package sun.security.provider.certpath;

import daikon.dcomp.DCRuntime;
import daikon.dcomp.DCompClone;
import java.io.IOException;
import java.security.cert.CertPathValidatorException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.PKIXCertPathChecker;
import java.security.cert.X509Certificate;
import java.util.Collection;
import java.util.Collections;
import java.util.HashSet;
import java.util.Set;
import sun.security.util.Debug;
import sun.security.x509.NameConstraintsExtension;
import sun.security.x509.PKIXExtensions;
import sun.security.x509.X509CertImpl;

/* loaded from: input_file:dcomp-rt/sun/security/provider/certpath/ConstraintsChecker.class */
class ConstraintsChecker extends PKIXCertPathChecker {
    private static final Debug debug = Debug.getInstance("certpath");
    private final int certPathLength;
    private int maxPathLength;
    private int i;
    private NameConstraintsExtension prevNC;
    private static Set<String> supportedExts;

    /* JADX INFO: Access modifiers changed from: package-private */
    public ConstraintsChecker(int i) throws CertPathValidatorException {
        this.certPathLength = i;
        init(false);
    }

    @Override // java.security.cert.PKIXCertPathChecker
    public void init(boolean z) throws CertPathValidatorException {
        if (z) {
            throw new CertPathValidatorException("forward checking not supported");
        }
        this.i = 0;
        this.maxPathLength = this.certPathLength;
        this.prevNC = null;
    }

    @Override // java.security.cert.PKIXCertPathChecker
    public boolean isForwardCheckingSupported() {
        return false;
    }

    @Override // java.security.cert.PKIXCertPathChecker
    public Set<String> getSupportedExtensions() {
        if (supportedExts == null) {
            supportedExts = new HashSet();
            supportedExts.add(PKIXExtensions.BasicConstraints_Id.toString());
            supportedExts.add(PKIXExtensions.NameConstraints_Id.toString());
            supportedExts = Collections.unmodifiableSet(supportedExts);
        }
        return supportedExts;
    }

    @Override // java.security.cert.PKIXCertPathChecker
    public void check(Certificate certificate, Collection<String> collection) throws CertPathValidatorException {
        X509Certificate x509Certificate = (X509Certificate) certificate;
        this.i++;
        checkBasicConstraints(x509Certificate);
        verifyNameConstraints(x509Certificate);
        if (collection == null || collection.isEmpty()) {
            return;
        }
        collection.remove(PKIXExtensions.BasicConstraints_Id.toString());
        collection.remove(PKIXExtensions.NameConstraints_Id.toString());
    }

    private void verifyNameConstraints(X509Certificate x509Certificate) throws CertPathValidatorException {
        if (debug != null) {
            debug.println("---checking name constraints...");
        }
        if (this.prevNC != null && (this.i == this.certPathLength || !X509CertImpl.isSelfIssued(x509Certificate))) {
            if (debug != null) {
                debug.println("prevNC = " + ((Object) this.prevNC));
                debug.println("currDN = " + ((Object) x509Certificate.getSubjectX500Principal()));
            }
            try {
                if (!this.prevNC.verify(x509Certificate)) {
                    throw new CertPathValidatorException("name constraints check failed");
                }
            } catch (IOException e) {
                throw new CertPathValidatorException(e);
            }
        }
        this.prevNC = mergeNameConstraints(x509Certificate, this.prevNC);
        if (debug != null) {
            debug.println("name constraints verified.");
        }
    }

    static NameConstraintsExtension mergeNameConstraints(X509Certificate x509Certificate, NameConstraintsExtension nameConstraintsExtension) throws CertPathValidatorException {
        try {
            NameConstraintsExtension nameConstraintsExtension2 = X509CertImpl.toImpl(x509Certificate).getNameConstraintsExtension();
            if (debug != null) {
                debug.println("prevNC = " + ((Object) nameConstraintsExtension));
                debug.println("newNC = " + String.valueOf(nameConstraintsExtension2));
            }
            if (nameConstraintsExtension == null) {
                if (debug != null) {
                    debug.println("mergedNC = " + String.valueOf(nameConstraintsExtension2));
                }
                return nameConstraintsExtension2 == null ? nameConstraintsExtension2 : (NameConstraintsExtension) nameConstraintsExtension2.clone();
            }
            try {
                nameConstraintsExtension.merge(nameConstraintsExtension2);
                if (debug != null) {
                    debug.println("mergedNC = " + ((Object) nameConstraintsExtension));
                }
                return nameConstraintsExtension;
            } catch (IOException e) {
                throw new CertPathValidatorException(e);
            }
        } catch (CertificateException e2) {
            throw new CertPathValidatorException(e2);
        }
    }

    private void checkBasicConstraints(X509Certificate x509Certificate) throws CertPathValidatorException {
        if (debug != null) {
            debug.println("---checking basic constraints...");
            debug.println("i = " + this.i);
            debug.println("maxPathLength = " + this.maxPathLength);
        }
        if (this.i < this.certPathLength) {
            int basicConstraints = x509Certificate.getBasicConstraints();
            if (basicConstraints == -1) {
                throw new CertPathValidatorException("basic constraints check failed: this is not a CA certificate");
            }
            if (!X509CertImpl.isSelfIssued(x509Certificate)) {
                if (this.maxPathLength <= 0) {
                    throw new CertPathValidatorException("basic constraints check failed: pathLenConstraint violated - this cert must be the last cert in the certification path");
                }
                this.maxPathLength--;
            }
            if (basicConstraints < this.maxPathLength) {
                this.maxPathLength = basicConstraints;
            }
        }
        if (debug != null) {
            debug.println("after processing, maxPathLength = " + this.maxPathLength);
            debug.println("basic constraints verified.");
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static int mergeBasicConstraints(X509Certificate x509Certificate, int i) {
        int basicConstraints = x509Certificate.getBasicConstraints();
        if (!X509CertImpl.isSelfIssued(x509Certificate)) {
            i--;
        }
        if (basicConstraints < i) {
            i = basicConstraints;
        }
        return i;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* JADX WARN: 'super' call moved to the top of the method (can break code semantics) */
    /* JADX WARN: Multi-variable type inference failed */
    public ConstraintsChecker(int i, DCompMarker dCompMarker) throws CertPathValidatorException {
        super(null);
        Object[] create_tag_frame = DCRuntime.create_tag_frame("41");
        DCRuntime.push_local_tag(create_tag_frame, 1);
        certPathLength_sun_security_provider_certpath_ConstraintsChecker__$set_tag();
        this.certPathLength = i;
        DCRuntime.push_const();
        init(false, null);
        DCRuntime.normal_exit();
    }

    /* JADX WARN: Not initialized variable reg: 0, insn: 0x0050: THROW (r0 I:java.lang.Throwable), block:B:11:0x0050 */
    @Override // java.security.cert.PKIXCertPathChecker
    public void init(boolean z, DCompMarker dCompMarker) throws CertPathValidatorException {
        DCRuntime.push_local_tag(DCRuntime.create_tag_frame("41"), 1);
        DCRuntime.discard_tag(1);
        if (z) {
            CertPathValidatorException certPathValidatorException = new CertPathValidatorException("forward checking not supported", (DCompMarker) null);
            DCRuntime.throw_op();
            throw certPathValidatorException;
        }
        DCRuntime.push_const();
        i_sun_security_provider_certpath_ConstraintsChecker__$set_tag();
        this.i = 0;
        certPathLength_sun_security_provider_certpath_ConstraintsChecker__$get_tag();
        int i = this.certPathLength;
        maxPathLength_sun_security_provider_certpath_ConstraintsChecker__$set_tag();
        this.maxPathLength = i;
        this.prevNC = null;
        DCRuntime.normal_exit();
    }

    @Override // java.security.cert.PKIXCertPathChecker
    public boolean isForwardCheckingSupported(DCompMarker dCompMarker) {
        DCRuntime.create_tag_frame("2");
        DCRuntime.push_const();
        DCRuntime.normal_exit_primitive();
        return false;
    }

    /* JADX WARN: Type inference failed for: r0v4, types: [java.lang.Throwable, java.util.Set, java.util.Set<java.lang.String>] */
    @Override // java.security.cert.PKIXCertPathChecker
    public Set getSupportedExtensions(DCompMarker dCompMarker) {
        DCRuntime.create_tag_frame("2");
        if (supportedExts == null) {
            supportedExts = new HashSet((DCompMarker) null);
            supportedExts.add(PKIXExtensions.BasicConstraints_Id.toString(), null);
            DCRuntime.discard_tag(1);
            supportedExts.add(PKIXExtensions.NameConstraints_Id.toString(), null);
            DCRuntime.discard_tag(1);
            supportedExts = Collections.unmodifiableSet(supportedExts, null);
        }
        ?? r0 = supportedExts;
        DCRuntime.normal_exit();
        return r0;
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r0v11, types: [java.lang.Throwable] */
    /* JADX WARN: Type inference failed for: r0v18 */
    /* JADX WARN: Type inference failed for: r0v19 */
    /* JADX WARN: Type inference failed for: r0v20 */
    @Override // java.security.cert.PKIXCertPathChecker
    public void check(Certificate certificate, Collection collection, DCompMarker dCompMarker) throws CertPathValidatorException {
        DCRuntime.create_tag_frame("5");
        X509Certificate x509Certificate = (X509Certificate) certificate;
        i_sun_security_provider_certpath_ConstraintsChecker__$get_tag();
        int i = this.i;
        DCRuntime.push_const();
        DCRuntime.binary_tag_op();
        i_sun_security_provider_certpath_ConstraintsChecker__$set_tag();
        this.i = i + 1;
        checkBasicConstraints(x509Certificate, null);
        verifyNameConstraints(x509Certificate, null);
        Collection collection2 = collection;
        ?? r0 = collection2;
        if (collection2 != null) {
            boolean isEmpty = collection.isEmpty(null);
            DCRuntime.discard_tag(1);
            r0 = isEmpty;
            if (!isEmpty) {
                collection.remove(PKIXExtensions.BasicConstraints_Id.toString(), null);
                DCRuntime.discard_tag(1);
                boolean remove = collection.remove(PKIXExtensions.NameConstraints_Id.toString(), null);
                DCRuntime.discard_tag(1);
                r0 = remove;
            }
        }
        DCRuntime.normal_exit();
    }

    /* JADX WARN: Code restructure failed: missing block: B:10:0x005a, code lost:
    
        if (r0 == false) goto L11;
     */
    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r0v12, types: [sun.security.util.Debug] */
    /* JADX WARN: Type inference failed for: r0v20, types: [sun.security.util.Debug] */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    private void verifyNameConstraints(java.security.cert.X509Certificate r7, java.lang.DCompMarker r8) throws java.security.cert.CertPathValidatorException {
        /*
            Method dump skipped, instructions count: 289
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: sun.security.provider.certpath.ConstraintsChecker.verifyNameConstraints(java.security.cert.X509Certificate, java.lang.DCompMarker):void");
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r0v0, types: [java.lang.Throwable] */
    /* JADX WARN: Type inference failed for: r0v11, types: [sun.security.x509.NameConstraintsExtension] */
    /* JADX WARN: Type inference failed for: r0v2, types: [java.lang.Object[]] */
    /* JADX WARN: Type inference failed for: r0v5, types: [sun.security.x509.X509CertImpl] */
    /* JADX WARN: Type inference failed for: r0v9 */
    static NameConstraintsExtension mergeNameConstraints(X509Certificate x509Certificate, NameConstraintsExtension nameConstraintsExtension, DCompMarker dCompMarker) throws CertPathValidatorException {
        ?? r0 = DCRuntime.create_tag_frame("6");
        try {
            r0 = X509CertImpl.toImpl(x509Certificate, null);
            NameConstraintsExtension nameConstraintsExtension2 = r0.getNameConstraintsExtension(null);
            if (debug != null) {
                debug.println(new StringBuilder((DCompMarker) null).append("prevNC = ", (DCompMarker) null).append((Object) nameConstraintsExtension, (DCompMarker) null).toString(), (DCompMarker) null);
                debug.println(new StringBuilder((DCompMarker) null).append("newNC = ", (DCompMarker) null).append(String.valueOf(nameConstraintsExtension2, (DCompMarker) null), (DCompMarker) null).toString(), (DCompMarker) null);
            }
            r0 = nameConstraintsExtension;
            if (r0 == 0) {
                if (debug != null) {
                    debug.println(new StringBuilder((DCompMarker) null).append("mergedNC = ", (DCompMarker) null).append(String.valueOf(nameConstraintsExtension2, (DCompMarker) null), (DCompMarker) null).toString(), (DCompMarker) null);
                }
                if (nameConstraintsExtension2 == null) {
                    DCRuntime.normal_exit();
                    return nameConstraintsExtension2;
                }
                NameConstraintsExtension nameConstraintsExtension3 = (NameConstraintsExtension) (nameConstraintsExtension2 instanceof DCompClone ? nameConstraintsExtension2.clone(null) : DCRuntime.uninstrumented_clone(nameConstraintsExtension2, nameConstraintsExtension2.clone()));
                DCRuntime.normal_exit();
                return nameConstraintsExtension3;
            }
            try {
                r0 = nameConstraintsExtension;
                r0.merge(nameConstraintsExtension2, null);
                if (debug != null) {
                    debug.println(new StringBuilder((DCompMarker) null).append("mergedNC = ", (DCompMarker) null).append((Object) nameConstraintsExtension, (DCompMarker) null).toString(), (DCompMarker) null);
                }
                DCRuntime.normal_exit();
                return nameConstraintsExtension;
            } catch (IOException e) {
                CertPathValidatorException certPathValidatorException = new CertPathValidatorException(e, (DCompMarker) null);
                DCRuntime.throw_op();
                throw certPathValidatorException;
            }
        } catch (CertificateException e2) {
            CertPathValidatorException certPathValidatorException2 = new CertPathValidatorException(e2, (DCompMarker) null);
            DCRuntime.throw_op();
            throw certPathValidatorException2;
        }
    }

    /* JADX WARN: Not initialized variable reg: 0, insn: 0x01b2: THROW (r0 I:java.lang.Throwable), block:B:28:0x01b2 */
    private void checkBasicConstraints(X509Certificate x509Certificate, DCompMarker dCompMarker) throws CertPathValidatorException {
        Object[] create_tag_frame = DCRuntime.create_tag_frame("6");
        if (debug != null) {
            debug.println(new StringBuilder((DCompMarker) null).append("---checking ", (DCompMarker) null).append("basic constraints", (DCompMarker) null).append("...", (DCompMarker) null).toString(), (DCompMarker) null);
            Debug debug2 = debug;
            StringBuilder append = new StringBuilder((DCompMarker) null).append("i = ", (DCompMarker) null);
            i_sun_security_provider_certpath_ConstraintsChecker__$get_tag();
            debug2.println(append.append(this.i, (DCompMarker) null).toString(), (DCompMarker) null);
            Debug debug3 = debug;
            StringBuilder append2 = new StringBuilder((DCompMarker) null).append("maxPathLength = ", (DCompMarker) null);
            maxPathLength_sun_security_provider_certpath_ConstraintsChecker__$get_tag();
            debug3.println(append2.append(this.maxPathLength, (DCompMarker) null).toString(), (DCompMarker) null);
        }
        i_sun_security_provider_certpath_ConstraintsChecker__$get_tag();
        int i = this.i;
        certPathLength_sun_security_provider_certpath_ConstraintsChecker__$get_tag();
        int i2 = this.certPathLength;
        DCRuntime.cmp_op();
        if (i < i2) {
            int basicConstraints = x509Certificate.getBasicConstraints(null);
            DCRuntime.pop_local_tag(create_tag_frame, 4);
            DCRuntime.push_local_tag(create_tag_frame, 4);
            DCRuntime.push_const();
            DCRuntime.cmp_op();
            if (basicConstraints == -1) {
                CertPathValidatorException certPathValidatorException = new CertPathValidatorException(new StringBuilder((DCompMarker) null).append("basic constraints", (DCompMarker) null).append(" check failed: ", (DCompMarker) null).append("this is not a CA certificate", (DCompMarker) null).toString(), (DCompMarker) null);
                DCRuntime.throw_op();
                throw certPathValidatorException;
            }
            boolean isSelfIssued = X509CertImpl.isSelfIssued(x509Certificate, null);
            DCRuntime.discard_tag(1);
            if (!isSelfIssued) {
                maxPathLength_sun_security_provider_certpath_ConstraintsChecker__$get_tag();
                int i3 = this.maxPathLength;
                DCRuntime.discard_tag(1);
                if (i3 <= 0) {
                    CertPathValidatorException certPathValidatorException2 = new CertPathValidatorException(new StringBuilder((DCompMarker) null).append("basic constraints", (DCompMarker) null).append(" check failed: pathLenConstraint violated - ", (DCompMarker) null).append("this cert must be the last cert in the ", (DCompMarker) null).append("certification path", (DCompMarker) null).toString(), (DCompMarker) null);
                    DCRuntime.throw_op();
                    throw certPathValidatorException2;
                }
                maxPathLength_sun_security_provider_certpath_ConstraintsChecker__$get_tag();
                int i4 = this.maxPathLength;
                DCRuntime.push_const();
                DCRuntime.binary_tag_op();
                maxPathLength_sun_security_provider_certpath_ConstraintsChecker__$set_tag();
                this.maxPathLength = i4 - 1;
            }
            DCRuntime.push_local_tag(create_tag_frame, 4);
            maxPathLength_sun_security_provider_certpath_ConstraintsChecker__$get_tag();
            int i5 = this.maxPathLength;
            DCRuntime.cmp_op();
            if (basicConstraints < i5) {
                DCRuntime.push_local_tag(create_tag_frame, 4);
                maxPathLength_sun_security_provider_certpath_ConstraintsChecker__$set_tag();
                this.maxPathLength = basicConstraints;
            }
        }
        if (debug != null) {
            Debug debug4 = debug;
            StringBuilder append3 = new StringBuilder((DCompMarker) null).append("after processing, maxPathLength = ", (DCompMarker) null);
            maxPathLength_sun_security_provider_certpath_ConstraintsChecker__$get_tag();
            debug4.println(append3.append(this.maxPathLength, (DCompMarker) null).toString(), (DCompMarker) null);
            debug.println(new StringBuilder((DCompMarker) null).append("basic constraints", (DCompMarker) null).append(" verified.", (DCompMarker) null).toString(), (DCompMarker) null);
        }
        DCRuntime.normal_exit();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* JADX WARN: Type inference failed for: r0v10, types: [java.lang.Throwable, int] */
    public static int mergeBasicConstraints(X509Certificate x509Certificate, int i, DCompMarker dCompMarker) {
        Object[] create_tag_frame = DCRuntime.create_tag_frame("51");
        int basicConstraints = x509Certificate.getBasicConstraints(null);
        DCRuntime.pop_local_tag(create_tag_frame, 3);
        boolean isSelfIssued = X509CertImpl.isSelfIssued(x509Certificate, null);
        DCRuntime.discard_tag(1);
        if (!isSelfIssued) {
            i--;
        }
        DCRuntime.push_local_tag(create_tag_frame, 3);
        DCRuntime.push_local_tag(create_tag_frame, 1);
        int i2 = i;
        DCRuntime.cmp_op();
        if (basicConstraints < i2) {
            DCRuntime.push_local_tag(create_tag_frame, 3);
            DCRuntime.pop_local_tag(create_tag_frame, 1);
            i = basicConstraints;
        }
        DCRuntime.push_local_tag(create_tag_frame, 1);
        ?? r0 = i;
        DCRuntime.normal_exit_primitive();
        return r0;
    }

    public final void certPathLength_sun_security_provider_certpath_ConstraintsChecker__$get_tag() {
        DCRuntime.push_field_tag(this, 0);
    }

    private final void certPathLength_sun_security_provider_certpath_ConstraintsChecker__$set_tag() {
        DCRuntime.pop_field_tag(this, 0);
    }

    public final void maxPathLength_sun_security_provider_certpath_ConstraintsChecker__$get_tag() {
        DCRuntime.push_field_tag(this, 1);
    }

    private final void maxPathLength_sun_security_provider_certpath_ConstraintsChecker__$set_tag() {
        DCRuntime.pop_field_tag(this, 1);
    }

    public final void i_sun_security_provider_certpath_ConstraintsChecker__$get_tag() {
        DCRuntime.push_field_tag(this, 2);
    }

    private final void i_sun_security_provider_certpath_ConstraintsChecker__$set_tag() {
        DCRuntime.pop_field_tag(this, 2);
    }
}
