package com.ibm.security.cert;

import com.ibm.security.util.ObjectIdentifier;
import com.ibm.security.x509.CertificatePoliciesExtension;
import com.ibm.security.x509.OIDMap;
import com.ibm.security.x509.PolicyConstraintsExtension;
import com.ibm.security.x509.PolicyInformation;
import java.io.IOException;
import java.security.cert.CertPath;
import java.security.cert.CertPathValidatorException;
import java.security.cert.PKIXCertPathChecker;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Set;
import java.util.Vector;

/* loaded from: input_file:efixes/JDKiFix_nd_aix/components/prereq.jdk/update.jar:/java/jre/lib/ibmcertpathprovider.jar:com/ibm/security/cert/PolicyChecker.class */
public class PolicyChecker extends PKIXCertPathChecker {
    private PolicyTree policyTree = new PolicyTree();
    private X509Certificate certificate;
    private boolean policyQualifiersRejected;
    private Set user_initial_policy_set;
    int inhibit_any_policy;
    private int explicit_policy;
    private int policy_mapping;
    private int currentCertIndex;
    private CertPath certPath;
    public static final ObjectIdentifier anyPolicy_OID;
    private int numberOfCertsInCertPath;
    static final String[] myExtensions = {OIDMap.getOID(CertificatePoliciesExtension.IDENT).toString(), OIDMap.getOID(PolicyConstraintsExtension.IDENT).toString(), OIDMap.getOID("x509.info.extensions.InhibitAnyPolicy").toString()};

    public PolicyChecker(CertPath certPath, boolean z, Set set, int i, int i2, int i3) {
        this.certPath = certPath;
        this.policyQualifiersRejected = z;
        this.user_initial_policy_set = set;
        this.explicit_policy = i;
        this.policy_mapping = i2;
        this.inhibit_any_policy = i3;
        this.numberOfCertsInCertPath = this.certPath.getCertificates().size();
        this.currentCertIndex = this.numberOfCertsInCertPath - 1;
    }

    /* JADX WARN: Removed duplicated region for block: B:18:0x00e5  */
    /* JADX WARN: Removed duplicated region for block: B:51:0x01c7  */
    @Override // java.security.cert.PKIXCertPathChecker
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public void check(java.security.cert.Certificate r8, java.util.Collection r9) throws java.security.cert.CertPathValidatorException {
        /*
            Method dump skipped, instructions count: 478
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: com.ibm.security.cert.PolicyChecker.check(java.security.cert.Certificate, java.util.Collection):void");
    }

    private void checkPolicies(X509Certificate x509Certificate, CertificatePoliciesExtension certificatePoliciesExtension, PolicyTree policyTree) throws CertPathValidatorException {
        boolean isCritical = certificatePoliciesExtension.isCritical();
        try {
            Vector vector = (Vector) certificatePoliciesExtension.get(CertificatePoliciesExtension.CERT_POLICIES);
            ArrayList nodes = policyTree.getNodes((this.numberOfCertsInCertPath - this.currentCertIndex) - 1);
            for (int i = 0; i < vector.size(); i++) {
                PolicyInformation policyInformation = (PolicyInformation) vector.elementAt(i);
                try {
                    ObjectIdentifier policyIdentifier = policyInformation.getPolicyIdentifier();
                    if (!policyIdentifier.equals(anyPolicy_OID)) {
                        Vector policyQualifiers = policyInformation.getPolicyQualifiers();
                        if (policyQualifiers == null) {
                            policyQualifiers = new Vector();
                        }
                        boolean z = false;
                        for (int i2 = 0; i2 < nodes.size(); i2++) {
                            PolicyNodeImpl policyNodeImpl = (PolicyNodeImpl) nodes.get(i2);
                            if (policyNodeImpl.match(policyIdentifier)) {
                                z = true;
                                HashSet hashSet = new HashSet();
                                hashSet.add(policyIdentifier.toString());
                                PolicyNodeImpl policyNodeImpl2 = new PolicyNodeImpl(policyIdentifier, new HashSet(policyQualifiers), isCritical, hashSet, policyNodeImpl);
                                policyNodeImpl.addChild(policyNodeImpl2);
                                policyTree.addNode(policyNodeImpl2);
                            }
                        }
                        if (!z) {
                            for (int i3 = 0; i3 < nodes.size(); i3++) {
                                PolicyNodeImpl policyNodeImpl3 = (PolicyNodeImpl) nodes.get(i3);
                                if (policyNodeImpl3.getValidPolicy().equals(anyPolicy_OID.toString())) {
                                    HashSet hashSet2 = new HashSet();
                                    hashSet2.add(policyIdentifier.toString());
                                    PolicyNodeImpl policyNodeImpl4 = new PolicyNodeImpl(policyIdentifier, new HashSet(policyQualifiers), isCritical, hashSet2, policyNodeImpl3);
                                    policyNodeImpl3.addChild(policyNodeImpl4);
                                    policyTree.addNode(policyNodeImpl4);
                                }
                            }
                        }
                    }
                } catch (IOException e) {
                    throw new CertPathValidatorException("Fail to pass policy check", e, this.certPath, this.currentCertIndex);
                }
            }
            for (int i4 = 0; i4 < vector.size(); i4++) {
                PolicyInformation policyInformation2 = (PolicyInformation) vector.elementAt(i4);
                try {
                    if (policyInformation2.getPolicyIdentifier().equals(anyPolicy_OID) && CertPathUtil.getInhibitAnyPolicy(x509Certificate) > 0) {
                        Vector policyQualifiers2 = policyInformation2.getPolicyQualifiers();
                        if (policyQualifiers2 == null) {
                            policyQualifiers2 = new Vector();
                        }
                        for (int i5 = 0; i5 < nodes.size(); i5++) {
                            PolicyNodeImpl policyNodeImpl5 = (PolicyNodeImpl) nodes.get(i5);
                            Iterator it = policyNodeImpl5.getExpectedPolicies().iterator();
                            while (it.hasNext()) {
                                try {
                                    ObjectIdentifier objectIdentifier = new ObjectIdentifier((String) it.next());
                                    boolean z2 = false;
                                    Iterator children = policyNodeImpl5.getChildren();
                                    while (true) {
                                        if (children.hasNext()) {
                                            if (((PolicyNodeImpl) children.next()).match(objectIdentifier)) {
                                                z2 = true;
                                                break;
                                            }
                                        } else {
                                            break;
                                        }
                                    }
                                    if (!z2) {
                                        HashSet hashSet3 = new HashSet();
                                        hashSet3.add(objectIdentifier.toString());
                                        PolicyNodeImpl policyNodeImpl6 = new PolicyNodeImpl(objectIdentifier, new HashSet(policyQualifiers2), isCritical, hashSet3, policyNodeImpl5);
                                        policyNodeImpl5.addChild(policyNodeImpl6);
                                        policyTree.addNode(policyNodeImpl6);
                                    }
                                } catch (IOException e2) {
                                }
                            }
                        }
                    }
                } catch (IOException e3) {
                    throw new CertPathValidatorException("Fail to pass policy check", e3, this.certPath, this.currentCertIndex);
                }
            }
            for (int i6 = (this.numberOfCertsInCertPath - this.currentCertIndex) - 1; i6 > 0; i6--) {
                ArrayList nodes2 = policyTree.getNodes(i6);
                int size = nodes2.size();
                int i7 = 0;
                while (i7 < size) {
                    PolicyNodeImpl policyNodeImpl7 = (PolicyNodeImpl) nodes2.get(i7);
                    if (!policyNodeImpl7.getChildren().hasNext()) {
                        PolicyNodeImpl policyNodeImpl8 = (PolicyNodeImpl) ((PolicyNodeImpl) nodes2.get(i7)).getParent();
                        if (policyNodeImpl8 == null) {
                            throw new CertPathValidatorException("Fail to pass policy check", new CertPathValidatorException("Policy tree broken"), this.certPath, this.currentCertIndex);
                        }
                        policyNodeImpl8.removeChild(policyNodeImpl7);
                        policyTree.remove(policyNodeImpl7);
                        i7--;
                        size--;
                    }
                    i7++;
                }
            }
            if (policyTree.getNodes(1) == null) {
                policyTree.setValid(false);
            }
        } catch (IOException e4) {
            throw new CertPathValidatorException("Fail to pass policy check", e4, this.certPath, this.currentCertIndex);
        }
    }

    @Override // java.security.cert.PKIXCertPathChecker
    public void init(boolean z) throws CertPathValidatorException {
        if (z) {
            throw new CertPathValidatorException("The direction of forward is not supported.", null, this.certPath, this.currentCertIndex);
        }
    }

    @Override // java.security.cert.PKIXCertPathChecker
    public boolean isForwardCheckingSupported() {
        return false;
    }

    @Override // java.security.cert.PKIXCertPathChecker
    public Set getSupportedExtensions() {
        HashSet hashSet = new HashSet();
        hashSet.add("2.5.29.32");
        return hashSet;
    }

    @Override // java.security.cert.PKIXCertPathChecker
    public Object clone() {
        return super.clone();
    }

    public PolicyTree getPolicyTree() {
        return this.policyTree;
    }

    /* JADX WARN: Code restructure failed: missing block: B:34:0x013b, code lost:
    
        r0 = (java.util.Vector) ((com.ibm.security.x509.CertificatePoliciesExtension) com.ibm.security.cert.CertPathUtil.getPolicyInformation(r9, new java.util.Vector(), r8.policyQualifiersRejected)).get(com.ibm.security.x509.CertificatePoliciesExtension.CERT_POLICIES);
     */
    /* JADX WARN: Code restructure failed: missing block: B:35:0x0160, code lost:
    
        r24 = 0;
     */
    /* JADX WARN: Code restructure failed: missing block: B:37:0x016a, code lost:
    
        if (r24 >= r0.size()) goto L88;
     */
    /* JADX WARN: Code restructure failed: missing block: B:38:0x016d, code lost:
    
        r0 = (com.ibm.security.x509.PolicyInformation) r0.get(r24);
     */
    /* JADX WARN: Code restructure failed: missing block: B:41:0x0184, code lost:
    
        if (r0.getPolicyIdentifier().equals(com.ibm.security.cert.PolicyChecker.anyPolicy_OID) == false) goto L48;
     */
    /* JADX WARN: Code restructure failed: missing block: B:42:0x01e9, code lost:
    
        r24 = r24 + 1;
     */
    /* JADX WARN: Code restructure failed: missing block: B:44:0x0187, code lost:
    
        r0 = new java.util.HashSet();
        r0.add(r0.getSubjectIdentifier().getIdentifier().toString());
        r0 = new com.ibm.security.cert.PolicyNodeImpl(r0, new java.util.HashSet(r0.getPolicyQualifiers()), r10.isCritical(), r0, r0);
        r0.addChild(r0);
        r11.addNode(r0);
     */
    /* JADX WARN: Code restructure failed: missing block: B:48:0x01d3, code lost:
    
        r26 = move-exception;
     */
    /* JADX WARN: Code restructure failed: missing block: B:50:0x01e8, code lost:
    
        throw new java.security.cert.CertPathValidatorException("An internal error has occured.", r26, r8.certPath, r8.currentCertIndex);
     */
    /* JADX WARN: Code restructure failed: missing block: B:52:0x02e9, code lost:
    
        continue;
     */
    /* JADX WARN: Code restructure failed: missing block: B:54:0x014a, code lost:
    
        r24 = move-exception;
     */
    /* JADX WARN: Code restructure failed: missing block: B:56:0x015f, code lost:
    
        throw new java.security.cert.CertPathValidatorException("An internal error has occurred.", r24, r8.certPath, r8.currentCertIndex);
     */
    /* JADX WARN: Code restructure failed: missing block: B:57:0x02e9, code lost:
    
        continue;
     */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    private void checkPolicyMappings(java.security.cert.X509Certificate r9, com.ibm.security.x509.PolicyMappingsExtension r10, com.ibm.security.cert.PolicyTree r11) throws java.security.cert.CertPathValidatorException {
        /*
            Method dump skipped, instructions count: 752
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: com.ibm.security.cert.PolicyChecker.checkPolicyMappings(java.security.cert.X509Certificate, com.ibm.security.x509.PolicyMappingsExtension, com.ibm.security.cert.PolicyTree):void");
    }

    private PolicyTree wrapUp(X509Certificate x509Certificate) throws CertPathValidatorException {
        if (!this.certificate.getIssuerDN().equals(this.certificate.getSubjectDN()) && this.explicit_policy != 0) {
            this.explicit_policy--;
        }
        int[] policyConstraints = CertPathUtil.getPolicyConstraints(this.certificate);
        if (policyConstraints != null && policyConstraints[0] == 0) {
            this.explicit_policy = 0;
        }
        if (this.policyTree.isValid()) {
            if (this.user_initial_policy_set.size() == 1 && this.user_initial_policy_set.contains(anyPolicy_OID.toString())) {
                return this.policyTree;
            }
            ArrayList arrayList = new ArrayList();
            for (int depth = this.policyTree.getDepth(); depth > 0; depth--) {
                Iterator it = this.policyTree.getNodes(depth).iterator();
                while (it.hasNext()) {
                    PolicyNodeImpl policyNodeImpl = (PolicyNodeImpl) it.next();
                    if (policyNodeImpl.getParent().getValidPolicy().equals(anyPolicy_OID.toString())) {
                        arrayList.add(policyNodeImpl);
                    }
                }
            }
            Iterator it2 = arrayList.iterator();
            while (it2.hasNext()) {
                PolicyNodeImpl policyNodeImpl2 = (PolicyNodeImpl) it2.next();
                String validPolicy = policyNodeImpl2.getValidPolicy();
                if (!this.user_initial_policy_set.contains(validPolicy) && !validPolicy.equals(anyPolicy_OID.toString())) {
                    Iterator children = policyNodeImpl2.getChildren();
                    while (children.hasNext()) {
                        deleteChild(this.policyTree, (PolicyNodeImpl) children.next());
                    }
                    ((PolicyNodeImpl) policyNodeImpl2.getParent()).removeChild(policyNodeImpl2);
                    this.policyTree.remove(policyNodeImpl2);
                }
            }
            for (int i = this.numberOfCertsInCertPath - 1; i > 0; i--) {
                ArrayList nodes = this.policyTree.getNodes(i);
                if (nodes != null) {
                    int size = nodes.size();
                    int i2 = 0;
                    while (i2 < size) {
                        PolicyNodeImpl policyNodeImpl3 = (PolicyNodeImpl) nodes.get(i2);
                        if (!policyNodeImpl3.getChildren().hasNext()) {
                            PolicyNodeImpl policyNodeImpl4 = (PolicyNodeImpl) ((PolicyNodeImpl) nodes.get(i2)).getParent();
                            if (policyNodeImpl4 == null) {
                                throw new CertPathValidatorException("Fail to pass policy check", new CertPathValidatorException("Policy tree broken"), this.certPath, this.currentCertIndex);
                            }
                            policyNodeImpl4.removeChild(policyNodeImpl3);
                            this.policyTree.remove(policyNodeImpl3);
                            i2--;
                            size--;
                        }
                        i2++;
                    }
                }
            }
            if (this.policyTree.getNodes(1) == null) {
                this.policyTree.setValid(false);
            }
        }
        if (this.policyTree.isValid() || this.explicit_policy > 0) {
            return this.policyTree;
        }
        throw new CertPathValidatorException("Fail to pass certification path processing", null, this.certPath, this.currentCertIndex);
    }

    private void deleteChild(PolicyTree policyTree, PolicyNodeImpl policyNodeImpl) {
        Iterator children = policyNodeImpl.getChildren();
        while (children.hasNext()) {
            deleteChild(policyTree, (PolicyNodeImpl) children.next());
        }
        policyTree.remove(policyNodeImpl);
    }

    static {
        ObjectIdentifier objectIdentifier = null;
        try {
            objectIdentifier = new ObjectIdentifier("2.5.29.32.0");
        } catch (IOException e) {
        }
        anyPolicy_OID = objectIdentifier;
    }
}
