package org.spongycastle.jce.provider;

import java.io.IOException;
import java.math.BigInteger;
import java.security.GeneralSecurityException;
import java.security.PublicKey;
import java.security.cert.CertPath;
import java.security.cert.CertPathBuilderException;
import java.security.cert.CertPathValidatorException;
import java.security.cert.Certificate;
import java.security.cert.CertificateExpiredException;
import java.security.cert.CertificateNotYetValidException;
import java.security.cert.PKIXCertPathChecker;
import java.security.cert.X509CRL;
import java.security.cert.X509CertSelector;
import java.security.cert.X509Certificate;
import java.security.cert.X509Extension;
import java.text.SimpleDateFormat;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Date;
import java.util.Enumeration;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Set;
import java.util.TimeZone;
import org.spongycastle.asn1.ASN1Encodable;
import org.spongycastle.asn1.ASN1EncodableVector;
import org.spongycastle.asn1.ASN1InputStream;
import org.spongycastle.asn1.ASN1Integer;
import org.spongycastle.asn1.ASN1ObjectIdentifier;
import org.spongycastle.asn1.ASN1Primitive;
import org.spongycastle.asn1.ASN1Sequence;
import org.spongycastle.asn1.ASN1String;
import org.spongycastle.asn1.ASN1TaggedObject;
import org.spongycastle.asn1.DERSequence;
import org.spongycastle.asn1.x500.RDN;
import org.spongycastle.asn1.x500.X500Name;
import org.spongycastle.asn1.x500.style.BCStyle;
import org.spongycastle.asn1.x509.BasicConstraints;
import org.spongycastle.asn1.x509.CRLDistPoint;
import org.spongycastle.asn1.x509.DistributionPoint;
import org.spongycastle.asn1.x509.DistributionPointName;
import org.spongycastle.asn1.x509.Extension;
import org.spongycastle.asn1.x509.GeneralName;
import org.spongycastle.asn1.x509.GeneralNames;
import org.spongycastle.asn1.x509.GeneralSubtree;
import org.spongycastle.asn1.x509.IssuingDistributionPoint;
import org.spongycastle.asn1.x509.NameConstraints;
import org.spongycastle.asn1.x509.PolicyInformation;
import org.spongycastle.jcajce.PKIXCRLStore;
import org.spongycastle.jcajce.PKIXCertStoreSelector;
import org.spongycastle.jcajce.PKIXExtendedBuilderParameters;
import org.spongycastle.jcajce.PKIXExtendedParameters;
import org.spongycastle.jcajce.util.JcaJceHelper;
import org.spongycastle.jce.exception.ExtCertPathValidatorException;
import org.spongycastle.util.Arrays;
import org.spongycastle.util.Integers;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: classes.dex */
public class RFC3280CertPathUtilities {
    private static final PKIXCRLUtil p = new PKIXCRLUtil();

    /* renamed from: a, reason: collision with root package name */
    public static final String f2766a = Extension.q.f905a;

    /* renamed from: b, reason: collision with root package name */
    public static final String f2767b = Extension.r.f905a;
    public static final String c = Extension.w.f905a;
    public static final String d = Extension.m.f905a;
    public static final String e = Extension.v.f905a;
    public static final String f = Extension.l.f905a;
    public static final String g = Extension.t.f905a;
    public static final String h = Extension.g.f905a;
    public static final String i = Extension.p.f905a;
    public static final String j = Extension.e.f905a;
    public static final String k = Extension.o.f905a;
    public static final String l = Extension.s.f905a;
    public static final String m = Extension.c.f905a;
    public static final String n = Extension.h.f905a;
    protected static final String[] o = {"unspecified", "keyCompromise", "cACompromise", "affiliationChanged", "superseded", "cessationOfOperation", "certificateHold", "unknown", "removeFromCRL", "privilegeWithdrawn", "aACompromise"};

    RFC3280CertPathUtilities() {
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static int a(int i2, X509Certificate x509Certificate) {
        return (CertPathValidatorUtilities.a(x509Certificate) || i2 == 0) ? i2 : i2 - 1;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static int a(CertPath certPath, int i2, int i3) throws CertPathValidatorException {
        try {
            ASN1Sequence a2 = DERSequence.a((Object) CertPathValidatorUtilities.a((X509Certificate) certPath.getCertificates().get(i2), g));
            if (a2 == null) {
                return i3;
            }
            Enumeration c2 = a2.c();
            while (c2.hasMoreElements()) {
                try {
                    ASN1TaggedObject a3 = ASN1TaggedObject.a(c2.nextElement());
                    if (a3.f921a == 0) {
                        int intValue = ASN1Integer.a(a3, false).b().intValue();
                        return intValue < i3 ? intValue : i3;
                    }
                } catch (IllegalArgumentException e2) {
                    throw new ExtCertPathValidatorException("Policy constraints extension contents cannot be decoded.", e2, certPath, i2);
                }
            }
            return i3;
        } catch (Exception e3) {
            throw new ExtCertPathValidatorException("Policy constraints extension cannot be decoded.", e3, certPath, i2);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static PublicKey a(X509CRL x509crl, Set set) throws AnnotatedException {
        Exception e2 = null;
        Iterator it = set.iterator();
        while (it.hasNext()) {
            PublicKey publicKey = (PublicKey) it.next();
            try {
                x509crl.verify(publicKey);
                return publicKey;
            } catch (Exception e3) {
                e2 = e3;
            }
        }
        throw new AnnotatedException("Cannot verify CRL.", e2);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static X509CRL a(Set set, PublicKey publicKey) throws AnnotatedException {
        Iterator it = set.iterator();
        Exception e2 = null;
        while (it.hasNext()) {
            X509CRL x509crl = (X509CRL) it.next();
            try {
                x509crl.verify(publicKey);
                return x509crl;
            } catch (Exception e3) {
                e2 = e3;
            }
        }
        if (e2 != null) {
            throw new AnnotatedException("Cannot verify delta CRL.", e2);
        }
        return null;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static Set a(X509CRL x509crl, X509Certificate x509Certificate, PublicKey publicKey, PKIXExtendedParameters pKIXExtendedParameters, List list, JcaJceHelper jcaJceHelper) throws AnnotatedException {
        AnnotatedException annotatedException;
        int i2 = 0;
        X509CertSelector x509CertSelector = new X509CertSelector();
        try {
            x509CertSelector.setSubject(PrincipalUtils.a(x509crl).g());
            PKIXCertStoreSelector<? extends Certificate> a2 = new PKIXCertStoreSelector.Builder(x509CertSelector).a();
            try {
                Collection<X509Certificate> a3 = CertPathValidatorUtilities.a(a2, pKIXExtendedParameters.c);
                a3.addAll(CertPathValidatorUtilities.a(a2, pKIXExtendedParameters.f2454a.getCertStores()));
                a3.add(x509Certificate);
                ArrayList arrayList = new ArrayList();
                ArrayList arrayList2 = new ArrayList();
                for (X509Certificate x509Certificate2 : a3) {
                    if (x509Certificate2.equals(x509Certificate)) {
                        arrayList.add(x509Certificate2);
                        arrayList2.add(publicKey);
                    } else {
                        try {
                            PKIXCertPathBuilderSpi pKIXCertPathBuilderSpi = new PKIXCertPathBuilderSpi();
                            X509CertSelector x509CertSelector2 = new X509CertSelector();
                            x509CertSelector2.setCertificate(x509Certificate2);
                            PKIXExtendedParameters.Builder builder = new PKIXExtendedParameters.Builder(pKIXExtendedParameters);
                            builder.f2456a = new PKIXCertStoreSelector.Builder(x509CertSelector2).a();
                            if (list.contains(x509Certificate2)) {
                                builder.c = false;
                            } else {
                                builder.c = true;
                            }
                            List<? extends Certificate> certificates = pKIXCertPathBuilderSpi.engineBuild(new PKIXExtendedBuilderParameters.Builder(builder.a()).a()).getCertPath().getCertificates();
                            arrayList.add(x509Certificate2);
                            arrayList2.add(CertPathValidatorUtilities.a(certificates, 0, jcaJceHelper));
                        } catch (CertPathBuilderException e2) {
                            throw new AnnotatedException("CertPath for CRL signer failed to validate.", e2);
                        } catch (CertPathValidatorException e3) {
                            throw new AnnotatedException("Public key of issuer certificate of CRL could not be retrieved.", e3);
                        } catch (Exception e4) {
                            throw new AnnotatedException(e4.getMessage());
                        }
                    }
                }
                HashSet hashSet = new HashSet();
                AnnotatedException annotatedException2 = null;
                while (true) {
                    int i3 = i2;
                    annotatedException = annotatedException2;
                    if (i3 >= arrayList.size()) {
                        break;
                    }
                    boolean[] keyUsage = ((X509Certificate) arrayList.get(i3)).getKeyUsage();
                    if (keyUsage == null || (keyUsage.length >= 7 && keyUsage[6])) {
                        hashSet.add(arrayList2.get(i3));
                        annotatedException2 = annotatedException;
                    } else {
                        annotatedException2 = new AnnotatedException("Issuer certificate key usage extension does not permit CRL signing.");
                    }
                    i2 = i3 + 1;
                }
                if (hashSet.isEmpty() && annotatedException == null) {
                    throw new AnnotatedException("Cannot find a valid issuer certificate.");
                }
                if (!hashSet.isEmpty() || annotatedException == null) {
                    return hashSet;
                }
                throw annotatedException;
            } catch (AnnotatedException e5) {
                throw new AnnotatedException("Issuer certificate for CRL cannot be searched.", e5);
            }
        } catch (IOException e6) {
            throw new AnnotatedException("Subject criteria for certificate selector to find issuer certificate for CRL could not be set.", e6);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static PKIXPolicyNode a(CertPath certPath, int i2, Set set, PKIXPolicyNode pKIXPolicyNode, List[] listArr, int i3) throws CertPathValidatorException {
        String str;
        PKIXPolicyNode pKIXPolicyNode2;
        List<? extends Certificate> certificates = certPath.getCertificates();
        X509Certificate x509Certificate = (X509Certificate) certificates.get(i2);
        int size = certificates.size();
        int i4 = size - i2;
        try {
            ASN1Sequence a2 = DERSequence.a((Object) CertPathValidatorUtilities.a(x509Certificate, f2766a));
            if (a2 == null || pKIXPolicyNode == null) {
                return null;
            }
            Enumeration c2 = a2.c();
            HashSet hashSet = new HashSet();
            while (c2.hasMoreElements()) {
                PolicyInformation a3 = PolicyInformation.a(c2.nextElement());
                ASN1ObjectIdentifier aSN1ObjectIdentifier = a3.f1556a;
                hashSet.add(aSN1ObjectIdentifier.f905a);
                if (!"2.5.29.32.0".equals(aSN1ObjectIdentifier.f905a)) {
                    try {
                        Set a4 = CertPathValidatorUtilities.a(a3.f1557b);
                        if (!CertPathValidatorUtilities.a(i4, listArr, aSN1ObjectIdentifier, a4)) {
                            CertPathValidatorUtilities.b(i4, listArr, aSN1ObjectIdentifier, a4);
                        }
                    } catch (CertPathValidatorException e2) {
                        throw new ExtCertPathValidatorException("Policy qualifier info set could not be build.", e2, certPath, i2);
                    }
                }
            }
            if (set.isEmpty() || set.contains("2.5.29.32.0")) {
                set.clear();
                set.addAll(hashSet);
            } else {
                HashSet hashSet2 = new HashSet();
                for (Object obj : set) {
                    if (hashSet.contains(obj)) {
                        hashSet2.add(obj);
                    }
                }
                set.clear();
                set.addAll(hashSet2);
            }
            if (i3 > 0 || (i4 < size && CertPathValidatorUtilities.a(x509Certificate))) {
                Enumeration c3 = a2.c();
                while (true) {
                    if (!c3.hasMoreElements()) {
                        break;
                    }
                    PolicyInformation a5 = PolicyInformation.a(c3.nextElement());
                    if ("2.5.29.32.0".equals(a5.f1556a.f905a)) {
                        Set a6 = CertPathValidatorUtilities.a(a5.f1557b);
                        List list = listArr[i4 - 1];
                        int i5 = 0;
                        while (true) {
                            int i6 = i5;
                            if (i6 >= list.size()) {
                                break;
                            }
                            PKIXPolicyNode pKIXPolicyNode3 = (PKIXPolicyNode) list.get(i6);
                            for (Object obj2 : pKIXPolicyNode3.getExpectedPolicies()) {
                                if (obj2 instanceof String) {
                                    str = (String) obj2;
                                } else if (obj2 instanceof ASN1ObjectIdentifier) {
                                    str = ((ASN1ObjectIdentifier) obj2).f905a;
                                }
                                boolean z = false;
                                Iterator children = pKIXPolicyNode3.getChildren();
                                while (children.hasNext()) {
                                    z = str.equals(((PKIXPolicyNode) children.next()).getValidPolicy()) ? true : z;
                                }
                                if (!z) {
                                    HashSet hashSet3 = new HashSet();
                                    hashSet3.add(str);
                                    PKIXPolicyNode pKIXPolicyNode4 = new PKIXPolicyNode(new ArrayList(), i4, hashSet3, pKIXPolicyNode3, a6, str, false);
                                    pKIXPolicyNode3.a(pKIXPolicyNode4);
                                    listArr[i4].add(pKIXPolicyNode4);
                                }
                            }
                            i5 = i6 + 1;
                        }
                    }
                }
            }
            int i7 = i4 - 1;
            PKIXPolicyNode pKIXPolicyNode5 = pKIXPolicyNode;
            while (i7 >= 0) {
                List list2 = listArr[i7];
                int i8 = 0;
                while (true) {
                    if (i8 >= list2.size()) {
                        pKIXPolicyNode2 = pKIXPolicyNode5;
                        break;
                    }
                    PKIXPolicyNode pKIXPolicyNode6 = (PKIXPolicyNode) list2.get(i8);
                    if (pKIXPolicyNode6.a()) {
                        pKIXPolicyNode2 = pKIXPolicyNode5;
                    } else {
                        pKIXPolicyNode2 = CertPathValidatorUtilities.a(pKIXPolicyNode5, listArr, pKIXPolicyNode6);
                        if (pKIXPolicyNode2 != null) {
                        }
                    }
                    i8++;
                    pKIXPolicyNode5 = pKIXPolicyNode2;
                }
                i7--;
                pKIXPolicyNode5 = pKIXPolicyNode2;
            }
            Set<String> criticalExtensionOIDs = x509Certificate.getCriticalExtensionOIDs();
            if (criticalExtensionOIDs == null) {
                return pKIXPolicyNode5;
            }
            boolean contains = criticalExtensionOIDs.contains(f2766a);
            List list3 = listArr[i4];
            int i9 = 0;
            while (true) {
                int i10 = i9;
                if (i10 >= list3.size()) {
                    return pKIXPolicyNode5;
                }
                ((PKIXPolicyNode) list3.get(i10)).a(contains);
                i9 = i10 + 1;
            }
        } catch (AnnotatedException e3) {
            throw new ExtCertPathValidatorException("Could not read certificate policies extension from certificate.", e3, certPath, i2);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static PKIXPolicyNode a(CertPath certPath, int i2, PKIXPolicyNode pKIXPolicyNode) throws CertPathValidatorException {
        try {
            if (DERSequence.a((Object) CertPathValidatorUtilities.a((X509Certificate) certPath.getCertificates().get(i2), f2766a)) == null) {
                return null;
            }
            return pKIXPolicyNode;
        } catch (AnnotatedException e2) {
            throw new ExtCertPathValidatorException("Could not read certificate policies extension from certificate.", e2, certPath, i2);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    /* JADX WARN: Code restructure failed: missing block: B:101:0x0137, code lost:
    
        r0 = move-exception;
     */
    /* JADX WARN: Code restructure failed: missing block: B:103:0x013f, code lost:
    
        throw new org.spongycastle.jce.exception.ExtCertPathValidatorException("Certificate policies extension could not be decoded.", r0, r12, r13);
     */
    /* JADX WARN: Code restructure failed: missing block: B:105:0x0077, code lost:
    
        continue;
     */
    /* JADX WARN: Code restructure failed: missing block: B:68:0x00cd, code lost:
    
        r5 = null;
     */
    /* JADX WARN: Code restructure failed: missing block: B:71:0x00d6, code lost:
    
        r0 = ((org.spongycastle.asn1.ASN1Sequence) org.spongycastle.jce.provider.CertPathValidatorUtilities.a(r8, org.spongycastle.jce.provider.RFC3280CertPathUtilities.f2766a)).c();
     */
    /* JADX WARN: Code restructure failed: missing block: B:73:0x00de, code lost:
    
        if (r0.hasMoreElements() == false) goto L115;
     */
    /* JADX WARN: Code restructure failed: missing block: B:75:0x00e0, code lost:
    
        r3 = org.spongycastle.asn1.x509.PolicyInformation.a(r0.nextElement());
     */
    /* JADX WARN: Code restructure failed: missing block: B:77:0x00f2, code lost:
    
        if ("2.5.29.32.0".equals(r3.f1556a.f905a) == false) goto L116;
     */
    /* JADX WARN: Code restructure failed: missing block: B:79:0x00f4, code lost:
    
        r5 = org.spongycastle.jce.provider.CertPathValidatorUtilities.a(r3.f1557b);
     */
    /* JADX WARN: Code restructure failed: missing block: B:80:0x00fa, code lost:
    
        r7 = false;
     */
    /* JADX WARN: Code restructure failed: missing block: B:81:0x00ff, code lost:
    
        if (r8.getCriticalExtensionOIDs() == null) goto L45;
     */
    /* JADX WARN: Code restructure failed: missing block: B:82:0x0101, code lost:
    
        r7 = r8.getCriticalExtensionOIDs().contains(org.spongycastle.jce.provider.RFC3280CertPathUtilities.f2766a);
     */
    /* JADX WARN: Code restructure failed: missing block: B:83:0x010b, code lost:
    
        r4 = (org.spongycastle.jce.provider.PKIXPolicyNode) r1.getParent();
     */
    /* JADX WARN: Code restructure failed: missing block: B:84:0x011b, code lost:
    
        if ("2.5.29.32.0".equals(r4.getValidPolicy()) == false) goto L102;
     */
    /* JADX WARN: Code restructure failed: missing block: B:86:0x011d, code lost:
    
        r0 = new org.spongycastle.jce.provider.PKIXPolicyNode(new java.util.ArrayList(), r2, (java.util.Set) r10.get(r6), r4, r5, r6, r7);
        r4.a(r0);
        r14[r2].add(r0);
     */
    /* JADX WARN: Code restructure failed: missing block: B:90:0x0149, code lost:
    
        r0 = move-exception;
     */
    /* JADX WARN: Code restructure failed: missing block: B:92:0x0151, code lost:
    
        throw new org.spongycastle.jce.exception.ExtCertPathValidatorException("Policy qualifier info set could not be decoded.", r0, r12, r13);
     */
    /* JADX WARN: Code restructure failed: missing block: B:96:0x0140, code lost:
    
        r0 = move-exception;
     */
    /* JADX WARN: Code restructure failed: missing block: B:98:0x0148, code lost:
    
        throw new java.security.cert.CertPathValidatorException("Policy information could not be decoded.", r0, r12, r13);
     */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public static org.spongycastle.jce.provider.PKIXPolicyNode a(java.security.cert.CertPath r12, int r13, java.util.List[] r14, org.spongycastle.jce.provider.PKIXPolicyNode r15, int r16) throws java.security.cert.CertPathValidatorException {
        /*
            Method dump skipped, instructions count: 437
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: org.spongycastle.jce.provider.RFC3280CertPathUtilities.a(java.security.cert.CertPath, int, java.util.List[], org.spongycastle.jce.provider.PKIXPolicyNode, int):org.spongycastle.jce.provider.PKIXPolicyNode");
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static PKIXPolicyNode a(CertPath certPath, PKIXExtendedParameters pKIXExtendedParameters, Set set, int i2, List[] listArr, PKIXPolicyNode pKIXPolicyNode, Set set2) throws CertPathValidatorException {
        PKIXPolicyNode pKIXPolicyNode2;
        int size = certPath.getCertificates().size();
        if (pKIXPolicyNode == null) {
            if (pKIXExtendedParameters.f2454a.isExplicitPolicyRequired()) {
                throw new ExtCertPathValidatorException("Explicit policy requested but none available.", null, certPath, i2);
            }
            return null;
        }
        if (CertPathValidatorUtilities.a(set)) {
            if (!pKIXExtendedParameters.f2454a.isExplicitPolicyRequired()) {
                return pKIXPolicyNode;
            }
            if (set2.isEmpty()) {
                throw new ExtCertPathValidatorException("Explicit policy requested but none available.", null, certPath, i2);
            }
            HashSet hashSet = new HashSet();
            int i3 = 0;
            while (true) {
                int i4 = i3;
                if (i4 >= listArr.length) {
                    break;
                }
                List list = listArr[i4];
                int i5 = 0;
                while (true) {
                    int i6 = i5;
                    if (i6 < list.size()) {
                        PKIXPolicyNode pKIXPolicyNode3 = (PKIXPolicyNode) list.get(i6);
                        if ("2.5.29.32.0".equals(pKIXPolicyNode3.getValidPolicy())) {
                            Iterator children = pKIXPolicyNode3.getChildren();
                            while (children.hasNext()) {
                                hashSet.add(children.next());
                            }
                        }
                        i5 = i6 + 1;
                    }
                }
                i3 = i4 + 1;
            }
            Iterator it = hashSet.iterator();
            while (it.hasNext()) {
                set2.contains(((PKIXPolicyNode) it.next()).getValidPolicy());
            }
            if (pKIXPolicyNode == null) {
                return pKIXPolicyNode;
            }
            PKIXPolicyNode pKIXPolicyNode4 = pKIXPolicyNode;
            for (int i7 = size - 1; i7 >= 0; i7--) {
                List list2 = listArr[i7];
                int i8 = 0;
                PKIXPolicyNode pKIXPolicyNode5 = pKIXPolicyNode4;
                while (true) {
                    int i9 = i8;
                    if (i9 < list2.size()) {
                        PKIXPolicyNode pKIXPolicyNode6 = (PKIXPolicyNode) list2.get(i9);
                        if (!pKIXPolicyNode6.a()) {
                            pKIXPolicyNode5 = CertPathValidatorUtilities.a(pKIXPolicyNode5, listArr, pKIXPolicyNode6);
                        }
                        i8 = i9 + 1;
                    }
                }
                pKIXPolicyNode4 = pKIXPolicyNode5;
            }
            return pKIXPolicyNode4;
        }
        HashSet<PKIXPolicyNode> hashSet2 = new HashSet();
        int i10 = 0;
        while (true) {
            int i11 = i10;
            if (i11 >= listArr.length) {
                break;
            }
            List list3 = listArr[i11];
            int i12 = 0;
            while (true) {
                int i13 = i12;
                if (i13 < list3.size()) {
                    PKIXPolicyNode pKIXPolicyNode7 = (PKIXPolicyNode) list3.get(i13);
                    if ("2.5.29.32.0".equals(pKIXPolicyNode7.getValidPolicy())) {
                        Iterator children2 = pKIXPolicyNode7.getChildren();
                        while (children2.hasNext()) {
                            PKIXPolicyNode pKIXPolicyNode8 = (PKIXPolicyNode) children2.next();
                            if (!"2.5.29.32.0".equals(pKIXPolicyNode8.getValidPolicy())) {
                                hashSet2.add(pKIXPolicyNode8);
                            }
                        }
                    }
                    i12 = i13 + 1;
                }
            }
            i10 = i11 + 1;
        }
        for (PKIXPolicyNode pKIXPolicyNode9 : hashSet2) {
            if (!set.contains(pKIXPolicyNode9.getValidPolicy())) {
                pKIXPolicyNode = CertPathValidatorUtilities.a(pKIXPolicyNode, listArr, pKIXPolicyNode9);
            }
        }
        if (pKIXPolicyNode != null) {
            pKIXPolicyNode2 = pKIXPolicyNode;
            for (int i14 = size - 1; i14 >= 0; i14--) {
                List list4 = listArr[i14];
                int i15 = 0;
                PKIXPolicyNode pKIXPolicyNode10 = pKIXPolicyNode2;
                while (true) {
                    int i16 = i15;
                    if (i16 < list4.size()) {
                        PKIXPolicyNode pKIXPolicyNode11 = (PKIXPolicyNode) list4.get(i16);
                        if (!pKIXPolicyNode11.a()) {
                            pKIXPolicyNode10 = CertPathValidatorUtilities.a(pKIXPolicyNode10, listArr, pKIXPolicyNode11);
                        }
                        i15 = i16 + 1;
                    }
                }
                pKIXPolicyNode2 = pKIXPolicyNode10;
            }
        } else {
            pKIXPolicyNode2 = pKIXPolicyNode;
        }
        return pKIXPolicyNode2;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static ReasonsMask a(X509CRL x509crl, DistributionPoint distributionPoint) throws AnnotatedException {
        try {
            IssuingDistributionPoint a2 = IssuingDistributionPoint.a(CertPathValidatorUtilities.a(x509crl, d));
            if (a2 != null && a2.d != null && distributionPoint.f1519b != null) {
                return new ReasonsMask(distributionPoint.f1519b).b(new ReasonsMask(a2.d));
            }
            if ((a2 == null || a2.d == null) && distributionPoint.f1519b == null) {
                return ReasonsMask.f2770a;
            }
            return (distributionPoint.f1519b == null ? ReasonsMask.f2770a : new ReasonsMask(distributionPoint.f1519b)).b(a2 == null ? ReasonsMask.f2770a : new ReasonsMask(a2.d));
        } catch (Exception e2) {
            throw new AnnotatedException("Issuing distribution point extension could not be decoded.", e2);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static void a(CertPath certPath, int i2) throws CertPathValidatorException {
        try {
            ASN1Sequence a2 = DERSequence.a((Object) CertPathValidatorUtilities.a((X509Certificate) certPath.getCertificates().get(i2), f2767b));
            if (a2 != null) {
                for (int i3 = 0; i3 < a2.d(); i3++) {
                    try {
                        ASN1Sequence a3 = DERSequence.a(a2.a(i3));
                        ASN1ObjectIdentifier a4 = ASN1ObjectIdentifier.a(a3.a(0));
                        ASN1ObjectIdentifier a5 = ASN1ObjectIdentifier.a(a3.a(1));
                        if ("2.5.29.32.0".equals(a4.f905a)) {
                            throw new CertPathValidatorException("IssuerDomainPolicy is anyPolicy", null, certPath, i2);
                        }
                        if ("2.5.29.32.0".equals(a5.f905a)) {
                            throw new CertPathValidatorException("SubjectDomainPolicy is anyPolicy,", null, certPath, i2);
                        }
                    } catch (Exception e2) {
                        throw new ExtCertPathValidatorException("Policy mappings extension contents could not be decoded.", e2, certPath, i2);
                    }
                }
            }
        } catch (AnnotatedException e3) {
            throw new ExtCertPathValidatorException("Policy mappings extension could not be decoded.", e3, certPath, i2);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static void a(CertPath certPath, int i2, List list, Set set) throws CertPathValidatorException {
        X509Certificate x509Certificate = (X509Certificate) certPath.getCertificates().get(i2);
        Iterator it = list.iterator();
        while (it.hasNext()) {
            try {
                ((PKIXCertPathChecker) it.next()).check(x509Certificate, set);
            } catch (CertPathValidatorException e2) {
                throw new ExtCertPathValidatorException("Additional certificate path checker failed.", e2, certPath, i2);
            }
        }
        if (!set.isEmpty()) {
            throw new ExtCertPathValidatorException("Certificate has unsupported critical extension: " + set, null, certPath, i2);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static void a(CertPath certPath, int i2, Set set, List list) throws CertPathValidatorException {
        X509Certificate x509Certificate = (X509Certificate) certPath.getCertificates().get(i2);
        Iterator it = list.iterator();
        while (it.hasNext()) {
            try {
                ((PKIXCertPathChecker) it.next()).check(x509Certificate, set);
            } catch (CertPathValidatorException e2) {
                throw new CertPathValidatorException(e2.getMessage(), e2.getCause(), certPath, i2);
            }
        }
        if (!set.isEmpty()) {
            throw new ExtCertPathValidatorException("Certificate has unsupported critical extension: " + set, null, certPath, i2);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static void a(CertPath certPath, int i2, PKIXNameConstraintValidator pKIXNameConstraintValidator) throws CertPathValidatorException {
        List<? extends Certificate> certificates = certPath.getCertificates();
        X509Certificate x509Certificate = (X509Certificate) certificates.get(i2);
        int size = certificates.size();
        int i3 = size - i2;
        if (!CertPathValidatorUtilities.a(x509Certificate) || i3 >= size) {
            try {
                ASN1Sequence a2 = DERSequence.a(PrincipalUtils.a(x509Certificate).g());
                try {
                    pKIXNameConstraintValidator.a(a2);
                    pKIXNameConstraintValidator.b(a2);
                    try {
                        GeneralNames a3 = GeneralNames.a(CertPathValidatorUtilities.a(x509Certificate, j));
                        RDN[] a4 = X500Name.a(a2).a(BCStyle.E);
                        for (int i4 = 0; i4 != a4.length; i4++) {
                            GeneralName generalName = new GeneralName(((ASN1String) a4[i4].b().f1468b).b());
                            try {
                                pKIXNameConstraintValidator.a(generalName);
                                pKIXNameConstraintValidator.b(generalName);
                            } catch (PKIXNameConstraintValidatorException e2) {
                                throw new CertPathValidatorException("Subtree check for certificate subject alternative email failed.", e2, certPath, i2);
                            }
                        }
                        if (a3 != null) {
                            try {
                                GeneralName[] a5 = a3.a();
                                for (int i5 = 0; i5 < a5.length; i5++) {
                                    try {
                                        pKIXNameConstraintValidator.a(a5[i5]);
                                        pKIXNameConstraintValidator.b(a5[i5]);
                                    } catch (PKIXNameConstraintValidatorException e3) {
                                        throw new CertPathValidatorException("Subtree check for certificate subject alternative name failed.", e3, certPath, i2);
                                    }
                                }
                            } catch (Exception e4) {
                                throw new CertPathValidatorException("Subject alternative name contents could not be decoded.", e4, certPath, i2);
                            }
                        }
                    } catch (Exception e5) {
                        throw new CertPathValidatorException("Subject alternative name extension could not be decoded.", e5, certPath, i2);
                    }
                } catch (PKIXNameConstraintValidatorException e6) {
                    throw new CertPathValidatorException("Subtree check for certificate subject failed.", e6, certPath, i2);
                }
            } catch (Exception e7) {
                throw new CertPathValidatorException("Exception extracting subject name when checking subtrees.", e7, certPath, i2);
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static void a(CertPath certPath, int i2, PKIXPolicyNode pKIXPolicyNode, int i3) throws CertPathValidatorException {
        if (i3 <= 0 && pKIXPolicyNode == null) {
            throw new ExtCertPathValidatorException("No valid policy tree found when one expected.", null, certPath, i2);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static void a(CertPath certPath, PKIXExtendedParameters pKIXExtendedParameters, int i2, PublicKey publicKey, boolean z, X500Name x500Name, X509Certificate x509Certificate, JcaJceHelper jcaJceHelper) throws ExtCertPathValidatorException {
        List<? extends Certificate> certificates = certPath.getCertificates();
        X509Certificate x509Certificate2 = (X509Certificate) certificates.get(i2);
        if (!z) {
            try {
                CertPathValidatorUtilities.a(x509Certificate2, publicKey, pKIXExtendedParameters.f2454a.getSigProvider());
            } catch (GeneralSecurityException e2) {
                throw new ExtCertPathValidatorException("Could not validate certificate signature.", e2, certPath, i2);
            }
        }
        try {
            x509Certificate2.checkValidity(CertPathValidatorUtilities.a(pKIXExtendedParameters, certPath, i2));
            if (pKIXExtendedParameters.g) {
                try {
                    a(pKIXExtendedParameters, x509Certificate2, CertPathValidatorUtilities.a(pKIXExtendedParameters, certPath, i2), x509Certificate, publicKey, certificates, jcaJceHelper);
                } catch (AnnotatedException e3) {
                    throw new ExtCertPathValidatorException(e3.getMessage(), e3.getCause() != null ? e3.getCause() : e3, certPath, i2);
                }
            }
            if (!PrincipalUtils.a((Object) x509Certificate2).equals(x500Name)) {
                throw new ExtCertPathValidatorException("IssuerName(" + PrincipalUtils.a((Object) x509Certificate2) + ") does not match SubjectName(" + x500Name + ") of signing certificate.", null, certPath, i2);
            }
        } catch (CertificateExpiredException e4) {
            throw new ExtCertPathValidatorException("Could not validate certificate: " + e4.getMessage(), e4, certPath, i2);
        } catch (CertificateNotYetValidException e5) {
            throw new ExtCertPathValidatorException("Could not validate certificate: " + e5.getMessage(), e5, certPath, i2);
        } catch (AnnotatedException e6) {
            throw new ExtCertPathValidatorException("Could not validate time of certificate.", e6, certPath, i2);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static void a(X509CRL x509crl, X509CRL x509crl2, PKIXExtendedParameters pKIXExtendedParameters) throws AnnotatedException {
        boolean z = true;
        if (x509crl == null) {
            return;
        }
        try {
            IssuingDistributionPoint a2 = IssuingDistributionPoint.a(CertPathValidatorUtilities.a(x509crl2, d));
            if (pKIXExtendedParameters.h) {
                if (!PrincipalUtils.a(x509crl).equals(PrincipalUtils.a(x509crl2))) {
                    throw new AnnotatedException("Complete CRL issuer does not match delta CRL issuer.");
                }
                try {
                    IssuingDistributionPoint a3 = IssuingDistributionPoint.a(CertPathValidatorUtilities.a(x509crl, d));
                    if (a2 != null ? !a2.equals(a3) : a3 != null) {
                        z = false;
                    }
                    if (!z) {
                        throw new AnnotatedException("Issuing distribution point extension from delta CRL and complete CRL does not match.");
                    }
                    try {
                        ASN1Primitive a4 = CertPathValidatorUtilities.a(x509crl2, l);
                        try {
                            ASN1Primitive a5 = CertPathValidatorUtilities.a(x509crl, l);
                            if (a4 == null) {
                                throw new AnnotatedException("CRL authority key identifier is null.");
                            }
                            if (a5 == null) {
                                throw new AnnotatedException("Delta CRL authority key identifier is null.");
                            }
                            if (!a4.equals(a5)) {
                                throw new AnnotatedException("Delta CRL authority key identifier does not match complete CRL authority key identifier.");
                            }
                        } catch (AnnotatedException e2) {
                            throw new AnnotatedException("Authority key identifier extension could not be extracted from delta CRL.", e2);
                        }
                    } catch (AnnotatedException e3) {
                        throw new AnnotatedException("Authority key identifier extension could not be extracted from complete CRL.", e3);
                    }
                } catch (Exception e4) {
                    throw new AnnotatedException("Issuing distribution point extension from delta CRL could not be decoded.", e4);
                }
            }
        } catch (Exception e5) {
            throw new AnnotatedException("Issuing distribution point extension could not be decoded.", e5);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static void a(Date date, X509CRL x509crl, Object obj, CertStatus certStatus) throws AnnotatedException {
        if (certStatus.f2729a == 11) {
            CertPathValidatorUtilities.a(date, x509crl, obj, certStatus);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static void a(Date date, X509CRL x509crl, Object obj, CertStatus certStatus, PKIXExtendedParameters pKIXExtendedParameters) throws AnnotatedException {
        if (!pKIXExtendedParameters.h || x509crl == null) {
            return;
        }
        CertPathValidatorUtilities.a(date, x509crl, obj, certStatus);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static void a(DistributionPoint distributionPoint, Object obj, X509CRL x509crl) throws AnnotatedException {
        GeneralName[] generalNameArr;
        boolean z = false;
        try {
            IssuingDistributionPoint a2 = IssuingDistributionPoint.a(CertPathValidatorUtilities.a(x509crl, d));
            if (a2 != null) {
                if (a2.f1541a != null) {
                    DistributionPointName distributionPointName = IssuingDistributionPoint.a(a2).f1541a;
                    ArrayList arrayList = new ArrayList();
                    if (distributionPointName.f1521b == 0) {
                        for (GeneralName generalName : GeneralNames.a(distributionPointName.f1520a).a()) {
                            arrayList.add(generalName);
                        }
                    }
                    if (distributionPointName.f1521b == 1) {
                        ASN1EncodableVector aSN1EncodableVector = new ASN1EncodableVector();
                        try {
                            Enumeration c2 = ASN1Sequence.a(PrincipalUtils.a(x509crl)).c();
                            while (c2.hasMoreElements()) {
                                aSN1EncodableVector.a((ASN1Encodable) c2.nextElement());
                            }
                            aSN1EncodableVector.a(distributionPointName.f1520a);
                            arrayList.add(new GeneralName(X500Name.a(new DERSequence(aSN1EncodableVector))));
                        } catch (Exception e2) {
                            throw new AnnotatedException("Could not read CRL issuer.", e2);
                        }
                    }
                    if (distributionPoint.f1518a != null) {
                        DistributionPointName distributionPointName2 = distributionPoint.f1518a;
                        GeneralName[] a3 = distributionPointName2.f1521b == 0 ? GeneralNames.a(distributionPointName2.f1520a).a() : null;
                        if (distributionPointName2.f1521b == 1) {
                            if (distributionPoint.c != null) {
                                generalNameArr = distributionPoint.c.a();
                            } else {
                                GeneralName[] generalNameArr2 = new GeneralName[1];
                                try {
                                    generalNameArr2[0] = new GeneralName(X500Name.a(PrincipalUtils.a(obj).g()));
                                    generalNameArr = generalNameArr2;
                                } catch (Exception e3) {
                                    throw new AnnotatedException("Could not read certificate issuer.", e3);
                                }
                            }
                            for (int i2 = 0; i2 < generalNameArr.length; i2++) {
                                Enumeration c3 = ASN1Sequence.a((Object) generalNameArr[i2].f1529a.f()).c();
                                ASN1EncodableVector aSN1EncodableVector2 = new ASN1EncodableVector();
                                while (c3.hasMoreElements()) {
                                    aSN1EncodableVector2.a((ASN1Encodable) c3.nextElement());
                                }
                                aSN1EncodableVector2.a(distributionPointName2.f1520a);
                                generalNameArr[i2] = new GeneralName(X500Name.a(new DERSequence(aSN1EncodableVector2)));
                            }
                        } else {
                            generalNameArr = a3;
                        }
                        if (generalNameArr != null) {
                            int i3 = 0;
                            while (true) {
                                if (i3 >= generalNameArr.length) {
                                    break;
                                }
                                if (arrayList.contains(generalNameArr[i3])) {
                                    z = true;
                                    break;
                                }
                                i3++;
                            }
                        }
                        if (!z) {
                            throw new AnnotatedException("No match for certificate CRL issuing distribution point name to cRLIssuer CRL distribution point.");
                        }
                    } else {
                        if (distributionPoint.c == null) {
                            throw new AnnotatedException("Either the cRLIssuer or the distributionPoint field must be contained in DistributionPoint.");
                        }
                        GeneralName[] a4 = distributionPoint.c.a();
                        int i4 = 0;
                        while (true) {
                            if (i4 >= a4.length) {
                                break;
                            }
                            if (arrayList.contains(a4[i4])) {
                                z = true;
                                break;
                            }
                            i4++;
                        }
                        if (!z) {
                            throw new AnnotatedException("No match for certificate CRL issuing distribution point name to cRLIssuer CRL distribution point.");
                        }
                    }
                }
                try {
                    BasicConstraints a5 = BasicConstraints.a(CertPathValidatorUtilities.a((X509Extension) obj, h));
                    if (obj instanceof X509Certificate) {
                        if (a2.f1542b && a5 != null && a5.a()) {
                            throw new AnnotatedException("CA Cert CRL only contains user certificates.");
                        }
                        if (a2.c && (a5 == null || !a5.a())) {
                            throw new AnnotatedException("End CRL only contains CA certificates.");
                        }
                    }
                    if (a2.f) {
                        throw new AnnotatedException("onlyContainsAttributeCerts boolean is asserted.");
                    }
                } catch (Exception e4) {
                    throw new AnnotatedException("Basic constraints extension could not be decoded.", e4);
                }
            }
        } catch (Exception e5) {
            throw new AnnotatedException("Issuing distribution point extension could not be decoded.", e5);
        }
    }

    /* JADX WARN: Code restructure failed: missing block: B:54:0x011c, code lost:
    
        throw r8;
     */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    private static void a(org.spongycastle.asn1.x509.DistributionPoint r12, org.spongycastle.jcajce.PKIXExtendedParameters r13, java.security.cert.X509Certificate r14, java.util.Date r15, java.security.cert.X509Certificate r16, java.security.PublicKey r17, org.spongycastle.jce.provider.CertStatus r18, org.spongycastle.jce.provider.ReasonsMask r19, java.util.List r20, org.spongycastle.jcajce.util.JcaJceHelper r21) throws org.spongycastle.jce.provider.AnnotatedException {
        /*
            Method dump skipped, instructions count: 286
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: org.spongycastle.jce.provider.RFC3280CertPathUtilities.a(org.spongycastle.asn1.x509.DistributionPoint, org.spongycastle.jcajce.PKIXExtendedParameters, java.security.cert.X509Certificate, java.util.Date, java.security.cert.X509Certificate, java.security.PublicKey, org.spongycastle.jce.provider.CertStatus, org.spongycastle.jce.provider.ReasonsMask, java.util.List, org.spongycastle.jcajce.util.JcaJceHelper):void");
    }

    private static void a(PKIXExtendedParameters pKIXExtendedParameters, X509Certificate x509Certificate, Date date, X509Certificate x509Certificate2, PublicKey publicKey, List list, JcaJceHelper jcaJceHelper) throws AnnotatedException {
        AnnotatedException annotatedException;
        boolean z;
        AnnotatedException annotatedException2 = null;
        try {
            CRLDistPoint a2 = CRLDistPoint.a(CertPathValidatorUtilities.a(x509Certificate, i));
            PKIXExtendedParameters.Builder builder = new PKIXExtendedParameters.Builder(pKIXExtendedParameters);
            try {
                Iterator<PKIXCRLStore> it = CertPathValidatorUtilities.a(a2, pKIXExtendedParameters.f).iterator();
                while (it.hasNext()) {
                    builder.a(it.next());
                }
                CertStatus certStatus = new CertStatus();
                ReasonsMask reasonsMask = new ReasonsMask();
                PKIXExtendedParameters a3 = builder.a();
                boolean z2 = false;
                if (a2 != null) {
                    try {
                        DistributionPoint[] a4 = a2.a();
                        int i2 = 0;
                        while (i2 < a4.length && certStatus.f2729a == 11 && !reasonsMask.a()) {
                            try {
                                a(a4[i2], a3, x509Certificate, date, x509Certificate2, publicKey, certStatus, reasonsMask, list, jcaJceHelper);
                                z = true;
                                annotatedException = annotatedException2;
                            } catch (AnnotatedException e2) {
                                annotatedException = e2;
                                z = z2;
                            }
                            i2++;
                            z2 = z;
                            annotatedException2 = annotatedException;
                        }
                    } catch (Exception e3) {
                        throw new AnnotatedException("Distribution points could not be read.", e3);
                    }
                }
                if (certStatus.f2729a == 11) {
                    try {
                        if (!reasonsMask.a()) {
                            try {
                                a(new DistributionPoint(new DistributionPointName(new GeneralNames(new GeneralName(4, new ASN1InputStream(PrincipalUtils.a((Object) x509Certificate).g()).a())))), (PKIXExtendedParameters) pKIXExtendedParameters.clone(), x509Certificate, date, x509Certificate2, publicKey, certStatus, reasonsMask, list, jcaJceHelper);
                                z2 = true;
                            } catch (Exception e4) {
                                throw new AnnotatedException("Issuer from certificate for CRL could not be reencoded.", e4);
                            }
                        }
                    } catch (AnnotatedException e5) {
                        annotatedException2 = e5;
                    }
                }
                if (!z2) {
                    if (!(annotatedException2 instanceof AnnotatedException)) {
                        throw new AnnotatedException("No valid CRL found.", annotatedException2);
                    }
                    throw annotatedException2;
                }
                if (certStatus.f2729a != 11) {
                    SimpleDateFormat simpleDateFormat = new SimpleDateFormat("yyyy-MM-dd HH:mm:ss Z");
                    simpleDateFormat.setTimeZone(TimeZone.getTimeZone("UTC"));
                    throw new AnnotatedException(("Certificate revocation after " + simpleDateFormat.format(certStatus.f2730b)) + ", reason: " + o[certStatus.f2729a]);
                }
                if (!reasonsMask.a() && certStatus.f2729a == 11) {
                    certStatus.f2729a = 12;
                }
                if (certStatus.f2729a == 12) {
                    throw new AnnotatedException("Certificate status could not be determined.");
                }
            } catch (AnnotatedException e6) {
                throw new AnnotatedException("No additional CRL locations could be decoded from CRL distribution point extension.", e6);
            }
        } catch (Exception e7) {
            throw new AnnotatedException("CRL distribution point extension could not be read.", e7);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static int b(CertPath certPath, int i2, int i3) throws CertPathValidatorException {
        try {
            ASN1Sequence a2 = DERSequence.a((Object) CertPathValidatorUtilities.a((X509Certificate) certPath.getCertificates().get(i2), g));
            if (a2 == null) {
                return i3;
            }
            Enumeration c2 = a2.c();
            while (c2.hasMoreElements()) {
                try {
                    ASN1TaggedObject a3 = ASN1TaggedObject.a(c2.nextElement());
                    if (a3.f921a == 1) {
                        int intValue = ASN1Integer.a(a3, false).b().intValue();
                        return intValue < i3 ? intValue : i3;
                    }
                } catch (IllegalArgumentException e2) {
                    throw new ExtCertPathValidatorException("Policy constraints extension contents cannot be decoded.", e2, certPath, i2);
                }
            }
            return i3;
        } catch (Exception e3) {
            throw new ExtCertPathValidatorException("Policy constraints extension cannot be decoded.", e3, certPath, i2);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static void b(CertPath certPath, int i2) throws CertPathValidatorException {
        try {
            BasicConstraints a2 = BasicConstraints.a(CertPathValidatorUtilities.a((X509Certificate) certPath.getCertificates().get(i2), h));
            if (a2 == null) {
                throw new CertPathValidatorException("Intermediate certificate lacks BasicConstraints");
            }
            if (!a2.a()) {
                throw new CertPathValidatorException("Not a CA certificate");
            }
        } catch (Exception e2) {
            throw new ExtCertPathValidatorException("Basic constraints extension cannot be decoded.", e2, certPath, i2);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static void b(CertPath certPath, int i2, PKIXNameConstraintValidator pKIXNameConstraintValidator) throws CertPathValidatorException {
        try {
            ASN1Sequence a2 = DERSequence.a((Object) CertPathValidatorUtilities.a((X509Certificate) certPath.getCertificates().get(i2), k));
            NameConstraints a3 = a2 != null ? NameConstraints.a((Object) a2) : null;
            if (a3 != null) {
                GeneralSubtree[] generalSubtreeArr = a3.f1546a;
                if (generalSubtreeArr != null) {
                    try {
                        HashMap hashMap = new HashMap();
                        for (int i3 = 0; i3 != generalSubtreeArr.length; i3++) {
                            GeneralSubtree generalSubtree = generalSubtreeArr[i3];
                            Integer a4 = Integers.a(generalSubtree.f1534a.f1530b);
                            if (hashMap.get(a4) == null) {
                                hashMap.put(a4, new HashSet());
                            }
                            ((Set) hashMap.get(a4)).add(generalSubtree);
                        }
                        for (Map.Entry entry : hashMap.entrySet()) {
                            switch (((Integer) entry.getKey()).intValue()) {
                                case 1:
                                    pKIXNameConstraintValidator.c = PKIXNameConstraintValidator.b(pKIXNameConstraintValidator.c, (Set) entry.getValue());
                                    break;
                                case 2:
                                    pKIXNameConstraintValidator.f2763b = PKIXNameConstraintValidator.d(pKIXNameConstraintValidator.f2763b, (Set) entry.getValue());
                                    break;
                                case 4:
                                    pKIXNameConstraintValidator.f2762a = PKIXNameConstraintValidator.a(pKIXNameConstraintValidator.f2762a, (Set) entry.getValue());
                                    break;
                                case 6:
                                    pKIXNameConstraintValidator.d = PKIXNameConstraintValidator.e(pKIXNameConstraintValidator.d, (Set) entry.getValue());
                                    break;
                                case 7:
                                    pKIXNameConstraintValidator.e = PKIXNameConstraintValidator.c(pKIXNameConstraintValidator.e, (Set) entry.getValue());
                                    break;
                            }
                        }
                    } catch (Exception e2) {
                        throw new ExtCertPathValidatorException("Permitted subtrees cannot be build from name constraints extension.", e2, certPath, i2);
                    }
                }
                GeneralSubtree[] generalSubtreeArr2 = a3.f1547b;
                if (generalSubtreeArr2 != null) {
                    for (int i4 = 0; i4 != generalSubtreeArr2.length; i4++) {
                        try {
                            pKIXNameConstraintValidator.a(generalSubtreeArr2[i4]);
                        } catch (Exception e3) {
                            throw new ExtCertPathValidatorException("Excluded subtrees cannot be build from name constraints extension.", e3, certPath, i2);
                        }
                    }
                }
            }
        } catch (Exception e4) {
            throw new ExtCertPathValidatorException("Name constraints extension could not be decoded.", e4, certPath, i2);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static void b(DistributionPoint distributionPoint, Object obj, X509CRL x509crl) throws AnnotatedException {
        boolean z = false;
        ASN1Primitive a2 = CertPathValidatorUtilities.a(x509crl, d);
        boolean z2 = a2 != null && IssuingDistributionPoint.a(a2).e;
        try {
            byte[] g2 = PrincipalUtils.a(x509crl).g();
            if (distributionPoint.c != null) {
                GeneralName[] a3 = distributionPoint.c.a();
                for (int i2 = 0; i2 < a3.length; i2++) {
                    if (a3[i2].f1530b == 4) {
                        try {
                            if (Arrays.a(a3[i2].f1529a.f().g(), g2)) {
                                z = true;
                            }
                        } catch (IOException e2) {
                            throw new AnnotatedException("CRL issuer information from distribution point cannot be decoded.", e2);
                        }
                    }
                }
                if (z && !z2) {
                    throw new AnnotatedException("Distribution point contains cRLIssuer field but CRL is not indirect.");
                }
                if (!z) {
                    throw new AnnotatedException("CRL issuer of CRL does not match CRL issuer of distribution point.");
                }
            } else if (PrincipalUtils.a(x509crl).equals(PrincipalUtils.a(obj))) {
                z = true;
            }
            if (!z) {
                throw new AnnotatedException("Cannot find matching CRL issuer for certificate.");
            }
        } catch (IOException e3) {
            throw new AnnotatedException("Exception encoding CRL issuer: " + e3.getMessage(), e3);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static int c(CertPath certPath, int i2, int i3) throws CertPathValidatorException {
        int intValue;
        try {
            ASN1Integer a2 = ASN1Integer.a((Object) CertPathValidatorUtilities.a((X509Certificate) certPath.getCertificates().get(i2), c));
            return (a2 == null || (intValue = a2.b().intValue()) >= i3) ? i3 : intValue;
        } catch (Exception e2) {
            throw new ExtCertPathValidatorException("Inhibit any-policy extension cannot be decoded.", e2, certPath, i2);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static void c(CertPath certPath, int i2) throws CertPathValidatorException {
        boolean[] keyUsage = ((X509Certificate) certPath.getCertificates().get(i2)).getKeyUsage();
        if (keyUsage != null && !keyUsage[5]) {
            throw new ExtCertPathValidatorException("Issuer certificate keyusage extension is critical and does not permit key signing.", null, certPath, i2);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static int d(CertPath certPath, int i2, int i3) throws CertPathValidatorException {
        if (CertPathValidatorUtilities.a((X509Certificate) certPath.getCertificates().get(i2))) {
            return i3;
        }
        if (i3 <= 0) {
            throw new ExtCertPathValidatorException("Max path length not greater than zero", null, certPath, i2);
        }
        return i3 - 1;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static int e(CertPath certPath, int i2, int i3) throws CertPathValidatorException {
        BigInteger b2;
        int intValue;
        try {
            BasicConstraints a2 = BasicConstraints.a(CertPathValidatorUtilities.a((X509Certificate) certPath.getCertificates().get(i2), h));
            return (a2 == null || (b2 = a2.b()) == null || (intValue = b2.intValue()) >= i3) ? i3 : intValue;
        } catch (Exception e2) {
            throw new ExtCertPathValidatorException("Basic constraints extension cannot be decoded.", e2, certPath, i2);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static int f(CertPath certPath, int i2, int i3) {
        return (CertPathValidatorUtilities.a((X509Certificate) certPath.getCertificates().get(i2)) || i3 == 0) ? i3 : i3 - 1;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static int g(CertPath certPath, int i2, int i3) {
        return (CertPathValidatorUtilities.a((X509Certificate) certPath.getCertificates().get(i2)) || i3 == 0) ? i3 : i3 - 1;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static int h(CertPath certPath, int i2, int i3) {
        return (CertPathValidatorUtilities.a((X509Certificate) certPath.getCertificates().get(i2)) || i3 == 0) ? i3 : i3 - 1;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static int i(CertPath certPath, int i2, int i3) throws CertPathValidatorException {
        try {
            ASN1Sequence a2 = DERSequence.a((Object) CertPathValidatorUtilities.a((X509Certificate) certPath.getCertificates().get(i2), g));
            if (a2 == null) {
                return i3;
            }
            Enumeration c2 = a2.c();
            while (c2.hasMoreElements()) {
                ASN1TaggedObject aSN1TaggedObject = (ASN1TaggedObject) c2.nextElement();
                switch (aSN1TaggedObject.f921a) {
                    case 0:
                        try {
                            if (ASN1Integer.a(aSN1TaggedObject, false).b().intValue() != 0) {
                                break;
                            } else {
                                return 0;
                            }
                        } catch (Exception e2) {
                            throw new ExtCertPathValidatorException("Policy constraints requireExplicitPolicy field could not be decoded.", e2, certPath, i2);
                        }
                }
            }
            return i3;
        } catch (AnnotatedException e3) {
            throw new ExtCertPathValidatorException("Policy constraints could not be decoded.", e3, certPath, i2);
        }
    }
}
