package com.aspose.html.utils;

import com.aspose.html.utils.C10247eZr;
import java.io.BufferedInputStream;
import java.io.InputStream;
import java.lang.ref.WeakReference;
import java.net.URL;
import java.security.GeneralSecurityException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.Provider;
import java.security.PublicKey;
import java.security.cert.CRL;
import java.security.cert.CertPathValidatorException;
import java.security.cert.CertStore;
import java.security.cert.CertStoreException;
import java.security.cert.Certificate;
import java.security.cert.CertificateFactory;
import java.security.cert.PKIXCertPathChecker;
import java.security.cert.PKIXParameters;
import java.security.cert.TrustAnchor;
import java.security.cert.X509CRL;
import java.security.cert.X509CRLSelector;
import java.security.cert.X509Certificate;
import java.text.SimpleDateFormat;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Collections;
import java.util.Date;
import java.util.Enumeration;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Set;
import java.util.TimeZone;
import java.util.WeakHashMap;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.security.auth.x500.X500Principal;

/* renamed from: com.aspose.html.utils.fzn, reason: case insensitive filesystem */
/* loaded from: input_file:com/aspose/html/utils/fzn.class */
public class C12656fzn extends PKIXCertPathChecker {
    public static final int AdY = 0;
    public static final int AdZ = 1;
    private final Map<X500Principal, Long> Aeb;
    private final Set<TrustAnchor> Aec;
    private final boolean Aed;
    private final int Aee;
    private final List<InterfaceC11646fAk<CRL>> Aef;
    private final List<CertStore> Aeg;
    private final InterfaceC12647fze Aeh;
    private final boolean Aei;
    private final long Aej;
    private final long Aek;
    private Date rJN;
    private X500Principal rKr;
    private PublicKey rKs;
    private X509Certificate rKt;
    private static Logger qFV = Logger.getLogger(C12656fzn.class.getName());
    private static final Map<C11303etn, WeakReference<X509CRL>> Aea = Collections.synchronizedMap(new WeakHashMap());
    protected static final String[] Ael = {"unspecified", "keyCompromise", "cACompromise", "affiliationChanged", "superseded", "cessationOfOperation", "certificateHold", C3185ayW.jht, "removeFromCRL", "privilegeWithdrawn", "aACompromise"};

    /* renamed from: com.aspose.html.utils.fzn$a */
    /* loaded from: input_file:com/aspose/html/utils/fzn$a.class */
    public static class a {
        private Set<TrustAnchor> qHC;
        private List<CertStore> rKm;
        private List<InterfaceC11646fAk<CRL>> prt;
        private boolean rKj;
        private int qHB;
        private Provider pqG;
        private String pqH;
        private boolean rKo;
        private long rKp;
        private long rKq;

        public a(TrustAnchor trustAnchor) {
            this.rKm = new ArrayList();
            this.prt = new ArrayList();
            this.qHB = 0;
            this.qHC = Collections.singleton(trustAnchor);
        }

        public a(Set<TrustAnchor> set) {
            this.rKm = new ArrayList();
            this.prt = new ArrayList();
            this.qHB = 0;
            this.qHC = new HashSet(set);
        }

        public a(KeyStore keyStore) throws KeyStoreException {
            this.rKm = new ArrayList();
            this.prt = new ArrayList();
            this.qHB = 0;
            this.qHC = new HashSet();
            Enumeration<String> aliases = keyStore.aliases();
            while (aliases.hasMoreElements()) {
                String nextElement = aliases.nextElement();
                if (keyStore.isCertificateEntry(nextElement)) {
                    this.qHC.add(new TrustAnchor((X509Certificate) keyStore.getCertificate(nextElement), null));
                }
            }
        }

        public a b(CertStore certStore) {
            this.rKm.add(certStore);
            return this;
        }

        public a j(InterfaceC11646fAk<CRL> interfaceC11646fAk) {
            this.prt.add(interfaceC11646fAk);
            return this;
        }

        public a ly(boolean z) {
            this.rKj = z;
            return this;
        }

        public a d(boolean z, long j) {
            this.rKo = z;
            this.rKp = j;
            this.rKq = -1L;
            return this;
        }

        public a e(boolean z, long j) {
            this.rKo = z;
            this.rKp = (j * 3) / 4;
            this.rKq = j;
            return this;
        }

        public a GO(int i) {
            this.qHB = i;
            return this;
        }

        public a bl(Provider provider) {
            this.pqG = provider;
            return this;
        }

        public a Nn(String str) {
            this.pqH = str;
            return this;
        }

        public C12656fzn enF() {
            return new C12656fzn(this);
        }
    }

    /* renamed from: com.aspose.html.utils.fzn$b */
    /* loaded from: input_file:com/aspose/html/utils/fzn$b.class */
    class b implements InterfaceC10242eZm<CRL>, InterfaceC11639fAd<CRL> {
        private Collection<CRL> rKz;

        public b(InterfaceC11646fAk<CRL> interfaceC11646fAk) {
            this.rKz = new ArrayList(interfaceC11646fAk.a(null));
        }

        @Override // com.aspose.html.utils.InterfaceC10242eZm, com.aspose.html.utils.InterfaceC11646fAk
        public Collection<CRL> a(InterfaceC11644fAi<CRL> interfaceC11644fAi) {
            if (interfaceC11644fAi == null) {
                return new ArrayList(this.rKz);
            }
            ArrayList arrayList = new ArrayList();
            for (CRL crl : this.rKz) {
                if (interfaceC11644fAi.bn(crl)) {
                    arrayList.add(crl);
                }
            }
            return arrayList;
        }

        @Override // com.aspose.html.utils.InterfaceC11639fAd, java.lang.Iterable
        public Iterator<CRL> iterator() {
            return a(null).iterator();
        }
    }

    private C12656fzn(a aVar) {
        this.Aeb = new HashMap();
        this.Aef = new ArrayList(aVar.prt);
        this.Aeg = new ArrayList(aVar.rKm);
        this.Aed = aVar.rKj;
        this.Aee = aVar.qHB;
        this.Aec = aVar.qHC;
        this.Aei = aVar.rKo;
        this.Aej = aVar.rKp;
        this.Aek = aVar.rKq;
        if (aVar.pqG != null) {
            this.Aeh = new C12650fzh(aVar.pqG);
        } else if (aVar.pqH != null) {
            this.Aeh = new C12648fzf(aVar.pqH);
        } else {
            this.Aeh = new C12646fzd();
        }
    }

    @Override // java.security.cert.PKIXCertPathChecker, java.security.cert.CertPathChecker
    public void init(boolean z) throws CertPathValidatorException {
        if (z) {
            throw new IllegalArgumentException("forward processing not supported");
        }
        this.rJN = new Date();
        this.rKr = null;
    }

    @Override // java.security.cert.PKIXCertPathChecker, java.security.cert.CertPathChecker
    public boolean isForwardCheckingSupported() {
        return false;
    }

    @Override // java.security.cert.PKIXCertPathChecker
    public Set<String> getSupportedExtensions() {
        return null;
    }

    @Override // java.security.cert.PKIXCertPathChecker
    public void check(Certificate certificate, Collection<String> collection) throws CertPathValidatorException {
        X509Certificate x509Certificate = (X509Certificate) certificate;
        if (this.Aed && x509Certificate.getBasicConstraints() != -1) {
            this.rKr = x509Certificate.getSubjectX500Principal();
            this.rKs = x509Certificate.getPublicKey();
            this.rKt = x509Certificate;
            return;
        }
        TrustAnchor trustAnchor = null;
        if (this.rKr == null) {
            this.rKr = x509Certificate.getIssuerX500Principal();
            for (TrustAnchor trustAnchor2 : this.Aec) {
                if (this.rKr.equals(trustAnchor2.getCA()) || this.rKr.equals(trustAnchor2.getTrustedCert().getSubjectX500Principal())) {
                    trustAnchor = trustAnchor2;
                }
            }
            if (trustAnchor == null) {
                throw new CertPathValidatorException("no trust anchor found for " + this.rKr);
            }
            this.rKt = trustAnchor.getTrustedCert();
            this.rKs = this.rKt.getPublicKey();
        }
        ArrayList arrayList = new ArrayList();
        try {
            PKIXParameters pKIXParameters = new PKIXParameters(this.Aec);
            pKIXParameters.setRevocationEnabled(false);
            pKIXParameters.setDate(this.rJN);
            for (int i = 0; i != this.Aeg.size(); i++) {
                if (qFV.isLoggable(Level.INFO)) {
                    a(arrayList, this.Aeg.get(i));
                }
                pKIXParameters.addCertStore(this.Aeg.get(i));
            }
            C10247eZr.a aVar = new C10247eZr.a(pKIXParameters);
            aVar.Gq(this.Aee);
            for (int i2 = 0; i2 != this.Aef.size(); i2++) {
                if (qFV.isLoggable(Level.INFO)) {
                    a(arrayList, this.Aef.get(i2));
                }
                aVar.a(new b(this.Aef.get(i2)));
            }
            if (arrayList.isEmpty()) {
                qFV.log(Level.INFO, "configured with 0 pre-loaded CRLs");
            } else if (qFV.isLoggable(Level.FINE)) {
                for (int i3 = 0; i3 != arrayList.size(); i3++) {
                    qFV.log(Level.FINE, "configuring with CRL for issuer \"" + arrayList.get(i3) + "\"");
                }
            } else {
                qFV.log(Level.INFO, "configured with " + arrayList.size() + " pre-loaded CRLs");
            }
            C10247eZr ejA = aVar.ejA();
            try {
                a(ejA, this.rJN, C12653fzk.a(ejA, this.rJN), x509Certificate, this.rKt, this.rKs, new ArrayList(), this.Aeh);
            } catch (fyU e) {
                throw new CertPathValidatorException(e.getMessage(), e.getCause());
            } catch (fyV e2) {
                if (null == x509Certificate.getExtensionValue(C11300etk.wot.getId())) {
                    throw e2;
                }
                try {
                    CRL a2 = a(x509Certificate.getIssuerX500Principal(), this.rJN, C12653fzk.a(x509Certificate, C11300etk.wot), this.Aeh);
                    if (a2 != null) {
                        try {
                            aVar.a(new b(new fzX(Collections.singleton(a2))));
                            C10247eZr ejA2 = aVar.ejA();
                            a(ejA2, this.rJN, C12653fzk.a(ejA2, this.rJN), x509Certificate, this.rKt, this.rKs, new ArrayList(), this.Aeh);
                        } catch (fyU e3) {
                            throw new CertPathValidatorException(e3.getMessage(), e3.getCause());
                        }
                    } else {
                        if (!this.Aei) {
                            throw e2;
                        }
                        X500Principal issuerX500Principal = x509Certificate.getIssuerX500Principal();
                        Long l = this.Aeb.get(issuerX500Principal);
                        if (l != null) {
                            long currentTimeMillis = System.currentTimeMillis() - l.longValue();
                            if (this.Aek != -1 && this.Aek < currentTimeMillis) {
                                throw e2;
                            }
                            if (currentTimeMillis < this.Aej) {
                                qFV.log(Level.WARNING, "soft failing for issuer: \"" + issuerX500Principal + "\"");
                            } else {
                                qFV.log(Level.SEVERE, "soft failing for issuer: \"" + issuerX500Principal + "\"");
                            }
                        } else {
                            this.Aeb.put(issuerX500Principal, Long.valueOf(System.currentTimeMillis()));
                        }
                    }
                } catch (fyU e4) {
                    throw new CertPathValidatorException(e4.getMessage(), e4.getCause());
                }
            }
            this.rKt = x509Certificate;
            this.rKs = x509Certificate.getPublicKey();
            this.rKr = x509Certificate.getSubjectX500Principal();
        } catch (GeneralSecurityException e5) {
            throw new RuntimeException("error setting up baseParams: " + e5.getMessage());
        }
    }

    private void a(final List<X500Principal> list, CertStore certStore) throws CertStoreException {
        certStore.getCRLs(new X509CRLSelector() { // from class: com.aspose.html.utils.fzn.1
            @Override // java.security.cert.X509CRLSelector, java.security.cert.CRLSelector
            public boolean match(CRL crl) {
                if (!(crl instanceof X509CRL)) {
                    return false;
                }
                list.add(((X509CRL) crl).getIssuerX500Principal());
                return false;
            }
        });
    }

    private void a(final List<X500Principal> list, InterfaceC11646fAk<CRL> interfaceC11646fAk) {
        interfaceC11646fAk.a(new InterfaceC11644fAi<CRL>() { // from class: com.aspose.html.utils.fzn.2
            @Override // com.aspose.html.utils.InterfaceC11644fAi
            /* renamed from: match, reason: merged with bridge method [inline-methods] */
            public boolean bn(CRL crl) {
                if (!(crl instanceof X509CRL)) {
                    return false;
                }
                list.add(((X509CRL) crl).getIssuerX500Principal());
                return false;
            }

            @Override // com.aspose.html.utils.InterfaceC11644fAi
            public Object clone() {
                return this;
            }
        });
    }

    private CRL a(X500Principal x500Principal, Date date, AbstractC10780eju abstractC10780eju, fsJ fsj) {
        C11297eth[] dVd = C11233esW.Fv(abstractC10780eju).dVd();
        for (int i = 0; i != dVd.length; i++) {
            C11298eti dVp = dVd[i].dVp();
            if (dVp != null && dVp.getType() == 0) {
                C11303etn[] dVB = C11304eto.FM(dVp.dVs()).dVB();
                for (int i2 = 0; i2 != dVB.length; i2++) {
                    C11303etn c11303etn = dVB[i2];
                    if (c11303etn.cuD() == 6) {
                        WeakReference<X509CRL> weakReference = Aea.get(c11303etn);
                        if (weakReference != null) {
                            X509CRL x509crl = weakReference.get();
                            if (x509crl != null && !date.before(x509crl.getThisUpdate()) && !date.after(x509crl.getNextUpdate())) {
                                return x509crl;
                            }
                            Aea.remove(c11303etn);
                        }
                        URL url = null;
                        try {
                            url = new URL(c11303etn.dVs().toString());
                            CertificateFactory Dm = fsj.Dm("X.509");
                            InputStream openStream = url.openStream();
                            X509CRL x509crl2 = (X509CRL) Dm.generateCRL(new BufferedInputStream(openStream));
                            openStream.close();
                            qFV.log(Level.INFO, "downloaded CRL from CrlDP " + url + " for issuer \"" + x500Principal + "\"");
                            Aea.put(c11303etn, new WeakReference<>(x509crl2));
                            return x509crl2;
                        } catch (Exception e) {
                            if (qFV.isLoggable(Level.FINE)) {
                                qFV.log(Level.FINE, "CrlDP " + url + " ignored: " + e.getMessage(), (Throwable) e);
                            } else {
                                qFV.log(Level.INFO, "CrlDP " + url + " ignored: " + e.getMessage());
                            }
                        }
                    }
                }
            }
        }
        return null;
    }

    static List<InterfaceC10242eZm> a(C11233esW c11233esW, Map<C11303etn, InterfaceC10242eZm> map) throws fyU {
        if (c11233esW == null) {
            return Collections.emptyList();
        }
        try {
            C11297eth[] dVd = c11233esW.dVd();
            ArrayList arrayList = new ArrayList();
            for (C11297eth c11297eth : dVd) {
                C11298eti dVp = c11297eth.dVp();
                if (dVp != null && dVp.getType() == 0) {
                    for (C11303etn c11303etn : C11304eto.FM(dVp.dVs()).dVB()) {
                        InterfaceC10242eZm interfaceC10242eZm = map.get(c11303etn);
                        if (interfaceC10242eZm != null) {
                            arrayList.add(interfaceC10242eZm);
                        }
                    }
                }
            }
            return arrayList;
        } catch (Exception e) {
            throw new fyU("could not read distribution points could not be read", e);
        }
    }

    protected void a(C10247eZr c10247eZr, Date date, Date date2, X509Certificate x509Certificate, X509Certificate x509Certificate2, PublicKey publicKey, List list, InterfaceC12647fze interfaceC12647fze) throws fyU, CertPathValidatorException {
        try {
            C11233esW Fv = C11233esW.Fv(C12653fzk.a(x509Certificate, C11300etk.wot));
            fyY fyy = new fyY();
            C12652fzj c12652fzj = new C12652fzj();
            fyU fyu = null;
            boolean z = false;
            if (Fv != null) {
                try {
                    C11297eth[] dVd = Fv.dVd();
                    if (dVd != null) {
                        C10247eZr.a aVar = new C10247eZr.a(c10247eZr);
                        try {
                            Iterator<InterfaceC10242eZm> it = a(Fv, c10247eZr.cUK()).iterator();
                            while (it.hasNext()) {
                                aVar.a(it.next());
                            }
                            C10247eZr ejA = aVar.ejA();
                            Date a2 = C12653fzk.a(ejA, date);
                            for (int i = 0; i < dVd.length && fyy.cVG() == 11 && !c12652fzj.cXa(); i++) {
                                try {
                                    C12651fzi.a(dVd[i], ejA, date, a2, x509Certificate, x509Certificate2, publicKey, fyy, c12652fzj, list, interfaceC12647fze);
                                    z = true;
                                } catch (fyU e) {
                                    fyu = e;
                                }
                            }
                        } catch (fyU e2) {
                            throw new fyU("no additional CRL locations could be decoded from CRL distribution point extension", e2);
                        }
                    }
                } catch (Exception e3) {
                    throw new fyU("cannot read distribution points", e3);
                }
            }
            if (fyy.cVG() == 11 && !c12652fzj.cXa()) {
                try {
                    C12651fzi.a(new C11297eth(new C11298eti(0, new C11304eto(new C11303etn(4, C11214esD.Fk(x509Certificate.getIssuerX500Principal().getEncoded())))), null, null), (C10247eZr) c10247eZr.clone(), date, date2, x509Certificate, x509Certificate2, publicKey, fyy, c12652fzj, list, interfaceC12647fze);
                    z = true;
                } catch (fyU e4) {
                    fyu = e4;
                }
            }
            if (!z) {
                if (!(fyu instanceof fyU)) {
                    throw new fyV("no valid CRL found");
                }
                throw new fyV("no valid CRL found", fyu);
            }
            if (fyy.cVG() != 11) {
                SimpleDateFormat simpleDateFormat = new SimpleDateFormat("yyyy-MM-dd HH:mm:ss Z");
                simpleDateFormat.setTimeZone(TimeZone.getTimeZone("UTC"));
                throw new fyU(("certificate [issuer=\"" + x509Certificate.getIssuerX500Principal() + "\",serialNumber=" + x509Certificate.getSerialNumber() + ",subject=\"" + x509Certificate.getSubjectX500Principal() + "\"] revoked after " + simpleDateFormat.format(fyy.getRevocationDate())) + ", reason: " + Ael[fyy.cVG()]);
            }
            if (!c12652fzj.cXa() && fyy.cVG() == 11) {
                fyy.Bb(12);
            }
            if (fyy.cVG() == 12) {
                throw new fyU("certificate status could not be determined");
            }
        } catch (Exception e5) {
            throw new fyU("cannot read CRL distribution point extension", e5);
        }
    }

    @Override // java.security.cert.PKIXCertPathChecker
    public Object clone() {
        return this;
    }
}
