package com.rsa.certj.provider.path;

import com.rsa.certj.CertJ;
import com.rsa.certj.CertJUtils;
import com.rsa.certj.InvalidParameterException;
import com.rsa.certj.NoServiceException;
import com.rsa.certj.Provider;
import com.rsa.certj.ProviderImplementation;
import com.rsa.certj.ProviderManagementException;
import com.rsa.certj.cert.AttributeValueAssertion;
import com.rsa.certj.cert.Certificate;
import com.rsa.certj.cert.CertificateException;
import com.rsa.certj.cert.NameException;
import com.rsa.certj.cert.NameMatcher;
import com.rsa.certj.cert.X500Name;
import com.rsa.certj.cert.X509CRL;
import com.rsa.certj.cert.X509Certificate;
import com.rsa.certj.cert.X509V3Extensions;
import com.rsa.certj.cert.extensions.AuthorityKeyID;
import com.rsa.certj.cert.extensions.BasicConstraints;
import com.rsa.certj.cert.extensions.CertPolicies;
import com.rsa.certj.cert.extensions.GeneralName;
import com.rsa.certj.cert.extensions.GeneralNames;
import com.rsa.certj.cert.extensions.GeneralSubtrees;
import com.rsa.certj.cert.extensions.InhibitAnyPolicy;
import com.rsa.certj.cert.extensions.IssuerAltName;
import com.rsa.certj.cert.extensions.KeyUsage;
import com.rsa.certj.cert.extensions.NameConstraints;
import com.rsa.certj.cert.extensions.PolicyConstraints;
import com.rsa.certj.cert.extensions.PolicyMappings;
import com.rsa.certj.cert.extensions.PolicyQualifiers;
import com.rsa.certj.cert.extensions.SubjectAltName;
import com.rsa.certj.cert.extensions.SubjectKeyID;
import com.rsa.certj.cert.extensions.X509V3Extension;
import com.rsa.certj.spi.db.DatabaseException;
import com.rsa.certj.spi.path.CertPathCtx;
import com.rsa.certj.spi.path.CertPathException;
import com.rsa.certj.spi.path.CertPathResult;
import com.rsa.jsafe.JSAFE_Exception;
import com.rsa.jsafe.JSAFE_InvalidKeyException;
import com.rsa.jsafe.JSAFE_PublicKey;
import com.rsa.jsafe.JSAFE_UnimplementedException;
import java.security.SecureRandom;
import java.util.Arrays;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Map;
import java.util.Vector;

/* loaded from: input_file:com/rsa/certj/provider/path/PKIXCertPath.class */
public final class PKIXCertPath extends Provider {

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:com/rsa/certj/provider/path/PKIXCertPath$CertPathState.class */
    public class CertPathState {
        protected Vector initialPolicySet;
        protected Cn validPolicyTree;
        protected Map constrainedSubtrees;
        protected GeneralNames excludedSubtrees;
        protected int explicitPolicy;
        protected int policyMapping;
        protected int inhibitAnyPolicy;
        protected int maxPathLen;
        protected String workingPubKeyAlg;
        protected byte[] workingPubKey;
        protected byte[][] workingPubKeyParams;
        private final PKIXCertPath a;

        protected CertPathState(PKIXCertPath pKIXCertPath, Vector vector, Cn cn, Map map, GeneralNames generalNames, int i, int i2, int i3, int i4, String str, byte[] bArr, byte[][] bArr2) {
            this.a = pKIXCertPath;
            this.initialPolicySet = vector;
            this.validPolicyTree = cn;
            this.constrainedSubtrees = map;
            this.excludedSubtrees = generalNames;
            this.explicitPolicy = i;
            this.policyMapping = i2;
            this.inhibitAnyPolicy = i3;
            this.maxPathLen = i4;
            this.workingPubKeyAlg = str;
            this.workingPubKey = bArr;
            this.workingPubKeyParams = bArr2;
        }
    }

    /* loaded from: input_file:com/rsa/certj/provider/path/PKIXCertPath$Implementation.class */
    private final class Implementation extends CertPathCommon {
        private final PKIXCertPath a;

        private Implementation(PKIXCertPath pKIXCertPath, CertJ certJ, String str) throws InvalidParameterException {
            super(certJ, str);
            this.a = pKIXCertPath;
        }

        @Override // com.rsa.certj.provider.path.CertPathCommon
        protected void getNextCertCandidates(CertPathCtx certPathCtx, Object obj, Vector vector) throws CertPathException {
            X500Name issuerName;
            X509V3Extensions extensions;
            if (obj instanceof X509Certificate) {
                X509Certificate x509Certificate = (X509Certificate) obj;
                issuerName = x509Certificate.getIssuerName();
                extensions = x509Certificate.getExtensions();
            } else {
                if (!(obj instanceof X509CRL)) {
                    throw new CertPathException("PKIXCertPath$Implementation.getNextCertCandidates: does not support startObjects other than X509Certificate or X509CRL.");
                }
                X509CRL x509crl = (X509CRL) obj;
                issuerName = x509crl.getIssuerName();
                extensions = x509crl.getExtensions();
            }
            a(certPathCtx, issuerName, extensions, vector);
        }

        @Override // com.rsa.certj.provider.path.CertPathCommon
        protected boolean verifyPath(CertPathCtx certPathCtx, Vector vector, Vector vector2, Vector vector3, Vector vector4, CertPathResult certPathResult) throws CertPathException {
            Vector vector5 = vector2 == null ? null : new Vector();
            Vector vector6 = vector3 == null ? null : new Vector();
            int size = vector.size();
            int i = size - 1;
            int i2 = 0;
            X509Certificate x509Certificate = null;
            X509Certificate x509Certificate2 = (X509Certificate) vector.elementAt(i);
            if (x509Certificate2 == null) {
                throw new CertPathException("The certificate path was not built correctly. A null certificate was found.");
            }
            CertPathState a = a(certPathCtx, x509Certificate2, size);
            PKIXCertPathResult pKIXCertPathResult = (certPathResult == null || !(certPathResult instanceof PKIXCertPathResult)) ? new PKIXCertPathResult() : (PKIXCertPathResult) certPathResult;
            while (i > 0) {
                i--;
                i2++;
                x509Certificate = (X509Certificate) vector.elementAt(i);
                if (x509Certificate == null) {
                    throw new CertPathException("The certificate path was not built correctly. A null certificate was found.");
                }
                if (!a(certPathCtx, a, x509Certificate, x509Certificate2)) {
                    pKIXCertPathResult.setValidationResult(false);
                    pKIXCertPathResult.b(new StringBuffer().append("Signature of certificate with subject ").append(x509Certificate.getSubjectName().toString()).append("could not be verified!").toString());
                    return false;
                }
                if (!verifyRevocation(certPathCtx, x509Certificate, vector5, vector6)) {
                    pKIXCertPathResult.setValidationResult(false);
                    pKIXCertPathResult.b(new StringBuffer().append("Certificate with subject ").append(x509Certificate.getSubjectName().toString()).append(" is either revoked or the revocation could not ").append("be determined!").toString());
                    return false;
                }
                if ((i == 0 || !a(x509Certificate)) && !b(a, x509Certificate)) {
                    pKIXCertPathResult.setValidationResult(false);
                    pKIXCertPathResult.b("Subject/issuer name chain error!");
                    return false;
                }
                if (!a(a, x509Certificate, i2, size - 1)) {
                    pKIXCertPathResult.setValidationResult(false);
                    pKIXCertPathResult.b("Policy info check error!");
                    return false;
                }
                if (i != 0 && !a(certPathCtx, a, x509Certificate, i2, pKIXCertPathResult)) {
                    return false;
                }
                x509Certificate2 = x509Certificate;
            }
            CertJUtils.mergeLists(vector2, vector5);
            CertJUtils.mergeLists(vector3, vector6);
            if (x509Certificate != null) {
                return a(certPathCtx, a, x509Certificate, size, vector4, pKIXCertPathResult);
            }
            pKIXCertPathResult.setValidationResult(true);
            pKIXCertPathResult.b("Validation completed successfully.");
            return true;
        }

        private boolean a(CertPathCtx certPathCtx, CertPathState certPathState, X509Certificate x509Certificate, int i, PKIXCertPathResult pKIXCertPathResult) throws CertPathException {
            if (!a(certPathState, x509Certificate, i)) {
                pKIXCertPathResult.setValidationResult(false);
                pKIXCertPathResult.b("Policy mapping check error!");
                return false;
            }
            d(certPathState, x509Certificate);
            b(certPathCtx, certPathState, x509Certificate);
            if (!a(x509Certificate)) {
                a(certPathState);
            }
            c(certPathState, x509Certificate);
            a(certPathState, x509Certificate);
            if (!a(certPathCtx, x509Certificate)) {
                pKIXCertPathResult.setValidationResult(false);
                pKIXCertPathResult.b("Basic constraints error!");
                return false;
            }
            if (!a(certPathCtx, certPathState, x509Certificate)) {
                pKIXCertPathResult.setValidationResult(false);
                pKIXCertPathResult.b("Max path length error!");
                return false;
            }
            if (!b(certPathCtx, x509Certificate)) {
                pKIXCertPathResult.setValidationResult(false);
                pKIXCertPathResult.b("Key usage error!");
                return false;
            }
            if (b(certPathCtx, x509Certificate, i)) {
                return true;
            }
            pKIXCertPathResult.setValidationResult(false);
            pKIXCertPathResult.b("Other critical extensions error!");
            return false;
        }

        private boolean a(CertPathCtx certPathCtx, CertPathState certPathState, X509Certificate x509Certificate) {
            int pathLen;
            if (certPathCtx.isFlagRaised(32)) {
                return true;
            }
            if (!a(x509Certificate)) {
                if (certPathState.maxPathLen <= 0) {
                    return false;
                }
                certPathState.maxPathLen--;
            }
            BasicConstraints basicConstraints = (BasicConstraints) a(x509Certificate, 19);
            if (basicConstraints == null || (pathLen = basicConstraints.getPathLen()) == -1 || pathLen >= certPathState.maxPathLen) {
                return true;
            }
            certPathState.maxPathLen = pathLen;
            return true;
        }

        private boolean a(CertPathCtx certPathCtx, CertPathState certPathState, X509Certificate x509Certificate, int i, Vector vector, PKIXCertPathResult pKIXCertPathResult) throws CertPathException {
            if (!a(x509Certificate) && certPathState.explicitPolicy > 0) {
                certPathState.explicitPolicy--;
            }
            c(certPathState, x509Certificate);
            d(certPathState, x509Certificate);
            if (!b(certPathCtx, x509Certificate, i - 1)) {
                pKIXCertPathResult.setValidationResult(false);
                pKIXCertPathResult.b("Other critical extensions error!");
                return false;
            }
            a(certPathState.validPolicyTree, certPathCtx, i - 1);
            if (certPathState.validPolicyTree != null && !certPathState.validPolicyTree.a().d()) {
                certPathState.validPolicyTree = null;
            }
            Vector vector2 = new Vector();
            a(certPathState.validPolicyTree, vector2);
            if (vector != null) {
                vector.addAll(vector2);
            }
            if (certPathState.explicitPolicy == 0 && certPathState.validPolicyTree == null) {
                pKIXCertPathResult.setValidationResult(false);
                pKIXCertPathResult.b("Policy info check error!");
                return false;
            }
            pKIXCertPathResult.setValidationResult(true);
            pKIXCertPathResult.b("Validation completed successfully!");
            pKIXCertPathResult.a(vector2);
            pKIXCertPathResult.a(certPathState.workingPubKey);
            pKIXCertPathResult.a(certPathState.workingPubKeyAlg);
            pKIXCertPathResult.a(certPathState.workingPubKeyParams);
            return true;
        }

        private void a(CertPathState certPathState) {
            if (certPathState.inhibitAnyPolicy > 0) {
                certPathState.inhibitAnyPolicy--;
            }
            if (certPathState.explicitPolicy > 0) {
                certPathState.explicitPolicy--;
            }
            if (certPathState.policyMapping > 0) {
                certPathState.policyMapping--;
            }
        }

        private boolean a(CertPathState certPathState, X509Certificate x509Certificate, int i) throws CertPathException {
            PolicyMappings policyMappings = (PolicyMappings) a(x509Certificate, 33);
            if (policyMappings == null) {
                return true;
            }
            if (!a(policyMappings)) {
                return false;
            }
            a(certPathState, policyMappings, i);
            return true;
        }

        private boolean a(PolicyMappings policyMappings) throws CertPathException {
            int policyCount = policyMappings.getPolicyCount();
            for (int i = 0; i < policyCount; i++) {
                try {
                    if (CertJUtils.byteArraysEqual(X509V3Extension.ANY_POLICY_OID, policyMappings.getIssuerDomainPolicy(i)) || CertJUtils.byteArraysEqual(X509V3Extension.ANY_POLICY_OID, policyMappings.getSubjectDomainPolicy(i))) {
                        return false;
                    }
                } catch (CertificateException e) {
                    throw new CertPathException(e.getMessage());
                }
            }
            return true;
        }

        private void a(CertPathState certPathState, PolicyMappings policyMappings, int i) throws CertPathException {
            int policyCount = policyMappings.getPolicyCount();
            try {
                if (certPathState.policyMapping > 0) {
                    for (int i2 = 0; i2 < policyCount; i2++) {
                        a(policyMappings.getIssuerDomainPolicy(i2), policyMappings, certPathState, i);
                    }
                } else {
                    for (int i3 = 0; i3 < policyCount; i3++) {
                        a(policyMappings.getIssuerDomainPolicy(i3), certPathState, i);
                    }
                }
            } catch (CertificateException e) {
                throw new CertPathException(e.getMessage());
            }
        }

        private void a(byte[] bArr, PolicyMappings policyMappings, CertPathState certPathState, int i) throws CertPathException {
            Co a;
            Vector subjectDomainPolicies = policyMappings.getSubjectDomainPolicies(bArr);
            Vector vector = new Vector(certPathState.validPolicyTree.b(i));
            Iterator it = vector.iterator();
            boolean z = false;
            while (it.hasNext()) {
                Co co = (Co) it.next();
                if (co.b(bArr)) {
                    Vector f = co.f();
                    f.clear();
                    f.addAll(subjectDomainPolicies);
                    z = true;
                }
            }
            if (z || (a = Cp.a(X509V3Extension.ANY_POLICY_OID, vector)) == null) {
                return;
            }
            a.a().a(Co.a(bArr, a.g(), policyMappings.getCriticality(), subjectDomainPolicies));
        }

        private void a(byte[] bArr, CertPathState certPathState, int i) {
            Iterator it = new Vector(certPathState.validPolicyTree.b(i)).iterator();
            while (it.hasNext()) {
                Co co = (Co) it.next();
                if (co.b(bArr)) {
                    co.a().b(co);
                }
            }
            certPathState.validPolicyTree.a(i - 1);
        }

        private boolean a(X509Certificate x509Certificate) {
            return x509Certificate.getIssuerName().equals(x509Certificate.getSubjectName());
        }

        private void a(CertPathState certPathState, X509Certificate x509Certificate) {
            InhibitAnyPolicy inhibitAnyPolicy = (InhibitAnyPolicy) a(x509Certificate, 54);
            if (inhibitAnyPolicy != null && inhibitAnyPolicy.getSkipCerts() < certPathState.inhibitAnyPolicy) {
                certPathState.inhibitAnyPolicy = inhibitAnyPolicy.getSkipCerts();
            }
        }

        private void a(Cn cn, CertPathCtx certPathCtx, int i) throws CertPathException {
            Co a;
            if (cn == null) {
                return;
            }
            Vector vector = new Vector(Arrays.asList(certPathCtx.getPolicies()));
            if (CertJUtils.containsByteArray(vector, X509V3Extension.ANY_POLICY_OID)) {
                return;
            }
            Vector a2 = a(cn);
            Iterator it = a2.iterator();
            while (it.hasNext()) {
                Co co = (Co) it.next();
                if (!co.j() && !CertJUtils.containsByteArray(vector, co.e()) && (a = co.a()) != null) {
                    a.b(co);
                }
            }
            Co a3 = Cp.a(X509V3Extension.ANY_POLICY_OID, cn.b(i));
            if (a3 == null) {
                cn.a(i - 1);
                return;
            }
            Co a4 = a3.a();
            PolicyQualifiers g = a3.g();
            Iterator it2 = vector.iterator();
            while (it2.hasNext()) {
                byte[] bArr = (byte[]) it2.next();
                if (Cp.a(bArr, a2) == null) {
                    Vector vector2 = new Vector();
                    vector2.add(bArr);
                    a4.a(Co.a(bArr, g, a3.h(), vector2));
                }
            }
            a4.b(a3);
            cn.a(i - 1);
        }

        private Vector a(Cn cn) {
            Vector vector = new Vector();
            a(cn.a(), vector);
            return vector;
        }

        private void a(Co co, Vector vector) {
            Co a = co.a();
            if (a != null && a.j()) {
                vector.add(co);
            }
            if (co.d()) {
                Iterator it = co.c().iterator();
                while (it.hasNext()) {
                    a((Co) it.next(), vector);
                }
            }
        }

        private void a(Cn cn, Vector vector) throws CertPathException {
            if (cn == null || vector == null) {
                return;
            }
            a(cn.a(), vector, new boolean[]{false});
        }

        private void a(Co co, Vector vector, boolean[] zArr) throws CertPathException {
            if (co.j()) {
                if (!co.d()) {
                    vector.clear();
                    vector.add(co.i());
                    zArr[0] = true;
                    return;
                }
            } else if (co.a().j()) {
                vector.add(co.i());
            }
            if (co.d()) {
                Iterator it = co.c().iterator();
                while (it.hasNext() && !zArr[0]) {
                    a((Co) it.next(), vector, zArr);
                }
            }
        }

        private boolean b(CertPathState certPathState, X509Certificate x509Certificate) {
            X500Name subjectName = x509Certificate.getSubjectName();
            SubjectAltName subjectAltName = (SubjectAltName) a(x509Certificate, 17);
            if (subjectName != null && subjectName.getRDNCount() > 0) {
                GeneralName generalName = new GeneralName();
                try {
                    generalName.setGeneralName(subjectName, 5);
                    if (!a(certPathState, generalName) || !a(certPathState, subjectName)) {
                        return false;
                    }
                } catch (NameException e) {
                    return false;
                }
            } else if (subjectAltName == null) {
                return false;
            }
            if (subjectAltName != null) {
                return a(certPathState, subjectAltName.getGeneralNames());
            }
            return true;
        }

        private boolean a(CertPathState certPathState, X509Certificate x509Certificate, int i, int i2) throws CertPathException {
            if (certPathState.validPolicyTree == null) {
                return true;
            }
            CertPolicies certPolicies = (CertPolicies) a(x509Certificate, 32);
            if (certPolicies == null) {
                certPathState.validPolicyTree = null;
                return certPathState.explicitPolicy > 0;
            }
            Vector b = certPathState.validPolicyTree.b(i - 1);
            for (int i3 = 0; i3 < certPolicies.getPoliciesCount(); i3++) {
                try {
                    byte[] certPolicyId = certPolicies.getCertPolicyId(i3);
                    if (!CertJUtils.byteArraysEqual(X509V3Extension.ANY_POLICY_OID, certPolicyId) && !a(certPolicyId, certPolicies, i3, b)) {
                        b(certPolicyId, certPolicies, i3, b);
                    }
                } catch (CertificateException e) {
                    throw new CertPathException(e.getMessage());
                }
            }
            a(certPathState, certPolicies, b, i, i2, a(x509Certificate));
            if (certPathState.validPolicyTree.b(i).size() == 0) {
                certPathState.validPolicyTree = null;
            } else {
                certPathState.validPolicyTree.a(i - 1);
            }
            return (certPathState.validPolicyTree == null && certPathState.explicitPolicy == 0) ? false : true;
        }

        private boolean a(byte[] bArr, CertPolicies certPolicies, int i, Vector vector) throws CertPathException {
            Iterator it = vector.iterator();
            boolean criticality = certPolicies.getCriticality();
            while (it.hasNext()) {
                Co co = (Co) it.next();
                if (CertJUtils.containsByteArray(co.f(), bArr)) {
                    Vector vector2 = new Vector();
                    vector2.add(bArr);
                    try {
                        co.a(Co.a(bArr, certPolicies.getPolicyQualifiers(i), criticality, vector2));
                        return true;
                    } catch (CertificateException e) {
                        throw new CertPathException(e.getMessage());
                    }
                }
            }
            return false;
        }

        private void b(byte[] bArr, CertPolicies certPolicies, int i, Vector vector) throws CertPathException {
            Iterator it = vector.iterator();
            while (it.hasNext()) {
                Co co = (Co) it.next();
                if (co.j()) {
                    Vector vector2 = new Vector();
                    vector2.add(bArr);
                    try {
                        co.a(Co.a(bArr, certPolicies.getPolicyQualifiers(i), certPolicies.getCriticality(), vector2));
                        return;
                    } catch (CertificateException e) {
                        throw new CertPathException(e.getMessage());
                    }
                }
            }
        }

        private void a(CertPathState certPathState, CertPolicies certPolicies, Vector vector, int i, int i2, boolean z) throws CertPathException {
            int i3 = -1;
            int i4 = 0;
            while (true) {
                try {
                    if (i4 >= certPolicies.getPoliciesCount()) {
                        break;
                    }
                    if (CertJUtils.byteArraysEqual(certPolicies.getCertPolicyId(i4), X509V3Extension.ANY_POLICY_OID)) {
                        i3 = i4;
                        break;
                    }
                    i4++;
                } catch (CertificateException e) {
                    throw new CertPathException(e.getMessage());
                }
            }
            if (i3 >= 0) {
                if (certPathState.inhibitAnyPolicy > 0 || (z && i < i2)) {
                    try {
                        PolicyQualifiers policyQualifiers = certPolicies.getPolicyQualifiers(i3);
                        Iterator it = vector.iterator();
                        boolean criticality = certPolicies.getCriticality();
                        while (it.hasNext()) {
                            Co co = (Co) it.next();
                            Iterator it2 = co.f().iterator();
                            while (it2.hasNext()) {
                                byte[] bArr = (byte[]) it2.next();
                                if (co.a(bArr) == null) {
                                    Vector vector2 = new Vector();
                                    vector2.add(bArr);
                                    co.a(Co.a(bArr, policyQualifiers, criticality, vector2));
                                }
                            }
                        }
                    } catch (CertificateException e2) {
                        throw new CertPathException(e2.getMessage());
                    }
                }
            }
        }

        private X509V3Extension a(X509Certificate x509Certificate, int i) {
            X509V3Extension x509V3Extension = null;
            X509V3Extensions extensions = x509Certificate.getExtensions();
            if (extensions != null) {
                try {
                    x509V3Extension = extensions.getExtensionByType(i);
                } catch (CertificateException e) {
                }
            }
            return x509V3Extension;
        }

        private boolean b(CertPathCtx certPathCtx, X509Certificate x509Certificate, int i) {
            X509V3Extensions extensions = x509Certificate.getExtensions();
            if (extensions == null || certPathCtx.isFlagRaised(128)) {
                return true;
            }
            for (int i2 = 0; i2 < extensions.getExtensionCount(); i2++) {
                try {
                    X509V3Extension extensionByIndex = extensions.getExtensionByIndex(i2);
                    if (!extensionByIndex.getCriticality()) {
                        return true;
                    }
                    switch (extensionByIndex.getExtensionType()) {
                        case 9:
                        case 14:
                        case 15:
                        case 16:
                        case 17:
                        case 18:
                        case 19:
                        case X509V3Extension.NAME_CONSTRAINTS /* 30 */:
                        case X509V3Extension.CRL_DISTRIBUTION_POINTS /* 31 */:
                        case 32:
                        case X509V3Extension.POLICY_MAPPINGS /* 33 */:
                        case X509V3Extension.AUTHORITY_KEY_ID /* 35 */:
                        case X509V3Extension.POLICY_CONSTRAINTS /* 36 */:
                        case X509V3Extension.EXTENDED_KEY_USAGE /* 37 */:
                        case 10:
                        case 11:
                        case 12:
                        case 13:
                        case 20:
                        case 21:
                        case 22:
                        case 23:
                        case 24:
                        case AttributeValueAssertion.COUNTRY_OF_CITIZENSHIP /* 25 */:
                        case AttributeValueAssertion.COUNTRY_OF_RESIDENCE /* 26 */:
                        case X509V3Extension.DELTA_CRL_INDICATOR /* 27 */:
                        case X509V3Extension.ISSUING_DISTRIBUTION_POINT /* 28 */:
                        case X509V3Extension.CERTIFICATE_ISSUER /* 29 */:
                        case 34:
                        default:
                            return false;
                    }
                } catch (CertificateException e) {
                    return false;
                }
            }
            return true;
        }

        private boolean a(CertPathCtx certPathCtx, X509Certificate x509Certificate) {
            if (certPathCtx.isFlagRaised(32)) {
                return true;
            }
            BasicConstraints basicConstraints = (BasicConstraints) a(x509Certificate, 19);
            return basicConstraints != null && basicConstraints.getCA();
        }

        private void b(CertPathCtx certPathCtx, CertPathState certPathState, X509Certificate x509Certificate) {
            NameConstraints nameConstraints;
            if (certPathCtx.isFlagRaised(16) || (nameConstraints = (NameConstraints) a(x509Certificate, 30)) == null) {
                return;
            }
            a(certPathState.constrainedSubtrees, nameConstraints.getPermittedSubtrees());
            a(certPathState.excludedSubtrees, nameConstraints.getExcludedSubtrees());
        }

        private void c(CertPathState certPathState, X509Certificate x509Certificate) {
            PolicyConstraints policyConstraints = (PolicyConstraints) a(x509Certificate, 36);
            if (policyConstraints == null) {
                return;
            }
            int explicitPolicy = policyConstraints.getExplicitPolicy();
            int policyMapping = policyConstraints.getPolicyMapping();
            if (explicitPolicy != -1 && explicitPolicy < certPathState.explicitPolicy) {
                certPathState.explicitPolicy = explicitPolicy;
            }
            if (policyMapping == -1 || policyMapping >= certPathState.policyMapping) {
                return;
            }
            certPathState.policyMapping = policyMapping;
        }

        private boolean b(CertPathCtx certPathCtx, X509Certificate x509Certificate) {
            KeyUsage keyUsage;
            return certPathCtx.isFlagRaised(64) || (keyUsage = (KeyUsage) a(x509Certificate, 15)) == null || (keyUsage.getKeyUsage() & 67108864) != 0;
        }

        private boolean a(CertPathState certPathState, GeneralNames generalNames) {
            for (int i = 0; i < generalNames.getNameCount(); i++) {
                try {
                    if (!a(certPathState, generalNames.getGeneralName(i))) {
                        return false;
                    }
                } catch (NameException e) {
                    return false;
                }
            }
            return true;
        }

        private boolean a(CertPathState certPathState, GeneralName generalName) {
            try {
                if (generalName.getDERLen(0) == 0) {
                    return true;
                }
                int generalNameType = generalName.getGeneralNameType();
                try {
                    GeneralNames generalNames = (GeneralNames) certPathState.constrainedSubtrees.get(new Integer(generalNameType));
                    if (generalNames != null) {
                        boolean z = false;
                        int i = 0;
                        while (true) {
                            if (i >= generalNames.getNameCount()) {
                                break;
                            }
                            if (NameMatcher.matchGeneralNames(generalName, generalNames.getGeneralName(i), generalNameType)) {
                                z = true;
                                break;
                            }
                            i++;
                        }
                        if (!z) {
                            return false;
                        }
                    }
                    for (int i2 = 0; i2 < certPathState.excludedSubtrees.getNameCount(); i2++) {
                        GeneralName generalName2 = certPathState.excludedSubtrees.getGeneralName(i2);
                        if (generalNameType == generalName2.getGeneralNameType() && NameMatcher.matchGeneralNames(generalName, generalName2, generalNameType)) {
                            return false;
                        }
                    }
                    return true;
                } catch (NameException e) {
                    return false;
                }
            } catch (NameException e2) {
                throw new IllegalStateException("Internal errror!");
            }
        }

        private boolean a(CertPathState certPathState, X500Name x500Name) {
            for (int i = 0; i < x500Name.getRDNCount(); i++) {
                try {
                    AttributeValueAssertion attribute = x500Name.getRDN(i).getAttribute(7);
                    if (attribute != null) {
                        String stringAttribute = attribute.getStringAttribute();
                        GeneralNames generalNames = (GeneralNames) certPathState.constrainedSubtrees.get(new Integer(2));
                        if (generalNames != null) {
                            boolean z = false;
                            int i2 = 0;
                            while (true) {
                                if (i2 >= generalNames.getNameCount()) {
                                    break;
                                }
                                if (NameMatcher.matchRfc822Names(stringAttribute, (String) generalNames.getGeneralName(i2).getGeneralName())) {
                                    z = true;
                                    break;
                                }
                                i2++;
                            }
                            if (!z) {
                                return false;
                            }
                        }
                        for (int i3 = 0; i3 < certPathState.excludedSubtrees.getNameCount(); i3++) {
                            GeneralName generalName = certPathState.excludedSubtrees.getGeneralName(i3);
                            if (generalName.getGeneralNameType() == 2 && NameMatcher.matchRfc822Names(stringAttribute, (String) generalName.getGeneralName())) {
                                return false;
                            }
                        }
                    }
                } catch (NameException e) {
                }
            }
            return true;
        }

        private void a(Map map, GeneralSubtrees generalSubtrees) {
            HashMap hashMap = new HashMap(map);
            Iterator it = hashMap.keySet().iterator();
            while (it.hasNext()) {
                map.put(it.next(), new GeneralNames());
            }
            HashSet hashSet = new HashSet();
            for (int i = 0; i < generalSubtrees.getSubtreeCount(); i++) {
                try {
                    GeneralName base = generalSubtrees.getBase(i);
                    Integer num = new Integer(base.getGeneralNameType());
                    GeneralNames generalNames = (GeneralNames) hashMap.get(num);
                    GeneralNames generalNames2 = (GeneralNames) map.get(num);
                    if (generalNames == null) {
                        if (generalNames2 == null) {
                            generalNames2 = new GeneralNames();
                            map.put(num, generalNames2);
                        }
                        generalNames2.addGeneralName(base);
                    } else {
                        hashSet.add(num);
                        for (int nameCount = generalNames.getNameCount() - 1; nameCount >= 0; nameCount--) {
                            GeneralName generalName = generalNames.getGeneralName(nameCount);
                            switch (NameMatcher.compareAltNames(generalName, base)) {
                                case 1:
                                case 2:
                                    generalNames2.addGeneralName(generalName);
                                    break;
                                case 3:
                                    generalNames2.addGeneralName(base);
                                    break;
                            }
                        }
                    }
                } catch (NameException e) {
                    throw new IllegalStateException("Internal error!");
                }
            }
            Iterator it2 = hashSet.iterator();
            while (it2.hasNext()) {
                hashMap.remove(it2.next());
            }
            map.putAll(hashMap);
        }

        private void a(GeneralNames generalNames, GeneralSubtrees generalSubtrees) {
            for (int i = 0; i < generalSubtrees.getSubtreeCount(); i++) {
                try {
                    try {
                        GeneralName base = generalSubtrees.getBase(i);
                        boolean z = false;
                        for (int nameCount = generalNames.getNameCount() - 1; nameCount >= 0; nameCount--) {
                            GeneralName generalName = generalNames.getGeneralName(nameCount);
                            if (base.getGeneralNameType() == generalName.getGeneralNameType()) {
                                switch (NameMatcher.compareAltNames(generalName, base)) {
                                    case 1:
                                    case 3:
                                        z = true;
                                        break;
                                    case 2:
                                        z = true;
                                        generalNames.getGeneralNames().setElementAt(base, nameCount);
                                        break;
                                }
                            }
                        }
                        if (!z) {
                            generalNames.addGeneralName(base);
                        }
                    } catch (NameException e) {
                        return;
                    }
                } catch (NameException e2) {
                    return;
                }
            }
        }

        private void a(CertPathCtx certPathCtx, X500Name x500Name, X509V3Extensions x509V3Extensions, Vector vector) throws CertPathException {
            if ((certPathCtx.getPathOptions() & 512) != 0) {
                findCertBySubject(certPathCtx, x500Name, vector);
                return;
            }
            AuthorityKeyID authorityKeyID = null;
            if (x509V3Extensions != null) {
                try {
                    authorityKeyID = (AuthorityKeyID) x509V3Extensions.getExtensionByType(35);
                } catch (CertificateException e) {
                }
            }
            if (authorityKeyID != null) {
                a(certPathCtx, x500Name, authorityKeyID, vector);
            } else {
                findCertBySubject(certPathCtx, x500Name, vector);
            }
        }

        private void a(CertPathCtx certPathCtx, X500Name x500Name, AuthorityKeyID authorityKeyID, Vector vector) throws CertPathException {
            byte[] keyID = authorityKeyID.getKeyID();
            if (keyID != null) {
                a(certPathCtx, x500Name, keyID, vector);
            } else {
                a(certPathCtx, authorityKeyID, vector);
            }
        }

        private void a(CertPathCtx certPathCtx, X500Name x500Name, byte[] bArr, Vector vector) throws CertPathException {
            Vector vector2 = new Vector();
            findCertBySubject(certPathCtx, x500Name, vector2);
            int size = vector2.size();
            while (size > 0) {
                size--;
                X509V3Extensions extensions = ((X509Certificate) vector2.elementAt(size)).getExtensions();
                if (extensions == null) {
                    vector2.removeElementAt(size);
                } else {
                    SubjectKeyID subjectKeyID = null;
                    try {
                        subjectKeyID = (SubjectKeyID) extensions.getExtensionByType(14);
                    } catch (CertificateException e) {
                    }
                    if (subjectKeyID == null) {
                        vector2.removeElementAt(size);
                    } else if (!CertJUtils.byteArraysEqual(bArr, subjectKeyID.getKeyID())) {
                        vector2.removeElementAt(size);
                    }
                }
            }
            CertJUtils.mergeLists(vector, vector2);
        }

        private void a(CertPathCtx certPathCtx, AuthorityKeyID authorityKeyID, Vector vector) throws CertPathException {
            GeneralNames authorityCertIssuer;
            byte[] serialNumber = authorityKeyID.getSerialNumber();
            if (serialNumber.length == 0 || (authorityCertIssuer = authorityKeyID.getAuthorityCertIssuer()) == null) {
                return;
            }
            for (int i = 0; i < authorityCertIssuer.getNameCount(); i++) {
                try {
                    GeneralName generalName = authorityCertIssuer.getGeneralName(i);
                    if (generalName.getGeneralNameType() == 5) {
                        b(certPathCtx, (X500Name) generalName.getGeneralName(), serialNumber, vector);
                    } else {
                        a(certPathCtx, generalName, serialNumber, vector);
                    }
                } catch (NameException e) {
                    return;
                }
            }
        }

        private void a(CertPathCtx certPathCtx, GeneralName generalName, byte[] bArr, Vector vector) throws CertPathException {
            GeneralNames generalNames = new GeneralNames();
            generalNames.addGeneralName(generalName);
            try {
                IssuerAltName issuerAltName = new IssuerAltName(generalNames, false);
                X509V3Extensions x509V3Extensions = new X509V3Extensions(1);
                x509V3Extensions.addV3Extension(issuerAltName);
                Vector vector2 = new Vector();
                b(certPathCtx, (X500Name) null, x509V3Extensions, vector2);
                int size = vector2.size();
                while (size > 0) {
                    size--;
                    if (!CertJUtils.byteArraysEqual(bArr, ((X509Certificate) vector2.elementAt(size)).getSerialNumber())) {
                        vector2.removeElementAt(size);
                    }
                }
                CertJUtils.mergeLists(vector, vector2);
            } catch (CertificateException e) {
            }
        }

        private void b(CertPathCtx certPathCtx, X500Name x500Name, byte[] bArr, Vector vector) throws CertPathException {
            Certificate[] trustedCerts = certPathCtx.getTrustedCerts();
            if (trustedCerts != null) {
                for (Certificate certificate : trustedCerts) {
                    if (certificate instanceof X509Certificate) {
                        X509Certificate x509Certificate = (X509Certificate) certificate;
                        if (x500Name.equals(x509Certificate.getIssuerName()) && CertJUtils.byteArraysEqual(bArr, x509Certificate.getSerialNumber())) {
                            if (vector.contains(x509Certificate)) {
                                return;
                            }
                            vector.addElement(x509Certificate);
                            return;
                        }
                    }
                }
            }
            try {
                certPathCtx.getDatabase().selectCertificateByIssuerAndSerialNumber(x500Name, bArr, vector);
            } catch (NoServiceException e) {
                throw new CertPathException(new StringBuffer().append("PKIXCertPath$Implementation.findCertByIssuerAndSerial: ").append(e.getMessage()).toString());
            } catch (DatabaseException e2) {
                throw new CertPathException(new StringBuffer().append("PKIXCertPath$Implementation.findCertByIssuerAndSerial: ").append(e2.getMessage()).toString());
            }
        }

        private void b(CertPathCtx certPathCtx, X500Name x500Name, X509V3Extensions x509V3Extensions, Vector vector) throws CertPathException {
            Certificate[] trustedCerts = certPathCtx.getTrustedCerts();
            if (trustedCerts != null) {
                for (Certificate certificate : trustedCerts) {
                    if (certificate instanceof X509Certificate) {
                        X509Certificate x509Certificate = (X509Certificate) certificate;
                        if ((x500Name == null || x509Certificate.getSubjectName().contains(x500Name)) && CertJUtils.compareExtensions(x509V3Extensions, x509Certificate.getExtensions()) && !vector.contains(x509Certificate)) {
                            vector.addElement(x509Certificate);
                        }
                    }
                }
            }
            try {
                certPathCtx.getDatabase().selectCertificateByExtensions(x500Name, x509V3Extensions, vector);
            } catch (NoServiceException e) {
                throw new CertPathException(new StringBuffer().append("PKIXCertPath$Implementation.findCertByExtension: ").append(e.getMessage()).toString());
            } catch (DatabaseException e2) {
                throw new CertPathException(new StringBuffer().append("PKIXCertPath$Implementation.findCertByExtension: ").append(e2.getMessage()).toString());
            }
        }

        private Vector a(byte[][] bArr) {
            Vector vector = new Vector();
            if (bArr == null) {
                return vector;
            }
            for (byte[] bArr2 : bArr) {
                if (!CertJUtils.containsByteArray(vector, bArr2)) {
                    vector.addElement(bArr2);
                }
            }
            return vector;
        }

        @Override // com.rsa.certj.ProviderImplementation
        public String toString() {
            return new StringBuffer().append("PKIX Certification Path provider named: ").append(super.getName()).toString();
        }

        /* JADX WARN: Type inference failed for: r0v18, types: [byte[], java.lang.Object, byte[][]] */
        private JSAFE_PublicKey a(Object obj, X509Certificate x509Certificate) throws CertificateException {
            CertPathState certPathState = (CertPathState) obj;
            if (!"DSA".equals(certPathState.workingPubKeyAlg) || certPathState.workingPubKeyParams == null) {
                return x509Certificate.getSubjectPublicKey(this.certJ.getDevice());
            }
            try {
                JSAFE_PublicKey jSAFE_PublicKey = JSAFE_PublicKey.getInstance(certPathState.workingPubKeyAlg, this.certJ.getDevice());
                int length = certPathState.workingPubKeyParams.length;
                ?? r0 = new byte[length + 1];
                System.arraycopy(certPathState.workingPubKeyParams, 0, r0, 0, length);
                r0[length] = certPathState.workingPubKey;
                try {
                    jSAFE_PublicKey.setKeyData((byte[][]) r0);
                    return jSAFE_PublicKey;
                } catch (JSAFE_InvalidKeyException e) {
                    throw new CertificateException(e.getMessage());
                }
            } catch (JSAFE_Exception e2) {
                throw new CertificateException(e2.getMessage());
            }
        }

        @Override // com.rsa.certj.provider.path.CertPathCommon
        protected void getNextCertInPathInternal(CertPathCtx certPathCtx, Object obj, Vector vector) throws CertPathException {
            Vector vector2 = new Vector();
            getNextCertCandidates(certPathCtx, obj, vector2);
            CertJUtils.mergeLists(vector, vector2);
        }

        /* JADX WARN: Type inference failed for: r1v15, types: [byte[], byte[][]] */
        private void d(CertPathState certPathState, X509Certificate x509Certificate) throws CertPathException {
            try {
                JSAFE_PublicKey subjectPublicKey = x509Certificate.getSubjectPublicKey(this.certJ.getDevice());
                if (!"DSA".equals(subjectPublicKey.getAlgorithm())) {
                    certPathState.workingPubKeyAlg = subjectPublicKey.getAlgorithm();
                    certPathState.workingPubKey = null;
                    certPathState.workingPubKeyParams = (byte[][]) null;
                    return;
                }
                try {
                    byte[][] keyData = subjectPublicKey.getKeyData("DSAPublicValue");
                    if (keyData.length == 0) {
                        throw new CertPathException("Could not retrieve DSA public key form certificate!");
                    }
                    certPathState.workingPubKey = keyData[0];
                    byte[][] keyData2 = subjectPublicKey.getKeyData();
                    if (keyData2.length == 0) {
                        if ("DSA".equals(certPathState.workingPubKeyAlg)) {
                            return;
                        }
                        certPathState.workingPubKeyAlg = "DSA";
                        certPathState.workingPubKeyParams = (byte[][]) null;
                        return;
                    }
                    if (certPathState.workingPubKeyParams == null) {
                        certPathState.workingPubKeyParams = new byte[keyData2.length - 1];
                    }
                    System.arraycopy(keyData2, 0, certPathState.workingPubKeyParams, 0, keyData2.length - 1);
                    certPathState.workingPubKeyAlg = "DSA";
                } catch (JSAFE_UnimplementedException e) {
                    throw new CertPathException(e.getMessage());
                }
            } catch (CertificateException e2) {
                throw new CertPathException(e2.getMessage());
            }
        }

        private boolean a(CertPathCtx certPathCtx, CertPathState certPathState, X509Certificate x509Certificate, X509Certificate x509Certificate2) throws CertPathException {
            if (certPathCtx.isFlagRaised(1)) {
                return true;
            }
            try {
                return x509Certificate.verifyCertificateSignature(this.certJ.getDevice(), a((Object) certPathState, x509Certificate2), (SecureRandom) this.certJ.getRandomObject());
            } catch (NoServiceException e) {
                throw new CertPathException(new StringBuffer().append("CertPathCommon.verifyCertSignature:").append(e.getMessage()).toString());
            } catch (Exception e2) {
                return false;
            }
        }

        /* JADX WARN: Multi-variable type inference failed */
        /* JADX WARN: Type inference failed for: r0v39, types: [byte[]] */
        CertPathState a(CertPathCtx certPathCtx, X509Certificate x509Certificate, int i) throws CertPathException {
            byte[][] policies = certPathCtx.getPolicies();
            Vector vector = null;
            int i2 = i + 1;
            int i3 = i + 1;
            int i4 = i + 1;
            byte[] bArr = null;
            byte[][] bArr2 = (byte[][]) null;
            if (policies != null) {
                vector = a(policies);
            }
            if (certPathCtx.isFlagRaised(65536)) {
                i2 = 0;
            }
            if (certPathCtx.isFlagRaised(32768)) {
                i3 = 0;
            }
            if (certPathCtx.isFlagRaised(131072)) {
                i4 = 0;
            }
            try {
                JSAFE_PublicKey subjectPublicKey = x509Certificate.getSubjectPublicKey(this.certJ.getDevice());
                String algorithm = subjectPublicKey.getAlgorithm();
                if ("DSA".equals(algorithm)) {
                    byte[][] keyData = subjectPublicKey.getKeyData();
                    if (keyData.length == 0) {
                        throw new CertPathException("Anchor certificate must have valid public key parameters in subjectPublicKeyInfo!");
                    }
                    bArr2 = new byte[keyData.length - 1];
                    System.arraycopy(keyData, 0, bArr2, 0, keyData.length - 1);
                    bArr = keyData[keyData.length - 1];
                }
                return new CertPathState(this.a, vector, new Cn(), new HashMap(), new GeneralNames(), i3, i2, i4, i, algorithm, bArr, bArr2);
            } catch (CertificateException e) {
                throw new CertPathException(e.getMessage());
            }
        }

        @Override // com.rsa.certj.provider.path.CertPathCommon
        protected CertPathResult createCertPathResult() {
            return new PKIXCertPathResult();
        }

        Implementation(PKIXCertPath pKIXCertPath, CertJ certJ, String str, Cm cm) throws InvalidParameterException {
            this(pKIXCertPath, certJ, str);
        }
    }

    public PKIXCertPath(String str) throws InvalidParameterException {
        super(3, str);
    }

    @Override // com.rsa.certj.Provider
    public ProviderImplementation instantiate(CertJ certJ) throws ProviderManagementException {
        try {
            return new Implementation(this, certJ, getName(), null);
        } catch (InvalidParameterException e) {
            throw new ProviderManagementException(new StringBuffer().append("PKIXCertPath.instantiate: ").append(e.getMessage()).toString());
        }
    }
}
