package javax.security.cert;

import com.ibm.misc.HexDumpEncoder;
import com.ibm.security.krb5.PrincipalName;
import com.ibm.security.util.DerInputStream;
import com.ibm.security.util.DerOutputStream;
import com.ibm.security.util.DerValue;
import com.ibm.security.util.ObjectIdentifier;
import com.ibm.security.x509.AlgorithmId;
import com.ibm.security.x509.AuthorityKeyIdentifierExtension;
import com.ibm.security.x509.CertificatePoliciesExtension;
import com.ibm.security.x509.DNSName;
import com.ibm.security.x509.EDIPartyName;
import com.ibm.security.x509.ExtKeyUsageExtension;
import com.ibm.security.x509.GeneralName;
import com.ibm.security.x509.GeneralNames;
import com.ibm.security.x509.GeneralSubtree;
import com.ibm.security.x509.GeneralSubtrees;
import com.ibm.security.x509.IPAddressName;
import com.ibm.security.x509.KeyIdentifier;
import com.ibm.security.x509.NameConstraintsExtension;
import com.ibm.security.x509.OIDMap;
import com.ibm.security.x509.OIDName;
import com.ibm.security.x509.OtherName;
import com.ibm.security.x509.PolicyInformation;
import com.ibm.security.x509.PrivateKeyUsageExtension;
import com.ibm.security.x509.RFC822Name;
import com.ibm.security.x509.SubjectAlternativeNameExtension;
import com.ibm.security.x509.SubjectKeyIdentifierExtension;
import com.ibm.security.x509.URIName;
import com.ibm.security.x509.X400Address;
import com.ibm.security.x509.X500Name;
import com.ibm.security.x509.X509CertImpl;
import com.ibm.security.x509.X509Key;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.math.BigInteger;
import java.net.MalformedURLException;
import java.net.URL;
import java.security.InvalidKeyException;
import java.security.PublicKey;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collection;
import java.util.Collections;
import java.util.Date;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Set;
import java.util.Vector;

/* loaded from: input_file:efixes/JDKiFix_linux_i386/components/prereq.jdk/update.jar:/java/jre/lib/ext/oldcertpath.jar:javax/security/cert/X509CertSelector.class */
public class X509CertSelector implements CertSelector {
    private BigInteger serialNumber;
    private X500Name issuer;
    private boolean issuerAsString;
    private X500Name subject;
    private boolean subjectAsString;
    private byte[] subjectKeyIdentifier;
    private byte[] authorityKeyIdentifier;
    private Date certificateValid;
    private Date privateKeyValid;
    private AlgorithmId subjectPublicKeyAlgID;
    private PublicKey subjectPublicKey;
    private boolean[] keyUsage;
    private ArrayList subjectAlternativeNames;
    private ArrayList subjectAlternativeNamesFromApp;
    private GeneralSubtrees[] nameConstraints;
    private byte[] baNameConstraints = null;
    private int basicConstraints;
    private Set policy;
    private Set keyPurposeSet;
    private java.security.cert.X509Certificate certificate;
    private boolean matchAllNames;
    private ArrayList pathToNames;
    private ArrayList pathToNamesFromApp;

    public X509CertSelector() {
        try {
            setCertificate(null);
            setExtendedKeyUsage(null);
            setSerialNumber(null);
            setIssuer((byte[]) null);
            setSubject((byte[]) null);
            setSubjectKeyIdentifier(null);
            setAuthorityKeyIdentifier(null);
            setCertificateValid(null);
            setPrivateKeyValid(null);
            setSubjectPublicKeyAlgID(null);
            setSubjectPublicKey((PublicKey) null);
            setKeyUsage(null);
            setSubjectAlternativeNames(null);
            setNameConstraints(null);
            setBasicConstraints(-1);
            setPolicy(null);
            setPathToNames(null);
            setMatchAllSubjectAltNames(true);
        } catch (IOException e) {
        }
    }

    public void setSerialNumber(BigInteger bigInteger) {
        this.serialNumber = bigInteger != null ? new BigInteger(bigInteger.toByteArray()) : null;
    }

    public void setIssuer(String str) throws IOException {
        this.issuer = str != null ? new X500Name(str) : null;
        this.issuerAsString = true;
    }

    public void setIssuer(byte[] bArr) throws IOException {
        this.issuer = bArr != null ? new X500Name(bArr) : null;
        this.issuerAsString = false;
    }

    public void setSubject(String str) throws IOException {
        this.subject = str != null ? new X500Name(str) : null;
        this.subjectAsString = true;
    }

    public void setSubject(byte[] bArr) throws IOException {
        this.subject = bArr != null ? new X500Name(bArr) : null;
        this.subjectAsString = false;
    }

    public void setSubjectKeyIdentifier(byte[] bArr) {
        this.subjectKeyIdentifier = bArr != null ? (byte[]) bArr.clone() : null;
    }

    public void setAuthorityKeyIdentifier(byte[] bArr) {
        this.authorityKeyIdentifier = bArr != null ? (byte[]) bArr.clone() : null;
    }

    public void setCertificate(java.security.cert.X509Certificate x509Certificate) {
        this.certificate = x509Certificate;
    }

    public void setCertificateValid(Date date) {
        this.certificateValid = date != null ? new Date(date.getTime()) : null;
    }

    public void setExtendedKeyUsage(Set set) throws IOException {
        if (set == null) {
            this.keyPurposeSet = null;
            return;
        }
        HashSet hashSet = new HashSet();
        for (Object obj : set) {
            if (!(obj instanceof String)) {
                throw new IOException("All elements in the Set must be String");
            }
            try {
                hashSet.add(new ObjectIdentifier((String) obj));
            } catch (Exception e) {
                throw new IOException(new StringBuffer().append("Invalid OID ").append(obj.toString()).toString());
            }
        }
        this.keyPurposeSet = hashSet;
    }

    public void setPrivateKeyValid(Date date) {
        this.privateKeyValid = date != null ? new Date(date.getTime()) : null;
    }

    public void setSubjectPublicKeyAlgID(String str) throws IOException {
        if (str == null) {
            this.subjectPublicKeyAlgID = null;
        } else {
            try {
                this.subjectPublicKeyAlgID = new AlgorithmId(new ObjectIdentifier(str));
            } catch (Exception e) {
                throw new IOException(new StringBuffer().append("Invalid OID: ").append(str).toString());
            }
        }
    }

    public void setSubjectPublicKey(PublicKey publicKey) {
        this.subjectPublicKey = publicKey;
    }

    public void setSubjectPublicKey(byte[] bArr) throws IOException {
        if (bArr == null) {
            this.subjectPublicKey = null;
            return;
        }
        X509Key x509Key = new X509Key();
        try {
            x509Key.decode(new ByteArrayInputStream((byte[]) bArr.clone()));
            this.subjectPublicKey = x509Key;
        } catch (InvalidKeyException e) {
            throw new IOException(e.getMessage());
        }
    }

    public void setKeyUsage(boolean[] zArr) {
        if (zArr == null) {
            this.keyUsage = null;
        } else {
            this.keyUsage = (boolean[]) zArr.clone();
        }
    }

    public void setMatchAllSubjectAltNames(boolean z) {
        this.matchAllNames = z;
    }

    public void setSubjectAlternativeNames(Collection collection) throws IOException {
        if (collection == null || collection.size() <= 0) {
            this.subjectAlternativeNamesFromApp = null;
            this.subjectAlternativeNames = null;
            return;
        }
        this.subjectAlternativeNames = new ArrayList();
        this.subjectAlternativeNamesFromApp = new ArrayList();
        for (Object obj : collection) {
            if (!(obj instanceof List)) {
                throw new IOException("Each entry of names should be a List");
            }
            List list = (List) obj;
            if (list.size() < 2) {
                throw new IOException("Each entry of names should contain two elements");
            }
            Object obj2 = list.get(0);
            if (!(obj2 instanceof Integer)) {
                throw new IOException("First element in each entry of names should be an Integer");
            }
            int intValue = ((Integer) obj2).intValue();
            if (intValue < 0 || intValue > 8) {
                throw new IOException("Name type not 0-8");
            }
            Object obj3 = list.get(1);
            if (obj3 instanceof byte[]) {
                addSubjectAlternativeName(intValue, (byte[]) obj3);
            } else {
                if (!(obj3 instanceof String)) {
                    throw new IOException("Second element in each entry of names should be a byte array or a String");
                }
                addSubjectAlternativeName(intValue, (String) obj3);
            }
        }
    }

    public void addSubjectAlternativeName(int i, String str) throws IOException {
        if (str == null) {
            throw new IOException("Name is null");
        }
        if (this.subjectAlternativeNames == null) {
            this.subjectAlternativeNamesFromApp = new ArrayList();
            this.subjectAlternativeNames = new ArrayList();
        }
        ArrayList arrayList = new ArrayList();
        arrayList.add(new Integer(i));
        arrayList.add(str);
        this.subjectAlternativeNamesFromApp.add(arrayList);
        this.subjectAlternativeNames.add(processGeneralName(i, str));
    }

    public void addSubjectAlternativeName(int i, byte[] bArr) throws IOException {
        if (bArr == null) {
            throw new IOException("Name is null");
        }
        if (this.subjectAlternativeNames == null) {
            this.subjectAlternativeNames = new ArrayList();
            this.subjectAlternativeNamesFromApp = new ArrayList();
        }
        ArrayList arrayList = new ArrayList();
        arrayList.add(new Integer(i));
        arrayList.add(bArr.clone());
        this.subjectAlternativeNamesFromApp.add(arrayList);
        this.subjectAlternativeNames.add(processGeneralName(i, (byte[]) bArr.clone()));
    }

    public void setNameConstraints(byte[] bArr) throws IOException {
        if (bArr == null) {
            this.baNameConstraints = null;
            this.nameConstraints = null;
            return;
        }
        this.baNameConstraints = (byte[]) bArr.clone();
        if (this.nameConstraints == null) {
            this.nameConstraints = new GeneralSubtrees[2];
        }
        NameConstraintsExtension nameConstraintsExtension = new NameConstraintsExtension(Boolean.TRUE, bArr);
        GeneralSubtrees generalSubtrees = (GeneralSubtrees) nameConstraintsExtension.get(NameConstraintsExtension.PERMITTED_SUBTREES);
        GeneralSubtrees generalSubtrees2 = (GeneralSubtrees) nameConstraintsExtension.get(NameConstraintsExtension.EXCLUDED_SUBTREES);
        this.nameConstraints[0] = generalSubtrees;
        this.nameConstraints[1] = generalSubtrees2;
    }

    public void setBasicConstraints(int i) {
        if (i < -2) {
            throw new IllegalArgumentException("Max path length < -2");
        }
        this.basicConstraints = i;
    }

    public void setPolicy(Set set) throws IOException {
        if (set == null) {
            this.policy = null;
            return;
        }
        HashSet hashSet = new HashSet();
        for (Object obj : set) {
            if (!(obj instanceof String)) {
                throw new IOException("All elements in the Set must be String");
            }
            try {
                hashSet.add(new ObjectIdentifier((String) obj));
            } catch (Exception e) {
                throw new IOException(new StringBuffer().append("Invalid OID: ").append(obj.toString()).toString());
            }
        }
        this.policy = hashSet;
    }

    public void setPathToNames(Collection collection) throws IOException {
        if (collection == null || collection.size() <= 0) {
            this.pathToNames = null;
            this.pathToNamesFromApp = null;
            return;
        }
        this.pathToNames = new ArrayList();
        this.pathToNamesFromApp = new ArrayList();
        for (Object obj : collection) {
            if (!(obj instanceof List)) {
                throw new IOException("Each entry of names should be a List");
            }
            List list = (List) obj;
            if (list.size() < 2) {
                throw new IOException("Each entry of names should contain two elements");
            }
            Object obj2 = list.get(0);
            if (!(obj2 instanceof Integer)) {
                throw new IOException("First element in each entry of names should be an Integer");
            }
            int intValue = ((Integer) obj2).intValue();
            if (intValue < 0 || intValue > 8) {
                throw new IOException("Name type not 0-8");
            }
            Object obj3 = list.get(1);
            if (obj3 instanceof byte[]) {
                addPathToName(intValue, (byte[]) obj3);
            } else {
                if (!(obj3 instanceof String)) {
                    throw new IOException("Second element in each entry of names should be a byte array or a String");
                }
                addPathToName(intValue, (String) obj3);
            }
        }
    }

    public void addPathToName(int i, String str) throws IOException {
        if (str == null) {
            throw new IOException("Name is null");
        }
        if (this.pathToNames == null) {
            this.pathToNames = new ArrayList();
            this.pathToNamesFromApp = new ArrayList();
        }
        this.pathToNames.add(processGeneralName(i, str));
        ArrayList arrayList = new ArrayList(2);
        arrayList.add(new Integer(i));
        arrayList.add(str);
        this.pathToNamesFromApp.add(arrayList);
    }

    public void addPathToName(int i, byte[] bArr) throws IOException {
        if (bArr == null) {
            throw new IOException("Name is null");
        }
        if (this.pathToNames == null) {
            this.pathToNames = new ArrayList();
            this.pathToNamesFromApp = new ArrayList();
        }
        ArrayList arrayList = new ArrayList();
        arrayList.add(new Integer(i));
        arrayList.add(bArr.clone());
        this.pathToNames.add(processGeneralName(i, (byte[]) bArr.clone()));
        this.pathToNamesFromApp.add(arrayList);
    }

    public java.security.cert.X509Certificate getCertificate() {
        return this.certificate;
    }

    public BigInteger getSerialNumber() {
        if (this.serialNumber != null) {
            return new BigInteger(this.serialNumber.toByteArray());
        }
        return null;
    }

    public String getIssuerAsString() {
        if (this.issuer != null) {
            return this.issuer.toString();
        }
        return null;
    }

    public byte[] getIssuerAsBytes() throws IOException {
        if (this.issuer != null) {
            return (byte[]) this.issuer.getEncoded().clone();
        }
        return null;
    }

    public String getSubjectAsString() {
        if (this.subject != null) {
            return this.subject.toString();
        }
        return null;
    }

    public byte[] getSubjectAsBytes() throws IOException {
        if (this.subject != null) {
            return (byte[]) this.subject.getEncoded().clone();
        }
        return null;
    }

    public byte[] getSubjectKeyIdentifier() {
        if (this.subjectKeyIdentifier != null) {
            return (byte[]) this.subjectKeyIdentifier.clone();
        }
        return null;
    }

    public byte[] getAuthorityKeyIdentifier() {
        if (this.authorityKeyIdentifier != null) {
            return (byte[]) this.authorityKeyIdentifier.clone();
        }
        return null;
    }

    public Date getCertificateValid() {
        if (this.certificateValid != null) {
            return new Date(this.certificateValid.getTime());
        }
        return null;
    }

    public Set getExtendedKeyUsage() {
        if (this.keyPurposeSet == null) {
            return null;
        }
        HashSet hashSet = new HashSet();
        Iterator it = this.keyPurposeSet.iterator();
        while (it.hasNext()) {
            hashSet.add(((ObjectIdentifier) it.next()).toString());
        }
        return Collections.unmodifiableSet(hashSet);
    }

    public Date getPrivateKeyValid() {
        if (this.privateKeyValid != null) {
            return new Date(this.privateKeyValid.getTime());
        }
        return null;
    }

    public String getSubjectPublicKeyAlgID() {
        if (this.subjectPublicKeyAlgID != null) {
            return this.subjectPublicKeyAlgID.getOID().toString();
        }
        return null;
    }

    public PublicKey getSubjectPublicKey() {
        return this.subjectPublicKey;
    }

    public boolean[] getKeyUsage() {
        if (this.keyUsage != null) {
            return (boolean[]) this.keyUsage.clone();
        }
        return null;
    }

    public boolean getMatchAllSubjectAltNames() {
        return this.matchAllNames;
    }

    public Collection getSubjectAlternativeNames() {
        if (this.subjectAlternativeNamesFromApp == null) {
            return null;
        }
        ArrayList arrayList = new ArrayList();
        Iterator it = this.subjectAlternativeNamesFromApp.iterator();
        while (it.hasNext()) {
            ArrayList arrayList2 = (ArrayList) it.next();
            ArrayList arrayList3 = new ArrayList(2);
            arrayList3.add(arrayList2.get(0));
            if (arrayList2.get(1) instanceof byte[]) {
                arrayList3.add(((byte[]) arrayList2.get(1)).clone());
            } else {
                arrayList3.add(arrayList2.get(1));
            }
            arrayList.add(arrayList3);
        }
        return arrayList;
    }

    public byte[] getNameConstraints() {
        if (this.baNameConstraints != null) {
            return (byte[]) this.baNameConstraints.clone();
        }
        return null;
    }

    public int getBasicConstraints() {
        return this.basicConstraints;
    }

    public Set getPolicy() {
        if (this.policy == null) {
            return null;
        }
        HashSet hashSet = new HashSet();
        Iterator it = this.policy.iterator();
        while (it.hasNext()) {
            hashSet.add(((ObjectIdentifier) it.next()).toString());
        }
        return Collections.unmodifiableSet(hashSet);
    }

    public Collection getPathToNames() {
        if (this.pathToNamesFromApp == null) {
            return null;
        }
        ArrayList arrayList = new ArrayList();
        Iterator it = this.pathToNamesFromApp.iterator();
        while (it.hasNext()) {
            ArrayList arrayList2 = (ArrayList) it.next();
            ArrayList arrayList3 = new ArrayList(2);
            arrayList3.add(arrayList2.get(0));
            if (arrayList2.get(1) instanceof byte[]) {
                arrayList3.add(((byte[]) arrayList2.get(1)).clone());
            } else {
                arrayList3.add(arrayList2.get(1));
            }
            arrayList.add(arrayList3);
        }
        return arrayList;
    }

    public String toString() {
        StringBuffer stringBuffer = new StringBuffer();
        stringBuffer.append("X509CertSelector:");
        stringBuffer.append("\n    AuthorityKeyIdentifier:");
        dumpBA(getAuthorityKeyIdentifier(), stringBuffer);
        stringBuffer.append("\n    BasicConstraints:");
        stringBuffer.append(getBasicConstraints());
        stringBuffer.append("\n    CertificateEquals:");
        stringBuffer.append(getCertificate());
        stringBuffer.append("\n    CertificateValid:");
        stringBuffer.append(getCertificateValid());
        stringBuffer.append("\n    ExtendedKeyUsage:");
        stringBuffer.append(getExtendedKeyUsage());
        stringBuffer.append("\n    IssuerAsString:");
        stringBuffer.append(getIssuerAsString());
        stringBuffer.append("\n    KeyUsage:");
        boolean[] keyUsage = getKeyUsage();
        if (keyUsage == null || keyUsage.length == 0) {
            stringBuffer.append("null");
        } else {
            stringBuffer.append(keyUsage[0]);
            for (int i = 1; i < keyUsage.length; i++) {
                stringBuffer.append(", ");
                stringBuffer.append(keyUsage[i]);
            }
        }
        stringBuffer.append("\n    MatchAllSubjectAltNames:");
        stringBuffer.append(getMatchAllSubjectAltNames());
        stringBuffer.append("\n    NameConstraints:");
        dumpBA(getNameConstraints(), stringBuffer);
        stringBuffer.append("\n    PathToNames:");
        stringBuffer.append(getPathToNames());
        stringBuffer.append("\n    Policy:");
        stringBuffer.append(getPolicy());
        stringBuffer.append("\n    PrivateKeyValid:");
        stringBuffer.append(getPrivateKeyValid());
        stringBuffer.append("\n    SerialNumber:");
        stringBuffer.append(getSerialNumber());
        stringBuffer.append("\n    SubjectAlternativeNames:");
        stringBuffer.append(getSubjectAlternativeNames());
        stringBuffer.append("\n    SubjectAsString:");
        stringBuffer.append(getSubjectAsString());
        stringBuffer.append("\n    SubjectKeyIdentifier:");
        dumpBA(getSubjectKeyIdentifier(), stringBuffer);
        stringBuffer.append("\n    SubjectPublicKey:");
        stringBuffer.append(getSubjectPublicKey());
        stringBuffer.append("\n    SubjectPublicKeyAlgID:");
        stringBuffer.append(getSubjectPublicKeyAlgID());
        return stringBuffer.toString();
    }

    private void dumpBA(byte[] bArr, StringBuffer stringBuffer) {
        if (bArr == null) {
            stringBuffer.append("null");
            return;
        }
        HexDumpEncoder hexDumpEncoder = new HexDumpEncoder();
        stringBuffer.append("\n");
        stringBuffer.append(hexDumpEncoder.encodeBuffer(bArr));
    }

    @Override // javax.security.cert.CertSelector
    public boolean match(java.security.cert.Certificate certificate) {
        X509CertImpl x509CertImpl;
        Date date;
        Date date2;
        GeneralNames generalNames;
        NameConstraintsExtension nameConstraintsExtension;
        boolean[] keyUsage;
        if (certificate == null || !(certificate instanceof java.security.cert.X509Certificate)) {
            return false;
        }
        if (certificate instanceof X509CertImpl) {
            x509CertImpl = (X509CertImpl) certificate;
        } else {
            try {
                x509CertImpl = new X509CertImpl(((java.security.cert.X509Certificate) certificate).getEncoded());
            } catch (java.security.cert.CertificateException e) {
                return false;
            }
        }
        if (this.certificate != null && !this.certificate.equals(certificate)) {
            return false;
        }
        if (this.serialNumber != null && this.serialNumber.compareTo(x509CertImpl.getSerialNumber()) != 0) {
            return false;
        }
        if (this.issuer != null && !this.issuer.equals(x509CertImpl.getIssuerDN()) && (!this.issuerAsString || !this.issuer.getRFC2253Name().equalsIgnoreCase(((X500Name) x509CertImpl.getIssuerDN()).getRFC2253Name()))) {
            return false;
        }
        if (this.subject != null && !this.subject.equals(x509CertImpl.getSubjectDN()) && (!this.subjectAsString || !this.subject.getRFC2253Name().equalsIgnoreCase(((X500Name) x509CertImpl.getSubjectDN()).getRFC2253Name()))) {
            return false;
        }
        if (this.subjectKeyIdentifier != null) {
            try {
                Object[] extension = getExtension(SubjectKeyIdentifierExtension.IDENT, x509CertImpl);
                KeyIdentifier keyIdentifier = (KeyIdentifier) new SubjectKeyIdentifierExtension((Boolean) extension[0], extension[1]).get("key_id");
                DerOutputStream derOutputStream = new DerOutputStream();
                keyIdentifier.encode(derOutputStream);
                if (!Arrays.equals(this.subjectKeyIdentifier, derOutputStream.toByteArray())) {
                    return false;
                }
            } catch (IOException e2) {
                return false;
            } catch (NullPointerException e3) {
                return false;
            } catch (CertPathValidatorException e4) {
                return false;
            }
        }
        if (this.authorityKeyIdentifier != null) {
            try {
                Object[] extension2 = getExtension(AuthorityKeyIdentifierExtension.IDENT, x509CertImpl);
                if (!Arrays.equals(this.authorityKeyIdentifier, ((KeyIdentifier) new AuthorityKeyIdentifierExtension((Boolean) extension2[0], extension2[1]).get("key_id")).getIdentifier())) {
                    return false;
                }
            } catch (IOException e5) {
                return false;
            } catch (NullPointerException e6) {
                return false;
            } catch (CertPathValidatorException e7) {
                return false;
            }
        }
        if (this.certificateValid != null && (this.certificateValid.before(x509CertImpl.getNotBefore()) || this.certificateValid.after(x509CertImpl.getNotAfter()))) {
            return false;
        }
        if (this.privateKeyValid != null) {
            try {
                Object[] extension3 = getExtension(PrivateKeyUsageExtension.IDENT, x509CertImpl);
                PrivateKeyUsageExtension privateKeyUsageExtension = new PrivateKeyUsageExtension((Boolean) extension3[0], extension3[1]);
                try {
                    date = (Date) privateKeyUsageExtension.get(PrivateKeyUsageExtension.NOT_BEFORE);
                } catch (NullPointerException e8) {
                    date = null;
                } catch (java.security.cert.CertificateException e9) {
                    date = null;
                }
                try {
                    date2 = (Date) privateKeyUsageExtension.get(PrivateKeyUsageExtension.NOT_AFTER);
                } catch (NullPointerException e10) {
                    date2 = null;
                } catch (java.security.cert.CertificateException e11) {
                    date2 = null;
                }
                if (date == null && date2 == null) {
                    return false;
                }
                if (date == null && this.privateKeyValid.before(date)) {
                    return false;
                }
                if (date2 == null) {
                    if (this.privateKeyValid.after(date2)) {
                        return false;
                    }
                }
            } catch (IOException e12) {
                return false;
            } catch (NullPointerException e13) {
                return false;
            } catch (java.security.cert.CertificateException e14) {
                return false;
            } catch (CertPathValidatorException e15) {
                return false;
            }
        }
        if (this.subjectPublicKeyAlgID != null && !this.subjectPublicKeyAlgID.equals(((X509Key) x509CertImpl.getPublicKey()).getAlgorithmId())) {
            return false;
        }
        if (this.subjectPublicKey != null && !Arrays.equals(this.subjectPublicKey.getEncoded(), x509CertImpl.getPublicKey().getEncoded())) {
            return false;
        }
        if (this.keyUsage != null && (keyUsage = x509CertImpl.getKeyUsage()) != null) {
            for (int i = 0; i < this.keyUsage.length; i++) {
                if (this.keyUsage[i] && (i >= keyUsage.length || !keyUsage[i])) {
                    return false;
                }
            }
        }
        if (this.keyPurposeSet != null && !this.keyPurposeSet.isEmpty()) {
            try {
                Object[] extension4 = getExtension(ExtKeyUsageExtension.IDENT, x509CertImpl);
                Vector vector = (Vector) new ExtKeyUsageExtension((Boolean) extension4[0], extension4[1]).get(ExtKeyUsageExtension.EXT_KEY_USAGE);
                Iterator it = this.keyPurposeSet.iterator();
                while (it.hasNext()) {
                    if (!vector.contains(new ObjectIdentifier((String) it.next()))) {
                        return false;
                    }
                }
            } catch (IOException e16) {
                return false;
            } catch (NullPointerException e17) {
                return false;
            } catch (CertPathValidatorException e18) {
                return false;
            }
        }
        if (this.subjectAlternativeNames != null || this.nameConstraints != null) {
            ArrayList arrayList = new ArrayList();
            try {
                Object[] extension5 = getExtension(SubjectAlternativeNameExtension.IDENT, x509CertImpl);
                generalNames = (GeneralNames) new SubjectAlternativeNameExtension((Boolean) extension5[0], extension5[1]).get(SubjectAlternativeNameExtension.SUBJECT_NAME);
            } catch (IOException e19) {
                generalNames = null;
            } catch (NullPointerException e20) {
                generalNames = null;
            } catch (CertPathValidatorException e21) {
                generalNames = null;
            }
            if (this.subjectAlternativeNames != null) {
                if (generalNames == null) {
                    return false;
                }
                try {
                    Iterator it2 = generalNames.iterator();
                    while (it2.hasNext()) {
                        try {
                            arrayList.add(processGeneralName((GeneralName) it2.next()));
                        } catch (IOException e22) {
                        }
                    }
                    boolean z = false;
                    if (getMatchAllSubjectAltNames()) {
                        Iterator it3 = this.subjectAlternativeNames.iterator();
                        while (it3.hasNext()) {
                            List list = (List) it3.next();
                            Iterator it4 = arrayList.iterator();
                            boolean z2 = false;
                            while (true) {
                                if (!it4.hasNext()) {
                                    break;
                                }
                                List list2 = (List) it4.next();
                                if (list2.get(0).equals(list.get(0))) {
                                    Object obj = list2.get(1);
                                    Object obj2 = list.get(1);
                                    if (!(obj instanceof byte[]) || !(obj2 instanceof byte[])) {
                                        if (obj.equals(obj2)) {
                                            z2 = true;
                                            break;
                                        }
                                    } else {
                                        if (Arrays.equals((byte[]) obj, (byte[]) obj2)) {
                                            z2 = true;
                                            break;
                                        }
                                    }
                                }
                            }
                            if (!z2) {
                                return false;
                            }
                        }
                    } else {
                        Iterator it5 = this.subjectAlternativeNames.iterator();
                        while (it5.hasNext()) {
                            List list3 = (List) it5.next();
                            Iterator it6 = arrayList.iterator();
                            z = false;
                            while (true) {
                                if (!it6.hasNext()) {
                                    break;
                                }
                                List list4 = (List) it6.next();
                                if (list4.get(0).equals(list3.get(0))) {
                                    Object obj3 = list4.get(1);
                                    Object obj4 = list3.get(1);
                                    if (!(obj3 instanceof byte[]) || !(obj4 instanceof byte[])) {
                                        if (obj3.equals(obj4)) {
                                            z = true;
                                            break;
                                        }
                                    } else {
                                        if (Arrays.equals((byte[]) obj3, (byte[]) obj4)) {
                                            z = true;
                                            break;
                                        }
                                    }
                                }
                            }
                            if (z) {
                                break;
                            }
                        }
                        if (!z) {
                            return false;
                        }
                    }
                } catch (NullPointerException e23) {
                    return false;
                }
            }
            if (this.nameConstraints != null && !x509CertImpl.getIssuerDN().equals(x509CertImpl.getSubjectDN())) {
                X500Name x500Name = (X500Name) x509CertImpl.getSubjectDN();
                Collection arrayList2 = new ArrayList();
                ArrayList arrayList3 = new ArrayList();
                arrayList3.add(new Integer(4));
                arrayList3.add(x500Name);
                arrayList2.add(arrayList3);
                if (!namesMatchConstraints(arrayList2, this.nameConstraints[0], this.nameConstraints[1])) {
                    return false;
                }
                try {
                    String email = x500Name.getEmail();
                    if (email != null) {
                        DerValue derValue = new DerValue(email);
                        derValue.resetTag((byte) 22);
                        Object processGeneralName = processGeneralName(1, derValue.getIA5String().toLowerCase());
                        arrayList2.clear();
                        arrayList2.add(processGeneralName);
                        if (!namesMatchConstraints(arrayList2, this.nameConstraints[0], this.nameConstraints[1])) {
                            return false;
                        }
                    }
                    if (arrayList != null && !namesMatchConstraints(arrayList, this.nameConstraints[0], this.nameConstraints[1])) {
                        return false;
                    }
                } catch (IOException e24) {
                    return false;
                }
            }
        }
        if (this.basicConstraints >= 0 && this.basicConstraints > x509CertImpl.getBasicConstraints()) {
            return false;
        }
        if (this.basicConstraints == -2 && x509CertImpl.getIssuerDN().equals(x509CertImpl.getSubjectDN())) {
            return false;
        }
        if (this.policy != null) {
            try {
                Object[] extension6 = getExtension(CertificatePoliciesExtension.IDENT, x509CertImpl);
                Vector vector2 = (Vector) new CertificatePoliciesExtension((Boolean) extension6[0], extension6[1]).get(CertificatePoliciesExtension.CERT_POLICIES);
                if (!this.policy.isEmpty() || vector2.isEmpty()) {
                    boolean z3 = false;
                    int i2 = 0;
                    while (true) {
                        if (i2 >= vector2.size()) {
                            break;
                        }
                        if (this.policy.contains(((PolicyInformation) vector2.get(i2)).getPolicyIdentifier())) {
                            z3 = true;
                            break;
                        }
                        i2++;
                    }
                    if (!z3) {
                        return false;
                    }
                }
            } catch (IOException e25) {
                return false;
            } catch (NullPointerException e26) {
                return false;
            } catch (CertPathValidatorException e27) {
                return false;
            }
        }
        if (this.pathToNames == null) {
            return true;
        }
        try {
            nameConstraintsExtension = (NameConstraintsExtension) x509CertImpl.get(NameConstraintsExtension.IDENT);
        } catch (java.security.cert.CertificateParsingException e28) {
            nameConstraintsExtension = null;
        }
        if (nameConstraintsExtension == null) {
            return true;
        }
        try {
            return namesMatchConstraints(this.pathToNames, (GeneralSubtrees) nameConstraintsExtension.get(NameConstraintsExtension.PERMITTED_SUBTREES), (GeneralSubtrees) nameConstraintsExtension.get(NameConstraintsExtension.EXCLUDED_SUBTREES));
        } catch (IOException e29) {
            return false;
        } catch (NullPointerException e30) {
            return false;
        }
    }

    private Object[] getExtension(String str, java.security.cert.X509Certificate x509Certificate) throws CertPathValidatorException {
        boolean z = false;
        String objectIdentifier = OIDMap.getOID(str).toString();
        byte[] extensionValue = x509Certificate.getExtensionValue(objectIdentifier);
        if (extensionValue != null) {
            z = x509Certificate.getCriticalExtensionOIDs().contains(objectIdentifier);
            try {
                extensionValue = new DerValue(extensionValue).getOctetString();
            } catch (IOException e) {
                throw new CertPathValidatorException("An internal error has occurred.", e);
            }
        }
        return new Object[]{new Boolean(z), extensionValue};
    }

    private boolean namesMatchConstraints(Collection collection, GeneralSubtrees generalSubtrees, GeneralSubtrees generalSubtrees2) {
        List processGeneralName;
        if (generalSubtrees == null && generalSubtrees2 == null) {
            return false;
        }
        Vector subtrees = generalSubtrees != null ? generalSubtrees.getSubtrees() : null;
        Vector subtrees2 = generalSubtrees2 != null ? generalSubtrees2.getSubtrees() : null;
        for (Object obj : collection) {
            if (obj instanceof GeneralName) {
                try {
                    processGeneralName = processGeneralName((GeneralName) obj);
                } catch (IOException e) {
                    return false;
                }
            } else {
                processGeneralName = (List) obj;
            }
            if (subtrees2 != null) {
                for (int i = 0; i < subtrees2.size(); i++) {
                    GeneralName base = ((GeneralSubtree) subtrees2.get(i)).getBase();
                    if (((Integer) processGeneralName.get(0)).intValue() == base.getType() && processGeneralName.get(1).toString().equals(base.toString())) {
                        return false;
                    }
                }
            }
            if (subtrees != null) {
                boolean z = false;
                int i2 = 0;
                while (true) {
                    if (i2 >= subtrees.size()) {
                        break;
                    }
                    GeneralName base2 = ((GeneralSubtree) subtrees.get(i2)).getBase();
                    if (((Integer) processGeneralName.get(0)).intValue() == base2.getType() && processGeneralName.get(1).toString().equals(base2.toString())) {
                        z = true;
                        break;
                    }
                    i2++;
                }
                if (!z) {
                    return false;
                }
            }
        }
        return true;
    }

    private boolean nameMatchesConstraint(List list, List list2) {
        int intValue = ((Integer) list.get(0)).intValue();
        if (intValue != ((Integer) list2.get(0)).intValue()) {
            return false;
        }
        switch (intValue) {
            case 0:
            case 3:
            case 5:
            case 8:
                return ((String) list.get(1)).equals((String) list2.get(1));
            case 1:
                String str = (String) list.get(1);
                String str2 = (String) list2.get(1);
                return str.equals(str2) || str.endsWith(new StringBuffer().append(PrincipalName.NAME_REALM_SEPARATOR_STR).append(str2).toString()) || (str2.startsWith(".") && str.endsWith(str2));
            case 2:
                String str3 = (String) list.get(1);
                String str4 = (String) list2.get(1);
                return str3.equals(str4) || str3.endsWith(str4);
            case 4:
                X500Name x500Name = (X500Name) list.get(1);
                X500Name x500Name2 = (X500Name) list2.get(1);
                if (x500Name2.size() > x500Name.size()) {
                    return false;
                }
                boolean z = true;
                int i = 0;
                while (true) {
                    if (i < x500Name2.size()) {
                        if (x500Name2.getRDN(i).equals((Object) x500Name.getRDN(i))) {
                            i++;
                        } else {
                            z = false;
                        }
                    }
                }
                return z;
            case 6:
                String str5 = (String) list.get(1);
                String str6 = (String) list2.get(1);
                try {
                    String lowerCase = new URL(str5).getHost().toLowerCase();
                    String lowerCase2 = new URL(str6).getHost().toLowerCase();
                    return lowerCase.equals(lowerCase2) || lowerCase.endsWith(new StringBuffer().append(".").append(lowerCase2).toString());
                } catch (MalformedURLException e) {
                    return false;
                }
            case 7:
                return ((String) list.get(1)).equals((String) list2.get(1));
            default:
                return false;
        }
    }

    private List processGeneralName(GeneralName generalName) throws IOException {
        DerOutputStream derOutputStream = new DerOutputStream();
        generalName.encode(derOutputStream);
        return processGeneralName(generalName.getType(), new DerInputStream(derOutputStream.toByteArray()).getDerValue().getData().toByteArray());
    }

    private List processGeneralName(int i, String str) throws IOException {
        ArrayList arrayList = new ArrayList(2);
        arrayList.add(0, new Integer(i));
        switch (i) {
            case 1:
                arrayList.add(1, new RFC822Name(str));
                break;
            case 2:
                arrayList.add(1, new DNSName(str));
                break;
            case 3:
            case 5:
            default:
                throw new IOException(new StringBuffer().append("Unable to parse String of name type ").append(i).toString());
            case 4:
                arrayList.add(1, new X500Name(str));
                break;
            case 6:
                arrayList.add(1, new URIName(str));
                break;
            case 7:
                arrayList.add(1, new IPAddressName(str));
                break;
            case 8:
                arrayList.add(1, new OIDName(new ObjectIdentifier(str)));
                break;
        }
        return arrayList;
    }

    private List processGeneralName(int i, byte[] bArr) throws IOException {
        ArrayList arrayList = new ArrayList(2);
        arrayList.add(0, new Integer(i));
        switch (i) {
            case 0:
                arrayList.add(1, new OtherName(new DerValue(bArr)));
                break;
            case 1:
                arrayList.add(1, new RFC822Name(new DerValue(bArr)));
                break;
            case 2:
                arrayList.add(1, new DNSName(new DerValue(bArr)));
                break;
            case 3:
                arrayList.add(1, new X400Address(new DerValue(bArr)));
                break;
            case 4:
                arrayList.add(1, new X500Name(new DerValue(bArr)));
                break;
            case 5:
                arrayList.add(1, new EDIPartyName(new DerValue(bArr)));
                break;
            case 6:
                arrayList.add(1, new URIName(new DerValue(bArr)));
                break;
            case 7:
                arrayList.add(1, new IPAddressName(new DerValue(bArr)));
                break;
            case 8:
                arrayList.add(1, new OIDName(new DerValue(bArr)));
                break;
            default:
                throw new IOException(new StringBuffer().append("Unable to parse byte array of name type ").append(i).toString());
        }
        return arrayList;
    }

    @Override // javax.security.cert.CertSelector
    public Object clone() {
        try {
            Object clone = super.clone();
            if (this.subjectAlternativeNames != null) {
                this.subjectAlternativeNames = new ArrayList(this.subjectAlternativeNames);
                this.subjectAlternativeNamesFromApp = new ArrayList(this.subjectAlternativeNamesFromApp);
            }
            if (this.pathToNames != null) {
                this.pathToNames = new ArrayList(this.pathToNames);
                this.pathToNamesFromApp = new ArrayList(this.pathToNamesFromApp);
            }
            return clone;
        } catch (CloneNotSupportedException e) {
            throw new InternalError(e.toString());
        }
    }
}
