package com.aspose.html.utils;

import com.aspose.html.utils.C1814aVz;
import com.aspose.html.utils.aVB;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.math.BigInteger;
import java.security.GeneralSecurityException;
import java.security.KeyFactory;
import java.security.Provider;
import java.security.PublicKey;
import java.security.cert.CRL;
import java.security.cert.CRLException;
import java.security.cert.CertPath;
import java.security.cert.CertPathValidatorException;
import java.security.cert.CertStore;
import java.security.cert.CertStoreException;
import java.security.cert.Certificate;
import java.security.cert.CertificateParsingException;
import java.security.cert.PolicyQualifierInfo;
import java.security.cert.TrustAnchor;
import java.security.cert.X509CRL;
import java.security.cert.X509CRLEntry;
import java.security.cert.X509CRLSelector;
import java.security.cert.X509CertSelector;
import java.security.cert.X509Certificate;
import java.security.cert.X509Extension;
import java.security.interfaces.DSAParams;
import java.security.interfaces.DSAPublicKey;
import java.security.spec.DSAPublicKeySpec;
import java.text.ParseException;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Collections;
import java.util.Date;
import java.util.Enumeration;
import java.util.HashSet;
import java.util.Iterator;
import java.util.LinkedHashSet;
import java.util.List;
import java.util.Map;
import java.util.Set;
import javax.security.auth.x500.X500Principal;

/* renamed from: com.aspose.html.utils.aWr, reason: case insensitive filesystem */
/* loaded from: input_file:com/aspose/html/utils/aWr.class */
class C1833aWr {
    protected static final String lAP = "2.5.29.32.0";
    protected static final int lAR = 5;
    protected static final int lAS = 6;
    protected static final aWX lAO = new aWX();
    protected static final String lAQ = aCO.kho.getId();
    protected static final String[] lAT = {"unspecified", "keyCompromise", "cACompromise", "affiliationChanged", "superseded", "cessationOfOperation", "certificateHold", com.aspose.html.utils.ms.System.Net.SR.rM, "removeFromCRL", "privilegeWithdrawn", "aACompromise"};

    C1833aWr() {
    }

    protected static TrustAnchor findTrustAnchor(X509Certificate x509Certificate, Set set) throws aVY {
        return findTrustAnchor(x509Certificate, set, null);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static TrustAnchor findTrustAnchor(X509Certificate x509Certificate, Set set, String str) throws aVY {
        TrustAnchor trustAnchor = null;
        PublicKey publicKey = null;
        Exception exc = null;
        X509CertSelector x509CertSelector = new X509CertSelector();
        X500Principal encodedIssuerPrincipal = getEncodedIssuerPrincipal(x509Certificate);
        try {
            x509CertSelector.setSubject(encodedIssuerPrincipal.getEncoded());
            Iterator it = set.iterator();
            while (it.hasNext() && trustAnchor == null) {
                trustAnchor = (TrustAnchor) it.next();
                if (trustAnchor.getTrustedCert() != null) {
                    if (x509CertSelector.match(trustAnchor.getTrustedCert())) {
                        publicKey = trustAnchor.getTrustedCert().getPublicKey();
                    } else {
                        trustAnchor = null;
                    }
                } else if (trustAnchor.getCAName() == null || trustAnchor.getCAPublicKey() == null) {
                    trustAnchor = null;
                } else {
                    try {
                        if (encodedIssuerPrincipal.equals(new X500Principal(trustAnchor.getCAName()))) {
                            publicKey = trustAnchor.getCAPublicKey();
                        } else {
                            trustAnchor = null;
                        }
                    } catch (IllegalArgumentException e) {
                        trustAnchor = null;
                    }
                }
                if (publicKey != null) {
                    try {
                        verifyX509Certificate(x509Certificate, publicKey, str);
                    } catch (Exception e2) {
                        exc = e2;
                        trustAnchor = null;
                        publicKey = null;
                    }
                }
            }
            if (trustAnchor != null || exc == null) {
                return trustAnchor;
            }
            throw new aVY("TrustAnchor found but certificate validation failed.", exc);
        } catch (IOException e3) {
            throw new aVY("Cannot set subject search criteria for trust anchor.", e3);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static List<aVA> getAdditionalStoresFromAltNames(byte[] bArr, Map<aCR, aVA> map) throws CertificateParsingException {
        if (bArr == null) {
            return Collections.EMPTY_LIST;
        }
        aCR[] beD = aCS.hj(AbstractC2993auJ.bJ(bArr).getOctets()).beD();
        ArrayList arrayList = new ArrayList();
        for (int i = 0; i != beD.length; i++) {
            aVA ava = map.get(beD[i]);
            if (ava != null) {
                arrayList.add(ava);
            }
        }
        return arrayList;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static X500Principal getEncodedIssuerPrincipal(Object obj) {
        return ((X509Certificate) obj).getIssuerX500Principal();
    }

    protected static Date j(aVD avd) {
        Date date = avd.getDate();
        if (date == null) {
            date = new Date();
        }
        return date;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static C1270aCh i(X509Certificate x509Certificate) {
        return C1270aCh.gH(x509Certificate.getSubjectX500Principal().getEncoded());
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static X500Principal getSubjectPrincipal(X509Certificate x509Certificate) {
        return x509Certificate.getSubjectX500Principal();
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static boolean isSelfIssued(X509Certificate x509Certificate) {
        return x509Certificate.getSubjectDN().equals(x509Certificate.getIssuerDN());
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static AbstractC2997auN a(X509Extension x509Extension, String str) throws aVY {
        byte[] extensionValue = x509Extension.getExtensionValue(str);
        if (extensionValue == null) {
            return null;
        }
        return d(str, extensionValue);
    }

    private static AbstractC2997auN d(String str, byte[] bArr) throws aVY {
        try {
            return AbstractC2997auN.aP(AbstractC2993auJ.bJ(bArr).getOctets());
        } catch (Exception e) {
            throw new aVY("exception processing extension " + str, e);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static X500Principal getIssuerPrincipal(X509CRL x509crl) {
        return x509crl.getIssuerX500Principal();
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static C1280aCr g(PublicKey publicKey) throws CertPathValidatorException {
        try {
            return C1308aDs.hD(publicKey.getEncoded()).aYy();
        } catch (Exception e) {
            throw new CertPathValidatorException("Subject public key cannot be decoded.", e);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static final Set i(AbstractC2998auO abstractC2998auO) throws CertPathValidatorException {
        HashSet hashSet = new HashSet();
        if (abstractC2998auO == null) {
            return hashSet;
        }
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        C2995auL c2995auL = new C2995auL(byteArrayOutputStream);
        Enumeration objects = abstractC2998auO.getObjects();
        while (objects.hasMoreElements()) {
            try {
                c2995auL.b((InterfaceC3032auw) objects.nextElement());
                hashSet.add(new PolicyQualifierInfo(byteArrayOutputStream.toByteArray()));
                byteArrayOutputStream.reset();
            } catch (IOException e) {
                throw new CertPathValidatorException("Policy qualifier info cannot be decoded.", e);
            }
        }
        return hashSet;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static C1844aXb a(C1844aXb c1844aXb, List[] listArr, C1844aXb c1844aXb2) {
        C1844aXb c1844aXb3 = (C1844aXb) c1844aXb2.getParent();
        if (c1844aXb == null) {
            return null;
        }
        if (c1844aXb3 != null) {
            c1844aXb3.b(c1844aXb2);
            a(listArr, c1844aXb2);
            return c1844aXb;
        }
        for (int i = 0; i < listArr.length; i++) {
            listArr[i] = new ArrayList();
        }
        return null;
    }

    private static void a(List[] listArr, C1844aXb c1844aXb) {
        listArr[c1844aXb.getDepth()].remove(c1844aXb);
        if (c1844aXb.hasChildren()) {
            Iterator children = c1844aXb.getChildren();
            while (children.hasNext()) {
                a(listArr, (C1844aXb) children.next());
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static boolean a(int i, List[] listArr, C2992auI c2992auI, Set set) {
        List list = listArr[i - 1];
        for (int i2 = 0; i2 < list.size(); i2++) {
            C1844aXb c1844aXb = (C1844aXb) list.get(i2);
            if (c1844aXb.getExpectedPolicies().contains(c2992auI.getId())) {
                HashSet hashSet = new HashSet();
                hashSet.add(c2992auI.getId());
                C1844aXb c1844aXb2 = new C1844aXb(new ArrayList(), i, hashSet, c1844aXb, set, c2992auI.getId(), false);
                c1844aXb.a(c1844aXb2);
                listArr[i].add(c1844aXb2);
                list.set(i2, c1844aXb);
                return true;
            }
        }
        return false;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static void b(int i, List[] listArr, C2992auI c2992auI, Set set) {
        List list = listArr[i - 1];
        for (int i2 = 0; i2 < list.size(); i2++) {
            C1844aXb c1844aXb = (C1844aXb) list.get(i2);
            if ("2.5.29.32.0".equals(c1844aXb.getValidPolicy())) {
                HashSet hashSet = new HashSet();
                hashSet.add(c2992auI.getId());
                C1844aXb c1844aXb2 = new C1844aXb(new ArrayList(), i, hashSet, c1844aXb, set, c2992auI.getId(), false);
                c1844aXb.a(c1844aXb2);
                listArr[i].add(c1844aXb2);
                return;
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static boolean isAnyPolicy(Set set) {
        return set == null || set.contains("2.5.29.32.0") || set.isEmpty();
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static Collection a(aVB avb, List list) throws aVY {
        LinkedHashSet linkedHashSet = new LinkedHashSet();
        for (Object obj : list) {
            if (obj instanceof bgM) {
                try {
                    linkedHashSet.addAll(((bgM) obj).a(avb));
                } catch (bgN e) {
                    throw new aVY("Problem while picking certificates from X.509 store.", e);
                }
            } else {
                try {
                    linkedHashSet.addAll(aVB.a(avb, (CertStore) obj));
                } catch (CertStoreException e2) {
                    throw new aVY("Problem while picking certificates from certificate store.", e2);
                }
            }
        }
        return linkedHashSet;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static List<InterfaceC1813aVy> a(aCA aca, Map<aCR, InterfaceC1813aVy> map) throws aVY {
        if (aca == null) {
            return Collections.EMPTY_LIST;
        }
        try {
            aCL[] bef = aca.bef();
            ArrayList arrayList = new ArrayList();
            for (aCL acl : bef) {
                aCM ber = acl.ber();
                if (ber != null && ber.getType() == 0) {
                    for (aCR acr : aCS.hj(ber.beu()).beD()) {
                        InterfaceC1813aVy interfaceC1813aVy = map.get(acr);
                        if (interfaceC1813aVy != null) {
                            arrayList.add(interfaceC1813aVy);
                        }
                    }
                }
            }
            return arrayList;
        } catch (Exception e) {
            throw new aVY("Distribution points could not be read.", e);
        }
    }

    protected static void a(aCL acl, Collection collection, X509CRLSelector x509CRLSelector) throws aVY {
        ArrayList arrayList = new ArrayList();
        if (acl.bet() != null) {
            aCR[] beD = acl.bet().beD();
            for (int i = 0; i < beD.length; i++) {
                if (beD[i].getTagNo() == 4) {
                    try {
                        arrayList.add(new X500Principal(beD[i].beu().aVy().getEncoded()));
                    } catch (IOException e) {
                        throw new aVY("CRL issuer information from distribution point cannot be decoded.", e);
                    }
                }
            }
        } else {
            if (acl.ber() == null) {
                throw new aVY("CRL issuer is omitted from distribution point but no distributionPoint field present.");
            }
            Iterator it = collection.iterator();
            while (it.hasNext()) {
                arrayList.add((X500Principal) it.next());
            }
        }
        Iterator it2 = arrayList.iterator();
        while (it2.hasNext()) {
            try {
                x509CRLSelector.addIssuerName(((X500Principal) it2.next()).getEncoded());
            } catch (IOException e2) {
                throw new aVY("Cannot decode CRL issuer information.", e2);
            }
        }
    }

    private static BigInteger getSerialNumber(Object obj) {
        return ((X509Certificate) obj).getSerialNumber();
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static void a(Date date, X509CRL x509crl, Object obj, C1834aWs c1834aWs) throws aVY {
        X509CRLEntry revokedCertificate;
        try {
            if (C1892aYw.isIndirectCRL(x509crl)) {
                revokedCertificate = x509crl.getRevokedCertificate(getSerialNumber(obj));
                if (revokedCertificate == null) {
                    return;
                }
                X500Principal certificateIssuer = revokedCertificate.getCertificateIssuer();
                if (certificateIssuer == null) {
                    certificateIssuer = getIssuerPrincipal(x509crl);
                }
                if (!getEncodedIssuerPrincipal(obj).equals(certificateIssuer)) {
                    return;
                }
            } else {
                if (!getEncodedIssuerPrincipal(obj).equals(getIssuerPrincipal(x509crl))) {
                    return;
                }
                revokedCertificate = x509crl.getRevokedCertificate(getSerialNumber(obj));
                if (revokedCertificate == null) {
                    return;
                }
            }
            C3035auz c3035auz = null;
            if (revokedCertificate.hasExtensions()) {
                try {
                    c3035auz = C3035auz.bE(a(revokedCertificate, aCO.khp.getId()));
                } catch (Exception e) {
                    throw new aVY("Reason code CRL entry extension could not be decoded.", e);
                }
            }
            if (date.getTime() >= revokedCertificate.getRevocationDate().getTime() || c3035auz == null || c3035auz.getValue().intValue() == 0 || c3035auz.getValue().intValue() == 1 || c3035auz.getValue().intValue() == 2 || c3035auz.getValue().intValue() == 8) {
                if (c3035auz != null) {
                    c1834aWs.setCertStatus(c3035auz.getValue().intValue());
                } else {
                    c1834aWs.setCertStatus(0);
                }
                c1834aWs.setRevocationDate(revokedCertificate.getRevocationDate());
            }
        } catch (CRLException e2) {
            throw new aVY("Failed check for indirect CRL.", e2);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static Set getDeltaCRLs(Date date, X509CRL x509crl, List<CertStore> list, List<InterfaceC1813aVy> list2) throws aVY {
        X509CRLSelector x509CRLSelector = new X509CRLSelector();
        try {
            x509CRLSelector.addIssuerName(getIssuerPrincipal(x509crl).getEncoded());
            try {
                AbstractC2997auN a = a(x509crl, lAQ);
                BigInteger positiveValue = a != null ? C2989auF.bG(a).getPositiveValue() : null;
                try {
                    byte[] extensionValue = x509crl.getExtensionValue(C1886aYq.mbI);
                    x509CRLSelector.setMinCRLNumber(positiveValue == null ? null : positiveValue.add(BigInteger.valueOf(1L)));
                    C1814aVz.a aVar = new C1814aVz.a(x509CRLSelector);
                    aVar.setIssuingDistributionPoint(extensionValue);
                    aVar.setIssuingDistributionPointEnabled(true);
                    aVar.setMaxBaseCRLNumber(positiveValue);
                    Set<X509CRL> a2 = lAO.a(aVar.bnv(), date, list, list2);
                    HashSet hashSet = new HashSet();
                    for (X509CRL x509crl2 : a2) {
                        if (isDeltaCRL(x509crl2)) {
                            hashSet.add(x509crl2);
                        }
                    }
                    return hashSet;
                } catch (Exception e) {
                    throw new aVY("Issuing distribution point extension value could not be read.", e);
                }
            } catch (Exception e2) {
                throw new aVY("CRL number extension could not be extracted from CRL.", e2);
            }
        } catch (IOException e3) {
            throw new aVY("Cannot extract issuer from CRL.", e3);
        }
    }

    private static boolean isDeltaCRL(X509CRL x509crl) {
        Set<String> criticalExtensionOIDs = x509crl.getCriticalExtensionOIDs();
        if (criticalExtensionOIDs == null) {
            return false;
        }
        return criticalExtensionOIDs.contains(C1886aYq.mbK);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static Set a(aCL acl, Object obj, Date date, aVD avd) throws aVY {
        X509CRLSelector x509CRLSelector = new X509CRLSelector();
        try {
            HashSet hashSet = new HashSet();
            hashSet.add(getEncodedIssuerPrincipal(obj));
            a(acl, hashSet, x509CRLSelector);
            if (obj instanceof X509Certificate) {
                x509CRLSelector.setCertificateChecking((X509Certificate) obj);
            }
            C1814aVz<? extends CRL> bnv = new C1814aVz.a(x509CRLSelector).fE(true).bnv();
            Date date2 = date;
            if (avd.getDate() != null) {
                date2 = avd.getDate();
            }
            Set a = lAO.a(bnv, date2, avd.getCertStores(), avd.getCRLStores());
            if (a.isEmpty()) {
                throw new aVY("No CRLs found for issuer \"" + ((X509Certificate) obj).getIssuerX500Principal() + "\"");
            }
            return a;
        } catch (aVY e) {
            throw new aVY("Could not get issuer information from distribution point.", e);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static Date a(aVD avd, CertPath certPath, int i) throws aVY {
        if (avd.getValidityModel() == 1 && i > 0) {
            if (i - 1 != 0) {
                return ((X509Certificate) certPath.getCertificates().get(i - 1)).getNotBefore();
            }
            C2986auC c2986auC = null;
            try {
                byte[] extensionValue = ((X509Certificate) certPath.getCertificates().get(i - 1)).getExtensionValue(InterfaceC1215aAg.jPX.getId());
                if (extensionValue != null) {
                    c2986auC = C2986auC.bF(AbstractC2997auN.aP(extensionValue));
                }
                if (c2986auC == null) {
                    return ((X509Certificate) certPath.getCertificates().get(i - 1)).getNotBefore();
                }
                try {
                    return c2986auC.getDate();
                } catch (ParseException e) {
                    throw new aVY("Date from date of cert gen extension could not be parsed.", e);
                }
            } catch (IOException e2) {
                throw new aVY("Date of cert gen extension could not be read.");
            } catch (IllegalArgumentException e3) {
                throw new aVY("Date of cert gen extension could not be read.");
            }
        }
        return j(avd);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static PublicKey getNextWorkingKey(List list, int i, Provider provider) throws CertPathValidatorException {
        PublicKey publicKey = ((Certificate) list.get(i)).getPublicKey();
        if (!(publicKey instanceof DSAPublicKey)) {
            return publicKey;
        }
        DSAPublicKey dSAPublicKey = (DSAPublicKey) publicKey;
        if (dSAPublicKey.getParams() != null) {
            return dSAPublicKey;
        }
        for (int i2 = i + 1; i2 < list.size(); i2++) {
            PublicKey publicKey2 = ((X509Certificate) list.get(i2)).getPublicKey();
            if (!(publicKey2 instanceof DSAPublicKey)) {
                throw new CertPathValidatorException("DSA parameters cannot be inherited from previous certificate.");
            }
            DSAPublicKey dSAPublicKey2 = (DSAPublicKey) publicKey2;
            if (dSAPublicKey2.getParams() != null) {
                DSAParams params = dSAPublicKey2.getParams();
                try {
                    return KeyFactory.getInstance("DSA", provider).generatePublic(new DSAPublicKeySpec(dSAPublicKey.getY(), params.getP(), params.getQ(), params.getG()));
                } catch (Exception e) {
                    throw new CertPathValidatorException(e.getMessage(), e);
                }
            }
        }
        throw new CertPathValidatorException("DSA parameters cannot be inherited from previous certificate.");
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static Collection findIssuerCerts(X509Certificate x509Certificate, List<CertStore> list, List<aVA> list2) throws aVY {
        X509CertSelector x509CertSelector = new X509CertSelector();
        try {
            x509CertSelector.setSubject(x509Certificate.getIssuerX500Principal().getEncoded());
            aVB<? extends Certificate> bnw = new aVB.a(x509CertSelector).bnw();
            LinkedHashSet linkedHashSet = new LinkedHashSet();
            try {
                ArrayList arrayList = new ArrayList();
                arrayList.addAll(a(bnw, list));
                arrayList.addAll(a(bnw, list2));
                Iterator it = arrayList.iterator();
                while (it.hasNext()) {
                    linkedHashSet.add((X509Certificate) it.next());
                }
                return linkedHashSet;
            } catch (aVY e) {
                throw new aVY("Issuer certificate cannot be searched.", e);
            }
        } catch (IOException e2) {
            throw new aVY("Subject criteria for certificate selector to find issuer certificate could not be set.", e2);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static void verifyX509Certificate(X509Certificate x509Certificate, PublicKey publicKey, String str) throws GeneralSecurityException {
        if (str == null) {
            x509Certificate.verify(publicKey);
        } else {
            x509Certificate.verify(publicKey, str);
        }
    }
}
