package ru.CryptoPro.reprov.certpath;

import java.io.IOException;
import java.math.BigInteger;
import java.security.PublicKey;
import java.security.cert.CertSelector;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.CertificateExpiredException;
import java.security.cert.CertificateNotYetValidException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collection;
import java.util.Collections;
import java.util.Date;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Set;
import java.util.Vector;
import ru.CryptoPro.AdES.tools.AdESUtility;
import ru.CryptoPro.JCP.Util.HexDumpEncoder;
import ru.CryptoPro.JCP.tools.JCPLogger;
import ru.CryptoPro.reprov.array.DerInputStream;
import ru.CryptoPro.reprov.array.DerValue;
import ru.CryptoPro.reprov.array.ObjectIdentifier;
import ru.CryptoPro.reprov.x509.AlgorithmId;
import ru.CryptoPro.reprov.x509.CertificatePoliciesExtension;
import ru.CryptoPro.reprov.x509.CertificatePolicyId;
import ru.CryptoPro.reprov.x509.DNSName;
import ru.CryptoPro.reprov.x509.EDIPartyName;
import ru.CryptoPro.reprov.x509.ExtendedKeyUsageExtension;
import ru.CryptoPro.reprov.x509.Extension;
import ru.CryptoPro.reprov.x509.GeneralName;
import ru.CryptoPro.reprov.x509.GeneralNameInterface;
import ru.CryptoPro.reprov.x509.GeneralNames;
import ru.CryptoPro.reprov.x509.GeneralSubtree;
import ru.CryptoPro.reprov.x509.GeneralSubtrees;
import ru.CryptoPro.reprov.x509.IPAddressName;
import ru.CryptoPro.reprov.x509.NameConstraintsExtension;
import ru.CryptoPro.reprov.x509.OIDName;
import ru.CryptoPro.reprov.x509.OtherName;
import ru.CryptoPro.reprov.x509.PolicyInformation;
import ru.CryptoPro.reprov.x509.PrivateKeyUsageExtension;
import ru.CryptoPro.reprov.x509.RFC822Name;
import ru.CryptoPro.reprov.x509.SubjectAlternativeNameExtension;
import ru.CryptoPro.reprov.x509.URIName;
import ru.CryptoPro.reprov.x509.X400Address;
import ru.CryptoPro.reprov.x509.X500Name;
import ru.CryptoPro.reprov.x509.X500Principal;
import ru.CryptoPro.reprov.x509.X509CertImpl;
import ru.CryptoPro.reprov.x509.X509Key;

/* loaded from: classes3.dex */
public class X509CertSelector implements CertSelector {
    private static final String[] A;

    /* renamed from: a, reason: collision with root package name */
    private static final ObjectIdentifier f18569a = ObjectIdentifier.newInternal(new int[]{2, 5, 29, 37, 0});

    /* renamed from: z, reason: collision with root package name */
    private static final Boolean f18570z;

    /* renamed from: b, reason: collision with root package name */
    private BigInteger f18571b;

    /* renamed from: c, reason: collision with root package name */
    private X500Principal f18572c;

    /* renamed from: d, reason: collision with root package name */
    private X500Principal f18573d;

    /* renamed from: e, reason: collision with root package name */
    private byte[] f18574e;

    /* renamed from: f, reason: collision with root package name */
    private byte[] f18575f;

    /* renamed from: g, reason: collision with root package name */
    private Date f18576g;

    /* renamed from: h, reason: collision with root package name */
    private Date f18577h;

    /* renamed from: i, reason: collision with root package name */
    private ObjectIdentifier f18578i;

    /* renamed from: j, reason: collision with root package name */
    private PublicKey f18579j;

    /* renamed from: k, reason: collision with root package name */
    private byte[] f18580k;

    /* renamed from: l, reason: collision with root package name */
    private boolean[] f18581l;

    /* renamed from: m, reason: collision with root package name */
    private Set f18582m;

    /* renamed from: n, reason: collision with root package name */
    private Set f18583n;

    /* renamed from: o, reason: collision with root package name */
    private Set f18584o;

    /* renamed from: p, reason: collision with root package name */
    private Set f18585p;

    /* renamed from: q, reason: collision with root package name */
    private CertificatePolicySet f18586q;

    /* renamed from: r, reason: collision with root package name */
    private Set f18587r;

    /* renamed from: s, reason: collision with root package name */
    private Set f18588s;

    /* renamed from: t, reason: collision with root package name */
    private Set f18589t;

    /* renamed from: u, reason: collision with root package name */
    private NameConstraintsExtension f18590u;

    /* renamed from: v, reason: collision with root package name */
    private byte[] f18591v;

    /* renamed from: x, reason: collision with root package name */
    private X509Certificate f18593x;

    /* renamed from: w, reason: collision with root package name */
    private int f18592w = -1;

    /* renamed from: y, reason: collision with root package name */
    private boolean f18594y = true;

    static {
        CertPathHelperImpl.initialize();
        f18570z = Boolean.FALSE;
        A = r0;
        String[] strArr = {"2.5.29.16", "2.5.29.17", "2.5.29.30", "2.5.29.32", AdESUtility.EXTENDED_KEY_USAGE};
    }

    public X509CertSelector() {
    }

    public X509CertSelector(java.security.cert.X509CertSelector x509CertSelector) {
        setSerialNumber(x509CertSelector.getSerialNumber());
        if (x509CertSelector.getIssuer() != null) {
            setIssuer(x509CertSelector.getIssuer().getEncoded());
        }
        if (x509CertSelector.getSubject() != null) {
            setSubject(x509CertSelector.getSubject().getEncoded());
        }
        setSubjectKeyIdentifier(x509CertSelector.getSubjectKeyIdentifier());
        setAuthorityKeyIdentifier(x509CertSelector.getAuthorityKeyIdentifier());
        setCertificateValid(x509CertSelector.getCertificateValid());
        setPrivateKeyValid(x509CertSelector.getPrivateKeyValid());
        setSubjectPublicKeyAlgID(x509CertSelector.getSubjectPublicKeyAlgID());
        setSubjectPublicKey(x509CertSelector.getSubjectPublicKey());
        setKeyUsage(x509CertSelector.getKeyUsage());
        setExtendedKeyUsage(x509CertSelector.getExtendedKeyUsage());
        setSubjectAlternativeNames(x509CertSelector.getSubjectAlternativeNames());
        setPolicy(x509CertSelector.getPolicy());
        setPathToNames(x509CertSelector.getPathToNames());
        setNameConstraints(x509CertSelector.getNameConstraints());
        setBasicConstraints(x509CertSelector.getBasicConstraints());
        setCertificate(x509CertSelector.getCertificate());
        setMatchAllSubjectAltNames(x509CertSelector.getMatchAllSubjectAltNames());
    }

    private static String a(boolean[] zArr) {
        String str = "KeyUsage [\n";
        try {
            if (zArr[0]) {
                str = "KeyUsage [\n  DigitalSignature\n";
            }
            if (zArr[1]) {
                str = str + "  Non_repudiation\n";
            }
            if (zArr[2]) {
                str = str + "  Key_Encipherment\n";
            }
            if (zArr[3]) {
                str = str + "  Data_Encipherment\n";
            }
            if (zArr[4]) {
                str = str + "  Key_Agreement\n";
            }
            if (zArr[5]) {
                str = str + "  Key_CertSign\n";
            }
            if (zArr[6]) {
                str = str + "  Crl_Sign\n";
            }
            if (zArr[7]) {
                str = str + "  Encipher_Only\n";
            }
            if (zArr[8]) {
                str = str + "  Decipher_Only\n";
            }
        } catch (ArrayIndexOutOfBoundsException unused) {
        }
        return str + "]\n";
    }

    private static Set a(Collection collection) {
        HashSet hashSet = new HashSet();
        Iterator it = collection.iterator();
        while (it.hasNext()) {
            List list = (List) it.next();
            if (list.size() != 2) {
                throw new IOException("name list size not 2");
            }
            Object obj = list.get(0);
            if (!(obj instanceof Integer)) {
                throw new IOException("expected an Integer");
            }
            hashSet.add(a(((Integer) obj).intValue(), list.get(1)));
        }
        return hashSet;
    }

    private static Extension a(X509Certificate x509Certificate, int i10) {
        if (x509Certificate instanceof X509CertImpl) {
            X509CertImpl x509CertImpl = (X509CertImpl) x509Certificate;
            if (i10 == 0) {
                return x509CertImpl.getPrivateKeyUsageExtension();
            }
            if (i10 == 1) {
                return x509CertImpl.getSubjectAlternativeNameExtension();
            }
            if (i10 == 2) {
                return x509CertImpl.getNameConstraintsExtension();
            }
            if (i10 == 3) {
                return x509CertImpl.getCertificatePoliciesExtension();
            }
            if (i10 != 4) {
                return null;
            }
            return x509CertImpl.getExtendedKeyUsageExtension();
        }
        byte[] extensionValue = x509Certificate.getExtensionValue(A[i10]);
        if (extensionValue == null) {
            return null;
        }
        byte[] octetString = new DerInputStream(extensionValue).getOctetString();
        if (i10 == 0) {
            try {
                return new PrivateKeyUsageExtension(f18570z, octetString);
            } catch (CertificateException e10) {
                throw new IOException(e10.getMessage());
            }
        }
        if (i10 == 1) {
            return new SubjectAlternativeNameExtension(f18570z, octetString);
        }
        if (i10 == 2) {
            return new NameConstraintsExtension(f18570z, octetString);
        }
        if (i10 == 3) {
            return new CertificatePoliciesExtension(f18570z, octetString);
        }
        if (i10 != 4) {
            return null;
        }
        return new ExtendedKeyUsageExtension(f18570z, octetString);
    }

    static GeneralNameInterface a(int i10, Object obj) {
        GeneralNameInterface otherName;
        StringBuilder sb2;
        JCPLogger.fine("X509CertSelector.makeGeneralNameInterface(" + i10 + ")...");
        if (obj instanceof String) {
            JCPLogger.fine("X509CertSelector.makeGeneralNameInterface() name is String: " + obj);
            if (i10 == 1) {
                otherName = new RFC822Name((String) obj);
            } else if (i10 == 2) {
                otherName = new DNSName((String) obj);
            } else if (i10 == 4) {
                otherName = new X500Name((String) obj);
            } else if (i10 == 6) {
                otherName = new URIName((String) obj);
            } else if (i10 == 7) {
                otherName = new IPAddressName((String) obj);
            } else {
                if (i10 != 8) {
                    throw new IOException("unable to parse String names of type " + i10);
                }
                otherName = new OIDName((String) obj);
            }
            sb2 = new StringBuilder();
        } else {
            if (!(obj instanceof byte[])) {
                JCPLogger.fine("X509CertSelector.makeGeneralName() input name not String or byte array");
                throw new IOException("name not String or byte array");
            }
            DerValue derValue = new DerValue((byte[]) obj);
            JCPLogger.fine("X509CertSelector.makeGeneralNameInterface() is byte[]");
            switch (i10) {
                case 0:
                    otherName = new OtherName(derValue);
                    break;
                case 1:
                    otherName = new RFC822Name(derValue);
                    break;
                case 2:
                    otherName = new DNSName(derValue);
                    break;
                case 3:
                    otherName = new X400Address(derValue);
                    break;
                case 4:
                    otherName = new X500Name(derValue);
                    break;
                case 5:
                    otherName = new EDIPartyName(derValue);
                    break;
                case 6:
                    otherName = new URIName(derValue);
                    break;
                case 7:
                    otherName = new IPAddressName(derValue);
                    break;
                case 8:
                    otherName = new OIDName(derValue);
                    break;
                default:
                    throw new IOException("unable to parse byte array names of type " + i10);
            }
            sb2 = new StringBuilder();
        }
        sb2.append("X509CertSelector.makeGeneralNameInterface() result: ");
        sb2.append(otherName.toString());
        JCPLogger.fine(sb2.toString());
        return otherName;
    }

    private boolean a(X509Certificate x509Certificate) {
        if (this.f18574e == null) {
            return true;
        }
        try {
            byte[] extensionValue = x509Certificate.getExtensionValue("2.5.29.14");
            if (extensionValue == null) {
                JCPLogger.fine("X509CertSelector.match: no subject key ID extension");
                return false;
            }
            byte[] octetString = new DerInputStream(extensionValue).getOctetString();
            if (octetString != null && Arrays.equals(this.f18574e, octetString)) {
                return true;
            }
            JCPLogger.fine("X509CertSelector.match: subject key IDs don't match");
            return false;
        } catch (IOException unused) {
            JCPLogger.fine("X509CertSelector.match: exception in subject key ID check");
            return false;
        }
    }

    private boolean a(GeneralSubtrees generalSubtrees) {
        int constrains;
        Iterator it = generalSubtrees.iterator();
        while (it.hasNext()) {
            GeneralNameInterface name = ((GeneralSubtree) it.next()).getName().getName();
            for (GeneralNameInterface generalNameInterface : this.f18589t) {
                if (name.getType() == generalNameInterface.getType() && ((constrains = generalNameInterface.constrains(name)) == 0 || constrains == 2)) {
                    JCPLogger.fine("X509CertSelector.match: name constraints inhibit path to specified name");
                    JCPLogger.fine("X509CertSelector.match: excluded name: " + generalNameInterface);
                    return false;
                }
            }
        }
        return true;
    }

    private static Set b(Collection collection) {
        try {
            return c(collection);
        } catch (IOException e10) {
            throw new RuntimeException("cloneNames encountered IOException: " + e10.getMessage());
        }
    }

    private static Set b(Set set) {
        return set instanceof HashSet ? (Set) ((HashSet) set).clone() : new HashSet(set);
    }

    private void b(int i10, Object obj) {
        GeneralNameInterface a10 = a(i10, obj);
        if (this.f18584o == null) {
            this.f18584o = new HashSet();
        }
        if (this.f18585p == null) {
            this.f18585p = new HashSet();
        }
        ArrayList arrayList = new ArrayList(2);
        arrayList.add(Integer.valueOf(i10));
        arrayList.add(obj);
        this.f18584o.add(arrayList);
        this.f18585p.add(a10);
    }

    private boolean b(X509Certificate x509Certificate) {
        if (this.f18575f == null) {
            return true;
        }
        try {
            byte[] extensionValue = x509Certificate.getExtensionValue("2.5.29.35");
            if (extensionValue == null) {
                JCPLogger.fine("X509CertSelector.match: no authority key ID extension");
                return false;
            }
            byte[] octetString = new DerInputStream(extensionValue).getOctetString();
            if (octetString != null && Arrays.equals(this.f18575f, octetString)) {
                return true;
            }
            JCPLogger.fine("X509CertSelector.match: authority key IDs don't match");
            return false;
        } catch (IOException unused) {
            JCPLogger.fine("X509CertSelector.match: exception in authority key ID check");
            return false;
        }
    }

    private boolean b(GeneralSubtrees generalSubtrees) {
        boolean z10;
        for (GeneralNameInterface generalNameInterface : this.f18589t) {
            Iterator it = generalSubtrees.iterator();
            String str = "";
            boolean z11 = false;
            while (true) {
                z10 = z11;
                while (it.hasNext() && !z11) {
                    GeneralNameInterface name = ((GeneralSubtree) it.next()).getName().getName();
                    if (name.getType() == generalNameInterface.getType()) {
                        str = str + "  " + name;
                        int constrains = generalNameInterface.constrains(name);
                        if (constrains == 0 || constrains == 2) {
                            z11 = true;
                        } else {
                            z10 = true;
                        }
                    }
                }
            }
            if (!z11 && z10) {
                JCPLogger.fine("X509CertSelector.match: name constraints inhibit path to specified name; permitted names of type " + generalNameInterface.getType() + ru.CryptoPro.JCP.tools.CertReader.Extension.COLON_SPACE + str);
                return false;
            }
        }
        return true;
    }

    private static Set c(Collection collection) {
        HashSet<List> hashSet = new HashSet();
        Iterator it = collection.iterator();
        while (it.hasNext()) {
            hashSet.add(new ArrayList((List) it.next()));
        }
        for (List list : hashSet) {
            if (list.size() != 2) {
                throw new IOException("name list size not 2");
            }
            Object obj = list.get(0);
            if (!(obj instanceof Integer)) {
                throw new IOException("expected an Integer");
            }
            int intValue = ((Integer) obj).intValue();
            if (intValue < 0 || intValue > 8) {
                throw new IOException("name type not 0-8");
            }
            Object obj2 = list.get(1);
            boolean z10 = obj2 instanceof byte[];
            if (!z10 && !(obj2 instanceof String)) {
                JCPLogger.fine("X509CertSelector.cloneAndCheckNames() name not byte array");
                throw new IOException("name not byte array or String");
            }
            if (z10) {
                list.set(1, ((byte[]) obj2).clone());
            }
        }
        return hashSet;
    }

    private void c(int i10, Object obj) {
        GeneralNameInterface a10 = a(i10, obj);
        if (this.f18589t == null) {
            this.f18588s = new HashSet();
            this.f18589t = new HashSet();
        }
        ArrayList arrayList = new ArrayList(2);
        arrayList.add(Integer.valueOf(i10));
        arrayList.add(obj);
        this.f18588s.add(arrayList);
        this.f18589t.add(a10);
    }

    private boolean c(X509Certificate x509Certificate) {
        String str = "n/a";
        if (this.f18577h == null) {
            return true;
        }
        PrivateKeyUsageExtension privateKeyUsageExtension = null;
        try {
            try {
                PrivateKeyUsageExtension privateKeyUsageExtension2 = (PrivateKeyUsageExtension) a(x509Certificate, 0);
                if (privateKeyUsageExtension2 != null) {
                    try {
                        privateKeyUsageExtension2.valid(this.f18577h);
                    } catch (CertificateExpiredException e10) {
                        e = e10;
                        privateKeyUsageExtension = privateKeyUsageExtension2;
                        try {
                            str = ((Date) privateKeyUsageExtension.get(PrivateKeyUsageExtension.NOT_AFTER)).toString();
                        } catch (CertificateException unused) {
                        }
                        JCPLogger.fine("X509CertSelector.match: private key usage not within validity date; ext.NOT_After: " + str + "; X509CertSelector: " + toString());
                        e.printStackTrace();
                        return false;
                    } catch (CertificateNotYetValidException e11) {
                        e = e11;
                        privateKeyUsageExtension = privateKeyUsageExtension2;
                        try {
                            str = ((Date) privateKeyUsageExtension.get(PrivateKeyUsageExtension.NOT_BEFORE)).toString();
                        } catch (CertificateException unused2) {
                        }
                        JCPLogger.fine("X509CertSelector.match: private key usage not within validity date; ext.NOT_BEFORE: " + str + "; X509CertSelector: " + toString());
                        e.printStackTrace();
                        return false;
                    }
                }
                return true;
            } catch (IOException e12) {
                JCPLogger.fine("X509CertSelector.match: IOException in private key usage check; X509CertSelector: " + toString());
                e12.printStackTrace();
                return false;
            }
        } catch (CertificateExpiredException e13) {
            e = e13;
        } catch (CertificateNotYetValidException e14) {
            e = e14;
        }
    }

    private boolean d(X509Certificate x509Certificate) {
        if (this.f18578i == null) {
            return true;
        }
        try {
            DerValue derValue = new DerValue(x509Certificate.getPublicKey().getEncoded());
            if (derValue.tag != 48) {
                throw new IOException("invalid key format");
            }
            AlgorithmId parse = AlgorithmId.parse(derValue.data.getDerValue());
            JCPLogger.fine("X509CertSelector.match: subjectPublicKeyAlgID = " + this.f18578i + ", xcert subjectPublicKeyAlgID = " + parse.getOID());
            if (this.f18578i.equals((Object) parse.getOID())) {
                return true;
            }
            JCPLogger.fine("X509CertSelector.match: subject public key alg IDs don't match");
            return false;
        } catch (IOException unused) {
            JCPLogger.fine("X509CertSelector.match: IOException in subject public key algorithm OID check");
            return false;
        }
    }

    private boolean e(X509Certificate x509Certificate) {
        boolean[] keyUsage;
        if (this.f18581l != null && (keyUsage = x509Certificate.getKeyUsage()) != null) {
            int i10 = 0;
            while (true) {
                boolean[] zArr = this.f18581l;
                if (i10 >= zArr.length) {
                    break;
                }
                if (!zArr[i10] || (i10 < keyUsage.length && keyUsage[i10])) {
                    i10++;
                }
            }
            JCPLogger.fine("X509CertSelector.match: key usage bits don't match");
            return false;
        }
        return true;
    }

    private boolean f(X509Certificate x509Certificate) {
        Set set = this.f18582m;
        if (set == null || set.isEmpty()) {
            return true;
        }
        try {
            ExtendedKeyUsageExtension extendedKeyUsageExtension = (ExtendedKeyUsageExtension) a(x509Certificate, 4);
            if (extendedKeyUsageExtension != null) {
                Vector vector = (Vector) extendedKeyUsageExtension.get(ExtendedKeyUsageExtension.USAGES);
                if (!vector.contains(f18569a) && !vector.containsAll(this.f18583n)) {
                    JCPLogger.fine("X509CertSelector.match: cert failed extendedKeyUsage criterion");
                    return false;
                }
            }
            return true;
        } catch (IOException unused) {
            JCPLogger.fine("X509CertSelector.match: IOException in extended key usage check");
            return false;
        }
    }

    private boolean g(X509Certificate x509Certificate) {
        Set set = this.f18584o;
        if (set == null || set.isEmpty()) {
            return true;
        }
        try {
            SubjectAlternativeNameExtension subjectAlternativeNameExtension = (SubjectAlternativeNameExtension) a(x509Certificate, 1);
            if (subjectAlternativeNameExtension == null) {
                JCPLogger.fine("X509CertSelector.match: no subject alternative name extension");
                return false;
            }
            GeneralNames generalNames = (GeneralNames) subjectAlternativeNameExtension.get(SubjectAlternativeNameExtension.SUBJECT_NAME);
            Iterator it = this.f18585p.iterator();
            while (it.hasNext()) {
                GeneralNameInterface generalNameInterface = (GeneralNameInterface) it.next();
                Iterator it2 = generalNames.iterator();
                boolean z10 = false;
                while (it2.hasNext() && !z10) {
                    z10 = ((GeneralName) it2.next()).getName().equals(generalNameInterface);
                }
                if (!z10 && (this.f18594y || !it.hasNext())) {
                    JCPLogger.fine("X509CertSelector.match: subject alternative name " + generalNameInterface + " not found");
                    return false;
                }
                if (z10 && !this.f18594y) {
                    break;
                }
            }
            return true;
        } catch (IOException unused) {
            JCPLogger.fine("X509CertSelector.match: IOException in subject alternative name check");
            return false;
        }
    }

    private boolean h(X509Certificate x509Certificate) {
        NameConstraintsExtension nameConstraintsExtension = this.f18590u;
        if (nameConstraintsExtension == null) {
            return true;
        }
        try {
            if (nameConstraintsExtension.verify(x509Certificate)) {
                return true;
            }
            JCPLogger.fine("X509CertSelector.match: name constraints not satisfied");
            return false;
        } catch (IOException unused) {
            JCPLogger.fine("X509CertSelector.match: IOException in name constraints check");
            return false;
        }
    }

    private boolean i(X509Certificate x509Certificate) {
        boolean z10;
        if (this.f18586q == null) {
            return true;
        }
        try {
            CertificatePoliciesExtension certificatePoliciesExtension = (CertificatePoliciesExtension) a(x509Certificate, 3);
            if (certificatePoliciesExtension == null) {
                JCPLogger.fine("X509CertSelector.match: no certificate policy extension");
                return false;
            }
            List list = (List) certificatePoliciesExtension.get(CertificatePoliciesExtension.POLICIES);
            ArrayList arrayList = new ArrayList(list.size());
            Iterator it = list.iterator();
            while (it.hasNext()) {
                arrayList.add(((PolicyInformation) it.next()).getPolicyIdentifier());
            }
            CertificatePolicySet certificatePolicySet = this.f18586q;
            if (certificatePolicySet != null) {
                if (!certificatePolicySet.getCertPolicyIds().isEmpty()) {
                    Iterator it2 = this.f18586q.getCertPolicyIds().iterator();
                    while (true) {
                        if (!it2.hasNext()) {
                            z10 = false;
                            break;
                        }
                        if (arrayList.contains((CertificatePolicyId) it2.next())) {
                            z10 = true;
                            break;
                        }
                    }
                    if (!z10) {
                        JCPLogger.fine("X509CertSelector.match: cert failed policyAny criterion");
                        return false;
                    }
                } else if (arrayList.isEmpty()) {
                    JCPLogger.fine("X509CertSelector.match: cert failed policyAny criterion");
                    return false;
                }
            }
            return true;
        } catch (IOException unused) {
            JCPLogger.fine("X509CertSelector.match: IOException in certificate policy ID check");
            return false;
        }
    }

    private boolean j(X509Certificate x509Certificate) {
        if (this.f18589t == null) {
            return true;
        }
        try {
            NameConstraintsExtension nameConstraintsExtension = (NameConstraintsExtension) a(x509Certificate, 2);
            if (nameConstraintsExtension == null) {
                return true;
            }
            JCPLogger.fine("X509CertSelector.match pathToNames:\n");
            Iterator it = this.f18589t.iterator();
            while (it.hasNext()) {
                JCPLogger.fine(ru.CryptoPro.JCP.tools.CertReader.Extension.TAB_CHAR + it.next() + "\n");
            }
            GeneralSubtrees generalSubtrees = (GeneralSubtrees) nameConstraintsExtension.get(NameConstraintsExtension.PERMITTED_SUBTREES);
            GeneralSubtrees generalSubtrees2 = (GeneralSubtrees) nameConstraintsExtension.get(NameConstraintsExtension.EXCLUDED_SUBTREES);
            if (generalSubtrees2 != null && !a(generalSubtrees2)) {
                return false;
            }
            if (generalSubtrees != null) {
                if (!b(generalSubtrees)) {
                    return false;
                }
            }
            return true;
        } catch (IOException unused) {
            JCPLogger.fine("X509CertSelector.match: IOException in name constraints check");
            return false;
        }
    }

    private boolean k(X509Certificate x509Certificate) {
        String str;
        if (this.f18592w == -1) {
            return true;
        }
        int basicConstraints = x509Certificate.getBasicConstraints();
        int i10 = this.f18592w;
        if (i10 == -2) {
            if (basicConstraints != -1) {
                str = "X509CertSelector.match: not an EE cert";
                JCPLogger.fine(str);
                return false;
            }
            return true;
        }
        if (basicConstraints < i10) {
            str = "X509CertSelector.match: cert's maxPathLen is less than the min maxPathLen set by basicConstraints. (" + basicConstraints + " < " + this.f18592w + ru.CryptoPro.JCP.tools.CertReader.Extension.C_BRAKE;
            JCPLogger.fine(str);
            return false;
        }
        return true;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void a(Set set) {
        this.f18588s = Collections.emptySet();
        this.f18589t = set;
    }

    public void addPathToName(int i10, String str) {
        c(i10, str);
    }

    public void addPathToName(int i10, byte[] bArr) {
        c(i10, bArr.clone());
    }

    public void addSubjectAlternativeName(int i10, String str) {
        b(i10, str);
    }

    public void addSubjectAlternativeName(int i10, byte[] bArr) {
        b(i10, bArr.clone());
    }

    @Override // java.security.cert.CertSelector
    public Object clone() {
        try {
            X509CertSelector x509CertSelector = (X509CertSelector) super.clone();
            Set set = this.f18584o;
            if (set != null) {
                x509CertSelector.f18584o = b(set);
                x509CertSelector.f18585p = b(this.f18585p);
            }
            if (this.f18589t != null) {
                x509CertSelector.f18588s = b(this.f18588s);
                x509CertSelector.f18589t = b(this.f18589t);
            }
            return x509CertSelector;
        } catch (CloneNotSupportedException e10) {
            throw new InternalError(e10.toString(), e10);
        }
    }

    public byte[] getAuthorityKeyIdentifier() {
        byte[] bArr = this.f18575f;
        if (bArr == null) {
            return null;
        }
        return (byte[]) bArr.clone();
    }

    public int getBasicConstraints() {
        return this.f18592w;
    }

    public X509Certificate getCertificate() {
        return this.f18593x;
    }

    public Date getCertificateValid() {
        Date date = this.f18576g;
        if (date == null) {
            return null;
        }
        return (Date) date.clone();
    }

    public Set getExtendedKeyUsage() {
        return this.f18582m;
    }

    public X500Principal getIssuer() {
        return this.f18572c;
    }

    public byte[] getIssuerAsBytes() {
        X500Principal x500Principal = this.f18572c;
        if (x500Principal == null) {
            return null;
        }
        return x500Principal.getEncoded();
    }

    public String getIssuerAsString() {
        X500Principal x500Principal = this.f18572c;
        if (x500Principal == null) {
            return null;
        }
        return x500Principal.getName();
    }

    public boolean[] getKeyUsage() {
        boolean[] zArr = this.f18581l;
        if (zArr == null) {
            return null;
        }
        return (boolean[]) zArr.clone();
    }

    public boolean getMatchAllSubjectAltNames() {
        return this.f18594y;
    }

    public byte[] getNameConstraints() {
        byte[] bArr = this.f18591v;
        if (bArr == null) {
            return null;
        }
        return (byte[]) bArr.clone();
    }

    public Collection getPathToNames() {
        Set set = this.f18588s;
        if (set == null) {
            return null;
        }
        return b((Collection) set);
    }

    public Set getPolicy() {
        return this.f18587r;
    }

    public Date getPrivateKeyValid() {
        Date date = this.f18577h;
        if (date == null) {
            return null;
        }
        return (Date) date.clone();
    }

    public BigInteger getSerialNumber() {
        return this.f18571b;
    }

    public X500Principal getSubject() {
        return this.f18573d;
    }

    public Collection getSubjectAlternativeNames() {
        Set set = this.f18584o;
        if (set == null) {
            return null;
        }
        return b((Collection) set);
    }

    public byte[] getSubjectAsBytes() {
        X500Principal x500Principal = this.f18573d;
        if (x500Principal == null) {
            return null;
        }
        return x500Principal.getEncoded();
    }

    public String getSubjectAsString() {
        X500Principal x500Principal = this.f18573d;
        if (x500Principal == null) {
            return null;
        }
        return x500Principal.getName();
    }

    public byte[] getSubjectKeyIdentifier() {
        byte[] bArr = this.f18574e;
        if (bArr == null) {
            return null;
        }
        return (byte[]) bArr.clone();
    }

    public PublicKey getSubjectPublicKey() {
        return this.f18579j;
    }

    public String getSubjectPublicKeyAlgID() {
        ObjectIdentifier objectIdentifier = this.f18578i;
        if (objectIdentifier == null) {
            return null;
        }
        return objectIdentifier.toString();
    }

    @Override // java.security.cert.CertSelector
    public boolean match(Certificate certificate) {
        String str;
        boolean z10 = false;
        if (!(certificate instanceof X509Certificate)) {
            return false;
        }
        X509Certificate x509Certificate = (X509Certificate) certificate;
        JCPLogger.fine("X509CertSelector.match(SN: " + x509Certificate.getSerialNumber().toString(16) + "\n  Issuer: " + x509Certificate.getIssuerDN() + "\n  Subject: " + x509Certificate.getSubjectDN() + ru.CryptoPro.JCP.tools.CertReader.Extension.C_BRAKE);
        X509Certificate x509Certificate2 = this.f18593x;
        if (x509Certificate2 == null || x509Certificate2.equals(x509Certificate)) {
            BigInteger bigInteger = this.f18571b;
            if (bigInteger == null || bigInteger.equals(x509Certificate.getSerialNumber())) {
                X500Principal x500Principal = this.f18572c;
                if (x500Principal == null || Arrays.equals(x500Principal.getEncoded(), x509Certificate.getIssuerX500Principal().getEncoded())) {
                    X500Principal x500Principal2 = this.f18573d;
                    if (x500Principal2 == null || Arrays.equals(x500Principal2.getEncoded(), x509Certificate.getSubjectX500Principal().getEncoded())) {
                        Date date = this.f18576g;
                        if (date != null) {
                            try {
                                x509Certificate.checkValidity(date);
                            } catch (CertificateException unused) {
                                str = "X509CertSelector.match: certificate not within validity period";
                            }
                        }
                        if (this.f18580k != null) {
                            if (!Arrays.equals(this.f18580k, x509Certificate.getPublicKey().getEncoded())) {
                                str = "X509CertSelector.match: subject public keys don't match";
                            }
                        }
                        if (k(x509Certificate) && e(x509Certificate) && f(x509Certificate) && a(x509Certificate) && b(x509Certificate) && c(x509Certificate) && d(x509Certificate) && i(x509Certificate) && g(x509Certificate) && j(x509Certificate) && h(x509Certificate)) {
                            z10 = true;
                        }
                        if (z10) {
                            JCPLogger.fine("X509CertSelector.match returning: true");
                        }
                        return z10;
                    }
                    str = "X509CertSelector.match: subject DNs don't match";
                } else {
                    str = "X509CertSelector.match: issuer DNs don't match";
                }
            } else {
                str = "X509CertSelector.match: serial numbers don't match";
            }
        } else {
            str = "X509CertSelector.match: certs don't match";
        }
        JCPLogger.fine(str);
        return false;
    }

    public void setAuthorityKeyIdentifier(byte[] bArr) {
        if (bArr == null) {
            this.f18575f = null;
        } else {
            this.f18575f = (byte[]) bArr.clone();
        }
    }

    public void setBasicConstraints(int i10) {
        if (i10 < -2) {
            throw new IllegalArgumentException("basic constraints less than -2");
        }
        this.f18592w = i10;
    }

    public void setCertificate(X509Certificate x509Certificate) {
        this.f18593x = x509Certificate;
    }

    public void setCertificateValid(Date date) {
        this.f18576g = date == null ? null : (Date) date.clone();
    }

    public void setExtendedKeyUsage(Set set) {
        if (set == null || set.isEmpty()) {
            this.f18582m = null;
            this.f18583n = null;
            return;
        }
        this.f18582m = Collections.unmodifiableSet(new HashSet(set));
        this.f18583n = new HashSet();
        Iterator it = this.f18582m.iterator();
        while (it.hasNext()) {
            this.f18583n.add(new ObjectIdentifier((String) it.next()));
        }
    }

    public void setIssuer(String str) {
        this.f18572c = str == null ? null : new X500Name(str).asX500Principal();
    }

    public void setIssuer(X500Principal x500Principal) {
        this.f18572c = x500Principal;
    }

    public void setIssuer(byte[] bArr) {
        X500Principal x500Principal;
        if (bArr == null) {
            x500Principal = null;
        } else {
            try {
                x500Principal = new X500Principal(bArr);
            } catch (IllegalArgumentException e10) {
                throw new IOException("Invalid name", e10);
            }
        }
        this.f18572c = x500Principal;
    }

    public void setKeyUsage(boolean[] zArr) {
        if (zArr == null) {
            this.f18581l = null;
        } else {
            this.f18581l = (boolean[]) zArr.clone();
        }
    }

    public void setMatchAllSubjectAltNames(boolean z10) {
        this.f18594y = z10;
    }

    public void setNameConstraints(byte[] bArr) {
        if (bArr == null) {
            this.f18591v = null;
            this.f18590u = null;
        } else {
            this.f18591v = (byte[]) bArr.clone();
            this.f18590u = new NameConstraintsExtension(f18570z, bArr);
        }
    }

    public void setPathToNames(Collection collection) {
        if (collection == null || collection.isEmpty()) {
            this.f18588s = null;
            this.f18589t = null;
        } else {
            Set c10 = c(collection);
            this.f18589t = a((Collection) c10);
            this.f18588s = c10;
        }
    }

    public void setPolicy(Set set) {
        CertificatePolicySet certificatePolicySet;
        if (set == null) {
            certificatePolicySet = null;
            this.f18587r = null;
        } else {
            Set unmodifiableSet = Collections.unmodifiableSet(new HashSet(set));
            Vector vector = new Vector();
            for (Object obj : unmodifiableSet) {
                if (!(obj instanceof String)) {
                    throw new IOException("non String in certPolicySet");
                }
                vector.add(new CertificatePolicyId(new ObjectIdentifier((String) obj)));
            }
            this.f18587r = unmodifiableSet;
            certificatePolicySet = new CertificatePolicySet(vector);
        }
        this.f18586q = certificatePolicySet;
    }

    public void setPrivateKeyValid(Date date) {
        this.f18577h = date == null ? null : (Date) date.clone();
    }

    public void setSerialNumber(BigInteger bigInteger) {
        this.f18571b = bigInteger;
    }

    public void setSubject(String str) {
        this.f18573d = str == null ? null : new X500Name(str).asX500Principal();
    }

    public void setSubject(X500Principal x500Principal) {
        this.f18573d = x500Principal;
    }

    public void setSubject(byte[] bArr) {
        X500Principal x500Principal;
        if (bArr == null) {
            x500Principal = null;
        } else {
            try {
                x500Principal = new X500Principal(bArr);
            } catch (IllegalArgumentException e10) {
                throw new IOException("Invalid name", e10);
            }
        }
        this.f18573d = x500Principal;
    }

    public void setSubjectAlternativeNames(Collection collection) {
        if (collection == null) {
            this.f18584o = null;
            this.f18585p = null;
        } else if (collection.isEmpty()) {
            this.f18584o = null;
            this.f18585p = null;
        } else {
            Set c10 = c(collection);
            this.f18585p = a((Collection) c10);
            this.f18584o = c10;
        }
    }

    public void setSubjectKeyIdentifier(byte[] bArr) {
        if (bArr == null) {
            this.f18574e = null;
        } else {
            this.f18574e = (byte[]) bArr.clone();
        }
    }

    public void setSubjectPublicKey(PublicKey publicKey) {
        if (publicKey == null) {
            this.f18579j = null;
            this.f18580k = null;
        } else {
            this.f18579j = publicKey;
            this.f18580k = publicKey.getEncoded();
        }
    }

    public void setSubjectPublicKey(byte[] bArr) {
        if (bArr == null) {
            this.f18579j = null;
            this.f18580k = null;
        } else {
            byte[] bArr2 = (byte[]) bArr.clone();
            this.f18580k = bArr2;
            this.f18579j = X509Key.parse(new DerValue(bArr2));
        }
    }

    public void setSubjectPublicKeyAlgID(String str) {
        if (str == null) {
            this.f18578i = null;
        } else {
            this.f18578i = new ObjectIdentifier(str);
        }
    }

    public String toString() {
        StringBuffer stringBuffer = new StringBuffer();
        stringBuffer.append("X509CertSelector: [\n");
        if (this.f18593x != null) {
            stringBuffer.append("  Certificate: " + this.f18593x.toString() + "\n");
        }
        if (this.f18571b != null) {
            stringBuffer.append("  Serial Number: " + this.f18571b.toString() + "\n");
        }
        if (this.f18572c != null) {
            stringBuffer.append("  Issuer: " + getIssuerAsString() + "\n");
        }
        if (this.f18573d != null) {
            stringBuffer.append("  Subject: " + getSubjectAsString() + "\n");
        }
        stringBuffer.append("  matchAllSubjectAltNames flag: " + String.valueOf(this.f18594y) + "\n");
        if (this.f18584o != null) {
            stringBuffer.append("  SubjectAlternativeNames:\n");
            for (List list : this.f18584o) {
                stringBuffer.append("    type " + list.get(0) + ", name " + list.get(1) + "\n");
            }
        }
        if (this.f18574e != null) {
            stringBuffer.append("  Subject Key Identifier: " + new HexDumpEncoder().encodeBuffer(this.f18574e) + "\n");
        }
        if (this.f18575f != null) {
            stringBuffer.append("  Authority Key Identifier: " + new HexDumpEncoder().encodeBuffer(this.f18575f) + "\n");
        }
        if (this.f18576g != null) {
            stringBuffer.append("  Certificate Valid: " + this.f18576g.toString() + "\n");
        }
        if (this.f18577h != null) {
            stringBuffer.append("  Private Key Valid: " + this.f18577h.toString() + "\n");
        }
        if (this.f18578i != null) {
            stringBuffer.append("  Subject Public Key AlgID: " + this.f18578i.toString() + "\n");
        }
        if (this.f18579j != null) {
            stringBuffer.append("  Subject Public Key: " + this.f18579j.toString() + "\n");
        }
        if (this.f18581l != null) {
            stringBuffer.append("  Key Usage: " + a(this.f18581l) + "\n");
        }
        if (this.f18582m != null) {
            stringBuffer.append("  Extended Key Usage: " + this.f18582m.toString() + "\n");
        }
        if (this.f18586q != null) {
            stringBuffer.append("  Policy: " + this.f18586q.toString() + "\n");
        }
        if (this.f18589t != null) {
            stringBuffer.append("  Path to names:\n");
            Iterator it = this.f18589t.iterator();
            while (it.hasNext()) {
                stringBuffer.append(ru.CryptoPro.JCP.tools.CertReader.Extension.TAB_CHAR + it.next() + "\n");
            }
        }
        stringBuffer.append("]");
        return stringBuffer.toString();
    }
}
