package org.bouncycastle.jce.provider;

import A0.AbstractC0020m;
import A0.C0019l;
import Dk.A;
import Dk.C0304u;
import G4.y;
import Ul.a;
import Ul.f;
import Ul.m;
import dk.AbstractC1941t;
import dk.AbstractC1944w;
import dl.o;
import dl.p;
import dl.q;
import dl.r;
import java.io.IOException;
import java.security.InvalidAlgorithmParameterException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.Principal;
import java.security.cert.CertPath;
import java.security.cert.CertPathBuilder;
import java.security.cert.CertPathBuilderException;
import java.security.cert.CertPathBuilderResult;
import java.security.cert.CertPathValidator;
import java.security.cert.CertPathValidatorException;
import java.security.cert.CertPathValidatorResult;
import java.security.cert.CertSelector;
import java.security.cert.CertificateExpiredException;
import java.security.cert.CertificateNotYetValidException;
import java.security.cert.TrustAnchor;
import java.security.cert.X509CertSelector;
import java.security.cert.X509Certificate;
import java.util.Date;
import java.util.HashSet;
import java.util.Iterator;
import java.util.LinkedHashSet;
import java.util.Set;
import javax.security.auth.x500.X500Principal;
import jl.C2793b;

/* loaded from: classes4.dex */
class RFC3281CertPathUtilities {
    private static final String TARGET_INFORMATION = C0304u.f4574x.f29360a;
    private static final String NO_REV_AVAIL = C0304u.f4573w.f29360a;
    private static final String CRL_DISTRIBUTION_POINTS = C0304u.f4564n.f29360a;
    private static final String AUTHORITY_INFO_ACCESS = C0304u.f4572v.f29360a;

    public static void additionalChecks(f fVar, Set set, Set set2) {
        Iterator it = set.iterator();
        while (it.hasNext()) {
            String str = (String) it.next();
            if (((m) fVar).b(str) != null) {
                throw new CertPathValidatorException(y.h("Attribute certificate contains prohibited attribute: ", str, "."));
            }
        }
        Iterator it2 = set2.iterator();
        while (it2.hasNext()) {
            String str2 = (String) it2.next();
            if (((m) fVar).b(str2) == null) {
                throw new CertPathValidatorException(y.h("Attribute certificate does not contain necessary attribute: ", str2, "."));
            }
        }
    }

    /* JADX WARN: Code restructure failed: missing block: B:48:0x00cc, code lost:
    
        return;
     */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    private static void checkCRL(Dk.C0302s r18, Ul.f r19, dl.r r20, java.util.Date r21, java.util.Date r22, java.security.cert.X509Certificate r23, org.bouncycastle.jce.provider.CertStatus r24, org.bouncycastle.jce.provider.ReasonsMask r25, java.util.List r26, hl.InterfaceC2548b r27) {
        /*
            r1 = r18
            r9 = r20
            r10 = r22
            r11 = r24
            r12 = r25
            dk.q r0 = Dk.Z.f4484c
            java.lang.String r0 = r0.f29360a
            r13 = r19
            Ul.m r13 = (Ul.m) r13
            byte[] r0 = r13.getExtensionValue(r0)
            if (r0 == 0) goto L19
            return
        L19:
            long r2 = r22.getTime()
            long r4 = r21.getTime()
            int r0 = (r2 > r4 ? 1 : (r2 == r4 ? 0 : -1))
            if (r0 > 0) goto Lce
            dl.m r0 = new dl.m
            r8 = 0
            r5 = 0
            r6 = -1
            r2 = r0
            r3 = r20
            r4 = r22
            r7 = r23
            r2.<init>(r3, r4, r5, r6, r7, r8)
            java.util.Set r0 = org.bouncycastle.jce.provider.CertPathValidatorUtilities.getCompleteCRLs(r0, r1, r13, r9, r10)
            java.util.Iterator r14 = r0.iterator()
            r0 = 0
            r16 = r0
            r0 = 0
        L40:
            boolean r2 = r14.hasNext()
            if (r2 == 0) goto Lca
            int r2 = r24.getCertStatus()
            r8 = 11
            if (r2 != r8) goto Lca
            boolean r2 = r25.isAllReasons()
            if (r2 != 0) goto Lca
            java.lang.Object r2 = r14.next()     // Catch: org.bouncycastle.jce.provider.AnnotatedException -> Lc6
            r7 = r2
            java.security.cert.X509CRL r7 = (java.security.cert.X509CRL) r7     // Catch: org.bouncycastle.jce.provider.AnnotatedException -> Lc6
            org.bouncycastle.jce.provider.ReasonsMask r6 = org.bouncycastle.jce.provider.RFC3280CertPathUtilities.processCRLD(r7, r1)     // Catch: org.bouncycastle.jce.provider.AnnotatedException -> Lc6
            boolean r2 = r6.hasNewReasons(r12)     // Catch: org.bouncycastle.jce.provider.AnnotatedException -> Lc6
            if (r2 != 0) goto L66
            goto L40
        L66:
            r4 = 0
            r5 = 0
            r2 = r7
            r3 = r13
            r17 = r6
            r6 = r20
            r15 = r7
            r7 = r26
            r21 = r14
            r14 = r8
            r8 = r27
            java.util.Set r2 = org.bouncycastle.jce.provider.RFC3280CertPathUtilities.processCRLF(r2, r3, r4, r5, r6, r7, r8)     // Catch: org.bouncycastle.jce.provider.AnnotatedException -> Lba
            org.bouncycastle.jce.provider.RFC3280CertPathUtilities.processCRLG(r15, r2)     // Catch: org.bouncycastle.jce.provider.AnnotatedException -> Lba
            r20.getClass()     // Catch: org.bouncycastle.jce.provider.AnnotatedException -> Lba
            java.util.Date r2 = r13.f17274c     // Catch: org.bouncycastle.jce.provider.AnnotatedException -> Lba
            long r2 = r2.getTime()     // Catch: org.bouncycastle.jce.provider.AnnotatedException -> Lba
            java.util.Date r4 = r15.getThisUpdate()     // Catch: org.bouncycastle.jce.provider.AnnotatedException -> Lba
            long r4 = r4.getTime()     // Catch: org.bouncycastle.jce.provider.AnnotatedException -> Lba
            int r2 = (r2 > r4 ? 1 : (r2 == r4 ? 0 : -1))
            if (r2 < 0) goto Lbd
            org.bouncycastle.jce.provider.RFC3280CertPathUtilities.processCRLB1(r1, r13, r15)     // Catch: org.bouncycastle.jce.provider.AnnotatedException -> Lba
            org.bouncycastle.jce.provider.RFC3280CertPathUtilities.processCRLB2(r1, r13, r15)     // Catch: org.bouncycastle.jce.provider.AnnotatedException -> Lba
            r2 = 0
            org.bouncycastle.jce.provider.RFC3280CertPathUtilities.processCRLC(r2, r15, r9)     // Catch: org.bouncycastle.jce.provider.AnnotatedException -> Lb0
            org.bouncycastle.jce.provider.RFC3280CertPathUtilities.processCRLI(r10, r2, r13, r11, r9)     // Catch: org.bouncycastle.jce.provider.AnnotatedException -> Lb0
            org.bouncycastle.jce.provider.RFC3280CertPathUtilities.processCRLJ(r10, r15, r13, r11)     // Catch: org.bouncycastle.jce.provider.AnnotatedException -> Lb0
            int r3 = r24.getCertStatus()     // Catch: org.bouncycastle.jce.provider.AnnotatedException -> Lb0
            r4 = 8
            if (r3 != r4) goto Lad
            r11.setCertStatus(r14)     // Catch: org.bouncycastle.jce.provider.AnnotatedException -> Lb0
        Lad:
            r3 = r17
            goto Lb2
        Lb0:
            r0 = move-exception
            goto Lb7
        Lb2:
            r12.addReasons(r3)     // Catch: org.bouncycastle.jce.provider.AnnotatedException -> Lb0
            r16 = 1
        Lb7:
            r14 = r21
            goto L40
        Lba:
            r0 = move-exception
        Lbb:
            r2 = 0
            goto Lb7
        Lbd:
            r2 = 0
            org.bouncycastle.jce.provider.AnnotatedException r0 = new org.bouncycastle.jce.provider.AnnotatedException     // Catch: org.bouncycastle.jce.provider.AnnotatedException -> Lb0
            java.lang.String r3 = "No valid CRL for current time found."
            r0.<init>(r3)     // Catch: org.bouncycastle.jce.provider.AnnotatedException -> Lb0
            throw r0     // Catch: org.bouncycastle.jce.provider.AnnotatedException -> Lb0
        Lc6:
            r0 = move-exception
            r21 = r14
            goto Lbb
        Lca:
            if (r16 == 0) goto Lcd
            return
        Lcd:
            throw r0
        Lce:
            org.bouncycastle.jce.provider.AnnotatedException r0 = new org.bouncycastle.jce.provider.AnnotatedException
            java.lang.String r1 = "Validation time is in future."
            r0.<init>(r1)
            throw r0
        */
        throw new UnsupportedOperationException("Method not decompiled: org.bouncycastle.jce.provider.RFC3281CertPathUtilities.checkCRL(Dk.s, Ul.f, dl.r, java.util.Date, java.util.Date, java.security.cert.X509Certificate, org.bouncycastle.jce.provider.CertStatus, org.bouncycastle.jce.provider.ReasonsMask, java.util.List, hl.b):void");
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Removed duplicated region for block: B:28:0x00c5  */
    /* JADX WARN: Removed duplicated region for block: B:35:0x0113  */
    /* JADX WARN: Removed duplicated region for block: B:50:0x016f  */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public static void checkCRLs(Ul.f r21, dl.r r22, java.util.Date r23, java.util.Date r24, java.security.cert.X509Certificate r25, java.util.List r26, hl.InterfaceC2548b r27) {
        /*
            Method dump skipped, instructions count: 420
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: org.bouncycastle.jce.provider.RFC3281CertPathUtilities.checkCRLs(Ul.f, dl.r, java.util.Date, java.util.Date, java.security.cert.X509Certificate, java.util.List, hl.b):void");
    }

    public static CertPath processAttrCert1(f fVar, r rVar) {
        LinkedHashSet linkedHashSet = new LinkedHashSet();
        m mVar = (m) fVar;
        A a5 = mVar.d().f17261a.f4587a;
        C2793b c2793b = null;
        if ((a5 != null ? a.c(a5.f4414a) : null) != null) {
            X509CertSelector x509CertSelector = new X509CertSelector();
            A a6 = mVar.d().f17261a.f4587a;
            x509CertSelector.setSerialNumber(a6 != null ? a6.f4415b.y() : null);
            A a10 = mVar.d().f17261a.f4587a;
            for (Principal principal : a10 != null ? a.c(a10.f4414a) : null) {
                try {
                    if (principal instanceof X500Principal) {
                        x509CertSelector.setIssuer(((X500Principal) principal).getEncoded());
                    }
                    CertPathValidatorUtilities.findCertificates(linkedHashSet, new o((CertSelector) x509CertSelector.clone()), rVar.f29437a.getCertStores());
                } catch (IOException e6) {
                    throw new C2793b("Unable to encode X500 principal.", e6);
                } catch (AnnotatedException e10) {
                    throw new C2793b("Public key certificate for attribute certificate cannot be searched.", e10);
                }
            }
            if (linkedHashSet.isEmpty()) {
                throw new CertPathValidatorException("Public key certificate specified in base certificate ID for attribute certificate cannot be found.");
            }
        }
        if (mVar.d().b() != null) {
            X509CertSelector x509CertSelector2 = new X509CertSelector();
            for (Principal principal2 : mVar.d().b()) {
                try {
                    if (principal2 instanceof X500Principal) {
                        x509CertSelector2.setIssuer(((X500Principal) principal2).getEncoded());
                    }
                    CertPathValidatorUtilities.findCertificates(linkedHashSet, new o((CertSelector) x509CertSelector2.clone()), rVar.f29437a.getCertStores());
                } catch (IOException e11) {
                    throw new C2793b("Unable to encode X500 principal.", e11);
                } catch (AnnotatedException e12) {
                    throw new C2793b("Public key certificate for attribute certificate cannot be searched.", e12);
                }
            }
            if (linkedHashSet.isEmpty()) {
                throw new CertPathValidatorException("Public key certificate specified in entity name for attribute certificate cannot be found.");
            }
        }
        q qVar = new q(rVar);
        Iterator it = linkedHashSet.iterator();
        CertPathBuilderResult certPathBuilderResult = null;
        while (it.hasNext()) {
            X509CertSelector x509CertSelector3 = new X509CertSelector();
            x509CertSelector3.setCertificate((X509Certificate) it.next());
            qVar.f29430d = new o((CertSelector) x509CertSelector3.clone());
            try {
                try {
                    certPathBuilderResult = CertPathBuilder.getInstance("PKIX", BouncyCastleProvider.PROVIDER_NAME).build(new p(new C0019l(new r(qVar))));
                } catch (InvalidAlgorithmParameterException e13) {
                    throw new RuntimeException(e13.getMessage());
                } catch (CertPathBuilderException e14) {
                    c2793b = new C2793b("Certification path for public key certificate of attribute certificate could not be build.", e14);
                }
            } catch (NoSuchAlgorithmException e15) {
                throw new C2793b("Support class could not be created.", e15);
            } catch (NoSuchProviderException e16) {
                throw new C2793b("Support class could not be created.", e16);
            }
        }
        if (c2793b == null) {
            return certPathBuilderResult.getCertPath();
        }
        throw c2793b;
    }

    public static CertPathValidatorResult processAttrCert2(CertPath certPath, r rVar) {
        try {
            try {
                return CertPathValidator.getInstance("PKIX", BouncyCastleProvider.PROVIDER_NAME).validate(certPath, rVar);
            } catch (InvalidAlgorithmParameterException e6) {
                throw new RuntimeException(e6.getMessage());
            } catch (CertPathValidatorException e10) {
                throw new C2793b("Certification path for issuer certificate of attribute certificate could not be validated.", e10);
            }
        } catch (NoSuchAlgorithmException e11) {
            throw new C2793b("Support class could not be created.", e11);
        } catch (NoSuchProviderException e12) {
            throw new C2793b("Support class could not be created.", e12);
        }
    }

    public static void processAttrCert3(X509Certificate x509Certificate, r rVar) {
        boolean[] keyUsage = x509Certificate.getKeyUsage();
        if (keyUsage != null && ((keyUsage.length <= 0 || !keyUsage[0]) && (keyUsage.length <= 1 || !keyUsage[1]))) {
            throw new CertPathValidatorException("Attribute certificate issuer public key cannot be used to validate digital signatures.");
        }
        if (x509Certificate.getBasicConstraints() != -1) {
            throw new CertPathValidatorException("Attribute certificate issuer is also a public key certificate issuer.");
        }
    }

    public static void processAttrCert4(X509Certificate x509Certificate, Set set) {
        Iterator it = set.iterator();
        boolean z8 = false;
        while (it.hasNext()) {
            TrustAnchor trustAnchor = (TrustAnchor) it.next();
            if (x509Certificate.getSubjectX500Principal().getName("RFC2253").equals(trustAnchor.getCAName()) || x509Certificate.equals(trustAnchor.getTrustedCert())) {
                z8 = true;
            }
        }
        if (!z8) {
            throw new CertPathValidatorException("Attribute certificate issuer is not directly trusted.");
        }
    }

    public static void processAttrCert5(f fVar, Date date) {
        try {
            ((m) fVar).a(date);
        } catch (CertificateExpiredException e6) {
            throw new C2793b("Attribute certificate is not valid.", e6);
        } catch (CertificateNotYetValidException e10) {
            throw new C2793b("Attribute certificate is not valid.", e10);
        }
    }

    public static void processAttrCert7(f fVar, CertPath certPath, CertPath certPath2, r rVar, Set set) {
        m mVar = (m) fVar;
        HashSet c5 = mVar.c(true);
        String str = TARGET_INFORMATION;
        if (c5.contains(str)) {
            try {
                AbstractC1941t extensionValue = CertPathValidatorUtilities.getExtensionValue(mVar, str);
                if (extensionValue != null) {
                    AbstractC1944w.A(extensionValue);
                }
            } catch (IllegalArgumentException e6) {
                throw new C2793b("Target information extension could not be read.", e6);
            } catch (AnnotatedException e10) {
                throw new C2793b("Target information extension could not be read.", e10);
            }
        }
        c5.remove(str);
        Iterator it = set.iterator();
        if (it.hasNext()) {
            throw AbstractC0020m.g(it);
        }
        if (c5.isEmpty()) {
            return;
        }
        throw new CertPathValidatorException("Attribute certificate contains unsupported critical extensions: " + c5);
    }
}
