package org.bouncycastle.x509;

import com.sankuai.xm.base.util.ExifInterface;
import com.sankuai.xm.imui.common.panel.plugin.IInputEditorPlugin;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.math.BigInteger;
import java.net.HttpURLConnection;
import java.net.InetAddress;
import java.net.URL;
import java.security.PublicKey;
import java.security.cert.CertPath;
import java.security.cert.CertPathValidatorException;
import java.security.cert.CertificateFactory;
import java.security.cert.PKIXCertPathChecker;
import java.security.cert.PKIXParameters;
import java.security.cert.PolicyNode;
import java.security.cert.TrustAnchor;
import java.security.cert.X509CRL;
import java.security.cert.X509CRLEntry;
import java.security.cert.X509CertSelector;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Date;
import java.util.Enumeration;
import java.util.Iterator;
import java.util.List;
import java.util.Set;
import java.util.Vector;
import javax.security.auth.x500.X500Principal;
import org.bouncycastle.asn1.aw;
import org.bouncycastle.asn1.bd;
import org.bouncycastle.asn1.be;
import org.bouncycastle.asn1.bh;
import org.bouncycastle.asn1.bi;
import org.bouncycastle.asn1.bj;
import org.bouncycastle.asn1.x509.ad;
import org.bouncycastle.asn1.x509.ag;
import org.bouncycastle.asn1.x509.bk;
import org.bouncycastle.asn1.x509.y;
import org.bouncycastle.asn1.x509.z;
import org.bouncycastle.jce.provider.AnnotatedException;
import org.bouncycastle.jce.provider.PKIXNameConstraintValidatorException;
import org.bouncycastle.jce.provider.as;
import org.bouncycastle.jce.provider.av;

/* loaded from: classes2.dex */
public final class f extends org.bouncycastle.jce.provider.d {
    private static final String D = bk.D.e();
    private static final String E = bk.r.e();
    private static final String F = bk.z.e();
    private static final String G = "org.bouncycastle.x509.CertPathReviewerMessages";
    protected TrustAnchor A;
    protected PublicKey B;
    protected PolicyNode C;
    private boolean H;
    protected CertPath t;
    protected PKIXParameters u;
    protected Date v;
    protected List w;
    protected int x;
    protected List[] y;
    protected List[] z;

    public f() {
    }

    private f(CertPath certPath, PKIXParameters pKIXParameters) throws CertPathReviewerException {
        if (this.H) {
            throw new IllegalStateException("object is already initialized!");
        }
        this.H = true;
        if (certPath == null) {
            throw new NullPointerException("certPath was null");
        }
        this.t = certPath;
        this.w = certPath.getCertificates();
        this.x = this.w.size();
        if (this.w.isEmpty()) {
            throw new CertPathReviewerException(new org.bouncycastle.i18n.a(G, "CertPathReviewer.emptyCertPath"));
        }
        this.u = (PKIXParameters) pKIXParameters.clone();
        this.v = a(this.u);
        this.y = null;
        this.z = null;
        this.A = null;
        this.B = null;
        this.C = null;
    }

    private static String a(byte[] bArr) {
        try {
            return InetAddress.getByAddress(bArr).getHostAddress();
        } catch (Exception e2) {
            StringBuffer stringBuffer = new StringBuffer();
            for (int i2 = 0; i2 != bArr.length; i2++) {
                stringBuffer.append(Integer.toHexString(bArr[i2] & ExifInterface.MARKER));
                stringBuffer.append(IInputEditorPlugin.AT_END_TOKEN);
            }
            return stringBuffer.toString();
        }
    }

    private CertPath a() {
        return this.t;
    }

    private static X509CRL a(String str) throws CertPathReviewerException {
        try {
            URL url = new URL(str);
            if (!url.getProtocol().equals("http") && !url.getProtocol().equals("https")) {
                return null;
            }
            HttpURLConnection httpURLConnection = (HttpURLConnection) com.meituan.metrics.traffic.hurl.b.a(url.openConnection());
            httpURLConnection.setUseCaches(false);
            httpURLConnection.setDoInput(true);
            httpURLConnection.connect();
            if (httpURLConnection.getResponseCode() == 200) {
                return (X509CRL) CertificateFactory.getInstance("X.509", "BC").generateCRL(httpURLConnection.getInputStream());
            }
            throw new Exception(httpURLConnection.getResponseMessage());
        } catch (Exception e2) {
            throw new CertPathReviewerException(new org.bouncycastle.i18n.a(G, "CertPathReviewer.loadCrlDistPointError", new Object[]{new org.bouncycastle.i18n.filter.e(str), e2.getMessage(), e2, e2.getClass().getName()}));
        }
    }

    private static Collection a(X509Certificate x509Certificate, Set set) throws CertPathReviewerException {
        ArrayList arrayList = new ArrayList();
        Iterator it = set.iterator();
        X509CertSelector x509CertSelector = new X509CertSelector();
        try {
            x509CertSelector.setSubject(a((Object) x509Certificate).getEncoded());
            byte[] extensionValue = x509Certificate.getExtensionValue(bk.u.e());
            if (extensionValue != null) {
                org.bouncycastle.asn1.x509.i a2 = org.bouncycastle.asn1.x509.i.a(org.bouncycastle.asn1.l.a(((org.bouncycastle.asn1.n) org.bouncycastle.asn1.l.a(extensionValue)).f()));
                x509CertSelector.setSerialNumber(a2.g());
                byte[] e2 = a2.e();
                if (e2 != null) {
                    x509CertSelector.setSubjectKeyIdentifier(new bj(e2).a());
                }
            }
            while (it.hasNext()) {
                TrustAnchor trustAnchor = (TrustAnchor) it.next();
                if (trustAnchor.getTrustedCert() != null) {
                    if (x509CertSelector.match(trustAnchor.getTrustedCert())) {
                        arrayList.add(trustAnchor);
                    }
                } else if (trustAnchor.getCAName() != null && trustAnchor.getCAPublicKey() != null && a((Object) x509Certificate).equals(new X500Principal(trustAnchor.getCAName()))) {
                    arrayList.add(trustAnchor);
                }
            }
            return arrayList;
        } catch (IOException e3) {
            throw new CertPathReviewerException(new org.bouncycastle.i18n.a(G, "CertPathReviewer.trustAnchorIssuerError"));
        }
    }

    private List a(int i2) {
        i();
        return this.z[i2 + 1];
    }

    private static Vector a(org.bouncycastle.asn1.x509.h hVar) {
        Vector vector = new Vector();
        if (hVar != null) {
            org.bouncycastle.asn1.x509.a[] e2 = hVar.e();
            int i2 = 0;
            while (true) {
                int i3 = i2;
                if (i3 >= e2.length) {
                    break;
                }
                if (e2[i3].e().equals(org.bouncycastle.asn1.x509.a.f66182d)) {
                    org.bouncycastle.asn1.x509.x f2 = e2[i3].f();
                    if (f2.e() == 6) {
                        vector.add(((bd) f2.f()).C_());
                    }
                }
                i2 = i3 + 1;
            }
        }
        return vector;
    }

    private static Vector a(org.bouncycastle.asn1.x509.k kVar) {
        Vector vector = new Vector();
        if (kVar != null) {
            for (org.bouncycastle.asn1.x509.u uVar : kVar.e()) {
                org.bouncycastle.asn1.x509.v e2 = uVar.e();
                if (e2.e() == 0) {
                    org.bouncycastle.asn1.x509.x[] e3 = y.a(e2.f()).e();
                    for (int i2 = 0; i2 < e3.length; i2++) {
                        if (e3[i2].e() == 6) {
                            vector.add(((bd) e3[i2].f()).C_());
                        }
                    }
                }
            }
        }
        return vector;
    }

    private void a(CertPath certPath, PKIXParameters pKIXParameters) throws CertPathReviewerException {
        if (this.H) {
            throw new IllegalStateException("object is already initialized!");
        }
        this.H = true;
        if (certPath == null) {
            throw new NullPointerException("certPath was null");
        }
        this.t = certPath;
        this.w = certPath.getCertificates();
        this.x = this.w.size();
        if (this.w.isEmpty()) {
            throw new CertPathReviewerException(new org.bouncycastle.i18n.a(G, "CertPathReviewer.emptyCertPath"));
        }
        this.u = (PKIXParameters) pKIXParameters.clone();
        this.v = a(this.u);
        this.y = null;
        this.z = null;
        this.A = null;
        this.B = null;
        this.C = null;
    }

    private void a(PKIXParameters pKIXParameters, X509Certificate x509Certificate, Date date, X509Certificate x509Certificate2, PublicKey publicKey, Vector vector, int i2) throws CertPathReviewerException {
        Iterator it;
        X509CRL x509crl;
        boolean z;
        X509CRL x509crl2;
        boolean z2;
        boolean z3;
        boolean[] keyUsage;
        j jVar = new j();
        try {
            jVar.addIssuerName(a((Object) x509Certificate).getEncoded());
            jVar.setCertificateChecking(x509Certificate);
            try {
                Set a2 = as.a(jVar, pKIXParameters);
                it = a2.iterator();
                if (a2.isEmpty()) {
                    Iterator it2 = as.a(new j(), pKIXParameters).iterator();
                    ArrayList arrayList = new ArrayList();
                    while (it2.hasNext()) {
                        arrayList.add(((X509CRL) it2.next()).getIssuerX500Principal());
                    }
                    a(new org.bouncycastle.i18n.a(G, "CertPathReviewer.noCrlInCertstore", new Object[]{new org.bouncycastle.i18n.filter.e(jVar.getIssuerNames()), new org.bouncycastle.i18n.filter.e(arrayList), new Integer(arrayList.size())}), i2);
                }
            } catch (AnnotatedException e2) {
                b(new org.bouncycastle.i18n.a(G, "CertPathReviewer.crlExtractionError", new Object[]{e2.getCause().getMessage(), e2.getCause(), e2.getCause().getClass().getName()}), i2);
                it = new ArrayList().iterator();
            }
            X509CRL x509crl3 = null;
            while (it.hasNext()) {
                x509crl3 = (X509CRL) it.next();
                if (x509crl3.getNextUpdate() == null || new Date().before(x509crl3.getNextUpdate())) {
                    a(new org.bouncycastle.i18n.a(G, "CertPathReviewer.localValidCRL", new Object[]{new org.bouncycastle.i18n.filter.d(x509crl3.getThisUpdate()), new org.bouncycastle.i18n.filter.d(x509crl3.getNextUpdate())}), i2);
                    x509crl = x509crl3;
                    z = true;
                    break;
                }
                a(new org.bouncycastle.i18n.a(G, "CertPathReviewer.localInvalidCRL", new Object[]{new org.bouncycastle.i18n.filter.d(x509crl3.getThisUpdate()), new org.bouncycastle.i18n.filter.d(x509crl3.getNextUpdate())}), i2);
            }
            x509crl = x509crl3;
            z = false;
            if (!z) {
                Iterator it3 = vector.iterator();
                boolean z4 = z;
                while (true) {
                    if (!it3.hasNext()) {
                        z2 = z4;
                        x509crl2 = x509crl;
                        break;
                    }
                    try {
                        String str = (String) it3.next();
                        X509CRL a3 = a(str);
                        if (a3 == null) {
                            continue;
                        } else if (!x509Certificate.getIssuerX500Principal().equals(a3.getIssuerX500Principal())) {
                            a(new org.bouncycastle.i18n.a(G, "CertPathReviewer.onlineCRLWrongCA", new Object[]{new org.bouncycastle.i18n.filter.e(a3.getIssuerX500Principal().getName()), new org.bouncycastle.i18n.filter.e(x509Certificate.getIssuerX500Principal().getName()), new org.bouncycastle.i18n.filter.f(str)}), i2);
                        } else {
                            if (a3.getNextUpdate() == null || new Date().before(a3.getNextUpdate())) {
                                z4 = true;
                                a(new org.bouncycastle.i18n.a(G, "CertPathReviewer.onlineValidCRL", new Object[]{new org.bouncycastle.i18n.filter.d(a3.getThisUpdate()), new org.bouncycastle.i18n.filter.d(a3.getNextUpdate()), new org.bouncycastle.i18n.filter.f(str)}), i2);
                                z2 = true;
                                x509crl2 = a3;
                                break;
                            }
                            a(new org.bouncycastle.i18n.a(G, "CertPathReviewer.onlineInvalidCRL", new Object[]{new org.bouncycastle.i18n.filter.d(a3.getThisUpdate()), new org.bouncycastle.i18n.filter.d(a3.getNextUpdate()), new org.bouncycastle.i18n.filter.f(str)}), i2);
                        }
                    } catch (CertPathReviewerException e3) {
                        a(e3.getErrorMessage(), i2);
                        z4 = z4;
                    }
                }
            } else {
                x509crl2 = x509crl;
                z2 = z;
            }
            if (x509crl2 != null) {
                if (x509Certificate2 != null && (keyUsage = x509Certificate2.getKeyUsage()) != null && (keyUsage.length < 7 || !keyUsage[6])) {
                    throw new CertPathReviewerException(new org.bouncycastle.i18n.a(G, "CertPathReviewer.noCrlSigningPermited"));
                }
                if (publicKey == null) {
                    throw new CertPathReviewerException(new org.bouncycastle.i18n.a(G, "CertPathReviewer.crlNoIssuerPublicKey"));
                }
                try {
                    x509crl2.verify(publicKey, "BC");
                    X509CRLEntry revokedCertificate = x509crl2.getRevokedCertificate(x509Certificate.getSerialNumber());
                    if (revokedCertificate != null) {
                        String str2 = null;
                        if (revokedCertificate.hasExtensions()) {
                            try {
                                aw a4 = aw.a((Object) a(revokedCertificate, bk.f66327k.e()));
                                if (a4 != null) {
                                    str2 = s[a4.e().intValue()];
                                }
                            } catch (AnnotatedException e4) {
                                throw new CertPathReviewerException(new org.bouncycastle.i18n.a(G, "CertPathReviewer.crlReasonExtError"), e4);
                            }
                        }
                        if (str2 == null) {
                            str2 = s[7];
                        }
                        org.bouncycastle.i18n.b bVar = new org.bouncycastle.i18n.b(G, str2);
                        if (!date.before(revokedCertificate.getRevocationDate())) {
                            throw new CertPathReviewerException(new org.bouncycastle.i18n.a(G, "CertPathReviewer.certRevoked", new Object[]{new org.bouncycastle.i18n.filter.d(revokedCertificate.getRevocationDate()), bVar}));
                        }
                        a(new org.bouncycastle.i18n.a(G, "CertPathReviewer.revokedAfterValidation", new Object[]{new org.bouncycastle.i18n.filter.d(revokedCertificate.getRevocationDate()), bVar}), i2);
                    } else {
                        a(new org.bouncycastle.i18n.a(G, "CertPathReviewer.notRevoked"), i2);
                    }
                    if (x509crl2.getNextUpdate() != null && x509crl2.getNextUpdate().before(new Date())) {
                        a(new org.bouncycastle.i18n.a(G, "CertPathReviewer.crlUpdateAvailable", new Object[]{new org.bouncycastle.i18n.filter.d(x509crl2.getNextUpdate())}), i2);
                    }
                    try {
                        bh a5 = a(x509crl2, f67967i);
                        try {
                            bh a6 = a(x509crl2, f67968j);
                            if (a6 != null) {
                                j jVar2 = new j();
                                try {
                                    jVar2.addIssuerName(x509crl2.getIssuerX500Principal().getEncoded());
                                    jVar2.setMinCRLNumber(((be) a6).f());
                                    try {
                                        jVar2.setMaxCRLNumber(((be) a(x509crl2, p)).f().subtract(BigInteger.valueOf(1L)));
                                        try {
                                            Iterator it4 = as.a(jVar2, pKIXParameters).iterator();
                                            while (true) {
                                                if (!it4.hasNext()) {
                                                    z3 = false;
                                                    break;
                                                }
                                                try {
                                                    bh a7 = a((X509CRL) it4.next(), f67967i);
                                                    if (a5 == null) {
                                                        if (a7 == null) {
                                                            z3 = true;
                                                            break;
                                                        }
                                                    } else if (a5.equals(a7)) {
                                                        z3 = true;
                                                        break;
                                                    }
                                                } catch (AnnotatedException e5) {
                                                    throw new CertPathReviewerException(new org.bouncycastle.i18n.a(G, "CertPathReviewer.distrPtExtError"), e5);
                                                }
                                            }
                                            if (!z3) {
                                                throw new CertPathReviewerException(new org.bouncycastle.i18n.a(G, "CertPathReviewer.noBaseCRL"));
                                            }
                                        } catch (AnnotatedException e6) {
                                            throw new CertPathReviewerException(new org.bouncycastle.i18n.a(G, "CertPathReviewer.crlExtractionError"), e6);
                                        }
                                    } catch (AnnotatedException e7) {
                                        throw new CertPathReviewerException(new org.bouncycastle.i18n.a(G, "CertPathReviewer.crlNbrExtError"), e7);
                                    }
                                } catch (IOException e8) {
                                    throw new CertPathReviewerException(new org.bouncycastle.i18n.a(G, "CertPathReviewer.crlIssuerException"), e8);
                                }
                            }
                            if (a5 != null) {
                                ad a8 = ad.a(a5);
                                try {
                                    org.bouncycastle.asn1.x509.j a9 = org.bouncycastle.asn1.x509.j.a(a(x509Certificate, f67961c));
                                    if (a8.e() && a9 != null && a9.e()) {
                                        throw new CertPathReviewerException(new org.bouncycastle.i18n.a(G, "CertPathReviewer.crlOnlyUserCert"));
                                    }
                                    if (a8.f() && (a9 == null || !a9.e())) {
                                        throw new CertPathReviewerException(new org.bouncycastle.i18n.a(G, "CertPathReviewer.crlOnlyCaCert"));
                                    }
                                    if (a8.h()) {
                                        throw new CertPathReviewerException(new org.bouncycastle.i18n.a(G, "CertPathReviewer.crlOnlyAttrCert"));
                                    }
                                } catch (AnnotatedException e9) {
                                    throw new CertPathReviewerException(new org.bouncycastle.i18n.a(G, "CertPathReviewer.crlBCExtError"), e9);
                                }
                            }
                        } catch (AnnotatedException e10) {
                            throw new CertPathReviewerException(new org.bouncycastle.i18n.a(G, "CertPathReviewer.deltaCrlExtError"));
                        }
                    } catch (AnnotatedException e11) {
                        throw new CertPathReviewerException(new org.bouncycastle.i18n.a(G, "CertPathReviewer.distrPtExtError"));
                    }
                } catch (Exception e12) {
                    throw new CertPathReviewerException(new org.bouncycastle.i18n.a(G, "CertPathReviewer.crlVerifyFailed"), e12);
                }
            }
            if (!z2) {
                throw new CertPathReviewerException(new org.bouncycastle.i18n.a(G, "CertPathReviewer.noValidCrlFound"));
            }
        } catch (IOException e13) {
            throw new CertPathReviewerException(new org.bouncycastle.i18n.a(G, "CertPathReviewer.crlIssuerException"), e13);
        }
    }

    private void a(PKIXParameters pKIXParameters, X509Certificate x509Certificate, Date date, X509Certificate x509Certificate2, PublicKey publicKey, Vector vector, Vector vector2, int i2) throws CertPathReviewerException {
        Iterator it;
        X509CRL x509crl;
        boolean z;
        X509CRL x509crl2;
        boolean z2;
        boolean z3;
        boolean[] keyUsage;
        j jVar = new j();
        try {
            jVar.addIssuerName(a((Object) x509Certificate).getEncoded());
            jVar.setCertificateChecking(x509Certificate);
            try {
                Set a2 = as.a(jVar, pKIXParameters);
                it = a2.iterator();
                if (a2.isEmpty()) {
                    Iterator it2 = as.a(new j(), pKIXParameters).iterator();
                    ArrayList arrayList = new ArrayList();
                    while (it2.hasNext()) {
                        arrayList.add(((X509CRL) it2.next()).getIssuerX500Principal());
                    }
                    a(new org.bouncycastle.i18n.a(G, "CertPathReviewer.noCrlInCertstore", new Object[]{new org.bouncycastle.i18n.filter.e(jVar.getIssuerNames()), new org.bouncycastle.i18n.filter.e(arrayList), new Integer(arrayList.size())}), i2);
                }
            } catch (AnnotatedException e2) {
                b(new org.bouncycastle.i18n.a(G, "CertPathReviewer.crlExtractionError", new Object[]{e2.getCause().getMessage(), e2.getCause(), e2.getCause().getClass().getName()}), i2);
                it = new ArrayList().iterator();
            }
            X509CRL x509crl3 = null;
            while (it.hasNext()) {
                x509crl3 = (X509CRL) it.next();
                if (x509crl3.getNextUpdate() == null || new Date().before(x509crl3.getNextUpdate())) {
                    a(new org.bouncycastle.i18n.a(G, "CertPathReviewer.localValidCRL", new Object[]{new org.bouncycastle.i18n.filter.d(x509crl3.getThisUpdate()), new org.bouncycastle.i18n.filter.d(x509crl3.getNextUpdate())}), i2);
                    x509crl = x509crl3;
                    z = true;
                    break;
                }
                a(new org.bouncycastle.i18n.a(G, "CertPathReviewer.localInvalidCRL", new Object[]{new org.bouncycastle.i18n.filter.d(x509crl3.getThisUpdate()), new org.bouncycastle.i18n.filter.d(x509crl3.getNextUpdate())}), i2);
            }
            x509crl = x509crl3;
            z = false;
            if (!z) {
                Iterator it3 = vector.iterator();
                boolean z4 = z;
                while (true) {
                    if (!it3.hasNext()) {
                        z2 = z4;
                        x509crl2 = x509crl;
                        break;
                    }
                    try {
                        String str = (String) it3.next();
                        X509CRL a3 = a(str);
                        if (a3 == null) {
                            continue;
                        } else if (!x509Certificate.getIssuerX500Principal().equals(a3.getIssuerX500Principal())) {
                            a(new org.bouncycastle.i18n.a(G, "CertPathReviewer.onlineCRLWrongCA", new Object[]{new org.bouncycastle.i18n.filter.e(a3.getIssuerX500Principal().getName()), new org.bouncycastle.i18n.filter.e(x509Certificate.getIssuerX500Principal().getName()), new org.bouncycastle.i18n.filter.f(str)}), i2);
                        } else {
                            if (a3.getNextUpdate() == null || new Date().before(a3.getNextUpdate())) {
                                z4 = true;
                                a(new org.bouncycastle.i18n.a(G, "CertPathReviewer.onlineValidCRL", new Object[]{new org.bouncycastle.i18n.filter.d(a3.getThisUpdate()), new org.bouncycastle.i18n.filter.d(a3.getNextUpdate()), new org.bouncycastle.i18n.filter.f(str)}), i2);
                                z2 = true;
                                x509crl2 = a3;
                                break;
                            }
                            a(new org.bouncycastle.i18n.a(G, "CertPathReviewer.onlineInvalidCRL", new Object[]{new org.bouncycastle.i18n.filter.d(a3.getThisUpdate()), new org.bouncycastle.i18n.filter.d(a3.getNextUpdate()), new org.bouncycastle.i18n.filter.f(str)}), i2);
                        }
                    } catch (CertPathReviewerException e3) {
                        a(e3.getErrorMessage(), i2);
                        z4 = z4;
                    }
                }
            } else {
                x509crl2 = x509crl;
                z2 = z;
            }
            if (x509crl2 != null) {
                if (x509Certificate2 != null && (keyUsage = x509Certificate2.getKeyUsage()) != null && (keyUsage.length < 7 || !keyUsage[6])) {
                    throw new CertPathReviewerException(new org.bouncycastle.i18n.a(G, "CertPathReviewer.noCrlSigningPermited"));
                }
                if (publicKey == null) {
                    throw new CertPathReviewerException(new org.bouncycastle.i18n.a(G, "CertPathReviewer.crlNoIssuerPublicKey"));
                }
                try {
                    x509crl2.verify(publicKey, "BC");
                    X509CRLEntry revokedCertificate = x509crl2.getRevokedCertificate(x509Certificate.getSerialNumber());
                    if (revokedCertificate != null) {
                        String str2 = null;
                        if (revokedCertificate.hasExtensions()) {
                            try {
                                aw a4 = aw.a((Object) a(revokedCertificate, bk.f66327k.e()));
                                if (a4 != null) {
                                    str2 = s[a4.e().intValue()];
                                }
                            } catch (AnnotatedException e4) {
                                throw new CertPathReviewerException(new org.bouncycastle.i18n.a(G, "CertPathReviewer.crlReasonExtError"), e4);
                            }
                        }
                        if (str2 == null) {
                            str2 = s[7];
                        }
                        org.bouncycastle.i18n.b bVar = new org.bouncycastle.i18n.b(G, str2);
                        if (!date.before(revokedCertificate.getRevocationDate())) {
                            throw new CertPathReviewerException(new org.bouncycastle.i18n.a(G, "CertPathReviewer.certRevoked", new Object[]{new org.bouncycastle.i18n.filter.d(revokedCertificate.getRevocationDate()), bVar}));
                        }
                        a(new org.bouncycastle.i18n.a(G, "CertPathReviewer.revokedAfterValidation", new Object[]{new org.bouncycastle.i18n.filter.d(revokedCertificate.getRevocationDate()), bVar}), i2);
                    } else {
                        a(new org.bouncycastle.i18n.a(G, "CertPathReviewer.notRevoked"), i2);
                    }
                    if (x509crl2.getNextUpdate() != null && x509crl2.getNextUpdate().before(new Date())) {
                        a(new org.bouncycastle.i18n.a(G, "CertPathReviewer.crlUpdateAvailable", new Object[]{new org.bouncycastle.i18n.filter.d(x509crl2.getNextUpdate())}), i2);
                    }
                    try {
                        bh a5 = a(x509crl2, f67967i);
                        try {
                            bh a6 = a(x509crl2, f67968j);
                            if (a6 != null) {
                                j jVar2 = new j();
                                try {
                                    jVar2.addIssuerName(x509crl2.getIssuerX500Principal().getEncoded());
                                    jVar2.setMinCRLNumber(((be) a6).f());
                                    try {
                                        jVar2.setMaxCRLNumber(((be) a(x509crl2, p)).f().subtract(BigInteger.valueOf(1L)));
                                        try {
                                            Iterator it4 = as.a(jVar2, pKIXParameters).iterator();
                                            while (true) {
                                                if (!it4.hasNext()) {
                                                    z3 = false;
                                                    break;
                                                }
                                                try {
                                                    bh a7 = a((X509CRL) it4.next(), f67967i);
                                                    if (a5 == null) {
                                                        if (a7 == null) {
                                                            z3 = true;
                                                            break;
                                                        }
                                                    } else if (a5.equals(a7)) {
                                                        z3 = true;
                                                        break;
                                                    }
                                                } catch (AnnotatedException e5) {
                                                    throw new CertPathReviewerException(new org.bouncycastle.i18n.a(G, "CertPathReviewer.distrPtExtError"), e5);
                                                }
                                            }
                                            if (!z3) {
                                                throw new CertPathReviewerException(new org.bouncycastle.i18n.a(G, "CertPathReviewer.noBaseCRL"));
                                            }
                                        } catch (AnnotatedException e6) {
                                            throw new CertPathReviewerException(new org.bouncycastle.i18n.a(G, "CertPathReviewer.crlExtractionError"), e6);
                                        }
                                    } catch (AnnotatedException e7) {
                                        throw new CertPathReviewerException(new org.bouncycastle.i18n.a(G, "CertPathReviewer.crlNbrExtError"), e7);
                                    }
                                } catch (IOException e8) {
                                    throw new CertPathReviewerException(new org.bouncycastle.i18n.a(G, "CertPathReviewer.crlIssuerException"), e8);
                                }
                            }
                            if (a5 != null) {
                                ad a8 = ad.a(a5);
                                try {
                                    org.bouncycastle.asn1.x509.j a9 = org.bouncycastle.asn1.x509.j.a(a(x509Certificate, f67961c));
                                    if (a8.e() && a9 != null && a9.e()) {
                                        throw new CertPathReviewerException(new org.bouncycastle.i18n.a(G, "CertPathReviewer.crlOnlyUserCert"));
                                    }
                                    if (a8.f() && (a9 == null || !a9.e())) {
                                        throw new CertPathReviewerException(new org.bouncycastle.i18n.a(G, "CertPathReviewer.crlOnlyCaCert"));
                                    }
                                    if (a8.h()) {
                                        throw new CertPathReviewerException(new org.bouncycastle.i18n.a(G, "CertPathReviewer.crlOnlyAttrCert"));
                                    }
                                } catch (AnnotatedException e9) {
                                    throw new CertPathReviewerException(new org.bouncycastle.i18n.a(G, "CertPathReviewer.crlBCExtError"), e9);
                                }
                            }
                        } catch (AnnotatedException e10) {
                            throw new CertPathReviewerException(new org.bouncycastle.i18n.a(G, "CertPathReviewer.deltaCrlExtError"));
                        }
                    } catch (AnnotatedException e11) {
                        throw new CertPathReviewerException(new org.bouncycastle.i18n.a(G, "CertPathReviewer.distrPtExtError"));
                    }
                } catch (Exception e12) {
                    throw new CertPathReviewerException(new org.bouncycastle.i18n.a(G, "CertPathReviewer.crlVerifyFailed"), e12);
                }
            }
            if (!z2) {
                throw new CertPathReviewerException(new org.bouncycastle.i18n.a(G, "CertPathReviewer.noValidCrlFound"));
            }
        } catch (IOException e13) {
            throw new CertPathReviewerException(new org.bouncycastle.i18n.a(G, "CertPathReviewer.crlIssuerException"), e13);
        }
    }

    private void a(org.bouncycastle.i18n.a aVar) {
        this.y[0].add(aVar);
    }

    private void a(org.bouncycastle.i18n.a aVar, int i2) {
        if (i2 < -1 || i2 >= this.x) {
            throw new IndexOutOfBoundsException();
        }
        this.y[i2 + 1].add(aVar);
    }

    private boolean a(X509Certificate x509Certificate, int i2) {
        boolean z;
        org.bouncycastle.asn1.x509.qualified.d dVar;
        boolean z2 = false;
        try {
            org.bouncycastle.asn1.q qVar = (org.bouncycastle.asn1.q) a(x509Certificate, D);
            int i3 = 0;
            while (i3 < qVar.g()) {
                org.bouncycastle.asn1.x509.qualified.e a2 = org.bouncycastle.asn1.x509.qualified.e.a(qVar.a(i3));
                if (org.bouncycastle.asn1.x509.qualified.e.as_.equals(a2.e())) {
                    a(new org.bouncycastle.i18n.a(G, "CertPathReviewer.QcEuCompliance"), i2);
                    z = z2;
                } else if (org.bouncycastle.asn1.x509.qualified.e.au_.equals(a2.e())) {
                    z = z2;
                } else if (org.bouncycastle.asn1.x509.qualified.e.f66392e.equals(a2.e())) {
                    a(new org.bouncycastle.i18n.a(G, "CertPathReviewer.QcSSCD"), i2);
                    z = z2;
                } else if (org.bouncycastle.asn1.x509.qualified.e.f66390c.equals(a2.e())) {
                    org.bouncycastle.asn1.d f2 = a2.f();
                    if (f2 == null || (f2 instanceof org.bouncycastle.asn1.x509.qualified.d)) {
                        dVar = (org.bouncycastle.asn1.x509.qualified.d) f2;
                    } else {
                        if (!(f2 instanceof org.bouncycastle.asn1.q)) {
                            throw new IllegalArgumentException("unknown object in getInstance");
                        }
                        dVar = new org.bouncycastle.asn1.x509.qualified.d(org.bouncycastle.asn1.q.a((Object) f2));
                    }
                    double doubleValue = dVar.f().doubleValue() * Math.pow(10.0d, dVar.g().doubleValue());
                    a(dVar.e().e() ? new org.bouncycastle.i18n.a(G, "CertPathReviewer.QcLimitValueAlpha", new Object[]{dVar.e().f(), new org.bouncycastle.i18n.filter.d(new Double(doubleValue)), dVar}) : new org.bouncycastle.i18n.a(G, "CertPathReviewer.QcLimitValueNum", new Object[]{new Integer(dVar.e().g()), new org.bouncycastle.i18n.filter.d(new Double(doubleValue)), dVar}), i2);
                    z = z2;
                } else {
                    a(new org.bouncycastle.i18n.a(G, "CertPathReviewer.QcUnknownStatement", new Object[]{a2.e(), new org.bouncycastle.i18n.filter.e(a2)}), i2);
                    z = true;
                }
                i3++;
                z2 = z;
            }
            return !z2;
        } catch (AnnotatedException e2) {
            b(new org.bouncycastle.i18n.a(G, "CertPathReviewer.QcStatementExtError"), i2);
            return false;
        }
    }

    private int b() {
        return this.x;
    }

    private List b(int i2) {
        i();
        return this.y[i2 + 1];
    }

    private void b(org.bouncycastle.i18n.a aVar) {
        this.z[0].add(aVar);
    }

    private void b(org.bouncycastle.i18n.a aVar, int i2) {
        if (i2 < -1 || i2 >= this.x) {
            throw new IndexOutOfBoundsException();
        }
        this.z[i2 + 1].add(aVar);
    }

    private List[] c() {
        i();
        return this.z;
    }

    private List[] d() {
        i();
        return this.y;
    }

    private PolicyNode e() {
        i();
        return this.C;
    }

    private PublicKey f() {
        i();
        return this.B;
    }

    private TrustAnchor g() {
        i();
        return this.A;
    }

    private boolean h() {
        i();
        for (int i2 = 0; i2 < this.z.length; i2++) {
            if (!this.z[i2].isEmpty()) {
                return false;
            }
        }
        return true;
    }

    private void i() {
        if (!this.H) {
            throw new IllegalStateException("Object not initialized. Call init() first.");
        }
        if (this.y == null) {
            this.y = new List[this.x + 1];
            this.z = new List[this.x + 1];
            for (int i2 = 0; i2 < this.y.length; i2++) {
                this.y[i2] = new ArrayList();
                this.z[i2] = new ArrayList();
            }
            l();
            j();
            k();
            m();
            n();
        }
    }

    private void j() {
        av avVar = new av();
        try {
            for (int size = this.w.size() - 1; size > 0; size--) {
                X509Certificate x509Certificate = (X509Certificate) this.w.get(size);
                if (!b(x509Certificate)) {
                    X500Principal subjectX500Principal = x509Certificate.getSubjectX500Principal();
                    try {
                        org.bouncycastle.asn1.q qVar = (org.bouncycastle.asn1.q) new org.bouncycastle.asn1.i(new ByteArrayInputStream(subjectX500Principal.getEncoded())).a();
                        try {
                            avVar.a(qVar);
                            try {
                                avVar.b(qVar);
                                try {
                                    org.bouncycastle.asn1.q qVar2 = (org.bouncycastle.asn1.q) a(x509Certificate, f67963e);
                                    if (qVar2 != null) {
                                        for (int i2 = 0; i2 < qVar2.g(); i2++) {
                                            org.bouncycastle.asn1.x509.x a2 = org.bouncycastle.asn1.x509.x.a(qVar2.a(i2));
                                            try {
                                                avVar.a(a2);
                                                avVar.b(a2);
                                            } catch (PKIXNameConstraintValidatorException e2) {
                                                throw new CertPathReviewerException(new org.bouncycastle.i18n.a(G, "CertPathReviewer.notPermittedEmail", new Object[]{new org.bouncycastle.i18n.filter.e(a2)}), e2, this.t, size);
                                            }
                                        }
                                    }
                                } catch (AnnotatedException e3) {
                                    throw new CertPathReviewerException(new org.bouncycastle.i18n.a(G, "CertPathReviewer.subjAltNameExtError"), e3, this.t, size);
                                }
                            } catch (PKIXNameConstraintValidatorException e4) {
                                throw new CertPathReviewerException(new org.bouncycastle.i18n.a(G, "CertPathReviewer.excludedDN", new Object[]{new org.bouncycastle.i18n.filter.e(subjectX500Principal.getName())}), e4, this.t, size);
                            }
                        } catch (PKIXNameConstraintValidatorException e5) {
                            throw new CertPathReviewerException(new org.bouncycastle.i18n.a(G, "CertPathReviewer.notPermittedDN", new Object[]{new org.bouncycastle.i18n.filter.e(subjectX500Principal.getName())}), e5, this.t, size);
                        }
                    } catch (IOException e6) {
                        throw new CertPathReviewerException(new org.bouncycastle.i18n.a(G, "CertPathReviewer.ncSubjectNameError", new Object[]{new org.bouncycastle.i18n.filter.e(subjectX500Principal)}), e6, this.t, size);
                    }
                }
                try {
                    org.bouncycastle.asn1.q qVar3 = (org.bouncycastle.asn1.q) a(x509Certificate, f67964f);
                    if (qVar3 != null) {
                        ag agVar = new ag(qVar3);
                        org.bouncycastle.asn1.q e7 = agVar.e();
                        if (e7 != null) {
                            avVar.c(e7);
                        }
                        org.bouncycastle.asn1.q f2 = agVar.f();
                        if (f2 != null) {
                            Enumeration e8 = f2.e();
                            while (e8.hasMoreElements()) {
                                avVar.a(z.a(e8.nextElement()));
                            }
                        }
                    }
                } catch (AnnotatedException e9) {
                    throw new CertPathReviewerException(new org.bouncycastle.i18n.a(G, "CertPathReviewer.ncExtError"), e9, this.t, size);
                }
            }
        } catch (CertPathReviewerException e10) {
            b(e10.getErrorMessage(), e10.getIndex());
        }
    }

    private void k() {
        int i2;
        int i3;
        org.bouncycastle.asn1.x509.j jVar;
        int i4;
        BigInteger f2;
        int i5 = this.x;
        int size = this.w.size() - 1;
        int i6 = 0;
        while (size > 0) {
            X509Certificate x509Certificate = (X509Certificate) this.w.get(size);
            if (b(x509Certificate)) {
                int i7 = i6;
                i2 = i5;
                i3 = i7;
            } else {
                if (i5 <= 0) {
                    b(new org.bouncycastle.i18n.a(G, "CertPathReviewer.pathLenghtExtended"));
                }
                int i8 = i6 + 1;
                i2 = i5 - 1;
                i3 = i8;
            }
            try {
                jVar = org.bouncycastle.asn1.x509.j.a(a(x509Certificate, f67961c));
            } catch (AnnotatedException e2) {
                b(new org.bouncycastle.i18n.a(G, "CertPathReviewer.processLengthConstError"), size);
                jVar = null;
            }
            if (jVar == null || (f2 = jVar.f()) == null || (i4 = f2.intValue()) >= i2) {
                i4 = i2;
            }
            size--;
            i6 = i3;
            i5 = i4;
        }
        a(new org.bouncycastle.i18n.a(G, "CertPathReviewer.totalPathLength", new Object[]{new Integer(i6)}));
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Removed duplicated region for block: B:144:0x0495  */
    /* JADX WARN: Removed duplicated region for block: B:22:0x00a8  */
    /* JADX WARN: Removed duplicated region for block: B:33:0x00c4  */
    /* JADX WARN: Removed duplicated region for block: B:9:0x007f  */
    /* JADX WARN: Type inference failed for: r3v18, types: [java.lang.String] */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    private void l() {
        /*
            Method dump skipped, instructions count: 1176
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: org.bouncycastle.x509.f.l():void");
    }

    /* JADX WARN: Code restructure failed: missing block: B:186:0x041b, code lost:
    
        if (r2 < r3) goto L177;
     */
    /* JADX WARN: Failed to find 'out' block for switch in B:172:0x03f7. Please report as an issue. */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    private void m() {
        /*
            Method dump skipped, instructions count: 1688
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: org.bouncycastle.x509.f.m():void");
    }

    private void n() {
        List<PKIXCertPathChecker> certPathCheckers = this.u.getCertPathCheckers();
        Iterator<PKIXCertPathChecker> it = certPathCheckers.iterator();
        while (it.hasNext()) {
            try {
                try {
                    it.next().init(false);
                } catch (CertPathValidatorException e2) {
                    throw new CertPathReviewerException(new org.bouncycastle.i18n.a(G, "CertPathReviewer.certPathCheckerError", new Object[]{e2.getMessage(), e2, e2.getClass().getName()}), e2);
                }
            } catch (CertPathReviewerException e3) {
                b(e3.getErrorMessage(), e3.getIndex());
                return;
            }
        }
        for (int size = this.w.size() - 1; size >= 0; size--) {
            X509Certificate x509Certificate = (X509Certificate) this.w.get(size);
            Set<String> criticalExtensionOIDs = x509Certificate.getCriticalExtensionOIDs();
            if (criticalExtensionOIDs != null && !criticalExtensionOIDs.isEmpty()) {
                criticalExtensionOIDs.remove(f67965g);
                criticalExtensionOIDs.remove(f67960b);
                criticalExtensionOIDs.remove(f67962d);
                criticalExtensionOIDs.remove(f67966h);
                criticalExtensionOIDs.remove(f67967i);
                criticalExtensionOIDs.remove(f67968j);
                criticalExtensionOIDs.remove(f67969k);
                criticalExtensionOIDs.remove(f67961c);
                criticalExtensionOIDs.remove(f67963e);
                criticalExtensionOIDs.remove(f67964f);
                if (criticalExtensionOIDs.contains(D) && a(x509Certificate, size)) {
                    criticalExtensionOIDs.remove(D);
                }
                Iterator<PKIXCertPathChecker> it2 = certPathCheckers.iterator();
                while (it2.hasNext()) {
                    try {
                        it2.next().check(x509Certificate, criticalExtensionOIDs);
                    } catch (CertPathValidatorException e4) {
                        throw new CertPathReviewerException(new org.bouncycastle.i18n.a(G, "CertPathReviewer.criticalExtensionError", new Object[]{e4.getMessage(), e4, e4.getClass().getName()}), e4.getCause(), this.t, size);
                    }
                }
                if (!criticalExtensionOIDs.isEmpty()) {
                    Iterator<String> it3 = criticalExtensionOIDs.iterator();
                    while (it3.hasNext()) {
                        b(new org.bouncycastle.i18n.a(G, "CertPathReviewer.unknownCriticalExt", new Object[]{new bi(it3.next())}), size);
                    }
                }
            }
        }
    }
}
