package sun.security.x509;

import java.io.IOException;
import java.io.OutputStream;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.Enumeration;

/* loaded from: classes2.dex */
public class au extends ah implements Cloneable, l<String> {
    public static final String a = "x509.info.extensions.NameConstraints";
    public static final String b = "NameConstraints";
    public static final String c = "permitted_subtrees";
    public static final String d = "excluded_subtrees";
    private static final byte e = 0;
    private static final byte f = 1;
    private an g;
    private an h;
    private boolean i;
    private boolean j;
    private boolean k;

    public au(Boolean bool, Object obj) throws IOException {
        this.g = null;
        this.h = null;
        this.k = false;
        this.m = az.k;
        this.n = bool.booleanValue();
        this.o = (byte[]) obj;
        sun.security.util.k kVar = new sun.security.util.k(this.o);
        if (kVar.e != 48) {
            throw new IOException("Invalid encoding for NameConstraintsExtension.");
        }
        if (kVar.g == null) {
            return;
        }
        while (kVar.g.x() != 0) {
            sun.security.util.k k = kVar.g.k();
            if (k.a((byte) 0) && k.e()) {
                if (this.g != null) {
                    throw new IOException("Duplicate permitted GeneralSubtrees in NameConstraintsExtension.");
                }
                k.c((byte) 48);
                this.g = new an(k);
            } else {
                if (!k.a((byte) 1) || !k.e()) {
                    throw new IOException("Invalid encoding of NameConstraintsExtension.");
                }
                if (this.h != null) {
                    throw new IOException("Duplicate excluded GeneralSubtrees in NameConstraintsExtension.");
                }
                k.c((byte) 48);
                this.h = new an(k);
            }
        }
        this.k = false;
    }

    public au(an anVar, an anVar2) throws IOException {
        this.g = null;
        this.h = null;
        this.k = false;
        this.g = anVar;
        this.h = anVar2;
        this.m = az.k;
        this.n = true;
        g();
    }

    private void a() throws IOException {
        this.i = false;
        this.j = false;
        if (this.h != null) {
            for (int i = 0; i < this.h.a(); i++) {
                am a2 = this.h.a(i);
                if (a2.b() != 0) {
                    this.i = true;
                }
                if (a2.c() != -1) {
                    this.j = true;
                }
            }
        }
        if (this.g != null) {
            for (int i2 = 0; i2 < this.g.a(); i2++) {
                am a3 = this.g.a(i2);
                if (a3.b() != 0) {
                    this.i = true;
                }
                if (a3.c() != -1) {
                    this.j = true;
                }
            }
        }
        this.k = true;
    }

    private void g() throws IOException {
        this.k = false;
        if (this.g == null && this.h == null) {
            this.o = null;
            return;
        }
        sun.security.util.j jVar = new sun.security.util.j();
        sun.security.util.j jVar2 = new sun.security.util.j();
        if (this.g != null) {
            sun.security.util.j jVar3 = new sun.security.util.j();
            this.g.a(jVar3);
            jVar2.b(sun.security.util.k.a(sun.security.util.k.c, true, (byte) 0), jVar3);
        }
        if (this.h != null) {
            sun.security.util.j jVar4 = new sun.security.util.j();
            this.h.a(jVar4);
            jVar2.b(sun.security.util.k.a(sun.security.util.k.c, true, (byte) 1), jVar4);
        }
        jVar.a((byte) 48, jVar2);
        this.o = jVar.toByteArray();
    }

    @Override // sun.security.x509.l
    public Object a(String str) throws IOException {
        if (str.equalsIgnoreCase(c)) {
            return this.g;
        }
        if (str.equalsIgnoreCase(d)) {
            return this.h;
        }
        throw new IOException("Attribute name not recognized by CertAttrSet:NameConstraintsExtension.");
    }

    @Override // sun.security.x509.l
    public void a(OutputStream outputStream) throws IOException {
        sun.security.util.j jVar = new sun.security.util.j();
        if (this.o == null) {
            this.m = az.k;
            this.n = true;
            g();
        }
        super.a(jVar);
        outputStream.write(jVar.toByteArray());
    }

    @Override // sun.security.x509.l
    public void a(String str, Object obj) throws IOException {
        if (str.equalsIgnoreCase(c)) {
            if (!(obj instanceof an)) {
                throw new IOException("Attribute value should be of type GeneralSubtrees.");
            }
            this.g = (an) obj;
        } else {
            if (!str.equalsIgnoreCase(d)) {
                throw new IOException("Attribute name not recognized by CertAttrSet:NameConstraintsExtension.");
            }
            if (!(obj instanceof an)) {
                throw new IOException("Attribute value should be of type GeneralSubtrees.");
            }
            this.h = (an) obj;
        }
        g();
    }

    public void a(au auVar) throws IOException {
        an a2;
        if (auVar == null) {
            return;
        }
        an anVar = (an) auVar.a(d);
        if (this.h == null) {
            this.h = anVar != null ? (an) anVar.clone() : null;
        } else if (anVar != null) {
            this.h.b(anVar);
        }
        an anVar2 = (an) auVar.a(c);
        if (this.g == null) {
            this.g = anVar2 != null ? (an) anVar2.clone() : null;
        } else if (anVar2 != null && (a2 = this.g.a(anVar2)) != null) {
            if (this.h != null) {
                this.h.b(a2);
            } else {
                this.h = (an) a2.clone();
            }
        }
        if (this.g != null) {
            this.g.c(this.h);
        }
        g();
    }

    public boolean a(X509Certificate x509Certificate) throws IOException {
        if (x509Certificate == null) {
            throw new IOException("Certificate is null");
        }
        if (!this.k) {
            a();
        }
        if (this.i) {
            throw new IOException("Non-zero minimum BaseDistance in name constraints not supported");
        }
        if (this.j) {
            throw new IOException("Maximum BaseDistance in name constraints not supported");
        }
        bo a2 = bo.a(x509Certificate.getSubjectX500Principal());
        if (!a2.g() && !a((ak) a2)) {
            return false;
        }
        try {
            bi n = X509CertImpl.f(x509Certificate).n();
            al alVar = n != null ? (al) n.a(bi.c) : null;
            if (alVar == null) {
                return a(a2);
            }
            for (int i = 0; i < alVar.b(); i++) {
                if (!a(alVar.a(i).b())) {
                    return false;
                }
            }
            return true;
        } catch (CertificateException e2) {
            throw new IOException("Unable to extract extensions from certificate: " + e2.getMessage());
        }
    }

    public boolean a(ak akVar) throws IOException {
        aj a2;
        ak b2;
        aj a3;
        ak b3;
        if (akVar == null) {
            throw new IOException("name is null");
        }
        if (this.h != null && this.h.a() > 0) {
            for (int i = 0; i < this.h.a(); i++) {
                am a4 = this.h.a(i);
                if (a4 != null && (a3 = a4.a()) != null && (b3 = a3.b()) != null) {
                    switch (b3.a(akVar)) {
                        case 0:
                        case 1:
                            return false;
                    }
                }
            }
        }
        if (this.g != null && this.g.a() > 0) {
            boolean z = false;
            for (int i2 = 0; i2 < this.g.a(); i2++) {
                am a5 = this.g.a(i2);
                if (a5 != null && (a2 = a5.a()) != null && (b2 = a2.b()) != null) {
                    switch (b2.a(akVar)) {
                        case 0:
                        case 1:
                            return true;
                        case 2:
                        case 3:
                            z = true;
                            break;
                    }
                }
            }
            if (z) {
                return false;
            }
        }
        return true;
    }

    public boolean a(bo boVar) throws IOException {
        String c2;
        for (a aVar : boVar.e()) {
            if (aVar.a().b(sun.security.pkcs.d.b) && (c2 = aVar.c()) != null) {
                try {
                    if (!a(new bf(c2))) {
                        return false;
                    }
                } catch (IOException e2) {
                }
            }
        }
        return true;
    }

    @Override // sun.security.x509.l
    public String b() {
        return b;
    }

    @Override // sun.security.x509.l
    public void b(String str) throws IOException {
        if (str.equalsIgnoreCase(c)) {
            this.g = null;
        } else {
            if (!str.equalsIgnoreCase(d)) {
                throw new IOException("Attribute name not recognized by CertAttrSet:NameConstraintsExtension.");
            }
            this.h = null;
        }
        g();
    }

    @Override // sun.security.x509.l
    public Enumeration<String> c() {
        AttributeNameEnumeration attributeNameEnumeration = new AttributeNameEnumeration();
        attributeNameEnumeration.addElement(c);
        attributeNameEnumeration.addElement(d);
        return attributeNameEnumeration.elements();
    }

    public Object clone() {
        try {
            au auVar = (au) super.clone();
            if (this.g != null) {
                auVar.g = (an) this.g.clone();
            }
            if (this.h != null) {
                auVar.h = (an) this.h.clone();
            }
            return auVar;
        } catch (CloneNotSupportedException e2) {
            throw new RuntimeException("CloneNotSupportedException while cloning NameConstraintsException. This should never happen.");
        }
    }

    @Override // sun.security.x509.ah, sun.security.x509.l
    public String toString() {
        return super.toString() + "NameConstraints: [" + (this.g == null ? "" : "\n    Permitted:" + this.g.toString()) + (this.h == null ? "" : "\n    Excluded:" + this.h.toString()) + "   ]\n";
    }
}
