package org.bouncycastle.jce.provider;

import android.support.v4.os.EnvironmentCompat;
import java.io.IOException;
import java.math.BigInteger;
import java.security.GeneralSecurityException;
import java.security.InvalidAlgorithmParameterException;
import java.security.PublicKey;
import java.security.cert.CertPath;
import java.security.cert.CertPathParameters;
import java.security.cert.CertPathValidatorException;
import java.security.cert.CertPathValidatorResult;
import java.security.cert.CertPathValidatorSpi;
import java.security.cert.Certificate;
import java.security.cert.CertificateExpiredException;
import java.security.cert.CertificateNotYetValidException;
import java.security.cert.PKIXCertPathChecker;
import java.security.cert.PKIXCertPathValidatorResult;
import java.security.cert.PKIXParameters;
import java.security.cert.TrustAnchor;
import java.security.cert.X509CRL;
import java.security.cert.X509CRLEntry;
import java.security.cert.X509CRLSelector;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Date;
import java.util.Enumeration;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Set;
import javax.security.auth.x500.X500Principal;
import org.bouncycastle.asn1.ASN1InputStream;
import org.bouncycastle.asn1.ASN1Sequence;
import org.bouncycastle.asn1.ASN1TaggedObject;
import org.bouncycastle.asn1.DEREnumerated;
import org.bouncycastle.asn1.DERInteger;
import org.bouncycastle.asn1.DERObject;
import org.bouncycastle.asn1.DERObjectIdentifier;
import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
import org.bouncycastle.asn1.x509.BasicConstraints;
import org.bouncycastle.asn1.x509.GeneralName;
import org.bouncycastle.asn1.x509.GeneralSubtree;
import org.bouncycastle.asn1.x509.IssuingDistributionPoint;
import org.bouncycastle.asn1.x509.NameConstraints;
import org.bouncycastle.asn1.x509.PolicyInformation;
import org.bouncycastle.asn1.x509.X509Extensions;

/* loaded from: classes.dex */
public class PKIXCertPathValidatorSpi extends CertPathValidatorSpi {
    private static final String ANY_POLICY = "2.5.29.32.0";
    private static final int CRL_SIGN = 6;
    private static final int KEY_CERT_SIGN = 5;
    private static final String CERTIFICATE_POLICIES = X509Extensions.CertificatePolicies.getId();
    private static final String POLICY_MAPPINGS = X509Extensions.PolicyMappings.getId();
    private static final String INHIBIT_ANY_POLICY = X509Extensions.InhibitAnyPolicy.getId();
    private static final String ISSUING_DISTRIBUTION_POINT = X509Extensions.IssuingDistributionPoint.getId();
    private static final String DELTA_CRL_INDICATOR = X509Extensions.DeltaCRLIndicator.getId();
    private static final String POLICY_CONSTRAINTS = X509Extensions.PolicyConstraints.getId();
    private static final String BASIC_CONSTRAINTS = X509Extensions.BasicConstraints.getId();
    private static final String SUBJECT_ALTERNATIVE_NAME = X509Extensions.SubjectAlternativeName.getId();
    private static final String NAME_CONSTRAINTS = X509Extensions.NameConstraints.getId();
    private static final String KEY_USAGE = X509Extensions.KeyUsage.getId();
    private static final String CRL_NUMBER = X509Extensions.CRLNumber.getId();
    private static final String[] crlReasons = {"unspecified", "keyCompromise", "cACompromise", "affiliationChanged", "superseded", "cessationOfOperation", "certificateHold", EnvironmentCompat.MEDIA_UNKNOWN, "removeFromCRL", "privilegeWithdrawn", "aACompromise"};

    private void checkCRLs(PKIXParameters pKIXParameters, X509Certificate x509Certificate, Date date, X509Certificate x509Certificate2, PublicKey publicKey) throws AnnotatedException {
        boolean z;
        boolean z2;
        DEREnumerated dEREnumerated;
        boolean[] keyUsage;
        X509CRLSelector x509CRLSelector = new X509CRLSelector();
        try {
            x509CRLSelector.addIssuerName(CertPathValidatorUtilities.getEncodedIssuerPrincipal(x509Certificate).getEncoded());
            x509CRLSelector.setCertificateChecking(x509Certificate);
            boolean z3 = false;
            for (X509CRL x509crl : CertPathValidatorUtilities.findCRLs(x509CRLSelector, pKIXParameters.getCertStores())) {
                if (x509Certificate.getNotAfter().after(x509crl.getThisUpdate())) {
                    boolean z4 = (x509crl.getNextUpdate() == null || date.before(x509crl.getNextUpdate())) ? true : z3;
                    if (x509Certificate2 != null && (keyUsage = x509Certificate2.getKeyUsage()) != null && (keyUsage.length < 7 || !keyUsage[6])) {
                        throw new AnnotatedException("Issuer certificate keyusage extension does not permit crl signing.\n" + x509Certificate2);
                    }
                    try {
                        x509crl.verify(publicKey, "BC");
                        X509CRLEntry revokedCertificate = x509crl.getRevokedCertificate(x509Certificate.getSerialNumber());
                        if (revokedCertificate != null && !date.before(revokedCertificate.getRevocationDate())) {
                            String str = null;
                            if (revokedCertificate.hasExtensions() && (dEREnumerated = DEREnumerated.getInstance(CertPathValidatorUtilities.getExtensionValue(revokedCertificate, X509Extensions.ReasonCode.getId()))) != null) {
                                str = crlReasons[dEREnumerated.getValue().intValue()];
                            }
                            String str2 = "Certificate revocation after " + revokedCertificate.getRevocationDate();
                            throw new AnnotatedException(str != null ? str2 + ", reason: " + str : str2);
                        }
                        DERObject extensionValue = CertPathValidatorUtilities.getExtensionValue(x509crl, ISSUING_DISTRIBUTION_POINT);
                        DERObject extensionValue2 = CertPathValidatorUtilities.getExtensionValue(x509crl, DELTA_CRL_INDICATOR);
                        if (extensionValue2 != null) {
                            X509CRLSelector x509CRLSelector2 = new X509CRLSelector();
                            try {
                                x509CRLSelector2.addIssuerName(CertPathValidatorUtilities.getIssuerPrincipal(x509crl).getEncoded());
                                x509CRLSelector2.setMinCRLNumber(((DERInteger) extensionValue2).getPositiveValue());
                                x509CRLSelector2.setMaxCRLNumber(((DERInteger) CertPathValidatorUtilities.getExtensionValue(x509crl, CRL_NUMBER)).getPositiveValue().subtract(BigInteger.valueOf(1L)));
                                Iterator it = CertPathValidatorUtilities.findCRLs(x509CRLSelector2, pKIXParameters.getCertStores()).iterator();
                                while (true) {
                                    if (!it.hasNext()) {
                                        z2 = false;
                                        break;
                                    }
                                    DERObject extensionValue3 = CertPathValidatorUtilities.getExtensionValue((X509CRL) it.next(), ISSUING_DISTRIBUTION_POINT);
                                    if (extensionValue != null) {
                                        if (extensionValue.equals(extensionValue3)) {
                                            z2 = true;
                                            break;
                                        }
                                    } else {
                                        if (extensionValue3 == null) {
                                            z2 = true;
                                            break;
                                        }
                                    }
                                }
                                if (!z2) {
                                    throw new AnnotatedException("No base CRL for delta CRL");
                                }
                            } catch (IOException e) {
                                throw new AnnotatedException("can't extract issuer from certificate: " + e, e);
                            }
                        }
                        if (extensionValue != null) {
                            IssuingDistributionPoint issuingDistributionPoint = IssuingDistributionPoint.getInstance(extensionValue);
                            BasicConstraints basicConstraints = BasicConstraints.getInstance(CertPathValidatorUtilities.getExtensionValue(x509Certificate, BASIC_CONSTRAINTS));
                            if (issuingDistributionPoint.onlyContainsUserCerts() && basicConstraints != null && basicConstraints.isCA()) {
                                throw new AnnotatedException("CA Cert CRL only contains user certificates");
                            }
                            if (issuingDistributionPoint.onlyContainsCACerts() && (basicConstraints == null || !basicConstraints.isCA())) {
                                throw new AnnotatedException("End CRL only contains CA certificates");
                            }
                            if (issuingDistributionPoint.onlyContainsAttributeCerts()) {
                                throw new AnnotatedException("onlyContainsAttributeCerts boolean is asserted");
                            }
                        }
                        z = z4;
                    } catch (Exception e2) {
                        throw new AnnotatedException("can't verify CRL: " + e2, e2);
                    }
                } else {
                    z = z3;
                }
                z3 = z;
            }
            if (!z3) {
                throw new AnnotatedException("no valid CRL found");
            }
        } catch (IOException e3) {
            throw new AnnotatedException("Cannot extract issuer from certificate: " + e3, e3);
        }
    }

    /* JADX WARN: Failed to find 'out' block for switch in B:326:0x067f. Please report as an issue. */
    @Override // java.security.cert.CertPathValidatorSpi
    public CertPathValidatorResult engineValidate(CertPath certPath, CertPathParameters certPathParameters) throws CertPathValidatorException, InvalidAlgorithmParameterException {
        PublicKey cAPublicKey;
        X500Principal x500Principal;
        HashSet hashSet;
        PKIXPolicyNode pKIXPolicyNode;
        int i;
        int i2;
        int i3;
        int i4;
        PKIXPolicyNode pKIXPolicyNode2;
        PKIXPolicyNode pKIXPolicyNode3;
        int i5;
        int i6;
        int i7;
        BigInteger pathLenConstraint;
        boolean z;
        PKIXPolicyNode pKIXPolicyNode4;
        PKIXPolicyNode pKIXPolicyNode5;
        String str;
        PKIXPolicyNode pKIXPolicyNode6;
        if (!(certPathParameters instanceof PKIXParameters)) {
            throw new InvalidAlgorithmParameterException("params must be a PKIXParameters instance");
        }
        PKIXParameters pKIXParameters = (PKIXParameters) certPathParameters;
        if (pKIXParameters.getTrustAnchors() == null) {
            throw new InvalidAlgorithmParameterException("trustAnchors is null, this is not allowed for path validation");
        }
        List<? extends Certificate> certificates = certPath.getCertificates();
        int size = certificates.size();
        if (certificates.isEmpty()) {
            throw new CertPathValidatorException("CertPath is empty", null, certPath, 0);
        }
        Date validDate = CertPathValidatorUtilities.getValidDate(pKIXParameters);
        Set<String> initialPolicies = pKIXParameters.getInitialPolicies();
        TrustAnchor findTrustAnchor = CertPathValidatorUtilities.findTrustAnchor((X509Certificate) certificates.get(certificates.size() - 1), certPath, certificates.size() - 1, pKIXParameters.getTrustAnchors());
        if (findTrustAnchor == null) {
            throw new CertPathValidatorException("TrustAnchor for CertPath not found.", null, certPath, -1);
        }
        ArrayList[] arrayListArr = new ArrayList[size + 1];
        for (int i8 = 0; i8 < arrayListArr.length; i8++) {
            arrayListArr[i8] = new ArrayList();
        }
        HashSet hashSet2 = new HashSet();
        hashSet2.add(ANY_POLICY);
        PKIXPolicyNode pKIXPolicyNode7 = new PKIXPolicyNode(new ArrayList(), 0, hashSet2, null, new HashSet(), ANY_POLICY, false);
        arrayListArr[0].add(pKIXPolicyNode7);
        PKIXNameConstraints pKIXNameConstraints = new PKIXNameConstraints();
        int i9 = pKIXParameters.isExplicitPolicyRequired() ? 0 : size + 1;
        int i10 = pKIXParameters.isAnyPolicyInhibited() ? 0 : size + 1;
        int i11 = pKIXParameters.isPolicyMappingInhibited() ? 0 : size + 1;
        X509Certificate trustedCert = findTrustAnchor.getTrustedCert();
        try {
            if (trustedCert != null) {
                X500Principal subjectPrincipal = CertPathValidatorUtilities.getSubjectPrincipal(trustedCert);
                cAPublicKey = trustedCert.getPublicKey();
                x500Principal = subjectPrincipal;
            } else {
                X500Principal x500Principal2 = new X500Principal(findTrustAnchor.getCAName());
                cAPublicKey = findTrustAnchor.getCAPublicKey();
                x500Principal = x500Principal2;
            }
            AlgorithmIdentifier algorithmIdentifier = CertPathValidatorUtilities.getAlgorithmIdentifier(cAPublicKey);
            algorithmIdentifier.getObjectId();
            algorithmIdentifier.getParameters();
            if (pKIXParameters.getTargetCertConstraints() != null && !pKIXParameters.getTargetCertConstraints().match((X509Certificate) certificates.get(0))) {
                throw new CertPathValidatorException("target certificate in certpath does not match targetcertconstraints", null, certPath, 0);
            }
            List<PKIXCertPathChecker> certPathCheckers = pKIXParameters.getCertPathCheckers();
            Iterator<PKIXCertPathChecker> it = certPathCheckers.iterator();
            while (it.hasNext()) {
                it.next().init(false);
            }
            X509Certificate x509Certificate = null;
            int i12 = size;
            int i13 = i11;
            int i14 = i10;
            HashSet hashSet3 = null;
            int i15 = i9;
            PKIXPolicyNode pKIXPolicyNode8 = pKIXPolicyNode7;
            int size2 = certificates.size() - 1;
            X500Principal x500Principal3 = x500Principal;
            PublicKey publicKey = cAPublicKey;
            while (size2 >= 0) {
                int i16 = size - size2;
                try {
                    x509Certificate = (X509Certificate) certificates.get(size2);
                    try {
                        x509Certificate.verify(publicKey, "BC");
                        try {
                            try {
                                x509Certificate.checkValidity(validDate);
                                if (pKIXParameters.isRevocationEnabled()) {
                                    checkCRLs(pKIXParameters, x509Certificate, validDate, trustedCert, publicKey);
                                }
                                if (!CertPathValidatorUtilities.getEncodedIssuerPrincipal(x509Certificate).equals(x500Principal3)) {
                                    throw new CertPathValidatorException("IssuerName(" + CertPathValidatorUtilities.getEncodedIssuerPrincipal(x509Certificate) + ") does not match SubjectName(" + x500Principal3 + ") of signing certificate", null, certPath, size2);
                                }
                                if (!CertPathValidatorUtilities.isSelfIssued(x509Certificate) || i16 >= size) {
                                    try {
                                        ASN1Sequence aSN1Sequence = (ASN1Sequence) new ASN1InputStream(CertPathValidatorUtilities.getSubjectPrincipal(x509Certificate).getEncoded()).readObject();
                                        pKIXNameConstraints.checkPermittedDN(aSN1Sequence);
                                        pKIXNameConstraints.checkExcludedDN(aSN1Sequence);
                                        ASN1Sequence aSN1Sequence2 = (ASN1Sequence) CertPathValidatorUtilities.getExtensionValue(x509Certificate, SUBJECT_ALTERNATIVE_NAME);
                                        if (aSN1Sequence2 != null) {
                                            for (int i17 = 0; i17 < aSN1Sequence2.size(); i17++) {
                                                GeneralName generalName = GeneralName.getInstance(aSN1Sequence2.getObjectAt(i17));
                                                pKIXNameConstraints.checkPermitted(generalName);
                                                pKIXNameConstraints.checkExcluded(generalName);
                                            }
                                        }
                                    } catch (IOException e) {
                                        throw new CertPathValidatorException("exception extracting subject name when checking subtrees");
                                    }
                                }
                                ASN1Sequence aSN1Sequence3 = (ASN1Sequence) CertPathValidatorUtilities.getExtensionValue(x509Certificate, CERTIFICATE_POLICIES);
                                if (aSN1Sequence3 != null && pKIXPolicyNode8 != null) {
                                    Enumeration objects = aSN1Sequence3.getObjects();
                                    HashSet hashSet4 = new HashSet();
                                    while (objects.hasMoreElements()) {
                                        PolicyInformation policyInformation = PolicyInformation.getInstance(objects.nextElement());
                                        DERObjectIdentifier policyIdentifier = policyInformation.getPolicyIdentifier();
                                        hashSet4.add(policyIdentifier.getId());
                                        if (!ANY_POLICY.equals(policyIdentifier.getId())) {
                                            Set qualifierSet = CertPathValidatorUtilities.getQualifierSet(policyInformation.getPolicyQualifiers());
                                            if (!CertPathValidatorUtilities.processCertD1i(i16, arrayListArr, policyIdentifier, qualifierSet)) {
                                                CertPathValidatorUtilities.processCertD1ii(i16, arrayListArr, policyIdentifier, qualifierSet);
                                            }
                                        }
                                    }
                                    if (hashSet3 == null || hashSet3.contains(ANY_POLICY)) {
                                        hashSet3 = hashSet4;
                                    } else {
                                        hashSet3 = new HashSet();
                                        for (Object obj : hashSet3) {
                                            if (hashSet4.contains(obj)) {
                                                hashSet3.add(obj);
                                            }
                                        }
                                    }
                                    if (i14 > 0 || (i16 < size && CertPathValidatorUtilities.isSelfIssued(x509Certificate))) {
                                        Enumeration objects2 = aSN1Sequence3.getObjects();
                                        while (true) {
                                            if (objects2.hasMoreElements()) {
                                                PolicyInformation policyInformation2 = PolicyInformation.getInstance(objects2.nextElement());
                                                if (ANY_POLICY.equals(policyInformation2.getPolicyIdentifier().getId())) {
                                                    Set qualifierSet2 = CertPathValidatorUtilities.getQualifierSet(policyInformation2.getPolicyQualifiers());
                                                    ArrayList arrayList = arrayListArr[i16 - 1];
                                                    for (int i18 = 0; i18 < arrayList.size(); i18++) {
                                                        PKIXPolicyNode pKIXPolicyNode9 = (PKIXPolicyNode) arrayList.get(i18);
                                                        for (Object obj2 : pKIXPolicyNode9.getExpectedPolicies()) {
                                                            if (obj2 instanceof String) {
                                                                str = (String) obj2;
                                                            } else if (obj2 instanceof DERObjectIdentifier) {
                                                                str = ((DERObjectIdentifier) obj2).getId();
                                                            }
                                                            boolean z2 = false;
                                                            Iterator children = pKIXPolicyNode9.getChildren();
                                                            while (children.hasNext()) {
                                                                z2 = str.equals(((PKIXPolicyNode) children.next()).getValidPolicy()) ? true : z2;
                                                            }
                                                            if (!z2) {
                                                                HashSet hashSet5 = new HashSet();
                                                                hashSet5.add(str);
                                                                PKIXPolicyNode pKIXPolicyNode10 = new PKIXPolicyNode(new ArrayList(), i16, hashSet5, pKIXPolicyNode9, qualifierSet2, str, false);
                                                                pKIXPolicyNode9.addChild(pKIXPolicyNode10);
                                                                arrayListArr[i16].add(pKIXPolicyNode10);
                                                            }
                                                        }
                                                    }
                                                }
                                            }
                                        }
                                    }
                                    int i19 = i16 - 1;
                                    while (i19 >= 0) {
                                        ArrayList arrayList2 = arrayListArr[i19];
                                        int i20 = 0;
                                        PKIXPolicyNode pKIXPolicyNode11 = pKIXPolicyNode8;
                                        while (true) {
                                            if (i20 < arrayList2.size()) {
                                                PKIXPolicyNode pKIXPolicyNode12 = (PKIXPolicyNode) arrayList2.get(i20);
                                                if (pKIXPolicyNode12.hasChildren()) {
                                                    pKIXPolicyNode6 = pKIXPolicyNode11;
                                                } else {
                                                    pKIXPolicyNode6 = CertPathValidatorUtilities.removePolicyNode(pKIXPolicyNode11, arrayListArr, pKIXPolicyNode12);
                                                    if (pKIXPolicyNode6 != null) {
                                                    }
                                                }
                                                i20++;
                                                pKIXPolicyNode11 = pKIXPolicyNode6;
                                            } else {
                                                pKIXPolicyNode6 = pKIXPolicyNode11;
                                            }
                                        }
                                        i19--;
                                        pKIXPolicyNode8 = pKIXPolicyNode6;
                                    }
                                    Set<String> criticalExtensionOIDs = x509Certificate.getCriticalExtensionOIDs();
                                    if (criticalExtensionOIDs != null) {
                                        boolean contains = criticalExtensionOIDs.contains(CERTIFICATE_POLICIES);
                                        ArrayList arrayList3 = arrayListArr[i16];
                                        for (int i21 = 0; i21 < arrayList3.size(); i21++) {
                                            ((PKIXPolicyNode) arrayList3.get(i21)).setCritical(contains);
                                        }
                                    }
                                }
                                PKIXPolicyNode pKIXPolicyNode13 = pKIXPolicyNode8;
                                HashSet hashSet6 = hashSet3;
                                if (aSN1Sequence3 == null) {
                                    pKIXPolicyNode13 = null;
                                }
                                if (i15 <= 0 && pKIXPolicyNode13 == null) {
                                    throw new CertPathValidatorException("No valid policy tree found when one expected.");
                                }
                                if (i16 == size) {
                                    i2 = i12;
                                    i3 = i13;
                                    i4 = i14;
                                    pKIXPolicyNode2 = pKIXPolicyNode13;
                                } else {
                                    if (x509Certificate != null && x509Certificate.getVersion() == 1) {
                                        throw new CertPathValidatorException("Version 1 certs can't be used as CA ones");
                                    }
                                    DERObject extensionValue = CertPathValidatorUtilities.getExtensionValue(x509Certificate, POLICY_MAPPINGS);
                                    if (extensionValue != null) {
                                        ASN1Sequence aSN1Sequence4 = (ASN1Sequence) extensionValue;
                                        for (int i22 = 0; i22 < aSN1Sequence4.size(); i22++) {
                                            ASN1Sequence aSN1Sequence5 = (ASN1Sequence) aSN1Sequence4.getObjectAt(i22);
                                            DERObjectIdentifier dERObjectIdentifier = (DERObjectIdentifier) aSN1Sequence5.getObjectAt(0);
                                            DERObjectIdentifier dERObjectIdentifier2 = (DERObjectIdentifier) aSN1Sequence5.getObjectAt(1);
                                            if (ANY_POLICY.equals(dERObjectIdentifier.getId())) {
                                                throw new CertPathValidatorException("IssuerDomainPolicy is anyPolicy");
                                            }
                                            if (ANY_POLICY.equals(dERObjectIdentifier2.getId())) {
                                                throw new CertPathValidatorException("SubjectDomainPolicy is anyPolicy");
                                            }
                                        }
                                    }
                                    if (extensionValue != null) {
                                        ASN1Sequence aSN1Sequence6 = (ASN1Sequence) extensionValue;
                                        HashMap hashMap = new HashMap();
                                        HashSet<String> hashSet7 = new HashSet();
                                        for (int i23 = 0; i23 < aSN1Sequence6.size(); i23++) {
                                            ASN1Sequence aSN1Sequence7 = (ASN1Sequence) aSN1Sequence6.getObjectAt(i23);
                                            String id = ((DERObjectIdentifier) aSN1Sequence7.getObjectAt(0)).getId();
                                            String id2 = ((DERObjectIdentifier) aSN1Sequence7.getObjectAt(1)).getId();
                                            if (hashMap.containsKey(id)) {
                                                ((Set) hashMap.get(id)).add(id2);
                                            } else {
                                                HashSet hashSet8 = new HashSet();
                                                hashSet8.add(id2);
                                                hashMap.put(id, hashSet8);
                                                hashSet7.add(id);
                                            }
                                        }
                                        PKIXPolicyNode pKIXPolicyNode14 = pKIXPolicyNode13;
                                        for (String str2 : hashSet7) {
                                            if (i13 > 0) {
                                                Iterator it2 = arrayListArr[i16].iterator();
                                                while (true) {
                                                    if (it2.hasNext()) {
                                                        PKIXPolicyNode pKIXPolicyNode15 = (PKIXPolicyNode) it2.next();
                                                        if (pKIXPolicyNode15.getValidPolicy().equals(str2)) {
                                                            pKIXPolicyNode15.expectedPolicies = (Set) hashMap.get(str2);
                                                            z = true;
                                                        }
                                                    } else {
                                                        z = false;
                                                    }
                                                }
                                                if (!z) {
                                                    Iterator it3 = arrayListArr[i16].iterator();
                                                    while (true) {
                                                        if (it3.hasNext()) {
                                                            PKIXPolicyNode pKIXPolicyNode16 = (PKIXPolicyNode) it3.next();
                                                            if (ANY_POLICY.equals(pKIXPolicyNode16.getValidPolicy())) {
                                                                Set set = null;
                                                                Enumeration objects3 = ((ASN1Sequence) CertPathValidatorUtilities.getExtensionValue(x509Certificate, CERTIFICATE_POLICIES)).getObjects();
                                                                while (true) {
                                                                    if (objects3.hasMoreElements()) {
                                                                        PolicyInformation policyInformation3 = PolicyInformation.getInstance(objects3.nextElement());
                                                                        if (ANY_POLICY.equals(policyInformation3.getPolicyIdentifier().getId())) {
                                                                            set = CertPathValidatorUtilities.getQualifierSet(policyInformation3.getPolicyQualifiers());
                                                                        }
                                                                    }
                                                                }
                                                                boolean contains2 = x509Certificate.getCriticalExtensionOIDs() != null ? x509Certificate.getCriticalExtensionOIDs().contains(CERTIFICATE_POLICIES) : false;
                                                                PKIXPolicyNode pKIXPolicyNode17 = (PKIXPolicyNode) pKIXPolicyNode16.getParent();
                                                                if (ANY_POLICY.equals(pKIXPolicyNode17.getValidPolicy())) {
                                                                    PKIXPolicyNode pKIXPolicyNode18 = new PKIXPolicyNode(new ArrayList(), i16, (Set) hashMap.get(str2), pKIXPolicyNode17, set, str2, contains2);
                                                                    pKIXPolicyNode17.addChild(pKIXPolicyNode18);
                                                                    arrayListArr[i16].add(pKIXPolicyNode18);
                                                                }
                                                            }
                                                        }
                                                    }
                                                }
                                            } else {
                                                if (i13 <= 0) {
                                                    Iterator it4 = arrayListArr[i16].iterator();
                                                    pKIXPolicyNode4 = pKIXPolicyNode14;
                                                    while (it4.hasNext()) {
                                                        PKIXPolicyNode pKIXPolicyNode19 = (PKIXPolicyNode) it4.next();
                                                        if (pKIXPolicyNode19.getValidPolicy().equals(str2)) {
                                                            ((PKIXPolicyNode) pKIXPolicyNode19.getParent()).removeChild(pKIXPolicyNode19);
                                                            it4.remove();
                                                            pKIXPolicyNode5 = pKIXPolicyNode4;
                                                            for (int i24 = i16 - 1; i24 >= 0; i24--) {
                                                                ArrayList arrayList4 = arrayListArr[i24];
                                                                int i25 = 0;
                                                                PKIXPolicyNode pKIXPolicyNode20 = pKIXPolicyNode5;
                                                                while (true) {
                                                                    if (i25 < arrayList4.size()) {
                                                                        PKIXPolicyNode pKIXPolicyNode21 = (PKIXPolicyNode) arrayList4.get(i25);
                                                                        if (pKIXPolicyNode21.hasChildren()) {
                                                                            pKIXPolicyNode5 = pKIXPolicyNode20;
                                                                        } else {
                                                                            pKIXPolicyNode5 = CertPathValidatorUtilities.removePolicyNode(pKIXPolicyNode20, arrayListArr, pKIXPolicyNode21);
                                                                            if (pKIXPolicyNode5 != null) {
                                                                            }
                                                                        }
                                                                        i25++;
                                                                        pKIXPolicyNode20 = pKIXPolicyNode5;
                                                                    } else {
                                                                        pKIXPolicyNode5 = pKIXPolicyNode20;
                                                                    }
                                                                }
                                                            }
                                                        } else {
                                                            pKIXPolicyNode5 = pKIXPolicyNode4;
                                                        }
                                                        pKIXPolicyNode4 = pKIXPolicyNode5;
                                                    }
                                                } else {
                                                    pKIXPolicyNode4 = pKIXPolicyNode14;
                                                }
                                                pKIXPolicyNode14 = pKIXPolicyNode4;
                                            }
                                        }
                                        pKIXPolicyNode3 = pKIXPolicyNode14;
                                    } else {
                                        pKIXPolicyNode3 = pKIXPolicyNode13;
                                    }
                                    ASN1Sequence aSN1Sequence8 = (ASN1Sequence) CertPathValidatorUtilities.getExtensionValue(x509Certificate, NAME_CONSTRAINTS);
                                    if (aSN1Sequence8 != null) {
                                        NameConstraints nameConstraints = new NameConstraints(aSN1Sequence8);
                                        ASN1Sequence permittedSubtrees = nameConstraints.getPermittedSubtrees();
                                        if (permittedSubtrees != null) {
                                            Enumeration objects4 = permittedSubtrees.getObjects();
                                            while (objects4.hasMoreElements()) {
                                                pKIXNameConstraints.intersectPermittedSubtree(GeneralSubtree.getInstance(objects4.nextElement()));
                                            }
                                        }
                                        ASN1Sequence excludedSubtrees = nameConstraints.getExcludedSubtrees();
                                        if (excludedSubtrees != null) {
                                            Enumeration objects5 = excludedSubtrees.getObjects();
                                            while (objects5.hasMoreElements()) {
                                                pKIXNameConstraints.addExcludedSubtree(GeneralSubtree.getInstance(objects5.nextElement()));
                                            }
                                        }
                                    }
                                    if (CertPathValidatorUtilities.isSelfIssued(x509Certificate)) {
                                        i3 = i13;
                                        i5 = i14;
                                    } else {
                                        if (i15 != 0) {
                                            i15--;
                                        }
                                        i3 = i13 != 0 ? i13 - 1 : i13;
                                        i5 = i14 != 0 ? i14 - 1 : i14;
                                    }
                                    ASN1Sequence aSN1Sequence9 = (ASN1Sequence) CertPathValidatorUtilities.getExtensionValue(x509Certificate, POLICY_CONSTRAINTS);
                                    if (aSN1Sequence9 != null) {
                                        Enumeration objects6 = aSN1Sequence9.getObjects();
                                        int i26 = i3;
                                        while (objects6.hasMoreElements()) {
                                            ASN1TaggedObject aSN1TaggedObject = (ASN1TaggedObject) objects6.nextElement();
                                            switch (aSN1TaggedObject.getTagNo()) {
                                                case 0:
                                                    int intValue = DERInteger.getInstance(aSN1TaggedObject).getValue().intValue();
                                                    if (intValue < i15) {
                                                        i15 = intValue;
                                                        break;
                                                    } else {
                                                        r2 = i26;
                                                        i26 = r2;
                                                        break;
                                                    }
                                                case 1:
                                                    int intValue2 = DERInteger.getInstance(aSN1TaggedObject).getValue().intValue();
                                                    if (intValue2 < i26) {
                                                        i26 = intValue2;
                                                        break;
                                                    }
                                                    intValue2 = i26;
                                                    i26 = intValue2;
                                                default:
                                                    intValue2 = i26;
                                                    i26 = intValue2;
                                                    break;
                                            }
                                        }
                                        i3 = i26;
                                    }
                                    DERInteger dERInteger = (DERInteger) CertPathValidatorUtilities.getExtensionValue(x509Certificate, INHIBIT_ANY_POLICY);
                                    if (dERInteger == null || (i4 = dERInteger.getValue().intValue()) >= i5) {
                                        i4 = i5;
                                    }
                                    BasicConstraints basicConstraints = BasicConstraints.getInstance(CertPathValidatorUtilities.getExtensionValue(x509Certificate, BASIC_CONSTRAINTS));
                                    if (basicConstraints == null) {
                                        throw new CertPathValidatorException("Intermediate certificate lacks BasicConstraints");
                                    }
                                    if (!basicConstraints.isCA()) {
                                        throw new CertPathValidatorException("Not a CA certificate");
                                    }
                                    if (CertPathValidatorUtilities.isSelfIssued(x509Certificate)) {
                                        i6 = i12;
                                    } else {
                                        if (i12 <= 0) {
                                            throw new CertPathValidatorException("Max path length not greater than zero");
                                        }
                                        i6 = i12 - 1;
                                    }
                                    if (basicConstraints == null || (pathLenConstraint = basicConstraints.getPathLenConstraint()) == null || (i7 = pathLenConstraint.intValue()) >= i6) {
                                        i7 = i6;
                                    }
                                    boolean[] keyUsage = x509Certificate.getKeyUsage();
                                    if (keyUsage != null && !keyUsage[5]) {
                                        throw new CertPathValidatorException("Issuer certificate keyusage extension is critical an does not permit key signing.\n", null, certPath, size2);
                                    }
                                    HashSet hashSet9 = new HashSet(x509Certificate.getCriticalExtensionOIDs());
                                    hashSet9.remove(KEY_USAGE);
                                    hashSet9.remove(CERTIFICATE_POLICIES);
                                    hashSet9.remove(POLICY_MAPPINGS);
                                    hashSet9.remove(INHIBIT_ANY_POLICY);
                                    hashSet9.remove(ISSUING_DISTRIBUTION_POINT);
                                    hashSet9.remove(DELTA_CRL_INDICATOR);
                                    hashSet9.remove(POLICY_CONSTRAINTS);
                                    hashSet9.remove(BASIC_CONSTRAINTS);
                                    hashSet9.remove(SUBJECT_ALTERNATIVE_NAME);
                                    hashSet9.remove(NAME_CONSTRAINTS);
                                    Iterator<PKIXCertPathChecker> it5 = certPathCheckers.iterator();
                                    while (it5.hasNext()) {
                                        try {
                                            it5.next().check(x509Certificate, hashSet9);
                                        } catch (CertPathValidatorException e2) {
                                            throw new CertPathValidatorException(e2.getMessage(), e2.getCause(), certPath, size2);
                                        }
                                    }
                                    if (!hashSet9.isEmpty()) {
                                        throw new CertPathValidatorException("Certificate has unsupported critical extension", null, certPath, size2);
                                    }
                                    i2 = i7;
                                    pKIXPolicyNode2 = pKIXPolicyNode3;
                                }
                                publicKey = x509Certificate.getPublicKey();
                                try {
                                    X500Principal subjectPrincipal2 = CertPathValidatorUtilities.getSubjectPrincipal(x509Certificate);
                                    AlgorithmIdentifier algorithmIdentifier2 = CertPathValidatorUtilities.getAlgorithmIdentifier(publicKey);
                                    algorithmIdentifier2.getObjectId();
                                    algorithmIdentifier2.getParameters();
                                    i12 = i2;
                                    trustedCert = x509Certificate;
                                    i13 = i3;
                                    i14 = i4;
                                    hashSet3 = hashSet6;
                                    size2--;
                                    pKIXPolicyNode8 = pKIXPolicyNode2;
                                    x500Principal3 = subjectPrincipal2;
                                } catch (IllegalArgumentException e3) {
                                    throw new CertPathValidatorException(x509Certificate.getSubjectDN().getName() + " :" + e3.toString());
                                }
                            } catch (CertificateNotYetValidException e4) {
                                throw new CertPathValidatorException("Could not validate certificate: " + e4.getMessage(), e4, certPath, size2);
                            }
                        } catch (CertificateExpiredException e5) {
                            throw new CertPathValidatorException("Could not validate certificate: " + e5.getMessage(), e5, certPath, size2);
                        }
                    } catch (GeneralSecurityException e6) {
                        throw new CertPathValidatorException("Could not validate certificate signature.", e6, certPath, size2);
                    }
                } catch (AnnotatedException e7) {
                    throw new CertPathValidatorException(e7.getMessage(), e7.getUnderlyingException(), certPath, size2);
                }
            }
            int i27 = (CertPathValidatorUtilities.isSelfIssued(x509Certificate) || i15 == 0) ? i15 : i15 - 1;
            try {
                ASN1Sequence aSN1Sequence10 = (ASN1Sequence) CertPathValidatorUtilities.getExtensionValue(x509Certificate, POLICY_CONSTRAINTS);
                if (aSN1Sequence10 != null) {
                    Enumeration objects7 = aSN1Sequence10.getObjects();
                    while (objects7.hasMoreElements()) {
                        ASN1TaggedObject aSN1TaggedObject2 = (ASN1TaggedObject) objects7.nextElement();
                        switch (aSN1TaggedObject2.getTagNo()) {
                            case 0:
                                if (DERInteger.getInstance(aSN1TaggedObject2).getValue().intValue() == 0) {
                                    i = 0;
                                    break;
                                }
                                break;
                        }
                        i = i27;
                        i27 = i;
                    }
                }
                Set<String> criticalExtensionOIDs2 = x509Certificate.getCriticalExtensionOIDs();
                if (criticalExtensionOIDs2 != null) {
                    HashSet hashSet10 = new HashSet(criticalExtensionOIDs2);
                    hashSet10.remove(KEY_USAGE);
                    hashSet10.remove(CERTIFICATE_POLICIES);
                    hashSet10.remove(POLICY_MAPPINGS);
                    hashSet10.remove(INHIBIT_ANY_POLICY);
                    hashSet10.remove(ISSUING_DISTRIBUTION_POINT);
                    hashSet10.remove(DELTA_CRL_INDICATOR);
                    hashSet10.remove(POLICY_CONSTRAINTS);
                    hashSet10.remove(BASIC_CONSTRAINTS);
                    hashSet10.remove(SUBJECT_ALTERNATIVE_NAME);
                    hashSet10.remove(NAME_CONSTRAINTS);
                    hashSet = hashSet10;
                } else {
                    hashSet = new HashSet();
                }
                Iterator<PKIXCertPathChecker> it6 = certPathCheckers.iterator();
                while (it6.hasNext()) {
                    try {
                        it6.next().check(x509Certificate, hashSet);
                    } catch (CertPathValidatorException e8) {
                        throw new CertPathValidatorException(e8.getMessage(), e8.getCause(), certPath, size2);
                    }
                }
                if (!hashSet.isEmpty()) {
                    throw new CertPathValidatorException("Certificate has unsupported critical extension", null, certPath, size2);
                }
                if (pKIXPolicyNode8 == null) {
                    if (pKIXParameters.isExplicitPolicyRequired()) {
                        throw new CertPathValidatorException("Explicit policy requested but none available.");
                    }
                    pKIXPolicyNode = null;
                } else if (CertPathValidatorUtilities.isAnyPolicy(initialPolicies)) {
                    if (pKIXParameters.isExplicitPolicyRequired()) {
                        if (hashSet3.isEmpty()) {
                            throw new CertPathValidatorException("Explicit policy requested but none available.");
                        }
                        HashSet hashSet11 = new HashSet();
                        int i28 = 0;
                        while (true) {
                            int i29 = i28;
                            if (i29 < arrayListArr.length) {
                                ArrayList arrayList5 = arrayListArr[i29];
                                int i30 = 0;
                                while (true) {
                                    int i31 = i30;
                                    if (i31 < arrayList5.size()) {
                                        PKIXPolicyNode pKIXPolicyNode22 = (PKIXPolicyNode) arrayList5.get(i31);
                                        if (ANY_POLICY.equals(pKIXPolicyNode22.getValidPolicy())) {
                                            Iterator children2 = pKIXPolicyNode22.getChildren();
                                            while (children2.hasNext()) {
                                                hashSet11.add(children2.next());
                                            }
                                        }
                                        i30 = i31 + 1;
                                    }
                                }
                                i28 = i29 + 1;
                            } else {
                                Iterator it7 = hashSet11.iterator();
                                while (it7.hasNext()) {
                                    hashSet3.contains(((PKIXPolicyNode) it7.next()).getValidPolicy());
                                }
                                if (pKIXPolicyNode8 != null) {
                                    int i32 = size - 1;
                                    pKIXPolicyNode = pKIXPolicyNode8;
                                    while (i32 >= 0) {
                                        ArrayList arrayList6 = arrayListArr[i32];
                                        int i33 = 0;
                                        PKIXPolicyNode pKIXPolicyNode23 = pKIXPolicyNode;
                                        while (true) {
                                            int i34 = i33;
                                            if (i34 < arrayList6.size()) {
                                                PKIXPolicyNode pKIXPolicyNode24 = (PKIXPolicyNode) arrayList6.get(i34);
                                                if (!pKIXPolicyNode24.hasChildren()) {
                                                    pKIXPolicyNode23 = CertPathValidatorUtilities.removePolicyNode(pKIXPolicyNode23, arrayListArr, pKIXPolicyNode24);
                                                }
                                                i33 = i34 + 1;
                                            }
                                        }
                                        i32--;
                                        pKIXPolicyNode = pKIXPolicyNode23;
                                    }
                                }
                            }
                        }
                    }
                    pKIXPolicyNode = pKIXPolicyNode8;
                } else {
                    HashSet<PKIXPolicyNode> hashSet12 = new HashSet();
                    int i35 = 0;
                    while (true) {
                        int i36 = i35;
                        if (i36 < arrayListArr.length) {
                            ArrayList arrayList7 = arrayListArr[i36];
                            int i37 = 0;
                            while (true) {
                                int i38 = i37;
                                if (i38 < arrayList7.size()) {
                                    PKIXPolicyNode pKIXPolicyNode25 = (PKIXPolicyNode) arrayList7.get(i38);
                                    if (ANY_POLICY.equals(pKIXPolicyNode25.getValidPolicy())) {
                                        Iterator children3 = pKIXPolicyNode25.getChildren();
                                        while (children3.hasNext()) {
                                            PKIXPolicyNode pKIXPolicyNode26 = (PKIXPolicyNode) children3.next();
                                            if (!ANY_POLICY.equals(pKIXPolicyNode26.getValidPolicy())) {
                                                hashSet12.add(pKIXPolicyNode26);
                                            }
                                        }
                                    }
                                    i37 = i38 + 1;
                                }
                            }
                            i35 = i36 + 1;
                        } else {
                            for (PKIXPolicyNode pKIXPolicyNode27 : hashSet12) {
                                if (!initialPolicies.contains(pKIXPolicyNode27.getValidPolicy())) {
                                    pKIXPolicyNode8 = CertPathValidatorUtilities.removePolicyNode(pKIXPolicyNode8, arrayListArr, pKIXPolicyNode27);
                                }
                            }
                            if (pKIXPolicyNode8 != null) {
                                int i39 = size - 1;
                                pKIXPolicyNode = pKIXPolicyNode8;
                                while (i39 >= 0) {
                                    ArrayList arrayList8 = arrayListArr[i39];
                                    int i40 = 0;
                                    PKIXPolicyNode pKIXPolicyNode28 = pKIXPolicyNode;
                                    while (true) {
                                        int i41 = i40;
                                        if (i41 < arrayList8.size()) {
                                            PKIXPolicyNode pKIXPolicyNode29 = (PKIXPolicyNode) arrayList8.get(i41);
                                            if (!pKIXPolicyNode29.hasChildren()) {
                                                pKIXPolicyNode28 = CertPathValidatorUtilities.removePolicyNode(pKIXPolicyNode28, arrayListArr, pKIXPolicyNode29);
                                            }
                                            i40 = i41 + 1;
                                        }
                                    }
                                    i39--;
                                    pKIXPolicyNode = pKIXPolicyNode28;
                                }
                            }
                            pKIXPolicyNode = pKIXPolicyNode8;
                        }
                    }
                }
                if (i27 > 0 || pKIXPolicyNode != null) {
                    return new PKIXCertPathValidatorResult(findTrustAnchor, pKIXPolicyNode, publicKey);
                }
                throw new CertPathValidatorException("Path processing failed on policy.", null, certPath, size2);
            } catch (AnnotatedException e9) {
                throw new CertPathValidatorException(e9.getMessage(), e9.getUnderlyingException(), certPath, size2);
            }
        } catch (IllegalArgumentException e10) {
            throw new CertPathValidatorException("TrustAnchor subjectDN: " + e10.toString());
        }
    }
}
