package com.aspose.html.utils;

import com.aspose.html.utils.C1787aUv;
import com.aspose.html.utils.C4020jf;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.math.BigInteger;
import java.net.HttpURLConnection;
import java.net.InetAddress;
import java.net.URL;
import java.security.GeneralSecurityException;
import java.security.PublicKey;
import java.security.SignatureException;
import java.security.cert.CertPath;
import java.security.cert.CertPathValidatorException;
import java.security.cert.CertificateExpiredException;
import java.security.cert.CertificateFactory;
import java.security.cert.CertificateNotYetValidException;
import java.security.cert.PKIXCertPathChecker;
import java.security.cert.PKIXParameters;
import java.security.cert.PolicyNode;
import java.security.cert.TrustAnchor;
import java.security.cert.X509CRL;
import java.security.cert.X509CRLEntry;
import java.security.cert.X509CRLSelector;
import java.security.cert.X509CertSelector;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Date;
import java.util.Enumeration;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Set;
import java.util.Vector;
import javax.security.auth.x500.X500Principal;

/* loaded from: input_file:com/aspose/html/utils/beA.class */
public class beA extends C3461beu {
    private static final String muM = aBK.kfc.getId();
    private static final String muN = aBK.keQ.getId();
    private static final String muO = aBK.keY.getId();
    private static final String muP = "org.bouncycastle.x509.CertPathReviewerMessages";
    protected CertPath certPath;
    protected PKIXParameters pkixParams;
    protected Date currentDate;
    protected Date validDate;
    protected List certs;
    protected int n;
    protected List[] notifications;
    protected List[] errors;
    protected TrustAnchor trustAnchor;
    protected PublicKey subjectPublicKey;
    protected PolicyNode policyTree;
    private boolean initialized;

    public void init(CertPath certPath, PKIXParameters pKIXParameters) throws C3460bet {
        if (this.initialized) {
            throw new IllegalStateException("object is already initialized!");
        }
        this.initialized = true;
        if (certPath == null) {
            throw new NullPointerException("certPath was null");
        }
        this.certPath = certPath;
        this.certs = certPath.getCertificates();
        this.n = this.certs.size();
        if (this.certs.isEmpty()) {
            throw new C3460bet(new beM(muP, "CertPathReviewer.emptyCertPath"));
        }
        this.pkixParams = (PKIXParameters) pKIXParameters.clone();
        this.currentDate = new Date();
        this.validDate = getValidDate(this.pkixParams);
        this.notifications = null;
        this.errors = null;
        this.trustAnchor = null;
        this.subjectPublicKey = null;
        this.policyTree = null;
    }

    public beA(CertPath certPath, PKIXParameters pKIXParameters) throws C3460bet {
        init(certPath, pKIXParameters);
    }

    public beA() {
    }

    public CertPath getCertPath() {
        return this.certPath;
    }

    public int getCertPathSize() {
        return this.n;
    }

    public List[] getErrors() {
        doChecks();
        return this.errors;
    }

    public List getErrors(int i) {
        doChecks();
        return this.errors[i + 1];
    }

    public List[] getNotifications() {
        doChecks();
        return this.notifications;
    }

    public List getNotifications(int i) {
        doChecks();
        return this.notifications[i + 1];
    }

    public PolicyNode getPolicyTree() {
        doChecks();
        return this.policyTree;
    }

    public PublicKey getSubjectPublicKey() {
        doChecks();
        return this.subjectPublicKey;
    }

    public TrustAnchor getTrustAnchor() {
        doChecks();
        return this.trustAnchor;
    }

    public boolean isValidCertPath() {
        doChecks();
        boolean z = true;
        int i = 0;
        while (true) {
            if (i >= this.errors.length) {
                break;
            }
            if (!this.errors[i].isEmpty()) {
                z = false;
                break;
            }
            i++;
        }
        return z;
    }

    protected void a(beM bem) {
        this.notifications[0].add(bem);
    }

    protected void a(beM bem, int i) {
        if (i < -1 || i >= this.n) {
            throw new IndexOutOfBoundsException();
        }
        this.notifications[i + 1].add(bem);
    }

    protected void b(beM bem) {
        this.errors[0].add(bem);
    }

    protected void b(beM bem, int i) {
        if (i < -1 || i >= this.n) {
            throw new IndexOutOfBoundsException();
        }
        this.errors[i + 1].add(bem);
    }

    protected void doChecks() {
        if (!this.initialized) {
            throw new IllegalStateException("Object not initialized. Call init() first.");
        }
        if (this.notifications == null) {
            this.notifications = new List[this.n + 1];
            this.errors = new List[this.n + 1];
            for (int i = 0; i < this.notifications.length; i++) {
                this.notifications[i] = new ArrayList();
                this.errors[i] = new ArrayList();
            }
            checkSignatures();
            checkNameConstraints();
            checkPathLength();
            checkPolicy();
            checkCriticalExtensions();
        }
    }

    private void checkNameConstraints() {
        C3454ben c3454ben = new C3454ben();
        try {
            for (int size = this.certs.size() - 1; size > 0; size--) {
                int i = this.n - size;
                X509Certificate x509Certificate = (X509Certificate) this.certs.get(size);
                if (!isSelfIssued(x509Certificate)) {
                    X500Principal subjectPrincipal = getSubjectPrincipal(x509Certificate);
                    try {
                        AbstractC2945atK abstractC2945atK = (AbstractC2945atK) new C2935atA(new ByteArrayInputStream(subjectPrincipal.getEncoded())).aTM();
                        try {
                            c3454ben.l(abstractC2945atK);
                            try {
                                c3454ben.m(abstractC2945atK);
                                try {
                                    AbstractC2945atK abstractC2945atK2 = (AbstractC2945atK) a(x509Certificate, mus);
                                    if (abstractC2945atK2 != null) {
                                        for (int i2 = 0; i2 < abstractC2945atK2.size(); i2++) {
                                            aBN hf = aBN.hf(abstractC2945atK2.lA(i2));
                                            try {
                                                c3454ben.e(hf);
                                                c3454ben.f(hf);
                                            } catch (C3455beo e) {
                                                throw new C3460bet(new beM(muP, "CertPathReviewer.notPermittedEmail", new Object[]{new beX(hf)}), e, this.certPath, size);
                                            }
                                        }
                                    }
                                } catch (C3458ber e2) {
                                    throw new C3460bet(new beM(muP, "CertPathReviewer.subjAltNameExtError"), e2, this.certPath, size);
                                }
                            } catch (C3455beo e3) {
                                throw new C3460bet(new beM(muP, "CertPathReviewer.excludedDN", new Object[]{new beX(subjectPrincipal.getName())}), e3, this.certPath, size);
                            }
                        } catch (C3455beo e4) {
                            throw new C3460bet(new beM(muP, "CertPathReviewer.notPermittedDN", new Object[]{new beX(subjectPrincipal.getName())}), e4, this.certPath, size);
                        }
                    } catch (IOException e5) {
                        throw new C3460bet(new beM(muP, "CertPathReviewer.ncSubjectNameError", new Object[]{new beX(subjectPrincipal)}), e5, this.certPath, size);
                    }
                }
                try {
                    AbstractC2945atK abstractC2945atK3 = (AbstractC2945atK) a(x509Certificate, mut);
                    if (abstractC2945atK3 != null) {
                        aBZ ho = aBZ.ho(abstractC2945atK3);
                        aBQ[] bcW = ho.bcW();
                        if (bcW != null) {
                            c3454ben.a(bcW);
                        }
                        aBQ[] bcX = ho.bcX();
                        if (bcX != null) {
                            for (int i3 = 0; i3 != bcX.length; i3++) {
                                c3454ben.b(bcX[i3]);
                            }
                        }
                    }
                } catch (C3458ber e6) {
                    throw new C3460bet(new beM(muP, "CertPathReviewer.ncExtError"), e6, this.certPath, size);
                }
            }
        } catch (C3460bet e7) {
            b(e7.bou(), e7.getIndex());
        }
    }

    private void checkPathLength() {
        C1261aBv c1261aBv;
        BigInteger pathLenConstraint;
        int intValue;
        int i = this.n;
        int i2 = 0;
        for (int size = this.certs.size() - 1; size > 0; size--) {
            int i3 = this.n - size;
            X509Certificate x509Certificate = (X509Certificate) this.certs.get(size);
            if (!isSelfIssued(x509Certificate)) {
                if (i <= 0) {
                    b(new beM(muP, "CertPathReviewer.pathLengthExtended"));
                }
                i--;
                i2++;
            }
            try {
                c1261aBv = C1261aBv.gO(a(x509Certificate, muq));
            } catch (C3458ber e) {
                b(new beM(muP, "CertPathReviewer.processLengthConstError"), size);
                c1261aBv = null;
            }
            if (c1261aBv != null && (pathLenConstraint = c1261aBv.getPathLenConstraint()) != null && (intValue = pathLenConstraint.intValue()) < i) {
                i = intValue;
            }
        }
        a(new beM(muP, "CertPathReviewer.totalPathLength", new Object[]{bfA.valueOf(i2)}));
    }

    private void checkSignatures() {
        C1260aBu gN;
        aBO bcm;
        boolean[] keyUsage;
        TrustAnchor trustAnchor = null;
        X500Principal x500Principal = null;
        a(new beM(muP, "CertPathReviewer.certPathValidDate", new Object[]{new beW(this.validDate), new beW(this.currentDate)}));
        try {
            X509Certificate x509Certificate = (X509Certificate) this.certs.get(this.certs.size() - 1);
            Collection trustAnchors = getTrustAnchors(x509Certificate, this.pkixParams.getTrustAnchors());
            if (trustAnchors.size() > 1) {
                b(new beM(muP, "CertPathReviewer.conflictingTrustAnchors", new Object[]{bfA.valueOf(trustAnchors.size()), new beX(x509Certificate.getIssuerX500Principal())}));
            } else if (trustAnchors.isEmpty()) {
                b(new beM(muP, "CertPathReviewer.noTrustAnchorFound", new Object[]{new beX(x509Certificate.getIssuerX500Principal()), bfA.valueOf(this.pkixParams.getTrustAnchors().size())}));
            } else {
                trustAnchor = (TrustAnchor) trustAnchors.iterator().next();
                try {
                    C3461beu.verifyX509Certificate(x509Certificate, trustAnchor.getTrustedCert() != null ? trustAnchor.getTrustedCert().getPublicKey() : trustAnchor.getCAPublicKey(), this.pkixParams.getSigProvider());
                } catch (SignatureException e) {
                    b(new beM(muP, "CertPathReviewer.trustButInvalidCert"));
                } catch (Exception e2) {
                }
            }
        } catch (C3460bet e3) {
            b(e3.bou());
        } catch (Throwable th) {
            b(new beM(muP, "CertPathReviewer.unknown", new Object[]{new beX(th.getMessage()), new beX(th)}));
        }
        if (trustAnchor != null) {
            X509Certificate trustedCert = trustAnchor.getTrustedCert();
            try {
                x500Principal = trustedCert != null ? getSubjectPrincipal(trustedCert) : new X500Principal(trustAnchor.getCAName());
            } catch (IllegalArgumentException e4) {
                b(new beM(muP, "CertPathReviewer.trustDNInvalid", new Object[]{new beX(trustAnchor.getCAName())}));
            }
            if (trustedCert != null && (keyUsage = trustedCert.getKeyUsage()) != null && (keyUsage.length <= 5 || !keyUsage[5])) {
                a(new beM(muP, "CertPathReviewer.trustKeyUsage"));
            }
        }
        PublicKey publicKey = null;
        X500Principal x500Principal2 = x500Principal;
        X509Certificate x509Certificate2 = null;
        if (trustAnchor != null) {
            x509Certificate2 = trustAnchor.getTrustedCert();
            publicKey = x509Certificate2 != null ? x509Certificate2.getPublicKey() : trustAnchor.getCAPublicKey();
            try {
                C1253aBn g = g(publicKey);
                g.bbh();
                g.bbi();
            } catch (CertPathValidatorException e5) {
                b(new beM(muP, "CertPathReviewer.trustPubKeyError"));
            }
        }
        for (int size = this.certs.size() - 1; size >= 0; size--) {
            int i = this.n - size;
            X509Certificate x509Certificate3 = (X509Certificate) this.certs.get(size);
            if (publicKey != null) {
                try {
                    C3461beu.verifyX509Certificate(x509Certificate3, publicKey, this.pkixParams.getSigProvider());
                } catch (GeneralSecurityException e6) {
                    b(new beM(muP, "CertPathReviewer.signatureNotVerified", new Object[]{e6.getMessage(), e6, e6.getClass().getName()}), size);
                }
            } else if (isSelfIssued(x509Certificate3)) {
                try {
                    C3461beu.verifyX509Certificate(x509Certificate3, x509Certificate3.getPublicKey(), this.pkixParams.getSigProvider());
                    b(new beM(muP, "CertPathReviewer.rootKeyIsValidButNotATrustAnchor"), size);
                } catch (GeneralSecurityException e7) {
                    b(new beM(muP, "CertPathReviewer.signatureNotVerified", new Object[]{e7.getMessage(), e7, e7.getClass().getName()}), size);
                }
            } else {
                beM bem = new beM(muP, "CertPathReviewer.NoIssuerPublicKey");
                byte[] extensionValue = x509Certificate3.getExtensionValue(aBK.keT.getId());
                if (extensionValue != null && (bcm = (gN = C1260aBu.gN(C3037auxx.bG(extensionValue).getOctets())).bcm()) != null) {
                    aBN abn = bcm.bcL()[0];
                    BigInteger authorityCertSerialNumber = gN.getAuthorityCertSerialNumber();
                    if (authorityCertSerialNumber != null) {
                        bem.setExtraArguments(new Object[]{new beN(muP, "missingIssuer"), " \"", abn, "\" ", new beN(muP, "missingSerial"), " ", authorityCertSerialNumber});
                    }
                }
                b(bem, size);
            }
            try {
                x509Certificate3.checkValidity(this.validDate);
            } catch (CertificateExpiredException e8) {
                b(new beM(muP, "CertPathReviewer.certificateExpired", new Object[]{new beW(x509Certificate3.getNotAfter())}), size);
            } catch (CertificateNotYetValidException e9) {
                b(new beM(muP, "CertPathReviewer.certificateNotYetValid", new Object[]{new beW(x509Certificate3.getNotBefore())}), size);
            }
            if (this.pkixParams.isRevocationEnabled()) {
                try {
                    AbstractC2944atJ a = a(x509Certificate3, muN);
                    r23 = a != null ? C1262aBw.gP(a) : null;
                } catch (C3458ber e10) {
                    b(new beM(muP, "CertPathReviewer.crlDistPtExtError"), size);
                }
                try {
                    AbstractC2944atJ a2 = a(x509Certificate3, muO);
                    r24 = a2 != null ? C1259aBt.gM(a2) : null;
                } catch (C3458ber e11) {
                    b(new beM(muP, "CertPathReviewer.crlAuthInfoAccError"), size);
                }
                Vector a3 = a(r23);
                Vector a4 = a(r24);
                Iterator it = a3.iterator();
                while (it.hasNext()) {
                    a(new beM(muP, "CertPathReviewer.crlDistPoint", new Object[]{new beY(it.next())}), size);
                }
                Iterator it2 = a4.iterator();
                while (it2.hasNext()) {
                    a(new beM(muP, "CertPathReviewer.ocspLocation", new Object[]{new beY(it2.next())}), size);
                }
                try {
                    checkRevocation(this.pkixParams, x509Certificate3, this.validDate, x509Certificate2, publicKey, a3, a4, size);
                } catch (C3460bet e12) {
                    b(e12.bou(), size);
                }
            }
            if (x500Principal2 != null && !x509Certificate3.getIssuerX500Principal().equals(x500Principal2)) {
                b(new beM(muP, "CertPathReviewer.certWrongIssuer", new Object[]{x500Principal2.getName(), x509Certificate3.getIssuerX500Principal().getName()}), size);
            }
            if (i != this.n) {
                if (x509Certificate3 != null && x509Certificate3.getVersion() == 1) {
                    b(new beM(muP, "CertPathReviewer.noCACert"), size);
                }
                try {
                    C1261aBv gO = C1261aBv.gO(a(x509Certificate3, muq));
                    if (gO == null) {
                        b(new beM(muP, "CertPathReviewer.noBasicConstraints"), size);
                    } else if (!gO.isCA()) {
                        b(new beM(muP, "CertPathReviewer.noCACert"), size);
                    }
                } catch (C3458ber e13) {
                    b(new beM(muP, "CertPathReviewer.errorProcesingBC"), size);
                }
                boolean[] keyUsage2 = x509Certificate3.getKeyUsage();
                if (keyUsage2 != null && (keyUsage2.length <= 5 || !keyUsage2[5])) {
                    b(new beM(muP, "CertPathReviewer.noCertSign"), size);
                }
            }
            x509Certificate2 = x509Certificate3;
            x500Principal2 = x509Certificate3.getSubjectX500Principal();
            try {
                publicKey = getNextWorkingKey(this.certs, size);
                C1253aBn g2 = g(publicKey);
                g2.bbh();
                g2.bbi();
            } catch (CertPathValidatorException e14) {
                b(new beM(muP, "CertPathReviewer.pubKeyError"), size);
            }
        }
        this.trustAnchor = trustAnchor;
        this.subjectPublicKey = publicKey;
    }

    private void checkPolicy() {
        beE bee;
        int intValue;
        String str;
        Set<String> initialPolicies = this.pkixParams.getInitialPolicies();
        ArrayList[] arrayListArr = new ArrayList[this.n + 1];
        for (int i = 0; i < arrayListArr.length; i++) {
            arrayListArr[i] = new ArrayList();
        }
        HashSet hashSet = new HashSet();
        hashSet.add("2.5.29.32.0");
        beE bee2 = new beE(new ArrayList(), 0, hashSet, null, new HashSet(), "2.5.29.32.0", false);
        arrayListArr[0].add(bee2);
        int i2 = this.pkixParams.isExplicitPolicyRequired() ? 0 : this.n + 1;
        int i3 = this.pkixParams.isAnyPolicyInhibited() ? 0 : this.n + 1;
        int i4 = this.pkixParams.isPolicyMappingInhibited() ? 0 : this.n + 1;
        HashSet hashSet2 = null;
        X509Certificate x509Certificate = null;
        try {
            int size = this.certs.size() - 1;
            while (size >= 0) {
                int i5 = this.n - size;
                x509Certificate = (X509Certificate) this.certs.get(size);
                try {
                    AbstractC2945atK abstractC2945atK = (AbstractC2945atK) a(x509Certificate, mup);
                    if (abstractC2945atK != null && bee2 != null) {
                        Enumeration objects = abstractC2945atK.getObjects();
                        HashSet hashSet3 = new HashSet();
                        while (objects.hasMoreElements()) {
                            C1272aCf ht = C1272aCf.ht(objects.nextElement());
                            C2939atE bde = ht.bde();
                            hashSet3.add(bde.getId());
                            if (!"2.5.29.32.0".equals(bde.getId())) {
                                try {
                                    Set n = n(ht.bdf());
                                    if (!a(i5, arrayListArr, bde, n)) {
                                        b(i5, arrayListArr, bde, n);
                                    }
                                } catch (CertPathValidatorException e) {
                                    throw new C3460bet(new beM(muP, "CertPathReviewer.policyQualifierError"), e, this.certPath, size);
                                }
                            }
                        }
                        if (hashSet2 == null || hashSet2.contains("2.5.29.32.0")) {
                            hashSet2 = hashSet3;
                        } else {
                            HashSet hashSet4 = new HashSet();
                            for (Object obj : hashSet2) {
                                if (hashSet3.contains(obj)) {
                                    hashSet4.add(obj);
                                }
                            }
                            hashSet2 = hashSet4;
                        }
                        if (i3 > 0 || (i5 < this.n && isSelfIssued(x509Certificate))) {
                            Enumeration objects2 = abstractC2945atK.getObjects();
                            while (true) {
                                if (objects2.hasMoreElements()) {
                                    C1272aCf ht2 = C1272aCf.ht(objects2.nextElement());
                                    if ("2.5.29.32.0".equals(ht2.bde().getId())) {
                                        try {
                                            Set n2 = n(ht2.bdf());
                                            ArrayList arrayList = arrayListArr[i5 - 1];
                                            for (int i6 = 0; i6 < arrayList.size(); i6++) {
                                                beE bee3 = (beE) arrayList.get(i6);
                                                for (Object obj2 : bee3.getExpectedPolicies()) {
                                                    if (obj2 instanceof String) {
                                                        str = (String) obj2;
                                                    } else if (obj2 instanceof C2939atE) {
                                                        str = ((C2939atE) obj2).getId();
                                                    }
                                                    boolean z = false;
                                                    Iterator children = bee3.getChildren();
                                                    while (children.hasNext()) {
                                                        if (str.equals(((beE) children.next()).getValidPolicy())) {
                                                            z = true;
                                                        }
                                                    }
                                                    if (!z) {
                                                        HashSet hashSet5 = new HashSet();
                                                        hashSet5.add(str);
                                                        beE bee4 = new beE(new ArrayList(), i5, hashSet5, bee3, n2, str, false);
                                                        bee3.a(bee4);
                                                        arrayListArr[i5].add(bee4);
                                                    }
                                                }
                                            }
                                        } catch (CertPathValidatorException e2) {
                                            throw new C3460bet(new beM(muP, "CertPathReviewer.policyQualifierError"), e2, this.certPath, size);
                                        }
                                    }
                                }
                            }
                        }
                        for (int i7 = i5 - 1; i7 >= 0; i7--) {
                            ArrayList arrayList2 = arrayListArr[i7];
                            for (int i8 = 0; i8 < arrayList2.size(); i8++) {
                                beE bee5 = (beE) arrayList2.get(i8);
                                if (!bee5.hasChildren()) {
                                    bee2 = a(bee2, arrayListArr, bee5);
                                    if (bee2 == null) {
                                        break;
                                    }
                                }
                            }
                        }
                        Set<String> criticalExtensionOIDs = x509Certificate.getCriticalExtensionOIDs();
                        if (criticalExtensionOIDs != null) {
                            boolean contains = criticalExtensionOIDs.contains(mup);
                            ArrayList arrayList3 = arrayListArr[i5];
                            for (int i9 = 0; i9 < arrayList3.size(); i9++) {
                                ((beE) arrayList3.get(i9)).setCritical(contains);
                            }
                        }
                    }
                    if (abstractC2945atK == null) {
                        bee2 = null;
                    }
                    if (i2 <= 0 && bee2 == null) {
                        throw new C3460bet(new beM(muP, "CertPathReviewer.noValidPolicyTree"));
                    }
                    if (i5 != this.n) {
                        try {
                            AbstractC2944atJ a = a(x509Certificate, mur);
                            if (a != null) {
                                AbstractC2945atK abstractC2945atK2 = (AbstractC2945atK) a;
                                for (int i10 = 0; i10 < abstractC2945atK2.size(); i10++) {
                                    AbstractC2945atK abstractC2945atK3 = (AbstractC2945atK) abstractC2945atK2.lA(i10);
                                    C2939atE c2939atE = (C2939atE) abstractC2945atK3.lA(0);
                                    C2939atE c2939atE2 = (C2939atE) abstractC2945atK3.lA(1);
                                    if ("2.5.29.32.0".equals(c2939atE.getId())) {
                                        throw new C3460bet(new beM(muP, "CertPathReviewer.invalidPolicyMapping"), this.certPath, size);
                                    }
                                    if ("2.5.29.32.0".equals(c2939atE2.getId())) {
                                        throw new C3460bet(new beM(muP, "CertPathReviewer.invalidPolicyMapping"), this.certPath, size);
                                    }
                                }
                            }
                            if (a != null) {
                                AbstractC2945atK abstractC2945atK4 = (AbstractC2945atK) a;
                                HashMap hashMap = new HashMap();
                                HashSet<String> hashSet6 = new HashSet();
                                for (int i11 = 0; i11 < abstractC2945atK4.size(); i11++) {
                                    AbstractC2945atK abstractC2945atK5 = (AbstractC2945atK) abstractC2945atK4.lA(i11);
                                    String id = ((C2939atE) abstractC2945atK5.lA(0)).getId();
                                    String id2 = ((C2939atE) abstractC2945atK5.lA(1)).getId();
                                    if (hashMap.containsKey(id)) {
                                        ((Set) hashMap.get(id)).add(id2);
                                    } else {
                                        HashSet hashSet7 = new HashSet();
                                        hashSet7.add(id2);
                                        hashMap.put(id, hashSet7);
                                        hashSet6.add(id);
                                    }
                                }
                                for (String str2 : hashSet6) {
                                    if (i4 > 0) {
                                        try {
                                            prepareNextCertB1(i5, arrayListArr, str2, hashMap, x509Certificate);
                                        } catch (C3458ber e3) {
                                            throw new C3460bet(new beM(muP, "CertPathReviewer.policyExtError"), e3, this.certPath, size);
                                        } catch (CertPathValidatorException e4) {
                                            throw new C3460bet(new beM(muP, "CertPathReviewer.policyQualifierError"), e4, this.certPath, size);
                                        }
                                    } else if (i4 <= 0) {
                                        bee2 = a(i5, arrayListArr, str2, bee2);
                                    }
                                }
                            }
                            if (!isSelfIssued(x509Certificate)) {
                                if (i2 != 0) {
                                    i2--;
                                }
                                if (i4 != 0) {
                                    i4--;
                                }
                                if (i3 != 0) {
                                    i3--;
                                }
                            }
                            try {
                                AbstractC2945atK abstractC2945atK6 = (AbstractC2945atK) a(x509Certificate, muy);
                                if (abstractC2945atK6 != null) {
                                    Enumeration objects3 = abstractC2945atK6.getObjects();
                                    while (objects3.hasMoreElements()) {
                                        AbstractC2951atQ abstractC2951atQ = (AbstractC2951atQ) objects3.nextElement();
                                        switch (abstractC2951atQ.getTagNo()) {
                                            case 0:
                                                int intValue2 = C2936atB.d(abstractC2951atQ, false).getValue().intValue();
                                                if (intValue2 < i2) {
                                                    i2 = intValue2;
                                                    break;
                                                } else {
                                                    break;
                                                }
                                            case 1:
                                                int intValue3 = C2936atB.d(abstractC2951atQ, false).getValue().intValue();
                                                if (intValue3 < i4) {
                                                    i4 = intValue3;
                                                    break;
                                                } else {
                                                    break;
                                                }
                                        }
                                    }
                                }
                                try {
                                    C2936atB c2936atB = (C2936atB) a(x509Certificate, muv);
                                    if (c2936atB != null && (intValue = c2936atB.getValue().intValue()) < i3) {
                                        i3 = intValue;
                                    }
                                } catch (C3458ber e5) {
                                    throw new C3460bet(new beM(muP, "CertPathReviewer.policyInhibitExtError"), this.certPath, size);
                                }
                            } catch (C3458ber e6) {
                                throw new C3460bet(new beM(muP, "CertPathReviewer.policyConstExtError"), this.certPath, size);
                            }
                        } catch (C3458ber e7) {
                            throw new C3460bet(new beM(muP, "CertPathReviewer.policyMapExtError"), e7, this.certPath, size);
                        }
                    }
                    size--;
                } catch (C3458ber e8) {
                    throw new C3460bet(new beM(muP, "CertPathReviewer.policyExtError"), e8, this.certPath, size);
                }
            }
            if (!isSelfIssued(x509Certificate) && i2 > 0) {
                i2--;
            }
            try {
                AbstractC2945atK abstractC2945atK7 = (AbstractC2945atK) a(x509Certificate, muy);
                if (abstractC2945atK7 != null) {
                    Enumeration objects4 = abstractC2945atK7.getObjects();
                    while (objects4.hasMoreElements()) {
                        AbstractC2951atQ abstractC2951atQ2 = (AbstractC2951atQ) objects4.nextElement();
                        switch (abstractC2951atQ2.getTagNo()) {
                            case 0:
                                if (C2936atB.d(abstractC2951atQ2, false).getValue().intValue() == 0) {
                                    i2 = 0;
                                    break;
                                } else {
                                    break;
                                }
                        }
                    }
                }
                if (bee2 == null) {
                    if (this.pkixParams.isExplicitPolicyRequired()) {
                        throw new C3460bet(new beM(muP, "CertPathReviewer.explicitPolicy"), this.certPath, size);
                    }
                    bee = null;
                } else if (isAnyPolicy(initialPolicies)) {
                    if (this.pkixParams.isExplicitPolicyRequired()) {
                        if (hashSet2.isEmpty()) {
                            throw new C3460bet(new beM(muP, "CertPathReviewer.explicitPolicy"), this.certPath, size);
                        }
                        HashSet hashSet8 = new HashSet();
                        for (ArrayList arrayList4 : arrayListArr) {
                            for (int i12 = 0; i12 < arrayList4.size(); i12++) {
                                beE bee6 = (beE) arrayList4.get(i12);
                                if ("2.5.29.32.0".equals(bee6.getValidPolicy())) {
                                    Iterator children2 = bee6.getChildren();
                                    while (children2.hasNext()) {
                                        hashSet8.add(children2.next());
                                    }
                                }
                            }
                        }
                        Iterator it = hashSet8.iterator();
                        while (it.hasNext()) {
                            if (!hashSet2.contains(((beE) it.next()).getValidPolicy())) {
                            }
                        }
                        if (bee2 != null) {
                            for (int i13 = this.n - 1; i13 >= 0; i13--) {
                                ArrayList arrayList5 = arrayListArr[i13];
                                for (int i14 = 0; i14 < arrayList5.size(); i14++) {
                                    beE bee7 = (beE) arrayList5.get(i14);
                                    if (!bee7.hasChildren()) {
                                        bee2 = a(bee2, arrayListArr, bee7);
                                    }
                                }
                            }
                        }
                    }
                    bee = bee2;
                } else {
                    HashSet<beE> hashSet9 = new HashSet();
                    for (ArrayList arrayList6 : arrayListArr) {
                        for (int i15 = 0; i15 < arrayList6.size(); i15++) {
                            beE bee8 = (beE) arrayList6.get(i15);
                            if ("2.5.29.32.0".equals(bee8.getValidPolicy())) {
                                Iterator children3 = bee8.getChildren();
                                while (children3.hasNext()) {
                                    beE bee9 = (beE) children3.next();
                                    if (!"2.5.29.32.0".equals(bee9.getValidPolicy())) {
                                        hashSet9.add(bee9);
                                    }
                                }
                            }
                        }
                    }
                    for (beE bee10 : hashSet9) {
                        if (!initialPolicies.contains(bee10.getValidPolicy())) {
                            bee2 = a(bee2, arrayListArr, bee10);
                        }
                    }
                    if (bee2 != null) {
                        for (int i16 = this.n - 1; i16 >= 0; i16--) {
                            ArrayList arrayList7 = arrayListArr[i16];
                            for (int i17 = 0; i17 < arrayList7.size(); i17++) {
                                beE bee11 = (beE) arrayList7.get(i17);
                                if (!bee11.hasChildren()) {
                                    bee2 = a(bee2, arrayListArr, bee11);
                                }
                            }
                        }
                    }
                    bee = bee2;
                }
                if (i2 <= 0 && bee == null) {
                    throw new C3460bet(new beM(muP, "CertPathReviewer.invalidPolicy"));
                }
            } catch (C3458ber e9) {
                throw new C3460bet(new beM(muP, "CertPathReviewer.policyConstExtError"), this.certPath, size);
            }
        } catch (C3460bet e10) {
            b(e10.bou(), e10.getIndex());
        }
    }

    private void checkCriticalExtensions() {
        List<PKIXCertPathChecker> certPathCheckers = this.pkixParams.getCertPathCheckers();
        Iterator<PKIXCertPathChecker> it = certPathCheckers.iterator();
        while (it.hasNext()) {
            try {
                try {
                    it.next().init(false);
                } catch (CertPathValidatorException e) {
                    throw new C3460bet(new beM(muP, "CertPathReviewer.certPathCheckerError", new Object[]{e.getMessage(), e, e.getClass().getName()}), e);
                }
            } catch (C3460bet e2) {
                b(e2.bou(), e2.getIndex());
                return;
            }
        }
        for (int size = this.certs.size() - 1; size >= 0; size--) {
            X509Certificate x509Certificate = (X509Certificate) this.certs.get(size);
            Set<String> criticalExtensionOIDs = x509Certificate.getCriticalExtensionOIDs();
            if (criticalExtensionOIDs != null && !criticalExtensionOIDs.isEmpty()) {
                criticalExtensionOIDs.remove(muu);
                criticalExtensionOIDs.remove(mup);
                criticalExtensionOIDs.remove(mur);
                criticalExtensionOIDs.remove(muv);
                criticalExtensionOIDs.remove(muw);
                criticalExtensionOIDs.remove(mux);
                criticalExtensionOIDs.remove(muy);
                criticalExtensionOIDs.remove(muq);
                criticalExtensionOIDs.remove(mus);
                criticalExtensionOIDs.remove(mut);
                if (criticalExtensionOIDs.contains(muM) && processQcStatements(x509Certificate, size)) {
                    criticalExtensionOIDs.remove(muM);
                }
                Iterator<PKIXCertPathChecker> it2 = certPathCheckers.iterator();
                while (it2.hasNext()) {
                    try {
                        it2.next().check(x509Certificate, criticalExtensionOIDs);
                    } catch (CertPathValidatorException e3) {
                        throw new C3460bet(new beM(muP, "CertPathReviewer.criticalExtensionError", new Object[]{e3.getMessage(), e3, e3.getClass().getName()}), e3.getCause(), this.certPath, size);
                    }
                }
                if (!criticalExtensionOIDs.isEmpty()) {
                    Iterator<String> it3 = criticalExtensionOIDs.iterator();
                    while (it3.hasNext()) {
                        b(new beM(muP, "CertPathReviewer.unknownCriticalExt", new Object[]{new C2939atE(it3.next())}), size);
                    }
                }
            }
        }
    }

    private boolean processQcStatements(X509Certificate x509Certificate, int i) {
        try {
            boolean z = false;
            AbstractC2945atK abstractC2945atK = (AbstractC2945atK) a(x509Certificate, muM);
            for (int i2 = 0; i2 < abstractC2945atK.size(); i2++) {
                aCH hN = aCH.hN(abstractC2945atK.lA(i2));
                if (aCH.kii.equals(hN.bdD())) {
                    a(new beM(muP, "CertPathReviewer.QcEuCompliance"), i);
                } else if (!aCH.kiy.equals(hN.bdD())) {
                    if (aCH.kil.equals(hN.bdD())) {
                        a(new beM(muP, "CertPathReviewer.QcSSCD"), i);
                    } else if (aCH.kij.equals(hN.bdD())) {
                        aCG hM = aCG.hM(hN.bdE());
                        hM.bdC();
                        double doubleValue = hM.getAmount().doubleValue() * Math.pow(10.0d, hM.getExponent().doubleValue());
                        a(hM.bdC().isAlphabetic() ? new beM(muP, "CertPathReviewer.QcLimitValueAlpha", new Object[]{hM.bdC().getAlphabetic(), new beW(new Double(doubleValue)), hM}) : new beM(muP, "CertPathReviewer.QcLimitValueNum", new Object[]{bfA.valueOf(hM.bdC().getNumeric()), new beW(new Double(doubleValue)), hM}), i);
                    } else {
                        a(new beM(muP, "CertPathReviewer.QcUnknownStatement", new Object[]{hN.bdD(), new beX(hN)}), i);
                        z = true;
                    }
                }
            }
            return !z;
        } catch (C3458ber e) {
            b(new beM(muP, "CertPathReviewer.QcStatementExtError"), i);
            return false;
        }
    }

    private String IPtoString(byte[] bArr) {
        String stringBuffer;
        try {
            stringBuffer = InetAddress.getByAddress(bArr).getHostAddress();
        } catch (Exception e) {
            StringBuffer stringBuffer2 = new StringBuffer();
            for (int i = 0; i != bArr.length; i++) {
                stringBuffer2.append(Integer.toHexString(bArr[i] & 255));
                stringBuffer2.append(' ');
            }
            stringBuffer = stringBuffer2.toString();
        }
        return stringBuffer;
    }

    protected void checkRevocation(PKIXParameters pKIXParameters, X509Certificate x509Certificate, Date date, X509Certificate x509Certificate2, PublicKey publicKey, Vector vector, Vector vector2, int i) throws C3460bet {
        checkCRLs(pKIXParameters, x509Certificate, date, x509Certificate2, publicKey, vector, i);
    }

    protected void checkCRLs(PKIXParameters pKIXParameters, X509Certificate x509Certificate, Date date, X509Certificate x509Certificate2, PublicKey publicKey, Vector vector, int i) throws C3460bet {
        Iterator it;
        boolean[] keyUsage;
        String str;
        X509CRL crl;
        beJ bej = new beJ();
        try {
            bej.addIssuerName(getEncodedIssuerPrincipal(x509Certificate).getEncoded());
            bej.setCertificateChecking(x509Certificate);
            try {
                Set a = C3466bez.a(new C1787aUv.a(bej).blD(), pKIXParameters);
                it = a.iterator();
                if (a.isEmpty()) {
                    Iterator it2 = C3466bez.a(new C1787aUv.a(new X509CRLSelector()).blD(), pKIXParameters).iterator();
                    ArrayList arrayList = new ArrayList();
                    while (it2.hasNext()) {
                        arrayList.add(((X509CRL) it2.next()).getIssuerX500Principal());
                    }
                    a(new beM(muP, "CertPathReviewer.noCrlInCertstore", new Object[]{new beX(bej.getIssuerNames()), new beX(arrayList), bfA.valueOf(arrayList.size())}), i);
                }
            } catch (C3458ber e) {
                b(new beM(muP, "CertPathReviewer.crlExtractionError", new Object[]{e.getCause().getMessage(), e.getCause(), e.getCause().getClass().getName()}), i);
                it = new ArrayList().iterator();
            }
            boolean z = false;
            X509CRL x509crl = null;
            while (it.hasNext()) {
                x509crl = (X509CRL) it.next();
                Date thisUpdate = x509crl.getThisUpdate();
                Date nextUpdate = x509crl.getNextUpdate();
                Object[] objArr = {new beW(thisUpdate), new beW(nextUpdate)};
                if (nextUpdate == null || date.before(x509crl.getNextUpdate())) {
                    z = true;
                    a(new beM(muP, "CertPathReviewer.localValidCRL", objArr), i);
                    break;
                }
                a(new beM(muP, "CertPathReviewer.localInvalidCRL", objArr), i);
            }
            if (!z) {
                X500Principal issuerX500Principal = x509Certificate.getIssuerX500Principal();
                Iterator it3 = vector.iterator();
                while (it3.hasNext()) {
                    try {
                        str = (String) it3.next();
                        crl = getCRL(str);
                    } catch (C3460bet e2) {
                        a(e2.bou(), i);
                    }
                    if (crl != null) {
                        X500Principal issuerX500Principal2 = crl.getIssuerX500Principal();
                        if (issuerX500Principal.equals(issuerX500Principal2)) {
                            Date thisUpdate2 = crl.getThisUpdate();
                            Date nextUpdate2 = crl.getNextUpdate();
                            Object[] objArr2 = {new beW(thisUpdate2), new beW(nextUpdate2), new beY(str)};
                            if (nextUpdate2 == null || date.before(nextUpdate2)) {
                                z = true;
                                a(new beM(muP, "CertPathReviewer.onlineValidCRL", objArr2), i);
                                x509crl = crl;
                                break;
                            }
                            a(new beM(muP, "CertPathReviewer.onlineInvalidCRL", objArr2), i);
                        } else {
                            a(new beM(muP, "CertPathReviewer.onlineCRLWrongCA", new Object[]{new beX(issuerX500Principal2.getName()), new beX(issuerX500Principal.getName()), new beY(str)}), i);
                        }
                    }
                }
            }
            if (x509crl != null) {
                if (x509Certificate2 != null && (keyUsage = x509Certificate2.getKeyUsage()) != null && (keyUsage.length <= 6 || !keyUsage[6])) {
                    throw new C3460bet(new beM(muP, "CertPathReviewer.noCrlSigningPermited"));
                }
                if (publicKey == null) {
                    throw new C3460bet(new beM(muP, "CertPathReviewer.crlNoIssuerPublicKey"));
                }
                try {
                    x509crl.verify(publicKey, "BC");
                    X509CRLEntry revokedCertificate = x509crl.getRevokedCertificate(x509Certificate.getSerialNumber());
                    if (revokedCertificate != null) {
                        String str2 = null;
                        if (revokedCertificate.hasExtensions()) {
                            try {
                                C2982atv bB = C2982atv.bB(a(revokedCertificate, aBK.keJ.getId()));
                                if (bB != null) {
                                    str2 = muG[bB.getValue().intValue()];
                                }
                            } catch (C3458ber e3) {
                                throw new C3460bet(new beM(muP, "CertPathReviewer.crlReasonExtError"), e3);
                            }
                        }
                        if (str2 == null) {
                            str2 = muG[7];
                        }
                        beN ben = new beN(muP, str2);
                        if (!date.before(revokedCertificate.getRevocationDate())) {
                            throw new C3460bet(new beM(muP, "CertPathReviewer.certRevoked", new Object[]{new beW(revokedCertificate.getRevocationDate()), ben}));
                        }
                        a(new beM(muP, "CertPathReviewer.revokedAfterValidation", new Object[]{new beW(revokedCertificate.getRevocationDate()), ben}), i);
                    } else {
                        a(new beM(muP, "CertPathReviewer.notRevoked"), i);
                    }
                    Date nextUpdate3 = x509crl.getNextUpdate();
                    if (nextUpdate3 != null && !date.before(nextUpdate3)) {
                        a(new beM(muP, "CertPathReviewer.crlUpdateAvailable", new Object[]{new beW(nextUpdate3)}), i);
                    }
                    try {
                        AbstractC2944atJ a2 = a(x509crl, muw);
                        try {
                            AbstractC2944atJ a3 = a(x509crl, mux);
                            if (a3 != null) {
                                beJ bej2 = new beJ();
                                try {
                                    bej2.addIssuerName(getIssuerPrincipal(x509crl).getEncoded());
                                    bej2.setMinCRLNumber(((C2936atB) a3).getPositiveValue());
                                    try {
                                        bej2.setMaxCRLNumber(((C2936atB) a(x509crl, muD)).getPositiveValue().subtract(BigInteger.valueOf(1L)));
                                        boolean z2 = false;
                                        try {
                                            Iterator it4 = C3466bez.a(bej2, pKIXParameters).iterator();
                                            while (true) {
                                                if (!it4.hasNext()) {
                                                    break;
                                                }
                                                try {
                                                    if (C3465bey.areEqual(a2, a((X509CRL) it4.next(), muw))) {
                                                        z2 = true;
                                                        break;
                                                    }
                                                } catch (C3458ber e4) {
                                                    throw new C3460bet(new beM(muP, "CertPathReviewer.distrPtExtError"), e4);
                                                }
                                            }
                                            if (!z2) {
                                                throw new C3460bet(new beM(muP, "CertPathReviewer.noBaseCRL"));
                                            }
                                        } catch (C3458ber e5) {
                                            throw new C3460bet(new beM(muP, "CertPathReviewer.crlExtractionError"), e5);
                                        }
                                    } catch (C3458ber e6) {
                                        throw new C3460bet(new beM(muP, "CertPathReviewer.crlNbrExtError"), e6);
                                    }
                                } catch (IOException e7) {
                                    throw new C3460bet(new beM(muP, "CertPathReviewer.crlIssuerException"), e7);
                                }
                            }
                            if (a2 != null) {
                                aBU hl = aBU.hl(a2);
                                try {
                                    C1261aBv gO = C1261aBv.gO(a(x509Certificate, muq));
                                    if (hl.onlyContainsUserCerts() && gO != null && gO.isCA()) {
                                        throw new C3460bet(new beM(muP, "CertPathReviewer.crlOnlyUserCert"));
                                    }
                                    if (hl.onlyContainsCACerts() && (gO == null || !gO.isCA())) {
                                        throw new C3460bet(new beM(muP, "CertPathReviewer.crlOnlyCaCert"));
                                    }
                                    if (hl.onlyContainsAttributeCerts()) {
                                        throw new C3460bet(new beM(muP, "CertPathReviewer.crlOnlyAttrCert"));
                                    }
                                } catch (C3458ber e8) {
                                    throw new C3460bet(new beM(muP, "CertPathReviewer.crlBCExtError"), e8);
                                }
                            }
                        } catch (C3458ber e9) {
                            throw new C3460bet(new beM(muP, "CertPathReviewer.deltaCrlExtError"));
                        }
                    } catch (C3458ber e10) {
                        throw new C3460bet(new beM(muP, "CertPathReviewer.distrPtExtError"));
                    }
                } catch (Exception e11) {
                    throw new C3460bet(new beM(muP, "CertPathReviewer.crlVerifyFailed"), e11);
                }
            }
            if (!z) {
                throw new C3460bet(new beM(muP, "CertPathReviewer.noValidCrlFound"));
            }
        } catch (IOException e12) {
            throw new C3460bet(new beM(muP, "CertPathReviewer.crlIssuerException"), e12);
        }
    }

    protected Vector a(C1262aBw c1262aBw) {
        Vector vector = new Vector();
        if (c1262aBw != null) {
            for (aBH abh : c1262aBw.bcn()) {
                aBI bcz = abh.bcz();
                if (bcz.getType() == 0) {
                    aBN[] bcL = aBO.hg(bcz.bcC()).bcL();
                    for (int i = 0; i < bcL.length; i++) {
                        if (bcL[i].getTagNo() == 6) {
                            vector.add(((C3034auu) bcL[i].bcC()).getString());
                        }
                    }
                }
            }
        }
        return vector;
    }

    protected Vector a(C1259aBt c1259aBt) {
        Vector vector = new Vector();
        if (c1259aBt != null) {
            C1252aBm[] bcl = c1259aBt.bcl();
            for (int i = 0; i < bcl.length; i++) {
                if (bcl[i].bbY().equals(C1252aBm.kdz)) {
                    aBN bbZ = bcl[i].bbZ();
                    if (bbZ.getTagNo() == 6) {
                        vector.add(((C3034auu) bbZ.bcC()).getString());
                    }
                }
            }
        }
        return vector;
    }

    private X509CRL getCRL(String str) throws C3460bet {
        X509CRL x509crl = null;
        try {
            URL url = new URL(str);
            if (url.getProtocol().equals(C4020jf.j.b.bUq) || url.getProtocol().equals(C4020jf.j.b.bUr)) {
                HttpURLConnection httpURLConnection = (HttpURLConnection) url.openConnection();
                httpURLConnection.setUseCaches(false);
                httpURLConnection.setDoInput(true);
                httpURLConnection.connect();
                if (httpURLConnection.getResponseCode() != 200) {
                    throw new Exception(httpURLConnection.getResponseMessage());
                }
                x509crl = (X509CRL) CertificateFactory.getInstance("X.509", "BC").generateCRL(httpURLConnection.getInputStream());
            }
            return x509crl;
        } catch (Exception e) {
            throw new C3460bet(new beM(muP, "CertPathReviewer.loadCrlDistPointError", new Object[]{new beX(str), e.getMessage(), e, e.getClass().getName()}));
        }
    }

    protected Collection getTrustAnchors(X509Certificate x509Certificate, Set set) throws C3460bet {
        ArrayList arrayList = new ArrayList();
        Iterator it = set.iterator();
        X509CertSelector x509CertSelector = new X509CertSelector();
        try {
            x509CertSelector.setSubject(getEncodedIssuerPrincipal(x509Certificate).getEncoded());
            byte[] extensionValue = x509Certificate.getExtensionValue(aBK.keT.getId());
            if (extensionValue != null) {
                C1260aBu gN = C1260aBu.gN(AbstractC2944atJ.aP(((AbstractC2940atF) AbstractC2944atJ.aP(extensionValue)).getOctets()));
                x509CertSelector.setSerialNumber(gN.getAuthorityCertSerialNumber());
                byte[] keyIdentifier = gN.getKeyIdentifier();
                if (keyIdentifier != null) {
                    x509CertSelector.setSubjectKeyIdentifier(new C3037auxx(keyIdentifier).getEncoded());
                }
            }
            while (it.hasNext()) {
                TrustAnchor trustAnchor = (TrustAnchor) it.next();
                if (trustAnchor.getTrustedCert() != null) {
                    if (x509CertSelector.match(trustAnchor.getTrustedCert())) {
                        arrayList.add(trustAnchor);
                    }
                } else if (trustAnchor.getCAName() != null && trustAnchor.getCAPublicKey() != null && getEncodedIssuerPrincipal(x509Certificate).equals(new X500Principal(trustAnchor.getCAName()))) {
                    arrayList.add(trustAnchor);
                }
            }
            return arrayList;
        } catch (IOException e) {
            throw new C3460bet(new beM(muP, "CertPathReviewer.trustAnchorIssuerError"));
        }
    }
}
