package kz.iola.x509;

import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.math.BigInteger;
import java.net.HttpURLConnection;
import java.net.InetAddress;
import java.net.URL;
import java.security.PublicKey;
import java.security.cert.CertPath;
import java.security.cert.CertPathValidatorException;
import java.security.cert.CertificateFactory;
import java.security.cert.PKIXCertPathChecker;
import java.security.cert.PKIXParameters;
import java.security.cert.PolicyNode;
import java.security.cert.TrustAnchor;
import java.security.cert.X509CRL;
import java.security.cert.X509CRLEntry;
import java.security.cert.X509CertSelector;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Date;
import java.util.Enumeration;
import java.util.Iterator;
import java.util.List;
import java.util.Set;
import java.util.Vector;
import javax.security.auth.x500.X500Principal;
import kz.iola.asn1.ASN1InputStream;
import kz.iola.asn1.ASN1Object;
import kz.iola.asn1.ASN1OctetString;
import kz.iola.asn1.ASN1Sequence;
import kz.iola.asn1.DEREnumerated;
import kz.iola.asn1.DERIA5String;
import kz.iola.asn1.DERInteger;
import kz.iola.asn1.DERObject;
import kz.iola.asn1.DERObjectIdentifier;
import kz.iola.asn1.DEROctetString;
import kz.iola.asn1.x509.AccessDescription;
import kz.iola.asn1.x509.AuthorityInformationAccess;
import kz.iola.asn1.x509.AuthorityKeyIdentifier;
import kz.iola.asn1.x509.BasicConstraints;
import kz.iola.asn1.x509.CRLDistPoint;
import kz.iola.asn1.x509.DistributionPoint;
import kz.iola.asn1.x509.DistributionPointName;
import kz.iola.asn1.x509.GeneralName;
import kz.iola.asn1.x509.GeneralNames;
import kz.iola.asn1.x509.GeneralSubtree;
import kz.iola.asn1.x509.IssuingDistributionPoint;
import kz.iola.asn1.x509.NameConstraints;
import kz.iola.asn1.x509.X509Extensions;
import kz.iola.asn1.x509.qualified.MonetaryValue;
import kz.iola.asn1.x509.qualified.QCStatement;
import kz.iola.i18n.ErrorBundle;
import kz.iola.i18n.LocaleString;
import kz.iola.i18n.filter.TrustedInput;
import kz.iola.i18n.filter.UntrustedInput;
import kz.iola.i18n.filter.UntrustedUrlInput;
import kz.iola.jce.provider.AnnotatedException;
import kz.iola.jce.provider.CertPathValidatorUtilities;
import kz.iola.jce.provider.PKIXNameConstraintValidator;
import kz.iola.jce.provider.PKIXNameConstraintValidatorException;
import org.apache.xml.security.keys.content.x509.XMLX509Certificate;

/* loaded from: classes.dex */
public class PKIXCertPathReviewer extends CertPathValidatorUtilities {
    private static final String RESOURCE_NAME = "kz.iola.x509.CertPathReviewerMessages";
    private boolean initialized;
    protected CertPath p;
    protected PKIXParameters q;
    protected Date r;
    protected List s;
    protected int t;
    protected List[] u;
    protected List[] v;
    protected TrustAnchor w;
    protected PublicKey x;
    protected PolicyNode y;
    private static final String QC_STATEMENT = X509Extensions.QCStatements.getId();
    private static final String CRL_DIST_POINTS = X509Extensions.CRLDistributionPoints.getId();
    private static final String AUTH_INFO_ACCESS = X509Extensions.AuthorityInfoAccess.getId();

    public PKIXCertPathReviewer() {
    }

    public PKIXCertPathReviewer(CertPath certPath, PKIXParameters pKIXParameters) {
        init(certPath, pKIXParameters);
    }

    private String IPtoString(byte[] bArr) {
        try {
            return InetAddress.getByAddress(bArr).getHostAddress();
        } catch (Exception unused) {
            StringBuffer stringBuffer = new StringBuffer();
            for (int i = 0; i != bArr.length; i++) {
                stringBuffer.append(Integer.toHexString(bArr[i] & 255));
                stringBuffer.append(' ');
            }
            return stringBuffer.toString();
        }
    }

    private void checkCriticalExtensions() {
        List<PKIXCertPathChecker> certPathCheckers = this.q.getCertPathCheckers();
        Iterator<PKIXCertPathChecker> it = certPathCheckers.iterator();
        while (it.hasNext()) {
            try {
                try {
                    it.next().init(false);
                } catch (CertPathValidatorException e) {
                    throw new CertPathReviewerException(new ErrorBundle(RESOURCE_NAME, "CertPathReviewer.certPathCheckerError", new Object[]{e.getMessage(), e, e.getClass().getName()}), e);
                }
            } catch (CertPathReviewerException e2) {
                b(e2.getErrorMessage(), e2.getIndex());
                return;
            }
        }
        for (int size = this.s.size() - 1; size >= 0; size--) {
            X509Certificate x509Certificate = (X509Certificate) this.s.get(size);
            Set<String> criticalExtensionOIDs = x509Certificate.getCriticalExtensionOIDs();
            if (criticalExtensionOIDs != null && !criticalExtensionOIDs.isEmpty()) {
                criticalExtensionOIDs.remove(f);
                criticalExtensionOIDs.remove(a);
                criticalExtensionOIDs.remove(c);
                criticalExtensionOIDs.remove(g);
                criticalExtensionOIDs.remove(h);
                criticalExtensionOIDs.remove(i);
                criticalExtensionOIDs.remove(j);
                criticalExtensionOIDs.remove(b);
                criticalExtensionOIDs.remove(d);
                criticalExtensionOIDs.remove(e);
                if (criticalExtensionOIDs.contains(QC_STATEMENT) && processQcStatements(x509Certificate, size)) {
                    criticalExtensionOIDs.remove(QC_STATEMENT);
                }
                Iterator<PKIXCertPathChecker> it2 = certPathCheckers.iterator();
                while (it2.hasNext()) {
                    try {
                        it2.next().check(x509Certificate, criticalExtensionOIDs);
                    } catch (CertPathValidatorException e3) {
                        throw new CertPathReviewerException(new ErrorBundle(RESOURCE_NAME, "CertPathReviewer.criticalExtensionError", new Object[]{e3.getMessage(), e3, e3.getClass().getName()}), e3.getCause(), this.p, size);
                    }
                }
                if (!criticalExtensionOIDs.isEmpty()) {
                    Iterator<String> it3 = criticalExtensionOIDs.iterator();
                    while (it3.hasNext()) {
                        b(new ErrorBundle(RESOURCE_NAME, "CertPathReviewer.unknownCriticalExt", new Object[]{new DERObjectIdentifier(it3.next())}), size);
                    }
                }
            }
        }
    }

    private void checkNameConstraints() {
        PKIXNameConstraintValidator pKIXNameConstraintValidator = new PKIXNameConstraintValidator();
        try {
            for (int size = this.s.size() - 1; size > 0; size--) {
                int i = this.t;
                X509Certificate x509Certificate = (X509Certificate) this.s.get(size);
                if (!b(x509Certificate)) {
                    X500Principal a = a(x509Certificate);
                    try {
                        ASN1Sequence aSN1Sequence = (ASN1Sequence) new ASN1InputStream(new ByteArrayInputStream(a.getEncoded())).readObject();
                        try {
                            pKIXNameConstraintValidator.checkPermittedDN(aSN1Sequence);
                            try {
                                pKIXNameConstraintValidator.checkExcludedDN(aSN1Sequence);
                                try {
                                    ASN1Sequence aSN1Sequence2 = (ASN1Sequence) a(x509Certificate, d);
                                    if (aSN1Sequence2 != null) {
                                        for (int i2 = 0; i2 < aSN1Sequence2.size(); i2++) {
                                            GeneralName generalName = GeneralName.getInstance(aSN1Sequence2.getObjectAt(i2));
                                            try {
                                                pKIXNameConstraintValidator.checkPermitted(generalName);
                                                pKIXNameConstraintValidator.checkExcluded(generalName);
                                            } catch (PKIXNameConstraintValidatorException e) {
                                                throw new CertPathReviewerException(new ErrorBundle(RESOURCE_NAME, "CertPathReviewer.notPermittedEmail", new Object[]{new UntrustedInput(generalName)}), e, this.p, size);
                                            }
                                        }
                                    }
                                } catch (AnnotatedException e2) {
                                    throw new CertPathReviewerException(new ErrorBundle(RESOURCE_NAME, "CertPathReviewer.subjAltNameExtError"), e2, this.p, size);
                                }
                            } catch (PKIXNameConstraintValidatorException e3) {
                                throw new CertPathReviewerException(new ErrorBundle(RESOURCE_NAME, "CertPathReviewer.excludedDN", new Object[]{new UntrustedInput(a.getName())}), e3, this.p, size);
                            }
                        } catch (PKIXNameConstraintValidatorException e4) {
                            throw new CertPathReviewerException(new ErrorBundle(RESOURCE_NAME, "CertPathReviewer.notPermittedDN", new Object[]{new UntrustedInput(a.getName())}), e4, this.p, size);
                        }
                    } catch (IOException e5) {
                        throw new CertPathReviewerException(new ErrorBundle(RESOURCE_NAME, "CertPathReviewer.ncSubjectNameError", new Object[]{new UntrustedInput(a)}), e5, this.p, size);
                    }
                }
                try {
                    ASN1Sequence aSN1Sequence3 = (ASN1Sequence) a(x509Certificate, e);
                    if (aSN1Sequence3 != null) {
                        NameConstraints nameConstraints = new NameConstraints(aSN1Sequence3);
                        ASN1Sequence permittedSubtrees = nameConstraints.getPermittedSubtrees();
                        if (permittedSubtrees != null) {
                            pKIXNameConstraintValidator.intersectPermittedSubtree(permittedSubtrees);
                        }
                        ASN1Sequence excludedSubtrees = nameConstraints.getExcludedSubtrees();
                        if (excludedSubtrees != null) {
                            Enumeration objects = excludedSubtrees.getObjects();
                            while (objects.hasMoreElements()) {
                                pKIXNameConstraintValidator.addExcludedSubtree(GeneralSubtree.getInstance(objects.nextElement()));
                            }
                        }
                    }
                } catch (AnnotatedException e6) {
                    throw new CertPathReviewerException(new ErrorBundle(RESOURCE_NAME, "CertPathReviewer.ncExtError"), e6, this.p, size);
                }
            }
        } catch (CertPathReviewerException e7) {
            b(e7.getErrorMessage(), e7.getIndex());
        }
    }

    private void checkPathLength() {
        BasicConstraints basicConstraints;
        BigInteger pathLenConstraint;
        int intValue;
        int i = this.t;
        int i2 = i;
        int i3 = 0;
        for (int size = this.s.size() - 1; size > 0; size--) {
            int i4 = this.t;
            X509Certificate x509Certificate = (X509Certificate) this.s.get(size);
            if (!b(x509Certificate)) {
                if (i2 <= 0) {
                    b(new ErrorBundle(RESOURCE_NAME, "CertPathReviewer.pathLenghtExtended"));
                }
                i2--;
                i3++;
            }
            try {
                basicConstraints = BasicConstraints.getInstance(a(x509Certificate, b));
            } catch (AnnotatedException unused) {
                b(new ErrorBundle(RESOURCE_NAME, "CertPathReviewer.processLengthConstError"), size);
                basicConstraints = null;
            }
            if (basicConstraints != null && (pathLenConstraint = basicConstraints.getPathLenConstraint()) != null && (intValue = pathLenConstraint.intValue()) < i2) {
                i2 = intValue;
            }
        }
        a(new ErrorBundle(RESOURCE_NAME, "CertPathReviewer.totalPathLength", new Object[]{new Integer(i3)}));
    }

    /* JADX WARN: Code restructure failed: missing block: B:60:0x0274, code lost:
    
        if (r6 >= r32.t) goto L147;
     */
    /* JADX WARN: Code restructure failed: missing block: B:62:0x027a, code lost:
    
        if (b(r15) == false) goto L147;
     */
    /* JADX WARN: Removed duplicated region for block: B:167:0x057b A[Catch: AnnotatedException -> 0x05df, CertPathReviewerException -> 0x0622, TryCatch #2 {AnnotatedException -> 0x05df, blocks: (B:165:0x0571, B:167:0x057b, B:168:0x057f, B:170:0x0586, B:171:0x0590, B:173:0x0594, B:181:0x05a4), top: B:164:0x0571, outer: #8 }] */
    /* JADX WARN: Removed duplicated region for block: B:67:0x02e7 A[Catch: CertPathReviewerException -> 0x0622, TryCatch #8 {CertPathReviewerException -> 0x0622, blocks: (B:16:0x005e, B:272:0x006c, B:277:0x0076, B:279:0x0080, B:280:0x0084, B:282:0x008b, B:285:0x0098, B:299:0x00aa, B:301:0x00b2, B:302:0x00c2, B:306:0x01a7, B:307:0x01b5, B:310:0x00c6, B:312:0x00cc, B:314:0x00d4, B:316:0x00da, B:317:0x00ea, B:318:0x00eb, B:319:0x00f1, B:338:0x00f4, B:339:0x00f8, B:344:0x0100, B:346:0x0106, B:347:0x0109, B:356:0x010f, B:349:0x0112, B:351:0x011e, B:353:0x0122, B:341:0x0125, B:321:0x0133, B:322:0x0136, B:336:0x013c, B:324:0x013f, B:326:0x0151, B:327:0x0155, B:329:0x015c, B:333:0x0164, B:360:0x0169, B:361:0x016f, B:386:0x0172, B:387:0x0176, B:398:0x017e, B:400:0x0184, B:401:0x0187, B:410:0x018d, B:403:0x0190, B:405:0x019c, B:407:0x01a0, B:389:0x01b6, B:392:0x01c6, B:363:0x01cb, B:364:0x01ce, B:384:0x01d4, B:366:0x01d7, B:368:0x01e9, B:369:0x01ed, B:371:0x01f4, B:374:0x0206, B:381:0x020a, B:413:0x020d, B:414:0x021d, B:18:0x021e, B:20:0x022a, B:23:0x0236, B:24:0x023f, B:44:0x0247, B:47:0x0250, B:48:0x0259, B:50:0x0261, B:52:0x026b, B:59:0x0272, B:61:0x0276, B:65:0x02b8, B:83:0x02bc, B:85:0x02c2, B:86:0x02cb, B:88:0x02d2, B:97:0x0449, B:98:0x0457, B:99:0x0458, B:102:0x045c, B:104:0x0464, B:105:0x0468, B:107:0x046f, B:116:0x048f, B:117:0x049f, B:109:0x04a0, B:113:0x04ac, B:114:0x04bc, B:111:0x04bd, B:121:0x04c2, B:122:0x04cf, B:132:0x04d5, B:133:0x04d9, B:135:0x04e1, B:138:0x04e9, B:151:0x0513, B:143:0x04ee, B:144:0x04fe, B:146:0x0500, B:147:0x0510, B:124:0x0518, B:126:0x053e, B:128:0x0556, B:129:0x054d, B:156:0x055c, B:165:0x0571, B:167:0x057b, B:168:0x057f, B:170:0x0586, B:171:0x0590, B:173:0x0594, B:181:0x05a4, B:193:0x05b4, B:195:0x05be, B:203:0x05ce, B:204:0x05de, B:206:0x05df, B:207:0x05ef, B:199:0x0603, B:211:0x05f1, B:212:0x0602, B:67:0x02e7, B:68:0x02eb, B:77:0x0306, B:70:0x02f3, B:72:0x02ff, B:79:0x0309, B:214:0x0280, B:215:0x0284, B:217:0x028b, B:221:0x02a5, B:223:0x02af, B:224:0x02b2, B:226:0x030c, B:227:0x031c, B:258:0x0322, B:229:0x0327, B:231:0x0333, B:232:0x0341, B:233:0x0347, B:251:0x034f, B:235:0x038e, B:253:0x0337, B:255:0x033b, B:262:0x03c6, B:263:0x03d7, B:26:0x03de, B:29:0x0406, B:30:0x040e, B:32:0x0414, B:38:0x0419, B:39:0x042a, B:269:0x0610, B:270:0x0621), top: B:15:0x005e, inners: #1, #2, #4, #5, #6, #7, #9, #10 }] */
    /* JADX WARN: Removed duplicated region for block: B:85:0x02c2 A[Catch: CertPathReviewerException -> 0x0622, TryCatch #8 {CertPathReviewerException -> 0x0622, blocks: (B:16:0x005e, B:272:0x006c, B:277:0x0076, B:279:0x0080, B:280:0x0084, B:282:0x008b, B:285:0x0098, B:299:0x00aa, B:301:0x00b2, B:302:0x00c2, B:306:0x01a7, B:307:0x01b5, B:310:0x00c6, B:312:0x00cc, B:314:0x00d4, B:316:0x00da, B:317:0x00ea, B:318:0x00eb, B:319:0x00f1, B:338:0x00f4, B:339:0x00f8, B:344:0x0100, B:346:0x0106, B:347:0x0109, B:356:0x010f, B:349:0x0112, B:351:0x011e, B:353:0x0122, B:341:0x0125, B:321:0x0133, B:322:0x0136, B:336:0x013c, B:324:0x013f, B:326:0x0151, B:327:0x0155, B:329:0x015c, B:333:0x0164, B:360:0x0169, B:361:0x016f, B:386:0x0172, B:387:0x0176, B:398:0x017e, B:400:0x0184, B:401:0x0187, B:410:0x018d, B:403:0x0190, B:405:0x019c, B:407:0x01a0, B:389:0x01b6, B:392:0x01c6, B:363:0x01cb, B:364:0x01ce, B:384:0x01d4, B:366:0x01d7, B:368:0x01e9, B:369:0x01ed, B:371:0x01f4, B:374:0x0206, B:381:0x020a, B:413:0x020d, B:414:0x021d, B:18:0x021e, B:20:0x022a, B:23:0x0236, B:24:0x023f, B:44:0x0247, B:47:0x0250, B:48:0x0259, B:50:0x0261, B:52:0x026b, B:59:0x0272, B:61:0x0276, B:65:0x02b8, B:83:0x02bc, B:85:0x02c2, B:86:0x02cb, B:88:0x02d2, B:97:0x0449, B:98:0x0457, B:99:0x0458, B:102:0x045c, B:104:0x0464, B:105:0x0468, B:107:0x046f, B:116:0x048f, B:117:0x049f, B:109:0x04a0, B:113:0x04ac, B:114:0x04bc, B:111:0x04bd, B:121:0x04c2, B:122:0x04cf, B:132:0x04d5, B:133:0x04d9, B:135:0x04e1, B:138:0x04e9, B:151:0x0513, B:143:0x04ee, B:144:0x04fe, B:146:0x0500, B:147:0x0510, B:124:0x0518, B:126:0x053e, B:128:0x0556, B:129:0x054d, B:156:0x055c, B:165:0x0571, B:167:0x057b, B:168:0x057f, B:170:0x0586, B:171:0x0590, B:173:0x0594, B:181:0x05a4, B:193:0x05b4, B:195:0x05be, B:203:0x05ce, B:204:0x05de, B:206:0x05df, B:207:0x05ef, B:199:0x0603, B:211:0x05f1, B:212:0x0602, B:67:0x02e7, B:68:0x02eb, B:77:0x0306, B:70:0x02f3, B:72:0x02ff, B:79:0x0309, B:214:0x0280, B:215:0x0284, B:217:0x028b, B:221:0x02a5, B:223:0x02af, B:224:0x02b2, B:226:0x030c, B:227:0x031c, B:258:0x0322, B:229:0x0327, B:231:0x0333, B:232:0x0341, B:233:0x0347, B:251:0x034f, B:235:0x038e, B:253:0x0337, B:255:0x033b, B:262:0x03c6, B:263:0x03d7, B:26:0x03de, B:29:0x0406, B:30:0x040e, B:32:0x0414, B:38:0x0419, B:39:0x042a, B:269:0x0610, B:270:0x0621), top: B:15:0x005e, inners: #1, #2, #4, #5, #6, #7, #9, #10 }] */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    private void checkPolicy() {
        /*
            Method dump skipped, instructions count: 1610
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: kz.iola.x509.PKIXCertPathReviewer.checkPolicy():void");
    }

    /* JADX WARN: Can't wrap try/catch for region: R(19:78|79|(16:81|82|83|(12:85|86|(2:89|87)|90|91|(2:94|92)|95|96|97|98|99|100)|107|86|(1:87)|90|91|(1:92)|95|96|97|98|99|100)|110|82|83|(0)|107|86|(1:87)|90|91|(1:92)|95|96|97|98|99|100) */
    /* JADX WARN: Code restructure failed: missing block: B:102:0x0328, code lost:
    
        r0 = e;
     */
    /* JADX WARN: Code restructure failed: missing block: B:103:0x0333, code lost:
    
        b(r0.getErrorMessage(), r11);
     */
    /* JADX WARN: Code restructure failed: missing block: B:105:0x032a, code lost:
    
        r0 = e;
     */
    /* JADX WARN: Code restructure failed: missing block: B:106:0x032b, code lost:
    
        r14 = r4;
        r13 = r6;
        r18 = r8;
        r11 = r9;
        r19 = r15;
        r15 = r7;
     */
    /* JADX WARN: Code restructure failed: missing block: B:109:0x02e9, code lost:
    
        b(new kz.iola.i18n.ErrorBundle(kz.iola.x509.PKIXCertPathReviewer.RESOURCE_NAME, "CertPathReviewer.crlAuthInfoAccError"), r9);
     */
    /* JADX WARN: Removed duplicated region for block: B:141:0x017e  */
    /* JADX WARN: Removed duplicated region for block: B:145:0x0154  */
    /* JADX WARN: Removed duplicated region for block: B:21:0x0157  */
    /* JADX WARN: Removed duplicated region for block: B:28:0x0192  */
    /* JADX WARN: Removed duplicated region for block: B:46:0x03d8  */
    /* JADX WARN: Removed duplicated region for block: B:85:0x02e4 A[Catch: AnnotatedException -> 0x02e9, TRY_LEAVE, TryCatch #17 {AnnotatedException -> 0x02e9, blocks: (B:83:0x02dc, B:85:0x02e4), top: B:82:0x02dc }] */
    /* JADX WARN: Removed duplicated region for block: B:89:0x036a A[LOOP:1: B:87:0x0302->B:89:0x036a, LOOP_END] */
    /* JADX WARN: Removed duplicated region for block: B:94:0x033e A[LOOP:2: B:92:0x030c->B:94:0x033e, LOOP_END] */
    /* JADX WARN: Removed duplicated region for block: B:9:0x010c  */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    private void checkSignatures() {
        /*
            Method dump skipped, instructions count: 1129
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: kz.iola.x509.PKIXCertPathReviewer.checkSignatures():void");
    }

    private X509CRL getCRL(String str) {
        try {
            URL url = new URL(str);
            if (!url.getProtocol().equals("http") && !url.getProtocol().equals("https")) {
                return null;
            }
            HttpURLConnection httpURLConnection = (HttpURLConnection) url.openConnection();
            httpURLConnection.setUseCaches(false);
            httpURLConnection.setDoInput(true);
            httpURLConnection.connect();
            if (httpURLConnection.getResponseCode() == 200) {
                return (X509CRL) CertificateFactory.getInstance(XMLX509Certificate.JCA_CERT_ID, "IOLA").generateCRL(httpURLConnection.getInputStream());
            }
            throw new Exception(httpURLConnection.getResponseMessage());
        } catch (Exception e) {
            throw new CertPathReviewerException(new ErrorBundle(RESOURCE_NAME, "CertPathReviewer.loadCrlDistPointError", new Object[]{new UntrustedInput(str), e.getMessage(), e, e.getClass().getName()}));
        }
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r1v0 */
    /* JADX WARN: Type inference failed for: r1v3, types: [boolean] */
    private boolean processQcStatements(X509Certificate x509Certificate, int i) {
        ErrorBundle errorBundle;
        int i2 = i;
        char c = 0;
        try {
            ASN1Sequence aSN1Sequence = (ASN1Sequence) a(x509Certificate, QC_STATEMENT);
            int i3 = 0;
            char c2 = 0;
            while (i3 < aSN1Sequence.size()) {
                QCStatement qCStatement = QCStatement.getInstance(aSN1Sequence.getObjectAt(i3));
                if (QCStatement.id_etsi_qcs_QcCompliance.equals(qCStatement.getStatementId())) {
                    a(new ErrorBundle(RESOURCE_NAME, "CertPathReviewer.QcEuCompliance"), i2 == true ? 1 : 0);
                } else if (!QCStatement.id_qcs_pkixQCSyntax_v1.equals(qCStatement.getStatementId())) {
                    if (QCStatement.id_etsi_qcs_QcSSCD.equals(qCStatement.getStatementId())) {
                        a(new ErrorBundle(RESOURCE_NAME, "CertPathReviewer.QcSSCD"), i2 == true ? 1 : 0);
                    } else if (QCStatement.id_etsi_qcs_LimiteValue.equals(qCStatement.getStatementId())) {
                        MonetaryValue monetaryValue = MonetaryValue.getInstance(qCStatement.getStatementInfo());
                        monetaryValue.getCurrency();
                        double doubleValue = monetaryValue.getAmount().doubleValue() * Math.pow(10.0d, monetaryValue.getExponent().doubleValue());
                        if (monetaryValue.getCurrency().isAlphabetic()) {
                            Object[] objArr = new Object[3];
                            objArr[c] = monetaryValue.getCurrency().getAlphabetic();
                            objArr[1] = new TrustedInput(new Double(doubleValue));
                            objArr[2] = monetaryValue;
                            errorBundle = new ErrorBundle(RESOURCE_NAME, "CertPathReviewer.QcLimitValueAlpha", objArr);
                        } else {
                            errorBundle = new ErrorBundle(RESOURCE_NAME, "CertPathReviewer.QcLimitValueNum", new Object[]{new Integer(monetaryValue.getCurrency().getNumeric()), new TrustedInput(new Double(doubleValue)), monetaryValue});
                        }
                        a(errorBundle, i2 == true ? 1 : 0);
                    } else {
                        a(new ErrorBundle(RESOURCE_NAME, "CertPathReviewer.QcUnknownStatement", new Object[]{qCStatement.getStatementId(), new UntrustedInput(qCStatement)}), i2 == true ? 1 : 0);
                        c2 = 1;
                    }
                }
                i3++;
                c = 0;
            }
            i2 = c2 ^ 1;
            return i2;
        } catch (AnnotatedException unused) {
            b(new ErrorBundle(RESOURCE_NAME, "CertPathReviewer.QcStatementExtError"), i2);
            return false;
        }
    }

    protected Collection a(X509Certificate x509Certificate, Set set) {
        ArrayList arrayList = new ArrayList();
        Iterator it = set.iterator();
        X509CertSelector x509CertSelector = new X509CertSelector();
        try {
            x509CertSelector.setSubject(a((Object) x509Certificate).getEncoded());
            byte[] extensionValue = x509Certificate.getExtensionValue(X509Extensions.AuthorityKeyIdentifier.getId());
            if (extensionValue != null) {
                AuthorityKeyIdentifier authorityKeyIdentifier = AuthorityKeyIdentifier.getInstance(ASN1Object.fromByteArray(((ASN1OctetString) ASN1Object.fromByteArray(extensionValue)).getOctets()));
                x509CertSelector.setSerialNumber(authorityKeyIdentifier.getAuthorityCertSerialNumber());
                byte[] keyIdentifier = authorityKeyIdentifier.getKeyIdentifier();
                if (keyIdentifier != null) {
                    x509CertSelector.setSubjectKeyIdentifier(new DEROctetString(keyIdentifier).getEncoded());
                }
            }
            while (it.hasNext()) {
                TrustAnchor trustAnchor = (TrustAnchor) it.next();
                if (trustAnchor.getTrustedCert() != null) {
                    if (x509CertSelector.match(trustAnchor.getTrustedCert())) {
                        arrayList.add(trustAnchor);
                    }
                } else if (trustAnchor.getCAName() != null && trustAnchor.getCAPublicKey() != null && a((Object) x509Certificate).equals(new X500Principal(trustAnchor.getCAName()))) {
                    arrayList.add(trustAnchor);
                }
            }
            return arrayList;
        } catch (IOException unused) {
            throw new CertPathReviewerException(new ErrorBundle(RESOURCE_NAME, "CertPathReviewer.trustAnchorIssuerError"));
        }
    }

    protected Vector a(AuthorityInformationAccess authorityInformationAccess) {
        Vector vector = new Vector();
        if (authorityInformationAccess != null) {
            AccessDescription[] accessDescriptions = authorityInformationAccess.getAccessDescriptions();
            for (int i = 0; i < accessDescriptions.length; i++) {
                if (accessDescriptions[i].getAccessMethod().equals(AccessDescription.id_ad_ocsp)) {
                    GeneralName accessLocation = accessDescriptions[i].getAccessLocation();
                    if (accessLocation.getTagNo() == 6) {
                        vector.add(((DERIA5String) accessLocation.getName()).getString());
                    }
                }
            }
        }
        return vector;
    }

    protected Vector a(CRLDistPoint cRLDistPoint) {
        Vector vector = new Vector();
        if (cRLDistPoint != null) {
            for (DistributionPoint distributionPoint : cRLDistPoint.getDistributionPoints()) {
                DistributionPointName distributionPoint2 = distributionPoint.getDistributionPoint();
                if (distributionPoint2.getType() == 0) {
                    GeneralName[] names = GeneralNames.getInstance(distributionPoint2.getName()).getNames();
                    for (int i = 0; i < names.length; i++) {
                        if (names[i].getTagNo() == 6) {
                            vector.add(((DERIA5String) names[i].getName()).getString());
                        }
                    }
                }
            }
        }
        return vector;
    }

    protected void a() {
        if (!this.initialized) {
            throw new IllegalStateException("Object not initialized. Call init() first.");
        }
        if (this.u == null) {
            this.u = new List[this.t + 1];
            this.v = new List[this.t + 1];
            for (int i = 0; i < this.u.length; i++) {
                this.u[i] = new ArrayList();
                this.v[i] = new ArrayList();
            }
            checkSignatures();
            checkNameConstraints();
            checkPathLength();
            checkPolicy();
            checkCriticalExtensions();
        }
    }

    protected void a(PKIXParameters pKIXParameters, X509Certificate x509Certificate, Date date, X509Certificate x509Certificate2, PublicKey publicKey, Vector vector, int i) {
        Iterator it;
        X509CRL x509crl;
        boolean z;
        boolean z2;
        String str;
        boolean[] keyUsage;
        CertPathReviewerException certPathReviewerException;
        X509CRLStoreSelector x509CRLStoreSelector = new X509CRLStoreSelector();
        try {
            x509CRLStoreSelector.addIssuerName(a((Object) x509Certificate).getEncoded());
            x509CRLStoreSelector.setCertificateChecking(x509Certificate);
            int i2 = 3;
            char c = 0;
            try {
                Collection a = a(x509CRLStoreSelector, pKIXParameters.getCertStores());
                it = a.iterator();
                if (a.isEmpty()) {
                    Iterator it2 = a(new X509CRLStoreSelector(), pKIXParameters.getCertStores()).iterator();
                    ArrayList arrayList = new ArrayList();
                    while (it2.hasNext()) {
                        arrayList.add(((X509CRL) it2.next()).getIssuerX500Principal());
                        i2 = 3;
                    }
                    int size = arrayList.size();
                    Object[] objArr = new Object[i2];
                    objArr[0] = new UntrustedInput(x509CRLStoreSelector.getIssuerNames());
                    objArr[1] = new UntrustedInput(arrayList);
                    objArr[2] = new Integer(size);
                    a(new ErrorBundle(RESOURCE_NAME, "CertPathReviewer.noCrlInCertstore", objArr), i);
                }
            } catch (AnnotatedException e) {
                b(new ErrorBundle(RESOURCE_NAME, "CertPathReviewer.crlExtractionError", new Object[]{e.getCause().getMessage(), e.getCause(), e.getCause().getClass().getName()}), i);
                it = new ArrayList().iterator();
            }
            X509CRL x509crl2 = null;
            while (it.hasNext()) {
                x509crl2 = (X509CRL) it.next();
                if (x509crl2.getNextUpdate() == null || new Date().before(x509crl2.getNextUpdate())) {
                    a(new ErrorBundle(RESOURCE_NAME, "CertPathReviewer.localValidCRL", new Object[]{new TrustedInput(x509crl2.getThisUpdate()), new TrustedInput(x509crl2.getNextUpdate())}), i);
                    x509crl = x509crl2;
                    z = true;
                    break;
                }
                a(new ErrorBundle(RESOURCE_NAME, "CertPathReviewer.localInvalidCRL", new Object[]{new TrustedInput(x509crl2.getThisUpdate()), new TrustedInput(x509crl2.getNextUpdate())}), i);
            }
            x509crl = x509crl2;
            z = false;
            if (!z) {
                Iterator it3 = vector.iterator();
                while (true) {
                    if (!it3.hasNext()) {
                        break;
                    }
                    try {
                        String str2 = (String) it3.next();
                        X509CRL crl = getCRL(str2);
                        if (crl != null) {
                            if (x509Certificate.getIssuerX500Principal().equals(crl.getIssuerX500Principal())) {
                                if (crl.getNextUpdate() != null && !new Date().before(crl.getNextUpdate())) {
                                    a(new ErrorBundle(RESOURCE_NAME, "CertPathReviewer.onlineInvalidCRL", new Object[]{new TrustedInput(crl.getThisUpdate()), new TrustedInput(crl.getNextUpdate()), new UntrustedUrlInput(str2)}), i);
                                }
                                try {
                                } catch (CertPathReviewerException e2) {
                                    e = e2;
                                }
                                try {
                                    a(new ErrorBundle(RESOURCE_NAME, "CertPathReviewer.onlineValidCRL", new Object[]{new TrustedInput(crl.getThisUpdate()), new TrustedInput(crl.getNextUpdate()), new UntrustedUrlInput(str2)}), i);
                                    x509crl = crl;
                                    z = true;
                                    break;
                                } catch (CertPathReviewerException e3) {
                                    e = e3;
                                    certPathReviewerException = e;
                                    z = true;
                                    a(certPathReviewerException.getErrorMessage(), i);
                                    c = 0;
                                }
                            } else {
                                try {
                                    Object[] objArr2 = new Object[3];
                                    objArr2[c] = new UntrustedInput(crl.getIssuerX500Principal().getName());
                                    objArr2[1] = new UntrustedInput(x509Certificate.getIssuerX500Principal().getName());
                                    objArr2[2] = new UntrustedUrlInput(str2);
                                    a(new ErrorBundle(RESOURCE_NAME, "CertPathReviewer.onlineCRLWrongCA", objArr2), i);
                                } catch (CertPathReviewerException e4) {
                                    certPathReviewerException = e4;
                                    a(certPathReviewerException.getErrorMessage(), i);
                                    c = 0;
                                }
                            }
                        }
                    } catch (CertPathReviewerException e5) {
                        certPathReviewerException = e5;
                    }
                    c = 0;
                }
            }
            if (x509crl != null) {
                if (x509Certificate2 != null && (keyUsage = x509Certificate2.getKeyUsage()) != null && (keyUsage.length < 7 || !keyUsage[6])) {
                    throw new CertPathReviewerException(new ErrorBundle(RESOURCE_NAME, "CertPathReviewer.noCrlSigningPermited"));
                }
                if (publicKey == null) {
                    throw new CertPathReviewerException(new ErrorBundle(RESOURCE_NAME, "CertPathReviewer.crlNoIssuerPublicKey"));
                }
                try {
                    x509crl.verify(publicKey, "IOLA");
                    X509CRLEntry revokedCertificate = x509crl.getRevokedCertificate(x509Certificate.getSerialNumber());
                    if (revokedCertificate != null) {
                        if (revokedCertificate.hasExtensions()) {
                            try {
                                DEREnumerated dEREnumerated = DEREnumerated.getInstance(a(revokedCertificate, X509Extensions.ReasonCode.getId()));
                                str = dEREnumerated != null ? o[dEREnumerated.getValue().intValue()] : o[7];
                            } catch (AnnotatedException e6) {
                                throw new CertPathReviewerException(new ErrorBundle(RESOURCE_NAME, "CertPathReviewer.crlReasonExtError"), e6);
                            }
                        } else {
                            str = null;
                        }
                        LocaleString localeString = new LocaleString(RESOURCE_NAME, str);
                        if (!date.before(revokedCertificate.getRevocationDate())) {
                            throw new CertPathReviewerException(new ErrorBundle(RESOURCE_NAME, "CertPathReviewer.certRevoked", new Object[]{new TrustedInput(revokedCertificate.getRevocationDate()), localeString}));
                        }
                        a(new ErrorBundle(RESOURCE_NAME, "CertPathReviewer.revokedAfterValidation", new Object[]{new TrustedInput(revokedCertificate.getRevocationDate()), localeString}), i);
                    } else {
                        a(new ErrorBundle(RESOURCE_NAME, "CertPathReviewer.notRevoked"), i);
                    }
                    if (x509crl.getNextUpdate() == null || !x509crl.getNextUpdate().before(new Date())) {
                        z2 = true;
                    } else {
                        z2 = true;
                        a(new ErrorBundle(RESOURCE_NAME, "CertPathReviewer.crlUpdateAvailable", new Object[]{new TrustedInput(x509crl.getNextUpdate())}), i);
                    }
                    try {
                        DERObject a2 = a(x509crl, h);
                        try {
                            DERObject a3 = a(x509crl, i);
                            if (a3 != null) {
                                X509CRLStoreSelector x509CRLStoreSelector2 = new X509CRLStoreSelector();
                                try {
                                    x509CRLStoreSelector2.addIssuerName(a(x509crl).getEncoded());
                                    x509CRLStoreSelector2.setMinCRLNumber(((DERInteger) a3).getPositiveValue());
                                    try {
                                        x509CRLStoreSelector2.setMaxCRLNumber(((DERInteger) a(x509crl, n)).getPositiveValue().subtract(BigInteger.valueOf(1L)));
                                        try {
                                            Iterator it4 = a(x509CRLStoreSelector2, pKIXParameters.getCertStores()).iterator();
                                            while (true) {
                                                if (!it4.hasNext()) {
                                                    z2 = false;
                                                    break;
                                                }
                                                try {
                                                    DERObject a4 = a((X509CRL) it4.next(), h);
                                                    if (a2 == null) {
                                                        if (a4 == null) {
                                                            break;
                                                        }
                                                    } else if (a2.equals(a4)) {
                                                        break;
                                                    }
                                                } catch (AnnotatedException e7) {
                                                    throw new CertPathReviewerException(new ErrorBundle(RESOURCE_NAME, "CertPathReviewer.distrPtExtError"), e7);
                                                }
                                            }
                                            if (!z2) {
                                                throw new CertPathReviewerException(new ErrorBundle(RESOURCE_NAME, "CertPathReviewer.noBaseCRL"));
                                            }
                                        } catch (AnnotatedException e8) {
                                            throw new CertPathReviewerException(new ErrorBundle(RESOURCE_NAME, "CertPathReviewer.crlExtractionError"), e8);
                                        }
                                    } catch (AnnotatedException e9) {
                                        throw new CertPathReviewerException(new ErrorBundle(RESOURCE_NAME, "CertPathReviewer.crlNbrExtError"), e9);
                                    }
                                } catch (IOException e10) {
                                    throw new CertPathReviewerException(new ErrorBundle(RESOURCE_NAME, "CertPathReviewer.crlIssuerException"), e10);
                                }
                            }
                            if (a2 != null) {
                                IssuingDistributionPoint issuingDistributionPoint = IssuingDistributionPoint.getInstance(a2);
                                try {
                                    BasicConstraints basicConstraints = BasicConstraints.getInstance(a(x509Certificate, b));
                                    if (issuingDistributionPoint.onlyContainsUserCerts() && basicConstraints != null && basicConstraints.isCA()) {
                                        throw new CertPathReviewerException(new ErrorBundle(RESOURCE_NAME, "CertPathReviewer.crlOnlyUserCert"));
                                    }
                                    if (issuingDistributionPoint.onlyContainsCACerts() && (basicConstraints == null || !basicConstraints.isCA())) {
                                        throw new CertPathReviewerException(new ErrorBundle(RESOURCE_NAME, "CertPathReviewer.crlOnlyCaCert"));
                                    }
                                    if (issuingDistributionPoint.onlyContainsAttributeCerts()) {
                                        throw new CertPathReviewerException(new ErrorBundle(RESOURCE_NAME, "CertPathReviewer.crlOnlyAttrCert"));
                                    }
                                } catch (AnnotatedException e11) {
                                    throw new CertPathReviewerException(new ErrorBundle(RESOURCE_NAME, "CertPathReviewer.crlBCExtError"), e11);
                                }
                            }
                        } catch (AnnotatedException unused) {
                            throw new CertPathReviewerException(new ErrorBundle(RESOURCE_NAME, "CertPathReviewer.deltaCrlExtError"));
                        }
                    } catch (AnnotatedException unused2) {
                        throw new CertPathReviewerException(new ErrorBundle(RESOURCE_NAME, "CertPathReviewer.distrPtExtError"));
                    }
                } catch (Exception e12) {
                    throw new CertPathReviewerException(new ErrorBundle(RESOURCE_NAME, "CertPathReviewer.crlVerifyFailed"), e12);
                }
            }
            if (!z) {
                throw new CertPathReviewerException(new ErrorBundle(RESOURCE_NAME, "CertPathReviewer.noValidCrlFound"));
            }
        } catch (IOException e13) {
            throw new CertPathReviewerException(new ErrorBundle(RESOURCE_NAME, "CertPathReviewer.crlIssuerException"), e13);
        }
    }

    protected void a(PKIXParameters pKIXParameters, X509Certificate x509Certificate, Date date, X509Certificate x509Certificate2, PublicKey publicKey, Vector vector, Vector vector2, int i) {
        a(pKIXParameters, x509Certificate, date, x509Certificate2, publicKey, vector, i);
    }

    protected void a(ErrorBundle errorBundle) {
        this.u[0].add(errorBundle);
    }

    protected void a(ErrorBundle errorBundle, int i) {
        if (i < -1 || i >= this.t) {
            throw new IndexOutOfBoundsException();
        }
        this.u[i + 1].add(errorBundle);
    }

    protected void b(ErrorBundle errorBundle) {
        this.v[0].add(errorBundle);
    }

    protected void b(ErrorBundle errorBundle, int i) {
        if (i < -1 || i >= this.t) {
            throw new IndexOutOfBoundsException();
        }
        this.v[i + 1].add(errorBundle);
    }

    public CertPath getCertPath() {
        return this.p;
    }

    public int getCertPathSize() {
        return this.t;
    }

    public List getErrors(int i) {
        a();
        return this.v[i + 1];
    }

    public List[] getErrors() {
        a();
        return this.v;
    }

    public List getNotifications(int i) {
        a();
        return this.u[i + 1];
    }

    public List[] getNotifications() {
        a();
        return this.u;
    }

    public PolicyNode getPolicyTree() {
        a();
        return this.y;
    }

    public PublicKey getSubjectPublicKey() {
        a();
        return this.x;
    }

    public TrustAnchor getTrustAnchor() {
        a();
        return this.w;
    }

    public void init(CertPath certPath, PKIXParameters pKIXParameters) {
        if (this.initialized) {
            throw new IllegalStateException("object is already initialized!");
        }
        this.initialized = true;
        if (certPath == null) {
            throw new NullPointerException("certPath was null");
        }
        this.p = certPath;
        this.s = certPath.getCertificates();
        this.t = this.s.size();
        if (this.s.isEmpty()) {
            throw new CertPathReviewerException(new ErrorBundle(RESOURCE_NAME, "CertPathReviewer.emptyCertPath"));
        }
        this.q = (PKIXParameters) pKIXParameters.clone();
        this.r = a(this.q);
        this.u = null;
        this.v = null;
        this.w = null;
        this.x = null;
        this.y = null;
    }

    public boolean isValidCertPath() {
        a();
        for (int i = 0; i < this.v.length; i++) {
            if (!this.v[i].isEmpty()) {
                return false;
            }
        }
        return true;
    }
}
