package org.spongycastle.jce.provider;

import android.support.v4.os.EnvironmentCompat;
import cn.ahurls.shequ.common.URLs;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.math.BigInteger;
import java.security.GeneralSecurityException;
import java.security.KeyFactory;
import java.security.PublicKey;
import java.security.cert.CRLException;
import java.security.cert.CertPath;
import java.security.cert.CertPathValidatorException;
import java.security.cert.CertStore;
import java.security.cert.CertStoreException;
import java.security.cert.Certificate;
import java.security.cert.CertificateParsingException;
import java.security.cert.PKIXParameters;
import java.security.cert.PolicyQualifierInfo;
import java.security.cert.TrustAnchor;
import java.security.cert.X509CRL;
import java.security.cert.X509CRLEntry;
import java.security.cert.X509CRLSelector;
import java.security.cert.X509CertSelector;
import java.security.cert.X509Certificate;
import java.security.cert.X509Extension;
import java.security.interfaces.DSAParams;
import java.security.interfaces.DSAPublicKey;
import java.security.spec.DSAPublicKeySpec;
import java.text.ParseException;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Date;
import java.util.Enumeration;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Set;
import javax.security.auth.x500.X500Principal;
import org.spongycastle.asn1.ASN1Encodable;
import org.spongycastle.asn1.ASN1Enumerated;
import org.spongycastle.asn1.ASN1GeneralizedTime;
import org.spongycastle.asn1.ASN1InputStream;
import org.spongycastle.asn1.ASN1Integer;
import org.spongycastle.asn1.ASN1ObjectIdentifier;
import org.spongycastle.asn1.ASN1OctetString;
import org.spongycastle.asn1.ASN1OutputStream;
import org.spongycastle.asn1.ASN1Primitive;
import org.spongycastle.asn1.ASN1Sequence;
import org.spongycastle.asn1.DERIA5String;
import org.spongycastle.asn1.DERSequence;
import org.spongycastle.asn1.isismtt.ISISMTTObjectIdentifiers;
import org.spongycastle.asn1.x509.AlgorithmIdentifier;
import org.spongycastle.asn1.x509.CRLDistPoint;
import org.spongycastle.asn1.x509.DistributionPoint;
import org.spongycastle.asn1.x509.DistributionPointName;
import org.spongycastle.asn1.x509.Extension;
import org.spongycastle.asn1.x509.GeneralName;
import org.spongycastle.asn1.x509.GeneralNames;
import org.spongycastle.asn1.x509.PolicyInformation;
import org.spongycastle.asn1.x509.SubjectPublicKeyInfo;
import org.spongycastle.jce.X509LDAPCertStoreParameters;
import org.spongycastle.jce.exception.ExtCertPathValidatorException;
import org.spongycastle.util.Integers;
import org.spongycastle.util.StoreException;
import org.spongycastle.x509.ExtendedPKIXBuilderParameters;
import org.spongycastle.x509.ExtendedPKIXParameters;
import org.spongycastle.x509.X509AttributeCertStoreSelector;
import org.spongycastle.x509.X509AttributeCertificate;
import org.spongycastle.x509.X509CRLStoreSelector;
import org.spongycastle.x509.X509CertStoreSelector;
import org.spongycastle.x509.X509Store;

/* loaded from: classes2.dex */
public class CertPathValidatorUtilities {
    protected static final String o = "2.5.29.32.0";
    protected static final int q = 5;
    protected static final int r = 6;
    protected static final PKIXCRLUtil a = new PKIXCRLUtil();
    protected static final String b = Extension.q.a();
    protected static final String c = Extension.g.a();
    protected static final String d = Extension.r.a();
    protected static final String e = Extension.e.a();
    protected static final String f = Extension.o.a();
    protected static final String g = Extension.c.a();
    protected static final String h = Extension.w.a();
    protected static final String i = Extension.m.a();
    protected static final String j = Extension.l.a();
    protected static final String k = Extension.t.a();
    protected static final String l = Extension.v.a();
    protected static final String m = Extension.p.a();
    protected static final String n = Extension.s.a();
    protected static final String p = Extension.h.a();
    protected static final String[] s = {"unspecified", "keyCompromise", "cACompromise", "affiliationChanged", "superseded", "cessationOfOperation", "certificateHold", EnvironmentCompat.a, "removeFromCRL", "privilegeWithdrawn", "aACompromise"};

    /* JADX INFO: Access modifiers changed from: protected */
    public static PublicKey a(List list, int i2) throws CertPathValidatorException {
        PublicKey publicKey = ((Certificate) list.get(i2)).getPublicKey();
        if (!(publicKey instanceof DSAPublicKey)) {
            return publicKey;
        }
        DSAPublicKey dSAPublicKey = (DSAPublicKey) publicKey;
        if (dSAPublicKey.getParams() != null) {
            return dSAPublicKey;
        }
        int i3 = i2 + 1;
        while (true) {
            int i4 = i3;
            if (i4 >= list.size()) {
                throw new CertPathValidatorException("DSA parameters cannot be inherited from previous certificate.");
            }
            PublicKey publicKey2 = ((X509Certificate) list.get(i4)).getPublicKey();
            if (!(publicKey2 instanceof DSAPublicKey)) {
                throw new CertPathValidatorException("DSA parameters cannot be inherited from previous certificate.");
            }
            DSAPublicKey dSAPublicKey2 = (DSAPublicKey) publicKey2;
            if (dSAPublicKey2.getParams() != null) {
                DSAParams params = dSAPublicKey2.getParams();
                try {
                    return KeyFactory.getInstance("DSA", BouncyCastleProvider.e).generatePublic(new DSAPublicKeySpec(dSAPublicKey.getY(), params.getP(), params.getQ(), params.getG()));
                } catch (Exception e2) {
                    throw new RuntimeException(e2.getMessage());
                }
            }
            i3 = i4 + 1;
        }
    }

    protected static TrustAnchor a(X509Certificate x509Certificate, Set set) throws AnnotatedException {
        return a(x509Certificate, set, (String) null);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static TrustAnchor a(X509Certificate x509Certificate, Set set, String str) throws AnnotatedException {
        PublicKey publicKey;
        TrustAnchor trustAnchor;
        X509CertSelector x509CertSelector = new X509CertSelector();
        X500Principal a2 = a((Object) x509Certificate);
        try {
            x509CertSelector.setSubject(a2.getEncoded());
            Iterator it = set.iterator();
            Exception exc = null;
            PublicKey publicKey2 = null;
            TrustAnchor trustAnchor2 = null;
            while (it.hasNext() && trustAnchor2 == null) {
                TrustAnchor trustAnchor3 = (TrustAnchor) it.next();
                if (trustAnchor3.getTrustedCert() != null) {
                    if (x509CertSelector.match(trustAnchor3.getTrustedCert())) {
                        trustAnchor = trustAnchor3;
                        publicKey = trustAnchor3.getTrustedCert().getPublicKey();
                    } else {
                        publicKey = publicKey2;
                        trustAnchor = null;
                    }
                } else if (trustAnchor3.getCAName() == null || trustAnchor3.getCAPublicKey() == null) {
                    publicKey = publicKey2;
                    trustAnchor = null;
                } else {
                    try {
                        if (a2.equals(new X500Principal(trustAnchor3.getCAName()))) {
                            publicKey2 = trustAnchor3.getCAPublicKey();
                        } else {
                            trustAnchor3 = null;
                        }
                        PublicKey publicKey3 = publicKey2;
                        trustAnchor = trustAnchor3;
                        publicKey = publicKey3;
                    } catch (IllegalArgumentException e2) {
                        publicKey = publicKey2;
                        trustAnchor = null;
                    }
                }
                if (publicKey != null) {
                    try {
                        a(x509Certificate, publicKey, str);
                        PublicKey publicKey4 = publicKey;
                        trustAnchor2 = trustAnchor;
                        publicKey2 = publicKey4;
                    } catch (Exception e3) {
                        exc = e3;
                        publicKey2 = null;
                        trustAnchor2 = null;
                    }
                } else {
                    PublicKey publicKey5 = publicKey;
                    trustAnchor2 = trustAnchor;
                    publicKey2 = publicKey5;
                }
            }
            if (trustAnchor2 != null || exc == null) {
                return trustAnchor2;
            }
            throw new AnnotatedException("TrustAnchor found but certificate validation failed.", exc);
        } catch (IOException e4) {
            throw new AnnotatedException("Cannot set subject search criteria for trust anchor.", e4);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static Collection a(X509Certificate x509Certificate, ExtendedPKIXBuilderParameters extendedPKIXBuilderParameters) throws AnnotatedException {
        X509CertStoreSelector x509CertStoreSelector = new X509CertStoreSelector();
        HashSet hashSet = new HashSet();
        try {
            x509CertStoreSelector.setSubject(x509Certificate.getIssuerX500Principal().getEncoded());
            try {
                ArrayList arrayList = new ArrayList();
                arrayList.addAll(a(x509CertStoreSelector, extendedPKIXBuilderParameters.getCertStores()));
                arrayList.addAll(a(x509CertStoreSelector, extendedPKIXBuilderParameters.f()));
                arrayList.addAll(a(x509CertStoreSelector, extendedPKIXBuilderParameters.e()));
                Iterator it = arrayList.iterator();
                while (it.hasNext()) {
                    hashSet.add((X509Certificate) it.next());
                }
                return hashSet;
            } catch (AnnotatedException e2) {
                throw new AnnotatedException("Issuer certificate cannot be searched.", e2);
            }
        } catch (IOException e3) {
            throw new AnnotatedException("Subject criteria for certificate selector to find issuer certificate could not be set.", e3);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static Collection a(X509AttributeCertStoreSelector x509AttributeCertStoreSelector, List list) throws AnnotatedException {
        HashSet hashSet = new HashSet();
        for (Object obj : list) {
            if (obj instanceof X509Store) {
                try {
                    hashSet.addAll(((X509Store) obj).a(x509AttributeCertStoreSelector));
                } catch (StoreException e2) {
                    throw new AnnotatedException("Problem while picking certificates from X.509 store.", e2);
                }
            }
        }
        return hashSet;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static Collection a(X509CertStoreSelector x509CertStoreSelector, List list) throws AnnotatedException {
        HashSet hashSet = new HashSet();
        for (Object obj : list) {
            if (obj instanceof X509Store) {
                try {
                    hashSet.addAll(((X509Store) obj).a(x509CertStoreSelector));
                } catch (StoreException e2) {
                    throw new AnnotatedException("Problem while picking certificates from X.509 store.", e2);
                }
            } else {
                try {
                    hashSet.addAll(((CertStore) obj).getCertificates(x509CertStoreSelector));
                } catch (CertStoreException e3) {
                    throw new AnnotatedException("Problem while picking certificates from certificate store.", e3);
                }
            }
        }
        return hashSet;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static Date a(PKIXParameters pKIXParameters) {
        Date date = pKIXParameters.getDate();
        return date == null ? new Date() : date;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static Date a(ExtendedPKIXParameters extendedPKIXParameters, CertPath certPath, int i2) throws AnnotatedException {
        if (extendedPKIXParameters.d() == 1 && i2 > 0) {
            if (i2 - 1 != 0) {
                return ((X509Certificate) certPath.getCertificates().get(i2 - 1)).getNotBefore();
            }
            try {
                byte[] extensionValue = ((X509Certificate) certPath.getCertificates().get(i2 - 1)).getExtensionValue(ISISMTTObjectIdentifiers.e.a());
                ASN1GeneralizedTime a2 = extensionValue != null ? ASN1GeneralizedTime.a((Object) ASN1Primitive.b(extensionValue)) : null;
                if (a2 == null) {
                    return ((X509Certificate) certPath.getCertificates().get(i2 - 1)).getNotBefore();
                }
                try {
                    return a2.f();
                } catch (ParseException e2) {
                    throw new AnnotatedException("Date from date of cert gen extension could not be parsed.", e2);
                }
            } catch (IOException e3) {
                throw new AnnotatedException("Date of cert gen extension could not be read.");
            } catch (IllegalArgumentException e4) {
                throw new AnnotatedException("Date of cert gen extension could not be read.");
            }
        }
        return a((PKIXParameters) extendedPKIXParameters);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static Set a(Date date, ExtendedPKIXParameters extendedPKIXParameters, X509CRL x509crl) throws AnnotatedException {
        X509CRLStoreSelector x509CRLStoreSelector = new X509CRLStoreSelector();
        try {
            x509CRLStoreSelector.addIssuerName(a(x509crl).getEncoded());
            try {
                ASN1Primitive a2 = a(x509crl, p);
                BigInteger e2 = a2 != null ? ASN1Integer.a((Object) a2).e() : null;
                try {
                    byte[] extensionValue = x509crl.getExtensionValue(i);
                    x509CRLStoreSelector.setMinCRLNumber(e2 != null ? e2.add(BigInteger.valueOf(1L)) : null);
                    x509CRLStoreSelector.a(extensionValue);
                    x509CRLStoreSelector.a(true);
                    x509CRLStoreSelector.a(e2);
                    Set<X509CRL> a3 = a.a(x509CRLStoreSelector, extendedPKIXParameters, date);
                    HashSet hashSet = new HashSet();
                    for (X509CRL x509crl2 : a3) {
                        if (b(x509crl2)) {
                            hashSet.add(x509crl2);
                        }
                    }
                    return hashSet;
                } catch (Exception e3) {
                    throw new AnnotatedException("Issuing distribution point extension value could not be read.", e3);
                }
            } catch (Exception e4) {
                throw new AnnotatedException("CRL number extension could not be extracted from CRL.", e4);
            }
        } catch (IOException e5) {
            throw new AnnotatedException("Cannot extract issuer from CRL.", e5);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static final Set a(ASN1Sequence aSN1Sequence) throws CertPathValidatorException {
        HashSet hashSet = new HashSet();
        if (aSN1Sequence == null) {
            return hashSet;
        }
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        ASN1OutputStream aSN1OutputStream = new ASN1OutputStream(byteArrayOutputStream);
        Enumeration e2 = aSN1Sequence.e();
        while (e2.hasMoreElements()) {
            try {
                aSN1OutputStream.a((ASN1Encodable) e2.nextElement());
                hashSet.add(new PolicyQualifierInfo(byteArrayOutputStream.toByteArray()));
                byteArrayOutputStream.reset();
            } catch (IOException e3) {
                throw new ExtCertPathValidatorException("Policy qualifier info cannot be decoded.", e3);
            }
        }
        return hashSet;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static Set a(DistributionPoint distributionPoint, Object obj, Date date, ExtendedPKIXParameters extendedPKIXParameters) throws AnnotatedException {
        X509CRLStoreSelector x509CRLStoreSelector = new X509CRLStoreSelector();
        try {
            HashSet hashSet = new HashSet();
            if (obj instanceof X509AttributeCertificate) {
                hashSet.add(((X509AttributeCertificate) obj).f().a()[0]);
            } else {
                hashSet.add(a(obj));
            }
            a(distributionPoint, hashSet, x509CRLStoreSelector, extendedPKIXParameters);
            if (obj instanceof X509Certificate) {
                x509CRLStoreSelector.setCertificateChecking((X509Certificate) obj);
            } else if (obj instanceof X509AttributeCertificate) {
                x509CRLStoreSelector.a((X509AttributeCertificate) obj);
            }
            x509CRLStoreSelector.c(true);
            Set a2 = a.a(x509CRLStoreSelector, extendedPKIXParameters, date);
            if (!a2.isEmpty()) {
                return a2;
            }
            if (obj instanceof X509AttributeCertificate) {
                throw new AnnotatedException("No CRLs found for issuer \"" + ((X509AttributeCertificate) obj).f().a()[0] + "\"");
            }
            throw new AnnotatedException("No CRLs found for issuer \"" + ((X509Certificate) obj).getIssuerX500Principal() + "\"");
        } catch (AnnotatedException e2) {
            throw new AnnotatedException("Could not get issuer information from distribution point.", e2);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static X500Principal a(Object obj) {
        return obj instanceof X509Certificate ? ((X509Certificate) obj).getIssuerX500Principal() : (X500Principal) ((X509AttributeCertificate) obj).f().a()[0];
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static X500Principal a(X509CRL x509crl) {
        return x509crl.getIssuerX500Principal();
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static X500Principal a(X509Certificate x509Certificate) {
        return x509Certificate.getSubjectX500Principal();
    }

    private static ASN1Primitive a(String str, byte[] bArr) throws AnnotatedException {
        try {
            return new ASN1InputStream(((ASN1OctetString) new ASN1InputStream(bArr).d()).f()).d();
        } catch (Exception e2) {
            throw new AnnotatedException("exception processing extension " + str, e2);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static ASN1Primitive a(X509Extension x509Extension, String str) throws AnnotatedException {
        byte[] extensionValue = x509Extension.getExtensionValue(str);
        if (extensionValue == null) {
            return null;
        }
        return a(str, extensionValue);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static AlgorithmIdentifier a(PublicKey publicKey) throws CertPathValidatorException {
        try {
            return SubjectPublicKeyInfo.a(new ASN1InputStream(publicKey.getEncoded()).d()).b();
        } catch (Exception e2) {
            throw new ExtCertPathValidatorException("Subject public key cannot be decoded.", e2);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static PKIXPolicyNode a(int i2, List[] listArr, String str, PKIXPolicyNode pKIXPolicyNode) {
        int i3;
        Iterator it = listArr[i2].iterator();
        while (it.hasNext()) {
            PKIXPolicyNode pKIXPolicyNode2 = (PKIXPolicyNode) it.next();
            if (pKIXPolicyNode2.getValidPolicy().equals(str)) {
                ((PKIXPolicyNode) pKIXPolicyNode2.getParent()).b(pKIXPolicyNode2);
                it.remove();
                int i4 = i2 - 1;
                PKIXPolicyNode pKIXPolicyNode3 = pKIXPolicyNode;
                while (i4 >= 0) {
                    List list = listArr[i4];
                    PKIXPolicyNode pKIXPolicyNode4 = pKIXPolicyNode3;
                    while (true) {
                        int i5 = i3;
                        if (i5 < list.size()) {
                            PKIXPolicyNode pKIXPolicyNode5 = (PKIXPolicyNode) list.get(i5);
                            i3 = (pKIXPolicyNode5.a() || (pKIXPolicyNode4 = a(pKIXPolicyNode4, listArr, pKIXPolicyNode5)) != null) ? i5 + 1 : 0;
                        }
                    }
                    i4--;
                    pKIXPolicyNode3 = pKIXPolicyNode4;
                }
                pKIXPolicyNode = pKIXPolicyNode3;
            }
        }
        return pKIXPolicyNode;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static PKIXPolicyNode a(PKIXPolicyNode pKIXPolicyNode, List[] listArr, PKIXPolicyNode pKIXPolicyNode2) {
        PKIXPolicyNode pKIXPolicyNode3 = (PKIXPolicyNode) pKIXPolicyNode2.getParent();
        if (pKIXPolicyNode == null) {
            return null;
        }
        if (pKIXPolicyNode3 != null) {
            pKIXPolicyNode3.b(pKIXPolicyNode2);
            a(listArr, pKIXPolicyNode2);
            return pKIXPolicyNode;
        }
        for (int i2 = 0; i2 < listArr.length; i2++) {
            listArr[i2] = new ArrayList();
        }
        return null;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static void a(int i2, List[] listArr, String str, Map map, X509Certificate x509Certificate) throws AnnotatedException, CertPathValidatorException {
        boolean z;
        Iterator it = listArr[i2].iterator();
        while (true) {
            if (!it.hasNext()) {
                z = false;
                break;
            }
            PKIXPolicyNode pKIXPolicyNode = (PKIXPolicyNode) it.next();
            if (pKIXPolicyNode.getValidPolicy().equals(str)) {
                pKIXPolicyNode.c = (Set) map.get(str);
                z = true;
                break;
            }
        }
        if (z) {
            return;
        }
        for (PKIXPolicyNode pKIXPolicyNode2 : listArr[i2]) {
            if ("2.5.29.32.0".equals(pKIXPolicyNode2.getValidPolicy())) {
                Set set = null;
                try {
                    Enumeration e2 = DERSequence.a((Object) a(x509Certificate, b)).e();
                    while (true) {
                        if (!e2.hasMoreElements()) {
                            break;
                        }
                        try {
                            PolicyInformation a2 = PolicyInformation.a(e2.nextElement());
                            if ("2.5.29.32.0".equals(a2.a().a())) {
                                try {
                                    set = a(a2.b());
                                    break;
                                } catch (CertPathValidatorException e3) {
                                    throw new ExtCertPathValidatorException("Policy qualifier info set could not be built.", e3);
                                }
                            }
                        } catch (Exception e4) {
                            throw new AnnotatedException("Policy information cannot be decoded.", e4);
                        }
                    }
                    boolean contains = x509Certificate.getCriticalExtensionOIDs() != null ? x509Certificate.getCriticalExtensionOIDs().contains(b) : false;
                    PKIXPolicyNode pKIXPolicyNode3 = (PKIXPolicyNode) pKIXPolicyNode2.getParent();
                    if ("2.5.29.32.0".equals(pKIXPolicyNode3.getValidPolicy())) {
                        PKIXPolicyNode pKIXPolicyNode4 = new PKIXPolicyNode(new ArrayList(), i2, (Set) map.get(str), pKIXPolicyNode3, set, str, contains);
                        pKIXPolicyNode3.a(pKIXPolicyNode4);
                        listArr[i2].add(pKIXPolicyNode4);
                        return;
                    }
                    return;
                } catch (Exception e5) {
                    throw new AnnotatedException("Certificate policies cannot be decoded.", e5);
                }
            }
        }
    }

    protected static void a(String str, ExtendedPKIXParameters extendedPKIXParameters) {
        String str2;
        if (extendedPKIXParameters.g()) {
            try {
                if (str.startsWith("ldap://")) {
                    String substring = str.substring(7);
                    String str3 = null;
                    if (substring.indexOf(URLs.e) != -1) {
                        str3 = substring.substring(substring.indexOf(URLs.e));
                        str2 = "ldap://" + substring.substring(0, substring.indexOf(URLs.e));
                    } else {
                        str2 = "ldap://" + substring;
                    }
                    X509LDAPCertStoreParameters a2 = new X509LDAPCertStoreParameters.Builder(str2, str3).a();
                    extendedPKIXParameters.b(X509Store.a("CERTIFICATE/LDAP", a2, BouncyCastleProvider.e));
                    extendedPKIXParameters.b(X509Store.a("CRL/LDAP", a2, BouncyCastleProvider.e));
                    extendedPKIXParameters.b(X509Store.a("ATTRIBUTECERTIFICATE/LDAP", a2, BouncyCastleProvider.e));
                    extendedPKIXParameters.b(X509Store.a("CERTIFICATEPAIR/LDAP", a2, BouncyCastleProvider.e));
                }
            } catch (Exception e2) {
                throw new RuntimeException("Exception adding X.509 stores.");
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static void a(X509Certificate x509Certificate, PublicKey publicKey, String str) throws GeneralSecurityException {
        if (str == null) {
            x509Certificate.verify(publicKey);
        } else {
            x509Certificate.verify(publicKey, str);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static void a(X509Certificate x509Certificate, ExtendedPKIXParameters extendedPKIXParameters) throws CertificateParsingException {
        if (x509Certificate.getIssuerAlternativeNames() != null) {
            for (List<?> list : x509Certificate.getIssuerAlternativeNames()) {
                if (list.get(0).equals(Integers.a(6))) {
                    a((String) list.get(1), extendedPKIXParameters);
                }
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static void a(Date date, X509CRL x509crl, Object obj, CertStatus certStatus) throws AnnotatedException {
        X509CRLEntry revokedCertificate;
        try {
            if (X509CRLObject.a(x509crl)) {
                X509CRLEntry revokedCertificate2 = x509crl.getRevokedCertificate(b(obj));
                if (revokedCertificate2 == null) {
                    return;
                }
                X500Principal certificateIssuer = revokedCertificate2.getCertificateIssuer();
                if (certificateIssuer == null) {
                    certificateIssuer = a(x509crl);
                }
                if (!a(obj).equals(certificateIssuer)) {
                    return;
                } else {
                    revokedCertificate = revokedCertificate2;
                }
            } else if (!a(obj).equals(a(x509crl)) || (revokedCertificate = x509crl.getRevokedCertificate(b(obj))) == null) {
                return;
            }
            ASN1Enumerated aSN1Enumerated = null;
            if (revokedCertificate.hasExtensions()) {
                try {
                    aSN1Enumerated = ASN1Enumerated.a((Object) a(revokedCertificate, org.spongycastle.asn1.x509.X509Extension.i.a()));
                } catch (Exception e2) {
                    throw new AnnotatedException("Reason code CRL entry extension could not be decoded.", e2);
                }
            }
            if (date.getTime() >= revokedCertificate.getRevocationDate().getTime() || aSN1Enumerated == null || aSN1Enumerated.a().intValue() == 0 || aSN1Enumerated.a().intValue() == 1 || aSN1Enumerated.a().intValue() == 2 || aSN1Enumerated.a().intValue() == 8) {
                if (aSN1Enumerated != null) {
                    certStatus.a(aSN1Enumerated.a().intValue());
                } else {
                    certStatus.a(0);
                }
                certStatus.a(revokedCertificate.getRevocationDate());
            }
        } catch (CRLException e3) {
            throw new AnnotatedException("Failed check for indirect CRL.", e3);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static void a(CRLDistPoint cRLDistPoint, ExtendedPKIXParameters extendedPKIXParameters) throws AnnotatedException {
        if (cRLDistPoint != null) {
            try {
                for (DistributionPoint distributionPoint : cRLDistPoint.a()) {
                    DistributionPointName a2 = distributionPoint.a();
                    if (a2 != null && a2.a() == 0) {
                        GeneralName[] a3 = GeneralNames.a(a2.b()).a();
                        for (int i2 = 0; i2 < a3.length; i2++) {
                            if (a3[i2].a() == 6) {
                                a(DERIA5String.a(a3[i2].b()).a(), extendedPKIXParameters);
                            }
                        }
                    }
                }
            } catch (Exception e2) {
                throw new AnnotatedException("Distribution points could not be read.", e2);
            }
        }
    }

    protected static void a(DistributionPoint distributionPoint, Collection collection, X509CRLSelector x509CRLSelector, ExtendedPKIXParameters extendedPKIXParameters) throws AnnotatedException {
        ArrayList arrayList = new ArrayList();
        if (distributionPoint.c() != null) {
            GeneralName[] a2 = distributionPoint.c().a();
            for (int i2 = 0; i2 < a2.length; i2++) {
                if (a2[i2].a() == 4) {
                    try {
                        arrayList.add(new X500Principal(a2[i2].b().d().g()));
                    } catch (IOException e2) {
                        throw new AnnotatedException("CRL issuer information from distribution point cannot be decoded.", e2);
                    }
                }
            }
        } else {
            if (distributionPoint.a() == null) {
                throw new AnnotatedException("CRL issuer is omitted from distribution point but no distributionPoint field present.");
            }
            Iterator it = collection.iterator();
            while (it.hasNext()) {
                arrayList.add((X500Principal) it.next());
            }
        }
        Iterator it2 = arrayList.iterator();
        while (it2.hasNext()) {
            try {
                x509CRLSelector.addIssuerName(((X500Principal) it2.next()).getEncoded());
            } catch (IOException e3) {
                throw new AnnotatedException("Cannot decode CRL issuer information.", e3);
            }
        }
    }

    private static void a(List[] listArr, PKIXPolicyNode pKIXPolicyNode) {
        listArr[pKIXPolicyNode.getDepth()].remove(pKIXPolicyNode);
        if (pKIXPolicyNode.a()) {
            Iterator children = pKIXPolicyNode.getChildren();
            while (children.hasNext()) {
                a(listArr, (PKIXPolicyNode) children.next());
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static boolean a(int i2, List[] listArr, ASN1ObjectIdentifier aSN1ObjectIdentifier, Set set) {
        List list = listArr[i2 - 1];
        for (int i3 = 0; i3 < list.size(); i3++) {
            PKIXPolicyNode pKIXPolicyNode = (PKIXPolicyNode) list.get(i3);
            if (pKIXPolicyNode.getExpectedPolicies().contains(aSN1ObjectIdentifier.a())) {
                HashSet hashSet = new HashSet();
                hashSet.add(aSN1ObjectIdentifier.a());
                PKIXPolicyNode pKIXPolicyNode2 = new PKIXPolicyNode(new ArrayList(), i2, hashSet, pKIXPolicyNode, set, aSN1ObjectIdentifier.a(), false);
                pKIXPolicyNode.a(pKIXPolicyNode2);
                listArr[i2].add(pKIXPolicyNode2);
                return true;
            }
        }
        return false;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static boolean a(Set set) {
        return set == null || set.contains("2.5.29.32.0") || set.isEmpty();
    }

    private static BigInteger b(Object obj) {
        return obj instanceof X509Certificate ? ((X509Certificate) obj).getSerialNumber() : ((X509AttributeCertificate) obj).b();
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static void b(int i2, List[] listArr, ASN1ObjectIdentifier aSN1ObjectIdentifier, Set set) {
        List list = listArr[i2 - 1];
        for (int i3 = 0; i3 < list.size(); i3++) {
            PKIXPolicyNode pKIXPolicyNode = (PKIXPolicyNode) list.get(i3);
            if ("2.5.29.32.0".equals(pKIXPolicyNode.getValidPolicy())) {
                HashSet hashSet = new HashSet();
                hashSet.add(aSN1ObjectIdentifier.a());
                PKIXPolicyNode pKIXPolicyNode2 = new PKIXPolicyNode(new ArrayList(), i2, hashSet, pKIXPolicyNode, set, aSN1ObjectIdentifier.a(), false);
                pKIXPolicyNode.a(pKIXPolicyNode2);
                listArr[i2].add(pKIXPolicyNode2);
                return;
            }
        }
    }

    private static boolean b(X509CRL x509crl) {
        Set<String> criticalExtensionOIDs = x509crl.getCriticalExtensionOIDs();
        if (criticalExtensionOIDs == null) {
            return false;
        }
        return criticalExtensionOIDs.contains(RFC3280CertPathUtilities.f);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static boolean b(X509Certificate x509Certificate) {
        return x509Certificate.getSubjectDN().equals(x509Certificate.getIssuerDN());
    }
}
