package sun.security.provider.certpath;

import java.io.IOException;
import java.security.cert.CertPathValidatorException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.PKIXCertPathChecker;
import java.security.cert.PolicyNode;
import java.security.cert.X509Certificate;
import java.util.Collection;
import java.util.Collections;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Set;
import java.util.Vector;
import sun.security.util.Debug;
import sun.security.x509.CertificatePoliciesExtension;
import sun.security.x509.CertificatePolicyMap;
import sun.security.x509.InhibitAnyPolicyExtension;
import sun.security.x509.PKIXExtensions;
import sun.security.x509.PolicyConstraintsExtension;
import sun.security.x509.PolicyInformation;
import sun.security.x509.PolicyMappingsExtension;
import sun.security.x509.X509CertImpl;

/* loaded from: input_file:efixes/JDKiFix_nd_solaris/components/prereq.jdk/update.jar:/java/jre/lib/rt.jar:sun/security/provider/certpath/PolicyChecker.class */
class PolicyChecker extends PKIXCertPathChecker {
    private final Set initPolicies;
    private final int certPathLen;
    private final boolean expPolicyRequired;
    private final boolean polMappingInhibited;
    private final boolean anyPolicyInhibited;
    private final boolean rejectPolicyQualifiers;
    private PolicyNodeImpl rootNode;
    private int explicitPolicy;
    private int policyMapping;
    private int inhibitAnyPolicy;
    private int certIndex;
    private Set supportedExts;
    private static final Debug debug = Debug.getInstance("certpath");
    static final String ANY_POLICY = "2.5.29.32.0";

    @Override // java.security.cert.PKIXCertPathChecker
    public boolean isForwardCheckingSupported() {
        return false;
    }

    @Override // java.security.cert.PKIXCertPathChecker
    public void init(boolean z) throws CertPathValidatorException {
        if (z) {
            throw new CertPathValidatorException("forward checking not supported");
        }
        this.certIndex = 1;
        this.explicitPolicy = this.expPolicyRequired ? 0 : this.certPathLen + 1;
        this.policyMapping = this.polMappingInhibited ? 0 : this.certPathLen + 1;
        this.inhibitAnyPolicy = this.anyPolicyInhibited ? 0 : this.certPathLen + 1;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public PolicyNode getPolicyTree() {
        if (this.rootNode == null) {
            return null;
        }
        PolicyNodeImpl copyTree = this.rootNode.copyTree();
        copyTree.setImmutable();
        return copyTree;
    }

    private void checkPolicy(X509Certificate x509Certificate) throws CertPathValidatorException {
        if (debug != null) {
            debug.println(new StringBuffer().append("PolicyChecker.checkPolicy() ---checking ").append("certificate policies").append("...").toString());
            debug.println(new StringBuffer().append("PolicyChecker.checkPolicy() certIndex = ").append(this.certIndex).toString());
            debug.println(new StringBuffer().append("PolicyChecker.checkPolicy() BEFORE PROCESSING: explicitPolicy = ").append(this.explicitPolicy).toString());
            debug.println(new StringBuffer().append("PolicyChecker.checkPolicy() BEFORE PROCESSING: policyMapping = ").append(this.policyMapping).toString());
            debug.println(new StringBuffer().append("PolicyChecker.checkPolicy() BEFORE PROCESSING: inhibitAnyPolicy = ").append(this.inhibitAnyPolicy).toString());
            debug.println(new StringBuffer().append("PolicyChecker.checkPolicy() BEFORE PROCESSING: policyTree = ").append(this.rootNode).toString());
        }
        try {
            X509CertImpl impl = X509CertImpl.toImpl(x509Certificate);
            boolean z = this.certIndex == this.certPathLen;
            this.rootNode = processPolicies(this.certIndex, this.initPolicies, this.explicitPolicy, this.policyMapping, this.inhibitAnyPolicy, this.rejectPolicyQualifiers, this.rootNode, impl, z);
            if (!z) {
                this.explicitPolicy = mergeExplicitPolicy(this.explicitPolicy, impl, z);
                this.policyMapping = mergePolicyMapping(this.policyMapping, impl);
                this.inhibitAnyPolicy = mergeInhibitAnyPolicy(this.inhibitAnyPolicy, impl);
            }
            this.certIndex++;
            if (debug != null) {
                debug.println(new StringBuffer().append("PolicyChecker.checkPolicy() AFTER PROCESSING: explicitPolicy = ").append(this.explicitPolicy).toString());
                debug.println(new StringBuffer().append("PolicyChecker.checkPolicy() AFTER PROCESSING: policyMapping = ").append(this.policyMapping).toString());
                debug.println(new StringBuffer().append("PolicyChecker.checkPolicy() AFTER PROCESSING: inhibitAnyPolicy = ").append(this.inhibitAnyPolicy).toString());
                debug.println(new StringBuffer().append("PolicyChecker.checkPolicy() AFTER PROCESSING: policyTree = ").append(this.rootNode).toString());
                debug.println(new StringBuffer().append("PolicyChecker.checkPolicy() ").append("certificate policies").append(" verified").toString());
            }
        } catch (CertificateException e) {
            throw new CertPathValidatorException(e);
        }
    }

    @Override // java.security.cert.PKIXCertPathChecker
    public Set getSupportedExtensions() {
        if (this.supportedExts == null) {
            this.supportedExts = new HashSet();
            this.supportedExts.add(PKIXExtensions.CertificatePolicies_Id.toString());
            this.supportedExts.add(PKIXExtensions.PolicyMappings_Id.toString());
            this.supportedExts.add(PKIXExtensions.PolicyConstraints_Id.toString());
            this.supportedExts.add(PKIXExtensions.InhibitAnyPolicy_Id.toString());
            this.supportedExts = Collections.unmodifiableSet(this.supportedExts);
        }
        return this.supportedExts;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static int mergeInhibitAnyPolicy(int i, X509CertImpl x509CertImpl) throws CertPathValidatorException {
        if (i > 0 && !X509CertImpl.isSelfIssued(x509CertImpl)) {
            i--;
        }
        try {
            InhibitAnyPolicyExtension inhibitAnyPolicyExtension = (InhibitAnyPolicyExtension) x509CertImpl.getExtension(PKIXExtensions.InhibitAnyPolicy_Id);
            if (inhibitAnyPolicyExtension == null) {
                return i;
            }
            int intValue = ((Integer) inhibitAnyPolicyExtension.get(InhibitAnyPolicyExtension.SKIP_CERTS)).intValue();
            if (debug != null) {
                debug.println(new StringBuffer().append("PolicyChecker.mergeInhibitAnyPolicy() skipCerts Index from cert = ").append(intValue).toString());
            }
            if (intValue != -1 && intValue < i) {
                i = intValue;
            }
            return i;
        } catch (Exception e) {
            if (debug != null) {
                debug.println("PolicyChecker.mergeInhibitAnyPolicy unexpected exception");
                e.printStackTrace();
            }
            throw new CertPathValidatorException(e);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static int mergePolicyMapping(int i, X509CertImpl x509CertImpl) throws CertPathValidatorException {
        if (i > 0 && !X509CertImpl.isSelfIssued(x509CertImpl)) {
            i--;
        }
        try {
            PolicyConstraintsExtension policyConstraintsExtension = x509CertImpl.getPolicyConstraintsExtension();
            if (policyConstraintsExtension == null) {
                return i;
            }
            int intValue = ((Integer) policyConstraintsExtension.get("inhibit")).intValue();
            if (debug != null) {
                debug.println(new StringBuffer().append("PolicyChecker.mergePolicyMapping() inhibit Index from cert = ").append(intValue).toString());
            }
            if (intValue != -1 && (i == -1 || intValue < i)) {
                i = intValue;
            }
            return i;
        } catch (Exception e) {
            if (debug != null) {
                debug.println("PolicyChecker.mergePolicyMapping unexpected exception");
                e.printStackTrace();
            }
            throw new CertPathValidatorException(e);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static int mergeExplicitPolicy(int i, X509CertImpl x509CertImpl, boolean z) throws CertPathValidatorException {
        if (i > 0 && !X509CertImpl.isSelfIssued(x509CertImpl)) {
            i--;
        }
        try {
            PolicyConstraintsExtension policyConstraintsExtension = x509CertImpl.getPolicyConstraintsExtension();
            if (policyConstraintsExtension == null) {
                return i;
            }
            int intValue = ((Integer) policyConstraintsExtension.get("require")).intValue();
            if (debug != null) {
                debug.println(new StringBuffer().append("PolicyChecker.mergeExplicitPolicy() require Index from cert = ").append(intValue).toString());
            }
            if (z) {
                if (intValue == 0) {
                    i = intValue;
                }
            } else if (intValue != -1 && (i == -1 || intValue < i)) {
                i = intValue;
            }
            return i;
        } catch (Exception e) {
            if (debug != null) {
                debug.println("PolicyChecker.mergeExplicitPolicy unexpected exception");
                e.printStackTrace();
            }
            throw new CertPathValidatorException(e);
        }
    }

    @Override // java.security.cert.PKIXCertPathChecker
    public void check(Certificate certificate, Collection collection) throws CertPathValidatorException {
        checkPolicy((X509Certificate) certificate);
        if (collection == null || collection.isEmpty()) {
            return;
        }
        collection.remove(PKIXExtensions.CertificatePolicies_Id.toString());
        collection.remove(PKIXExtensions.PolicyMappings_Id.toString());
        collection.remove(PKIXExtensions.PolicyConstraints_Id.toString());
        collection.remove(PKIXExtensions.InhibitAnyPolicy_Id.toString());
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public PolicyChecker(Set set, int i, boolean z, boolean z2, boolean z3, boolean z4, PolicyNodeImpl policyNodeImpl) throws CertPathValidatorException {
        if (set.isEmpty()) {
            this.initPolicies = new HashSet(1);
            this.initPolicies.add(ANY_POLICY);
        } else {
            this.initPolicies = new HashSet(set);
        }
        this.certPathLen = i;
        this.expPolicyRequired = z;
        this.polMappingInhibited = z2;
        this.anyPolicyInhibited = z3;
        this.rejectPolicyQualifiers = z4;
        this.rootNode = policyNodeImpl;
        init(false);
    }

    private static boolean processParents(int i, boolean z, boolean z2, PolicyNodeImpl policyNodeImpl, String str, Set set, boolean z3) throws CertPathValidatorException {
        boolean z4 = false;
        if (debug != null) {
            debug.println(new StringBuffer().append("PolicyChecker.processParents(): matchAny = ").append(z3).toString());
        }
        for (PolicyNodeImpl policyNodeImpl2 : policyNodeImpl.getPolicyNodesExpected(i - 1, str, z3)) {
            if (debug != null) {
                debug.println(new StringBuffer().append("PolicyChecker.processParents() found parent:\n").append(policyNodeImpl2.asString()).toString());
            }
            z4 = true;
            policyNodeImpl2.getValidPolicy();
            if (str.equals(ANY_POLICY)) {
                for (String str2 : policyNodeImpl2.getExpectedPolicies()) {
                    Iterator children = policyNodeImpl2.getChildren();
                    while (true) {
                        if (!children.hasNext()) {
                            HashSet hashSet = new HashSet();
                            hashSet.add(str2);
                            new PolicyNodeImpl(policyNodeImpl2, str2, set, z, hashSet, false);
                            break;
                        }
                        String validPolicy = ((PolicyNodeImpl) children.next()).getValidPolicy();
                        if (str2.equals(validPolicy)) {
                            if (debug != null) {
                                debug.println(new StringBuffer().append(validPolicy).append(" in parent's ").append("expected policy set already appears in ").append("child node").toString());
                            }
                        }
                    }
                }
            } else {
                HashSet hashSet2 = new HashSet();
                hashSet2.add(str);
                new PolicyNodeImpl(policyNodeImpl2, str, set, z, hashSet2, false);
            }
        }
        return z4;
    }

    private static PolicyNodeImpl rewriteLeafNodes(int i, Set set, PolicyNodeImpl policyNodeImpl) {
        Set policyNodesValid = policyNodeImpl.getPolicyNodesValid(i, ANY_POLICY);
        if (policyNodesValid.isEmpty()) {
            return policyNodeImpl;
        }
        PolicyNodeImpl policyNodeImpl2 = (PolicyNodeImpl) policyNodesValid.iterator().next();
        PolicyNodeImpl policyNodeImpl3 = (PolicyNodeImpl) policyNodeImpl2.getParent();
        policyNodeImpl3.deleteChild(policyNodeImpl2);
        HashSet<String> hashSet = new HashSet(set);
        Iterator it = policyNodeImpl.getPolicyNodes(i).iterator();
        while (it.hasNext()) {
            hashSet.remove(((PolicyNodeImpl) it.next()).getValidPolicy());
        }
        if (hashSet.isEmpty()) {
            policyNodeImpl.prune(i);
            if (!policyNodeImpl.getChildren().hasNext()) {
                policyNodeImpl = null;
            }
        } else {
            boolean isCritical = policyNodeImpl2.isCritical();
            Set policyQualifiers = policyNodeImpl2.getPolicyQualifiers();
            for (String str : hashSet) {
                new PolicyNodeImpl(policyNodeImpl3, str, policyQualifiers, isCritical, Collections.singleton(str), false);
            }
        }
        return policyNodeImpl;
    }

    private static PolicyNodeImpl processPolicyMappings(X509CertImpl x509CertImpl, int i, int i2, PolicyNodeImpl policyNodeImpl, boolean z, Set set) throws CertPathValidatorException {
        PolicyMappingsExtension policyMappingsExtension = x509CertImpl.getPolicyMappingsExtension();
        if (policyMappingsExtension == null) {
            return policyNodeImpl;
        }
        if (debug != null) {
            debug.println("PolicyChecker.processPolicyMappings() inside policyMapping check");
        }
        try {
            Vector vector = (Vector) policyMappingsExtension.get("map");
            boolean z2 = false;
            for (int i3 = 0; i3 < vector.size(); i3++) {
                CertificatePolicyMap certificatePolicyMap = (CertificatePolicyMap) vector.get(i3);
                String objectIdentifier = certificatePolicyMap.getIssuerIdentifier().getIdentifier().toString();
                String objectIdentifier2 = certificatePolicyMap.getSubjectIdentifier().getIdentifier().toString();
                if (debug != null) {
                    debug.println(new StringBuffer().append("PolicyChecker.processPolicyMappings() issuerDomain = ").append(objectIdentifier).toString());
                    debug.println(new StringBuffer().append("PolicyChecker.processPolicyMappings() subjectDomain = ").append(objectIdentifier2).toString());
                }
                if (objectIdentifier.equals(ANY_POLICY)) {
                    throw new CertPathValidatorException("encountered an issuerDomainPolicy of ANY_POLICY");
                }
                if (objectIdentifier2.equals(ANY_POLICY)) {
                    throw new CertPathValidatorException("encountered a subjectDomainPolicy of ANY_POLICY");
                }
                Set<PolicyNodeImpl> policyNodesValid = policyNodeImpl.getPolicyNodesValid(i, objectIdentifier);
                if (!policyNodesValid.isEmpty()) {
                    for (PolicyNodeImpl policyNodeImpl2 : policyNodesValid) {
                        if (i2 > 0 || i2 == -1) {
                            policyNodeImpl2.addExpectedPolicy(objectIdentifier2);
                        } else if (i2 == 0) {
                            PolicyNodeImpl policyNodeImpl3 = (PolicyNodeImpl) policyNodeImpl2.getParent();
                            if (debug != null) {
                                debug.println(new StringBuffer().append("PolicyChecker.processPolicyMappings() before deleting: policy tree = ").append(policyNodeImpl).toString());
                            }
                            policyNodeImpl3.deleteChild(policyNodeImpl2);
                            z2 = true;
                            if (debug != null) {
                                debug.println(new StringBuffer().append("PolicyChecker.processPolicyMappings() after deleting: policy tree = ").append(policyNodeImpl).toString());
                            }
                        }
                    }
                } else if (i2 > 0 || i2 == -1) {
                    Iterator it = policyNodeImpl.getPolicyNodesValid(i, ANY_POLICY).iterator();
                    while (it.hasNext()) {
                        PolicyNodeImpl policyNodeImpl4 = (PolicyNodeImpl) ((PolicyNodeImpl) it.next()).getParent();
                        HashSet hashSet = new HashSet();
                        hashSet.add(objectIdentifier2);
                        new PolicyNodeImpl(policyNodeImpl4, objectIdentifier, set, z, hashSet, true);
                    }
                }
            }
            if (z2) {
                policyNodeImpl.prune(i);
                if (!policyNodeImpl.getChildren().hasNext()) {
                    if (debug != null) {
                        debug.println("setting rootNode to null");
                    }
                    policyNodeImpl = null;
                }
            }
            return policyNodeImpl;
        } catch (IOException e) {
            if (debug != null) {
                debug.println("PolicyChecker.processPolicyMappings() mapping exception");
                e.printStackTrace();
            }
            throw new CertPathValidatorException("Exception while checking mapping", e);
        }
    }

    private static PolicyNodeImpl removeInvalidNodes(PolicyNodeImpl policyNodeImpl, int i, Set set, CertificatePoliciesExtension certificatePoliciesExtension) throws CertPathValidatorException {
        try {
            boolean z = false;
            Iterator it = ((Vector) certificatePoliciesExtension.get(CertificatePoliciesExtension.POLICIES)).iterator();
            while (it.hasNext()) {
                String objectIdentifier = ((PolicyInformation) it.next()).getPolicyIdentifier().getIdentifier().toString();
                if (debug != null) {
                    debug.println(new StringBuffer().append("PolicyChecker.processPolicies() processing policy second time: ").append(objectIdentifier).toString());
                }
                for (PolicyNodeImpl policyNodeImpl2 : policyNodeImpl.getPolicyNodesValid(i, objectIdentifier)) {
                    PolicyNodeImpl policyNodeImpl3 = (PolicyNodeImpl) policyNodeImpl2.getParent();
                    if (policyNodeImpl3.getValidPolicy().equals(ANY_POLICY) && !set.contains(objectIdentifier) && !objectIdentifier.equals(ANY_POLICY)) {
                        if (debug != null) {
                            debug.println(new StringBuffer().append("PolicyChecker.processPolicies() before deleting: policy tree = ").append(policyNodeImpl).toString());
                        }
                        policyNodeImpl3.deleteChild(policyNodeImpl2);
                        z = true;
                        if (debug != null) {
                            debug.println(new StringBuffer().append("PolicyChecker.processPolicies() after deleting: policy tree = ").append(policyNodeImpl).toString());
                        }
                    }
                }
            }
            if (z) {
                policyNodeImpl.prune(i);
                if (!policyNodeImpl.getChildren().hasNext()) {
                    policyNodeImpl = null;
                }
            }
            return policyNodeImpl;
        } catch (IOException e) {
            throw new CertPathValidatorException("Exception while retrieving policyOIDs", e);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r0v74, types: [java.util.Set] */
    public static PolicyNodeImpl processPolicies(int i, Set set, int i2, int i3, int i4, boolean z, PolicyNodeImpl policyNodeImpl, X509CertImpl x509CertImpl, boolean z2) throws CertPathValidatorException {
        boolean z3 = false;
        HashSet hashSet = new HashSet();
        PolicyNodeImpl copyTree = policyNodeImpl == null ? null : policyNodeImpl.copyTree();
        CertificatePoliciesExtension certificatePoliciesExtension = x509CertImpl.getCertificatePoliciesExtension();
        if (certificatePoliciesExtension != null && copyTree != null) {
            z3 = certificatePoliciesExtension.isCritical();
            if (debug != null) {
                debug.println(new StringBuffer().append("PolicyChecker.processPolicies() policiesCritical = ").append(z3).toString());
            }
            try {
                Vector vector = (Vector) certificatePoliciesExtension.get(CertificatePoliciesExtension.POLICIES);
                if (debug != null) {
                    debug.println(new StringBuffer().append("PolicyChecker.processPolicies() rejectPolicyQualifiers = ").append(z).toString());
                }
                boolean z4 = false;
                Iterator it = vector.iterator();
                while (it.hasNext()) {
                    PolicyInformation policyInformation = (PolicyInformation) it.next();
                    String objectIdentifier = policyInformation.getPolicyIdentifier().getIdentifier().toString();
                    if (objectIdentifier.equals(ANY_POLICY)) {
                        z4 = true;
                        hashSet = policyInformation.getPolicyQualifiers();
                    } else {
                        if (debug != null) {
                            debug.println(new StringBuffer().append("PolicyChecker.processPolicies() processing policy: ").append(objectIdentifier).toString());
                        }
                        Set policyQualifiers = policyInformation.getPolicyQualifiers();
                        if (!policyQualifiers.isEmpty() && z && z3) {
                            throw new CertPathValidatorException("critical policy qualifiers present in certificate");
                        }
                        if (!processParents(i, z3, z, copyTree, objectIdentifier, policyQualifiers, false)) {
                            processParents(i, z3, z, copyTree, objectIdentifier, policyQualifiers, true);
                        }
                    }
                }
                if (z4 && (i4 > 0 || (!z2 && X509CertImpl.isSelfIssued(x509CertImpl)))) {
                    if (debug != null) {
                        debug.println("PolicyChecker.processPolicies() processing policy: 2.5.29.32.0");
                    }
                    processParents(i, z3, z, copyTree, ANY_POLICY, hashSet, true);
                }
                copyTree.prune(i);
                if (!copyTree.getChildren().hasNext()) {
                    copyTree = null;
                }
            } catch (IOException e) {
                throw new CertPathValidatorException("Exception while retrieving policyOIDs", e);
            }
        } else if (certificatePoliciesExtension == null) {
            if (debug != null) {
                debug.println("PolicyChecker.processPolicies() no policies present in cert");
            }
            copyTree = null;
        }
        if (copyTree != null && !z2) {
            copyTree = processPolicyMappings(x509CertImpl, i, i3, copyTree, z3, hashSet);
        }
        if (copyTree != null && !set.contains(ANY_POLICY) && certificatePoliciesExtension != null) {
            copyTree = removeInvalidNodes(copyTree, i, set, certificatePoliciesExtension);
            if (copyTree != null && z2) {
                copyTree = rewriteLeafNodes(i, set, copyTree);
            }
        }
        if (z2) {
            i2 = mergeExplicitPolicy(i2, x509CertImpl, z2);
        }
        if (i2 == 0 && copyTree == null) {
            throw new CertPathValidatorException("non-null policy tree required and policy tree is null");
        }
        return copyTree;
    }
}
