package org.bouncycastle.jce.provider;

import Kc.e;
import Kc.h;
import Kc.k;
import Rd.a;
import Yb.q;
import Yb.r;
import Yb.s;
import Za.A;
import Za.AbstractC2213t;
import Za.D;
import java.io.IOException;
import java.security.InvalidAlgorithmParameterException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.Principal;
import java.security.cert.CertPath;
import java.security.cert.CertPathBuilder;
import java.security.cert.CertPathBuilderException;
import java.security.cert.CertPathBuilderResult;
import java.security.cert.CertPathValidator;
import java.security.cert.CertPathValidatorException;
import java.security.cert.CertPathValidatorResult;
import java.security.cert.CertSelector;
import java.security.cert.CertificateExpiredException;
import java.security.cert.CertificateNotYetValidException;
import java.security.cert.TrustAnchor;
import java.security.cert.X509CertSelector;
import java.security.cert.X509Certificate;
import java.util.Date;
import java.util.Iterator;
import java.util.LinkedHashSet;
import java.util.Set;
import javax.security.auth.x500.X500Principal;
import org.bouncycastle.jce.exception.ExtCertPathValidatorException;
import yb.C4825A;
import yb.C4863u;

/* loaded from: classes2.dex */
class RFC3281CertPathUtilities {
    private static final String TARGET_INFORMATION = C4863u.f40768e4.f19884a;
    private static final String NO_REV_AVAIL = C4863u.f40766d4.f19884a;
    private static final String CRL_DISTRIBUTION_POINTS = C4863u.f40758X.f19884a;
    private static final String AUTHORITY_INFO_ACCESS = C4863u.c4.f19884a;

    public static void additionalChecks(h hVar, Set set, Set set2) throws CertPathValidatorException {
        Iterator it = set.iterator();
        while (it.hasNext()) {
            String str = (String) it.next();
            if (hVar.b(str) != null) {
                throw new CertPathValidatorException(a.b("Attribute certificate contains prohibited attribute: ", str, "."));
            }
        }
        Iterator it2 = set2.iterator();
        while (it2.hasNext()) {
            String str2 = (String) it2.next();
            if (hVar.b(str2) == null) {
                throw new CertPathValidatorException(a.b("Attribute certificate does not contain necessary attribute: ", str2, "."));
            }
        }
    }

    /* JADX WARN: Code restructure failed: missing block: B:48:0x00cd, code lost:
    
        return;
     */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    private static void checkCRL(yb.C4861s r18, Kc.h r19, Yb.s r20, java.util.Date r21, java.util.Date r22, java.security.cert.X509Certificate r23, org.bouncycastle.jce.provider.CertStatus r24, org.bouncycastle.jce.provider.ReasonsMask r25, java.util.List r26, cc.InterfaceC2590c r27) throws org.bouncycastle.jce.provider.AnnotatedException, org.bouncycastle.jce.provider.RecoverableCertPathValidatorException {
        /*
            r1 = r18
            r9 = r19
            r10 = r20
            r11 = r22
            r12 = r24
            r13 = r25
            Za.v r0 = yb.Z.f40688c
            java.lang.String r0 = r0.f19884a
            byte[] r0 = r9.getExtensionValue(r0)
            if (r0 == 0) goto L17
            return
        L17:
            long r2 = r22.getTime()
            long r4 = r21.getTime()
            int r0 = (r2 > r4 ? 1 : (r2 == r4 ? 0 : -1))
            if (r0 > 0) goto Lcf
            Yb.o r0 = new Yb.o
            r8 = 0
            r5 = 0
            r6 = -1
            r2 = r0
            r3 = r20
            r4 = r22
            r7 = r23
            r2.<init>(r3, r4, r5, r6, r7, r8)
            java.util.Set r0 = org.bouncycastle.jce.provider.CertPathValidatorUtilities.getCompleteCRLs(r0, r1, r9, r10, r11)
            java.util.Iterator r14 = r0.iterator()
            r0 = 0
            r16 = r0
            r0 = 0
        L3e:
            boolean r2 = r14.hasNext()
            if (r2 == 0) goto Lcb
            int r2 = r24.getCertStatus()
            r8 = 11
            if (r2 != r8) goto Lcb
            boolean r2 = r25.isAllReasons()
            if (r2 != 0) goto Lcb
            java.lang.Object r2 = r14.next()     // Catch: org.bouncycastle.jce.provider.AnnotatedException -> Lc7
            r7 = r2
            java.security.cert.X509CRL r7 = (java.security.cert.X509CRL) r7     // Catch: org.bouncycastle.jce.provider.AnnotatedException -> Lc7
            org.bouncycastle.jce.provider.ReasonsMask r6 = org.bouncycastle.jce.provider.RFC3280CertPathUtilities.processCRLD(r7, r1)     // Catch: org.bouncycastle.jce.provider.AnnotatedException -> Lc7
            boolean r2 = r6.hasNewReasons(r13)     // Catch: org.bouncycastle.jce.provider.AnnotatedException -> Lc7
            if (r2 != 0) goto L64
            goto L3e
        L64:
            r4 = 0
            r5 = 0
            r2 = r7
            r3 = r19
            r17 = r6
            r6 = r20
            r15 = r7
            r7 = r26
            r23 = r14
            r14 = r8
            r8 = r27
            java.util.Set r2 = org.bouncycastle.jce.provider.RFC3280CertPathUtilities.processCRLF(r2, r3, r4, r5, r6, r7, r8)     // Catch: org.bouncycastle.jce.provider.AnnotatedException -> Lbb
            org.bouncycastle.jce.provider.RFC3280CertPathUtilities.processCRLG(r15, r2)     // Catch: org.bouncycastle.jce.provider.AnnotatedException -> Lbb
            r20.getClass()     // Catch: org.bouncycastle.jce.provider.AnnotatedException -> Lbb
            java.util.Date r2 = r19.getNotAfter()     // Catch: org.bouncycastle.jce.provider.AnnotatedException -> Lbb
            long r2 = r2.getTime()     // Catch: org.bouncycastle.jce.provider.AnnotatedException -> Lbb
            java.util.Date r4 = r15.getThisUpdate()     // Catch: org.bouncycastle.jce.provider.AnnotatedException -> Lbb
            long r4 = r4.getTime()     // Catch: org.bouncycastle.jce.provider.AnnotatedException -> Lbb
            int r2 = (r2 > r4 ? 1 : (r2 == r4 ? 0 : -1))
            if (r2 < 0) goto Lbe
            org.bouncycastle.jce.provider.RFC3280CertPathUtilities.processCRLB1(r1, r9, r15)     // Catch: org.bouncycastle.jce.provider.AnnotatedException -> Lbb
            org.bouncycastle.jce.provider.RFC3280CertPathUtilities.processCRLB2(r1, r9, r15)     // Catch: org.bouncycastle.jce.provider.AnnotatedException -> Lbb
            r2 = 0
            org.bouncycastle.jce.provider.RFC3280CertPathUtilities.processCRLC(r2, r15, r10)     // Catch: org.bouncycastle.jce.provider.AnnotatedException -> Lb1
            org.bouncycastle.jce.provider.RFC3280CertPathUtilities.processCRLI(r11, r2, r9, r12, r10)     // Catch: org.bouncycastle.jce.provider.AnnotatedException -> Lb1
            org.bouncycastle.jce.provider.RFC3280CertPathUtilities.processCRLJ(r11, r15, r9, r12)     // Catch: org.bouncycastle.jce.provider.AnnotatedException -> Lb1
            int r3 = r24.getCertStatus()     // Catch: org.bouncycastle.jce.provider.AnnotatedException -> Lb1
            r4 = 8
            if (r3 != r4) goto Lae
            r12.setCertStatus(r14)     // Catch: org.bouncycastle.jce.provider.AnnotatedException -> Lb1
        Lae:
            r3 = r17
            goto Lb3
        Lb1:
            r0 = move-exception
            goto Lb8
        Lb3:
            r13.addReasons(r3)     // Catch: org.bouncycastle.jce.provider.AnnotatedException -> Lb1
            r16 = 1
        Lb8:
            r14 = r23
            goto L3e
        Lbb:
            r0 = move-exception
        Lbc:
            r2 = 0
            goto Lb8
        Lbe:
            r2 = 0
            org.bouncycastle.jce.provider.AnnotatedException r0 = new org.bouncycastle.jce.provider.AnnotatedException     // Catch: org.bouncycastle.jce.provider.AnnotatedException -> Lb1
            java.lang.String r3 = "No valid CRL for current time found."
            r0.<init>(r3)     // Catch: org.bouncycastle.jce.provider.AnnotatedException -> Lb1
            throw r0     // Catch: org.bouncycastle.jce.provider.AnnotatedException -> Lb1
        Lc7:
            r0 = move-exception
            r23 = r14
            goto Lbc
        Lcb:
            if (r16 == 0) goto Lce
            return
        Lce:
            throw r0
        Lcf:
            org.bouncycastle.jce.provider.AnnotatedException r0 = new org.bouncycastle.jce.provider.AnnotatedException
            java.lang.String r1 = "Validation time is in future."
            r0.<init>(r1)
            throw r0
        */
        throw new UnsupportedOperationException("Method not decompiled: org.bouncycastle.jce.provider.RFC3281CertPathUtilities.checkCRL(yb.s, Kc.h, Yb.s, java.util.Date, java.util.Date, java.security.cert.X509Certificate, org.bouncycastle.jce.provider.CertStatus, org.bouncycastle.jce.provider.ReasonsMask, java.util.List, cc.c):void");
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Removed duplicated region for block: B:28:0x00bc  */
    /* JADX WARN: Removed duplicated region for block: B:35:0x010a  */
    /* JADX WARN: Removed duplicated region for block: B:49:0x015f  */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public static void checkCRLs(Kc.h r21, Yb.s r22, java.util.Date r23, java.util.Date r24, java.security.cert.X509Certificate r25, java.util.List r26, cc.InterfaceC2590c r27) throws java.security.cert.CertPathValidatorException {
        /*
            Method dump skipped, instructions count: 403
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: org.bouncycastle.jce.provider.RFC3281CertPathUtilities.checkCRLs(Kc.h, Yb.s, java.util.Date, java.util.Date, java.security.cert.X509Certificate, java.util.List, cc.c):void");
    }

    public static CertPath processAttrCert1(h hVar, s sVar) throws CertPathValidatorException {
        LinkedHashSet linkedHashSet = new LinkedHashSet();
        C4825A c4825a = hVar.a().f10225a.f40788a;
        ExtCertPathValidatorException extCertPathValidatorException = null;
        if ((c4825a != null ? Kc.a.b(c4825a.f40613a) : null) != null) {
            X509CertSelector x509CertSelector = new X509CertSelector();
            C4825A c4825a2 = hVar.a().f10225a.f40788a;
            x509CertSelector.setSerialNumber(c4825a2 != null ? c4825a2.f40614b.D() : null);
            C4825A c4825a3 = hVar.a().f10225a.f40788a;
            for (Principal principal : c4825a3 != null ? Kc.a.b(c4825a3.f40613a) : null) {
                try {
                    if (principal instanceof X500Principal) {
                        x509CertSelector.setIssuer(((X500Principal) principal).getEncoded());
                    }
                    CertPathValidatorUtilities.findCertificates(linkedHashSet, new q((CertSelector) x509CertSelector.clone()), sVar.f19111a.getCertStores());
                } catch (IOException e10) {
                    throw new ExtCertPathValidatorException("Unable to encode X500 principal.", e10);
                } catch (AnnotatedException e11) {
                    throw new ExtCertPathValidatorException("Public key certificate for attribute certificate cannot be searched.", e11);
                }
            }
            if (linkedHashSet.isEmpty()) {
                throw new CertPathValidatorException("Public key certificate specified in base certificate ID for attribute certificate cannot be found.");
            }
        }
        if (hVar.a().a() != null) {
            k kVar = new k();
            for (Principal principal2 : hVar.a().a()) {
                try {
                    if (principal2 instanceof X500Principal) {
                        kVar.setIssuer(((X500Principal) principal2).getEncoded());
                    }
                    CertPathValidatorUtilities.findCertificates(linkedHashSet, new q((CertSelector) kVar.clone()), sVar.f19111a.getCertStores());
                } catch (IOException e12) {
                    throw new ExtCertPathValidatorException("Unable to encode X500 principal.", e12);
                } catch (AnnotatedException e13) {
                    throw new ExtCertPathValidatorException("Public key certificate for attribute certificate cannot be searched.", e13);
                }
            }
            if (linkedHashSet.isEmpty()) {
                throw new CertPathValidatorException("Public key certificate specified in entity name for attribute certificate cannot be found.");
            }
        }
        s.a aVar = new s.a(sVar);
        Iterator it = linkedHashSet.iterator();
        CertPathBuilderResult certPathBuilderResult = null;
        while (it.hasNext()) {
            k kVar2 = new k();
            kVar2.setCertificate((X509Certificate) it.next());
            aVar.f19123d = new q((CertSelector) kVar2.clone());
            try {
                try {
                    certPathBuilderResult = CertPathBuilder.getInstance("PKIX", BouncyCastleProvider.PROVIDER_NAME).build(new r(new r.a(new s(aVar))));
                } catch (InvalidAlgorithmParameterException e14) {
                    throw new RuntimeException(e14.getMessage());
                } catch (CertPathBuilderException e15) {
                    extCertPathValidatorException = new ExtCertPathValidatorException("Certification path for public key certificate of attribute certificate could not be build.", e15);
                }
            } catch (NoSuchAlgorithmException e16) {
                throw new ExtCertPathValidatorException("Support class could not be created.", e16);
            } catch (NoSuchProviderException e17) {
                throw new ExtCertPathValidatorException("Support class could not be created.", e17);
            }
        }
        if (extCertPathValidatorException == null) {
            return certPathBuilderResult.getCertPath();
        }
        throw extCertPathValidatorException;
    }

    public static CertPathValidatorResult processAttrCert2(CertPath certPath, s sVar) throws CertPathValidatorException {
        try {
            try {
                return CertPathValidator.getInstance("PKIX", BouncyCastleProvider.PROVIDER_NAME).validate(certPath, sVar);
            } catch (InvalidAlgorithmParameterException e10) {
                throw new RuntimeException(e10.getMessage());
            } catch (CertPathValidatorException e11) {
                throw new ExtCertPathValidatorException("Certification path for issuer certificate of attribute certificate could not be validated.", e11);
            }
        } catch (NoSuchAlgorithmException e12) {
            throw new ExtCertPathValidatorException("Support class could not be created.", e12);
        } catch (NoSuchProviderException e13) {
            throw new ExtCertPathValidatorException("Support class could not be created.", e13);
        }
    }

    public static void processAttrCert3(X509Certificate x509Certificate, s sVar) throws CertPathValidatorException {
        boolean[] keyUsage = x509Certificate.getKeyUsage();
        if (keyUsage != null && ((keyUsage.length <= 0 || !keyUsage[0]) && (keyUsage.length <= 1 || !keyUsage[1]))) {
            throw new CertPathValidatorException("Attribute certificate issuer public key cannot be used to validate digital signatures.");
        }
        if (x509Certificate.getBasicConstraints() != -1) {
            throw new CertPathValidatorException("Attribute certificate issuer is also a public key certificate issuer.");
        }
    }

    public static void processAttrCert4(X509Certificate x509Certificate, Set set) throws CertPathValidatorException {
        Iterator it = set.iterator();
        boolean z9 = false;
        while (it.hasNext()) {
            TrustAnchor trustAnchor = (TrustAnchor) it.next();
            if (x509Certificate.getSubjectX500Principal().getName("RFC2253").equals(trustAnchor.getCAName()) || x509Certificate.equals(trustAnchor.getTrustedCert())) {
                z9 = true;
            }
        }
        if (!z9) {
            throw new CertPathValidatorException("Attribute certificate issuer is not directly trusted.");
        }
    }

    public static void processAttrCert5(h hVar, Date date) throws CertPathValidatorException {
        try {
            hVar.checkValidity(date);
        } catch (CertificateExpiredException e10) {
            throw new ExtCertPathValidatorException("Attribute certificate is not valid.", e10);
        } catch (CertificateNotYetValidException e11) {
            throw new ExtCertPathValidatorException("Attribute certificate is not valid.", e11);
        }
    }

    /* JADX WARN: Type inference failed for: r0v1, types: [Za.t, yb.T] */
    public static void processAttrCert7(h hVar, CertPath certPath, CertPath certPath2, s sVar, Set set) throws CertPathValidatorException {
        Set<String> criticalExtensionOIDs = hVar.getCriticalExtensionOIDs();
        String str = TARGET_INFORMATION;
        if (criticalExtensionOIDs.contains(str)) {
            try {
                A extensionValue = CertPathValidatorUtilities.getExtensionValue(hVar, str);
                if (extensionValue != null) {
                    new AbstractC2213t().f40678a = D.E(extensionValue);
                }
            } catch (IllegalArgumentException e10) {
                throw new ExtCertPathValidatorException("Target information extension could not be read.", e10);
            } catch (AnnotatedException e11) {
                throw new ExtCertPathValidatorException("Target information extension could not be read.", e11);
            }
        }
        criticalExtensionOIDs.remove(str);
        Iterator it = set.iterator();
        while (it.hasNext()) {
            ((e) it.next()).a();
        }
        if (criticalExtensionOIDs.isEmpty()) {
            return;
        }
        throw new CertPathValidatorException("Attribute certificate contains unsupported critical extensions: " + criticalExtensionOIDs);
    }
}
