package org.spongycastle.jce.provider;

import a00.b;
import java.io.IOException;
import java.math.BigInteger;
import java.security.PublicKey;
import java.security.cert.CertPath;
import java.security.cert.CertPathBuilderException;
import java.security.cert.CertPathValidatorException;
import java.security.cert.Certificate;
import java.security.cert.PKIXCertPathChecker;
import java.security.cert.X509CRL;
import java.security.cert.X509CertSelector;
import java.security.cert.X509Certificate;
import java.security.cert.X509Extension;
import java.util.ArrayList;
import java.util.Enumeration;
import java.util.HashSet;
import java.util.Iterator;
import java.util.LinkedHashSet;
import java.util.List;
import java.util.Set;
import l42.l1;
import org.spongycastle.asn1.ASN1Encodable;
import org.spongycastle.asn1.ASN1EncodableVector;
import org.spongycastle.asn1.ASN1Integer;
import org.spongycastle.asn1.ASN1Primitive;
import org.spongycastle.asn1.ASN1Sequence;
import org.spongycastle.asn1.DERSequence;
import org.spongycastle.asn1.x500.X500Name;
import org.spongycastle.asn1.x509.BasicConstraints;
import org.spongycastle.asn1.x509.DistributionPoint;
import org.spongycastle.asn1.x509.DistributionPointName;
import org.spongycastle.asn1.x509.Extension;
import org.spongycastle.asn1.x509.GeneralName;
import org.spongycastle.asn1.x509.GeneralNames;
import org.spongycastle.asn1.x509.IssuingDistributionPoint;
import org.spongycastle.asn1.x509.ReasonFlags;
import org.spongycastle.jcajce.PKIXCertStoreSelector;
import org.spongycastle.jcajce.PKIXExtendedBuilderParameters;
import org.spongycastle.jcajce.PKIXExtendedParameters;
import org.spongycastle.jcajce.util.BCJcaJceHelper;
import org.spongycastle.jce.exception.ExtCertPathValidatorException;
import org.spongycastle.util.Arrays;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: classes3.dex */
public class RFC3280CertPathUtilities {

    /* renamed from: a, reason: collision with root package name */
    public static final String f28458a;

    /* renamed from: b, reason: collision with root package name */
    public static final String f28459b;

    /* renamed from: c, reason: collision with root package name */
    public static final String f28460c;

    /* renamed from: d, reason: collision with root package name */
    public static final String f28461d;
    public static final String e;

    /* renamed from: f, reason: collision with root package name */
    public static final String f28462f;

    /* renamed from: g, reason: collision with root package name */
    public static final String f28463g;

    /* renamed from: h, reason: collision with root package name */
    public static final String f28464h;

    /* renamed from: i, reason: collision with root package name */
    public static final String f28465i;

    /* renamed from: j, reason: collision with root package name */
    public static final String f28466j;

    /* renamed from: k, reason: collision with root package name */
    public static final String f28467k;

    /* renamed from: l, reason: collision with root package name */
    public static final String f28468l;

    /* renamed from: m, reason: collision with root package name */
    public static final String[] f28469m;

    static {
        new PKIXCRLUtil();
        f28458a = Extension.X.f26143a;
        f28459b = Extension.Y.f26143a;
        f28460c = Extension.N1.f26143a;
        f28461d = Extension.A.f26143a;
        Extension.M1.getClass();
        e = Extension.f26689y.f26143a;
        f28462f = Extension.f26682b1.f26143a;
        f28463g = Extension.f26686q.f26143a;
        f28464h = Extension.N.f26143a;
        f28465i = Extension.f26683g.f26143a;
        f28466j = Extension.K.f26143a;
        f28467k = Extension.Z.f26143a;
        f28468l = Extension.e.f26143a;
        Extension.f26687s.getClass();
        f28469m = new String[]{"unspecified", "keyCompromise", "cACompromise", "affiliationChanged", "superseded", "cessationOfOperation", "certificateHold", "unknown", "removeFromCRL", "privilegeWithdrawn", "aACompromise"};
    }

    /* JADX WARN: Code restructure failed: missing block: B:73:0x013a, code lost:
    
        return;
     */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public static void a(org.spongycastle.asn1.x509.DistributionPoint r18, org.spongycastle.jcajce.PKIXExtendedParameters r19, java.security.cert.X509Certificate r20, java.util.Date r21, java.security.cert.X509Certificate r22, java.security.PublicKey r23, org.spongycastle.jce.provider.CertStatus r24, org.spongycastle.jce.provider.ReasonsMask r25, java.util.List r26, org.spongycastle.jcajce.util.BCJcaJceHelper r27) throws org.spongycastle.jce.provider.AnnotatedException {
        /*
            Method dump skipped, instructions count: 325
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: org.spongycastle.jce.provider.RFC3280CertPathUtilities.a(org.spongycastle.asn1.x509.DistributionPoint, org.spongycastle.jcajce.PKIXExtendedParameters, java.security.cert.X509Certificate, java.util.Date, java.security.cert.X509Certificate, java.security.PublicKey, org.spongycastle.jce.provider.CertStatus, org.spongycastle.jce.provider.ReasonsMask, java.util.List, org.spongycastle.jcajce.util.BCJcaJceHelper):void");
    }

    /* JADX WARN: Removed duplicated region for block: B:23:0x00ef  */
    /* JADX WARN: Removed duplicated region for block: B:29:0x00fc  */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public static void b(org.spongycastle.jcajce.PKIXExtendedParameters r20, java.security.cert.X509Certificate r21, java.util.Date r22, java.security.cert.X509Certificate r23, java.security.PublicKey r24, java.util.List r25, org.spongycastle.jcajce.util.BCJcaJceHelper r26) throws org.spongycastle.jce.provider.AnnotatedException {
        /*
            Method dump skipped, instructions count: 367
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: org.spongycastle.jce.provider.RFC3280CertPathUtilities.b(org.spongycastle.jcajce.PKIXExtendedParameters, java.security.cert.X509Certificate, java.util.Date, java.security.cert.X509Certificate, java.security.PublicKey, java.util.List, org.spongycastle.jcajce.util.BCJcaJceHelper):void");
    }

    public static int c(CertPath certPath, int i13, int i14) {
        return (CertPathValidatorUtilities.o((X509Certificate) certPath.getCertificates().get(i13)) || i14 == 0) ? i14 : i14 - 1;
    }

    public static int d(CertPath certPath, int i13, int i14) {
        return (CertPathValidatorUtilities.o((X509Certificate) certPath.getCertificates().get(i13)) || i14 == 0) ? i14 : i14 - 1;
    }

    public static int e(CertPath certPath, int i13, int i14) {
        return (CertPathValidatorUtilities.o((X509Certificate) certPath.getCertificates().get(i13)) || i14 == 0) ? i14 : i14 - 1;
    }

    /* JADX WARN: Code restructure failed: missing block: B:12:0x002c, code lost:
    
        r3 = org.spongycastle.asn1.ASN1Integer.C(r1, false).E().intValue();
     */
    /* JADX WARN: Code restructure failed: missing block: B:13:0x0039, code lost:
    
        if (r3 >= r5) goto L16;
     */
    /* JADX WARN: Code restructure failed: missing block: B:14:0x003b, code lost:
    
        return r3;
     */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public static int f(java.security.cert.CertPath r3, int r4, int r5) throws java.security.cert.CertPathValidatorException {
        /*
            java.util.List r0 = r3.getCertificates()
            java.lang.Object r0 = r0.get(r4)
            java.security.cert.X509Certificate r0 = (java.security.cert.X509Certificate) r0
            java.lang.String r1 = org.spongycastle.jce.provider.RFC3280CertPathUtilities.f28462f     // Catch: java.lang.Exception -> L46
            org.spongycastle.asn1.ASN1Primitive r0 = org.spongycastle.jce.provider.CertPathValidatorUtilities.k(r0, r1)     // Catch: java.lang.Exception -> L46
            org.spongycastle.asn1.ASN1Sequence r0 = org.spongycastle.asn1.ASN1Sequence.B(r0)     // Catch: java.lang.Exception -> L46
            if (r0 == 0) goto L45
            java.util.Enumeration r0 = r0.E()
        L1a:
            boolean r1 = r0.hasMoreElements()
            if (r1 == 0) goto L45
            java.lang.Object r1 = r0.nextElement()     // Catch: java.lang.IllegalArgumentException -> L3c
            org.spongycastle.asn1.ASN1TaggedObject r1 = org.spongycastle.asn1.ASN1TaggedObject.B(r1)     // Catch: java.lang.IllegalArgumentException -> L3c
            int r2 = r1.f26156a     // Catch: java.lang.IllegalArgumentException -> L3c
            if (r2 != 0) goto L1a
            r0 = 0
            org.spongycastle.asn1.ASN1Integer r0 = org.spongycastle.asn1.ASN1Integer.C(r1, r0)     // Catch: java.lang.IllegalArgumentException -> L3c
            java.math.BigInteger r0 = r0.E()     // Catch: java.lang.IllegalArgumentException -> L3c
            int r3 = r0.intValue()     // Catch: java.lang.IllegalArgumentException -> L3c
            if (r3 >= r5) goto L45
            return r3
        L3c:
            r5 = move-exception
            org.spongycastle.jce.exception.ExtCertPathValidatorException r0 = new org.spongycastle.jce.exception.ExtCertPathValidatorException
            java.lang.String r1 = "Policy constraints extension contents cannot be decoded."
            r0.<init>(r1, r5, r3, r4)
            throw r0
        L45:
            return r5
        L46:
            r5 = move-exception
            org.spongycastle.jce.exception.ExtCertPathValidatorException r0 = new org.spongycastle.jce.exception.ExtCertPathValidatorException
            java.lang.String r1 = "Policy constraints extension cannot be decoded."
            r0.<init>(r1, r5, r3, r4)
            throw r0
        */
        throw new UnsupportedOperationException("Method not decompiled: org.spongycastle.jce.provider.RFC3280CertPathUtilities.f(java.security.cert.CertPath, int, int):int");
    }

    /* JADX WARN: Code restructure failed: missing block: B:12:0x002d, code lost:
    
        r4 = org.spongycastle.asn1.ASN1Integer.C(r1, false).E().intValue();
     */
    /* JADX WARN: Code restructure failed: missing block: B:13:0x003a, code lost:
    
        if (r4 >= r6) goto L16;
     */
    /* JADX WARN: Code restructure failed: missing block: B:14:0x003c, code lost:
    
        return r4;
     */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public static int g(java.security.cert.CertPath r4, int r5, int r6) throws java.security.cert.CertPathValidatorException {
        /*
            java.util.List r0 = r4.getCertificates()
            java.lang.Object r0 = r0.get(r5)
            java.security.cert.X509Certificate r0 = (java.security.cert.X509Certificate) r0
            java.lang.String r1 = org.spongycastle.jce.provider.RFC3280CertPathUtilities.f28462f     // Catch: java.lang.Exception -> L47
            org.spongycastle.asn1.ASN1Primitive r0 = org.spongycastle.jce.provider.CertPathValidatorUtilities.k(r0, r1)     // Catch: java.lang.Exception -> L47
            org.spongycastle.asn1.ASN1Sequence r0 = org.spongycastle.asn1.ASN1Sequence.B(r0)     // Catch: java.lang.Exception -> L47
            if (r0 == 0) goto L46
            java.util.Enumeration r0 = r0.E()
        L1a:
            boolean r1 = r0.hasMoreElements()
            if (r1 == 0) goto L46
            java.lang.Object r1 = r0.nextElement()     // Catch: java.lang.IllegalArgumentException -> L3d
            org.spongycastle.asn1.ASN1TaggedObject r1 = org.spongycastle.asn1.ASN1TaggedObject.B(r1)     // Catch: java.lang.IllegalArgumentException -> L3d
            int r2 = r1.f26156a     // Catch: java.lang.IllegalArgumentException -> L3d
            r3 = 1
            if (r2 != r3) goto L1a
            r0 = 0
            org.spongycastle.asn1.ASN1Integer r0 = org.spongycastle.asn1.ASN1Integer.C(r1, r0)     // Catch: java.lang.IllegalArgumentException -> L3d
            java.math.BigInteger r0 = r0.E()     // Catch: java.lang.IllegalArgumentException -> L3d
            int r4 = r0.intValue()     // Catch: java.lang.IllegalArgumentException -> L3d
            if (r4 >= r6) goto L46
            return r4
        L3d:
            r6 = move-exception
            org.spongycastle.jce.exception.ExtCertPathValidatorException r0 = new org.spongycastle.jce.exception.ExtCertPathValidatorException
            java.lang.String r1 = "Policy constraints extension contents cannot be decoded."
            r0.<init>(r1, r6, r4, r5)
            throw r0
        L46:
            return r6
        L47:
            r6 = move-exception
            org.spongycastle.jce.exception.ExtCertPathValidatorException r0 = new org.spongycastle.jce.exception.ExtCertPathValidatorException
            java.lang.String r1 = "Policy constraints extension cannot be decoded."
            r0.<init>(r1, r6, r4, r5)
            throw r0
        */
        throw new UnsupportedOperationException("Method not decompiled: org.spongycastle.jce.provider.RFC3280CertPathUtilities.g(java.security.cert.CertPath, int, int):int");
    }

    public static int h(CertPath certPath, int i13, int i14) throws CertPathValidatorException {
        int intValue;
        try {
            ASN1Integer B = ASN1Integer.B(CertPathValidatorUtilities.k((X509Certificate) certPath.getCertificates().get(i13), f28460c));
            return (B == null || (intValue = B.E().intValue()) >= i14) ? i14 : intValue;
        } catch (Exception e13) {
            throw new ExtCertPathValidatorException("Inhibit any-policy extension cannot be decoded.", e13, certPath, i13);
        }
    }

    public static void i(CertPath certPath, int i13) throws CertPathValidatorException {
        try {
            BasicConstraints q3 = BasicConstraints.q(CertPathValidatorUtilities.k((X509Certificate) certPath.getCertificates().get(i13), f28463g));
            if (q3 == null) {
                throw new CertPathValidatorException("Intermediate certificate lacks BasicConstraints");
            }
            if (!q3.w()) {
                throw new CertPathValidatorException("Not a CA certificate");
            }
        } catch (Exception e13) {
            throw new ExtCertPathValidatorException("Basic constraints extension cannot be decoded.", e13, certPath, i13);
        }
    }

    public static int j(CertPath certPath, int i13, int i14) throws CertPathValidatorException {
        if (CertPathValidatorUtilities.o((X509Certificate) certPath.getCertificates().get(i13))) {
            return i14;
        }
        if (i14 > 0) {
            return i14 - 1;
        }
        throw new ExtCertPathValidatorException("Max path length not greater than zero", null, certPath, i13);
    }

    public static int k(CertPath certPath, int i13, int i14) throws CertPathValidatorException {
        BigInteger t13;
        int intValue;
        try {
            BasicConstraints q3 = BasicConstraints.q(CertPathValidatorUtilities.k((X509Certificate) certPath.getCertificates().get(i13), f28463g));
            return (q3 == null || (t13 = q3.t()) == null || (intValue = t13.intValue()) >= i14) ? i14 : intValue;
        } catch (Exception e13) {
            throw new ExtCertPathValidatorException("Basic constraints extension cannot be decoded.", e13, certPath, i13);
        }
    }

    public static void l(CertPath certPath, int i13) throws CertPathValidatorException {
        boolean[] keyUsage = ((X509Certificate) certPath.getCertificates().get(i13)).getKeyUsage();
        if (keyUsage != null && !keyUsage[5]) {
            throw new ExtCertPathValidatorException("Issuer certificate keyusage extension is critical and does not permit key signing.", null, certPath, i13);
        }
    }

    public static void m(int i13, CertPath certPath, List list, HashSet hashSet) throws CertPathValidatorException {
        X509Certificate x509Certificate = (X509Certificate) certPath.getCertificates().get(i13);
        Iterator it = list.iterator();
        while (it.hasNext()) {
            try {
                ((PKIXCertPathChecker) it.next()).check(x509Certificate, hashSet);
            } catch (CertPathValidatorException e13) {
                throw new CertPathValidatorException(e13.getMessage(), e13.getCause(), certPath, i13);
            }
        }
        if (hashSet.isEmpty()) {
            return;
        }
        throw new ExtCertPathValidatorException("Certificate has unsupported critical extension: " + hashSet, null, certPath, i13);
    }

    public static void n(DistributionPoint distributionPoint, Object obj, X509CRL x509crl) throws AnnotatedException {
        ASN1Primitive k13 = CertPathValidatorUtilities.k(x509crl, f28461d);
        boolean z13 = true;
        boolean z14 = k13 != null && IssuingDistributionPoint.t(k13).f26712g;
        try {
            byte[] n13 = PrincipalUtils.b(x509crl).n();
            GeneralNames generalNames = distributionPoint.f26679d;
            if (generalNames != null) {
                boolean z15 = false;
                for (GeneralName generalName : generalNames.t()) {
                    if (generalName.f26698c == 4) {
                        try {
                            if (Arrays.a(generalName.f26697a.h().n(), n13)) {
                                z15 = true;
                            }
                        } catch (IOException e13) {
                            throw new AnnotatedException("CRL issuer information from distribution point cannot be decoded.", e13);
                        }
                    }
                }
                if (z15 && !z14) {
                    throw new AnnotatedException("Distribution point contains cRLIssuer field but CRL is not indirect.", null);
                }
                if (!z15) {
                    throw new AnnotatedException("CRL issuer of CRL does not match CRL issuer of distribution point.", null);
                }
                z13 = z15;
            } else if (!PrincipalUtils.b(x509crl).equals(PrincipalUtils.a(obj))) {
                z13 = false;
            }
            if (!z13) {
                throw new AnnotatedException("Cannot find matching CRL issuer for certificate.", null);
            }
        } catch (IOException e14) {
            throw new AnnotatedException(l1.d(e14, b.i("Exception encoding CRL issuer: ")), e14);
        }
    }

    public static void o(DistributionPoint distributionPoint, Object obj, X509CRL x509crl) throws AnnotatedException {
        GeneralName[] generalNameArr;
        try {
            IssuingDistributionPoint t13 = IssuingDistributionPoint.t(CertPathValidatorUtilities.k(x509crl, f28461d));
            if (t13 != null) {
                if (t13.f26709a != null) {
                    DistributionPointName distributionPointName = IssuingDistributionPoint.t(t13).f26709a;
                    ArrayList arrayList = new ArrayList();
                    boolean z13 = false;
                    if (distributionPointName.f26681c == 0) {
                        for (GeneralName generalName : GeneralNames.q(distributionPointName.f26680a).t()) {
                            arrayList.add(generalName);
                        }
                    }
                    if (distributionPointName.f26681c == 1) {
                        ASN1EncodableVector aSN1EncodableVector = new ASN1EncodableVector();
                        try {
                            Enumeration E = ASN1Sequence.B(PrincipalUtils.b(x509crl)).E();
                            while (E.hasMoreElements()) {
                                aSN1EncodableVector.a((ASN1Encodable) E.nextElement());
                            }
                            aSN1EncodableVector.a(distributionPointName.f26680a);
                            arrayList.add(new GeneralName(X500Name.q(new DERSequence(aSN1EncodableVector))));
                        } catch (Exception e13) {
                            throw new AnnotatedException("Could not read CRL issuer.", e13);
                        }
                    }
                    DistributionPointName distributionPointName2 = distributionPoint.f26677a;
                    if (distributionPointName2 != null) {
                        GeneralName[] t14 = distributionPointName2.f26681c == 0 ? GeneralNames.q(distributionPointName2.f26680a).t() : null;
                        if (distributionPointName2.f26681c == 1) {
                            GeneralNames generalNames = distributionPoint.f26679d;
                            if (generalNames != null) {
                                generalNameArr = generalNames.t();
                            } else {
                                generalNameArr = new GeneralName[1];
                                try {
                                    generalNameArr[0] = new GeneralName(X500Name.q(PrincipalUtils.a(obj).n()));
                                } catch (Exception e14) {
                                    throw new AnnotatedException("Could not read certificate issuer.", e14);
                                }
                            }
                            t14 = generalNameArr;
                            for (int i13 = 0; i13 < t14.length; i13++) {
                                Enumeration E2 = ASN1Sequence.B(t14[i13].f26697a.h()).E();
                                ASN1EncodableVector aSN1EncodableVector2 = new ASN1EncodableVector();
                                while (E2.hasMoreElements()) {
                                    aSN1EncodableVector2.a((ASN1Encodable) E2.nextElement());
                                }
                                aSN1EncodableVector2.a(distributionPointName2.f26680a);
                                t14[i13] = new GeneralName(X500Name.q(new DERSequence(aSN1EncodableVector2)));
                            }
                        }
                        if (t14 != null) {
                            int i14 = 0;
                            while (true) {
                                if (i14 >= t14.length) {
                                    break;
                                }
                                if (arrayList.contains(t14[i14])) {
                                    z13 = true;
                                    break;
                                }
                                i14++;
                            }
                        }
                        if (!z13) {
                            throw new AnnotatedException("No match for certificate CRL issuing distribution point name to cRLIssuer CRL distribution point.", null);
                        }
                    } else {
                        GeneralNames generalNames2 = distributionPoint.f26679d;
                        if (generalNames2 == null) {
                            throw new AnnotatedException("Either the cRLIssuer or the distributionPoint field must be contained in DistributionPoint.", null);
                        }
                        GeneralName[] t15 = generalNames2.t();
                        int i15 = 0;
                        while (true) {
                            if (i15 >= t15.length) {
                                break;
                            }
                            if (arrayList.contains(t15[i15])) {
                                z13 = true;
                                break;
                            }
                            i15++;
                        }
                        if (!z13) {
                            throw new AnnotatedException("No match for certificate CRL issuing distribution point name to cRLIssuer CRL distribution point.", null);
                        }
                    }
                }
                try {
                    BasicConstraints q3 = BasicConstraints.q(CertPathValidatorUtilities.k((X509Extension) obj, f28463g));
                    if (obj instanceof X509Certificate) {
                        if (t13.f26710c && q3 != null && q3.w()) {
                            throw new AnnotatedException("CA Cert CRL only contains user certificates.", null);
                        }
                        if (t13.f26711d && (q3 == null || !q3.w())) {
                            throw new AnnotatedException("End CRL only contains CA certificates.", null);
                        }
                    }
                    if (t13.f26713n) {
                        throw new AnnotatedException("onlyContainsAttributeCerts boolean is asserted.", null);
                    }
                } catch (Exception e15) {
                    throw new AnnotatedException("Basic constraints extension could not be decoded.", e15);
                }
            }
        } catch (Exception e16) {
            throw new AnnotatedException("Issuing distribution point extension could not be decoded.", e16);
        }
    }

    public static void p(X509CRL x509crl, X509CRL x509crl2, PKIXExtendedParameters pKIXExtendedParameters) throws AnnotatedException {
        if (x509crl == null) {
            return;
        }
        try {
            String str = f28461d;
            IssuingDistributionPoint t13 = IssuingDistributionPoint.t(CertPathValidatorUtilities.k(x509crl2, str));
            if (pKIXExtendedParameters.f27996x) {
                if (!PrincipalUtils.b(x509crl).equals(PrincipalUtils.b(x509crl2))) {
                    throw new AnnotatedException("Complete CRL issuer does not match delta CRL issuer.", null);
                }
                try {
                    IssuingDistributionPoint t14 = IssuingDistributionPoint.t(CertPathValidatorUtilities.k(x509crl, str));
                    boolean z13 = false;
                    if (t13 != null ? t13.equals(t14) : t14 == null) {
                        z13 = true;
                    }
                    if (!z13) {
                        throw new AnnotatedException("Issuing distribution point extension from delta CRL and complete CRL does not match.", null);
                    }
                    try {
                        String str2 = f28467k;
                        ASN1Primitive k13 = CertPathValidatorUtilities.k(x509crl2, str2);
                        try {
                            ASN1Primitive k14 = CertPathValidatorUtilities.k(x509crl, str2);
                            if (k13 == null) {
                                throw new AnnotatedException("CRL authority key identifier is null.", null);
                            }
                            if (k14 == null) {
                                throw new AnnotatedException("Delta CRL authority key identifier is null.", null);
                            }
                            if (!k13.equals(k14)) {
                                throw new AnnotatedException("Delta CRL authority key identifier does not match complete CRL authority key identifier.", null);
                            }
                        } catch (AnnotatedException e13) {
                            throw new AnnotatedException("Authority key identifier extension could not be extracted from delta CRL.", e13);
                        }
                    } catch (AnnotatedException e14) {
                        throw new AnnotatedException("Authority key identifier extension could not be extracted from complete CRL.", e14);
                    }
                } catch (Exception e15) {
                    throw new AnnotatedException("Issuing distribution point extension from delta CRL could not be decoded.", e15);
                }
            }
        } catch (Exception e16) {
            throw new AnnotatedException("Issuing distribution point extension could not be decoded.", e16);
        }
    }

    public static ReasonsMask q(X509CRL x509crl, DistributionPoint distributionPoint) throws AnnotatedException {
        ReasonFlags reasonFlags;
        try {
            IssuingDistributionPoint t13 = IssuingDistributionPoint.t(CertPathValidatorUtilities.k(x509crl, f28461d));
            if (t13 != null && t13.e != null && (reasonFlags = distributionPoint.f26678c) != null) {
                ReasonsMask reasonsMask = new ReasonsMask(reasonFlags);
                ReasonsMask reasonsMask2 = new ReasonsMask(t13.e);
                ReasonsMask reasonsMask3 = new ReasonsMask();
                reasonsMask3.f28475a |= new ReasonsMask(reasonsMask.f28475a & reasonsMask2.f28475a).f28475a;
                return reasonsMask3;
            }
            if ((t13 == null || t13.e == null) && distributionPoint.f26678c == null) {
                return ReasonsMask.f28474b;
            }
            ReasonFlags reasonFlags2 = distributionPoint.f26678c;
            ReasonsMask reasonsMask4 = reasonFlags2 == null ? ReasonsMask.f28474b : new ReasonsMask(reasonFlags2);
            ReasonsMask reasonsMask5 = t13 == null ? ReasonsMask.f28474b : new ReasonsMask(t13.e);
            ReasonsMask reasonsMask6 = new ReasonsMask();
            reasonsMask6.f28475a |= new ReasonsMask(reasonsMask5.f28475a & reasonsMask4.f28475a).f28475a;
            return reasonsMask6;
        } catch (Exception e13) {
            throw new AnnotatedException("Issuing distribution point extension could not be decoded.", e13);
        }
    }

    public static HashSet r(X509CRL x509crl, X509Certificate x509Certificate, PublicKey publicKey, PKIXExtendedParameters pKIXExtendedParameters, List list, BCJcaJceHelper bCJcaJceHelper) throws AnnotatedException {
        int i13;
        X509CertSelector x509CertSelector = new X509CertSelector();
        try {
            x509CertSelector.setSubject(PrincipalUtils.b(x509crl).n());
            PKIXCertStoreSelector<? extends Certificate> a10 = new PKIXCertStoreSelector.Builder(x509CertSelector).a();
            try {
                LinkedHashSet a13 = CertPathValidatorUtilities.a(a10, pKIXExtendedParameters.e);
                a13.addAll(CertPathValidatorUtilities.a(a10, pKIXExtendedParameters.a()));
                a13.add(x509Certificate);
                Iterator it = a13.iterator();
                ArrayList arrayList = new ArrayList();
                ArrayList arrayList2 = new ArrayList();
                while (true) {
                    if (!it.hasNext()) {
                        break;
                    }
                    X509Certificate x509Certificate2 = (X509Certificate) it.next();
                    if (x509Certificate2.equals(x509Certificate)) {
                        arrayList.add(x509Certificate2);
                        arrayList2.add(publicKey);
                    } else {
                        try {
                            PKIXCertPathBuilderSpi pKIXCertPathBuilderSpi = new PKIXCertPathBuilderSpi();
                            X509CertSelector x509CertSelector2 = new X509CertSelector();
                            x509CertSelector2.setCertificate(x509Certificate2);
                            PKIXExtendedParameters.Builder builder = new PKIXExtendedParameters.Builder(pKIXExtendedParameters);
                            builder.f28000c = new PKIXCertStoreSelector.Builder(x509CertSelector2).a();
                            if (list.contains(x509Certificate2)) {
                                builder.f28004h = false;
                            } else {
                                builder.f28004h = true;
                            }
                            List<? extends Certificate> certificates = pKIXCertPathBuilderSpi.engineBuild(new PKIXExtendedBuilderParameters(new PKIXExtendedBuilderParameters.Builder(new PKIXExtendedParameters(builder)))).getCertPath().getCertificates();
                            arrayList.add(x509Certificate2);
                            arrayList2.add(CertPathValidatorUtilities.l(certificates, 0, bCJcaJceHelper));
                        } catch (CertPathBuilderException e13) {
                            throw new AnnotatedException("CertPath for CRL signer failed to validate.", e13);
                        } catch (CertPathValidatorException e14) {
                            throw new AnnotatedException("Public key of issuer certificate of CRL could not be retrieved.", e14);
                        } catch (Exception e15) {
                            throw new AnnotatedException(e15.getMessage(), null);
                        }
                    }
                }
                HashSet hashSet = new HashSet();
                AnnotatedException annotatedException = null;
                for (i13 = 0; i13 < arrayList.size(); i13++) {
                    boolean[] keyUsage = ((X509Certificate) arrayList.get(i13)).getKeyUsage();
                    if (keyUsage == null || (keyUsage.length >= 7 && keyUsage[6])) {
                        hashSet.add(arrayList2.get(i13));
                    } else {
                        annotatedException = new AnnotatedException("Issuer certificate key usage extension does not permit CRL signing.", null);
                    }
                }
                if (hashSet.isEmpty() && annotatedException == null) {
                    throw new AnnotatedException("Cannot find a valid issuer certificate.", null);
                }
                if (!hashSet.isEmpty() || annotatedException == null) {
                    return hashSet;
                }
                throw annotatedException;
            } catch (AnnotatedException e16) {
                throw new AnnotatedException("Issuer certificate for CRL cannot be searched.", e16);
            }
        } catch (IOException e17) {
            throw new AnnotatedException("Subject criteria for certificate selector to find issuer certificate for CRL could not be set.", e17);
        }
    }

    public static PublicKey s(X509CRL x509crl, Set set) throws AnnotatedException {
        Iterator it = set.iterator();
        Exception e13 = null;
        while (it.hasNext()) {
            PublicKey publicKey = (PublicKey) it.next();
            try {
                x509crl.verify(publicKey);
                return publicKey;
            } catch (Exception e14) {
                e13 = e14;
            }
        }
        throw new AnnotatedException("Cannot verify CRL.", e13);
    }

    public static X509CRL t(HashSet hashSet, PublicKey publicKey) throws AnnotatedException {
        Iterator it = hashSet.iterator();
        Exception e13 = null;
        while (it.hasNext()) {
            X509CRL x509crl = (X509CRL) it.next();
            try {
                x509crl.verify(publicKey);
                return x509crl;
            } catch (Exception e14) {
                e13 = e14;
            }
        }
        if (e13 == null) {
            return null;
        }
        throw new AnnotatedException("Cannot verify delta CRL.", e13);
    }
}
