package iaik.pki.pathvalidation;

import iaik.asn1.structures.PolicyInformation;
import iaik.asn1.structures.PolicyMapping;
import iaik.asn1.structures.PolicyQualifierInfo;
import iaik.logging.TransactionId;
import iaik.pki.utils.Constants;
import iaik.pki.utils.DBTypeParser;
import iaik.x509.V3Extension;
import iaik.x509.X509Certificate;
import iaik.x509.X509ExtensionInitException;
import iaik.x509.extensions.CertificatePolicies;
import iaik.x509.extensions.PolicyMappings;
import java.util.Collection;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Set;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: input_file:BKULocal.war:WEB-INF/lib/iaik_pki-2.00-MOA-MOCCA.jar:iaik/pki/pathvalidation/C.class */
public class C extends ExtensionHandler {
    @Override // iaik.pki.pathvalidation.ExtensionHandler, iaik.pki.pathvalidation.ExtensionHandlerInterface
    public boolean handleExtension(ValidationStatus validationStatus, X509Certificate x509Certificate, V3Extension v3Extension, TransactionId transactionId) throws ValidationException {
        PolicyMapping[] mappings;
        PolicyQualifierInfo[] policyQualifiers;
        if (v3Extension == null || validationStatus.isLastCertificate() || (mappings = ((PolicyMappings) v3Extension).getMappings()) == null || mappings.length == 0) {
            return true;
        }
        log_.debug(transactionId, "Processing policy mappings extension", null);
        HashMap hashMap = new HashMap();
        log_.debug(transactionId, mappings.length + " issuerDomainPolicy - subjectDomainPolicy pairs found", null);
        for (int i = 0; i < mappings.length; i++) {
            PolicyMapping policyMapping = mappings[i];
            String id = policyMapping.getIssuerDomainPolicy().getID();
            String id2 = policyMapping.getSubjectDomainPolicy().getID();
            if (log_.isDebugEnabled()) {
                log_.debug(transactionId, "pair number " + (i + 1) + DBTypeParser.SEPARATOR + Constants.LINE_SEPARATOR + " issuerDomainPolicy: " + id + Constants.LINE_SEPARATOR + "subjectDomainPolicy: " + id2, null);
            }
            if (id.equals(PolicyNode.X509_ANY_POLICY) || id2.equals(PolicyNode.X509_ANY_POLICY)) {
                log_.debug(transactionId, "Mapping to and from anyPolicy is not permitted: ", null);
                return false;
            }
            Collection collection = (Collection) hashMap.get(id);
            if (collection == null) {
                collection = new HashSet();
                hashMap.put(id, collection);
            }
            collection.add(id2);
        }
        G g = (G) validationStatus.getPolicyTree();
        if (g == null) {
            log_.debug(transactionId, "policy tree is null, exiting PolicyMappings processing", null);
            return true;
        }
        int inhibitPolicyMapping = validationStatus.getInhibitPolicyMapping();
        int certificateIndex = validationStatus.getCertificateIndex();
        List<G> B = g.B(certificateIndex);
        for (String str : hashMap.keySet()) {
            Set<String> set = (Set) hashMap.get(str);
            if (inhibitPolicyMapping > 0) {
                G g2 = null;
                boolean z = false;
                for (G g3 : B) {
                    String validPolicy = g3.getValidPolicy();
                    if (validPolicy.equals(str)) {
                        g3.A(set);
                        z = true;
                    } else if (validPolicy.equals(PolicyNode.X509_ANY_POLICY)) {
                        g2 = g3;
                    }
                }
                if (!z && g2 != null) {
                    G g4 = (G) g2.getParent();
                    try {
                        CertificatePolicies certificatePolicies = (CertificatePolicies) x509Certificate.getExtension(CertificatePolicies.oid);
                        PolicyInformation[] policyInformation = certificatePolicies.getPolicyInformation();
                        HashSet hashSet = new HashSet();
                        for (PolicyInformation policyInformation2 : policyInformation) {
                            if (policyInformation2.getPolicyIdentifier().getID() == PolicyNode.X509_ANY_POLICY && (policyQualifiers = policyInformation2.getPolicyQualifiers()) != null) {
                                for (PolicyQualifierInfo policyQualifierInfo : policyQualifiers) {
                                    hashSet.add(policyQualifierInfo);
                                }
                            }
                        }
                        g4.A(str, hashSet, certificatePolicies.isCritical()).A(set);
                    } catch (X509ExtensionInitException e) {
                    }
                }
            } else {
                Iterator<G> it = B.iterator();
                while (it.hasNext()) {
                    G next = it.next();
                    if (next.getValidPolicy().equals(str)) {
                        log_.debug(transactionId, "removing node with valid policy " + next.getValidPolicy() + " because policyMapping variable is zero", null);
                        it.remove();
                        ((G) next.getParent()).A(next);
                    }
                }
                if (log_.isDebugEnabled()) {
                    log_.debug(transactionId, "pruning policy tree" + Constants.LINE_SEPARATOR + "policy tree before pruning: " + Constants.LINE_SEPARATOR + g.D(), null);
                }
                g = g.A(certificateIndex - 1);
                if (g == null) {
                    validationStatus.clearPolicyTree();
                    log_.debug(transactionId, "policy tree after pruning: " + g, null);
                } else {
                    log_.debug(transactionId, "policy tree after pruning: " + Constants.LINE_SEPARATOR + g.D(), null);
                }
            }
        }
        if (g == null) {
            if (!log_.isDebugEnabled()) {
                return true;
            }
            log_.debug(transactionId, "Policy tree (after processing policy mappings extension of certificate " + x509Certificate.getSubjectDN() + "):" + Constants.LINE_SEPARATOR + g, null);
            return true;
        }
        if (!log_.isDebugEnabled()) {
            return true;
        }
        log_.debug(transactionId, "Policy tree (after processing policy mappings extension of certificate " + x509Certificate.getSubjectDN() + "):" + Constants.LINE_SEPARATOR + g.D(), null);
        return true;
    }
}
