package org.bouncycastle.jce.provider;

import a0.a;
import com.bbpos.bbdevice.q0;
import java.io.IOException;
import java.security.InvalidAlgorithmParameterException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.Principal;
import java.security.cert.CertPath;
import java.security.cert.CertPathBuilder;
import java.security.cert.CertPathBuilderException;
import java.security.cert.CertPathBuilderResult;
import java.security.cert.CertPathValidator;
import java.security.cert.CertPathValidatorException;
import java.security.cert.CertPathValidatorResult;
import java.security.cert.CertificateExpiredException;
import java.security.cert.CertificateNotYetValidException;
import java.security.cert.TrustAnchor;
import java.security.cert.X509CertSelector;
import java.security.cert.X509Certificate;
import java.util.Date;
import java.util.HashSet;
import java.util.Iterator;
import java.util.LinkedHashSet;
import java.util.Set;
import javax.security.auth.x500.X500Principal;
import je.q;
import je.r;
import je.s;
import md.t;
import md.z;
import nc.u;
import org.bouncycastle.jce.exception.ExtCertPathValidatorException;
import org.bouncycastle.util.c;
import org.bouncycastle.x509.f;
import org.bouncycastle.x509.i;
import org.bouncycastle.x509.m;
import w7.d;

/* loaded from: classes3.dex */
class RFC3281CertPathUtilities {
    private static final String TARGET_INFORMATION = t.f20693h2.f21180c;
    private static final String NO_REV_AVAIL = t.f20692g2.f21180c;
    private static final String CRL_DISTRIBUTION_POINTS = t.f20702z.f21180c;
    private static final String AUTHORITY_INFO_ACCESS = t.f20691f2.f21180c;

    public static void additionalChecks(f fVar, Set set, Set set2) throws CertPathValidatorException {
        Iterator it2 = set.iterator();
        while (it2.hasNext()) {
            String str = (String) it2.next();
            if (((m) fVar).b(str) != null) {
                throw new CertPathValidatorException(a.l("Attribute certificate contains prohibited attribute: ", str, "."));
            }
        }
        Iterator it3 = set2.iterator();
        while (it3.hasNext()) {
            String str2 = (String) it3.next();
            if (((m) fVar).b(str2) == null) {
                throw new CertPathValidatorException(a.l("Attribute certificate does not contain necessary attribute: ", str2, "."));
            }
        }
    }

    /* JADX WARN: Code restructure failed: missing block: B:58:0x00f5, code lost:
    
        return;
     */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    private static void checkCRL(md.r r21, org.bouncycastle.x509.f r22, je.s r23, java.util.Date r24, java.util.Date r25, java.security.cert.X509Certificate r26, org.bouncycastle.jce.provider.CertStatus r27, org.bouncycastle.jce.provider.ReasonsMask r28, java.util.List r29, ne.b r30) throws org.bouncycastle.jce.provider.AnnotatedException, org.bouncycastle.jce.provider.RecoverableCertPathValidatorException {
        /*
            Method dump skipped, instructions count: 255
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: org.bouncycastle.jce.provider.RFC3281CertPathUtilities.checkCRL(md.r, org.bouncycastle.x509.f, je.s, java.util.Date, java.util.Date, java.security.cert.X509Certificate, org.bouncycastle.jce.provider.CertStatus, org.bouncycastle.jce.provider.ReasonsMask, java.util.List, ne.b):void");
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Removed duplicated region for block: B:29:0x00cf  */
    /* JADX WARN: Removed duplicated region for block: B:40:0x011f  */
    /* JADX WARN: Removed duplicated region for block: B:55:0x0179  */
    /* JADX WARN: Type inference failed for: r11v2 */
    /* JADX WARN: Type inference failed for: r11v5 */
    /* JADX WARN: Type inference failed for: r11v7 */
    /* JADX WARN: Type inference failed for: r2v1, types: [java.util.ArrayList] */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public static void checkCRLs(org.bouncycastle.x509.f r21, je.s r22, java.util.Date r23, java.util.Date r24, java.security.cert.X509Certificate r25, java.util.List r26, ne.b r27) throws java.security.cert.CertPathValidatorException {
        /*
            Method dump skipped, instructions count: 429
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: org.bouncycastle.jce.provider.RFC3281CertPathUtilities.checkCRLs(org.bouncycastle.x509.f, je.s, java.util.Date, java.util.Date, java.security.cert.X509Certificate, java.util.List, ne.b):void");
    }

    public static CertPath processAttrCert1(f fVar, s sVar) throws CertPathValidatorException {
        LinkedHashSet linkedHashSet = new LinkedHashSet();
        m mVar = (m) fVar;
        z zVar = mVar.d().f21996c.f20729c;
        ExtCertPathValidatorException extCertPathValidatorException = null;
        if ((zVar != null ? org.bouncycastle.x509.a.b(zVar.f20732c) : null) != null) {
            X509CertSelector x509CertSelector = new X509CertSelector();
            z zVar2 = mVar.d().f21996c.f20729c;
            x509CertSelector.setSerialNumber(zVar2 != null ? zVar2.f20733d.y() : null);
            z zVar3 = mVar.d().f21996c.f20729c;
            for (Principal principal : zVar3 != null ? org.bouncycastle.x509.a.b(zVar3.f20732c) : null) {
                try {
                    if (principal instanceof X500Principal) {
                        x509CertSelector.setIssuer(((X500Principal) principal).getEncoded());
                    }
                    CertPathValidatorUtilities.findCertificates(linkedHashSet, new d(x509CertSelector).a(), sVar.a());
                } catch (IOException e10) {
                    throw new ExtCertPathValidatorException("Unable to encode X500 principal.", e10);
                } catch (AnnotatedException e11) {
                    throw new ExtCertPathValidatorException("Public key certificate for attribute certificate cannot be searched.", e11);
                }
            }
            if (linkedHashSet.isEmpty()) {
                throw new CertPathValidatorException("Public key certificate specified in base certificate ID for attribute certificate cannot be found.");
            }
        }
        if (mVar.d().a() != null) {
            i iVar = new i();
            for (Principal principal2 : mVar.d().a()) {
                try {
                    if (principal2 instanceof X500Principal) {
                        iVar.setIssuer(((X500Principal) principal2).getEncoded());
                    }
                    CertPathValidatorUtilities.findCertificates(linkedHashSet, new d(iVar).a(), sVar.a());
                } catch (IOException e12) {
                    throw new ExtCertPathValidatorException("Unable to encode X500 principal.", e12);
                } catch (AnnotatedException e13) {
                    throw new ExtCertPathValidatorException("Public key certificate for attribute certificate cannot be searched.", e13);
                }
            }
            if (linkedHashSet.isEmpty()) {
                throw new CertPathValidatorException("Public key certificate specified in entity name for attribute certificate cannot be found.");
            }
        }
        r rVar = new r(sVar);
        Iterator it2 = linkedHashSet.iterator();
        CertPathBuilderResult certPathBuilderResult = null;
        while (it2.hasNext()) {
            i iVar2 = new i();
            iVar2.setCertificate((X509Certificate) it2.next());
            rVar.f18335d = new d(iVar2).a();
            try {
                try {
                    certPathBuilderResult = CertPathBuilder.getInstance("PKIX", BouncyCastleProvider.PROVIDER_NAME).build(new q(new q0(new s(rVar))));
                } catch (InvalidAlgorithmParameterException e14) {
                    throw new RuntimeException(e14.getMessage());
                } catch (CertPathBuilderException e15) {
                    extCertPathValidatorException = new ExtCertPathValidatorException("Certification path for public key certificate of attribute certificate could not be build.", e15);
                }
            } catch (NoSuchAlgorithmException e16) {
                throw new ExtCertPathValidatorException("Support class could not be created.", e16);
            } catch (NoSuchProviderException e17) {
                throw new ExtCertPathValidatorException("Support class could not be created.", e17);
            }
        }
        if (extCertPathValidatorException == null) {
            return certPathBuilderResult.getCertPath();
        }
        throw extCertPathValidatorException;
    }

    public static CertPathValidatorResult processAttrCert2(CertPath certPath, s sVar) throws CertPathValidatorException {
        try {
            try {
                return CertPathValidator.getInstance("PKIX", BouncyCastleProvider.PROVIDER_NAME).validate(certPath, sVar);
            } catch (InvalidAlgorithmParameterException e10) {
                throw new RuntimeException(e10.getMessage());
            } catch (CertPathValidatorException e11) {
                throw new ExtCertPathValidatorException("Certification path for issuer certificate of attribute certificate could not be validated.", e11);
            }
        } catch (NoSuchAlgorithmException e12) {
            throw new ExtCertPathValidatorException("Support class could not be created.", e12);
        } catch (NoSuchProviderException e13) {
            throw new ExtCertPathValidatorException("Support class could not be created.", e13);
        }
    }

    public static void processAttrCert3(X509Certificate x509Certificate, s sVar) throws CertPathValidatorException {
        boolean[] keyUsage = x509Certificate.getKeyUsage();
        if (keyUsage != null && ((keyUsage.length <= 0 || !keyUsage[0]) && (keyUsage.length <= 1 || !keyUsage[1]))) {
            throw new CertPathValidatorException("Attribute certificate issuer public key cannot be used to validate digital signatures.");
        }
        if (x509Certificate.getBasicConstraints() != -1) {
            throw new CertPathValidatorException("Attribute certificate issuer is also a public key certificate issuer.");
        }
    }

    public static void processAttrCert4(X509Certificate x509Certificate, Set set) throws CertPathValidatorException {
        Iterator it2 = set.iterator();
        boolean z3 = false;
        while (it2.hasNext()) {
            TrustAnchor trustAnchor = (TrustAnchor) it2.next();
            if (x509Certificate.getSubjectX500Principal().getName("RFC2253").equals(trustAnchor.getCAName()) || x509Certificate.equals(trustAnchor.getTrustedCert())) {
                z3 = true;
            }
        }
        if (!z3) {
            throw new CertPathValidatorException("Attribute certificate issuer is not directly trusted.");
        }
    }

    public static void processAttrCert5(f fVar, Date date) throws CertPathValidatorException {
        try {
            ((m) fVar).a(date);
        } catch (CertificateExpiredException e10) {
            throw new ExtCertPathValidatorException("Attribute certificate is not valid.", e10);
        } catch (CertificateNotYetValidException e11) {
            throw new ExtCertPathValidatorException("Attribute certificate is not valid.", e11);
        }
    }

    public static void processAttrCert7(f fVar, CertPath certPath, CertPath certPath2, s sVar, Set set) throws CertPathValidatorException {
        m mVar = (m) fVar;
        HashSet c10 = mVar.c(true);
        String str = TARGET_INFORMATION;
        if (c10.contains(str)) {
            try {
                c extensionValue = CertPathValidatorUtilities.getExtensionValue(mVar, str);
                if (extensionValue instanceof md.q0) {
                } else if (extensionValue != null) {
                    u.v(extensionValue);
                }
            } catch (IllegalArgumentException e10) {
                throw new ExtCertPathValidatorException("Target information extension could not be read.", e10);
            } catch (AnnotatedException e11) {
                throw new ExtCertPathValidatorException("Target information extension could not be read.", e11);
            }
        }
        c10.remove(str);
        Iterator it2 = set.iterator();
        if (it2.hasNext()) {
            a.B(it2.next());
            throw null;
        }
        if (c10.isEmpty()) {
            return;
        }
        throw new CertPathValidatorException("Attribute certificate contains unsupported critical extensions: " + c10);
    }
}
