package ru.CryptoPro.reprov.certpath;

import java.io.IOException;
import java.security.cert.CertPathValidatorException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.PKIXCertPathChecker;
import java.security.cert.PKIXReason;
import java.security.cert.PolicyNode;
import java.security.cert.X509Certificate;
import java.util.Collection;
import java.util.Collections;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Set;
import ru.CryptoPro.JCP.tools.JCPLogger;
import ru.CryptoPro.reprov.cl_9;
import ru.CryptoPro.reprov.x509.CertificatePoliciesExtension;
import ru.CryptoPro.reprov.x509.CertificatePolicyMap;
import ru.CryptoPro.reprov.x509.InhibitAnyPolicyExtension;
import ru.CryptoPro.reprov.x509.PKIXExtensions;
import ru.CryptoPro.reprov.x509.PolicyConstraintsExtension;
import ru.CryptoPro.reprov.x509.PolicyInformation;
import ru.CryptoPro.reprov.x509.PolicyMappingsExtension;
import ru.CryptoPro.reprov.x509.X509CertImpl;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: classes5.dex */
public class PolicyChecker extends PKIXCertPathChecker {
    private static Set l;
    private final Set a;
    private final int b;
    private final boolean c;
    private final boolean d;
    private final boolean e;
    private final boolean f;
    private PolicyNodeImpl g;
    private int h;
    private int i;
    private int j;
    private int k;

    /* JADX INFO: Access modifiers changed from: package-private */
    public PolicyChecker(Set set, int i, boolean z, boolean z2, boolean z3, boolean z4, PolicyNodeImpl policyNodeImpl) throws CertPathValidatorException {
        if (set.isEmpty()) {
            HashSet hashSet = new HashSet(1);
            this.a = hashSet;
            hashSet.add("2.5.29.32.0");
        } else {
            this.a = new HashSet(set);
        }
        this.b = i;
        this.c = z;
        this.d = z2;
        this.e = z3;
        this.f = z4;
        this.g = policyNodeImpl;
        init(false);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static int a(int i, X509CertImpl x509CertImpl) throws CertPathValidatorException {
        if (i > 0 && !X509CertImpl.isSelfIssued(x509CertImpl)) {
            i--;
        }
        try {
            PolicyConstraintsExtension policyConstraintsExtension = x509CertImpl.getPolicyConstraintsExtension();
            if (policyConstraintsExtension == null) {
                return i;
            }
            int intValue = ((Integer) policyConstraintsExtension.get(PolicyConstraintsExtension.INHIBIT)).intValue();
            JCPLogger.finer("PolicyChecker.mergePolicyMapping() inhibit Index from cert = ", Integer.valueOf(intValue));
            return intValue != -1 ? (i == -1 || intValue < i) ? intValue : i : i;
        } catch (Exception e) {
            JCPLogger.subThrown("PolicyChecker.mergePolicyMapping unexpected exception", e);
            throw new CertPathValidatorException(e);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static int a(int i, X509CertImpl x509CertImpl, boolean z) throws CertPathValidatorException {
        if (i > 0 && !X509CertImpl.isSelfIssued(x509CertImpl)) {
            i--;
        }
        try {
            PolicyConstraintsExtension policyConstraintsExtension = x509CertImpl.getPolicyConstraintsExtension();
            if (policyConstraintsExtension == null) {
                return i;
            }
            int intValue = ((Integer) policyConstraintsExtension.get(PolicyConstraintsExtension.REQUIRE)).intValue();
            JCPLogger.finer("PolicyChecker.mergeExplicitPolicy() require Index from cert = ", Integer.valueOf(intValue));
            if (z) {
                if (intValue != 0) {
                    return i;
                }
            } else {
                if (intValue == -1) {
                    return i;
                }
                if (i != -1 && intValue >= i) {
                    return i;
                }
            }
            return intValue;
        } catch (Exception e) {
            JCPLogger.subThrown("PolicyChecker.mergeExplicitPolicy unexpected exception", e);
            throw new CertPathValidatorException(e);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static PolicyNodeImpl a(int i, Set set, int i2, int i3, int i4, boolean z, PolicyNodeImpl policyNodeImpl, X509CertImpl x509CertImpl, boolean z2) throws CertPathValidatorException {
        Set set2;
        boolean z3;
        PolicyNodeImpl policyNodeImpl2;
        Set hashSet = new HashSet();
        PolicyNodeImpl b = policyNodeImpl == null ? null : policyNodeImpl.b();
        CertificatePoliciesExtension certificatePoliciesExtension = x509CertImpl.getCertificatePoliciesExtension();
        boolean z4 = false;
        if (certificatePoliciesExtension != null && b != null) {
            boolean isCritical = certificatePoliciesExtension.isCritical();
            JCPLogger.finer("PolicyChecker.processPolicies() policiesCritical = ", Boolean.valueOf(isCritical));
            try {
                List<PolicyInformation> list = (List) certificatePoliciesExtension.get(CertificatePoliciesExtension.POLICIES);
                JCPLogger.finer("PolicyChecker.processPolicies() rejectPolicyQualifiers = ", Boolean.valueOf(z));
                while (true) {
                    Set set3 = hashSet;
                    boolean z5 = z4;
                    for (PolicyInformation policyInformation : list) {
                        String objectIdentifier = policyInformation.getPolicyIdentifier().getIdentifier().toString();
                        if (objectIdentifier.equals("2.5.29.32.0")) {
                            break;
                        }
                        JCPLogger.finer("PolicyChecker.processPolicies() processing policy: ", objectIdentifier);
                        Set policyQualifiers = policyInformation.getPolicyQualifiers();
                        if (!policyQualifiers.isEmpty() && z && isCritical) {
                            if (cl_9.a()) {
                                throw new CertPathValidatorException("critical policy qualifiers present in certificate", null, null, -1, PKIXReason.INVALID_POLICY);
                            }
                            throw new CertPathValidatorException("critical policy qualifiers present in certificate");
                        }
                        if (!a(i, isCritical, z, b, objectIdentifier, policyQualifiers, false)) {
                            a(i, isCritical, z, b, objectIdentifier, policyQualifiers, true);
                        }
                    }
                    if (z5 && (i4 > 0 || (!z2 && X509CertImpl.isSelfIssued(x509CertImpl)))) {
                        JCPLogger.finer("PolicyChecker.processPolicies() processing policy: ", "2.5.29.32.0");
                        a(i, isCritical, z, b, "2.5.29.32.0", set3, true);
                    }
                    b.a(i);
                    policyNodeImpl2 = b.getChildren().hasNext() ? b : null;
                    z3 = isCritical;
                    set2 = set3;
                    z4 = true;
                    hashSet = policyInformation.getPolicyQualifiers();
                }
            } catch (IOException e) {
                throw new CertPathValidatorException("Exception while retrieving policyOIDs", e);
            }
        } else if (certificatePoliciesExtension == null) {
            JCPLogger.finer("PolicyChecker.processPolicies() no policies present in cert");
            set2 = hashSet;
            z3 = false;
            policyNodeImpl2 = null;
        } else {
            set2 = hashSet;
            z3 = false;
            policyNodeImpl2 = b;
        }
        if (policyNodeImpl2 != null && !z2) {
            policyNodeImpl2 = a(x509CertImpl, i, i3, policyNodeImpl2, z3, set2);
        }
        if (policyNodeImpl2 != null && !set.contains("2.5.29.32.0") && certificatePoliciesExtension != null && (policyNodeImpl2 = a(policyNodeImpl2, i, set, certificatePoliciesExtension)) != null && z2) {
            policyNodeImpl2 = a(i, set, policyNodeImpl2);
        }
        int i5 = i2;
        if (z2) {
            i5 = a(i5, x509CertImpl, z2);
        }
        if (i5 != 0 || policyNodeImpl2 != null) {
            return policyNodeImpl2;
        }
        if (cl_9.a()) {
            throw new CertPathValidatorException("non-null policy tree required and policy tree is null", null, null, -1, PKIXReason.INVALID_POLICY);
        }
        throw new CertPathValidatorException("non-null policy tree required and policy tree is null");
    }

    private static PolicyNodeImpl a(int i, Set set, PolicyNodeImpl policyNodeImpl) {
        Set a = policyNodeImpl.a(i, "2.5.29.32.0");
        if (a.isEmpty()) {
            return policyNodeImpl;
        }
        PolicyNodeImpl policyNodeImpl2 = (PolicyNodeImpl) a.iterator().next();
        PolicyNodeImpl policyNodeImpl3 = (PolicyNodeImpl) policyNodeImpl2.getParent();
        policyNodeImpl3.a((PolicyNode) policyNodeImpl2);
        HashSet<String> hashSet = new HashSet(set);
        Iterator it = policyNodeImpl.b(i).iterator();
        while (it.hasNext()) {
            hashSet.remove(((PolicyNodeImpl) it.next()).getValidPolicy());
        }
        if (hashSet.isEmpty()) {
            policyNodeImpl.a(i);
            if (policyNodeImpl.getChildren().hasNext()) {
                return policyNodeImpl;
            }
            return null;
        }
        boolean isCritical = policyNodeImpl2.isCritical();
        Set policyQualifiers = policyNodeImpl2.getPolicyQualifiers();
        for (String str : hashSet) {
            new PolicyNodeImpl(policyNodeImpl3, str, policyQualifiers, isCritical, Collections.singleton(str), false);
        }
        return policyNodeImpl;
    }

    private static PolicyNodeImpl a(PolicyNodeImpl policyNodeImpl, int i, Set set, CertificatePoliciesExtension certificatePoliciesExtension) throws CertPathValidatorException {
        try {
            boolean z = false;
            Iterator it = ((List) certificatePoliciesExtension.get(CertificatePoliciesExtension.POLICIES)).iterator();
            while (it.hasNext()) {
                String objectIdentifier = ((PolicyInformation) it.next()).getPolicyIdentifier().getIdentifier().toString();
                JCPLogger.finer("PolicyChecker.processPolicies() processing policy second time: ", objectIdentifier);
                for (PolicyNodeImpl policyNodeImpl2 : policyNodeImpl.a(i, objectIdentifier)) {
                    PolicyNodeImpl policyNodeImpl3 = (PolicyNodeImpl) policyNodeImpl2.getParent();
                    if (policyNodeImpl3.getValidPolicy().equals("2.5.29.32.0") && !set.contains(objectIdentifier) && !objectIdentifier.equals("2.5.29.32.0")) {
                        JCPLogger.finer("PolicyChecker.processPolicies() before deleting: policy tree = ", policyNodeImpl);
                        policyNodeImpl3.a((PolicyNode) policyNodeImpl2);
                        z = true;
                        JCPLogger.finer("PolicyChecker.processPolicies() after deleting: policy tree = ", policyNodeImpl);
                    }
                }
            }
            if (!z) {
                return policyNodeImpl;
            }
            policyNodeImpl.a(i);
            if (policyNodeImpl.getChildren().hasNext()) {
                return policyNodeImpl;
            }
            return null;
        } catch (IOException e) {
            throw new CertPathValidatorException("Exception while retrieving policyOIDs", e);
        }
    }

    private static PolicyNodeImpl a(X509CertImpl x509CertImpl, int i, int i2, PolicyNodeImpl policyNodeImpl, boolean z, Set set) throws CertPathValidatorException {
        PolicyMappingsExtension policyMappingsExtension = x509CertImpl.getPolicyMappingsExtension();
        if (policyMappingsExtension == null) {
            return policyNodeImpl;
        }
        JCPLogger.finer("PolicyChecker.processPolicyMappings() inside policyMapping check");
        try {
            List list = (List) policyMappingsExtension.get(PolicyMappingsExtension.MAP);
            boolean z2 = false;
            for (int i3 = 0; i3 < list.size(); i3++) {
                CertificatePolicyMap certificatePolicyMap = (CertificatePolicyMap) list.get(i3);
                String objectIdentifier = certificatePolicyMap.getIssuerIdentifier().getIdentifier().toString();
                String objectIdentifier2 = certificatePolicyMap.getSubjectIdentifier().getIdentifier().toString();
                JCPLogger.finer("PolicyChecker.processPolicyMappings() issuerDomain = ", objectIdentifier);
                JCPLogger.finer("PolicyChecker.processPolicyMappings() subjectDomain = ", objectIdentifier2);
                if (objectIdentifier.equals("2.5.29.32.0")) {
                    if (cl_9.a()) {
                        throw new CertPathValidatorException("encountered an issuerDomainPolicy of ANY_POLICY", null, null, -1, PKIXReason.INVALID_POLICY);
                    }
                    throw new CertPathValidatorException("encountered an issuerDomainPolicy of ANY_POLICY");
                }
                if (objectIdentifier2.equals("2.5.29.32.0")) {
                    if (cl_9.a()) {
                        throw new CertPathValidatorException("encountered a subjectDomainPolicy of ANY_POLICY", null, null, -1, PKIXReason.INVALID_POLICY);
                    }
                    throw new CertPathValidatorException("encountered a subjectDomainPolicy of ANY_POLICY");
                }
                Set<PolicyNodeImpl> a = policyNodeImpl.a(i, objectIdentifier);
                if (!a.isEmpty()) {
                    for (PolicyNodeImpl policyNodeImpl2 : a) {
                        if (i2 > 0 || i2 == -1) {
                            policyNodeImpl2.a(objectIdentifier2);
                        } else if (i2 == 0) {
                            PolicyNodeImpl policyNodeImpl3 = (PolicyNodeImpl) policyNodeImpl2.getParent();
                            JCPLogger.finer("PolicyChecker.processPolicyMappings() before deleting: policy tree = ", policyNodeImpl);
                            policyNodeImpl3.a((PolicyNode) policyNodeImpl2);
                            JCPLogger.finer("PolicyChecker.processPolicyMappings() after deleting: policy tree = ", policyNodeImpl);
                            z2 = true;
                        }
                    }
                } else if (i2 > 0 || i2 == -1) {
                    Iterator it = policyNodeImpl.a(i, "2.5.29.32.0").iterator();
                    while (it.hasNext()) {
                        PolicyNodeImpl policyNodeImpl4 = (PolicyNodeImpl) ((PolicyNodeImpl) it.next()).getParent();
                        HashSet hashSet = new HashSet();
                        hashSet.add(objectIdentifier2);
                        new PolicyNodeImpl(policyNodeImpl4, objectIdentifier, set, z, hashSet, true);
                    }
                }
            }
            if (z2) {
                policyNodeImpl.a(i);
                if (!policyNodeImpl.getChildren().hasNext()) {
                    JCPLogger.finer("setting rootNode to null");
                    return null;
                }
            }
            return policyNodeImpl;
        } catch (IOException e) {
            throw new CertPathValidatorException("Exception while checking mapping", e);
        }
    }

    private void a(X509Certificate x509Certificate) throws CertPathValidatorException {
        JCPLogger.finerFormat("PolicyChecker.checkPolicy() ---checking {0}...", "certificate policies");
        JCPLogger.finer("PolicyChecker.checkPolicy() certIndex = ", Integer.valueOf(this.k));
        JCPLogger.finer("PolicyChecker.checkPolicy() BEFORE PROCESSING: explicitPolicy = ", Integer.valueOf(this.h));
        JCPLogger.finer("PolicyChecker.checkPolicy() BEFORE PROCESSING: policyMapping = ", Integer.valueOf(this.i));
        JCPLogger.finer("PolicyChecker.checkPolicy() BEFORE PROCESSING: inhibitAnyPolicy = ", Integer.valueOf(this.j));
        JCPLogger.finer("PolicyChecker.checkPolicy() BEFORE PROCESSING: policyTree = ", this.g);
        try {
            X509CertImpl impl = X509CertImpl.toImpl(x509Certificate);
            int i = this.k;
            boolean z = i == this.b;
            this.g = a(i, this.a, this.h, this.i, this.j, this.f, this.g, impl, z);
            if (!z) {
                this.h = a(this.h, impl, z);
                this.i = a(this.i, impl);
                this.j = b(this.j, impl);
            }
            this.k++;
            JCPLogger.finer("PolicyChecker.checkPolicy() AFTER PROCESSING: explicitPolicy = ", Integer.valueOf(this.h));
            JCPLogger.finer("PolicyChecker.checkPolicy() AFTER PROCESSING: policyMapping = ", Integer.valueOf(this.i));
            JCPLogger.finer("PolicyChecker.checkPolicy() AFTER PROCESSING: inhibitAnyPolicy = ", Integer.valueOf(this.j));
            JCPLogger.finer("PolicyChecker.checkPolicy() AFTER PROCESSING: policyTree = ", this.g);
            JCPLogger.finerFormat("PolicyChecker.checkPolicy() {0} verified", "certificate policies");
        } catch (CertificateException e) {
            throw new CertPathValidatorException(e);
        }
    }

    private static boolean a(int i, boolean z, boolean z2, PolicyNodeImpl policyNodeImpl, String str, Set set, boolean z3) throws CertPathValidatorException {
        JCPLogger.finer("PolicyChecker.processParents(): matchAny = ", Boolean.valueOf(z3));
        boolean z4 = false;
        for (PolicyNodeImpl policyNodeImpl2 : policyNodeImpl.a(i - 1, str, z3)) {
            JCPLogger.finer("PolicyChecker.processParents() found parent:\n", policyNodeImpl2.c());
            policyNodeImpl2.getValidPolicy();
            if (str.equals("2.5.29.32.0")) {
                for (String str2 : policyNodeImpl2.getExpectedPolicies()) {
                    Iterator children = policyNodeImpl2.getChildren();
                    while (true) {
                        if (!children.hasNext()) {
                            HashSet hashSet = new HashSet();
                            hashSet.add(str2);
                            new PolicyNodeImpl(policyNodeImpl2, str2, set, z, hashSet, false);
                            break;
                        }
                        String validPolicy = ((PolicyNodeImpl) children.next()).getValidPolicy();
                        if (str2.equals(validPolicy)) {
                            JCPLogger.finerFormat("{0} in parent's expected policy set already appears in child node", validPolicy);
                            break;
                        }
                    }
                }
            } else {
                HashSet hashSet2 = new HashSet();
                hashSet2.add(str);
                new PolicyNodeImpl(policyNodeImpl2, str, set, z, hashSet2, false);
            }
            z4 = true;
        }
        return z4;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static int b(int i, X509CertImpl x509CertImpl) throws CertPathValidatorException {
        if (i > 0 && !X509CertImpl.isSelfIssued(x509CertImpl)) {
            i--;
        }
        try {
            InhibitAnyPolicyExtension inhibitAnyPolicyExtension = (InhibitAnyPolicyExtension) x509CertImpl.getExtension(PKIXExtensions.InhibitAnyPolicy_Id);
            if (inhibitAnyPolicyExtension == null) {
                return i;
            }
            int intValue = ((Integer) inhibitAnyPolicyExtension.get(InhibitAnyPolicyExtension.SKIP_CERTS)).intValue();
            JCPLogger.finer("PolicyChecker.mergeInhibitAnyPolicy() skipCerts Index from cert = ", Integer.valueOf(intValue));
            return (intValue == -1 || intValue >= i) ? i : intValue;
        } catch (Exception e) {
            JCPLogger.subThrown("PolicyChecker.mergeInhibitAnyPolicy unexpected exception", e);
            throw new CertPathValidatorException(e);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public PolicyNode a() {
        PolicyNodeImpl policyNodeImpl = this.g;
        if (policyNodeImpl == null) {
            return null;
        }
        PolicyNodeImpl b = policyNodeImpl.b();
        b.a();
        return b;
    }

    @Override // java.security.cert.PKIXCertPathChecker
    public void check(Certificate certificate, Collection collection) throws CertPathValidatorException {
        a((X509Certificate) certificate);
        if (collection == null || collection.isEmpty()) {
            return;
        }
        collection.remove(PKIXExtensions.CertificatePolicies_Id.toString());
        collection.remove(PKIXExtensions.PolicyMappings_Id.toString());
        collection.remove(PKIXExtensions.PolicyConstraints_Id.toString());
        collection.remove(PKIXExtensions.InhibitAnyPolicy_Id.toString());
    }

    @Override // java.security.cert.PKIXCertPathChecker
    public Set getSupportedExtensions() {
        if (l == null) {
            HashSet hashSet = new HashSet();
            l = hashSet;
            hashSet.add(PKIXExtensions.CertificatePolicies_Id.toString());
            l.add(PKIXExtensions.PolicyMappings_Id.toString());
            l.add(PKIXExtensions.PolicyConstraints_Id.toString());
            l.add(PKIXExtensions.InhibitAnyPolicy_Id.toString());
            l = Collections.unmodifiableSet(l);
        }
        return l;
    }

    @Override // java.security.cert.PKIXCertPathChecker, java.security.cert.CertPathChecker
    public void init(boolean z) throws CertPathValidatorException {
        if (z) {
            throw new CertPathValidatorException("forward checking not supported");
        }
        this.k = 1;
        this.h = this.c ? 0 : this.b + 1;
        this.i = this.d ? 0 : this.b + 1;
        this.j = this.e ? 0 : this.b + 1;
    }

    @Override // java.security.cert.PKIXCertPathChecker, java.security.cert.CertPathChecker
    public boolean isForwardCheckingSupported() {
        return false;
    }
}
