package sun.security.provider.certpath;

import com.sun.org.apache.xml.internal.security.keys.content.x509.XMLX509Certificate;
import daikon.dcomp.DCRuntime;
import daikon.dcomp.DCompInstrumented;
import java.io.Closeable;
import java.io.IOException;
import java.io.InputStream;
import java.net.HttpURLConnection;
import java.net.URI;
import java.net.URLConnection;
import java.security.AccessController;
import java.security.PublicKey;
import java.security.cert.CRL;
import java.security.cert.CRLException;
import java.security.cert.CRLSelector;
import java.security.cert.CertStore;
import java.security.cert.CertStoreException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509CRL;
import java.security.cert.X509CRLSelector;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collection;
import java.util.Collections;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Set;
import javax.security.auth.x500.X500Principal;
import sun.security.action.GetPropertyAction;
import sun.security.provider.certpath.LDAPCertStore;
import sun.security.util.Cache;
import sun.security.util.Debug;
import sun.security.x509.CRLDistributionPointsExtension;
import sun.security.x509.DistributionPoint;
import sun.security.x509.DistributionPointName;
import sun.security.x509.GeneralName;
import sun.security.x509.GeneralNameInterface;
import sun.security.x509.GeneralNames;
import sun.security.x509.IssuingDistributionPointExtension;
import sun.security.x509.PKIXExtensions;
import sun.security.x509.RDN;
import sun.security.x509.ReasonFlags;
import sun.security.x509.URIName;
import sun.security.x509.X500Name;
import sun.security.x509.X509CRLImpl;
import sun.security.x509.X509CertImpl;
import weka.core.json.JSONInstances;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: input_file:dcomp-rt/sun/security/provider/certpath/DistributionPointFetcher.class */
public class DistributionPointFetcher implements DCompInstrumented {
    private static final Debug debug = Debug.getInstance("certpath");
    private static final boolean[] ALL_REASONS = {true, true, true, true, true, true, true, true, true};
    private static final boolean USE_CRLDP = getBooleanProperty("com.sun.security.enableCRLDP", false);
    private static final DistributionPointFetcher INSTANCE = new DistributionPointFetcher();
    private static final int CHECK_INTERVAL = 30000;
    private static final int CACHE_SIZE = 185;
    private final CertificateFactory factory;
    private final Cache cache;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:dcomp-rt/sun/security/provider/certpath/DistributionPointFetcher$CacheEntry.class */
    public static class CacheEntry implements DCompInstrumented {
        private X509CRL crl;
        private long lastChecked;
        private long lastModified;

        CacheEntry() {
        }

        synchronized X509CRL getCRL(CertificateFactory certificateFactory, URI uri) {
            long currentTimeMillis = System.currentTimeMillis();
            if (currentTimeMillis - this.lastChecked < 30000) {
                if (DistributionPointFetcher.debug != null) {
                    DistributionPointFetcher.debug.println("Returning CRL from cache");
                }
                return this.crl;
            }
            this.lastChecked = currentTimeMillis;
            Closeable closeable = null;
            try {
                try {
                    URLConnection openConnection = uri.toURL().openConnection();
                    if (this.lastModified != 0) {
                        openConnection.setIfModifiedSince(this.lastModified);
                    }
                    InputStream inputStream = openConnection.getInputStream();
                    long j = this.lastModified;
                    this.lastModified = openConnection.getLastModified();
                    if (j != 0) {
                        if (j == this.lastModified) {
                            if (DistributionPointFetcher.debug != null) {
                                DistributionPointFetcher.debug.println("Not modified, using cached copy");
                            }
                            X509CRL x509crl = this.crl;
                            if (inputStream != null) {
                                try {
                                    inputStream.close();
                                } catch (IOException e) {
                                }
                            }
                            return x509crl;
                        }
                        if ((openConnection instanceof HttpURLConnection) && ((HttpURLConnection) openConnection).getResponseCode() == 304) {
                            if (DistributionPointFetcher.debug != null) {
                                DistributionPointFetcher.debug.println("Not modified, using cached copy");
                            }
                            X509CRL x509crl2 = this.crl;
                            if (inputStream != null) {
                                try {
                                    inputStream.close();
                                } catch (IOException e2) {
                                }
                            }
                            return x509crl2;
                        }
                    }
                    if (DistributionPointFetcher.debug != null) {
                        DistributionPointFetcher.debug.println("Downloading new CRL...");
                    }
                    this.crl = (X509CRL) certificateFactory.generateCRL(inputStream);
                    X509CRL x509crl3 = this.crl;
                    if (inputStream != null) {
                        try {
                            inputStream.close();
                        } catch (IOException e3) {
                        }
                    }
                    return x509crl3;
                } catch (Throwable th) {
                    if (0 != 0) {
                        try {
                            closeable.close();
                        } catch (IOException e4) {
                        }
                    }
                    throw th;
                }
            } catch (IOException e5) {
                if (DistributionPointFetcher.debug != null) {
                    DistributionPointFetcher.debug.println("Exception fetching CRLDP:");
                    e5.printStackTrace();
                }
                if (0 != 0) {
                    try {
                        closeable.close();
                    } catch (IOException e6) {
                    }
                }
                this.lastModified = 0L;
                this.crl = null;
                return null;
            } catch (CRLException e7) {
                if (DistributionPointFetcher.debug != null) {
                    DistributionPointFetcher.debug.println("Exception fetching CRLDP:");
                    e7.printStackTrace();
                }
                if (0 != 0) {
                    try {
                        closeable.close();
                    } catch (IOException e8) {
                    }
                }
                this.lastModified = 0L;
                this.crl = null;
                return null;
            }
        }

        protected boolean equals(Object obj) {
            return super.equals(obj);
        }

        @Override // daikon.dcomp.DCompInstrumented
        public boolean equals_dcomp_instrumented(Object obj) {
            return equals(obj, null);
        }

        /* JADX WARN: Multi-variable type inference failed */
        CacheEntry(DCompMarker dCompMarker) {
            DCRuntime.create_tag_frame("2");
            DCRuntime.normal_exit();
        }

        synchronized X509CRL getCRL(CertificateFactory certificateFactory, URI uri, DCompMarker dCompMarker) {
            Object[] create_tag_frame = DCRuntime.create_tag_frame("C");
            long currentTimeMillis = System.currentTimeMillis(null);
            DCRuntime.pop_local_tag(create_tag_frame, 4);
            DCRuntime.push_local_tag(create_tag_frame, 4);
            lastChecked_sun_security_provider_certpath_DistributionPointFetcher$CacheEntry__$get_tag();
            long j = this.lastChecked;
            DCRuntime.binary_tag_op();
            long j2 = currentTimeMillis - j;
            DCRuntime.push_const();
            DCRuntime.binary_tag_op();
            DCRuntime.discard_tag(1);
            if (j2 < 30000) {
                if (DistributionPointFetcher.access$000(null) != null) {
                    DistributionPointFetcher.access$000(null).println("Returning CRL from cache", (DCompMarker) null);
                }
                X509CRL x509crl = this.crl;
                DCRuntime.normal_exit();
                return x509crl;
            }
            DCRuntime.push_local_tag(create_tag_frame, 4);
            lastChecked_sun_security_provider_certpath_DistributionPointFetcher$CacheEntry__$set_tag();
            this.lastChecked = currentTimeMillis;
            Throwable th = null;
            Closeable closeable = null;
            Closeable closeable2 = null;
            Closeable closeable3 = null;
            try {
                try {
                    URLConnection openConnection = uri.toURL(null).openConnection((DCompMarker) null);
                    lastModified_sun_security_provider_certpath_DistributionPointFetcher$CacheEntry__$get_tag();
                    long j3 = this.lastModified;
                    DCRuntime.push_const();
                    DCRuntime.binary_tag_op();
                    DCRuntime.discard_tag(1);
                    if (j3 != 0) {
                        lastModified_sun_security_provider_certpath_DistributionPointFetcher$CacheEntry__$get_tag();
                        openConnection.setIfModifiedSince(this.lastModified, null);
                    }
                    InputStream inputStream = openConnection.getInputStream(null);
                    lastModified_sun_security_provider_certpath_DistributionPointFetcher$CacheEntry__$get_tag();
                    long j4 = this.lastModified;
                    DCRuntime.pop_local_tag(create_tag_frame, 9);
                    long lastModified = openConnection.getLastModified(null);
                    lastModified_sun_security_provider_certpath_DistributionPointFetcher$CacheEntry__$set_tag();
                    this.lastModified = lastModified;
                    DCRuntime.push_local_tag(create_tag_frame, 9);
                    DCRuntime.push_const();
                    DCRuntime.binary_tag_op();
                    DCRuntime.discard_tag(1);
                    if (j4 != 0) {
                        DCRuntime.push_local_tag(create_tag_frame, 9);
                        lastModified_sun_security_provider_certpath_DistributionPointFetcher$CacheEntry__$get_tag();
                        long j5 = this.lastModified;
                        DCRuntime.binary_tag_op();
                        DCRuntime.discard_tag(1);
                        if (j4 == j5) {
                            if (DistributionPointFetcher.access$000(null) != null) {
                                DistributionPointFetcher.access$000(null).println("Not modified, using cached copy", (DCompMarker) null);
                            }
                            X509CRL x509crl2 = this.crl;
                            if (inputStream != null) {
                                try {
                                    inputStream.close(null);
                                } catch (IOException e) {
                                }
                            }
                            DCRuntime.normal_exit();
                            return x509crl2;
                        }
                        DCRuntime.push_const();
                        boolean z = openConnection instanceof HttpURLConnection;
                        DCRuntime.discard_tag(1);
                        if (z) {
                            int responseCode = ((HttpURLConnection) openConnection).getResponseCode(null);
                            DCRuntime.push_const();
                            DCRuntime.cmp_op();
                            if (responseCode == 304) {
                                if (DistributionPointFetcher.access$000(null) != null) {
                                    DistributionPointFetcher.access$000(null).println("Not modified, using cached copy", (DCompMarker) null);
                                }
                                X509CRL x509crl3 = this.crl;
                                if (inputStream != null) {
                                    try {
                                        inputStream.close(null);
                                    } catch (IOException e2) {
                                    }
                                }
                                DCRuntime.normal_exit();
                                return x509crl3;
                            }
                        }
                    }
                    if (DistributionPointFetcher.access$000(null) != null) {
                        DistributionPointFetcher.access$000(null).println("Downloading new CRL...", (DCompMarker) null);
                    }
                    this.crl = (X509CRL) certificateFactory.generateCRL(inputStream, null);
                    X509CRL x509crl4 = this.crl;
                    if (inputStream != null) {
                        try {
                            inputStream.close(null);
                        } catch (IOException e3) {
                        }
                    }
                    DCRuntime.normal_exit();
                    return x509crl4;
                } catch (Throwable th2) {
                    if (0 != 0) {
                        try {
                            closeable3.close(null);
                        } catch (IOException e4) {
                        }
                    }
                    DCRuntime.throw_op();
                    throw th2;
                }
            } catch (IOException e5) {
                if (DistributionPointFetcher.access$000(null) != null) {
                    DistributionPointFetcher.access$000(null).println("Exception fetching CRLDP:", (DCompMarker) null);
                    e5.printStackTrace((DCompMarker) null);
                }
                if (0 != 0) {
                    try {
                        closeable2.close(null);
                    } catch (IOException e6) {
                    }
                }
                DCRuntime.push_const();
                lastModified_sun_security_provider_certpath_DistributionPointFetcher$CacheEntry__$set_tag();
                this.lastModified = 0L;
                this.crl = null;
                DCRuntime.normal_exit();
                return null;
            } catch (CRLException e7) {
                if (DistributionPointFetcher.access$000(null) != null) {
                    DistributionPointFetcher.access$000(null).println("Exception fetching CRLDP:", (DCompMarker) null);
                    e7.printStackTrace((DCompMarker) null);
                }
                if (0 != 0) {
                    try {
                        closeable.close(null);
                    } catch (IOException e8) {
                    }
                }
                DCRuntime.push_const();
                lastModified_sun_security_provider_certpath_DistributionPointFetcher$CacheEntry__$set_tag();
                this.lastModified = 0L;
                this.crl = null;
                DCRuntime.normal_exit();
                return null;
            }
        }

        /* JADX WARN: Type inference failed for: r0v4, types: [java.lang.Throwable, boolean] */
        protected boolean equals(Object obj, DCompMarker dCompMarker) {
            DCRuntime.create_tag_frame("3");
            ?? dcomp_super_equals = DCRuntime.dcomp_super_equals(this, obj);
            DCRuntime.normal_exit_primitive();
            return dcomp_super_equals;
        }

        /* JADX WARN: Type inference failed for: r0v4, types: [java.lang.Throwable, boolean] */
        public boolean equals_dcomp_instrumented(Object obj, DCompMarker dCompMarker) {
            DCRuntime.create_tag_frame("3");
            ?? equals = equals(obj, null, null);
            DCRuntime.normal_exit_primitive();
            return equals;
        }

        public final void lastChecked_sun_security_provider_certpath_DistributionPointFetcher$CacheEntry__$get_tag() {
            DCRuntime.push_field_tag(this, 0);
        }

        private final void lastChecked_sun_security_provider_certpath_DistributionPointFetcher$CacheEntry__$set_tag() {
            DCRuntime.pop_field_tag(this, 0);
        }

        public final void lastModified_sun_security_provider_certpath_DistributionPointFetcher$CacheEntry__$get_tag() {
            DCRuntime.push_field_tag(this, 1);
        }

        private final void lastModified_sun_security_provider_certpath_DistributionPointFetcher$CacheEntry__$set_tag() {
            DCRuntime.pop_field_tag(this, 1);
        }
    }

    public static boolean getBooleanProperty(String str, boolean z) {
        String str2 = (String) AccessController.doPrivileged(new GetPropertyAction(str));
        if (str2 == null) {
            return z;
        }
        if (str2.equalsIgnoreCase("false")) {
            return false;
        }
        if (str2.equalsIgnoreCase("true")) {
            return true;
        }
        throw new RuntimeException("Value of " + str + " must either be 'true' or 'false'");
    }

    private DistributionPointFetcher() {
        try {
            this.factory = CertificateFactory.getInstance(XMLX509Certificate.JCA_CERT_ID);
            this.cache = Cache.newSoftMemoryCache(185);
        } catch (CertificateException e) {
            throw new RuntimeException();
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static DistributionPointFetcher getInstance() {
        return INSTANCE;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public Collection<X509CRL> getCRLs(CRLSelector cRLSelector, PublicKey publicKey, String str, List<CertStore> list, boolean[] zArr) throws CertStoreException {
        X509CRLSelector x509CRLSelector;
        X509Certificate certificateChecking;
        if (USE_CRLDP && (cRLSelector instanceof X509CRLSelector) && (certificateChecking = (x509CRLSelector = (X509CRLSelector) cRLSelector).getCertificateChecking()) != null) {
            try {
                X509CertImpl impl = X509CertImpl.toImpl(certificateChecking);
                if (debug != null) {
                    debug.println("DistributionPointFetcher.getCRLs: Checking CRLDPs for " + ((Object) impl.getSubjectX500Principal()));
                }
                CRLDistributionPointsExtension cRLDistributionPointsExtension = impl.getCRLDistributionPointsExtension();
                if (cRLDistributionPointsExtension == null) {
                    if (debug != null) {
                        debug.println("No CRLDP ext");
                    }
                    return Collections.emptySet();
                }
                List list2 = (List) cRLDistributionPointsExtension.get(CRLDistributionPointsExtension.POINTS);
                HashSet hashSet = new HashSet();
                Iterator it = list2.iterator();
                while (it.hasNext() && !Arrays.equals(zArr, ALL_REASONS)) {
                    hashSet.addAll(getCRLs(x509CRLSelector, impl, (DistributionPoint) it.next2(), zArr, publicKey, str, list));
                }
                if (debug != null) {
                    debug.println("Returning " + hashSet.size() + " CRLs");
                }
                return hashSet;
            } catch (IOException e) {
                return Collections.emptySet();
            } catch (CertificateException e2) {
                return Collections.emptySet();
            }
        }
        return Collections.emptySet();
    }

    private Collection<X509CRL> getCRLs(X509CRLSelector x509CRLSelector, X509CertImpl x509CertImpl, DistributionPoint distributionPoint, boolean[] zArr, PublicKey publicKey, String str, List<CertStore> list) {
        X509CRL crl;
        GeneralNames fullName = distributionPoint.getFullName();
        if (fullName == null) {
            return Collections.emptySet();
        }
        ArrayList<X509CRL> arrayList = new ArrayList();
        ArrayList arrayList2 = new ArrayList(2);
        Iterator<GeneralName> it = fullName.iterator();
        while (it.hasNext()) {
            GeneralName next2 = it.next2();
            if (next2.getType() == 4) {
                arrayList.addAll(getCRLs((X500Name) next2.getName(), x509CertImpl.getIssuerX500Principal(), list));
            } else if (next2.getType() == 6 && (crl = getCRL((URIName) next2.getName())) != null) {
                arrayList.add(crl);
            }
        }
        for (X509CRL x509crl : arrayList) {
            try {
                x509CRLSelector.setIssuerNames(null);
                if (x509CRLSelector.match(x509crl) && verifyCRL(x509CertImpl, distributionPoint, x509crl, zArr, publicKey, str)) {
                    arrayList2.add(x509crl);
                }
            } catch (Exception e) {
                if (debug != null) {
                    debug.println("Exception verifying CRL: " + e.getMessage());
                    e.printStackTrace();
                }
            }
        }
        return arrayList2;
    }

    private X509CRL getCRL(URIName uRIName) {
        URI uri = uRIName.getURI();
        if (debug != null) {
            debug.println("Trying to fetch CRL from DP " + ((Object) uri));
        }
        if (!uri.getScheme().toLowerCase().equals("ldap")) {
            CacheEntry cacheEntry = (CacheEntry) this.cache.get(uri);
            if (cacheEntry == null) {
                cacheEntry = new CacheEntry();
                this.cache.put(uri, cacheEntry);
            }
            return cacheEntry.getCRL(this.factory, uri);
        }
        String path = uri.getPath();
        if (debug != null) {
            debug.println("authority:" + uri.getAuthority());
            debug.println("path:" + path);
        }
        if (path.charAt(0) == '/') {
            path = path.substring(1);
        }
        try {
            LDAPCertStore.LDAPCRLSelector lDAPCRLSelector = new LDAPCertStore.LDAPCRLSelector();
            lDAPCRLSelector.addIssuerName(path);
            Collection<? extends CRL> cRLs = LDAPCertStore.getInstance(LDAPCertStore.getParameters(uri)).getCRLs(lDAPCRLSelector);
            if (cRLs.isEmpty()) {
                return null;
            }
            return (X509CRL) cRLs.iterator().next2();
        } catch (Exception e) {
            if (debug == null) {
                return null;
            }
            debug.println("Exception getting CRL from CertStore: " + ((Object) e));
            e.printStackTrace();
            return null;
        }
    }

    private Collection<X509CRL> getCRLs(X500Name x500Name, X500Principal x500Principal, List<CertStore> list) {
        if (debug != null) {
            debug.println("Trying to fetch CRL from DP " + ((Object) x500Name));
        }
        X509CRLSelector x509CRLSelector = new X509CRLSelector();
        x509CRLSelector.addIssuer(x500Name.asX500Principal());
        x509CRLSelector.addIssuer(x500Principal);
        ArrayList arrayList = new ArrayList();
        Iterator<CertStore> it = list.iterator();
        while (it.hasNext()) {
            try {
                arrayList.addAll(it.next2().getCRLs(x509CRLSelector));
            } catch (CertStoreException e) {
                if (debug != null) {
                    debug.println("Non-fatal exception while retrieving CRLs: " + ((Object) e));
                    e.printStackTrace();
                }
            }
        }
        return arrayList;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public boolean verifyCRL(X509CertImpl x509CertImpl, DistributionPoint distributionPoint, X509CRL x509crl, boolean[] zArr, PublicKey publicKey, String str) throws CRLException, IOException {
        X509CRLImpl impl = X509CRLImpl.toImpl(x509crl);
        IssuingDistributionPointExtension issuingDistributionPointExtension = impl.getIssuingDistributionPointExtension();
        X500Name x500Name = (X500Name) x509CertImpl.getIssuerDN();
        X500Name x500Name2 = (X500Name) impl.getIssuerDN();
        GeneralNames cRLIssuer = distributionPoint.getCRLIssuer();
        if (cRLIssuer != null) {
            if (issuingDistributionPointExtension == null || ((Boolean) issuingDistributionPointExtension.get(IssuingDistributionPointExtension.INDIRECT_CRL)).equals(Boolean.FALSE)) {
                return false;
            }
            boolean z = false;
            Iterator<GeneralName> it = cRLIssuer.iterator();
            while (!z && it.hasNext()) {
                if (x500Name2.equals(it.next2().getName())) {
                    z = true;
                }
            }
            if (!z) {
                return false;
            }
        } else if (!x500Name2.equals(x500Name)) {
            if (debug == null) {
                return false;
            }
            debug.println("crl issuer does not equal cert issuer");
            return false;
        }
        if (issuingDistributionPointExtension != null) {
            DistributionPointName distributionPointName = (DistributionPointName) issuingDistributionPointExtension.get(IssuingDistributionPointExtension.POINT);
            if (distributionPointName != null) {
                GeneralNames fullName = distributionPointName.getFullName();
                if (fullName == null) {
                    RDN relativeName = distributionPointName.getRelativeName();
                    if (relativeName == null) {
                        if (debug == null) {
                            return false;
                        }
                        debug.println("IDP must be relative or full DN");
                        return false;
                    }
                    if (debug != null) {
                        debug.println("IDP relativeName:" + ((Object) relativeName));
                    }
                    fullName = getFullNames(x500Name2, relativeName);
                }
                if (distributionPoint.getFullName() == null && distributionPoint.getRelativeName() == null) {
                    boolean z2 = false;
                    Iterator<GeneralName> it2 = cRLIssuer.iterator();
                    while (!z2 && it2.hasNext()) {
                        GeneralNameInterface name = it2.next2().getName();
                        Iterator<GeneralName> it3 = fullName.iterator();
                        while (!z2 && it3.hasNext()) {
                            z2 = name.equals(it3.next2().getName());
                        }
                    }
                    if (!z2) {
                        return false;
                    }
                } else {
                    GeneralNames fullName2 = distributionPoint.getFullName();
                    if (fullName2 == null) {
                        RDN relativeName2 = distributionPoint.getRelativeName();
                        if (relativeName2 == null) {
                            if (debug == null) {
                                return false;
                            }
                            debug.println("DP must be relative or full DN");
                            return false;
                        }
                        if (debug != null) {
                            debug.println("DP relativeName:" + ((Object) relativeName2));
                        }
                        fullName2 = getFullNames(x500Name, relativeName2);
                    }
                    boolean z3 = false;
                    Iterator<GeneralName> it4 = fullName.iterator();
                    while (!z3 && it4.hasNext()) {
                        GeneralNameInterface name2 = it4.next2().getName();
                        if (debug != null) {
                            debug.println("idpName: " + ((Object) name2));
                        }
                        Iterator<GeneralName> it5 = fullName2.iterator();
                        while (!z3 && it5.hasNext()) {
                            GeneralNameInterface name3 = it5.next2().getName();
                            if (debug != null) {
                                debug.println("pointName: " + ((Object) name3));
                            }
                            z3 = name2.equals(name3);
                        }
                    }
                    if (!z3) {
                        if (debug == null) {
                            return false;
                        }
                        debug.println("IDP name does not match DP name");
                        return false;
                    }
                }
            }
            if (((Boolean) issuingDistributionPointExtension.get(IssuingDistributionPointExtension.ONLY_USER_CERTS)).equals(Boolean.TRUE) && x509CertImpl.getBasicConstraints() != -1) {
                if (debug == null) {
                    return false;
                }
                debug.println("cert must be a EE cert");
                return false;
            }
            if (((Boolean) issuingDistributionPointExtension.get(IssuingDistributionPointExtension.ONLY_CA_CERTS)).equals(Boolean.TRUE) && x509CertImpl.getBasicConstraints() == -1) {
                if (debug == null) {
                    return false;
                }
                debug.println("cert must be a CA cert");
                return false;
            }
            if (((Boolean) issuingDistributionPointExtension.get(IssuingDistributionPointExtension.ONLY_ATTRIBUTE_CERTS)).equals(Boolean.TRUE)) {
                if (debug == null) {
                    return false;
                }
                debug.println("cert must not be an AA cert");
                return false;
            }
        }
        boolean[] zArr2 = new boolean[9];
        ReasonFlags reasonFlags = issuingDistributionPointExtension != null ? (ReasonFlags) issuingDistributionPointExtension.get(IssuingDistributionPointExtension.REASONS) : null;
        boolean[] reasonFlags2 = distributionPoint.getReasonFlags();
        if (reasonFlags != null) {
            if (reasonFlags2 != null) {
                boolean[] flags = reasonFlags.getFlags();
                for (int i = 0; i < flags.length; i++) {
                    if (flags[i] && reasonFlags2[i]) {
                        zArr2[i] = true;
                    }
                }
            } else {
                zArr2 = (boolean[]) reasonFlags.getFlags().clone();
            }
        } else if (issuingDistributionPointExtension == null || reasonFlags == null) {
            if (reasonFlags2 != null) {
                zArr2 = (boolean[]) reasonFlags2.clone();
            } else {
                zArr2 = new boolean[9];
                Arrays.fill(zArr2, true);
            }
        }
        boolean z4 = false;
        for (int i2 = 0; i2 < zArr2.length && !z4; i2++) {
            if (!zArr[i2] && zArr2[i2]) {
                z4 = true;
            }
        }
        if (!z4) {
            return false;
        }
        try {
            x509crl.verify(publicKey, str);
            Set<String> criticalExtensionOIDs = x509crl.getCriticalExtensionOIDs();
            if (criticalExtensionOIDs != null) {
                criticalExtensionOIDs.remove(PKIXExtensions.IssuingDistributionPoint_Id.toString());
                if (!criticalExtensionOIDs.isEmpty()) {
                    if (debug == null) {
                        return false;
                    }
                    debug.println("Unrecognized critical extension(s) in CRL: " + ((Object) criticalExtensionOIDs));
                    Iterator<String> it6 = criticalExtensionOIDs.iterator();
                    while (it6.hasNext()) {
                        debug.println(it6.next2());
                    }
                    return false;
                }
            }
            for (int i3 = 0; i3 < zArr2.length; i3++) {
                if (!zArr[i3] && zArr2[i3]) {
                    zArr[i3] = true;
                }
            }
            return true;
        } catch (Exception e) {
            if (debug == null) {
                return false;
            }
            debug.println("CRL signature failed to verify");
            return false;
        }
    }

    private GeneralNames getFullNames(X500Name x500Name, RDN rdn) throws IOException {
        ArrayList arrayList = new ArrayList(x500Name.rdns());
        arrayList.add(rdn);
        X500Name x500Name2 = new X500Name((RDN[]) arrayList.toArray(new RDN[0]));
        GeneralNames generalNames = new GeneralNames();
        generalNames.add(new GeneralName(x500Name2));
        return generalNames;
    }

    protected boolean equals(Object obj) {
        return super.equals(obj);
    }

    @Override // daikon.dcomp.DCompInstrumented
    public boolean equals_dcomp_instrumented(Object obj) {
        return equals(obj, null);
    }

    /* JADX WARN: Not initialized variable reg: 0, insn: 0x007f: THROW (r0 I:java.lang.Throwable), block:B:18:0x007f */
    public static boolean getBooleanProperty(String str, boolean z, DCompMarker dCompMarker) {
        Object[] create_tag_frame = DCRuntime.create_tag_frame("51");
        String str2 = (String) AccessController.doPrivileged(new GetPropertyAction(str, (DCompMarker) null), (DCompMarker) null);
        if (str2 == null) {
            DCRuntime.push_local_tag(create_tag_frame, 1);
            DCRuntime.normal_exit_primitive();
            return z;
        }
        boolean equalsIgnoreCase = str2.equalsIgnoreCase("false", null);
        DCRuntime.discard_tag(1);
        if (equalsIgnoreCase) {
            DCRuntime.push_const();
            DCRuntime.normal_exit_primitive();
            return false;
        }
        boolean equalsIgnoreCase2 = str2.equalsIgnoreCase("true", null);
        DCRuntime.discard_tag(1);
        if (equalsIgnoreCase2) {
            DCRuntime.push_const();
            DCRuntime.normal_exit_primitive();
            return true;
        }
        RuntimeException runtimeException = new RuntimeException(new StringBuilder((DCompMarker) null).append("Value of ", (DCompMarker) null).append(str, (DCompMarker) null).append(" must either be 'true' or 'false'", (DCompMarker) null).toString(), (DCompMarker) null);
        DCRuntime.throw_op();
        throw runtimeException;
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r0v0, types: [java.lang.Throwable] */
    /* JADX WARN: Type inference failed for: r0v3, types: [java.lang.Object] */
    /* JADX WARN: Type inference failed for: r0v5, types: [sun.security.provider.certpath.DistributionPointFetcher] */
    private DistributionPointFetcher(DCompMarker dCompMarker) {
        DCRuntime.create_tag_frame("3");
        ?? r0 = new Object();
        try {
            r0 = this;
            r0.factory = CertificateFactory.getInstance(XMLX509Certificate.JCA_CERT_ID, (DCompMarker) null);
            DCRuntime.push_const();
            this.cache = Cache.newSoftMemoryCache(185, (DCompMarker) null);
            DCRuntime.normal_exit();
        } catch (CertificateException e) {
            RuntimeException runtimeException = new RuntimeException((DCompMarker) null);
            DCRuntime.throw_op();
            throw runtimeException;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* JADX WARN: Type inference failed for: r0v3, types: [java.lang.Throwable, sun.security.provider.certpath.DistributionPointFetcher] */
    public static DistributionPointFetcher getInstance(DCompMarker dCompMarker) {
        DCRuntime.create_tag_frame("1");
        ?? r0 = INSTANCE;
        DCRuntime.normal_exit();
        return r0;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* JADX WARN: Type inference failed for: r0v9, types: [java.security.cert.X509Certificate, java.lang.Throwable] */
    public Collection getCRLs(CRLSelector cRLSelector, PublicKey publicKey, String str, List list, boolean[] zArr, DCompMarker dCompMarker) throws CertStoreException {
        DCRuntime.create_tag_frame("@");
        DCRuntime.push_static_tag(11053);
        boolean z = USE_CRLDP;
        DCRuntime.discard_tag(1);
        if (!z) {
            Set emptySet = Collections.emptySet(null);
            DCRuntime.normal_exit();
            return emptySet;
        }
        DCRuntime.push_const();
        boolean z2 = cRLSelector instanceof X509CRLSelector;
        DCRuntime.discard_tag(1);
        if (!z2) {
            Set emptySet2 = Collections.emptySet(null);
            DCRuntime.normal_exit();
            return emptySet2;
        }
        X509CRLSelector x509CRLSelector = (X509CRLSelector) cRLSelector;
        ?? certificateChecking = x509CRLSelector.getCertificateChecking(null);
        if (certificateChecking == 0) {
            Set emptySet3 = Collections.emptySet(null);
            DCRuntime.normal_exit();
            return emptySet3;
        }
        try {
            X509CertImpl impl = X509CertImpl.toImpl(certificateChecking, null);
            if (debug != null) {
                debug.println(new StringBuilder((DCompMarker) null).append("DistributionPointFetcher.getCRLs: Checking CRLDPs for ", (DCompMarker) null).append((Object) impl.getSubjectX500Principal((DCompMarker) null), (DCompMarker) null).toString(), (DCompMarker) null);
            }
            CRLDistributionPointsExtension cRLDistributionPointsExtension = impl.getCRLDistributionPointsExtension(null);
            if (cRLDistributionPointsExtension == null) {
                if (debug != null) {
                    debug.println("No CRLDP ext", (DCompMarker) null);
                }
                Set emptySet4 = Collections.emptySet(null);
                DCRuntime.normal_exit();
                return emptySet4;
            }
            List list2 = (List) cRLDistributionPointsExtension.get(CRLDistributionPointsExtension.POINTS, null);
            HashSet hashSet = new HashSet((DCompMarker) null);
            Iterator it = list2.iterator(null);
            while (true) {
                boolean hasNext = it.hasNext(null);
                DCRuntime.discard_tag(1);
                if (!hasNext) {
                    break;
                }
                boolean equals = Arrays.equals(zArr, ALL_REASONS, (DCompMarker) null);
                DCRuntime.discard_tag(1);
                if (equals) {
                    break;
                }
                hashSet.addAll(getCRLs(x509CRLSelector, impl, (DistributionPoint) it.next(null), zArr, publicKey, str, list, null), null);
                DCRuntime.discard_tag(1);
            }
            if (debug != null) {
                debug.println(new StringBuilder((DCompMarker) null).append("Returning ", (DCompMarker) null).append(hashSet.size(null), (DCompMarker) null).append(" CRLs", (DCompMarker) null).toString(), (DCompMarker) null);
            }
            DCRuntime.normal_exit();
            return hashSet;
        } catch (IOException e) {
            Set emptySet5 = Collections.emptySet(null);
            DCRuntime.normal_exit();
            return emptySet5;
        } catch (CertificateException e2) {
            Set emptySet6 = Collections.emptySet(null);
            DCRuntime.normal_exit();
            return emptySet6;
        }
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r0v0, types: [java.lang.Throwable] */
    /* JADX WARN: Type inference failed for: r0v19, types: [java.security.cert.X509CRL, java.lang.Object, java.security.cert.CRL] */
    /* JADX WARN: Type inference failed for: r0v25, types: [boolean] */
    /* JADX WARN: Type inference failed for: r0v7, types: [java.util.Collection, java.util.ArrayList] */
    /* JADX WARN: Type inference failed for: r10v0, types: [java.security.cert.X509CRLSelector] */
    /* JADX WARN: Type inference failed for: r9v0, types: [sun.security.provider.certpath.DistributionPointFetcher] */
    private Collection getCRLs(X509CRLSelector x509CRLSelector, X509CertImpl x509CertImpl, DistributionPoint distributionPoint, boolean[] zArr, PublicKey publicKey, String str, List list, DCompMarker dCompMarker) {
        X509CRL crl;
        DCRuntime.create_tag_frame("@");
        GeneralNames fullName = distributionPoint.getFullName(null);
        if (fullName == null) {
            Set emptySet = Collections.emptySet(null);
            DCRuntime.normal_exit();
            return emptySet;
        }
        ArrayList arrayList = new ArrayList((DCompMarker) null);
        DCRuntime.push_const();
        ?? arrayList2 = new ArrayList(2, (DCompMarker) null);
        Iterator it = fullName.iterator(null);
        while (true) {
            boolean hasNext = it.hasNext(null);
            DCRuntime.discard_tag(1);
            if (!hasNext) {
                break;
            }
            GeneralName generalName = (GeneralName) it.next(null);
            int type = generalName.getType(null);
            DCRuntime.push_const();
            DCRuntime.cmp_op();
            if (type == 4) {
                arrayList.addAll(getCRLs((X500Name) generalName.getName(null), x509CertImpl.getIssuerX500Principal((DCompMarker) null), list, null), (DCompMarker) null);
                DCRuntime.discard_tag(1);
            } else {
                int type2 = generalName.getType(null);
                DCRuntime.push_const();
                DCRuntime.cmp_op();
                if (type2 == 6 && (crl = getCRL((URIName) generalName.getName(null), null)) != null) {
                    arrayList.add(crl, (DCompMarker) null);
                    DCRuntime.discard_tag(1);
                }
            }
        }
        Iterator it2 = arrayList.iterator(null);
        while (true) {
            boolean hasNext2 = it2.hasNext(null);
            DCRuntime.discard_tag(1);
            if (!hasNext2) {
                DCRuntime.normal_exit();
                return arrayList2;
            }
            ?? r0 = (X509CRL) it2.next(null);
            try {
                x509CRLSelector.setIssuerNames(null, null);
                r0 = x509CRLSelector.match(r0, null);
                DCRuntime.discard_tag(1);
                if (r0 != 0) {
                    boolean verifyCRL = verifyCRL(x509CertImpl, distributionPoint, r0, zArr, publicKey, str, null);
                    DCRuntime.discard_tag(1);
                    if (verifyCRL) {
                        arrayList2.add(r0, null);
                        DCRuntime.discard_tag(1);
                    }
                }
            } catch (Exception e) {
                if (debug != null) {
                    debug.println(new StringBuilder((DCompMarker) null).append("Exception verifying CRL: ", (DCompMarker) null).append(e.getMessage(null), (DCompMarker) null).toString(), (DCompMarker) null);
                    e.printStackTrace((DCompMarker) null);
                }
            }
        }
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r0v25, types: [java.lang.Throwable] */
    /* JADX WARN: Type inference failed for: r0v49 */
    /* JADX WARN: Type inference failed for: r0v50 */
    private X509CRL getCRL(URIName uRIName, DCompMarker dCompMarker) {
        DCRuntime.create_tag_frame("8");
        URI uri = uRIName.getURI(null);
        if (debug != null) {
            debug.println(new StringBuilder((DCompMarker) null).append("Trying to fetch CRL from DP ", (DCompMarker) null).append((Object) uri, (DCompMarker) null).toString(), (DCompMarker) null);
        }
        boolean dcomp_equals = DCRuntime.dcomp_equals(uri.getScheme(null).toLowerCase((DCompMarker) null), "ldap");
        DCRuntime.discard_tag(1);
        if (!dcomp_equals) {
            CacheEntry cacheEntry = (CacheEntry) this.cache.get(uri, null);
            if (cacheEntry == null) {
                cacheEntry = new CacheEntry(null);
                this.cache.put(uri, cacheEntry, null);
            }
            X509CRL crl = cacheEntry.getCRL(this.factory, uri, null);
            DCRuntime.normal_exit();
            return crl;
        }
        String path = uri.getPath(null);
        if (debug != null) {
            debug.println(new StringBuilder((DCompMarker) null).append("authority:", (DCompMarker) null).append(uri.getAuthority(null), (DCompMarker) null).toString(), (DCompMarker) null);
            debug.println(new StringBuilder((DCompMarker) null).append("path:", (DCompMarker) null).append(path, (DCompMarker) null).toString(), (DCompMarker) null);
        }
        DCRuntime.push_const();
        char charAt = path.charAt(0, null);
        DCRuntime.push_const();
        DCRuntime.cmp_op();
        ?? r0 = charAt;
        if (charAt == '/') {
            DCRuntime.push_const();
            String substring = path.substring(1, (DCompMarker) null);
            path = substring;
            r0 = substring;
        }
        try {
            LDAPCertStore.LDAPCRLSelector lDAPCRLSelector = new LDAPCertStore.LDAPCRLSelector(null);
            lDAPCRLSelector.addIssuerName(path, (DCompMarker) null);
            Collection cRLs = LDAPCertStore.getInstance(LDAPCertStore.getParameters(uri, null), null).getCRLs(lDAPCRLSelector, null);
            boolean isEmpty = cRLs.isEmpty(null);
            DCRuntime.discard_tag(1);
            if (isEmpty) {
                DCRuntime.normal_exit();
                return null;
            }
            X509CRL x509crl = (X509CRL) cRLs.iterator(null).next(null);
            DCRuntime.normal_exit();
            return x509crl;
        } catch (Exception e) {
            if (debug != null) {
                debug.println(new StringBuilder((DCompMarker) null).append("Exception getting CRL from CertStore: ", (DCompMarker) null).append((Object) e, (DCompMarker) null).toString(), (DCompMarker) null);
                e.printStackTrace((DCompMarker) null);
            }
            DCRuntime.normal_exit();
            return null;
        }
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r0v0, types: [java.lang.Throwable] */
    /* JADX WARN: Type inference failed for: r0v12, types: [java.util.Collection] */
    /* JADX WARN: Type inference failed for: r0v15, types: [java.security.cert.CertStore] */
    /* JADX WARN: Type inference failed for: r0v20, types: [boolean] */
    private Collection getCRLs(X500Name x500Name, X500Principal x500Principal, List list, DCompMarker dCompMarker) {
        ?? r0;
        DCRuntime.create_tag_frame(JSONInstances.SPARSE_SEPARATOR);
        if (debug != null) {
            debug.println(new StringBuilder((DCompMarker) null).append("Trying to fetch CRL from DP ", (DCompMarker) null).append((Object) x500Name, (DCompMarker) null).toString(), (DCompMarker) null);
        }
        X509CRLSelector x509CRLSelector = new X509CRLSelector(null);
        x509CRLSelector.addIssuer(x500Name.asX500Principal(null), null);
        x509CRLSelector.addIssuer(x500Principal, null);
        ArrayList arrayList = new ArrayList((DCompMarker) null);
        Iterator it = list.iterator(null);
        while (true) {
            boolean hasNext = it.hasNext(null);
            DCRuntime.discard_tag(1);
            if (!hasNext) {
                r0 = arrayList;
                DCRuntime.normal_exit();
                return r0;
            }
            r0 = (CertStore) it.next(null);
            try {
                r0 = arrayList.addAll(r0.getCRLs(x509CRLSelector, null), (DCompMarker) null);
                DCRuntime.discard_tag(1);
            } catch (CertStoreException e) {
                if (debug != null) {
                    debug.println(new StringBuilder((DCompMarker) null).append("Non-fatal exception while retrieving CRLs: ", (DCompMarker) null).append((Object) e, (DCompMarker) null).toString(), (DCompMarker) null);
                    e.printStackTrace((DCompMarker) null);
                }
            }
            DCRuntime.exception_exit();
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* JADX WARN: Code restructure failed: missing block: B:223:0x0527, code lost:
    
        if (r19 == null) goto L158;
     */
    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r0v0, types: [java.lang.Throwable] */
    /* JADX WARN: Type inference failed for: r0v46 */
    /* JADX WARN: Type inference failed for: r0v50, types: [java.security.cert.X509CRL] */
    /* JADX WARN: Type inference failed for: r18v0, types: [byte[]] */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public boolean verifyCRL(sun.security.x509.X509CertImpl r6, sun.security.x509.DistributionPoint r7, java.security.cert.X509CRL r8, boolean[] r9, java.security.PublicKey r10, java.lang.String r11, java.lang.DCompMarker r12) throws java.security.cert.CRLException, java.io.IOException {
        /*
            Method dump skipped, instructions count: 1831
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: sun.security.provider.certpath.DistributionPointFetcher.verifyCRL(sun.security.x509.X509CertImpl, sun.security.x509.DistributionPoint, java.security.cert.X509CRL, boolean[], java.security.PublicKey, java.lang.String, java.lang.DCompMarker):boolean");
    }

    /* JADX WARN: Type inference failed for: r0v7, types: [java.lang.Throwable, sun.security.x509.GeneralNames] */
    private GeneralNames getFullNames(X500Name x500Name, RDN rdn, DCompMarker dCompMarker) throws IOException {
        DCRuntime.create_tag_frame("7");
        ArrayList arrayList = new ArrayList(x500Name.rdns(null), (DCompMarker) null);
        arrayList.add(rdn, (DCompMarker) null);
        DCRuntime.discard_tag(1);
        DCRuntime.push_const();
        RDN[] rdnArr = new RDN[0];
        DCRuntime.push_array_tag(rdnArr);
        DCRuntime.cmp_op();
        X500Name x500Name2 = new X500Name((RDN[]) arrayList.toArray(rdnArr, null), (DCompMarker) null);
        ?? generalNames = new GeneralNames((DCompMarker) null);
        generalNames.add(new GeneralName(x500Name2, (DCompMarker) null), null);
        DCRuntime.normal_exit();
        return generalNames;
    }

    /* JADX WARN: Type inference failed for: r0v3, types: [java.lang.Throwable, sun.security.util.Debug] */
    static /* synthetic */ Debug access$000(DCompMarker dCompMarker) {
        DCRuntime.create_tag_frame("1");
        ?? r0 = debug;
        DCRuntime.normal_exit();
        return r0;
    }

    /* JADX WARN: Type inference failed for: r0v4, types: [java.lang.Throwable, boolean] */
    protected boolean equals(Object obj, DCompMarker dCompMarker) {
        DCRuntime.create_tag_frame("3");
        ?? dcomp_super_equals = DCRuntime.dcomp_super_equals(this, obj);
        DCRuntime.normal_exit_primitive();
        return dcomp_super_equals;
    }

    /* JADX WARN: Type inference failed for: r0v4, types: [java.lang.Throwable, boolean] */
    public boolean equals_dcomp_instrumented(Object obj, DCompMarker dCompMarker) {
        DCRuntime.create_tag_frame("3");
        ?? equals = equals(obj, null, null);
        DCRuntime.normal_exit_primitive();
        return equals;
    }
}
