package org.jruby.ext.openssl.x509store;

import java.security.PublicKey;
import java.security.cert.X509CRL;
import java.security.cert.X509Certificate;
import java.security.cert.X509Extension;
import java.util.ArrayList;
import java.util.Calendar;
import java.util.Collection;
import java.util.Date;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Set;
import jline.TerminalFactory;
import org.bouncycastle.asn1.ASN1InputStream;
import org.bouncycastle.asn1.ASN1Integer;
import org.bouncycastle.asn1.ASN1Sequence;
import org.jruby.ext.openssl.impl.ASN1Registry;
import org.jruby.ext.openssl.x509store.Store;

/* loaded from: input_file:META-INF/jruby.home/lib/ruby/shared/jopenssl.jar:org/jruby/ext/openssl/x509store/StoreContext.class */
public class StoreContext {
    public Store ctx;
    public int currentMethod;
    public X509AuxCertificate certificate;
    public List<X509AuxCertificate> untrusted;
    public List<X509CRL> crls;
    public VerifyParameter param;
    public List<X509AuxCertificate> otherContext;
    public Store.VerifyFunction verify;
    public Store.VerifyCallbackFunction verifyCallback;
    public Store.GetIssuerFunction getIssuer;
    public Store.CheckIssuedFunction checkIssued;
    public Store.CheckRevocationFunction checkRevocation;
    public Store.GetCRLFunction getCRL;
    public Store.CheckCRLFunction checkCRL;
    public Store.CertificateCRLFunction certificateCRL;
    public CheckPolicyFunction checkPolicy;
    public Store.CleanupFunction cleanup;
    public boolean isValid;
    public int lastUntrusted;
    public List<X509AuxCertificate> chain;
    public PolicyTree tree;
    public int explicitPolicy;
    public int errorDepth;
    public int error;
    public X509AuxCertificate currentCertificate;
    public X509AuxCertificate currentIssuer;
    public java.security.cert.CRL currentCRL;
    public List<Object> extraData;
    private static final Set<String> CRITICAL_EXTENSIONS = new HashSet();
    public static final Store.GetIssuerFunction getIssuerStack;
    public static final Store.CheckIssuedFunction defaultCheckIssued;
    public static final Store.VerifyCallbackFunction NullCallback;
    public static final Store.VerifyFunction internalVerify;
    public static final Store.CheckRevocationFunction defaultCheckRevocation;
    public static final Store.GetCRLFunction defaultGetCRL;
    public static final Store.CheckCRLFunction defaultCheckCRL;
    public static final Store.CertificateCRLFunction defaultCertificateCRL;
    public static final CheckPolicyFunction defaultCheckPolicy;

    /* loaded from: input_file:META-INF/jruby.home/lib/ruby/shared/jopenssl.jar:org/jruby/ext/openssl/x509store/StoreContext$CheckPolicyFunction.class */
    public interface CheckPolicyFunction extends Function1 {
        public static final CheckPolicyFunction EMPTY = new CheckPolicyFunction() { // from class: org.jruby.ext.openssl.x509store.StoreContext.CheckPolicyFunction.1
            @Override // org.jruby.ext.openssl.x509store.Function1
            public int call(Object obj) {
                return -1;
            }
        };
    }

    public void setDepth(int i) {
        this.param.setDepth(i);
    }

    public void setApplicationData(Object obj) {
        setExtraData(0, obj);
    }

    public Object getApplicationData() {
        return getExtraData(0);
    }

    public int getFirstIssuer(X509AuxCertificate[] x509AuxCertificateArr, X509AuxCertificate x509AuxCertificate) throws Exception {
        Name name = new Name(x509AuxCertificate.getIssuerX500Principal());
        X509Object[] x509ObjectArr = new X509Object[1];
        int bySubject = this.ctx == null ? 0 : getBySubject(1, name, x509ObjectArr);
        if (bySubject != 1) {
            if (bySubject != -1) {
                return bySubject != 0 ? -1 : 0;
            }
            X509Error.addError(106);
            return -1;
        }
        X509Object x509Object = x509ObjectArr[0];
        if (this.checkIssued.call(this, x509AuxCertificate, ((Certificate) x509Object).x509) != 0) {
            x509AuxCertificateArr[0] = ((Certificate) x509Object).x509;
            return 1;
        }
        int indexBySubject = X509Object.indexBySubject(this.ctx.objs, 1, name);
        if (indexBySubject == -1) {
            return 0;
        }
        for (int i = indexBySubject; i < this.ctx.objs.size(); i++) {
            X509Object x509Object2 = this.ctx.objs.get(i);
            if (x509Object2.type() != 1 || !name.isEqual(((Certificate) x509Object2).x509.getSubjectX500Principal())) {
                return 0;
            }
            if (this.checkIssued.call(this, x509AuxCertificate, ((Certificate) x509Object2).x509) != 0) {
                x509AuxCertificateArr[0] = ((Certificate) x509Object2).x509;
                return 1;
            }
        }
        return 0;
    }

    public static List<X509AuxCertificate> ensureAux(Collection<X509Certificate> collection) {
        if (collection == null) {
            return null;
        }
        ArrayList arrayList = new ArrayList();
        Iterator<X509Certificate> it = collection.iterator();
        while (it.hasNext()) {
            arrayList.add(ensureAux(it.next()));
        }
        return arrayList;
    }

    public static List<X509AuxCertificate> ensureAux(X509Certificate[] x509CertificateArr) {
        if (x509CertificateArr == null) {
            return null;
        }
        ArrayList arrayList = new ArrayList();
        for (X509Certificate x509Certificate : x509CertificateArr) {
            arrayList.add(ensureAux(x509Certificate));
        }
        return arrayList;
    }

    public static X509AuxCertificate ensureAux(X509Certificate x509Certificate) {
        if (x509Certificate == null) {
            return null;
        }
        return x509Certificate instanceof X509AuxCertificate ? (X509AuxCertificate) x509Certificate : new X509AuxCertificate(x509Certificate);
    }

    public int init(Store store, X509AuxCertificate x509AuxCertificate, List<X509AuxCertificate> list) {
        int i = 1;
        this.ctx = store;
        this.currentMethod = 0;
        this.certificate = x509AuxCertificate;
        this.untrusted = list;
        this.crls = null;
        this.lastUntrusted = 0;
        this.otherContext = null;
        this.isValid = false;
        this.chain = null;
        this.error = 0;
        this.explicitPolicy = 0;
        this.errorDepth = 0;
        this.currentCertificate = null;
        this.currentIssuer = null;
        this.tree = null;
        this.param = new VerifyParameter();
        if (store != null) {
            i = this.param.inherit(store.param);
        } else {
            this.param.flags |= 17;
        }
        if (store != null) {
            this.verifyCallback = store.verifyCallback;
            this.cleanup = store.cleanup;
        } else {
            this.cleanup = Store.CleanupFunction.EMPTY;
        }
        if (i != 0) {
            i = this.param.inherit(VerifyParameter.lookup("default"));
        }
        if (i == 0) {
            X509Error.addError(65);
            return 0;
        }
        if (store == null || store.checkIssued == null || store.checkIssued == Store.CheckIssuedFunction.EMPTY) {
            this.checkIssued = defaultCheckIssued;
        } else {
            this.checkIssued = store.checkIssued;
        }
        if (store == null || store.getIssuer == null || store.getIssuer == Store.GetIssuerFunction.EMPTY) {
            this.getIssuer = new Store.GetIssuerFunction() { // from class: org.jruby.ext.openssl.x509store.StoreContext.1
                @Override // org.jruby.ext.openssl.x509store.Function3
                public int call(Object obj, Object obj2, Object obj3) throws Exception {
                    return ((StoreContext) obj2).getFirstIssuer((X509AuxCertificate[]) obj, (X509AuxCertificate) obj3);
                }
            };
        } else {
            this.getIssuer = store.getIssuer;
        }
        if (store == null || store.verifyCallback == null || store.verifyCallback == Store.VerifyCallbackFunction.EMPTY) {
            this.verifyCallback = NullCallback;
        } else {
            this.verifyCallback = store.verifyCallback;
        }
        if (store == null || store.verify == null || store.verify == Store.VerifyFunction.EMPTY) {
            this.verify = internalVerify;
        } else {
            this.verify = store.verify;
        }
        if (store == null || store.checkRevocation == null || store.checkRevocation == Store.CheckRevocationFunction.EMPTY) {
            this.checkRevocation = defaultCheckRevocation;
        } else {
            this.checkRevocation = store.checkRevocation;
        }
        if (store == null || store.getCRL == null || store.getCRL == Store.GetCRLFunction.EMPTY) {
            this.getCRL = defaultGetCRL;
        } else {
            this.getCRL = store.getCRL;
        }
        if (store == null || store.checkCRL == null || store.checkCRL == Store.CheckCRLFunction.EMPTY) {
            this.checkCRL = defaultCheckCRL;
        } else {
            this.checkCRL = store.checkCRL;
        }
        if (store == null || store.certificateCRL == null || store.certificateCRL == Store.CertificateCRLFunction.EMPTY) {
            this.certificateCRL = defaultCertificateCRL;
        } else {
            this.certificateCRL = store.certificateCRL;
        }
        this.checkPolicy = defaultCheckPolicy;
        this.extraData = new ArrayList();
        this.extraData.add(null);
        this.extraData.add(null);
        this.extraData.add(null);
        this.extraData.add(null);
        this.extraData.add(null);
        this.extraData.add(null);
        return 1;
    }

    public void trustedStack(List<X509AuxCertificate> list) {
        this.otherContext = list;
        this.getIssuer = getIssuerStack;
    }

    public void cleanup() throws Exception {
        if (this.cleanup != null && this.cleanup != Store.CleanupFunction.EMPTY) {
            this.cleanup.call(this);
        }
        this.param = null;
        this.tree = null;
        this.chain = null;
        this.extraData = null;
    }

    public X509AuxCertificate findIssuer(List<X509AuxCertificate> list, X509AuxCertificate x509AuxCertificate) throws Exception {
        for (X509AuxCertificate x509AuxCertificate2 : list) {
            if (this.checkIssued.call(this, x509AuxCertificate, x509AuxCertificate2) != 0) {
                return x509AuxCertificate2;
            }
        }
        return null;
    }

    public int setExtraData(int i, Object obj) {
        this.extraData.set(i, obj);
        return 1;
    }

    public Object getExtraData(int i) {
        return this.extraData.get(i);
    }

    public int getError() {
        return this.error;
    }

    public void setError(int i) {
        this.error = i;
    }

    public int getErrorDepth() {
        return this.errorDepth;
    }

    public X509AuxCertificate getCurrentCertificate() {
        return this.currentCertificate;
    }

    public List<X509AuxCertificate> getChain() {
        return this.chain;
    }

    public List<X509AuxCertificate> getFirstChain() {
        if (null == this.chain) {
            return null;
        }
        return new ArrayList(this.chain);
    }

    public void setCertificate(X509AuxCertificate x509AuxCertificate) {
        this.certificate = x509AuxCertificate;
    }

    public void setCertificate(X509Certificate x509Certificate) {
        this.certificate = ensureAux(x509Certificate);
    }

    public void setChain(List<X509Certificate> list) {
        this.untrusted = ensureAux(list);
    }

    public void setChain(X509Certificate[] x509CertificateArr) {
        this.untrusted = ensureAux(x509CertificateArr);
    }

    public void setCRLs(List<X509CRL> list) {
        this.crls = list;
    }

    public int setPurpose(int i) {
        return purposeInherit(0, i, 0);
    }

    public int setTrust(int i) {
        return purposeInherit(0, 0, i);
    }

    private void resetSettingsToWithoutStore() {
        this.ctx = null;
        this.param = new VerifyParameter();
        this.param.flags |= 17;
        this.param.inherit(VerifyParameter.lookup("default"));
        this.cleanup = Store.CleanupFunction.EMPTY;
        this.checkIssued = defaultCheckIssued;
        this.getIssuer = new Store.GetIssuerFunction() { // from class: org.jruby.ext.openssl.x509store.StoreContext.2
            @Override // org.jruby.ext.openssl.x509store.Function3
            public int call(Object obj, Object obj2, Object obj3) throws Exception {
                return ((StoreContext) obj2).getFirstIssuer((X509AuxCertificate[]) obj, (X509AuxCertificate) obj3);
            }
        };
        this.verifyCallback = NullCallback;
        this.verify = internalVerify;
        this.checkRevocation = defaultCheckRevocation;
        this.getCRL = defaultGetCRL;
        this.checkCRL = defaultCheckCRL;
        this.certificateCRL = defaultCertificateCRL;
    }

    public int loadVerifyLocations(String str, String str2) {
        boolean z = false;
        try {
            if (this.ctx == null) {
                z = true;
                this.ctx = new Store();
                this.param.inherit(this.ctx.param);
                this.param.inherit(VerifyParameter.lookup("default"));
                this.cleanup = this.ctx.cleanup;
                if (this.ctx.checkIssued != null && this.ctx.checkIssued != Store.CheckIssuedFunction.EMPTY) {
                    this.checkIssued = this.ctx.checkIssued;
                }
                if (this.ctx.getIssuer != null && this.ctx.getIssuer != Store.GetIssuerFunction.EMPTY) {
                    this.getIssuer = this.ctx.getIssuer;
                }
                if (this.ctx.verifyCallback != null && this.ctx.verifyCallback != Store.VerifyCallbackFunction.EMPTY) {
                    this.verifyCallback = this.ctx.verifyCallback;
                }
                if (this.ctx.verify != null && this.ctx.verify != Store.VerifyFunction.EMPTY) {
                    this.verify = this.ctx.verify;
                }
                if (this.ctx.checkRevocation != null && this.ctx.checkRevocation != Store.CheckRevocationFunction.EMPTY) {
                    this.checkRevocation = this.ctx.checkRevocation;
                }
                if (this.ctx.getCRL != null && this.ctx.getCRL != Store.GetCRLFunction.EMPTY) {
                    this.getCRL = this.ctx.getCRL;
                }
                if (this.ctx.checkCRL != null && this.ctx.checkCRL != Store.CheckCRLFunction.EMPTY) {
                    this.checkCRL = this.ctx.checkCRL;
                }
                if (this.ctx.certificateCRL != null && this.ctx.certificateCRL != Store.CertificateCRLFunction.EMPTY) {
                    this.certificateCRL = this.ctx.certificateCRL;
                }
            }
            int loadLocations = this.ctx.loadLocations(str, str2);
            if (loadLocations == 0 && z) {
                resetSettingsToWithoutStore();
            }
            return loadLocations;
        } catch (Exception e) {
            if (!z) {
                return 0;
            }
            resetSettingsToWithoutStore();
            return 0;
        }
    }

    public int purposeInherit(int i, int i2, int i3) {
        if (i2 == 0) {
            i2 = i;
        }
        if (i2 != 0) {
            int byID = Purpose.getByID(i2);
            if (byID == -1) {
                X509Error.addError(121);
                return 0;
            }
            Purpose first = Purpose.getFirst(byID);
            if (first.trust == -1) {
                int byID2 = Purpose.getByID(i);
                if (byID2 == -1) {
                    X509Error.addError(121);
                    return 0;
                }
                first = Purpose.getFirst(byID2);
            }
            if (i3 == 0) {
                i3 = first.trust;
            }
        }
        if (i3 != 0 && Trust.getByID(i3) == -1) {
            X509Error.addError(120);
            return 0;
        }
        if (i2 != 0 && this.param.purpose == 0) {
            this.param.purpose = i2;
        }
        if (i3 == 0 || this.param.trust != 0) {
            return 1;
        }
        this.param.trust = i3;
        return 1;
    }

    public void setFlags(long j) {
        this.param.setFlags(j);
    }

    public void setTime(long j, Date date) {
        this.param.setTime(date);
    }

    public void setVerifyCallback(Store.VerifyCallbackFunction verifyCallbackFunction) {
        this.verifyCallback = verifyCallbackFunction;
    }

    PolicyTree getPolicyTree() {
        return this.tree;
    }

    public int getExplicitPolicy() {
        return this.explicitPolicy;
    }

    public VerifyParameter getParam() {
        return this.param;
    }

    public void setParam(VerifyParameter verifyParameter) {
        this.param = verifyParameter;
    }

    public int setDefault(String str) {
        VerifyParameter lookup = VerifyParameter.lookup(str);
        if (lookup == null) {
            return 0;
        }
        return this.param.inherit(lookup);
    }

    public int getBySubject(int i, Name name, X509Object[] x509ObjectArr) throws Exception {
        Store store = this.ctx;
        X509Object retrieveBySubject = X509Object.retrieveBySubject(store.objs, i, name);
        if (retrieveBySubject == null) {
            int i2 = this.currentMethod;
            while (true) {
                if (i2 >= store.certificateMethods.size()) {
                    break;
                }
                Lookup lookup = store.certificateMethods.get(i2);
                X509Object[] x509ObjectArr2 = new X509Object[1];
                int bySubject = lookup.bySubject(i, name, x509ObjectArr2);
                if (bySubject < 0) {
                    this.currentMethod = i2;
                    return bySubject;
                }
                if (bySubject > 0) {
                    retrieveBySubject = x509ObjectArr2[0];
                    break;
                }
                i2++;
            }
            this.currentMethod = 0;
            if (retrieveBySubject == null) {
                return 0;
            }
        }
        x509ObjectArr[0] = retrieveBySubject;
        return 1;
    }

    public int verifyCertificate() throws Exception {
        X509AuxCertificate x509AuxCertificate = null;
        X509AuxCertificate x509AuxCertificate2 = null;
        boolean z = false;
        ArrayList arrayList = null;
        if (this.certificate == null) {
            X509Error.addError(105);
            return -1;
        }
        Store.VerifyCallbackFunction verifyCallbackFunction = this.verifyCallback;
        if (null == this.chain) {
            this.chain = new ArrayList();
            this.chain.add(this.certificate);
            this.lastUntrusted = 1;
        }
        if (this.untrusted != null) {
            arrayList = new ArrayList(this.untrusted);
        }
        int size = this.chain.size();
        X509AuxCertificate x509AuxCertificate3 = this.chain.get(size - 1);
        int i = this.param.depth;
        while (i >= size && this.checkIssued.call(this, x509AuxCertificate3, x509AuxCertificate3) == 0 && this.untrusted != null) {
            x509AuxCertificate = findIssuer(arrayList, x509AuxCertificate3);
            if (x509AuxCertificate == null) {
                break;
            }
            this.chain.add(x509AuxCertificate);
            arrayList.remove(x509AuxCertificate);
            this.lastUntrusted++;
            x509AuxCertificate3 = x509AuxCertificate;
            size++;
        }
        int size2 = this.chain.size();
        X509AuxCertificate x509AuxCertificate4 = this.chain.get(size2 - 1);
        if (this.checkIssued.call(this, x509AuxCertificate4, x509AuxCertificate4) != 0) {
            if (this.chain.size() == 1) {
                X509AuxCertificate[] x509AuxCertificateArr = {x509AuxCertificate};
                int call = this.getIssuer.call(x509AuxCertificateArr, this, x509AuxCertificate4);
                x509AuxCertificate = x509AuxCertificateArr[0];
                if (call <= 0 || !x509AuxCertificate4.equals(x509AuxCertificate)) {
                    this.error = 18;
                    this.currentCertificate = x509AuxCertificate4;
                    this.errorDepth = size2 - 1;
                    z = true;
                    int call2 = verifyCallbackFunction.call(new Integer(0), this);
                    if (call2 == 0) {
                        return call2;
                    }
                } else {
                    x509AuxCertificate4 = x509AuxCertificate;
                    this.chain.set(size2 - 1, x509AuxCertificate4);
                    this.lastUntrusted = 0;
                }
            } else {
                x509AuxCertificate2 = this.chain.remove(this.chain.size() - 1);
                this.lastUntrusted--;
                size--;
                x509AuxCertificate4 = this.chain.get(size - 1);
            }
        }
        while (i >= size && this.checkIssued.call(this, x509AuxCertificate4, x509AuxCertificate4) == 0) {
            X509AuxCertificate[] x509AuxCertificateArr2 = {x509AuxCertificate};
            int call3 = this.getIssuer.call(x509AuxCertificateArr2, this, x509AuxCertificate4);
            x509AuxCertificate = x509AuxCertificateArr2[0];
            if (call3 < 0) {
                return call3;
            }
            if (call3 == 0) {
                break;
            }
            x509AuxCertificate4 = x509AuxCertificate;
            this.chain.add(x509AuxCertificate4);
            size++;
        }
        if (this.checkIssued.call(this, x509AuxCertificate4, x509AuxCertificate4) == 0) {
            if (x509AuxCertificate2 == null || this.checkIssued.call(this, x509AuxCertificate4, x509AuxCertificate2) == 0) {
                if (this.lastUntrusted >= size) {
                    this.error = 20;
                } else {
                    this.error = 2;
                }
                this.currentCertificate = x509AuxCertificate4;
            } else {
                this.chain.add(x509AuxCertificate2);
                size++;
                this.lastUntrusted = size;
                this.currentCertificate = x509AuxCertificate2;
                this.error = 19;
            }
            this.errorDepth = size - 1;
            z = true;
            int call4 = verifyCallbackFunction.call(new Integer(0), this);
            if (call4 == 0) {
                return call4;
            }
        }
        int checkChainExtensions = checkChainExtensions();
        if (checkChainExtensions == 0) {
            return checkChainExtensions;
        }
        if (this.param.trust > 0) {
            checkChainExtensions = checkTrust();
        }
        if (checkChainExtensions == 0) {
            return checkChainExtensions;
        }
        int call5 = this.checkRevocation.call(this);
        if (call5 == 0) {
            return call5;
        }
        int call6 = (this.verify == null || this.verify == Store.VerifyFunction.EMPTY) ? internalVerify.call(this) : this.verify.call(this);
        if (call6 == 0) {
            return call6;
        }
        if (!z && (this.param.flags & 128) != 0) {
            call6 = this.checkPolicy.call(this);
        }
        return call6;
    }

    private static boolean supportsCriticalExtension(String str) {
        return CRITICAL_EXTENSIONS.contains(str);
    }

    private static boolean unhandledCritical(X509Extension x509Extension) {
        if (x509Extension.getCriticalExtensionOIDs() == null || x509Extension.getCriticalExtensionOIDs().size() == 0) {
            return false;
        }
        Iterator<String> it = x509Extension.getCriticalExtensionOIDs().iterator();
        while (it.hasNext()) {
            if (!supportsCriticalExtension(it.next())) {
                return true;
            }
        }
        return false;
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r2v8 */
    public int checkChainExtensions() throws Exception {
        boolean z;
        boolean z2;
        int i = 0;
        boolean z3 = (this.param.flags & 64) != 0;
        Store.VerifyCallbackFunction verifyCallbackFunction = this.verifyCallback;
        boolean z4 = -1;
        try {
            if (System.getenv("OPENSSL_ALLOW_PROXY_CERTS") != null) {
                if (!TerminalFactory.FALSE.equalsIgnoreCase(System.getenv("OPENSSL_ALLOW_PROXY_CERTS"))) {
                    z3 = true;
                }
            }
        } catch (Error e) {
        }
        for (int i2 = 0; i2 < this.lastUntrusted; i2++) {
            X509AuxCertificate x509AuxCertificate = this.chain.get(i2);
            if ((this.param.flags & 16) == 0 && unhandledCritical(x509AuxCertificate)) {
                this.error = 34;
                this.errorDepth = i2;
                this.currentCertificate = x509AuxCertificate;
                int call = verifyCallbackFunction.call(new Integer(0), this);
                if (call == 0) {
                    return call;
                }
            }
            if (!z3 && x509AuxCertificate.getExtensionValue(ASN1Registry.OBJ_proxyCertInfo) != null) {
                this.error = 40;
                this.errorDepth = i2;
                this.currentCertificate = x509AuxCertificate;
                int call2 = verifyCallbackFunction.call(new Integer(0), this);
                if (call2 == 0) {
                    return call2;
                }
            }
            int checkCA = Purpose.checkCA(x509AuxCertificate);
            switch (z4) {
                case true:
                    if ((this.param.flags & 32) != 0 && checkCA != 1 && checkCA != 0) {
                        z = false;
                        this.error = 24;
                        break;
                    } else {
                        z = true;
                        break;
                    }
                    break;
                case false:
                    if (checkCA != 0) {
                        z = false;
                        this.error = 37;
                        break;
                    } else {
                        z = true;
                        break;
                    }
                default:
                    if (checkCA == 0 || ((this.param.flags & 32) != 0 && checkCA != 1)) {
                        z = false;
                        this.error = 24;
                        break;
                    } else {
                        z = true;
                        break;
                    }
                    break;
            }
            if (!z) {
                this.errorDepth = i2;
                this.currentCertificate = x509AuxCertificate;
                int call3 = verifyCallbackFunction.call(new Integer(0), this);
                if (call3 == 0) {
                    return call3;
                }
            }
            if (this.param.purpose > 0) {
                int checkPurpose = Purpose.checkPurpose(x509AuxCertificate, this.param.purpose, z4 > 0 ? 1 : 0);
                if (checkPurpose == 0 || ((this.param.flags & 32) != 0 && checkPurpose != 1)) {
                    this.error = 26;
                    this.errorDepth = i2;
                    this.currentCertificate = x509AuxCertificate;
                    int call4 = verifyCallbackFunction.call(new Integer(0), this);
                    if (call4 == 0) {
                        return call4;
                    }
                }
            }
            if (i2 > 1 && x509AuxCertificate.getBasicConstraints() != -1 && x509AuxCertificate.getBasicConstraints() != Integer.MAX_VALUE && i2 > x509AuxCertificate.getBasicConstraints() + i + 1) {
                this.error = 25;
                this.errorDepth = i2;
                this.currentCertificate = x509AuxCertificate;
                int call5 = verifyCallbackFunction.call(new Integer(0), this);
                if (call5 == 0) {
                    return call5;
                }
            }
            if (x509AuxCertificate.getExtensionValue(ASN1Registry.OBJ_proxyCertInfo) != null) {
                ASN1Sequence aSN1Sequence = (ASN1Sequence) new ASN1InputStream(x509AuxCertificate.getExtensionValue(ASN1Registry.OBJ_proxyCertInfo)).readObject();
                if (aSN1Sequence.size() > 0 && (aSN1Sequence.getObjectAt(0) instanceof ASN1Integer)) {
                    if (i2 > ((ASN1Integer) aSN1Sequence.getObjectAt(0)).getValue().intValue()) {
                        this.error = 38;
                        this.errorDepth = i2;
                        this.currentCertificate = x509AuxCertificate;
                        int call6 = verifyCallbackFunction.call(new Integer(0), this);
                        if (call6 == 0) {
                            return call6;
                        }
                    }
                }
                i++;
                z2 = false;
            } else {
                z2 = true;
            }
            z4 = z2;
        }
        return 1;
    }

    public int checkTrust() throws Exception {
        Store.VerifyCallbackFunction verifyCallbackFunction = this.verifyCallback;
        X509AuxCertificate x509AuxCertificate = this.chain.get(this.chain.size() - 1);
        int checkTrust = Trust.checkTrust(x509AuxCertificate, this.param.trust, 0);
        if (checkTrust == 1) {
            return 1;
        }
        this.errorDepth = 1;
        this.currentCertificate = x509AuxCertificate;
        if (checkTrust == 2) {
            this.error = 28;
        } else {
            this.error = 27;
        }
        return verifyCallbackFunction.call(new Integer(0), this);
    }

    public int checkCertificateTime(X509AuxCertificate x509AuxCertificate) throws Exception {
        Date time = (this.param.flags & 2) != 0 ? this.param.checkTime : Calendar.getInstance().getTime();
        if (!x509AuxCertificate.getNotBefore().before(time)) {
            this.error = 9;
            this.currentCertificate = x509AuxCertificate;
            if (this.verifyCallback.call(new Integer(0), this) == 0) {
                return 0;
            }
        }
        if (x509AuxCertificate.getNotAfter().after(time)) {
            return 1;
        }
        this.error = 10;
        this.currentCertificate = x509AuxCertificate;
        return this.verifyCallback.call(new Integer(0), this) == 0 ? 0 : 1;
    }

    public int checkCertificate() throws Exception {
        X509CRL[] x509crlArr = new X509CRL[1];
        X509AuxCertificate x509AuxCertificate = this.chain.get(this.errorDepth);
        this.currentCertificate = x509AuxCertificate;
        if (this.getCRL.call(this, x509crlArr, x509AuxCertificate) == 0) {
            this.error = 3;
            int call = this.verifyCallback.call(new Integer(0), this);
            this.currentCRL = null;
            return call;
        }
        this.currentCRL = x509crlArr[0];
        int call2 = this.checkCRL.call(this, x509crlArr[0]);
        if (call2 == 0) {
            this.currentCRL = null;
            return call2;
        }
        int call3 = this.certificateCRL.call(this, x509crlArr[0], x509AuxCertificate);
        this.currentCRL = null;
        return call3;
    }

    public int checkCRLTime(X509CRL x509crl, int i) throws Exception {
        this.currentCRL = x509crl;
        Date time = (this.param.flags & 2) != 0 ? this.param.checkTime : Calendar.getInstance().getTime();
        if (!x509crl.getThisUpdate().before(time)) {
            this.error = 11;
            if (i == 0 || this.verifyCallback.call(new Integer(0), this) == 0) {
                return 0;
            }
        }
        if (x509crl.getNextUpdate() != null && !x509crl.getNextUpdate().after(time)) {
            this.error = 12;
            if (i == 0 || this.verifyCallback.call(new Integer(0), this) == 0) {
                return 0;
            }
        }
        this.currentCRL = null;
        return 1;
    }

    public int getCRLStack(X509CRL[] x509crlArr, Name name, List<X509CRL> list) throws Exception {
        X509CRL x509crl = null;
        if (null != list) {
            for (X509CRL x509crl2 : list) {
                if (name.isEqual(x509crl2.getIssuerX500Principal())) {
                    if (checkCRLTime(x509crl2, 0) != 0) {
                        x509crlArr[0] = x509crl2;
                        return 1;
                    }
                    x509crl = x509crl2;
                }
            }
        }
        if (x509crl == null) {
            return 0;
        }
        x509crlArr[0] = x509crl;
        return 0;
    }

    static {
        CRITICAL_EXTENSIONS.add(ASN1Registry.OBJ_netscape_cert_type);
        CRITICAL_EXTENSIONS.add(ASN1Registry.OBJ_key_usage);
        CRITICAL_EXTENSIONS.add(ASN1Registry.OBJ_subject_alt_name);
        CRITICAL_EXTENSIONS.add(ASN1Registry.OBJ_basic_constraints);
        CRITICAL_EXTENSIONS.add(ASN1Registry.OBJ_ext_key_usage);
        CRITICAL_EXTENSIONS.add(ASN1Registry.OBJ_proxyCertInfo);
        getIssuerStack = new Store.GetIssuerFunction() { // from class: org.jruby.ext.openssl.x509store.StoreContext.3
            @Override // org.jruby.ext.openssl.x509store.Function3
            public int call(Object obj, Object obj2, Object obj3) throws Exception {
                X509AuxCertificate[] x509AuxCertificateArr = (X509AuxCertificate[]) obj;
                StoreContext storeContext = (StoreContext) obj2;
                x509AuxCertificateArr[0] = storeContext.findIssuer(storeContext.otherContext, (X509AuxCertificate) obj3);
                return x509AuxCertificateArr[0] != null ? 1 : 0;
            }
        };
        defaultCheckIssued = new Store.CheckIssuedFunction() { // from class: org.jruby.ext.openssl.x509store.StoreContext.4
            @Override // org.jruby.ext.openssl.x509store.Function3
            public int call(Object obj, Object obj2, Object obj3) throws Exception {
                StoreContext storeContext = (StoreContext) obj;
                X509AuxCertificate x509AuxCertificate = (X509AuxCertificate) obj2;
                X509AuxCertificate x509AuxCertificate2 = (X509AuxCertificate) obj3;
                int checkIfIssuedBy = X509Utils.checkIfIssuedBy(x509AuxCertificate2, x509AuxCertificate);
                if (checkIfIssuedBy == 0) {
                    return 1;
                }
                if ((storeContext.param.flags & 1) == 0) {
                    return 0;
                }
                storeContext.error = checkIfIssuedBy;
                storeContext.currentCertificate = x509AuxCertificate;
                storeContext.currentIssuer = x509AuxCertificate2;
                return storeContext.verifyCallback.call(new Integer(0), storeContext);
            }
        };
        NullCallback = new Store.VerifyCallbackFunction() { // from class: org.jruby.ext.openssl.x509store.StoreContext.5
            @Override // org.jruby.ext.openssl.x509store.Function2
            public int call(Object obj, Object obj2) {
                return ((Integer) obj).intValue();
            }
        };
        internalVerify = new Store.VerifyFunction() { // from class: org.jruby.ext.openssl.x509store.StoreContext.6
            @Override // org.jruby.ext.openssl.x509store.Function1
            public int call(Object obj) throws Exception {
                X509AuxCertificate x509AuxCertificate;
                StoreContext storeContext = (StoreContext) obj;
                Store.VerifyCallbackFunction verifyCallbackFunction = storeContext.verifyCallback;
                int size = storeContext.chain.size();
                storeContext.errorDepth = size - 1;
                int i = size - 1;
                X509AuxCertificate x509AuxCertificate2 = storeContext.chain.get(i);
                if (storeContext.checkIssued.call(storeContext, x509AuxCertificate2, x509AuxCertificate2) != 0) {
                    x509AuxCertificate = x509AuxCertificate2;
                } else {
                    if (i <= 0) {
                        storeContext.error = 21;
                        storeContext.currentCertificate = x509AuxCertificate2;
                        return verifyCallbackFunction.call(new Integer(0), storeContext);
                    }
                    i--;
                    storeContext.errorDepth = i;
                    x509AuxCertificate = storeContext.chain.get(i);
                }
                while (i >= 0) {
                    storeContext.errorDepth = i;
                    if (!x509AuxCertificate.isValid()) {
                        try {
                            x509AuxCertificate.verify(x509AuxCertificate2.getPublicKey());
                        } catch (Exception e) {
                            storeContext.error = 7;
                            storeContext.currentCertificate = x509AuxCertificate;
                            int call = verifyCallbackFunction.call(new Integer(0), storeContext);
                            if (call == 0) {
                                return call;
                            }
                        }
                    }
                    x509AuxCertificate.setValid(true);
                    int checkCertificateTime = storeContext.checkCertificateTime(x509AuxCertificate);
                    if (checkCertificateTime == 0) {
                        return checkCertificateTime;
                    }
                    storeContext.currentIssuer = x509AuxCertificate2;
                    storeContext.currentCertificate = x509AuxCertificate;
                    int call2 = verifyCallbackFunction.call(new Integer(1), storeContext);
                    if (call2 == 0) {
                        return call2;
                    }
                    i--;
                    if (i >= 0) {
                        x509AuxCertificate2 = x509AuxCertificate;
                        x509AuxCertificate = storeContext.chain.get(i);
                    }
                }
                return 1;
            }
        };
        defaultCheckRevocation = new Store.CheckRevocationFunction() { // from class: org.jruby.ext.openssl.x509store.StoreContext.7
            @Override // org.jruby.ext.openssl.x509store.Function1
            public int call(Object obj) throws Exception {
                StoreContext storeContext = (StoreContext) obj;
                if ((storeContext.param.flags & 4) == 0) {
                    return 1;
                }
                int size = (storeContext.param.flags & 8) != 0 ? storeContext.chain.size() - 1 : 0;
                for (int i = 0; i <= size; i++) {
                    storeContext.errorDepth = i;
                    if (storeContext.checkCertificate() == 0) {
                        return 0;
                    }
                }
                return 1;
            }
        };
        defaultGetCRL = new Store.GetCRLFunction() { // from class: org.jruby.ext.openssl.x509store.StoreContext.8
            @Override // org.jruby.ext.openssl.x509store.Function3
            public int call(Object obj, Object obj2, Object obj3) throws Exception {
                StoreContext storeContext = (StoreContext) obj;
                X509CRL[] x509crlArr = (X509CRL[]) obj2;
                Name name = new Name(((X509AuxCertificate) obj3).getIssuerX500Principal());
                X509CRL[] x509crlArr2 = new X509CRL[1];
                if (storeContext.getCRLStack(x509crlArr2, name, storeContext.crls) != 0) {
                    x509crlArr[0] = x509crlArr2[0];
                    return 1;
                }
                X509Object[] x509ObjectArr = new X509Object[1];
                if (storeContext.getBySubject(2, name, x509ObjectArr) != 0) {
                    x509crlArr[0] = (X509CRL) ((CRL) x509ObjectArr[0]).crl;
                    return 1;
                }
                if (x509crlArr2[0] == null) {
                    return 0;
                }
                x509crlArr[0] = x509crlArr2[0];
                return 1;
            }
        };
        defaultCheckCRL = new Store.CheckCRLFunction() { // from class: org.jruby.ext.openssl.x509store.StoreContext.9
            @Override // org.jruby.ext.openssl.x509store.Function2
            public int call(Object obj, Object obj2) throws Exception {
                X509AuxCertificate x509AuxCertificate;
                StoreContext storeContext = (StoreContext) obj;
                X509CRL x509crl = (X509CRL) obj2;
                int i = storeContext.errorDepth;
                int size = storeContext.chain.size() - 1;
                if (i < size) {
                    x509AuxCertificate = storeContext.chain.get(i + 1);
                } else {
                    x509AuxCertificate = storeContext.chain.get(size);
                    if (storeContext.checkIssued.call(storeContext, x509AuxCertificate, x509AuxCertificate) == 0) {
                        storeContext.error = 33;
                        int call = storeContext.verifyCallback.call(new Integer(0), storeContext);
                        if (call == 0) {
                            return call;
                        }
                    }
                }
                if (x509AuxCertificate != null) {
                    if (x509AuxCertificate.getKeyUsage() != null && !x509AuxCertificate.getKeyUsage()[6]) {
                        storeContext.error = 35;
                        int call2 = storeContext.verifyCallback.call(new Integer(0), storeContext);
                        if (call2 == 0) {
                            return call2;
                        }
                    }
                    PublicKey publicKey = x509AuxCertificate.getPublicKey();
                    if (publicKey == null) {
                        storeContext.error = 6;
                        int call3 = storeContext.verifyCallback.call(new Integer(0), storeContext);
                        if (call3 == 0) {
                            return call3;
                        }
                    } else {
                        try {
                            x509crl.verify(publicKey);
                        } catch (Exception e) {
                            storeContext.error = 8;
                            int call4 = storeContext.verifyCallback.call(new Integer(0), storeContext);
                            if (call4 == 0) {
                                return call4;
                            }
                        }
                    }
                }
                int checkCRLTime = storeContext.checkCRLTime(x509crl, 1);
                if (checkCRLTime == 0) {
                    return checkCRLTime;
                }
                return 1;
            }
        };
        defaultCertificateCRL = new Store.CertificateCRLFunction() { // from class: org.jruby.ext.openssl.x509store.StoreContext.10
            @Override // org.jruby.ext.openssl.x509store.Function3
            public int call(Object obj, Object obj2, Object obj3) throws Exception {
                StoreContext storeContext = (StoreContext) obj;
                X509CRL x509crl = (X509CRL) obj2;
                if (x509crl.getRevokedCertificate(((X509AuxCertificate) obj3).getSerialNumber()) != null) {
                    storeContext.error = 23;
                    if (storeContext.verifyCallback.call(new Integer(0), storeContext) == 0) {
                        return 0;
                    }
                }
                if ((storeContext.param.flags & 16) != 0 || x509crl.getCriticalExtensionOIDs() == null || x509crl.getCriticalExtensionOIDs().size() <= 0) {
                    return 1;
                }
                storeContext.error = 36;
                return storeContext.verifyCallback.call(new Integer(0), storeContext) == 0 ? 0 : 1;
            }
        };
        defaultCheckPolicy = new CheckPolicyFunction() { // from class: org.jruby.ext.openssl.x509store.StoreContext.11
            @Override // org.jruby.ext.openssl.x509store.Function1
            public int call(Object obj) throws Exception {
                return 1;
            }
        };
    }
}
