package com.rsa.cryptoj.o;

import com.rsa.jsafe.cert.AccessDescription;
import com.rsa.jsafe.cert.DistributionPoint;
import com.rsa.jsafe.cert.IssuerInformation;
import com.rsa.jsafe.cert.ObjectID;
import com.rsa.jsafe.cert.Version;
import com.rsa.jsafe.crl.CRLCreationException;
import com.rsa.jsafe.crl.CRLCreationParameterSpec;
import com.rsa.jsafe.crl.IssuingDistributionPoint;
import com.rsa.jsafe.crl.RevokedCertificate;
import com.rsa.jsafe.crl.X509CRLEntryExtensionSpec;
import com.rsa.jsafe.crl.X509CRLExtensionSpec;
import java.util.Arrays;
import java.util.Collections;
import java.util.Iterator;
import java.util.List;
import java.util.Set;

/* loaded from: classes.dex */
public abstract class ol {

    /* renamed from: a, reason: collision with root package name */
    private static final List<ov> f10063a = Collections.unmodifiableList(Arrays.asList(ov.cw, ov.cD, ov.cX, ov.cY, ov.cZ, ov.cL, ov.cM));

    /* renamed from: b, reason: collision with root package name */
    private static final List<ov> f10064b = Collections.unmodifiableList(Arrays.asList(ov.da, ov.dc, ov.dd));

    /* JADX INFO: Access modifiers changed from: package-private */
    public static void a(CRLCreationParameterSpec cRLCreationParameterSpec) {
        X509CRLExtensionSpec extensions = cRLCreationParameterSpec.getExtensions();
        Set<ObjectID> criticalExtOIDS = extensions.getCriticalExtOIDS();
        if (criticalExtOIDS.contains(ObjectID.AUTH_KEY_ID_EXTN) && extensions.getAuthKeyId() == null) {
            throw new CRLCreationException("Authority key identifier extension OID was set as critical, but the extension was not set.");
        }
        if (criticalExtOIDS.contains(ObjectID.AUTH_INFO_ACCESS_EXTN) && extensions.getAuthorityAccessInformation() == null) {
            throw new CRLCreationException("Authority information access extension OID was set as critical, but the extension was not set.");
        }
        if (criticalExtOIDS.contains(ObjectID.FRESHEST_CRL_EXTN) && extensions.getFreshestCRL() == null) {
            throw new CRLCreationException("Freshest CRL extension OID was set as critical, but the extension was not set.");
        }
        if (criticalExtOIDS.contains(ObjectID.ISSUER_ALT_NAME_EXTN) && extensions.getIssuerAlternativeNames() == null) {
            throw new CRLCreationException("Issuer alternative name extension OID was set as critical, but the extension was not set.");
        }
        if (criticalExtOIDS.contains(ObjectID.ISSUING_DIST_POINT_EXTN) && extensions.getIssuingDistributionPoint() == null) {
            throw new CRLCreationException("Issuing distribution point extension OID was set as critical, but the extension was not set.");
        }
    }

    static void a(List<byte[]> list, int i2, List<ov> list2) {
        Iterator<byte[]> it = list.iterator();
        while (it.hasNext()) {
            oo ooVar = new oo(a.a("Extension", it.next(), 0), i2);
            ov d2 = ooVar.d();
            if (list2.contains(d2)) {
                throw new CRLCreationException("An extension that can be created via the API has been encoded, hence validation is not possible: " + ooVar);
            }
            if (d2.a() && ooVar.e()) {
                throw new CRLCreationException("Unknown extension is marked as critical: " + ooVar);
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static void b(IssuerInformation issuerInformation, CRLCreationParameterSpec cRLCreationParameterSpec, d dVar) {
        if (issuerInformation.getIssuerName() == null || issuerInformation.getIssuerName().getName().length() == 0) {
            throw new CRLCreationException("Issuer name MUST be present");
        }
        if (cRLCreationParameterSpec.getNextUpdate() == null) {
            throw new CRLCreationException("Next update date MUST be specified");
        }
        X509CRLExtensionSpec extensions = cRLCreationParameterSpec.getExtensions();
        if (extensions == null || extensions.getAuthKeyId() == null || extensions.getCRLNumber() == null) {
            throw new CRLCreationException("Authority Key Identifier and CRL number extensions MUST be specified");
        }
        if (cRLCreationParameterSpec.getVersion() != Version.V2) {
            throw new CRLCreationException("Version MUST be V2 if extensions are present");
        }
        Set<ObjectID> criticalExtOIDS = extensions.getCriticalExtOIDS();
        if (extensions.getAuthKeyId().getKeyIdentifier() == null) {
            throw new CRLCreationException("Key identifier MUST be specified");
        }
        if (criticalExtOIDS.contains(ObjectID.CRL_NUMBER_EXTN)) {
            throw new CRLCreationException("CRL number MUST not be critical");
        }
        if (criticalExtOIDS.contains(ObjectID.ISSUER_ALT_NAME_EXTN)) {
            throw new CRLCreationException("Issuer Alt Name extension SHOULD not be critical");
        }
        if (extensions.isDeltaCRL() && !criticalExtOIDS.contains(ObjectID.DELTA_CRL_INDICATOR_EXTN)) {
            throw new CRLCreationException("Delta CRL indicator MUST be critical");
        }
        IssuingDistributionPoint issuingDistributionPoint = extensions.getIssuingDistributionPoint();
        if (issuingDistributionPoint != null) {
            if (!criticalExtOIDS.contains(ObjectID.ISSUING_DIST_POINT_EXTN)) {
                throw new CRLCreationException("The issuing distribution point extension MUST be critical");
            }
            if (issuingDistributionPoint.isOnlyContainsAttributeCerts()) {
                throw new CRLCreationException("CRL issuers MUST set the onlyContainAttributeCerts to FALSE");
            }
            if (!issuingDistributionPoint.isIndirectCRL() && !issuingDistributionPoint.isOnlyContainsCACerts() && !issuingDistributionPoint.isOnlyContainsUserCerts() && issuingDistributionPoint.getDistributionPointName() == null && issuingDistributionPoint.getOnlySomeReasons() == null) {
                throw new CRLCreationException("CRL issuers MUST not issue CRLs where the DER encoding of the issuing distribution point extension is an empty sequence");
            }
        }
        List<DistributionPoint> freshestCRL = extensions.getFreshestCRL();
        if (freshestCRL != null) {
            if (extensions.isDeltaCRL()) {
                throw new CRLCreationException("Freshest CRL extension MUST NOT appear in delta CRLs");
            }
            if (criticalExtOIDS.contains(ObjectID.FRESHEST_CRL_EXTN)) {
                throw new CRLCreationException("Freshest CRL extension MUST NOT be critical");
            }
            for (DistributionPoint distributionPoint : freshestCRL) {
                if (distributionPoint.getCrLIssuer() != null || distributionPoint.getReasonFlags() != null) {
                    throw new CRLCreationException("Reasons and cRLIssuer MUST be omitted from this CRL extension");
                }
            }
        }
        List<AccessDescription> authorityAccessInformation = extensions.getAuthorityAccessInformation();
        if (authorityAccessInformation != null) {
            if (criticalExtOIDS.contains(ObjectID.AUTH_INFO_ACCESS_EXTN)) {
                throw new CRLCreationException("Authority access info extension MUST NOT be set as critical");
            }
            Iterator<AccessDescription> it = authorityAccessInformation.iterator();
            while (it.hasNext()) {
                if (!ObjectID.CA_ISSUERS_ACCESS_METHOD.equals(it.next().getAccessMethod())) {
                    throw new CRLCreationException("Access method types other than id-ad-caIssuers MUST NOT be included");
                }
            }
        }
        List<RevokedCertificate> revokedCertificates = cRLCreationParameterSpec.getRevokedCertificates();
        if (revokedCertificates != null) {
            Iterator<RevokedCertificate> it2 = revokedCertificates.iterator();
            while (it2.hasNext()) {
                X509CRLEntryExtensionSpec extensions2 = it2.next().getExtensions();
                if (extensions2 != null) {
                    Set<ObjectID> criticalExtOIDS2 = extensions2.getCriticalExtOIDS();
                    if (criticalExtOIDS2.contains(ObjectID.REASON_EXTN)) {
                        throw new CRLCreationException("Reason code MUST NOT be critical");
                    }
                    if (criticalExtOIDS2.contains(ObjectID.INVALIDITY_DATE_EXTN)) {
                        throw new CRLCreationException("Invalidity date MUST NOT be critical");
                    }
                    if (extensions2.getCRLReason() == 0) {
                        throw new CRLCreationException("Reason code SHOULD be absent instead of using the unspecified(0) reasonCode value");
                    }
                    if (!extensions.isDeltaCRL() && extensions2.getCRLReason() == 8) {
                        throw new CRLCreationException("removeFromCRL may only appear in delta CRLs");
                    }
                    if (extensions2.getCertificateIssuers() != null && !criticalExtOIDS2.contains(ObjectID.CERT_ISSUER_EXTN)) {
                        throw new CRLCreationException("Certificate issuer extension MUST be critical");
                    }
                    if (extensions2.getOtherExtensions() != null) {
                        a(extensions2.getOtherExtensions(), 2, f10064b);
                    }
                }
            }
        }
        if (extensions.getOtherExtensions() != null) {
            a(extensions.getOtherExtensions(), 1, f10063a);
        }
    }

    public abstract String a();

    public abstract void a(IssuerInformation issuerInformation, CRLCreationParameterSpec cRLCreationParameterSpec, d dVar);
}
