package org.bouncycastle.jce.provider;

import java.io.IOException;
import java.security.InvalidAlgorithmParameterException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.Principal;
import java.security.cert.CertPath;
import java.security.cert.CertPathBuilder;
import java.security.cert.CertPathBuilderException;
import java.security.cert.CertPathBuilderResult;
import java.security.cert.CertPathValidator;
import java.security.cert.CertPathValidatorException;
import java.security.cert.CertPathValidatorResult;
import java.security.cert.CertificateExpiredException;
import java.security.cert.CertificateNotYetValidException;
import java.security.cert.TrustAnchor;
import java.security.cert.X509CertSelector;
import java.security.cert.X509Certificate;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Set;
import javax.security.auth.x500.X500Principal;
import kx.s;
import kx.t;
import kx.u;

/* loaded from: classes5.dex */
public class e1 {

    /* renamed from: a, reason: collision with root package name */
    public static final String f59587a = nv.y.I.w();

    /* renamed from: b, reason: collision with root package name */
    public static final String f59588b = nv.y.H.w();

    /* renamed from: c, reason: collision with root package name */
    public static final String f59589c = nv.y.f55385s.w();

    /* renamed from: d, reason: collision with root package name */
    public static final String f59590d = nv.y.A.w();

    public static void a(org.bouncycastle.x509.p pVar, Set set, Set set2) throws CertPathValidatorException {
        Iterator it = set.iterator();
        while (it.hasNext()) {
            String str = (String) it.next();
            if (pVar.j(str) != null) {
                throw new CertPathValidatorException(android.support.v4.media.s0.a("Attribute certificate contains prohibited attribute: ", str, "."));
            }
        }
        Iterator it2 = set2.iterator();
        while (it2.hasNext()) {
            String str2 = (String) it2.next();
            if (pVar.j(str2) == null) {
                throw new CertPathValidatorException(android.support.v4.media.s0.a("Attribute certificate does not contain necessary attribute: ", str2, "."));
            }
        }
    }

    /* JADX WARN: Code restructure failed: missing block: B:59:0x0106, code lost:
    
        return;
     */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public static void b(nv.v r21, org.bouncycastle.x509.p r22, kx.u r23, java.util.Date r24, java.security.cert.X509Certificate r25, org.bouncycastle.jce.provider.h r26, org.bouncycastle.jce.provider.f1 r27, java.util.List r28, zx.f r29) throws org.bouncycastle.jce.provider.a, org.bouncycastle.jce.provider.g1 {
        /*
            Method dump skipped, instructions count: 274
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: org.bouncycastle.jce.provider.e1.b(nv.v, org.bouncycastle.x509.p, kx.u, java.util.Date, java.security.cert.X509Certificate, org.bouncycastle.jce.provider.h, org.bouncycastle.jce.provider.f1, java.util.List, zx.f):void");
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Removed duplicated region for block: B:28:0x00bf  */
    /* JADX WARN: Removed duplicated region for block: B:35:0x0107  */
    /* JADX WARN: Removed duplicated region for block: B:49:0x0151  */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public static void c(org.bouncycastle.x509.p r19, kx.u r20, java.security.cert.X509Certificate r21, java.util.Date r22, java.util.List r23, zx.f r24) throws java.security.cert.CertPathValidatorException {
        /*
            Method dump skipped, instructions count: 389
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: org.bouncycastle.jce.provider.e1.c(org.bouncycastle.x509.p, kx.u, java.security.cert.X509Certificate, java.util.Date, java.util.List, zx.f):void");
    }

    public static CertPath d(org.bouncycastle.x509.p pVar, kx.u uVar) throws CertPathValidatorException {
        HashSet hashSet = new HashSet();
        if (pVar.i().k() != null) {
            X509CertSelector x509CertSelector = new X509CertSelector();
            x509CertSelector.setSerialNumber(pVar.i().q());
            for (Principal principal : pVar.i().k()) {
                try {
                    if (principal instanceof X500Principal) {
                        x509CertSelector.setIssuer(((X500Principal) principal).getEncoded());
                    }
                    hashSet.addAll(g.b(new s.b(x509CertSelector).a(), uVar.t()));
                } catch (IOException e11) {
                    throw new cy.b("Unable to encode X500 principal.", e11);
                } catch (a e12) {
                    throw new cy.b("Public key certificate for attribute certificate cannot be searched.", e12);
                }
            }
            if (hashSet.isEmpty()) {
                throw new CertPathValidatorException("Public key certificate specified in base certificate ID for attribute certificate cannot be found.");
            }
        }
        if (pVar.i().j() != null) {
            org.bouncycastle.x509.s sVar = new org.bouncycastle.x509.s();
            for (Principal principal2 : pVar.i().j()) {
                try {
                    if (principal2 instanceof X500Principal) {
                        sVar.setIssuer(((X500Principal) principal2).getEncoded());
                    }
                    hashSet.addAll(g.b(new s.b(sVar).a(), uVar.t()));
                } catch (IOException e13) {
                    throw new cy.b("Unable to encode X500 principal.", e13);
                } catch (a e14) {
                    throw new cy.b("Public key certificate for attribute certificate cannot be searched.", e14);
                }
            }
            if (hashSet.isEmpty()) {
                throw new CertPathValidatorException("Public key certificate specified in entity name for attribute certificate cannot be found.");
            }
        }
        u.b bVar = new u.b(uVar);
        Iterator it = hashSet.iterator();
        cy.b bVar2 = null;
        CertPathBuilderResult certPathBuilderResult = null;
        while (it.hasNext()) {
            org.bouncycastle.x509.s sVar2 = new org.bouncycastle.x509.s();
            sVar2.setCertificate((X509Certificate) it.next());
            bVar.f49308c = new s.b(sVar2).a();
            try {
                try {
                    certPathBuilderResult = CertPathBuilder.getInstance("PKIX", "BC").build(new kx.t(new t.b(new kx.u(bVar))));
                } catch (InvalidAlgorithmParameterException e15) {
                    throw new RuntimeException(e15.getMessage());
                } catch (CertPathBuilderException e16) {
                    bVar2 = new cy.b("Certification path for public key certificate of attribute certificate could not be build.", e16);
                }
            } catch (NoSuchAlgorithmException e17) {
                throw new cy.b("Support class could not be created.", e17);
            } catch (NoSuchProviderException e18) {
                throw new cy.b("Support class could not be created.", e18);
            }
        }
        if (bVar2 == null) {
            return certPathBuilderResult.getCertPath();
        }
        throw bVar2;
    }

    public static CertPathValidatorResult e(CertPath certPath, kx.u uVar) throws CertPathValidatorException {
        try {
            try {
                return CertPathValidator.getInstance("PKIX", "BC").validate(certPath, uVar);
            } catch (InvalidAlgorithmParameterException e11) {
                throw new RuntimeException(e11.getMessage());
            } catch (CertPathValidatorException e12) {
                throw new cy.b("Certification path for issuer certificate of attribute certificate could not be validated.", e12);
            }
        } catch (NoSuchAlgorithmException e13) {
            throw new cy.b("Support class could not be created.", e13);
        } catch (NoSuchProviderException e14) {
            throw new cy.b("Support class could not be created.", e14);
        }
    }

    public static void f(X509Certificate x509Certificate, kx.u uVar) throws CertPathValidatorException {
        boolean[] keyUsage = x509Certificate.getKeyUsage();
        if (keyUsage != null && ((keyUsage.length <= 0 || !keyUsage[0]) && (keyUsage.length <= 1 || !keyUsage[1]))) {
            throw new CertPathValidatorException("Attribute certificate issuer public key cannot be used to validate digital signatures.");
        }
        if (x509Certificate.getBasicConstraints() != -1) {
            throw new CertPathValidatorException("Attribute certificate issuer is also a public key certificate issuer.");
        }
    }

    public static void g(X509Certificate x509Certificate, Set set) throws CertPathValidatorException {
        Iterator it = set.iterator();
        boolean z10 = false;
        while (it.hasNext()) {
            TrustAnchor trustAnchor = (TrustAnchor) it.next();
            if (x509Certificate.getSubjectX500Principal().getName("RFC2253").equals(trustAnchor.getCAName()) || x509Certificate.equals(trustAnchor.getTrustedCert())) {
                z10 = true;
            }
        }
        if (!z10) {
            throw new CertPathValidatorException("Attribute certificate issuer is not directly trusted.");
        }
    }

    public static void h(org.bouncycastle.x509.p pVar, kx.u uVar) throws CertPathValidatorException {
        try {
            pVar.checkValidity(g.t(uVar));
        } catch (CertificateExpiredException e11) {
            throw new cy.b("Attribute certificate is not valid.", e11);
        } catch (CertificateNotYetValidException e12) {
            throw new cy.b("Attribute certificate is not valid.", e12);
        }
    }

    public static void i(org.bouncycastle.x509.p pVar, CertPath certPath, CertPath certPath2, kx.u uVar, Set set) throws CertPathValidatorException {
        Set<String> criticalExtensionOIDs = pVar.getCriticalExtensionOIDs();
        String str = f59587a;
        if (criticalExtensionOIDs.contains(str)) {
            try {
                nv.i1.j(g.n(pVar, str));
            } catch (IllegalArgumentException e11) {
                throw new cy.b("Target information extension could not be read.", e11);
            } catch (a e12) {
                throw new cy.b("Target information extension could not be read.", e12);
            }
        }
        criticalExtensionOIDs.remove(str);
        Iterator it = set.iterator();
        while (it.hasNext()) {
            ((org.bouncycastle.x509.k) it.next()).a(pVar, certPath, certPath2, criticalExtensionOIDs);
        }
        if (criticalExtensionOIDs.isEmpty()) {
            return;
        }
        throw new CertPathValidatorException("Attribute certificate contains unsupported critical extensions: " + criticalExtensionOIDs);
    }
}
