package ru.CryptoPro.reprov.certpath;

import java.io.IOException;
import java.security.cert.CertPathValidatorException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.PKIXCertPathChecker;
import java.security.cert.PKIXReason;
import java.security.cert.PolicyNode;
import java.security.cert.X509Certificate;
import java.util.Collection;
import java.util.Collections;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Set;
import ru.CryptoPro.AdES.evidence.crl.rfc3280.RFC3280CRLUtility;
import ru.CryptoPro.JCP.tools.JCPLogger;
import ru.CryptoPro.reprov.cl_9;
import ru.CryptoPro.reprov.x509.CertificatePoliciesExtension;
import ru.CryptoPro.reprov.x509.CertificatePolicyMap;
import ru.CryptoPro.reprov.x509.InhibitAnyPolicyExtension;
import ru.CryptoPro.reprov.x509.PKIXExtensions;
import ru.CryptoPro.reprov.x509.PolicyConstraintsExtension;
import ru.CryptoPro.reprov.x509.PolicyInformation;
import ru.CryptoPro.reprov.x509.PolicyMappingsExtension;
import ru.CryptoPro.reprov.x509.X509CertImpl;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: classes3.dex */
public class PolicyChecker extends PKIXCertPathChecker {

    /* renamed from: l, reason: collision with root package name */
    private static Set f18495l;

    /* renamed from: a, reason: collision with root package name */
    private final Set f18496a;

    /* renamed from: b, reason: collision with root package name */
    private final int f18497b;

    /* renamed from: c, reason: collision with root package name */
    private final boolean f18498c;

    /* renamed from: d, reason: collision with root package name */
    private final boolean f18499d;

    /* renamed from: e, reason: collision with root package name */
    private final boolean f18500e;

    /* renamed from: f, reason: collision with root package name */
    private final boolean f18501f;

    /* renamed from: g, reason: collision with root package name */
    private PolicyNodeImpl f18502g;

    /* renamed from: h, reason: collision with root package name */
    private int f18503h;

    /* renamed from: i, reason: collision with root package name */
    private int f18504i;

    /* renamed from: j, reason: collision with root package name */
    private int f18505j;

    /* renamed from: k, reason: collision with root package name */
    private int f18506k;

    /* JADX INFO: Access modifiers changed from: package-private */
    public PolicyChecker(Set set, int i10, boolean z10, boolean z11, boolean z12, boolean z13, PolicyNodeImpl policyNodeImpl) {
        if (set.isEmpty()) {
            HashSet hashSet = new HashSet(1);
            this.f18496a = hashSet;
            hashSet.add(RFC3280CRLUtility.ANY_POLICY);
        } else {
            this.f18496a = new HashSet(set);
        }
        this.f18497b = i10;
        this.f18498c = z10;
        this.f18499d = z11;
        this.f18500e = z12;
        this.f18501f = z13;
        this.f18502g = policyNodeImpl;
        init(false);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static int a(int i10, X509CertImpl x509CertImpl) {
        if (i10 > 0 && !X509CertImpl.isSelfIssued(x509CertImpl)) {
            i10--;
        }
        try {
            PolicyConstraintsExtension policyConstraintsExtension = x509CertImpl.getPolicyConstraintsExtension();
            if (policyConstraintsExtension == null) {
                return i10;
            }
            int intValue = ((Integer) policyConstraintsExtension.get(PolicyConstraintsExtension.INHIBIT)).intValue();
            JCPLogger.finer("PolicyChecker.mergePolicyMapping() inhibit Index from cert = ", Integer.valueOf(intValue));
            return intValue != -1 ? (i10 == -1 || intValue < i10) ? intValue : i10 : i10;
        } catch (Exception e10) {
            JCPLogger.subThrown("PolicyChecker.mergePolicyMapping unexpected exception", e10);
            throw new CertPathValidatorException(e10);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static int a(int i10, X509CertImpl x509CertImpl, boolean z10) {
        if (i10 > 0 && !X509CertImpl.isSelfIssued(x509CertImpl)) {
            i10--;
        }
        try {
            PolicyConstraintsExtension policyConstraintsExtension = x509CertImpl.getPolicyConstraintsExtension();
            if (policyConstraintsExtension == null) {
                return i10;
            }
            int intValue = ((Integer) policyConstraintsExtension.get(PolicyConstraintsExtension.REQUIRE)).intValue();
            JCPLogger.finer("PolicyChecker.mergeExplicitPolicy() require Index from cert = ", Integer.valueOf(intValue));
            if (z10) {
                if (intValue != 0) {
                    return i10;
                }
            } else {
                if (intValue == -1) {
                    return i10;
                }
                if (i10 != -1 && intValue >= i10) {
                    return i10;
                }
            }
            return intValue;
        } catch (Exception e10) {
            JCPLogger.subThrown("PolicyChecker.mergeExplicitPolicy unexpected exception", e10);
            throw new CertPathValidatorException(e10);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static PolicyNodeImpl a(int i10, Set set, int i11, int i12, int i13, boolean z10, PolicyNodeImpl policyNodeImpl, X509CertImpl x509CertImpl, boolean z11) {
        Set set2;
        boolean z12;
        PolicyNodeImpl policyNodeImpl2;
        Set hashSet = new HashSet();
        PolicyNodeImpl b10 = policyNodeImpl == null ? null : policyNodeImpl.b();
        CertificatePoliciesExtension certificatePoliciesExtension = x509CertImpl.getCertificatePoliciesExtension();
        boolean z13 = false;
        if (certificatePoliciesExtension != null && b10 != null) {
            boolean isCritical = certificatePoliciesExtension.isCritical();
            JCPLogger.finer("PolicyChecker.processPolicies() policiesCritical = ", Boolean.valueOf(isCritical));
            try {
                List<PolicyInformation> list = (List) certificatePoliciesExtension.get(CertificatePoliciesExtension.POLICIES);
                JCPLogger.finer("PolicyChecker.processPolicies() rejectPolicyQualifiers = ", Boolean.valueOf(z10));
                while (true) {
                    Set set3 = hashSet;
                    boolean z14 = z13;
                    for (PolicyInformation policyInformation : list) {
                        String objectIdentifier = policyInformation.getPolicyIdentifier().getIdentifier().toString();
                        if (objectIdentifier.equals(RFC3280CRLUtility.ANY_POLICY)) {
                            break;
                        }
                        JCPLogger.finer("PolicyChecker.processPolicies() processing policy: ", objectIdentifier);
                        Set policyQualifiers = policyInformation.getPolicyQualifiers();
                        if (!policyQualifiers.isEmpty() && z10 && isCritical) {
                            if (cl_9.a()) {
                                throw new CertPathValidatorException("critical policy qualifiers present in certificate", null, null, -1, PKIXReason.INVALID_POLICY);
                            }
                            throw new CertPathValidatorException("critical policy qualifiers present in certificate");
                        }
                        if (!a(i10, isCritical, z10, b10, objectIdentifier, policyQualifiers, false)) {
                            a(i10, isCritical, z10, b10, objectIdentifier, policyQualifiers, true);
                        }
                    }
                    if (z14 && (i13 > 0 || (!z11 && X509CertImpl.isSelfIssued(x509CertImpl)))) {
                        JCPLogger.finer("PolicyChecker.processPolicies() processing policy: ", RFC3280CRLUtility.ANY_POLICY);
                        a(i10, isCritical, z10, b10, RFC3280CRLUtility.ANY_POLICY, set3, true);
                    }
                    b10.a(i10);
                    policyNodeImpl2 = b10.getChildren().hasNext() ? b10 : null;
                    z12 = isCritical;
                    set2 = set3;
                    hashSet = policyInformation.getPolicyQualifiers();
                    z13 = true;
                }
            } catch (IOException e10) {
                throw new CertPathValidatorException("Exception while retrieving policyOIDs", e10);
            }
        } else if (certificatePoliciesExtension == null) {
            JCPLogger.finer("PolicyChecker.processPolicies() no policies present in cert");
            set2 = hashSet;
            z12 = false;
            policyNodeImpl2 = null;
        } else {
            set2 = hashSet;
            z12 = false;
            policyNodeImpl2 = b10;
        }
        if (policyNodeImpl2 != null && !z11) {
            policyNodeImpl2 = a(x509CertImpl, i10, i12, policyNodeImpl2, z12, set2);
        }
        if (policyNodeImpl2 != null && !set.contains(RFC3280CRLUtility.ANY_POLICY) && certificatePoliciesExtension != null && (policyNodeImpl2 = a(policyNodeImpl2, i10, set, certificatePoliciesExtension)) != null && z11) {
            policyNodeImpl2 = a(i10, set, policyNodeImpl2);
        }
        int i14 = i11;
        if (z11) {
            i14 = a(i14, x509CertImpl, z11);
        }
        if (i14 != 0 || policyNodeImpl2 != null) {
            return policyNodeImpl2;
        }
        if (cl_9.a()) {
            throw new CertPathValidatorException("non-null policy tree required and policy tree is null", null, null, -1, PKIXReason.INVALID_POLICY);
        }
        throw new CertPathValidatorException("non-null policy tree required and policy tree is null");
    }

    private static PolicyNodeImpl a(int i10, Set set, PolicyNodeImpl policyNodeImpl) {
        Set a10 = policyNodeImpl.a(i10, RFC3280CRLUtility.ANY_POLICY);
        if (a10.isEmpty()) {
            return policyNodeImpl;
        }
        PolicyNodeImpl policyNodeImpl2 = (PolicyNodeImpl) a10.iterator().next();
        PolicyNodeImpl policyNodeImpl3 = (PolicyNodeImpl) policyNodeImpl2.getParent();
        policyNodeImpl3.a((PolicyNode) policyNodeImpl2);
        HashSet<String> hashSet = new HashSet(set);
        Iterator it = policyNodeImpl.b(i10).iterator();
        while (it.hasNext()) {
            hashSet.remove(((PolicyNodeImpl) it.next()).getValidPolicy());
        }
        if (hashSet.isEmpty()) {
            policyNodeImpl.a(i10);
            if (policyNodeImpl.getChildren().hasNext()) {
                return policyNodeImpl;
            }
            return null;
        }
        boolean isCritical = policyNodeImpl2.isCritical();
        Set policyQualifiers = policyNodeImpl2.getPolicyQualifiers();
        for (String str : hashSet) {
            new PolicyNodeImpl(policyNodeImpl3, str, policyQualifiers, isCritical, Collections.singleton(str), false);
        }
        return policyNodeImpl;
    }

    private static PolicyNodeImpl a(PolicyNodeImpl policyNodeImpl, int i10, Set set, CertificatePoliciesExtension certificatePoliciesExtension) {
        try {
            Iterator it = ((List) certificatePoliciesExtension.get(CertificatePoliciesExtension.POLICIES)).iterator();
            boolean z10 = false;
            while (it.hasNext()) {
                String objectIdentifier = ((PolicyInformation) it.next()).getPolicyIdentifier().getIdentifier().toString();
                JCPLogger.finer("PolicyChecker.processPolicies() processing policy second time: ", objectIdentifier);
                for (PolicyNodeImpl policyNodeImpl2 : policyNodeImpl.a(i10, objectIdentifier)) {
                    PolicyNodeImpl policyNodeImpl3 = (PolicyNodeImpl) policyNodeImpl2.getParent();
                    if (policyNodeImpl3.getValidPolicy().equals(RFC3280CRLUtility.ANY_POLICY) && !set.contains(objectIdentifier) && !objectIdentifier.equals(RFC3280CRLUtility.ANY_POLICY)) {
                        JCPLogger.finer("PolicyChecker.processPolicies() before deleting: policy tree = ", policyNodeImpl);
                        policyNodeImpl3.a((PolicyNode) policyNodeImpl2);
                        JCPLogger.finer("PolicyChecker.processPolicies() after deleting: policy tree = ", policyNodeImpl);
                        z10 = true;
                    }
                }
            }
            if (!z10) {
                return policyNodeImpl;
            }
            policyNodeImpl.a(i10);
            if (policyNodeImpl.getChildren().hasNext()) {
                return policyNodeImpl;
            }
            return null;
        } catch (IOException e10) {
            throw new CertPathValidatorException("Exception while retrieving policyOIDs", e10);
        }
    }

    private static PolicyNodeImpl a(X509CertImpl x509CertImpl, int i10, int i11, PolicyNodeImpl policyNodeImpl, boolean z10, Set set) {
        PolicyMappingsExtension policyMappingsExtension = x509CertImpl.getPolicyMappingsExtension();
        if (policyMappingsExtension == null) {
            return policyNodeImpl;
        }
        JCPLogger.finer("PolicyChecker.processPolicyMappings() inside policyMapping check");
        try {
            List list = (List) policyMappingsExtension.get(PolicyMappingsExtension.MAP);
            boolean z11 = false;
            for (int i12 = 0; i12 < list.size(); i12++) {
                CertificatePolicyMap certificatePolicyMap = (CertificatePolicyMap) list.get(i12);
                String objectIdentifier = certificatePolicyMap.getIssuerIdentifier().getIdentifier().toString();
                String objectIdentifier2 = certificatePolicyMap.getSubjectIdentifier().getIdentifier().toString();
                JCPLogger.finer("PolicyChecker.processPolicyMappings() issuerDomain = ", objectIdentifier);
                JCPLogger.finer("PolicyChecker.processPolicyMappings() subjectDomain = ", objectIdentifier2);
                if (objectIdentifier.equals(RFC3280CRLUtility.ANY_POLICY)) {
                    if (cl_9.a()) {
                        throw new CertPathValidatorException("encountered an issuerDomainPolicy of ANY_POLICY", null, null, -1, PKIXReason.INVALID_POLICY);
                    }
                    throw new CertPathValidatorException("encountered an issuerDomainPolicy of ANY_POLICY");
                }
                if (objectIdentifier2.equals(RFC3280CRLUtility.ANY_POLICY)) {
                    if (cl_9.a()) {
                        throw new CertPathValidatorException("encountered a subjectDomainPolicy of ANY_POLICY", null, null, -1, PKIXReason.INVALID_POLICY);
                    }
                    throw new CertPathValidatorException("encountered a subjectDomainPolicy of ANY_POLICY");
                }
                Set<PolicyNodeImpl> a10 = policyNodeImpl.a(i10, objectIdentifier);
                if (!a10.isEmpty()) {
                    for (PolicyNodeImpl policyNodeImpl2 : a10) {
                        if (i11 > 0 || i11 == -1) {
                            policyNodeImpl2.a(objectIdentifier2);
                        } else if (i11 == 0) {
                            PolicyNodeImpl policyNodeImpl3 = (PolicyNodeImpl) policyNodeImpl2.getParent();
                            JCPLogger.finer("PolicyChecker.processPolicyMappings() before deleting: policy tree = ", policyNodeImpl);
                            policyNodeImpl3.a((PolicyNode) policyNodeImpl2);
                            JCPLogger.finer("PolicyChecker.processPolicyMappings() after deleting: policy tree = ", policyNodeImpl);
                            z11 = true;
                        }
                    }
                } else if (i11 > 0 || i11 == -1) {
                    Iterator it = policyNodeImpl.a(i10, RFC3280CRLUtility.ANY_POLICY).iterator();
                    while (it.hasNext()) {
                        PolicyNodeImpl policyNodeImpl4 = (PolicyNodeImpl) ((PolicyNodeImpl) it.next()).getParent();
                        HashSet hashSet = new HashSet();
                        hashSet.add(objectIdentifier2);
                        new PolicyNodeImpl(policyNodeImpl4, objectIdentifier, set, z10, hashSet, true);
                    }
                }
            }
            if (z11) {
                policyNodeImpl.a(i10);
                if (!policyNodeImpl.getChildren().hasNext()) {
                    JCPLogger.finer("setting rootNode to null");
                    return null;
                }
            }
            return policyNodeImpl;
        } catch (IOException e10) {
            throw new CertPathValidatorException("Exception while checking mapping", e10);
        }
    }

    private void a(X509Certificate x509Certificate) {
        JCPLogger.finerFormat("PolicyChecker.checkPolicy() ---checking {0}...", "certificate policies");
        JCPLogger.finer("PolicyChecker.checkPolicy() certIndex = ", Integer.valueOf(this.f18506k));
        JCPLogger.finer("PolicyChecker.checkPolicy() BEFORE PROCESSING: explicitPolicy = ", Integer.valueOf(this.f18503h));
        JCPLogger.finer("PolicyChecker.checkPolicy() BEFORE PROCESSING: policyMapping = ", Integer.valueOf(this.f18504i));
        JCPLogger.finer("PolicyChecker.checkPolicy() BEFORE PROCESSING: inhibitAnyPolicy = ", Integer.valueOf(this.f18505j));
        JCPLogger.finer("PolicyChecker.checkPolicy() BEFORE PROCESSING: policyTree = ", this.f18502g);
        try {
            X509CertImpl impl = X509CertImpl.toImpl(x509Certificate);
            int i10 = this.f18506k;
            boolean z10 = i10 == this.f18497b;
            this.f18502g = a(i10, this.f18496a, this.f18503h, this.f18504i, this.f18505j, this.f18501f, this.f18502g, impl, z10);
            if (!z10) {
                this.f18503h = a(this.f18503h, impl, z10);
                this.f18504i = a(this.f18504i, impl);
                this.f18505j = b(this.f18505j, impl);
            }
            this.f18506k++;
            JCPLogger.finer("PolicyChecker.checkPolicy() AFTER PROCESSING: explicitPolicy = ", Integer.valueOf(this.f18503h));
            JCPLogger.finer("PolicyChecker.checkPolicy() AFTER PROCESSING: policyMapping = ", Integer.valueOf(this.f18504i));
            JCPLogger.finer("PolicyChecker.checkPolicy() AFTER PROCESSING: inhibitAnyPolicy = ", Integer.valueOf(this.f18505j));
            JCPLogger.finer("PolicyChecker.checkPolicy() AFTER PROCESSING: policyTree = ", this.f18502g);
            JCPLogger.finerFormat("PolicyChecker.checkPolicy() {0} verified", "certificate policies");
        } catch (CertificateException e10) {
            throw new CertPathValidatorException(e10);
        }
    }

    private static boolean a(int i10, boolean z10, boolean z11, PolicyNodeImpl policyNodeImpl, String str, Set set, boolean z12) {
        JCPLogger.finer("PolicyChecker.processParents(): matchAny = ", Boolean.valueOf(z12));
        boolean z13 = false;
        for (PolicyNodeImpl policyNodeImpl2 : policyNodeImpl.a(i10 - 1, str, z12)) {
            JCPLogger.finer("PolicyChecker.processParents() found parent:\n", policyNodeImpl2.c());
            policyNodeImpl2.getValidPolicy();
            if (str.equals(RFC3280CRLUtility.ANY_POLICY)) {
                for (String str2 : policyNodeImpl2.getExpectedPolicies()) {
                    Iterator children = policyNodeImpl2.getChildren();
                    while (true) {
                        if (!children.hasNext()) {
                            HashSet hashSet = new HashSet();
                            hashSet.add(str2);
                            new PolicyNodeImpl(policyNodeImpl2, str2, set, z10, hashSet, false);
                            break;
                        }
                        String validPolicy = ((PolicyNodeImpl) children.next()).getValidPolicy();
                        if (str2.equals(validPolicy)) {
                            JCPLogger.finerFormat("{0} in parent's expected policy set already appears in child node", validPolicy);
                            break;
                        }
                    }
                }
            } else {
                HashSet hashSet2 = new HashSet();
                hashSet2.add(str);
                new PolicyNodeImpl(policyNodeImpl2, str, set, z10, hashSet2, false);
            }
            z13 = true;
        }
        return z13;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static int b(int i10, X509CertImpl x509CertImpl) {
        if (i10 > 0 && !X509CertImpl.isSelfIssued(x509CertImpl)) {
            i10--;
        }
        try {
            InhibitAnyPolicyExtension inhibitAnyPolicyExtension = (InhibitAnyPolicyExtension) x509CertImpl.getExtension(PKIXExtensions.InhibitAnyPolicy_Id);
            if (inhibitAnyPolicyExtension == null) {
                return i10;
            }
            int intValue = ((Integer) inhibitAnyPolicyExtension.get(InhibitAnyPolicyExtension.SKIP_CERTS)).intValue();
            JCPLogger.finer("PolicyChecker.mergeInhibitAnyPolicy() skipCerts Index from cert = ", Integer.valueOf(intValue));
            return (intValue == -1 || intValue >= i10) ? i10 : intValue;
        } catch (Exception e10) {
            JCPLogger.subThrown("PolicyChecker.mergeInhibitAnyPolicy unexpected exception", e10);
            throw new CertPathValidatorException(e10);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public PolicyNode a() {
        PolicyNodeImpl policyNodeImpl = this.f18502g;
        if (policyNodeImpl == null) {
            return null;
        }
        PolicyNodeImpl b10 = policyNodeImpl.b();
        b10.a();
        return b10;
    }

    @Override // java.security.cert.PKIXCertPathChecker
    public void check(Certificate certificate, Collection collection) {
        a((X509Certificate) certificate);
        if (collection == null || collection.isEmpty()) {
            return;
        }
        collection.remove(PKIXExtensions.CertificatePolicies_Id.toString());
        collection.remove(PKIXExtensions.PolicyMappings_Id.toString());
        collection.remove(PKIXExtensions.PolicyConstraints_Id.toString());
        collection.remove(PKIXExtensions.InhibitAnyPolicy_Id.toString());
    }

    @Override // java.security.cert.PKIXCertPathChecker
    public Set getSupportedExtensions() {
        if (f18495l == null) {
            HashSet hashSet = new HashSet();
            f18495l = hashSet;
            hashSet.add(PKIXExtensions.CertificatePolicies_Id.toString());
            f18495l.add(PKIXExtensions.PolicyMappings_Id.toString());
            f18495l.add(PKIXExtensions.PolicyConstraints_Id.toString());
            f18495l.add(PKIXExtensions.InhibitAnyPolicy_Id.toString());
            f18495l = Collections.unmodifiableSet(f18495l);
        }
        return f18495l;
    }

    @Override // java.security.cert.PKIXCertPathChecker, java.security.cert.CertPathChecker
    public void init(boolean z10) {
        if (z10) {
            throw new CertPathValidatorException("forward checking not supported");
        }
        this.f18506k = 1;
        this.f18503h = this.f18498c ? 0 : this.f18497b + 1;
        this.f18504i = this.f18499d ? 0 : this.f18497b + 1;
        this.f18505j = this.f18500e ? 0 : this.f18497b + 1;
    }

    @Override // java.security.cert.PKIXCertPathChecker, java.security.cert.CertPathChecker
    public boolean isForwardCheckingSupported() {
        return false;
    }
}
