package com.aspose.html.utils;

import com.aspose.html.utils.aXP;
import com.aspose.html.utils.aXT;
import java.net.URI;
import java.security.GeneralSecurityException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.Provider;
import java.security.PublicKey;
import java.security.cert.CRL;
import java.security.cert.CertPathValidatorException;
import java.security.cert.CertStore;
import java.security.cert.CertStoreException;
import java.security.cert.Certificate;
import java.security.cert.CertificateFactory;
import java.security.cert.PKIXCertPathChecker;
import java.security.cert.PKIXParameters;
import java.security.cert.TrustAnchor;
import java.security.cert.X509CRL;
import java.security.cert.X509CRLSelector;
import java.security.cert.X509Certificate;
import java.text.SimpleDateFormat;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Collections;
import java.util.Date;
import java.util.Enumeration;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Set;
import java.util.TimeZone;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.security.auth.x500.X500Principal;

/* renamed from: com.aspose.html.utils.bif, reason: case insensitive filesystem */
/* loaded from: input_file:com/aspose/html/utils/bif.class */
public class C3551bif extends PKIXCertPathChecker {
    public static final int mCN = 0;
    public static final int mCO = 1;
    private final Map<X500Principal, Long> mCP;
    private final Set<TrustAnchor> mCQ;
    private final boolean mCR;
    private final int mCS;
    private final List<InterfaceC3575bjc<CRL>> mCT;
    private final List<CertStore> mCU;
    private final bhW mCV;
    private final boolean mCW;
    private final long mCX;
    private final long mCY;
    private final Date mCZ;
    private Date currentDate;
    private X500Principal workingIssuerName;
    private PublicKey workingPublicKey;
    private X509Certificate signingCert;
    private static Logger LOG = Logger.getLogger(C3551bif.class.getName());
    protected static final String[] mDa = {"unspecified", "keyCompromise", "cACompromise", "affiliationChanged", "superseded", "cessationOfOperation", "certificateHold", com.aspose.html.utils.ms.System.Net.SR.rM, "removeFromCRL", "privilegeWithdrawn", "aACompromise"};

    /* renamed from: com.aspose.html.utils.bif$a */
    /* loaded from: input_file:com/aspose/html/utils/bif$a.class */
    public static class a {
        private Set<TrustAnchor> trustAnchors;
        private List<CertStore> crlCertStores;
        private List<InterfaceC3575bjc<CRL>> crls;
        private boolean isCheckEEOnly;
        private int validityModel;
        private Provider provider;
        private String providerName;
        private boolean canSoftFail;
        private long failLogMaxTime;
        private long failHardMaxTime;
        private Date validityDate;

        public a(TrustAnchor trustAnchor) {
            this.crlCertStores = new ArrayList();
            this.crls = new ArrayList();
            this.validityModel = 0;
            this.validityDate = new Date();
            this.trustAnchors = Collections.singleton(trustAnchor);
        }

        public a(Set<TrustAnchor> set) {
            this.crlCertStores = new ArrayList();
            this.crls = new ArrayList();
            this.validityModel = 0;
            this.validityDate = new Date();
            this.trustAnchors = new HashSet(set);
        }

        public a(KeyStore keyStore) throws KeyStoreException {
            this.crlCertStores = new ArrayList();
            this.crls = new ArrayList();
            this.validityModel = 0;
            this.validityDate = new Date();
            this.trustAnchors = new HashSet();
            Enumeration<String> aliases = keyStore.aliases();
            while (aliases.hasMoreElements()) {
                String nextElement = aliases.nextElement();
                if (keyStore.isCertificateEntry(nextElement)) {
                    this.trustAnchors.add(new TrustAnchor((X509Certificate) keyStore.getCertificate(nextElement), null));
                }
            }
        }

        public a a(CertStore certStore) {
            this.crlCertStores.add(certStore);
            return this;
        }

        public a j(InterfaceC3575bjc<CRL> interfaceC3575bjc) {
            this.crls.add(interfaceC3575bjc);
            return this;
        }

        public a e(Date date) {
            this.validityDate = new Date(date.getTime());
            return this;
        }

        public a fP(boolean z) {
            this.isCheckEEOnly = z;
            return this;
        }

        public a b(boolean z, long j) {
            this.canSoftFail = z;
            this.failLogMaxTime = j;
            this.failHardMaxTime = -1L;
            return this;
        }

        public a c(boolean z, long j) {
            this.canSoftFail = z;
            this.failLogMaxTime = (j * 3) / 4;
            this.failHardMaxTime = j;
            return this;
        }

        public a mT(int i) {
            this.validityModel = i;
            return this;
        }

        public a af(Provider provider) {
            this.provider = provider;
            return this;
        }

        public a sI(String str) {
            this.providerName = str;
            return this;
        }

        public C3551bif btM() {
            return new C3551bif(this);
        }
    }

    /* renamed from: com.aspose.html.utils.bif$b */
    /* loaded from: input_file:com/aspose/html/utils/bif$b.class */
    class b implements aXO<CRL>, biV<CRL> {
        private Collection<CRL> _local;

        public b(InterfaceC3575bjc<CRL> interfaceC3575bjc) {
            this._local = new ArrayList(interfaceC3575bjc.a(null));
        }

        @Override // com.aspose.html.utils.aXO, com.aspose.html.utils.InterfaceC3575bjc
        public Collection<CRL> a(InterfaceC3573bja<CRL> interfaceC3573bja) {
            if (interfaceC3573bja == null) {
                return new ArrayList(this._local);
            }
            ArrayList arrayList = new ArrayList();
            for (CRL crl : this._local) {
                if (interfaceC3573bja.match(crl)) {
                    arrayList.add(crl);
                }
            }
            return arrayList;
        }

        @Override // com.aspose.html.utils.biV, java.lang.Iterable
        public Iterator<CRL> iterator() {
            return a(null).iterator();
        }
    }

    private C3551bif(a aVar) {
        this.mCP = new HashMap();
        this.mCT = new ArrayList(aVar.crls);
        this.mCU = new ArrayList(aVar.crlCertStores);
        this.mCR = aVar.isCheckEEOnly;
        this.mCS = aVar.validityModel;
        this.mCQ = aVar.trustAnchors;
        this.mCW = aVar.canSoftFail;
        this.mCX = aVar.failLogMaxTime;
        this.mCY = aVar.failHardMaxTime;
        this.mCZ = aVar.validityDate;
        if (aVar.provider != null) {
            this.mCV = new bhZ(aVar.provider);
        } else if (aVar.providerName != null) {
            this.mCV = new bhX(aVar.providerName);
        } else {
            this.mCV = new bhV();
        }
    }

    @Override // java.security.cert.PKIXCertPathChecker, java.security.cert.CertPathChecker
    public void init(boolean z) throws CertPathValidatorException {
        if (z) {
            throw new IllegalArgumentException("forward processing not supported");
        }
        this.currentDate = new Date();
        this.workingIssuerName = null;
    }

    @Override // java.security.cert.PKIXCertPathChecker, java.security.cert.CertPathChecker
    public boolean isForwardCheckingSupported() {
        return false;
    }

    @Override // java.security.cert.PKIXCertPathChecker
    public Set<String> getSupportedExtensions() {
        return null;
    }

    @Override // java.security.cert.PKIXCertPathChecker
    public void check(Certificate certificate, Collection<String> collection) throws CertPathValidatorException {
        X509Certificate x509Certificate = (X509Certificate) certificate;
        if (this.mCR && x509Certificate.getBasicConstraints() != -1) {
            this.workingIssuerName = x509Certificate.getSubjectX500Principal();
            this.workingPublicKey = x509Certificate.getPublicKey();
            this.signingCert = x509Certificate;
            return;
        }
        TrustAnchor trustAnchor = null;
        if (this.workingIssuerName == null) {
            this.workingIssuerName = x509Certificate.getIssuerX500Principal();
            for (TrustAnchor trustAnchor2 : this.mCQ) {
                if (this.workingIssuerName.equals(trustAnchor2.getCA()) || this.workingIssuerName.equals(trustAnchor2.getTrustedCert().getSubjectX500Principal())) {
                    trustAnchor = trustAnchor2;
                }
            }
            if (trustAnchor == null) {
                throw new CertPathValidatorException("no trust anchor found for " + this.workingIssuerName);
            }
            this.signingCert = trustAnchor.getTrustedCert();
            this.workingPublicKey = this.signingCert.getPublicKey();
        }
        ArrayList arrayList = new ArrayList();
        try {
            PKIXParameters pKIXParameters = new PKIXParameters(this.mCQ);
            pKIXParameters.setRevocationEnabled(false);
            pKIXParameters.setDate(this.mCZ);
            for (int i = 0; i != this.mCU.size(); i++) {
                if (LOG.isLoggable(Level.INFO)) {
                    addIssuers(arrayList, this.mCU.get(i));
                }
                pKIXParameters.addCertStore(this.mCU.get(i));
            }
            aXT.a aVar = new aXT.a(pKIXParameters);
            aVar.mz(this.mCS);
            for (int i2 = 0; i2 != this.mCT.size(); i2++) {
                if (LOG.isLoggable(Level.INFO)) {
                    a(arrayList, this.mCT.get(i2));
                }
                aVar.a(new b(this.mCT.get(i2)));
            }
            if (arrayList.isEmpty()) {
                LOG.log(Level.INFO, "configured with 0 pre-loaded CRLs");
            } else if (LOG.isLoggable(Level.FINE)) {
                for (int i3 = 0; i3 != arrayList.size(); i3++) {
                    LOG.log(Level.FINE, "configuring with CRL for issuer \"" + arrayList.get(i3) + "\"");
                }
            } else {
                LOG.log(Level.INFO, "configured with " + arrayList.size() + " pre-loaded CRLs");
            }
            aXT brb = aVar.brb();
            Date a2 = C3548bic.a(brb, this.mCZ);
            try {
                a(brb, this.currentDate, a2, x509Certificate, this.signingCert, this.workingPublicKey, new ArrayList(), this.mCV);
            } catch (bhL e) {
                throw new CertPathValidatorException(e.getMessage(), e.getCause());
            } catch (bhM e2) {
                if (null == x509Certificate.getExtensionValue(C1349aFe.kmE.getId())) {
                    throw e2;
                }
                try {
                    Set<CRL> a3 = a(x509Certificate.getIssuerX500Principal(), a2, C3548bic.a(x509Certificate, C1349aFe.kmE), this.mCV);
                    if (!a3.isEmpty()) {
                        try {
                            aVar.a(new b(new biP(a3)));
                            aXT brb2 = aVar.brb();
                            a(brb2, this.currentDate, C3548bic.a(brb2, this.mCZ), x509Certificate, this.signingCert, this.workingPublicKey, new ArrayList(), this.mCV);
                        } catch (bhL e3) {
                            throw new CertPathValidatorException(e3.getMessage(), e3.getCause());
                        }
                    } else {
                        if (!this.mCW) {
                            throw e2;
                        }
                        X500Principal issuerX500Principal = x509Certificate.getIssuerX500Principal();
                        Long l = this.mCP.get(issuerX500Principal);
                        if (l != null) {
                            long currentTimeMillis = System.currentTimeMillis() - l.longValue();
                            if (this.mCY != -1 && this.mCY < currentTimeMillis) {
                                throw e2;
                            }
                            if (currentTimeMillis < this.mCX) {
                                LOG.log(Level.WARNING, "soft failing for issuer: \"" + issuerX500Principal + "\"");
                            } else {
                                LOG.log(Level.SEVERE, "soft failing for issuer: \"" + issuerX500Principal + "\"");
                            }
                        } else {
                            this.mCP.put(issuerX500Principal, Long.valueOf(System.currentTimeMillis()));
                        }
                    }
                } catch (bhL e4) {
                    throw new CertPathValidatorException(e4.getMessage(), e4.getCause());
                }
            }
            this.signingCert = x509Certificate;
            this.workingPublicKey = x509Certificate.getPublicKey();
            this.workingIssuerName = x509Certificate.getSubjectX500Principal();
        } catch (GeneralSecurityException e5) {
            throw new RuntimeException("error setting up baseParams: " + e5.getMessage());
        }
    }

    private void addIssuers(final List<X500Principal> list, CertStore certStore) throws CertStoreException {
        certStore.getCRLs(new X509CRLSelector() { // from class: com.aspose.html.utils.bif.1
            @Override // java.security.cert.X509CRLSelector, java.security.cert.CRLSelector
            public boolean match(CRL crl) {
                if (!(crl instanceof X509CRL)) {
                    return false;
                }
                list.add(((X509CRL) crl).getIssuerX500Principal());
                return false;
            }
        });
    }

    private void a(final List<X500Principal> list, InterfaceC3575bjc<CRL> interfaceC3575bjc) {
        interfaceC3575bjc.a(new InterfaceC3573bja<CRL>() { // from class: com.aspose.html.utils.bif.2
            @Override // com.aspose.html.utils.InterfaceC3573bja
            public boolean match(CRL crl) {
                if (!(crl instanceof X509CRL)) {
                    return false;
                }
                list.add(((X509CRL) crl).getIssuerX500Principal());
                return false;
            }

            @Override // com.aspose.html.utils.InterfaceC3573bja
            public Object clone() {
                return this;
            }
        });
    }

    private Set<CRL> a(X500Principal x500Principal, Date date, AbstractC3173axd abstractC3173axd, bbA bba) {
        C1346aFb[] bhG = aEQ.gT(abstractC3173axd).bhG();
        try {
            CertificateFactory createCertificateFactory = bba.createCertificateFactory("X.509");
            X509CRLSelector x509CRLSelector = new X509CRLSelector();
            x509CRLSelector.addIssuer(x500Principal);
            aXP<? extends CRL> bqW = new aXP.a(x509CRLSelector).bqW();
            HashSet hashSet = new HashSet();
            for (int i = 0; i != bhG.length; i++) {
                C1347aFc bhS = bhG[i].bhS();
                if (bhS != null && bhS.getType() == 0) {
                    C1352aFh[] bie = C1353aFi.hk(bhS.bhV()).bie();
                    for (int i2 = 0; i2 != bie.length; i2++) {
                        C1352aFh c1352aFh = bie[i2];
                        if (c1352aFh.getTagNo() == 6) {
                            URI uri = null;
                            try {
                                uri = new URI(((InterfaceC3179axj) c1352aFh.bhV()).getString());
                                aXO a2 = bhQ.a(createCertificateFactory, this.mCZ, uri);
                                if (a2 != null) {
                                    hashSet.addAll(bhT.a(bqW, date, Collections.EMPTY_LIST, Collections.singletonList(a2)));
                                }
                            } catch (Exception e) {
                                if (LOG.isLoggable(Level.FINE)) {
                                    LOG.log(Level.FINE, "CrlDP " + uri + " ignored: " + e.getMessage(), (Throwable) e);
                                } else {
                                    LOG.log(Level.INFO, "CrlDP " + uri + " ignored: " + e.getMessage());
                                }
                            }
                        }
                    }
                }
            }
            return hashSet;
        } catch (Exception e2) {
            if (LOG.isLoggable(Level.FINE)) {
                LOG.log(Level.FINE, "could not create certFact: " + e2.getMessage(), (Throwable) e2);
                return null;
            }
            LOG.log(Level.INFO, "could not create certFact: " + e2.getMessage());
            return null;
        }
    }

    static List<aXO> a(aEQ aeq, Map<C1352aFh, aXO> map) throws bhL {
        if (aeq == null) {
            return Collections.emptyList();
        }
        try {
            C1346aFb[] bhG = aeq.bhG();
            ArrayList arrayList = new ArrayList();
            for (C1346aFb c1346aFb : bhG) {
                C1347aFc bhS = c1346aFb.bhS();
                if (bhS != null && bhS.getType() == 0) {
                    for (C1352aFh c1352aFh : C1353aFi.hk(bhS.bhV()).bie()) {
                        aXO axo = map.get(c1352aFh);
                        if (axo != null) {
                            arrayList.add(axo);
                        }
                    }
                }
            }
            return arrayList;
        } catch (Exception e) {
            throw new bhL("could not read distribution points could not be read", e);
        }
    }

    protected void a(aXT axt, Date date, Date date2, X509Certificate x509Certificate, X509Certificate x509Certificate2, PublicKey publicKey, List list, bhW bhw) throws bhL, CertPathValidatorException {
        try {
            aEQ gT = aEQ.gT(C3548bic.a(x509Certificate, C1349aFe.kmE));
            bhP bhp = new bhP();
            C3547bib c3547bib = new C3547bib();
            bhL bhl = null;
            boolean z = false;
            if (gT != null) {
                try {
                    C1346aFb[] bhG = gT.bhG();
                    if (bhG != null) {
                        aXT.a aVar = new aXT.a(axt);
                        try {
                            Iterator<aXO> it = a(gT, axt.getNamedCRLStoreMap()).iterator();
                            while (it.hasNext()) {
                                aVar.a(it.next());
                            }
                            aXT brb = aVar.brb();
                            Date a2 = C3548bic.a(brb, date);
                            for (int i = 0; i < bhG.length && bhp.getCertStatus() == 11 && !c3547bib.isAllReasons(); i++) {
                                try {
                                    C3546bia.a(bhG[i], brb, date, a2, x509Certificate, x509Certificate2, publicKey, bhp, c3547bib, list, bhw);
                                    z = true;
                                } catch (bhL e) {
                                    bhl = e;
                                }
                            }
                        } catch (bhL e2) {
                            throw new bhL("no additional CRL locations could be decoded from CRL distribution point extension", e2);
                        }
                    }
                } catch (Exception e3) {
                    throw new bhL("cannot read distribution points", e3);
                }
            }
            if (bhp.getCertStatus() == 11 && !c3547bib.isAllReasons()) {
                try {
                    C3546bia.a(new C1346aFb(new C1347aFc(0, new C1353aFi(new C1352aFh(4, C1341aEx.gI(x509Certificate.getIssuerX500Principal().getEncoded())))), null, null), (aXT) axt.clone(), date, date2, x509Certificate, x509Certificate2, publicKey, bhp, c3547bib, list, bhw);
                    z = true;
                } catch (bhL e4) {
                    bhl = e4;
                }
            }
            if (!z) {
                if (!(bhl instanceof bhL)) {
                    throw new bhM("no valid CRL found");
                }
                throw new bhM("no valid CRL found", bhl);
            }
            if (bhp.getCertStatus() != 11) {
                SimpleDateFormat simpleDateFormat = new SimpleDateFormat("yyyy-MM-dd HH:mm:ss Z");
                simpleDateFormat.setTimeZone(TimeZone.getTimeZone("UTC"));
                throw new bhL(("certificate [issuer=\"" + x509Certificate.getIssuerX500Principal() + "\",serialNumber=" + x509Certificate.getSerialNumber() + ",subject=\"" + x509Certificate.getSubjectX500Principal() + "\"] revoked after " + simpleDateFormat.format(bhp.getRevocationDate())) + ", reason: " + mDa[bhp.getCertStatus()]);
            }
            if (!c3547bib.isAllReasons() && bhp.getCertStatus() == 11) {
                bhp.setCertStatus(12);
            }
            if (bhp.getCertStatus() == 12) {
                throw new bhL("certificate status could not be determined");
            }
        } catch (Exception e5) {
            throw new bhL("cannot read CRL distribution point extension", e5);
        }
    }

    @Override // java.security.cert.PKIXCertPathChecker
    public Object clone() {
        return this;
    }
}
