package gnu.crypto.pki.provider;

import gnu.crypto.der.OID;
import gnu.crypto.pki.GnuPKIExtension;
import gnu.crypto.pki.PolicyNodeImpl;
import gnu.crypto.pki.X509CertSelectorImpl;
import gnu.crypto.pki.X509CertificateBuilder;
import gnu.crypto.pki.ext.BasicConstraints;
import gnu.crypto.pki.ext.CertificatePolicies;
import gnu.crypto.pki.ext.Extension;
import java.security.PublicKey;
import java.security.cert.CertPathValidatorException;
import java.security.cert.CertPathValidatorSpi;
import java.security.cert.CertStore;
import java.security.cert.CertStoreException;
import java.security.cert.PKIXParameters;
import java.security.cert.X509CRL;
import java.security.cert.X509Certificate;
import java.util.Collections;
import java.util.Date;
import java.util.HashSet;
import java.util.Iterator;
import java.util.LinkedList;
import java.util.List;
import java.util.Set;

/* loaded from: classes2.dex */
public class PKIXCertPathValidator extends CertPathValidatorSpi {
    public static final String ANY_POLICY = "2.5.29.32.0";
    private static final boolean DEBUG = false;

    /* JADX WARN: Multi-variable type inference failed */
    private static final void basicSanity(X509Certificate[] x509CertificateArr, int i) throws CertPathValidatorException {
        X509CertificateBuilder x509CertificateBuilder = x509CertificateArr[i];
        int i2 = 0;
        for (int i3 = i - 1; i3 > 0; i3--) {
            if (!x509CertificateArr[i3].getIssuerDN().equals(x509CertificateArr[i3].getSubjectDN())) {
                i2++;
            }
        }
        Extension extension = null;
        if (x509CertificateBuilder instanceof GnuPKIExtension) {
            extension = x509CertificateBuilder.getExtension(BasicConstraints.ID);
        } else {
            try {
                extension = new Extension(x509CertificateBuilder.getExtensionValue(BasicConstraints.ID.toString()));
            } catch (Exception unused) {
            }
        }
        if (extension == null) {
            throw new CertPathValidatorException("no basicConstraints");
        }
        BasicConstraints basicConstraints = (BasicConstraints) extension.getValue();
        if (!basicConstraints.isCA()) {
            throw new CertPathValidatorException("certificate cannot be used to verify signatures");
        }
        if (basicConstraints.getPathLengthConstraint() >= 0 && basicConstraints.getPathLengthConstraint() < i2) {
            throw new CertPathValidatorException("path is too long");
        }
        boolean[] keyUsage = x509CertificateBuilder.getKeyUsage();
        if (keyUsage != null && !keyUsage[5]) {
            throw new CertPathValidatorException("certificate cannot be used to sign certificates");
        }
    }

    private static final boolean checkCRL(X509CRL x509crl, X509Certificate[] x509CertificateArr, Date date, X509Certificate x509Certificate, PublicKey publicKey, List list) {
        boolean[] keyUsage;
        boolean[] keyUsage2;
        Date nextUpdate = x509crl.getNextUpdate();
        if ((nextUpdate != null && nextUpdate.compareTo(date) < 0) || x509crl.hasUnsupportedCriticalExtension()) {
            return false;
        }
        for (int i = 0; i < x509CertificateArr.length; i++) {
            if (x509CertificateArr[i].getSubjectDN().equals(x509crl.getIssuerDN()) && ((keyUsage2 = x509CertificateArr[i].getKeyUsage()) == null || keyUsage2[6])) {
                try {
                    x509crl.verify(x509CertificateArr[i].getPublicKey());
                    return true;
                } catch (Exception unused) {
                    continue;
                }
            }
        }
        if (x509crl.getIssuerDN().equals(x509Certificate.getSubjectDN())) {
            try {
                boolean[] keyUsage3 = x509Certificate.getKeyUsage();
                if (keyUsage3 != null && !keyUsage3[6]) {
                    throw new Exception();
                }
                x509crl.verify(publicKey);
                return true;
            } catch (Exception unused2) {
            }
        }
        try {
            X509CertSelectorImpl x509CertSelectorImpl = new X509CertSelectorImpl();
            x509CertSelectorImpl.addSubjectName(x509crl.getIssuerDN());
            LinkedList<X509Certificate> linkedList = new LinkedList();
            Iterator it = list.iterator();
            while (it.hasNext()) {
                try {
                    linkedList.addAll(((CertStore) it.next()).getCertificates(x509CertSelectorImpl));
                } catch (CertStoreException unused3) {
                }
            }
            for (X509Certificate x509Certificate2 : linkedList) {
                for (int i2 = 0; i2 < x509CertificateArr.length; i2++) {
                    if (x509Certificate2.getIssuerDN().equals(x509CertificateArr[i2].getSubjectDN()) && ((keyUsage = x509Certificate2.getKeyUsage()) == null || keyUsage[6])) {
                        try {
                            x509Certificate2.verify(x509CertificateArr[i2].getPublicKey());
                            x509crl.verify(x509Certificate2.getPublicKey());
                            return true;
                        } catch (Exception unused4) {
                            continue;
                        }
                    }
                }
                if (x509Certificate2.getIssuerDN().equals(x509Certificate.getSubjectDN())) {
                    x509Certificate2.verify(publicKey);
                    x509crl.verify(x509Certificate2.getPublicKey());
                }
            }
        } catch (Exception unused5) {
        }
        return false;
    }

    private final boolean checkExplicitPolicy(int i, List list) {
        Iterator it = list.iterator();
        while (it.hasNext()) {
            int[] iArr = (int[]) it.next();
            if (i - iArr[0] >= iArr[1]) {
                return true;
            }
        }
        return false;
    }

    private static final void debug(String str) {
        System.err.print(">> PKIXCertPathValidator: ");
        System.err.println(str);
    }

    /* JADX WARN: Multi-variable type inference failed */
    private static final Set getCritExts(X509Certificate x509Certificate) {
        HashSet hashSet = new HashSet();
        if (x509Certificate instanceof GnuPKIExtension) {
            for (Extension extension : ((GnuPKIExtension) x509Certificate).getExtensions()) {
                if (extension.isCritical() && !extension.isSupported()) {
                    hashSet.add(extension.getOid().toString());
                }
            }
        } else {
            hashSet.addAll(x509Certificate.getCriticalExtensionOIDs());
        }
        return hashSet;
    }

    /* JADX WARN: Multi-variable type inference failed */
    private static final void updatePolicyTree(X509Certificate x509Certificate, PolicyNodeImpl policyNodeImpl, int i, PKIXParameters pKIXParameters, boolean z) throws CertPathValidatorException {
        List policyQualifierInfos;
        Extension extension;
        HashSet<PolicyNodeImpl> hashSet = new HashSet();
        LinkedList linkedList = new LinkedList();
        linkedList.addLast(Collections.singleton(policyNodeImpl).iterator());
        do {
            Iterator it = (Iterator) linkedList.removeLast();
            while (it.hasNext()) {
                PolicyNodeImpl policyNodeImpl2 = (PolicyNodeImpl) it.next();
                if (policyNodeImpl2.getDepth() == i - 1) {
                    hashSet.add(policyNodeImpl2);
                } else {
                    linkedList.addLast(it);
                    it = policyNodeImpl2.getChildren();
                }
            }
        } while (!linkedList.isEmpty());
        CertificatePolicies certificatePolicies = null;
        if ((x509Certificate instanceof GnuPKIExtension) && (extension = ((GnuPKIExtension) x509Certificate).getExtension(CertificatePolicies.ID)) != null) {
            certificatePolicies = (CertificatePolicies) extension.getValue();
        }
        List<OID> policies = certificatePolicies != null ? certificatePolicies.getPolicies() : Collections.EMPTY_LIST;
        boolean z2 = false;
        for (PolicyNodeImpl policyNodeImpl3 : hashSet) {
            for (OID oid : policies) {
                if (!oid.toString().equals(ANY_POLICY) || !pKIXParameters.isAnyPolicyInhibited()) {
                    PolicyNodeImpl policyNodeImpl4 = new PolicyNodeImpl();
                    policyNodeImpl4.setValidPolicy(oid.toString());
                    policyNodeImpl4.addExpectedPolicy(oid.toString());
                    if (policyNodeImpl3.getExpectedPolicies().contains(oid.toString())) {
                        policyNodeImpl3.addChild(policyNodeImpl4);
                    } else if (policyNodeImpl3.getExpectedPolicies().contains(ANY_POLICY)) {
                        policyNodeImpl3.addChild(policyNodeImpl4);
                    } else {
                        if (ANY_POLICY.equals(oid.toString())) {
                            policyNodeImpl3.addChild(policyNodeImpl4);
                        }
                        if (z2 && certificatePolicies != null && (policyQualifierInfos = certificatePolicies.getPolicyQualifierInfos(oid)) != null) {
                            policyNodeImpl4.addAllPolicyQualifiers(policyQualifierInfos);
                        }
                    }
                    z2 = true;
                    if (z2) {
                        policyNodeImpl4.addAllPolicyQualifiers(policyQualifierInfos);
                    }
                }
            }
        }
        if (z2) {
            return;
        }
        if (pKIXParameters.isExplicitPolicyRequired() || z) {
            throw new CertPathValidatorException("policy tree building failed");
        }
    }

    /* JADX WARN: Code restructure failed: missing block: B:137:0x00d6, code lost:
    
        r2.setReadOnly();
        r7 = r0.getTrustAnchors().iterator();
        r0 = null;
     */
    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Removed duplicated region for block: B:163:0x01a6 A[Catch: Exception -> 0x01c5, TRY_LEAVE, TryCatch #6 {Exception -> 0x01c5, blocks: (B:147:0x0116, B:148:0x0119, B:150:0x0122, B:152:0x0128, B:155:0x0130, B:157:0x0139, B:222:0x0140, B:159:0x0148, B:160:0x014f, B:161:0x015f, B:171:0x0165, B:174:0x016d, B:175:0x0171, B:177:0x0178, B:180:0x0183, B:185:0x0188, B:187:0x018e, B:190:0x0195, B:196:0x01a0, B:197:0x01a5, B:163:0x01a6, B:165:0x01ac, B:208:0x01b4), top: B:146:0x0116 }] */
    /* JADX WARN: Removed duplicated region for block: B:173:0x016d A[SYNTHETIC] */
    /* JADX WARN: Removed duplicated region for block: B:218:0x016b A[SYNTHETIC] */
    @Override // java.security.cert.CertPathValidatorSpi
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public java.security.cert.CertPathValidatorResult engineValidate(java.security.cert.CertPath r25, java.security.cert.CertPathParameters r26) throws java.security.cert.CertPathValidatorException, java.security.InvalidAlgorithmParameterException {
        /*
            Method dump skipped, instructions count: 911
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: gnu.crypto.pki.provider.PKIXCertPathValidator.engineValidate(java.security.cert.CertPath, java.security.cert.CertPathParameters):java.security.cert.CertPathValidatorResult");
    }
}
