package org.bouncycastle.pkix.jcajce;

import androidx.webkit.ProxyConfig;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.net.HttpURLConnection;
import java.net.InetAddress;
import java.net.URL;
import java.security.GeneralSecurityException;
import java.security.PublicKey;
import java.security.cert.CertPath;
import java.security.cert.CertPathValidatorException;
import java.security.cert.Certificate;
import java.security.cert.CertificateFactory;
import java.security.cert.PKIXCertPathChecker;
import java.security.cert.PKIXParameters;
import java.security.cert.PolicyNode;
import java.security.cert.TrustAnchor;
import java.security.cert.X509CRL;
import java.security.cert.X509CertSelector;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Date;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Set;
import java.util.Vector;
import javax.security.auth.x500.X500Principal;
import org.bouncycastle.asn1.ASN1IA5String;
import org.bouncycastle.asn1.ASN1InputStream;
import org.bouncycastle.asn1.ASN1Integer;
import org.bouncycastle.asn1.ASN1ObjectIdentifier;
import org.bouncycastle.asn1.ASN1OctetString;
import org.bouncycastle.asn1.ASN1Primitive;
import org.bouncycastle.asn1.ASN1Sequence;
import org.bouncycastle.asn1.DEROctetString;
import org.bouncycastle.asn1.x509.AccessDescription;
import org.bouncycastle.asn1.x509.AuthorityInformationAccess;
import org.bouncycastle.asn1.x509.AuthorityKeyIdentifier;
import org.bouncycastle.asn1.x509.BasicConstraints;
import org.bouncycastle.asn1.x509.CRLDistPoint;
import org.bouncycastle.asn1.x509.DistributionPoint;
import org.bouncycastle.asn1.x509.DistributionPointName;
import org.bouncycastle.asn1.x509.Extension;
import org.bouncycastle.asn1.x509.GeneralName;
import org.bouncycastle.asn1.x509.GeneralNames;
import org.bouncycastle.asn1.x509.GeneralSubtree;
import org.bouncycastle.asn1.x509.NameConstraints;
import org.bouncycastle.asn1.x509.qualified.MonetaryValue;
import org.bouncycastle.asn1.x509.qualified.QCStatement;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.pkix.PKIXNameConstraintValidator;
import org.bouncycastle.pkix.PKIXNameConstraintValidatorException;
import org.bouncycastle.pkix.util.ErrorBundle;
import org.bouncycastle.pkix.util.filter.TrustedInput;
import org.bouncycastle.pkix.util.filter.UntrustedInput;
import org.bouncycastle.util.Integers;

/* loaded from: classes22.dex */
public class PKIXCertPathReviewer extends CertPathValidatorUtilities {
    private static final int NAME_CHECK_MAX = 1024;
    private static final String RESOURCE_NAME = "org.bouncycastle.pkix.CertPathReviewerMessages";
    protected CertPath certPath;
    protected List certs;
    protected Date currentDate;
    protected List[] errors;
    private boolean initialized;
    protected int n;
    protected List[] notifications;
    protected PKIXParameters pkixParams;
    protected PolicyNode policyTree;
    protected PublicKey subjectPublicKey;
    protected TrustAnchor trustAnchor;
    protected Date validDate;
    private static final String QC_STATEMENT = Extension.qCStatements.getId();
    private static final String CRL_DIST_POINTS = Extension.cRLDistributionPoints.getId();
    private static final String AUTH_INFO_ACCESS = Extension.authorityInfoAccess.getId();

    public PKIXCertPathReviewer() {
    }

    public PKIXCertPathReviewer(CertPath certPath, PKIXParameters pKIXParameters) throws CertPathReviewerException {
        init(certPath, pKIXParameters);
    }

    private String IPtoString(byte[] bArr) {
        try {
            return InetAddress.getByAddress(bArr).getHostAddress();
        } catch (Exception e) {
            StringBuffer stringBuffer = new StringBuffer();
            for (int i = 0; i != bArr.length; i++) {
                stringBuffer.append(Integer.toHexString(bArr[i] & 255));
                stringBuffer.append(' ');
            }
            return stringBuffer.toString();
        }
    }

    private void checkCriticalExtensions() {
        List<PKIXCertPathChecker> certPathCheckers = this.pkixParams.getCertPathCheckers();
        Iterator<PKIXCertPathChecker> it = certPathCheckers.iterator();
        while (it.hasNext()) {
            try {
                try {
                    it.next().init(false);
                } catch (CertPathValidatorException e) {
                    throw new CertPathReviewerException(createErrorBundle("CertPathReviewer.certPathCheckerError", new Object[]{e.getMessage(), e, e.getClass().getName()}), e);
                }
            } catch (CertPathReviewerException e2) {
                addError(e2.getErrorMessage(), e2.getIndex());
                return;
            }
        }
        for (int size = this.certs.size() - 1; size >= 0; size--) {
            X509Certificate x509Certificate = (X509Certificate) this.certs.get(size);
            Set<String> criticalExtensionOIDs = x509Certificate.getCriticalExtensionOIDs();
            if (criticalExtensionOIDs != null && !criticalExtensionOIDs.isEmpty()) {
                criticalExtensionOIDs.remove(KEY_USAGE);
                criticalExtensionOIDs.remove(CERTIFICATE_POLICIES);
                criticalExtensionOIDs.remove(POLICY_MAPPINGS);
                criticalExtensionOIDs.remove(INHIBIT_ANY_POLICY);
                criticalExtensionOIDs.remove(ISSUING_DISTRIBUTION_POINT);
                criticalExtensionOIDs.remove(DELTA_CRL_INDICATOR);
                criticalExtensionOIDs.remove(POLICY_CONSTRAINTS);
                criticalExtensionOIDs.remove(BASIC_CONSTRAINTS);
                criticalExtensionOIDs.remove(SUBJECT_ALTERNATIVE_NAME);
                criticalExtensionOIDs.remove(NAME_CONSTRAINTS);
                if (size == 0) {
                    criticalExtensionOIDs.remove(Extension.extendedKeyUsage.getId());
                }
                if (criticalExtensionOIDs.contains(QC_STATEMENT) && processQcStatements(x509Certificate, size)) {
                    criticalExtensionOIDs.remove(QC_STATEMENT);
                }
                Iterator<PKIXCertPathChecker> it2 = certPathCheckers.iterator();
                while (it2.hasNext()) {
                    try {
                        it2.next().check(x509Certificate, criticalExtensionOIDs);
                    } catch (CertPathValidatorException e3) {
                        throw new CertPathReviewerException(createErrorBundle("CertPathReviewer.criticalExtensionError", new Object[]{e3.getMessage(), e3, e3.getClass().getName()}), e3.getCause(), this.certPath, size);
                    }
                }
                if (!criticalExtensionOIDs.isEmpty()) {
                    Iterator<String> it3 = criticalExtensionOIDs.iterator();
                    while (it3.hasNext()) {
                        addError(createErrorBundle("CertPathReviewer.unknownCriticalExt", new Object[]{new ASN1ObjectIdentifier(it3.next())}), size);
                    }
                }
            }
        }
    }

    private void checkNameConstraints() {
        PKIXNameConstraintValidator pKIXNameConstraintValidator = new PKIXNameConstraintValidator();
        try {
            for (int size = this.certs.size() - 1; size > 0; size--) {
                X509Certificate x509Certificate = (X509Certificate) this.certs.get(size);
                if (!isSelfIssued(x509Certificate)) {
                    X500Principal subjectPrincipal = getSubjectPrincipal(x509Certificate);
                    try {
                        ASN1Sequence aSN1Sequence = (ASN1Sequence) new ASN1InputStream(new ByteArrayInputStream(subjectPrincipal.getEncoded())).readObject();
                        try {
                            pKIXNameConstraintValidator.checkPermittedDN(aSN1Sequence);
                            try {
                                pKIXNameConstraintValidator.checkExcludedDN(aSN1Sequence);
                                try {
                                    ASN1Sequence aSN1Sequence2 = (ASN1Sequence) getExtensionValue(x509Certificate, SUBJECT_ALTERNATIVE_NAME);
                                    if (aSN1Sequence2 != null) {
                                        if (aSN1Sequence2.size() > 1024) {
                                            throw new CertPathReviewerException(createErrorBundle("CertPathReviewer.subjAltNameExtError"), this.certPath, size);
                                        }
                                        for (int i = 0; i < aSN1Sequence2.size(); i++) {
                                            GeneralName generalName = GeneralName.getInstance(aSN1Sequence2.getObjectAt(i));
                                            try {
                                                pKIXNameConstraintValidator.checkPermitted(generalName);
                                                pKIXNameConstraintValidator.checkExcluded(generalName);
                                            } catch (PKIXNameConstraintValidatorException e) {
                                                throw new CertPathReviewerException(createErrorBundle("CertPathReviewer.notPermittedEmail", new Object[]{new UntrustedInput(generalName)}), e, this.certPath, size);
                                            }
                                        }
                                    }
                                } catch (AnnotatedException e2) {
                                    throw new CertPathReviewerException(createErrorBundle("CertPathReviewer.subjAltNameExtError"), e2, this.certPath, size);
                                }
                            } catch (PKIXNameConstraintValidatorException e3) {
                                throw new CertPathReviewerException(createErrorBundle("CertPathReviewer.excludedDN", new Object[]{new UntrustedInput(subjectPrincipal.getName())}), e3, this.certPath, size);
                            }
                        } catch (PKIXNameConstraintValidatorException e4) {
                            throw new CertPathReviewerException(createErrorBundle("CertPathReviewer.notPermittedDN", new Object[]{new UntrustedInput(subjectPrincipal.getName())}), e4, this.certPath, size);
                        }
                    } catch (IOException e5) {
                        throw new CertPathReviewerException(createErrorBundle("CertPathReviewer.ncSubjectNameError", new Object[]{new UntrustedInput(subjectPrincipal)}), e5, this.certPath, size);
                    }
                }
                try {
                    ASN1Sequence aSN1Sequence3 = (ASN1Sequence) getExtensionValue(x509Certificate, NAME_CONSTRAINTS);
                    if (aSN1Sequence3 != null) {
                        NameConstraints nameConstraints = NameConstraints.getInstance(aSN1Sequence3);
                        GeneralSubtree[] permittedSubtrees = nameConstraints.getPermittedSubtrees();
                        if (permittedSubtrees != null) {
                            pKIXNameConstraintValidator.intersectPermittedSubtree(permittedSubtrees);
                        }
                        GeneralSubtree[] excludedSubtrees = nameConstraints.getExcludedSubtrees();
                        if (excludedSubtrees != null) {
                            for (int i2 = 0; i2 != excludedSubtrees.length; i2++) {
                                pKIXNameConstraintValidator.addExcludedSubtree(excludedSubtrees[i2]);
                            }
                        }
                    }
                } catch (AnnotatedException e6) {
                    throw new CertPathReviewerException(createErrorBundle("CertPathReviewer.ncExtError"), e6, this.certPath, size);
                }
            }
        } catch (CertPathReviewerException e7) {
            addError(e7.getErrorMessage(), e7.getIndex());
        }
    }

    private void checkPathLength() {
        BasicConstraints basicConstraints;
        ASN1Integer pathLenConstraintInteger;
        int i = this.n;
        int i2 = 0;
        for (int size = this.certs.size() - 1; size > 0; size--) {
            X509Certificate x509Certificate = (X509Certificate) this.certs.get(size);
            if (!isSelfIssued(x509Certificate)) {
                if (i <= 0) {
                    addError(createErrorBundle("CertPathReviewer.pathLengthExtended"));
                }
                i--;
                i2++;
            }
            try {
                basicConstraints = BasicConstraints.getInstance(getExtensionValue(x509Certificate, BASIC_CONSTRAINTS));
            } catch (AnnotatedException e) {
                addError(createErrorBundle("CertPathReviewer.processLengthConstError"), size);
                basicConstraints = null;
            }
            if (basicConstraints != null && basicConstraints.isCA() && (pathLenConstraintInteger = basicConstraints.getPathLenConstraintInteger()) != null) {
                i = Math.min(i, pathLenConstraintInteger.intPositiveValueExact());
            }
        }
        addNotification(createErrorBundle("CertPathReviewer.totalPathLength", new Object[]{Integers.valueOf(i2)}));
    }

    /* JADX WARN: Removed duplicated region for block: B:219:0x0230  */
    /* JADX WARN: Removed duplicated region for block: B:223:0x0125 A[Catch: CertPathReviewerException -> 0x059e, TRY_LEAVE, TryCatch #3 {CertPathReviewerException -> 0x059e, blocks: (B:15:0x0068, B:19:0x0075, B:21:0x0080, B:25:0x008e, B:26:0x0097, B:28:0x009d, B:31:0x00be, B:32:0x00c6, B:34:0x00cc, B:40:0x00d1, B:41:0x00dc, B:47:0x00e8, B:50:0x00ef, B:51:0x00f8, B:53:0x00fe, B:56:0x0108, B:63:0x0111, B:65:0x0115, B:67:0x01e4, B:69:0x01e8, B:70:0x01ed, B:72:0x01f3, B:74:0x01ff, B:81:0x0207, B:79:0x020a, B:85:0x020d, B:87:0x0213, B:88:0x021e, B:90:0x0224, B:99:0x0241, B:100:0x024c, B:101:0x024d, B:107:0x0251, B:109:0x0259, B:110:0x025f, B:112:0x0265, B:115:0x0287, B:117:0x0291, B:119:0x0296, B:120:0x02a1, B:122:0x02a2, B:123:0x02ad, B:126:0x02b2, B:127:0x02c5, B:129:0x02cb, B:131:0x02f1, B:133:0x0309, B:134:0x0300, B:137:0x030e, B:138:0x0314, B:140:0x031a, B:143:0x0322, B:156:0x0342, B:148:0x0327, B:149:0x0332, B:151:0x0334, B:152:0x033f, B:160:0x034b, B:169:0x0363, B:171:0x036d, B:172:0x0371, B:174:0x0377, B:175:0x0381, B:177:0x0385, B:185:0x0392, B:195:0x039f, B:197:0x03a9, B:105:0x03e0, B:205:0x03b2, B:206:0x03bf, B:209:0x03c1, B:210:0x03cc, B:217:0x03ce, B:218:0x03db, B:220:0x011b, B:221:0x011f, B:223:0x0125, B:226:0x013b, B:228:0x0145, B:229:0x0148, B:231:0x014e, B:232:0x015e, B:234:0x0164, B:236:0x0170, B:237:0x017d, B:238:0x0183, B:240:0x0189, B:248:0x01a2, B:252:0x0173, B:254:0x0177, B:257:0x01cf, B:261:0x01d8, B:262:0x01e3, B:269:0x03ea, B:270:0x03f7, B:272:0x03f8, B:277:0x0407, B:279:0x0411, B:280:0x0416, B:282:0x041c, B:283:0x0426, B:285:0x042b, B:300:0x043e, B:307:0x0585, B:308:0x0590, B:310:0x0449, B:311:0x0454, B:312:0x0455, B:314:0x045b, B:316:0x0463, B:318:0x0469, B:320:0x0471, B:321:0x0474, B:323:0x047a, B:325:0x048a, B:326:0x048e, B:328:0x0494, B:330:0x049c, B:333:0x049f, B:335:0x04a2, B:336:0x04a6, B:338:0x04ac, B:341:0x04bc, B:343:0x04c4, B:344:0x04c7, B:346:0x04cd, B:348:0x04d9, B:350:0x04dd, B:353:0x04e0, B:355:0x04e3, B:356:0x04ee, B:358:0x04f2, B:360:0x04fa, B:361:0x04fd, B:363:0x0503, B:365:0x0513, B:366:0x0517, B:368:0x051d, B:371:0x052d, B:376:0x0531, B:379:0x0534, B:381:0x0537, B:382:0x053b, B:384:0x0541, B:387:0x0551, B:393:0x0559, B:395:0x0561, B:396:0x0564, B:398:0x056a, B:400:0x0576, B:402:0x057a, B:405:0x057d, B:408:0x0592, B:409:0x059d), top: B:14:0x0068, inners: #0, #1, #4, #5, #6, #7, #9, #10 }] */
    /* JADX WARN: Removed duplicated region for block: B:264:0x01e4 A[SYNTHETIC] */
    /* JADX WARN: Removed duplicated region for block: B:69:0x01e8 A[Catch: CertPathReviewerException -> 0x059e, TryCatch #3 {CertPathReviewerException -> 0x059e, blocks: (B:15:0x0068, B:19:0x0075, B:21:0x0080, B:25:0x008e, B:26:0x0097, B:28:0x009d, B:31:0x00be, B:32:0x00c6, B:34:0x00cc, B:40:0x00d1, B:41:0x00dc, B:47:0x00e8, B:50:0x00ef, B:51:0x00f8, B:53:0x00fe, B:56:0x0108, B:63:0x0111, B:65:0x0115, B:67:0x01e4, B:69:0x01e8, B:70:0x01ed, B:72:0x01f3, B:74:0x01ff, B:81:0x0207, B:79:0x020a, B:85:0x020d, B:87:0x0213, B:88:0x021e, B:90:0x0224, B:99:0x0241, B:100:0x024c, B:101:0x024d, B:107:0x0251, B:109:0x0259, B:110:0x025f, B:112:0x0265, B:115:0x0287, B:117:0x0291, B:119:0x0296, B:120:0x02a1, B:122:0x02a2, B:123:0x02ad, B:126:0x02b2, B:127:0x02c5, B:129:0x02cb, B:131:0x02f1, B:133:0x0309, B:134:0x0300, B:137:0x030e, B:138:0x0314, B:140:0x031a, B:143:0x0322, B:156:0x0342, B:148:0x0327, B:149:0x0332, B:151:0x0334, B:152:0x033f, B:160:0x034b, B:169:0x0363, B:171:0x036d, B:172:0x0371, B:174:0x0377, B:175:0x0381, B:177:0x0385, B:185:0x0392, B:195:0x039f, B:197:0x03a9, B:105:0x03e0, B:205:0x03b2, B:206:0x03bf, B:209:0x03c1, B:210:0x03cc, B:217:0x03ce, B:218:0x03db, B:220:0x011b, B:221:0x011f, B:223:0x0125, B:226:0x013b, B:228:0x0145, B:229:0x0148, B:231:0x014e, B:232:0x015e, B:234:0x0164, B:236:0x0170, B:237:0x017d, B:238:0x0183, B:240:0x0189, B:248:0x01a2, B:252:0x0173, B:254:0x0177, B:257:0x01cf, B:261:0x01d8, B:262:0x01e3, B:269:0x03ea, B:270:0x03f7, B:272:0x03f8, B:277:0x0407, B:279:0x0411, B:280:0x0416, B:282:0x041c, B:283:0x0426, B:285:0x042b, B:300:0x043e, B:307:0x0585, B:308:0x0590, B:310:0x0449, B:311:0x0454, B:312:0x0455, B:314:0x045b, B:316:0x0463, B:318:0x0469, B:320:0x0471, B:321:0x0474, B:323:0x047a, B:325:0x048a, B:326:0x048e, B:328:0x0494, B:330:0x049c, B:333:0x049f, B:335:0x04a2, B:336:0x04a6, B:338:0x04ac, B:341:0x04bc, B:343:0x04c4, B:344:0x04c7, B:346:0x04cd, B:348:0x04d9, B:350:0x04dd, B:353:0x04e0, B:355:0x04e3, B:356:0x04ee, B:358:0x04f2, B:360:0x04fa, B:361:0x04fd, B:363:0x0503, B:365:0x0513, B:366:0x0517, B:368:0x051d, B:371:0x052d, B:376:0x0531, B:379:0x0534, B:381:0x0537, B:382:0x053b, B:384:0x0541, B:387:0x0551, B:393:0x0559, B:395:0x0561, B:396:0x0564, B:398:0x056a, B:400:0x0576, B:402:0x057a, B:405:0x057d, B:408:0x0592, B:409:0x059d), top: B:14:0x0068, inners: #0, #1, #4, #5, #6, #7, #9, #10 }] */
    /* JADX WARN: Removed duplicated region for block: B:87:0x0213 A[Catch: CertPathReviewerException -> 0x059e, TryCatch #3 {CertPathReviewerException -> 0x059e, blocks: (B:15:0x0068, B:19:0x0075, B:21:0x0080, B:25:0x008e, B:26:0x0097, B:28:0x009d, B:31:0x00be, B:32:0x00c6, B:34:0x00cc, B:40:0x00d1, B:41:0x00dc, B:47:0x00e8, B:50:0x00ef, B:51:0x00f8, B:53:0x00fe, B:56:0x0108, B:63:0x0111, B:65:0x0115, B:67:0x01e4, B:69:0x01e8, B:70:0x01ed, B:72:0x01f3, B:74:0x01ff, B:81:0x0207, B:79:0x020a, B:85:0x020d, B:87:0x0213, B:88:0x021e, B:90:0x0224, B:99:0x0241, B:100:0x024c, B:101:0x024d, B:107:0x0251, B:109:0x0259, B:110:0x025f, B:112:0x0265, B:115:0x0287, B:117:0x0291, B:119:0x0296, B:120:0x02a1, B:122:0x02a2, B:123:0x02ad, B:126:0x02b2, B:127:0x02c5, B:129:0x02cb, B:131:0x02f1, B:133:0x0309, B:134:0x0300, B:137:0x030e, B:138:0x0314, B:140:0x031a, B:143:0x0322, B:156:0x0342, B:148:0x0327, B:149:0x0332, B:151:0x0334, B:152:0x033f, B:160:0x034b, B:169:0x0363, B:171:0x036d, B:172:0x0371, B:174:0x0377, B:175:0x0381, B:177:0x0385, B:185:0x0392, B:195:0x039f, B:197:0x03a9, B:105:0x03e0, B:205:0x03b2, B:206:0x03bf, B:209:0x03c1, B:210:0x03cc, B:217:0x03ce, B:218:0x03db, B:220:0x011b, B:221:0x011f, B:223:0x0125, B:226:0x013b, B:228:0x0145, B:229:0x0148, B:231:0x014e, B:232:0x015e, B:234:0x0164, B:236:0x0170, B:237:0x017d, B:238:0x0183, B:240:0x0189, B:248:0x01a2, B:252:0x0173, B:254:0x0177, B:257:0x01cf, B:261:0x01d8, B:262:0x01e3, B:269:0x03ea, B:270:0x03f7, B:272:0x03f8, B:277:0x0407, B:279:0x0411, B:280:0x0416, B:282:0x041c, B:283:0x0426, B:285:0x042b, B:300:0x043e, B:307:0x0585, B:308:0x0590, B:310:0x0449, B:311:0x0454, B:312:0x0455, B:314:0x045b, B:316:0x0463, B:318:0x0469, B:320:0x0471, B:321:0x0474, B:323:0x047a, B:325:0x048a, B:326:0x048e, B:328:0x0494, B:330:0x049c, B:333:0x049f, B:335:0x04a2, B:336:0x04a6, B:338:0x04ac, B:341:0x04bc, B:343:0x04c4, B:344:0x04c7, B:346:0x04cd, B:348:0x04d9, B:350:0x04dd, B:353:0x04e0, B:355:0x04e3, B:356:0x04ee, B:358:0x04f2, B:360:0x04fa, B:361:0x04fd, B:363:0x0503, B:365:0x0513, B:366:0x0517, B:368:0x051d, B:371:0x052d, B:376:0x0531, B:379:0x0534, B:381:0x0537, B:382:0x053b, B:384:0x0541, B:387:0x0551, B:393:0x0559, B:395:0x0561, B:396:0x0564, B:398:0x056a, B:400:0x0576, B:402:0x057a, B:405:0x057d, B:408:0x0592, B:409:0x059d), top: B:14:0x0068, inners: #0, #1, #4, #5, #6, #7, #9, #10 }] */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    private void checkPolicy() {
        /*
            Method dump skipped, instructions count: 1466
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: org.bouncycastle.pkix.jcajce.PKIXCertPathReviewer.checkPolicy():void");
    }

    /* JADX WARN: Can't wrap try/catch for region: R(13:34|(2:130|131)(3:36|(2:125|126)(2:38|(2:42|(1:44)))|45)|(2:46|47)|48|(15:88|89|(1:91)(1:115)|92|93|94|(8:96|97|(2:100|98)|101|102|(2:105|103)|106|107)|111|97|(1:98)|101|102|(1:103)|106|107)|(1:53)|54|(8:56|(1:60)|61|62|(4:64|(1:66)|68|(1:74))(1:75)|67|68|(2:70|74))|79|80|81|83|84) */
    /* JADX WARN: Code restructure failed: missing block: B:86:0x0379, code lost:
    
        addError(createErrorBundle("CertPathReviewer.pubKeyError"), r9);
     */
    /* JADX WARN: Removed duplicated region for block: B:100:0x02a0 A[LOOP:1: B:98:0x029a->B:100:0x02a0, LOOP_END] */
    /* JADX WARN: Removed duplicated region for block: B:105:0x02c1 A[LOOP:2: B:103:0x02bb->B:105:0x02c1, LOOP_END] */
    /* JADX WARN: Removed duplicated region for block: B:10:0x00e7  */
    /* JADX WARN: Removed duplicated region for block: B:135:0x0386 A[SYNTHETIC] */
    /* JADX WARN: Removed duplicated region for block: B:143:0x0157  */
    /* JADX WARN: Removed duplicated region for block: B:148:0x012e  */
    /* JADX WARN: Removed duplicated region for block: B:25:0x0131  */
    /* JADX WARN: Removed duplicated region for block: B:34:0x0166  */
    /* JADX WARN: Removed duplicated region for block: B:51:0x02ea  */
    /* JADX WARN: Removed duplicated region for block: B:56:0x0311  */
    /* JADX WARN: Removed duplicated region for block: B:88:0x025b A[EXC_TOP_SPLITTER, SYNTHETIC] */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    private void checkSignatures() {
        /*
            Method dump skipped, instructions count: 907
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: org.bouncycastle.pkix.jcajce.PKIXCertPathReviewer.checkSignatures():void");
    }

    private static ErrorBundle createErrorBundle(String str) {
        ErrorBundle errorBundle = new ErrorBundle(RESOURCE_NAME, str);
        errorBundle.setClassLoader(PKIXCertPathReviewer.class.getClassLoader());
        return errorBundle;
    }

    private static ErrorBundle createErrorBundle(String str, Object[] objArr) {
        ErrorBundle errorBundle = new ErrorBundle(RESOURCE_NAME, str, objArr);
        errorBundle.setClassLoader(PKIXCertPathReviewer.class.getClassLoader());
        return errorBundle;
    }

    private X509CRL getCRL(String str) throws CertPathReviewerException {
        try {
            URL url = new URL(str);
            if (!url.getProtocol().equals(ProxyConfig.MATCH_HTTP) && !url.getProtocol().equals(ProxyConfig.MATCH_HTTPS)) {
                return null;
            }
            HttpURLConnection httpURLConnection = (HttpURLConnection) url.openConnection();
            httpURLConnection.setUseCaches(false);
            httpURLConnection.setDoInput(true);
            httpURLConnection.connect();
            if (httpURLConnection.getResponseCode() == 200) {
                return (X509CRL) CertificateFactory.getInstance("X.509", BouncyCastleProvider.PROVIDER_NAME).generateCRL(httpURLConnection.getInputStream());
            }
            throw new Exception(httpURLConnection.getResponseMessage());
        } catch (Exception e) {
            throw new CertPathReviewerException(createErrorBundle("CertPathReviewer.loadCrlDistPointError", new Object[]{new UntrustedInput(str), e.getMessage(), e, e.getClass().getName()}));
        }
    }

    private boolean processQcStatements(X509Certificate x509Certificate, int i) {
        ErrorBundle createErrorBundle;
        try {
            ASN1Sequence aSN1Sequence = (ASN1Sequence) getExtensionValue(x509Certificate, QC_STATEMENT);
            boolean z = false;
            for (int i2 = 0; i2 < aSN1Sequence.size(); i2++) {
                QCStatement qCStatement = QCStatement.getInstance(aSN1Sequence.getObjectAt(i2));
                if (QCStatement.id_etsi_qcs_QcCompliance.equals((ASN1Primitive) qCStatement.getStatementId())) {
                    createErrorBundle = createErrorBundle("CertPathReviewer.QcEuCompliance");
                } else {
                    if (!QCStatement.id_qcs_pkixQCSyntax_v1.equals((ASN1Primitive) qCStatement.getStatementId())) {
                        if (QCStatement.id_etsi_qcs_QcSSCD.equals((ASN1Primitive) qCStatement.getStatementId())) {
                            createErrorBundle = createErrorBundle("CertPathReviewer.QcSSCD");
                        } else if (QCStatement.id_etsi_qcs_LimiteValue.equals((ASN1Primitive) qCStatement.getStatementId())) {
                            MonetaryValue monetaryValue = MonetaryValue.getInstance(qCStatement.getStatementInfo());
                            monetaryValue.getCurrency();
                            double doubleValue = monetaryValue.getAmount().doubleValue() * Math.pow(10.0d, monetaryValue.getExponent().doubleValue());
                            createErrorBundle = monetaryValue.getCurrency().isAlphabetic() ? createErrorBundle("CertPathReviewer.QcLimitValueAlpha", new Object[]{monetaryValue.getCurrency().getAlphabetic(), new TrustedInput(new Double(doubleValue)), monetaryValue}) : createErrorBundle("CertPathReviewer.QcLimitValueNum", new Object[]{Integers.valueOf(monetaryValue.getCurrency().getNumeric()), new TrustedInput(new Double(doubleValue)), monetaryValue});
                        } else {
                            addNotification(createErrorBundle("CertPathReviewer.QcUnknownStatement", new Object[]{qCStatement.getStatementId(), new UntrustedInput(qCStatement)}), i);
                            z = true;
                        }
                    }
                }
                addNotification(createErrorBundle, i);
            }
            return !z;
        } catch (AnnotatedException e) {
            addError(createErrorBundle("CertPathReviewer.QcStatementExtError"), i);
            return false;
        }
    }

    protected void addError(ErrorBundle errorBundle) {
        this.errors[0].add(errorBundle);
    }

    protected void addError(ErrorBundle errorBundle, int i) {
        if (i < -1 || i >= this.n) {
            throw new IndexOutOfBoundsException();
        }
        this.errors[i + 1].add(errorBundle);
    }

    protected void addNotification(ErrorBundle errorBundle) {
        this.notifications[0].add(errorBundle);
    }

    protected void addNotification(ErrorBundle errorBundle, int i) {
        if (i < -1 || i >= this.n) {
            throw new IndexOutOfBoundsException();
        }
        this.notifications[i + 1].add(errorBundle);
    }

    /* JADX WARN: Removed duplicated region for block: B:169:0x0230  */
    /* JADX WARN: Removed duplicated region for block: B:85:0x0206  */
    /* JADX WARN: Removed duplicated region for block: B:88:0x021c  */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    protected void checkCRLs(java.security.cert.PKIXParameters r22, java.security.cert.X509Certificate r23, java.util.Date r24, java.security.cert.X509Certificate r25, java.security.PublicKey r26, java.util.Vector r27, int r28) throws org.bouncycastle.pkix.jcajce.CertPathReviewerException {
        /*
            Method dump skipped, instructions count: 956
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: org.bouncycastle.pkix.jcajce.PKIXCertPathReviewer.checkCRLs(java.security.cert.PKIXParameters, java.security.cert.X509Certificate, java.util.Date, java.security.cert.X509Certificate, java.security.PublicKey, java.util.Vector, int):void");
    }

    protected void checkRevocation(PKIXParameters pKIXParameters, X509Certificate x509Certificate, Date date, X509Certificate x509Certificate2, PublicKey publicKey, Vector vector, Vector vector2, int i) throws CertPathReviewerException {
        checkCRLs(pKIXParameters, x509Certificate, date, x509Certificate2, publicKey, vector, i);
    }

    protected void doChecks() {
        if (!this.initialized) {
            throw new IllegalStateException("Object not initialized. Call init() first.");
        }
        if (this.notifications == null) {
            this.notifications = new List[this.n + 1];
            this.errors = new List[this.n + 1];
            for (int i = 0; i < this.notifications.length; i++) {
                this.notifications[i] = new ArrayList();
                this.errors[i] = new ArrayList();
            }
            checkSignatures();
            checkNameConstraints();
            checkPathLength();
            checkPolicy();
            checkCriticalExtensions();
        }
    }

    protected Vector getCRLDistUrls(CRLDistPoint cRLDistPoint) {
        Vector vector = new Vector();
        if (cRLDistPoint != null) {
            for (DistributionPoint distributionPoint : cRLDistPoint.getDistributionPoints()) {
                DistributionPointName distributionPoint2 = distributionPoint.getDistributionPoint();
                if (distributionPoint2.getType() == 0) {
                    GeneralName[] names = GeneralNames.getInstance(distributionPoint2.getName()).getNames();
                    for (int i = 0; i < names.length; i++) {
                        if (names[i].getTagNo() == 6) {
                            vector.add(((ASN1IA5String) names[i].getName()).getString());
                        }
                    }
                }
            }
        }
        return vector;
    }

    public CertPath getCertPath() {
        return this.certPath;
    }

    public int getCertPathSize() {
        return this.n;
    }

    public List getErrors(int i) {
        doChecks();
        return this.errors[i + 1];
    }

    public List[] getErrors() {
        doChecks();
        return this.errors;
    }

    public List getNotifications(int i) {
        doChecks();
        return this.notifications[i + 1];
    }

    public List[] getNotifications() {
        doChecks();
        return this.notifications;
    }

    protected Vector getOCSPUrls(AuthorityInformationAccess authorityInformationAccess) {
        Vector vector = new Vector();
        if (authorityInformationAccess != null) {
            AccessDescription[] accessDescriptions = authorityInformationAccess.getAccessDescriptions();
            for (int i = 0; i < accessDescriptions.length; i++) {
                if (accessDescriptions[i].getAccessMethod().equals((ASN1Primitive) AccessDescription.id_ad_ocsp)) {
                    GeneralName accessLocation = accessDescriptions[i].getAccessLocation();
                    if (accessLocation.getTagNo() == 6) {
                        vector.add(((ASN1IA5String) accessLocation.getName()).getString());
                    }
                }
            }
        }
        return vector;
    }

    public PolicyNode getPolicyTree() {
        doChecks();
        return this.policyTree;
    }

    public PublicKey getSubjectPublicKey() {
        doChecks();
        return this.subjectPublicKey;
    }

    public TrustAnchor getTrustAnchor() {
        doChecks();
        return this.trustAnchor;
    }

    protected Collection getTrustAnchors(X509Certificate x509Certificate, Set set) throws CertPathReviewerException {
        ArrayList arrayList = new ArrayList();
        Iterator it = set.iterator();
        X509CertSelector x509CertSelector = new X509CertSelector();
        try {
            x509CertSelector.setSubject(getEncodedIssuerPrincipal(x509Certificate).getEncoded());
            byte[] extensionValue = x509Certificate.getExtensionValue(Extension.authorityKeyIdentifier.getId());
            if (extensionValue != null) {
                AuthorityKeyIdentifier authorityKeyIdentifier = AuthorityKeyIdentifier.getInstance(ASN1Primitive.fromByteArray(((ASN1OctetString) ASN1Primitive.fromByteArray(extensionValue)).getOctets()));
                if (authorityKeyIdentifier.getAuthorityCertSerialNumber() != null) {
                    x509CertSelector.setSerialNumber(authorityKeyIdentifier.getAuthorityCertSerialNumber());
                } else {
                    byte[] keyIdentifier = authorityKeyIdentifier.getKeyIdentifier();
                    if (keyIdentifier != null) {
                        x509CertSelector.setSubjectKeyIdentifier(new DEROctetString(keyIdentifier).getEncoded());
                    }
                }
            }
            while (it.hasNext()) {
                TrustAnchor trustAnchor = (TrustAnchor) it.next();
                if (trustAnchor.getTrustedCert() != null) {
                    if (x509CertSelector.match(trustAnchor.getTrustedCert())) {
                        arrayList.add(trustAnchor);
                    }
                } else if (trustAnchor.getCAName() != null && trustAnchor.getCAPublicKey() != null && getEncodedIssuerPrincipal(x509Certificate).equals(new X500Principal(trustAnchor.getCAName()))) {
                    arrayList.add(trustAnchor);
                }
            }
            return arrayList;
        } catch (IOException e) {
            throw new CertPathReviewerException(createErrorBundle("CertPathReviewer.trustAnchorIssuerError"));
        }
    }

    public void init(CertPath certPath, PKIXParameters pKIXParameters) throws CertPathReviewerException {
        if (this.initialized) {
            throw new IllegalStateException("object is already initialized!");
        }
        this.initialized = true;
        if (certPath == null) {
            throw new NullPointerException("certPath was null");
        }
        List<? extends Certificate> certificates = certPath.getCertificates();
        if (certificates.size() != 1) {
            HashSet hashSet = new HashSet();
            Iterator<TrustAnchor> it = pKIXParameters.getTrustAnchors().iterator();
            while (it.hasNext()) {
                hashSet.add(it.next().getTrustedCert());
            }
            ArrayList arrayList = new ArrayList();
            for (int i = 0; i != certificates.size(); i++) {
                if (!hashSet.contains(certificates.get(i))) {
                    arrayList.add(certificates.get(i));
                }
            }
            try {
                this.certPath = CertificateFactory.getInstance("X.509", BouncyCastleProvider.PROVIDER_NAME).generateCertPath(arrayList);
                this.certs = arrayList;
            } catch (GeneralSecurityException e) {
                throw new IllegalStateException("unable to rebuild certpath");
            }
        } else {
            this.certPath = certPath;
            this.certs = certPath.getCertificates();
        }
        this.n = this.certs.size();
        if (this.certs.isEmpty()) {
            throw new CertPathReviewerException(createErrorBundle("CertPathReviewer.emptyCertPath"));
        }
        this.pkixParams = (PKIXParameters) pKIXParameters.clone();
        this.currentDate = new Date();
        this.validDate = getValidityDate(this.pkixParams, this.currentDate);
        this.notifications = null;
        this.errors = null;
        this.trustAnchor = null;
        this.subjectPublicKey = null;
        this.policyTree = null;
    }

    public boolean isValidCertPath() {
        doChecks();
        for (int i = 0; i < this.errors.length; i++) {
            if (!this.errors[i].isEmpty()) {
                return false;
            }
        }
        return true;
    }
}
