package com.rsa.cryptoj.f;

import com.rsa.cryptoj.f.C0206hp;
import com.rsa.cryptoj.f.C0449mu;
import com.rsa.jcp.CertPathWithOCSPParameters;
import com.rsa.jcp.OCSPParameters;
import com.rsa.jcp.OCSPResponderConfig;
import com.rsa.jcp.OCSPWithRespondersParameters;
import com.rsa.jcp.OCSPWithResponseParameters;
import java.io.IOException;
import java.math.BigInteger;
import java.security.GeneralSecurityException;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.PublicKey;
import java.security.cert.CertPath;
import java.security.cert.CertPathParameters;
import java.security.cert.CertPathValidatorException;
import java.security.cert.CertPathValidatorResult;
import java.security.cert.CertStore;
import java.security.cert.CertStoreException;
import java.security.cert.Certificate;
import java.security.cert.PKIXCertPathChecker;
import java.security.cert.PKIXCertPathValidatorResult;
import java.security.cert.PKIXParameters;
import java.security.cert.PolicyQualifierInfo;
import java.security.cert.TrustAnchor;
import java.security.cert.X509CRL;
import java.security.cert.X509CertSelector;
import java.security.cert.X509Certificate;
import java.security.cert.X509Extension;
import java.util.ArrayList;
import java.util.Collections;
import java.util.Date;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Set;
import javax.security.auth.x500.X500Principal;

/* JADX INFO: Access modifiers changed from: package-private */
/* renamed from: com.rsa.cryptoj.f.kh, reason: case insensitive filesystem */
/* loaded from: input_file:META-INF/lib/cryptoj-5.0.1-FIPS.jar:com/rsa/cryptoj/f/kh.class */
public class C0382kh extends fF {
    private static final String l = "Parameters must be PKIXParameters or be CertPathWithOCSPParameters containing PKIXParameters";
    private static final String m = "Cannot use both Security properties and CertPathWithOCSPParameters to configure OCSP.";
    private static final String n = "Error accessing CertStore.";
    private static final String o = "Certificate contains critical extensions that could not be processed.";
    private static final String p = "Path length constraint was violated.";
    private static final String q = "Expected a CA certificate.";
    private static final String r = "Policy Mappings Certificate extension cannot contain anyPolicy.";
    private static final String s = "Policy processing failed.";
    private C0423lv t;
    private Map u;
    private Map v;
    private int w;
    private int x;
    private int y;
    PublicKey h;
    private X500Principal z;
    private int A;
    PKIXParameters i;
    private Set<wP> B;
    X509Certificate j;
    private X509Certificate C;
    private Set D;
    private Set E;
    private InterfaceC0439mk F;
    private boolean G;
    private C0449mu H;
    final X509CRL k;
    private nA I;

    /* JADX INFO: Access modifiers changed from: private */
    /* renamed from: com.rsa.cryptoj.f.kh$b */
    /* loaded from: input_file:META-INF/lib/cryptoj-5.0.1-FIPS.jar:com/rsa/cryptoj/f/kh$b.class */
    public class b extends Exception {
        private b() {
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public C0382kh(C0160fx c0160fx, X509CRL x509crl) {
        super(c0160fx);
        this.k = x509crl;
        this.I = new nA();
    }

    private void a(OCSPParameters oCSPParameters) throws InvalidAlgorithmParameterException {
        boolean a2 = C0422lu.a();
        if (oCSPParameters != null || a2) {
            OCSPResponderConfig d = d();
            if (a2 && d != null && oCSPParameters != null) {
                throw new InvalidAlgorithmParameterException(m);
            }
            if (a2 && d != null) {
                this.G = true;
                this.F = new kT(this.g, this.i, d);
                return;
            }
            if (a2) {
                this.G = true;
                this.F = new kT(this.g, this.i);
            } else if (oCSPParameters != null && (oCSPParameters instanceof OCSPWithRespondersParameters)) {
                this.G = true;
                this.F = new kT(this.g, this.i, (OCSPWithRespondersParameters) oCSPParameters);
            } else {
                if (oCSPParameters == null || !(oCSPParameters instanceof OCSPWithResponseParameters)) {
                    return;
                }
                this.G = true;
                this.F = new bU(this.g, (OCSPWithResponseParameters) oCSPParameters);
            }
        }
    }

    @Override // com.rsa.cryptoj.f.fF
    public CertPathValidatorResult a(CertPath certPath, CertPathParameters certPathParameters) throws CertPathValidatorException, InvalidAlgorithmParameterException {
        if (nA.a()) {
            this.I.a("_______________________________________________");
        }
        if (!"X.509".equals(certPath.getType())) {
            throw new CertPathValidatorException("Cert path must be a X.509 cert path");
        }
        if (certPathParameters instanceof PKIXParameters) {
            this.i = (PKIXParameters) certPathParameters;
            a((OCSPParameters) null);
        } else {
            if (!(certPathParameters instanceof CertPathWithOCSPParameters)) {
                throw new InvalidAlgorithmParameterException(l);
            }
            CertPathWithOCSPParameters certPathWithOCSPParameters = (CertPathWithOCSPParameters) certPathParameters;
            if (!(certPathWithOCSPParameters.getCertPathParameters() instanceof PKIXParameters)) {
                throw new InvalidAlgorithmParameterException(l);
            }
            this.i = (PKIXParameters) certPathWithOCSPParameters.getCertPathParameters();
            a(certPathWithOCSPParameters.getOCSPParameters());
        }
        List<? extends Certificate> certificates = certPath.getCertificates();
        ArrayList arrayList = new ArrayList(certificates);
        if (nA.a()) {
            this.I.a("reversing entries in the cert path");
        }
        Collections.reverse(arrayList);
        this.d = certificates.size();
        Set<TrustAnchor> trustAnchors = this.d == 0 ? this.i.getTrustAnchors() : vZ.a((X509Certificate) arrayList.get(0), this.i.getTrustAnchors());
        if (nA.a()) {
            this.I.a("getting the set of trust anchors and attempting to validate the path");
            this.I.a("Number of trust anchors: " + trustAnchors.size());
        }
        for (TrustAnchor trustAnchor : trustAnchors) {
            if (nA.a()) {
                this.I.a("Validating path for trust anchor: " + trustAnchor);
            }
            if (this.i.isRevocationEnabled()) {
                this.H = a(certPath, trustAnchor);
            }
            if (nA.a()) {
                this.I.a("initializing trust anchor");
            }
            if (a(trustAnchor)) {
                if (nA.a()) {
                    this.I.a("basic certificate processing");
                }
                boolean z = true;
                int i = 1;
                while (true) {
                    if (i > this.d) {
                        break;
                    }
                    if (i != 1) {
                        this.C = this.j;
                    }
                    this.j = (X509Certificate) arrayList.get(i - 1);
                    if (nA.a()) {
                        this.I.a("-----------------------------------------------");
                        this.I.a("verifying current certificate, SubjectX500Principal: " + this.j.getSubjectX500Principal());
                    }
                    if ("1.2.840.113549.1.1.2".equalsIgnoreCase(this.j.getSigAlgOID())) {
                        throw new CertPathValidatorException("MD2 signature only allowed for a Trust Anchor");
                    }
                    a();
                    if (!a(i, trustAnchor)) {
                        z = false;
                        break;
                    }
                    if (i != this.d) {
                        if (nA.a()) {
                            this.I.a("Preparing for next certificate..");
                        }
                        if (!b(i)) {
                            z = false;
                            break;
                        }
                    } else {
                        if (nA.a()) {
                            this.I.a("Wrapping up..");
                        }
                        z = b();
                    }
                    i++;
                }
                if (z) {
                    if (nA.a()) {
                        this.I.a("Validation passed for trust anchor");
                        this.I.a("_______________________________________________");
                    }
                    return new PKIXCertPathValidatorResult(trustAnchor, this.t.a(true), this.h);
                }
            }
        }
        if (this.f == null) {
            this.f = "Could not validate path.";
        }
        throw new CertPathValidatorException(this.f);
    }

    C0449mu a(CertPath certPath, TrustAnchor trustAnchor) {
        return new C0449mu(this.g, this.i, certPath, trustAnchor, this.k);
    }

    private void a() {
        Set<String> criticalExtensionOIDs = this.j.getCriticalExtensionOIDs();
        if (criticalExtensionOIDs == null) {
            this.D = new HashSet();
            this.E = new HashSet();
            return;
        }
        this.D = new HashSet(criticalExtensionOIDs);
        this.E = new HashSet(this.j.getNonCriticalExtensionOIDs());
        if (nA.a()) {
            this.I.a("critical extns: " + criticalExtensionOIDs);
        }
    }

    private boolean a(TrustAnchor trustAnchor) {
        this.A = this.d;
        this.e = this.i.getDate();
        if (this.e == null) {
            this.e = new Date();
        }
        this.B = new HashSet();
        Iterator<String> it = this.i.getInitialPolicies().iterator();
        while (it.hasNext()) {
            this.B.add(new wP(it.next()));
        }
        this.t = new C0423lv(this.d);
        this.u = new HashMap();
        this.v = new HashMap();
        for (int i = 0; i < C0652uh.j.size(); i++) {
            this.v.put(C0652uh.j.get(i), new HashSet());
        }
        this.w = this.i.isExplicitPolicyRequired() ? 0 : this.d + 1;
        this.x = this.i.isAnyPolicyInhibited() ? 0 : this.d + 1;
        this.y = this.i.isPolicyMappingInhibited() ? 0 : this.d + 1;
        if (nA.a()) {
            this.I.a("initializing policy variables");
            this.I.a("explicitPolicy " + this.w);
            this.I.a("inhibitAnyPolicy " + this.x);
            this.I.a("policyMapping " + this.y);
        }
        X509Certificate trustedCert = trustAnchor.getTrustedCert();
        AbstractC0360jm abstractC0360jm = null;
        if (trustedCert != null) {
            if (nA.a()) {
                this.I.a("trustedCert is not null");
            }
            this.h = trustedCert.getPublicKey();
            this.z = trustedCert.getSubjectX500Principal();
            if (nA.a()) {
                this.I.a("trustedCert SubjectX500Principal " + this.z);
            }
            abstractC0360jm = vZ.a(trustedCert, hS.cp);
        } else {
            if (nA.a()) {
                this.I.a("trustedCert is null");
            }
            this.h = trustAnchor.getCAPublicKey();
            this.z = trustAnchor.getCA();
            if (trustAnchor.getNameConstraints() != null) {
                abstractC0360jm = C0596sf.a("NameConstraints", trustAnchor.getNameConstraints(), 0);
            }
        }
        if (abstractC0360jm == null) {
            return true;
        }
        try {
            if (nA.a()) {
                this.I.a("checking name constraints");
            }
            b(abstractC0360jm);
            if (nA.a()) {
                this.I.a("name constraints verified");
            }
            return true;
        } catch (b e) {
            this.f = "TrustAnchor contained unsupported name constraints encountered";
            return false;
        }
    }

    private boolean a(int i, TrustAnchor trustAnchor) throws InvalidAlgorithmParameterException, CertPathValidatorException {
        if (!a(this.d - i)) {
            this.f = "SuiteB compliance checks failed.";
            return false;
        }
        try {
            if (nA.a()) {
                this.I.a("verifying signature");
            }
            if (this.i.getSigProvider() != null) {
                this.j.verify(this.h, this.i.getSigProvider());
            } else {
                this.j.verify(this.h);
            }
            if (nA.a()) {
                this.I.a("signature verified");
            }
            try {
                if (nA.a()) {
                    this.I.a("checking validity, current time " + this.e);
                }
                this.j.checkValidity(this.e);
                if (nA.a()) {
                    this.I.a("time verified");
                }
                if (nA.a()) {
                    this.I.a("checking name chaining");
                }
                if (!this.j.getIssuerX500Principal().equals(this.z)) {
                    this.f = "Name chaining failed";
                    return false;
                }
                if (nA.a()) {
                    this.I.a("name chaining verified");
                }
                if (this.i.isRevocationEnabled()) {
                    if (nA.a()) {
                        this.I.a("checking revocation status");
                    }
                    if (this.G) {
                        try {
                            if (this.C == null) {
                                this.F.a(this.j, new uT(trustAnchor), this.e);
                            } else {
                                this.F.a(this.j, new uT(this.C), this.e);
                            }
                        } catch (CertPathValidatorException e) {
                            this.f = e.getMessage();
                            if ((e instanceof C0722wx) || !c()) {
                                return false;
                            }
                        }
                    } else if (!c()) {
                        return false;
                    }
                    if (nA.a()) {
                        this.I.a("revocation status verified");
                    }
                }
                boolean z = i == this.d;
                if (!a(this.j) || z) {
                    if (nA.a()) {
                        this.I.a("checking subject name is within permitted subtrees and not within excluded subtrees.");
                    }
                    if (!e()) {
                        this.f = "Certificate subject alternative name did not satisfy name constraints.";
                        return false;
                    }
                    if (nA.a()) {
                        this.I.a("subject name verified");
                    }
                }
                AbstractC0360jm b2 = b(hS.cj);
                if (b2 == null) {
                    this.t.a();
                } else if (!this.t.b()) {
                    if (nA.a()) {
                        this.I.a("checking certificate policies extension");
                    }
                    if (!a(b2, i, this.j.getCriticalExtensionOIDs().contains(hS.cj.toString()))) {
                        return false;
                    }
                    if (nA.a()) {
                        this.I.a("certificate policies extension verified");
                    }
                }
                if (nA.a()) {
                    this.I.a("checking policy state");
                }
                if (this.w == 0 && this.t.b()) {
                    this.f = s;
                    return false;
                }
                if (!nA.a()) {
                    return true;
                }
                this.I.a("policy state verified");
                return true;
            } catch (GeneralSecurityException e2) {
                this.f = e2.getMessage();
                return false;
            }
        } catch (GeneralSecurityException e3) {
            this.f = e3.getMessage();
            return false;
        }
    }

    boolean a(int i) throws CertPathValidatorException {
        return true;
    }

    private boolean a(AbstractC0360jm abstractC0360jm, int i, boolean z) {
        List<C0724wz> a2 = this.t.a(i - 1);
        if (nA.a()) {
            this.I.a("adjusting validPolicyTree ");
        }
        Set set = null;
        boolean z2 = false;
        for (int i2 = 0; i2 < abstractC0360jm.a(); i2++) {
            AbstractC0360jm a3 = abstractC0360jm.a(i2);
            wP wPVar = (wP) a3.a("policyIdentifier");
            if (nA.a()) {
                this.I.a("processing policy OID " + wPVar + " adjusting validPolicyTree");
            }
            Set c = c(a3.a("policyQualifiers"));
            if (!c.isEmpty() && this.i.getPolicyQualifiersRejected() && z) {
                this.f = "Certificate policies extensions was critical and contained policy qualifiers.";
                return false;
            }
            if (wPVar.equals(hS.dd.c())) {
                z2 = true;
                set = c;
            } else {
                boolean z3 = false;
                C0724wz c0724wz = null;
                for (C0724wz c0724wz2 : a2) {
                    if (c0724wz2.a(wPVar)) {
                        z3 = true;
                        this.t.a(c0724wz2, wPVar, c, z, wPVar);
                    } else if (c0724wz2.d().equals(hS.dd.c())) {
                        c0724wz = c0724wz2;
                    }
                }
                if (!z3 && c0724wz != null) {
                    this.t.a(c0724wz, wPVar, c, z, wPVar);
                }
            }
        }
        if (z2 && (this.x > 0 || (i < this.d && a(this.j)))) {
            if (nA.a()) {
                this.I.a("hasAnyPolicy is true, adjusting validPolicyTree");
            }
            for (C0724wz c0724wz3 : a2) {
                for (wP wPVar2 : c0724wz3.c()) {
                    boolean z4 = false;
                    Iterator<C0724wz> children = c0724wz3.getChildren();
                    while (children.hasNext()) {
                        if (children.next().d().equals(wPVar2)) {
                            z4 = true;
                        }
                    }
                    if (!z4) {
                        this.t.a(c0724wz3, wPVar2, set, z, wPVar2);
                    }
                }
            }
        }
        this.t.b(i - 1);
        return true;
    }

    private boolean b(int i) {
        int i2;
        int i3;
        int i4;
        AbstractC0360jm b2 = b(hS.ck);
        if (b2 != null) {
            if (nA.a()) {
                this.I.a("checking policy mapping..");
                this.I.a("ensuring that anyPolicy does not appear on issuerDomainPolicy or subjectDomainPolicy");
            }
            Map<wP, Set<wP>> a2 = a(b2);
            Set<wP> keySet = a2.keySet();
            if (keySet.contains(hS.dd.c())) {
                this.f = r;
                return false;
            }
            Iterator<wP> it = keySet.iterator();
            while (it.hasNext()) {
                if (a2.get(it.next()).contains(hS.dd.c())) {
                    this.f = r;
                    return false;
                }
            }
            if (nA.a()) {
                this.I.a("adjusting validPolicyTree for each issuerDomainPolicy.");
            }
            for (wP wPVar : keySet) {
                Set<wP> set = a2.get(wPVar);
                List<C0724wz> a3 = this.t.a(i);
                if (this.y > 0) {
                    boolean z = false;
                    C0724wz c0724wz = null;
                    for (C0724wz c0724wz2 : a3) {
                        if (c0724wz2.d().equals(wPVar)) {
                            z = true;
                            c0724wz2.a(set);
                        } else if (c0724wz2.d().equals(hS.dd.c())) {
                            c0724wz = c0724wz2;
                        }
                    }
                    if (!z && c0724wz != null) {
                        this.t.a((C0724wz) c0724wz.getParent(), wPVar, c0724wz.getPolicyQualifiers(), c0724wz.isCritical(), set);
                    }
                } else {
                    for (C0724wz c0724wz3 : new ArrayList(a3)) {
                        if (c0724wz3.d().equals(wPVar)) {
                            this.t.a(c0724wz3);
                        }
                    }
                    this.t.b(i - 1);
                }
            }
        }
        if (nA.a()) {
            this.I.a("setting working issuer name and public key");
        }
        this.z = this.j.getSubjectX500Principal();
        try {
            f();
            AbstractC0360jm b3 = b(hS.cp);
            if (b3 != null && !a(this.j)) {
                try {
                    b(b3);
                } catch (b e) {
                    this.f = "Unsupported name constraints encountered";
                    return false;
                }
            }
            if (!a(this.j)) {
                if (this.w != 0) {
                    this.w--;
                    if (nA.a()) {
                        this.I.a("decrementing explicitPolicy to " + this.w);
                    }
                }
                if (this.y != 0) {
                    this.y--;
                    if (nA.a()) {
                        this.I.a("decrementing policyMapping to " + this.y);
                    }
                }
                if (this.x != 0) {
                    this.x--;
                    if (nA.a()) {
                        this.I.a("decrementing inhibitAnyPolicy to " + this.x);
                    }
                }
            }
            AbstractC0360jm b4 = b(hS.cq);
            if (b4 != null) {
                AbstractC0360jm a4 = b4.a(0);
                if (a4 != null && (i4 = ((uK) a4).i()) < this.w) {
                    this.w = i4;
                    if (nA.a()) {
                        this.I.a("setting explicitPolicy to " + this.w);
                    }
                }
                AbstractC0360jm a5 = b4.a(1);
                if (a5 != null && (i3 = ((uK) a5).i()) < this.y) {
                    this.y = i3;
                    if (nA.a()) {
                        this.I.a("setting policy_mapping to " + this.y);
                    }
                }
            }
            AbstractC0360jm b5 = b(hS.ct);
            if (b5 != null && (i2 = ((uK) b5).i()) < this.x) {
                this.x = i2;
                if (nA.a()) {
                    this.I.a("setting inhibitAnyPolicy to " + this.x);
                }
            }
            int basicConstraints = this.j.getBasicConstraints();
            if (nA.a()) {
                this.I.a("checking basic constraints");
            }
            a(hS.co);
            if (basicConstraints == -1) {
                this.f = q;
                return false;
            }
            if (nA.a()) {
                this.I.a(".maxPathLen before processing " + this.A);
                this.I.a(".path len constraint " + basicConstraints);
            }
            if (!a(this.j)) {
                if (this.A <= 0) {
                    this.f = p;
                    return false;
                }
                this.A--;
            }
            if (basicConstraints < this.A) {
                this.A = basicConstraints;
            }
            if (nA.a()) {
                this.I.a(".maxPathLen after processing " + this.A);
                this.I.a("basic constraints verified");
            }
            boolean[] keyUsage = this.j.getKeyUsage();
            if (nA.a()) {
                this.I.a("verifying key usage");
            }
            if (keyUsage != null && !keyUsage[5]) {
                this.f = "Key Usage is not set for keyCertSign";
                return false;
            }
            if (nA.a()) {
                this.I.a("key usage verified");
            }
            a(hS.ch);
            return a(false);
        } catch (GeneralSecurityException e2) {
            this.f = "Error constructing public key with inherited parameters";
            return false;
        }
    }

    private boolean b() {
        AbstractC0360jm a2;
        if (!a(this.j)) {
            if (this.w != 0) {
                this.w--;
            }
            if (nA.a()) {
                this.I.a("decrementing explicitPolicy to " + this.w);
            }
        }
        AbstractC0360jm b2 = b(hS.cq);
        if (b2 != null && (a2 = b2.a(0)) != null && ((uK) a2).i() == 0) {
            this.w = 0;
            if (nA.a()) {
                this.I.a("setting explicitPolicy to 0");
            }
        }
        try {
            if (nA.a()) {
                this.I.a("updating working public key");
            }
            f();
            if (!a(true)) {
                this.f = o;
                return false;
            }
            if (nA.a()) {
                this.I.a("Calculating the intersection of the validPolicyTree with the specified set of user-initial-policy");
            }
            this.t.a(this.B);
            if (this.w > 0 || !this.t.b()) {
                return true;
            }
            this.f = s;
            return false;
        } catch (GeneralSecurityException e) {
            this.f = "Error constructing public key with inherited parameters";
            return false;
        }
    }

    private Map<wP, Set<wP>> a(AbstractC0360jm abstractC0360jm) {
        HashMap hashMap = new HashMap();
        for (int i = 0; i < abstractC0360jm.a(); i++) {
            AbstractC0360jm a2 = abstractC0360jm.a(i);
            wP wPVar = (wP) a2.a("issuerDomainPolicy");
            wP wPVar2 = (wP) a2.a("subjectDomainPolicy");
            if (hashMap.containsKey(wPVar)) {
                ((Set) hashMap.get(wPVar)).add(wPVar2);
            } else {
                HashSet hashSet = new HashSet();
                hashSet.add(wPVar2);
                hashMap.put(wPVar, hashSet);
            }
        }
        return hashMap;
    }

    private boolean a(boolean z) {
        if (nA.a()) {
            this.I.a("processing otherExtensions that are not recognized ");
        }
        List<PKIXCertPathChecker> certPathCheckers = this.i.getCertPathCheckers();
        if (z) {
            a(hS.co);
            a(hS.cp);
            a(hS.ch);
            a(hS.ct);
            a(hS.cq);
            a(hS.ck);
        }
        a(hS.cr);
        Iterator<PKIXCertPathChecker> it = certPathCheckers.iterator();
        while (it.hasNext()) {
            try {
                it.next().check(this.j, this.D);
            } catch (CertPathValidatorException e) {
                this.f = e.getMessage();
                return false;
            }
        }
        if (!this.D.isEmpty()) {
            this.f = o;
            return false;
        }
        if (!nA.a()) {
            return true;
        }
        this.I.a("verified other extensions");
        return true;
    }

    private void b(AbstractC0360jm abstractC0360jm) throws b {
        if (nA.a()) {
            this.I.a("modifying permitted_subtrees and excluded_subtrees");
        }
        AbstractC0360jm a2 = abstractC0360jm.a("permittedSubtrees");
        int a3 = a2 == null ? 0 : a2.a();
        AbstractC0360jm a4 = abstractC0360jm.a("excludedSubtrees");
        int a5 = a4 == null ? 0 : a4.a();
        HashMap hashMap = new HashMap();
        for (int i = 0; i < a3; i++) {
            C0652uh c0652uh = new C0652uh(a2.a(i).a("base"));
            if (!c0652uh.h()) {
                throw new b();
            }
            Integer valueOf = Integer.valueOf(c0652uh.a());
            Set set = (Set) hashMap.get(valueOf);
            if (set == null) {
                set = new HashSet();
                hashMap.put(valueOf, set);
            }
            set.add(c0652uh);
        }
        for (Integer num : hashMap.keySet()) {
            Set set2 = (Set) hashMap.get(num);
            Set set3 = (Set) this.u.get(num);
            if (set3 == null) {
                this.u.put(num, set2);
            } else {
                HashSet hashSet = new HashSet();
                Iterator it = set2.iterator();
                while (true) {
                    if (!it.hasNext()) {
                        break;
                    }
                    C0652uh c0652uh2 = (C0652uh) it.next();
                    if (a(c0652uh2, set3) == null) {
                        hashSet.clear();
                        break;
                    }
                    hashSet.add(c0652uh2);
                }
                this.u.put(num, hashSet);
            }
        }
        for (int i2 = 0; i2 < a5; i2++) {
            C0652uh c0652uh3 = new C0652uh(a4.a(i2).a("base"));
            if (!c0652uh3.h()) {
                throw new b();
            }
            Set set4 = (Set) this.v.get(Integer.valueOf(c0652uh3.a()));
            if (a(c0652uh3, set4) == null) {
                set4.add(c0652uh3);
            }
        }
    }

    private boolean c() throws InvalidAlgorithmParameterException {
        C0449mu.a a2 = this.H.a(this.j, b(hS.cs), this.h);
        if (a2.a) {
            return true;
        }
        if (this.G) {
            return false;
        }
        this.f = a2.b;
        return false;
    }

    private Set c(AbstractC0360jm abstractC0360jm) {
        if (abstractC0360jm == null) {
            return new HashSet();
        }
        HashSet hashSet = new HashSet();
        for (int i = 0; i < abstractC0360jm.a(); i++) {
            try {
                hashSet.add(new PolicyQualifierInfo(C0596sf.c(abstractC0360jm.a(i))));
            } catch (IOException e) {
            }
        }
        return hashSet;
    }

    private OCSPResponderConfig d() throws InvalidAlgorithmParameterException {
        String b2 = C0422lu.b();
        String c = C0422lu.c();
        String d = C0422lu.d();
        try {
            BigInteger e = C0422lu.e();
            X509CertSelector x509CertSelector = null;
            try {
                if (c != null) {
                    x509CertSelector = new X509CertSelector();
                    x509CertSelector.setSubject(c);
                } else if (d != null && e != null) {
                    x509CertSelector = new X509CertSelector();
                    x509CertSelector.setIssuer(d);
                    x509CertSelector.setSerialNumber(e);
                } else if (d != null || e != null) {
                    throw new InvalidAlgorithmParameterException("Security properties: ocsp.responderCertIssuerName and ocsp.responderCertSerialNumber should both be set.");
                }
                if (x509CertSelector == null) {
                    OCSPResponderConfig oCSPResponderConfig = new OCSPResponderConfig(b2);
                    oCSPResponderConfig.setUseNonce(false);
                    return oCSPResponderConfig;
                }
                try {
                    X509Certificate a2 = a(x509CertSelector);
                    if (a2 == null) {
                        throw new InvalidAlgorithmParameterException("Could not find the OCSP responder certificate specified.");
                    }
                    OCSPResponderConfig oCSPResponderConfig2 = new OCSPResponderConfig(b2, a2);
                    oCSPResponderConfig2.setUseNonce(false);
                    return oCSPResponderConfig2;
                } catch (CertStoreException e2) {
                    throw new InvalidAlgorithmParameterException(n);
                }
            } catch (IOException e3) {
                throw new InvalidAlgorithmParameterException("Invalid name read from OCSP security properties." + e3.getMessage());
            }
        } catch (NumberFormatException e4) {
            throw new InvalidAlgorithmParameterException("Invalid value for security property: ocsp.responderCertSerialNumber");
        }
    }

    private X509Certificate a(X509CertSelector x509CertSelector) throws CertStoreException, InvalidAlgorithmParameterException {
        Iterator<TrustAnchor> it = this.i.getTrustAnchors().iterator();
        while (it.hasNext()) {
            X509Certificate trustedCert = it.next().getTrustedCert();
            if (trustedCert == null) {
                throw new InvalidAlgorithmParameterException("Responder certificate which is also a TrustAnchor must be specified using a certificate.");
            }
            if (x509CertSelector.match(trustedCert)) {
                return trustedCert;
            }
        }
        Iterator<CertStore> it2 = this.i.getCertStores().iterator();
        while (it2.hasNext()) {
            Iterator<? extends Certificate> it3 = it2.next().getCertificates(x509CertSelector).iterator();
            if (it3.hasNext()) {
                return (X509Certificate) it3.next();
            }
        }
        return null;
    }

    private void a(hS hSVar) {
        this.D.remove(hSVar.toString());
        this.E.remove(hSVar.toString());
    }

    private AbstractC0360jm b(hS hSVar) {
        AbstractC0360jm a2 = vZ.a(this.j, hSVar);
        a(hSVar);
        return a2;
    }

    private boolean e() {
        Set a2 = vZ.a((X509Extension) this.j, true);
        a(hS.cl);
        return a(a2) && b(a2);
    }

    private boolean a(Set set) {
        return b(this.j.getSubjectX500Principal(), set.isEmpty()) && d(set);
    }

    private boolean b(Set set) {
        return a(this.j.getSubjectX500Principal(), set.isEmpty()) && c(set);
    }

    private boolean c(Set set) {
        Iterator it = set.iterator();
        while (it.hasNext()) {
            C0652uh c0652uh = (C0652uh) it.next();
            Set set2 = (Set) this.v.get(Integer.valueOf(c0652uh.a()));
            if (set2 != null && b(c0652uh, set2)) {
                return false;
            }
        }
        return true;
    }

    private boolean d(Set set) {
        Iterator it = set.iterator();
        while (it.hasNext()) {
            C0652uh c0652uh = (C0652uh) it.next();
            Set set2 = (Set) this.u.get(Integer.valueOf(c0652uh.a()));
            if (set2 != null && !b(c0652uh, set2)) {
                return false;
            }
        }
        return true;
    }

    private C0652uh a(C0652uh c0652uh, Set set) {
        Iterator it = set.iterator();
        while (it.hasNext()) {
            C0652uh c0652uh2 = (C0652uh) it.next();
            if (c0652uh2.a(c0652uh)) {
                return c0652uh2;
            }
        }
        return null;
    }

    private boolean b(C0652uh c0652uh, Set set) {
        return a(c0652uh, set) != null;
    }

    private boolean a(X500Principal x500Principal, Set set) {
        if (set.isEmpty()) {
            return true;
        }
        Iterator it = set.iterator();
        while (it.hasNext()) {
            if (((C0652uh) it.next()).a(x500Principal)) {
                return false;
            }
        }
        return true;
    }

    private boolean a(X500Principal x500Principal, boolean z) {
        Set set = (Set) this.v.get(4);
        if (x500Principal.toString().length() != 0 && !a(x500Principal, set)) {
            return false;
        }
        if (z) {
            return !vZ.a(x500Principal, hS.bP) || a(x500Principal, (Set) this.v.get(1));
        }
        return true;
    }

    private boolean b(X500Principal x500Principal, Set set) {
        if (set == null) {
            return true;
        }
        Iterator it = set.iterator();
        while (it.hasNext()) {
            if (((C0652uh) it.next()).a(x500Principal)) {
                return true;
            }
        }
        return false;
    }

    private boolean b(X500Principal x500Principal, boolean z) {
        Set set = (Set) this.u.get(4);
        if (x500Principal.toString().length() != 0 && !b(x500Principal, set)) {
            return false;
        }
        if (z) {
            return !vZ.a(x500Principal, hS.bP) || b(x500Principal, (Set) this.u.get(1));
        }
        return true;
    }

    private void f() throws GeneralSecurityException {
        try {
            this.h = a(this.j.getPublicKey(), this.h);
        } catch (SecurityException e) {
            if (!(this.j instanceof C0206hp)) {
                throw new InvalidKeyException(e.getMessage());
            }
            this.h = a(C0206hp.a.a((C0206hp) this.j), this.h);
        }
    }

    private static boolean a(X509Certificate x509Certificate) {
        return x509Certificate.getIssuerX500Principal().equals(x509Certificate.getSubjectX500Principal());
    }
}
