package ru.CryptoPro.reprov.certpath;

import java.io.IOException;
import java.math.BigInteger;
import java.security.PublicKey;
import java.security.cert.CertSelector;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.CertificateExpiredException;
import java.security.cert.CertificateNotYetValidException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collection;
import java.util.Collections;
import java.util.Date;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Set;
import java.util.Vector;
import org.apache.xml.security.keys.content.x509.XMLX509SKI;
import ru.CryptoPro.AdES.tools.AdESUtility;
import ru.CryptoPro.JCP.Util.HexDumpEncoder;
import ru.CryptoPro.JCP.tools.JCPLogger;
import ru.CryptoPro.reprov.array.DerInputStream;
import ru.CryptoPro.reprov.array.DerValue;
import ru.CryptoPro.reprov.array.ObjectIdentifier;
import ru.CryptoPro.reprov.x509.AlgorithmId;
import ru.CryptoPro.reprov.x509.CertificatePoliciesExtension;
import ru.CryptoPro.reprov.x509.CertificatePolicyId;
import ru.CryptoPro.reprov.x509.DNSName;
import ru.CryptoPro.reprov.x509.EDIPartyName;
import ru.CryptoPro.reprov.x509.ExtendedKeyUsageExtension;
import ru.CryptoPro.reprov.x509.Extension;
import ru.CryptoPro.reprov.x509.GeneralName;
import ru.CryptoPro.reprov.x509.GeneralNameInterface;
import ru.CryptoPro.reprov.x509.GeneralNames;
import ru.CryptoPro.reprov.x509.GeneralSubtree;
import ru.CryptoPro.reprov.x509.GeneralSubtrees;
import ru.CryptoPro.reprov.x509.IPAddressName;
import ru.CryptoPro.reprov.x509.NameConstraintsExtension;
import ru.CryptoPro.reprov.x509.OIDName;
import ru.CryptoPro.reprov.x509.OtherName;
import ru.CryptoPro.reprov.x509.PolicyInformation;
import ru.CryptoPro.reprov.x509.PrivateKeyUsageExtension;
import ru.CryptoPro.reprov.x509.RFC822Name;
import ru.CryptoPro.reprov.x509.SubjectAlternativeNameExtension;
import ru.CryptoPro.reprov.x509.URIName;
import ru.CryptoPro.reprov.x509.X400Address;
import ru.CryptoPro.reprov.x509.X500Name;
import ru.CryptoPro.reprov.x509.X500Principal;
import ru.CryptoPro.reprov.x509.X509CertImpl;
import ru.CryptoPro.reprov.x509.X509Key;

/* loaded from: classes3.dex */
public class X509CertSelector implements CertSelector {
    private static final String[] A;
    private static final ObjectIdentifier a = ObjectIdentifier.newInternal(new int[]{2, 5, 29, 37, 0});
    private static final Boolean z;
    private BigInteger b;
    private X500Principal c;
    private X500Principal d;
    private byte[] e;
    private byte[] f;
    private Date g;
    private Date h;
    private ObjectIdentifier i;
    private PublicKey j;
    private byte[] k;
    private boolean[] l;
    private Set m;
    private Set n;
    private Set o;
    private Set p;
    private CertificatePolicySet q;
    private Set r;
    private Set s;
    private Set t;
    private NameConstraintsExtension u;
    private byte[] v;
    private X509Certificate x;
    private int w = -1;
    private boolean y = true;

    static {
        CertPathHelperImpl.initialize();
        z = Boolean.FALSE;
        A = r0;
        String[] strArr = {"2.5.29.16", "2.5.29.17", "2.5.29.30", "2.5.29.32", AdESUtility.EXTENDED_KEY_USAGE};
    }

    public X509CertSelector() {
    }

    public X509CertSelector(java.security.cert.X509CertSelector x509CertSelector) throws IOException {
        setSerialNumber(x509CertSelector.getSerialNumber());
        if (x509CertSelector.getIssuer() != null) {
            setIssuer(x509CertSelector.getIssuer().getEncoded());
        }
        if (x509CertSelector.getSubject() != null) {
            setSubject(x509CertSelector.getSubject().getEncoded());
        }
        setSubjectKeyIdentifier(x509CertSelector.getSubjectKeyIdentifier());
        setAuthorityKeyIdentifier(x509CertSelector.getAuthorityKeyIdentifier());
        setCertificateValid(x509CertSelector.getCertificateValid());
        setPrivateKeyValid(x509CertSelector.getPrivateKeyValid());
        setSubjectPublicKeyAlgID(x509CertSelector.getSubjectPublicKeyAlgID());
        setSubjectPublicKey(x509CertSelector.getSubjectPublicKey());
        setKeyUsage(x509CertSelector.getKeyUsage());
        setExtendedKeyUsage(x509CertSelector.getExtendedKeyUsage());
        setSubjectAlternativeNames(x509CertSelector.getSubjectAlternativeNames());
        setPolicy(x509CertSelector.getPolicy());
        setPathToNames(x509CertSelector.getPathToNames());
        setNameConstraints(x509CertSelector.getNameConstraints());
        setBasicConstraints(x509CertSelector.getBasicConstraints());
        setCertificate(x509CertSelector.getCertificate());
        setMatchAllSubjectAltNames(x509CertSelector.getMatchAllSubjectAltNames());
    }

    private static String a(boolean[] zArr) {
        String str;
        str = "KeyUsage [\n";
        try {
            str = zArr[0] ? "KeyUsage [\n  DigitalSignature\n" : "KeyUsage [\n";
            if (zArr[1]) {
                str = str + "  Non_repudiation\n";
            }
            if (zArr[2]) {
                str = str + "  Key_Encipherment\n";
            }
            if (zArr[3]) {
                str = str + "  Data_Encipherment\n";
            }
            if (zArr[4]) {
                str = str + "  Key_Agreement\n";
            }
            if (zArr[5]) {
                str = str + "  Key_CertSign\n";
            }
            if (zArr[6]) {
                str = str + "  Crl_Sign\n";
            }
            if (zArr[7]) {
                str = str + "  Encipher_Only\n";
            }
            if (zArr[8]) {
                str = str + "  Decipher_Only\n";
            }
        } catch (ArrayIndexOutOfBoundsException unused) {
        }
        return str + "]\n";
    }

    private static Set a(Collection collection) throws IOException {
        HashSet hashSet = new HashSet();
        Iterator it = collection.iterator();
        while (it.hasNext()) {
            List list = (List) it.next();
            if (list.size() != 2) {
                throw new IOException("name list size not 2");
            }
            Object obj = list.get(0);
            if (!(obj instanceof Integer)) {
                throw new IOException("expected an Integer");
            }
            hashSet.add(a(((Integer) obj).intValue(), list.get(1)));
        }
        return hashSet;
    }

    private static Extension a(X509Certificate x509Certificate, int i) throws IOException {
        if (x509Certificate instanceof X509CertImpl) {
            X509CertImpl x509CertImpl = (X509CertImpl) x509Certificate;
            if (i == 0) {
                return x509CertImpl.getPrivateKeyUsageExtension();
            }
            if (i == 1) {
                return x509CertImpl.getSubjectAlternativeNameExtension();
            }
            if (i == 2) {
                return x509CertImpl.getNameConstraintsExtension();
            }
            if (i == 3) {
                return x509CertImpl.getCertificatePoliciesExtension();
            }
            if (i != 4) {
                return null;
            }
            return x509CertImpl.getExtendedKeyUsageExtension();
        }
        byte[] extensionValue = x509Certificate.getExtensionValue(A[i]);
        if (extensionValue == null) {
            return null;
        }
        byte[] octetString = new DerInputStream(extensionValue).getOctetString();
        if (i == 0) {
            try {
                return new PrivateKeyUsageExtension(z, octetString);
            } catch (CertificateException e) {
                throw new IOException(e.getMessage());
            }
        }
        if (i == 1) {
            return new SubjectAlternativeNameExtension(z, octetString);
        }
        if (i == 2) {
            return new NameConstraintsExtension(z, octetString);
        }
        if (i == 3) {
            return new CertificatePoliciesExtension(z, octetString);
        }
        if (i != 4) {
            return null;
        }
        return new ExtendedKeyUsageExtension(z, octetString);
    }

    static GeneralNameInterface a(int i, Object obj) throws IOException {
        GeneralNameInterface otherName;
        StringBuilder sb;
        JCPLogger.fine("X509CertSelector.makeGeneralNameInterface(" + i + ")...");
        if (obj instanceof String) {
            JCPLogger.fine("X509CertSelector.makeGeneralNameInterface() name is String: " + obj);
            if (i == 1) {
                otherName = new RFC822Name((String) obj);
            } else if (i == 2) {
                otherName = new DNSName((String) obj);
            } else if (i == 4) {
                otherName = new X500Name((String) obj);
            } else if (i == 6) {
                otherName = new URIName((String) obj);
            } else if (i == 7) {
                otherName = new IPAddressName((String) obj);
            } else {
                if (i != 8) {
                    throw new IOException("unable to parse String names of type " + i);
                }
                otherName = new OIDName((String) obj);
            }
            sb = new StringBuilder();
        } else {
            if (!(obj instanceof byte[])) {
                JCPLogger.fine("X509CertSelector.makeGeneralName() input name not String or byte array");
                throw new IOException("name not String or byte array");
            }
            DerValue derValue = new DerValue((byte[]) obj);
            JCPLogger.fine("X509CertSelector.makeGeneralNameInterface() is byte[]");
            switch (i) {
                case 0:
                    otherName = new OtherName(derValue);
                    break;
                case 1:
                    otherName = new RFC822Name(derValue);
                    break;
                case 2:
                    otherName = new DNSName(derValue);
                    break;
                case 3:
                    otherName = new X400Address(derValue);
                    break;
                case 4:
                    otherName = new X500Name(derValue);
                    break;
                case 5:
                    otherName = new EDIPartyName(derValue);
                    break;
                case 6:
                    otherName = new URIName(derValue);
                    break;
                case 7:
                    otherName = new IPAddressName(derValue);
                    break;
                case 8:
                    otherName = new OIDName(derValue);
                    break;
                default:
                    throw new IOException("unable to parse byte array names of type " + i);
            }
            sb = new StringBuilder();
        }
        sb.append("X509CertSelector.makeGeneralNameInterface() result: ");
        sb.append(otherName.toString());
        JCPLogger.fine(sb.toString());
        return otherName;
    }

    private boolean a(X509Certificate x509Certificate) {
        if (this.e == null) {
            return true;
        }
        try {
            byte[] extensionValue = x509Certificate.getExtensionValue(XMLX509SKI.SKI_OID);
            if (extensionValue == null) {
                JCPLogger.fine("X509CertSelector.match: no subject key ID extension");
                return false;
            }
            byte[] octetString = new DerInputStream(extensionValue).getOctetString();
            if (octetString != null && Arrays.equals(this.e, octetString)) {
                return true;
            }
            JCPLogger.fine("X509CertSelector.match: subject key IDs don't match");
            return false;
        } catch (IOException unused) {
            JCPLogger.fine("X509CertSelector.match: exception in subject key ID check");
            return false;
        }
    }

    private boolean a(GeneralSubtrees generalSubtrees) {
        int constrains;
        Iterator it = generalSubtrees.iterator();
        while (it.hasNext()) {
            GeneralNameInterface name = ((GeneralSubtree) it.next()).getName().getName();
            for (GeneralNameInterface generalNameInterface : this.t) {
                if (name.getType() == generalNameInterface.getType() && ((constrains = generalNameInterface.constrains(name)) == 0 || constrains == 2)) {
                    JCPLogger.fine("X509CertSelector.match: name constraints inhibit path to specified name");
                    JCPLogger.fine("X509CertSelector.match: excluded name: " + generalNameInterface);
                    return false;
                }
            }
        }
        return true;
    }

    private static Set b(Collection collection) {
        try {
            return c(collection);
        } catch (IOException e) {
            throw new RuntimeException("cloneNames encountered IOException: " + e.getMessage());
        }
    }

    private static Set b(Set set) {
        return set instanceof HashSet ? (Set) ((HashSet) set).clone() : new HashSet(set);
    }

    private void b(int i, Object obj) throws IOException {
        GeneralNameInterface a2 = a(i, obj);
        if (this.o == null) {
            this.o = new HashSet();
        }
        if (this.p == null) {
            this.p = new HashSet();
        }
        ArrayList arrayList = new ArrayList(2);
        arrayList.add(Integer.valueOf(i));
        arrayList.add(obj);
        this.o.add(arrayList);
        this.p.add(a2);
    }

    private boolean b(X509Certificate x509Certificate) {
        if (this.f == null) {
            return true;
        }
        try {
            byte[] extensionValue = x509Certificate.getExtensionValue("2.5.29.35");
            if (extensionValue == null) {
                JCPLogger.fine("X509CertSelector.match: no authority key ID extension");
                return false;
            }
            byte[] octetString = new DerInputStream(extensionValue).getOctetString();
            if (octetString != null && Arrays.equals(this.f, octetString)) {
                return true;
            }
            JCPLogger.fine("X509CertSelector.match: authority key IDs don't match");
            return false;
        } catch (IOException unused) {
            JCPLogger.fine("X509CertSelector.match: exception in authority key ID check");
            return false;
        }
    }

    private boolean b(GeneralSubtrees generalSubtrees) {
        boolean z2;
        for (GeneralNameInterface generalNameInterface : this.t) {
            Iterator it = generalSubtrees.iterator();
            String str = "";
            boolean z3 = false;
            while (true) {
                z2 = z3;
                while (it.hasNext() && !z3) {
                    GeneralNameInterface name = ((GeneralSubtree) it.next()).getName().getName();
                    if (name.getType() == generalNameInterface.getType()) {
                        str = str + "  " + name;
                        int constrains = generalNameInterface.constrains(name);
                        if (constrains == 0 || constrains == 2) {
                            z3 = true;
                        } else {
                            z2 = true;
                        }
                    }
                }
            }
            if (!z3 && z2) {
                JCPLogger.fine("X509CertSelector.match: name constraints inhibit path to specified name; permitted names of type " + generalNameInterface.getType() + ru.CryptoPro.JCP.tools.CertReader.Extension.COLON_SPACE + str);
                return false;
            }
        }
        return true;
    }

    private static Set c(Collection collection) throws IOException {
        HashSet<List> hashSet = new HashSet();
        Iterator it = collection.iterator();
        while (it.hasNext()) {
            hashSet.add(new ArrayList((List) it.next()));
        }
        for (List list : hashSet) {
            if (list.size() != 2) {
                throw new IOException("name list size not 2");
            }
            Object obj = list.get(0);
            if (!(obj instanceof Integer)) {
                throw new IOException("expected an Integer");
            }
            int intValue = ((Integer) obj).intValue();
            if (intValue < 0 || intValue > 8) {
                throw new IOException("name type not 0-8");
            }
            Object obj2 = list.get(1);
            boolean z2 = obj2 instanceof byte[];
            if (!z2 && !(obj2 instanceof String)) {
                JCPLogger.fine("X509CertSelector.cloneAndCheckNames() name not byte array");
                throw new IOException("name not byte array or String");
            }
            if (z2) {
                list.set(1, ((byte[]) obj2).clone());
            }
        }
        return hashSet;
    }

    private void c(int i, Object obj) throws IOException {
        GeneralNameInterface a2 = a(i, obj);
        if (this.t == null) {
            this.s = new HashSet();
            this.t = new HashSet();
        }
        ArrayList arrayList = new ArrayList(2);
        arrayList.add(Integer.valueOf(i));
        arrayList.add(obj);
        this.s.add(arrayList);
        this.t.add(a2);
    }

    private boolean c(X509Certificate x509Certificate) {
        CertificateNotYetValidException e;
        PrivateKeyUsageExtension privateKeyUsageExtension;
        CertificateExpiredException e2;
        String str = "n/a";
        if (this.h == null) {
            return true;
        }
        try {
            try {
                privateKeyUsageExtension = (PrivateKeyUsageExtension) a(x509Certificate, 0);
                if (privateKeyUsageExtension != null) {
                    try {
                        privateKeyUsageExtension.valid(this.h);
                    } catch (CertificateExpiredException e3) {
                        e2 = e3;
                        try {
                            str = ((Date) privateKeyUsageExtension.get(PrivateKeyUsageExtension.NOT_AFTER)).toString();
                        } catch (CertificateException unused) {
                        }
                        JCPLogger.fine("X509CertSelector.match: private key usage not within validity date; ext.NOT_After: " + str + "; X509CertSelector: " + toString());
                        e2.printStackTrace();
                        return false;
                    } catch (CertificateNotYetValidException e4) {
                        e = e4;
                        try {
                            str = ((Date) privateKeyUsageExtension.get(PrivateKeyUsageExtension.NOT_BEFORE)).toString();
                        } catch (CertificateException unused2) {
                        }
                        JCPLogger.fine("X509CertSelector.match: private key usage not within validity date; ext.NOT_BEFORE: " + str + "; X509CertSelector: " + toString());
                        e.printStackTrace();
                        return false;
                    }
                }
                return true;
            } catch (IOException e5) {
                JCPLogger.fine("X509CertSelector.match: IOException in private key usage check; X509CertSelector: " + toString());
                e5.printStackTrace();
                return false;
            }
        } catch (CertificateExpiredException e6) {
            e2 = e6;
            privateKeyUsageExtension = null;
        } catch (CertificateNotYetValidException e7) {
            e = e7;
            privateKeyUsageExtension = null;
        }
    }

    private boolean d(X509Certificate x509Certificate) {
        if (this.i == null) {
            return true;
        }
        try {
            DerValue derValue = new DerValue(x509Certificate.getPublicKey().getEncoded());
            if (derValue.tag != 48) {
                throw new IOException("invalid key format");
            }
            AlgorithmId parse = AlgorithmId.parse(derValue.data.getDerValue());
            JCPLogger.fine("X509CertSelector.match: subjectPublicKeyAlgID = " + this.i + ", xcert subjectPublicKeyAlgID = " + parse.getOID());
            if (this.i.equals((Object) parse.getOID())) {
                return true;
            }
            JCPLogger.fine("X509CertSelector.match: subject public key alg IDs don't match");
            return false;
        } catch (IOException unused) {
            JCPLogger.fine("X509CertSelector.match: IOException in subject public key algorithm OID check");
            return false;
        }
    }

    private boolean e(X509Certificate x509Certificate) {
        boolean[] keyUsage;
        if (this.l != null && (keyUsage = x509Certificate.getKeyUsage()) != null) {
            int i = 0;
            while (true) {
                boolean[] zArr = this.l;
                if (i >= zArr.length) {
                    break;
                }
                if (!zArr[i] || (i < keyUsage.length && keyUsage[i])) {
                    i++;
                }
            }
            JCPLogger.fine("X509CertSelector.match: key usage bits don't match");
            return false;
        }
        return true;
    }

    private boolean f(X509Certificate x509Certificate) {
        Set set = this.m;
        if (set == null || set.isEmpty()) {
            return true;
        }
        try {
            ExtendedKeyUsageExtension extendedKeyUsageExtension = (ExtendedKeyUsageExtension) a(x509Certificate, 4);
            if (extendedKeyUsageExtension != null) {
                Vector vector = (Vector) extendedKeyUsageExtension.get(ExtendedKeyUsageExtension.USAGES);
                if (!vector.contains(a) && !vector.containsAll(this.n)) {
                    JCPLogger.fine("X509CertSelector.match: cert failed extendedKeyUsage criterion");
                    return false;
                }
            }
            return true;
        } catch (IOException unused) {
            JCPLogger.fine("X509CertSelector.match: IOException in extended key usage check");
            return false;
        }
    }

    private boolean g(X509Certificate x509Certificate) {
        Set set = this.o;
        if (set == null || set.isEmpty()) {
            return true;
        }
        try {
            SubjectAlternativeNameExtension subjectAlternativeNameExtension = (SubjectAlternativeNameExtension) a(x509Certificate, 1);
            if (subjectAlternativeNameExtension == null) {
                JCPLogger.fine("X509CertSelector.match: no subject alternative name extension");
                return false;
            }
            GeneralNames generalNames = (GeneralNames) subjectAlternativeNameExtension.get(SubjectAlternativeNameExtension.SUBJECT_NAME);
            Iterator it = this.p.iterator();
            while (it.hasNext()) {
                GeneralNameInterface generalNameInterface = (GeneralNameInterface) it.next();
                Iterator it2 = generalNames.iterator();
                boolean z2 = false;
                while (it2.hasNext() && !z2) {
                    z2 = ((GeneralName) it2.next()).getName().equals(generalNameInterface);
                }
                if (!z2 && (this.y || !it.hasNext())) {
                    JCPLogger.fine("X509CertSelector.match: subject alternative name " + generalNameInterface + " not found");
                    return false;
                }
                if (z2 && !this.y) {
                    break;
                }
            }
            return true;
        } catch (IOException unused) {
            JCPLogger.fine("X509CertSelector.match: IOException in subject alternative name check");
            return false;
        }
    }

    private boolean h(X509Certificate x509Certificate) {
        NameConstraintsExtension nameConstraintsExtension = this.u;
        if (nameConstraintsExtension == null) {
            return true;
        }
        try {
            if (nameConstraintsExtension.verify(x509Certificate)) {
                return true;
            }
            JCPLogger.fine("X509CertSelector.match: name constraints not satisfied");
            return false;
        } catch (IOException unused) {
            JCPLogger.fine("X509CertSelector.match: IOException in name constraints check");
            return false;
        }
    }

    private boolean i(X509Certificate x509Certificate) {
        boolean z2;
        if (this.q == null) {
            return true;
        }
        try {
            CertificatePoliciesExtension certificatePoliciesExtension = (CertificatePoliciesExtension) a(x509Certificate, 3);
            if (certificatePoliciesExtension == null) {
                JCPLogger.fine("X509CertSelector.match: no certificate policy extension");
                return false;
            }
            List list = (List) certificatePoliciesExtension.get(CertificatePoliciesExtension.POLICIES);
            ArrayList arrayList = new ArrayList(list.size());
            Iterator it = list.iterator();
            while (it.hasNext()) {
                arrayList.add(((PolicyInformation) it.next()).getPolicyIdentifier());
            }
            CertificatePolicySet certificatePolicySet = this.q;
            if (certificatePolicySet != null) {
                if (!certificatePolicySet.getCertPolicyIds().isEmpty()) {
                    Iterator it2 = this.q.getCertPolicyIds().iterator();
                    while (true) {
                        if (!it2.hasNext()) {
                            z2 = false;
                            break;
                        }
                        if (arrayList.contains((CertificatePolicyId) it2.next())) {
                            z2 = true;
                            break;
                        }
                    }
                    if (!z2) {
                        JCPLogger.fine("X509CertSelector.match: cert failed policyAny criterion");
                        return false;
                    }
                } else if (arrayList.isEmpty()) {
                    JCPLogger.fine("X509CertSelector.match: cert failed policyAny criterion");
                    return false;
                }
            }
            return true;
        } catch (IOException unused) {
            JCPLogger.fine("X509CertSelector.match: IOException in certificate policy ID check");
            return false;
        }
    }

    private boolean j(X509Certificate x509Certificate) {
        if (this.t == null) {
            return true;
        }
        try {
            NameConstraintsExtension nameConstraintsExtension = (NameConstraintsExtension) a(x509Certificate, 2);
            if (nameConstraintsExtension == null) {
                return true;
            }
            JCPLogger.fine("X509CertSelector.match pathToNames:\n");
            Iterator it = this.t.iterator();
            while (it.hasNext()) {
                JCPLogger.fine("    " + it.next() + "\n");
            }
            GeneralSubtrees generalSubtrees = (GeneralSubtrees) nameConstraintsExtension.get(NameConstraintsExtension.PERMITTED_SUBTREES);
            GeneralSubtrees generalSubtrees2 = (GeneralSubtrees) nameConstraintsExtension.get(NameConstraintsExtension.EXCLUDED_SUBTREES);
            if (generalSubtrees2 != null && !a(generalSubtrees2)) {
                return false;
            }
            if (generalSubtrees != null) {
                if (!b(generalSubtrees)) {
                    return false;
                }
            }
            return true;
        } catch (IOException unused) {
            JCPLogger.fine("X509CertSelector.match: IOException in name constraints check");
            return false;
        }
    }

    private boolean k(X509Certificate x509Certificate) {
        String str;
        if (this.w == -1) {
            return true;
        }
        int basicConstraints = x509Certificate.getBasicConstraints();
        int i = this.w;
        if (i == -2) {
            if (basicConstraints != -1) {
                str = "X509CertSelector.match: not an EE cert";
                JCPLogger.fine(str);
                return false;
            }
            return true;
        }
        if (basicConstraints < i) {
            str = "X509CertSelector.match: cert's maxPathLen is less than the min maxPathLen set by basicConstraints. (" + basicConstraints + " < " + this.w + ru.CryptoPro.JCP.tools.CertReader.Extension.C_BRAKE;
            JCPLogger.fine(str);
            return false;
        }
        return true;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void a(Set set) {
        this.s = Collections.emptySet();
        this.t = set;
    }

    public void addPathToName(int i, String str) throws IOException {
        c(i, str);
    }

    public void addPathToName(int i, byte[] bArr) throws IOException {
        c(i, bArr.clone());
    }

    public void addSubjectAlternativeName(int i, String str) throws IOException {
        b(i, str);
    }

    public void addSubjectAlternativeName(int i, byte[] bArr) throws IOException {
        b(i, bArr.clone());
    }

    @Override // java.security.cert.CertSelector
    public Object clone() {
        try {
            X509CertSelector x509CertSelector = (X509CertSelector) super.clone();
            Set set = this.o;
            if (set != null) {
                x509CertSelector.o = b(set);
                x509CertSelector.p = b(this.p);
            }
            if (this.t != null) {
                x509CertSelector.s = b(this.s);
                x509CertSelector.t = b(this.t);
            }
            return x509CertSelector;
        } catch (CloneNotSupportedException e) {
            throw new InternalError(e.toString(), e);
        }
    }

    public byte[] getAuthorityKeyIdentifier() {
        byte[] bArr = this.f;
        if (bArr == null) {
            return null;
        }
        return (byte[]) bArr.clone();
    }

    public int getBasicConstraints() {
        return this.w;
    }

    public X509Certificate getCertificate() {
        return this.x;
    }

    public Date getCertificateValid() {
        Date date = this.g;
        if (date == null) {
            return null;
        }
        return (Date) date.clone();
    }

    public Set getExtendedKeyUsage() {
        return this.m;
    }

    public X500Principal getIssuer() {
        return this.c;
    }

    public byte[] getIssuerAsBytes() throws IOException {
        X500Principal x500Principal = this.c;
        if (x500Principal == null) {
            return null;
        }
        return x500Principal.getEncoded();
    }

    public String getIssuerAsString() {
        X500Principal x500Principal = this.c;
        if (x500Principal == null) {
            return null;
        }
        return x500Principal.getName();
    }

    public boolean[] getKeyUsage() {
        boolean[] zArr = this.l;
        if (zArr == null) {
            return null;
        }
        return (boolean[]) zArr.clone();
    }

    public boolean getMatchAllSubjectAltNames() {
        return this.y;
    }

    public byte[] getNameConstraints() {
        byte[] bArr = this.v;
        if (bArr == null) {
            return null;
        }
        return (byte[]) bArr.clone();
    }

    public Collection getPathToNames() {
        Set set = this.s;
        if (set == null) {
            return null;
        }
        return b((Collection) set);
    }

    public Set getPolicy() {
        return this.r;
    }

    public Date getPrivateKeyValid() {
        Date date = this.h;
        if (date == null) {
            return null;
        }
        return (Date) date.clone();
    }

    public BigInteger getSerialNumber() {
        return this.b;
    }

    public X500Principal getSubject() {
        return this.d;
    }

    public Collection getSubjectAlternativeNames() {
        Set set = this.o;
        if (set == null) {
            return null;
        }
        return b((Collection) set);
    }

    public byte[] getSubjectAsBytes() throws IOException {
        X500Principal x500Principal = this.d;
        if (x500Principal == null) {
            return null;
        }
        return x500Principal.getEncoded();
    }

    public String getSubjectAsString() {
        X500Principal x500Principal = this.d;
        if (x500Principal == null) {
            return null;
        }
        return x500Principal.getName();
    }

    public byte[] getSubjectKeyIdentifier() {
        byte[] bArr = this.e;
        if (bArr == null) {
            return null;
        }
        return (byte[]) bArr.clone();
    }

    public PublicKey getSubjectPublicKey() {
        return this.j;
    }

    public String getSubjectPublicKeyAlgID() {
        ObjectIdentifier objectIdentifier = this.i;
        if (objectIdentifier == null) {
            return null;
        }
        return objectIdentifier.toString();
    }

    @Override // java.security.cert.CertSelector
    public boolean match(Certificate certificate) {
        String str;
        boolean z2 = false;
        if (!(certificate instanceof X509Certificate)) {
            return false;
        }
        X509Certificate x509Certificate = (X509Certificate) certificate;
        JCPLogger.fine("X509CertSelector.match(SN: " + x509Certificate.getSerialNumber().toString(16) + "\n  Issuer: " + x509Certificate.getIssuerDN() + "\n  Subject: " + x509Certificate.getSubjectDN() + ru.CryptoPro.JCP.tools.CertReader.Extension.C_BRAKE);
        X509Certificate x509Certificate2 = this.x;
        if (x509Certificate2 == null || x509Certificate2.equals(x509Certificate)) {
            BigInteger bigInteger = this.b;
            if (bigInteger == null || bigInteger.equals(x509Certificate.getSerialNumber())) {
                X500Principal x500Principal = this.c;
                if (x500Principal == null || Arrays.equals(x500Principal.getEncoded(), x509Certificate.getIssuerX500Principal().getEncoded())) {
                    X500Principal x500Principal2 = this.d;
                    if (x500Principal2 == null || Arrays.equals(x500Principal2.getEncoded(), x509Certificate.getSubjectX500Principal().getEncoded())) {
                        Date date = this.g;
                        if (date != null) {
                            try {
                                x509Certificate.checkValidity(date);
                            } catch (CertificateException unused) {
                                str = "X509CertSelector.match: certificate not within validity period";
                            }
                        }
                        if (this.k != null) {
                            if (!Arrays.equals(this.k, x509Certificate.getPublicKey().getEncoded())) {
                                str = "X509CertSelector.match: subject public keys don't match";
                            }
                        }
                        if (k(x509Certificate) && e(x509Certificate) && f(x509Certificate) && a(x509Certificate) && b(x509Certificate) && c(x509Certificate) && d(x509Certificate) && i(x509Certificate) && g(x509Certificate) && j(x509Certificate) && h(x509Certificate)) {
                            z2 = true;
                        }
                        if (z2) {
                            JCPLogger.fine("X509CertSelector.match returning: true");
                        }
                        return z2;
                    }
                    str = "X509CertSelector.match: subject DNs don't match";
                } else {
                    str = "X509CertSelector.match: issuer DNs don't match";
                }
            } else {
                str = "X509CertSelector.match: serial numbers don't match";
            }
        } else {
            str = "X509CertSelector.match: certs don't match";
        }
        JCPLogger.fine(str);
        return false;
    }

    public void setAuthorityKeyIdentifier(byte[] bArr) {
        if (bArr == null) {
            this.f = null;
        } else {
            this.f = (byte[]) bArr.clone();
        }
    }

    public void setBasicConstraints(int i) {
        if (i < -2) {
            throw new IllegalArgumentException("basic constraints less than -2");
        }
        this.w = i;
    }

    public void setCertificate(X509Certificate x509Certificate) {
        this.x = x509Certificate;
    }

    public void setCertificateValid(Date date) {
        this.g = date == null ? null : (Date) date.clone();
    }

    public void setExtendedKeyUsage(Set set) throws IOException {
        if (set == null || set.isEmpty()) {
            this.m = null;
            this.n = null;
            return;
        }
        this.m = Collections.unmodifiableSet(new HashSet(set));
        this.n = new HashSet();
        Iterator it = this.m.iterator();
        while (it.hasNext()) {
            this.n.add(new ObjectIdentifier((String) it.next()));
        }
    }

    public void setIssuer(String str) throws IOException {
        this.c = str == null ? null : new X500Name(str).asX500Principal();
    }

    public void setIssuer(X500Principal x500Principal) {
        this.c = x500Principal;
    }

    public void setIssuer(byte[] bArr) throws IOException {
        X500Principal x500Principal;
        if (bArr == null) {
            x500Principal = null;
        } else {
            try {
                x500Principal = new X500Principal(bArr);
            } catch (IllegalArgumentException e) {
                throw new IOException("Invalid name", e);
            }
        }
        this.c = x500Principal;
    }

    public void setKeyUsage(boolean[] zArr) {
        if (zArr == null) {
            this.l = null;
        } else {
            this.l = (boolean[]) zArr.clone();
        }
    }

    public void setMatchAllSubjectAltNames(boolean z2) {
        this.y = z2;
    }

    public void setNameConstraints(byte[] bArr) throws IOException {
        if (bArr == null) {
            this.v = null;
            this.u = null;
        } else {
            this.v = (byte[]) bArr.clone();
            this.u = new NameConstraintsExtension(z, bArr);
        }
    }

    public void setPathToNames(Collection collection) throws IOException {
        if (collection == null || collection.isEmpty()) {
            this.s = null;
            this.t = null;
        } else {
            Set c = c(collection);
            this.t = a((Collection) c);
            this.s = c;
        }
    }

    public void setPolicy(Set set) throws IOException {
        CertificatePolicySet certificatePolicySet;
        if (set == null) {
            certificatePolicySet = null;
            this.r = null;
        } else {
            Set unmodifiableSet = Collections.unmodifiableSet(new HashSet(set));
            Vector vector = new Vector();
            for (Object obj : unmodifiableSet) {
                if (!(obj instanceof String)) {
                    throw new IOException("non String in certPolicySet");
                }
                vector.add(new CertificatePolicyId(new ObjectIdentifier((String) obj)));
            }
            this.r = unmodifiableSet;
            certificatePolicySet = new CertificatePolicySet(vector);
        }
        this.q = certificatePolicySet;
    }

    public void setPrivateKeyValid(Date date) {
        this.h = date == null ? null : (Date) date.clone();
    }

    public void setSerialNumber(BigInteger bigInteger) {
        this.b = bigInteger;
    }

    public void setSubject(String str) throws IOException {
        this.d = str == null ? null : new X500Name(str).asX500Principal();
    }

    public void setSubject(X500Principal x500Principal) {
        this.d = x500Principal;
    }

    public void setSubject(byte[] bArr) throws IOException {
        X500Principal x500Principal;
        if (bArr == null) {
            x500Principal = null;
        } else {
            try {
                x500Principal = new X500Principal(bArr);
            } catch (IllegalArgumentException e) {
                throw new IOException("Invalid name", e);
            }
        }
        this.d = x500Principal;
    }

    public void setSubjectAlternativeNames(Collection collection) throws IOException {
        if (collection == null) {
            this.o = null;
            this.p = null;
        } else if (collection.isEmpty()) {
            this.o = null;
            this.p = null;
        } else {
            Set c = c(collection);
            this.p = a((Collection) c);
            this.o = c;
        }
    }

    public void setSubjectKeyIdentifier(byte[] bArr) {
        if (bArr == null) {
            this.e = null;
        } else {
            this.e = (byte[]) bArr.clone();
        }
    }

    public void setSubjectPublicKey(PublicKey publicKey) {
        if (publicKey == null) {
            this.j = null;
            this.k = null;
        } else {
            this.j = publicKey;
            this.k = publicKey.getEncoded();
        }
    }

    public void setSubjectPublicKey(byte[] bArr) throws IOException {
        if (bArr == null) {
            this.j = null;
            this.k = null;
        } else {
            byte[] bArr2 = (byte[]) bArr.clone();
            this.k = bArr2;
            this.j = X509Key.parse(new DerValue(bArr2));
        }
    }

    public void setSubjectPublicKeyAlgID(String str) throws IOException {
        if (str == null) {
            this.i = null;
        } else {
            this.i = new ObjectIdentifier(str);
        }
    }

    public String toString() {
        StringBuffer stringBuffer = new StringBuffer();
        stringBuffer.append("X509CertSelector: [\n");
        if (this.x != null) {
            stringBuffer.append("  Certificate: " + this.x.toString() + "\n");
        }
        if (this.b != null) {
            stringBuffer.append("  Serial Number: " + this.b.toString() + "\n");
        }
        if (this.c != null) {
            stringBuffer.append("  Issuer: " + getIssuerAsString() + "\n");
        }
        if (this.d != null) {
            stringBuffer.append("  Subject: " + getSubjectAsString() + "\n");
        }
        stringBuffer.append("  matchAllSubjectAltNames flag: " + String.valueOf(this.y) + "\n");
        if (this.o != null) {
            stringBuffer.append("  SubjectAlternativeNames:\n");
            for (List list : this.o) {
                stringBuffer.append("    type " + list.get(0) + ", name " + list.get(1) + "\n");
            }
        }
        if (this.e != null) {
            stringBuffer.append("  Subject Key Identifier: " + new HexDumpEncoder().encodeBuffer(this.e) + "\n");
        }
        if (this.f != null) {
            stringBuffer.append("  Authority Key Identifier: " + new HexDumpEncoder().encodeBuffer(this.f) + "\n");
        }
        if (this.g != null) {
            stringBuffer.append("  Certificate Valid: " + this.g.toString() + "\n");
        }
        if (this.h != null) {
            stringBuffer.append("  Private Key Valid: " + this.h.toString() + "\n");
        }
        if (this.i != null) {
            stringBuffer.append("  Subject Public Key AlgID: " + this.i.toString() + "\n");
        }
        if (this.j != null) {
            stringBuffer.append("  Subject Public Key: " + this.j.toString() + "\n");
        }
        if (this.l != null) {
            stringBuffer.append("  Key Usage: " + a(this.l) + "\n");
        }
        if (this.m != null) {
            stringBuffer.append("  Extended Key Usage: " + this.m.toString() + "\n");
        }
        if (this.q != null) {
            stringBuffer.append("  Policy: " + this.q.toString() + "\n");
        }
        if (this.t != null) {
            stringBuffer.append("  Path to names:\n");
            Iterator it = this.t.iterator();
            while (it.hasNext()) {
                stringBuffer.append("    " + it.next() + "\n");
            }
        }
        stringBuffer.append("]");
        return stringBuffer.toString();
    }
}
