package org.bouncycastle.jce.provider;

import com.facebook.notifications.BuildConfig;
import defpackage.ag2;
import defpackage.c1;
import defpackage.d1;
import defpackage.di0;
import defpackage.f1;
import defpackage.gd;
import defpackage.gi3;
import defpackage.h1;
import defpackage.j1;
import defpackage.jj6;
import defpackage.k96;
import defpackage.kv;
import defpackage.mg9;
import defpackage.my5;
import defpackage.n43;
import defpackage.ny5;
import defpackage.o1;
import defpackage.o43;
import defpackage.py5;
import defpackage.qy5;
import defpackage.ry5;
import defpackage.s0;
import defpackage.s98;
import defpackage.sd1;
import defpackage.sf2;
import defpackage.sg9;
import defpackage.ss6;
import defpackage.sy5;
import defpackage.t98;
import defpackage.tf2;
import defpackage.ty5;
import defpackage.u0;
import defpackage.ux3;
import defpackage.vc8;
import defpackage.ww1;
import defpackage.x0;
import defpackage.xw1;
import defpackage.z0;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.math.BigInteger;
import java.net.URI;
import java.security.GeneralSecurityException;
import java.security.PublicKey;
import java.security.cert.CRL;
import java.security.cert.CRLException;
import java.security.cert.CertPath;
import java.security.cert.CertPathBuilderException;
import java.security.cert.CertPathValidatorException;
import java.security.cert.CertStore;
import java.security.cert.CertStoreException;
import java.security.cert.Certificate;
import java.security.cert.CertificateFactory;
import java.security.cert.CertificateParsingException;
import java.security.cert.PolicyQualifierInfo;
import java.security.cert.TrustAnchor;
import java.security.cert.X509CRL;
import java.security.cert.X509CRLEntry;
import java.security.cert.X509CRLSelector;
import java.security.cert.X509CertSelector;
import java.security.cert.X509Certificate;
import java.security.cert.X509Extension;
import java.security.interfaces.DSAParams;
import java.security.interfaces.DSAPublicKey;
import java.security.spec.DSAPublicKeySpec;
import java.text.ParseException;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Collections;
import java.util.Date;
import java.util.Enumeration;
import java.util.HashSet;
import java.util.Iterator;
import java.util.LinkedHashSet;
import java.util.List;
import java.util.Map;
import java.util.Set;
import javax.security.auth.x500.X500Principal;

/* loaded from: classes18.dex */
class CertPathValidatorUtilities {
    public static final String ANY_POLICY = "2.5.29.32.0";
    public static final int CRL_SIGN = 6;
    public static final int KEY_CERT_SIGN = 5;
    public static final String CERTIFICATE_POLICIES = ag2.u.w();
    public static final String BASIC_CONSTRAINTS = ag2.k.w();
    public static final String POLICY_MAPPINGS = ag2.v.w();
    public static final String SUBJECT_ALTERNATIVE_NAME = ag2.i.w();
    public static final String NAME_CONSTRAINTS = ag2.s.w();
    public static final String KEY_USAGE = ag2.g.w();
    public static final String INHIBIT_ANY_POLICY = ag2.A.w();
    public static final String ISSUING_DISTRIBUTION_POINT = ag2.q.w();
    public static final String DELTA_CRL_INDICATOR = ag2.p.w();
    public static final String POLICY_CONSTRAINTS = ag2.x.w();
    public static final String FRESHEST_CRL = ag2.z.w();
    public static final String CRL_DISTRIBUTION_POINTS = ag2.t.w();
    public static final String AUTHORITY_KEY_IDENTIFIER = ag2.w.w();
    public static final String CRL_NUMBER = ag2.l.w();
    public static final String[] crlReasons = {BuildConfig.VERSION_NAME, "keyCompromise", "cACompromise", "affiliationChanged", "superseded", "cessationOfOperation", "certificateHold", "unknown", "removeFromCRL", "privilegeWithdrawn", "aACompromise"};

    public static void checkCRLsNotEmpty(py5 py5Var, Set set, Object obj) throws RecoverableCertPathValidatorException {
        if (set.isEmpty()) {
            if (obj instanceof sg9) {
                throw new RecoverableCertPathValidatorException("No CRLs found for issuer \"" + ((sg9) obj).a().c()[0] + "\"", null, py5Var.a(), py5Var.b());
            }
            throw new RecoverableCertPathValidatorException("No CRLs found for issuer \"" + ss6.V.e(PrincipalUtils.getIssuerPrincipal((X509Certificate) obj)) + "\"", null, py5Var.a(), py5Var.b());
        }
    }

    public static void findCertificates(LinkedHashSet linkedHashSet, ry5 ry5Var, List list) throws AnnotatedException {
        for (Object obj : list) {
            if (obj instanceof s98) {
                try {
                    linkedHashSet.addAll(((s98) obj).getMatches(ry5Var));
                } catch (t98 e) {
                    throw new AnnotatedException("Problem while picking certificates from X.509 store.", e);
                }
            } else {
                try {
                    linkedHashSet.addAll(ry5.c(ry5Var, (CertStore) obj));
                } catch (CertStoreException e2) {
                    throw new AnnotatedException("Problem while picking certificates from certificate store.", e2);
                }
            }
        }
    }

    public static Collection findIssuerCerts(X509Certificate x509Certificate, List<CertStore> list, List<qy5> list2) throws AnnotatedException {
        byte[] k;
        X509CertSelector x509CertSelector = new X509CertSelector();
        try {
            x509CertSelector.setSubject(PrincipalUtils.getIssuerPrincipal(x509Certificate).getEncoded());
            try {
                byte[] extensionValue = x509Certificate.getExtensionValue(AUTHORITY_KEY_IDENTIFIER);
                if (extensionValue != null && (k = kv.i(d1.t(extensionValue).u()).k()) != null) {
                    x509CertSelector.setSubjectKeyIdentifier(new sd1(k).getEncoded());
                }
            } catch (Exception unused) {
            }
            ry5<? extends Certificate> a = new ry5.b(x509CertSelector).a();
            LinkedHashSet linkedHashSet = new LinkedHashSet();
            try {
                findCertificates(linkedHashSet, a, list);
                findCertificates(linkedHashSet, a, list2);
                return linkedHashSet;
            } catch (AnnotatedException e) {
                throw new AnnotatedException("Issuer certificate cannot be searched.", e);
            }
        } catch (Exception e2) {
            throw new AnnotatedException("Subject criteria for certificate selector to find issuer certificate could not be set.", e2);
        }
    }

    public static Collection findTargets(sy5 sy5Var) throws CertPathBuilderException {
        ty5 b = sy5Var.b();
        ry5 v = b.v();
        LinkedHashSet linkedHashSet = new LinkedHashSet();
        try {
            findCertificates(linkedHashSet, v, b.q());
            findCertificates(linkedHashSet, v, b.p());
            if (!linkedHashSet.isEmpty()) {
                return linkedHashSet;
            }
            Certificate b2 = v.b();
            if (b2 != null) {
                return Collections.singleton(b2);
            }
            throw new CertPathBuilderException("No certificate found matching targetConstraints.");
        } catch (AnnotatedException e) {
            throw new sf2("Error finding target certificate.", e);
        }
    }

    public static TrustAnchor findTrustAnchor(X509Certificate x509Certificate, Set set) throws AnnotatedException {
        return findTrustAnchor(x509Certificate, set, null);
    }

    public static TrustAnchor findTrustAnchor(X509Certificate x509Certificate, Set set, String str) throws AnnotatedException {
        X509CertSelector x509CertSelector = new X509CertSelector();
        X500Principal issuerX500Principal = x509Certificate.getIssuerX500Principal();
        x509CertSelector.setSubject(issuerX500Principal);
        Iterator it = set.iterator();
        TrustAnchor trustAnchor = null;
        Exception e = null;
        mg9 mg9Var = null;
        PublicKey publicKey = null;
        while (it.hasNext() && trustAnchor == null) {
            trustAnchor = (TrustAnchor) it.next();
            if (trustAnchor.getTrustedCert() != null) {
                if (x509CertSelector.match(trustAnchor.getTrustedCert())) {
                    publicKey = trustAnchor.getTrustedCert().getPublicKey();
                }
                trustAnchor = null;
            } else {
                if (trustAnchor.getCA() != null && trustAnchor.getCAName() != null && trustAnchor.getCAPublicKey() != null) {
                    if (mg9Var == null) {
                        mg9Var = mg9.l(issuerX500Principal.getEncoded());
                    }
                    try {
                        if (mg9Var.equals(mg9.l(trustAnchor.getCA().getEncoded()))) {
                            publicKey = trustAnchor.getCAPublicKey();
                        }
                    } catch (IllegalArgumentException unused) {
                    }
                }
                trustAnchor = null;
            }
            if (publicKey != null) {
                try {
                    verifyX509Certificate(x509Certificate, publicKey, str);
                } catch (Exception e2) {
                    e = e2;
                    trustAnchor = null;
                    publicKey = null;
                }
            }
        }
        if (trustAnchor != null || e == null) {
            return trustAnchor;
        }
        throw new AnnotatedException("TrustAnchor found but certificate validation failed.", e);
    }

    public static List<qy5> getAdditionalStoresFromAltNames(byte[] bArr, Map<n43, qy5> map) throws CertificateParsingException {
        if (bArr == null) {
            return Collections.EMPTY_LIST;
        }
        n43[] m = o43.l(d1.t(bArr).u()).m();
        ArrayList arrayList = new ArrayList();
        for (int i = 0; i != m.length; i++) {
            qy5 qy5Var = map.get(m[i]);
            if (qy5Var != null) {
                arrayList.add(qy5Var);
            }
        }
        return arrayList;
    }

    public static List<my5> getAdditionalStoresFromCRLDistributionPoint(di0 di0Var, Map<n43, my5> map, Date date, ux3 ux3Var) throws AnnotatedException {
        if (di0Var == null) {
            return Collections.EMPTY_LIST;
        }
        try {
            ww1[] i = di0Var.i();
            ArrayList arrayList = new ArrayList();
            for (ww1 ww1Var : i) {
                xw1 l = ww1Var.l();
                if (l != null && l.n() == 0) {
                    for (n43 n43Var : o43.l(l.m()).m()) {
                        my5 my5Var = map.get(n43Var);
                        if (my5Var != null) {
                            arrayList.add(my5Var);
                        }
                    }
                }
            }
            if (arrayList.isEmpty() && jj6.c("org.bouncycastle.x509.enableCRLDP")) {
                try {
                    CertificateFactory d = ux3Var.d("X.509");
                    for (int i2 = 0; i2 < i.length; i2++) {
                        xw1 l2 = i[i2].l();
                        if (l2 != null && l2.n() == 0) {
                            n43[] m = o43.l(l2.m()).m();
                            int i3 = 0;
                            while (true) {
                                if (i3 < m.length) {
                                    n43 n43Var2 = m[i2];
                                    if (n43Var2.n() == 6) {
                                        try {
                                            my5 crl = CrlCache.getCrl(d, date, new URI(((o1) n43Var2.m()).getString()));
                                            if (crl != null) {
                                                arrayList.add(crl);
                                            }
                                        } catch (Exception unused) {
                                            continue;
                                        }
                                    }
                                    i3++;
                                }
                            }
                        }
                    }
                } catch (Exception e) {
                    throw new AnnotatedException("cannot create certificate factory: " + e.getMessage(), e);
                }
            }
            return arrayList;
        } catch (Exception e2) {
            throw new AnnotatedException("Distribution points could not be read.", e2);
        }
    }

    public static gd getAlgorithmIdentifier(PublicKey publicKey) throws CertPathValidatorException {
        try {
            return vc8.l(publicKey.getEncoded()).i();
        } catch (Exception e) {
            throw new tf2("Subject public key cannot be decoded.", e);
        }
    }

    public static void getCRLIssuersFromDistributionPoint(ww1 ww1Var, Collection collection, X509CRLSelector x509CRLSelector) throws AnnotatedException {
        ArrayList arrayList = new ArrayList();
        if (ww1Var.k() != null) {
            n43[] m = ww1Var.k().m();
            for (int i = 0; i < m.length; i++) {
                if (m[i].n() == 4) {
                    try {
                        arrayList.add(mg9.l(m[i].m().g().getEncoded()));
                    } catch (IOException e) {
                        throw new AnnotatedException("CRL issuer information from distribution point cannot be decoded.", e);
                    }
                }
            }
        } else {
            if (ww1Var.l() == null) {
                throw new AnnotatedException("CRL issuer is omitted from distribution point but no distributionPoint field present.");
            }
            Iterator it = collection.iterator();
            while (it.hasNext()) {
                arrayList.add(it.next());
            }
        }
        Iterator it2 = arrayList.iterator();
        while (it2.hasNext()) {
            try {
                x509CRLSelector.addIssuerName(((mg9) it2.next()).getEncoded());
            } catch (IOException e2) {
                throw new AnnotatedException("Cannot decode CRL issuer information.", e2);
            }
        }
    }

    public static void getCertStatus(Date date, X509CRL x509crl, Object obj, CertStatus certStatus) throws AnnotatedException {
        X509CRLEntry revokedCertificate;
        try {
            if (X509CRLObject.isIndirectCRL(x509crl)) {
                revokedCertificate = x509crl.getRevokedCertificate(getSerialNumber(obj));
                if (revokedCertificate == null) {
                    return;
                }
                X500Principal certificateIssuer = revokedCertificate.getCertificateIssuer();
                if (!PrincipalUtils.getEncodedIssuerPrincipal(obj).equals(certificateIssuer == null ? PrincipalUtils.getIssuerPrincipal(x509crl) : PrincipalUtils.getX500Name(certificateIssuer))) {
                    return;
                }
            } else if (!PrincipalUtils.getEncodedIssuerPrincipal(obj).equals(PrincipalUtils.getIssuerPrincipal(x509crl)) || (revokedCertificate = x509crl.getRevokedCertificate(getSerialNumber(obj))) == null) {
                return;
            }
            u0 u0Var = null;
            if (revokedCertificate.hasExtensions()) {
                if (revokedCertificate.hasUnsupportedCriticalExtension()) {
                    throw new AnnotatedException("CRL entry has unsupported critical extensions.");
                }
                try {
                    u0Var = u0.u(getExtensionValue(revokedCertificate, ag2.m.w()));
                } catch (Exception e) {
                    throw new AnnotatedException("Reason code CRL entry extension could not be decoded.", e);
                }
            }
            int w = u0Var == null ? 0 : u0Var.w();
            if (date.getTime() >= revokedCertificate.getRevocationDate().getTime() || w == 0 || w == 1 || w == 2 || w == 10) {
                certStatus.setCertStatus(w);
                certStatus.setRevocationDate(revokedCertificate.getRevocationDate());
            }
        } catch (CRLException e2) {
            throw new AnnotatedException("Failed check for indirect CRL.", e2);
        }
    }

    public static Set getCompleteCRLs(py5 py5Var, ww1 ww1Var, Object obj, ty5 ty5Var, Date date) throws AnnotatedException, RecoverableCertPathValidatorException {
        X509CRLSelector x509CRLSelector = new X509CRLSelector();
        try {
            HashSet hashSet = new HashSet();
            hashSet.add(PrincipalUtils.getEncodedIssuerPrincipal(obj));
            getCRLIssuersFromDistributionPoint(ww1Var, hashSet, x509CRLSelector);
            if (obj instanceof X509Certificate) {
                x509CRLSelector.setCertificateChecking((X509Certificate) obj);
            }
            Set findCRLs = PKIXCRLUtil.findCRLs(new ny5.b(x509CRLSelector).h(true).g(), date, ty5Var.p(), ty5Var.n());
            checkCRLsNotEmpty(py5Var, findCRLs, obj);
            return findCRLs;
        } catch (AnnotatedException e) {
            throw new AnnotatedException("Could not get issuer information from distribution point.", e);
        }
    }

    public static Set getDeltaCRLs(Date date, X509CRL x509crl, List<CertStore> list, List<my5> list2, ux3 ux3Var) throws AnnotatedException {
        X509CRLSelector x509CRLSelector = new X509CRLSelector();
        try {
            x509CRLSelector.addIssuerName(PrincipalUtils.getIssuerPrincipal(x509crl).getEncoded());
            try {
                h1 extensionValue = getExtensionValue(x509crl, CRL_NUMBER);
                BigInteger u = extensionValue != null ? z0.t(extensionValue).u() : null;
                try {
                    byte[] extensionValue2 = x509crl.getExtensionValue(ISSUING_DISTRIBUTION_POINT);
                    x509CRLSelector.setMinCRLNumber(u != null ? u.add(BigInteger.valueOf(1L)) : null);
                    ny5.b bVar = new ny5.b(x509CRLSelector);
                    bVar.i(extensionValue2);
                    bVar.j(true);
                    bVar.k(u);
                    ny5<? extends CRL> g = bVar.g();
                    Set<X509CRL> findCRLs = PKIXCRLUtil.findCRLs(g, date, list, list2);
                    if (findCRLs.isEmpty() && jj6.c("org.bouncycastle.x509.enableCRLDP")) {
                        try {
                            CertificateFactory d = ux3Var.d("X.509");
                            ww1[] i = di0.k(extensionValue2).i();
                            for (int i2 = 0; i2 < i.length; i2++) {
                                xw1 l = i[i2].l();
                                if (l != null && l.n() == 0) {
                                    n43[] m = o43.l(l.m()).m();
                                    int i3 = 0;
                                    while (true) {
                                        if (i3 < m.length) {
                                            n43 n43Var = m[i2];
                                            if (n43Var.n() == 6) {
                                                try {
                                                    my5 crl = CrlCache.getCrl(d, date, new URI(((o1) n43Var.m()).getString()));
                                                    if (crl != null) {
                                                        findCRLs = PKIXCRLUtil.findCRLs(g, date, Collections.EMPTY_LIST, Collections.singletonList(crl));
                                                    }
                                                } catch (Exception unused) {
                                                    continue;
                                                }
                                            }
                                            i3++;
                                        }
                                    }
                                }
                            }
                        } catch (Exception e) {
                            throw new AnnotatedException("cannot create certificate factory: " + e.getMessage(), e);
                        }
                    }
                    HashSet hashSet = new HashSet();
                    for (X509CRL x509crl2 : findCRLs) {
                        if (isDeltaCRL(x509crl2)) {
                            hashSet.add(x509crl2);
                        }
                    }
                    return hashSet;
                } catch (Exception e2) {
                    throw new AnnotatedException("Issuing distribution point extension value could not be read.", e2);
                }
            } catch (Exception e3) {
                throw new AnnotatedException("CRL number extension could not be extracted from CRL.", e3);
            }
        } catch (IOException e4) {
            throw new AnnotatedException("Cannot extract issuer from CRL.", e4);
        }
    }

    public static h1 getExtensionValue(X509Extension x509Extension, String str) throws AnnotatedException {
        byte[] extensionValue = x509Extension.getExtensionValue(str);
        if (extensionValue == null) {
            return null;
        }
        return getObject(str, extensionValue);
    }

    public static PublicKey getNextWorkingKey(List list, int i, ux3 ux3Var) throws CertPathValidatorException {
        DSAPublicKey dSAPublicKey;
        PublicKey publicKey = ((Certificate) list.get(i)).getPublicKey();
        if (!(publicKey instanceof DSAPublicKey)) {
            return publicKey;
        }
        DSAPublicKey dSAPublicKey2 = (DSAPublicKey) publicKey;
        if (dSAPublicKey2.getParams() != null) {
            return dSAPublicKey2;
        }
        do {
            i++;
            if (i >= list.size()) {
                throw new CertPathValidatorException("DSA parameters cannot be inherited from previous certificate.");
            }
            PublicKey publicKey2 = ((X509Certificate) list.get(i)).getPublicKey();
            if (!(publicKey2 instanceof DSAPublicKey)) {
                throw new CertPathValidatorException("DSA parameters cannot be inherited from previous certificate.");
            }
            dSAPublicKey = (DSAPublicKey) publicKey2;
        } while (dSAPublicKey.getParams() == null);
        DSAParams params = dSAPublicKey.getParams();
        try {
            return ux3Var.f("DSA").generatePublic(new DSAPublicKeySpec(dSAPublicKey2.getY(), params.getP(), params.getQ(), params.getG()));
        } catch (Exception e) {
            throw new RuntimeException(e.getMessage());
        }
    }

    private static h1 getObject(String str, byte[] bArr) throws AnnotatedException {
        try {
            return h1.o(d1.t(bArr).u());
        } catch (Exception e) {
            throw new AnnotatedException("exception processing extension " + str, e);
        }
    }

    public static final Set getQualifierSet(j1 j1Var) throws CertPathValidatorException {
        HashSet hashSet = new HashSet();
        if (j1Var == null) {
            return hashSet;
        }
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        f1 a = f1.a(byteArrayOutputStream);
        Enumeration v = j1Var.v();
        while (v.hasMoreElements()) {
            try {
                a.s((s0) v.nextElement());
                hashSet.add(new PolicyQualifierInfo(byteArrayOutputStream.toByteArray()));
                byteArrayOutputStream.reset();
            } catch (IOException e) {
                throw new tf2("Policy qualifier info cannot be decoded.", e);
            }
        }
        return hashSet;
    }

    private static BigInteger getSerialNumber(Object obj) {
        return ((X509Certificate) obj).getSerialNumber();
    }

    public static Date getValidCertDateFromValidityModel(Date date, int i, CertPath certPath, int i2) throws AnnotatedException {
        if (1 != i || i2 <= 0) {
            return date;
        }
        int i3 = i2 - 1;
        X509Certificate x509Certificate = (X509Certificate) certPath.getCertificates().get(i3);
        if (i3 == 0) {
            try {
                byte[] extensionValue = ((X509Certificate) certPath.getCertificates().get(i3)).getExtensionValue(gi3.e.w());
                x0 x = extensionValue != null ? x0.x(h1.o(extensionValue)) : null;
                if (x != null) {
                    try {
                        return x.v();
                    } catch (ParseException e) {
                        throw new AnnotatedException("Date from date of cert gen extension could not be parsed.", e);
                    }
                }
            } catch (IOException unused) {
                throw new AnnotatedException("Date of cert gen extension could not be read.");
            } catch (IllegalArgumentException unused2) {
                throw new AnnotatedException("Date of cert gen extension could not be read.");
            }
        }
        return x509Certificate.getNotBefore();
    }

    public static Date getValidityDate(ty5 ty5Var, Date date) {
        Date x = ty5Var.x();
        return x == null ? date : x;
    }

    public static boolean isAnyPolicy(Set set) {
        return set == null || set.contains("2.5.29.32.0") || set.isEmpty();
    }

    private static boolean isDeltaCRL(X509CRL x509crl) {
        Set<String> criticalExtensionOIDs = x509crl.getCriticalExtensionOIDs();
        if (criticalExtensionOIDs == null) {
            return false;
        }
        return criticalExtensionOIDs.contains(RFC3280CertPathUtilities.DELTA_CRL_INDICATOR);
    }

    public static boolean isIssuerTrustAnchor(X509Certificate x509Certificate, Set set, String str) throws AnnotatedException {
        try {
            return findTrustAnchor(x509Certificate, set, str) != null;
        } catch (Exception unused) {
            return false;
        }
    }

    public static boolean isSelfIssued(X509Certificate x509Certificate) {
        return x509Certificate.getSubjectDN().equals(x509Certificate.getIssuerDN());
    }

    public static void prepareNextCertB1(int i, List[] listArr, String str, Map map, X509Certificate x509Certificate) throws AnnotatedException, CertPathValidatorException {
        boolean z;
        Iterator it = listArr[i].iterator();
        while (true) {
            if (!it.hasNext()) {
                z = false;
                break;
            }
            PKIXPolicyNode pKIXPolicyNode = (PKIXPolicyNode) it.next();
            if (pKIXPolicyNode.getValidPolicy().equals(str)) {
                z = true;
                pKIXPolicyNode.expectedPolicies = (Set) map.get(str);
                break;
            }
        }
        if (z) {
            return;
        }
        for (PKIXPolicyNode pKIXPolicyNode2 : listArr[i]) {
            if ("2.5.29.32.0".equals(pKIXPolicyNode2.getValidPolicy())) {
                Set set = null;
                try {
                    Enumeration v = j1.t(getExtensionValue(x509Certificate, CERTIFICATE_POLICIES)).v();
                    while (true) {
                        if (!v.hasMoreElements()) {
                            break;
                        }
                        try {
                            k96 i2 = k96.i(v.nextElement());
                            if ("2.5.29.32.0".equals(i2.k().w())) {
                                try {
                                    set = getQualifierSet(i2.l());
                                    break;
                                } catch (CertPathValidatorException e) {
                                    throw new tf2("Policy qualifier info set could not be built.", e);
                                }
                            }
                        } catch (Exception e2) {
                            throw new AnnotatedException("Policy information cannot be decoded.", e2);
                        }
                    }
                    Set set2 = set;
                    boolean contains = x509Certificate.getCriticalExtensionOIDs() != null ? x509Certificate.getCriticalExtensionOIDs().contains(CERTIFICATE_POLICIES) : false;
                    PKIXPolicyNode pKIXPolicyNode3 = (PKIXPolicyNode) pKIXPolicyNode2.getParent();
                    if ("2.5.29.32.0".equals(pKIXPolicyNode3.getValidPolicy())) {
                        PKIXPolicyNode pKIXPolicyNode4 = new PKIXPolicyNode(new ArrayList(), i, (Set) map.get(str), pKIXPolicyNode3, set2, str, contains);
                        pKIXPolicyNode3.addChild(pKIXPolicyNode4);
                        listArr[i].add(pKIXPolicyNode4);
                        return;
                    }
                    return;
                } catch (Exception e3) {
                    throw new AnnotatedException("Certificate policies cannot be decoded.", e3);
                }
            }
        }
    }

    public static PKIXPolicyNode prepareNextCertB2(int i, List[] listArr, String str, PKIXPolicyNode pKIXPolicyNode) {
        int i2;
        Iterator it = listArr[i].iterator();
        while (it.hasNext()) {
            PKIXPolicyNode pKIXPolicyNode2 = (PKIXPolicyNode) it.next();
            if (pKIXPolicyNode2.getValidPolicy().equals(str)) {
                ((PKIXPolicyNode) pKIXPolicyNode2.getParent()).removeChild(pKIXPolicyNode2);
                it.remove();
                for (int i3 = i - 1; i3 >= 0; i3--) {
                    List list = listArr[i3];
                    while (i2 < list.size()) {
                        PKIXPolicyNode pKIXPolicyNode3 = (PKIXPolicyNode) list.get(i2);
                        i2 = (pKIXPolicyNode3.hasChildren() || (pKIXPolicyNode = removePolicyNode(pKIXPolicyNode, listArr, pKIXPolicyNode3)) != null) ? i2 + 1 : 0;
                    }
                }
            }
        }
        return pKIXPolicyNode;
    }

    public static boolean processCertD1i(int i, List[] listArr, c1 c1Var, Set set) {
        List list = listArr[i - 1];
        for (int i2 = 0; i2 < list.size(); i2++) {
            PKIXPolicyNode pKIXPolicyNode = (PKIXPolicyNode) list.get(i2);
            if (pKIXPolicyNode.getExpectedPolicies().contains(c1Var.w())) {
                HashSet hashSet = new HashSet();
                hashSet.add(c1Var.w());
                PKIXPolicyNode pKIXPolicyNode2 = new PKIXPolicyNode(new ArrayList(), i, hashSet, pKIXPolicyNode, set, c1Var.w(), false);
                pKIXPolicyNode.addChild(pKIXPolicyNode2);
                listArr[i].add(pKIXPolicyNode2);
                return true;
            }
        }
        return false;
    }

    public static void processCertD1ii(int i, List[] listArr, c1 c1Var, Set set) {
        List list = listArr[i - 1];
        for (int i2 = 0; i2 < list.size(); i2++) {
            PKIXPolicyNode pKIXPolicyNode = (PKIXPolicyNode) list.get(i2);
            if ("2.5.29.32.0".equals(pKIXPolicyNode.getValidPolicy())) {
                HashSet hashSet = new HashSet();
                hashSet.add(c1Var.w());
                PKIXPolicyNode pKIXPolicyNode2 = new PKIXPolicyNode(new ArrayList(), i, hashSet, pKIXPolicyNode, set, c1Var.w(), false);
                pKIXPolicyNode.addChild(pKIXPolicyNode2);
                listArr[i].add(pKIXPolicyNode2);
                return;
            }
        }
    }

    public static PKIXPolicyNode removePolicyNode(PKIXPolicyNode pKIXPolicyNode, List[] listArr, PKIXPolicyNode pKIXPolicyNode2) {
        PKIXPolicyNode pKIXPolicyNode3 = (PKIXPolicyNode) pKIXPolicyNode2.getParent();
        if (pKIXPolicyNode == null) {
            return null;
        }
        if (pKIXPolicyNode3 != null) {
            pKIXPolicyNode3.removeChild(pKIXPolicyNode2);
            removePolicyNodeRecurse(listArr, pKIXPolicyNode2);
            return pKIXPolicyNode;
        }
        for (int i = 0; i < listArr.length; i++) {
            listArr[i] = new ArrayList();
        }
        return null;
    }

    private static void removePolicyNodeRecurse(List[] listArr, PKIXPolicyNode pKIXPolicyNode) {
        listArr[pKIXPolicyNode.getDepth()].remove(pKIXPolicyNode);
        if (pKIXPolicyNode.hasChildren()) {
            Iterator children = pKIXPolicyNode.getChildren();
            while (children.hasNext()) {
                removePolicyNodeRecurse(listArr, (PKIXPolicyNode) children.next());
            }
        }
    }

    public static void verifyX509Certificate(X509Certificate x509Certificate, PublicKey publicKey, String str) throws GeneralSecurityException {
        if (str == null) {
            x509Certificate.verify(publicKey);
        } else {
            x509Certificate.verify(publicKey, str);
        }
    }
}
