package org.spongycastle.x509;

import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.math.BigInteger;
import java.net.HttpURLConnection;
import java.net.InetAddress;
import java.net.URL;
import java.security.PublicKey;
import java.security.cert.CertPath;
import java.security.cert.CertPathValidatorException;
import java.security.cert.CertificateFactory;
import java.security.cert.PKIXCertPathChecker;
import java.security.cert.PKIXParameters;
import java.security.cert.PolicyNode;
import java.security.cert.TrustAnchor;
import java.security.cert.X509CRL;
import java.security.cert.X509CRLEntry;
import java.security.cert.X509CertSelector;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Date;
import java.util.Iterator;
import java.util.List;
import java.util.Set;
import java.util.Vector;
import javax.security.auth.x500.X500Principal;
import org.spongycastle.a.bc;
import org.spongycastle.a.bf;
import org.spongycastle.a.h;
import org.spongycastle.a.k;
import org.spongycastle.a.l;
import org.spongycastle.a.o;
import org.spongycastle.a.q;
import org.spongycastle.a.v;
import org.spongycastle.a.w;
import org.spongycastle.a.y.a.d;
import org.spongycastle.a.y.ab;
import org.spongycastle.a.y.ad;
import org.spongycastle.a.y.i;
import org.spongycastle.a.y.j;
import org.spongycastle.a.y.s;
import org.spongycastle.a.y.t;
import org.spongycastle.a.y.u;
import org.spongycastle.a.y.x;
import org.spongycastle.a.y.y;
import org.spongycastle.c.a;
import org.spongycastle.c.a.b;
import org.spongycastle.c.a.c;
import org.spongycastle.jce.provider.AnnotatedException;
import org.spongycastle.jce.provider.BouncyCastleProvider;
import org.spongycastle.jce.provider.PKIXNameConstraintValidator;
import org.spongycastle.jce.provider.PKIXNameConstraintValidatorException;

/* loaded from: classes.dex */
public class PKIXCertPathReviewer extends CertPathValidatorUtilities {
    private static final String RESOURCE_NAME = "org.spongycastle.x509.CertPathReviewerMessages";
    protected CertPath certPath;
    protected List certs;
    protected List[] errors;
    private boolean initialized;
    protected int n;
    protected List[] notifications;
    protected PKIXParameters pkixParams;
    protected PolicyNode policyTree;
    protected PublicKey subjectPublicKey;
    protected TrustAnchor trustAnchor;
    protected Date validDate;
    private static final String QC_STATEMENT = u.B.b();
    private static final String CRL_DIST_POINTS = u.p.b();
    private static final String AUTH_INFO_ACCESS = u.x.b();

    public PKIXCertPathReviewer() {
    }

    public PKIXCertPathReviewer(CertPath certPath, PKIXParameters pKIXParameters) {
        init(certPath, pKIXParameters);
    }

    private String IPtoString(byte[] bArr) {
        try {
            return InetAddress.getByAddress(bArr).getHostAddress();
        } catch (Exception e) {
            StringBuffer stringBuffer = new StringBuffer();
            for (int i = 0; i != bArr.length; i++) {
                stringBuffer.append(Integer.toHexString(bArr[i] & 255));
                stringBuffer.append(' ');
            }
            return stringBuffer.toString();
        }
    }

    private void checkCriticalExtensions() {
        List<PKIXCertPathChecker> certPathCheckers = this.pkixParams.getCertPathCheckers();
        Iterator<PKIXCertPathChecker> it = certPathCheckers.iterator();
        while (it.hasNext()) {
            try {
                try {
                    it.next().init(false);
                } catch (CertPathValidatorException e) {
                    throw new CertPathReviewerException(new a(RESOURCE_NAME, "CertPathReviewer.certPathCheckerError", new Object[]{e.getMessage(), e, e.getClass().getName()}), e);
                }
            } catch (CertPathReviewerException e2) {
                addError(e2.getErrorMessage(), e2.getIndex());
                return;
            }
        }
        for (int size = this.certs.size() - 1; size >= 0; size--) {
            X509Certificate x509Certificate = (X509Certificate) this.certs.get(size);
            Set<String> criticalExtensionOIDs = x509Certificate.getCriticalExtensionOIDs();
            if (criticalExtensionOIDs != null && !criticalExtensionOIDs.isEmpty()) {
                criticalExtensionOIDs.remove(KEY_USAGE);
                criticalExtensionOIDs.remove(CERTIFICATE_POLICIES);
                criticalExtensionOIDs.remove(POLICY_MAPPINGS);
                criticalExtensionOIDs.remove(INHIBIT_ANY_POLICY);
                criticalExtensionOIDs.remove(ISSUING_DISTRIBUTION_POINT);
                criticalExtensionOIDs.remove(DELTA_CRL_INDICATOR);
                criticalExtensionOIDs.remove(POLICY_CONSTRAINTS);
                criticalExtensionOIDs.remove(BASIC_CONSTRAINTS);
                criticalExtensionOIDs.remove(SUBJECT_ALTERNATIVE_NAME);
                criticalExtensionOIDs.remove(NAME_CONSTRAINTS);
                if (criticalExtensionOIDs.contains(QC_STATEMENT) && processQcStatements(x509Certificate, size)) {
                    criticalExtensionOIDs.remove(QC_STATEMENT);
                }
                Iterator<PKIXCertPathChecker> it2 = certPathCheckers.iterator();
                while (it2.hasNext()) {
                    try {
                        it2.next().check(x509Certificate, criticalExtensionOIDs);
                    } catch (CertPathValidatorException e3) {
                        throw new CertPathReviewerException(new a(RESOURCE_NAME, "CertPathReviewer.criticalExtensionError", new Object[]{e3.getMessage(), e3, e3.getClass().getName()}), e3.getCause(), this.certPath, size);
                    }
                }
                if (!criticalExtensionOIDs.isEmpty()) {
                    Iterator<String> it3 = criticalExtensionOIDs.iterator();
                    while (it3.hasNext()) {
                        addError(new a(RESOURCE_NAME, "CertPathReviewer.unknownCriticalExt", new Object[]{new o(it3.next())}), size);
                    }
                }
            }
        }
    }

    private void checkNameConstraints() {
        PKIXNameConstraintValidator pKIXNameConstraintValidator = new PKIXNameConstraintValidator();
        try {
            for (int size = this.certs.size() - 1; size > 0; size--) {
                X509Certificate x509Certificate = (X509Certificate) this.certs.get(size);
                if (!isSelfIssued(x509Certificate)) {
                    X500Principal subjectPrincipal = getSubjectPrincipal(x509Certificate);
                    try {
                        w wVar = (w) new k(new ByteArrayInputStream(subjectPrincipal.getEncoded())).b();
                        try {
                            pKIXNameConstraintValidator.checkPermittedDN(wVar);
                            try {
                                pKIXNameConstraintValidator.checkExcludedDN(wVar);
                                try {
                                    w wVar2 = (w) getExtensionValue(x509Certificate, SUBJECT_ALTERNATIVE_NAME);
                                    if (wVar2 != null) {
                                        for (int i = 0; i < wVar2.d(); i++) {
                                            org.spongycastle.a.y.w a2 = org.spongycastle.a.y.w.a(wVar2.a(i));
                                            try {
                                                pKIXNameConstraintValidator.checkPermitted(a2);
                                                pKIXNameConstraintValidator.checkExcluded(a2);
                                            } catch (PKIXNameConstraintValidatorException e) {
                                                throw new CertPathReviewerException(new a(RESOURCE_NAME, "CertPathReviewer.notPermittedEmail", new Object[]{new c(a2)}), e, this.certPath, size);
                                            }
                                        }
                                    }
                                } catch (AnnotatedException e2) {
                                    throw new CertPathReviewerException(new a(RESOURCE_NAME, "CertPathReviewer.subjAltNameExtError"), e2, this.certPath, size);
                                }
                            } catch (PKIXNameConstraintValidatorException e3) {
                                throw new CertPathReviewerException(new a(RESOURCE_NAME, "CertPathReviewer.excludedDN", new Object[]{new c(subjectPrincipal.getName())}), e3, this.certPath, size);
                            }
                        } catch (PKIXNameConstraintValidatorException e4) {
                            throw new CertPathReviewerException(new a(RESOURCE_NAME, "CertPathReviewer.notPermittedDN", new Object[]{new c(subjectPrincipal.getName())}), e4, this.certPath, size);
                        }
                    } catch (IOException e5) {
                        throw new CertPathReviewerException(new a(RESOURCE_NAME, "CertPathReviewer.ncSubjectNameError", new Object[]{new c(subjectPrincipal)}), e5, this.certPath, size);
                    }
                }
                try {
                    w wVar3 = (w) getExtensionValue(x509Certificate, NAME_CONSTRAINTS);
                    if (wVar3 != null) {
                        ad a3 = ad.a((Object) wVar3);
                        y[] a4 = a3.a();
                        if (a4 != null) {
                            pKIXNameConstraintValidator.intersectPermittedSubtree(a4);
                        }
                        y[] b2 = a3.b();
                        if (b2 != null) {
                            for (int i2 = 0; i2 != b2.length; i2++) {
                                pKIXNameConstraintValidator.addExcludedSubtree(b2[i2]);
                            }
                        }
                    }
                } catch (AnnotatedException e6) {
                    throw new CertPathReviewerException(new a(RESOURCE_NAME, "CertPathReviewer.ncExtError"), e6, this.certPath, size);
                }
            }
        } catch (CertPathReviewerException e7) {
            addError(e7.getErrorMessage(), e7.getIndex());
        }
    }

    private void checkPathLength() {
        int i;
        int i2;
        j jVar;
        int i3;
        BigInteger b2;
        int i4 = this.n;
        int size = this.certs.size() - 1;
        int i5 = 0;
        while (size > 0) {
            X509Certificate x509Certificate = (X509Certificate) this.certs.get(size);
            if (isSelfIssued(x509Certificate)) {
                int i6 = i5;
                i = i4;
                i2 = i6;
            } else {
                if (i4 <= 0) {
                    addError(new a(RESOURCE_NAME, "CertPathReviewer.pathLengthExtended"));
                }
                int i7 = i5 + 1;
                i = i4 - 1;
                i2 = i7;
            }
            try {
                jVar = j.a(getExtensionValue(x509Certificate, BASIC_CONSTRAINTS));
            } catch (AnnotatedException e) {
                addError(new a(RESOURCE_NAME, "CertPathReviewer.processLengthConstError"), size);
                jVar = null;
            }
            if (jVar == null || (b2 = jVar.b()) == null || (i3 = b2.intValue()) >= i) {
                i3 = i;
            }
            size--;
            i5 = i2;
            i4 = i3;
        }
        addNotification(new a(RESOURCE_NAME, "CertPathReviewer.totalPathLength", new Object[]{Integer.valueOf(i5)}));
    }

    /* JADX WARN: Code restructure failed: missing block: B:186:0x041b, code lost:
    
        if (r2 < r3) goto L177;
     */
    /* JADX WARN: Failed to find 'out' block for switch in B:172:0x03f7. Please report as an issue. */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    private void checkPolicy() {
        /*
            Method dump skipped, instructions count: 1688
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: org.spongycastle.x509.PKIXCertPathReviewer.checkPolicy():void");
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Removed duplicated region for block: B:141:0x049a  */
    /* JADX WARN: Removed duplicated region for block: B:22:0x00a9  */
    /* JADX WARN: Removed duplicated region for block: B:33:0x00c5  */
    /* JADX WARN: Removed duplicated region for block: B:9:0x0080  */
    /* JADX WARN: Type inference failed for: r3v18, types: [java.lang.String] */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    private void checkSignatures() {
        /*
            Method dump skipped, instructions count: 1181
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: org.spongycastle.x509.PKIXCertPathReviewer.checkSignatures():void");
    }

    private X509CRL getCRL(String str) {
        try {
            URL url = new URL(str);
            if (!url.getProtocol().equals("http") && !url.getProtocol().equals("https")) {
                return null;
            }
            HttpURLConnection httpURLConnection = (HttpURLConnection) url.openConnection();
            httpURLConnection.setUseCaches(false);
            httpURLConnection.setDoInput(true);
            httpURLConnection.connect();
            if (httpURLConnection.getResponseCode() == 200) {
                return (X509CRL) CertificateFactory.getInstance("X.509", BouncyCastleProvider.PROVIDER_NAME).generateCRL(httpURLConnection.getInputStream());
            }
            throw new Exception(httpURLConnection.getResponseMessage());
        } catch (Exception e) {
            throw new CertPathReviewerException(new a(RESOURCE_NAME, "CertPathReviewer.loadCrlDistPointError", new Object[]{new c(str), e.getMessage(), e, e.getClass().getName()}));
        }
    }

    private boolean processQcStatements(X509Certificate x509Certificate, int i) {
        try {
            w wVar = (w) getExtensionValue(x509Certificate, QC_STATEMENT);
            boolean z = false;
            for (int i2 = 0; i2 < wVar.d(); i2++) {
                d a2 = d.a(wVar.a(i2));
                if (d.f3870a.equals(a2.a())) {
                    addNotification(new a(RESOURCE_NAME, "CertPathReviewer.QcEuCompliance"), i);
                } else if (!d.B_.equals(a2.a())) {
                    if (d.d.equals(a2.a())) {
                        addNotification(new a(RESOURCE_NAME, "CertPathReviewer.QcSSCD"), i);
                    } else if (d.f3871b.equals(a2.a())) {
                        org.spongycastle.a.y.a.c a3 = org.spongycastle.a.y.a.c.a(a2.b());
                        double doubleValue = a3.b().doubleValue() * Math.pow(10.0d, a3.c().doubleValue());
                        addNotification(a3.a().a() ? new a(RESOURCE_NAME, "CertPathReviewer.QcLimitValueAlpha", new Object[]{a3.a().b(), new b(new Double(doubleValue)), a3}) : new a(RESOURCE_NAME, "CertPathReviewer.QcLimitValueNum", new Object[]{Integer.valueOf(a3.a().c()), new b(new Double(doubleValue)), a3}), i);
                    } else {
                        addNotification(new a(RESOURCE_NAME, "CertPathReviewer.QcUnknownStatement", new Object[]{a2.a(), new c(a2)}), i);
                        z = true;
                    }
                }
            }
            return !z;
        } catch (AnnotatedException e) {
            addError(new a(RESOURCE_NAME, "CertPathReviewer.QcStatementExtError"), i);
            return false;
        }
    }

    protected void addError(a aVar) {
        this.errors[0].add(aVar);
    }

    protected void addError(a aVar, int i) {
        if (i < -1 || i >= this.n) {
            throw new IndexOutOfBoundsException();
        }
        this.errors[i + 1].add(aVar);
    }

    protected void addNotification(a aVar) {
        this.notifications[0].add(aVar);
    }

    protected void addNotification(a aVar, int i) {
        if (i < -1 || i >= this.n) {
            throw new IndexOutOfBoundsException();
        }
        this.notifications[i + 1].add(aVar);
    }

    protected void checkCRLs(PKIXParameters pKIXParameters, X509Certificate x509Certificate, Date date, X509Certificate x509Certificate2, PublicKey publicKey, Vector vector, int i) {
        Iterator it;
        X509CRL x509crl;
        boolean z;
        X509CRL x509crl2;
        boolean z2;
        boolean z3;
        boolean[] keyUsage;
        X509CRLStoreSelector x509CRLStoreSelector = new X509CRLStoreSelector();
        try {
            x509CRLStoreSelector.addIssuerName(getEncodedIssuerPrincipal(x509Certificate).getEncoded());
            x509CRLStoreSelector.setCertificateChecking(x509Certificate);
            try {
                Set findCRLs = CRL_UTIL.findCRLs(x509CRLStoreSelector, pKIXParameters);
                it = findCRLs.iterator();
                if (findCRLs.isEmpty()) {
                    Iterator it2 = CRL_UTIL.findCRLs(new X509CRLStoreSelector(), pKIXParameters).iterator();
                    ArrayList arrayList = new ArrayList();
                    while (it2.hasNext()) {
                        arrayList.add(((X509CRL) it2.next()).getIssuerX500Principal());
                    }
                    addNotification(new a(RESOURCE_NAME, "CertPathReviewer.noCrlInCertstore", new Object[]{new c(x509CRLStoreSelector.getIssuerNames()), new c(arrayList), Integer.valueOf(arrayList.size())}), i);
                }
            } catch (AnnotatedException e) {
                addError(new a(RESOURCE_NAME, "CertPathReviewer.crlExtractionError", new Object[]{e.getCause().getMessage(), e.getCause(), e.getCause().getClass().getName()}), i);
                it = new ArrayList().iterator();
            }
            X509CRL x509crl3 = null;
            while (it.hasNext()) {
                x509crl3 = (X509CRL) it.next();
                if (x509crl3.getNextUpdate() == null || pKIXParameters.getDate().before(x509crl3.getNextUpdate())) {
                    addNotification(new a(RESOURCE_NAME, "CertPathReviewer.localValidCRL", new Object[]{new b(x509crl3.getThisUpdate()), new b(x509crl3.getNextUpdate())}), i);
                    x509crl = x509crl3;
                    z = true;
                    break;
                }
                addNotification(new a(RESOURCE_NAME, "CertPathReviewer.localInvalidCRL", new Object[]{new b(x509crl3.getThisUpdate()), new b(x509crl3.getNextUpdate())}), i);
            }
            x509crl = x509crl3;
            z = false;
            if (!z) {
                Iterator it3 = vector.iterator();
                boolean z4 = z;
                while (true) {
                    if (!it3.hasNext()) {
                        z2 = z4;
                        x509crl2 = x509crl;
                        break;
                    }
                    try {
                        String str = (String) it3.next();
                        X509CRL crl = getCRL(str);
                        if (crl == null) {
                            continue;
                        } else if (!x509Certificate.getIssuerX500Principal().equals(crl.getIssuerX500Principal())) {
                            addNotification(new a(RESOURCE_NAME, "CertPathReviewer.onlineCRLWrongCA", new Object[]{new c(crl.getIssuerX500Principal().getName()), new c(x509Certificate.getIssuerX500Principal().getName()), new org.spongycastle.c.a.d(str)}), i);
                        } else {
                            if (crl.getNextUpdate() == null || this.pkixParams.getDate().before(crl.getNextUpdate())) {
                                z4 = true;
                                addNotification(new a(RESOURCE_NAME, "CertPathReviewer.onlineValidCRL", new Object[]{new b(crl.getThisUpdate()), new b(crl.getNextUpdate()), new org.spongycastle.c.a.d(str)}), i);
                                z2 = true;
                                x509crl2 = crl;
                                break;
                            }
                            addNotification(new a(RESOURCE_NAME, "CertPathReviewer.onlineInvalidCRL", new Object[]{new b(crl.getThisUpdate()), new b(crl.getNextUpdate()), new org.spongycastle.c.a.d(str)}), i);
                        }
                    } catch (CertPathReviewerException e2) {
                        addNotification(e2.getErrorMessage(), i);
                        z4 = z4;
                    }
                }
            } else {
                x509crl2 = x509crl;
                z2 = z;
            }
            if (x509crl2 != null) {
                if (x509Certificate2 != null && (keyUsage = x509Certificate2.getKeyUsage()) != null && (keyUsage.length < 7 || !keyUsage[6])) {
                    throw new CertPathReviewerException(new a(RESOURCE_NAME, "CertPathReviewer.noCrlSigningPermited"));
                }
                if (publicKey == null) {
                    throw new CertPathReviewerException(new a(RESOURCE_NAME, "CertPathReviewer.crlNoIssuerPublicKey"));
                }
                try {
                    x509crl2.verify(publicKey, BouncyCastleProvider.PROVIDER_NAME);
                    X509CRLEntry revokedCertificate = x509crl2.getRevokedCertificate(x509Certificate.getSerialNumber());
                    if (revokedCertificate != null) {
                        String str2 = null;
                        if (revokedCertificate.hasExtensions()) {
                            try {
                                h a2 = h.a((Object) getExtensionValue(revokedCertificate, u.i.b()));
                                if (a2 != null) {
                                    str2 = crlReasons[a2.b().intValue()];
                                }
                            } catch (AnnotatedException e3) {
                                throw new CertPathReviewerException(new a(RESOURCE_NAME, "CertPathReviewer.crlReasonExtError"), e3);
                            }
                        }
                        if (str2 == null) {
                            str2 = crlReasons[7];
                        }
                        org.spongycastle.c.b bVar = new org.spongycastle.c.b(RESOURCE_NAME, str2);
                        if (!date.before(revokedCertificate.getRevocationDate())) {
                            throw new CertPathReviewerException(new a(RESOURCE_NAME, "CertPathReviewer.certRevoked", new Object[]{new b(revokedCertificate.getRevocationDate()), bVar}));
                        }
                        addNotification(new a(RESOURCE_NAME, "CertPathReviewer.revokedAfterValidation", new Object[]{new b(revokedCertificate.getRevocationDate()), bVar}), i);
                    } else {
                        addNotification(new a(RESOURCE_NAME, "CertPathReviewer.notRevoked"), i);
                    }
                    if (x509crl2.getNextUpdate() != null && x509crl2.getNextUpdate().before(this.pkixParams.getDate())) {
                        addNotification(new a(RESOURCE_NAME, "CertPathReviewer.crlUpdateAvailable", new Object[]{new b(x509crl2.getNextUpdate())}), i);
                    }
                    try {
                        v extensionValue = getExtensionValue(x509crl2, ISSUING_DISTRIBUTION_POINT);
                        try {
                            v extensionValue2 = getExtensionValue(x509crl2, DELTA_CRL_INDICATOR);
                            if (extensionValue2 != null) {
                                X509CRLStoreSelector x509CRLStoreSelector2 = new X509CRLStoreSelector();
                                try {
                                    x509CRLStoreSelector2.addIssuerName(getIssuerPrincipal(x509crl2).getEncoded());
                                    x509CRLStoreSelector2.setMinCRLNumber(((l) extensionValue2).c());
                                    try {
                                        x509CRLStoreSelector2.setMaxCRLNumber(((l) getExtensionValue(x509crl2, CRL_NUMBER)).c().subtract(BigInteger.valueOf(1L)));
                                        try {
                                            Iterator it4 = CRL_UTIL.findCRLs(x509CRLStoreSelector2, pKIXParameters).iterator();
                                            while (true) {
                                                if (!it4.hasNext()) {
                                                    z3 = false;
                                                    break;
                                                }
                                                try {
                                                    v extensionValue3 = getExtensionValue((X509CRL) it4.next(), ISSUING_DISTRIBUTION_POINT);
                                                    if (extensionValue == null) {
                                                        if (extensionValue3 == null) {
                                                            z3 = true;
                                                            break;
                                                        }
                                                    } else if (extensionValue.equals(extensionValue3)) {
                                                        z3 = true;
                                                        break;
                                                    }
                                                } catch (AnnotatedException e4) {
                                                    throw new CertPathReviewerException(new a(RESOURCE_NAME, "CertPathReviewer.distrPtExtError"), e4);
                                                }
                                            }
                                            if (!z3) {
                                                throw new CertPathReviewerException(new a(RESOURCE_NAME, "CertPathReviewer.noBaseCRL"));
                                            }
                                        } catch (AnnotatedException e5) {
                                            throw new CertPathReviewerException(new a(RESOURCE_NAME, "CertPathReviewer.crlExtractionError"), e5);
                                        }
                                    } catch (AnnotatedException e6) {
                                        throw new CertPathReviewerException(new a(RESOURCE_NAME, "CertPathReviewer.crlNbrExtError"), e6);
                                    }
                                } catch (IOException e7) {
                                    throw new CertPathReviewerException(new a(RESOURCE_NAME, "CertPathReviewer.crlIssuerException"), e7);
                                }
                            }
                            if (extensionValue != null) {
                                ab a3 = ab.a(extensionValue);
                                try {
                                    j a4 = j.a(getExtensionValue(x509Certificate, BASIC_CONSTRAINTS));
                                    if (a3.a() && a4 != null && a4.a()) {
                                        throw new CertPathReviewerException(new a(RESOURCE_NAME, "CertPathReviewer.crlOnlyUserCert"));
                                    }
                                    if (a3.b() && (a4 == null || !a4.a())) {
                                        throw new CertPathReviewerException(new a(RESOURCE_NAME, "CertPathReviewer.crlOnlyCaCert"));
                                    }
                                    if (a3.d()) {
                                        throw new CertPathReviewerException(new a(RESOURCE_NAME, "CertPathReviewer.crlOnlyAttrCert"));
                                    }
                                } catch (AnnotatedException e8) {
                                    throw new CertPathReviewerException(new a(RESOURCE_NAME, "CertPathReviewer.crlBCExtError"), e8);
                                }
                            }
                        } catch (AnnotatedException e9) {
                            throw new CertPathReviewerException(new a(RESOURCE_NAME, "CertPathReviewer.deltaCrlExtError"));
                        }
                    } catch (AnnotatedException e10) {
                        throw new CertPathReviewerException(new a(RESOURCE_NAME, "CertPathReviewer.distrPtExtError"));
                    }
                } catch (Exception e11) {
                    throw new CertPathReviewerException(new a(RESOURCE_NAME, "CertPathReviewer.crlVerifyFailed"), e11);
                }
            }
            if (!z2) {
                throw new CertPathReviewerException(new a(RESOURCE_NAME, "CertPathReviewer.noValidCrlFound"));
            }
        } catch (IOException e12) {
            throw new CertPathReviewerException(new a(RESOURCE_NAME, "CertPathReviewer.crlIssuerException"), e12);
        }
    }

    protected void checkRevocation(PKIXParameters pKIXParameters, X509Certificate x509Certificate, Date date, X509Certificate x509Certificate2, PublicKey publicKey, Vector vector, Vector vector2, int i) {
        checkCRLs(pKIXParameters, x509Certificate, date, x509Certificate2, publicKey, vector, i);
    }

    protected void doChecks() {
        if (!this.initialized) {
            throw new IllegalStateException("Object not initialized. Call init() first.");
        }
        if (this.notifications == null) {
            this.notifications = new List[this.n + 1];
            this.errors = new List[this.n + 1];
            for (int i = 0; i < this.notifications.length; i++) {
                this.notifications[i] = new ArrayList();
                this.errors[i] = new ArrayList();
            }
            checkSignatures();
            checkNameConstraints();
            checkPathLength();
            checkPolicy();
            checkCriticalExtensions();
        }
    }

    protected Vector getCRLDistUrls(org.spongycastle.a.y.k kVar) {
        Vector vector = new Vector();
        if (kVar != null) {
            for (s sVar : kVar.a()) {
                t a2 = sVar.a();
                if (a2.a() == 0) {
                    org.spongycastle.a.y.w[] a3 = x.a(a2.b()).a();
                    for (int i = 0; i < a3.length; i++) {
                        if (a3[i].a() == 6) {
                            vector.add(((bc) a3[i].b()).b());
                        }
                    }
                }
            }
        }
        return vector;
    }

    public CertPath getCertPath() {
        return this.certPath;
    }

    public int getCertPathSize() {
        return this.n;
    }

    public List getErrors(int i) {
        doChecks();
        return this.errors[i + 1];
    }

    public List[] getErrors() {
        doChecks();
        return this.errors;
    }

    public List getNotifications(int i) {
        doChecks();
        return this.notifications[i + 1];
    }

    public List[] getNotifications() {
        doChecks();
        return this.notifications;
    }

    protected Vector getOCSPUrls(org.spongycastle.a.y.h hVar) {
        Vector vector = new Vector();
        if (hVar != null) {
            org.spongycastle.a.y.a[] a2 = hVar.a();
            int i = 0;
            while (true) {
                int i2 = i;
                if (i2 >= a2.length) {
                    break;
                }
                if (a2[i2].a().equals(org.spongycastle.a.y.a.f3869b)) {
                    org.spongycastle.a.y.w b2 = a2[i2].b();
                    if (b2.a() == 6) {
                        vector.add(((bc) b2.b()).b());
                    }
                }
                i = i2 + 1;
            }
        }
        return vector;
    }

    public PolicyNode getPolicyTree() {
        doChecks();
        return this.policyTree;
    }

    public PublicKey getSubjectPublicKey() {
        doChecks();
        return this.subjectPublicKey;
    }

    public TrustAnchor getTrustAnchor() {
        doChecks();
        return this.trustAnchor;
    }

    protected Collection getTrustAnchors(X509Certificate x509Certificate, Set set) {
        ArrayList arrayList = new ArrayList();
        Iterator it = set.iterator();
        X509CertSelector x509CertSelector = new X509CertSelector();
        try {
            x509CertSelector.setSubject(getEncodedIssuerPrincipal(x509Certificate).getEncoded());
            byte[] extensionValue = x509Certificate.getExtensionValue(u.s.b());
            if (extensionValue != null) {
                i iVar = i.getInstance(v.b(((q) v.b(extensionValue)).c()));
                x509CertSelector.setSerialNumber(iVar.getAuthorityCertSerialNumber());
                byte[] keyIdentifier = iVar.getKeyIdentifier();
                if (keyIdentifier != null) {
                    x509CertSelector.setSubjectKeyIdentifier(new bf(keyIdentifier).getEncoded());
                }
            }
            while (it.hasNext()) {
                TrustAnchor trustAnchor = (TrustAnchor) it.next();
                if (trustAnchor.getTrustedCert() != null) {
                    if (x509CertSelector.match(trustAnchor.getTrustedCert())) {
                        arrayList.add(trustAnchor);
                    }
                } else if (trustAnchor.getCAName() != null && trustAnchor.getCAPublicKey() != null && getEncodedIssuerPrincipal(x509Certificate).equals(new X500Principal(trustAnchor.getCAName()))) {
                    arrayList.add(trustAnchor);
                }
            }
            return arrayList;
        } catch (IOException e) {
            throw new CertPathReviewerException(new a(RESOURCE_NAME, "CertPathReviewer.trustAnchorIssuerError"));
        }
    }

    public void init(CertPath certPath, PKIXParameters pKIXParameters) {
        if (this.initialized) {
            throw new IllegalStateException("object is already initialized!");
        }
        this.initialized = true;
        if (certPath == null) {
            throw new NullPointerException("certPath was null");
        }
        this.certPath = certPath;
        this.certs = certPath.getCertificates();
        this.n = this.certs.size();
        if (this.certs.isEmpty()) {
            throw new CertPathReviewerException(new a(RESOURCE_NAME, "CertPathReviewer.emptyCertPath"));
        }
        this.pkixParams = (PKIXParameters) pKIXParameters.clone();
        this.validDate = getValidDate(this.pkixParams);
        this.notifications = null;
        this.errors = null;
        this.trustAnchor = null;
        this.subjectPublicKey = null;
        this.policyTree = null;
    }

    public boolean isValidCertPath() {
        doChecks();
        for (int i = 0; i < this.errors.length; i++) {
            if (!this.errors[i].isEmpty()) {
                return false;
            }
        }
        return true;
    }
}
