package sun.security.provider.certpath;

import daikon.dcomp.DCRuntime;
import java.security.KeyFactory;
import java.security.PublicKey;
import java.security.cert.CertPathValidatorException;
import java.security.cert.Certificate;
import java.security.cert.PKIXCertPathChecker;
import java.security.cert.X509Certificate;
import java.security.interfaces.DSAParams;
import java.security.interfaces.DSAPublicKey;
import java.security.spec.DSAPublicKeySpec;
import java.util.Collection;
import java.util.Date;
import java.util.Set;
import javax.security.auth.x500.X500Principal;
import net.fortuna.ical4j.model.property.RequestStatus;
import org.tmatesoft.svn.core.internal.wc.admin.SVNLog;
import sun.security.util.Debug;
import sun.security.x509.X500Name;
import sun.security.x509.X509CertImpl;
import weka.core.json.JSONInstances;

/* loaded from: input_file:dcomp-rt/sun/security/provider/certpath/BasicChecker.class */
class BasicChecker extends PKIXCertPathChecker {
    private static final Debug debug = Debug.getInstance("certpath");
    private final PublicKey trustedPubKey;
    private final X500Principal caName;
    private final Date testDate;
    private final String sigProvider;
    private final boolean sigOnly;
    private X500Principal prevSubject;
    private PublicKey prevPubKey;

    /* JADX INFO: Access modifiers changed from: package-private */
    public BasicChecker(PublicKey publicKey, X500Principal x500Principal, Date date, String str, boolean z) throws CertPathValidatorException {
        this.trustedPubKey = publicKey;
        this.caName = x500Principal;
        this.testDate = date;
        this.sigProvider = str;
        this.sigOnly = z;
        init(false);
    }

    @Override // java.security.cert.PKIXCertPathChecker
    public void init(boolean z) throws CertPathValidatorException {
        if (z) {
            throw new CertPathValidatorException("forward checking not supported");
        }
        this.prevPubKey = this.trustedPubKey;
        this.prevSubject = this.caName;
    }

    @Override // java.security.cert.PKIXCertPathChecker
    public boolean isForwardCheckingSupported() {
        return false;
    }

    @Override // java.security.cert.PKIXCertPathChecker
    public Set<String> getSupportedExtensions() {
        return null;
    }

    @Override // java.security.cert.PKIXCertPathChecker
    public void check(Certificate certificate, Collection<String> collection) throws CertPathValidatorException {
        X509Certificate x509Certificate = (X509Certificate) certificate;
        if (!this.sigOnly) {
            verifyTimestamp(x509Certificate, this.testDate);
            verifyNameChaining(x509Certificate, this.prevSubject);
        }
        verifySignature(x509Certificate, this.prevPubKey, this.sigProvider);
        updateState(x509Certificate);
    }

    private void verifySignature(X509Certificate x509Certificate, PublicKey publicKey, String str) throws CertPathValidatorException {
        if (debug != null) {
            debug.println("---checking " + X509CertImpl.SIGNATURE + "...");
        }
        try {
            x509Certificate.verify(publicKey, str);
            if (debug != null) {
                debug.println(X509CertImpl.SIGNATURE + " verified.");
            }
        } catch (Exception e) {
            if (debug != null) {
                debug.println(e.getMessage());
                e.printStackTrace();
            }
            throw new CertPathValidatorException(X509CertImpl.SIGNATURE + " check failed", e);
        }
    }

    private void verifyTimestamp(X509Certificate x509Certificate, Date date) throws CertPathValidatorException {
        if (debug != null) {
            debug.println("---checking " + SVNLog.TIMESTAMP_ATTR + JSONInstances.SPARSE_SEPARATOR + date.toString() + "...");
        }
        try {
            x509Certificate.checkValidity(date);
            if (debug != null) {
                debug.println(SVNLog.TIMESTAMP_ATTR + " verified.");
            }
        } catch (Exception e) {
            if (debug != null) {
                debug.println(e.getMessage());
                e.printStackTrace();
            }
            throw new CertPathValidatorException(SVNLog.TIMESTAMP_ATTR + " check failed", e);
        }
    }

    private void verifyNameChaining(X509Certificate x509Certificate, X500Principal x500Principal) throws CertPathValidatorException {
        if (x500Principal != null) {
            if (debug != null) {
                debug.println("---checking subject/issuer name chaining...");
            }
            X500Principal issuerX500Principal = x509Certificate.getIssuerX500Principal();
            if (X500Name.asX500Name(issuerX500Principal).isEmpty()) {
                throw new CertPathValidatorException("subject/issuer name chaining check failed: empty/null issuer DN in certificate is invalid");
            }
            if (!issuerX500Principal.equals(x500Principal)) {
                throw new CertPathValidatorException("subject/issuer name chaining check failed");
            }
            if (debug != null) {
                debug.println("subject/issuer name chaining verified.");
            }
        }
    }

    private void updateState(X509Certificate x509Certificate) throws CertPathValidatorException {
        PublicKey publicKey = x509Certificate.getPublicKey();
        if (debug != null) {
            debug.println("BasicChecker.updateState issuer: " + x509Certificate.getIssuerX500Principal().toString() + "; subject: " + ((Object) x509Certificate.getSubjectX500Principal()) + "; serial#: " + x509Certificate.getSerialNumber().toString());
        }
        if ((publicKey instanceof DSAPublicKey) && ((DSAPublicKey) publicKey).getParams() == null) {
            publicKey = makeInheritedParamsKey(publicKey, this.prevPubKey);
            if (debug != null) {
                debug.println("BasicChecker.updateState Made key with inherited params");
            }
        }
        this.prevPubKey = publicKey;
        this.prevSubject = x509Certificate.getSubjectX500Principal();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static PublicKey makeInheritedParamsKey(PublicKey publicKey, PublicKey publicKey2) throws CertPathValidatorException {
        if (!(publicKey instanceof DSAPublicKey) || !(publicKey2 instanceof DSAPublicKey)) {
            throw new CertPathValidatorException("Input key is not appropriate type for inheriting parameters");
        }
        DSAParams params = ((DSAPublicKey) publicKey2).getParams();
        if (params == null) {
            throw new CertPathValidatorException("Key parameters missing");
        }
        try {
            return KeyFactory.getInstance("DSA").generatePublic(new DSAPublicKeySpec(((DSAPublicKey) publicKey).getY(), params.getP(), params.getQ(), params.getG()));
        } catch (Exception e) {
            throw new CertPathValidatorException("Unable to generate key with inherited parameters: " + e.getMessage(), e);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public PublicKey getPublicKey() {
        return this.prevPubKey;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* JADX WARN: 'super' call moved to the top of the method (can break code semantics) */
    /* JADX WARN: Multi-variable type inference failed */
    public BasicChecker(PublicKey publicKey, X500Principal x500Principal, Date date, String str, boolean z, DCompMarker dCompMarker) throws CertPathValidatorException {
        super(null);
        Object[] create_tag_frame = DCRuntime.create_tag_frame("85");
        this.trustedPubKey = publicKey;
        this.caName = x500Principal;
        this.testDate = date;
        this.sigProvider = str;
        DCRuntime.push_local_tag(create_tag_frame, 5);
        sigOnly_sun_security_provider_certpath_BasicChecker__$set_tag();
        this.sigOnly = z;
        DCRuntime.push_const();
        init(false, null);
        DCRuntime.normal_exit();
    }

    /* JADX WARN: Not initialized variable reg: 0, insn: 0x003c: THROW (r0 I:java.lang.Throwable), block:B:11:0x003c */
    @Override // java.security.cert.PKIXCertPathChecker
    public void init(boolean z, DCompMarker dCompMarker) throws CertPathValidatorException {
        DCRuntime.push_local_tag(DCRuntime.create_tag_frame("41"), 1);
        DCRuntime.discard_tag(1);
        if (z) {
            CertPathValidatorException certPathValidatorException = new CertPathValidatorException("forward checking not supported", (DCompMarker) null);
            DCRuntime.throw_op();
            throw certPathValidatorException;
        }
        this.prevPubKey = this.trustedPubKey;
        this.prevSubject = this.caName;
        DCRuntime.normal_exit();
    }

    @Override // java.security.cert.PKIXCertPathChecker
    public boolean isForwardCheckingSupported(DCompMarker dCompMarker) {
        DCRuntime.create_tag_frame("2");
        DCRuntime.push_const();
        DCRuntime.normal_exit_primitive();
        return false;
    }

    @Override // java.security.cert.PKIXCertPathChecker
    public Set getSupportedExtensions(DCompMarker dCompMarker) {
        DCRuntime.create_tag_frame("2");
        DCRuntime.normal_exit();
        return null;
    }

    /* JADX WARN: Multi-variable type inference failed */
    @Override // java.security.cert.PKIXCertPathChecker
    public void check(Certificate certificate, Collection collection, DCompMarker dCompMarker) throws CertPathValidatorException {
        DCRuntime.create_tag_frame("5");
        X509Certificate x509Certificate = (X509Certificate) certificate;
        sigOnly_sun_security_provider_certpath_BasicChecker__$get_tag();
        boolean z = this.sigOnly;
        DCRuntime.discard_tag(1);
        if (!z) {
            verifyTimestamp(x509Certificate, this.testDate, null);
            verifyNameChaining(x509Certificate, this.prevSubject, null);
        }
        verifySignature(x509Certificate, this.prevPubKey, this.sigProvider, null);
        updateState(x509Certificate, null);
        DCRuntime.normal_exit();
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r0v0, types: [java.lang.Throwable] */
    /* JADX WARN: Type inference failed for: r0v10, types: [java.security.cert.X509Certificate] */
    /* JADX WARN: Type inference failed for: r0v14 */
    /* JADX WARN: Type inference failed for: r0v15 */
    /* JADX WARN: Type inference failed for: r0v5 */
    private void verifySignature(X509Certificate x509Certificate, PublicKey publicKey, String str, DCompMarker dCompMarker) throws CertPathValidatorException {
        DCRuntime.create_tag_frame("7");
        Debug debug2 = debug;
        ?? r0 = debug2;
        if (debug2 != null) {
            Debug debug3 = debug;
            debug3.println(new StringBuilder((DCompMarker) null).append("---checking ", (DCompMarker) null).append(X509CertImpl.SIGNATURE, (DCompMarker) null).append("...", (DCompMarker) null).toString(), (DCompMarker) null);
            r0 = debug3;
        }
        try {
            r0 = x509Certificate;
            r0.verify(publicKey, str, null);
            if (debug != null) {
                debug.println(new StringBuilder((DCompMarker) null).append(X509CertImpl.SIGNATURE, (DCompMarker) null).append(" verified.", (DCompMarker) null).toString(), (DCompMarker) null);
            }
            DCRuntime.normal_exit();
        } catch (Exception e) {
            if (debug != null) {
                debug.println(e.getMessage(null), (DCompMarker) null);
                e.printStackTrace((DCompMarker) null);
            }
            CertPathValidatorException certPathValidatorException = new CertPathValidatorException(new StringBuilder((DCompMarker) null).append(X509CertImpl.SIGNATURE, (DCompMarker) null).append(" check failed", (DCompMarker) null).toString(), e, null);
            DCRuntime.throw_op();
            throw certPathValidatorException;
        }
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r0v0, types: [java.lang.Throwable] */
    /* JADX WARN: Type inference failed for: r0v10, types: [java.security.cert.X509Certificate] */
    /* JADX WARN: Type inference failed for: r0v14 */
    /* JADX WARN: Type inference failed for: r0v15 */
    /* JADX WARN: Type inference failed for: r0v5 */
    private void verifyTimestamp(X509Certificate x509Certificate, Date date, DCompMarker dCompMarker) throws CertPathValidatorException {
        DCRuntime.create_tag_frame("6");
        Debug debug2 = debug;
        ?? r0 = debug2;
        if (debug2 != null) {
            Debug debug3 = debug;
            debug3.println(new StringBuilder((DCompMarker) null).append("---checking ", (DCompMarker) null).append(SVNLog.TIMESTAMP_ATTR, (DCompMarker) null).append(JSONInstances.SPARSE_SEPARATOR, (DCompMarker) null).append(date.toString(), (DCompMarker) null).append("...", (DCompMarker) null).toString(), (DCompMarker) null);
            r0 = debug3;
        }
        try {
            r0 = x509Certificate;
            r0.checkValidity(date, null);
            if (debug != null) {
                debug.println(new StringBuilder((DCompMarker) null).append(SVNLog.TIMESTAMP_ATTR, (DCompMarker) null).append(" verified.", (DCompMarker) null).toString(), (DCompMarker) null);
            }
            DCRuntime.normal_exit();
        } catch (Exception e) {
            if (debug != null) {
                debug.println(e.getMessage(null), (DCompMarker) null);
                e.printStackTrace((DCompMarker) null);
            }
            CertPathValidatorException certPathValidatorException = new CertPathValidatorException(new StringBuilder((DCompMarker) null).append(SVNLog.TIMESTAMP_ATTR, (DCompMarker) null).append(" check failed", (DCompMarker) null).toString(), e, null);
            DCRuntime.throw_op();
            throw certPathValidatorException;
        }
    }

    /* JADX WARN: Not initialized variable reg: 0, insn: 0x00d6: THROW (r0 I:java.lang.Throwable), block:B:22:0x00d6 */
    private void verifyNameChaining(X509Certificate x509Certificate, X500Principal x500Principal, DCompMarker dCompMarker) throws CertPathValidatorException {
        DCRuntime.create_tag_frame("6");
        if (x500Principal != null) {
            if (debug != null) {
                debug.println(new StringBuilder((DCompMarker) null).append("---checking ", (DCompMarker) null).append("subject/issuer name chaining", (DCompMarker) null).append("...", (DCompMarker) null).toString(), (DCompMarker) null);
            }
            X500Principal issuerX500Principal = x509Certificate.getIssuerX500Principal(null);
            boolean isEmpty = X500Name.asX500Name(issuerX500Principal, null).isEmpty(null);
            DCRuntime.discard_tag(1);
            if (isEmpty) {
                CertPathValidatorException certPathValidatorException = new CertPathValidatorException(new StringBuilder((DCompMarker) null).append("subject/issuer name chaining", (DCompMarker) null).append(" check failed: ", (DCompMarker) null).append("empty/null issuer DN in certificate is invalid", (DCompMarker) null).toString(), (DCompMarker) null);
                DCRuntime.throw_op();
                throw certPathValidatorException;
            }
            boolean dcomp_equals = DCRuntime.dcomp_equals(issuerX500Principal, x500Principal);
            DCRuntime.discard_tag(1);
            if (!dcomp_equals) {
                CertPathValidatorException certPathValidatorException2 = new CertPathValidatorException(new StringBuilder((DCompMarker) null).append("subject/issuer name chaining", (DCompMarker) null).append(" check failed", (DCompMarker) null).toString(), (DCompMarker) null);
                DCRuntime.throw_op();
                throw certPathValidatorException2;
            }
            if (debug != null) {
                debug.println(new StringBuilder((DCompMarker) null).append("subject/issuer name chaining", (DCompMarker) null).append(" verified.", (DCompMarker) null).toString(), (DCompMarker) null);
            }
        }
        DCRuntime.normal_exit();
    }

    /* JADX WARN: Multi-variable type inference failed */
    private void updateState(X509Certificate x509Certificate, DCompMarker dCompMarker) throws CertPathValidatorException {
        DCRuntime.create_tag_frame(RequestStatus.SCHEDULING_ERROR);
        PublicKey publicKey = x509Certificate.getPublicKey(null);
        if (debug != null) {
            debug.println(new StringBuilder((DCompMarker) null).append("BasicChecker.updateState issuer: ", (DCompMarker) null).append(x509Certificate.getIssuerX500Principal(null).toString(), (DCompMarker) null).append("; subject: ", (DCompMarker) null).append((Object) x509Certificate.getSubjectX500Principal(null), (DCompMarker) null).append("; serial#: ", (DCompMarker) null).append(x509Certificate.getSerialNumber(null).toString(), (DCompMarker) null).toString(), (DCompMarker) null);
        }
        DCRuntime.push_const();
        boolean z = publicKey instanceof DSAPublicKey;
        DCRuntime.discard_tag(1);
        if (z && ((DSAPublicKey) publicKey).getParams(null) == null) {
            publicKey = makeInheritedParamsKey(publicKey, this.prevPubKey, null);
            if (debug != null) {
                debug.println("BasicChecker.updateState Made key with inherited params", (DCompMarker) null);
            }
        }
        this.prevPubKey = publicKey;
        this.prevSubject = x509Certificate.getSubjectX500Principal(null);
        DCRuntime.normal_exit();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r0v0, types: [java.lang.Throwable] */
    /* JADX WARN: Type inference failed for: r0v11 */
    /* JADX WARN: Type inference failed for: r0v20, types: [java.security.PublicKey] */
    public static PublicKey makeInheritedParamsKey(PublicKey publicKey, PublicKey publicKey2, DCompMarker dCompMarker) throws CertPathValidatorException {
        DCRuntime.create_tag_frame("8");
        DCRuntime.push_const();
        boolean z = publicKey instanceof DSAPublicKey;
        DCRuntime.discard_tag(1);
        if (z) {
            DCRuntime.push_const();
            boolean z2 = publicKey2 instanceof DSAPublicKey;
            DCRuntime.discard_tag(1);
            if (z2) {
                DSAParams params = ((DSAPublicKey) publicKey2).getParams(null);
                ?? r0 = params;
                if (r0 == 0) {
                    CertPathValidatorException certPathValidatorException = new CertPathValidatorException("Key parameters missing", (DCompMarker) null);
                    DCRuntime.throw_op();
                    throw certPathValidatorException;
                }
                try {
                    r0 = KeyFactory.getInstance("DSA", (DCompMarker) null).generatePublic(new DSAPublicKeySpec(((DSAPublicKey) publicKey).getY(null), params.getP(null), params.getQ(null), params.getG(null), null), null);
                    DCRuntime.normal_exit();
                    return r0;
                } catch (Exception e) {
                    CertPathValidatorException certPathValidatorException2 = new CertPathValidatorException(new StringBuilder((DCompMarker) null).append("Unable to generate key with inherited parameters: ", (DCompMarker) null).append(e.getMessage(null), (DCompMarker) null).toString(), e, null);
                    DCRuntime.throw_op();
                    throw certPathValidatorException2;
                }
            }
        }
        CertPathValidatorException certPathValidatorException3 = new CertPathValidatorException("Input key is not appropriate type for inheriting parameters", (DCompMarker) null);
        DCRuntime.throw_op();
        throw certPathValidatorException3;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* JADX WARN: Type inference failed for: r0v4, types: [java.lang.Throwable, java.security.PublicKey] */
    public PublicKey getPublicKey(DCompMarker dCompMarker) {
        DCRuntime.create_tag_frame("2");
        ?? r0 = this.prevPubKey;
        DCRuntime.normal_exit();
        return r0;
    }

    public final void sigOnly_sun_security_provider_certpath_BasicChecker__$get_tag() {
        DCRuntime.push_field_tag(this, 0);
    }

    private final void sigOnly_sun_security_provider_certpath_BasicChecker__$set_tag() {
        DCRuntime.pop_field_tag(this, 0);
    }
}
