package org.bouncycastle.jce.provider;

import Ga.e;
import Ga.h;
import H9.i;
import H9.j;
import H9.k;
import d9.B;
import d9.C4647u;
import java.io.IOException;
import java.security.InvalidAlgorithmParameterException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.Principal;
import java.security.cert.CertPath;
import java.security.cert.CertPathBuilder;
import java.security.cert.CertPathBuilderException;
import java.security.cert.CertPathBuilderResult;
import java.security.cert.CertPathValidator;
import java.security.cert.CertPathValidatorException;
import java.security.cert.CertPathValidatorResult;
import java.security.cert.CertSelector;
import java.security.cert.CertificateExpiredException;
import java.security.cert.CertificateNotYetValidException;
import java.security.cert.TrustAnchor;
import java.security.cert.X509CertSelector;
import java.security.cert.X509Certificate;
import java.util.Date;
import java.util.Iterator;
import java.util.LinkedHashSet;
import java.util.Set;
import javax.security.auth.x500.X500Principal;
import org.bouncycastle.jce.exception.ExtCertPathValidatorException;
import w8.AbstractC6336B;
import w8.AbstractC6374s;
import w8.AbstractC6381y;

/* loaded from: classes10.dex */
class RFC3281CertPathUtilities {
    private static final String TARGET_INFORMATION = C4647u.f28411Q.f46690c;
    private static final String NO_REV_AVAIL = C4647u.P.f46690c;
    private static final String CRL_DISTRIBUTION_POINTS = C4647u.f28402E.f46690c;
    private static final String AUTHORITY_INFO_ACCESS = C4647u.f28410O.f46690c;

    public static void additionalChecks(h hVar, Set set, Set set2) throws CertPathValidatorException {
        Iterator it = set.iterator();
        while (it.hasNext()) {
            String str = (String) it.next();
            if (hVar.d(str) != null) {
                throw new CertPathValidatorException("Attribute certificate contains prohibited attribute: " + str + ".");
            }
        }
        Iterator it2 = set2.iterator();
        while (it2.hasNext()) {
            String str2 = (String) it2.next();
            if (hVar.d(str2) == null) {
                throw new CertPathValidatorException("Attribute certificate does not contain necessary attribute: " + str2 + ".");
            }
        }
    }

    /* JADX WARN: Code restructure failed: missing block: B:48:0x00ce, code lost:
    
        return;
     */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    private static void checkCRL(d9.C4645s r18, Ga.h r19, H9.k r20, java.util.Date r21, java.util.Date r22, java.security.cert.X509Certificate r23, org.bouncycastle.jce.provider.CertStatus r24, org.bouncycastle.jce.provider.ReasonsMask r25, java.util.List r26, L9.d r27) throws org.bouncycastle.jce.provider.AnnotatedException, org.bouncycastle.jce.provider.RecoverableCertPathValidatorException {
        /*
            r1 = r18
            r9 = r19
            r10 = r20
            r11 = r22
            r12 = r24
            r13 = r25
            w8.u r0 = d9.Y.f28327e
            java.lang.String r0 = r0.f46690c
            byte[] r0 = r9.getExtensionValue(r0)
            if (r0 == 0) goto L17
            return
        L17:
            long r2 = r22.getTime()
            long r4 = r21.getTime()
            int r0 = (r2 > r4 ? 1 : (r2 == r4 ? 0 : -1))
            if (r0 > 0) goto Ld0
            H9.g r0 = new H9.g
            r8 = 0
            r5 = 0
            r6 = -1
            r2 = r0
            r3 = r20
            r4 = r22
            r7 = r23
            r2.<init>(r3, r4, r5, r6, r7, r8)
            java.util.Set r0 = org.bouncycastle.jce.provider.CertPathValidatorUtilities.getCompleteCRLs(r0, r1, r9, r10, r11)
            java.util.Iterator r14 = r0.iterator()
            r0 = 0
            r0 = 0
            r16 = 0
        L3e:
            boolean r2 = r14.hasNext()
            if (r2 == 0) goto Lcc
            int r2 = r24.getCertStatus()
            r8 = 11
            if (r2 != r8) goto Lcc
            boolean r2 = r25.isAllReasons()
            if (r2 != 0) goto Lcc
            java.lang.Object r2 = r14.next()     // Catch: org.bouncycastle.jce.provider.AnnotatedException -> Lc8
            r7 = r2
            java.security.cert.X509CRL r7 = (java.security.cert.X509CRL) r7     // Catch: org.bouncycastle.jce.provider.AnnotatedException -> Lc8
            org.bouncycastle.jce.provider.ReasonsMask r6 = org.bouncycastle.jce.provider.RFC3280CertPathUtilities.processCRLD(r7, r1)     // Catch: org.bouncycastle.jce.provider.AnnotatedException -> Lc8
            boolean r2 = r6.hasNewReasons(r13)     // Catch: org.bouncycastle.jce.provider.AnnotatedException -> Lc8
            if (r2 != 0) goto L64
            goto L3e
        L64:
            r4 = 0
            r5 = 0
            r2 = r7
            r3 = r19
            r17 = r6
            r6 = r20
            r15 = r7
            r7 = r26
            r23 = r14
            r14 = 11
            r8 = r27
            java.util.Set r2 = org.bouncycastle.jce.provider.RFC3280CertPathUtilities.processCRLF(r2, r3, r4, r5, r6, r7, r8)     // Catch: org.bouncycastle.jce.provider.AnnotatedException -> Lbc
            org.bouncycastle.jce.provider.RFC3280CertPathUtilities.processCRLG(r15, r2)     // Catch: org.bouncycastle.jce.provider.AnnotatedException -> Lbc
            r20.getClass()     // Catch: org.bouncycastle.jce.provider.AnnotatedException -> Lbc
            java.util.Date r2 = r19.getNotAfter()     // Catch: org.bouncycastle.jce.provider.AnnotatedException -> Lbc
            long r2 = r2.getTime()     // Catch: org.bouncycastle.jce.provider.AnnotatedException -> Lbc
            java.util.Date r4 = r15.getThisUpdate()     // Catch: org.bouncycastle.jce.provider.AnnotatedException -> Lbc
            long r4 = r4.getTime()     // Catch: org.bouncycastle.jce.provider.AnnotatedException -> Lbc
            int r6 = (r2 > r4 ? 1 : (r2 == r4 ? 0 : -1))
            if (r6 < 0) goto Lbf
            org.bouncycastle.jce.provider.RFC3280CertPathUtilities.processCRLB1(r1, r9, r15)     // Catch: org.bouncycastle.jce.provider.AnnotatedException -> Lbc
            org.bouncycastle.jce.provider.RFC3280CertPathUtilities.processCRLB2(r1, r9, r15)     // Catch: org.bouncycastle.jce.provider.AnnotatedException -> Lbc
            r2 = 0
            org.bouncycastle.jce.provider.RFC3280CertPathUtilities.processCRLC(r2, r15, r10)     // Catch: org.bouncycastle.jce.provider.AnnotatedException -> Lb2
            org.bouncycastle.jce.provider.RFC3280CertPathUtilities.processCRLI(r11, r2, r9, r12, r10)     // Catch: org.bouncycastle.jce.provider.AnnotatedException -> Lb2
            org.bouncycastle.jce.provider.RFC3280CertPathUtilities.processCRLJ(r11, r15, r9, r12)     // Catch: org.bouncycastle.jce.provider.AnnotatedException -> Lb2
            int r3 = r24.getCertStatus()     // Catch: org.bouncycastle.jce.provider.AnnotatedException -> Lb2
            r4 = 8
            if (r3 != r4) goto Laf
            r12.setCertStatus(r14)     // Catch: org.bouncycastle.jce.provider.AnnotatedException -> Lb2
        Laf:
            r3 = r17
            goto Lb4
        Lb2:
            r0 = move-exception
            goto Lb9
        Lb4:
            r13.addReasons(r3)     // Catch: org.bouncycastle.jce.provider.AnnotatedException -> Lb2
            r16 = 1
        Lb9:
            r14 = r23
            goto L3e
        Lbc:
            r0 = move-exception
        Lbd:
            r2 = 0
            goto Lb9
        Lbf:
            r2 = 0
            org.bouncycastle.jce.provider.AnnotatedException r0 = new org.bouncycastle.jce.provider.AnnotatedException     // Catch: org.bouncycastle.jce.provider.AnnotatedException -> Lb2
            java.lang.String r3 = "No valid CRL for current time found."
            r0.<init>(r3)     // Catch: org.bouncycastle.jce.provider.AnnotatedException -> Lb2
            throw r0     // Catch: org.bouncycastle.jce.provider.AnnotatedException -> Lb2
        Lc8:
            r0 = move-exception
            r23 = r14
            goto Lbd
        Lcc:
            if (r16 == 0) goto Lcf
            return
        Lcf:
            throw r0
        Ld0:
            org.bouncycastle.jce.provider.AnnotatedException r0 = new org.bouncycastle.jce.provider.AnnotatedException
            java.lang.String r1 = "Validation time is in future."
            r0.<init>(r1)
            throw r0
        */
        throw new UnsupportedOperationException("Method not decompiled: org.bouncycastle.jce.provider.RFC3281CertPathUtilities.checkCRL(d9.s, Ga.h, H9.k, java.util.Date, java.util.Date, java.security.cert.X509Certificate, org.bouncycastle.jce.provider.CertStatus, org.bouncycastle.jce.provider.ReasonsMask, java.util.List, L9.d):void");
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Removed duplicated region for block: B:28:0x00bd  */
    /* JADX WARN: Removed duplicated region for block: B:35:0x010b  */
    /* JADX WARN: Removed duplicated region for block: B:49:0x0167  */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public static void checkCRLs(Ga.h r21, H9.k r22, java.util.Date r23, java.util.Date r24, java.security.cert.X509Certificate r25, java.util.List r26, L9.d r27) throws java.security.cert.CertPathValidatorException {
        /*
            Method dump skipped, instructions count: 411
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: org.bouncycastle.jce.provider.RFC3281CertPathUtilities.checkCRLs(Ga.h, H9.k, java.util.Date, java.util.Date, java.security.cert.X509Certificate, java.util.List, L9.d):void");
    }

    public static CertPath processAttrCert1(h hVar, k kVar) throws CertPathValidatorException {
        LinkedHashSet linkedHashSet = new LinkedHashSet();
        B b10 = hVar.c().f1391c.f28245c;
        ExtCertPathValidatorException extCertPathValidatorException = null;
        if ((b10 != null ? Ga.a.b(b10.f28249c) : null) != null) {
            X509CertSelector x509CertSelector = new X509CertSelector();
            B b11 = hVar.c().f1391c.f28245c;
            x509CertSelector.setSerialNumber(b11 != null ? b11.f28250d.C() : null);
            B b12 = hVar.c().f1391c.f28245c;
            for (Principal principal : b12 != null ? Ga.a.b(b12.f28249c) : null) {
                try {
                    if (principal instanceof X500Principal) {
                        x509CertSelector.setIssuer(((X500Principal) principal).getEncoded());
                    }
                    CertPathValidatorUtilities.findCertificates(linkedHashSet, new i((CertSelector) x509CertSelector.clone()), kVar.f1576c.getCertStores());
                } catch (IOException e5) {
                    throw new ExtCertPathValidatorException("Unable to encode X500 principal.", e5);
                } catch (AnnotatedException e7) {
                    throw new ExtCertPathValidatorException("Public key certificate for attribute certificate cannot be searched.", e7);
                }
            }
            if (linkedHashSet.isEmpty()) {
                throw new CertPathValidatorException("Public key certificate specified in base certificate ID for attribute certificate cannot be found.");
            }
        }
        if (hVar.c().a() != null) {
            Ga.k kVar2 = new Ga.k();
            for (Principal principal2 : hVar.c().a()) {
                try {
                    if (principal2 instanceof X500Principal) {
                        kVar2.setIssuer(((X500Principal) principal2).getEncoded());
                    }
                    CertPathValidatorUtilities.findCertificates(linkedHashSet, new i((CertSelector) kVar2.clone()), kVar.f1576c.getCertStores());
                } catch (IOException e10) {
                    throw new ExtCertPathValidatorException("Unable to encode X500 principal.", e10);
                } catch (AnnotatedException e11) {
                    throw new ExtCertPathValidatorException("Public key certificate for attribute certificate cannot be searched.", e11);
                }
            }
            if (linkedHashSet.isEmpty()) {
                throw new CertPathValidatorException("Public key certificate specified in entity name for attribute certificate cannot be found.");
            }
        }
        k.a aVar = new k.a(kVar);
        Iterator it = linkedHashSet.iterator();
        CertPathBuilderResult certPathBuilderResult = null;
        while (it.hasNext()) {
            Ga.k kVar3 = new Ga.k();
            kVar3.setCertificate((X509Certificate) it.next());
            aVar.f1589d = new i((CertSelector) kVar3.clone());
            try {
                try {
                    certPathBuilderResult = CertPathBuilder.getInstance("PKIX", BouncyCastleProvider.PROVIDER_NAME).build(new j(new j.a(new k(aVar))));
                } catch (InvalidAlgorithmParameterException e12) {
                    throw new RuntimeException(e12.getMessage());
                } catch (CertPathBuilderException e13) {
                    extCertPathValidatorException = new ExtCertPathValidatorException("Certification path for public key certificate of attribute certificate could not be build.", e13);
                }
            } catch (NoSuchAlgorithmException e14) {
                throw new ExtCertPathValidatorException("Support class could not be created.", e14);
            } catch (NoSuchProviderException e15) {
                throw new ExtCertPathValidatorException("Support class could not be created.", e15);
            }
        }
        if (extCertPathValidatorException == null) {
            return certPathBuilderResult.getCertPath();
        }
        throw extCertPathValidatorException;
    }

    public static CertPathValidatorResult processAttrCert2(CertPath certPath, k kVar) throws CertPathValidatorException {
        try {
            try {
                return CertPathValidator.getInstance("PKIX", BouncyCastleProvider.PROVIDER_NAME).validate(certPath, kVar);
            } catch (InvalidAlgorithmParameterException e5) {
                throw new RuntimeException(e5.getMessage());
            } catch (CertPathValidatorException e7) {
                throw new ExtCertPathValidatorException("Certification path for issuer certificate of attribute certificate could not be validated.", e7);
            }
        } catch (NoSuchAlgorithmException e10) {
            throw new ExtCertPathValidatorException("Support class could not be created.", e10);
        } catch (NoSuchProviderException e11) {
            throw new ExtCertPathValidatorException("Support class could not be created.", e11);
        }
    }

    public static void processAttrCert3(X509Certificate x509Certificate, k kVar) throws CertPathValidatorException {
        boolean[] keyUsage = x509Certificate.getKeyUsage();
        if (keyUsage != null && ((keyUsage.length <= 0 || !keyUsage[0]) && (keyUsage.length <= 1 || !keyUsage[1]))) {
            throw new CertPathValidatorException("Attribute certificate issuer public key cannot be used to validate digital signatures.");
        }
        if (x509Certificate.getBasicConstraints() != -1) {
            throw new CertPathValidatorException("Attribute certificate issuer is also a public key certificate issuer.");
        }
    }

    public static void processAttrCert4(X509Certificate x509Certificate, Set set) throws CertPathValidatorException {
        Iterator it = set.iterator();
        boolean z10 = false;
        while (it.hasNext()) {
            TrustAnchor trustAnchor = (TrustAnchor) it.next();
            if (x509Certificate.getSubjectX500Principal().getName("RFC2253").equals(trustAnchor.getCAName()) || x509Certificate.equals(trustAnchor.getTrustedCert())) {
                z10 = true;
            }
        }
        if (!z10) {
            throw new CertPathValidatorException("Attribute certificate issuer is not directly trusted.");
        }
    }

    public static void processAttrCert5(h hVar, Date date) throws CertPathValidatorException {
        try {
            hVar.checkValidity(date);
        } catch (CertificateExpiredException e5) {
            throw new ExtCertPathValidatorException("Attribute certificate is not valid.", e5);
        } catch (CertificateNotYetValidException e7) {
            throw new ExtCertPathValidatorException("Attribute certificate is not valid.", e7);
        }
    }

    /* JADX WARN: Type inference failed for: r0v1, types: [w8.s, d9.T] */
    public static void processAttrCert7(h hVar, CertPath certPath, CertPath certPath2, k kVar, Set set) throws CertPathValidatorException {
        Set<String> criticalExtensionOIDs = hVar.getCriticalExtensionOIDs();
        String str = TARGET_INFORMATION;
        if (criticalExtensionOIDs.contains(str)) {
            try {
                AbstractC6381y extensionValue = CertPathValidatorUtilities.getExtensionValue(hVar, str);
                if (extensionValue != null) {
                    new AbstractC6374s().f28317c = AbstractC6336B.C(extensionValue);
                }
            } catch (IllegalArgumentException e5) {
                throw new ExtCertPathValidatorException("Target information extension could not be read.", e5);
            } catch (AnnotatedException e7) {
                throw new ExtCertPathValidatorException("Target information extension could not be read.", e7);
            }
        }
        criticalExtensionOIDs.remove(str);
        Iterator it = set.iterator();
        while (it.hasNext()) {
            ((e) it.next()).a();
        }
        if (criticalExtensionOIDs.isEmpty()) {
            return;
        }
        throw new CertPathValidatorException("Attribute certificate contains unsupported critical extensions: " + criticalExtensionOIDs);
    }
}
