throw new org.a.e.a.b(e3.getMessage(), e3.getCause() != null ? e3.getCause() : e3, certPath, i2);
                }
            }
            if (!ai.a((Object) x509Certificate2).equals(dVar)) {
                throw new org.a.e.a.b("IssuerName(" + ai.a((Object) x509Certificate2) + ") does not match SubjectName(" + dVar + ") of signing certificate.", null, certPath, i2);
            }
        } catch (CertificateExpiredException e4) {
            throw new org.a.e.a.b("Could not validate certificate: " + e4.getMessage(), e4, certPath, i2);
        } catch (CertificateNotYetValidException e5) {
            throw new org.a.e.a.b("Could not validate certificate: " + e5.getMessage(), e5, certPath, i2);
        } catch (a e6) {
            throw new org.a.e.a.b("Could not validate time of certificate.", e6, certPath, i2);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static void a(X509CRL x509crl, X509CRL x509crl2, org.a.d.i iVar) throws a {
        boolean z = true;
        if (x509crl == null) {
            return;
        }
        try {
            org.a.a.ae.ai a2 = org.a.a.ae.ai.a(g.a(x509crl2, d));
            if (iVar.f()) {
                if (!ai.a(x509crl).equals(ai.a(x509crl2))) {
                    throw new a("Complete CRL issuer does not match delta CRL issuer.");
                }
                try {
                    org.a.a.ae.ai a3 = org.a.a.ae.ai.a(g.a(x509crl, d));
                    if (a2 != null ? !a2.equals(a3) : a3 != null) {
                        z = false;
                    }
                    if (!z) {
                        throw new a("Issuing distribution point extension from delta CRL and complete CRL does not match.");
                    }
                    try {
                        org.a.a.t a4 = g.a(x509crl2, l);
                        try {
                            org.a.a.t a5 = g.a(x509crl, l);
                            if (a4 == null) {
                                throw new a("CRL authority key identifier is null.");
                            }
                            if (a5 == null) {
                                throw new a("Delta CRL authority key identifier is null.");
                            }
                            if (!a4.equals(a5)) {
                                throw new a("Delta CRL authority key identifier does not match complete CRL authority key identifier.");
                            }
                        } catch (a e2) {
                            throw new a("Authority key identifier extension could not be extracted from delta CRL.", e2);
                        }
                    } catch (a e3) {
                        throw new a("Authority key identifier extension could not be extracted from complete CRL.", e3);
                    }
                } catch (Exception e4) {
                    throw new a("Issuing distribution point extension from delta CRL could not be decoded.", e4);
                }
            }
        } catch (Exception e5) {
            throw new a("Issuing distribution point extension could not be decoded.", e5);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static void a(Date date, X509CRL x509crl, Object obj, h hVar) throws a {
        if (hVar.b() == 11) {
            g.a(date, x509crl, obj, hVar);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static void a(Date date, X509CRL x509crl, Object obj, h hVar, org.a.d.i iVar) throws a {
        if (!iVar.f() || x509crl == null) {
            return;
        }
        g.a(date, x509crl, obj, hVar);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static void a(org.a.a.ae.v vVar, Object obj, X509CRL x509crl) throws a {
        org.a.a.ae.ab[] abVarArr;
        boolean z = false;
        try {
            org.a.a.ae.ai a2 = org.a.a.ae.ai.a(g.a(x509crl, d));
            if (a2 != null) {
                if (a2.f() != null) {
                    org.a.a.ae.w f2 = org.a.a.ae.ai.a(a2).f();
                    ArrayList arrayList = new ArrayList();
                    if (f2.a() == 0) {
                        for (org.a.a.ae.ab abVar : org.a.a.ae.ac.a(f2.b()).a()) {
                            arrayList.add(abVar);
                        }
                    }
                    if (f2.a() == 1) {
                        org.a.a.e eVar = new org.a.a.e();
                        try {
                            Enumeration e2 = org.a.a.u.a(ai.a(x509crl)).e();
                            while (e2.hasMoreElements()) {
                                eVar.a((org.a.a.d) e2.nextElement());
                            }
                            eVar.a(f2.b());
                            arrayList.add(new org.a.a.ae.ab(org.a.a.ad.d.a(new bq(eVar))));
                        } catch (Exception e3) {
                            throw new a("Could not read CRL issuer.", e3);
                        }
                    }
                    if (vVar.a() != null) {
                        org.a.a.ae.w a3 = vVar.a();
                        org.a.a.ae.ab[] a4 = a3.a() == 0 ? org.a.a.ae.ac.a(a3.b()).a() : null;
                        if (a3.a() == 1) {
                            if (vVar.c() != null) {
                                abVarArr = vVar.c().a();
                            } else {
                                org.a.a.ae.ab[] abVarArr2 = new org.a.a.ae.ab[1];
                                try {
                                    abVarArr2[0] = new org.a.a.ae.ab(org.a.a.ad.d.a(ai.a(obj).g()));
                                    abVarArr = abVarArr2;
                                } catch (Exception e4) {
                                    throw new a("Could not read certificate issuer.", e4);
                                }
                            }
                            for (int i2 = 0; i2 < abVarArr.length; i2++) {
                                Enumeration e5 = org.a.a.u.a((Object) abVarArr[i2].b().d()).e();
                                org.a.a.e eVar2 = new org.a.a.e();
                                while (e5.hasMoreElements()) {
                                    eVar2.a((org.a.a.d) e5.nextElement());
                                }
                                eVar2.a(a3.b());
                                abVarArr[i2] = new org.a.a.ae.ab(org.a.a.ad.d.a(new bq(eVar2)));
                            }
                        } else {
                            abVarArr = a4;
                        }
                        if (abVarArr != null) {
                            int i3 = 0;
                            while (true) {
                                if (i3 >= abVarArr.length) {
                                    break;
                                }
                                if (arrayList.contains(abVarArr[i3])) {
                                    z = true;
                                    break;
                                }
                                i3++;
                            }
                        }
                        if (!z) {
                            throw new a("No match for certificate CRL issuing distribution point name to cRLIssuer CRL distribution point.");
                        }
                    } else {
                        if (vVar.c() == null) {
                            throw new a("Either the cRLIssuer or the distributionPoint field must be contained in DistributionPoint.");
                        }
                        org.a.a.ae.ab[] a5 = vVar.c().a();
                        int i4 = 0;
                        while (true) {
                            if (i4 >= a5.length) {
                                break;
                            }
                            if (arrayList.contains(a5[i4])) {
                                z = true;
                                break;
                            }
                            i4++;
                        }
                        if (!z) {
                            throw new a("No match for certificate CRL issuing distribution point name to cRLIssuer CRL distribution point.");
                        }
                    }
                }
                try {
                    org.a.a.ae.j a6 = org.a.a.ae.j.a(g.a((X509Extension) obj, h));
                    if (obj instanceof X509Certificate) {
                        if (a2.a() && a6 != null && a6.a()) {
                            throw new a("CA Cert CRL only contains user certificates.");
                        }
                        if (a2.b() && (a6 == null || !a6.a())) {
                            throw new a("End CRL only contains CA certificates.");
                        }
                    }
                    if (a2.e()) {
                        throw new a("onlyContainsAttributeCerts boolean is asserted.");
                    }
                } catch (Exception e6) {
                    throw new a("Basic constraints extension could not be decoded.", e6);
                }
            }
        } catch (Exception e7) {
            throw new a("Issuing distribution point extension could not be decoded.", e7);
        }
    }

    /* JADX WARN: Code restructure failed: missing block: B:58:0x014c, code lost:
    
        throw r11;
     */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    private static void a(org.a.a.ae.v r16, org.a.d.i r17, java.security.cert.X509Certificate r18, java.util.Date r19, java.security.cert.X509Certificate r20, java.security.PublicKey r21, org.a.e.d.h r22, org.a.e.d.al r23, java.util.List r24, org.a.d.d.c r25) throws org.a.e.d.a {
        /*
            Method dump skipped, instructions count: 337
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: org.a.e.d.aj.a(org.a.a.ae.v, org.a.d.i, java.security.cert.X509Certificate, java.util.Date, java.security.cert.X509Certificate, java.security.PublicKey, org.a.e.d.h, org.a.e.d.al, java.util.List, org.a.d.d.c):void");
    }

    protected static void a(org.a.d.i iVar, X509Certificate x509Certificate, Date date, X509Certificate x509Certificate2, PublicKey publicKey, List list, org.a.d.d.c cVar) throws a {
        a aVar;
        boolean z;
        a aVar2 = null;
        try {
            org.a.a.ae.k a2 = org.a.a.ae.k.a(g.a(x509Certificate, i));
            i.a aVar3 = new i.a(iVar);
            try {
                Iterator<org.a.d.d> it = g.a(a2, iVar.d()).iterator();
                while (it.hasNext()) {
                    aVar3.a(it.next());
                }
                h hVar = new h();
                al alVar = new al();
                org.a.d.i a3 = aVar3.a();
                boolean z2 = false;
                if (a2 != null) {
                    try {
                        org.a.a.ae.v[] a4 = a2.a();
                        if (a4 != null) {
                            int i2 = 0;
                            while (i2 < a4.length && hVar.b() == 11 && !alVar.a()) {
                                try {
                                    a(a4[i2], a3, x509Certificate, date, x509Certificate2, publicKey, hVar, alVar, list, cVar);
                                    z = true;
                                    aVar = aVar2;
                                } catch (a e2) {
                                    aVar = e2;
                                    z = z2;
                                }
                                i2++;
                                z2 = z;
                                aVar2 = aVar;
                            }
                        }
                    } catch (Exception e3) {
                        throw new a("Distribution points could not be read.", e3);
                    }
                }
                if (hVar.b() == 11 && !alVar.a()) {
                    try {
                        try {
                            a(new org.a.a.ae.v(new org.a.a.ae.w(0, new org.a.a.ae.ac(new org.a.a.ae.ab(4, new org.a.a.k(ai.a((Object) x509Certificate).g()).d()))), null, null), (org.a.d.i) iVar.clone(), x509Certificate, date, x509Certificate2, publicKey, hVar, alVar, list, cVar);
                            z2 = true;
                        } catch (Exception e4) {
                            throw new a("Issuer from certificate for CRL could not be reencoded.", e4);
                        }
                    } catch (a e5) {
                        aVar2 = e5;
                    }
                }
                if (!z2) {
                    if (!(aVar2 instanceof a)) {
                        throw new a("No valid CRL found.", aVar2);
                    }
                    throw aVar2;
                }
                if (hVar.b() != 11) {
                    SimpleDateFormat simpleDateFormat = new SimpleDateFormat("yyyy-MM-dd HH:mm:ss Z");
                    simpleDateFormat.setTimeZone(TimeZone.getTimeZone("UTC"));
                    throw new a(("Certificate revocation after " + simpleDateFormat.format(hVar.a())) + ", reason: " + r[hVar.b()]);
                }
                if (!alVar.a() && hVar.b() == 11) {
                    hVar.a(12);
                }
                if (hVar.b() == 12) {
                    throw new a("Certificate status could not be determined.");
                }
            } catch (a e6) {
                throw new a("No additional CRL locations could be decoded from CRL distribution point extension.", e6);
            }
        } catch (Exception e7) {
            throw new a("CRL distribution point extension could not be read.", e7);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static int b(CertPath certPath, int i2, int i3) throws CertPathValidatorException {
        try {
            org.a.a.u a2 = bq.a((Object) g.a((X509Certificate) certPath.getCertificates().get(i2), g));
            if (a2 == null) {
                return i3;
            }
            Enumeration e2 = a2.e();
            while (e2.hasMoreElements()) {
                try {
                    org.a.a.aa a3 = org.a.a.aa.a(e2.nextElement());
                    if (a3.a() == 1) {
                        int intValue = org.a.a.l.a(a3, false).a().intValue();
                        return intValue < i3 ? intValue : i3;
                    }
                } catch (IllegalArgumentException e3) {
                    throw new org.a.e.a.b("Policy constraints extension contents cannot be decoded.", e3, certPath, i2);
                }
            }
            return i3;
        } catch (Exception e4) {
            throw new org.a.e.a.b("Policy constraints extension cannot be decoded.", e4, certPath, i2);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static void b(CertPath certPath, int i2) throws CertPathValidatorException {
        try {
            org.a.a.ae.j a2 = org.a.a.ae.j.a(g.a((X509Certificate) certPath.getCertificates().get(i2), h));
            if (a2 == null) {
                throw new CertPathValidatorException("Intermediate certificate lacks BasicConstraints");
            }
            if (!a2.a()) {
                throw new CertPathValidatorException("Not a CA certificate");
            }
        } catch (Exception e2) {
            throw new org.a.e.a.b("Basic constraints extension cannot be decoded.", e2, certPath, i2);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static void b(CertPath certPath, int i2, af afVar) throws CertPathValidatorException {
        try {
            org.a.a.u a2 = bq.a((Object) g.a((X509Certificate) certPath.getCertificates().get(i2), k));
            org.a.a.ae.al a3 = a2 != null ? org.a.a.ae.al.a((Object) a2) : null;
            if (a3 != null) {
                org.a.a.ae.ae[] a4 = a3.a();
                if (a4 != null) {
                    try {
                        afVar.a(a4);
                    } catch (Exception e2) {
                        throw new org.a.e.a.b("Permitted subtrees cannot be build from name constraints extension.", e2, certPath, i2);
                    }
                }
                org.a.a.ae.ae[] b2 = a3.b();
                if (b2 != null) {
                    for (int i3 = 0; i3 != b2.length; i3++) {
                        try {
                            afVar.b(b2[i3]);
                        } catch (Exception e3) {
                            throw new org.a.e.a.b("Excluded subtrees cannot be build from name constraints extension.", e3, certPath, i2);
                        }
                    }
                }
            }
        } catch (Exception e4) {
            throw new org.a.e.a.b("Name constraints extension could not be decoded.", e4, certPath, i2);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static void b(org.a.a.ae.v vVar, Object obj, X509CRL x509crl) throws a {
        boolean z;
        org.a.a.t a2 = g.a(x509crl, d);
        boolean z2 = a2 != null && org.a.a.ae.ai.a(a2).c();
        try {
            byte[] g2 = ai.a(x509crl).g();
            if (vVar.c() != null) {
                org.a.a.ae.ab[] a3 = vVar.c().a();
                z = false;
                for (int i2 = 0; i2 < a3.length; i2++) {
                    if (a3[i2].a() == 4) {
                        try {
                            if (org.a.h.a.a(a3[i2].b().d().g(), g2)) {
                                z = true;
                            }
                        } catch (IOException e2) {
                            throw new a("CRL issuer information from distribution point cannot be decoded.", e2);
                        }
                    }
                }
                if (z && !z2) {
                    throw new a("Distribution point contains cRLIssuer field but CRL is not indirect.");
                }
                if (!z) {
                    throw new a("CRL issuer of CRL does not match CRL issuer of distribution point.");
                }
            } else {
                z = ai.a(x509crl).equals(ai.a(obj));
            }
            if (!z) {
                throw new a("Cannot find matching CRL issuer for certificate.");
            }
        } catch (IOException e3) {
            throw new a("Exception encoding CRL issuer: " + e3.getMessage(), e3);
        }
    }

    protected static Set[] b(Date date, org.a.d.i iVar, X509Certificate x509Certificate, X509CRL x509crl) throws a {
        HashSet hashSet = new HashSet();
        X509CRLSelector x509CRLSelector = new X509CRLSelector();
        x509CRLSelector.setCertificateChecking(x509Certificate);
        try {
            x509CRLSelector.addIssuerName(ai.a(x509crl).g());
            org.a.d.e<? extends CRL> a2 = new e.a(x509CRLSelector).a(true).a();
            if (iVar.e() != null) {
                date = iVar.e();
            }
            Set a3 = s.a(a2, date, iVar.p(), iVar.c());
            if (iVar.f()) {
                try {
                    hashSet.addAll(g.a(date, x509crl, iVar.p(), iVar.c()));
                } catch (a e2) {
                    throw new a("Exception obtaining delta CRLs.", e2);
                }
            }
            return new Set[]{a3, hashSet};
        } catch (IOException e3) {
            throw new a("Cannot extract issuer from CRL." + e3, e3);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static int c(CertPath certPath, int i2, int i3) throws CertPathValidatorException {
        int intValue;
        try {
            org.a.a.l a2 = org.a.a.l.a((Object) g.a((X509Certificate) certPath.getCertificates().get(i2), c));
            return (a2 == null || (intValue = a2.a().intValue()) >= i3) ? i3 : intValue;
        } catch (Exception e2) {
            throw new org.a.e.a.b("Inhibit any-policy extension cannot be decoded.", e2, certPath, i2);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static void c(CertPath certPath, int i2) throws CertPathValidatorException {
        boolean[] keyUsage = ((X509Certificate) certPath.getCertificates().get(i2)).getKeyUsage();
        if (keyUsage != null && !keyUsage[5]) {
            throw new org.a.e.a.b("Issuer certificate keyusage extension is critical and does not permit key signing.", null, certPath, i2);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static int d(CertPath certPath, int i2, int i3) throws CertPathValidatorException {
        if (g.a((X509Certificate) certPath.getCertificates().get(i2))) {
            return i3;
        }
        if (i3 <= 0) {
            throw new org.a.e.a.b("Max path length not greater than zero", null, certPath, i2);
        }
        return i3 - 1;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static int e(CertPath certPath, int i2, int i3) throws CertPathValidatorException {
        BigInteger b2;
        int intValue;
        try {
            org.a.a.ae.j a2 = org.a.a.ae.j.a(g.a((X509Certificate) certPath.getCertificates().get(i2), h));
            return (a2 == null || (b2 = a2.b()) == null || (intValue = b2.intValue()) >= i3) ? i3 : intValue;
        } catch (Exception e2) {
            throw new org.a.e.a.b("Basic constraints extension cannot be decoded.", e2, certPath, i2);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static int f(CertPath certPath, int i2, int i3) {
        return (g.a((X509Certificate) certPath.getCertificates().get(i2)) || i3 == 0) ? i3 : i3 - 1;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static int g(CertPath certPath, int i2, int i3) {
        return (g.a((X509Certificate) certPath.getCertificates().get(i2)) || i3 == 0) ? i3 : i3 - 1;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static int h(CertPath certPath, int i2, int i3) {
        return (g.a((X509Certificate) certPath.getCertificates().get(i2)) || i3 == 0) ? i3 : i3 - 1;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static int i(CertPath certPath, int i2, int i3) throws CertPathValidatorException {
        try {
            org.a.a.u a2 = bq.a((Object) g.a((X509Certificate) certPath.getCertificates().get(i2), g));
            if (a2 == null) {
                return i3;
            }
            Enumeration e2 = a2.e();
            while (e2.hasMoreElements()) {
                org.a.a.aa aaVar = (org.a.a.aa) e2.nextElement();
                switch (aaVar.a()) {
                    case 0:
                        try {
                            if (org.a.a.l.a(aaVar, false).a().intValue() != 0) {
                                break;
                            } else {
                                return 0;
                            }
                        } catch (Exception e3) {
                            throw new org.a.e.a.b("Policy constraints requireExplicitPolicy field could not be decoded.", e3, certPath, i2);
                        }
                }
            }
            return i3;
        } catch (a e4) {
            throw new org.a.e.a.b("Policy constraints could not be decoded.", e4, certPath, i2);
        }
    }
}
