package org.bouncycastle.jce.provider;

import java.io.IOException;
import java.security.InvalidAlgorithmParameterException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.Principal;
import java.security.cert.CertPath;
import java.security.cert.CertPathBuilder;
import java.security.cert.CertPathBuilderException;
import java.security.cert.CertPathBuilderResult;
import java.security.cert.CertPathValidator;
import java.security.cert.CertPathValidatorException;
import java.security.cert.CertPathValidatorResult;
import java.security.cert.CertificateExpiredException;
import java.security.cert.CertificateNotYetValidException;
import java.security.cert.TrustAnchor;
import java.security.cert.X509Certificate;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Set;
import javax.security.auth.x500.X500Principal;
import org.bouncycastle.asn1.x509.TargetInformation;
import org.bouncycastle.asn1.x509.X509Extensions;
import org.bouncycastle.jce.exception.ExtCertPathValidatorException;
import org.bouncycastle.x509.ExtendedPKIXBuilderParameters;
import org.bouncycastle.x509.ExtendedPKIXParameters;
import org.bouncycastle.x509.PKIXAttrCertChecker;
import org.bouncycastle.x509.X509AttributeCertificate;
import org.bouncycastle.x509.X509CertStoreSelector;

/* loaded from: classes5.dex */
class RFC3281CertPathUtilities {
    private static final String TARGET_INFORMATION = X509Extensions.TargetInformation.getId();
    private static final String NO_REV_AVAIL = X509Extensions.NoRevAvail.getId();
    private static final String CRL_DISTRIBUTION_POINTS = X509Extensions.CRLDistributionPoints.getId();
    private static final String AUTHORITY_INFO_ACCESS = X509Extensions.AuthorityInfoAccess.getId();

    public static void additionalChecks(X509AttributeCertificate x509AttributeCertificate, ExtendedPKIXParameters extendedPKIXParameters) {
        for (String str : extendedPKIXParameters.getProhibitedACAttributes()) {
            if (x509AttributeCertificate.getAttributes(str) != null) {
                throw new CertPathValidatorException("Attribute certificate contains prohibited attribute: " + str + ".");
            }
        }
        for (String str2 : extendedPKIXParameters.getNecessaryACAttributes()) {
            if (x509AttributeCertificate.getAttributes(str2) == null) {
                throw new CertPathValidatorException("Attribute certificate does not contain necessary attribute: " + str2 + ".");
            }
        }
    }

    /* JADX WARN: Code restructure failed: missing block: B:53:0x00e2, code lost:
    
        return;
     */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    private static void checkCRL(org.bouncycastle.asn1.x509.DistributionPoint r22, org.bouncycastle.x509.X509AttributeCertificate r23, org.bouncycastle.x509.ExtendedPKIXParameters r24, java.util.Date r25, java.security.cert.X509Certificate r26, org.bouncycastle.jce.provider.CertStatus r27, org.bouncycastle.jce.provider.ReasonsMask r28, java.util.List r29) {
        /*
            r1 = r22
            r8 = r23
            r9 = r24
            r10 = r25
            r11 = r27
            r12 = r28
            org.bouncycastle.asn1.DERObjectIdentifier r0 = org.bouncycastle.asn1.x509.X509Extensions.NoRevAvail
            java.lang.String r0 = r0.getId()
            byte[] r0 = r8.getExtensionValue(r0)
            if (r0 == 0) goto L19
            return
        L19:
            java.util.Date r13 = new java.util.Date
            long r2 = java.lang.System.currentTimeMillis()
            r13.<init>(r2)
            long r2 = r25.getTime()
            long r4 = r13.getTime()
            int r0 = (r2 > r4 ? 1 : (r2 == r4 ? 0 : -1))
            if (r0 > 0) goto Le4
            java.util.Set r0 = org.bouncycastle.jce.provider.CertPathValidatorUtilities.getCompleteCRLs(r1, r8, r13, r9)
            r2 = 0
            java.util.Iterator r14 = r0.iterator()
            r16 = 0
            r17 = r2
            r0 = r16
        L3d:
            boolean r2 = r14.hasNext()
            if (r2 == 0) goto Le0
            int r2 = r27.getCertStatus()
            r7 = 11
            if (r2 != r7) goto Le0
            boolean r2 = r28.isAllReasons()
            if (r2 != 0) goto Le0
            java.lang.Object r2 = r14.next()     // Catch: org.bouncycastle.jce.provider.AnnotatedException -> Ld8
            r6 = r2
            java.security.cert.X509CRL r6 = (java.security.cert.X509CRL) r6     // Catch: org.bouncycastle.jce.provider.AnnotatedException -> Ld8
            org.bouncycastle.jce.provider.ReasonsMask r5 = org.bouncycastle.jce.provider.RFC3280CertPathUtilities.processCRLD(r6, r1)     // Catch: org.bouncycastle.jce.provider.AnnotatedException -> Ld8
            boolean r2 = r5.hasNewReasons(r12)     // Catch: org.bouncycastle.jce.provider.AnnotatedException -> Ld8
            if (r2 != 0) goto L63
            goto L3d
        L63:
            r4 = 0
            r18 = 0
            r2 = r6
            r3 = r23
            r19 = r5
            r5 = r18
            r15 = r6
            r6 = r24
            r18 = r14
            r14 = r7
            r7 = r29
            java.util.Set r2 = org.bouncycastle.jce.provider.RFC3280CertPathUtilities.processCRLF(r2, r3, r4, r5, r6, r7)     // Catch: org.bouncycastle.jce.provider.AnnotatedException -> Ld6
            java.security.PublicKey r2 = org.bouncycastle.jce.provider.RFC3280CertPathUtilities.processCRLG(r15, r2)     // Catch: org.bouncycastle.jce.provider.AnnotatedException -> Ld6
            boolean r3 = r24.isUseDeltasEnabled()     // Catch: org.bouncycastle.jce.provider.AnnotatedException -> Ld6
            if (r3 == 0) goto L8c
            java.util.Set r3 = org.bouncycastle.jce.provider.CertPathValidatorUtilities.getDeltaCRLs(r13, r9, r15)     // Catch: org.bouncycastle.jce.provider.AnnotatedException -> Ld6
            java.security.cert.X509CRL r2 = org.bouncycastle.jce.provider.RFC3280CertPathUtilities.processCRLH(r3, r2)     // Catch: org.bouncycastle.jce.provider.AnnotatedException -> Ld6
            goto L8e
        L8c:
            r2 = r16
        L8e:
            int r3 = r24.getValidityModel()     // Catch: org.bouncycastle.jce.provider.AnnotatedException -> Ld6
            r4 = 1
            if (r3 == r4) goto Lb2
            java.util.Date r3 = r23.getNotAfter()     // Catch: org.bouncycastle.jce.provider.AnnotatedException -> Ld4
            long r5 = r3.getTime()     // Catch: org.bouncycastle.jce.provider.AnnotatedException -> Ld4
            java.util.Date r3 = r15.getThisUpdate()     // Catch: org.bouncycastle.jce.provider.AnnotatedException -> Ld4
            long r20 = r3.getTime()     // Catch: org.bouncycastle.jce.provider.AnnotatedException -> Ld4
            int r3 = (r5 > r20 ? 1 : (r5 == r20 ? 0 : -1))
            if (r3 < 0) goto Laa
            goto Lb2
        Laa:
            org.bouncycastle.jce.provider.AnnotatedException r0 = new org.bouncycastle.jce.provider.AnnotatedException     // Catch: org.bouncycastle.jce.provider.AnnotatedException -> Ld4
            java.lang.String r2 = "No valid CRL for current time found."
            r0.<init>(r2)     // Catch: org.bouncycastle.jce.provider.AnnotatedException -> Ld4
            throw r0     // Catch: org.bouncycastle.jce.provider.AnnotatedException -> Ld4
        Lb2:
            org.bouncycastle.jce.provider.RFC3280CertPathUtilities.processCRLB1(r1, r8, r15)     // Catch: org.bouncycastle.jce.provider.AnnotatedException -> Ld4
            org.bouncycastle.jce.provider.RFC3280CertPathUtilities.processCRLB2(r1, r8, r15)     // Catch: org.bouncycastle.jce.provider.AnnotatedException -> Ld4
            org.bouncycastle.jce.provider.RFC3280CertPathUtilities.processCRLC(r2, r15, r9)     // Catch: org.bouncycastle.jce.provider.AnnotatedException -> Ld4
            org.bouncycastle.jce.provider.RFC3280CertPathUtilities.processCRLI(r10, r2, r8, r11, r9)     // Catch: org.bouncycastle.jce.provider.AnnotatedException -> Ld4
            org.bouncycastle.jce.provider.RFC3280CertPathUtilities.processCRLJ(r10, r15, r8, r11)     // Catch: org.bouncycastle.jce.provider.AnnotatedException -> Ld4
            int r2 = r27.getCertStatus()     // Catch: org.bouncycastle.jce.provider.AnnotatedException -> Ld4
            r3 = 8
            if (r2 != r3) goto Lcc
            r11.setCertStatus(r14)     // Catch: org.bouncycastle.jce.provider.AnnotatedException -> Ld4
        Lcc:
            r2 = r19
            r12.addReasons(r2)     // Catch: org.bouncycastle.jce.provider.AnnotatedException -> Ld4
            r17 = r4
            goto Ldc
        Ld4:
            r0 = move-exception
            goto Ldc
        Ld6:
            r0 = move-exception
            goto Ldb
        Ld8:
            r0 = move-exception
            r18 = r14
        Ldb:
            r4 = 1
        Ldc:
            r14 = r18
            goto L3d
        Le0:
            if (r17 == 0) goto Le3
            return
        Le3:
            throw r0
        Le4:
            org.bouncycastle.jce.provider.AnnotatedException r0 = new org.bouncycastle.jce.provider.AnnotatedException
            java.lang.String r1 = "Validation time is in future."
            r0.<init>(r1)
            throw r0
        */
        throw new UnsupportedOperationException("Method not decompiled: org.bouncycastle.jce.provider.RFC3281CertPathUtilities.checkCRL(org.bouncycastle.asn1.x509.DistributionPoint, org.bouncycastle.x509.X509AttributeCertificate, org.bouncycastle.x509.ExtendedPKIXParameters, java.util.Date, java.security.cert.X509Certificate, org.bouncycastle.jce.provider.CertStatus, org.bouncycastle.jce.provider.ReasonsMask, java.util.List):void");
    }

    /* JADX WARN: Removed duplicated region for block: B:30:0x00eb  */
    /* JADX WARN: Removed duplicated region for block: B:44:0x0148  */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public static void checkCRLs(org.bouncycastle.x509.X509AttributeCertificate r18, org.bouncycastle.x509.ExtendedPKIXParameters r19, java.security.cert.X509Certificate r20, java.util.Date r21, java.util.List r22) {
        /*
            Method dump skipped, instructions count: 381
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: org.bouncycastle.jce.provider.RFC3281CertPathUtilities.checkCRLs(org.bouncycastle.x509.X509AttributeCertificate, org.bouncycastle.x509.ExtendedPKIXParameters, java.security.cert.X509Certificate, java.util.Date, java.util.List):void");
    }

    public static CertPath processAttrCert1(X509AttributeCertificate x509AttributeCertificate, ExtendedPKIXParameters extendedPKIXParameters) {
        HashSet hashSet = new HashSet();
        if (x509AttributeCertificate.getHolder().getIssuer() != null) {
            X509CertStoreSelector x509CertStoreSelector = new X509CertStoreSelector();
            x509CertStoreSelector.setSerialNumber(x509AttributeCertificate.getHolder().getSerialNumber());
            for (Principal principal : x509AttributeCertificate.getHolder().getIssuer()) {
                try {
                    if (principal instanceof X500Principal) {
                        x509CertStoreSelector.setIssuer(((X500Principal) principal).getEncoded());
                    }
                    hashSet.addAll(CertPathValidatorUtilities.findCertificates(x509CertStoreSelector, extendedPKIXParameters.getStores()));
                } catch (IOException e2) {
                    throw new ExtCertPathValidatorException("Unable to encode X500 principal.", e2);
                } catch (AnnotatedException e3) {
                    throw new ExtCertPathValidatorException("Public key certificate for attribute certificate cannot be searched.", e3);
                }
            }
            if (hashSet.isEmpty()) {
                throw new CertPathValidatorException("Public key certificate specified in base certificate ID for attribute certificate cannot be found.");
            }
        }
        if (x509AttributeCertificate.getHolder().getEntityNames() != null) {
            X509CertStoreSelector x509CertStoreSelector2 = new X509CertStoreSelector();
            for (Principal principal2 : x509AttributeCertificate.getHolder().getEntityNames()) {
                try {
                    if (principal2 instanceof X500Principal) {
                        x509CertStoreSelector2.setIssuer(((X500Principal) principal2).getEncoded());
                    }
                    hashSet.addAll(CertPathValidatorUtilities.findCertificates(x509CertStoreSelector2, extendedPKIXParameters.getStores()));
                } catch (IOException e4) {
                    throw new ExtCertPathValidatorException("Unable to encode X500 principal.", e4);
                } catch (AnnotatedException e5) {
                    throw new ExtCertPathValidatorException("Public key certificate for attribute certificate cannot be searched.", e5);
                }
            }
            if (hashSet.isEmpty()) {
                throw new CertPathValidatorException("Public key certificate specified in entity name for attribute certificate cannot be found.");
            }
        }
        ExtendedPKIXBuilderParameters extendedPKIXBuilderParameters = (ExtendedPKIXBuilderParameters) ExtendedPKIXBuilderParameters.getInstance(extendedPKIXParameters);
        Iterator it = hashSet.iterator();
        ExtCertPathValidatorException extCertPathValidatorException = null;
        CertPathBuilderResult certPathBuilderResult = null;
        while (it.hasNext()) {
            X509CertStoreSelector x509CertStoreSelector3 = new X509CertStoreSelector();
            x509CertStoreSelector3.setCertificate((X509Certificate) it.next());
            extendedPKIXBuilderParameters.setTargetConstraints(x509CertStoreSelector3);
            try {
                try {
                    certPathBuilderResult = CertPathBuilder.getInstance("PKIX", "BC").build(ExtendedPKIXBuilderParameters.getInstance(extendedPKIXBuilderParameters));
                } catch (InvalidAlgorithmParameterException e6) {
                    throw new RuntimeException(e6.getMessage());
                } catch (CertPathBuilderException e7) {
                    extCertPathValidatorException = new ExtCertPathValidatorException("Certification path for public key certificate of attribute certificate could not be build.", e7);
                }
            } catch (NoSuchAlgorithmException e8) {
                throw new ExtCertPathValidatorException("Support class could not be created.", e8);
            } catch (NoSuchProviderException e9) {
                throw new ExtCertPathValidatorException("Support class could not be created.", e9);
            }
        }
        if (extCertPathValidatorException == null) {
            return certPathBuilderResult.getCertPath();
        }
        throw extCertPathValidatorException;
    }

    public static CertPathValidatorResult processAttrCert2(CertPath certPath, ExtendedPKIXParameters extendedPKIXParameters) {
        try {
            try {
                return CertPathValidator.getInstance("PKIX", "BC").validate(certPath, extendedPKIXParameters);
            } catch (InvalidAlgorithmParameterException e2) {
                throw new RuntimeException(e2.getMessage());
            } catch (CertPathValidatorException e3) {
                throw new ExtCertPathValidatorException("Certification path for issuer certificate of attribute certificate could not be validated.", e3);
            }
        } catch (NoSuchAlgorithmException e4) {
            throw new ExtCertPathValidatorException("Support class could not be created.", e4);
        } catch (NoSuchProviderException e5) {
            throw new ExtCertPathValidatorException("Support class could not be created.", e5);
        }
    }

    public static void processAttrCert3(X509Certificate x509Certificate, ExtendedPKIXParameters extendedPKIXParameters) {
        if (x509Certificate.getKeyUsage() != null && !x509Certificate.getKeyUsage()[0] && !x509Certificate.getKeyUsage()[1]) {
            throw new CertPathValidatorException("Attribute certificate issuer public key cannot be used to validate digital signatures.");
        }
        if (x509Certificate.getBasicConstraints() != -1) {
            throw new CertPathValidatorException("Attribute certificate issuer is also a public key certificate issuer.");
        }
    }

    public static void processAttrCert4(X509Certificate x509Certificate, ExtendedPKIXParameters extendedPKIXParameters) {
        boolean z = false;
        for (TrustAnchor trustAnchor : extendedPKIXParameters.getTrustedACIssuers()) {
            if (x509Certificate.getSubjectX500Principal().getName("RFC2253").equals(trustAnchor.getCAName()) || x509Certificate.equals(trustAnchor.getTrustedCert())) {
                z = true;
            }
        }
        if (!z) {
            throw new CertPathValidatorException("Attribute certificate issuer is not directly trusted.");
        }
    }

    public static void processAttrCert5(X509AttributeCertificate x509AttributeCertificate, ExtendedPKIXParameters extendedPKIXParameters) {
        try {
            x509AttributeCertificate.checkValidity(CertPathValidatorUtilities.getValidDate(extendedPKIXParameters));
        } catch (CertificateExpiredException e2) {
            throw new ExtCertPathValidatorException("Attribute certificate is not valid.", e2);
        } catch (CertificateNotYetValidException e3) {
            throw new ExtCertPathValidatorException("Attribute certificate is not valid.", e3);
        }
    }

    public static void processAttrCert7(X509AttributeCertificate x509AttributeCertificate, CertPath certPath, CertPath certPath2, ExtendedPKIXParameters extendedPKIXParameters) {
        Set<String> criticalExtensionOIDs = x509AttributeCertificate.getCriticalExtensionOIDs();
        String str = TARGET_INFORMATION;
        if (criticalExtensionOIDs.contains(str)) {
            try {
                TargetInformation.getInstance(CertPathValidatorUtilities.getExtensionValue(x509AttributeCertificate, str));
            } catch (IllegalArgumentException e2) {
                throw new ExtCertPathValidatorException("Target information extension could not be read.", e2);
            } catch (AnnotatedException e3) {
                throw new ExtCertPathValidatorException("Target information extension could not be read.", e3);
            }
        }
        criticalExtensionOIDs.remove(str);
        Iterator it = extendedPKIXParameters.getAttrCertCheckers().iterator();
        while (it.hasNext()) {
            ((PKIXAttrCertChecker) it.next()).check(x509AttributeCertificate, certPath, certPath2, criticalExtensionOIDs);
        }
        if (criticalExtensionOIDs.isEmpty()) {
            return;
        }
        throw new CertPathValidatorException("Attribute certificate contains unsupported critical extensions: " + criticalExtensionOIDs);
    }
}
