package org.a.e.d;

import java.io.IOException;
import java.security.InvalidAlgorithmParameterException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.Principal;
import java.security.cert.CertPath;
import java.security.cert.CertPathBuilder;
import java.security.cert.CertPathBuilderException;
import java.security.cert.CertPathBuilderResult;
import java.security.cert.CertPathValidator;
import java.security.cert.CertPathValidatorException;
import java.security.cert.CertPathValidatorResult;
import java.security.cert.CertificateExpiredException;
import java.security.cert.CertificateNotYetValidException;
import java.security.cert.TrustAnchor;
import java.security.cert.X509CertSelector;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Date;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Set;
import javax.security.auth.x500.X500Principal;
import org.a.a.ae.be;
import org.a.a.ae.br;
import org.a.d.g;
import org.a.d.h;
import org.a.d.i;

/* loaded from: classes3.dex */
class ak {

    /* renamed from: a, reason: collision with root package name */
    private static final String f13675a = br.E.a();

    /* renamed from: b, reason: collision with root package name */
    private static final String f13676b = br.D.a();
    private static final String c = br.p.a();
    private static final String d = br.x.a();

    ak() {
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static CertPathValidatorResult a(CertPath certPath, org.a.d.i iVar) throws CertPathValidatorException {
        try {
            try {
                return CertPathValidator.getInstance("PKIX", b.PROVIDER_NAME).validate(certPath, iVar);
            } catch (InvalidAlgorithmParameterException e) {
                throw new RuntimeException(e.getMessage());
            } catch (CertPathValidatorException e2) {
                throw new org.a.e.a.b("Certification path for issuer certificate of attribute certificate could not be validated.", e2);
            }
        } catch (NoSuchAlgorithmException e3) {
            throw new org.a.e.a.b("Support class could not be created.", e3);
        } catch (NoSuchProviderException e4) {
            throw new org.a.e.a.b("Support class could not be created.", e4);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static void a(X509Certificate x509Certificate, Set set) throws CertPathValidatorException {
        boolean z;
        boolean z2 = false;
        Iterator it = set.iterator();
        while (true) {
            z = z2;
            if (!it.hasNext()) {
                break;
            }
            TrustAnchor trustAnchor = (TrustAnchor) it.next();
            z2 = (x509Certificate.getSubjectX500Principal().getName("RFC2253").equals(trustAnchor.getCAName()) || x509Certificate.equals(trustAnchor.getTrustedCert())) ? true : z;
        }
        if (!z) {
            throw new CertPathValidatorException("Attribute certificate issuer is not directly trusted.");
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static void a(X509Certificate x509Certificate, org.a.d.i iVar) throws CertPathValidatorException {
        if (x509Certificate.getKeyUsage() != null && !x509Certificate.getKeyUsage()[0] && !x509Certificate.getKeyUsage()[1]) {
            throw new CertPathValidatorException("Attribute certificate issuer public key cannot be used to validate digital signatures.");
        }
        if (x509Certificate.getBasicConstraints() != -1) {
            throw new CertPathValidatorException("Attribute certificate issuer is also a public key certificate issuer.");
        }
    }

    /* JADX WARN: Code restructure failed: missing block: B:47:0x00f8, code lost:
    
        throw r11;
     */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    private static void a(org.a.a.ae.v r16, org.a.i.p r17, org.a.d.i r18, java.util.Date r19, java.security.cert.X509Certificate r20, org.a.e.d.h r21, org.a.e.d.al r22, java.util.List r23, org.a.d.d.c r24) throws org.a.e.d.a {
        /*
            Method dump skipped, instructions count: 249
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: org.a.e.d.ak.a(org.a.a.ae.v, org.a.i.p, org.a.d.i, java.util.Date, java.security.cert.X509Certificate, org.a.e.d.h, org.a.e.d.al, java.util.List, org.a.d.d.c):void");
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static void a(org.a.i.p pVar, CertPath certPath, CertPath certPath2, org.a.d.i iVar, Set set) throws CertPathValidatorException {
        Set<String> criticalExtensionOIDs = pVar.getCriticalExtensionOIDs();
        if (criticalExtensionOIDs.contains(f13675a)) {
            try {
                be.a(g.a(pVar, f13675a));
            } catch (IllegalArgumentException e) {
                throw new org.a.e.a.b("Target information extension could not be read.", e);
            } catch (a e2) {
                throw new org.a.e.a.b("Target information extension could not be read.", e2);
            }
        }
        criticalExtensionOIDs.remove(f13675a);
        Iterator it = set.iterator();
        while (it.hasNext()) {
            ((org.a.i.k) it.next()).a(pVar, certPath, certPath2, criticalExtensionOIDs);
        }
        if (!criticalExtensionOIDs.isEmpty()) {
            throw new CertPathValidatorException("Attribute certificate contains unsupported critical extensions: " + criticalExtensionOIDs);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static void a(org.a.i.p pVar, Set set, Set set2) throws CertPathValidatorException {
        Iterator it = set.iterator();
        while (it.hasNext()) {
            String str = (String) it.next();
            if (pVar.a(str) != null) {
                throw new CertPathValidatorException("Attribute certificate contains prohibited attribute: " + str + ".");
            }
        }
        Iterator it2 = set2.iterator();
        while (it2.hasNext()) {
            String str2 = (String) it2.next();
            if (pVar.a(str2) == null) {
                throw new CertPathValidatorException("Attribute certificate does not contain necessary attribute: " + str2 + ".");
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static void a(org.a.i.p pVar, org.a.d.i iVar) throws CertPathValidatorException {
        try {
            pVar.a(g.a(iVar));
        } catch (CertificateExpiredException e) {
            throw new org.a.e.a.b("Attribute certificate is not valid.", e);
        } catch (CertificateNotYetValidException e2) {
            throw new org.a.e.a.b("Attribute certificate is not valid.", e2);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static void a(org.a.i.p pVar, org.a.d.i iVar, X509Certificate x509Certificate, Date date, List list, org.a.d.d.c cVar) throws CertPathValidatorException {
        boolean z;
        if (iVar.q()) {
            if (pVar.getExtensionValue(f13676b) != null) {
                if (pVar.getExtensionValue(c) != null || pVar.getExtensionValue(d) != null) {
                    throw new CertPathValidatorException("No rev avail extension is set, but also an AC revocation pointer.");
                }
                return;
            }
            try {
                org.a.a.ae.k a2 = org.a.a.ae.k.a(g.a(pVar, c));
                List arrayList = new ArrayList();
                try {
                    arrayList.addAll(g.a(a2, iVar.d()));
                    i.a aVar = new i.a(iVar);
                    Iterator it = arrayList.iterator();
                    while (it.hasNext()) {
                        aVar.a((org.a.d.d) arrayList);
                    }
                    org.a.d.i a3 = aVar.a();
                    h hVar = new h();
                    al alVar = new al();
                    a aVar2 = null;
                    if (a2 != null) {
                        try {
                            org.a.a.ae.v[] a4 = a2.a();
                            z = false;
                            for (int i = 0; i < a4.length && hVar.b() == 11 && !alVar.a(); i++) {
                                try {
                                    a(a4[i], pVar, (org.a.d.i) a3.clone(), date, x509Certificate, hVar, alVar, list, cVar);
                                    z = true;
                                } catch (a e) {
                                    aVar2 = new a("No valid CRL for distribution point found.", e);
                                }
                            }
                        } catch (Exception e2) {
                            throw new org.a.e.a.b("Distribution points could not be read.", e2);
                        }
                    } else {
                        z = false;
                    }
                    if (hVar.b() == 11 && !alVar.a()) {
                        try {
                            try {
                                a(new org.a.a.ae.v(new org.a.a.ae.w(0, new org.a.a.ae.ac(new org.a.a.ae.ab(4, new org.a.a.k(((X500Principal) pVar.f().a()[0]).getEncoded()).d()))), null, null), pVar, (org.a.d.i) a3.clone(), date, x509Certificate, hVar, alVar, list, cVar);
                                z = true;
                            } catch (Exception e3) {
                                throw new a("Issuer from certificate for CRL could not be reencoded.", e3);
                            }
                        } catch (a e4) {
                            aVar2 = new a("No valid CRL for distribution point found.", e4);
                        }
                    }
                    if (!z) {
                        throw new org.a.e.a.b("No valid CRL found.", aVar2);
                    }
                    if (hVar.b() != 11) {
                        throw new CertPathValidatorException(("Attribute certificate revocation after " + hVar.a()) + ", reason: " + aj.r[hVar.b()]);
                    }
                    if (!alVar.a() && hVar.b() == 11) {
                        hVar.a(12);
                    }
                    if (hVar.b() == 12) {
                        throw new CertPathValidatorException("Attribute certificate status could not be determined.");
                    }
                } catch (a e5) {
                    throw new CertPathValidatorException("No additional CRL locations could be decoded from CRL distribution point extension.", e5);
                }
            } catch (a e6) {
                throw new CertPathValidatorException("CRL distribution point extension could not be read.", e6);
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static CertPath b(org.a.i.p pVar, org.a.d.i iVar) throws CertPathValidatorException {
        org.a.e.a.b bVar;
        CertPathBuilderResult certPathBuilderResult;
        HashSet hashSet = new HashSet();
        if (pVar.e().f() != null) {
            X509CertSelector x509CertSelector = new X509CertSelector();
            x509CertSelector.setSerialNumber(pVar.e().g());
            Principal[] f = pVar.e().f();
            for (int i = 0; i < f.length; i++) {
                try {
                    if (f[i] instanceof X500Principal) {
                        x509CertSelector.setIssuer(((X500Principal) f[i]).getEncoded());
                    }
                    hashSet.addAll(g.a(new g.a(x509CertSelector).a(), iVar.p()));
                } catch (IOException e) {
                    throw new org.a.e.a.b("Unable to encode X500 principal.", e);
                } catch (a e2) {
                    throw new org.a.e.a.b("Public key certificate for attribute certificate cannot be searched.", e2);
                }
            }
            if (hashSet.isEmpty()) {
                throw new CertPathValidatorException("Public key certificate specified in base certificate ID for attribute certificate cannot be found.");
            }
        }
        if (pVar.e().e() != null) {
            org.a.i.s sVar = new org.a.i.s();
            Principal[] e3 = pVar.e().e();
            for (int i2 = 0; i2 < e3.length; i2++) {
                try {
                    if (e3[i2] instanceof X500Principal) {
                        sVar.setIssuer(((X500Principal) e3[i2]).getEncoded());
                    }
                    hashSet.addAll(g.a(new g.a(sVar).a(), iVar.p()));
                } catch (IOException e4) {
                    throw new org.a.e.a.b("Unable to encode X500 principal.", e4);
                } catch (a e5) {
                    throw new org.a.e.a.b("Public key certificate for attribute certificate cannot be searched.", e5);
                }
            }
            if (hashSet.isEmpty()) {
                throw new CertPathValidatorException("Public key certificate specified in entity name for attribute certificate cannot be found.");
            }
        }
        i.a aVar = new i.a(iVar);
        Iterator it = hashSet.iterator();
        org.a.e.a.b bVar2 = null;
        CertPathBuilderResult certPathBuilderResult2 = null;
        while (it.hasNext()) {
            org.a.i.s sVar2 = new org.a.i.s();
            sVar2.setCertificate((X509Certificate) it.next());
            aVar.a(new g.a(sVar2).a());
            try {
                try {
                    org.a.e.a.b bVar3 = bVar2;
                    certPathBuilderResult = CertPathBuilder.getInstance("PKIX", b.PROVIDER_NAME).build(new h.a(aVar.a()).a());
                    bVar = bVar3;
                } catch (InvalidAlgorithmParameterException e6) {
                    throw new RuntimeException(e6.getMessage());
                } catch (CertPathBuilderException e7) {
                    bVar = new org.a.e.a.b("Certification path for public key certificate of attribute certificate could not be build.", e7);
                    certPathBuilderResult = certPathBuilderResult2;
                }
                certPathBuilderResult2 = certPathBuilderResult;
                bVar2 = bVar;
            } catch (NoSuchAlgorithmException e8) {
                throw new org.a.e.a.b("Support class could not be created.", e8);
            } catch (NoSuchProviderException e9) {
                throw new org.a.e.a.b("Support class could not be created.", e9);
            }
        }
        if (bVar2 != null) {
            throw bVar2;
        }
        return certPathBuilderResult2.getCertPath();
    }
}
