package org.bouncycastle.jce.provider;

import android.support.v4.os.EnvironmentCompat;
import com.chad.library.BuildConfig;
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.math.BigInteger;
import java.security.GeneralSecurityException;
import java.security.InvalidAlgorithmParameterException;
import java.security.PublicKey;
import java.security.cert.CertPath;
import java.security.cert.CertPathParameters;
import java.security.cert.CertPathValidatorException;
import java.security.cert.CertPathValidatorResult;
import java.security.cert.CertPathValidatorSpi;
import java.security.cert.CertStore;
import java.security.cert.CertStoreException;
import java.security.cert.Certificate;
import java.security.cert.PKIXCertPathChecker;
import java.security.cert.PKIXCertPathValidatorResult;
import java.security.cert.PKIXParameters;
import java.security.cert.PolicyQualifierInfo;
import java.security.cert.TrustAnchor;
import java.security.cert.X509CRL;
import java.security.cert.X509CRLEntry;
import java.security.cert.X509CRLSelector;
import java.security.cert.X509CertSelector;
import java.security.cert.X509Certificate;
import java.security.cert.X509Extension;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Date;
import java.util.Enumeration;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Set;
import javax.security.auth.x500.X500Principal;
import org.bouncycastle.asn1.ASN1InputStream;
import org.bouncycastle.asn1.ASN1OctetString;
import org.bouncycastle.asn1.ASN1OutputStream;
import org.bouncycastle.asn1.ASN1Sequence;
import org.bouncycastle.asn1.ASN1TaggedObject;
import org.bouncycastle.asn1.DEREnumerated;
import org.bouncycastle.asn1.DERIA5String;
import org.bouncycastle.asn1.DERInteger;
import org.bouncycastle.asn1.DERObject;
import org.bouncycastle.asn1.DERObjectIdentifier;
import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
import org.bouncycastle.asn1.x509.BasicConstraints;
import org.bouncycastle.asn1.x509.GeneralName;
import org.bouncycastle.asn1.x509.GeneralSubtree;
import org.bouncycastle.asn1.x509.IssuingDistributionPoint;
import org.bouncycastle.asn1.x509.NameConstraints;
import org.bouncycastle.asn1.x509.PolicyInformation;
import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo;
import org.bouncycastle.asn1.x509.X509Extensions;

/* loaded from: classes3.dex */
public class PKIXCertPathValidatorSpi extends CertPathValidatorSpi {
    private static final String ANY_POLICY = "2.5.29.32.0";
    private static final int CRL_SIGN = 6;
    private static final int KEY_CERT_SIGN = 5;
    private static final String CERTIFICATE_POLICIES = X509Extensions.CertificatePolicies.getId();
    private static final String POLICY_MAPPINGS = X509Extensions.PolicyMappings.getId();
    private static final String INHIBIT_ANY_POLICY = X509Extensions.InhibitAnyPolicy.getId();
    private static final String ISSUING_DISTRIBUTION_POINT = X509Extensions.IssuingDistributionPoint.getId();
    private static final String DELTA_CRL_INDICATOR = X509Extensions.DeltaCRLIndicator.getId();
    private static final String POLICY_CONSTRAINTS = X509Extensions.PolicyConstraints.getId();
    private static final String BASIC_CONSTRAINTS = X509Extensions.BasicConstraints.getId();
    private static final String SUBJECT_ALTERNATIVE_NAME = X509Extensions.SubjectAlternativeName.getId();
    private static final String NAME_CONSTRAINTS = X509Extensions.NameConstraints.getId();
    private static final String KEY_USAGE = X509Extensions.KeyUsage.getId();
    private static final String CRL_NUMBER = X509Extensions.CRLNumber.getId();
    private static final String[] crlReasons = {BuildConfig.VERSION_NAME, "keyCompromise", "cACompromise", "affiliationChanged", "superseded", "cessationOfOperation", "certificateHold", EnvironmentCompat.MEDIA_UNKNOWN, "removeFromCRL", "privilegeWithdrawn", "aACompromise"};

    private void checkExcludedDN(HashSet hashSet, ASN1Sequence aSN1Sequence) throws CertPathValidatorException {
        if (hashSet.isEmpty()) {
            return;
        }
        Iterator it2 = hashSet.iterator();
        while (it2.hasNext()) {
            if (withinDNSubtree(aSN1Sequence, (ASN1Sequence) it2.next())) {
                throw new CertPathValidatorException("Subject distinguished name is from an excluded subtree");
            }
        }
    }

    private void checkExcludedEmail(HashSet hashSet, String str) throws CertPathValidatorException {
        if (hashSet.isEmpty()) {
            return;
        }
        String substring = str.substring(str.indexOf(64) + 1);
        Iterator it2 = hashSet.iterator();
        while (it2.hasNext()) {
            if (substring.endsWith((String) it2.next())) {
                throw new CertPathValidatorException("Subject email address is from an excluded subtree");
            }
        }
    }

    private void checkExcludedIP(HashSet hashSet, byte[] bArr) throws CertPathValidatorException {
        if (hashSet.isEmpty()) {
        }
    }

    /* JADX WARN: Unreachable blocks removed: 1, instructions: 1 */
    private void checkPermittedDN(HashSet hashSet, ASN1Sequence aSN1Sequence) throws CertPathValidatorException {
        if (hashSet.isEmpty()) {
            return;
        }
        Iterator it2 = hashSet.iterator();
        while (it2.hasNext()) {
            if (withinDNSubtree(aSN1Sequence, (ASN1Sequence) it2.next())) {
                return;
            }
        }
        throw new CertPathValidatorException("Subject distinguished name is not from a permitted subtree");
    }

    /* JADX WARN: Unreachable blocks removed: 1, instructions: 1 */
    private void checkPermittedEmail(HashSet hashSet, String str) throws CertPathValidatorException {
        if (hashSet.isEmpty()) {
            return;
        }
        String substring = str.substring(str.indexOf(64) + 1);
        Iterator it2 = hashSet.iterator();
        while (it2.hasNext()) {
            if (substring.endsWith((String) it2.next())) {
                return;
            }
        }
        throw new CertPathValidatorException("Subject email address is not from a permitted subtree");
    }

    private void checkPermittedIP(HashSet hashSet, byte[] bArr) throws CertPathValidatorException {
        if (hashSet.isEmpty()) {
        }
    }

    private final Collection findCRLs(X509CRLSelector x509CRLSelector, List list) {
        HashSet hashSet = new HashSet();
        Iterator it2 = list.iterator();
        while (it2.hasNext()) {
            try {
                hashSet.addAll(((CertStore) it2.next()).getCRLs(x509CRLSelector));
            } catch (CertStoreException e) {
                e.printStackTrace();
            }
        }
        return hashSet;
    }

    private AlgorithmIdentifier getAlgorithmIdentifier(PublicKey publicKey) throws CertPathValidatorException {
        try {
            return SubjectPublicKeyInfo.getInstance(new ASN1InputStream(new ByteArrayInputStream(publicKey.getEncoded())).readObject()).getAlgorithmId();
        } catch (IOException unused) {
            throw new CertPathValidatorException("exception processing public key");
        }
    }

    private DERObject getExtensionValue(X509Extension x509Extension, String str) throws CertPathValidatorException {
        byte[] extensionValue = x509Extension.getExtensionValue(str);
        if (extensionValue == null) {
            return null;
        }
        return getObject(str, extensionValue);
    }

    private DERObject getObject(String str, byte[] bArr) throws CertPathValidatorException {
        try {
            return new ASN1InputStream(((ASN1OctetString) new ASN1InputStream(bArr).readObject()).getOctets()).readObject();
        } catch (IOException unused) {
            StringBuffer stringBuffer = new StringBuffer();
            stringBuffer.append("exception processing extension ");
            stringBuffer.append(str);
            throw new CertPathValidatorException(stringBuffer.toString());
        }
    }

    private final Set getQualifierSet(ASN1Sequence aSN1Sequence) throws CertPathValidatorException {
        HashSet hashSet = new HashSet();
        if (aSN1Sequence == null) {
            return hashSet;
        }
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        ASN1OutputStream aSN1OutputStream = new ASN1OutputStream(byteArrayOutputStream);
        Enumeration objects = aSN1Sequence.getObjects();
        while (objects.hasMoreElements()) {
            try {
                aSN1OutputStream.writeObject(objects.nextElement());
                hashSet.add(new PolicyQualifierInfo(byteArrayOutputStream.toByteArray()));
                byteArrayOutputStream.reset();
            } catch (IOException e) {
                StringBuffer stringBuffer = new StringBuffer();
                stringBuffer.append("exception building qualifier set: ");
                stringBuffer.append(e);
                throw new CertPathValidatorException(stringBuffer.toString());
            }
        }
        return hashSet;
    }

    private HashSet intersectDN(HashSet hashSet, ASN1Sequence aSN1Sequence) {
        if (hashSet.isEmpty()) {
            hashSet.add(aSN1Sequence);
            return hashSet;
        }
        HashSet hashSet2 = new HashSet();
        Iterator it2 = hashSet.iterator();
        while (it2.hasNext()) {
            ASN1Sequence aSN1Sequence2 = (ASN1Sequence) it2.next();
            if (withinDNSubtree(aSN1Sequence, aSN1Sequence2)) {
                hashSet2.add(aSN1Sequence);
            } else if (withinDNSubtree(aSN1Sequence2, aSN1Sequence)) {
                hashSet2.add(aSN1Sequence2);
            }
        }
        return hashSet2;
    }

    private HashSet intersectEmail(HashSet hashSet, String str) {
        String substring = str.substring(str.indexOf(64) + 1);
        if (hashSet.isEmpty()) {
            hashSet.add(substring);
            return hashSet;
        }
        HashSet hashSet2 = new HashSet();
        Iterator it2 = hashSet.iterator();
        while (it2.hasNext()) {
            String str2 = (String) it2.next();
            if (substring.endsWith(str2)) {
                hashSet2.add(substring);
            } else if (str2.endsWith(substring)) {
                hashSet2.add(str2);
            }
        }
        return hashSet2;
    }

    private HashSet intersectIP(HashSet hashSet, byte[] bArr) {
        return hashSet;
    }

    private boolean isAnyPolicy(Set set) {
        return set.contains(ANY_POLICY) || set.size() == 0;
    }

    private boolean isSelfIssued(X509Certificate x509Certificate) {
        return x509Certificate.getSubjectDN().equals(x509Certificate.getIssuerDN());
    }

    private boolean processCertD1i(int i, ArrayList[] arrayListArr, DERObjectIdentifier dERObjectIdentifier, Set set) {
        ArrayList arrayList = arrayListArr[i - 1];
        for (int i2 = 0; i2 < arrayList.size(); i2++) {
            PKIXPolicyNode pKIXPolicyNode = (PKIXPolicyNode) arrayList.get(i2);
            if (pKIXPolicyNode.getExpectedPolicies().contains(dERObjectIdentifier.getId())) {
                HashSet hashSet = new HashSet();
                hashSet.add(dERObjectIdentifier.getId());
                PKIXPolicyNode pKIXPolicyNode2 = new PKIXPolicyNode(new ArrayList(), i, hashSet, pKIXPolicyNode, set, dERObjectIdentifier.getId(), false);
                pKIXPolicyNode.addChild(pKIXPolicyNode2);
                arrayListArr[i].add(pKIXPolicyNode2);
                return true;
            }
        }
        return false;
    }

    private void processCertD1ii(int i, ArrayList[] arrayListArr, DERObjectIdentifier dERObjectIdentifier, Set set) {
        ArrayList arrayList = arrayListArr[i - 1];
        for (int i2 = 0; i2 < arrayList.size(); i2++) {
            PKIXPolicyNode pKIXPolicyNode = (PKIXPolicyNode) arrayList.get(i2);
            pKIXPolicyNode.getExpectedPolicies();
            if (ANY_POLICY.equals(pKIXPolicyNode.getValidPolicy())) {
                HashSet hashSet = new HashSet();
                hashSet.add(dERObjectIdentifier.getId());
                PKIXPolicyNode pKIXPolicyNode2 = new PKIXPolicyNode(new ArrayList(), i, hashSet, pKIXPolicyNode, set, dERObjectIdentifier.getId(), false);
                pKIXPolicyNode.addChild(pKIXPolicyNode2);
                arrayListArr[i].add(pKIXPolicyNode2);
                return;
            }
        }
    }

    private PKIXPolicyNode removePolicyNode(PKIXPolicyNode pKIXPolicyNode, ArrayList[] arrayListArr, PKIXPolicyNode pKIXPolicyNode2) {
        PKIXPolicyNode pKIXPolicyNode3 = (PKIXPolicyNode) pKIXPolicyNode2.getParent();
        if (pKIXPolicyNode == null) {
            return null;
        }
        if (pKIXPolicyNode3 != null) {
            pKIXPolicyNode3.removeChild(pKIXPolicyNode2);
            removePolicyNodeRecurse(arrayListArr, pKIXPolicyNode2);
            return pKIXPolicyNode;
        }
        for (int i = 0; i < arrayListArr.length; i++) {
            arrayListArr[i] = new ArrayList();
        }
        return null;
    }

    private void removePolicyNodeRecurse(ArrayList[] arrayListArr, PKIXPolicyNode pKIXPolicyNode) {
        arrayListArr[pKIXPolicyNode.getDepth()].remove(pKIXPolicyNode);
        if (pKIXPolicyNode.hasChildren()) {
            Iterator children = pKIXPolicyNode.getChildren();
            while (children.hasNext()) {
                removePolicyNodeRecurse(arrayListArr, (PKIXPolicyNode) children.next());
            }
        }
    }

    private HashSet unionDN(HashSet hashSet, ASN1Sequence aSN1Sequence) {
        if (hashSet.isEmpty()) {
            hashSet.add(aSN1Sequence);
            return hashSet;
        }
        HashSet hashSet2 = new HashSet();
        Iterator it2 = hashSet.iterator();
        while (it2.hasNext()) {
            ASN1Sequence aSN1Sequence2 = (ASN1Sequence) it2.next();
            if (withinDNSubtree(aSN1Sequence, aSN1Sequence2)) {
                hashSet2.add(aSN1Sequence2);
            } else if (withinDNSubtree(aSN1Sequence2, aSN1Sequence)) {
                hashSet2.add(aSN1Sequence);
            } else {
                hashSet2.add(aSN1Sequence2);
                hashSet2.add(aSN1Sequence);
            }
        }
        return hashSet2;
    }

    private HashSet unionEmail(HashSet hashSet, String str) {
        String substring = str.substring(str.indexOf(64) + 1);
        if (hashSet.isEmpty()) {
            hashSet.add(substring);
            return hashSet;
        }
        HashSet hashSet2 = new HashSet();
        Iterator it2 = hashSet.iterator();
        while (it2.hasNext()) {
            String str2 = (String) it2.next();
            if (substring.endsWith(str2)) {
                hashSet2.add(str2);
            } else if (str2.endsWith(substring)) {
                hashSet2.add(substring);
            } else {
                hashSet2.add(str2);
                hashSet2.add(substring);
            }
        }
        return hashSet2;
    }

    private HashSet unionIP(HashSet hashSet, byte[] bArr) {
        return hashSet;
    }

    private boolean withinDNSubtree(ASN1Sequence aSN1Sequence, ASN1Sequence aSN1Sequence2) {
        if (aSN1Sequence2.size() < 1 || aSN1Sequence2.size() > aSN1Sequence.size()) {
            return false;
        }
        for (int size = aSN1Sequence2.size() - 1; size >= 0; size--) {
            if (!aSN1Sequence2.getObjectAt(size).equals(aSN1Sequence.getObjectAt(size))) {
                return false;
            }
        }
        return true;
    }

    /* JADX WARN: Unreachable blocks removed: 1, instructions: 1 */
    @Override // java.security.cert.CertPathValidatorSpi
    public CertPathValidatorResult engineValidate(CertPath certPath, CertPathParameters certPathParameters) throws CertPathValidatorException, InvalidAlgorithmParameterException {
        Object x500Principal;
        PublicKey cAPublicKey;
        Object obj;
        PublicKey publicKey;
        HashSet hashSet;
        Set set;
        PKIXPolicyNode pKIXPolicyNode;
        Date date;
        HashSet hashSet2;
        HashSet hashSet3;
        HashSet hashSet4;
        HashSet hashSet5;
        HashSet hashSet6;
        HashSet hashSet7;
        HashSet hashSet8;
        HashSet hashSet9;
        HashSet hashSet10;
        HashSet hashSet11;
        HashSet hashSet12;
        HashSet hashSet13;
        HashSet hashSet14;
        HashSet hashSet15;
        HashSet hashSet16;
        HashSet hashSet17;
        ArrayList[] arrayListArr;
        Set set2;
        Set set3;
        HashSet hashSet18;
        int i;
        int i2;
        int i3;
        int i4;
        BigInteger pathLenConstraint;
        HashSet hashSet19;
        Set set4;
        String str;
        int i5;
        boolean z;
        Date date2;
        boolean z2;
        DEREnumerated dEREnumerated;
        if (!(certPathParameters instanceof PKIXParameters)) {
            throw new InvalidAlgorithmParameterException("params must be a PKIXParameters instance");
        }
        PKIXParameters pKIXParameters = (PKIXParameters) certPathParameters;
        if (pKIXParameters.getTrustAnchors() == null) {
            throw new InvalidAlgorithmParameterException("trustAnchors is null, this is not allowed for path validation");
        }
        List<? extends Certificate> certificates = certPath.getCertificates();
        int size = certificates.size();
        if (certificates.isEmpty()) {
            throw new CertPathValidatorException("CertPath is empty", null, certPath, 0);
        }
        Date date3 = pKIXParameters.getDate();
        if (date3 == null) {
            date3 = new Date();
        }
        Set initialPolicies = pKIXParameters.getInitialPolicies();
        TrustAnchor findTrustAnchor = findTrustAnchor((X509Certificate) certificates.get(certificates.size() - 1), pKIXParameters.getTrustAnchors());
        if (findTrustAnchor == null) {
            throw new CertPathValidatorException("TrustAnchor for CertPath not found", null, certPath, 0);
        }
        new HashSet();
        new HashSet();
        int i6 = size + 1;
        ArrayList[] arrayListArr2 = new ArrayList[i6];
        for (int i7 = 0; i7 < arrayListArr2.length; i7++) {
            arrayListArr2[i7] = new ArrayList();
        }
        HashSet hashSet20 = new HashSet();
        hashSet20.add(ANY_POLICY);
        PKIXPolicyNode pKIXPolicyNode2 = r15;
        PKIXPolicyNode pKIXPolicyNode3 = new PKIXPolicyNode(new ArrayList(), 0, hashSet20, null, new HashSet(), ANY_POLICY, false);
        arrayListArr2[0].add(pKIXPolicyNode2);
        HashSet hashSet21 = new HashSet();
        HashSet hashSet22 = new HashSet();
        HashSet hashSet23 = new HashSet();
        HashSet hashSet24 = new HashSet();
        HashSet hashSet25 = new HashSet();
        HashSet hashSet26 = new HashSet();
        int i8 = pKIXParameters.isExplicitPolicyRequired() ? 0 : i6;
        int i9 = pKIXParameters.isAnyPolicyInhibited() ? 0 : i6;
        if (pKIXParameters.isPolicyMappingInhibited()) {
            i6 = 0;
        }
        X509Certificate trustedCert = findTrustAnchor.getTrustedCert();
        try {
            if (trustedCert != null) {
                x500Principal = trustedCert.getSubjectX500Principal();
                cAPublicKey = trustedCert.getPublicKey();
            } else {
                x500Principal = new X500Principal(findTrustAnchor.getCAName());
                cAPublicKey = findTrustAnchor.getCAPublicKey();
            }
            AlgorithmIdentifier algorithmIdentifier = getAlgorithmIdentifier(cAPublicKey);
            algorithmIdentifier.getObjectId();
            algorithmIdentifier.getParameters();
            if (pKIXParameters.getTargetCertConstraints() != null) {
                obj = x500Principal;
                publicKey = cAPublicKey;
                if (!pKIXParameters.getTargetCertConstraints().match((X509Certificate) certificates.get(0))) {
                    throw new CertPathValidatorException("target certificate in certpath does not match targetcertconstraints", null, certPath, 0);
                }
            } else {
                obj = x500Principal;
                publicKey = cAPublicKey;
            }
            List<PKIXCertPathChecker> certPathCheckers = pKIXParameters.getCertPathCheckers();
            Iterator<PKIXCertPathChecker> it2 = certPathCheckers.iterator();
            while (it2.hasNext()) {
                it2.next().init(false);
                pKIXPolicyNode2 = pKIXPolicyNode2;
            }
            PKIXPolicyNode pKIXPolicyNode4 = pKIXPolicyNode2;
            int size2 = certificates.size() - 1;
            int i10 = size;
            ArrayList[] arrayListArr3 = arrayListArr2;
            HashSet hashSet27 = hashSet25;
            X509Certificate x509Certificate = trustedCert;
            Set set5 = null;
            HashSet hashSet28 = hashSet22;
            HashSet hashSet29 = hashSet21;
            HashSet hashSet30 = hashSet26;
            X509Certificate x509Certificate2 = null;
            HashSet hashSet31 = hashSet23;
            HashSet hashSet32 = hashSet24;
            Object obj2 = obj;
            int i11 = i9;
            PublicKey publicKey2 = publicKey;
            int i12 = i6;
            PublicKey publicKey3 = publicKey2;
            while (size2 >= 0) {
                HashSet hashSet33 = hashSet27;
                int i13 = size - size2;
                List<? extends Certificate> list = certificates;
                X509Certificate x509Certificate3 = (X509Certificate) certificates.get(size2);
                HashSet hashSet34 = hashSet28;
                try {
                    x509Certificate3.verify(publicKey3, "BC");
                    x509Certificate3.checkValidity(date3);
                    HashSet hashSet35 = hashSet30;
                    if (pKIXParameters.isRevocationEnabled()) {
                        X509CRLSelector x509CRLSelector = new X509CRLSelector();
                        try {
                            x509CRLSelector.addIssuerName(x509Certificate3.getIssuerX500Principal().getEncoded());
                            x509CRLSelector.setCertificateChecking(x509Certificate3);
                            Iterator it3 = findCRLs(x509CRLSelector, pKIXParameters.getCertStores()).iterator();
                            boolean z3 = false;
                            while (it3.hasNext()) {
                                Iterator it4 = it3;
                                X509CRL x509crl = (X509CRL) it3.next();
                                HashSet hashSet36 = hashSet31;
                                HashSet hashSet37 = hashSet32;
                                if (x509Certificate3.getNotAfter().after(x509crl.getThisUpdate())) {
                                    if (x509crl.getNextUpdate() == null || date3.before(x509crl.getNextUpdate())) {
                                        z3 = true;
                                    }
                                    if (x509Certificate != null) {
                                        boolean[] keyUsage = x509Certificate.getKeyUsage();
                                        if (keyUsage != null) {
                                            z = z3;
                                            if (keyUsage.length < 7 || !keyUsage[6]) {
                                                StringBuffer stringBuffer = new StringBuffer();
                                                stringBuffer.append("Issuer certificate keyusage extension does not permit crl signing.\n");
                                                stringBuffer.append(x509Certificate);
                                                throw new CertPathValidatorException(stringBuffer.toString(), null, certPath, size2);
                                            }
                                        } else {
                                            z = z3;
                                        }
                                    } else {
                                        z = z3;
                                    }
                                    try {
                                        x509crl.verify(publicKey3, "BC");
                                        X509CRLEntry revokedCertificate = x509crl.getRevokedCertificate(x509Certificate3.getSerialNumber());
                                        if (revokedCertificate != null && !date3.before(revokedCertificate.getRevocationDate())) {
                                            String str2 = (!revokedCertificate.hasExtensions() || (dEREnumerated = DEREnumerated.getInstance(getExtensionValue(revokedCertificate, X509Extensions.ReasonCode.getId()))) == null) ? null : crlReasons[dEREnumerated.getValue().intValue()];
                                            StringBuffer stringBuffer2 = new StringBuffer();
                                            stringBuffer2.append("Certificate revocation after ");
                                            stringBuffer2.append(revokedCertificate.getRevocationDate());
                                            String stringBuffer3 = stringBuffer2.toString();
                                            if (str2 != null) {
                                                StringBuffer stringBuffer4 = new StringBuffer();
                                                stringBuffer4.append(stringBuffer3);
                                                stringBuffer4.append(", reason: ");
                                                stringBuffer4.append(str2);
                                                stringBuffer3 = stringBuffer4.toString();
                                            }
                                            throw new CertPathValidatorException(stringBuffer3, null, certPath, size2);
                                        }
                                        DERObject extensionValue = getExtensionValue(x509crl, ISSUING_DISTRIBUTION_POINT);
                                        DERObject extensionValue2 = getExtensionValue(x509crl, DELTA_CRL_INDICATOR);
                                        if (extensionValue2 != null) {
                                            X509CRLSelector x509CRLSelector2 = new X509CRLSelector();
                                            try {
                                                date2 = date3;
                                                x509CRLSelector2.addIssuerName(x509crl.getIssuerX500Principal().getEncoded());
                                                x509CRLSelector2.setMinCRLNumber(((DERInteger) extensionValue2).getPositiveValue());
                                                x509CRLSelector2.setMaxCRLNumber(((DERInteger) getExtensionValue(x509crl, CRL_NUMBER)).getPositiveValue().subtract(BigInteger.valueOf(1L)));
                                                Iterator it5 = findCRLs(x509CRLSelector2, pKIXParameters.getCertStores()).iterator();
                                                while (true) {
                                                    if (it5.hasNext()) {
                                                        Object extensionValue3 = getExtensionValue((X509CRL) it5.next(), ISSUING_DISTRIBUTION_POINT);
                                                        if (extensionValue == null) {
                                                            if (extensionValue3 == null) {
                                                                z2 = true;
                                                            }
                                                        } else if (extensionValue.equals(extensionValue3)) {
                                                            z2 = true;
                                                        }
                                                    } else {
                                                        z2 = false;
                                                    }
                                                }
                                                if (!z2) {
                                                    throw new CertPathValidatorException("No base CRL for delta CRL");
                                                }
                                            } catch (IOException e) {
                                                StringBuffer stringBuffer5 = new StringBuffer();
                                                stringBuffer5.append("can't extract issuer from certificate: ");
                                                stringBuffer5.append(e);
                                                throw new CertPathValidatorException(stringBuffer5.toString());
                                            }
                                        } else {
                                            date2 = date3;
                                        }
                                        if (extensionValue != null) {
                                            IssuingDistributionPoint issuingDistributionPoint = IssuingDistributionPoint.getInstance(extensionValue);
                                            BasicConstraints basicConstraints = BasicConstraints.getInstance(getExtensionValue(x509Certificate3, BASIC_CONSTRAINTS));
                                            if (issuingDistributionPoint.onlyContainsUserCerts() && (basicConstraints == null || basicConstraints.isCA())) {
                                                throw new CertPathValidatorException("CA Cert CRL only contains user certificates");
                                            }
                                            if (issuingDistributionPoint.onlyContainsCACerts() && (basicConstraints == null || !basicConstraints.isCA())) {
                                                throw new CertPathValidatorException("End CRL only contains CA certificates");
                                            }
                                            if (issuingDistributionPoint.onlyContainsAttributeCerts()) {
                                                throw new CertPathValidatorException("onlyContainsAttributeCerts boolean is asserted");
                                            }
                                        }
                                        z3 = z;
                                        it3 = it4;
                                        hashSet31 = hashSet36;
                                        hashSet32 = hashSet37;
                                        date3 = date2;
                                    } catch (Exception e2) {
                                        StringBuffer stringBuffer6 = new StringBuffer();
                                        stringBuffer6.append("can't verify CRL: ");
                                        stringBuffer6.append(e2);
                                        throw new CertPathValidatorException(stringBuffer6.toString());
                                    }
                                } else {
                                    it3 = it4;
                                    hashSet31 = hashSet36;
                                    hashSet32 = hashSet37;
                                }
                            }
                            date = date3;
                            hashSet2 = hashSet31;
                            hashSet3 = hashSet32;
                            if (!z3) {
                                throw new CertPathValidatorException("no valid CRL found", null, certPath, size2);
                            }
                        } catch (IOException e3) {
                            StringBuffer stringBuffer7 = new StringBuffer();
                            stringBuffer7.append("can't extract issuer from certificate: ");
                            stringBuffer7.append(e3);
                            throw new CertPathValidatorException(stringBuffer7.toString());
                        }
                    } else {
                        date = date3;
                        hashSet2 = hashSet31;
                        hashSet3 = hashSet32;
                    }
                    if (!x509Certificate3.getIssuerX500Principal().equals(obj2)) {
                        StringBuffer stringBuffer8 = new StringBuffer();
                        stringBuffer8.append("IssuerName(");
                        stringBuffer8.append(x509Certificate3.getIssuerX500Principal());
                        stringBuffer8.append(") does not match SubjectName(");
                        stringBuffer8.append(obj2);
                        stringBuffer8.append(") of signing certificate");
                        throw new CertPathValidatorException(stringBuffer8.toString(), null, certPath, size2);
                    }
                    int i14 = 4;
                    if (!isSelfIssued(x509Certificate3) || i13 >= size) {
                        try {
                            ASN1Sequence aSN1Sequence = (ASN1Sequence) new ASN1InputStream(new ByteArrayInputStream(x509Certificate3.getSubjectX500Principal().getEncoded())).readObject();
                            checkPermittedDN(hashSet29, aSN1Sequence);
                            hashSet4 = hashSet3;
                            checkExcludedDN(hashSet4, aSN1Sequence);
                            ASN1Sequence aSN1Sequence2 = (ASN1Sequence) getExtensionValue(x509Certificate3, SUBJECT_ALTERNATIVE_NAME);
                            if (aSN1Sequence2 != null) {
                                int i15 = 0;
                                while (i15 < aSN1Sequence2.size()) {
                                    ASN1TaggedObject aSN1TaggedObject = (ASN1TaggedObject) aSN1Sequence2.getObjectAt(i15);
                                    int tagNo = aSN1TaggedObject.getTagNo();
                                    if (tagNo == 1) {
                                        hashSet9 = hashSet35;
                                        hashSet10 = hashSet2;
                                        String string = DERIA5String.getInstance(aSN1TaggedObject, true).getString();
                                        hashSet11 = hashSet34;
                                        checkPermittedEmail(hashSet11, string);
                                        hashSet12 = hashSet33;
                                        checkExcludedEmail(hashSet12, string);
                                    } else if (tagNo == i14) {
                                        hashSet9 = hashSet35;
                                        hashSet10 = hashSet2;
                                        ASN1Sequence aSN1Sequence3 = ASN1Sequence.getInstance(aSN1TaggedObject, true);
                                        checkPermittedDN(hashSet29, aSN1Sequence3);
                                        checkExcludedDN(hashSet4, aSN1Sequence3);
                                        hashSet11 = hashSet34;
                                        hashSet12 = hashSet33;
                                    } else if (tagNo != 7) {
                                        hashSet11 = hashSet34;
                                        hashSet12 = hashSet33;
                                        hashSet9 = hashSet35;
                                        hashSet10 = hashSet2;
                                    } else {
                                        byte[] octets = ASN1OctetString.getInstance(aSN1TaggedObject, true).getOctets();
                                        hashSet10 = hashSet2;
                                        checkPermittedIP(hashSet10, octets);
                                        hashSet9 = hashSet35;
                                        checkExcludedIP(hashSet9, octets);
                                        hashSet11 = hashSet34;
                                        hashSet12 = hashSet33;
                                    }
                                    i15++;
                                    hashSet33 = hashSet12;
                                    hashSet35 = hashSet9;
                                    hashSet34 = hashSet11;
                                    hashSet2 = hashSet10;
                                    i14 = 4;
                                }
                                hashSet5 = hashSet34;
                                hashSet6 = hashSet33;
                                hashSet7 = hashSet35;
                                hashSet8 = hashSet2;
                            } else {
                                hashSet5 = hashSet34;
                                hashSet6 = hashSet33;
                                hashSet7 = hashSet35;
                                hashSet8 = hashSet2;
                            }
                        } catch (IOException unused) {
                            throw new CertPathValidatorException("exception extracting subject name when checking subtrees");
                        }
                    } else {
                        hashSet5 = hashSet34;
                        hashSet6 = hashSet33;
                        hashSet7 = hashSet35;
                        hashSet8 = hashSet2;
                        hashSet4 = hashSet3;
                    }
                    ASN1Sequence aSN1Sequence4 = (ASN1Sequence) getExtensionValue(x509Certificate3, CERTIFICATE_POLICIES);
                    if (aSN1Sequence4 == null || pKIXPolicyNode4 == null) {
                        hashSet13 = hashSet6;
                        hashSet14 = hashSet4;
                        hashSet15 = hashSet7;
                        hashSet16 = hashSet5;
                        hashSet17 = hashSet29;
                        arrayListArr = arrayListArr3;
                        set2 = set5;
                    } else {
                        Enumeration objects = aSN1Sequence4.getObjects();
                        HashSet hashSet38 = new HashSet();
                        while (objects.hasMoreElements()) {
                            PolicyInformation policyInformation = PolicyInformation.getInstance(objects.nextElement());
                            HashSet hashSet39 = hashSet6;
                            DERObjectIdentifier policyIdentifier = policyInformation.getPolicyIdentifier();
                            HashSet hashSet40 = hashSet4;
                            hashSet38.add(policyIdentifier.getId());
                            Enumeration enumeration = objects;
                            if (ANY_POLICY.equals(policyIdentifier.getId())) {
                                objects = enumeration;
                                hashSet6 = hashSet39;
                                hashSet4 = hashSet40;
                            } else {
                                Set qualifierSet = getQualifierSet(policyInformation.getPolicyQualifiers());
                                ArrayList[] arrayListArr4 = arrayListArr3;
                                if (processCertD1i(i13, arrayListArr4, policyIdentifier, qualifierSet)) {
                                    arrayListArr3 = arrayListArr4;
                                    objects = enumeration;
                                    hashSet6 = hashSet39;
                                    hashSet4 = hashSet40;
                                } else {
                                    processCertD1ii(i13, arrayListArr4, policyIdentifier, qualifierSet);
                                    arrayListArr3 = arrayListArr4;
                                    objects = enumeration;
                                    hashSet6 = hashSet39;
                                    hashSet4 = hashSet40;
                                }
                            }
                        }
                        hashSet13 = hashSet6;
                        hashSet14 = hashSet4;
                        arrayListArr = arrayListArr3;
                        if (set5 == null) {
                            hashSet19 = hashSet38;
                            hashSet15 = hashSet7;
                        } else {
                            hashSet19 = new HashSet();
                            for (Object obj3 : set5) {
                                HashSet hashSet41 = hashSet7;
                                if (hashSet38.contains(obj3)) {
                                    hashSet19.add(obj3);
                                    hashSet7 = hashSet41;
                                } else {
                                    hashSet7 = hashSet41;
                                }
                            }
                            hashSet15 = hashSet7;
                        }
                        if (i11 > 0 || (i13 < size && isSelfIssued(x509Certificate3))) {
                            Enumeration objects2 = aSN1Sequence4.getObjects();
                            while (true) {
                                if (objects2.hasMoreElements()) {
                                    PolicyInformation policyInformation2 = PolicyInformation.getInstance(objects2.nextElement());
                                    Enumeration enumeration2 = objects2;
                                    if (ANY_POLICY.equals(policyInformation2.getPolicyIdentifier().getId())) {
                                        objects2 = enumeration2;
                                    } else {
                                        Set qualifierSet2 = getQualifierSet(policyInformation2.getPolicyQualifiers());
                                        ArrayList arrayList = arrayListArr[i13 - 1];
                                        set4 = hashSet19;
                                        for (int i16 = 0; i16 < arrayList.size(); i16++) {
                                            PKIXPolicyNode pKIXPolicyNode5 = (PKIXPolicyNode) arrayList.get(i16);
                                            for (Object obj4 : pKIXPolicyNode5.getExpectedPolicies()) {
                                                ArrayList arrayList2 = arrayList;
                                                HashSet hashSet42 = hashSet5;
                                                if (obj4 instanceof String) {
                                                    str = (String) obj4;
                                                } else if (obj4 instanceof DERObjectIdentifier) {
                                                    str = ((DERObjectIdentifier) obj4).getId();
                                                } else {
                                                    arrayList = arrayList2;
                                                    hashSet5 = hashSet42;
                                                }
                                                Iterator children = pKIXPolicyNode5.getChildren();
                                                boolean z4 = false;
                                                while (children.hasNext()) {
                                                    Iterator it6 = children;
                                                    if (str.equals(((PKIXPolicyNode) children.next()).getValidPolicy())) {
                                                        children = it6;
                                                        z4 = true;
                                                    } else {
                                                        children = it6;
                                                    }
                                                }
                                                if (z4) {
                                                    arrayList = arrayList2;
                                                    hashSet5 = hashSet42;
                                                } else {
                                                    HashSet hashSet43 = new HashSet();
                                                    hashSet43.add(str);
                                                    HashSet hashSet44 = hashSet29;
                                                    PKIXPolicyNode pKIXPolicyNode6 = new PKIXPolicyNode(new ArrayList(), i13, hashSet43, pKIXPolicyNode5, qualifierSet2, str, false);
                                                    pKIXPolicyNode5.addChild(pKIXPolicyNode6);
                                                    arrayListArr[i13].add(pKIXPolicyNode6);
                                                    arrayList = arrayList2;
                                                    hashSet5 = hashSet42;
                                                    hashSet29 = hashSet44;
                                                }
                                            }
                                        }
                                        hashSet16 = hashSet5;
                                        hashSet17 = hashSet29;
                                    }
                                } else {
                                    set4 = hashSet19;
                                    hashSet16 = hashSet5;
                                    hashSet17 = hashSet29;
                                }
                            }
                        } else {
                            set4 = hashSet19;
                            hashSet16 = hashSet5;
                            hashSet17 = hashSet29;
                        }
                        int i17 = i13 - 1;
                        for (int i18 = i17; i18 >= 0; i18--) {
                            ArrayList arrayList3 = arrayListArr[i18];
                            PKIXPolicyNode pKIXPolicyNode7 = pKIXPolicyNode4;
                            while (i5 < arrayList3.size()) {
                                PKIXPolicyNode pKIXPolicyNode8 = (PKIXPolicyNode) arrayList3.get(i5);
                                i5 = (pKIXPolicyNode8.hasChildren() || (pKIXPolicyNode7 = removePolicyNode(pKIXPolicyNode7, arrayListArr, pKIXPolicyNode8)) != null) ? i5 + 1 : 0;
                            }
                            pKIXPolicyNode4 = pKIXPolicyNode7;
                        }
                        Set<String> criticalExtensionOIDs = x509Certificate3.getCriticalExtensionOIDs();
                        if (criticalExtensionOIDs != null) {
                            boolean contains = criticalExtensionOIDs.contains(CERTIFICATE_POLICIES);
                            ArrayList arrayList4 = arrayListArr[i13];
                            for (int i19 = 0; i19 < arrayList4.size(); i19++) {
                                ((PKIXPolicyNode) arrayList4.get(i19)).setCritical(contains);
                            }
                        }
                        while (i17 >= 0) {
                            ArrayList arrayList5 = arrayListArr[i17];
                            PKIXPolicyNode pKIXPolicyNode9 = pKIXPolicyNode4;
                            for (int i20 = 0; i20 < arrayList5.size(); i20++) {
                                PKIXPolicyNode pKIXPolicyNode10 = (PKIXPolicyNode) arrayList5.get(i20);
                                if (!pKIXPolicyNode10.hasChildren()) {
                                    pKIXPolicyNode9 = removePolicyNode(pKIXPolicyNode9, arrayListArr, pKIXPolicyNode10);
                                }
                            }
                            i17--;
                            pKIXPolicyNode4 = pKIXPolicyNode9;
                        }
                        set2 = set4;
                    }
                    if (aSN1Sequence4 == null) {
                        pKIXPolicyNode4 = null;
                    }
                    if (i8 <= 0 && pKIXPolicyNode4 == null && !isAnyPolicy(set2)) {
                        throw new CertPathValidatorException("Failure in process (f)");
                    }
                    if (i13 == size) {
                        set3 = set2;
                        hashSet31 = hashSet8;
                        hashSet27 = hashSet13;
                        hashSet30 = hashSet15;
                        hashSet32 = hashSet14;
                        hashSet28 = hashSet16;
                        hashSet29 = hashSet17;
                    } else {
                        if (x509Certificate3 != null && x509Certificate3.getVersion() == 1) {
                            throw new CertPathValidatorException("Version 1 certs can't be used as CA ones");
                        }
                        DERObject extensionValue4 = getExtensionValue(x509Certificate3, POLICY_MAPPINGS);
                        if (extensionValue4 != null) {
                            ASN1Sequence aSN1Sequence5 = (ASN1Sequence) extensionValue4;
                            for (int i21 = 0; i21 < aSN1Sequence5.size(); i21++) {
                                ASN1Sequence aSN1Sequence6 = (ASN1Sequence) aSN1Sequence5.getObjectAt(i21);
                                DERObjectIdentifier dERObjectIdentifier = (DERObjectIdentifier) aSN1Sequence6.getObjectAt(0);
                                DERObjectIdentifier dERObjectIdentifier2 = (DERObjectIdentifier) aSN1Sequence6.getObjectAt(1);
                                if (ANY_POLICY.equals(dERObjectIdentifier.getId())) {
                                    throw new CertPathValidatorException("IssuerDomainPolicy is anyPolicy");
                                }
                                if (ANY_POLICY.equals(dERObjectIdentifier2.getId())) {
                                    throw new CertPathValidatorException("SubjectDomainPolicy is anyPolicy");
                                }
                            }
                        }
                        ASN1Sequence aSN1Sequence7 = (ASN1Sequence) getExtensionValue(x509Certificate3, NAME_CONSTRAINTS);
                        if (aSN1Sequence7 != null) {
                            NameConstraints nameConstraints = new NameConstraints(aSN1Sequence7);
                            ASN1Sequence permittedSubtrees = nameConstraints.getPermittedSubtrees();
                            if (permittedSubtrees != null) {
                                Enumeration objects3 = permittedSubtrees.getObjects();
                                hashSet18 = hashSet16;
                                hashSet29 = hashSet17;
                                while (objects3.hasMoreElements()) {
                                    GeneralName base = GeneralSubtree.getInstance(objects3.nextElement()).getBase();
                                    int tagNo2 = base.getTagNo();
                                    if (tagNo2 == 1) {
                                        hashSet18 = intersectEmail(hashSet18, DERIA5String.getInstance(base.getName()).getString());
                                    } else if (tagNo2 == 4) {
                                        hashSet29 = intersectDN(hashSet29, (ASN1Sequence) base.getName());
                                    } else if (tagNo2 == 7) {
                                        hashSet8 = intersectIP(hashSet8, ASN1OctetString.getInstance(base.getName()).getOctets());
                                    }
                                }
                            } else {
                                hashSet18 = hashSet16;
                                hashSet29 = hashSet17;
                            }
                            ASN1Sequence excludedSubtrees = nameConstraints.getExcludedSubtrees();
                            if (excludedSubtrees != null) {
                                Enumeration objects4 = excludedSubtrees.getObjects();
                                HashSet hashSet45 = hashSet13;
                                HashSet hashSet46 = hashSet15;
                                HashSet hashSet47 = hashSet14;
                                while (objects4.hasMoreElements()) {
                                    GeneralName base2 = GeneralSubtree.getInstance(objects4.nextElement()).getBase();
                                    Enumeration enumeration3 = objects4;
                                    int tagNo3 = base2.getTagNo();
                                    Set set6 = set2;
                                    if (tagNo3 == 1) {
                                        hashSet45 = unionEmail(hashSet45, DERIA5String.getInstance(base2.getName()).getString());
                                    } else if (tagNo3 == 4) {
                                        hashSet47 = unionDN(hashSet47, (ASN1Sequence) base2.getName());
                                    } else if (tagNo3 == 7) {
                                        hashSet46 = unionIP(hashSet46, ASN1OctetString.getInstance(base2.getName()).getOctets());
                                    }
                                    objects4 = enumeration3;
                                    set2 = set6;
                                }
                                set3 = set2;
                                hashSet13 = hashSet45;
                                hashSet14 = hashSet47;
                                hashSet15 = hashSet46;
                            } else {
                                set3 = set2;
                            }
                        } else {
                            set3 = set2;
                            hashSet18 = hashSet16;
                            hashSet29 = hashSet17;
                        }
                        if (!isSelfIssued(x509Certificate3)) {
                            if (i8 != 0) {
                                i8--;
                            }
                            if (i12 != 0) {
                                i12--;
                            }
                            if (i11 != 0) {
                                i11--;
                            }
                        }
                        ASN1Sequence aSN1Sequence8 = (ASN1Sequence) getExtensionValue(x509Certificate3, POLICY_CONSTRAINTS);
                        if (aSN1Sequence8 != null) {
                            Enumeration objects5 = aSN1Sequence8.getObjects();
                            int i22 = i8;
                            i = i11;
                            while (objects5.hasMoreElements()) {
                                ASN1TaggedObject aSN1TaggedObject2 = (ASN1TaggedObject) objects5.nextElement();
                                switch (aSN1TaggedObject2.getTagNo()) {
                                    case 0:
                                        int intValue = DERInteger.getInstance(aSN1TaggedObject2).getValue().intValue();
                                        if (intValue < i22) {
                                            i22 = intValue;
                                            break;
                                        } else {
                                            break;
                                        }
                                    case 1:
                                        int intValue2 = DERInteger.getInstance(aSN1TaggedObject2).getValue().intValue();
                                        if (intValue2 < i) {
                                            i = intValue2;
                                            break;
                                        } else {
                                            break;
                                        }
                                }
                            }
                            i8 = i22;
                        } else {
                            i = i11;
                        }
                        DERInteger dERInteger = (DERInteger) getExtensionValue(x509Certificate3, INHIBIT_ANY_POLICY);
                        if (dERInteger == null || (i2 = dERInteger.getValue().intValue()) >= i) {
                            i2 = i;
                        }
                        BasicConstraints basicConstraints2 = BasicConstraints.getInstance(getExtensionValue(x509Certificate3, BASIC_CONSTRAINTS));
                        if (basicConstraints2 == null) {
                            throw new CertPathValidatorException("Intermediate certificate lacks BasicConstraints");
                        }
                        if (!basicConstraints2.isCA()) {
                            throw new CertPathValidatorException("Not a CA certificate");
                        }
                        if (isSelfIssued(x509Certificate3)) {
                            i3 = i10;
                        } else {
                            if (i10 <= 0) {
                                throw new CertPathValidatorException("Max path length not greater than zero");
                            }
                            i3 = i10 - 1;
                        }
                        if (basicConstraints2 == null || (pathLenConstraint = basicConstraints2.getPathLenConstraint()) == null || (i4 = pathLenConstraint.intValue()) >= i3) {
                            i4 = i3;
                        }
                        boolean[] keyUsage2 = x509Certificate3.getKeyUsage();
                        if (keyUsage2 != null && !keyUsage2[5]) {
                            throw new CertPathValidatorException("Issuer certificate keyusage extension is critical an does not permit key signing.\n", null, certPath, size2);
                        }
                        HashSet hashSet48 = new HashSet(x509Certificate3.getCriticalExtensionOIDs());
                        hashSet48.remove(KEY_USAGE);
                        hashSet48.remove(CERTIFICATE_POLICIES);
                        hashSet48.remove(POLICY_MAPPINGS);
                        hashSet48.remove(INHIBIT_ANY_POLICY);
                        hashSet48.remove(ISSUING_DISTRIBUTION_POINT);
                        hashSet48.remove(DELTA_CRL_INDICATOR);
                        hashSet48.remove(POLICY_CONSTRAINTS);
                        hashSet48.remove(BASIC_CONSTRAINTS);
                        hashSet48.remove(SUBJECT_ALTERNATIVE_NAME);
                        hashSet48.remove(NAME_CONSTRAINTS);
                        Iterator<PKIXCertPathChecker> it7 = certPathCheckers.iterator();
                        while (it7.hasNext()) {
                            try {
                                it7.next().check(x509Certificate3, hashSet48);
                            } catch (CertPathValidatorException e4) {
                                throw new CertPathValidatorException(e4.getMessage(), e4.getCause(), certPath, size2);
                            }
                        }
                        if (!hashSet48.isEmpty()) {
                            throw new CertPathValidatorException("Certificate has unsupported critical extension", null, certPath, size2);
                        }
                        i11 = i2;
                        i10 = i4;
                        hashSet28 = hashSet18;
                        hashSet31 = hashSet8;
                        hashSet27 = hashSet13;
                        hashSet30 = hashSet15;
                        hashSet32 = hashSet14;
                    }
                    publicKey3 = x509Certificate3.getPublicKey();
                    try {
                        Object subjectX500Principal = x509Certificate3.getSubjectX500Principal();
                        AlgorithmIdentifier algorithmIdentifier2 = getAlgorithmIdentifier(publicKey3);
                        algorithmIdentifier2.getObjectId();
                        algorithmIdentifier2.getParameters();
                        size2--;
                        x509Certificate = x509Certificate3;
                        x509Certificate2 = x509Certificate;
                        set5 = set3;
                        certificates = list;
                        arrayListArr3 = arrayListArr;
                        obj2 = subjectX500Principal;
                        date3 = date;
                    } catch (IllegalArgumentException e5) {
                        StringBuffer stringBuffer9 = new StringBuffer();
                        stringBuffer9.append(x509Certificate3.getSubjectDN().getName());
                        stringBuffer9.append(" :");
                        stringBuffer9.append(e5.toString());
                        throw new CertPathValidatorException(stringBuffer9.toString());
                    }
                } catch (GeneralSecurityException e6) {
                    StringBuffer stringBuffer10 = new StringBuffer();
                    stringBuffer10.append("couldn't validate certificate: ");
                    stringBuffer10.append(e6);
                    throw new CertPathValidatorException(stringBuffer10.toString());
                }
            }
            X509Certificate x509Certificate4 = x509Certificate2;
            ArrayList[] arrayListArr5 = arrayListArr3;
            if (!isSelfIssued(x509Certificate4) && i8 != 0) {
                i8--;
            }
            ASN1Sequence aSN1Sequence9 = (ASN1Sequence) getExtensionValue(x509Certificate4, POLICY_CONSTRAINTS);
            if (aSN1Sequence9 != null) {
                Enumeration objects6 = aSN1Sequence9.getObjects();
                int i23 = i8;
                while (objects6.hasMoreElements()) {
                    ASN1TaggedObject aSN1TaggedObject3 = (ASN1TaggedObject) objects6.nextElement();
                    if (aSN1TaggedObject3.getTagNo() == 0 && DERInteger.getInstance(aSN1TaggedObject3).getValue().intValue() == 0) {
                        i23 = 0;
                    }
                }
                i8 = i23;
            }
            Set<String> criticalExtensionOIDs2 = x509Certificate4.getCriticalExtensionOIDs();
            if (criticalExtensionOIDs2 != null) {
                hashSet = new HashSet(criticalExtensionOIDs2);
                hashSet.remove(KEY_USAGE);
                hashSet.remove(CERTIFICATE_POLICIES);
                hashSet.remove(POLICY_MAPPINGS);
                hashSet.remove(INHIBIT_ANY_POLICY);
                hashSet.remove(ISSUING_DISTRIBUTION_POINT);
                hashSet.remove(DELTA_CRL_INDICATOR);
                hashSet.remove(POLICY_CONSTRAINTS);
                hashSet.remove(BASIC_CONSTRAINTS);
                hashSet.remove(SUBJECT_ALTERNATIVE_NAME);
                hashSet.remove(NAME_CONSTRAINTS);
            } else {
                hashSet = new HashSet();
            }
            Iterator<PKIXCertPathChecker> it8 = certPathCheckers.iterator();
            while (it8.hasNext()) {
                try {
                    it8.next().check(x509Certificate4, hashSet);
                } catch (CertPathValidatorException e7) {
                    throw new CertPathValidatorException(e7.getMessage(), e7.getCause(), certPath, size2);
                }
            }
            if (!hashSet.isEmpty()) {
                throw new CertPathValidatorException("Certificate has unsupported critical extension", null, certPath, size2);
            }
            if (pKIXPolicyNode4 == null) {
                set = set5;
                pKIXPolicyNode = null;
            } else if (!isAnyPolicy(initialPolicies)) {
                set = set5;
                HashSet<PKIXPolicyNode> hashSet49 = new HashSet();
                for (ArrayList arrayList6 : arrayListArr5) {
                    for (int i24 = 0; i24 < arrayList6.size(); i24++) {
                        PKIXPolicyNode pKIXPolicyNode11 = (PKIXPolicyNode) arrayList6.get(i24);
                        if (ANY_POLICY.equals(pKIXPolicyNode11.getValidPolicy())) {
                            Iterator children2 = pKIXPolicyNode11.getChildren();
                            while (children2.hasNext()) {
                                hashSet49.add(children2.next());
                            }
                        }
                    }
                }
                PKIXPolicyNode pKIXPolicyNode12 = pKIXPolicyNode4;
                for (PKIXPolicyNode pKIXPolicyNode13 : hashSet49) {
                    if (!initialPolicies.contains(pKIXPolicyNode13.getValidPolicy())) {
                        pKIXPolicyNode12 = removePolicyNode(pKIXPolicyNode12, arrayListArr5, pKIXPolicyNode13);
                    }
                }
                for (PKIXPolicyNode pKIXPolicyNode14 : hashSet49) {
                    if (!set.contains(pKIXPolicyNode14.getValidPolicy())) {
                        pKIXPolicyNode12 = removePolicyNode(pKIXPolicyNode12, arrayListArr5, pKIXPolicyNode14);
                    }
                }
                if (pKIXPolicyNode12 != null) {
                    for (int i25 = size - 1; i25 >= 0; i25--) {
                        ArrayList arrayList7 = arrayListArr5[i25];
                        for (int i26 = 0; i26 < arrayList7.size(); i26++) {
                            PKIXPolicyNode pKIXPolicyNode15 = (PKIXPolicyNode) arrayList7.get(i26);
                            if (!pKIXPolicyNode15.hasChildren()) {
                                pKIXPolicyNode12 = removePolicyNode(pKIXPolicyNode12, arrayListArr5, pKIXPolicyNode15);
                            }
                        }
                    }
                }
                pKIXPolicyNode = pKIXPolicyNode12;
            } else if (!pKIXParameters.isExplicitPolicyRequired()) {
                set = set5;
                pKIXPolicyNode = pKIXPolicyNode4;
            } else {
                if (set5.isEmpty()) {
                    throw new CertPathValidatorException("Explicit policy requested but none avaliable");
                }
                HashSet<PKIXPolicyNode> hashSet50 = new HashSet();
                for (ArrayList arrayList8 : arrayListArr5) {
                    for (int i27 = 0; i27 < arrayList8.size(); i27++) {
                        PKIXPolicyNode pKIXPolicyNode16 = (PKIXPolicyNode) arrayList8.get(i27);
                        if (ANY_POLICY.equals(pKIXPolicyNode16.getValidPolicy())) {
                            Iterator children3 = pKIXPolicyNode16.getChildren();
                            while (children3.hasNext()) {
                                hashSet50.add(children3.next());
                            }
                        }
                    }
                }
                pKIXPolicyNode = pKIXPolicyNode4;
                for (PKIXPolicyNode pKIXPolicyNode17 : hashSet50) {
                    Set set7 = set5;
                    if (set7.contains(pKIXPolicyNode17.getValidPolicy())) {
                        set5 = set7;
                    } else {
                        pKIXPolicyNode = removePolicyNode(pKIXPolicyNode, arrayListArr5, pKIXPolicyNode17);
                        set5 = set7;
                    }
                }
                set = set5;
                if (pKIXPolicyNode != null) {
                    int i28 = size - 1;
                    while (i28 >= 0) {
                        ArrayList arrayList9 = arrayListArr5[i28];
                        PKIXPolicyNode pKIXPolicyNode18 = pKIXPolicyNode;
                        for (int i29 = 0; i29 < arrayList9.size(); i29++) {
                            PKIXPolicyNode pKIXPolicyNode19 = (PKIXPolicyNode) arrayList9.get(i29);
                            if (!pKIXPolicyNode19.hasChildren()) {
                                pKIXPolicyNode18 = removePolicyNode(pKIXPolicyNode18, arrayListArr5, pKIXPolicyNode19);
                            }
                        }
                        i28--;
                        pKIXPolicyNode = pKIXPolicyNode18;
                    }
                }
            }
            if (i8 > 0 || pKIXPolicyNode != null || isAnyPolicy(set)) {
                return new PKIXCertPathValidatorResult(findTrustAnchor, pKIXPolicyNode, publicKey3);
            }
            throw new CertPathValidatorException("Path processing failed");
        } catch (IllegalArgumentException e8) {
            StringBuffer stringBuffer11 = new StringBuffer();
            stringBuffer11.append("TrustAnchor subjectDN: ");
            stringBuffer11.append(e8.toString());
            throw new CertPathValidatorException(stringBuffer11.toString());
        }
    }

    final TrustAnchor findTrustAnchor(X509Certificate x509Certificate, Set set) throws CertPathValidatorException {
        Iterator it2 = set.iterator();
        X509CertSelector x509CertSelector = new X509CertSelector();
        try {
            x509CertSelector.setSubject(x509Certificate.getIssuerX500Principal().getEncoded());
            TrustAnchor trustAnchor = null;
            Exception e = null;
            PublicKey publicKey = null;
            while (it2.hasNext() && trustAnchor == null) {
                trustAnchor = (TrustAnchor) it2.next();
                if (trustAnchor.getTrustedCert() != null) {
                    if (x509CertSelector.match(trustAnchor.getTrustedCert())) {
                        publicKey = trustAnchor.getTrustedCert().getPublicKey();
                    } else {
                        trustAnchor = null;
                    }
                } else if (trustAnchor.getCAName() == null || trustAnchor.getCAPublicKey() == null) {
                    trustAnchor = null;
                } else {
                    try {
                        if (x509Certificate.getIssuerX500Principal().equals(new X500Principal(trustAnchor.getCAName()))) {
                            publicKey = trustAnchor.getCAPublicKey();
                        } else {
                            trustAnchor = null;
                        }
                    } catch (IllegalArgumentException unused) {
                        trustAnchor = null;
                    }
                }
                if (publicKey != null) {
                    try {
                        x509Certificate.verify(publicKey);
                    } catch (Exception e2) {
                        e = e2;
                        trustAnchor = null;
                    }
                }
            }
            if (trustAnchor != null || e == null) {
                return trustAnchor;
            }
            throw new CertPathValidatorException("TrustAnchor found put certificate validation failed", e);
        } catch (IOException e3) {
            e3.printStackTrace();
            return null;
        }
    }
}
