package iaik.pki.revocation;

import iaik.asn1.ASN1Type;
import iaik.asn1.structures.GeneralName;
import iaik.asn1.structures.GeneralNames;
import iaik.asn1.structures.Name;
import iaik.asn1.structures.RDN;
import iaik.logging.TransactionId;
import iaik.pki.pathvalidation.ChainingModes;
import iaik.pki.store.revocation.CRLRevocationSource;
import iaik.pki.store.revocation.DBCRLRevocationSource;
import iaik.pki.store.revocation.MemoryCRLRevocationSource;
import iaik.pki.store.revocation.RevocationFactory;
import iaik.pki.store.revocation.RevocationSource;
import iaik.pki.store.revocation.RevocationStoreException;
import iaik.pki.store.revocation.SupplementalRevocationSources;
import iaik.pki.store.revocation.dbcrl.util.RevokedCertificateDBEntry;
import iaik.pki.utils.Constants;
import iaik.pki.utils.NameUtils;
import iaik.pki.utils.UtilsException;
import iaik.x509.RevokedCertificate;
import iaik.x509.X509Certificate;
import iaik.x509.X509ExtensionInitException;
import iaik.x509.extensions.CRLDistributionPoints;
import iaik.x509.extensions.IssuingDistributionPoint;
import iaik.x509.extensions.ReasonCode;
import iaik.x509.stream.RevokedCertificatesCRLListener;
import iaik.x509.stream.X509CRLStream;
import java.security.PublicKey;
import java.sql.Timestamp;
import java.util.ArrayList;
import java.util.Collections;
import java.util.Date;
import java.util.Enumeration;
import java.util.HashSet;
import java.util.Hashtable;
import java.util.Iterator;
import java.util.Map;
import java.util.Set;

/* loaded from: classes.dex */
class J extends B implements CertificateStatusChecker {
    protected static final int H = -1;
    protected static final int I = 511;

    private E A(X509Certificate x509Certificate, DBCRLRevocationSource dBCRLRevocationSource, Date date) {
        X509Certificate[] x509CertificateArr = {x509Certificate};
        RevokedCertificatesCRLListener revokedCertificatesCRLListener = new RevokedCertificatesCRLListener(x509CertificateArr, dBCRLRevocationSource.getIssuerCert().getPublicKey());
        new X509CRLStream(revokedCertificatesCRLListener).parse(dBCRLRevocationSource.getCRL());
        RevokedCertificate revokedCertificate = (RevokedCertificate) revokedCertificatesCRLListener.getRevokedCertificates().remove(x509CertificateArr[0]);
        if (revokedCertificate == null) {
            dBCRLRevocationSource.removeRevokedCertificateEntry(x509Certificate.getSerialNumber(), x509Certificate.getIssuerDN().getName());
            return new L(date);
        }
        try {
            ReasonCode reasonCode = (ReasonCode) revokedCertificate.getExtension(ReasonCode.oid);
            if (reasonCode != null && reasonCode.getReasonCode() != 6) {
                B.A.debug(null, "this should never happen, a certificate that logically can only be on hold, has another revocation reason", null);
            }
        } catch (X509ExtensionInitException e) {
            B.A.debug(null, "problem getting the revocation reason while streamparsing CRL for a onhold certificate", null);
        }
        return new H(date, "CertificateOnHold");
    }

    protected Name A(Name name) {
        Name name2 = new Name();
        for (RDN rdn : name.getRDNs()) {
            name2.addRDN(rdn);
        }
        return name2;
    }

    protected A A(CRLRevocationSource cRLRevocationSource, C c2, X509Certificate x509Certificate, boolean z, RevocationTrustProfile revocationTrustProfile, Date date, String str, SupplementalRevocationSources supplementalRevocationSources, TransactionId transactionId) {
        Date time;
        GeneralNames generalNames;
        int i;
        boolean z2;
        if (cRLRevocationSource instanceof DBCRLRevocationSource) {
            try {
                ((DBCRLRevocationSource) cRLRevocationSource).init(c2.D(), date, x509Certificate, c2.C());
            } catch (RevocationStoreException e) {
                B.A.warn(transactionId, "Could not properly initialize the Revocation Source ", e.getCause());
                throw new StatusCheckingException("Could not properly initialize the Revocation Source ", e, ":db1");
            }
        }
        Name issuerName = cRLRevocationSource.getIssuerName();
        Name name = (Name) x509Certificate.getIssuerDN();
        if (cRLRevocationSource.hasUnsupportedCriticalExtensions()) {
            B.A.warn(transactionId, "CRL contains unsupported critical extension, thus setting revocation status to unknown.", null);
            return new A(new H(date, RevocationStatusUnknown.UNKNOWN_REASON_UNSUPPORTED_CRITICAL_EXTENSION));
        }
        String str2 = "download time";
        if (str.equals(ChainingModes.PKIX_MODE)) {
            if (c2.E()) {
                if (B.A.isDebugEnabled()) {
                    B.A.debug(transactionId, new StringBuffer("Chaining mode is \"").append(str).append("\". Used alternative distribution point thus download time may not be adequate for checking crl issuer trust. Using original date (").append(date).append(").").toString(), null);
                }
                time = date;
            } else {
                time = cRLRevocationSource.getDownloadTime();
            }
        } else {
            if (!str.equals(ChainingModes.CHAIN_MODE)) {
                String stringBuffer = new StringBuffer("Chaining mode").append(str).append("not supported.").toString();
                B.A.error(transactionId, stringBuffer, null);
                throw new StatusCheckingException(stringBuffer, null, new StringBuffer().append(getClass().getName()).append(":11").toString());
            }
            str2 = "thisUpdate";
            time = cRLRevocationSource.getTime();
        }
        if (B.A.isDebugEnabled()) {
            if (time == null) {
                B.A.debug(transactionId, new StringBuffer("Chaining mode is \"").append(str).append("\", but no CRL ").append(str2).append(" available. Using original date (").append(date).append(") for checking CRL issuer trust.").toString(), null);
            } else {
                B.A.debug(transactionId, new StringBuffer("Chaining mode is \"").append(str).append("\", using CRL ").append(str2).append(" (").append(time).append(") for checking CRL issuer trust.").toString(), null);
            }
        }
        if (time == null) {
            time = date;
        }
        if (cRLRevocationSource.getVersion() == 1) {
            B.A.info(transactionId, "Version 1 CRL, do not perform checks.", null);
            return new A(A(revocationTrustProfile, time, cRLRevocationSource, supplementalRevocationSources, transactionId));
        }
        try {
            IssuingDistributionPoint issuingDistributionPoint = (IssuingDistributionPoint) cRLRevocationSource.getExtension(IssuingDistributionPoint.oid);
            if (issuingDistributionPoint != null) {
                if (issuingDistributionPoint.getOnlyContainsCaCerts()) {
                    if (x509Certificate.getVersion() < 3) {
                        B.A.info(transactionId, new StringBuffer("Crl not accepted. OnlyContainsCaCerts flag in IssuingDistributionPoint extension of crl is set, but certificate is a V").append(x509Certificate.getVersion()).append(" certificate.").toString(), null);
                        return new A(new H(date, RevocationStatusUnknown.UNKNOWN_REASON_CERT_NOT_COVERED));
                    }
                    if (!z) {
                        B.A.info(transactionId, "Crl not accepted. OnlyContainsCaCerts flag in IssuingDistributionPoint  extension of crl is set, but certificate is not a CA certificate.", null);
                        return new A(new H(date, RevocationStatusUnknown.UNKNOWN_REASON_CERT_NOT_COVERED));
                    }
                }
                if (issuingDistributionPoint.getOnlyContainsUserCerts()) {
                    if (x509Certificate.getVersion() < 3) {
                        B.A.info(transactionId, new StringBuffer("Crl not accepted. OnlyContainsUserCerts flag in IssuingDistributionPoint extension of crl is set, but certificate is a V").append(x509Certificate.getVersion()).append(" certificate.").toString(), null);
                        return new A(new H(date, RevocationStatusUnknown.UNKNOWN_REASON_CERT_NOT_COVERED));
                    }
                    if (z) {
                        B.A.info(transactionId, "Crl not accepted. OnlyContainsUserCerts flag in IssuingDistributionPoint  extension of crl is set, but certificate is a CA certificate.", null);
                        return new A(new H(date, RevocationStatusUnknown.UNKNOWN_REASON_CERT_NOT_COVERED));
                    }
                }
                if (issuingDistributionPoint.getOnlyContainsAttributeCerts()) {
                    B.A.info(transactionId, "Crl not accepted. OnlyContainsAttributeCerts flag in IssuingDistributionPoint extension of crl is set, but certificate is not an attribute certificate.", null);
                    return new A(new H(date, RevocationStatusUnknown.UNKNOWN_REASON_CERT_NOT_COVERED));
                }
                ASN1Type distributionPointName = issuingDistributionPoint.getDistributionPointName();
                if (distributionPointName != null) {
                    if (distributionPointName instanceof RDN) {
                        Name A = A(issuerName);
                        A.addRDN((RDN) distributionPointName);
                        generalNames = new GeneralNames(new GeneralName(4, A));
                    } else {
                        if (!(distributionPointName instanceof GeneralNames)) {
                            throw new StatusCheckingException("Wrong ASN1Type in DistributionPointName field of IssuingDistributionPoint extension of crl.", null, new StringBuffer().append(getClass().getName()).append(":13").toString());
                        }
                        generalNames = (GeneralNames) distributionPointName;
                    }
                    Name A2 = c2.C() == null ? A(name) : A(c2.C());
                    ASN1Type G = c2.G();
                    if (G == null) {
                        if (!c2.E() && !cRLRevocationSource.isSupplemental()) {
                            B.A.info(transactionId, "Crl not accepted. Could not check DistributionPointName: IssuingDistributionPoint extension of crl contains a DistributionPoint field, but corresponding DistributionPoint field in CRLDistributionPoints extension of certificate does not contain any name.", null);
                            return new A(new H(date, RevocationStatusUnknown.UNKNOWN_REASON_DISTRIBUTION_POINT_NAME));
                        }
                        CRLDistributionPoints cRLDistributionPoints = (CRLDistributionPoints) x509Certificate.getExtension(CRLDistributionPoints.oid);
                        if (cRLDistributionPoints == null) {
                            B.A.info(transactionId, "Crl not accepted. Could not check DistributionPointName: IssuingDistributionPoint extension of crl contains a DistributionPoint field, but corresponding certificate does not contain a CRLDistributionPoints extension.", null);
                            return new A(new H(date, RevocationStatusUnknown.UNKNOWN_REASON_DISTRIBUTION_POINT_NAME));
                        }
                        Enumeration distributionPoints = cRLDistributionPoints.getDistributionPoints();
                        if (distributionPoints == null) {
                            B.A.info(transactionId, "Crl not accepted. Could not check DistributionPointName: IssuingDistributionPoint extension of crl contains a DistributionPoint field, but CRLDistributionPoints extension of certificate does not contain any DistributionPoint field.", null);
                            return new A(new H(date, RevocationStatusUnknown.UNKNOWN_REASON_DISTRIBUTION_POINT_NAME));
                        }
                        int i2 = 0;
                        while (true) {
                            if (!distributionPoints.hasMoreElements()) {
                                i = i2;
                                z2 = false;
                                break;
                            }
                            ASN1Type distributionPointName2 = ((iaik.asn1.structures.DistributionPoint) distributionPoints.nextElement()).getDistributionPointName();
                            if (distributionPointName2 != null) {
                                i = i2 + 1;
                                if (A(generalNames, distributionPointName2, A2, transactionId)) {
                                    z2 = true;
                                    break;
                                }
                                i2 = i;
                            }
                        }
                        if (i <= 0) {
                            B.A.info(transactionId, "Crl not accepted. Could not check DistributionPointName: IssuingDistributionPoint extension of crl contains a DistributionPoint field, but DistributionPoint field(s) in CRLDistributionPoints extension of certificate do not contain any names.", null);
                            return new A(new H(date, RevocationStatusUnknown.UNKNOWN_REASON_DISTRIBUTION_POINT_NAME));
                        }
                        if (!z2) {
                            return new A(new H(date, RevocationStatusUnknown.UNKNOWN_REASON_DISTRIBUTION_POINT_NAME));
                        }
                    } else if (!A(generalNames, G, A2, transactionId)) {
                        return new A(new H(date, RevocationStatusUnknown.UNKNOWN_REASON_DISTRIBUTION_POINT_NAME));
                    }
                }
            }
            String normalizedName = NameUtils.getNormalizedName(issuerName);
            if (!normalizedName.equals(NameUtils.getNormalizedName(name))) {
                if (c2.E() && this.C.skipIndirectCRLCheckForAlternativeDistributionPoints()) {
                    B.A.warn(transactionId, "Checking requirements for indirect CRLs disabled for alternative distribution points.", null);
                } else {
                    if (issuingDistributionPoint == null) {
                        B.A.warn(transactionId, "CRL issuer does not match certificate issuer. CRL is an indirect CRL, but \"issuingDistributionPoint\" extension not present.", null);
                        return new A(new H(date, RevocationStatusUnknown.UNKNOWN_REASON_INDIRECT_CRL_CHECK));
                    }
                    if (!issuingDistributionPoint.getIndirectCRL()) {
                        B.A.warn(transactionId, "CRL should be marked as indirect CRL, thus rejecting.", null);
                        return new A(new H(date, RevocationStatusUnknown.UNKNOWN_REASON_INDIRECT_CRL_CHECK));
                    }
                    String B = c2.B();
                    if (B == null) {
                        B.A.warn(transactionId, "Indirect CRLs must have the crlIssuer set.", null);
                        return new A(new H(date, RevocationStatusUnknown.UNKNOWN_REASON_INDIRECT_CRL_CHECK));
                    }
                    if (!B.equals(normalizedName)) {
                        B.A.warn(transactionId, "CRL issuer DN and distributionpoint issuer DN don't match.", null);
                        return new A(new H(date, RevocationStatusUnknown.UNKNOWN_REASON_INDIRECT_CRL_CHECK));
                    }
                }
            }
            return new A(A(revocationTrustProfile, time, cRLRevocationSource, supplementalRevocationSources, transactionId));
        } catch (RevocationStoreException e2) {
            B.A.error(transactionId, "Error checking CRL.", e2);
            throw new StatusCheckingException("CRL error", e2, new StringBuffer().append(getClass().getName()).append(":9").toString());
        } catch (UtilsException e3) {
            B.A.error(transactionId, "Error checking CRL.", e3);
            throw new StatusCheckingException("CRL error", e3, new StringBuffer().append(getClass().getName()).append(":8").toString());
        } catch (X509ExtensionInitException e4) {
            B.A.error(transactionId, "Error checking CRL. Could not parse CRLDistributionPoints extension from certificate.", e4);
            throw new StatusCheckingException("CRL error", e4, new StringBuffer().append(getClass().getName()).append(":10").toString());
        }
    }

    protected E A(X509Certificate x509Certificate, CRLRevocationSource cRLRevocationSource, Date date, TransactionId transactionId) {
        if (!(cRLRevocationSource instanceof DBCRLRevocationSource)) {
            throw new IllegalArgumentException("Wrong type of crl revocation source.");
        }
        RevokedCertificateDBEntry containsCertificate = ((DBCRLRevocationSource) cRLRevocationSource).containsCertificate(x509Certificate);
        if (containsCertificate == null) {
            B.A.debug(transactionId, "certificate not on crl", null);
            return new L(date);
        }
        B.A.debug(transactionId, "certificate on crl", null);
        if (containsCertificate.getHasUnsupportedCritExtensions()) {
            B.A.warn(transactionId, "RevokedCertificate contains unsupported CRL Entry Extension. Setting certificate status to unknown.", null);
            return new H(date, RevocationStatusUnknown.UNKNOWN_REASON_UNSUPPORTED_CRITICAL_EXTENSION);
        }
        int reasonCode = containsCertificate.getReasonCode();
        Timestamp revocationDate = containsCertificate.getRevocationDate();
        if (revocationDate.after(date)) {
            B.A.info(transactionId, new StringBuffer("certificate revoked at ").append(revocationDate).append(" (reason: ").append((reasonCode < 0 || reasonCode > RevocationStatusRevoked.ALL_ARRAY.length) ? new StringBuffer("unexpected reason code ").append(reasonCode).toString() : RevocationStatusRevoked.ALL_ARRAY[reasonCode]).append("), but valid at ").append(date).toString(), null);
            return new L(date);
        }
        B.A.debug(transactionId, new StringBuffer("certificate revoked, reason code ").append(reasonCode).toString(), null);
        if (reasonCode == 6) {
            try {
                return A(x509Certificate, (DBCRLRevocationSource) cRLRevocationSource, date);
            } catch (Exception e) {
                B.A.error(transactionId, "error while streamparsing, setting status to unknown", null);
                return new H(date, "CertificateOnHold");
            }
        }
        if (reasonCode != 8) {
            return new K(date, reasonCode, revocationDate);
        }
        B.A.error(transactionId, "got unexpected removeFromCRL reason code, setting status to unknown", null);
        return new H(date, RevocationStatusUnknown.UNKNOWN_REASON_SERVICE_ERROR);
    }

    /* JADX WARN: Code restructure failed: missing block: B:42:0x007f, code lost:
    
        if (r4 != 0) goto L63;
     */
    /* JADX WARN: Code restructure failed: missing block: B:43:0x0081, code lost:
    
        iaik.pki.revocation.B.A.warn(r22, "CRL issuer certificate not found", null);
        r4 = new iaik.pki.pathvalidation.TrustResultImpl(false, null);
     */
    /* JADX WARN: Code restructure failed: missing block: B:44:0x0092, code lost:
    
        if (r5 == 0) goto L95;
     */
    /* JADX WARN: Code restructure failed: missing block: B:45:0x0094, code lost:
    
        r4.setRevocationInfoList(r5.getRevocationInfoList());
     */
    /* JADX WARN: Code restructure failed: missing block: B:46:?, code lost:
    
        return r4;
     */
    /* JADX WARN: Code restructure failed: missing block: B:47:?, code lost:
    
        return r4;
     */
    /* JADX WARN: Code restructure failed: missing block: B:48:0x01f0, code lost:
    
        r4 = new iaik.pki.pathvalidation.TrustResultImpl(r7, r6);
     */
    /* JADX WARN: Code restructure failed: missing block: B:49:0x01f5, code lost:
    
        if (r5 == 0) goto L97;
     */
    /* JADX WARN: Code restructure failed: missing block: B:50:0x01f7, code lost:
    
        r4.setRevocationInfoList(r5.getRevocationInfoList());
     */
    /* JADX WARN: Code restructure failed: missing block: B:51:?, code lost:
    
        return r4;
     */
    /* JADX WARN: Code restructure failed: missing block: B:52:?, code lost:
    
        return r4;
     */
    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r11v0, types: [iaik.x509.X509Certificate[]] */
    /* JADX WARN: Type inference failed for: r13v10, types: [iaik.x509.X509Certificate] */
    /* JADX WARN: Type inference failed for: r13v13, types: [iaik.x509.X509Certificate] */
    /* JADX WARN: Type inference failed for: r18v0, types: [iaik.pki.revocation.RevocationTrustProfile] */
    /* JADX WARN: Type inference failed for: r20v0, types: [iaik.pki.store.revocation.CRLRevocationSource, iaik.pki.store.revocation.RevocationSource] */
    /* JADX WARN: Type inference failed for: r4v21 */
    /* JADX WARN: Type inference failed for: r4v22 */
    /* JADX WARN: Type inference failed for: r4v23 */
    /* JADX WARN: Type inference failed for: r4v26, types: [iaik.pki.revocation.TrustResult] */
    /* JADX WARN: Type inference failed for: r4v27 */
    /* JADX WARN: Type inference failed for: r4v28 */
    /* JADX WARN: Type inference failed for: r4v30 */
    /* JADX WARN: Type inference failed for: r4v31 */
    /* JADX WARN: Type inference failed for: r4v32 */
    /* JADX WARN: Type inference failed for: r4v34 */
    /* JADX WARN: Type inference failed for: r4v39 */
    /* JADX WARN: Type inference failed for: r4v40 */
    /* JADX WARN: Type inference failed for: r4v41 */
    /* JADX WARN: Type inference failed for: r4v5 */
    /* JADX WARN: Type inference failed for: r4v6 */
    /* JADX WARN: Type inference failed for: r5v12, types: [iaik.x509.X509Certificate] */
    /* JADX WARN: Type inference failed for: r5v18 */
    /* JADX WARN: Type inference failed for: r5v23 */
    /* JADX WARN: Type inference failed for: r5v24, types: [iaik.x509.X509Certificate] */
    /* JADX WARN: Type inference failed for: r5v25 */
    /* JADX WARN: Type inference failed for: r5v26 */
    /* JADX WARN: Type inference failed for: r5v28 */
    /* JADX WARN: Type inference failed for: r5v29 */
    /* JADX WARN: Type inference failed for: r5v30 */
    /* JADX WARN: Type inference failed for: r5v32 */
    /* JADX WARN: Type inference failed for: r5v34 */
    /* JADX WARN: Type inference failed for: r5v7 */
    /* JADX WARN: Type inference failed for: r5v8, types: [iaik.pki.revocation.TrustResult] */
    /* JADX WARN: Type inference failed for: r7v19, types: [iaik.pki.revocation.TrustResult] */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    protected iaik.pki.revocation.TrustResult A(iaik.pki.revocation.RevocationTrustProfile r18, java.util.Date r19, iaik.pki.store.revocation.CRLRevocationSource r20, iaik.pki.store.revocation.SupplementalRevocationSources r21, iaik.logging.TransactionId r22) {
        /*
            Method dump skipped, instructions count: 556
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: iaik.pki.revocation.J.A(iaik.pki.revocation.RevocationTrustProfile, java.util.Date, iaik.pki.store.revocation.CRLRevocationSource, iaik.pki.store.revocation.SupplementalRevocationSources, iaik.logging.TransactionId):iaik.pki.revocation.TrustResult");
    }

    /* JADX WARN: Removed duplicated region for block: B:12:0x005f  */
    /* JADX WARN: Removed duplicated region for block: B:39:0x00b6  */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    protected iaik.pki.store.revocation.RevocationSource A(iaik.pki.revocation.C r14, java.util.Date r15, iaik.x509.X509Certificate r16, iaik.x509.X509Certificate r17, java.util.Hashtable r18, boolean r19, iaik.pki.revocation.RevocationProfile r20, iaik.logging.TransactionId r21) {
        /*
            Method dump skipped, instructions count: 317
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: iaik.pki.revocation.J.A(iaik.pki.revocation.C, java.util.Date, iaik.x509.X509Certificate, iaik.x509.X509Certificate, java.util.Hashtable, boolean, iaik.pki.revocation.RevocationProfile, iaik.logging.TransactionId):iaik.pki.store.revocation.RevocationSource");
    }

    protected Map A(X509Certificate x509Certificate, X509Certificate x509Certificate2, Date date, TransactionId transactionId) {
        if (x509Certificate == null) {
            throw new NullPointerException("Argument \"certificate\" must not be null.");
        }
        Set alternativeDistributionPoints = this.C.getAlternativeDistributionPoints(x509Certificate, x509Certificate2, date);
        Set<DistributionPoint> set = alternativeDistributionPoints == null ? Collections.EMPTY_SET : alternativeDistributionPoints;
        Hashtable hashtable = new Hashtable(1);
        CRLDistributionPoints cRLDistributionPoints = (CRLDistributionPoints) x509Certificate.getExtension(CRLDistributionPoints.oid);
        if (cRLDistributionPoints != null) {
            Enumeration distributionPoints = cRLDistributionPoints.getDistributionPoints();
            while (distributionPoints.hasMoreElements()) {
                try {
                    C c2 = new C((iaik.asn1.structures.DistributionPoint) distributionPoints.nextElement(), transactionId);
                    Integer num = new Integer(c2.F());
                    Set set2 = (Set) hashtable.get(num);
                    if (set2 == null) {
                        set2 = new HashSet();
                        hashtable.put(num, set2);
                    }
                    set2.add(c2);
                } catch (StatusCheckingException e) {
                    B.A.error(transactionId, "Can't handle this crl distribution point.", e);
                }
            }
        }
        if (set.isEmpty()) {
            return hashtable;
        }
        Hashtable hashtable2 = new Hashtable(1);
        for (DistributionPoint distributionPoint : set) {
            if (distributionPoint.getType().equals("crl")) {
                CRLDistributionPoint cRLDistributionPoint = (CRLDistributionPoint) distributionPoint;
                String uri = cRLDistributionPoint.getUri();
                if (uri == null) {
                    B.A.warn(transactionId, new StringBuffer("alternative distribution point url for certificate ").append(x509Certificate).append(" is null, thus ignoring").toString(), null);
                } else {
                    int reasonCodes = cRLDistributionPoint.getReasonCodes();
                    Integer num2 = new Integer(reasonCodes);
                    Set set3 = (Set) hashtable.get(num2);
                    C c3 = new C(uri, (set3 == null || set3.isEmpty()) ? null : ((C) set3.iterator().next()).A(), cRLDistributionPoint.getIssuerDN(), reasonCodes, transactionId);
                    Set set4 = (Set) hashtable2.get(num2);
                    if (set4 == null) {
                        set4 = new HashSet();
                        hashtable2.put(num2, set4);
                    }
                    set4.add(c3);
                    B.A.debug(transactionId, new StringBuffer("Found alternative distribution point: ").append(c3).toString(), null);
                }
            }
        }
        return hashtable2;
    }

    protected void A(C c2, Hashtable hashtable) {
        int F = c2.F();
        if (F == -1) {
            Integer num = new Integer(-1);
            if (hashtable.containsKey(num)) {
                return;
            }
            hashtable.put(num, c2);
            return;
        }
        if ((F & 1) != 0) {
            Integer num2 = new Integer(1);
            if (!hashtable.containsKey(num2)) {
                hashtable.put(num2, c2);
            }
        }
        if ((F & 2) != 0) {
            Integer num3 = new Integer(2);
            if (!hashtable.containsKey(num3)) {
                hashtable.put(num3, c2);
            }
        }
        if ((F & 4) != 0) {
            Integer num4 = new Integer(4);
            if (!hashtable.containsKey(num4)) {
                hashtable.put(num4, c2);
            }
        }
        if ((F & 8) != 0) {
            Integer num5 = new Integer(8);
            if (!hashtable.containsKey(num5)) {
                hashtable.put(num5, c2);
            }
        }
        if ((F & 16) != 0) {
            Integer num6 = new Integer(16);
            if (!hashtable.containsKey(num6)) {
                hashtable.put(num6, c2);
            }
        }
        if ((F & 32) != 0) {
            Integer num7 = new Integer(32);
            if (!hashtable.containsKey(num7)) {
                hashtable.put(num7, c2);
            }
        }
        if ((F & 64) != 0) {
            Integer num8 = new Integer(64);
            if (!hashtable.containsKey(num8)) {
                hashtable.put(num8, c2);
            }
        }
        if ((F & 128) != 0) {
            Integer num9 = new Integer(128);
            if (!hashtable.containsKey(num9)) {
                hashtable.put(num9, c2);
            }
        }
        if ((F & 256) != 0) {
            Integer num10 = new Integer(256);
            if (hashtable.containsKey(num10)) {
                return;
            }
            hashtable.put(num10, c2);
        }
    }

    protected boolean A(GeneralNames generalNames, ASN1Type aSN1Type, Name name, TransactionId transactionId) {
        GeneralNames generalNames2;
        if (aSN1Type instanceof GeneralNames) {
            generalNames2 = (GeneralNames) aSN1Type;
        } else {
            if (!(aSN1Type instanceof RDN)) {
                throw new StatusCheckingException("Wrong ASN1Type in DistributionPointName field of CRLDisrtibutionPoints extension of certificate.", null, new StringBuffer().append(getClass().getName()).append(":14").toString());
            }
            if (name == null) {
                B.A.debug(transactionId, new StringBuffer("Found no DistributionPointName match for \"").append(aSN1Type).append("\" in IssuingDistributionPoint extension of crl. certDistributionPointName is an RDN but no base name available.").toString(), null);
                return false;
            }
            name.addRDN((RDN) aSN1Type);
            generalNames2 = new GeneralNames(new GeneralName(4, name));
        }
        Enumeration names = generalNames2.getNames();
        while (names.hasMoreElements()) {
            if (generalNames.contains((GeneralName) names.nextElement())) {
                B.A.debug(transactionId, new StringBuffer("Found DistributionPointName match for \"").append(aSN1Type).append("\" in IssuingDistributionPoint extension of crl.").toString(), null);
                return true;
            }
        }
        B.A.debug(transactionId, new StringBuffer("Found no DistributionPointName match for \"").append(aSN1Type).append("\" in IssuingDistributionPoint extension of crl.").toString(), null);
        return false;
    }

    protected boolean A(RevokedCertificate revokedCertificate) {
        Set criticalExtensionOIDs = revokedCertificate.getCriticalExtensionOIDs();
        if (criticalExtensionOIDs == null) {
            return false;
        }
        Iterator it = criticalExtensionOIDs.iterator();
        while (it.hasNext()) {
            if (!SupportedCRLExtensions.ENTRY_EXTENSIONS.contains((String) it.next())) {
                return true;
            }
        }
        return false;
    }

    protected E B(X509Certificate x509Certificate, CRLRevocationSource cRLRevocationSource, Date date, TransactionId transactionId) {
        String str;
        if (!(cRLRevocationSource instanceof CRLRevocationSource)) {
            throw new IllegalArgumentException("Wrong type of crl revocation source.");
        }
        try {
            if (cRLRevocationSource instanceof DBCRLRevocationSource) {
                return A(x509Certificate, cRLRevocationSource, date, transactionId);
            }
            RevokedCertificate containsCertificate = ((MemoryCRLRevocationSource) cRLRevocationSource).getCRL().containsCertificate(x509Certificate);
            if (containsCertificate == null) {
                B.A.debug(transactionId, "certificate not on crl", null);
                return new L(date);
            }
            B.A.debug(transactionId, "certificate on crl", null);
            if (A(containsCertificate)) {
                B.A.warn(transactionId, "RevokedCertificate contains unsupported CRL Entry Extension. Setting certificate status to unknown.", null);
                return new H(date, RevocationStatusUnknown.UNKNOWN_REASON_UNSUPPORTED_CRITICAL_EXTENSION);
            }
            ReasonCode reasonCode = (ReasonCode) containsCertificate.getExtension(ReasonCode.oid);
            Date revocationDate = containsCertificate.getRevocationDate();
            if (revocationDate.after(date)) {
                if (reasonCode != null) {
                    int reasonCode2 = reasonCode.getReasonCode();
                    str = (reasonCode2 < 0 || reasonCode2 > RevocationStatusRevoked.ALL_ARRAY.length) ? new StringBuffer("unexpected reason code ").append(reasonCode2).toString() : RevocationStatusRevoked.ALL_ARRAY[reasonCode2];
                } else {
                    str = "no reason code included";
                }
                B.A.info(transactionId, new StringBuffer("certificate revoked at ").append(revocationDate).append(" (reason: ").append(str).append("), but valid at ").append(date).toString(), null);
                return new L(date);
            }
            if (reasonCode == null) {
                return new K(date, 0, revocationDate);
            }
            int reasonCode3 = reasonCode.getReasonCode();
            B.A.debug(transactionId, new StringBuffer("certificate revoked, reason code ").append(reasonCode3).toString(), null);
            if (reasonCode3 == 6) {
                return new H(date, "CertificateOnHold");
            }
            if (reasonCode3 != 8) {
                return new K(date, reasonCode3, revocationDate);
            }
            B.A.error(transactionId, "got unexpected removeFromCRL reason code, setting status to unknown", null);
            return new H(date, RevocationStatusUnknown.UNKNOWN_REASON_SERVICE_ERROR);
        } catch (X509ExtensionInitException e) {
            B.A.error(transactionId, "Failed investigating the CRL.", e);
            return new H(date, RevocationStatusUnknown.UNKNOWN_REASON_SERVICE_ERROR);
        }
    }

    @Override // iaik.pki.revocation.CertificateStatusChecker
    public RevocationStatus getCertificateStatus(X509Certificate x509Certificate, boolean z, X509Certificate x509Certificate2, PublicKey publicKey, Date date, String str, SupplementalRevocationSources supplementalRevocationSources, RevocationTrustProfile revocationTrustProfile, RevocationProfile revocationProfile, TransactionId transactionId) {
        H h;
        RevocationSource revocationSource;
        B.A.debug(transactionId, "Entering CRLCertificateStatusChecker.", null);
        if (this.C == null) {
            throw new StatusCheckingException("Status checking not yet configured", null, new StringBuffer().append(getClass().getName()).append(":1").toString());
        }
        if (revocationTrustProfile == null) {
            throw new NullPointerException("Trust profile mustn't be null");
        }
        if (x509Certificate == null) {
            throw new NullPointerException("Argument \"certificate\" must not be null.");
        }
        if (date == null) {
            throw new NullPointerException("Argument \"concernedDate\" must not be null.");
        }
        if (revocationProfile == null) {
            throw new NullPointerException("Profile mustn't be null");
        }
        try {
            x509Certificate.checkValidity(date);
            Map A = A(x509Certificate, x509Certificate2, date, transactionId);
            Integer num = new Integer(-1);
            Hashtable hashtable = null;
            boolean z2 = false;
            if (supplementalRevocationSources != null) {
                z2 = supplementalRevocationSources.useSupplementalRevocationSourcesOnly();
                hashtable = supplementalRevocationSources.getCrlRevocationSources();
                if (z2 && (hashtable == null || (hashtable != null && hashtable.isEmpty()))) {
                    throw new StatusCheckingException("Should use supplemental revocation sources only, but no supplemental CRL revocation sources available", null, new StringBuffer().append(getClass().getName()).append(":6").toString());
                }
                if (A.isEmpty() && hashtable != null && !hashtable.isEmpty()) {
                    C c2 = new C(Constants.DUMMY_URI, -1, transactionId);
                    HashSet hashSet = new HashSet(1);
                    hashSet.add(c2);
                    A.put(num, hashSet);
                }
            }
            A.keySet();
            Set<C> set = (Set) A.get(num);
            if (set != null) {
                H h2 = null;
                for (C c3 : set) {
                    try {
                        revocationSource = A(c3, date, x509Certificate, x509Certificate2, hashtable, z2, revocationProfile, transactionId);
                        h = h2;
                    } catch (RevocationStoreException e) {
                        B.A.warn(transactionId, new StringBuffer("Can't get revocation info ").append(c3).toString(), e);
                        h = new H(date, RevocationStatusUnknown.UNKNOWN_REASON_SERVICE_UNAVAILABLE);
                        revocationSource = null;
                    }
                    if (revocationSource == null) {
                        B.A.warn(transactionId, new StringBuffer("Cannot get CRL from ").append(c3).toString(), null);
                        h2 = new H(date, RevocationStatusUnknown.UNKNOWN_REASON_SERVICE_UNAVAILABLE);
                    } else {
                        if (!(revocationSource instanceof CRLRevocationSource)) {
                            B.A.error(transactionId, "Internal error, got wrong revocation source type", null);
                            throw new StatusCheckingException("Internal error, got wrong .revocation source type", null, new StringBuffer().append(getClass().getName()).append(":3").toString());
                        }
                        CRLRevocationSource cRLRevocationSource = (CRLRevocationSource) revocationSource;
                        A A2 = A(cRLRevocationSource, c3, x509Certificate, z, revocationTrustProfile, date, str, supplementalRevocationSources, transactionId);
                        if (A2.B()) {
                            E B = B(x509Certificate, cRLRevocationSource, date, transactionId);
                            B.A(A2.C().getRevocationInfoList());
                            B.A(RevocationFactory.getInstance(transactionId).createRevocationInfo(x509Certificate, revocationSource));
                            String statusCode = B.getStatusCode();
                            if (statusCode.equals(RevocationStatus.REVOKED) || statusCode.equals(RevocationStatus.VALID)) {
                                return B;
                            }
                            h2 = B;
                        } else {
                            B.A.warn(transactionId, "CRL not trusted.", null);
                            if (h == null) {
                                B.A.warn(transactionId, "Setting revocation status to unknown.", null);
                                H A3 = A2.A();
                                if (A3 != null) {
                                    h2 = A3;
                                } else {
                                    TrustResult C = A2.C();
                                    H h3 = new H(date, RevocationStatusUnknown.UNKNOWN_REASON_ISSUER_CERTIFICATE_NOT_TRUSTED);
                                    h3.A(C.getRevocationInfoList());
                                    h3.A(RevocationFactory.getInstance(transactionId).createRevocationInfo(x509Certificate, revocationSource));
                                    h2 = h3;
                                }
                            } else {
                                h2 = h;
                            }
                        }
                    }
                }
                if (0 == 0) {
                    return h2;
                }
                return null;
            }
            E e2 = null;
            ArrayList arrayList = new ArrayList();
            ArrayList arrayList2 = new ArrayList();
            E e3 = null;
            int i = 0;
            for (Integer num2 : A.keySet()) {
                int i2 = i;
                E e4 = e2;
                E e5 = e3;
                for (C c4 : (Set) A.get(num2)) {
                    try {
                        RevocationSource A4 = A(c4, date, x509Certificate, x509Certificate2, hashtable, z2, revocationProfile, transactionId);
                        if (A4 == null) {
                            B.A.warn(transactionId, new StringBuffer("Cannot get CRL from ").append(c4).toString(), null);
                            H h4 = new H(date, RevocationStatusUnknown.UNKNOWN_REASON_SERVICE_UNAVAILABLE);
                            i2 = num2.intValue() | i2;
                            e5 = h4;
                        } else {
                            if (!(A4 instanceof CRLRevocationSource)) {
                                B.A.error(transactionId, "Internal error, got wrong revocation source type", null);
                                throw new StatusCheckingException("Internal error, got wrong revocation source type", null, new StringBuffer().append(getClass().getName()).append(":5").toString());
                            }
                            CRLRevocationSource cRLRevocationSource2 = (CRLRevocationSource) A4;
                            int intValue = num2.intValue() | i2;
                            A A5 = A(cRLRevocationSource2, c4, x509Certificate, z, revocationTrustProfile, date, str, supplementalRevocationSources, transactionId);
                            TrustResult C2 = A5.C();
                            if (C2 != null && C2.getRevocationInfoList() != null) {
                                arrayList2.addAll(C2.getRevocationInfoList());
                            }
                            if (A5.B()) {
                                arrayList.add(A4);
                                E B2 = B(x509Certificate, cRLRevocationSource2, date, transactionId);
                                String statusCode2 = B2.getStatusCode();
                                if (statusCode2.equals(RevocationStatus.REVOKED)) {
                                    B2.A(arrayList2);
                                    B2.A(RevocationFactory.getInstance(transactionId).createRevocationInfo(x509Certificate, arrayList));
                                    return B2;
                                }
                                if (statusCode2.equals(RevocationStatus.UNKNOWN)) {
                                    if (((H) B2).getUnknownReason().equals("CertificateOnHold")) {
                                        i2 = intValue;
                                        e4 = B2;
                                        e5 = B2;
                                    } else {
                                        i2 = intValue;
                                        e4 = B2;
                                    }
                                }
                            } else {
                                B.A.warn(transactionId, "CRL not trusted, thus ignoring", null);
                            }
                            i2 = intValue;
                        }
                    } catch (RevocationStoreException e6) {
                        throw new StatusCheckingException("Can't get revocation info", e6, new StringBuffer().append(getClass().getName()).append(":4").toString());
                    }
                }
                i = i2;
                e2 = e4;
                e3 = e5;
            }
            if (i != I) {
                B.A.warn(transactionId, "Distribution points not for all revocation reasons configured", null);
                e2 = new H(date, RevocationStatusUnknown.UNKNOWN_REASON_UNSPECIFIED);
            } else if (e3 != null) {
                e2 = e3;
            } else if (e2 == null) {
                e2 = new L(date);
            }
            e2.A(arrayList2);
            e2.A(RevocationFactory.getInstance(transactionId).createRevocationInfo(x509Certificate, arrayList));
            return e2;
        } catch (Exception e7) {
            B.A.error(transactionId, new StringBuffer("provided certificate not valid at ").append(date).toString(), e7);
            throw new StatusCheckingException("Certificate must be valid", e7, new StringBuffer().append(getClass().getName()).append(":2").toString());
        }
    }
}
