package sun.security.validator;

import daikon.dcomp.DCRuntime;
import daikon.dcomp.DCompInstrumented;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.Arrays;
import java.util.Collection;
import java.util.Collections;
import java.util.List;
import java.util.Set;
import net.fortuna.ical4j.model.property.RequestStatus;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: input_file:dcomp-rt/sun/security/validator/EndEntityChecker.class */
public class EndEntityChecker implements DCompInstrumented {
    private static final String OID_EXTENDED_KEY_USAGE = "2.5.29.37";
    private static final String OID_EKU_TLS_SERVER = "1.3.6.1.5.5.7.3.1";
    private static final String OID_EKU_TLS_CLIENT = "1.3.6.1.5.5.7.3.2";
    private static final String OID_EKU_CODE_SIGNING = "1.3.6.1.5.5.7.3.3";
    private static final String OID_EKU_TIME_STAMPING = "1.3.6.1.5.5.7.3.8";
    private static final String OID_EKU_ANY_USAGE = "2.5.29.37.0";
    private static final String OID_EKU_NS_SGC = "2.16.840.1.113730.4.1";
    private static final String OID_EKU_MS_SGC = "1.3.6.1.4.1.311.10.3.3";
    private static final String NSCT_SSL_CLIENT = "ssl_client";
    private static final String NSCT_SSL_SERVER = "ssl_server";
    private static final String NSCT_CODE_SIGNING = "object_signing";
    private static final int KU_SIGNATURE = 0;
    private static final int KU_KEY_ENCIPHERMENT = 2;
    private static final int KU_KEY_AGREEMENT = 4;
    private static final Collection<String> KU_SERVER_SIGNATURE = Arrays.asList("DHE_DSS", "DHE_RSA", "ECDHE_ECDSA", "ECDHE_RSA", "RSA_EXPORT", "UNKNOWN");
    private static final Collection<String> KU_SERVER_ENCRYPTION = Arrays.asList("RSA");
    private static final Collection<String> KU_SERVER_KEY_AGREEMENT = Arrays.asList("DH_DSS", "DH_RSA", "ECDH_ECDSA", "ECDH_RSA");
    private final String variant;
    private final String type;

    private EndEntityChecker(String str, String str2) {
        this.type = str;
        this.variant = str2;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static EndEntityChecker getInstance(String str, String str2) {
        return new EndEntityChecker(str, str2);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void check(X509Certificate x509Certificate, Object obj) throws CertificateException {
        if (this.variant.equals(Validator.VAR_GENERIC)) {
            return;
        }
        if (this.variant.equals(Validator.VAR_TLS_SERVER)) {
            checkTLSServer(x509Certificate, (String) obj);
            return;
        }
        if (this.variant.equals(Validator.VAR_TLS_CLIENT)) {
            checkTLSClient(x509Certificate);
            return;
        }
        if (this.variant.equals(Validator.VAR_CODE_SIGNING)) {
            checkCodeSigning(x509Certificate);
            return;
        }
        if (this.variant.equals(Validator.VAR_JCE_SIGNING)) {
            checkCodeSigning(x509Certificate);
        } else if (this.variant.equals(Validator.VAR_PLUGIN_CODE_SIGNING)) {
            checkCodeSigning(x509Certificate);
        } else {
            if (!this.variant.equals(Validator.VAR_TSA_SERVER)) {
                throw new CertificateException("Unknown variant: " + this.variant);
            }
            checkTSAServer(x509Certificate);
        }
    }

    private Set<String> getCriticalExtensions(X509Certificate x509Certificate) {
        Set<String> criticalExtensionOIDs = x509Certificate.getCriticalExtensionOIDs();
        if (criticalExtensionOIDs == null) {
            criticalExtensionOIDs = Collections.emptySet();
        }
        return criticalExtensionOIDs;
    }

    private void checkRemainingExtensions(Set<String> set) throws CertificateException {
        set.remove("2.5.29.19");
        if (!set.isEmpty()) {
            throw new CertificateException("Certificate contains unsupported critical extensions: " + ((Object) set));
        }
    }

    private boolean checkEKU(X509Certificate x509Certificate, Set<String> set, String str) throws CertificateException {
        List<String> extendedKeyUsage = x509Certificate.getExtendedKeyUsage();
        return extendedKeyUsage == null || extendedKeyUsage.contains(str) || extendedKeyUsage.contains(OID_EKU_ANY_USAGE);
    }

    private boolean checkKeyUsage(X509Certificate x509Certificate, int i) throws CertificateException {
        boolean[] keyUsage = x509Certificate.getKeyUsage();
        if (keyUsage == null) {
            return true;
        }
        return keyUsage.length > i && keyUsage[i];
    }

    private void checkTLSClient(X509Certificate x509Certificate) throws CertificateException {
        Set<String> criticalExtensions = getCriticalExtensions(x509Certificate);
        if (!checkKeyUsage(x509Certificate, 0)) {
            throw new ValidatorException("KeyUsage does not allow digital signatures", ValidatorException.T_EE_EXTENSIONS, x509Certificate);
        }
        if (!checkEKU(x509Certificate, criticalExtensions, OID_EKU_TLS_CLIENT)) {
            throw new ValidatorException("Extended key usage does not permit use for TLS client authentication", ValidatorException.T_EE_EXTENSIONS, x509Certificate);
        }
        if (!SimpleValidator.getNetscapeCertTypeBit(x509Certificate, "ssl_client")) {
            throw new ValidatorException("Netscape cert type does not permit use for SSL client", ValidatorException.T_EE_EXTENSIONS, x509Certificate);
        }
        criticalExtensions.remove("2.5.29.15");
        criticalExtensions.remove(OID_EXTENDED_KEY_USAGE);
        criticalExtensions.remove("2.16.840.1.113730.1.1");
        checkRemainingExtensions(criticalExtensions);
    }

    private void checkTLSServer(X509Certificate x509Certificate, String str) throws CertificateException {
        Set<String> criticalExtensions = getCriticalExtensions(x509Certificate);
        if (KU_SERVER_ENCRYPTION.contains(str)) {
            if (!checkKeyUsage(x509Certificate, 2)) {
                throw new ValidatorException("KeyUsage does not allow key encipherment", ValidatorException.T_EE_EXTENSIONS, x509Certificate);
            }
        } else if (KU_SERVER_SIGNATURE.contains(str)) {
            if (!checkKeyUsage(x509Certificate, 0)) {
                throw new ValidatorException("KeyUsage does not allow digital signatures", ValidatorException.T_EE_EXTENSIONS, x509Certificate);
            }
        } else {
            if (!KU_SERVER_KEY_AGREEMENT.contains(str)) {
                throw new CertificateException("Unknown authType: " + str);
            }
            if (!checkKeyUsage(x509Certificate, 4)) {
                throw new ValidatorException("KeyUsage does not allow key agreement", ValidatorException.T_EE_EXTENSIONS, x509Certificate);
            }
        }
        if (!checkEKU(x509Certificate, criticalExtensions, OID_EKU_TLS_SERVER) && !checkEKU(x509Certificate, criticalExtensions, OID_EKU_MS_SGC) && !checkEKU(x509Certificate, criticalExtensions, OID_EKU_NS_SGC)) {
            throw new ValidatorException("Extended key usage does not permit use for TLS server authentication", ValidatorException.T_EE_EXTENSIONS, x509Certificate);
        }
        if (!SimpleValidator.getNetscapeCertTypeBit(x509Certificate, "ssl_server")) {
            throw new ValidatorException("Netscape cert type does not permit use for SSL server", ValidatorException.T_EE_EXTENSIONS, x509Certificate);
        }
        criticalExtensions.remove("2.5.29.15");
        criticalExtensions.remove(OID_EXTENDED_KEY_USAGE);
        criticalExtensions.remove("2.16.840.1.113730.1.1");
        checkRemainingExtensions(criticalExtensions);
    }

    private void checkCodeSigning(X509Certificate x509Certificate) throws CertificateException {
        Set<String> criticalExtensions = getCriticalExtensions(x509Certificate);
        if (!checkKeyUsage(x509Certificate, 0)) {
            throw new ValidatorException("KeyUsage does not allow digital signatures", ValidatorException.T_EE_EXTENSIONS, x509Certificate);
        }
        if (!checkEKU(x509Certificate, criticalExtensions, OID_EKU_CODE_SIGNING)) {
            throw new ValidatorException("Extended key usage does not permit use for code signing", ValidatorException.T_EE_EXTENSIONS, x509Certificate);
        }
        if (!this.variant.equals(Validator.VAR_JCE_SIGNING)) {
            if (!SimpleValidator.getNetscapeCertTypeBit(x509Certificate, "object_signing")) {
                throw new ValidatorException("Netscape cert type does not permit use for code signing", ValidatorException.T_EE_EXTENSIONS, x509Certificate);
            }
            criticalExtensions.remove("2.16.840.1.113730.1.1");
        }
        criticalExtensions.remove("2.5.29.15");
        criticalExtensions.remove(OID_EXTENDED_KEY_USAGE);
        checkRemainingExtensions(criticalExtensions);
    }

    private void checkTSAServer(X509Certificate x509Certificate) throws CertificateException {
        Set<String> criticalExtensions = getCriticalExtensions(x509Certificate);
        if (!checkKeyUsage(x509Certificate, 0)) {
            throw new ValidatorException("KeyUsage does not allow digital signatures", ValidatorException.T_EE_EXTENSIONS, x509Certificate);
        }
        if (x509Certificate.getExtendedKeyUsage() == null) {
            throw new ValidatorException("Certificate does not contain an extended key usage extension required for a TSA server", ValidatorException.T_EE_EXTENSIONS, x509Certificate);
        }
        if (!checkEKU(x509Certificate, criticalExtensions, OID_EKU_TIME_STAMPING)) {
            throw new ValidatorException("Extended key usage does not permit use for TSA server", ValidatorException.T_EE_EXTENSIONS, x509Certificate);
        }
        criticalExtensions.remove("2.5.29.15");
        criticalExtensions.remove(OID_EXTENDED_KEY_USAGE);
        checkRemainingExtensions(criticalExtensions);
    }

    protected boolean equals(Object obj) {
        return super.equals(obj);
    }

    @Override // daikon.dcomp.DCompInstrumented
    public boolean equals_dcomp_instrumented(Object obj) {
        return equals(obj, null);
    }

    /* JADX WARN: Multi-variable type inference failed */
    private EndEntityChecker(String str, String str2, DCompMarker dCompMarker) {
        DCRuntime.create_tag_frame(RequestStatus.SCHEDULING_ERROR);
        this.type = str;
        this.variant = str2;
        DCRuntime.normal_exit();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* JADX WARN: Type inference failed for: r0v3, types: [java.lang.Throwable, sun.security.validator.EndEntityChecker] */
    public static EndEntityChecker getInstance(String str, String str2, DCompMarker dCompMarker) {
        DCRuntime.create_tag_frame("3");
        ?? endEntityChecker = new EndEntityChecker(str, str2, null);
        DCRuntime.normal_exit();
        return endEntityChecker;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* JADX WARN: Not initialized variable reg: 0, insn: 0x00e2: THROW (r0 I:java.lang.Throwable), block:B:30:0x00e2 */
    public void check(X509Certificate x509Certificate, Object obj, DCompMarker dCompMarker) throws CertificateException {
        DCRuntime.create_tag_frame(RequestStatus.SCHEDULING_ERROR);
        boolean dcomp_equals = DCRuntime.dcomp_equals(this.variant, Validator.VAR_GENERIC);
        DCRuntime.discard_tag(1);
        if (dcomp_equals) {
            DCRuntime.normal_exit();
            return;
        }
        boolean dcomp_equals2 = DCRuntime.dcomp_equals(this.variant, Validator.VAR_TLS_SERVER);
        DCRuntime.discard_tag(1);
        if (dcomp_equals2) {
            checkTLSServer(x509Certificate, (String) obj, null);
        } else {
            boolean dcomp_equals3 = DCRuntime.dcomp_equals(this.variant, Validator.VAR_TLS_CLIENT);
            DCRuntime.discard_tag(1);
            if (dcomp_equals3) {
                checkTLSClient(x509Certificate, null);
            } else {
                boolean dcomp_equals4 = DCRuntime.dcomp_equals(this.variant, Validator.VAR_CODE_SIGNING);
                DCRuntime.discard_tag(1);
                if (dcomp_equals4) {
                    checkCodeSigning(x509Certificate, null);
                } else {
                    boolean dcomp_equals5 = DCRuntime.dcomp_equals(this.variant, Validator.VAR_JCE_SIGNING);
                    DCRuntime.discard_tag(1);
                    if (dcomp_equals5) {
                        checkCodeSigning(x509Certificate, null);
                    } else {
                        boolean dcomp_equals6 = DCRuntime.dcomp_equals(this.variant, Validator.VAR_PLUGIN_CODE_SIGNING);
                        DCRuntime.discard_tag(1);
                        if (dcomp_equals6) {
                            checkCodeSigning(x509Certificate, null);
                        } else {
                            boolean dcomp_equals7 = DCRuntime.dcomp_equals(this.variant, Validator.VAR_TSA_SERVER);
                            DCRuntime.discard_tag(1);
                            if (!dcomp_equals7) {
                                CertificateException certificateException = new CertificateException(new StringBuilder((DCompMarker) null).append("Unknown variant: ", (DCompMarker) null).append(this.variant, (DCompMarker) null).toString(), (DCompMarker) null);
                                DCRuntime.throw_op();
                                throw certificateException;
                            }
                            checkTSAServer(x509Certificate, null);
                        }
                    }
                }
            }
        }
        DCRuntime.normal_exit();
    }

    /* JADX WARN: Type inference failed for: r0v6, types: [java.lang.Throwable, java.util.Set] */
    private Set getCriticalExtensions(X509Certificate x509Certificate, DCompMarker dCompMarker) {
        DCRuntime.create_tag_frame(RequestStatus.SCHEDULING_ERROR);
        Set criticalExtensionOIDs = x509Certificate.getCriticalExtensionOIDs(null);
        if (criticalExtensionOIDs == null) {
            criticalExtensionOIDs = Collections.emptySet(null);
        }
        ?? r0 = criticalExtensionOIDs;
        DCRuntime.normal_exit();
        return r0;
    }

    /* JADX WARN: Not initialized variable reg: 0, insn: 0x004c: THROW (r0 I:java.lang.Throwable), block:B:10:0x004c */
    private void checkRemainingExtensions(Set set, DCompMarker dCompMarker) throws CertificateException {
        DCRuntime.create_tag_frame("3");
        set.remove("2.5.29.19", null);
        DCRuntime.discard_tag(1);
        boolean isEmpty = set.isEmpty(null);
        DCRuntime.discard_tag(1);
        if (isEmpty) {
            DCRuntime.normal_exit();
        } else {
            CertificateException certificateException = new CertificateException(new StringBuilder((DCompMarker) null).append("Certificate contains unsupported critical extensions: ", (DCompMarker) null).append((Object) set, (DCompMarker) null).toString(), (DCompMarker) null);
            DCRuntime.throw_op();
            throw certificateException;
        }
    }

    /* JADX WARN: Not initialized variable reg: 0, insn: 0x004f: THROW (r0 I:java.lang.Throwable), block:B:16:0x004f */
    private boolean checkEKU(X509Certificate x509Certificate, Set set, String str, DCompMarker dCompMarker) throws CertificateException {
        boolean z;
        DCRuntime.create_tag_frame("6");
        List extendedKeyUsage = x509Certificate.getExtendedKeyUsage(null);
        if (extendedKeyUsage == null) {
            DCRuntime.push_const();
            DCRuntime.normal_exit_primitive();
            return true;
        }
        boolean contains = extendedKeyUsage.contains(str, null);
        DCRuntime.discard_tag(1);
        if (!contains) {
            boolean contains2 = extendedKeyUsage.contains(OID_EKU_ANY_USAGE, null);
            DCRuntime.discard_tag(1);
            if (!contains2) {
                DCRuntime.push_const();
                z = false;
                DCRuntime.normal_exit_primitive();
                return z;
            }
        }
        DCRuntime.push_const();
        z = true;
        DCRuntime.normal_exit_primitive();
        return z;
    }

    /* JADX WARN: Not initialized variable reg: 0, insn: 0x0057: THROW (r0 I:java.lang.Throwable), block:B:16:0x0057 */
    private boolean checkKeyUsage(X509Certificate x509Certificate, int i, DCompMarker dCompMarker) throws CertificateException {
        boolean z;
        Object[] create_tag_frame = DCRuntime.create_tag_frame("62");
        boolean[] keyUsage = x509Certificate.getKeyUsage(null);
        if (keyUsage == null) {
            DCRuntime.push_const();
            DCRuntime.normal_exit_primitive();
            return true;
        }
        DCRuntime.push_array_tag(keyUsage);
        int length = keyUsage.length;
        DCRuntime.push_local_tag(create_tag_frame, 2);
        DCRuntime.cmp_op();
        if (length > i) {
            DCRuntime.push_local_tag(create_tag_frame, 2);
            DCRuntime.primitive_array_load(keyUsage, i);
            boolean z2 = keyUsage[i];
            DCRuntime.discard_tag(1);
            if (z2) {
                DCRuntime.push_const();
                z = true;
                DCRuntime.normal_exit_primitive();
                return z;
            }
        }
        DCRuntime.push_const();
        z = false;
        DCRuntime.normal_exit_primitive();
        return z;
    }

    /* JADX WARN: Not initialized variable reg: 0, insn: 0x00ab: THROW (r0 I:java.lang.Throwable), block:B:18:0x00ab */
    private void checkTLSClient(X509Certificate x509Certificate, DCompMarker dCompMarker) throws CertificateException {
        DCRuntime.create_tag_frame(RequestStatus.SCHEDULING_ERROR);
        Set criticalExtensions = getCriticalExtensions(x509Certificate, null);
        DCRuntime.push_const();
        boolean checkKeyUsage = checkKeyUsage(x509Certificate, 0, null);
        DCRuntime.discard_tag(1);
        if (!checkKeyUsage) {
            ValidatorException validatorException = new ValidatorException("KeyUsage does not allow digital signatures", ValidatorException.T_EE_EXTENSIONS, x509Certificate, (DCompMarker) null);
            DCRuntime.throw_op();
            throw validatorException;
        }
        boolean checkEKU = checkEKU(x509Certificate, criticalExtensions, OID_EKU_TLS_CLIENT, null);
        DCRuntime.discard_tag(1);
        if (!checkEKU) {
            ValidatorException validatorException2 = new ValidatorException("Extended key usage does not permit use for TLS client authentication", ValidatorException.T_EE_EXTENSIONS, x509Certificate, (DCompMarker) null);
            DCRuntime.throw_op();
            throw validatorException2;
        }
        boolean netscapeCertTypeBit = SimpleValidator.getNetscapeCertTypeBit(x509Certificate, "ssl_client", null);
        DCRuntime.discard_tag(1);
        if (!netscapeCertTypeBit) {
            ValidatorException validatorException3 = new ValidatorException("Netscape cert type does not permit use for SSL client", ValidatorException.T_EE_EXTENSIONS, x509Certificate, (DCompMarker) null);
            DCRuntime.throw_op();
            throw validatorException3;
        }
        criticalExtensions.remove("2.5.29.15", null);
        DCRuntime.discard_tag(1);
        criticalExtensions.remove(OID_EXTENDED_KEY_USAGE, null);
        DCRuntime.discard_tag(1);
        criticalExtensions.remove("2.16.840.1.113730.1.1", null);
        DCRuntime.discard_tag(1);
        checkRemainingExtensions(criticalExtensions, null);
        DCRuntime.normal_exit();
    }

    /* JADX WARN: Not initialized variable reg: 0, insn: 0x016e: THROW (r0 I:java.lang.Throwable), block:B:38:0x016e */
    private void checkTLSServer(X509Certificate x509Certificate, String str, DCompMarker dCompMarker) throws CertificateException {
        DCRuntime.create_tag_frame("5");
        Set criticalExtensions = getCriticalExtensions(x509Certificate, null);
        boolean contains = KU_SERVER_ENCRYPTION.contains(str, null);
        DCRuntime.discard_tag(1);
        if (contains) {
            DCRuntime.push_const();
            boolean checkKeyUsage = checkKeyUsage(x509Certificate, 2, null);
            DCRuntime.discard_tag(1);
            if (!checkKeyUsage) {
                ValidatorException validatorException = new ValidatorException("KeyUsage does not allow key encipherment", ValidatorException.T_EE_EXTENSIONS, x509Certificate, (DCompMarker) null);
                DCRuntime.throw_op();
                throw validatorException;
            }
        } else {
            boolean contains2 = KU_SERVER_SIGNATURE.contains(str, null);
            DCRuntime.discard_tag(1);
            if (contains2) {
                DCRuntime.push_const();
                boolean checkKeyUsage2 = checkKeyUsage(x509Certificate, 0, null);
                DCRuntime.discard_tag(1);
                if (!checkKeyUsage2) {
                    ValidatorException validatorException2 = new ValidatorException("KeyUsage does not allow digital signatures", ValidatorException.T_EE_EXTENSIONS, x509Certificate, (DCompMarker) null);
                    DCRuntime.throw_op();
                    throw validatorException2;
                }
            } else {
                boolean contains3 = KU_SERVER_KEY_AGREEMENT.contains(str, null);
                DCRuntime.discard_tag(1);
                if (!contains3) {
                    CertificateException certificateException = new CertificateException(new StringBuilder((DCompMarker) null).append("Unknown authType: ", (DCompMarker) null).append(str, (DCompMarker) null).toString(), (DCompMarker) null);
                    DCRuntime.throw_op();
                    throw certificateException;
                }
                DCRuntime.push_const();
                boolean checkKeyUsage3 = checkKeyUsage(x509Certificate, 4, null);
                DCRuntime.discard_tag(1);
                if (!checkKeyUsage3) {
                    ValidatorException validatorException3 = new ValidatorException("KeyUsage does not allow key agreement", ValidatorException.T_EE_EXTENSIONS, x509Certificate, (DCompMarker) null);
                    DCRuntime.throw_op();
                    throw validatorException3;
                }
            }
        }
        boolean checkEKU = checkEKU(x509Certificate, criticalExtensions, OID_EKU_TLS_SERVER, null);
        DCRuntime.discard_tag(1);
        if (!checkEKU) {
            boolean checkEKU2 = checkEKU(x509Certificate, criticalExtensions, OID_EKU_MS_SGC, null);
            DCRuntime.discard_tag(1);
            if (!checkEKU2) {
                boolean checkEKU3 = checkEKU(x509Certificate, criticalExtensions, OID_EKU_NS_SGC, null);
                DCRuntime.discard_tag(1);
                if (!checkEKU3) {
                    ValidatorException validatorException4 = new ValidatorException("Extended key usage does not permit use for TLS server authentication", ValidatorException.T_EE_EXTENSIONS, x509Certificate, (DCompMarker) null);
                    DCRuntime.throw_op();
                    throw validatorException4;
                }
            }
        }
        boolean netscapeCertTypeBit = SimpleValidator.getNetscapeCertTypeBit(x509Certificate, "ssl_server", null);
        DCRuntime.discard_tag(1);
        if (!netscapeCertTypeBit) {
            ValidatorException validatorException5 = new ValidatorException("Netscape cert type does not permit use for SSL server", ValidatorException.T_EE_EXTENSIONS, x509Certificate, (DCompMarker) null);
            DCRuntime.throw_op();
            throw validatorException5;
        }
        criticalExtensions.remove("2.5.29.15", null);
        DCRuntime.discard_tag(1);
        criticalExtensions.remove(OID_EXTENDED_KEY_USAGE, null);
        DCRuntime.discard_tag(1);
        criticalExtensions.remove("2.16.840.1.113730.1.1", null);
        DCRuntime.discard_tag(1);
        checkRemainingExtensions(criticalExtensions, null);
        DCRuntime.normal_exit();
    }

    /* JADX WARN: Not initialized variable reg: 0, insn: 0x00bb: THROW (r0 I:java.lang.Throwable), block:B:21:0x00bb */
    private void checkCodeSigning(X509Certificate x509Certificate, DCompMarker dCompMarker) throws CertificateException {
        DCRuntime.create_tag_frame(RequestStatus.SCHEDULING_ERROR);
        Set criticalExtensions = getCriticalExtensions(x509Certificate, null);
        DCRuntime.push_const();
        boolean checkKeyUsage = checkKeyUsage(x509Certificate, 0, null);
        DCRuntime.discard_tag(1);
        if (!checkKeyUsage) {
            ValidatorException validatorException = new ValidatorException("KeyUsage does not allow digital signatures", ValidatorException.T_EE_EXTENSIONS, x509Certificate, (DCompMarker) null);
            DCRuntime.throw_op();
            throw validatorException;
        }
        boolean checkEKU = checkEKU(x509Certificate, criticalExtensions, OID_EKU_CODE_SIGNING, null);
        DCRuntime.discard_tag(1);
        if (!checkEKU) {
            ValidatorException validatorException2 = new ValidatorException("Extended key usage does not permit use for code signing", ValidatorException.T_EE_EXTENSIONS, x509Certificate, (DCompMarker) null);
            DCRuntime.throw_op();
            throw validatorException2;
        }
        boolean dcomp_equals = DCRuntime.dcomp_equals(this.variant, Validator.VAR_JCE_SIGNING);
        DCRuntime.discard_tag(1);
        if (!dcomp_equals) {
            boolean netscapeCertTypeBit = SimpleValidator.getNetscapeCertTypeBit(x509Certificate, "object_signing", null);
            DCRuntime.discard_tag(1);
            if (!netscapeCertTypeBit) {
                ValidatorException validatorException3 = new ValidatorException("Netscape cert type does not permit use for code signing", ValidatorException.T_EE_EXTENSIONS, x509Certificate, (DCompMarker) null);
                DCRuntime.throw_op();
                throw validatorException3;
            }
            criticalExtensions.remove("2.16.840.1.113730.1.1", null);
            DCRuntime.discard_tag(1);
        }
        criticalExtensions.remove("2.5.29.15", null);
        DCRuntime.discard_tag(1);
        criticalExtensions.remove(OID_EXTENDED_KEY_USAGE, null);
        DCRuntime.discard_tag(1);
        checkRemainingExtensions(criticalExtensions, null);
        DCRuntime.normal_exit();
    }

    /* JADX WARN: Not initialized variable reg: 0, insn: 0x0097: THROW (r0 I:java.lang.Throwable), block:B:18:0x0097 */
    private void checkTSAServer(X509Certificate x509Certificate, DCompMarker dCompMarker) throws CertificateException {
        DCRuntime.create_tag_frame(RequestStatus.SCHEDULING_ERROR);
        Set criticalExtensions = getCriticalExtensions(x509Certificate, null);
        DCRuntime.push_const();
        boolean checkKeyUsage = checkKeyUsage(x509Certificate, 0, null);
        DCRuntime.discard_tag(1);
        if (!checkKeyUsage) {
            ValidatorException validatorException = new ValidatorException("KeyUsage does not allow digital signatures", ValidatorException.T_EE_EXTENSIONS, x509Certificate, (DCompMarker) null);
            DCRuntime.throw_op();
            throw validatorException;
        }
        if (x509Certificate.getExtendedKeyUsage(null) == null) {
            ValidatorException validatorException2 = new ValidatorException("Certificate does not contain an extended key usage extension required for a TSA server", ValidatorException.T_EE_EXTENSIONS, x509Certificate, (DCompMarker) null);
            DCRuntime.throw_op();
            throw validatorException2;
        }
        boolean checkEKU = checkEKU(x509Certificate, criticalExtensions, OID_EKU_TIME_STAMPING, null);
        DCRuntime.discard_tag(1);
        if (!checkEKU) {
            ValidatorException validatorException3 = new ValidatorException("Extended key usage does not permit use for TSA server", ValidatorException.T_EE_EXTENSIONS, x509Certificate, (DCompMarker) null);
            DCRuntime.throw_op();
            throw validatorException3;
        }
        criticalExtensions.remove("2.5.29.15", null);
        DCRuntime.discard_tag(1);
        criticalExtensions.remove(OID_EXTENDED_KEY_USAGE, null);
        DCRuntime.discard_tag(1);
        checkRemainingExtensions(criticalExtensions, null);
        DCRuntime.normal_exit();
    }

    /* JADX WARN: Type inference failed for: r0v4, types: [java.lang.Throwable, boolean] */
    protected boolean equals(Object obj, DCompMarker dCompMarker) {
        DCRuntime.create_tag_frame("3");
        ?? dcomp_super_equals = DCRuntime.dcomp_super_equals(this, obj);
        DCRuntime.normal_exit_primitive();
        return dcomp_super_equals;
    }

    /* JADX WARN: Type inference failed for: r0v4, types: [java.lang.Throwable, boolean] */
    public boolean equals_dcomp_instrumented(Object obj, DCompMarker dCompMarker) {
        DCRuntime.create_tag_frame("3");
        ?? equals = equals(obj, null, null);
        DCRuntime.normal_exit_primitive();
        return equals;
    }
}
