package com.rsa.cryptoj.o;

import com.rsa.cryptoj.o.aq;
import com.rsa.cryptoj.o.hi;
import com.rsa.jcp.CertPathWithOCSPParameters;
import com.rsa.jcp.OCSPParameters;
import com.rsa.jcp.OCSPResponderConfig;
import com.rsa.jcp.OCSPWithRespondersParameters;
import com.rsa.jcp.OCSPWithResponseParameters;
import java.io.IOException;
import java.math.BigInteger;
import java.security.GeneralSecurityException;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.PublicKey;
import java.security.cert.CertPath;
import java.security.cert.CertPathParameters;
import java.security.cert.CertPathValidatorException;
import java.security.cert.CertPathValidatorResult;
import java.security.cert.CertStore;
import java.security.cert.CertStoreException;
import java.security.cert.Certificate;
import java.security.cert.PKIXCertPathChecker;
import java.security.cert.PKIXCertPathValidatorResult;
import java.security.cert.PKIXParameters;
import java.security.cert.PolicyQualifierInfo;
import java.security.cert.TrustAnchor;
import java.security.cert.X509CRL;
import java.security.cert.X509CertSelector;
import java.security.cert.X509Certificate;
import java.security.cert.X509Extension;
import java.util.ArrayList;
import java.util.Collections;
import java.util.Date;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Set;
import javax.security.auth.x500.X500Principal;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: input_file:META-INF/lib/cryptojcommon-6.0.0.jar:com/rsa/cryptoj/o/cv.class */
public class cv extends hm {
    private static final String m = "Parameters must be PKIXParameters or be CertPathWithOCSPParameters containing PKIXParameters";
    private static final String n = "Cannot use both Security properties and CertPathWithOCSPParameters to configure OCSP.";
    private static final String o = "Error accessing CertStore.";
    private static final String p = "Certificate contains critical extensions that could not be processed.";
    private static final String q = "Path length constraint was violated.";
    private static final String r = "Expected a CA certificate.";
    private static final String s = "Policy Mappings Certificate extension cannot contain anyPolicy.";
    private static final String t = "Policy processing failed.";
    private py u;
    private Map v;
    private Map w;
    private int x;
    private int y;
    private int z;
    PublicKey i;
    private X500Principal A;
    private int B;
    PKIXParameters j;
    private Set<pt> C;
    X509Certificate k;
    private X509Certificate D;
    private Set E;
    private Set F;
    private aa G;
    private boolean H;
    private aq I;
    final X509CRL l;
    private final ds J;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:META-INF/lib/cryptojcommon-6.0.0.jar:com/rsa/cryptoj/o/cv$a.class */
    public class a extends Exception {
        private a() {
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public cv(gc gcVar, List<nm> list, X509CRL x509crl) {
        super(gcVar, list);
        this.l = x509crl;
        this.J = new ds();
    }

    private void a(OCSPParameters oCSPParameters) throws InvalidAlgorithmParameterException {
        boolean a2 = px.a();
        if (oCSPParameters != null || a2) {
            OCSPResponderConfig d = d();
            if (a2 && d != null && oCSPParameters != null) {
                throw new InvalidAlgorithmParameterException(n);
            }
            if (a2 && d != null) {
                this.H = true;
                this.G = new pi(this.g, this.h, this.j, d);
                return;
            }
            if (a2) {
                this.H = true;
                this.G = new pi(this.g, this.h, this.j);
            } else if (oCSPParameters != null && (oCSPParameters instanceof OCSPWithRespondersParameters)) {
                this.H = true;
                this.G = new pi(this.g, this.h, this.j, (OCSPWithRespondersParameters) oCSPParameters);
            } else {
                if (oCSPParameters == null || !(oCSPParameters instanceof OCSPWithResponseParameters)) {
                    return;
                }
                this.H = true;
                this.G = new co(this.g, this.h, (OCSPWithResponseParameters) oCSPParameters);
            }
        }
    }

    @Override // com.rsa.cryptoj.o.hm
    public CertPathValidatorResult a(CertPath certPath, CertPathParameters certPathParameters) throws CertPathValidatorException, InvalidAlgorithmParameterException {
        if (ds.a()) {
            this.J.a("_______________________________________________");
        }
        if (!"X.509".equals(certPath.getType())) {
            throw new CertPathValidatorException("Cert path must be a X.509 cert path");
        }
        if (certPathParameters instanceof PKIXParameters) {
            this.j = (PKIXParameters) certPathParameters;
            a((OCSPParameters) null);
        } else {
            if (!(certPathParameters instanceof CertPathWithOCSPParameters)) {
                throw new InvalidAlgorithmParameterException(m);
            }
            CertPathWithOCSPParameters certPathWithOCSPParameters = (CertPathWithOCSPParameters) certPathParameters;
            if (!(certPathWithOCSPParameters.getCertPathParameters() instanceof PKIXParameters)) {
                throw new InvalidAlgorithmParameterException(m);
            }
            this.j = (PKIXParameters) certPathWithOCSPParameters.getCertPathParameters();
            a(certPathWithOCSPParameters.getOCSPParameters());
        }
        List<? extends Certificate> certificates = certPath.getCertificates();
        ArrayList arrayList = new ArrayList(certificates);
        if (ds.a()) {
            this.J.a("reversing entries in the cert path");
        }
        Collections.reverse(arrayList);
        this.d = certificates.size();
        Set<TrustAnchor> trustAnchors = this.d == 0 ? this.j.getTrustAnchors() : ot.a((X509Certificate) arrayList.get(0), this.j.getTrustAnchors());
        if (ds.a()) {
            this.J.a("getting the set of trust anchors and attempting to validate the path");
            this.J.a("Number of trust anchors: " + trustAnchors.size());
        }
        for (TrustAnchor trustAnchor : trustAnchors) {
            if (ds.a()) {
                this.J.a("Validating path for trust anchor: " + trustAnchor);
            }
            if (this.j.isRevocationEnabled()) {
                this.I = a(certPath, trustAnchor);
            }
            if (ds.a()) {
                this.J.a("initializing trust anchor");
            }
            if (a(trustAnchor)) {
                if (ds.a()) {
                    this.J.a("basic certificate processing");
                }
                boolean z = true;
                int i = 1;
                while (true) {
                    if (i > this.d) {
                        break;
                    }
                    if (i != 1) {
                        this.D = this.k;
                    }
                    this.k = (X509Certificate) arrayList.get(i - 1);
                    if (ds.a()) {
                        this.J.a("-----------------------------------------------");
                        this.J.a("verifying current certificate, SubjectX500Principal: " + this.k.getSubjectX500Principal());
                    }
                    if ("1.2.840.113549.1.1.2".equalsIgnoreCase(this.k.getSigAlgOID())) {
                        throw new CertPathValidatorException("MD2 signature only allowed for a Trust Anchor");
                    }
                    a();
                    if (!a(i, trustAnchor)) {
                        z = false;
                        break;
                    }
                    if (i != this.d) {
                        if (ds.a()) {
                            this.J.a("Preparing for next certificate..");
                        }
                        if (!a(i)) {
                            z = false;
                            break;
                        }
                    } else {
                        if (ds.a()) {
                            this.J.a("Wrapping up..");
                        }
                        z = b();
                    }
                    i++;
                }
                if (z) {
                    if (ds.a()) {
                        this.J.a("Validation passed for trust anchor");
                        this.J.a("_______________________________________________");
                    }
                    return new PKIXCertPathValidatorResult(trustAnchor, this.u.a(true), this.i);
                }
            }
        }
        if (this.f == null) {
            this.f = "Could not validate path.";
        }
        throw new CertPathValidatorException(this.f);
    }

    aq a(CertPath certPath, TrustAnchor trustAnchor) {
        return new aq(this.g, this.h, this.j, certPath, trustAnchor, this.l);
    }

    private void a() {
        Set<String> criticalExtensionOIDs = this.k.getCriticalExtensionOIDs();
        if (criticalExtensionOIDs == null) {
            this.E = new HashSet();
            this.F = new HashSet();
            return;
        }
        this.E = new HashSet(criticalExtensionOIDs);
        this.F = new HashSet(this.k.getNonCriticalExtensionOIDs());
        if (ds.a()) {
            this.J.a("critical extns: " + criticalExtensionOIDs);
        }
    }

    private boolean a(TrustAnchor trustAnchor) {
        this.B = this.d;
        this.e = this.j.getDate();
        if (this.e == null) {
            this.e = new Date();
        }
        this.C = new HashSet();
        Iterator<String> it = this.j.getInitialPolicies().iterator();
        while (it.hasNext()) {
            this.C.add(new pt(it.next()));
        }
        this.u = new py(this.d);
        this.v = new HashMap();
        this.w = new HashMap();
        for (int i = 0; i < lv.j.size(); i++) {
            this.w.put(lv.j.get(i), new HashSet());
        }
        this.x = this.j.isExplicitPolicyRequired() ? 0 : this.d + 1;
        this.y = this.j.isAnyPolicyInhibited() ? 0 : this.d + 1;
        this.z = this.j.isPolicyMappingInhibited() ? 0 : this.d + 1;
        if (ds.a()) {
            this.J.a("initializing policy variables");
            this.J.a("explicitPolicy " + this.x);
            this.J.a("inhibitAnyPolicy " + this.y);
            this.J.a("policyMapping " + this.z);
        }
        X509Certificate trustedCert = trustAnchor.getTrustedCert();
        nj njVar = null;
        if (trustedCert != null) {
            if (ds.a()) {
                this.J.a("trustedCert is not null");
            }
            this.i = trustedCert.getPublicKey();
            this.A = trustedCert.getSubjectX500Principal();
            if (ds.a()) {
                this.J.a("trustedCert SubjectX500Principal " + this.A);
            }
            njVar = ot.a(trustedCert, ks.cy);
        } else {
            if (ds.a()) {
                this.J.a("trustedCert is null");
            }
            this.i = trustAnchor.getCAPublicKey();
            this.A = trustAnchor.getCA();
            if (trustAnchor.getNameConstraints() != null) {
                njVar = ir.a("NameConstraints", trustAnchor.getNameConstraints(), 0);
            }
        }
        if (njVar == null) {
            return true;
        }
        try {
            if (ds.a()) {
                this.J.a("checking name constraints");
            }
            b(njVar);
            if (ds.a()) {
                this.J.a("name constraints verified");
            }
            return true;
        } catch (a e) {
            this.f = "TrustAnchor contained unsupported name constraints encountered";
            return false;
        }
    }

    private boolean a(int i, TrustAnchor trustAnchor) throws InvalidAlgorithmParameterException, CertPathValidatorException {
        if (!a(this.d - i, this.i)) {
            this.f = "SuiteB compliance checks failed.";
            return false;
        }
        try {
            if (ds.a()) {
                this.J.a("verifying signature");
            }
            if (this.j.getSigProvider() != null) {
                this.k.verify(this.i, this.j.getSigProvider());
            } else {
                this.k.verify(this.i);
            }
            if (ds.a()) {
                this.J.a("signature verified");
            }
            try {
                if (ds.a()) {
                    this.J.a("checking validity, current time " + this.e);
                }
                this.k.checkValidity(this.e);
                if (ds.a()) {
                    this.J.a("time verified");
                }
                if (ds.a()) {
                    this.J.a("checking name chaining");
                }
                if (!this.k.getIssuerX500Principal().equals(this.A)) {
                    this.f = "Name chaining failed";
                    return false;
                }
                if (ds.a()) {
                    this.J.a("name chaining verified");
                }
                if (this.j.isRevocationEnabled()) {
                    if (ds.a()) {
                        this.J.a("checking revocation status");
                    }
                    if (this.H) {
                        try {
                            if (this.D == null) {
                                this.G.a(this.k, new nf(trustAnchor), this.e);
                            } else {
                                this.G.a(this.k, new nf(this.D), this.e);
                            }
                        } catch (CertPathValidatorException e) {
                            this.f = e.getMessage();
                            if ((e instanceof pk) || !c()) {
                                return false;
                            }
                        }
                    } else if (!c()) {
                        return false;
                    }
                    if (ds.a()) {
                        this.J.a("revocation status verified");
                    }
                }
                boolean z = i == this.d;
                if (!a(this.k) || z) {
                    if (ds.a()) {
                        this.J.a("checking subject name is within permitted subtrees and not within excluded subtrees.");
                    }
                    if (!e()) {
                        this.f = "Certificate subject alternative name did not satisfy name constraints.";
                        return false;
                    }
                    if (ds.a()) {
                        this.J.a("subject name verified");
                    }
                }
                nj b = b(ks.cs);
                if (b == null) {
                    this.u.a();
                } else if (!this.u.b()) {
                    if (ds.a()) {
                        this.J.a("checking certificate policies extension");
                    }
                    if (!a(b, i, this.k.getCriticalExtensionOIDs().contains(ks.cs.toString()))) {
                        return false;
                    }
                    if (ds.a()) {
                        this.J.a("certificate policies extension verified");
                    }
                }
                if (ds.a()) {
                    this.J.a("checking policy state");
                }
                if (this.x == 0 && this.u.b()) {
                    this.f = t;
                    return false;
                }
                if (!ds.a()) {
                    return true;
                }
                this.J.a("policy state verified");
                return true;
            } catch (GeneralSecurityException e2) {
                this.f = e2.getMessage();
                return false;
            }
        } catch (GeneralSecurityException e3) {
            this.f = e3.getMessage();
            return false;
        }
    }

    boolean a(int i, PublicKey publicKey) throws CertPathValidatorException {
        return true;
    }

    private boolean a(nj njVar, int i, boolean z) {
        List<pn> a2 = this.u.a(i - 1);
        if (ds.a()) {
            this.J.a("adjusting validPolicyTree ");
        }
        Set set = null;
        boolean z2 = false;
        for (int i2 = 0; i2 < njVar.a(); i2++) {
            nj a3 = njVar.a(i2);
            pt ptVar = (pt) a3.a("policyIdentifier");
            if (ds.a()) {
                this.J.a("processing policy OID " + ptVar + " adjusting validPolicyTree");
            }
            Set c = c(a3.a("policyQualifiers"));
            if (!c.isEmpty() && this.j.getPolicyQualifiersRejected() && z) {
                this.f = "Certificate policies extensions was critical and contained policy qualifiers.";
                return false;
            }
            if (ptVar.equals(ks.dm.c())) {
                z2 = true;
                set = c;
            } else {
                boolean z3 = false;
                pn pnVar = null;
                for (pn pnVar2 : a2) {
                    if (pnVar2.a(ptVar)) {
                        z3 = true;
                        this.u.a(pnVar2, ptVar, c, z, ptVar);
                    } else if (pnVar2.d().equals(ks.dm.c())) {
                        pnVar = pnVar2;
                    }
                }
                if (!z3 && pnVar != null) {
                    this.u.a(pnVar, ptVar, c, z, ptVar);
                }
            }
        }
        if (z2 && (this.y > 0 || (i < this.d && a(this.k)))) {
            if (ds.a()) {
                this.J.a("hasAnyPolicy is true, adjusting validPolicyTree");
            }
            for (pn pnVar3 : a2) {
                for (pt ptVar2 : pnVar3.c()) {
                    boolean z4 = false;
                    Iterator<pn> children = pnVar3.getChildren();
                    while (children.hasNext()) {
                        if (children.next().d().equals(ptVar2)) {
                            z4 = true;
                        }
                    }
                    if (!z4) {
                        this.u.a(pnVar3, ptVar2, set, z, ptVar2);
                    }
                }
            }
        }
        this.u.b(i - 1);
        return true;
    }

    private boolean a(int i) {
        int e;
        int e2;
        int e3;
        nj b = b(ks.ct);
        if (b != null) {
            if (ds.a()) {
                this.J.a("checking policy mapping..");
                this.J.a("ensuring that anyPolicy does not appear on issuerDomainPolicy or subjectDomainPolicy");
            }
            Map<pt, Set<pt>> a2 = a(b);
            Set<pt> keySet = a2.keySet();
            if (keySet.contains(ks.dm.c())) {
                this.f = s;
                return false;
            }
            Iterator<pt> it = keySet.iterator();
            while (it.hasNext()) {
                if (a2.get(it.next()).contains(ks.dm.c())) {
                    this.f = s;
                    return false;
                }
            }
            if (ds.a()) {
                this.J.a("adjusting validPolicyTree for each issuerDomainPolicy.");
            }
            for (pt ptVar : keySet) {
                Set<pt> set = a2.get(ptVar);
                List<pn> a3 = this.u.a(i);
                if (this.z > 0) {
                    boolean z = false;
                    pn pnVar = null;
                    for (pn pnVar2 : a3) {
                        if (pnVar2.d().equals(ptVar)) {
                            z = true;
                            pnVar2.a(set);
                        } else if (pnVar2.d().equals(ks.dm.c())) {
                            pnVar = pnVar2;
                        }
                    }
                    if (!z && pnVar != null) {
                        this.u.a((pn) pnVar.getParent(), ptVar, pnVar.getPolicyQualifiers(), pnVar.isCritical(), set);
                    }
                } else {
                    for (pn pnVar3 : new ArrayList(a3)) {
                        if (pnVar3.d().equals(ptVar)) {
                            this.u.a(pnVar3);
                        }
                    }
                    this.u.b(i - 1);
                }
            }
        }
        if (ds.a()) {
            this.J.a("setting working issuer name and public key");
        }
        this.A = this.k.getSubjectX500Principal();
        try {
            f();
            nj b2 = b(ks.cy);
            if (b2 != null && !a(this.k)) {
                try {
                    b(b2);
                } catch (a e4) {
                    this.f = "Unsupported name constraints encountered";
                    return false;
                }
            }
            if (!a(this.k)) {
                if (this.x != 0) {
                    this.x--;
                    if (ds.a()) {
                        this.J.a("decrementing explicitPolicy to " + this.x);
                    }
                }
                if (this.z != 0) {
                    this.z--;
                    if (ds.a()) {
                        this.J.a("decrementing policyMapping to " + this.z);
                    }
                }
                if (this.y != 0) {
                    this.y--;
                    if (ds.a()) {
                        this.J.a("decrementing inhibitAnyPolicy to " + this.y);
                    }
                }
            }
            nj b3 = b(ks.cz);
            if (b3 != null) {
                nj a4 = b3.a(0);
                if (a4 != null && (e3 = ((mx) a4).e()) < this.x) {
                    this.x = e3;
                    if (ds.a()) {
                        this.J.a("setting explicitPolicy to " + this.x);
                    }
                }
                nj a5 = b3.a(1);
                if (a5 != null && (e2 = ((mx) a5).e()) < this.z) {
                    this.z = e2;
                    if (ds.a()) {
                        this.J.a("setting policy_mapping to " + this.z);
                    }
                }
            }
            nj b4 = b(ks.cC);
            if (b4 != null && (e = ((mx) b4).e()) < this.y) {
                this.y = e;
                if (ds.a()) {
                    this.J.a("setting inhibitAnyPolicy to " + this.y);
                }
            }
            int basicConstraints = this.k.getBasicConstraints();
            if (ds.a()) {
                this.J.a("checking basic constraints");
            }
            a(ks.cx);
            if (basicConstraints == -1) {
                this.f = r;
                return false;
            }
            if (ds.a()) {
                this.J.a(".maxPathLen before processing " + this.B);
                this.J.a(".path len constraint " + basicConstraints);
            }
            if (!a(this.k)) {
                if (this.B <= 0) {
                    this.f = q;
                    return false;
                }
                this.B--;
            }
            if (basicConstraints < this.B) {
                this.B = basicConstraints;
            }
            if (ds.a()) {
                this.J.a(".maxPathLen after processing " + this.B);
                this.J.a("basic constraints verified");
            }
            boolean[] keyUsage = this.k.getKeyUsage();
            if (ds.a()) {
                this.J.a("verifying key usage");
            }
            if (keyUsage != null && !keyUsage[5]) {
                this.f = "Key Usage is not set for keyCertSign";
                return false;
            }
            if (ds.a()) {
                this.J.a("key usage verified");
            }
            a(ks.cq);
            return a(false);
        } catch (GeneralSecurityException e5) {
            this.f = "Error constructing public key with inherited parameters";
            return false;
        }
    }

    private boolean b() {
        nj a2;
        if (!a(this.k)) {
            if (this.x != 0) {
                this.x--;
            }
            if (ds.a()) {
                this.J.a("decrementing explicitPolicy to " + this.x);
            }
        }
        nj b = b(ks.cz);
        if (b != null && (a2 = b.a(0)) != null && ((mx) a2).e() == 0) {
            this.x = 0;
            if (ds.a()) {
                this.J.a("setting explicitPolicy to 0");
            }
        }
        try {
            if (ds.a()) {
                this.J.a("updating working public key");
            }
            f();
            if (!a(true)) {
                this.f = p;
                return false;
            }
            if (ds.a()) {
                this.J.a("Calculating the intersection of the validPolicyTree with the specified set of user-initial-policy");
            }
            this.u.a(this.C);
            if (this.x > 0 || !this.u.b()) {
                return true;
            }
            this.f = t;
            return false;
        } catch (GeneralSecurityException e) {
            this.f = "Error constructing public key with inherited parameters";
            return false;
        }
    }

    private Map<pt, Set<pt>> a(nj njVar) {
        HashMap hashMap = new HashMap();
        for (int i = 0; i < njVar.a(); i++) {
            nj a2 = njVar.a(i);
            pt ptVar = (pt) a2.a("issuerDomainPolicy");
            pt ptVar2 = (pt) a2.a("subjectDomainPolicy");
            if (hashMap.containsKey(ptVar)) {
                ((Set) hashMap.get(ptVar)).add(ptVar2);
            } else {
                HashSet hashSet = new HashSet();
                hashSet.add(ptVar2);
                hashMap.put(ptVar, hashSet);
            }
        }
        return hashMap;
    }

    private boolean a(boolean z) {
        if (ds.a()) {
            this.J.a("processing otherExtensions that are not recognized ");
        }
        List<PKIXCertPathChecker> certPathCheckers = this.j.getCertPathCheckers();
        if (z) {
            a(ks.cx);
            a(ks.cy);
            a(ks.cq);
            a(ks.cC);
            a(ks.cz);
            a(ks.ct);
        }
        a(ks.cA);
        Iterator<PKIXCertPathChecker> it = certPathCheckers.iterator();
        while (it.hasNext()) {
            try {
                it.next().check(this.k, this.E);
            } catch (CertPathValidatorException e) {
                this.f = e.getMessage();
                return false;
            }
        }
        if (!this.E.isEmpty()) {
            this.f = p;
            return false;
        }
        if (!ds.a()) {
            return true;
        }
        this.J.a("verified other extensions");
        return true;
    }

    private void b(nj njVar) throws a {
        if (ds.a()) {
            this.J.a("modifying permitted_subtrees and excluded_subtrees");
        }
        nj a2 = njVar.a("permittedSubtrees");
        int a3 = a2 == null ? 0 : a2.a();
        nj a4 = njVar.a("excludedSubtrees");
        int a5 = a4 == null ? 0 : a4.a();
        HashMap hashMap = new HashMap();
        for (int i = 0; i < a3; i++) {
            lv lvVar = new lv(a2.a(i).a("base"));
            if (!lvVar.h()) {
                throw new a();
            }
            Integer valueOf = Integer.valueOf(lvVar.a());
            Set set = (Set) hashMap.get(valueOf);
            if (set == null) {
                set = new HashSet();
                hashMap.put(valueOf, set);
            }
            set.add(lvVar);
        }
        for (Integer num : hashMap.keySet()) {
            Set set2 = (Set) hashMap.get(num);
            Set set3 = (Set) this.v.get(num);
            if (set3 == null) {
                this.v.put(num, set2);
            } else {
                HashSet hashSet = new HashSet();
                Iterator it = set2.iterator();
                while (true) {
                    if (!it.hasNext()) {
                        break;
                    }
                    lv lvVar2 = (lv) it.next();
                    if (a(lvVar2, set3) == null) {
                        hashSet.clear();
                        break;
                    }
                    hashSet.add(lvVar2);
                }
                this.v.put(num, hashSet);
            }
        }
        for (int i2 = 0; i2 < a5; i2++) {
            lv lvVar3 = new lv(a4.a(i2).a("base"));
            if (!lvVar3.h()) {
                throw new a();
            }
            Set set4 = (Set) this.w.get(Integer.valueOf(lvVar3.a()));
            if (a(lvVar3, set4) == null) {
                set4.add(lvVar3);
            }
        }
    }

    private boolean c() throws InvalidAlgorithmParameterException {
        aq.a a2 = this.I.a(this.k, b(ks.cB), this.i);
        if (a2.a) {
            return true;
        }
        if (this.H) {
            return false;
        }
        this.f = a2.b;
        return false;
    }

    private Set c(nj njVar) {
        if (njVar == null) {
            return new HashSet();
        }
        HashSet hashSet = new HashSet();
        for (int i = 0; i < njVar.a(); i++) {
            try {
                hashSet.add(new PolicyQualifierInfo(ir.c(njVar.a(i))));
            } catch (IOException e) {
            }
        }
        return hashSet;
    }

    private OCSPResponderConfig d() throws InvalidAlgorithmParameterException {
        String b = px.b();
        String c = px.c();
        String d = px.d();
        try {
            BigInteger e = px.e();
            X509CertSelector x509CertSelector = null;
            try {
                if (c != null) {
                    x509CertSelector = new X509CertSelector();
                    x509CertSelector.setSubject(c);
                } else if (d != null && e != null) {
                    x509CertSelector = new X509CertSelector();
                    x509CertSelector.setIssuer(d);
                    x509CertSelector.setSerialNumber(e);
                } else if (d != null || e != null) {
                    throw new InvalidAlgorithmParameterException("Security properties: ocsp.responderCertIssuerName and ocsp.responderCertSerialNumber should both be set.");
                }
                if (x509CertSelector == null) {
                    OCSPResponderConfig oCSPResponderConfig = new OCSPResponderConfig(b);
                    oCSPResponderConfig.setUseNonce(false);
                    return oCSPResponderConfig;
                }
                try {
                    X509Certificate a2 = a(x509CertSelector);
                    if (a2 == null) {
                        throw new InvalidAlgorithmParameterException("Could not find the OCSP responder certificate specified.");
                    }
                    OCSPResponderConfig oCSPResponderConfig2 = new OCSPResponderConfig(b, a2);
                    oCSPResponderConfig2.setUseNonce(false);
                    return oCSPResponderConfig2;
                } catch (CertStoreException e2) {
                    throw new InvalidAlgorithmParameterException(o);
                }
            } catch (IOException e3) {
                throw new InvalidAlgorithmParameterException("Invalid name read from OCSP security properties." + e3.getMessage());
            }
        } catch (NumberFormatException e4) {
            throw new InvalidAlgorithmParameterException("Invalid value for security property: ocsp.responderCertSerialNumber");
        }
    }

    private X509Certificate a(X509CertSelector x509CertSelector) throws CertStoreException, InvalidAlgorithmParameterException {
        Iterator<TrustAnchor> it = this.j.getTrustAnchors().iterator();
        while (it.hasNext()) {
            X509Certificate trustedCert = it.next().getTrustedCert();
            if (trustedCert == null) {
                throw new InvalidAlgorithmParameterException("Responder certificate which is also a TrustAnchor must be specified using a certificate.");
            }
            if (x509CertSelector.match(trustedCert)) {
                return trustedCert;
            }
        }
        Iterator<CertStore> it2 = this.j.getCertStores().iterator();
        while (it2.hasNext()) {
            Iterator<? extends Certificate> it3 = it2.next().getCertificates(x509CertSelector).iterator();
            if (it3.hasNext()) {
                return (X509Certificate) it3.next();
            }
        }
        return null;
    }

    private void a(ks ksVar) {
        this.E.remove(ksVar.toString());
        this.F.remove(ksVar.toString());
    }

    private nj b(ks ksVar) {
        nj a2 = ot.a(this.k, ksVar);
        a(ksVar);
        return a2;
    }

    private boolean e() {
        Set<lv> a2 = ot.a((X509Extension) this.k, true);
        a(ks.cu);
        return a(a2) && b(a2);
    }

    private boolean a(Set set) {
        return b(this.k.getSubjectX500Principal(), set.isEmpty()) && d(set);
    }

    private boolean b(Set set) {
        return a(this.k.getSubjectX500Principal(), set.isEmpty()) && c(set);
    }

    private boolean c(Set set) {
        Iterator it = set.iterator();
        while (it.hasNext()) {
            lv lvVar = (lv) it.next();
            Set set2 = (Set) this.w.get(Integer.valueOf(lvVar.a()));
            if (set2 != null && b(lvVar, set2)) {
                return false;
            }
        }
        return true;
    }

    private boolean d(Set set) {
        Iterator it = set.iterator();
        while (it.hasNext()) {
            lv lvVar = (lv) it.next();
            Set set2 = (Set) this.v.get(Integer.valueOf(lvVar.a()));
            if (set2 != null && !b(lvVar, set2)) {
                return false;
            }
        }
        return true;
    }

    private lv a(lv lvVar, Set set) {
        Iterator it = set.iterator();
        while (it.hasNext()) {
            lv lvVar2 = (lv) it.next();
            if (lvVar2.a(lvVar)) {
                return lvVar2;
            }
        }
        return null;
    }

    private boolean b(lv lvVar, Set set) {
        return a(lvVar, set) != null;
    }

    private boolean a(X500Principal x500Principal, Set set) {
        if (set.isEmpty()) {
            return true;
        }
        Iterator it = set.iterator();
        while (it.hasNext()) {
            if (((lv) it.next()).a(x500Principal)) {
                return false;
            }
        }
        return true;
    }

    private boolean a(X500Principal x500Principal, boolean z) {
        Set set = (Set) this.w.get(4);
        if (x500Principal.toString().length() != 0 && !a(x500Principal, set)) {
            return false;
        }
        if (z) {
            return !ot.a(x500Principal, ks.bY) || a(x500Principal, (Set) this.w.get(1));
        }
        return true;
    }

    private boolean b(X500Principal x500Principal, Set set) {
        if (set == null) {
            return true;
        }
        Iterator it = set.iterator();
        while (it.hasNext()) {
            if (((lv) it.next()).a(x500Principal)) {
                return true;
            }
        }
        return false;
    }

    private boolean b(X500Principal x500Principal, boolean z) {
        Set set = (Set) this.v.get(4);
        if (x500Principal.toString().length() != 0 && !b(x500Principal, set)) {
            return false;
        }
        if (z) {
            return !ot.a(x500Principal, ks.bY) || b(x500Principal, (Set) this.v.get(1));
        }
        return true;
    }

    private void f() throws GeneralSecurityException {
        try {
            this.i = a(this.k.getPublicKey(), this.i);
        } catch (SecurityException e) {
            if (!(this.k instanceof hi)) {
                throw new InvalidKeyException(e.getMessage());
            }
            this.i = a(hi.a.a((hi) this.k), this.i);
        }
    }

    private static boolean a(X509Certificate x509Certificate) {
        return x509Certificate.getIssuerX500Principal().equals(x509Certificate.getSubjectX500Principal());
    }
}
